Advanced Database Cleaner Vulnerability – Authenticated(Administrator+) PHP Object Injection via process_bulk_action – CVE-2024-0668 | WordPress Plugin Vulnerability Report

Plugin Name: Advanced Database Cleaner Key Information: Software Type: Plugin Software Slug: advanced-database-cleaner Software Status: Active Software Author: symptote Software Downloads: 1,283,477 Active Installs: 100,000 Last Updated: January 24, 2024 Patched Versions: 3.1.4 Affected Versions: <= 3.1.3 Vulnerability Details: Name: Advanced Database Cleaner <= 3.1.3 – Authenticated(Administrator+) PHP Object Injection via process_bulk_action Title: Authenticated(Administrator+) PHP Object Injection via process_bulk_action Type: Deserialization of Untrusted Data CVE: CVE-2024-0668 CVSS Score: 6.6…

Read More

Better Search Replace Vulnerability – Unauthenticated PHP Object Injection – CVE-2023-6933 | WordPress Plugin Vulnerability Report

Plugin Name: Better Search Replace Key Information: Software Type: Plugin Software Slug: better-search-replace Software Status: Active Software Author: wpengine Software Downloads: 12,169,696 Active Installs: 1,000,000 Last Updated: January 24, 2024 Patched Versions: 1.4.5 Affected Versions: <= 1.4.4 Vulnerability Details: Name: Better Search Replace <= 1.4.4 – Unauthenticated PHP Object Injection Type: Deserialization of Untrusted Data CVE: CVE-2023-6933 CVSS Score: 9.8 (Critical) Publicly Published: January 24, 2024 Researcher: Sam Pizzey Description: The…

Read More

AI Engine Vulnerability – Authenticated(Editor+) Arbitrary File Upload via add_image_from_url – CVE-2024-0699 | WordPress Plugin Vulnerability Report

Plugin Name: AI Engine Key Information: Software Type: Plugin Software Slug: ai-engine Software Status: Active Software Author: tigroumeow Software Downloads: 1,716,148 Active Installs: 50,000 Last Updated: January 18, 2024 Patched Versions: 2.1.5 Affected Versions: <= 2.1.4 Vulnerability Details: Name: AI Engine <= 2.1.4 – Authenticated(Editor+) Arbitrary File Upload via add_image_from_url Title: Authenticated(Editor+) Arbitrary File Upload via add_image_from_url Type: Unrestricted Upload of File with Dangerous Type CVE: CVE-2024-0699 CVSS…

Read More

WordPress Plugin Vulnerability Report – Export and Import Users and Customers – Authenticated (Shop Manager+) Arbitrary File Upload – CVE-2023-6558

Plugin Name: Export and Import Users and Customers Key Information: Software Type: Plugin Software Slug: users-customers-import-export-for-wp-woocommerce Software Status: Active Software Author: webtoffee Software Downloads: 2,025,020 Active Installs: 70,000 Last Updated: December 12, 2023 Patched Versions: 2.4.9 Affected Versions: <= 2.4.8 Vulnerability Details: Name: Export and Import Users and Customers <= 2.4.8 – Authenticated (Shop Manager+) Arbitrary File Upload Title: Authenticated (Shop Manager+) Arbitrary File Upload Type: Unrestricted…

Read More

WordPress Plugin Vulnerability Report – Backup Migration – Unauthenticated Remote Code Execution – CVE-2023-6553

Plugin Name: Backup Migration Key Information: Software Type: Plugin Software Slug: backup-backup Software Status: Active Software Author: migrate Software Downloads: 1,095,099 Active Installs: 90,000 Last Updated: December 11, 2023 Patched Versions: 1.3.8 Affected Versions: <= 1.3.7 Vulnerability Details: Name: Backup Migration <= 1.3.7 – Unauthenticated Remote Code Execution Type: Improper Control of Generation of Code (‘Code Injection’) CVE: CVE-2023-6553 CVSS Score: 9.8 (Critical) Publicly Published: December 11, 2023 Researcher: Nex…

