A space dedicated to the detection and reporting of vulnerabilities in the Wordpress world, in order to allow the subjects involved to promptly carry out resolving updates.

WooCommerce plugin vulnerability < 8.6

The Woocommerce plugin has a vulnerability that makes it possible for authenticated users with contributor level and above to access products classified as private, draft or trashed....

Avada Theme Vulnerability < 7.11.6

The Avada theme, Website Builder for WordPress & WooCommerce, is vulnerable to exposure of sensitive information in versions up to and including 7.11.5 through the form entry page....

Elementor plugin vulnerability < 3.19.1

The Elementor Website Builder plugin, much more than just a Page Builder for WordPress, is vulnerable to arbitrary file deletions and PHAR deserialization in versions up to and including 3.19.0....

POST SMTP Mailer plugin vulnerability < 2.8.8

The plugin is vulnerable to unauthorized access and data modification due to a type manipulation issue on the connect-app REST endpoint in all versions up to and including 2.8.7....