Unauthenticated stored XSS vulnerability in WordPress OneTone theme (unpatched).

The WordPress OneTone theme, which has 20,000+ active installations, is prone to an unpatched and unauthenticated settings import vulnerability that could lead to multiple stored XSS.

Posted on April 1, 2020April 1, 2020
Changelog

NinTechNet changelog.

April 01, 2020 NinjaScanner v2.0.6 Tweaked the scanner to lower false positives and to better differentiate between “critical” and “important” severity levels. https://nintechnet.com/ninjascanner/ March 21, 2020…

Posted on March 31, 2020
NinjaFirewall

WordPress Elementor plugin fixed Safe Mode privilege escalation vulnerability.

The WordPress Elementor plugin, which is installed on 4+ million blogs, fixed a high severity vulnerability affecting version 2.9.5 and below.

Posted on March 21, 2020March 21, 2020
NinjaFirewall

WordPress Plugins and Themes Vulnerabilities Roundup.

This post reviews WordPress themes and plugins vulnerabilities that received little to no coverage until today.

Posted on March 13, 2020
NinjaFirewall

Authenticated stored XSS vulnerability in WordPress Fruitful theme.

The WordPress Fruitful theme, which has 9,000+ active installations, was prone to an authenticated stored XSS vulnerability in version 3.8.1 and below.