Authenticated settings change vulnerability in WordPress Quick Page/Post Redirect plugin (unpatched).

The WordPress Quick Page/Post Redirect plugin, which has 200,000+ active installations, is prone to multiple unpatched vulnerabilities.

Posted on April 23, 2020
NinjaFirewall

Unauthenticated stored XSS and content spoofing vulnerabilities in WordPress WP GDPR plugin (unpatched).

The WordPress WP GDPR plugin, which has 6,000+ active installations, is prone to multiple unpatched critical vulnerabilities.

Posted on April 8, 2020April 10, 2020
NinjaFirewall

WordPress Ultimate Addons for Gutenberg plugin fixed vulnerability.

The WordPress Ultimate Addons for Gutenberg plugin (200,000+ active installations) fixed an authenticated settings change vulnerability affecting version 1.14.7 and below.

Posted on April 3, 2020April 3, 2020
NinjaFirewall

Unauthenticated stored XSS vulnerability in WordPress OneTone theme (unpatched).

The WordPress OneTone theme, which has 20,000+ active installations, is prone to an unpatched and unauthenticated settings import vulnerability that could lead to multiple stored XSS.

Posted on March 31, 2020
NinjaFirewall

WordPress Elementor plugin fixed Safe Mode privilege escalation vulnerability.

The WordPress Elementor plugin, which is installed on 4+ million blogs, fixed a high severity vulnerability affecting version 2.9.5 and below.