Log out
Get PRO

Latest

Input validation vulnerability in 68 different plugins

  • Severity: high-risk
  • Status: Open
  • Publication: September 26, 2020

Around 70 different plugins and themes had a security issue that could let someone else do something on the website without permission. The problem was that the system that was meant to stop this from happening had been set up incorrectly, so it didn’t work properly.

Detected in:

Abandoned Cart Lite for WooCommerce fixed vulnerable versions: > 0 < 0
Abandoned Cart Recovery for WooCommerce fixed vulnerable versions: > 0 < 0
Absolute Reviews fixed vulnerable versions: > 0 < 0
Advanced Popups fixed vulnerable versions: > 0 < 0
Amministrazione Trasparente fixed vulnerable versions: >= 0 <= 0
Better Search – Relevant search results for WordPress fixed vulnerable versions: >= 0 <= 0
CartFlows – Checkout & Funnel Builder for WooCommerce fixed vulnerable versions:
Coming Soon & Maintenance Mode Page fixed vulnerable versions: > 0 < 0
Coming Soon & Maintenance Mode Page & Under Construction fixed vulnerable versions:
Cool Timeline – Horizontal & Vertical Timeline fixed vulnerable versions:
Cool Timeline (Horizontal & Vertical Timeline) fixed vulnerable versions: >= 0 <= 0
Coupon Creator fixed vulnerable versions: > 0 < 0
Custom CSS, JS & PHP fixed vulnerable versions: > 0 < 0
Custom Field Template fixed vulnerable versions: > 0 < 0
Customizr fixed vulnerable versions: > 0 < 0
Defender Security – Malware Scanner, Login Security & Firewall fixed vulnerable versions: > 0 < 0
Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy fixed vulnerable versions: > 0 < 0
Dokan – Powerful WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy fixed vulnerable versions:
Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy fixed vulnerable versions:
eCommerce Product Catalog Plugin for WordPress fixed vulnerable versions: >= 0 <= 0
ElasticPress fixed vulnerable versions: > 0 < 0
Etsy Integration For WooCommerce fixed vulnerable versions:
Event Espresso – Event Registration & Ticketing Sales fixed vulnerable versions:
EWWW Image Optimizer fixed vulnerable versions: > 0 < 0
Feed Them Social – Page, Post, Video, and Photo Galleries fixed vulnerable versions: > 0 < 0
Feed Them Social – Social Media Feeds, Video, and Photo Galleries fixed vulnerable versions:
Forminator – Contact Form, Payment Form & Custom Form Builder fixed vulnerable versions: >= 0 <= 0
Forminator Forms – Contact Form, Payment Form & Custom Form Builder fixed vulnerable versions:
Hueman fixed vulnerable versions: > 0 < 0
Import / Export Customizer Settings fixed vulnerable versions: > 0 < 0
Lightweight Sidebar Manager fixed vulnerable versions: > 0 < 0
Menu Swapper fixed vulnerable versions: > 0 < 0
Multiple Roles fixed vulnerable versions: > 0 < 0
MultiVendorX – Empower Your WooCommerce Store with a Dynamic Multivendor Marketplace – Build the Next Amazon, eBay, Etsy fixed vulnerable versions:
MultiVendorX – MultiVendor Marketplace Solution For WooCommerce fixed vulnerable versions: >= 0 <= 0
MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution fixed vulnerable versions:
MultiVendorX – Transforming WooCommerce into Your Dream Marketplace fixed vulnerable versions:
MultiVendorX – WooCommerce Multivendor – WooCommerce Marketplace – Build Next Amazon, eBay, Etsy, Airbnb fixed vulnerable versions:
MultiVendorX – WooCommerce Multivendor Marketplace Solutions fixed vulnerable versions:
MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution fixed vulnerable versions:
MultiVendorX Marketplace – WooCommetrce MultiVendor Marketplace Solution fixed vulnerable versions:
NotificationX – Best FOMO, Social Proof, Custom & Live Sales Notification, WooCommerce Sales Popup, Floating & Sticky Notification Bar fixed vulnerable versions:
NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor fixed vulnerable versions: > 0 < 0
NotificationX – FOMO, Live Sales Notification, WooCommerce Sales Popup, GDPR, Social Proof, Announcement Banner & Floating Notification Bar fixed vulnerable versions:
NotificationX – Live Sales Notification, WooCommerce Sales Popup, FOMO, Social Proof, Announcement Banner & Floating Notification Top Bar fixed vulnerable versions:
NotificationX – WooCommerce Sales Notification Popup, Custom & Live Sales Notification, FOMO, Social Proof, Announcement Banner & Sticky Notification Bar fixed vulnerable versions:
NotificationX – WooCommerce Sales Popup, Custom & Live Sales Notification, FOMO, Social Proof, Announcement Banner & Sticky Notification Bar fixed vulnerable versions:
Ocean Extra fixed vulnerable versions: >= 0 <= 0
Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions fixed vulnerable versions:
POST SMTP – The #1 WordPress SMTP Plugin with Advanced Email Logging and Delivery Failure Notifications fixed vulnerable versions:
Post SMTP – The Complete WP SMTP Plugin with Email Logs and Mobile app for email Failure Notifications fixed vulnerable versions:
Post SMTP – The WordPress SMTP Plugin with Email Logs and Mobile App for Email Failure Notifications fixed vulnerable versions:
