Archives: Vulnerabilities
Output validation vulnerability in Scape – Multipurpose WordPress theme 1.5.13
The Scape theme for WordPress has a security issue where untrusted information can be used to inject a PHP Object. This can be done by attackers who are not logged in. There is no known way for them to do this, unless there is another plugin or theme installed on the website that makes it possible. In that case, the attacker could delete important files, access private information, or run their own code.
Input validation vulnerability in Popup Box – Create Countdown, Coupon, Video, Contact Form Popups 5.5.4
A plugin called “The Popup Box” for WordPress has a security issue that allows hackers to trick site administrators into performing an unauthorized action by clicking on a link. This vulnerability affects all versions up to 5.5.4.
Input validation vulnerability in Medcity – Health & Medical WordPress Theme 1.1.9
The Medcity WordPress theme, designed for health and medical websites, has a security issue that allows unauthorized users to upload any type of file to the site. This can potentially lead to hackers being able to execute code remotely on the site’s server.
Output validation vulnerability in BugsPatrol – Pest & Insects Control Disinsection Services WordPress Theme 1.5.0
The BugsPatrol theme for WordPress has a security issue that allows hackers to inject harmful code without proper authorization. This can happen in versions up to 1.5.0 when the theme is trying to process untrusted information. This could potentially give the attacker access to sensitive information, delete important files, or even run their own code. There is no known solution for this issue, so it’s important to be cautious when using this theme.
Output validation vulnerability in WP Store Locator 2.2.260
The Store Locator plugin for WordPress has a security issue that can be exploited by attackers. This can happen when untrusted information is processed, allowing attackers with certain levels of access to inject malicious code. There is no known solution for this issue, but if another plugin or theme is installed on the website, it could potentially make the situation worse by allowing the attacker to delete files, access sensitive data, or run code.