Jan 14, 2020 | WordPress Vulnerabilities
Proof of Concept It is possible to login as an administrator on the site due to logical mistakes in the code. The issue resides in wptc-cron-functions.php line 12 where it parses the request. This parse_request function calls the function decode_server_request_wptc...
Jan 3, 2020 | WordPress Vulnerabilities
DescriptionThe export_users_csv function, registered as an authenticated AJAX call and allowing to export users, was missing the authorisation/capability check. CSRF check was in place, reducing the severity of the issue. Only version 1.15 seems to be affected as the...
Jan 3, 2020 | WordPress Vulnerabilities
Description”A code injection vulnerability was discovered by our team during a routine code audit that could allow logged in contributors, authors and editors to execute a small set of PHP functions.” Affected: Divi version 3.23 and above, Extra 2.23 and...
Dec 27, 2019 | WordPress Vulnerabilities
DescriptionThe gdpr_cookie_compliance_reset_settings AJAX action registered for authenticated users lacks authorisation and CSRF checks, allowing unauthorised authenticated users to call it, which would result in the settings being reset.
Dec 27, 2019 | Uncategorized
We are looking for the best projects from 2019. Do you have something you’re proud of? Tell us about it!
