Vulnerabilities

WP Plugin Vulnerabilities Image - WordPress Plugin Vulnerability Report - Social Media Share Buttons & Social Sharing Icons - Cross-Site Request Forgery - CVE-2023-5602 - Information Exposure - CVE-2023-5070 - Vulnerabilities

WordPress Plugin Vulnerability Report – Social Media Share Buttons & Social Sharing Icons – Cross-Site Request Forgery – CVE-2023-5602 – Information Exposure – CVE-2023-5070

By Your WP Guy / Oct 16, 2023

Plugin Name: Social Media Share Buttons & Social Sharing Icons Key Information: Software Type: Plugin Software Slug: ultimate-social-media-icons Software Status: Active Software Author: socialdude Software Downloads: 10,654,500 Active Installs: 100,000 Last Updated: October 16, 2023 Patched Versions: 2.8.6 Affected Versions: <=2.8.5 Vulnerability 1 Details: Name: Social Media Share Buttons & Social Sharing Icons <= 2.8.5 – Cross-Site Request Forgery Type: Cross-Site…

Read More
WP Plugin Vulnerabilities Image - WordPress Plugin Vulnerability Report - Embed Calendly - Authenticated Stored Cross-Site Scripting - CVE-2023-4995 - Vulnerabilities

WordPress Plugin Vulnerability Report – Embed Calendly – Authenticated Stored Cross-Site Scripting – CVE-2023-4995

By Your WP Guy / Oct 13, 2023

Plugin Name: Embed Calendly Key Information: Software Type: Plugin Software Slug: embed-calendly-scheduling Software Status: Active Software Author: turn2honey Software Downloads: 165,873 Active Installs: 20,000 Last Updated: October 13th, 2023 Patched Versions: 3.7 Affected Versions: <= 3.6 Vulnerability Details: Name: Embed Calendly <= 3.6 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N CVE: CVE-2023-4995…

Read More
WP Plugin Vulnerabilities Image - WordPress Plugin Vulnerability Report - Icegram Express – Email Marketing, Newsletters and Automation for WordPress & WooCommerce - Authenticated Directory Traversal - CVE-2023-5414 - Vulnerabilities

WordPress Plugin Vulnerability Report – Icegram Express – Email Marketing, Newsletters and Automation for WordPress & WooCommerce – Authenticated Directory Traversal – CVE-2023-5414

By Your WP Guy / Oct 11, 2023

Plugin Name: Icegram Express – Email Marketing, Newsletters and Automation for WordPress & WooCommerce Key Information: Software Type: Plugin Software Slug: email-subscribers Software Status: Active Software Author: icegram Software Downloads: 9,788,187 Active Installs: 100,000 Last Updated: October 11, 2023 Patched Versions: 5.6.24 Affected Versions: <= 5.6.23 Vulnerability Details: Name: Icegram Express <= 5.6.23 – Authenticated (Administrator+) Directory Traversal to Arbitrary File Read Type: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H CVE: CVE-2023-5414 CVSS…

Read More
WP Plugin Vulnerabilities Image - WordPress Plugin Vulnerability Report - WPLegalPages - Authenticated (Author+) Stored Cross-Site Scripting via Shortcode - CVE-2023-4968 - Vulnerabilities

WordPress Plugin Vulnerability Report – WPLegalPages – Authenticated (Author+) Stored Cross-Site Scripting via Shortcode – CVE-2023-4968

By Your WP Guy / Oct 10, 2023

Plugin Name: Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin: WPLegalPages Key Information: Software Type: Plugin Software Slug: wplegalpages Software Status: Active Software Author: wpeka-club Software Downloads: 585,699 Active Installs: 20,000 Last Updated: October 10, 2023 Patched Versions: 2.9.3 Affected Versions: <=2.9.2 Vulnerability Details: Name: WPLegalPages <= 2.9.2 – Authenticated (Author+) Stored Cross-Site Scripting…

Read More
WP Plugin Vulnerabilities Image - WordPress Plugin Vulnerability Report - WordPress Popular Posts - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode - Vulnerabilities

WordPress Plugin Vulnerability Report – WordPress Popular Posts – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

