Archives: Vulnerabilities
Input validation vulnerability in TCBD Popover 1.2
The TCBD Popover plugin for WordPress has a security issue that allows hackers to add harmful code to websites using the plugin. This can happen when someone with certain levels of access adds a specific code to a page. This can put website visitors at risk of having the harmful code executed on their devices.
Access violation vulnerability in FW Food Menu – Responsive food menu with ordering & delivery solutions 6.0.0
The FW Food Menu is a plugin for WordPress that helps with ordering and delivery of food. However, there is a problem with the plugin that allows attackers to delete important files on the server without being authenticated. This can lead to serious issues, such as remote code execution.
Input validation vulnerability in Progress Tracker 0.9.3
The Progress Tracker plugin for WordPress may have a security issue in versions 0.9.3 and below. This could allow someone with certain access privileges to add harmful code to a website, which would then run whenever someone visits that page.
Access violation vulnerability in Element Pack Pro – Addon for Elementor Page Builder WordPress Plugin 7.18.12
The Element Pack Pro plugin for WordPress, an add-on for the Elementor Page Builder plugin, has a security vulnerability that allows unauthorized access. This is because a function in all versions, including 7.18.12, does not have a proper check for user permissions. As a result, attackers who are logged in with Subscriber-level access or higher can carry out unauthorized actions.
Input validation vulnerability in Element Pack Pro – Addon for Elementor Page Builder WordPress Plugin 7.18.12
The Element Pack Pro is an add-on for the Elementor Page Builder WordPress Plugin. It has a vulnerability called Cross-Site Request Forgery, which affects all versions up to 7.18.12. This happens because a certain function does not properly check for a security code. This allows unauthorized people to do things they shouldn’t be able to do, as long as they can trick a website administrator into clicking on a link.