Archives: Vulnerabilities
Input validation vulnerability in DancePress (TRWA) 3.1.11
The DancePress plugin for WordPress has a security issue that allows unauthorized actions to be performed by attackers who are not logged in. This is because the plugin does not properly check for a specific code (called a nonce) that verifies the authenticity of a request. This means that attackers could trick a site administrator into clicking on a link that allows them to do something they shouldn’t be able to do.
Input validation vulnerability in Gameplan – Event and Gym Fitness WordPress Theme 1.5.10
The Gameplan theme for WordPress has a security issue called Reflected Cross-Site Scripting. This means that people who are not authorized can insert harmful code into pages if they can trick someone into clicking on a link.
Input validation vulnerability in AIO Contact 2.8.1
The AIO Contact plugin for WordPress has a security issue called Stored Cross-Site Scripting, which affects all versions up to 2.8.1. This happens because the plugin does not properly clean up user input and output, allowing hackers to insert harmful web scripts into pages. This can be dangerous as it allows the scripts to run when a user visits the affected page.
Access violation vulnerability in AIO Contact 2.8.1
The AIO Contact plugin for WordPress has a security issue that allows unauthorized access. This is because there is no check in place to ensure that only authorized users can use a specific function. As a result, attackers who are not logged in can perform actions that they should not be able to.
Input validation vulnerability in WP Database Audit 1.0
The WP Database Audit plugin for WordPress has a security issue that could allow attackers to inject harmful web scripts into pages. This can happen if they are able to trick a user into clicking on a link. The plugin is vulnerable in versions 1.0 and below.