WordPress Button Plugin MaxButtons Vulnerability – Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode – CVE-2023-7029 | WordPress Plugin Vulnerability Report

By Your WP Guy | January 23, 2024
WP Plugin Vulnerabilities Image - WordPress Button Plugin MaxButtons Vulnerability - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode - CVE-2023-7029 | WordPress Plugin Vulnerability Report - Vulnerabilities

Plugin Name: WordPress Button Plugin MaxButtons Key Information: Software Type: Plugin Software Slug: maxbuttons Software Status: Active Software Author: maxfoundry Software Downloads: 4,681,976 Active Installs: 100,000 Last Updated: January 23, 2024 Patched Versions: 9.7.7 Affected Versions: <= 9.7.6 Vulnerability Details: Name: WordPress Button Plugin MaxButtons <= 9.7.6 – Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode Title:…

Read More

WP Go Maps Vulnerability – Reflected Cross-Site Scripting – CVE-2023-6697 | WordPress Plugin Vulnerability Report

By Your WP Guy | January 23, 2024
WP Plugin Vulnerabilities Image - WP Go Maps Vulnerability - Reflected Cross-Site Scripting - CVE-2023-6697 | WordPress Plugin Vulnerability Report - Vulnerabilities

Plugin Name: WP Go Maps (formerly WP Google Maps) Key Information: Software Type: Plugin Software Slug: wp-google-maps Software Status: Active Software Author: wpgmaps Software Downloads: 22,527,179 Active Installs: 400,000 Last Updated: January 23, 2024 Patched Versions: 9.0.29 Affected Versions: <= 9.0.28 Vulnerability Details: Name: WP Go Maps (formerly WP Google Maps) <= 9.0.28 – Reflected Cross-Site Scripting Type: Improper Neutralization of Input During Web Page Generation…

Read More

AMP for WP Vulnerability – Reflected Cross-Site Scripting – CVE-2024-0587 | WordPress Plugin Vulnerability Report

By Your WP Guy | January 22, 2024
WP Plugin Vulnerabilities Image - AMP for WP Vulnerability - Reflected Cross-Site Scripting - CVE-2024-0587 | WordPress Plugin Vulnerability Report - Vulnerabilities

Plugin Name: AMP for WP Key Information: Software Type: Plugin Software Slug: accelerated-mobile-pages Software Status: Active Software Author: mohammed_kaludi Software Downloads: 17,593,156 Active Installs: 100,000 Last Updated: January 22, 2024 Patched Versions: 1.0.93 Affected Versions: <= 1.0.92.1 Vulnerability Details: Name: Accelerated Mobile Pages <= 1.0.92.1 – Reflected Cross-Site Scripting Title: Reflected Cross-Site Scripting Type: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) CVE: CVE-2024-0587 CVSS Score: 6.1…

Read More

File Manager Vulnerability – Sensitive Information Exposure via Backup Filenames – CVE-2024-0761 | WordPress Plugin Vulnerability Report

By Your WP Guy | January 22, 2024
WP Plugin Vulnerabilities Image - File Manager Vulnerability - Sensitive Information Exposure via Backup Filenames - CVE-2024-0761 | WordPress Plugin Vulnerability Report - Vulnerabilities

Plugin Name: File Manager Key Information: Software Type: Plugin Software Slug: wp-file-manager Software Status: Active Software Author: mndpsingh287 Software Downloads: 19,681,705 Active Installs: 1,000,000 Last Updated: January 22, 2024 Patched Versions: 7.2.2 Affected Versions: <= 7.2.1 Vulnerability Details: Name: File Manager <= 7.2.1 – Sensitive Information Exposure via Backup Filenames Title: Sensitive Information Exposure via…

Read More

GiveWP Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2023-51415 | WordPress Plugin Vulnerability Report

By Your WP Guy | January 19, 2024
WP Plugin Vulnerabilities Image - GiveWP Vulnerability - Authenticated (Contributor+) Stored Cross-Site Scripting - CVE-2023-51415 | WordPress Plugin Vulnerability Report - Vulnerabilities

Plugin Name: GiveWP Key Information: Software Type: Plugin Software Slug: give Software Status: Active Software Author: webdevmattcrom Software Downloads: 6,478,131 Active Installs: 100,000 Last Updated: January 19, 2024 Patched Versions: 3.3.0 Affected Versions: <= 3.2.2 Vulnerability Details: Name: GiveWP <= 3.2.2 – Authenticated (Contributor+) Stored Cross-Site Scripting Title: Authenticated (Contributor+) Stored Cross-Site Scripting Type: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) CVE: CVE-2023-51415 CVSS Score: 6.4…

Read More

WPvivid Vulnerability – Missing Authorization – CVE-2023-4637 | WordPress Plugin Vulnerability Report

