WordPress Materialis theme <=1.0.172 - Authenticated Options Update vulnerability

Authenticated Options Update vulnerability found by NinTechNet in WordPress Materialis theme versions =1.0.172. Solution Update the WordPress Materialis theme to the latest available version at least 1.0.173...

WordPress Sliced Invoices plugin <= 3.8.2 - Multiple vulnerabilities

Multiple vulnerabilities found by Jerome Bruandet NinTechNet in WordPress Sliced Invoices plugin versions = 3.8.2. Solution Update the WordPress Sliced Invoices plugin to the latest available version at least 3.8.4...

Lara Google Analytics < 2.0.5 - Authenticated Stored XSS

An authenticated stored Cross-Site Scripting XSS vulnerability within the "Google Analytics – by Lara" WordPress plugin was found to be exploited in the wild by security vendor NinTechNet...

Exploit for Missing Authentication for Critical Function in Webcraftic Woody_Ad_Snippets

CVE-2019-15858 Unauthenticated Remote Code Execution at Wood...

WordPress Restaurant Reservations plugin <= 1.3 - Unauthenticated Options Change vulnerability

Unauthenticated Options Change vulnerability found by Jerome Bruandet Nintechnet in WordPress Restaurant Reservations plugin versions = 1.3. Solution Update the WordPress Restaurant Reservations plugin to the latest available version at least 1.5...

WordPress Login or Logout Menu Item plugin <= 1.1.1 - Unauthenticated Options Change vulnerability

Unauthenticated Options Change vulnerability found by Jerome Bruandet Nintechnet in WordPress Login or Logout Menu Item plugin versions = 1.1.1. Solution Update the WordPress Login or Logout Menu Item plugin to the latest available version at least 1.2.0...

WordPress Travel Management plugin <= 1.5 - Unauthenticated Options Change vulnerability

Unauthenticated Options Change vulnerability found by Jerome Bruandet Nintechnet in WordPress Travel Management plugin versions = 1.5. Solution Update the WordPress Travel Management plugin to the latest available version at least 1.6.1...

WordPress Learning Courses plugin <= 4.7 - Unauthenticated Options Change vulnerability

Unauthenticated Options Change vulnerability found by Jerome Bruandet Nintechnet in WordPress Learning Courses plugin versions = 4.7. Solution Update the WordPress Learning Courses plugin to the latest available version at least 4.8...

WordPress Woody Ad Snippets plugin <= 2.2.4 - Unauthenticated stored Cross-Site Scripting (XSS) vulnerability

Unauthenticated stored Cross-Site Scripting XSS vulnerability found by Jerome Bruandet Nintechnet by WordPress Woody Ad Snippets plugin versions = 2.2.4. Solution Update the WordPress Woody Ad Snippets plugin to the latest available version at least 2.2.5...

WordPress Crelly Slider plugin <= 1.3.4 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability found by NinTechNet in WordPress Crelly Slider plugin versions = 1.3.4. Solution Update the WordPress Crelly Slider plugin to the latest available version at least 1.3.5...

WordPress User Submitted Posts plugin <= 20190426 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability found by NinTechNet in WordPress User Submitted Posts plugin versions = 20190426. Apache + PHP FastCGI required for exploitation of this vulnerability. Solution Update the WordPress User Submitted Posts plugin to the latest available version at least 20190501...

WordPress LearnDash 2.5.3 File Upload

Exploit Title: WordPress LearnDash 2.5.3 Unauthenticated Arbitrary File Upload Date: 07-01-2018 Vendor Homepage: https://www.learndash.com/ Vendor Changelog: https://www.learndash.com/changelog/ Version: 2.5.3 Exploit Author: NinTechNet Author Advisory: http://nin.link/learndash/ Category: Webapp...

WordPress Plugin LearnDash 2.5.3 - Arbitrary File Upload

WordPress Plugin LearnDash 2.5.3 - Arbitrary File Upload Exploit Title: WordPress LearnDash 2.5.3 Unauthenticated Arbitrary File Upload Date: 07-01-2018 Vendor Homepage: https://www.learndash.com/ Vendor Changelog: https://www.learndash.com/changelog/ Version: 2.5.3 Exploit Author: NinTechNet...

WordPress Plugin LearnDash 2.5.3 - Arbitrary File Upload

Exploit Title: WordPress LearnDash 2.5.3 Unauthenticated Arbitrary File Upload Date: 07-01-2018 Vendor Homepage: https://www.learndash.com/ Vendor Changelog: https://www.learndash.com/changelog/ Version: 2.5.3 Exploit Author: NinTechNet Author Advisory: http://nin.link/learndash/ Category: Webapp...

WordPress LearnDash 2.5.3 Plugin - Arbitrary File Upload Vulnerability

Exploit for php platform in category web applications Exploit Title: WordPress LearnDash 2.5.3 Unauthenticated Arbitrary File Upload Date: 07-01-2018 Vendor Homepage: https://www.learndash.com/ Vendor Changelog: https://www.learndash.com/changelog/ Version: 2.5.3 Exploit Author: NinTechNet Author...

WordPress LearnDash LMS plugin <=2.5.3 - Unauthenticated Arbitrary File Upload vulnerability

An unauthenticated arbitrary file upload vulnerability by NinTechNet in WordPress LearnDash LMS plugin versions =2.5.3. Solution Update the WordPress LearnDash LMS plugin to the latest available version at least 2.5.4...