Security
How to Evaluate Your Website’s Hosting Needs: A Step-by-Step Guide
Imagine this: It’s Black Friday, and your e-commerce site is primed for unprecedented traffic. Orders are pouring in when suddenly…website crashed! Server overloaded! The horror is mounting as your site remains down right in the thick of peak sales season. This is the nightmare reality for many businesses with websites hosted on inappropriate plans unable…
WordPress Plugin Vulnerability Report – Analytify – Cross-Site Request Forgery
Plugin Name: Analytify Key Information: Software Type: Plugin Software Slug: wp-analytify Software Status: Active Software Author: hiddenpearls Software Downloads: 1,817,063 Active Installs: 40,000 Last Updated: November 20, 2023 Patched Versions: 5.2.0 Affected Versions: <= 5.1.0 Vulnerability Details: Name: Analytify Dashboard <= 5.1.0 – Cross-Site Request Forgery Title: Cross-Site Request Forgery Type: Cross-Site Request Forgery (CSRF) CVSS Score: 4.3 (Medium) Publicly Published: November 20, 2023 Description: The Analytify – Google Analytics…
WordPress Plugin Vulnerability Report – wpDiscuz – Authenticated (Administrator+) Stored Cross-Site Scripting
Plugin Name: wpDiscuz Key Information: Software Type: Plugin Software Slug: wpdiscuz Software Status: Active Software Author: advancedcoding Software Downloads: 3,042,036 Active Installs: 80,000 Last Updated: November 17, 2023 Patched Versions: 7.6.13 Affected Versions: <= 7.6.12 Vulnerability Details: Name: wpDiscuz <= 7.6.12 – Authenticated (Administrator+) Stored Cross-Site Scripting Title: Authenticated (Administrator+) Stored Cross-Site Scripting Type: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) CVSS Score: 4.4 (Medium)…
WordPress Plugin Vulnerability Report – Paid Memberships Pro – Authenticated (Subscriber+) Arbitrary File Upload – CVE-2023-6187
Plugin Name: Paid Memberships Pro Key Information: Software Type: Plugin Software Slug: paid-memberships-pro Software Status: Active Software Author: strangerstudios Software Downloads: 5,334,391 Active Installs: 90,000 Last Updated: November 16, 2023 Patched Versions: 2.12.4 Affected Versions: <= 2.12.3 Vulnerability Details: Name: Paid Memberships Pro <= 2.12.3 – Authenticated (Subscriber+) Arbitrary File Upload Title: Authenticated (Subscriber+) Arbitrary File Upload Type: Unrestricted Upload of File with Dangerous Type CVE: CVE-2023-6187 CVSS…
WordPress Plugin Vulnerability Report – Elementor Addon Elements – Cross-Site Request Forgery – CVE-2023-4690
Plugin Name: Elementor Addon Elements Key Information: Software Type: Plugin Software Slug: addon-elements-for-elementor-page-builder Software Status: Active Software Author: webtechstreet Software Downloads: 2,143,312 Active Installs: 100,000 Last Updated: November 15, 2023 Patched Versions: 1.12.8 Affected Versions: <= 1.12.7 Vulnerability Details: Name: Elementor Addon Elements <= 1.12.7 – Cross-Site Request Forgery Title: Cross-Site Request Forgery Type: Cross-Site Request Forgery (CSRF) CVE: CVE-2023-4690 CVSS Score: 5.4 (Medium) Publicly Published: November 15, 2023 Researcher: Marco…
WordPress Plugin Vulnerability Report – Forminator – Authenticated (Administrator+) Arbitrary File Upload – CVE-2023-6133
Plugin Name: Forminator Key Information: Software Type: Plugin Software Slug: forminator Software Status: Active Software Author: wpmudev Software Downloads: 5,677,838 Active Installs: 400,000 Last Updated: November 14, 2023 Patched Versions: 1.28.0 Affected Versions: <= 1.27.0 Vulnerability Details: Name: Forminator <= 1.27.0 – Authenticated (Administrator+) Arbitrary File Upload Type: Unrestricted Upload of File with Dangerous Type…
WordPress Plugin Vulnerability Report – Shareaholic – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2023-4889
Plugin Name: Shareaholic Key Information: Software Type: Plugin Software Slug: shareaholic Software Status: Active Software Author: shareaholic Software Downloads: 4,734,248 Active Installs: 30,000 Last Updated: November 14, 2023 Patched Versions: 9.7.9 Affected Versions: <= 9.7.8 Vulnerability Details: Name: Shareaholic <= 9.7.8 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Title: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Type: Improper Neutralization of Input During Web Page Generation (‘Cross-site…
WordPress Plugin Vulnerability Report – Ultimate Dashboard – Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings – CVE-2023-4726
Plugin Name: Ultimate Dashboard Key Information: Software Type: Plugin Software Slug: ultimate-dashboard Software Status: Active Software Author: davidvongries Software Downloads: 539,497 Active Installs: 60,000 Last Updated: November 13, 2023 Patched Versions: 3.7.8 Affected Versions: <= 3.7.7 Vulnerability Details: Name: Ultimate Dashboard <= 3.7.7 – Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings Title: Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings Type: Improper Neutralization of Input During…