Security
Headlines
HeadlinesLatestCVEs

Tag

#wordpress

CVE-2023-6120: Welcart e-Commerce <= 2.9.6 - Authenticated (Administrator+) Directory Traversal — Wordfence Intelligence

The Welcart e-Commerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.9.6 via the upload_certificate_file function. This makes it possible for administrators to upload .pem or .crt files to arbitrary locations on the server.

CVE
Open in Source
#vulnerability#wordpress#intel#perl#auth
WordPress Elementor 3.18.1 File Upload / Remote Code Execution

WordPress Elementor plugin versions 3.18.1 and below are vulnerability to remote code execution via file upload in the template import functionality.

WordPress Releases Update 6.4.2 to Address Critical Remote Attack Vulnerability

WordPress has released version 6.4.2 with a patch for a critical security flaw that could be exploited by threat actors by combining it with another bug to execute arbitrary PHP code on vulnerable sites. "A remote code execution vulnerability that is not directly exploitable in core; however, the security team feels that there is a potential for high severity when combined with some plugins,

CVE-2023-45762: WordPress Responsive Column Widgets plugin <= 1.2.7 - Open Redirection vulnerability - Patchstack

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Michael Uno (miunosoft) Responsive Column Widgets.This issue affects Responsive Column Widgets: from n/a through 1.2.7.

CVE-2023-47548: WordPress Integrate Google Drive plugin <= 1.3.2 - Open Redirection vulnerability - Patchstack

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in SoftLab Integrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files Into Your WordPress Site.This issue affects Integrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files Into Your WordPress Site: from n/a through 1.3.2.

CVE-2023-35039: WordPress Password Reset with Code for WordPress REST API plugin <= 0.0.15 - Privilege Escalation Due To Weak Pin Generation Vulnerability - Patchstack

Improper Restriction of Excessive Authentication Attempts vulnerability in Be Devious Web Development Password Reset with Code for WordPress REST API allows Authentication Abuse.This issue affects Password Reset with Code for WordPress REST API: from n/a through 0.0.15.

CVE-2023-48325: WordPress Landing Page Builder plugin <= 1.5.1.5 - Open Redirection vulnerability - Patchstack

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in PluginOps Landing Page Builder – Lead Page – Optin Page – Squeeze Page – WordPress Landing Pages.This issue affects Landing Page Builder – Lead Page – Optin Page – Squeeze Page – WordPress Landing Pages: from n/a through 1.5.1.5.

CVE-2023-35909: WordPress Ninja Forms plugin 3.6.25 - Denial of Service Attack vulnerability - Patchstack

Uncontrolled Resource Consumption vulnerability in Saturday Drive Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress leading to DoS.This issue affects Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress: from n/a through 3.6.25.

CVE-2023-47779: WordPress Integration for Contact Form 7 and Constant Contact plugin <= 1.1.4 - Open Redirection vulnerability - Patchstack

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks. Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms.This issue affects Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.1.4.

CVE-2023-46641: WordPress 12 Step Meeting List plugin <= 3.14.24 - Server Side Request Forgery (SSRF) vulnerability - Patchstack

Server-Side Request Forgery (SSRF) vulnerability in Code for Recovery 12 Step Meeting List.This issue affects 12 Step Meeting List: from n/a through 3.14.24.