WordPress Plugin Vulnerability Report – EmbedPress – Draft Vulnerability

Plugin Name: EmbedPress Key Information: Software Type: Plugin Software Slug: embedpress Software Status: Active Software Author: wpdevteam Software Downloads: 1,889,041 Active Installs: 80,000 Last Updated: November 17, 2023 Patched Versions: 3.9.2 Affected Versions: <= 3.9.1 Vulnerability Details: Name: Draft Vulnerability for EmbedPress 3.9.2 Title: Draft Vulnerability Type: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) CVSS Score: 6.1 (Medium) Publicly Published: November 17, 2023 Description: The EmbedPress –…

Read More

WordPress Plugin Vulnerability Report – GiveWP – Cross-Site Request Forgery – CVE-2023-4247, CVE-2023-4248

Plugin Name: GiveWP Key Information: Software Type: Plugin Software Slug: give Software Status: Active Software Author: webdevmattcrom Software Downloads: 6,043,447 Active Installs: 100,000 Last Updated: October 31, 2023 Patched Versions: 2.33.4 Affected Versions: <= 2.33.3 Vulnerability 1 Details: Name: GiveWP <= 2.33.3 – Cross-Site Request Forgery to plugin deactivation Title: Cross-Site Request Forgery to plugin deactivation Type: Cross-Site Request Forgery (CSRF) CVE: CVE-2023-4247 CVSS Score: 5.4 (Medium) Publicly Published: October…

Read More