87 matches found
WordPress Newspaper X Theme <= 1.3.1 is vulnerable to Broken Access Control
Software Newspaper X Type Theme Vulnerable versions = 1.3.1 Fixed in 1.3.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2020-36721 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 364d88cff362 Credits Jerome Bruandet - NinTechNet...
WordPress Cryptocurrency Widgets For Elementor plugin <= 1.2.1 - Arbitrary Plugin Activation vulnerability
Arbitrary Plugin Activation vulnerability discovered by Jerome Bruandet NinTechNet WordPress Cryptocurrency Widgets For Elementor plugin versions = 1.2.1. Solution Update the WordPress Cryptocurrency Widgets For Elementor plugin to the latest available version at least 1.3.1...
WordPress Cryptocurrency Widgets For Elementor plugin <=1.2.1 - Arbitrary Plugin Installation vulnerability
Arbitrary Plugin Installation vulnerability discovered by Jerome Bruandet NinTechNet in WordPress Cryptocurrency Widgets For Elementor plugin versions =1.2.1. Solution Update the WordPress Cryptocurrency Widgets For Elementor plugin to the latest available version at least 1.3.1...
WordPress The Events Calendar Search Addon plugin <= 1.1.3 - Arbitrary Plugin Installation vulnerability
Arbitrary Plugin Installation vulnerability discovered by Jerome Bruandet NinTechNet in WordPress The Events Calendar Search Addon plugin versions = 1.1.3. Solution Update the WordPress The Events Calendar Search Addon plugin to the latest available version at least 1.2.1...
WordPress The Events Calendar Widgets For Elementor plugin <= 1.4.3 - Arbitrary Plugin Installation vulnerability
Arbitrary Plugin Installation vulnerability discovered by Jerome Bruandet NinTechNet in WordPress The Events Calendar Widgets For Elementor plugin versions = 1.4.3. Solution Update the WordPress The Events Calendar Widgets For Elementor plugin to the latest available version at least 1.5...
WordPress Event Single Page Templates Addon For The Events Calendar plugin <= 1.5 - Arbitrary Plugin Activation vulnerability
Arbitrary Plugin Activation vulnerability discovered by Jerome Bruandet NinTechNet in WordPress Event Single Page Templates Addon For The Events Calendar plugin versions = 1.5. Solution Update the WordPress Event Single Page Templates Addon For The Events Calendar plugin to the latest available...
WordPress Cryptocurrency Donation Box – Bitcoin & Crypto Donations plugin <= 1.7 - Arbitrary Plugin Installation vulnerability
Arbitrary Plugin Installation vulnerability discovered by Jerome Bruandet NinTechNet in WordPress Cryptocurrency Donation Box – Bitcoin & Crypto Donations plugin versions = 1.7. Solution Update the WordPress Cryptocurrency Donation Box – Bitcoin & Crypto Donations plugin to the latest available...
WordPress The Events Calendar Countdown Addon plugin <= 1.3.1 - Arbitrary Plugin Installation vulnerability
Arbitrary Plugin Installation vulnerability discovered by Jerome Bruandet NinTechNet in WordPress The Events Calendar Countdown Addon plugin versions = 1.3.1. Solution Update the WordPress The Events Calendar Countdown Addon plugin to the latest available version at least 1.4...
WordPress Cool Timeline plugin <= 2.3.3 - Arbitrary Plugin Activation vulnerability
Arbitrary Plugin Activation vulnerability discovered by Jerome Bruandet NinTechNet in WordPress Cool Timeline plugin versions = 2.3.3. Solution Update the WordPress Cool Timeline plugin to the latest available version at least 2.4...
WordPress Cool Timeline plugin <= 2.3.3 - Arbitrary Plugin Installation vulnerability
Arbitrary Plugin Installation vulnerability discovered by Jerome Bruandet NinTechNet in WordPress Cool Timeline plugin versions = 2.3.3. Solution Update the WordPress Cool Timeline plugin to the latest available version at least 2.4...
