WordPress Plugin Vulnerability Report – iframe – Authenticated (Contributor+) Stored Cross-Site Scripting via ‘iframe’ Shortcode – CVE-2023-4919

Plugin Name: iframe Key Information: Software Type: Plugin Software Slug: iframe Software Status: Active Software Author: webvitaly Software Downloads: 1,423,357 Active Installs: 100,000 Last Updated: September 25, 2023 Patched Versions: 4.6 Affected Versions: <=4.6 Vulnerability Details: Name: iframe <= 4.6 – Authenticated (Contributor+) Stored Cross-Site Scripting via ‘iframe’ Shortcode Title: Authenticated (Contributor+) Stored Cross-Site Scripting…

Read More

WordPress Plugin Vulnerability Report – Media Library Assistant – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2023-4716

Plugin Name: Media Library Assistant Key Information: Software Type: Plugin Software Slug: media-library-assistant Software Status: Active Software Author: David Lingren Software Downloads: 1,759,449 Active Installs: 70,000 Last Updated: September 21, 2023 Patched Versions: <=3.10 Affected Versions: 3.11 Vulnerability Details: Name: Media Library Assistant <= 3.10 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Type: Improper…

Read More

WordPress Plugin Vulnerability Report – Leaflet Map – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2023-5050

Plugin Name: Leaflet Map Key Information: Software Type: Plugin Software Slug: leaflet-map Software Status: Active Software Author: bozdoz Software Downloads: 339,670 Active Installs: 30,000 Last Updated: September 20, 2023 Patched Versions: <=3.3.0 Affected Versions: 3.3.1 Vulnerability Details: Name: Leaflet Map <= 3.3.0 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Type: Improper Neutralization of Input…

Read More

WordPress Plugin Vulnerabilities Report – Booster for WooCommerce – Authenticated Stored Cross-Site Scripting & Information Disclosure – CVE-2023-4945, CVE-2023-4796

Plugin Name: Booster for WooCommerce Key Information: Software Type: Plugin Software Slug: woocommerce-jetpack Software Status: Active Software Author: pluggabl Software Downloads: 3,353,295 Active Installs: 60,000 Last Updated: September 13, 2023 Patched Versions: 7.1.1 Affected Versions: <=7.1.0 Vulnerability Details: 1. Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Type: Improper Neutralization of Input During Web Page Generation…

Read More

WordPress Plugin Vulnerability Report: Slimstat Analytics – Authenticated (Contributor+) Blind SQL Injection via Shortcode – CVE-2023-4598

Key Information: Software Type: Plugin Software Slug: wp-slimstat Software Status: Active Software Author: mostafas1990 Software Downloads: 5,922,898 Active Installs: 100,000 Last Updated: September 11, 2023 Patched Versions: 5.0.10 Affected Versions: <=5.0.9 Vulnerability Details: Name: Slimstat Analytics <= 5.0.9 – Authenticated (Contributor+) Blind SQL Injection via Shortcode Type: Improper Neutralization of Special Elements used in an…

Read More