patches

Ultimate Member Vulnerability – Unauthenticated SQL Injection – CVE-2024-1071 | WordPress Plugin Vulnerability Report

By Your WP Guy / Feb 23, 2024

Plugin Name: Ultimate Member Key Information: Software Type: Plugin Software Slug: ultimate-member Software Status: Active Software Author: ultimatemember Software Downloads: 9,722,132 Active Installs: 200,000 Last Updated: February 23, 2024 Patched Versions: 2.8.3 Affected Versions: 2.1.3 – 2.8.2 Vulnerability Details: Name: Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin 2.1.3 – 2.8.2 – Unauthenticated SQL Injection Type: Improper Neutralization of Special…

Read More

Photo Gallery by 10Web Vulnerability – Directory Traversal to Arbitrary File Rename – CVE-2024-0221 | WordPress Plugin Vulnerability Report

By Your WP Guy / Jan 19, 2024

Plugin Name: Photo Gallery by 10Web Key Information: Software Type: Plugin Software Slug: photo-gallery Software Status: Active Software Author: 10web Software Downloads: 17,512,296 Active Installs: 200,000 Last Updated: January 19, 2024 Patched Versions: 1.8.20 Affected Versions: <= 1.8.19 Vulnerability Details: Name: Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.19 – Directory Traversal to Arbitrary File Rename Type: Improper Limitation of a Pathname to a…

Read More

Depicter Slider Vulnerability – Cross-Site Request Forgery via save – CVE-2023-6493 | WordPress Plugin Vulnerability Report

By Your WP Guy / Jan 4, 2024

Plugin Name: Depicter Slider Key Information: Software Type: Plugin Software Slug: depicter Software Status: Active Software Author: averta Software Downloads: 727,890 Active Installs: 80,000 Last Updated: January 4, 2024 Patched Versions: 2.0.7 Affected Versions: <= 2.0.6 Vulnerability Details: Name: Depicter Slider – Responsive Image Slider, Video Slider & Post Slider <= 2.0.6 – Cross-Site Request Forgery via save Title: Cross-Site Request Forgery via save Type: Cross-Site Request…

Read More

WordPress Plugin Vulnerability Report – Email Address Encoder – Authenticated (Contributor+) Stored Cross-Site Scripting

By Your WP Guy / Nov 28, 2023

Plugin Name: Email Address Encoder Key Information: Software Type: Plugin Software Slug: email-address-encoder Software Status: Active Software Author: tillkruess Software Downloads: 1,241,298 Active Installs: 100,000 Last Updated: November 28, 2023 Patched Versions: 1.0.23 Affected Versions: <=1.0.22 Vulnerability Details: Name: Email Address Encoder 1.0.22 – Authenticated (Contributor+) Stored Cross-Site Scripting Title: Authenticated (Contributor+) Stored Cross-Site Scripting Type: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) CVSS…

Read More

WordPress Plugin Vulnerability Report – Abandoned Cart Lite for WooCommerce – Improper Authorization Vulnerabilities

By Your WP Guy / Nov 21, 2023

Plugin Name: Abandoned Cart Lite for WooCommerce Key Information: Software Type: Plugin Software Slug: woocommerce-abandoned-cart Software Status: Active Software Author: tychesoftwares Software Downloads: 995,970 Active Installs: 30,000 Last Updated: November 21, 2023 Patched Versions: 5.16.1 Affected Versions: < 5.16.1 Vulnerability Details: Name: Abandoned Cart Lite for WooCommerce <= 5.16.0 – Improper Authorization via wcal_delete_expired_used_coupon_code Title:…

Read More

WordPress Plugin Vulnerability Report – Analytify – Cross-Site Request Forgery

By Your WP Guy / Nov 20, 2023

Plugin Name: Analytify Key Information: Software Type: Plugin Software Slug: wp-analytify Software Status: Active Software Author: hiddenpearls Software Downloads: 1,817,063 Active Installs: 40,000 Last Updated: November 20, 2023 Patched Versions: 5.2.0 Affected Versions: <= 5.1.0 Vulnerability Details: Name: Analytify Dashboard <= 5.1.0 – Cross-Site Request Forgery Title: Cross-Site Request Forgery Type: Cross-Site Request Forgery (CSRF) CVSS Score: 4.3 (Medium) Publicly Published: November 20, 2023 Description: The Analytify – Google Analytics…

Read More

What Are the Essential Elements of a Comprehensive Website Security Policy?

By Your WP Guy / Jun 27, 2023

In the quiet, invisible expanse of cyberspace, a silent storm brews – cyber threats. These threats can wreak havoc on your digital presence, causing crippling financial damage and tarnishing hard-earned reputations. A startling statistic from 2022 reported that 43% of cyber attacks were aimed at small businesses, shattering the misconception that cyber criminals only target…

Read More