The WordPress Ultimate GDPR and CCPA Compliance Toolkit plugin, which has 6,000+ sales on Envato Market, was prone to a critical unauthenticated settings import and export vulnerability affecting version 2.4 and below that could allow an attacker to redirect traffic to a malicious site among other issues.
February 01, 2021 NinjaScanner v3.0.6 Fixed a potential “Missing Lock File” error that may occur on slow servers. Added streaming to the wp_remote_get function to lower…
The WordPress uListing plugin (3,000+ active installations) fixed multiple critical vulnerabilities affecting version 1.6.6 and below.
The WordPress Doneren Met Mollie plugin (4,000+ active installations) fixed a broken access control vulnerability affecting version 2.8.4 and below that could lead to authenticated information disclosure.
The WordPress WP Quick FrontEnd Editor plugin (1,000+ active installations) is prone to a broken access control vulnerability affecting version 5.5 and below that could lead to authenticated content injection, stored XSS and settings change.