Vulnerabilities
WordPress Plugin Vulnerability Report – UpdraftPlus – Cross-Site Request Forgery to Google Drive Storage Update – CVE-2023-5982
Plugin Name: UpdraftPlus Key Information: Software Type: Plugin Software Slug: updraftplus Software Status: Active Software Author: davidanderson Software Downloads: 107,410,188 Active Installs: 3,000,000 Last Updated: November 7, 2023 Patched Versions: 1.23.11 Affected Versions: <= 1.23.10 Vulnerability Details: Name: UpdraftPlus <= 1.23.10 – Cross-Site Request Forgery to Google Drive Storage Update Title: Cross-Site Request Forgery to Google Drive Storage Update Type: Cross-Site Request Forgery (CSRF) CVE: CVE-2023-5982 CVSS Score: 5.4…
WordPress Plugin Vulnerability Report – User Profile Builder – Cross-Site Request Forgery via pms-cross-promotion.php
Plugin Name: User Profile Builder Key Information: Software Type: Plugin Software Slug: profile-builder Software Status: Active Software Author: reflectionmedia Software Downloads: 3,998,068 Active Installs: 50,000 Last Updated: November 7, 2023 Patched Versions: 3.10.4 Affected Versions: <= 3.10.3 Vulnerability Details: Name: Profile Builder <= 3.10.4 – Cross-Site Request Forgery via pms-cross-promotion.php Title: Cross-Site Request Forgery via pms-cross-promotion.php Type: Cross-Site Request Forgery (CSRF) CVSS Score: 7.1 (High) Publicly Published: November 7,…
WordPress Plugin Vulnerability Report – Social Warfare – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2023-4842
Plugin Name: Social Warfare Key Information: Software Type: Plugin Software Slug: social-warfare Software Status: Active Software Author: warfareplugins Software Downloads: 1,609,161 Active Installs: 30,000 Last Updated: November 6, 2023 Patched Versions: 4.4.4 Affected Versions: <= 4.4.3 Vulnerability Details: Name: Social Sharing Plugin – Social Warfare <= 4.4.3 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Type: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Type: Improper Neutralization of…
WordPress Plugin Vulnerability Report – Code Snippets – Cross-Site Request Forgery via load
Plugin Name: Code Snippets Key Information: Software Type: Plugin Software Slug: code-snippets Software Status: Active Software Author: bungeshea Software Downloads: 8,867,266 Active Installs: 800,000 Last Updated: November 6, 2023 Patched Versions: 3.6.0 Affected Versions: < 3.6.0 Vulnerability Details: Name: Code Snippets <= 3.5.0 – Cross-Site Request Forgery via load Type: Cross-Site Request Forgery (CSRF) CVSS Score: 5.4 (Medium) Publicly Published: November 6, 2023 Description: The Code Snippets plugin for…
WordPress Plugin Vulnerability Report – Top 10 – Cross-Site Request Forgery via edit_count_ajax
Plugin Name: Top 10 Key Information: Software Type: Plugin Software Slug: top-10 Software Status: Active Software Author: ajay Software Downloads: 1,049,082 Active Installs: 20,000 Last Updated: November 3, 2023 Patched Versions: 3.3.3 Affected Versions: <= 3.3.2 Vulnerability Details: Name: Top 10 <= 3.3.2 – Cross-Site Request Forgery via edit_count_ajax Title: Cross-Site Request Forgery via edit_count_ajax…
WordPress Plugin Vulnerability Report – Kadence WooCommerce Email Designer – Cross-Site Request Forgery
Plugin Name: Kadence WooCommerce Email Designer Key Information: Software Type: Plugin Software Slug: kadence-woocommerce-email-designer Software Status: Active Software Author: britner Software Downloads: 1,533,682 Active Installs: 100,000 Last Updated: November 2, 2023 Patched Versions: 1.5.12 Affected Versions: <= 1.5.11 Vulnerability Details: Name: Kadence WooCommerce Email Designer <= 1.5.11 – Cross-Site Request Forgery Type: Cross-Site Request Forgery (CSRF) CVSS Score: 4.3 (Medium) Publicly Published: November 2, 2023 Description: The Kadence WooCommerce…
WordPress Plugin Vulnerability Report – Drag and Drop Multiple File Upload– Contact Form 7 – Unauthenticated Arbitrary File Upload – CVE-2023-5822
Plugin Name: Drag and Drop Multiple File Upload- Contact Form 7 Key Information: Software Type: Plugin Software Slug: drag-and-drop-multiple-file-upload-contact-form-7 Software Status: Active Software Author: glenwpcoder Software Downloads: 575,808 Active Installs: 50,000 Last Updated: November 1, 2023 Patched Versions: 1.3.7.4 Affected Versions: <= 1.3.7.3 Vulnerability Details: Name: Drag and Drop Multiple File Upload – Contact Form 7 <= 1.3.7.3 – Unauthenticated Arbitrary File Upload Title: Unauthenticated Arbitrary…
WordPress Plugin Vulnerability Report – GiveWP – Cross-Site Request Forgery – CVE-2023-4247, CVE-2023-4248
Plugin Name: GiveWP Key Information: Software Type: Plugin Software Slug: give Software Status: Active Software Author: webdevmattcrom Software Downloads: 6,043,447 Active Installs: 100,000 Last Updated: October 31, 2023 Patched Versions: 2.33.4 Affected Versions: <= 2.33.3 Vulnerability 1 Details: Name: GiveWP <= 2.33.3 – Cross-Site Request Forgery to plugin deactivation Title: Cross-Site Request Forgery to plugin deactivation Type: Cross-Site Request Forgery (CSRF) CVE: CVE-2023-4247 CVSS Score: 5.4 (Medium) Publicly Published: October…
WordPress Plugin Vulnerability Report – Solid Security – Unauthenticated Login Page Disclosure
Plugin Name: Solid Security Key Information: Software Type: Plugin Software Slug: better-wp-security Software Status: Active Software Author: ithemes Software Downloads: 28,594,364 Active Installs: 900,000 Last Updated: October 31, 2023 Patched Versions: 9.0.1 Affected Versions: <= 9.0.0 Vulnerability Details: Name: Solid Security Basic <= 9.0.0 – Unauthenticated Login Page Disclosure Title: Unauthenticated Login Page Disclosure Type:…
WordPress Plugin Vulnerability Report – WP Customer Reviews – Authenticated (Subscriber+) Sensitive Information Exposure – CVE-2023-4686
Plugin Name: WP Customer Reviews Key Information: Software Type: Plugin Software Slug: wp-customer-reviews Software Status: Active Software Author: bompus Software Downloads: 1,108,443 Active Installs: 30,000 Last Updated: October 31, 2023 Patched Versions: No Patched Version Affected Versions: <= 3.6.8 Vulnerability Details: Name: WP Customer Reviews <= 3.6.8 – Authenticated (Subscriber+) Sensitive Information Exposure Title: Authenticated (Subscriber+) Sensitive Information Exposure Type: Missing Authorization CVE: CVE-2023-4686 CVSS Score: 4.3 (Medium) Publicly…