29 matches found
WordPress Metform Elementor Contact Form Builder Plugin <= 3.3.1 is vulnerable to Sensitive Data Exposure
Software Metform Elementor Contact Form Builder Type Plugin Vulnerable versions = 3.3.1 Fixed in 3.3.2 OWASP Top 10 A5: Security Misconfiguration Classification Sensitive Data Exposure CVE CVE-2023-0689 Patch priority Low CVSS severity Low 4.3 Developer Wpmet PSID 4be7cb75c51f Credits Ramuel Gall...
WordPress Metform Elementor Contact Form Builder Plugin <= 3.3.1 is vulnerable to Sensitive Data Exposure
Software Metform Elementor Contact Form Builder Type Plugin Vulnerable versions = 3.3.1 Fixed in 3.3.2 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-0691 Patch priority Medium CVSS severity Medium 4.3 Developer Wpmet PSID 747e7584ba0a Credits Ramuel...
WordPress Metform Elementor Contact Form Builder Plugin <= 3.3.0 is vulnerable to Cross Site Scripting (XSS)
Software Metform Elementor Contact Form Builder Type Plugin Vulnerable versions = 3.3.0 Fixed in 3.3.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0708 Patch priority Low CVSS severity Low 6.5 Developer Wpmet PSID d2490fc4db6a Credits Ramuel Gall...
WordPress Getwid – Gutenberg Blocks Plugin <= 1.8.3 is vulnerable to Server Side Request Forgery (SSRF)
Software Getwid – Gutenberg Blocks Type Plugin Vulnerable versions = 1.8.3 Fixed in 1.8.4 OWASP Top 10 A1: Injection Classification Server Side Request Forgery SSRF CVE CVE-2023-1895 Patch priority Medium CVSS severity Medium 5 Developer Claim ownership PSID 688f43f1f9c1 Credits Ramuel Gall...
WordPress Royal Elementor Addons Plugin <= 1.3.59 is vulnerable to Cross Site Scripting (XSS)
Software Royal Elementor Addons Type Plugin Vulnerable versions = 1.3.59 Fixed in 1.3.60 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4710 Patch priority High CVSS severity High 6.1 Developer WProyal PSID 88dfeeb21d4c Credits Ramuel Gall Required...
WordPress Royal Elementor Addons Plugin <= 1.3.59 is vulnerable to Broken Access Control
Software Royal Elementor Addons Type Plugin Vulnerable versions = 1.3.59 Fixed in 1.3.60 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-4700 Patch priority Medium CVSS severity Medium 5.4 Developer WProyal PSID 423004fa0a2f Credits Ramuel Gall Required...
WordPress Royal Elementor Addons Plugin <= 1.3.59 is vulnerable to Cross Site Request Forgery (CSRF)
Software Royal Elementor Addons Type Plugin Vulnerable versions = 1.3.59 Fixed in 1.3.60 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-4707 Patch priority Low CVSS severity Low 4.3 Developer WProyal PSID d1eebd7ac349 Credits Ramuel Gall Require...
WordPress Jupiter premium theme <= 6.10.1 - Insufficient Access Control leading to Authenticated Arbitrary Plugin Deletion
Insufficient Access Control leading to Authenticated Arbitrary Plugin Deletion discovered by Ramuel Gall Wordfence in WordPress Jupiter premium theme versions = 6.10.1. Solution Update the WordPress Jupiter premium theme to the latest available version at least 6.10.2...
WordPress Jupiter premium theme <= 6.10.1 - Authenticated Privilege Escalation and Post deletion vulnerability
Authenticated Privilege Escalation and Post deletion vulnerability discovered by Ramuel Gall Wordfence in WordPress Jupiter premium theme versions = 6.10.1. Solution Update the WordPress Jupiter premium theme to the latest available version at least 6.10.2...
