WordPress Client Plugin Vulnerable to File Upload
The Bottom Bar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 0.1.7. This vulnerability is due to missing nonce verification. This vulnerability has a CVSS v3.1 score of 4.3 out of 10. The issue was updated on May 20, 2026. The Infility Global plugin for WordPress has a vulnerability rated 6.5/10 (CVSS v3.1) allowing SQL Injection via the 'orderby' parameter. The LJ comments import: reloaded plugin is also vulnerable to Reflected Cross-Site Scripting.
Topics
Developing
- 870d Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore.
- 870d Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur.
- 870d Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est.
- 870d Sed ut perspiciatis unde omnis iste natus error sit voluptatem accusantium doloremque laudantium.
Sources · 7 independent
Source Alpha
Source Bravo
Source Charlie
Source Delta
Source Echo
Source Foxtrot
Source Golf
Unlock the full story
Get a Pro subscription or above to see the live story progression and the full list of independent sources confirming each event as they happen.
Log in to upgrade