Sécurité WordPress

Plugin WordPress IDonate 2.1.5 - 2.1.9 - Autorisation manquante pour la prise de contrôle de compte authentifié (Abonné+) / Élévation de privilèges via la vulnérabilité de la fonction idonate_donor_password

WordPress Gravity Forms plugin <= 2.9.20 - Unauthenticated Arbitrary File Upload via 'copy_post_image' vulnerability

Plugin WordPress The Events Calendar 6.15.1.1 - 6.15.9 - Injection SQL non authentifiée via s vulnérabilité

WordPress FunnelKit Automations plugin <= 3.6.4.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Email Sending vulnerability

WordPress Depicter Slider plugin <= 4.0.4 - Missing Authorization to Authenticated (Contributor+) Safe File Type Upload vulnerability

WordPress Document Embedder plugin <= 2.0.0 - Missing Authorization to Unauthenticated Document Manipulation vulnerability

WordPress Paid Membership Subscriptions plugin <= 2.16.4 - Missing Authorization to Unauthenticated Arbitrary Member Subscription Auto Renewal vulnerability

WordPress Image Comparison Addon for Elementor plugin <= 1.0.2.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Upload vulnerability

WordPress Image Comparison Addon for Elementor plugin <= 1.0.2.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Upload vulnerability

WordPress Posts Navigation Links for Sections and Headings plugin <= 1.0.1 - Cross-Site Request Forgery to Settings Update vulnerability