Settings change vulnerability in WordPress Search Exclude plugin.
The WordPress Search Exclude plugin, which has 30,000+ active installations, was prone to two vulnerabilities that could allow any user to change its settings.
Search Results for: admin_init
Unauthenticated options change in WordPress Login or Logout Menu Item plugin.
The WordPress Login or Logout Menu Item (10,000+ active installations) was prone to an unauthenticated options change vulnerability.
Multiple vulnerabilities in WordPress Woody Ad Snippets plugin lead to remote code execution.
A unauthenticated options import vulnerability combined with a stored XSS vulnerability can lead to remote code execution in the WordPress “Woody Ad Snippets” plugin (90,000+ active installations), allowing hackers to compromise the website and its database.
Settings change and CSS injection in WordPress Ocean Extra plugin.
The WordPress Ocean Extra plugin, which has over 400,000 active installations, was prone to settings change and CSS injection vulnerabilities in version 1.5.8 and below.
Critical zero-day vulnerability fixed in WordPress Easy WP SMTP plugin.
The popular Easy WP SMTP plugin, which as 300,000+ active installations, was prone to a critical zero-day vulnerability.