Privilege escalation vulnerability in WordPress ND Shortcodes For Visual Composer plugin.
The WordPress ND Shortcodes For Visual Composer plugin (10,000+ active installations), was prone to a critical privilege escalation vulnerability.
HTML injection vulnerability in WordPress Pirate Forms plugin.
The WordPress Pirate Forms plugin (200,000+ active installations) was prone to an HTML injection vulnerability that could be used to target the administrator.
Unauthenticated Stored XSS in WordPress Coming Soon Page and Maintenance Mode plugin.
The WordPress Coming Soon Page and Maintenance Mode (7,000+ active installations), was prone to unauthenticated stored XSS and settings reset vulnerabilities in version 1.7.8 and below.
Settings change and CSS injection in WordPress Ocean Extra plugin.
The WordPress Ocean Extra plugin, which has over 400,000 active installations, was prone to settings change and CSS injection vulnerabilities in version 1.5.8 and below.
Stored XSS and CSV injection vulnerabilities in WordPress Shortlinks by Pretty Links plugin.
The WordPress Shortlinks by Pretty Links plugin, which has over 200,000 active installations, was prone to stored XSS and CSV injection vulnerabilities in version 2.1.9 and below.
Arbitrary file upload vulnerability in WordPress Crelly Slider plugin.
The WordPress Crelly Slider plugin, which has 20,000+ active installations, was prone to an authenticated arbitrary file upload vulnerability in version 1.3.4 and below.
Arbitrary file upload vulnerability in WordPress User Submitted Posts plugin.
The WordPress User Submitted Posts plugin (30,000+ active installations) was prone to an arbitrary file upload vulnerability in version 20190426 and below.
Zero-day vulnerability in WordPress YellowPencil Visual CSS Style Editor plugin actively exploited.
We are seeing today a lot of hacked WordPress blogs due to a critical vulnerability in the WordPress YellowPencil Visual CSS Style Editor plugin which has 30,000+ active installations.
WordPress Yuzo Related Posts plugin vulnerability massively exploited.
Hackers are currently actively exploiting a vulnerability in the WordPress Related Posts plugin, which has 60,000+ active installations.
NinjaFirewall (WP Edition) adds PHP backtrace to email notifications.
Starting from version 3.8.3, NinjaFirewall (WP and WP+ Edition) will attach a PHP backtrace to some important email notifications sent to the administrator.