Log out
Get PRO

Latest

Access violation vulnerability in Appsero analytics tool 1.2.1 (41 plugins affected)

  • Severity: medium-risk
  • Status: Open
  • Publication: December 16, 2022

Several plugins are using the Appsero analytics tool, but it is vulnerable to authorization bypass due to a missing capability check on a function used for feedback submission in versions up to 1.2.1. This means that attackers with a certain level of access can use a function that was only meant for administrators.

Detected in:

A WordPress Testimonial Plugin to Showcase Testimonial Slider, Testimonial Grid and More: Solid Testimonial fixed vulnerable versions:
A WordPress Testimonial Plugin to Showcase Testimonial Slider, Testimonial Grid and More: Solid Testimonials fixed vulnerable versions:
Bangladeshi Payment Gateways – Make Payment Using QR Code fixed vulnerable versions: >= * <= 2.0.6
BuddyPress Builder for Elementor – BuddyBuilder fixed vulnerable versions: >= * <= 1.7.1
Cart Lift – Abandoned Cart Recovery for WooCommerce and EDD fixed vulnerable versions: >= * <= 3.1.3
Challan – PDF Invoice & Packing Slip for WooCommerce fixed vulnerable versions: >= * <= 3.4.8
Click to top fixed vulnerable versions: >= * <= 1.2.19
Collect Client Testimonials on WordPress & WooCommerce with Video Testimonials, Floating Review Widget & Social Proof – Easy Video Reviews fixed vulnerable versions:
Customer Reviews for WordPress & WooCommerce with Video Testimonials, Carousel, Grid & Social Proof – Easy Video Reviews fixed vulnerable versions:
Darklup – Enhanced WordPress Dark Mode, Dark Theme, Night Mode Plugin fixed vulnerable versions:
Darklup – The most Advanced and Uprising WordPress Dark Mode Plugin fixed vulnerable versions:
Dashboard Welcome for Elementor fixed vulnerable versions: >= * <= 1.0.6
Directorist – AI-Powered WordPress Business Directory Plugin with Classified Ads Listings fixed vulnerable versions:
Directorist – WordPress Business Directory Plugin with Classified Ads Listings fixed vulnerable versions: >= * <= 7.7.1
Directorist – WP Business Directory Plugin with Classified Ads Listings fixed vulnerable versions:
Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings fixed vulnerable versions:
Drag & Drop Sales Funnel Builder for WordPress – WPFunnels fixed vulnerable versions: >= * <= 2.6.4
Easiest Funnel Builder For WordPress & WooCommerce by WPFunnels fixed vulnerable versions:
Easiest Funnel Builder For WordPress & WooCommerce, Specialized For Digital Creators – WPFunnels fixed vulnerable versions:
Easiest Sales Funnel Builder For WordPress & WooCommerce by WPFunnels fixed vulnerable versions:
Easiest Sales Funnel Builder For WordPress & WooCommerce by WPFunnels – Generate Leads & Craft A Highly-Converting Sales Journey In Minutes fixed vulnerable versions:
Easy Video Reviews – Social Proof & Video Testimonial for Elementor, WooCommerce, Easy Digital Downloads fixed vulnerable versions: >= * <= 1.4.2
Easy Video Reviews – Social Proof & Video Testimonials for Elementor, WooCommerce, Easy Digital Downloads fixed vulnerable versions:
Easy Video Reviews – Video Testimonial Plugin for WordPress & WooCommerce with Texts Reviews, Review Widget, Testimonial Grid & Social Proof fixed vulnerable versions:
Exclusive Addons for Elementor fixed vulnerable versions: >= * <= 2.6.1
FlexTable – Table Plugin for WordPress with Spreadsheet Integration | Sheets to WP Table Live Sync fixed vulnerable versions:
FlexTable Google Sheets Connector | Sheets to WP Table Live Sync | Google Sheets Table Plugin for WordPress with Spreadsheet Integration fixed vulnerable versions:
Fuse Social Floating Sidebar fixed vulnerable versions: >= * <= 5.4.6
