Archives: Vulnerabilities
Access violation vulnerability in HDForms | Contact Form Builder 1.6.1
A plugin called HDForms that helps create contact forms on WordPress websites has a security issue. This means that anyone can delete important files on the website without permission, which could lead to hackers being able to control the website. This problem exists in all versions of the plugin up to version 1.6.1.
Input validation vulnerability in Blogzee 1.0.5
The Blogzee theme for WordPress has a security issue that allows attackers to upload any type of file onto a website using the theme. This can be done by someone who has at least Subscriber-level access to the site. This could potentially allow the attacker to run malicious code on the website’s server.
Input validation vulnerability in Auto Repair 22.6
The Auto Repair theme for WordPress is not secure and can be easily hacked in versions up to 22.6. This is because the theme does not properly clean or protect against harmful code, allowing hackers to inject their own code onto web pages. This can happen if a user is tricked into clicking on a link.
Input validation vulnerability in Energia – Renewable Energy WordPress Theme 1.1.2
The Energia – Renewable Energy WordPress Theme for WordPress has a security issue that allows anyone to upload any type of file, even without being logged in. This could potentially allow hackers to upload harmful files onto the website’s server, which could lead to remote code execution.
Input validation vulnerability in TheNa – Photography & Portfolio WordPress Theme 1.5.5
The TheNa theme for WordPress has a security issue where attackers can inject harmful web scripts into pages if a user is tricked into clicking on a link. This can happen in versions 1.5.5 and below because the theme does not properly clean or protect against this type of attack.