The Active Directory Integration plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to time-based SQL Injection via the orderby and order parameters in versions up to, and includ ...
Continue Reading
June 09, 2023
The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the template_count function in versions up to, and including, 4.0.6. T ...
Continue Reading
June 09, 2023
The Essential Blocks plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.0.6. This is due to missing or incorrect nonce validation on the save function ...
Continue Reading
June 09, 2023
The WooCommerce Multivendor Marketplace â REST API plugin for WordPress is vulnerable to unauthorized access of data and addition of data due to a missing capability check on the 'get_item', 'get ...
Continue Reading
June 09, 2023
The CMP â Coming Soon & Maintenance plugin for WordPress is vulnerable to Maintenance Mode Bypass in versions up to, and including, 4.1.7. A correct cmp_bypass GET parameter in the URL (equal ...
Continue Reading
June 09, 2023
The WP Replicate Post plugin for WordPress is vulnerable to SQL Injection via the post_id parameter in versions up to, and including, 4.0.2 due to insufficient escaping on the user supplied parameter ...
Continue Reading
June 09, 2023
The wpForo Forum plugin for WordPress is vulnerable to Local File Include, Server-Side Request Forgery, and PHAR Deserialization in versions up to, and including, 2.1.7. This is due to the insecure us ...
Continue Reading
June 09, 2023
The PixelYourSite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 9.3.6 (9.6.1 in the Pro version) due to insufficient input sani ...
Continue Reading
June 09, 2023
Back to Main
