Patch
WordPress Plugin Vulnerability Report – Code Snippets – Cross-Site Request Forgery via load
Plugin Name: Code Snippets Key Information: Software Type: Plugin Software Slug: code-snippets Software Status: Active Software Author: bungeshea Software Downloads: 8,867,266 Active Installs: 800,000 Last Updated: November 6, 2023 Patched Versions: 3.6.0 Affected Versions: < 3.6.0 Vulnerability Details: Name: Code Snippets <= 3.5.0 – Cross-Site Request Forgery via load Type: Cross-Site Request Forgery (CSRF) CVSS Score: 5.4 (Medium) Publicly Published: November 6, 2023 Description: The Code Snippets plugin for…
WordPress Plugin Vulnerability Report – Top 10 – Cross-Site Request Forgery via edit_count_ajax
Plugin Name: Top 10 Key Information: Software Type: Plugin Software Slug: top-10 Software Status: Active Software Author: ajay Software Downloads: 1,049,082 Active Installs: 20,000 Last Updated: November 3, 2023 Patched Versions: 3.3.3 Affected Versions: <= 3.3.2 Vulnerability Details: Name: Top 10 <= 3.3.2 – Cross-Site Request Forgery via edit_count_ajax Title: Cross-Site Request Forgery via edit_count_ajax…
WordPress Plugin Vulnerability Report – Kadence WooCommerce Email Designer – Cross-Site Request Forgery
Plugin Name: Kadence WooCommerce Email Designer Key Information: Software Type: Plugin Software Slug: kadence-woocommerce-email-designer Software Status: Active Software Author: britner Software Downloads: 1,533,682 Active Installs: 100,000 Last Updated: November 2, 2023 Patched Versions: 1.5.12 Affected Versions: <= 1.5.11 Vulnerability Details: Name: Kadence WooCommerce Email Designer <= 1.5.11 – Cross-Site Request Forgery Type: Cross-Site Request Forgery (CSRF) CVSS Score: 4.3 (Medium) Publicly Published: November 2, 2023 Description: The Kadence WooCommerce…
WordPress Plugin Vulnerability Report – Solid Security – Unauthenticated Login Page Disclosure
Plugin Name: Solid Security Key Information: Software Type: Plugin Software Slug: better-wp-security Software Status: Active Software Author: ithemes Software Downloads: 28,594,364 Active Installs: 900,000 Last Updated: October 31, 2023 Patched Versions: 9.0.1 Affected Versions: <= 9.0.0 Vulnerability Details: Name: Solid Security Basic <= 9.0.0 – Unauthenticated Login Page Disclosure Title: Unauthenticated Login Page Disclosure Type:…
WordPress Plugin Vulnerability Report – 10Web Booster – Unauthenticated Arbitrary Option Deletion
Plugin Name: 10Web Booster Key Information: Software Type: Plugin Software Slug: tenweb-speed-optimizer Software Status: Active Software Author: 10web Software Downloads: 864,591 Active Installs: 80,000 Last Updated: October 29, 2023 Patched Versions: 2.24.18 Affected Versions: <= 2.24.14 Vulnerability Details: Name: 10Web Booster <= 2.24.14 – Unauthenticated Arbitrary Option Deletion Type: Authorization Bypass Through User-Controlled Key CVSS Score: 6.5 (Medium) Publicly Published: Description: The 10Web Booster – Website speed optimization,…
WordPress Plugin Vulnerability Report – VK Blocks – Authenticated (Contributor+) Stored Cross-Site Scripting via Block – CVE-2023-5706
Plugin Name: VK Blocks Key Information: Software Type: Plugin Software Slug: vk-blocks Software Status: Active Software Author: vektor-inc Software Downloads: 2,017,789 Active Installs: 80,000 Last Updated: October 24, 2023 Patched Versions: 1.64.0.0 Affected Versions: <= 1.63.0.1 Vulnerability Details: Name: VK Blocks <= 1.63.0.1 – Authenticated (Contributor+) Stored Cross-Site Scripting via Block Title: Authenticated (Contributor+) Stored Cross-Site Scripting via Block Type: Improper Neutralization of Input…
WordPress Plugin Vulnerability Report – Simple Calendar – Cross-Site Request Forgery
Plugin Name: Simple Calendar – Google Calendar Plugin Key Information: Software Type: Plugin Software Slug: google-calendar-events Software Status: Active Software Author: simplecalendar Software Downloads: 2,568,146 Active Installs: 60,000 Last Updated: October 20, 2023 Patched Versions: 3.2.5 Affected Versions: <3.2.5 Vulnerability Details: Name: Simple Calendar <= 3.2.4 – Cross-Site Request Forgery via duplicate_feed Title: Cross-Site Request…
WordPress Plugin Vulnerability Report – WooCommerce Stripe Payment Gateway – Cross-Site Request Forgery
Plugin Name: WooCommerce Stripe Payment Gateway Key Information: Software Type: Plugin Software Slug: woocommerce-gateway-stripe Software Status: Active Software Author: automattic Software Downloads: 28,425,774 Active Installs: 800,000 Last Updated: October 17, 2023 Patched Versions: 7.6.1 Affected Versions: <=7.6.0 Vulnerability Details: Name: Stripe Gateway <= 7.6.0 – Cross-Site Request Forgery Type: Cross-Site Request Forgery (CSRF) CVSS Score:…
WordPress Plugin Vulnerability Report – WPLegalPages – Authenticated (Author+) Stored Cross-Site Scripting via Shortcode – CVE-2023-4968
Plugin Name: Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin: WPLegalPages Key Information: Software Type: Plugin Software Slug: wplegalpages Software Status: Active Software Author: wpeka-club Software Downloads: 585,699 Active Installs: 20,000 Last Updated: October 10, 2023 Patched Versions: 2.9.3 Affected Versions: <=2.9.2 Vulnerability Details: Name: WPLegalPages <= 2.9.2 – Authenticated (Author+) Stored Cross-Site Scripting…
WordPress Plugin Vulnerability Report – Hotjar – Authenticated (Administrator+) Stored Cross-Site Scripting – CVE-2023-1259
Plugin Name: Hotjar Key Information: Software Type: Plugin Software Slug: hotjar Software Status: Removed Software Author: hotjar Software Downloads: 868,850 Active Installs: 100,000 Last Updated: October 5, 2023 Patched Versions: Not yet patched Affected Versions: <=1.0.15 Vulnerability Details: Name: Hotjar <= 1.0.15 – Authenticated (Administrator+) Stored Cross-Site Scripting Type: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) CVE: CVE-2023-1259 CVSS Score: 4.4 (Medium)…