Vulnerabilities and security researches forwp-webinarsystem wp-webinarsystem

Jun 07, 2024

CVE, Research URL: CVE-2024-34818
Home page URL: Security reports for WordPress Webinar Plugin – WebinarPress
Application: WordPress Webinar Plugin – WebinarPress
Date: May 14, 2024
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in WebinarPress.This issue affects WebinarPress: from n/a through 1.33.17.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2024-31256
Home page URL: Security reports for WordPress Webinar Plugin – WebinarPress
Application: WordPress Webinar Plugin – WebinarPress
Date: Apr 07, 2024
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebinarPress allows Reflected XSS.This issue affects WebinarPress: from n/a through 1.33.9.
Affected versions: Min -, max -.
Status: vulnerable

Aug 20, 2024

CVE, Research URL: CVE-2024-43339
Home page URL: Security reports for WordPress Webinar Plugin – WebinarPress
Application: WordPress Webinar Plugin – WebinarPress
Date: Aug 27, 2024
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in WebinarPress allows Cross-Site Scripting (XSS).This issue affects WebinarPress: from n/a through 1.33.20.
Affected versions: Min -, max -.
Status: vulnerable

Jan 09, 2025

CVE, Research URL: CVE-2024-11271
Home page URL: Security reports for WordPress Webinar Plugin – WebinarPress
Application: WordPress Webinar Plugin – WebinarPress
Date: Jan 08, 2025
Research Description: The WordPress Webinar Plugin – WebinarPress plugin for WordPress is vulnerable to modification of data due to a missing capability check on several functions in all versions up to, and including, 1.33.24. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify webinars.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2024-11270
Home page URL: Security reports for WordPress Webinar Plugin – WebinarPress
Application: WordPress Webinar Plugin – WebinarPress
Date: Jan 08, 2025
Research Description: The WordPress Webinar Plugin – WebinarPress plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check on the 'sync-import-imgs' function and missing file type validation in all versions up to, and including, 1.33.24. This makes it possible for authenticated attackers, with subscriber-level access and above, to create arbitrary files that can lead to remote code execution.
Affected versions: Min -, max -.
Status: vulnerable

Apr 03, 2025

CVE, Research URL: CVE-2025-31883
Home page URL: Security reports for WordPress Webinar Plugin – WebinarPress
Application: WordPress Webinar Plugin – WebinarPress
Date: Apr 01, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPWebinarSystem WebinarPress allows Stored XSS. This issue affects WebinarPress: from n/a through 1.33.27.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2025-31882
Home page URL: Security reports for WordPress Webinar Plugin – WebinarPress
Application: WordPress Webinar Plugin – WebinarPress
Date: Apr 01, 2025
Research Description: Missing Authorization vulnerability in WPWebinarSystem WebinarPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WebinarPress: from n/a through 1.33.27.
Affected versions: Min -, max -.
Status: vulnerable