Authenticated settings change vulnerability in WordPress Quick Page/Post Redirect plugin (unpatched).
The WordPress Quick Page/Post Redirect plugin, which has 200,000+ active installations, is prone to multiple unpatched vulnerabilities.
Tag: WordPress
Unauthenticated stored XSS and content spoofing vulnerabilities in WordPress WP GDPR plugin (unpatched).
The WordPress WP GDPR plugin, which has 6,000+ active installations, is prone to multiple unpatched critical vulnerabilities.
WordPress Ultimate Addons for Gutenberg plugin fixed vulnerability.
The WordPress Ultimate Addons for Gutenberg plugin (200,000+ active installations) fixed an authenticated settings change vulnerability affecting version 1.14.7 and below.
Unauthenticated stored XSS vulnerability in WordPress OneTone theme (unpatched).
The WordPress OneTone theme, which has 20,000+ active installations, is prone to an unpatched and unauthenticated settings import vulnerability that could lead to multiple stored XSS.
WordPress Elementor plugin fixed Safe Mode privilege escalation vulnerability.
The WordPress Elementor plugin, which is installed on 4+ million blogs, fixed a high severity vulnerability affecting version 2.9.5 and below.