Really Simple Security logo

Log out
Get PRO

Latest

Access violation vulnerability in 6 plugins by LWS

  • Severity: high-risk
  • Status: Open
  • Publication: December 12, 2022

Several plugins for WordPress created by LWS (LWS Affiliation, LWS Optimize, LWS Tools, LWS Cleaner, LWS SMS and LWS Hide Login) have a security flaw which could allow attackers with at least subscriber-level permissions to alter the settings of the plugins. The affected versions are up to and including 2.1 for LWS Affiliation, up to and including 1.5 for LWS Optimize, up to and including 2.1 for LWS Tools, up to and including 2.0.3 for LWS Cleaner, up to and including 2.1 for LWS SMS and up to and including 2.0.2 for LWS Hide Login.

Detected in:

LWS Cleaner fixed vulnerable versions: >= * <= 2.0.3
LWS Hide Login fixed vulnerable versions: >= * <= 2.0.2
LWS Optimize fixed vulnerable versions: >= * <= 1.5
LWS Optimize – All-in-One Speed Booster & Cache Plugin fixed vulnerable versions:
LWS Optimize – All-in-One Speed Booster & Cache Tools fixed vulnerable versions:
LWS Tools fixed vulnerable versions: >= * <= 2.1
LWS Affiliation open vulnerable versions: >= * <= 2.1
LWS SMS open vulnerable versions: >= * <= 2.1

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.