Data Breach
Email Log Vulnerability – Unauthenticated Hook Injection – CVE-2024-0867 | WordPress Plugin Vulnerability Report
Plugin Name: Email Log Key Information: Software Type: Plugin Software Slug: email-log Software Status: Active Software Author: sudar Software Downloads: 80,000 Active Installs: 736,687 Last Updated: May 23, 2024 Patched Versions: 2.4.9 Affected Versions: <= 2.4.8 Vulnerability Details: Name: Email Log <= 2.4.8 – Unauthenticated Hook Injection Type: Improper Control of Generation of Code (‘Code…
Read MorePost SMTP Vulnerability – Authenticated (Administrator+) SQL Injection – CVE-2024-5207 | WordPress Plugin Vulnerability Report
Plugin Name: Post SMTP Key Information: Software Type: Plugin Software Slug: post-smtp Software Status: Active Software Author: wpexpertsio Software Downloads: 12,562,258 Active Installs: 400,000 Last Updated: May 22, 2024 Patched Versions: 2.9.4 Affected Versions: <=2.9.3 Vulnerability Details: Name: POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress <= 2.9.3…
Read MoreUltimate Member Vulnerability – Unauthenticated SQL Injection – CVE-2024-1071 | WordPress Plugin Vulnerability Report
Plugin Name: Ultimate Member Key Information: Software Type: Plugin Software Slug: ultimate-member Software Status: Active Software Author: ultimatemember Software Downloads: 9,722,132 Active Installs: 200,000 Last Updated: February 23, 2024 Patched Versions: 2.8.3 Affected Versions: 2.1.3 – 2.8.2 Vulnerability Details: Name: Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin 2.1.3 – 2.8.2 – Unauthenticated SQL Injection Type: Improper Neutralization of Special…
Read MoreColibri Page Builder Vulnerability – Cross-Site Request Fogery – CVE-2024-1362, CVE-2024-1361 | WordPress Plugin Vulnerability Report
Plugin Name: Colibri Page Builder Key Information: Software Type: Plugin Software Slug: colibri-page-builder Software Status: Active Software Author: extendthemes Software Downloads: 2,380,495 Active Installs: 100,000 Last Updated: February 22, 2024 Patched Versions: 1.0.260 Affected Versions: <= 1.0.253 Vulnerability Details: Name: Colibri Page Builder <= 1.0.253 – Cross-Site Request Fogery via cp_shortcode_refresh Title: Cross-Site Request Fogery via cp_shortcode_refresh Type: Cross-Site Request Forgery (CSRF) CVE: CVE-2024-1362 CVSS Score: 4.3 (Medium) Publicly…
Read MoreElementor Addon Elements Vulnerability – Directory Traversal to Local File Inclusion – CVE-2024-1358 | WordPress Plugin Vulnerability Report
Plugin Name: Elementor Addon Elements Key Information: Software Type: Plugin Software Slug: addon-elements-for-elementor-page-builder Software Status: Active Software Author: webtechstreet Software Downloads: 2,406,134 Active Installs: 100,000 Last Updated: February 21, 2024 Patched Versions: 1.13 Affected Versions: <= 1.12.12 Vulnerability 1 Details: Name: Elementor Addon Elements <= 1.12.12 – Directory Traversal to Local File Inclusion Title: Directory Traversal to Local File Inclusion Type: Improper Limitation of a Pathname to…
Read MoreClone Vulnerability – Sensitive Information Exposure – CVE-2023-6750 | WordPress Plugin Vulnerability Report
Plugin Name: Clone Key Information: Software Type: Plugin Software Slug: wp-clone-by-wp-academy Software Status: Active Software Author: migrate Software Downloads: 3,152,544 Active Installs: 90,000 Last Updated: December 18, 2023 Patched Versions: 2.4.3 Affected Versions: <= 2.4.2 Vulnerability Details: Name: WP Clone <= 2.4.2 – Sensitive Information Exposure Title: Sensitive Information Exposure Type: Information Exposure CVE: CVE-2023-6750 CVSS Score: 9.8 (Critical) Publicly Published: December 18, 2023 Researcher: Dmitrii Ignatyev Description: The Clone plugin for…
Read MoreWordPress Plugin Vulnerability Report – Backup Migration – Unauthenticated Arbitrary File Download to Sensitive Information Exposure – CVE-2023-6266
Plugin Name: Backup Migration Key Information: Software Type: Plugin Software Slug: backup-backup Software Status: Active Software Author: migrate Software Downloads: 1,025,584 Active Installs: 90,000 Last Updated: November 30, 2023 Patched Versions: 1.3.7 Affected Versions: <= 1.3.6 Vulnerability Details: Name: Backup Migration <= 1.3.6 – Unauthenticated Arbitrary File Download to Sensitive Information Exposure Title: Unauthenticated Arbitrary File Download to Sensitive Information Exposure Type: Information Exposure CVE: CVE-2023-6266 CVSS Score: 7.5…
Read More