Archives: Vulnerabilities
Input validation vulnerability in Masy Gallery 1.7
The Masy Gallery plugin for WordPress has a security issue that allows attackers to inject harmful web scripts into pages using a special code called ‘justified-gallery’. This can only be done by someone with a certain level of access, but it could cause harm to users who visit the affected pages.
Access violation vulnerability in WPS Telegram Chat 4.5.4
The WPS Telegram Chat plugin for WordPress has a security issue that could allow unauthorized changes to data and potential data loss. This is because a necessary security check is missing in the ‘Wps_Telegram_Chat_Admin::checkСonnection’ function in versions up to 4.5.4. This means that attackers who are logged in with subscriber-level access or higher could gain access to the Telegram Bot API endpoint and use it to communicate.
Access violation vulnerability in WPS Telegram Chat 4.5.4
The WPS Telegram Chat plugin for WordPress has a security issue that allows unauthorized access to messages. This can happen in versions up to and including 4.5.4, and it means that people who are not logged in can see the messages sent through the Telegram Bot API.
Input validation vulnerability in Get Posts 0.6
The Get Posts plugin for WordPress has a security issue that allows hackers to inject harmful code into web pages. This can happen if the attacker has a certain level of access to the site.
Input validation vulnerability in Zigaform – Price Calculator & Cost Estimation Form Builder Lite 7.4.2
A plugin called Zigaform on WordPress has a security issue where hackers can insert harmful code on certain pages. This can happen on any version up to 7.4.2 and even if you’re not logged in.