WordPress Plugin Vulnerability Report – Burst Statistics and Burst Statistics Pro – Unauthenticated SQL Injection – CVE-2023-5761

Plugin Name: Burst Statistics and Burst Statistics Pro Key Information: Software Type: Plugin Software Slug: burst-statistics Software Status: Active Software Author: rogierlankhorst Software Downloads: 1,201,064 Active Installs: 100,000 Last Updated: December 6, 2023 Patched Versions (Burst Statistics): 1.4.0 – 1.4.6.1 Affected Versions (Burst Statistics): 1.5.0 Patched Versions (Burst Statistics Pro): 1.4.0 – 1.5.0 Affected Versions (Burst Statistics Pro): 1.5.1 Vulnerability Details: Name: Burst Statistics – Privacy-Friendly Analytics…

Read More

WordPress Plugin Vulnerability Report – Essential Addons for Elementor – Authenticated (Contributor+) Privilege Escalation

Plugin Name: Essential Addons for Elementor Key Information: Software Type: Plugin Software Slug: essential-addons-for-elementor-lite Software Status: Active Software Author: wpdevteam Software Downloads: 55,164,924 Active Installs: 1,000,000 Last Updated: September 14, 2023 Patched Versions: 5.8.9 Affected Versions: <=5.8.8 Vulnerability Details: Name: Essential Addons for Elementor <= 5.8.8 – Authenticated (Contributor+) Privilege Escalation Type: Missing Authorization CVSS…

Read More

WordPress Plugin Vulnerability Report – Migration, Backup, Staging – WPvivid – Missing Authorization & Stored Cross-Site Scripting

Plugin Name: Migration, Backup, Staging – WPvivid Key Information: Software Type: Plugin Software Slug: wpvivid-backuprestore Software Status: Active Software Author: wpvividplugins Software Downloads: 5,141,419 Active Installs: 300,000 Last Updated: September 12, 2023 Patched Versions: 0.9.91 Affected Versions: <=0.9.90 First Vulnerability: Vulnerability Details: Name: WPvivid Backup Plugin <= 0.9.90 – Missing Authorization via ‘start_staging’ and ‘get_staging_progress’…

Read More

WordPress Plugin Vulnerability Report: Slimstat Analytics – Authenticated (Contributor+) Blind SQL Injection via Shortcode – CVE-2023-4598

Key Information: Software Type: Plugin Software Slug: wp-slimstat Software Status: Active Software Author: mostafas1990 Software Downloads: 5,922,898 Active Installs: 100,000 Last Updated: September 11, 2023 Patched Versions: 5.0.10 Affected Versions: <=5.0.9 Vulnerability Details: Name: Slimstat Analytics <= 5.0.9 – Authenticated (Contributor+) Blind SQL Injection via Shortcode Type: Improper Neutralization of Special Elements used in an…

Read More