Elementor Website Builder Pro – More than Just a Page Builder <= 3.25.10 - Authenticated (Contributor+) Sensitive Information Exposure via Shortcode

• 29 January 2025 · Trust & Safety
• (Threat Alert)
• ~ #CyberAdvisory, #InfoSec, #ThreatIntelligence

Stay updated on cybersecurity threats to safeguard your systems and data from... Read Full Article

WP Post List Table <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

• 29 January 2025 · Trust & Safety
• (Threat Alert)
• ~ #CyberAdvisory, #InfoSec, #ThreatIntelligence

Stay updated on cybersecurity threats to safeguard your systems and data from... Read Full Article

WP Image Uploader <= 1.0.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Deletion

• 29 January 2025 · Trust & Safety
• (Threat Alert)
• ~ #CyberAdvisory, #InfoSec, #ThreatIntelligence

Stay updated on cybersecurity threats to safeguard your systems and data from... Read Full Article

Embed Swagger UI <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

• 29 January 2025 · Trust & Safety
• (Threat Alert)
• ~ #CyberAdvisory, #InfoSec, #ThreatIntelligence

Stay updated on cybersecurity threats to safeguard your systems and data from... Read Full Article

All Bootstrap Blocks <= 1.3.26 - Authenticated (Contributor+) Stored Cross-Site Scripting

• 29 January 2025 · Trust & Safety
• (Threat Alert)
• ~ #CyberAdvisory, #InfoSec, #ThreatIntelligence

Stay updated on cybersecurity threats to safeguard your systems and data from... Read Full Article

WP Image Uploader <= 1.0.1 - Cross-Site Request Forgery to Arbitrary File Deletion

• 29 January 2025 · Trust & Safety
• (Threat Alert)
• ~ #CyberAdvisory, #InfoSec, #ThreatIntelligence

Stay updated on cybersecurity threats to safeguard your systems and data from... Read Full Article

W2S – Migrate WooCommerce to Shopify <= 1.2.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Read

• 29 January 2025 · Trust & Safety
• (Threat Alert)
• ~ #CyberAdvisory, #InfoSec, #ThreatIntelligence

Stay updated on cybersecurity threats to safeguard your systems and data from... Read Full Article

iControlWP – Multiple WordPress Site Manager <= 4.4.5 - Unauthenticated PHP Object Injection

• 29 January 2025 · Trust & Safety
• (Threat Alert)
• ~ #CyberAdvisory, #InfoSec, #ThreatIntelligence

Stay updated on cybersecurity threats to safeguard your systems and data from... Read Full Article

Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg <= 1.5.9 - Missing Authorization to Icon Font Deletion

• 29 January 2025 · Trust & Safety
• (Threat Alert)
• ~ #CyberAdvisory, #InfoSec, #ThreatIntelligence

Stay updated on cybersecurity threats to safeguard your systems and data from... Read Full Article

Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg <= 1.5.9 - Authenticated (Administrator+) Remote Code Execution

• 29 January 2025 · Trust & Safety
• (Threat Alert)
• ~ #CyberAdvisory, #InfoSec, #ThreatIntelligence

Stay updated on cybersecurity threats to safeguard your systems and data from... Read Full Article