Magánszemélyeknek

The Industrial theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the...

The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.1.0.83. This is due to missing or...

The Eco Nature - Environment & Ecology WordPress Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check...

The LoginPress | wp-login Custom Login Page Customizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.1. This is due to missing or...

The SoundRise Music plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on theironMusic_ajax() function...

The Zegen - Church WordPress Theme theme for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX endpoints in all versions up to, and including, 1.1.9....

The CiyaShop - Multipurpose WooCommerce Theme theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.19.0 via deserialization of untrusted input in the...

The WPCOM Member plugin for WordPress is vulnerable to time-based SQL Injection via the ‘user_phone’ parameter in all versions up to, and including, 1.7.6 due to insufficient escaping on the user...

The AnalyticsWP plugin for WordPress is vulnerable to SQL Injection via the 'custom_sql' parameter in all versions up to, and including, 2.0.0 due to insufficient authorization checks on...

The Omnipress plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.5.4 via the megamenu block due to insufficient restrictions on which posts can be...