Blog

WordPress Plugin Vulnerabilities Slider by 10Web < 1.2.36 – Multiple Authenticated SQL InjectionWP Courses < 2.0.29 – Broken Access Controls leading to Courses Content DisclosureSimple:Press < 6.6.1 – Broken Access Control leading to RCEXCloner Backup and Restore < 4.2.153 – Cross-Site Request ForgeryXCloner Backup and Restore 4.2.1 – 4.2.12 – Unprotected AJAX ActionDrag and Drop…

(We are not closing any of our other products or services, just the online WPScan.io SaaS!) WPScan.io started life in 2015 when we contracted a Rails development company to create a SaaS web front end on top of our WPScan CLI tool. Unfortunately, at that time, we only had the budget to complete around 50% of the work,…

WordPress Plugin Vulnerabilities Recall Products <= 0.8 – Authenticated Cross-Site ScriptingRecall Products <= 0.8 – Authenticated SQL InjectionWP Smart CRM & Invoices FREE <= 1.8.7 – Authenticated Stored Cross-Site ScriptingCeceppa Multilingua <= 1.5.17 – Authenticated Reflected Cross-Site ScriptingBulk Change <= 1.0 – Authenticated Reflected Cross-Site ScriptingWP Floating Menu < 1.4.1 – Authenticated Reflected Cross-Site ScriptingSubscribe…