Archives: Vulnerabilities
Access violation vulnerability in CTX Feed – WooCommerce Product Feed Manager 6.6.18
The CTX Feed plugin for WordPress has a security flaw that allows people to access it without permission. This can be done by anyone, even those without an account.
Access violation vulnerability in Brave – Create Popup, Optins, Lead Generation, Survey, Sticky Elements & Interactive Content 0.8.3
The Brave plugin for WordPress, which helps create popups, optins, lead generation tools, surveys, sticky elements, and interactive content, has a security vulnerability. This means that anyone, even without authorization, can access the plugin and perform actions that they shouldn’t be able to.
Access violation vulnerability in Melapress Role Editor 1.1.1
The Melapress Role Editor plugin for WordPress has a security issue that could allow unauthorized access to higher levels of permissions. This affects all versions up to 1.1.1. The problem is caused by a mistake in checking permissions for the ‘save_secondary_roles_field’ function. This means that someone with at least Subscriber-level access can give themselves more privileges, such as Administrator access.
Input validation vulnerability in Same Category Posts 1.1.19
The Same Category Posts plugin for WordPress has a security issue that allows attackers to insert harmful code into pages. This can be done through the widget title placeholder feature in versions 1.1.19 and below. The problem is caused by a function that decodes special characters, making it possible for attackers with Author-level access or higher to inject their own code into pages. This can be dangerous for users who visit the affected pages.
Input validation vulnerability in Frontis Blocks — Block Library for the Block Editor 1.1.6
The Frontis Blocks plugin for WordPress has a security issue where anyone can make requests to any location through the plugin. This can be done by using the ‘/template-proxy/’ and ‘/proxy-image/’ sections of the plugin, even if the user is not authorized.