WordPress Injection vulnerabilities (2)


  • Remote Code Execution – Cwicly <= 1.4.0.2

    Affected plugin Cwicly Active installs Not available – Commercial Vulnerable version <= 1.4.0.2 Audited version 1.4.0.2 Fully patched version 1.4.0.3 Recommended remediation Upgrade immediately to version 1.4.0.3 or higher. Description The Cwicly page builder is vulnerable to remote code execution (RCE) in versions <= 1.4.0.2, which means that an attacker can run arbitrary code/system commands…

  • Unauthenticated Remote Code Execution – Bricks <= 1.9.6

    Affected plugin Bricks Builder Active installs Commercial ~ 25000 Vulnerable version <= 1.9.6 Audited version 1.9.6 Fully patched version 1.9.6.1 Recommended remediation Upgrade immediately to version to 1.9.6.1 or higher Description Bricks <= 1.9.6 is vulnerable to unauthenticated remote code execution (RCE) which means that anybody can run arbitrary commands and take over the site/server.…