XSS / HTML injection vulnerability in WordPress Plugin Check (PCP) plugin.

The WordPress Plugin Check (PCP) plugin version 1.3.0 and below is prone to XSS/HTML injection.

Posted on April 22, 2024 - 11:29am [+0700]
NinjaFirewall

Unauthenticated function injection vulnerability in WordPress Shortcode Addons plugin (unpatched).

The WordPress Shortcode Addons plugin version 3.2.5 and below is prone to an unauthenticated function injection vulnerability.

Posted on January 26, 2024 - 1:50pm [+0700]
NinjaFirewall

Broken access control vulnerability fixed in WordPress 10Web AI Assistant plugin.

The WordPress 10Web AI Assistant plugin version 1.0.18 and below was prone to a broken access control vulnerability that could allow authenticated users to install plugins.

Posted on October 26, 2023 - 12:12am [+0700]
NinjaFirewall

High severity vulnerability in WordPress Deeper Comments plugin (unpatched).

The WordPress Deeper Comments plugin is prone to an unpatched broken access control vulnerability that could allow full site takeover.

Vulnerabilities fixed in WordPress B2BKing plugin.

The WordPress B2BKing plugin fixed a broken access control vulnerability that could allow customers to change the price of all products.