Unauthenticated function injection vulnerability fixed in 15 WordPress themes.
Fifteen WordPress themes were prone to critical unauthenticated function injection and privilege escalation vulnerabilities.
The Ninja Technologies Network
Fifteen WordPress themes were prone to critical unauthenticated function injection and privilege escalation vulnerabilities.
The Product Input Fields for WooCommerce plugin (5,000+ active installations) fixed a high severity vulnerability that could allow an unauthenticated user to download any file from the blog, including the WordPress configuration file.
The WordPressWP Security Audit Log plugin, (100,000+ active installations), fixed a vulnerability that could lead to privilege escalation, sensitive data exposure and insecure deserialization.
For the past six months, we have reported quite a lot of vulnerabilities we discovered in WordPress themes and plugins. Here are some interesting stats and facts about them, as well as a few recommendations for developers.
The WordPress IgniteUp/Coming Soon and Maintenance Mode plugin, which has 30,000+ active installations, was prone to multiple vulnerabilities in version 3.4 and below that could lead to arbitrary file deletion, stored XSS, information disclosure, HTML injection in email and CSRF, among a few other issues.