Critical Vulnerability Patched in GiveWP Plugin

GiveWP Unauthenticated PHP Object Injection The vulnerability in the GiveWP plugin was originally reported by Patchstack Alliance community member Edisc from Zalopay Security to the Patchstack Zero Day bug bounty program for WordPress. Patchstack Zero Day program has awarded the researcher a bounty of $2,600 USD. If you wish to [...]

Read More

Multiple Critical Vulnerabilities Patched in WPLMS and VibeBP Plugins

WPLMS Unauthenticated Arbitrary File Upload WPLMS Subscriber+ Arbitrary File Upload WPLMS Sutedent+ Arbitrary File Upload WPLMS Unauthenticated Privilege Escalation WPLMS Subscriber+ Privilege Escalation WPLMS Unauthenticated SQL Injection WPLMS Subscriber+ SQL Injection VibeBP Unauthenticated Privilege Escalation VibeBP Unauthenticated SQL Injection VibeBP Subscriber+ SQL Injection This blog post is about the WPLMS [...]

Read More