Plugin Updates

WordPress Plugin Vulnerability Report – WP Customer Reviews – Authenticated (Subscriber+) Sensitive Information Exposure – CVE-2023-4686

By Your WP Guy / Oct 31, 2023

Plugin Name: WP Customer Reviews Key Information: Software Type: Plugin Software Slug: wp-customer-reviews Software Status: Active Software Author: bompus Software Downloads: 1,108,443 Active Installs: 30,000 Last Updated: October 31, 2023 Patched Versions: No Patched Version Affected Versions: <= 3.6.8 Vulnerability Details: Name: WP Customer Reviews <= 3.6.8 – Authenticated (Subscriber+) Sensitive Information Exposure Title: Authenticated (Subscriber+) Sensitive Information Exposure Type: Missing Authorization CVE: CVE-2023-4686 CVSS Score: 4.3 (Medium) Publicly…

Read More

WordPress Plugin Vulnerability Report – Social Media Share Buttons & Social Sharing Icons – Cross-Site Request Forgery – CVE-2023-5602 – Information Exposure – CVE-2023-5070

By Your WP Guy / Oct 16, 2023

Plugin Name: Social Media Share Buttons & Social Sharing Icons Key Information: Software Type: Plugin Software Slug: ultimate-social-media-icons Software Status: Active Software Author: socialdude Software Downloads: 10,654,500 Active Installs: 100,000 Last Updated: October 16, 2023 Patched Versions: 2.8.6 Affected Versions: <=2.8.5 Vulnerability 1 Details: Name: Social Media Share Buttons & Social Sharing Icons <= 2.8.5 – Cross-Site Request Forgery Type: Cross-Site…

Read More

WordPress Plugin Vulnerability Report – WPLegalPages – Authenticated (Author+) Stored Cross-Site Scripting via Shortcode – CVE-2023-4968

By Your WP Guy / Oct 10, 2023

Plugin Name: Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin: WPLegalPages Key Information: Software Type: Plugin Software Slug: wplegalpages Software Status: Active Software Author: wpeka-club Software Downloads: 585,699 Active Installs: 20,000 Last Updated: October 10, 2023 Patched Versions: 2.9.3 Affected Versions: <=2.9.2 Vulnerability Details: Name: WPLegalPages <= 2.9.2 – Authenticated (Author+) Stored Cross-Site Scripting…

Read More

White Screen of Death Explained: What It Is and Why It Happens

By Your WP Guy / Oct 3, 2023

Few experiences strike fear into the hearts of website owners quite like seeing the dreaded white screen of death. You log in to check on your site, excited to see your latest blog post. But instead of your beautifully crafted content, you’re met with a blank white screen. No errors, no warnings, just… nothing. This…

Read More

WordPress Plugin Vulnerability Report – Media Library Assistant – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2023-4716

By Your WP Guy / Sep 21, 2023

Plugin Name: Media Library Assistant Key Information: Software Type: Plugin Software Slug: media-library-assistant Software Status: Active Software Author: David Lingren Software Downloads: 1,759,449 Active Installs: 70,000 Last Updated: September 21, 2023 Patched Versions: <=3.10 Affected Versions: 3.11 Vulnerability Details: Name: Media Library Assistant <= 3.10 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Type: Improper…

Read More

WordPress Plugin Vulnerability Report – Table of Contents Plus – Authenticated (Administrator+) Stored Cross-Site Scripting

By Your WP Guy / Sep 19, 2023

Plugin Name: Table of Contents Plus Key Information: Software Type: Plugin Software Slug: table-of-contents-plus Software Status: Active Software Author: conjur3r Software Downloads: 2,261,612 Active Installs: 300,000 Last Updated: September 19, 2023 Patched Versions: 2309 Affected Versions: <2309 Vulnerability Details: Name: Table of Contents Plus <= 2302 – Authenticated (Administrator+) Stored Cross-Site Scripting Type: Improper Neutralization…

Read More

WordPress Plugin Vulnerability Report – Essential Addons for Elementor – Authenticated (Contributor+) Privilege Escalation

By Your WP Guy / Sep 14, 2023

Plugin Name: Essential Addons for Elementor Key Information: Software Type: Plugin Software Slug: essential-addons-for-elementor-lite Software Status: Active Software Author: wpdevteam Software Downloads: 55,164,924 Active Installs: 1,000,000 Last Updated: September 14, 2023 Patched Versions: 5.8.9 Affected Versions: <=5.8.8 Vulnerability Details: Name: Essential Addons for Elementor <= 5.8.8 – Authenticated (Contributor+) Privilege Escalation Type: Missing Authorization CVSS…

Read More

What are Abandoned WordPress Plugins?

By Your WP Guy / Aug 22, 2023

Imagine you own a small online business. You built your website on WordPress and installed a few plugins to add useful features like contact forms, social sharing buttons, and SEO optimization. These plugins worked great initially. But over time some of them have stopped receiving updates. The developers seem to have abandoned these plugins altogether.…

Read More
what-is-a-wordpress-maintenance-plan-your-wp-guy tiles on a red, yellow and orange background spelling out plan a b or c

What is a WordPress Maintenance Plan?

By Your WordPress Guy / Apr 5, 2022

Did you know there are over 1.9 billion websites online? HOLY URLS BATMAN! If you want to compete with them, you should consider a maintenance plans for your WordPress site. The right maintenance plans can help keep your site secure and up to date. Then, your site can run quickly and smoothly to help support…

Read More

What is WordPress Maintenance? A 5 Step Overview

By Your WordPress Guy / Feb 3, 2022

Once you have installed and built your WordPress website, it is essential that you keep your updates fresh. Your WordPress site will require the same level of love, attention, and maintenance that goes into a car. Think about what happens to your car when you miss oil changes, ignore funny sounds, and don’t change your…

Read More