Post SMTP – WordPress SMTP Plugin with Email Logs and Mobile App for Failure Notifications – Gmail SMTP, Office 365, Brevo, Mailgun, Amazon SES and more fixed vulnerable versions:
Post SMTP – WP SMTP Plugin with Email Logs & Mobile App for Failure Alerts – Any SMTP Plus Gmail SMTP, Office 365, Brevo, Mailgun, Amazon SES, Postmark fixed vulnerable versions:
Post SMTP – WP SMTP Plugin with Email Logs and Mobile App for Failure Notifications – Gmail SMTP, Office 365, Brevo, Mailgun, Amazon SES and more fixed vulnerable versions:
POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress fixed vulnerable versions: >= 0 <= 0
Product Catalog Simple fixed vulnerable versions: >= 0 <= 0
Project Management, Team Collaboration, Kanban Board, Gantt Charts, Task Manager and More – WP Project Manager fixed vulnerable versions:
Radio Buttons for Taxonomies fixed vulnerable versions: > 0 < 0
Remove Schema fixed vulnerable versions: > 0 < 0
RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator fixed vulnerable versions:
Slider Hero with Animation, Video Background fixed vulnerable versions: > 0 < 0
Slider Hero with Video Background, Animation fixed vulnerable versions:
Style Kits – Advanced Theme Styles for Elementor fixed vulnerable versions: > 0 < 0
Sunshine Photo Cart fixed vulnerable versions: >= 0 <= 0
Sunshine Photo Cart: Free Client Galleries for Photographers fixed vulnerable versions:
Sunshine Photo Cart: Free Client Photo Galleries for Photographers fixed vulnerable versions:
Sunshine Photo Cart: Sell photos in WordPress for free fixed vulnerable versions:
Top 10 – Popular posts plugin for WordPress fixed vulnerable versions: >= 0 <= 0
Top 10 – WordPress Popular posts by WebberZone fixed vulnerable versions:
Ultimate Gift Cards for WooCommerce fixed vulnerable versions:
Ultimate Gift Cards for WooCommerce – Create Vouchers, Redeem & Manage Digital Gift Coupons. Offer Gift Certificates, Schedule Gift Cards, and More fixed vulnerable versions:
Ultimate Gift Cards for WooCommerce – Create WooCommerce Vouchers, Redeem & Manage Digital Gift Coupons with Personalized Templates fixed vulnerable versions:
Ultimate Gift Cards for WooCommerce – Create, Redeem & Manage Digital Gift Certificates with Personalized Templates fixed vulnerable versions: >= 0 <= 0
Ultimate Gift Cards for WooCommerce – WooCommerce Plugin to Sell Gift Cards, WooCommerce Store Credit Plugin, eGift Cards, Vouchers & Digital Gift Cards fixed vulnerable versions:
Vuukle Comments, Reactions, Share Bar, Revenue fixed vulnerable versions: > 0 < 0
WooCommerce Checkout & Funnel Builder by CartFlows fixed vulnerable versions:
WooCommerce Checkout & Funnel Builder by CartFlows – Create High Converting Stores For WooCommerce fixed vulnerable versions: > 0 < 0
WooCommerce Etsy Integration fixed vulnerable versions: >= 0 <= 0
Woody code snippets – Insert Header Footer Code, AdSense Ads fixed vulnerable versions: > 0 < 0
WordPress Photo Gallery – Image Gallery fixed vulnerable versions:
WP EasyPay – Create Your Payment Forms to Pay with Square – Square for WordPress Plugin: Integrate Square with WordPress to Collect Payments fixed vulnerable versions:
WP EasyPay – Square Payment Form Builder for WordPress – Accept Subscriptions, Donations and One time payments – No Transaction Fees fixed vulnerable versions:
WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts fixed vulnerable versions: > 0 < 0
WP Travel – Ultimate Travel Booking System, Tour Management Engine fixed vulnerable versions:
wp-mpdf fixed vulnerable versions: > 0 < 0
10WebAnalytics open vulnerable versions: > 0 < 0
Contact Form 7 Style open vulnerable versions: > 0 < 0
Custom Banners open vulnerable versions: > 0 < 0
DW Question & Answer open vulnerable versions: > 0 < 0
Easy Testimonials open vulnerable versions: > 0 < 0
Edwiser Bridge – WordPress Moodle LMS Integration open vulnerable versions: > 0 < 0
Event Espresso 4 Decaf – Event Registration Event Ticketing open vulnerable versions: > 0 < 0
Locations open vulnerable versions: > 0 < 0
Opal Estate open vulnerable versions: > 0 < 0
Process Steps Template Designer open vulnerable versions: > 0 < 0
Qtranslate Slug open vulnerable versions: > 0 < 0
RAYS Grid open vulnerable versions: > 0 < 0
Rucy open vulnerable versions: > 0 < 0
Sell Media open vulnerable versions: > 0 < 0
Staff Directory Plugin: Company Directory open vulnerable versions: > 0 < 0
WordPress Photo Gallery – Image Gallery open vulnerable versions: > 0 < 0
WP EasyPay – Square for WordPress open vulnerable versions: >= 0 <= 0
WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting open vulnerable versions: >= 0 <= 0
WP Hotel Booking open vulnerable versions: >= 0 <= 0
WP Prayer open vulnerable versions: > 0 < 0
WP Private Content Plus open vulnerable versions: >= 0 <= 0
WP Security Question open vulnerable versions: > 0 < 0
WP Travel – Best Travel Booking WordPress Plugin, Tour Management Engine open vulnerable versions: > 0 < 0
WP-Backgrounds Lite open vulnerable versions: > 0 < 0

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.