WordPress Jupiter premium theme <= 6.10.1 - Authenticated Path Traversal and Local File Inclusion (LFI) vulnerability
Authenticated Path Traversal and Local File Inclusion LFI vulnerability discovered by Ramuel Gall Wordfence in WordPress Jupiter premium theme versions = 6.10.1. Solution Update the WordPress Jupiter premium theme to the latest available version at least 6.10.2...
WordPress JupiterX Core premium plugin <= 2.0.6 - Insufficient Access Control leading to Authenticated Arbitrary Plugin Deactivation and Settings Modification
Insufficient Access Control leading to Authenticated Arbitrary Plugin Deactivation and Settings Modification discovered by Ramuel Gall Wordfence in WordPress JupiterX Core premium plugin versions = 2.0.6. Solution Update the WordPress JupiterX Core premium plugin to the latest available version a...
WordPress JupiterX Core premium plugin <= 2.0.6 - Information Disclosure, Modification, and Denial of Service (DoS) vulnerabilities
Information Disclosure, Modification, and Denial of Service DoS vulnerabilities were discovered by Ramuel Gall Wordfence in the WordPress JupiterX Core premium plugin versions = 2.0.6. Solution Update the WordPress JupiterX Core premium plugin to the latest available version at least 2.0.7...
WordPress JupiterX premium theme <= 2.0.6 - Authenticated Path Traversal and Local File Inclusion (LFI) vulnerability
Authenticated Path Traversal and Local File Inclusion LFI vulnerability discovered by Ramuel Gall WordFence in WordPress JupiterX premium theme versions = 2.0.6. Solution Update the WordPress JupiterX premium theme to the latest available version at least 2.0.7...
WordPress Booking Calendar plugin <= 9.1 - Insecure Deserialization/PHP Object Injection vulnerability
Insecure Deserialization/PHP Object Injection vulnerability discovered by Ramuel Gall Wordfence in WordPress Booking Calendar plugin versions = 9.1. Solution Update the WordPress Booking Calendar plugin to the latest available version at least 9.1.1...
WordPress Elementor Website Builder plugin <= 3.6.2 - Arbitrary File Upload vulnerability
Arbitrary File Upload vulnerability discovered by Ramuel Gall Wordfence in WordPress Elementor Website Builder plugin versions = 3.6.2. Solution Update the WordPress Elementor Website Builder plugin to the latest available version at least 3.6.3...
WordPress Starter Templates plugin <= 2.7.0 - Authenticated Block Import leading to Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Block Import leading to Stored Cross-Site Scripting XSS vulnerability discovered by Ramuel Gall in WordPress Starter Templates plugin versions = 2.7.0. Solution Update the WordPress Starter Templates plugin to the latest available version at least 2.7.1...
Vulnerability in WP DSGVO Tools (GDPR) Plugin Allows Unauthenticated Page Deletion
Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List. On September 27, 2021, the Wordfence Threat Intelligence team initiated the disclosure process for a vulnerability we found in WP DSGVO Tools GDPR, a...
WordPress WP DSGVO Tools (GDPR) plugin <= 3.1.22 - Unauthenticated Arbitrary Post Deletion vulnerability
Unauthenticated Arbitrary Post Deletion vulnerability discovered by Ramuel Gall WordFence in WordPress WP DSGVO Tools GDPR plugin versions = 3.1.22. Solution Update the WordPress WP DSGVO Tools GDPR plugin to the latest available version at least 3.1.24...
WordPress NextScripts: Social Networks Auto-Poster plugin <= 4.3.20 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Ramuel Gall WordFence in WordPress NextScripts: Social Networks Auto-Poster plugin versions = 4.3.20. Solution Update the WordPress NextScripts: Social Networks Auto-Poster plugin to the latest available version at least 4.3.21...
WordPress HashThemes Demo Importer plugin <= 1.1.1 - Improper Access Control allowing content deletion vulnerability
Improper Access Control allowing content deletion vulnerability discovered by Ramuel Gall WordFence in WordPress HashThemes Demo Importer plugin versions = 1.1.1. Solution Update the WordPress HashThemes Demo Importer plugin to the latest available version at least 1.1.2...