AI-Powered CVE Analysis for WordPress Plugins

The Keep Backup Daily plugin for WordPress is vulnerable to Limited Path Traversal in all versions up to, and including, 2.1.1 via the `kbd_open_upload_dir` AJAX action. This is due to insufficient validation of the `kbd_path` parameter, which is only sanitized with `sanitize_text_field()` - a function that does not strip path traversal sequences. This makes it…

The RewardsWP – Loyalty Points & Referral Program for WooCommerce plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.4. This makes it possible for unauthenticated attackers to elevate their privileges to that of an administrator.

The Lumise Product Designer plugin for WordPress is vulnerable to SQL Injection in versions up to 2.0.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be…

The Visual Portfolio, Photo Gallery & Post Grid plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 3.5.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files.…

The FAQ Builder AYS plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.8.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

The Premmerce Redirect Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.0.12. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action.

The PublishPress Revisions: Duplicate Posts, Submit, Approve and Schedule Content Changes plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 3.7.23 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional…

The Product Rearrange for WooCommerce plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.2.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries…

The Product Rearrange for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 1.2.2. This makes it possible for unauthenticated attackers to perform an unauthorized action.

The Bit SMTP – Easy SMTP Solution with Email Logs plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.2.2. This makes it possible for unauthenticated attackers to perform an unauthorized action.

The WowOptin: Next-Gen Popup Maker plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.4.29. This is due to the plugin exposing a publicly accessible REST API endpoint (optn/v1/integration-action) with a permission_callback of __return_true that passes user-supplied URLs directly to wp_remote_get() and wp_remote_post() in the Webhook::add_subscriber() method without…

The Motta Addons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to 1.6.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking…

The WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.1.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action.

The SMTP Mailer plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.24. This makes it possible for unauthenticated attackers to extract sensitive user or configuration data.

The Spam Protect for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in all versions up to, and including, 1.2.9. This makes it possible for authenticated attackers, with Editor-level access and above, to delete arbitrary files on the server, which can easily lead to remote…

The Miraculous Core plugin for WordPress is vulnerable to SQL Injection in versions up to 2.1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing…

The JS Archive List plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 6.1.7 via deserialization of untrusted input [from the vulnerable parameter?|in the vulnerable function?]. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. No known POP chain is present…

The Creator LMS – Online Courses and eLearning Plugin plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.1.18. This makes it possible for authenticated attackers, with Contributor-level access and above, to elevate their privileges to that of an administrator.

The iTracker360 plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to Stored Cross-Site Scripting in all versions up to and including 2.2.0. This is due to missing nonce verification on the settings form submission and insufficient input sanitization combined with missing output escaping. This makes it possible for unauthenticated attackers to inject arbitrary…

The WP Terms Popup – Terms and Conditions and Privacy Policy WordPress Popups plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.10.0. This makes it possible for unauthenticated attackers to perform an unauthorized action.