The plugin contains a Missing Authorization vulnerability in the expirable login links list ajax function, which leads to Privilege Escalation.
Feather Login Page by Feather Plugins WordPress plugin Privilege Escalation
REPORT ID: 7616cd4c-f24c-4472-80d9-2c40a5c30d4b
User Registration by WPEverest WordPess plugin Arbitrary File Upload
REPORT ID: c0a58dff-7a5b-4cc0-82d6-2255e61d801c
The plugin contains an Arbitrary File Upload vulnerability. Due to a hardcoded encryption key and a missing file type validation, it is even possible to upload a php file to the website.
BookIt by StylemixThemes WordPress plugin Authentication Bypass
REPORT ID: 0dea1346-fd60-4338-8af6-6f89c29075d4
The plugin contains an Auth Bypass vulnerability. To bypass authentication, we only need to know the user’s email address. Depending on whose email address we know, we may even be given an administrator role on the website.
Social Login and Register by miniOrange WordPess plugin Authentication Bypass
REPORT ID: 2326f41f-a39f-4fde-8627-9d29fff91443
The plugin contains an Auth Bypass vulnerability. To bypass authentication, we only need to know the user’s email address. Depending on whose email address we know, we may even be given an administrator role on the website.
Wordapp WordPress plugin Insufficiently Unique Cryptographic Signature
REPORT ID: 6e779e9a-e0f9-4102-9f0b-ad46e9c4533f
The plugin contains an Authorization Bypass due to an use of Insufficiently Unique Cryptographic Signature vulnerability. Due to the plugin’s functionality, this makes it possible to bypass auth by retrieving an auto login link.