The Ninja Technologies Network
The WordPress ND Learning Courses plugin (2,000+ active installations) was prone to a critical vulnerability that could allow an attacker to take over the blog and its database.
The WordPress ND Bookings plugin (3,000+ active installations) was prone to a critical vulnerability that could allow an attacker to take over the blog and its database.
The WordPress ND Donations plugin (2,000+ active installations) was prone to a critical vulnerability that could allow an attacker to take over the blog and its database.
The WordPress ND Travel Management plugin (1,000+ active installations) was prone to a critical vulnerability that could allow an attacker to take over the blog and its database
A unauthenticated options import vulnerability combined with a stored XSS vulnerability can lead to remote code execution in the WordPress “Woody Ad Snippets” plugin (90,000+ active installations), allowing hackers to compromise the website and its database.
The WordPress ND Shortcodes For Visual Composer plugin (10,000+ active installations), was prone to a critical privilege escalation vulnerability.
The WordPress Pirate Forms plugin (200,000+ active installations) was prone to an HTML injection vulnerability that could be used to target the administrator.
The WordPress Coming Soon Page and Maintenance Mode (7,000+ active installations), was prone to unauthenticated stored XSS and settings reset vulnerabilities in version 1.7.8 and below.
The WordPress Ocean Extra plugin, which has over 400,000 active installations, was prone to settings change and CSS injection vulnerabilities in version 1.5.8 and below.
The WordPress Shortlinks by Pretty Links plugin, which has over 200,000 active installations, was prone to stored XSS and CSV injection vulnerabilities in version 2.1.9 and below.