remote code execution
Starter Templates Vulnerability – Authenticated (Author+) Arbitrary File Upload via WXR Upload Bypass – CVE-2025-13065 | WordPress Plugin Vulnerability Report
Plugin Name: Starter Templates – AI-Powered Templates for Elementor & Gutenberg Key Information: Software Type: PluginSoftware Slug: astra-sitesSoftware Status: ActiveSoftware Author: brainstormforceSoftware Downloads: 86,521,101Active Installs: 2,000,000Last Updated: December 6, 2025Patched Versions: 4.4.42Affected Versions: ≤ 4.4.41 Vulnerability Details: Name: Starter Templates ≤ 4.4.41 – Authenticated (Author+) Arbitrary File Upload via WXR Upload BypassTitle: Authenticated (Author+) Arbitrary…
Redux Framework Vulnerability – Unauthenticated JSON File Upload to Stored Cross-Site Scripting – CVE-2024-6828 | WordPress Plugin Vulnerability Report
Plugin Name: Redux Framework Key Information: Software Type: Plugin Software Slug: redux-framework Software Status: Active Software Author: davidanderson Software Downloads: 26,600,180 Active Installs: 1,000,000 Last Updated: July 29, 2024 Patched Versions: 4.4.18 Affected Versions: 4.4.12 – 4.4.17 Vulnerability Details: Name: Redux Framework 4.4.12 – 4.4.17 Type: Unauthenticated JSON File Upload to Stored Cross-Site Scripting CVE:…
AI Engine Vulnerability – Authenticated (Editor+) Arbitrary File Upload – CVE-2024-34440 | WordPress Plugin Vulnerability Report
Plugin Name: AI Engine Key Information: Software Type: Plugin Software Slug: ai-engine Software Status: Active Software Author: tigroumeow Software Downloads: 2,383,435 Active Installs: 70,000 Last Updated: May 7, 2024 Patched Versions: 2.2.70 Affected Versions: <= 2.2.63 Vulnerability Details: Name: AI Engine: ChatGPT Chatbot <= 2.2.63 – Authenticated (Editor+) Arbitrary File Upload Type: Unrestricted Upload of…
HUSKY Vulnerability – Products Filter Professional for WooCommerce – Authenticated (Subscriber+) Remote Code Execution – CVE-2024-32680 | WordPress Plugin Vulnerability Report
Plugin Name: HUSKY – Products Filter Professional for WooCommerce Key Information: Software Type: Plugin Software Slug: woocommerce-products-filter Software Status: Active Software Author: realmag777 Software Downloads: 1,705,152 Active Installs: 100,000 Last Updated: April 29, 2024 Patched Versions: 1.3.5.3 Affected Versions: <= 1.3.5.2 Vulnerability Details: Name: HUSKY – Products Filter for WooCommerce (formerly WOOF) <= 1.3.5.2 Title:…
Advanced Database Cleaner Vulnerability – Authenticated(Administrator+) PHP Object Injection via process_bulk_action – CVE-2024-0668 | WordPress Plugin Vulnerability Report
Plugin Name: Advanced Database Cleaner Key Information: Software Type: Plugin Software Slug: advanced-database-cleaner Software Status: Active Software Author: symptote Software Downloads: 1,283,477 Active Installs: 100,000 Last Updated: January 24, 2024 Patched Versions: 3.1.4 Affected Versions: <= 3.1.3 Vulnerability Details: Name: Advanced Database Cleaner <= 3.1.3 – Authenticated(Administrator+) PHP Object Injection via process_bulk_action Title: Authenticated(Administrator+) PHP Object Injection via process_bulk_action Type: Deserialization of Untrusted Data CVE: CVE-2024-0668 CVSS Score: 6.6…
Better Search Replace Vulnerability – Unauthenticated PHP Object Injection – CVE-2023-6933 | WordPress Plugin Vulnerability Report
Plugin Name: Better Search Replace Key Information: Software Type: Plugin Software Slug: better-search-replace Software Status: Active Software Author: wpengine Software Downloads: 12,169,696 Active Installs: 1,000,000 Last Updated: January 24, 2024 Patched Versions: 1.4.5 Affected Versions: <= 1.4.4 Vulnerability Details: Name: Better Search Replace <= 1.4.4 – Unauthenticated PHP Object Injection Type: Deserialization of Untrusted Data CVE: CVE-2023-6933 CVSS Score: 9.8 (Critical) Publicly Published: January 24, 2024 Researcher: Sam Pizzey Description: The…
AI Engine Vulnerability – Authenticated(Editor+) Arbitrary File Upload via add_image_from_url – CVE-2024-0699 | WordPress Plugin Vulnerability Report
Plugin Name: AI Engine Key Information: Software Type: Plugin Software Slug: ai-engine Software Status: Active Software Author: tigroumeow Software Downloads: 1,716,148 Active Installs: 50,000 Last Updated: January 18, 2024 Patched Versions: 2.1.5 Affected Versions: <= 2.1.4 Vulnerability Details: Name: AI Engine <= 2.1.4 – Authenticated(Editor+) Arbitrary File Upload via add_image_from_url Title: Authenticated(Editor+) Arbitrary File Upload via add_image_from_url Type: Unrestricted Upload of File with Dangerous Type CVE: CVE-2024-0699 CVSS…
WordPress Plugin Vulnerability Report – Export and Import Users and Customers – Authenticated (Shop Manager+) Arbitrary File Upload – CVE-2023-6558
Plugin Name: Export and Import Users and Customers Key Information: Software Type: Plugin Software Slug: users-customers-import-export-for-wp-woocommerce Software Status: Active Software Author: webtoffee Software Downloads: 2,025,020 Active Installs: 70,000 Last Updated: December 12, 2023 Patched Versions: 2.4.9 Affected Versions: <= 2.4.8 Vulnerability Details: Name: Export and Import Users and Customers <= 2.4.8 – Authenticated (Shop Manager+) Arbitrary File Upload Title: Authenticated (Shop Manager+) Arbitrary File Upload Type: Unrestricted…
WordPress Plugin Vulnerability Report – Backup Migration – Unauthenticated Remote Code Execution – CVE-2023-6553
Plugin Name: Backup Migration Key Information: Software Type: Plugin Software Slug: backup-backup Software Status: Active Software Author: migrate Software Downloads: 1,095,099 Active Installs: 90,000 Last Updated: December 11, 2023 Patched Versions: 1.3.8 Affected Versions: <= 1.3.7 Vulnerability Details: Name: Backup Migration <= 1.3.7 – Unauthenticated Remote Code Execution Type: Improper Control of Generation of Code (‘Code Injection’) CVE: CVE-2023-6553 CVSS Score: 9.8 (Critical) Publicly Published: December 11, 2023 Researcher: Nex…
WordPress Plugin Vulnerability Report – Elementor Website Builder – Authenticated(Contributor+) Arbitrary File Upload to Remote Code Execution via Template Import
Plugin Name: Elementor Website Builder Key Information: Software Type: Plugin Software Slug: elementor Software Status: Active Software Author: elemntor Software Downloads: 357,725,852 Active Installs: 5,000,000 Last Updated: December 6, 2023 Patched Versions: No patched version Affected Versions: <= 3.18.0 Vulnerability Details: Name: Elementor <= 3.18.0 Authenticated(Contributor+) Arbitrary File Upload to Remote Code Execution via Template Import Title: Authenticated(Contributor+) Arbitrary File Upload to Remote Code Execution via…