Happy Addons for Elementor fixed vulnerable versions: >= * <= 3.8.2
Increase Maximum Upload File Size | Increase Execution Time fixed vulnerable versions: >= * <= 1.0.9
Leads & Sales Funnel Builder For WordPress & WooCommerce, Specialized For Digital Creators – WPFunnels fixed vulnerable versions:
Legal Pages – Privacy Policy, Terms & Conditions, GDPR, CCPA, and Cookie Notice Generator fixed vulnerable versions: >= * <= 1.4.1
Magical Posts Display – Elementor Advanced Posts widgets fixed vulnerable versions: >= * <= 1.2.15
Markdown Editor (Formerly Dark Mode) fixed vulnerable versions:
Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget fixed vulnerable versions: >= * <= 1.6.3
Product Carousel Slider & Grid Ultimate for WooCommerce fixed vulnerable versions: >= * <= 1.9.3
Product Category Slider for WooCommerce fixed vulnerable versions: >= * <= 4.1.5
Product Gallery Slider for WooCommerce fixed vulnerable versions: >= * <= 2.2.6
Product Gallery Slider, Additional Variation Images for WooCommerce fixed vulnerable versions:
Project Management, Team Collaboration, Kanban Board, Gantt Charts, Task Manager and More – WP Project Manager fixed vulnerable versions:
Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submission – WP User Frontend fixed vulnerable versions:
Review Plugin for WordPress & WooCommerce with Video Testimonials, Review Widget & Social Proof – Easy Video Reviews fixed vulnerable versions:
Sheets To WP Table Live Sync fixed vulnerable versions: >= * <= 2.12.14
Sheets to WP Table Live Sync – WordPress Table Plugin with Google Sheets Integration fixed vulnerable versions:
Sheets to WP Table Live Sync | Google Sheets Table Plugin for WordPress with Spreadsheet Integration – FlexTable fixed vulnerable versions:
Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider fixed vulnerable versions:
Slider, Gallery, and Carousel by MetaSlider – Image Sliders, Video Sliders fixed vulnerable versions:
Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Image Sliders fixed vulnerable versions:
Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Image Slideshows fixed vulnerable versions:
Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Slideshows fixed vulnerable versions: >= * <= 3.28.0
Slider, Gallery, Carousel by MetaSlider – Image Slider, Video Slider, Post Slider fixed vulnerable versions:
Solid Testimonials fixed vulnerable versions:
Stylish Cost Calculator fixed vulnerable versions: >= * <= 7.3.6
Stylish Cost Calculator – Quote Generator, Lead Gen & Price Estimator fixed vulnerable versions:
Subscribe2 – Form, Email Subscribers & Newsletters fixed vulnerable versions: >= * <= 10.37
Table Plugin for WordPress with Google Sheets Integration – Sheets to WordPress Table Live Sync fixed vulnerable versions:
Table Plugin for WordPress with Google Sheets Integration – Sheets to WP Table Live Sync fixed vulnerable versions:
Testimonial Plugin for WordPress with Video Reviews, Video Testimonials, Social Proof & More – Easy Video Reviews fixed vulnerable versions:
Testimonial Plugin for WordPress with Video Reviews, Video Testimonials, Testimonial Grid, Social Proof & More – Easy Video Reviews fixed vulnerable versions:
Texty – SMS Notification for WordPress, WooCommerce, Dokan and more fixed vulnerable versions: >= * <= 1.1.1
The Best WordPress Knowledgebase and Documentation Plugin – weDocs fixed vulnerable versions:
Unlimited Elementor Inner Sections By BoomDevs fixed vulnerable versions: >= * <= 1.0.1
Update Image Tag Alt Attribute fixed vulnerable versions: >= * <= 2.4.3
Visibility Logic for Elementor fixed vulnerable versions: >= * <= 2.3.3
Webinar and Video Conference with Jitsi Meet fixed vulnerable versions: >= * <= 1.2.5
