- WordPress Plugin Paid Memberships Pro is prone to an information disclosure vulnerability because it fails to properly sanitize user-supplied input. Attackers can exploit this issue to retrieve the contents of an arbitrary file. Information obtained may aid in launching further attacks. WordPress Plugin Paid Memberships Pro version 1.4.9 is vulnerable; prior versions may also be affected.
- Update to plugin version 1.5 or latest
- WordPress Plugin FormBuilder Cross-Site Scripting (1.05)
- WordPress Plugin Social Media and Share Icons (Ultimate Social Media) Cross-Site Scripting (188.8.131.52)
- WordPress Plugin CM Tooltip Glossary Cross-Site Scripting (3.3.4)
- WordPress Plugin Woocommerce Aliexpress Dropshipping Lite PHP Object Injection (1.0.1)
- WordPress Plugin Lightbox Photo Gallery Cross-Site Request Forgery (1.0)