Log out
Get PRO

Latest

Access violation vulnerability in Subscribe2 – Form, Email Subscribers & Newsletters 10.42

  • Severity: medium-risk
  • Status: Open
  • Publication: April 11, 2024

The Appsero analytics tool, which is used in many plugins, was found to have a security vulnerability. This means that someone without proper permission could change the data without authorization. The issue was specifically with the handle_optin_optout function in versions up to and including 2.0.0. This allowed attackers who were not authenticated to either opt-in or opt-out of tracking. The problem was fixed in version 2.0.1 of Appsero by adding a nonce check.

Detected in:

Better Chat Support via WhatsApp – WhatsApp Chat Bubble and Chat Button with Gutenberg, Elementor and Shortcode fixed vulnerable versions: >= * <= 1.4.9
Chat Help – Chat Bubble, Chat Button, WooCommerce Button with Gutenberg, Elementor and Shortcode fixed vulnerable versions:
Chat Help – Click to Chat Button & Form fixed vulnerable versions:
Dashboard Welcome for Elementor fixed vulnerable versions: >= * <= 1.0.7
Duplicate Page, Hide Title, Custom CSS & JS, Exclude Search, Template Info – Pagely fixed vulnerable versions:
Event Booking & Management Plugin for WooCommerce fixed vulnerable versions:
Event Booking & Management Plugin for WooCommerce – WpEvently fixed vulnerable versions:
Event Booking & Management Plugin for WooCommerce – WpEvently – WordPress Plugin fixed vulnerable versions:
Event Booking Manager for WooCommerce – WpEvently fixed vulnerable versions:
Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress Plugin fixed vulnerable versions:
Exclusive Addons for Elementor fixed vulnerable versions: >= * <= 2.6.9
FlexTable – Table Plugin for WordPress with Spreadsheet Integration | Sheets to WP Table Live Sync fixed vulnerable versions:
FlexTable Google Sheets Connector | Sheets to WP Table Live Sync | Google Sheets Table Plugin for WordPress with Spreadsheet Integration fixed vulnerable versions:
Happy WooCommerce FAQs – Ultimate Product FAQ Plugin fixed vulnerable versions:
Happy WooCommerce FAQs & AI FAQ Generator fixed vulnerable versions:
Happy WooCommerce FAQs & AI FAQ Generator (Formarly XPlainer) fixed vulnerable versions:
Pagely [Show Current Template Info] fixed vulnerable versions:
Sheets to WP Table Live Sync | Google Sheets Table Plugin for WordPress with Spreadsheet Integration – FlexTable fixed vulnerable versions:
Subscribe2 – Form, Email Subscribers & Newsletters fixed vulnerable versions: >= * <= 10.42
Table Plugin for WordPress with Google Sheets Integration – Sheets to WordPress Table Live Sync fixed vulnerable versions:
Table Plugin for WordPress with Google Sheets Integration – Sheets to WP Table Live Sync fixed vulnerable versions:
Unlimited Elementor Inner Sections By BoomDevs fixed vulnerable versions: >= * <= 1.0.4
WA Chat Help – Chat Bubble, Chat Button, WooCommerce Button with Gutenberg, Elementor and Shortcode fixed vulnerable versions:
XPlainer – Product FAQ for WooCommerce & AI FAQ Generator fixed vulnerable versions:
XPlainer – Product FAQs for WooCommerce & AI FAQ Generator fixed vulnerable versions:
Boostify Header Footer Builder for Elementor open vulnerable versions: >= * <= 1.3.1
Gallery Box open vulnerable versions: >= * <= 1.7.33
Load More Anything open vulnerable versions: >= * <= 3.3.5
TempTool [Show Current Template Info] open vulnerable versions: >= * <= 1.1.12
XPlainer – WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin] open vulnerable versions: >= * <= 1.5.0

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.