Data Breach

wpDataTables Vulnerability – Missing Authorization to DataTable Access & Modification – CVE-2024-3821 | WordPress Plugin Vulnerability Report

By Your WP Guy / May 31, 2024

Plugin Name: wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin Key Information: Software Type: Plugin Software Slug: wpdatatables Software Status: Active Software Author: wpdatatables Software Downloads: 1,479,590 Active Installs: 70,000 Last Updated: June 12, 2024 Patched Versions: 6.4 Affected Versions: <= 6.3.2 Vulnerability Details: Name: wpDataTables – Tables & Table Charts (Premium)…

Read More

Email Log Vulnerability – Unauthenticated Hook Injection – CVE-2024-0867 | WordPress Plugin Vulnerability Report

By Your WP Guy / May 23, 2024

Plugin Name: Email Log Key Information: Software Type: Plugin Software Slug: email-log Software Status: Active Software Author: sudar Software Downloads: 80,000 Active Installs: 736,687 Last Updated: May 23, 2024 Patched Versions: 2.4.9 Affected Versions: <= 2.4.8 Vulnerability Details: Name: Email Log <= 2.4.8 – Unauthenticated Hook Injection Type: Improper Control of Generation of Code (‘Code…

Read More

Post SMTP Vulnerability – Authenticated (Administrator+) SQL Injection – CVE-2024-5207 | WordPress Plugin Vulnerability Report

By Your WP Guy / May 22, 2024

Plugin Name: Post SMTP Key Information: Software Type: Plugin Software Slug: post-smtp Software Status: Active Software Author: wpexpertsio Software Downloads: 12,562,258 Active Installs: 400,000 Last Updated: May 22, 2024 Patched Versions: 2.9.4 Affected Versions: <=2.9.3 Vulnerability Details: Name: POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress <= 2.9.3…

Read More

Ultimate Member Vulnerability – Unauthenticated SQL Injection – CVE-2024-1071 | WordPress Plugin Vulnerability Report

By Your WP Guy / Feb 23, 2024

Plugin Name: Ultimate Member Key Information: Software Type: Plugin Software Slug: ultimate-member Software Status: Active Software Author: ultimatemember Software Downloads: 9,722,132 Active Installs: 200,000 Last Updated: February 23, 2024 Patched Versions: 2.8.3 Affected Versions: 2.1.3 – 2.8.2 Vulnerability Details: Name: Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin 2.1.3 – 2.8.2 – Unauthenticated SQL Injection Type: Improper Neutralization of Special…

Read More

Colibri Page Builder Vulnerability – Cross-Site Request Fogery – CVE-2024-1362, CVE-2024-1361 | WordPress Plugin Vulnerability Report

By Your WP Guy / Feb 22, 2024

Plugin Name: Colibri Page Builder Key Information: Software Type: Plugin Software Slug: colibri-page-builder Software Status: Active Software Author: extendthemes Software Downloads: 2,380,495 Active Installs: 100,000 Last Updated: February 22, 2024 Patched Versions: 1.0.260 Affected Versions: <= 1.0.253 Vulnerability Details: Name: Colibri Page Builder <= 1.0.253 – Cross-Site Request Fogery via cp_shortcode_refresh Title: Cross-Site Request Fogery via cp_shortcode_refresh Type: Cross-Site Request Forgery (CSRF) CVE: CVE-2024-1362 CVSS Score: 4.3 (Medium) Publicly…

Read More

Elementor Addon Elements Vulnerability – Directory Traversal to Local File Inclusion – CVE-2024-1358 | WordPress Plugin Vulnerability Report

By Your WP Guy / Feb 21, 2024

Plugin Name: Elementor Addon Elements Key Information: Software Type: Plugin Software Slug: addon-elements-for-elementor-page-builder Software Status: Active Software Author: webtechstreet Software Downloads: 2,406,134 Active Installs: 100,000 Last Updated: February 21, 2024 Patched Versions: 1.13 Affected Versions: <= 1.12.12 Vulnerability 1 Details: Name: Elementor Addon Elements <= 1.12.12 – Directory Traversal to Local File Inclusion Title: Directory Traversal to Local File Inclusion Type: Improper Limitation of a Pathname to…

Read More

Clone Vulnerability – Sensitive Information Exposure – CVE-2023-6750 | WordPress Plugin Vulnerability Report

By Your WP Guy / Dec 18, 2023

Plugin Name: Clone Key Information: Software Type: Plugin Software Slug: wp-clone-by-wp-academy Software Status: Active Software Author: migrate Software Downloads: 3,152,544 Active Installs: 90,000 Last Updated: December 18, 2023 Patched Versions: 2.4.3 Affected Versions: <= 2.4.2 Vulnerability Details: Name: WP Clone <= 2.4.2 – Sensitive Information Exposure Title: Sensitive Information Exposure Type: Information Exposure CVE: CVE-2023-6750 CVSS Score: 9.8 (Critical) Publicly Published: December 18, 2023 Researcher: Dmitrii Ignatyev Description: The Clone plugin for…

Read More

SpeedyCache Vulnerability – Missing Authorization to Plugin Options Update – CVE-2023-6598 | WordPress Plugin Vulnerability Report

By Your WP Guy / Dec 16, 2023

Plugin Name: SpeedyCache Key Information: Software Type: Plugin Software Slug: speedycache Software Status: Active Software Author: softaculous Software Downloads: 861,450 Active Installs: 100,000 Last Updated: December 16, 2023 Patched Versions: 1.1.4 Affected Versions: <= 1.1.3 Vulnerability Details: Name: SpeedyCache <= 1.1.3 – Missing Authorization to Plugin Options Update Type: Missing Authorization CVE: CVE-2023-6598 CVSS Score: 4.3 (Medium) Publicly Published: December 16, 2023 Researcher: Lucio Sá Description: The SpeedyCache plugin for WordPress…

Read More

WordPress Plugin Vulnerability Report – EmbedPress – Missing Authorization

By Your WP Guy / Dec 8, 2023

Plugin Name: EmbedPress Key Information: Software Type: Plugin Software Slug: embedpress Software Status: Active Software Author: wpdevteam Software Downloads: 2,004,277 Active Installs: 80,000 Last Updated: December 8, 2023 Patched Versions: NA Affected Versions: <= 3.9.4 Vulnerability Details: Name: EmbedPress <= 3.9.4 – Missing Authorization Title: Missing Authorization Type: Missing Authorization CVSS Score: 5.3 (Medium) Publicly Published: December 8, 2023 Description: The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia…

Read More

WordPress Plugin Vulnerability Report – Backup Migration – Unauthenticated Arbitrary File Download to Sensitive Information Exposure – CVE-2023-6266

By Your WP Guy / Nov 30, 2023

Plugin Name: Backup Migration Key Information: Software Type: Plugin Software Slug: backup-backup Software Status: Active Software Author: migrate Software Downloads: 1,025,584 Active Installs: 90,000 Last Updated: November 30, 2023 Patched Versions: 1.3.7 Affected Versions: <= 1.3.6 Vulnerability Details: Name: Backup Migration <= 1.3.6 – Unauthenticated Arbitrary File Download to Sensitive Information Exposure Title: Unauthenticated Arbitrary File Download to Sensitive Information Exposure Type: Information Exposure CVE: CVE-2023-6266 CVSS Score: 7.5…

Read More