Cybersecurity
Scalability and Security: How Growth Can Present New Security Challenges
Every entrepreneur dreams of the day that their business becomes a viral sensation. After all, business growth comes with more opportunities, more sales, and more loyal customers. But rapid business growth online, as encouraging as it is, inevitably comes with its share of growing pains. As your web presence expands exponentially to meet rising customer…
Read More
How Your WP Guy Guards Against Sneaky WordPress Malware
This Scary Loophole Leaves Most WordPress Sites Wide Open to Hackers Think your WordPress site is safe just because it has an active security plugin? Think again. In this bombshell interview, Your WP Guy founder Jonathan Wofford explains how a dangerous software blind spot allows hackers to breach websites right under most hosts’ noses. Jonathan…
Read More
WordPress Plugin Vulnerability Report – Backup Migration – Unauthenticated Arbitrary File Download to Sensitive Information Exposure – CVE-2023-6266
Plugin Name: Backup Migration Key Information: Software Type: Plugin Software Slug: backup-backup Software Status: Active Software Author: migrate Software Downloads: 1,025,584 Active Installs: 90,000 Last Updated: November 30, 2023 Patched Versions: 1.3.7 Affected Versions: <= 1.3.6 Vulnerability Details: Name: Backup Migration <= 1.3.6 – Unauthenticated Arbitrary File Download to Sensitive Information Exposure Title: Unauthenticated Arbitrary File Download to Sensitive Information Exposure Type: Information Exposure CVE: CVE-2023-6266 CVSS Score: 7.5…
Read More
WordPress Plugin Vulnerability Report – SiteOrigin Widgets Bundle – Authenticated (Admin+) Local File Inclusion – CVE-2023-6295
Plugin Name: SiteOrigin Widgets Bundle Key Information: Software Type: Plugin Software Slug: so-widgets-bundle Software Status: Active Software Author: gpriday Software Downloads: 36,509,376 Active Installs: 600,000 Last Updated: November 27, 2023 Patched Versions: 1.51.0 Affected Versions: <= 1.50.1 Vulnerability Details: Name: SiteOrigin Widgets Bundle < 1.51.0 – Authenticated (Admin+) Local File Inclusion Title: Authenticated (Admin+) Local File Inclusion Type: Improper Control of Filename for Include/Require Statement in PHP…
Read More
WordPress Plugin Vulnerability Report – Forminator – Authenticated (Administrator+) Arbitrary File Upload – CVE-2023-6133
Plugin Name: Forminator Key Information: Software Type: Plugin Software Slug: forminator Software Status: Active Software Author: wpmudev Software Downloads: 5,677,838 Active Installs: 400,000 Last Updated: November 14, 2023 Patched Versions: 1.28.0 Affected Versions: <= 1.27.0 Vulnerability Details: Name: Forminator <= 1.27.0 – Authenticated (Administrator+) Arbitrary File Upload Type: Unrestricted Upload of File with Dangerous Type…
Read More
WordPress Plugin Vulnerability Report – Quiz And Survey Master – Multiple Cross-Site Request Forgery
Plugin Name: Quiz And Survey Master Key Information: Software Type: Plugin Software Slug: quiz-master-next Software Status: Active Software Author: expresstech Software Downloads: 2,153,834 Active Installs: 40,000 Last Updated: November 8, 2023 Patched Versions: 8.1.19 Affected Versions: <= 8.1.18 Vulnerability Details: Name: Quiz And Survey Master <= 8.1.18 – Multiple Cross-Site Request Forgery Title: Multiple Cross-Site Request Forgery Type: Cross-Site Request Forgery (CSRF) CVSS Score: 5.4 (Medium) Publicly Published: November…
Read More
WordPress Plugin Vulnerability Report – LearnPress – Reflected Cross-Site Scripting via add_internal_scripts_to_head
Plugin Name: LearnPress Key Information: Software Type: Plugin Software Slug: learnpress Software Status: Active Software Author: thimpress Software Downloads: 3,770,912 Active Installs: 90,000 Last Updated: November 7, 2023 Patched Versions: 4.2.5.4 Affected Versions: < 4.2.5.4 Vulnerability Details: Name: LearnPress <= 4.2.5.3 – Reflected Cross-Site Scripting via add_internal_scripts_to_head Title: Reflected Cross-Site Scripting via add_internal_scripts_to_head Type: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) CVSS Score: 6.1 (Medium)…
Read More
WordPress Plugin Vulnerability Report – GiveWP – Cross-Site Request Forgery – CVE-2023-4247, CVE-2023-4248
Plugin Name: GiveWP Key Information: Software Type: Plugin Software Slug: give Software Status: Active Software Author: webdevmattcrom Software Downloads: 6,043,447 Active Installs: 100,000 Last Updated: October 31, 2023 Patched Versions: 2.33.4 Affected Versions: <= 2.33.3 Vulnerability 1 Details: Name: GiveWP <= 2.33.3 – Cross-Site Request Forgery to plugin deactivation Title: Cross-Site Request Forgery to plugin deactivation Type: Cross-Site Request Forgery (CSRF) CVE: CVE-2023-4247 CVSS Score: 5.4 (Medium) Publicly Published: October…
Read More
How Does Cross Site Scripting (XSS) Differ From Other Web Vulnerabilities?
Whether you run an e-commerce store, a SaaS platform, or simply use your site to acquire leads, you depend on your website to connect with customers and drive revenue. But without proper security, your website is vulnerable to attacks like Cross Site Scripting that can wreak havoc on your business. Cross Site Scripting, commonly know…
Read More
WordPress Plugin Vulnerability Report – Embed Calendly – Authenticated Stored Cross-Site Scripting – CVE-2023-4995
Plugin Name: Embed Calendly Key Information: Software Type: Plugin Software Slug: embed-calendly-scheduling Software Status: Active Software Author: turn2honey Software Downloads: 165,873 Active Installs: 20,000 Last Updated: October 13th, 2023 Patched Versions: 3.7 Affected Versions: <= 3.6 Vulnerability Details: Name: Embed Calendly <= 3.6 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N CVE: CVE-2023-4995…
Read More