WordPress AdSanity premium plugin <= 1.8.1 - Broken Access Control vulnerability
Broken Access Control vulnerability leading to Arbitrary File Upload Contributor user role discovered by Jerome Bruandet in WordPress AdSanity premium plugin versions = 1.8.1. Solution Update the WordPress AdSanity premium plugin to the latest available version at least 1.8.2. Vulnerability autho...
WordPress JobSearch premium plugin <= 1.8.1 - Unauthenticated Settings Change vulnerability
Unauthenticated Settings Change vulnerability discovered by Jerome Bruandet NinTechNet in WordPress JobSearch premium plugin versions = 1.8.1. Solution Update the WordPress JobSearch premium plugin to the latest available version at least 1.8.2...
WordPress JobSearch premium plugin <= 1.8.1 - Authenticated Arbitrary WordPress Options Change vulnerability
Authenticated Arbitrary WordPress Options Change vulnerability discovered by Jerome Bruandet NinTechNet in WordPress JobSearch premium plugin versions = 1.8.1. Solution Update the WordPress JobSearch premium plugin to the latest available version at least 1.8.2...
WordPress Improved Product Options for WooCommerce plugin <= 5.1.1 - Multiple vulnerabilities
Multiple vulnerabilities Authenticated Arbitrary WordPress Options Change, Read and Deletion / Authenticated User Enumeration / Authenticated Plugin Settings Change, Import and Export were discovered by Jerome Bruandet NinTechNet in WordPress Improved Product Options for WooCommerce plugin versio...
WordPress Share, Print and PDF Products for WooCommerce plugin <= 2.7.1 - Multiple vulnerabilities
Multiple vulnerabilities Authenticated Arbitrary WordPress Options Change, Read and Deletion / Authenticated User Enumeration / Authenticated Plugin Settings Change, Import and Export were discovered by Jerome Bruandet NinTechNet in WordPress Share, Print and PDF Products for WooCommerce plugin...
WordPress Product Filter for WooCommerce plugin <= 8.1.1 - Multiple vulnerabilities
Multiple vulnerabilities Authenticated Arbitrary WordPress Options Change, Read and Deletion / Authenticated User Enumeration / Authenticated Plugin Settings Change, Import and Export were discovered by Jerome Bruandet NinTechNet in WordPress Product Filter for WooCommerce plugin versions = 8.1.1...
WordPress Package Quantity Discount plugin <= 1.1.1 - Multiple vulnerabilities
Multiple vulnerabilities Authenticated Arbitrary WordPress Options Change, Read and Deletion / Authenticated User Enumeration / Authenticated Plugin Settings Change, Import and Export were discovered by Jerome Bruandet NinTechNet in the WordPress Package Quantity Discount plugin versions = 1.1.1...
WordPress Product Loops for WooCommerce plugin <= 1.6.1 - Multiple vulnerabilities
Multiple vulnerabilities Authenticated Arbitrary WordPress Options Change, Read and Deletion / Authenticated User Enumeration / Authenticated Plugin Settings Change, Import and Export were discovered by Jerome Bruandet NinTechNet in WordPress Product Loops for WooCommerce plugin versions = 1.6.1...
WordPress Comment and Review Spam Control for WooCommerce plugin <= 1.4.1 - Multiple vulnerabilities
Multiple vulnerabilities Authenticated Arbitrary WordPress Options Change, Read and Deletion / Authenticated User Enumeration / Authenticated Plugin Settings Change, Import and Export were discovered by Jerome Bruandet NinTechNet in WordPress Comment and Review Spam Control for WooCommerce plugin...
WordPress Autopilot SEO for WooCommerce plugin <=1.5.1 - Multiple vulnerabilities
Multiple vulnerabilities Authenticated Arbitrary WordPress Options Change, Read and Deletion / Authenticated User Enumeration / Authenticated Plugin Settings Change, Import and Export were discovered by Jerome Bruandet NinTechNet in WordPress Autopilot SEO for WooCommerce plugin versions =1.5.1...