Multiple WordPress plugins fixed CSRF vulnerabilities (part 2).
Multiple WordPress plugins were found to be vulnerable to cross-site request forgery (CSRF) attacks.
Category: Security
WordPress Kiwi Social Sharing plugin fixed critical vulnerability.
The WordPress Kiwi Social Sharing plugin fixed a critical vulnerability affecting version 2.1.0 that could allow unauthenticated users to modify WordPress options in the database and take over the website.
Security issue fixed in NinjaFirewall (WP Edition).
Today, we released version 4.3.4 of our NinjaFirewall (WP/WP+ Edition) plugin which includes a minor security fix.
Vulnerabilities fixed in WordPress Controlled Admin Access plugin.
Improper input validation in the WordPress Controlled Admin Access plugin (8,000+ active installations) affecting version 1.5.5 and below could lead to privilege escalation.
Zero-day vulnerability fixed in WordPress Flo Forms plugin.
The WordPress Flo Forms plugin (10,000+ installations) fixed a critical zero-day vulnerability affecting version 1.0.35 and below that could allow the attacker to take over the website and its database.