Archives: Vulnerabilities

Access violation vulnerability in Web Accessibility by accessiBe 2.10

The Web Accessibility By accessiBe plugin for WordPress has a security issue that allows unauthorized changes to be made to data. This is because certain functions do not have proper checks in place. This means that someone with subscriber-level access or higher could potentially do things they are not supposed to do.

November 21, 2025

Input validation vulnerability in Web Accessibility by accessiBe 2.10

The Web Accessibility By accessiBe plugin for WordPress has a security vulnerability where attackers can make changes to the plugin’s settings and create verification files without being authenticated. This is possible because the plugin does not check for a special code called a “nonce” on certain actions. Attackers can exploit this vulnerability by tricking a site administrator into clicking on a link.

November 21, 2025

Input validation vulnerability in Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI 3.40.0

A popular plugin for WordPress called Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI has a security vulnerability that allows hackers to access sensitive information from the website’s database. This is because the plugin does not properly protect against SQL Injection attacks, which is a common method used by hackers to manipulate databases. The vulnerability affects all versions up to 3.40.0 and can only be exploited by users with Editor-level access or higher.

November 21, 2025

Input validation vulnerability in Flo Forms – Easy Drag & Drop Form Builder 1.0.43

The Flo Forms plugin for WordPress has a security vulnerability where malicious code can be uploaded through SVG files. This can happen because the plugin allows these file uploads without properly checking the content. This means that someone without authorization could upload a file containing harmful code, which could then be executed by an administrator who views it in the WordPress admin interface. This could potentially lead to the entire website being compromised.

November 21, 2025

Input validation vulnerability in wpForo Forum 2.4.9

The wpForo Forum plugin for WordPress has a security issue called SQL Injection that affects all versions up to 2.4.9. This happens because the plugin does not properly protect user input and does not properly prepare the SQL query. As a result, people with Subscriber-level access or higher can add their own queries to the existing ones, which could potentially access private information from the database.

November 21, 2025

USE CODE: BF2025

Recent

Configuring Really Simple Security with WP-CLI

How to Fix The “Link you followed has Expired” error on WordPress

404 Not Found errors detected on your homepage

Protecting site visitors with Security Headers

Hardening your website’s security

Why WordPress is (in)secure

Staying ahead of vulnerabilities

Our journey towards Really Simple Security

Categories

Most popular

Configuring Really Simple Security with WP-CLI

How to Fix The “Link you followed has Expired” error on WordPress

404 Not Found errors detected on your homepage

Protecting site visitors with Security Headers

Hardening your website’s security

Why WordPress is (in)secure

Staying ahead of vulnerabilities

Our journey towards Really Simple Security

Archives: Vulnerabilities

Access violation vulnerability in Web Accessibility by accessiBe 2.10

Input validation vulnerability in Web Accessibility by accessiBe 2.10

Input validation vulnerability in Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI 3.40.0

Input validation vulnerability in Flo Forms – Easy Drag & Drop Form Builder 1.0.43

Input validation vulnerability in wpForo Forum 2.4.9

Join our mailing list - 6 Tips & Tricks in your inbox over the next days!

Plugins

Get Started

About

Popular articles