ThemeFusion’s multipurpose WordPress theme Avada has patched an Arbitrary File Upload Vulnerability. Avada is one of ThemeForest’s most popular premium themes with nearly 950k sales. This vulnerability was reported responsibly by Muhammad Zeeshan (Xib3rR4dAr) during Wordfence’s Bug Bounty Extravaganza earning him $ 2,751. The researchers have categorized it as a …
First disclosed by security researcher Calvin Alkan of snicco, the vulnerability impacts all versions of Bricks Builder before version 1.9.6.1. Identified as a Remote Code Execution (RCE) flaw, it poses a critical security risk, allowing attackers to potentially gain unauthorized control over websites running on an affected version of Bricks. What is …
The LiteSpeed Cache plugin, used on more than four million WordPress sites, has patched an XSS vulnerability in version 5.7. The plugin provides all-in-one site acceleration capabilities, server-level caching, and a collection of optimization features. It is compatible with WordPress multisite, and popular plugins like WooCommerce, bbPress, and Yoast SEO, which may contribute …
The Kadence Blocks plugin, which is used on more than 300,000 WordPress sites, has patched a critical vulnerability in its Advanced Form Block file upload capability. Version 3.1.11, released on August 8, 2023, patches the security issue with the form uploads. The plugin’s development team is getting out ahead of the situation …
If you use the Ninja Forms plugin and your sites aren’t set to get automatic plugin updates, add a round of updates to your weekend plans. Patchstack is reporting multiple high severity security vulnerabilities in the plugin, including the following: a POST-based reflected XSS (7.6 CVSS 3.1 score) a …