WordPress Bonkers theme <= 1.0.5 - Unauthenticated Function Injection vulnerability

Unauthenticated Function Injection vulnerability found by Jerome Bruandet NinTechNet in WordPress Bonkers theme versions = 1.0.5. Solution Update the WordPress Bonkers theme to the latest available version at least 1.0.6...

WordPress NatureMag Lite theme <=1.0.4 - Unauthenticated Function Injection vulnerability

Unauthenticated Function Injection vulnerability found by Jerome Bruandet NinTechNet in WordPress NatureMag Lite theme versions =1.0.4. Solution Theme removed from the WordPress theme repository...

Simple:Press < 6.6.1 - Broken Access Control leading to RCE

Jerome Bruandet, from NinTechNet, discovered a broken access control issue in the plugin, which could lead to unauthenticated arbitrary file and RCE...

WordPress Dokan plugin <= 3.0.8 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability found by Jerome Bruandet NinTechNet in WordPress Dokan plugin versions = 3.0.8. Solution Update the WordPress Dokan plugin to the latest available version at least 3.0.9...

WordPress Woody ad snippets plugin <= 2.3.9 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability found by Jerome Bruandet NinTechNet in WordPress Woody ad snippets plugin versions = 2.3.9. Solution Update the WordPress Woody ad snippets plugin to the latest available version at least 2.3.10...

WordPress Customizr theme <= 4.3.2 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability found by Jerome Bruandet NinTechNet in WordPress Customizr theme versions = 4.3.2. Solution Update the WordPress Customizr theme to the latest available version at least 4.3.3...

WordPress Coming Soon & Maintenance Mode Page plugin <= 1.57 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability found by Jerome Bruandet NinTechNet in WordPress Coming Soon & Maintenance Mode Page plugin versions = 1.57. Solution Update the WordPress Coming Soon & Maintenance Mode Page plugin to the latest available version at least 1.58...

WordPress Menu Swapper plugin <= 1.1.0.2 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability found by Jerome Bruandet NinTechNet in WordPress Menu Swapper plugin versions = 1.1.0.2. Solution Update the WordPress Menu Swapper plugin to the latest available version at least 1.1.1...

WordPress Import / Export Customizer Settings plugin <= 1.0.3 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability found by Jerome Bruandet NinTechNet in WordPress Import / Export Customizer Settings plugin versions = 1.0.3. Solution Update the WordPress Import / Export Customizer Settings plugin to the latest available version at least 1.0.4...

WordPress RSS Aggregator by Feedzy plugin <= 3.4.2 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability found by Jerome Bruandet NinTechNet in WordPress RSS Aggregator by Feedzy plugin versions = 3.4.2. Solution Update the WordPress RSS Aggregator by Feedzy plugin to the latest available version at least 3.4.3...

WordPress Quiz And Survey Master plugin <= 7.0.1 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability found by NinTechNet in WordPress Quiz And Survey Master plugin versions = 7.0.1. Solution Update the WordPress Quiz And Survey Master plugin to the latest available version at least 7.0.2...

WordPress Contact Form builder with drag & drop plugin <= 2.1.1 - Authenticated Plugin Settings Change vulnerability

Authenticated Plugin Settings Change vulnerability discovered by NinTechNet in WordPress Contact Form builder with drag & drop plugin versions = 2.1.1. Solution Update the WordPress Contact Form builder with drag & drop plugin to the latest available version at least 2.1.2...

WordPress Contact Form builder with drag & drop plugin <= 2.1.1 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities

Multiple Cross-Site Request Forgery CSRF vulnerabilities discovered by NinTechNet in WordPress Contact Form builder with drag & drop plugin versions = 2.1.1. Solution Update the WordPress Contact Form builder with drag & drop plugin to the latest available version at least 2.1.2...

WordPress CMP – Coming Soon & Maintenance plugin <= 3.8.1 - Arbitrary Post Read (draft, pending, private or even password-protected) vulnerability

Arbitrary Post Read draft, pending, private, or even password-protected vulnerability discovered by NinTechNet in WordPress CMP – Coming Soon & Maintenance plugin versions = 3.8.1. Solution Update the WordPress CMP – Coming Soon & Maintenance plugin to the latest available version at least 3.8.2...

WordPress CMP – Coming Soon & Maintenance plugin <= 3.8.1 - Unauthenticated Subscribers List Export vulnerability

Unauthenticated Subscribers List Export vulnerability discovered by NinTechNet in WordPress CMP – Coming Soon & Maintenance plugin versions = 3.8.1. Solution Update the WordPress CMP – Coming Soon & Maintenance plugin to the latest available version at least 3.8.2...

WordPress CMP – Coming Soon & Maintenance plugin <= 3.8.1 - Unauthenticated Plugin Deactivation vulnerability

Unauthenticated Plugin Deactivation vulnerability discovered by NinTechNet in WordPress CMP – Coming Soon & Maintenance plugin versions = 3.8.1. Solution Update the WordPress CMP – Coming Soon & Maintenance plugin to the latest available version at least 3.8.2...

WordPress Product Input Fields for WooCommerce plugin <= 1.2.6 - Unauthenticated Arbitrary File Download vulnerability

Unauthenticated Arbitrary File Download vulnerability discovered by NinTechNet in WordPress Product Input Fields for WooCommerce plugin versions = 1.2.6. Solution Update the WordPress Product Input Fields for WooCommerce plugin to the latest available version at least 1.2.7...

WordPress KingComposer plugin <= 2.9.2 - Remote Code Execution (RCE) vulnerability

Remote Code Execution RCE vulnerability discovered by NinTechNet in WordPress KingComposer plugin versions = 2.9.2. Solution Update the WordPress KingComposer plugin to the latest available version at least 2.9.4...

WordPress KingComposer plugin <= 2.9.2 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by NinTechNet in WordPress KingComposer plugin versions = 2.9.2. Solution Update the WordPress KingComposer plugin to the latest available version at least 2.9.4...

Visual Composer < 27.0 - Multiple Authenticated Cross-Site Scripting Issues

Jerome Braundet from NinTechNet, discovered multiple Stored Cross-Site Scripting issues, which could allow users with the contributor and above roles to inject arbitrary JavaScript in the blog...