Rafie Muhammad

The Events Calendar Vulnerability – Cross-Site Request Forgery via action_restore_events – CVE-2024-37518 | WordPress Plugin Vulnerability Report 

By Your WP Guy / Jul 5, 2024

Plugin Name: The Events Calendar Key Information: Software Type: Plugin Software Slug: the-events-calendar Software Status: Active Software Author: theeventscalendar Software Downloads: 60,464,127 Active Installs: 700,000 Last Updated: July 27, 2024 Patched Versions: 6.5.1.5 Affected Versions: <= 6.5.1.4 Vulnerability Details: Name: The Events Calendar <= 6.5.1.4 Title: Cross-Site Request Forgery via action_restore_events Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE: CVE-2024-37518…

Read More

WordPress Plugin Vulnerability Report: Starter Templates – Incorrect Authorization – CVE-2023-41805

By Your WP Guy / Sep 8, 2023

Plugin Name: Starter Templates Key Information: Software Type: Plugin Software Slug: astra-sites Software Status: Active Software Author: brainstormforce Software Downloads: 38,934,354 Active Installs: 1,000,000 Last Updated: September 8, 2023 Patched Versions: 3.2.6 Affected Versions: <=3.2.5 Vulnerability Details: Name: Starter Templates <= 3.2.5 – Incorrect Authorization Type: Missing Authorization CVE: CVE-2023-41805 CVSS Score: 4.3 (Medium) Publicly…

Read More