School Management < 57.0 – CSRF and Stored XSS

School Management < 57.0 – CSRF and Stored XSS

DescriptionCSRF and Stored XSS (Cross Site Scripting) Edit (WPScanTeam): June 17th – Issue Reported to Envato June 17th – Envato Support confirmed they are investigating the issue June 28th – New version released, fixing the XSS but not the CSRF....
File Manager <= 4.8 – Multiple Vulnerabilities

File Manager <= 4.8 – Multiple Vulnerabilities

DescriptionThe multiple vulnerabilities exist due to not checking the authentication of the user properly in the wp_ajax_* action calls. This results in SQL injection, backup download, backup deletion and backup restoration in the backup feature of the plugin....
Yoast SEO 1.2.0-11.5 – Authenticated Stored XSS

Yoast SEO 1.2.0-11.5 – Authenticated Stored XSS

DescriptionThe vendor’s description, reference included below: “Yoast SEO 11.6 also fixes a security issue regarding term pages in WordPress. Unfiltered code was allowed in some fields. This, however, does not pose a problem for single user sites. In...