Security

How to Evaluate Your Website’s Hosting Needs: A Step-by-Step Guide

By Your WP Guy / Nov 21, 2023

Imagine this: It’s Black Friday, and your e-commerce site is primed for unprecedented traffic. Orders are pouring in when suddenly…website crashed! Server overloaded! The horror is mounting as your site remains down right in the thick of peak sales season. This is the nightmare reality for many businesses with websites hosted on inappropriate plans unable…

WordPress Plugin Vulnerability Report – Analytify – Cross-Site Request Forgery

By Your WP Guy / Nov 20, 2023

Plugin Name: Analytify Key Information: Software Type: Plugin Software Slug: wp-analytify Software Status: Active Software Author: hiddenpearls Software Downloads: 1,817,063 Active Installs: 40,000 Last Updated: November 20, 2023 Patched Versions: 5.2.0 Affected Versions: <= 5.1.0 Vulnerability Details: Name: Analytify Dashboard <= 5.1.0 – Cross-Site Request Forgery Title: Cross-Site Request Forgery Type: Cross-Site Request Forgery (CSRF) CVSS Score: 4.3 (Medium) Publicly Published: November 20, 2023 Description: The Analytify – Google Analytics…

WordPress Plugin Vulnerability Report – EmbedPress – Draft Vulnerability

By Your WP Guy / Nov 17, 2023

Plugin Name: EmbedPress Key Information: Software Type: Plugin Software Slug: embedpress Software Status: Active Software Author: wpdevteam Software Downloads: 1,889,041 Active Installs: 80,000 Last Updated: November 17, 2023 Patched Versions: 3.9.2 Affected Versions: <= 3.9.1 Vulnerability Details: Name: Draft Vulnerability for EmbedPress 3.9.2 Title: Draft Vulnerability Type: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) CVSS Score: 6.1 (Medium) Publicly Published: November 17, 2023 Description: The EmbedPress –…

WordPress Plugin Vulnerability Report – wpDiscuz – Authenticated (Administrator+) Stored Cross-Site Scripting

By Your WP Guy / Nov 17, 2023

Plugin Name: wpDiscuz Key Information: Software Type: Plugin Software Slug: wpdiscuz Software Status: Active Software Author: advancedcoding Software Downloads: 3,042,036 Active Installs: 80,000 Last Updated: November 17, 2023 Patched Versions: 7.6.13 Affected Versions: <= 7.6.12 Vulnerability Details: Name: wpDiscuz <= 7.6.12 – Authenticated (Administrator+) Stored Cross-Site Scripting Title: Authenticated (Administrator+) Stored Cross-Site Scripting Type: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) CVSS Score: 4.4 (Medium)…

WordPress Plugin Vulnerability Report – Paid Memberships Pro – Authenticated (Subscriber+) Arbitrary File Upload – CVE-2023-6187

By Your WP Guy / Nov 16, 2023

Plugin Name: Paid Memberships Pro Key Information: Software Type: Plugin Software Slug: paid-memberships-pro Software Status: Active Software Author: strangerstudios Software Downloads: 5,334,391 Active Installs: 90,000 Last Updated: November 16, 2023 Patched Versions: 2.12.4 Affected Versions: <= 2.12.3 Vulnerability Details: Name: Paid Memberships Pro <= 2.12.3 – Authenticated (Subscriber+) Arbitrary File Upload Title: Authenticated (Subscriber+) Arbitrary File Upload Type: Unrestricted Upload of File with Dangerous Type CVE: CVE-2023-6187 CVSS…

WordPress Plugin Vulnerability Report – Slider – Missing Authorization via AJAX action

By Your WP Guy / Nov 16, 2023

Plugin Name: Slider – Ultimate Responsive Image Slider Key Information: Software Type: Plugin Software Slug: ultimate-responsive-image-slider Software Status: Active Software Author: farazfrank Software Downloads: 1,338,384 Active Installs: 40,000 Last Updated: November 16, 2023 Patched Versions: 3.5.12 Affected Versions: <= 3.5.11 Vulnerability Details: Name: Ultimate Responsive Image Slider <= 3.5.11 – Missing Authorization via AJAX action Title: Missing Authorization via AJAX action Type: Missing Authorization CVSS Score: 4.3 (Medium)…

WordPress Plugin Vulnerability Report – Elementor Addon Elements – Cross-Site Request Forgery – CVE-2023-4690

By Your WP Guy / Nov 15, 2023

Plugin Name: Elementor Addon Elements Key Information: Software Type: Plugin Software Slug: addon-elements-for-elementor-page-builder Software Status: Active Software Author: webtechstreet Software Downloads: 2,143,312 Active Installs: 100,000 Last Updated: November 15, 2023 Patched Versions: 1.12.8 Affected Versions: <= 1.12.7 Vulnerability Details: Name: Elementor Addon Elements <= 1.12.7 – Cross-Site Request Forgery Title: Cross-Site Request Forgery Type: Cross-Site Request Forgery (CSRF) CVE: CVE-2023-4690 CVSS Score: 5.4 (Medium) Publicly Published: November 15, 2023 Researcher: Marco…

WordPress Plugin Vulnerability Report – Forminator – Authenticated (Administrator+) Arbitrary File Upload – CVE-2023-6133

By Your WP Guy / Nov 14, 2023

Plugin Name: Forminator Key Information: Software Type: Plugin Software Slug: forminator Software Status: Active Software Author: wpmudev Software Downloads: 5,677,838 Active Installs: 400,000 Last Updated: November 14, 2023 Patched Versions: 1.28.0 Affected Versions: <= 1.27.0 Vulnerability Details: Name: Forminator <= 1.27.0 – Authenticated (Administrator+) Arbitrary File Upload Type: Unrestricted Upload of File with Dangerous Type…

WordPress Plugin Vulnerability Report – Shareaholic – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2023-4889

By Your WP Guy / Nov 14, 2023

Plugin Name: Shareaholic Key Information: Software Type: Plugin Software Slug: shareaholic Software Status: Active Software Author: shareaholic Software Downloads: 4,734,248 Active Installs: 30,000 Last Updated: November 14, 2023 Patched Versions: 9.7.9 Affected Versions: <= 9.7.8 Vulnerability Details: Name: Shareaholic <= 9.7.8 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Title: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Type: Improper Neutralization of Input During Web Page Generation (‘Cross-site…

WordPress Plugin Vulnerability Report – Ultimate Dashboard – Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings – CVE-2023-4726

By Your WP Guy / Nov 13, 2023

Plugin Name: Ultimate Dashboard Key Information: Software Type: Plugin Software Slug: ultimate-dashboard Software Status: Active Software Author: davidvongries Software Downloads: 539,497 Active Installs: 60,000 Last Updated: November 13, 2023 Patched Versions: 3.7.8 Affected Versions: <= 3.7.7 Vulnerability Details: Name: Ultimate Dashboard <= 3.7.7 – Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings Title: Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings Type: Improper Neutralization of Input During…