WordPress Login/Signup Popup plugin <= 1.4 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by NinTechNet in WordPress Login/Signup Popup plugin versions = 1.4. Solution Update the WordPress Login/Signup Popup plugin to the latest available version at least 1.5...

Elementor < 2.9.8 - SVG Sanitizer Bypass leading to Authenticated Stored XSS

Jerome Bruandet, from NinTechNet, discovered a bypass in the SVG sanitizer, which could lead to an authenticated stored XSS issue from users with the uploadfiles capability...

WordPress Avada premium theme <= 6.2.2 - Arbitrary Post Creation, Edition and Deletion vulnerability

Arbitrary Post Creation, Edition, and Deletion vulnerability discovered by NinTechNet in WordPress Avada premium theme versions = 6.2.2. Solution Update the WordPress Avada premium theme to the latest available version at least 6.2.3...

WordPress Avada premium theme <= 6.2.2 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by NinTechNet in WordPress Avada premium theme versions = 6.2.2. Solution Update the WordPress Avada premium theme to the latest available version at least 6.2.3...

WordPress Quick Page/Post Redirect plugin <= 5.1.9 - Authenticated Settings Change vulnerability

Authenticated Settings Change vulnerability discovered by NinTechNet in WordPress Quick Page/Post Redirect plugin versions = 5.1.9. Solution Update the WordPress Quick Page/Post Redirect plugin to the latest available version at least 5.2.0...

WordPress WP GDPR plugin <= 2.1.1 - Unauthenticated Plugin Settings Update vulnerability

Unauthenticated Plugin Settings Update vulnerability discovered by NinTechNet in WordPress WP GDPR plugin versions = 2.1.1. Solution This plugin has been closed as of October 23, 2019 and is not available for download. Reason: Security Issue...

WordPress WP GDPR plugin <= 2.1.1 - Unauthenticated Content Spoofing vulnerability

Unauthenticated Content Spoofing vulnerability discovered by NinTechNet in WordPress WP GDPR plugin versions = 2.1.1. Solution This plugin has been closed as of October 23, 2019 and is not available for download. Reason: Security Issue...

WordPress WP GDPR plugin <= 2.1.1 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability

Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by NinTechNet in WordPress WP GDPR plugin versions = 2.1.1. Solution This plugin has been closed as of October 23, 2019 and is not available for download. Reason: Security Issue...

WordPress WP GDPR plugin <= 2.1.1 - Unauthenticated Arbitrary Comment Deletion vulnerability

Unauthenticated Arbitrary Comment Deletion vulnerability discovered by NinTechNet in WordPress WP GDPR plugin versions = 2.1.1. Solution This plugin has been closed as of October 23, 2019 and is not available for download. Reason: Security Issue...

WordPress Gutenberg Blocks plugin <= 1.14.7 - Authenticated Settings Change vulnerability

Authenticated Settings Change vulnerability discovered by NinTechNet in WordPress Gutenberg Blocks plugin versions = 1.14.7. Solution Update the WordPress Gutenberg Blocks plugin to the latest available version at least 1.14.8...

WordPress OneTone theme <= 3.0.6 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability

Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by NinTechNet in WordPress OneTone theme versions = 3.0.6. Solution No patched version is available...

WordPress Fruitful theme <= 3.8.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by NinTechNet in WordPress Fruitful theme versions = 3.8.1. Solution Update the WordPress Fruitful theme to the latest available version at least 3.8.2...

WordPress MStore API plugin <= 2.1.5 - Unauthenticated Account Create/Edit vulnerability

Unauthenticated Account Create/Edit vulnerability discovered by NinTechNet in WordPress MStore API plugin versions = 2.1.5. Solution Update the WordPress MStore API plugin to the latest available version at least 2.1.6...

WordPress Flexible Checkout Fields for WooCommerce plugin <= 2.3.1 - Security Bypass vulnerability

Security Bypass vulnerability discovered by NinTechNet in WordPress Flexible Checkout Fields for WooCommerce plugin versions = 2.3.1. Solution Update the WordPress Flexible Checkout Fields for WooCommerce to the latest available version at least 2.3.2...

WordPress Advanced Import plugin <= 1.0.7 - Unauthenticated Database Reset vulnerability leading to Privilege Escalation

Unauthenticated Database Reset vulnerability leading to Privilege Escalation discovered by NinTechNet in WordPress Advanced Import plugin versions = 1.0.7. Solution Update the WordPress Advanced Import plugin to the latest available version at least 1.0.8...

WordPress Super Socializer plugin <= 7.12.37 - Bypass vulnerability

Bypass vulnerability discovered by NinTechNet in WordPress Super Socializer plugin versions = 7.12.37. Solution Update the Super Socializer plugin to the latest available version at least 7.12.38...

WordPress Merge + Minify + Refresh plugin <= 1.10.6 - Arbitrary File Deletion vulnerability

Arbitrary File Deletion vulnerability discovered by NinTechNet in WordPress Merge + Minify + Refresh plugin versions = 1.10.6. Solution Update the WordPress Merge + Minify + Refresh plugin to the latest available version at least 1.10.7...

WordPress Wordable plugin <= 3.1.1 - Authentication Bypass vulnerability

Authentication Bypass vulnerability discovered by NinTechNet in WordPress Wordable plugin versions = 3.1.1. Solution Update the WordPress Wordable plugin to the latest available version at least 3.1.2...

WordPress Images Slideshow by 2J plugin <= 1.3.31 - Authenticated Arbitrary Plugin Deactivation vulnerability

Authenticated Arbitrary Plugin Deactivation vulnerability discovered by NinTechNet in WordPress Images Slideshow by 2J plugin versions = 1.3.31. Solution Update the WordPress Images Slideshow by 2J plugin to the latest available version at least 1.3.33...

Mesmerize & Materialis Themes - Authenticated Options Update

Discovered by NinTechNet, both the Mesmerize and Materialis WordPress themes were affected by an authenticated options update vulnerability. This could allow a lower privileged user to update site options, which they should not be permitted to...