wpDataTables Vulnerability – Reflected Cross-Site Scripting – CVE-2024-0591 | WordPress Plugin Vulnerability Report

Plugin Name: wpDataTables Key Information: Software Type: Plugin Software Slug: wpdatatables Software Status: Active Software Author: wpdatatables Software Downloads: 1,303,680 Active Installs: 70,000 Last Updated: February 20, 2024 Patched Versions: 3.4.2.5 Affected Versions: <= 3.4.2.4 Vulnerability Details: Name: wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin <= 3.4.2.2 – Reflected Cross-Site Scripting. Title: Reflected Cross-Site Scripting Type: Improper Neutralization of Input During Web Page…

Read More

Password Protected Vulnerability – Authenticated (Admin+) Stored Cross-Site Scripting – CVE-2024-0656 | WordPress Plugin Vulnerability Report

Plugin Name: Password Protected Key Information: Software Type: Plugin Software Slug: password-protected Software Status: Active Software Author: wpexpertsio Software Downloads: 4,493,510 Active Installs: 400,000 Last Updated: February 19, 2024 Patched Versions: 2.6.7 Affected Versions: <= 2.6.6 Vulnerability Details: Name: Password Protected <= 2.6.6 – Authenticated (Admin+) Stored Cross-Site Scripting Title: Authenticated (Admin+) Stored Cross-Site Scripting Type: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic…

Read More

Photo Gallery by 10Web Vulnerability – Directory Traversal to Arbitrary File Rename – CVE-2024-0221 | WordPress Plugin Vulnerability Report

Plugin Name: Photo Gallery by 10Web Key Information: Software Type: Plugin Software Slug: photo-gallery Software Status: Active Software Author: 10web Software Downloads: 17,512,296 Active Installs: 200,000 Last Updated: January 19, 2024 Patched Versions: 1.8.20 Affected Versions: <= 1.8.19 Vulnerability Details: Name: Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.19 – Directory Traversal to Arbitrary File Rename Type: Improper Limitation of a Pathname to a…

Read More

AMP for WP Vulnerability – Authenticated (Contributor+) Cross-Site Scripting via Shortcode – CVE-2023-6782 | WordPress Plugin Vulnerability Report

Plugin Name: AMP for WP Key Information: Software Type: Plugin Software Slug: accelerated-mobile-pages Software Status: Active Software Author: mohammed_kaludi Software Downloads: 17,465,196 Active Installs: 100,000 Last Updated: December 18, 2023 Patched Versions: 1.0.92.1 Affected Versions: <= 1.0.92 Vulnerability Details: Name: AMP for WP – Accelerated Mobile Pages <= 1.0.92 – Authenticated (Contributor+) Cross-Site Scripting via Shortcode Title: Authenticated (Contributor+) Cross-Site Scripting via Shortcode Type: Improper Neutralization of…

Read More

SpeedyCache Vulnerability – Missing Authorization to Plugin Options Update – CVE-2023-6598 | WordPress Plugin Vulnerability Report

Plugin Name: SpeedyCache Key Information: Software Type: Plugin Software Slug: speedycache Software Status: Active Software Author: softaculous Software Downloads: 861,450 Active Installs: 100,000 Last Updated: December 16, 2023 Patched Versions: 1.1.4 Affected Versions: <= 1.1.3 Vulnerability Details: Name: SpeedyCache <= 1.1.3 – Missing Authorization to Plugin Options Update Type: Missing Authorization CVE: CVE-2023-6598 CVSS Score: 4.3 (Medium) Publicly Published: December 16, 2023 Researcher: Lucio Sá Description: The SpeedyCache plugin for WordPress…

Read More

WordPress Plugin Vulnerability Report – Elementor Website Builder – Authenticated(Contributor+) Arbitrary File Upload to Remote Code Execution via Template Import

Plugin Name: Elementor Website Builder Key Information: Software Type: Plugin Software Slug: elementor Software Status: Active Software Author: elemntor Software Downloads: 357,725,852 Active Installs: 5,000,000 Last Updated: December 6, 2023 Patched Versions: No patched version Affected Versions: <= 3.18.0 Vulnerability Details: Name: Elementor <= 3.18.0 Authenticated(Contributor+) Arbitrary File Upload to Remote Code Execution via Template Import Title: Authenticated(Contributor+) Arbitrary File Upload to Remote Code Execution via…

Read More