Really Simple Security logo

Log out
Get PRO

Latest

Access violation vulnerability in 19 plugins by Wbcom Designs

  • Severity: medium-risk
  • Status: Open
  • Publication: April 13, 2022

Several plugins created by Wbcom Designs had a security issue which allowed users to install, activate, or deactivate a plugin without permission. This was due to an AJAX action function, called wp_ajax_wbcom_manage_plugin_installation, that did not have the correct authorization checks.

Detected in:

Activity Log WinterLock fixed vulnerable versions:
activity-log.com fixed vulnerable versions: >= * <= 0
Audio Preview for WooCommerce fixed vulnerable versions: >= * <= 1.4.0
BP Job Manager integration fixed vulnerable versions: >= * <= 2.6.1
BuddyPress Activity Filter fixed vulnerable versions:
BuddyPress Check-ins Pro fixed vulnerable versions: >= * < 1.4.0
BuddyPress Hashtags fixed vulnerable versions: >= * < 2.7.0
BuddyPress Sticky Post fixed vulnerable versions: >= * < 1.9.9
Custom Email Options fixed vulnerable versions: >= * <= *
Document Preview For WooCommerce fixed vulnerable versions: >= * <= 1.4.0
Todo for BuddyPress & BuddyBoss fixed vulnerable versions:
Wbcom Designs – BuddyPress Activity Filter fixed vulnerable versions: >= * < 2.8.0
Wbcom Designs – BuddyPress Ads fixed vulnerable versions: >= * <= 1.3.1
Wbcom Designs – BuddyPress Create Group Type fixed vulnerable versions: >= * <= *
Wbcom Designs – BuddyPress Group Reviews fixed vulnerable versions: >= * <= 2.8.1
Wbcom Designs – BuddyPress Member Reviews fixed vulnerable versions: >= * < 2.7.0
Wbcom Designs – BuddyPress Search fixed vulnerable versions: >= * <= *
Wbcom Designs – Check-ins for BuddyPress Activity fixed vulnerable versions: >= * < 1.9.4
Wbcom Designs – Custom Font Uploader fixed vulnerable versions:
Wbcom Designs – Private Community for BuddyPress fixed vulnerable versions: >= * < 1.7.0
Wbcom Designs BuddyPress Todo List fixed vulnerable versions: >= * <= 3.0.0
WordPress System Log fixed vulnerable versions: >= * <= *
Wbcom Designs – BuddyPress Activity Social Share open vulnerable versions: >= * < 3.3.0

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.