Really Simple Security logo

Log out
Get PRO

Latest

Access violation vulnerability in Login/Signup Popup ( Inline Form + Woocommerce ) 2.7.2

  • Severity: high-risk
  • Status: Fixed
  • Publication: June 5, 2024

The Login/Signup Popup plugin for WordPress has a security issue that allows unauthorized users to change important settings without proper permission checks. This means that attackers who have access to at least a Subscriber account can make changes to the website, such as enabling new user registrations and giving new users Administrator roles.

Detected in:

Login & Register Customizer – Popup | Slider | Inline | WooCommerce fixed vulnerable versions:
Login/Signup Popup ( Inline Form + Woocommerce ) fixed vulnerable versions: >= 2.7.1 <= 2.7.2
OTP Login Woocommerce (Login with OTP) fixed vulnerable versions:
Side Cart Woocommerce | Woocommerce Cart fixed vulnerable versions:
Waitlist Woocommerce ( Back in stock notifier ) fixed vulnerable versions: >= * <= 2.6

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.