Read More

WordPress Plugin Vulnerability Report – Elementor Website Builder – Authenticated(Contributor+) Arbitrary File Upload to Remote Code Execution via Template Import

Plugin Name: Elementor Website Builder Key Information: Software Type: Plugin Software Slug: elementor Software Status: Active Software Author: elemntor Software Downloads: 357,725,852 Active Installs: 5,000,000 Last Updated: December 6, 2023 Patched Versions: No patched version Affected Versions: <= 3.18.0 Vulnerability Details: Name: Elementor <= 3.18.0 Authenticated(Contributor+) Arbitrary File Upload to Remote Code Execution via Template Import Title: Authenticated(Contributor+) Arbitrary File Upload to Remote Code Execution via…

Read More

WordPress Plugin Vulnerability Report – MW WP Form – Unauthenticated Arbitrary File Upload – CVE-2023-6316

Plugin Name: MW WP Form Key Information: Software Type: Plugin Software Slug: mw-wp-form Software Status: Active Software Author: inc2734 Software Downloads: 1,305,500 Active Installs: 200,000 Last Updated: December 4, 2023 Patched Versions: 5.0.2 Affected Versions: <= 5.0.1 Vulnerability Details: Name: MW WP Form <= 5.0.1 – Unauthenticated Arbitrary File Upload Title: Unauthenticated Arbitrary File Upload Type: Unrestricted Upload of File with Dangerous Type CVE: CVE-2023-6316 CVSS Score: 9.8 (Critical)…

Read More

WordPress Plugin Vulnerability Report – Mollie Payments for WooCommerce – Authenticated (Shop Manager+) Arbitrary File Upload – CVE-2023-6090

Plugin Name: Mollie Payments for WooCommerce Key Information: Software Type: Plugin Software Slug: mollie-payments-for-woocommerce Software Status: Active Software Author: mollieintegration Software Downloads: 2,934,315 Active Installs: 100,000 Last Updated: November 27, 2023 Patched Versions: 7.3.12 Affected Versions: <= 7.3.11 Vulnerability Details: Name: Mollie Payments for WooCommerce <= 7.3.11 – Authenticated (Shop Manager+) Arbitrary File Upload Title: Authenticated (Shop Manager+) Arbitrary File Upload Type: Unrestricted Upload of File with…

Read More

WordPress Plugin Vulnerability Report – SiteOrigin Widgets Bundle – Authenticated (Admin+) Local File Inclusion – CVE-2023-6295

Plugin Name: SiteOrigin Widgets Bundle Key Information: Software Type: Plugin Software Slug: so-widgets-bundle Software Status: Active Software Author: gpriday Software Downloads: 36,509,376 Active Installs: 600,000 Last Updated: November 27, 2023 Patched Versions: 1.51.0 Affected Versions: <= 1.50.1 Vulnerability Details: Name: SiteOrigin Widgets Bundle < 1.51.0 – Authenticated (Admin+) Local File Inclusion Title: Authenticated (Admin+) Local File Inclusion Type: Improper Control of Filename for Include/Require Statement in PHP…

Read More

WordPress Plugin Vulnerability Report – Widgets for Google Reviews – Authenticated (Editor+) Arbitrary File Upload – CVE-2023-48275

Plugin Name: Widgets for Google Reviews Key Information: Software Type: Plugin Software Slug: wp-reviews-plugin-for-google Software Status: Active Software Author: trustindex Software Downloads: 4,619,317 Active Installs: 300,000 Last Updated: November 22, 2023 Patched Versions: 11.1 Affected Versions: <= 11.0.2 Vulnerability Details: Name: Widgets for Google Reviews <= 11.0.2 – Authenticated (Editor+) Arbitrary File Upload Title: Authenticated…

Read More