Webinar and Video Conference with Jitsi Meet – Create Branded Webinars for WordPress, Meetings & Livestreaming fixed vulnerable versions:
weDocs – All in one knowledge base, documentation, wiki and contact form solution including Ai chatbot support fixed vulnerable versions:
weDocs – Knowledgebase and Documentation Plugin for WordPress fixed vulnerable versions: >= 1.6 <= 1.7.5
weDocs – Knowledgebase, Documentation, and Wiki for WP fixed vulnerable versions:
weDocs – Knowledgebase, Documentation, and Wiki Plugin for WP fixed vulnerable versions:
weMail – Email Marketing, Lead Generation, Optin Forms, Email Newsletters, A/B Testing, and Automation fixed vulnerable versions:
weMail – Email Marketing, Newsletter, Optin Forms, Subscribers WordPress Plugin fixed vulnerable versions: >= * <= 1.14.1
wePOS – Point Of Sale (POS) for WooCommerce fixed vulnerable versions: >= * <= 1.2.5
Wiremo – Product Reviews for WooCommerce fixed vulnerable versions: >= * <= 1.4.96
WooCommerce Conversion Tracking fixed vulnerable versions: >= * <= 2.0.10
WordPress CTA – WordPress Call To Action, Sticky CTA, Floating Buttons, Floating Tab Plugin fixed vulnerable versions: >= * <= 1.5.8
WordPress Pinterest Plugin – Make a Popup, User Profile, Masonry and Gallery Layout fixed vulnerable versions: >= * <= 1.6.2
WP CTA fixed vulnerable versions:
WP CTA – Call To Action Plugin, Sticky CTA, Floating Buttons, Floating Tab Plugin fixed vulnerable versions:
WP CTA – Call To Action Plugin, Sticky CTA, Sticky Buttons fixed vulnerable versions:
WP CTA – sticky CTA builder, generate leads, promote sales fixed vulnerable versions:
WP Dark Mode – Best Dark Mode Plugin for WordPress with Social Sharing fixed vulnerable versions: >= * <= 3.0.4
WP Dark Mode – Best WordPress Dark Mode Plugin with Enhanced Dark Theme, Night Mode, One Click Accessibility, and Social Sharing fixed vulnerable versions:
WP Dark Mode – Dark Mode Plugin for Improved Accessibility, Dark Theme, Night Mode, and Social Sharing fixed vulnerable versions:
WP Dark Mode – WordPress Dark Mode Plugin for Improved Accessibility, Dark Theme, Night Mode, and Social Sharing fixed vulnerable versions:
Wp Edit Password Protected – Create Member/User Only Page & Design Password Protected Form fixed vulnerable versions: >= * <= 1.2.3
Wp Edit Password Protected – Create Password Protect Pages & Design Password Protected Form fixed vulnerable versions:
WP Mail Logging fixed vulnerable versions: >= 1.10.5 <= 1.10.5
WP Markdown Editor (Formerly Dark Mode) fixed vulnerable versions: >= * <= 4.1.2
WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts fixed vulnerable versions: >= * <= 2.6.12
WP User Frontend – Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submission Plugin fixed vulnerable versions: >= * <= 3.6.0
WP VR – 360 Panorama and Free Virtual Tour Builder For WordPress fixed vulnerable versions:
WP VR – 360 Panorama and Virtual Tour Builder For WordPress fixed vulnerable versions: >= * <= 8.2.5
Boostify Header Footer Builder for Elementor open vulnerable versions: >= * <= 1.2.8
Elementor Addons, Widgets and Enhancements – Stax open vulnerable versions: >= * <= 1.4.3
Exclusive Team for Elementor open vulnerable versions: >= * <= 1.2.4
Gallery Box open vulnerable versions: >= * <= 1.7.30
Product Category Showcase for WooCommerce open vulnerable versions: >= * <= 1.1.9
PT Addons for Elementor Lite open vulnerable versions: >= * <= 2.2
UNKNOWN-CVE-2011-4624 open vulnerable versions: > 0 < 0
W4 Post List open vulnerable versions: >= * <= 2.4.2
Woostify Sites Library open vulnerable versions: >= * <= 1.4.3
Worth The Read open vulnerable versions: >= * <= 1.14

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.