Google Forms (WordPress plugin) SSRF vulnerability
Overview Google Forms is a WordPress plugin that can be used to embed forms from Google Docs. It has 20,000+ active install as
Tag: wordpress
Formidable Forms vulnerabilities
Overview Formidable Forms is a WordPress plugin with over 200,000 active installs. It is used for creating contact forms, polls, surveys, and other
Lazy Load stored XSS
Overview Lazy Load is a WordPress plugin with over 90,000 active installs. It was developed by Automattic, TechCrunch, and 10up LLC. The
WP Engine security issues
Overview WP Engine is a managed WordPress hosting platform. When it comes to security, WP Engine seems to offer a lot of
PageLines Platform 1.1.4 CSRF vulnerability
Platform 4 by PageLines is a WordPress theme. During a bug bounty investigation, a CSRF-RCE vulnerability was found in the administrative functions of the
W3 Total Cache SSRF vulnerability
W3 Total Cache is a caching plugin with more than a million active installs. Versions prior to 0.9.5 are vulnerable to a server
WordPress Stream plugin stored XSS / remote code execution
Fluid Responsive Slideshow CSRF vulnerability
The Fluid Responsive Slideshow WordPress plugin was found vulnerable to a CSRF bug that could ultimately lead to server-side compromise. Additionally there was a
All-in-One Event Calendar stored XSS and SQL injection
All-in One Event Calendar by Time.ly is a WordPress plugin with 100,000+ active installs according to statistics provided by WordPress. Two critical bugs
MainWP admin panel unauthenticated stored XSS
MainWP is a WordPress remote administration plugin. Missing authorization checks on a setup panel allowed unauthenticated attackers to modify some of the MainWP