Access violation vulnerability in Appsero analytics tool 1.2.1 (41 plugins affected)

Several plugins are using the Appsero analytics tool, but it is vulnerable to authorization bypass due to a missing capability check on a function used for feedback submission in versions up to 1.2.1. This means that attackers with a certain level of access can use a function that was only meant for administrators.

Detected in:

Bangladeshi Payment Gateways – Make Payment Using QR Code fixed vulnerable versions: >= * <= 2.0.6
BuddyPress Builder for Elementor – BuddyBuilder fixed vulnerable versions: >= * <= 1.7.1
Cart Lift – Abandoned Cart Recovery for WooCommerce and EDD fixed vulnerable versions: >= * <= 3.1.3
Challan – PDF Invoice & Packing Slip for WooCommerce fixed vulnerable versions: >= * <= 3.4.8
Click to top fixed vulnerable versions: >= * <= 1.2.19
Dashboard Welcome for Elementor fixed vulnerable versions: >= * <= 1.0.6
Drag & Drop Sales Funnel Builder for WordPress – WPFunnels fixed vulnerable versions: >= * <= 2.6.4
Exclusive Addons for Elementor fixed vulnerable versions: >= * <= 2.6.1
Fuse Social Floating Sidebar fixed vulnerable versions: >= * <= 5.4.6
Happy Addons for Elementor fixed vulnerable versions: >= * <= 3.8.2
Increase Maximum Upload File Size | Increase Execution Time fixed vulnerable versions: >= * <= 1.0.9
Magical Posts Display – Elementor Advanced Posts widgets fixed vulnerable versions: >= * <= 1.2.15
Product Carousel Slider & Grid Ultimate for WooCommerce fixed vulnerable versions: >= * <= 1.9.3
Product Gallery Slider for WooCommerce fixed vulnerable versions: >= * <= 2.2.6
Sheets To WP Table Live Sync fixed vulnerable versions: >= * <= 2.12.14
Solid Testimonials fixed vulnerable versions:
Stylish Cost Calculator fixed vulnerable versions: >= * <= 7.3.6
Subscribe2 – Form, Email Subscribers & Newsletters fixed vulnerable versions: >= * <= 10.37
Unlimited Elementor Inner Sections By BoomDevs fixed vulnerable versions: >= * <= 1.0.1
Update Image Tag Alt Attribute fixed vulnerable versions: >= * <= 2.4.3
Visibility Logic for Elementor fixed vulnerable versions: >= * <= 2.3.3
Webinar and Video Conference with Jitsi Meet fixed vulnerable versions: >= * <= 1.2.5
weDocs – Knowledgebase and Documentation Plugin for WordPress fixed vulnerable versions: >= 1.6 <= 1.7.5
wePOS – Point Of Sale (POS) for WooCommerce fixed vulnerable versions: >= * <= 1.2.5
Wiremo – Product Reviews for WooCommerce fixed vulnerable versions: >= * <= 1.4.96
WooCommerce Conversion Tracking fixed vulnerable versions: >= * <= 2.0.10
WP Mail Logging fixed vulnerable versions: >= 1.10.5 <= 1.10.5
WP Markdown Editor (Formerly Dark Mode) fixed vulnerable versions: >= * <= 4.1.2
WP VR – 360 Panorama and Virtual Tour Builder For WordPress fixed vulnerable versions: >= * <= 8.2.5
Boostify Header Footer Builder for Elementor open vulnerable versions: >= * <= 1.2.8
Elementor Addons, Widgets and Enhancements – Stax open vulnerable versions: >= * <= 1.4.3
Exclusive Team for Elementor open vulnerable versions: >= * <= 1.2.4
Gallery Box open vulnerable versions: >= * <= 1.7.30
Product Category Showcase for WooCommerce open vulnerable versions: >= * <= 1.1.9
Product Category Slider for WooCommerce open vulnerable versions: >= * <= 4.1.5
PT Addons for Elementor Lite open vulnerable versions: >= * <= 2.2
UNKNOWN-CVE-2011-4624 open vulnerable versions: > 0 < 0
W4 Post List open vulnerable versions: >= * <= 2.4.2
Woostify Sites Library open vulnerable versions: >= * <= 1.4.3
Worth The Read open vulnerable versions: >= * <= 1.14

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

Is this information incorrect? Please leave us a message.