WPFront Notification Bar Vulnerability – Authenticated (Admin+) Stored Cross-Site Scripting via wpfront-notification-bar-options[custom_class] – CVE-2024-0625 | WordPress Plugin Vulnerability Report

Plugin Name: WPFront Notification Bar Key Information: Software Type: Plugin Software Slug: wpfront-notification-bar Software Status: Active Software Author: syammohanm Software Downloads: 803,067 Active Installs: 50,000 Last Updated: January 24, 2024 Patched Versions: <= 3.3.2 Affected Versions: <= 3.3.2 Vulnerability Details: Name: WPFront Notification Bar <= 3.3.2 – Authenticated (Admin+) Stored Cross-Site Scripting via wpfront-notification-bar-options[custom_class] Title: Authenticated (Admin+) Stored Cross-Site Scripting via wpfront-notification-bar-options[custom_class] Type: Improper Neutralization of Input…

Read More

WordPress Plugin Vulnerability Report – MW WP Form – Unauthenticated Arbitrary File Upload – CVE-2023-6316

Plugin Name: MW WP Form Key Information: Software Type: Plugin Software Slug: mw-wp-form Software Status: Active Software Author: inc2734 Software Downloads: 1,305,500 Active Installs: 200,000 Last Updated: December 4, 2023 Patched Versions: 5.0.2 Affected Versions: <= 5.0.1 Vulnerability Details: Name: MW WP Form <= 5.0.1 – Unauthenticated Arbitrary File Upload Title: Unauthenticated Arbitrary File Upload Type: Unrestricted Upload of File with Dangerous Type CVE: CVE-2023-6316 CVSS Score: 9.8 (Critical)…

Read More

WordPress Plugin Vulnerability Report – Shortcodes Ultimate – Authenticated (Contributor+) Stored Cross-Site Scripting & Insecure Direct Object Reference to Information Disclosure – CVE-2023-6225 & CVE-2023-6226

Plugin Name: Shortcodes Ultimate Key Information: Software Type: Plugin Software Slug: shortcodes-ultimate Software Status: Active Software Author: gn_themes Software Downloads: 17,874,399 Active Installs: 600,000 Last Updated: November 27, 2023 Patched Versions: 7.0.0 Affected Versions: <= 5.13.3 Vulnerability 1 Details: Name: WP Shortcodes Plugin — Shortcodes Ultimate <= 5.13.3 – Authenticated (Contributor+) Stored Cross-Site Scripting Title: Authenticated (Contributor+) Stored Cross-Site Scripting Type: Improper Neutralization of Input During Web…

Read More

Common Signs Your WordPress Website May Be Compromised

You’ve invested time, money, and energy into building your business’s website on WordPress. It’s become a vital online presence and valuable asset for your company. But lurking in the shadows are potential security threats that can wreak havoc on your site. WordPress powers over 40% of all websites, making it an enticing target for hackers.…

Read More