The WordPress Content Flipper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘bgcolor’ shortcode attribute of the ‘flipper_front’ shortcode in all versions up to, and including, 0.1. This is due to insufficient input...
The WP Headless CMS Framework plugin for WordPress is vulnerable to protection mechanism bypass in all versions up to, and including, 1.15. This is due to the plugin only checking for the existence of the Authorization header in a request when determining if the nonce...
The Angel – Fashion Model Agency WordPress CMS Theme theme for WordPress is vulnerable to Stored Cross-Site Scripting the profile media uploader in all versions up to, and including, 3.2.3 due to insufficient input sanitization and output escaping. This makes it...
The AI Engine plugin for WordPress is vulnerable to PHP Object Injection via PHAR Deserialization in all versions up to, and including, 3.1.8 via deserialization of untrusted input in the ‘rest_simpleTranscribeAudio’ and...
The Comment Edit Core – Simple Comment Editing plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.0 via the ‘ajax_get_comment’ function. This makes it possible for unauthenticated attackers to...
