WordPress Plugin Vulnerability Report – Import and export users and customers – Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode – CVE-2023-6624
Plugin Name: Import and export users and customers Key Information: Software Type: Plugin Software Slug: import-users-from-csv-with-meta Software Status: Active Software Author: carazo Software Downloads: 3,901,440 Active Installs: 80,000 Last Updated: December 11, 2023 Patched Versions: Affected Versions: Vulnerability Details: Name: Import and export users and customers <= 1.24.3 – Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode Title: Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode Type: Improper Neutralization…
Read MoreHow Your WP Guy Guards Against Sneaky WordPress Malware
This Scary Loophole Leaves Most WordPress Sites Wide Open to Hackers Think your WordPress site is safe just because it has an active security plugin? Think again. In this bombshell interview, Your WP Guy founder Jonathan Wofford explains how a dangerous software blind spot allows hackers to breach websites right under most hosts’ noses. Jonathan…
Read More
WordPress Plugin Vulnerability Report – EmbedPress – Missing Authorization
Plugin Name: EmbedPress Key Information: Software Type: Plugin Software Slug: embedpress Software Status: Active Software Author: wpdevteam Software Downloads: 2,004,277 Active Installs: 80,000 Last Updated: December 8, 2023 Patched Versions: NA Affected Versions: <= 3.9.4 Vulnerability Details: Name: EmbedPress <= 3.9.4 – Missing Authorization Title: Missing Authorization Type: Missing Authorization CVSS Score: 5.3 (Medium) Publicly Published: December 8, 2023 Description: The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia…
Read MoreWordPress Plugin Vulnerability Report – Manage Notification E-mails – Missing Authorization – CVE-2023-6496
Plugin Name: Manage Notification E-mails Key Information: Software Type: Plugin Software Slug: manage-notification-emails Software Status: Active Software Author: virgial Software Downloads: 612,816 Active Installs: 100,000 Last Updated: December 8, 2023 Patched Versions: 1.8.6 Affected Versions: <= 1.8.5 Vulnerability Details: Name: Manage Notification E-mails <= 1.8.5 – Missing Authorization Title: Missing Authorization Type: Improper Authorization CVE: CVE-2023-6496 CVSS Score: 5.3 (Medium) Publicly Published: December 8, 2023 Researcher: Rafshanzani Suhada Description: The Manage Notification…
Read MoreWordPress Plugin Vulnerability Report – Burst Statistics and Burst Statistics Pro – Unauthenticated SQL Injection – CVE-2023-5761
Plugin Name: Burst Statistics and Burst Statistics Pro Key Information: Software Type: Plugin Software Slug: burst-statistics Software Status: Active Software Author: rogierlankhorst Software Downloads: 1,201,064 Active Installs: 100,000 Last Updated: December 6, 2023 Patched Versions (Burst Statistics): 1.4.0 – 1.4.6.1 Affected Versions (Burst Statistics): 1.5.0 Patched Versions (Burst Statistics Pro): 1.4.0 – 1.5.0 Affected Versions (Burst Statistics Pro): 1.5.1 Vulnerability Details: Name: Burst Statistics – Privacy-Friendly Analytics…
Read MoreWordPress Plugin Vulnerability Report – Elementor Website Builder – Authenticated(Contributor+) Arbitrary File Upload to Remote Code Execution via Template Import
Plugin Name: Elementor Website Builder Key Information: Software Type: Plugin Software Slug: elementor Software Status: Active Software Author: elemntor Software Downloads: 357,725,852 Active Installs: 5,000,000 Last Updated: December 6, 2023 Patched Versions: No patched version Affected Versions: <= 3.18.0 Vulnerability Details: Name: Elementor <= 3.18.0 Authenticated(Contributor+) Arbitrary File Upload to Remote Code Execution via Template Import Title: Authenticated(Contributor+) Arbitrary File Upload to Remote Code Execution via…
Read MoreWordPress Plugin Vulnerability Report – Calculated Fields Form – Authenticated (Admin+) Stored Cross-Site Scripting – CVE-2023-6446
Plugin Name: Calculated Fields Form Key Information: Software Type: Plugin Software Slug: calculated-fields-form Software Status: Active Software Author: codepeople Software Downloads: 6,352,767 Active Installs: 60,000 Last Updated: December 5, 2023 Patched Versions: 1.2.41 Affected Versions: <= 1.2.40 Vulnerability Details: Name: Calculated Fields Form <= 1.2.40 – Authenticated (Admin+) Stored Cross-Site Scripting Title: Authenticated (Admin+) Stored Cross-Site Scripting Type: Improper Neutralization of Alternate XSS Syntax CVE: CVE-2023-6446 CVSS Score: 4.4…
Read MoreThe Business Perspective: How Site Neglect Can Impact Brand Image and Sales
It’s 2 AM when the frantic texts from your top customer jerk you awake. Bleary-eyed, you fumble to read the message on your phone. “Error message when trying to checkout on your site…pages look broken on my phone…what’s going on??” You scramble to grab your laptop as your heart races, pulling up your website. You…
Read MoreWordPress Plugin Vulnerability Report – MW WP Form – Unauthenticated Arbitrary File Upload – CVE-2023-6316
Plugin Name: MW WP Form Key Information: Software Type: Plugin Software Slug: mw-wp-form Software Status: Active Software Author: inc2734 Software Downloads: 1,305,500 Active Installs: 200,000 Last Updated: December 4, 2023 Patched Versions: 5.0.2 Affected Versions: <= 5.0.1 Vulnerability Details: Name: MW WP Form <= 5.0.1 – Unauthenticated Arbitrary File Upload Title: Unauthenticated Arbitrary File Upload Type: Unrestricted Upload of File with Dangerous Type CVE: CVE-2023-6316 CVSS Score: 9.8 (Critical)…
Read More