AMP for WP Vulnerability – Reflected Cross-Site Scripting – CVE-2024-0587 | WordPress Plugin Vulnerability Report

Plugin Name: AMP for WP Key Information: Software Type: Plugin Software Slug: accelerated-mobile-pages Software Status: Active Software Author: mohammed_kaludi Software Downloads: 17,593,156 Active Installs: 100,000 Last Updated: January 22, 2024 Patched Versions: 1.0.93 Affected Versions: <= 1.0.92.1 Vulnerability Details: Name: Accelerated Mobile Pages <= 1.0.92.1 – Reflected Cross-Site Scripting Title: Reflected Cross-Site Scripting Type: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) CVE: CVE-2024-0587 CVSS Score: 6.1…

Read More

WPvivid Vulnerability – Missing Authorization – CVE-2023-4637 | WordPress Plugin Vulnerability Report

Plugin Name: WPvivid Key Information: Software Type: Plugin Software Slug: wpvivid-backuprestore Software Status: Active Software Author: wpvividplugins Software Downloads: 6,203,119 Active Installs: 400,000 Last Updated: January 19, 2024 Patched Versions: 0.9.95 Affected Versions: <= 0.9.94 Vulnerability Details: Name: WPvivid <= 0.9.94 – Missing Authorization Title: Missing Authorization Type: Missing Authorization CVE: CVE-2023-4637 CVSS Score: 4.3 (Medium) Publicly Published: January 19, 2024 Researcher: Revan Arifio Description: The WPvivid plugin for WordPress is vulnerable…

Read More

Contact Form Plugin – Authenticated(Administrator+) Stored Cross-Site Scripting via imported form title – CVE-2024-0618 | WordPress Plugin Vulnerability Report

Plugin Name: Contact Form Plugin – Fastest Contact Form Builder Plugin for WordPress by Fluent Forms Key Information: Software Type: Plugin Software Slug: fluentform Software Status: Active Software Author: techjewel Software Downloads: 5,679,069 Active Installs: 400,000 Last Updated: January 18, 2024 Patched Versions: 5.1.7 Affected Versions: <= 5.1.5 Vulnerability Details: Name: Fluent Forms <= 5.1.5…

Read More

Getwid – Gutenberg Blocks – Missing Authorization & Captcha Bypass – CVE-2023-6959 & CVE-2023-6963 | WordPress Plugin Vulnerability Report 

Plugin Name: Getwid – Gutenberg Blocks Key Information: Software Type: Plugin Software Slug: getwid Software Status: Active Software Author: jetmonsters Software Downloads: 1,066,235 Active Installs: 50,000 Last Updated: January 25, 2024 Patched Versions: 2.0.5 Affected Versions: <= 2.0.4 Vulnerability Details – Section 1: Name: Getwid – Gutenberg Blocks <= 2.0.4 Title: Missing Authorization to Recaptcha…

Read More

Enable Media Replace Vulnerability – Reflected Cross-Site Scripting – CVE-2023-6737 | WordPress Plugin Vulnerability Report

Plugin Name: Enable Media Replace Key Information: Software Type: Plugin Software Slug: enable-media-replace Software Status: Active Software Author: shortpixel Software Downloads: 10,049,054 Active Installs: 600,000 Last Updated: December 18, 2023 Patched Versions: 4.1.5 Affected Versions: <= 4.1.4 Vulnerability Details: Name: Enable Media Replace <= 4.1.4 – Reflected Cross-Site Scripting Title: Reflected Cross-Site Scripting Type: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) CVE: CVE-2023-6737 CVSS Score: 4.7…

Read More

Featured Image from URL Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via featured image alt text – CVE-2023-6561 | WordPress Plugin Vulnerability Report

Plugin Name: Featured Image from URL Key Information: Software Type: Plugin Software Slug: featured-image-from-url Software Status: Active Software Author: marceljm Software Downloads: 4,535,007 Active Installs: 90,000 Last Updated: December 14, 2023 Patched Versions: NA Affected Versions: <= 4.5.3 Vulnerability Details: Name: Featured Image from URL (FIFU) <= 4.5.3 – Authenticated (Contributor+) Stored Cross-Site Scripting via featured image alt text Title: Authenticated (Contributor+) Stored Cross-Site Scripting via…

Read More

WordPress Plugin Vulnerability Report – Burst Statistics and Burst Statistics Pro – Unauthenticated SQL Injection – CVE-2023-5761

Plugin Name: Burst Statistics and Burst Statistics Pro Key Information: Software Type: Plugin Software Slug: burst-statistics Software Status: Active Software Author: rogierlankhorst Software Downloads: 1,201,064 Active Installs: 100,000 Last Updated: December 6, 2023 Patched Versions (Burst Statistics): 1.4.0 – 1.4.6.1 Affected Versions (Burst Statistics): 1.5.0 Patched Versions (Burst Statistics Pro): 1.4.0 – 1.5.0 Affected Versions (Burst Statistics Pro): 1.5.1 Vulnerability Details: Name: Burst Statistics – Privacy-Friendly Analytics…

Read More

WordPress Plugin Vulnerability Report – Ocean Extra – Cross-Site Request Forgery to Arbitrary Plugin Activation

Plugin Name: Ocean Extra Key Information: Software Type: Plugin Software Slug: ocean-extra Software Status: Active Software Author: oceanwp Software Downloads: 19,047,434 Active Installs: 700,000 Last Updated: November 28, 2023 Patched Versions: 2.2.3 Affected Versions: <= 2.2.2 Vulnerability Details: Name: Ocean Extra <= 2.2.2 – Cross-Site Request Forgery to Arbitrary Plugin Activation Title: Cross-Site Request Forgery to Arbitrary Plugin Activation Type: Cross-Site Request Forgery (CSRF) CVSS Score: 4.3 (Medium)…

Read More

WordPress Plugin Vulnerability Report – Razorpay for WooCommerce – Missing Authorization and Cross-Site Request Forgery

Plugin Name: Razorpay for WooCommerce Key Information: Software Type: Plugin Software Slug: woo-razorpay Software Status: Active Software Author: NA Software Downloads: 1,366,539 Active Installs: 60,000 Last Updated: November 28, 2023 Patched Versions: 4.5.7 Affected Versions: <= 4.5.6 Vulnerability 1 Details: Name: Razorpay for WooCommerce <= 4.5.6 – Missing Authorization Title: Missing Authorization Type: Missing Authorization CVSS Score: 4.3 (Medium) Publicly Published: November 28, 2023 Description: The Razorpay for WooCommerce plugin…

Read More

WordPress Plugin Vulnerability Report – Mollie Payments for WooCommerce – Authenticated (Shop Manager+) Arbitrary File Upload – CVE-2023-6090

Plugin Name: Mollie Payments for WooCommerce Key Information: Software Type: Plugin Software Slug: mollie-payments-for-woocommerce Software Status: Active Software Author: mollieintegration Software Downloads: 2,934,315 Active Installs: 100,000 Last Updated: November 27, 2023 Patched Versions: 7.3.12 Affected Versions: <= 7.3.11 Vulnerability Details: Name: Mollie Payments for WooCommerce <= 7.3.11 – Authenticated (Shop Manager+) Arbitrary File Upload Title: Authenticated (Shop Manager+) Arbitrary File Upload Type: Unrestricted Upload of File with…

Read More