Information disclosure vulnerability fixed in WordPress Doneren Met Mollie plugin.

The WordPress Doneren Met Mollie plugin (4,000+ active installations) fixed a broken access control vulnerability affecting version 2.8.4 and below that could lead to authenticated information disclosure.

Multiple vulnerabilities in WordPress WP Quick FrontEnd Editor plugin (unpatched).

The WordPress WP Quick FrontEnd Editor plugin (1,000+ active installations) is prone to a broken access control vulnerability affecting version 5.5 and below that could lead to authenticated content injection, stored XSS and settings change.

Insecure deserialization vulnerability in WordPress Newsletter Manager plugin (unpatched).

The WordPress Newsletter Manager plugin (5,000+ active installations) is prone to an insecure deserialization vulnerability affecting version 1.5.1 and below that could lead to unauthenticated PHP object injection.

Posted on December 23, 2020 - 6:15pm [+0700]
NinjaFirewall

How to get informed about the latest security updates in your WordPress plugins and themes.

Getting quickly informed when a security update is available in your themes or plugins is an important factor in keeping your website safe.

WordPress ListingPro theme fixed a critical vulnerability.

The WordPress ListingPro theme, which has 19,000+ sales on Envato Market, fixed a critical vulnerability that could allow an unauthenticated user to upload any file on the blog, among other issues.