Archives: Vulnerabilities
Input validation vulnerability in Hydra Booking – All in One Appointment Booking System | Appointment Scheduling, Booking Calendar & WooCommerce Bookings 1.1.10
The Hydra Booking plugin for WordPress has a security issue in versions up to 1.1.10. This is because the plugin does not properly protect against a type of attack called SQL Injection. As a result, attackers who have at least subscriber-level access can add their own code to existing queries and get access to private information from the website’s database.
Access violation vulnerability in Product Bundles, Quantity/Bulk Discount, BOGO, Buy X Get Y – WowRevenue 1.2.13
The Product Bundles, Quantity/Bulk Discount, BOGO, and Buy X Get Y – WowRevenue plugin for WordPress has a security issue that allows unauthorized access. This is because a certain function does not have a check for user permissions. This means that someone with at least Subscriber-level access can perform actions without permission.
Input validation vulnerability in Employee Spotlight – Team Member Showcase & Meet the Team Plugin 5.1.0
Several plugins for WordPress created by eMarket Design have a security issue known as Stored Cross-Site Scripting. This means that there is a lack of proper protection against harmful code being inserted into the plugins. As a result, attackers who have Contributor-level access or higher can add their own code to pages that will run whenever someone visits that page.
Access violation vulnerability in AI ChatBot – WPBot 7.3.5
The ChatBot add-on for WordPress is not secure because it does not have a check to make sure only the right people can use it. This means that someone who has at least subscriber-level access can do things they’re not supposed to do.
Input validation vulnerability in Flying Images: Optimize and Lazy Load Images for Faster Page Speed 2.4.14
The “Flying Images” plugin for WordPress is not secure and can be exploited by hackers. This can happen if the plugin is not properly configured and allows unfiltered content to be added to web pages. This vulnerability only affects certain types of installations and can be fixed by updating to the latest version of the plugin.