Archives: Vulnerabilities

Access violation vulnerability in ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution 4.8.4

The ShopEngine Elementor WooCommerce Builder Addon is a plugin for WordPress that helps with managing an online store. Unfortunately, there is a security issue with this plugin that could allow unauthorized people to change important data. This is because the plugin does not have proper checks in place to prevent this from happening. As a result, people with certain levels of access, such as Editors and above, could potentially activate or deactivate licenses without permission.

November 21, 2025

Input validation vulnerability in aThemes Addons for Elementor 1.1.5

The aThemes Addons for Elementor plugin for WordPress has a security flaw that allows hackers to inject harmful web scripts through the Call To Action widget. This can only be done by authenticated attackers with contributor-level or higher permissions. This means that the injected scripts will run whenever a user visits the affected page.

November 21, 2025

Input validation vulnerability in aThemes Addons for Elementor 1.1.2

The aThemes Addons for Elementor plugin for WordPress has a security issue that allows attackers to inject harmful scripts into webpages. This can happen if an attacker has contributor-level access or higher and can affect versions up to 1.1.3.

November 21, 2025

Authentication vulnerability in Integrate Dynamics 365 CRM 1.0.9

The plugin that connects Dynamics 365 CRM to WordPress has a security issue that allows unauthorized people to access it. This can happen in any version up to 1.0.9. The problem is that certain checks and verifications are missing, making it possible for attackers to deactivate the plugin, change settings, and access sensitive information by sending specific requests.

November 21, 2025

Input validation vulnerability in VikRestaurants Table Reservations and Take-Away 1.4

The VikRestaurants plugin for WordPress, used for making table reservations and take-away orders, has a security issue. This can allow hackers with high-level access to the site to inject harmful code into certain pages, which will run when someone views them. This only affects sites with multiple installations and those that have disabled a certain security feature.

November 21, 2025

USE CODE: BF2025

Recent

Configuring Really Simple Security with WP-CLI

How to Fix The “Link you followed has Expired” error on WordPress

404 Not Found errors detected on your homepage

Protecting site visitors with Security Headers

Hardening your website’s security

Why WordPress is (in)secure

Staying ahead of vulnerabilities

Our journey towards Really Simple Security

Categories

Most popular

Configuring Really Simple Security with WP-CLI

How to Fix The “Link you followed has Expired” error on WordPress

404 Not Found errors detected on your homepage

Protecting site visitors with Security Headers

Hardening your website’s security

Why WordPress is (in)secure

Staying ahead of vulnerabilities

Our journey towards Really Simple Security

Archives: Vulnerabilities

Access violation vulnerability in ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution 4.8.4

Input validation vulnerability in aThemes Addons for Elementor 1.1.5

Input validation vulnerability in aThemes Addons for Elementor 1.1.2

Authentication vulnerability in Integrate Dynamics 365 CRM 1.0.9

Input validation vulnerability in VikRestaurants Table Reservations and Take-Away 1.4

Join our mailing list - 6 Tips & Tricks in your inbox over the next days!

Plugins

Get Started

About

Popular articles