Unauthenticated function injection vulnerability fixed in 15 WordPress themes.
Fifteen WordPress themes were prone to critical unauthenticated function injection and privilege escalation vulnerabilities.
Search Results for: admin_init
High severity vulnerability fixed in Product Input Fields for WooCommerce.
The Product Input Fields for WooCommerce plugin (5,000+ active installations) fixed a high severity vulnerability that could allow an unauthenticated user to download any file from the blog, including the WordPress configuration file.
Vulnerabilities fixed in WordPress WP Security Audit Log plugin.
The WordPressWP Security Audit Log plugin, (100,000+ active installations), fixed a vulnerability that could lead to privilege escalation, sensitive data exposure and insecure deserialization.
WordPress Plugins and Themes Vulnerabilities: Stats, Facts and Recommendations.
For the past six months, we have reported quite a lot of vulnerabilities we discovered in WordPress themes and plugins. Here are some interesting stats and facts about them, as well as a few recommendations for developers.
Multiple vulnerabilities in WordPress IgniteUp/Coming Soon and Maintenance Mode plugin.
The WordPress IgniteUp/Coming Soon and Maintenance Mode plugin, which has 30,000+ active installations, was prone to multiple vulnerabilities in version 3.4 and below that could lead to arbitrary file deletion, stored XSS, information disclosure, HTML injection in email and CSRF, among a few other issues.