The Contact Form & SMTP Plugin by PirateForms plugin for WordPress is vulnerable to HTML injection in the âpublic/class-pirateforms-public.phpâ file in versions up to, and including, 2.5 ...
Continue Reading
June 07, 2023
The Fruitful Theme for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters stored via the fruitful_theme_options_action AJAX action in versions up to, and including, 3.8.1 du ...
Continue Reading
June 07, 2023
The GDPR CCPA Compliance Support plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.3 via deserialization of untrusted input "njt_gdpr_allow_permissions" va ...
Continue Reading
June 07, 2023
The Elementor Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG image uploads in versions up to, and including 2.9.7 This makes it possible for authenticated at ...
Continue Reading
June 07, 2023
The Page Builder: KingComposer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via via shortcode in versions before 2.9.4 due to insufficient input sanitization and output escaping. ...
Continue Reading
June 07, 2023
The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Sensitive Data Exposure in versions before 2.6.1 via the ~/listingpro-plugin/functions.php file. This makes it p ...
Continue Reading
June 07, 2023
The Login/Signup Popup plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on several functions in versions up to, and including, 1.4. This makes it possible fo ...
Continue Reading
June 07, 2023
The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.1.5. This is due to unrestricted access to the 'register' and 'update_user_profile' route ...
Continue Reading
June 07, 2023
Back to Main
