AI-Powered CVE Analysis for WordPress Plugins

The AhaChat Messenger Marketing plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

The Snow Monkey Forms plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'generate_user_dirpath' function in all versions up to, and including, 12.0.3. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the…

The Membee Login plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.3.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

The AhaChat Messenger Marketing plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.1. This makes it possible for unauthenticated attackers to bypass authentication and access other user's accounts.

The eDS Responsive Menu plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action…

The Simple Archive Generator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 5.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action…

The Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WP Legal Pages plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 3.5.4. This makes it possible for unauthenticated attackers to perform an unauthorized action.

The Aardvark plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 2.19. This makes it possible for unauthenticated attackers to perform an unauthorized action.

The aDirectory – WP Business Directory Plugin and Classified Ads Listings Directory plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 3.0.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action.

The DesignThemes Core Features plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action…