overview for PluginVulnerabilities

3

WooCommerce Vulnerability Listed as Being Fixed in Upcoming Release Was Already Fixed (www.pluginvulnerabilities.com)

submitted 8 months ago by [email protected] to c/[email protected]

0 comments fedilink

3

AI Helps to Detect Incomplete Security Fix Being Made to 1+ Million Install WordPress Plugin WP File Manager (www.pluginvulnerabilities.com)

submitted 8 months ago by [email protected] to c/[email protected]

0 comments fedilink

2

NinjaFirewall is Providing Misleading Information on Vulnerable WordPress Plugins (www.pluginvulnerabilities.com)

submitted 8 months ago by [email protected] to c/[email protected]

0 comments fedilink

2

Arbitrary File Upload Vulnerability in AI Engine (www.pluginvulnerabilities.com)

submitted 9 months ago by [email protected] to c/[email protected]

0 comments fedilink

Hacker Likely Targeting This Incompletely Fixed Authenticated Plugin Installation Vulnerability in WordPress Plugin NextMove Lite in c/[email protected]

[–] [email protected] 1 points 9 months ago

Other data providers including Patchstack, Wordfence, and WPScan are all listing the vulnerability as having been fixed, despite the developer only partially fixing it.

2

Hacker Likely Targeting This Incompletely Fixed Authenticated Plugin Installation Vulnerability in WordPress Plugin NextMove Lite (www.pluginvulnerabilities.com)

submitted 9 months ago by [email protected] to c/[email protected]

1 comments fedilink

2

SQL Injection Vulnerability in Booking Calendar (www.pluginvulnerabilities.com)

submitted 9 months ago by [email protected] to c/[email protected]

0 comments fedilink

7

WordPress Plugin Team Appears to Not Understand Proper Use of SQL Escaping Function esc_sql() (www.pluginvulnerabilities.com)

submitted 9 months ago by [email protected] to c/[email protected]

0 comments fedilink

1

Hacker Targeted WordPress Backup Plugin Didn't Actually Get Fix for Log File Disclosure (www.pluginvulnerabilities.com)

submitted 9 months ago by [email protected] to c/[email protected]

0 comments fedilink

6

Cloudflare Still Providing DNS Service for WordPress Security Team Impersonation Scam (www.pluginvulnerabilities.com)

submitted 9 months ago by [email protected] to c/[email protected]

0 comments fedilink

3

Nearly 10 Year Old Vulnerability Fixed in WordPress Security Plugin All-In-One Security (AIOS) (www.pluginvulnerabilities.com)

submitted 9 months ago by [email protected] to c/[email protected]

0 comments fedilink

3

Be aware that CleanTalk is putting out misleading information about vulnerabilities in WordPress plugins. (lemmy.world)

submitted 9 months ago by [email protected] to c/[email protected]

0 comments fedilink

They recently claimed that a vulnerability in a WordPress plugin exposed WordPress users passwords. It didn't, only password hashes. That is significantly different.

WPScan also claimed that the vulnerability allowed "account takeover," despite that being unlikely to happen there.

1

Wordfence Claims It Is a Vulnerability For Users With the unfiltered_html Capability to Use Unfiltered HTML (www.pluginvulnerabilities.com)

submitted 9 months ago by [email protected] to c/[email protected]

0 comments fedilink

Wordfence Security's Country Blocking Isn't an Effective Measure Against Hackers in c/[email protected]

[–] [email protected] 1 points 1 year ago

Even better is to use tools that provide effective protection, as multiple tools that don't provide effective protection are still unlikely to provide effective protection when combined.