Unauthenticated function injection vulnerability in WordPress Sparkling theme.
The WordPress Sparkling theme (30,000+ active installations) fixed a unauthenticated function injection vulnerability affecting version 2.4.8 and below.
The Ninja Technologies Network
The WordPress Sparkling theme (30,000+ active installations) fixed a unauthenticated function injection vulnerability affecting version 2.4.8 and below.
The WordPress JobSearch WP Job Board plugin (1,600+ sales on Envato) fixed a broken access control vulnerability in version 1.8.1 and below that could allow users to take over the website and its database.
16 WooCommerce product add-ons plugins fixed a critical broken access control vulnerability that could allow customers to take over the website and its database.
The WooCommerce Multi Currency plugin (7,700+ sales on Envato) fixed a broken access control vulnerability in version 2.1.17 and below that could allow customers to change the price of all products.
For the past 30 months, we have reported quite a lot of vulnerabilities we discovered in WordPress themes and plugins. Here are some interesting stats and facts about them, as well as few recommendations for all developers of WordPress plugins and themes.