Archives: Vulnerabilities
Access violation vulnerability in BlindMatrix e-Commerce 3.0
The BlindMatrix e-Commerce plugin for WordPress has a security issue that allows attackers to access and run any files on the server. This can be done by people with Contributor-level access or higher. This could lead to accessing private information or running malicious code.
Input validation vulnerability in User Notes 1.0.2
The User Notes add-on for WordPress has a security flaw that allows for Stored Cross-Site Scripting. This means that hackers with administrator-level access or higher can insert harmful code into web pages that will run when a user visits the page. This only impacts multi-site setups and installations where the option to filter HTML has been turned off.
Access violation vulnerability in Contact Form Email 1.3.58
The WordPress plugin called “Contact Form Email” has a security issue that allows unauthorized users to gain access. This is because the plugin does not have a check in place to verify user permissions. As a result, anyone with Contributor-level access or higher can carry out actions without permission.
Access violation vulnerability in Easy Post Submission – Frontend Posting, Guest Publishing & Submit Content for WordPress 1.7.0
The Easy Post Submission plugin for WordPress, which allows users to submit content and publish as a guest, has a security vulnerability that can expose sensitive information. This vulnerability affects all versions of the plugin up to 1.7.0, and can be exploited by attackers who are not logged in to the website.
Input validation vulnerability in Avada (Fusion) Builder 3.13.2
The Fusion Builder plugin used in WordPress is at risk for a type of cyber attack called Stored Cross-Site Scripting. This is because the plugin does not properly clean and protect user input, making it possible for attackers who have contributor-level access or higher to insert harmful scripts into web pages. These scripts can then run whenever a user visits the affected page.