WordPress Plugin Vulnerability Report – Mollie Payments for WooCommerce – Authenticated (Shop Manager+) Arbitrary File Upload – CVE-2023-6090
Plugin Name: Mollie Payments for WooCommerce Key Information: Software Type: Plugin Software Slug: mollie-payments-for-woocommerce Software Status: Active Software Author: mollieintegration Software Downloads: 2,934,315 Active Installs: 100,000 Last Updated: November 27, 2023 Patched Versions: 7.3.12 Affected Versions: <= 7.3.11 Vulnerability Details: Name: Mollie Payments for WooCommerce <= 7.3.11 – Authenticated (Shop Manager+) Arbitrary File Upload Title: Authenticated (Shop Manager+) Arbitrary File Upload Type: Unrestricted Upload of File with…
Read MoreWordPress Plugin Vulnerability Report – Shortcodes Ultimate – Authenticated (Contributor+) Stored Cross-Site Scripting & Insecure Direct Object Reference to Information Disclosure – CVE-2023-6225 & CVE-2023-6226
Plugin Name: Shortcodes Ultimate Key Information: Software Type: Plugin Software Slug: shortcodes-ultimate Software Status: Active Software Author: gn_themes Software Downloads: 17,874,399 Active Installs: 600,000 Last Updated: November 27, 2023 Patched Versions: 7.0.0 Affected Versions: <= 5.13.3 Vulnerability 1 Details: Name: WP Shortcodes Plugin — Shortcodes Ultimate <= 5.13.3 – Authenticated (Contributor+) Stored Cross-Site Scripting Title: Authenticated (Contributor+) Stored Cross-Site Scripting Type: Improper Neutralization of Input During Web…
Read MoreFor Immediate Release – Your WP Guy Monthly Website Support Company Celebrates 7 Years in Business
Your WP Guy Monthly Website Support Company Celebrates 7 Years in Business Atlanta, GA – November 27, 2023 – Your WP Guy, 2023 MarTech Innovation Award winner for Best Website Maintenance Company and leading provider of ongoing WordPress website support, is proud to announce that it has officially been in business for 7 years as…
Read MoreWordPress Plugin Vulnerability Report – SiteOrigin Widgets Bundle – Authenticated (Admin+) Local File Inclusion – CVE-2023-6295
Plugin Name: SiteOrigin Widgets Bundle Key Information: Software Type: Plugin Software Slug: so-widgets-bundle Software Status: Active Software Author: gpriday Software Downloads: 36,509,376 Active Installs: 600,000 Last Updated: November 27, 2023 Patched Versions: 1.51.0 Affected Versions: <= 1.50.1 Vulnerability Details: Name: SiteOrigin Widgets Bundle < 1.51.0 – Authenticated (Admin+) Local File Inclusion Title: Authenticated (Admin+) Local File Inclusion Type: Improper Control of Filename for Include/Require Statement in PHP…
Read MoreWhen Uptime Matters, Your WP Guy Delivers for WordPress Sites
Tired of Your Website Going Down? Learn How This Company Keeps Sites Up 99.9% of the Time Frustrated by a slow, unreliable website plagued by constant downtime? In this revealing interview, Jonathan Wofford, founder of Your WP Guy, pulls back the curtain on their foolproof system for nearly perfect WordPress uptime. Leveraging proactive 24/7 monitoring,…
Read MoreWordPress Plugin Vulnerability Report – HUSKY – Missing Authorization via woof_meta_get_keys() – CVE-2023-40334
Plugin Name: HUSKY Key Information: Software Type: Plugin Software Slug: woocommerce-products-filter Software Status: Active Software Author: realmag777 Software Downloads: 1,602,499 Active Installs: 100,000 Last Updated: November 23, 2023 Patched Versions: 1.3.4.3 Affected Versions: <= 1.3.4.2 Vulnerability Details: Name: HUSKY – Products Filter for WooCommerce (formerly WOOF) <= 1.3.4.2 – Missing Authorization via woof_meta_get_keys() Title: Missing Authorization via woof_meta_get_keys() Type: Missing Authorization CVE: CVE-2023-40334 CVSS Score: 4.3 (Medium) Publicly Published: November…
Read MoreWordPress Plugin Vulnerability Report – BackWPup – Authenticated (Administrator+) Directory Traversal – CVE-2023-5504
Plugin Name: BackWPup Key Information: Software Type: Plugin Software Slug: backwpup Software Status: Active Software Author: wp_media Software Downloads: 13,284,859 Active Installs: 600,000 Last Updated: November 22, 2023 Patched Versions: 4.0.2 Affected Versions: <= 4.0.1 Vulnerability Details: Name: BackWPup <= 4.0.1 – Authenticated (Administrator+) Directory Traversal Title: Authenticated (Administrator+) Directory Traversal Type: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) CVE: CVE-2023-5504 CVSS Score: 8.7 (High)…
Read MoreWordPress Plugin Vulnerability Report – Widgets for Google Reviews – Authenticated (Editor+) Arbitrary File Upload – CVE-2023-48275
Plugin Name: Widgets for Google Reviews Key Information: Software Type: Plugin Software Slug: wp-reviews-plugin-for-google Software Status: Active Software Author: trustindex Software Downloads: 4,619,317 Active Installs: 300,000 Last Updated: November 22, 2023 Patched Versions: 11.1 Affected Versions: <= 11.0.2 Vulnerability Details: Name: Widgets for Google Reviews <= 11.0.2 – Authenticated (Editor+) Arbitrary File Upload Title: Authenticated…
Read MoreWordPress Plugin Vulnerability Report – Login Lockdown – Authenticated (Administrator+) SQL Injection
Plugin Name: Login Lockdown Key Information: Software Type: Plugin Software Slug: login-lockdown Software Status: Active Software Author: webfactory Software Downloads: 1,446,808 Active Installs: 100,000 Last Updated: November 21, 2023 Patched Versions: 2.07 Affected Versions: <= 2.06 Vulnerability Details: Name: Login Lockdown <= 2.06 – Authenticated (Administrator+) SQL Injection Title: Authenticated (Administrator+) SQL Injection Type: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) CVSS…
Read MoreWordPress Plugin Vulnerability Report – Abandoned Cart Lite for WooCommerce – Improper Authorization Vulnerabilities
Plugin Name: Abandoned Cart Lite for WooCommerce Key Information: Software Type: Plugin Software Slug: woocommerce-abandoned-cart Software Status: Active Software Author: tychesoftwares Software Downloads: 995,970 Active Installs: 30,000 Last Updated: November 21, 2023 Patched Versions: 5.16.1 Affected Versions: < 5.16.1 Vulnerability Details: Name: Abandoned Cart Lite for WooCommerce <= 5.16.0 – Improper Authorization via wcal_delete_expired_used_coupon_code Title:…
Read More