By Your WP Guy / Oct 6, 2023

Plugin Name: WordPress Popular Posts Key Information: Software Type: Plugin Software Slug: wordpress-popular-posts Software Status: Active Software Author: hcabrera Software Downloads: 7,045,880 Active Installs: 200,000 Last Updated: October 6, 2023 Patched Versions: <=6.3.2 Affected Versions: 6.3.3 Vulnerability Details: Name: WordPress Popular Posts <= 6.3.2 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Type: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)…

Read More
WP Plugin Vulnerabilities Image - WordPress Plugin Vulnerability Report - Hotjar - Authenticated (Administrator+) Stored Cross-Site Scripting - CVE-2023-1259 - Vulnerabilities

WordPress Plugin Vulnerability Report – Hotjar – Authenticated (Administrator+) Stored Cross-Site Scripting – CVE-2023-1259

By Your WP Guy / Oct 5, 2023

Plugin Name: Hotjar Key Information: Software Type: Plugin Software Slug: hotjar Software Status: Removed Software Author: hotjar Software Downloads: 868,850 Active Installs: 100,000 Last Updated: October 5, 2023 Patched Versions: Not yet patched Affected Versions: <=1.0.15 Vulnerability Details: Name: Hotjar <= 1.0.15 – Authenticated (Administrator+) Stored Cross-Site Scripting Type: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) CVE: CVE-2023-1259 CVSS Score: 4.4 (Medium)…

Read More
WP Plugin Vulnerabilities Image - WordPress Plugin Vulnerability Report - POST SMTP Mailer - Authenticated (Administrator+) SQL Injection - Vulnerabilities

WordPress Plugin Vulnerability Report – POST SMTP Mailer – Authenticated (Administrator+) SQL Injection

By Your WP Guy / Oct 3, 2023

Plugin Name: POST SMTP Mailer Key Information: Software Type: PluginSoftware Slug: post-smtpSoftware Status: ActiveSoftware Author: wpexpertsioSoftware Downloads: 9,128,571Active Installs: 300,000Last Updated: October 3, 2023Patched Versions: 2.6.1Affected Versions: <=2.6.0 Vulnerability Details: Name: Post SMTP <= 2.6.0 – Authenticated (Administrator+) SQL InjectionType: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)CVE: NACVSS Score: 7.2…

Read More
WP Plugin Vulnerabilities Image - WordPress Plugin Vulnerability Report - Modern Events Calendar Lite - Authenticated (Admin+) Stored Cross-Site Scripting - CVE-2023-4021 - Vulnerabilities

WordPress Plugin Vulnerability Report – Modern Events Calendar Lite – Authenticated (Admin+) Stored Cross-Site Scripting – CVE-2023-4021

By Your WP Guy / Sep 29, 2023

Plugin Name: Modern Events Calendar Lite Key Information: Software Type: PluginSoftware Slug: modern-events-calendar-liteSoftware Status: RemovedSoftware Author: webnus/Software Downloads: 3,047,787Active Installs: 100,000Last Updated: September 28, 2023Patched Versions: 7.1.0Affected Versions: <7.1.0 Vulnerability Details: Name: Modern Events Calendar lite < 7.1.0 – Authenticated (Admin+) Stored Cross-Site ScriptingType: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)CVE: CVE-2023-4021CVSS…

Read More
WP Plugin Vulnerabilities Image - WordPress Plugin Vulnerability Report - iframe - Authenticated (Contributor+) Stored Cross-Site Scripting via 'iframe' Shortcode - CVE-2023-4919 - Vulnerabilities

WordPress Plugin Vulnerability Report – iframe – Authenticated (Contributor+) Stored Cross-Site Scripting via ‘iframe’ Shortcode – CVE-2023-4919

By Your WP Guy / Sep 25, 2023

Plugin Name: iframe Key Information: Software Type: Plugin Software Slug: iframe Software Status: Active Software Author: webvitaly Software Downloads: 1,423,357 Active Installs: 100,000 Last Updated: September 25, 2023 Patched Versions: 4.6 Affected Versions: <=4.6 Vulnerability Details: Name: iframe <= 4.6 – Authenticated (Contributor+) Stored Cross-Site Scripting via ‘iframe’ Shortcode Title: Authenticated (Contributor+) Stored Cross-Site Scripting…

Read More