WordPress Plugin Check (PCP) plugin < 1.3.1 - Cross-Site Scripting vulnerability

Cross-Site Scripting vulnerability discovered by NinTechNet in WordPress Plugin Plugin Check PCP versions 1.3.1...

WordPress Shortcode Addons plugin <= 3.2.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by NinTechNet in WordPress Plugin Shortcode Addons versions = 3.2.5...

WordPress Newspaper X Theme <= 1.3.1 is vulnerable to Broken Access Control

Software Newspaper X Type Theme Vulnerable versions = 1.3.1 Fixed in 1.3.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2020-36721 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 364d88cff362 Credits Jerome Bruandet - NinTechNet...

WordPress B2BKing Premium Plugin <= 4.6.00 is vulnerable to Settings Change

Software B2BKing Premium Type Plugin Vulnerable versions = 4.6.00 Fixed in 4.6.20 OWASP Top 10 A5: Broken Access Control Classification Settings Change CVE N/A Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 9d7b5ffc34e9 Credits N/A Required privilege Subscriber Publishe...

WordPress Cryptocurrency Widgets For Elementor plugin <= 1.2.1 - Arbitrary Plugin Activation vulnerability

Arbitrary Plugin Activation vulnerability discovered by Jerome Bruandet NinTechNet WordPress Cryptocurrency Widgets For Elementor plugin versions = 1.2.1. Solution Update the WordPress Cryptocurrency Widgets For Elementor plugin to the latest available version at least 1.3.1...

WordPress Cryptocurrency Widgets For Elementor plugin <=1.2.1 - Arbitrary Plugin Installation vulnerability

Arbitrary Plugin Installation vulnerability discovered by Jerome Bruandet NinTechNet in WordPress Cryptocurrency Widgets For Elementor plugin versions =1.2.1. Solution Update the WordPress Cryptocurrency Widgets For Elementor plugin to the latest available version at least 1.3.1...

WordPress The Events Calendar Search Addon plugin <= 1.1.3 - Arbitrary Plugin Installation vulnerability

Arbitrary Plugin Installation vulnerability discovered by Jerome Bruandet NinTechNet in WordPress The Events Calendar Search Addon plugin versions = 1.1.3. Solution Update the WordPress The Events Calendar Search Addon plugin to the latest available version at least 1.2.1...

WordPress The Events Calendar Countdown Addon plugin <= 1.3.1 - Arbitrary Plugin Installation vulnerability

Arbitrary Plugin Installation vulnerability discovered by Jerome Bruandet NinTechNet in WordPress The Events Calendar Countdown Addon plugin versions = 1.3.1. Solution Update the WordPress The Events Calendar Countdown Addon plugin to the latest available version at least 1.4...

WordPress Cryptocurrency Donation Box – Bitcoin & Crypto Donations plugin <= 1.7 - Arbitrary Plugin Installation vulnerability

Arbitrary Plugin Installation vulnerability discovered by Jerome Bruandet NinTechNet in WordPress Cryptocurrency Donation Box – Bitcoin & Crypto Donations plugin versions = 1.7. Solution Update the WordPress Cryptocurrency Donation Box – Bitcoin & Crypto Donations plugin to the latest available...

WordPress The Events Calendar Widgets For Elementor plugin <= 1.4.3 - Arbitrary Plugin Installation vulnerability

Arbitrary Plugin Installation vulnerability discovered by Jerome Bruandet NinTechNet in WordPress The Events Calendar Widgets For Elementor plugin versions = 1.4.3. Solution Update the WordPress The Events Calendar Widgets For Elementor plugin to the latest available version at least 1.5...

WordPress Event Single Page Templates Addon For The Events Calendar plugin <= 1.5 - Arbitrary Plugin Activation vulnerability

Arbitrary Plugin Activation vulnerability discovered by Jerome Bruandet NinTechNet in WordPress Event Single Page Templates Addon For The Events Calendar plugin versions = 1.5. Solution Update the WordPress Event Single Page Templates Addon For The Events Calendar plugin to the latest available...

WordPress Cool Timeline plugin <= 2.3.3 - Arbitrary Plugin Activation vulnerability

Arbitrary Plugin Activation vulnerability discovered by Jerome Bruandet NinTechNet in WordPress Cool Timeline plugin versions = 2.3.3. Solution Update the WordPress Cool Timeline plugin to the latest available version at least 2.4...

WordPress Sparkling theme <= 2.4.8 - Unauthenticated Function Injection vulnerability

Unauthenticated Function Injection vulnerability discovered in WordPress Sparkling theme versions = 2.4.8 by NinTechNet. Solution Update the WordPress Sparkling theme to the latest available version at least 2.4.9...

WordPress JobSearch premium plugin <= 1.8.1 - Authenticated Arbitrary WordPress Options Change vulnerability

Authenticated Arbitrary WordPress Options Change vulnerability discovered by Jerome Bruandet NinTechNet in WordPress JobSearch premium plugin versions = 1.8.1. Solution Update the WordPress JobSearch premium plugin to the latest available version at least 1.8.2...

WordPress JobSearch premium plugin <= 1.8.1 - Unauthenticated Settings Change vulnerability

Unauthenticated Settings Change vulnerability discovered by Jerome Bruandet NinTechNet in WordPress JobSearch premium plugin versions = 1.8.1. Solution Update the WordPress JobSearch premium plugin to the latest available version at least 1.8.2...

WordPress Bulk Add to Cart for WooCommerce plugin <= 1.2.1 - Multiple vulnerabilities

Multiple vulnerabilities Authenticated Arbitrary WordPress Options Change, Read and Deletion / Authenticated User Enumeration / Authenticated Plugin Settings Change, Import and Export were discovered by Jerome Bruandet NinTechNet in WordPress Bulk Add to Cart for WooCommerce plugin versions =...

WordPress Product Filter for WooCommerce plugin <= 8.1.1 - Multiple vulnerabilities

Multiple vulnerabilities Authenticated Arbitrary WordPress Options Change, Read and Deletion / Authenticated User Enumeration / Authenticated Plugin Settings Change, Import and Export were discovered by Jerome Bruandet NinTechNet in WordPress Product Filter for WooCommerce plugin versions = 8.1.1...

WordPress Product Loops for WooCommerce plugin <= 1.6.1 - Multiple vulnerabilities

Multiple vulnerabilities Authenticated Arbitrary WordPress Options Change, Read and Deletion / Authenticated User Enumeration / Authenticated Plugin Settings Change, Import and Export were discovered by Jerome Bruandet NinTechNet in WordPress Product Loops for WooCommerce plugin versions = 1.6.1...

WordPress Comment and Review Spam Control for WooCommerce plugin <= 1.4.1 - Multiple vulnerabilities

Multiple vulnerabilities Authenticated Arbitrary WordPress Options Change, Read and Deletion / Authenticated User Enumeration / Authenticated Plugin Settings Change, Import and Export were discovered by Jerome Bruandet NinTechNet in WordPress Comment and Review Spam Control for WooCommerce plugin...

WordPress Autopilot SEO for WooCommerce plugin <=1.5.1 - Multiple vulnerabilities

Multiple vulnerabilities Authenticated Arbitrary WordPress Options Change, Read and Deletion / Authenticated User Enumeration / Authenticated Plugin Settings Change, Import and Export were discovered by Jerome Bruandet NinTechNet in WordPress Autopilot SEO for WooCommerce plugin versions =1.5.1...