snicco

Taking the pain out of enterprise WordPress development

WordPress Injection vulnerabilities (4)

  • Client Mode Remote Code Execution – Breakdance <= 1.7.0 – CVE-2024-31390

    Affected plugin Breakdance Active installs Not available – Commercial Vulnerable version <= 1.7.0 Audited version 1.7.0 Fully patched version Unpatched Recommended remediation See Misc CVE CVE-2024-31390 (Patchstack link) Description The Breakdance page builder is vulnerable to remote code execution (RCE) in versions <= 1.7.0, which means that an attacker can run arbitrary code/system commands and…

  • Client Control Remote Code Execution – Oxygen <= 4.8.1 – CVE-2024-31380

    Affected plugin Oxygen Builder Active installs Not available – Commercial Vulnerable version <= 4.8.1 Audited version 4.8.1 Fully patched version Not patched Recommended remediation See: Misc CVE CVE-2024-31380 (Patchstack link) Description The Oxygen page builder is vulnerable to remote code execution (RCE) in versions <= 4.8.1, which means that an attacker can run arbitrary code/system…

  • Remote Code Execution – Cwicly <= 1.4.0.2

    Affected plugin Cwicly Active installs Not available – Commercial Vulnerable version <= 1.4.0.2 Audited version 1.4.0.2 Fully patched version 1.4.0.3 Recommended remediation Upgrade immediately to version 1.4.0.3 or higher. Description The Cwicly page builder is vulnerable to remote code execution (RCE) in versions <= 1.4.0.2, which means that an attacker can run arbitrary code/system commands…

  • Unauthenticated Remote Code Execution – Bricks <= 1.9.6

    Affected plugin Bricks Builder Active installs Commercial ~ 25000 Vulnerable version <= 1.9.6 Audited version 1.9.6 Fully patched version 1.9.6.1 Recommended remediation Upgrade immediately to version to 1.9.6.1 or higher Description Bricks <= 1.9.6 is vulnerable to unauthenticated remote code execution (RCE) which means that anybody can run arbitrary commands and take over the site/server.…