WordPress Package Quantity Discount plugin <= 1.1.1 - Multiple vulnerabilities

Multiple vulnerabilities Authenticated Arbitrary WordPress Options Change, Read and Deletion / Authenticated User Enumeration / Authenticated Plugin Settings Change, Import and Export were discovered by Jerome Bruandet NinTechNet in the WordPress Package Quantity Discount plugin versions = 1.1.1...

WordPress Pinterest Automatic Pin plugin <= 4.14.3 - Unauthenticated Arbitrary WordPress Options Change vulnerability

Unauthenticated Arbitrary WordPress Options Change vulnerability discovered by Jerome Bruandet NinTechNet in WordPress Pinterest Automatic Pin plugin versions = 4.14.3. Solution Update the WordPress Pinterest Automatic Pin plugin to the latest available version at least 4.14.4...

WordPress WP Security Question plugin <= 1.0.5 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability discovered by Jerome Bruandet NinTechNet in WordPress WP Security Question plugin versions = 1.0.5. Solution This plugin has been closed as of June 15, 2021 and is not available for download. Reason: Security Issue...

WordPress WP-Backgrounds Lite plugin <= 2.3 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability discovered by Jerome Bruandet NinTechNet in WordPress WP-Backgrounds Lite plugin versions = 2.3. Solution This plugin has been closed as of June 15, 2021 and is not available for download. Reason: Security Issue...

WordPress Opal Estate plugin <= 1.6.11 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability discovered by Jerome Bruandet NinTechNet in WordPress Opal Estate plugin versions = 1.6.11. Solution This plugin has been closed as of June 15, 2021 and is not available for download. Reason: Security Issue...

WordPress WordPress Photo Gallery – Image Gallery plugin <= 1.0.8 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability discovered by Jerome Bruandet NinTechNet in WordPress WordPress Photo Gallery – Image Gallery plugin versions = 1.0.8. Solution This plugin has been closed as of June 15, 2021 and is not available for download. Reason: Security Issue...

WordPress Welcart e-Commerce plugin <= 2.2.7 - Authenticated System Information Disclosure vulnerability

Authenticated System Information Disclosure vulnerability discovered by Jerome Bruandet NinTechNet in WordPress Welcart e-Commerce plugin versions = 2.2.7. Solution Update the WordPress Welcart e-Commerce plugin to the latest available version at least 2.2.8...

WordPress Frontend File Manager plugin <= 18.2 - Authenticated Settings Change and Arbitrary File Upload vulnerabilities

Authenticated Settings Change and Arbitrary File Upload vulnerabilities discovered by Jerome Bruandet NinTechNet in WordPress Frontend File Manager plugin versions = 18.2. Solution Update the WordPress Frontend File Manager plugin to the latest available version at least 18.3...

WordPress Vuukle Comments, Reactions, Share Bar, Revenue plugin <= 3.4.31 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability discovered by Jerome Bruandet NinTechNet in WordPress Vuukle Comments, Reactions, Share Bar, Revenue plugin versions = 3.4.31 Solution Update the WordPress Vuukle Comments, Reactions, Share Bar, Revenue plugin to the latest available version at least...

WordPress Locations plugin <= 3.2.1 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability discovered by Jerome Bruandet NinTechNet in WordPress Locations plugin versions = 3.2.1. Solution Update the WordPress Locations plugin to the latest available version at least 4.0...

WordPress Contact Form 7 Style plugin <= 3.2 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability discovered by Jerome Bruandet NinTechNet in WordPress Contact Form 7 Style plugin versions = 3.2. Solution This plugin has been closed as of February 1, 2021 and is not available for download. Reason: Security Issue...

WordPress Popular Posts plugin <= 5.3.2 - Authenticated Code Injection vulnerability leading to Remote Code Execution (RCE)

Authenticated Code Injection vulnerability leading to Remote Code Execution RCE discovered by NinTechNet in WordPress Popular Posts plugin versions = 5.3.2. Solution Update the WordPress Popular Posts plugin to the latest available version at least 5.3.3...

WordPress Multiple Roles plugin <= 1.3.1 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability discovered by NinTechNet in WordPress Multiple Roles plugin versions = 1.3.1. Solution Update the WordPress Multiple Roles plugin to the latest available version at least 1.3.2...

WordPress Qtranslate Slug plugin <= 1.1.18 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability discovered by NinTechNet in WordPress Qtranslate Slug plugin versions = 1.1.18. Solution This plugin has been closed as of February 11, 2021 and is not available for download. Reason: Security Issue...

WordPress WC Marketplace plugin <= 3.7.3 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability discovered by NinTechNet in WordPress WC Marketplace plugin versions = 3.7.3. Solution Update the WordPress WC Marketplace plugin to the latest available version at least 3.7.4...

WordPress Custom css-js-php plugin <= 2.0.7 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability discovered by NinTechNet WordPress Custom css-js-php plugin versions = 2.0.7. Solution This plugin has been closed as of February 11, 2021 and is not available for download. Reason: Security Issue...

WordPress Edwiser Bridge plugin <= 2.0.6 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities

Multiple Cross-Site Request Forgery CSRF vulnerabilities discovered by NinTechNet in WordPress Edwiser Bridge plugin versions = 2.0.6. Solution Update the WordPress Edwiser Bridge plugin to the latest available version at least = 2.0.7...

Recently < 3.0.5 - Authenticated Code Injection

Jerome Bruandet from NinTechNet discovered a code injection issue in the plugin before 3.0.5...

WordPress Kiwi Social Sharing plugin <= 2.1.0 - Unauthenticated WordPress Options Change/Read vulnerability

Unauthenticated WordPress Options Change/Read vulnerability discovered by NinTechNet in WordPress Kiwi Social Sharing plugin versions = 2.1.0. Solution Update the WordPress Kiwi Social Sharing plugin to the latest available version at least 2.1.3...

WordPress Controlled Admin Access plugin <= 1.5.5 - Improper Input Validation leading to Privilege Escalation vulnerability

Improper Input Validation leading to Privilege Escalation vulnerability discovered by NinTechNet in WordPress Controlled Admin Access plugin versions = 1.5.5. Solution Update the WordPress Controlled Admin Access plugin to the latest available version at least 1.5.6...