CVE-2020-27615: WordPress plugin vulnerability

October 22, 2020 0

The Loginizer plugin before 1.6.4 for WordPress allows SQL injection (with resultant XSS), related to loginizer_login_failed and lz_valid_ip. How to mitigate CVE-2020-27615 Time needed: 5 minutes. Follow the instructions, as they will assist you in mitigating Read more

Share this info:

CVE-2020-27344: WordPress plugin vulnerability

October 22, 2020 0

The cm-download-manager plugin before 2.8.0 for WordPress allows XSS. How to mitigate CVE-2020-27344 Time needed: 5 minutes. Follow the instructions, as they will assist you in mitigating the WordPress vulnerability that been reported in CVE-2020-27344. Install Read more

Share this info:

CVE-2020-26672: WordPress vulnerability

October 18, 2020 0

Testimonial Rotator WordPress Plugin 3.0.2 is affected by Cross Site Scripting (XSS) in /wp-admin/post.php. If a user intercepts a request and inserts a payload in “cite” parameter, the payload will be stored in the database. Read more

Share this info:

CVE-2020-26876: WordPress plugin vulnerability

October 11, 2020 0

The wp-courses plugin through 2.0.27 for WordPress allows remote attackers to bypass the intended payment step (for course videos and materials) by using the /wp-json REST API, as exploited in the wild in September 2020. Read more

Share this info:

CVE-2020-26596: WordPress plugin vulnerability

October 11, 2020 0

The Dynamic OOO widget for the Elementor Pro plugin through 3.0.5 for WordPress allows remote authenticated users to execute arbitrary code because only the Editor role is needed to upload executable PHP code via the Read more

Share this info:
1 2 3 27