87 matches found
WordPress Newspaper X Theme <= 1.3.1 is vulnerable to Broken Access Control
Software Newspaper X Type Theme Vulnerable versions = 1.3.1 Fixed in 1.3.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2020-36721 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 364d88cff362 Credits Jerome Bruandet - NinTechNet...
WordPress Cryptocurrency Widgets For Elementor plugin <= 1.2.1 - Arbitrary Plugin Activation vulnerability
Arbitrary Plugin Activation vulnerability discovered by Jerome Bruandet NinTechNet WordPress Cryptocurrency Widgets For Elementor plugin versions = 1.2.1. Solution Update the WordPress Cryptocurrency Widgets For Elementor plugin to the latest available version at least 1.3.1...
WordPress Cryptocurrency Widgets For Elementor plugin <=1.2.1 - Arbitrary Plugin Installation vulnerability
Arbitrary Plugin Installation vulnerability discovered by Jerome Bruandet NinTechNet in WordPress Cryptocurrency Widgets For Elementor plugin versions =1.2.1. Solution Update the WordPress Cryptocurrency Widgets For Elementor plugin to the latest available version at least 1.3.1...
WordPress The Events Calendar Search Addon plugin <= 1.1.3 - Arbitrary Plugin Installation vulnerability
Arbitrary Plugin Installation vulnerability discovered by Jerome Bruandet NinTechNet in WordPress The Events Calendar Search Addon plugin versions = 1.1.3. Solution Update the WordPress The Events Calendar Search Addon plugin to the latest available version at least 1.2.1...
WordPress The Events Calendar Widgets For Elementor plugin <= 1.4.3 - Arbitrary Plugin Installation vulnerability
Arbitrary Plugin Installation vulnerability discovered by Jerome Bruandet NinTechNet in WordPress The Events Calendar Widgets For Elementor plugin versions = 1.4.3. Solution Update the WordPress The Events Calendar Widgets For Elementor plugin to the latest available version at least 1.5...
WordPress Event Single Page Templates Addon For The Events Calendar plugin <= 1.5 - Arbitrary Plugin Activation vulnerability
Arbitrary Plugin Activation vulnerability discovered by Jerome Bruandet NinTechNet in WordPress Event Single Page Templates Addon For The Events Calendar plugin versions = 1.5. Solution Update the WordPress Event Single Page Templates Addon For The Events Calendar plugin to the latest available...
WordPress Cryptocurrency Donation Box – Bitcoin & Crypto Donations plugin <= 1.7 - Arbitrary Plugin Installation vulnerability
Arbitrary Plugin Installation vulnerability discovered by Jerome Bruandet NinTechNet in WordPress Cryptocurrency Donation Box – Bitcoin & Crypto Donations plugin versions = 1.7. Solution Update the WordPress Cryptocurrency Donation Box – Bitcoin & Crypto Donations plugin to the latest available...
WordPress The Events Calendar Countdown Addon plugin <= 1.3.1 - Arbitrary Plugin Installation vulnerability
Arbitrary Plugin Installation vulnerability discovered by Jerome Bruandet NinTechNet in WordPress The Events Calendar Countdown Addon plugin versions = 1.3.1. Solution Update the WordPress The Events Calendar Countdown Addon plugin to the latest available version at least 1.4...
WordPress Cool Timeline plugin <= 2.3.3 - Arbitrary Plugin Installation vulnerability
Arbitrary Plugin Installation vulnerability discovered by Jerome Bruandet NinTechNet in WordPress Cool Timeline plugin versions = 2.3.3. Solution Update the WordPress Cool Timeline plugin to the latest available version at least 2.4...
WordPress Cool Timeline plugin <= 2.3.3 - Arbitrary Plugin Activation vulnerability
Arbitrary Plugin Activation vulnerability discovered by Jerome Bruandet NinTechNet in WordPress Cool Timeline plugin versions = 2.3.3. Solution Update the WordPress Cool Timeline plugin to the latest available version at least 2.4...
