remediation

Ultimate Member Vulnerability – Unauthenticated SQL Injection – CVE-2024-1071 | WordPress Plugin Vulnerability Report

By Your WP Guy / Feb 23, 2024

Plugin Name: Ultimate Member Key Information: Software Type: Plugin Software Slug: ultimate-member Software Status: Active Software Author: ultimatemember Software Downloads: 9,722,132 Active Installs: 200,000 Last Updated: February 23, 2024 Patched Versions: 2.8.3 Affected Versions: 2.1.3 – 2.8.2 Vulnerability Details: Name: Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin 2.1.3 – 2.8.2 – Unauthenticated SQL Injection Type: Improper Neutralization of Special…

Read More

Gallery Plugin for WordPress – Envira Photo Gallery – Missing Authorization to Gallery Modification via envira_gallery_insert_images – CVE-2023-6742 | WordPress Plugin Vulnerability Report 

By Your WP Guy / Jan 8, 2024

Plugin Name: Gallery Plugin for WordPress – Envira Photo Gallery Key Information: Software Type: Plugin Software Slug: envira-gallery-lite Software Status: Active Software Author: smub Software Downloads: 5,197,570 Active Installs: 100,000 Last Updated: January 8, 2024 Patched Versions: 1.8.7.3 Affected Versions: <= 1.8.7.2 Vulnerability Details: Name: Envira Gallery Lite <= 1.8.7.2 Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVE: CVE-2023-6742 CVSS…

Read More

WordPress Plugin Vulnerability Report – Abandoned Cart Lite for WooCommerce – Improper Authorization Vulnerabilities

By Your WP Guy / Nov 21, 2023

Plugin Name: Abandoned Cart Lite for WooCommerce Key Information: Software Type: Plugin Software Slug: woocommerce-abandoned-cart Software Status: Active Software Author: tychesoftwares Software Downloads: 995,970 Active Installs: 30,000 Last Updated: November 21, 2023 Patched Versions: 5.16.1 Affected Versions: < 5.16.1 Vulnerability Details: Name: Abandoned Cart Lite for WooCommerce <= 5.16.0 – Improper Authorization via wcal_delete_expired_used_coupon_code Title:…

Read More