malware
Starter Templates Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-4630 | WordPress Plugin Vulnerability Report
Plugin Name: Starter Templates Key Information: Software Type: Plugin Software Slug: astra-sites Software Status: Active Software Author: brainstormforce Software Downloads: 57,202,843 Active Installs: 1,000,000 Last Updated: May 10, 2024 Patched Versions: 4.2.2 Affected Versions: <= 4.2.1 Vulnerability Details: Name: Starter Templates – Elementor, WordPress & Beaver Builder Templates <= 4.2.1 – Authenticated (Contributor+) Stored Cross-Site…
Read MoreColibri Page Builder Vulnerability – Cross-Site Request Fogery – CVE-2024-1362, CVE-2024-1361 | WordPress Plugin Vulnerability Report
Plugin Name: Colibri Page Builder Key Information: Software Type: Plugin Software Slug: colibri-page-builder Software Status: Active Software Author: extendthemes Software Downloads: 2,380,495 Active Installs: 100,000 Last Updated: February 22, 2024 Patched Versions: 1.0.260 Affected Versions: <= 1.0.253 Vulnerability Details: Name: Colibri Page Builder <= 1.0.253 – Cross-Site Request Fogery via cp_shortcode_refresh Title: Cross-Site Request Fogery via cp_shortcode_refresh Type: Cross-Site Request Forgery (CSRF) CVE: CVE-2024-1362 CVSS Score: 4.3 (Medium) Publicly…
Read MoreSimple Membership Vulnerability – Open Redirect – CVE-2024-22308 | WordPress Plugin Vulnerability Report
Plugin Name: Simple Membership Key Information: Software Type: Plugin Software Slug: simple-membership Software Status: Active Software Author: mra13 Software Downloads: 2,388,048 Active Installs: 50,000 Last Updated: January 19, 2024 Patched Versions: 4.4.2 Affected Versions: <= 4.4.1 Vulnerability Details: Name: Simple Membership <= 4.4.1 – Open Redirect Title: Open Redirect Type: URL Redirection to Untrusted Site (‘Open Redirect’) CVE: CVE-2024-22308 CVSS Score: 6.1 (Medium) Publicly Published: January 19, 2024 Researcher: Joshua Chan…
Read MoreAmelia Booking Vulnerability – Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode – CVE-2023-6808 | WordPress Plugin Vulnerability Report
Plugin Name: Amelia Booking Key Information: Software Type: Plugin Software Slug: ameliabooking Software Status: Active Software Author: ameliabooking Software Downloads: 535,131 Active Installs: 60,000 Last Updated: January 18, 2024 Patched Versions: 1.0.94 Affected Versions: <= 1.0.93 Vulnerability Details: Name: Booking for Appointments and Events Calendar – Amelia <= 1.0.93 – Authenticated(Contributor+) Stored Cross-Site Scripting via…
Read MoreScalability and Security: How Growth Can Present New Security Challenges
Every entrepreneur dreams of the day that their business becomes a viral sensation. After all, business growth comes with more opportunities, more sales, and more loyal customers. But rapid business growth online, as encouraging as it is, inevitably comes with its share of growing pains. As your web presence expands exponentially to meet rising customer…
Read MoreWordPress Plugin Vulnerability Report – Analytify – Cross-Site Request Forgery
Plugin Name: Analytify Key Information: Software Type: Plugin Software Slug: wp-analytify Software Status: Active Software Author: hiddenpearls Software Downloads: 1,817,063 Active Installs: 40,000 Last Updated: November 20, 2023 Patched Versions: 5.2.0 Affected Versions: <= 5.1.0 Vulnerability Details: Name: Analytify Dashboard <= 5.1.0 – Cross-Site Request Forgery Title: Cross-Site Request Forgery Type: Cross-Site Request Forgery (CSRF) CVSS Score: 4.3 (Medium) Publicly Published: November 20, 2023 Description: The Analytify – Google Analytics…
Read MoreWordPress Plugin Vulnerability Report – Kadence WooCommerce Email Designer – Cross-Site Request Forgery
Plugin Name: Kadence WooCommerce Email Designer Key Information: Software Type: Plugin Software Slug: kadence-woocommerce-email-designer Software Status: Active Software Author: britner Software Downloads: 1,533,682 Active Installs: 100,000 Last Updated: November 2, 2023 Patched Versions: 1.5.12 Affected Versions: <= 1.5.11 Vulnerability Details: Name: Kadence WooCommerce Email Designer <= 1.5.11 – Cross-Site Request Forgery Type: Cross-Site Request Forgery (CSRF) CVSS Score: 4.3 (Medium) Publicly Published: November 2, 2023 Description: The Kadence WooCommerce…
Read MoreHow Does Cross Site Scripting (XSS) Differ From Other Web Vulnerabilities?
Whether you run an e-commerce store, a SaaS platform, or simply use your site to acquire leads, you depend on your website to connect with customers and drive revenue. But without proper security, your website is vulnerable to attacks like Cross Site Scripting that can wreak havoc on your business. Cross Site Scripting, commonly know…
Read More