plugin vulnerabilities

WordPress Plugin Vulnerability Report: Slimstat Analytics – Authenticated (Contributor+) Blind SQL Injection via Shortcode – CVE-2023-4598

By Your WP Guy / Sep 11, 2023

Key Information: Software Type: Plugin Software Slug: wp-slimstat Software Status: Active Software Author: mostafas1990 Software Downloads: 5,922,898 Active Installs: 100,000 Last Updated: September 11, 2023 Patched Versions: 5.0.10 Affected Versions: <=5.0.9 Vulnerability Details: Name: Slimstat Analytics <= 5.0.9 – Authenticated (Contributor+) Blind SQL Injection via Shortcode Type: Improper Neutralization of Special Elements used in an…

Read More

WordPress Plugin Vulnerability Report: EWWW Image Optimizer – Sensitive Information Exposure

By Your WP Guy / Sep 8, 2023

Plugin Name: EWWW Image Optimizer Key Information: Software Type: Plugin Software Slug: ewww-image-optimizer Software Status: Active Software Author: nosilver4u Software Downloads: 33,159,954 Active Installs: 1,000,000 Last Updated: September 7, 2023 Patched Versions: 7.2.1 Affected Versions: <7.2.1 Vulnerability Details: Name: EWWW Image Optimizer <= 7.2.0 – Sensitive Information Exposure Type: Information Exposure CVSS Score: 5.3 (medium)…

Read More

WordPress Plugin Vulnerability Report: EmbedPress – Cross-Site Request Forgery

By Your WP Guy / Sep 8, 2023

Plugin Name: EmbedPress Key Information: Software Type: Plugin Software Slug: embedpress Software Status: Active Software Author: wpdevteam Software Downloads: 1,709,151 Active Installs: 80,000 Last Updated: September 8, 2023 Patched Versions: 3.8.4 Affected Versions: <3.8.4 Vulnerability Details: Name: EmbedPress <= 3.8.3 – Cross-Site Request Forgery Type: Cross-Site Request Forgery (CSRF) CVSS Score: 4.3 (Medium) Publicly Published:…

Read More

WordPress Plugin Vulnerability Report: Duplicate Post Page Menu & Custom Post Type – Missing Authorization to Post Duplication – CVE-2023-4792

By Your WP Guy / Sep 8, 2023

Plugin Name: Duplicate Post Page Menu & Custom Post Type Key Information: Software Type: Plugin Software Slug: duplicate-post-page-menu-custom-post-type Software Status: Removed Software Author: inqsys Software Downloads: 300,152 Active Installs: 30,000 Last Updated: September 7, 2023 Patched Versions: 2.4.0 Affected Versions: <=2.3.1 Vulnerability Details: Name: Duplicate Post Page Menu & Custom Post Type <= 2.3.1 –…

Read More

WordPress Plugin Vulnerability Report: Starter Templates – Incorrect Authorization – CVE-2023-41805

By Your WP Guy / Sep 8, 2023

Plugin Name: Starter Templates Key Information: Software Type: Plugin Software Slug: astra-sites Software Status: Active Software Author: brainstormforce Software Downloads: 38,934,354 Active Installs: 1,000,000 Last Updated: September 8, 2023 Patched Versions: 3.2.6 Affected Versions: <=3.2.5 Vulnerability Details: Name: Starter Templates <= 3.2.5 – Incorrect Authorization Type: Missing Authorization CVE: CVE-2023-41805 CVSS Score: 4.3 (Medium) Publicly…

Read More

WordPress Plugin Vulnerability Report: User Feedback – Unauthenticated Stored Cross-Site Scripting – CVE-2023-39308

By Your WP Guy / Sep 8, 2023

Plugin Name: User Feedback Key Information: Software Type: Plugin Software Slug: userfeedback-lite Software Status: Active Software Author: smub Software Downloads: 348,588 Active Installs: 100,000 Last Updated: September 7, 2023 Patched Versions: 1.0.8 Affected Versions: <=1.0.7 Vulnerability Details: Name: User Feedback <= 1.0.7 – Unauthenticated Stored Cross-Site Scripting Type: Improper Neutralization of Input During Web Page…

Read More

What are Abandoned WordPress Plugins?

By Your WP Guy / Aug 22, 2023

Imagine you own a small online business. You built your website on WordPress and installed a few plugins to add useful features like contact forms, social sharing buttons, and SEO optimization. These plugins worked great initially. But over time some of them have stopped receiving updates. The developers seem to have abandoned these plugins altogether.…

Read More