Really Simple Security logo

Log out
Get PRO

Archives: Vulnerabilities

Access violation vulnerability in Popup Builder 1.1.37

The Popup Builder (Easy Notify Lite) plugin for WordPress is not secure and can be changed without permission. This is because it does not check if users have the right permissions before resetting the plugin’s settings. This means that anyone who is logged in with Subscriber-level access or higher can change the settings to their original state.

Read more
December 16, 2025

Input validation vulnerability in Fox LMS – WordPress LMS Plugin 1.0.5.1

A popular plugin for WordPress called Fox LMS has a security issue that can affect all versions up to version 1.0.5.1. The problem is that the plugin doesn’t check the ‘role’ parameter correctly when new users are created using the `/fox-lms/v1/payments/create-order` feature. This means that people without permission can make new accounts with any role they want, potentially giving them full control of the website.

Read more
December 16, 2025

Input validation vulnerability in WP Flashy Marketing Automation 2.0.8

The Flashy Marketing Automation plugin for WordPress has a security issue in versions up to 2.0.8. This is because the plugin does not properly check for a security code before allowing a certain function to be performed. This can potentially allow hackers to carry out unauthorized actions if they can deceive a site administrator into clicking on a link.

Read more
December 14, 2025

Input validation vulnerability in Nelio Popups 1.3.0

The Nelio Popups plugin for WordPress has a security issue called Stored Cross-Site Scripting, which is present in versions up to 1.3.0. This issue occurs because the plugin does not properly clean up user input and output. As a result, attackers who have contributor-level access or higher can insert harmful scripts into pages. These scripts will run whenever a user visits the affected page.

Read more
December 14, 2025