Posts Tagged ‘Plugins’
WordPress Plugin Vulnerability Report – SpeedyCache – Missing Authorization via speedycache_create_test_cache
Plugin Name: SpeedyCache Key Information: Software Type: Plugin Software Slug: speedycache Software Status: Active Software Author: softaculous Software Downloads: 746,740 Active Installs: 100,000 Last Updated: December 1, 2023 Patched Versions: 1.1.3 Affected Versions: <= 1.1.2 Vulnerability Details: Name: SpeedyCache <= 1.1.2 – Missing Authorization via speedycache_create_test_cache Title: Missing Authorization via speedycache_create_test_cache Type: Missing Authorization CVSS Score: 4.3 (Medium) Publicly Published: December 1, 2023 Description: The SpeedyCache – Cache, Optimization, Performance…
Read MoreWordPress Plugin Vulnerability Report – BackWPup – Authenticated (Administrator+) Directory Traversal – CVE-2023-5504
Plugin Name: BackWPup Key Information: Software Type: Plugin Software Slug: backwpup Software Status: Active Software Author: wp_media Software Downloads: 13,284,859 Active Installs: 600,000 Last Updated: November 22, 2023 Patched Versions: 4.0.2 Affected Versions: <= 4.0.1 Vulnerability Details: Name: BackWPup <= 4.0.1 – Authenticated (Administrator+) Directory Traversal Title: Authenticated (Administrator+) Directory Traversal Type: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) CVE: CVE-2023-5504 CVSS Score: 8.7 (High)…
Read MoreWordPress Plugin Vulnerability Report – WP Fastest Cache – Unauthenticated SQL Injection – CVE-2023-6063
Plugin Name: WP Fastest Cache Key Information: Software Type: Plugin Software Slug: wp-fastest-cache Software Status: Active Software Author: emrevona Software Downloads: 45,149,633 Active Installs: 1,000,000 Last Updated: November 13, 2023 Patched Versions: 1.2.2 Affected Versions: <= 1.2.1 Vulnerability Details: Name: WP Fastest Cache <= 1.2.2 – Unauthenticated SQL Injection Title: Unauthenticated SQL Injection Type: Improper…
Read MoreWordPress Plugin Vulnerability Report – UpdraftPlus – Cross-Site Request Forgery to Google Drive Storage Update – CVE-2023-5982
Plugin Name: UpdraftPlus Key Information: Software Type: Plugin Software Slug: updraftplus Software Status: Active Software Author: davidanderson Software Downloads: 107,410,188 Active Installs: 3,000,000 Last Updated: November 7, 2023 Patched Versions: 1.23.11 Affected Versions: <= 1.23.10 Vulnerability Details: Name: UpdraftPlus <= 1.23.10 – Cross-Site Request Forgery to Google Drive Storage Update Title: Cross-Site Request Forgery to Google Drive Storage Update Type: Cross-Site Request Forgery (CSRF) CVE: CVE-2023-5982 CVSS Score: 5.4…
Read MoreWordPress Plugin Vulnerability Report – Top 10 – Cross-Site Request Forgery via edit_count_ajax
Plugin Name: Top 10 Key Information: Software Type: Plugin Software Slug: top-10 Software Status: Active Software Author: ajay Software Downloads: 1,049,082 Active Installs: 20,000 Last Updated: November 3, 2023 Patched Versions: 3.3.3 Affected Versions: <= 3.3.2 Vulnerability Details: Name: Top 10 <= 3.3.2 – Cross-Site Request Forgery via edit_count_ajax Title: Cross-Site Request Forgery via edit_count_ajax…
Read MoreWordPress Plugin Vulnerability Report – GiveWP – Cross-Site Request Forgery – CVE-2023-4247, CVE-2023-4248
Plugin Name: GiveWP Key Information: Software Type: Plugin Software Slug: give Software Status: Active Software Author: webdevmattcrom Software Downloads: 6,043,447 Active Installs: 100,000 Last Updated: October 31, 2023 Patched Versions: 2.33.4 Affected Versions: <= 2.33.3 Vulnerability 1 Details: Name: GiveWP <= 2.33.3 – Cross-Site Request Forgery to plugin deactivation Title: Cross-Site Request Forgery to plugin deactivation Type: Cross-Site Request Forgery (CSRF) CVE: CVE-2023-4247 CVSS Score: 5.4 (Medium) Publicly Published: October…
Read MoreWordPress Plugin Vulnerability Report – News & Blog Designer Pack – Unauthenticated Remote Code Execution via Local File Inclusion – CVE-2023-5815
Plugin Name: News & Blog Designer Pack Key Information: Software Type: Plugin Software Slug: blog-designer-pack Software Status: Active Software Author: infornweb Software Downloads: 408,098 Active Installs: 30,000 Last Updated: October 26, 2023 Patched Versions: 3.4.2 Affected Versions: <=3.4.1 Vulnerability Details: Name: News & Blog Designer Pack – WordPress Blog Plugin <= 3.4.1 – Unauthenticated Remote Code Execution via Local File Inclusion Title: Unauthenticated Remote Code Execution…
Read MoreWordPress Plugin Vulnerability Report – WordPress Popular Posts – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Plugin Name: WordPress Popular Posts Key Information: Software Type: Plugin Software Slug: wordpress-popular-posts Software Status: Active Software Author: hcabrera Software Downloads: 7,045,880 Active Installs: 200,000 Last Updated: October 6, 2023 Patched Versions: <=6.3.2 Affected Versions: 6.3.3 Vulnerability Details: Name: WordPress Popular Posts <= 6.3.2 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Type: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)…
Read MoreThe Hidden Dangers of Outdated Plugins and Themes: How Your WordPress Website Could Be at Risk
Did you know that over 1 million WordPress sites were hacked in 2021, with 90% involving outdated or vulnerable plugins? Keeping your WordPress website up-to-date may seem like a low priority amidst the whirlwind of running a business. But overlooking those pending updates can put your site at serious risk. Outdated plugins and themes open…
Read MoreWhat is the WordPress Core?
Never skip core day! Wait a second—hop out of that plank. We’re talking, of course, about WordPress Core. WordPress Core is the foundation of WordPress, providing the basic features and functions that makeup, well, the core of WordPress! It includes features such as user registration, post types, media handling, catalogs, custom fields, and more. Every…
Read More