Customer Reviews for WooCommerce Vulnerability – Authenticated (Author+) Arbitrary File Upload – CVE-2023-6979 |WordPress Plugin Vulnerability Report

Plugin Name: Customer Reviews for WooCommerce Key Information: Software Type: Plugin Software Slug: customer-reviews-woocommerce Software Status: Active Software Author: ivole Software Downloads: 3,786,034 Active Installs: 60,000 Last Updated: January 9, 2024 Patched Versions: 5.38.10 Affected Versions: <= 5.38.9 Vulnerability Details: Name: Customer Reviews for WooCommerce <= 5.38.9 Title: Authenticated (Author+) Arbitrary File Upload Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H…

Read More

WordPress Plugin Vulnerability Report – Export and Import Users and Customers – Authenticated (Shop Manager+) Arbitrary File Upload – CVE-2023-6558

Plugin Name: Export and Import Users and Customers Key Information: Software Type: Plugin Software Slug: users-customers-import-export-for-wp-woocommerce Software Status: Active Software Author: webtoffee Software Downloads: 2,025,020 Active Installs: 70,000 Last Updated: December 12, 2023 Patched Versions: 2.4.9 Affected Versions: <= 2.4.8 Vulnerability Details: Name: Export and Import Users and Customers <= 2.4.8 – Authenticated (Shop Manager+) Arbitrary File Upload Title: Authenticated (Shop Manager+) Arbitrary File Upload Type: Unrestricted…

Read More

WordPress Plugin Vulnerability Report – MW WP Form – Unauthenticated Arbitrary File Upload – CVE-2023-6316

Plugin Name: MW WP Form Key Information: Software Type: Plugin Software Slug: mw-wp-form Software Status: Active Software Author: inc2734 Software Downloads: 1,305,500 Active Installs: 200,000 Last Updated: December 4, 2023 Patched Versions: 5.0.2 Affected Versions: <= 5.0.1 Vulnerability Details: Name: MW WP Form <= 5.0.1 – Unauthenticated Arbitrary File Upload Title: Unauthenticated Arbitrary File Upload Type: Unrestricted Upload of File with Dangerous Type CVE: CVE-2023-6316 CVSS Score: 9.8 (Critical)…

Read More

WordPress Plugin Vulnerability Report – Contact Form 7 – Authenticated (Editor+) Arbitrary File Upload – CVE-2023-6449

Plugin Name: Contact Form 7 Key Information: Software Type: Plugin Software Slug: contact-form-7 Software Status: Active Software Author: takayukister Software Downloads: 299,048,263 Active Installs: 5,000,000 Last Updated: November 30, 2023 Patched Versions: 5.8.4 Affected Versions: <= 5.8.3 Vulnerability Details: Name: Contact Form 7 <= 5.8.3 – Authenticated (Editor+) Arbitrary File Upload Title: Authenticated (Editor+) Arbitrary File Upload Type: Unrestricted Upload of File with Dangerous Type CVE: CVE-2023-6449 CVSS…

Read More

WordPress Plugin Vulnerability Report – Mollie Payments for WooCommerce – Authenticated (Shop Manager+) Arbitrary File Upload – CVE-2023-6090

Plugin Name: Mollie Payments for WooCommerce Key Information: Software Type: Plugin Software Slug: mollie-payments-for-woocommerce Software Status: Active Software Author: mollieintegration Software Downloads: 2,934,315 Active Installs: 100,000 Last Updated: November 27, 2023 Patched Versions: 7.3.12 Affected Versions: <= 7.3.11 Vulnerability Details: Name: Mollie Payments for WooCommerce <= 7.3.11 – Authenticated (Shop Manager+) Arbitrary File Upload Title: Authenticated (Shop Manager+) Arbitrary File Upload Type: Unrestricted Upload of File with…

Read More

WordPress Plugin Vulnerability Report – Paid Memberships Pro – Authenticated (Subscriber+) Arbitrary File Upload – CVE-2023-6187

Plugin Name: Paid Memberships Pro Key Information: Software Type: Plugin Software Slug: paid-memberships-pro Software Status: Active Software Author: strangerstudios Software Downloads: 5,334,391 Active Installs: 90,000 Last Updated: November 16, 2023 Patched Versions: 2.12.4 Affected Versions: <= 2.12.3 Vulnerability Details: Name: Paid Memberships Pro <= 2.12.3 – Authenticated (Subscriber+) Arbitrary File Upload Title: Authenticated (Subscriber+) Arbitrary File Upload Type: Unrestricted Upload of File with Dangerous Type CVE: CVE-2023-6187 CVSS…

Read More

WordPress Plugin Vulnerability Report – Drag and Drop Multiple File Upload– Contact Form 7 – Unauthenticated Arbitrary File Upload – CVE-2023-5822

Plugin Name: Drag and Drop Multiple File Upload– Contact Form 7 Key Information: Software Type: Plugin Software Slug: drag-and-drop-multiple-file-upload-contact-form-7 Software Status: Active Software Author: glenwpcoder Software Downloads: 575,808 Active Installs: 50,000 Last Updated: November 1, 2023 Patched Versions: 1.3.7.4 Affected Versions: <= 1.3.7.3 Vulnerability Details: Name: Drag and Drop Multiple File Upload – Contact Form 7 <= 1.3.7.3 – Unauthenticated Arbitrary File Upload Title: Unauthenticated Arbitrary…

Read More