Archives: Vulnerabilities
Input validation vulnerability in Grid Plus – Unlimited grid layout 3.3
The Grid Plus plugin for WordPress has a security issue called Reflected Cross-Site Scripting. This happens because the plugin doesn’t properly clean or filter user input, allowing attackers to insert harmful code into a page. This can happen if a user clicks on a malicious link, giving the attacker access to their actions on the page.
Input validation vulnerability in Soledad 8.6.8
The Soledad theme for WordPress has a security issue called Stored Cross-Site Scripting. This means that attackers with certain levels of access can add harmful scripts to pages, which will run when someone views those pages.
Input validation vulnerability in Soledad 8.6.8
The Soledad theme for WordPress has a security flaw in versions up to 8.6.8. This means that people who have contributor-level access or higher can potentially access and run any file on the server. This could lead to getting around security measures, accessing private information, or running harmful code in situations where things like images and other safe files can be uploaded and used.
Input validation vulnerability in Restrict User Registration 1.0.1
The plugin called “Restrict User Registration” for WordPress has a security issue called Cross-Site Request Forgery. This means that anyone, without being logged in, can change the plugin’s settings by tricking the site administrator into clicking on a link. This problem exists in all versions up to and including 1.0.1.
Access violation vulnerability in One to one user Chat by WPGuppy 1.1.4
The user chat feature in the WPGuppy plugin for WordPress is vulnerable to unauthorized access. This means that anyone who is not authorized may be able to access it without permission. This issue affects all versions of the plugin up to and including version 1.1.4.