By Your WP Guy | January 19, 2024
WP Plugin Vulnerabilities Image - WPvivid Vulnerability - Missing Authorization - CVE-2023-4637 | WordPress Plugin Vulnerability Report - Vulnerabilities

Plugin Name: WPvivid Key Information: Software Type: Plugin Software Slug: wpvivid-backuprestore Software Status: Active Software Author: wpvividplugins Software Downloads: 6,203,119 Active Installs: 400,000 Last Updated: January 19, 2024 Patched Versions: 0.9.95 Affected Versions: <= 0.9.94 Vulnerability Details: Name: WPvivid <= 0.9.94 – Missing Authorization Title: Missing Authorization Type: Missing Authorization CVE: CVE-2023-4637 CVSS Score: 4.3 (Medium) Publicly Published: January 19, 2024 Researcher: Revan Arifio Description: The WPvivid plugin for WordPress is vulnerable…

Read More

Ninja Tables Vulnerability – Missing Authorization – CVE-2024-23504 | WordPress Plugin Vulnerability Report

By Your WP Guy | January 19, 2024
WP Plugin Vulnerabilities Image - Ninja Tables Vulnerability - Missing Authorization - CVE-2024-23504 | WordPress Plugin Vulnerability Report - Vulnerabilities

Plugin Name: Ninja Tables Key Information: Software Type: Plugin Software Slug: ninja-tables Software Status: Active Software Author: techjewel Software Downloads: 1,636,926 Active Installs: 80,000 Last Updated: January 19, 2024 Patched Versions: 5.0.6 Affected Versions: <= 5.0.5 Vulnerability Details: Name: Ninja Tables <= 5.0.5 – Missing Authorization Title: Missing Authorization Type: Missing Authorization CVE: CVE-2024-23504 CVSS Score: 5.3 (Medium) Publicly Published: January 19, 2024 Researcher: emad Description: The Ninja Tables plugin for WordPress…

Read More

Photo Gallery by 10Web Vulnerability – Directory Traversal to Arbitrary File Rename – CVE-2024-0221 | WordPress Plugin Vulnerability Report

By Your WP Guy | January 19, 2024
WP Plugin Vulnerabilities Image - Photo Gallery by 10Web Vulnerability - Directory Traversal to Arbitrary File Rename - CVE-2024-0221 | WordPress Plugin Vulnerability Report - Vulnerabilities

Plugin Name: Photo Gallery by 10Web Key Information: Software Type: Plugin Software Slug: photo-gallery Software Status: Active Software Author: 10web Software Downloads: 17,512,296 Active Installs: 200,000 Last Updated: January 19, 2024 Patched Versions: 1.8.20 Affected Versions: <= 1.8.19 Vulnerability Details: Name: Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.19 – Directory Traversal to Arbitrary File Rename Type: Improper Limitation of a Pathname to a…

Read More

Simple Membership Vulnerability – Open Redirect – CVE-2024-22308 | WordPress Plugin Vulnerability Report

By Your WP Guy | January 19, 2024
WP Plugin Vulnerabilities Image - Simple Membership Vulnerability - Open Redirect - CVE-2024-22308 | WordPress Plugin Vulnerability Report - Vulnerabilities

Plugin Name: Simple Membership Key Information: Software Type: Plugin Software Slug: simple-membership Software Status: Active Software Author: mra13 Software Downloads: 2,388,048 Active Installs: 50,000 Last Updated: January 19, 2024 Patched Versions: 4.4.2 Affected Versions: <= 4.4.1 Vulnerability Details: Name: Simple Membership <= 4.4.1 – Open Redirect Title: Open Redirect Type: URL Redirection to Untrusted Site (‘Open Redirect’) CVE: CVE-2024-22308 CVSS Score: 6.1 (Medium) Publicly Published: January 19, 2024 Researcher: Joshua Chan…

Read More

VK Block Patterns Vulnerability – Cross-Site Request Forgery – CVE-2024-0623 | WordPress Plugin Vulnerability Report

By Your WP Guy | January 19, 2024
WP Plugin Vulnerabilities Image - VK Block Patterns Vulnerability - Cross-Site Request Forgery - CVE-2024-0623 | WordPress Plugin Vulnerability Report - Vulnerabilities

Plugin Name: VK Block Patterns Key Information: Software Type: Plugin Software Slug: vk-block-patterns Software Status: Active Software Author: vektor-inc Software Downloads: 1,113,989 Active Installs: 80,000 Last Updated: January 19, 2024 Patched Versions: 1.31.2.0 Affected Versions: <= 1.31.1.1 Vulnerability Details: Name: VK Block Patterns <= 1.31.1.1 – Cross-Site Request Forgery Type: Cross-Site Request Forgery (CSRF) CVE: CVE-2024-0623 CVSS Score: 4.3 (Medium) Publicly Published: January 19, 2024 Researcher: kodaichodai Description: The VK Block…

Read More