Posts Tagged ‘compromise’
Page Builder: Pagelayer Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Button – CVE-2024-1590 | WordPress Plugin Vulnerability Report
Plugin Name: Page Builder: Pagelayer Key Information: Software Type: Plugin Software Slug: pagelayer Software Status: Active Software Author: softaculous Software Downloads: 5,658,195 Active Installs: 200,000 Last Updated: February 22, 2024 Patched Versions: 1.8.3 Affected Versions: <= 1.8.2 Vulnerability Details: Name: Page Builder: Pagelayer – Drag and Drop website builder <= 1.8.2 – Authenticated (Contributor+) Stored Cross-Site Scripting via Button Title: Authenticated (Contributor+) Stored Cross-Site Scripting via…
Read MorePassword Protected Vulnerability – Authenticated (Admin+) Stored Cross-Site Scripting – CVE-2024-0656 | WordPress Plugin Vulnerability Report
Plugin Name: Password Protected Key Information: Software Type: Plugin Software Slug: password-protected Software Status: Active Software Author: wpexpertsio Software Downloads: 4,493,510 Active Installs: 400,000 Last Updated: February 19, 2024 Patched Versions: 2.6.7 Affected Versions: <= 2.6.6 Vulnerability Details: Name: Password Protected <= 2.6.6 – Authenticated (Admin+) Stored Cross-Site Scripting Title: Authenticated (Admin+) Stored Cross-Site Scripting Type: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic…
Read MoreGiveWP Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2023-51415 | WordPress Plugin Vulnerability Report
Plugin Name: GiveWP Key Information: Software Type: Plugin Software Slug: give Software Status: Active Software Author: webdevmattcrom Software Downloads: 6,478,131 Active Installs: 100,000 Last Updated: January 19, 2024 Patched Versions: 3.3.0 Affected Versions: <= 3.2.2 Vulnerability Details: Name: GiveWP <= 3.2.2 – Authenticated (Contributor+) Stored Cross-Site Scripting Title: Authenticated (Contributor+) Stored Cross-Site Scripting Type: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) CVE: CVE-2023-51415 CVSS Score: 6.4…
Read MoreWordPress Plugin Vulnerability Report – Import and export users and customers – Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode – CVE-2023-6624
Plugin Name: Import and export users and customers Key Information: Software Type: Plugin Software Slug: import-users-from-csv-with-meta Software Status: Active Software Author: carazo Software Downloads: 3,901,440 Active Installs: 80,000 Last Updated: December 11, 2023 Patched Versions: Affected Versions: Vulnerability Details: Name: Import and export users and customers <= 1.24.3 – Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode Title: Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode Type: Improper Neutralization…
Read MoreWordPress Plugin Vulnerability Report – Elementor Website Builder – Authenticated(Contributor+) Arbitrary File Upload to Remote Code Execution via Template Import
Plugin Name: Elementor Website Builder Key Information: Software Type: Plugin Software Slug: elementor Software Status: Active Software Author: elemntor Software Downloads: 357,725,852 Active Installs: 5,000,000 Last Updated: December 6, 2023 Patched Versions: No patched version Affected Versions: <= 3.18.0 Vulnerability Details: Name: Elementor <= 3.18.0 Authenticated(Contributor+) Arbitrary File Upload to Remote Code Execution via Template Import Title: Authenticated(Contributor+) Arbitrary File Upload to Remote Code Execution via…
Read MoreWordPress Plugin Vulnerability Report – AMP for WP – Accelerated Mobile Pages – Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode – CVE-2023-48321
Plugin Name: AMP for WP – Accelerated Mobile Pages Key Information: Software Type: Plugin Software Slug: accelerated-mobile-pages Software Status: Active Software Author: mohammed_kaludi Software Downloads: 17,408,260 Active Installs: 100,000 Last Updated: November 28, 2023 Patched Versions: 1.0.89 Affected Versions: <= 1.0.88.1 Vulnerability Details: Name: Accelerated Mobile Pages <= 1.0.88.1 – Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode Title: Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode Type: Improper…
Read MoreWordPress Plugin Vulnerability Report – GiveWP – Cross-Site Request Forgery – CVE-2023-4247, CVE-2023-4248
Plugin Name: GiveWP Key Information: Software Type: Plugin Software Slug: give Software Status: Active Software Author: webdevmattcrom Software Downloads: 6,043,447 Active Installs: 100,000 Last Updated: October 31, 2023 Patched Versions: 2.33.4 Affected Versions: <= 2.33.3 Vulnerability 1 Details: Name: GiveWP <= 2.33.3 – Cross-Site Request Forgery to plugin deactivation Title: Cross-Site Request Forgery to plugin deactivation Type: Cross-Site Request Forgery (CSRF) CVE: CVE-2023-4247 CVSS Score: 5.4 (Medium) Publicly Published: October…
Read MoreWordPress Plugin Vulnerability Report – Booster for WooCommerce – Authenticated (Subscriber+) Information Disclosure via Shortcode
Plugin Name: Booster for WooCommerce Key Information: Software Type: Plugin Software Slug: woocommerce-jetpack Software Status: Active Software Author: pluggabl Software Downloads: 3,383,182 Active Installs: 60,000 Last Updated: October 4, 2023 Patched Versions: <=7.1.1 Affected Versions: 7.1.2 Vulnerability Details: Name: Booster for WooCommerce <= 7.1.1 – Authenticated (Subscriber+) Information Disclosure via Shortcode Title: Authenticated (Subscriber+) Information Disclosure via Shortcode Type: Information Exposure CVSS Score: 4.3 (medium)…
Read More