AI-Powered CVE Analysis for WordPress Plugins

The DesignThemes Directory Addon plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 1.8. This makes it possible for unauthenticated attackers to perform an unauthorized action.

The DesignThemes Booking Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 2.0. This makes it possible for unauthenticated attackers to perform an unauthorized action.

The SiteGuard WP Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.7.9. This makes it possible for unauthenticated attackers to perform an unauthorized action.

The My Tickets – Accessible Event Ticketing plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.0. This makes it possible for unauthenticated attackers to extract sensitive user or configuration data.

The Profile Builder Pro plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 3.13.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that…

The WeDesignTech Ultimate Booking Addon plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to bypass authentication and log in to other users accounts, which may include administrators.

The WeDesignTech Ultimate Booking Addon plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.1. This makes it possible for unauthenticated attackers to bypass authentication and log in as other users, which may include administrators.

The Directory Pro plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 2.5.6. This makes it possible for unauthenticated attackers to perform an unauthorized action.

The Eagle Booking plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.3.4.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into…

The Really Simple Security Pro plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 9.5.4.0 due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action.