Wordapp WordPress plugin Insufficiently Unique Cryptographic Signature

REPORT ID: 6e779e9a-e0f9-4102-9f0b-ad46e9c4533f

The plugin contains an Authorization Bypass due to an use of Insufficiently Unique Cryptographic Signature vulnerability. Due to the plugin’s functionality, this makes it possible to bypass auth by retrieving an auto login link.

Feather Login Page by Feather Plugins WordPress plugin Privilege Escalation

REPORT ID: 7616cd4c-f24c-4472-80d9-2c40a5c30d4b

The plugin contains a Missing Authorization vulnerability in the expirable login links list ajax function, which leads to Privilege Escalation.

User Registration by WPEverest WordPess plugin Arbitrary File Upload

REPORT ID: c0a58dff-7a5b-4cc0-82d6-2255e61d801c

The plugin contains an Arbitrary File Upload vulnerability. Due to a hardcoded encryption key and a missing file type validation, it is even possible to upload a php file to the website.

BookIt by StylemixThemes WordPress plugin Authentication Bypass

REPORT ID: 0dea1346-fd60-4338-8af6-6f89c29075d4

The plugin contains an Auth Bypass vulnerability. To bypass authentication, we only need to know the user’s email address. Depending on whose email address we know, we may even be given an administrator role on the website.

Social Login and Register by miniOrange WordPess plugin Authentication Bypass

REPORT ID: 2326f41f-a39f-4fde-8627-9d29fff91443

The plugin contains an Auth Bypass vulnerability. To bypass authentication, we only need to know the user’s email address. Depending on whose email address we know, we may even be given an administrator role on the website.