Unauthenticated function injection vulnerability in WordPress Shortcode Addons plugin (unpatched).

The WordPress Shortcode Addons plugin version 3.2.5 and below is prone to an unauthenticated function injection vulnerability.

Posted on January 26, 2024 - 1:50pm [+0700]
NinjaFirewall

Broken access control vulnerability fixed in WordPress 10Web AI Assistant plugin.

The WordPress 10Web AI Assistant plugin version 1.0.18 and below was prone to a broken access control vulnerability that could allow authenticated users to install plugins.

Posted on October 26, 2023 - 12:12am [+0700]
NinjaFirewall

High severity vulnerability in WordPress Deeper Comments plugin (unpatched).

The WordPress Deeper Comments plugin is prone to an unpatched broken access control vulnerability that could allow full site takeover.

Vulnerabilities fixed in WordPress B2BKing plugin.

The WordPress B2BKing plugin fixed a broken access control vulnerability that could allow customers to change the price of all products.

High severity vulnerability fixed in WordPress Elementor Pro plugin.

Elementor Pro, a popular page builder plugin for WordPress, fixed a broken access control vulnerability affecting version 3.11.6 and below that could allow full site takeover.