Membership Plugin – Restrict Content <= 3.2.13 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure

• 25 January 2025 · Trust & Safety
• (Threat Alert)
• ~ #CyberAdvisory, #InfoSec, #ThreatIntelligence

Stay updated on cybersecurity threats to safeguard your systems and data from... Read Full Article

Multiple Page Generator Plugin – MPG <= 4.0.5 - Authenticated (Editor+) Server-Side Request Forgery via fileUrl

• 25 January 2025 · Trust & Safety
• (Threat Alert)
• ~ #CyberAdvisory, #InfoSec, #ThreatIntelligence

Stay updated on cybersecurity threats to safeguard your systems and data from... Read Full Article

Quiz Maker Business, Developer, and Agency <= (Multiple Versions) - Reflected DOM-Based Cross-Site Scripting via content

• 25 January 2025 · Trust & Safety
• (Threat Alert)
• ~ #CyberAdvisory, #InfoSec, #ThreatIntelligence

Stay updated on cybersecurity threats to safeguard your systems and data from... Read Full Article

Quiz Maker Business, Developer, and Agency <= (Multiple Versions) - Unauthenticated Arbitrary Shortcode Execution via content

• 25 January 2025 · Trust & Safety
• (Threat Alert)
• ~ #CyberAdvisory, #InfoSec, #ThreatIntelligence

Stay updated on cybersecurity threats to safeguard your systems and data from... Read Full Article

Quiz Maker Business, Developer, and Agency <= (Multiple Versions) - Unauthenticated SQL Injection via id

• 25 January 2025 · Trust & Safety
• (Threat Alert)
• ~ #CyberAdvisory, #InfoSec, #ThreatIntelligence

Stay updated on cybersecurity threats to safeguard your systems and data from... Read Full Article

Quiz Maker Business, Developer, and Agency <= (Multiple Versions) - Missing Authorization to Google Sheets Integration Credentials Modification and Stored Cross-Site Scripting

• 25 January 2025 · Trust & Safety
• (Threat Alert)
• ~ #CyberAdvisory, #InfoSec, #ThreatIntelligence

Stay updated on cybersecurity threats to safeguard your systems and data from... Read Full Article

Import WP – Export and Import CSV and XML files to WordPress <= 2.14.5 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory

• 24 January 2025 · Trust & Safety
• (Threat Alert)
• ~ #CyberAdvisory, #InfoSec, #ThreatIntelligence

Stay updated on cybersecurity threats to safeguard your systems and data from... Read Full Article

Divi Carousel Lite <= 2.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Carousel and Logo Carousel Widgets

• 24 January 2025 · Trust & Safety
• (Threat Alert)
• ~ #CyberAdvisory, #InfoSec, #ThreatIntelligence

Stay updated on cybersecurity threats to safeguard your systems and data from... Read Full Article

Boom Fest <= 2.2.1 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update

• 24 January 2025 · Trust & Safety
• (Threat Alert)
• ~ #CyberAdvisory, #InfoSec, #ThreatIntelligence

Stay updated on cybersecurity threats to safeguard your systems and data from... Read Full Article

Contact Form by Bit Form <= 2.17.4 - Authenticated (Administrator+) Server-Side Request Forgery

• 24 January 2025 · Trust & Safety
• (Threat Alert)
• ~ #CyberAdvisory, #InfoSec, #ThreatIntelligence

Stay updated on cybersecurity threats to safeguard your systems and data from... Read Full Article