Plugin Updates
Form Maker by 10Web Vulnerability– Mobile-Friendly Drag & Drop Contact Form Builder – Cross-Site Request Forgery to Limited Code Execution via Execute – CVE-2024-0667 |WordPress Plugin Vulnerability Report
Plugin Name: Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder Key Information: Software Type: Plugin Software Slug: form-maker Software Status: Active Software Author: 10web Software Downloads: 4,670,950 Active Installs: 60,000 Last Updated: February 1, 2024 Patched Versions: 1.15.22 Affected Versions: <= 1.15.21 Vulnerability Details: Name: Form-Maker (twb_form-maker) <= 1.15.21 Title: Cross-Site…
Better Search Replace Vulnerability – Unauthenticated PHP Object Injection – CVE-2023-6933 | WordPress Plugin Vulnerability Report
Plugin Name: Better Search Replace Key Information: Software Type: Plugin Software Slug: better-search-replace Software Status: Active Software Author: wpengine Software Downloads: 12,169,696 Active Installs: 1,000,000 Last Updated: January 24, 2024 Patched Versions: 1.4.5 Affected Versions: <= 1.4.4 Vulnerability Details: Name: Better Search Replace <= 1.4.4 – Unauthenticated PHP Object Injection Type: Deserialization of Untrusted Data CVE: CVE-2023-6933 CVSS Score: 9.8 (Critical) Publicly Published: January 24, 2024 Researcher: Sam Pizzey Description: The…
Paid Memberships Pro Vulnerability – Cross-Site Request Forgery to Level Orders Update – CVE-2024-0624 | WordPress Plugin Vulnerability Report
Plugin Name: Paid Memberships Pro Key Information: Software Type: Plugin Software Slug: paid-memberships-pro Software Status: Active Software Author: strangerstudios Software Downloads: 5,532,954 Active Installs: 90,000 Last Updated: January 24, 2024 Patched Versions: 2.12.8 Affected Versions: <= 2.12.7 Vulnerability Details: Name: Paid Memberships Pro <= 2.12.7 – Cross-Site Request Forgery to Level Orders Update Type: Cross-Site Request Forgery (CSRF) CVE: CVE-2024-0624 CVSS Score: 5.3 (Medium) Publicly Published: January 24, 2024…
WebSub Vulnerability – Authenticated (Admin+) Stored Cross-Site Scripting – CVE-2024-0688 | WordPress Plugin Vulnerability Report
Plugin Name: WebSub Key Information: Software Type: Plugin Software Slug: pubsubhubbub Software Status: Active Software Author: joshfraz Software Downloads: 1,744,325 Active Installs: 100,000 Last Updated: January 24, 2024 Patched Versions: 3.2.0 Affected Versions: <= 3.1.4 Vulnerability Details: Name: WebSub (FKA. PubSubHubbub) <= 3.1.4 – Authenticated (Admin+) Stored Cross-Site Scripting Title: Authenticated (Admin+) Stored Cross-Site Scripting…
WordPress Button Plugin MaxButtons Vulnerability – Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode – CVE-2023-7029 | WordPress Plugin Vulnerability Report
Plugin Name: WordPress Button Plugin MaxButtons Key Information: Software Type: Plugin Software Slug: maxbuttons Software Status: Active Software Author: maxfoundry Software Downloads: 4,681,976 Active Installs: 100,000 Last Updated: January 23, 2024 Patched Versions: 9.7.7 Affected Versions: <= 9.7.6 Vulnerability Details: Name: WordPress Button Plugin MaxButtons <= 9.7.6 – Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode Title:…
AI Engine Vulnerability – Authenticated(Editor+) Arbitrary File Upload via add_image_from_url – CVE-2024-0699 | WordPress Plugin Vulnerability Report
Plugin Name: AI Engine Key Information: Software Type: Plugin Software Slug: ai-engine Software Status: Active Software Author: tigroumeow Software Downloads: 1,716,148 Active Installs: 50,000 Last Updated: January 18, 2024 Patched Versions: 2.1.5 Affected Versions: <= 2.1.4 Vulnerability Details: Name: AI Engine <= 2.1.4 – Authenticated(Editor+) Arbitrary File Upload via add_image_from_url Title: Authenticated(Editor+) Arbitrary File Upload via add_image_from_url Type: Unrestricted Upload of File with Dangerous Type CVE: CVE-2024-0699 CVSS…
WP Recipe Maker Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via header_tag – CVE-2024-0382 | WordPress Plugin Vulnerability Report
Plugin Name: WP Recipe Maker Key Information: Software Type: Plugin Software Slug: wp-recipe-maker Software Status: Active Software Author: brechtvds Software Downloads: 2,536,653 Active Installs: 50,000 Last Updated: January 22, 2024 Patched Versions: 9.1.1 Affected Versions: <= 9.1.0 Vulnerability Details: Name: WP Recipe Maker <= 9.1.0 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via header_tag Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N…
Advanced Custom Fields (ACF) – Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Field – CVE-2023-6701 | WordPress Plugin Vulnerability Report
Plugin Name: Advanced Custom Fields (ACF) Key Information: Software Type: Plugin Software Slug: advanced-custom-fields Software Status: Active Software Author: wpengine Software Downloads: 44,336,988 Active Installs: 2,000,000 Last Updated: January 25, 2024 Patched Versions: 6.2.5 Affected Versions: <= 6.2.4 Vulnerability Details: Name: Advanced Custom Fields <= 6.2.4 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Field…
Burst Statistics Vulnerability – Authenticated (Editor+) SQL Injection – CVE-2024-0405 | WordPress Plugin Vulnerability Report
Plugin Name: Burst Statistics – Privacy-Friendly Analytics for WordPress Key Information: Software Type: Plugin Software Slug: burst-statistics Software Status: Active Software Author: rogierlankhorst Software Downloads: 1,470,512 Active Installs: 100,000 Last Updated: January 25, 2024 Patched Versions: 1.5.4 Affected Versions: <= 1.5.3 Vulnerability Details: Name: Burst Statistics Really Simple Plugins <= 1.5.3 Title: Authenticated (Editor+) SQL…
Advanced Woo Search Vulnerability – Reflected Cross-Site Scripting – CVE-2024-0251 | WordPress Plugin Vulnerability Report
Plugin Name: Advanced Woo Search Key Information: Software Type: Plugin Software Slug: advanced-woo-search Software Status: Active Software Author: mihail-barinov Software Downloads: 3,318,679 Active Installs: 70,000 Last Updated: January 12, 2024 Patched Versions: 2.97 Affected Versions: <= 2.96 Vulnerability Details: Name: Advanced Woo Search <= 2.96 Title: Reflected Cross-Site Scripting Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE: CVE-2024-0251 CVSS Score:…