Archives: Vulnerabilities
Input validation vulnerability in Avada (Fusion) Builder 3.11.13
The Avada Builder plugin for WordPress has a security issue where anyone can run shortcodes without proper validation. This means that attackers who are not authenticated can run any shortcode they want.
Input validation vulnerability in Avada (Fusion) Builder 3.11.11
The Avada Builder plugin for WordPress has a security issue that allows attackers to inject harmful code into web pages. This can happen because the plugin does not properly check and protect user input. As a result, anyone with contributor-level access or higher can add harmful scripts to pages that will run when someone views them.
Access violation vulnerability in Avada (Fusion) Builder 3.11.12
The Avada (Fusion) Builder plugin for WordPress has a security issue that can expose sensitive information. This vulnerability exists in all versions up to 3.11.12 and is caused by the handle_clone_post() function and the ‘fusion_blog’ shortcode. These features do not have enough restrictions, allowing attackers with contributor-level access or higher to view data from password protected, private, or draft posts that they should not have access to.
Input validation vulnerability in Envato Affiliater 1.2.4
The plugin called Envato Affiliater for WordPress has a security issue that makes it vulnerable to a type of hacking called Reflected Cross-Site Scripting. This can happen in all versions of the plugin, including the most recent one, 1.2.4, because the plugin does not properly clean up and secure the information that is put into it. This means that someone who is not authorized to access the website can put harmful code into the pages, which will run if a
Input validation vulnerability in Prayer Times Anywhere 2.0.1
The Prayer Times Anywhere plugin for WordPress has a security issue that allows attackers to make changes to the settings and inject harmful scripts into a website. This is because the plugin does not properly check for a security code when certain actions are performed. Attackers can exploit this vulnerability by tricking a site administrator into clicking on a link.