WordPress Plugin Vulnerability Report – Import and export users and customers – Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode – CVE-2023-6624

Plugin Name: Import and export users and customers Key Information: Software Type: Plugin Software Slug: import-users-from-csv-with-meta Software Status: Active Software Author: carazo Software Downloads: 3,901,440 Active Installs: 80,000 Last Updated: December 11, 2023 Patched Versions: Affected Versions: Vulnerability Details: Name: Import and export users and customers <= 1.24.3 – Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode Title: Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode Type: Improper Neutralization…

Read More

WordPress Plugin Vulnerability Report – GiveWP – Cross-Site Request Forgery – CVE-2023-4247, CVE-2023-4248

Plugin Name: GiveWP Key Information: Software Type: Plugin Software Slug: give Software Status: Active Software Author: webdevmattcrom Software Downloads: 6,043,447 Active Installs: 100,000 Last Updated: October 31, 2023 Patched Versions: 2.33.4 Affected Versions: <= 2.33.3 Vulnerability 1 Details: Name: GiveWP <= 2.33.3 – Cross-Site Request Forgery to plugin deactivation Title: Cross-Site Request Forgery to plugin deactivation Type: Cross-Site Request Forgery (CSRF) CVE: CVE-2023-4247 CVSS Score: 5.4 (Medium) Publicly Published: October…

Read More

WordPress Plugin Vulnerability Report – LiteSpeed Cache – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2023-4372

Plugin Name: LiteSpeed Cache Key Information: Software Type: Plugin Software Slug: litespeed-Cache Software Status: Active Software Author: litespeedtech Software Downloads: 52m564,430 Active Installs: 4,000,000 Last Updated: October 23, 2023 Patched Versions: 5.7 Affected Versions: <=5.6 Vulnerability Details: Name: LiteSpeed Cache <= 5.6 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Type: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) CVE: CVE-2023-4372 CVSS Score: 6.4 (Medium) Publicly…

Read More