WordPress Plugin Vulnerabilities

wSecure Lite <= 2.3 - Remote Code Execution (RCE)

Description

The wSecure Lite WordPress plugin was affected by a Remote Code Execution (RCE) security vulnerability.

Affects Plugins

Plugin icon
wsecure
Fixed in 2.4

References

CVE
CVE-2016-10960
URL
https://www.pluginvulnerabilities.com/2016/07/12/remote-code-execution-rce-vulnerability-in-wsecure-lite/

Classification

Type
RCE
OWASP top 10
A1: Injection
CWE
CWE-94
CVSS
8.8 (high)

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
b34fec46-02f2-4760-80a9-600ff35ebe5c

Timeline

Publicly Published
2016-08-02 (about 9 years ago)
Added
2016-08-12 (about 9 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2014-08-01
Title
WPLocalPlaces - File Upload Remote Code Execution
Published
2024-12-12
Title
Simple Link Directory < 8.4.6 - Unauthenticated Arbitrary Shortcode Execution
Published
2024-02-26
Title
Slivery Extender <= 1.0.2 - Authenticated(Contributor+) Remote Code Execution via shortcode
Published
2025-03-10
Title
WPCS – WordPress Currency Switcher Professional < 1.2.0.5 - Unauthenticated Arbitrary Shortcode Execution
Published
2025-08-23
Title
Global DNS < 3.1.1 - Unauthenticated Remote Code Execution