Articles by CVE Tracker

The iThemes Security (formerly Better WP Security) plugin before 7.7.0 for WordPress does not enforce a new-password requirement for an existing account until the second login occurs. How to mitigate CVE-2020-36176 Time needed: 5 minutes. Follow Read more

The Ninja Forms plugin before 3.4.27.1 for WordPress allows attackers to bypass validation via the email field. How to mitigate CVE-2020-36175 Time needed: 5 minutes. Follow the instructions, as they will assist you in mitigating the Read more

The Ninja Forms plugin before 3.4.27.1 for WordPress allows CSRF via services integration. How to mitigate CVE-2020-36174 Time needed: 5 minutes. Follow the instructions, as they will assist you in mitigating the WordPress vulnerability that been Read more

The Ninja Forms plugin before 3.4.28 for WordPress lacks escaping for submissions-table fields. How to mitigate CVE-2020-36173 Time needed: 5 minutes. Follow the instructions, as they will assist you in mitigating the WordPress vulnerability that been Read more

The Advanced Custom Fields plugin before 5.8.12 for WordPress mishandles the escaping of strings in Select2 dropdowns, potentially leading to XSS. How to mitigate CVE-2020-36172 Time needed: 5 minutes. Follow the instructions, as they will assist Read more