Archives: Vulnerabilities
Access violation vulnerability in Convert WordPress to app | AppMySite 3.14.0
The AppMySite plugin for WordPress has a security issue that allows people to access it without permission. This can give hackers the ability to do things they shouldn’t be able to do.
Access violation vulnerability in Smart Blocks 2.4
The plugin called Smart Blocks, used for WordPress websites, has a security issue that can allow unauthorized users to access it. This is because the plugin does not have a way to check if the user has the right level of access before performing a function. This means that attackers who have Contributor-level access or higher can perform actions that they are not supposed to.
Input validation vulnerability in Ultimate Store Kit – Elementor powered WooCommerce Builder, 80+ Widgets and Template Builder 2.8.3
The Ultimate Store Kit Elementor Addons plugin for WordPress is not secure in versions up to 2.8.3. This is because it does not properly protect against harmful code being added to pages. As a result, attackers who have contributor-level access or higher can add their own code to pages that will run when a user visits that page.
Access violation vulnerability in VPSUForm – No-Code Custom Form Builder – Contact Forms, Conversion Form & More 3.2.20
The VPSUForm plugin for WordPress, which allows users to create custom forms without needing to know how to code, has a security issue. This means that people who are not authorized to access it can still use it. This vulnerability exists in all versions of the plugin up to 3.2.20. This means that someone who is logged in with at least Subscriber-level access can do something they should not be able to do.
Access violation vulnerability in Hubbub Lite – Fast, Reliable Social Sharing Buttons 1.35.1
The Hubbub Lite plugin for WordPress, which helps share content on social media, has a security issue that could put sensitive information at risk. This affects all versions up to 1.35.1 and allows authorized attackers with at least Subscriber-level access to access personal or configuration data.