Skip to content
  • Pricing
  • Knowledge base
  • Support
  • Pricing
  • Knowledge base
  • Support
  • > Get Pro <
  • Pricing
  • Knowledge base
  • Support
  • Account area
  • > Get Pro <
  • Pricing
  • Knowledge base
  • Support
  • Account area
Login
Log out
Get PRO

Documentation: Home / Vulnerabilities / Access violation vulnerability in 13 WP OnlineSupport plugins

Latest

Configuring Really Simple Security with WP-CLI

How to Fix The “Link you followed has Expired” error on WordPress

404 not found errors

Protecting site visitors with Security Headers

Hardening your website’s security

Login protection as essential security

  • Pricing
  • Knowledge base
  • Support
  • Pricing
  • Knowledge base
  • Support

Access violation vulnerability in 13 WP OnlineSupport plugins

  • CVE-2023-40200
  • Severity: medium-risk
  • Status: Open
  • Publication: August 16, 2023

Multiple plugins created by WPOnlineSupport for WordPress have a security flaw that allows unauthorized users to modify data. This is because the wpos_anylc_admin_init_process() function, which is hooked via admin_init in various versions, does not have a capability check. This means that an unauthenticated attacker can dismiss a license notice.

Detected in:

Accordion and Accordion Slider fixed vulnerable versions: >= * <= 1.2.4
Album and Image Gallery plus Lightbox fixed vulnerable versions: >= * <= 1.7
Blog Designer – Post and Widget fixed vulnerable versions: >= * <= 2.5.1
Countdown Timer Ultimate fixed vulnerable versions: >= * <= 2.4
Featured Post Creative fixed vulnerable versions: >= * <= 1.4
Logo Slider, Logo Showcase, Logo Carousel, Logo Gallery and Client Logo fixed vulnerable versions:
Meta Slider and Carousel with Lightbox fixed vulnerable versions: >= * <= 1.8.2
Popup Anything – Popup for opt-ins and Lead Generation Conversions fixed vulnerable versions:
Popup Maker and Popup Anything – Popup for opt-ins and Lead Generation Conversions fixed vulnerable versions:
Post grid and filter ultimate fixed vulnerable versions: >= * <= 1.5.2
Post Ticker Ultimate fixed vulnerable versions: >= * <= 1.5.5
Team Slider and Team Grid Showcase plus Team Carousel fixed vulnerable versions: >= * <= 2.6
Testimonial Grid and Testimonial Slider plus Carousel with Rotator Widget fixed vulnerable versions: >= * <= 3.3
Timeline and History slider fixed vulnerable versions: >= * <= 2.1
Trending/Popular Post Slider and Widget fixed vulnerable versions: >= * <= 1.6
Video gallery and Player fixed vulnerable versions: >= * <= 2.6.5
WP Blog and Widgets fixed vulnerable versions: >= * <= 2.5
WP Featured Content and Slider fixed vulnerable versions: >= * <= 1.6
WP Logo Showcase Responsive Slider and Carousel fixed vulnerable versions: >= * <= 3.6
WP News and Scrolling Widgets fixed vulnerable versions: >= * <= 4.8
WP responsive FAQ with category plugin fixed vulnerable versions: >= * <= 3.8
WP Responsive Recent Post Slider/Carousel fixed vulnerable versions: >= * <= 3.4
WP Slick Slider and Image Carousel fixed vulnerable versions: >= * <= 3.5
Portfolio and Projects open vulnerable versions: >= * <= 1.3.7
  • Open source

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

  • Version compare

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.

Join our mailing list - 6 Tips & Tricks in your inbox over the next days!

Plugins

  • Complianz | GDPR Cookie Consent
  • Really Simple Security
  • Burst Statistics

© Really Simple Plugins
CoC 70461155
Kalmarweg 14-5
9723 JG, Groningen (NL)

Wordpress Linkedin Github

Get Started

  • Pricing
  • Knowledge Base
  • Support
  • F.A.Q
  • Account
  • Become an Affiliate

About

  • Business Enquiries
  • Work With Us
  • Privacy Statement
  • Cookie Policy
  • Terms of Use

Popular articles

  • Why WordPress is (in)secure
  • Always be ahead of vulnerabilities
  • Harden your website’s security
  • Login protection as essential security
  • Protect site visitors with Security Headers
  • Enable an efficient and performant firewall
Manage Cookie Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
View preferences
{title} {title} {title}
Manage Cookie Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
View preferences
{title} {title} {title}