Awesome Motive’s WP Forms plugin has patched a Missing Authorization to Payment Refund and Subscription Cancellation vulnerability. This issue allowed authenticated attackers with Subscriber-level access or higher to refund Stripe payments and cancel subscriptions without proper authorization. Wordfence reports that “The WPForms plugin for WordPress is vulnerable to unauthorized modification of data …
ThemeFusion’s multipurpose WordPress theme Avada has patched an Arbitrary File Upload Vulnerability. Avada is one of ThemeForest’s most popular premium themes with nearly 950k sales. This vulnerability was reported responsibly by Muhammad Zeeshan (Xib3rR4dAr) during Wordfence’s Bug Bounty Extravaganza earning him $ 2,751. The researchers have categorized it as a …
First disclosed by security researcher Calvin Alkan of snicco, the vulnerability impacts all versions of Bricks Builder before version 1.9.6.1. Identified as a Remote Code Execution (RCE) flaw, it poses a critical security risk, allowing attackers to potentially gain unauthorized control over websites running on an affected version of Bricks. What is …
The LiteSpeed Cache plugin, used on more than four million WordPress sites, has patched an XSS vulnerability in version 5.7. The plugin provides all-in-one site acceleration capabilities, server-level caching, and a collection of optimization features. It is compatible with WordPress multisite, and popular plugins like WooCommerce, bbPress, and Yoast SEO, which may contribute …
The Kadence Blocks plugin, which is used on more than 300,000 WordPress sites, has patched a critical vulnerability in its Advanced Form Block file upload capability. Version 3.1.11, released on August 8, 2023, patches the security issue with the form uploads. The plugin’s development team is getting out ahead of the situation …