Vulnerabilities Monthly Digest for April 2020

futurisedVulnerabilities

Vulnerabilities Monthly Digest for April 2020. Testimonial < 2.1.7 – Authenticated Stored Cross-Site Scripting (XSS) WooCommerce Smart Coupons < 4.6.5 – Unauthenticated Coupon Creation Appointment Booking Calendar < 1.3.35 – Authenticated Stored Cross-Site Scripting (XSS) Appointment Booking Calendar < 1.3.35 – CSV Injection Brizy – Page Builder < 1.0.114 – Unauthenticated Site Settings Update WPForms < 1.5.9 – Authenticated Cross Site Scripting (XSS) WP Advanced Search < 3.3.4 – Unauthenticated Database Access and Remote Code Execution (RCE) RegistrationMagic – Custom Registration Forms and User Login < 4.6.0.4 – Multiple Critical Issues Custom Searchable Data Entry System <= 1.7.1 – Unauthenticated Data Modification and Deletion (0-day, being exploited) WP Security Audit Log < 4.0.2 – Broken Access Control in First-Time Install … Read More