WordPress AdSanity premium plugin <= 1.8.1 - Broken Access Control vulnerability
Broken Access Control vulnerability leading to Arbitrary File Upload Contributor user role discovered by Jerome Bruandet in WordPress AdSanity premium plugin versions = 1.8.1. Solution Update the WordPress AdSanity premium plugin to the latest available version at least 1.8.2. Vulnerability autho...
WordPress JobSearch premium plugin <= 1.8.1 - Authenticated Arbitrary WordPress Options Change vulnerability
Authenticated Arbitrary WordPress Options Change vulnerability discovered by Jerome Bruandet NinTechNet in WordPress JobSearch premium plugin versions = 1.8.1. Solution Update the WordPress JobSearch premium plugin to the latest available version at least 1.8.2...
WordPress JobSearch premium plugin <= 1.8.1 - Unauthenticated Settings Change vulnerability
Unauthenticated Settings Change vulnerability discovered by Jerome Bruandet NinTechNet in WordPress JobSearch premium plugin versions = 1.8.1. Solution Update the WordPress JobSearch premium plugin to the latest available version at least 1.8.2...
WordPress Improved Product Options for WooCommerce plugin <= 5.1.1 - Multiple vulnerabilities
Multiple vulnerabilities Authenticated Arbitrary WordPress Options Change, Read and Deletion / Authenticated User Enumeration / Authenticated Plugin Settings Change, Import and Export were discovered by Jerome Bruandet NinTechNet in WordPress Improved Product Options for WooCommerce plugin versio...
WordPress Product Filter for WooCommerce plugin <= 8.1.1 - Multiple vulnerabilities
Multiple vulnerabilities Authenticated Arbitrary WordPress Options Change, Read and Deletion / Authenticated User Enumeration / Authenticated Plugin Settings Change, Import and Export were discovered by Jerome Bruandet NinTechNet in WordPress Product Filter for WooCommerce plugin versions = 8.1.1...
WordPress Package Quantity Discount plugin <= 1.1.1 - Multiple vulnerabilities
Multiple vulnerabilities Authenticated Arbitrary WordPress Options Change, Read and Deletion / Authenticated User Enumeration / Authenticated Plugin Settings Change, Import and Export were discovered by Jerome Bruandet NinTechNet in the WordPress Package Quantity Discount plugin versions = 1.1.1...
WordPress Product Loops for WooCommerce plugin <= 1.6.1 - Multiple vulnerabilities
Multiple vulnerabilities Authenticated Arbitrary WordPress Options Change, Read and Deletion / Authenticated User Enumeration / Authenticated Plugin Settings Change, Import and Export were discovered by Jerome Bruandet NinTechNet in WordPress Product Loops for WooCommerce plugin versions = 1.6.1...
WordPress Comment and Review Spam Control for WooCommerce plugin <= 1.4.1 - Multiple vulnerabilities
Multiple vulnerabilities Authenticated Arbitrary WordPress Options Change, Read and Deletion / Authenticated User Enumeration / Authenticated Plugin Settings Change, Import and Export were discovered by Jerome Bruandet NinTechNet in WordPress Comment and Review Spam Control for WooCommerce plugin...
WordPress Autopilot SEO for WooCommerce plugin <=1.5.1 - Multiple vulnerabilities
Multiple vulnerabilities Authenticated Arbitrary WordPress Options Change, Read and Deletion / Authenticated User Enumeration / Authenticated Plugin Settings Change, Import and Export were discovered by Jerome Bruandet NinTechNet in WordPress Autopilot SEO for WooCommerce plugin versions =1.5.1...
WordPress Bulk Add to Cart for WooCommerce plugin <= 1.2.1 - Multiple vulnerabilities
Multiple vulnerabilities Authenticated Arbitrary WordPress Options Change, Read and Deletion / Authenticated User Enumeration / Authenticated Plugin Settings Change, Import and Export were discovered by Jerome Bruandet NinTechNet in WordPress Bulk Add to Cart for WooCommerce plugin versions =...