Archives: Vulnerabilities
Access violation vulnerability in HyperComments 1.2.2
The HyperComments plugin, which is used on WordPress websites, has a security issue that could allow unauthorized users to change data and gain higher privileges. This is because the plugin does not properly check for permissions on a specific function. As a result, attackers who are not logged in could change certain settings on a WordPress site. This could be used to give themselves administrative access and register as a user with administrative privileges.
Input validation vulnerability in Advanced What should we write next about 1.0.3
The Advanced WordPress plugin called “What should we write next about” has a security issue called SQL Injection. This means that in versions up to 1.0.3, the plugin does not properly protect against user input and does not properly prepare the database query. This could allow attackers who have access to the website as a subscriber or higher to add their own queries to the existing ones and potentially access sensitive information from the database.
Input validation vulnerability in WP Githuber MD – WordPress Markdown Editor 1.16.3
The WP Githuber MD plugin for WordPress has a security issue that allows hackers to insert harmful code into web pages. This can happen because the plugin does not properly clean up user input and output. This means that attackers with contributor-level access or higher can add their own code to pages, which will run whenever a user visits the page.
Input validation vulnerability in Avada (Fusion) Builder 3.12.1
The Avada (Fusion) Builder plugin, used on WordPress, can be hacked through a vulnerability known as Stored Cross-Site Scripting. This happens when the ‘fusion_map’ shortcode is used in versions 3.12.1 and below. The plugin does not properly clean and protect user inputs, which allows hackers with contributor or higher level access to insert harmful web scripts onto pages. These scripts will then run whenever someone visits the affected page.
Input validation vulnerability in Avada (Fusion) Builder 3.11.14
The Avada (Fusion) Builder plugin for WordPress has a security issue that allows attackers to inject harmful web scripts. This can happen if the attacker has contributor-level access or higher. The plugin’s shortcodes are not properly checked for malicious code, leaving the website vulnerable to these attacks.