WordPress Flaws and Vulnerabilities

WordPress Vulnerabilities 2021 week 19 via Patchstack

Blog WordPress Flaws and Vulnerabilities WordPress Vulnerabilities 2021 week 19 via Patchstack
0 comments

Vulnerabilities discovered in plugins, themes, and WordPress Core from 10th au 16th may 2021

PowerPress Podcasting

Multiple Authenticated Cross-Site Scripting (XSS) vulnerabilities discovered by Lenon Leite in the WordPress PowerPress Podcasting plugin (versions <= 8.6.1).


External Media

Authenticated Arbitrary File Upload vulnerability leading to Remote Code Execution (RCE) discovered by WordFence in WordPress External Media plugin (versions <= 1.0.33).


LifterLMS

Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered by Amirmuhammad Vakili in WordPress LMS by LifterLMS plugin (versions <= 4.21.0).


LifterLMS

Reflected Cross-Site Scripting (XSS) vulnerability discovered by Ashish Jha (Bluefire Redteam) in WordPress LifterLMS plugin (versions <= 4.21.0).


WordPress

Object injection in PHPMailer vulnerability discovered in WordPress (one security issue affecting WordPress versions between 3.7 and 5.7).


Stay updated!

Thanks to Patchstack.com

0 comments