remote code execution

Redux Framework Vulnerability – Unauthenticated JSON File Upload to Stored Cross-Site Scripting – CVE-2024-6828 | WordPress Plugin Vulnerability Report

By Your WP Guy / Jul 22, 2024

Plugin Name: Redux Framework Key Information: Software Type: Plugin Software Slug: redux-framework Software Status: Active Software Author: davidanderson Software Downloads: 26,600,180 Active Installs: 1,000,000 Last Updated: July 29, 2024 Patched Versions: 4.4.18 Affected Versions: 4.4.12 – 4.4.17 Vulnerability Details: Name: Redux Framework 4.4.12 – 4.4.17 Type: Unauthenticated JSON File Upload to Stored Cross-Site Scripting CVE:…

Read More

AI Engine Vulnerability – Authenticated (Editor+) Arbitrary File Upload – CVE-2024-34440 | WordPress Plugin Vulnerability Report

By Your WP Guy / May 7, 2024

Plugin Name: AI Engine Key Information: Software Type: Plugin Software Slug: ai-engine Software Status: Active Software Author: tigroumeow Software Downloads: 2,383,435 Active Installs: 70,000 Last Updated: May 7, 2024 Patched Versions: 2.2.70 Affected Versions: <= 2.2.63 Vulnerability Details: Name: AI Engine: ChatGPT Chatbot <= 2.2.63 – Authenticated (Editor+) Arbitrary File Upload Type: Unrestricted Upload of…

Read More

HUSKY Vulnerability – Products Filter Professional for WooCommerce – Authenticated (Subscriber+) Remote Code Execution – CVE-2024-32680 | WordPress Plugin Vulnerability Report 

By Your WP Guy / Apr 17, 2024

Plugin Name: HUSKY – Products Filter Professional for WooCommerce Key Information: Software Type: Plugin Software Slug: woocommerce-products-filter Software Status: Active Software Author: realmag777 Software Downloads: 1,705,152 Active Installs: 100,000 Last Updated: April 29, 2024 Patched Versions: 1.3.5.3 Affected Versions: <= 1.3.5.2 Vulnerability Details: Name: HUSKY – Products Filter for WooCommerce (formerly WOOF) <= 1.3.5.2 Title:…

Read More

Advanced Database Cleaner Vulnerability – Authenticated(Administrator+) PHP Object Injection via process_bulk_action – CVE-2024-0668 | WordPress Plugin Vulnerability Report

By Your WP Guy / Jan 24, 2024

Plugin Name: Advanced Database Cleaner Key Information: Software Type: Plugin Software Slug: advanced-database-cleaner Software Status: Active Software Author: symptote Software Downloads: 1,283,477 Active Installs: 100,000 Last Updated: January 24, 2024 Patched Versions: 3.1.4 Affected Versions: <= 3.1.3 Vulnerability Details: Name: Advanced Database Cleaner <= 3.1.3 – Authenticated(Administrator+) PHP Object Injection via process_bulk_action Title: Authenticated(Administrator+) PHP Object Injection via process_bulk_action Type: Deserialization of Untrusted Data CVE: CVE-2024-0668 CVSS Score: 6.6…

Read More

Better Search Replace Vulnerability – Unauthenticated PHP Object Injection – CVE-2023-6933 | WordPress Plugin Vulnerability Report

By Your WP Guy / Jan 24, 2024

Plugin Name: Better Search Replace Key Information: Software Type: Plugin Software Slug: better-search-replace Software Status: Active Software Author: wpengine Software Downloads: 12,169,696 Active Installs: 1,000,000 Last Updated: January 24, 2024 Patched Versions: 1.4.5 Affected Versions: <= 1.4.4 Vulnerability Details: Name: Better Search Replace <= 1.4.4 – Unauthenticated PHP Object Injection Type: Deserialization of Untrusted Data CVE: CVE-2023-6933 CVSS Score: 9.8 (Critical) Publicly Published: January 24, 2024 Researcher: Sam Pizzey Description: The…

Read More

AI Engine Vulnerability – Authenticated(Editor+) Arbitrary File Upload via add_image_from_url – CVE-2024-0699 | WordPress Plugin Vulnerability Report

By Your WP Guy / Jan 18, 2024

Plugin Name: AI Engine Key Information: Software Type: Plugin Software Slug: ai-engine Software Status: Active Software Author: tigroumeow Software Downloads: 1,716,148 Active Installs: 50,000 Last Updated: January 18, 2024 Patched Versions: 2.1.5 Affected Versions: <= 2.1.4 Vulnerability Details: Name: AI Engine <= 2.1.4 – Authenticated(Editor+) Arbitrary File Upload via add_image_from_url Title: Authenticated(Editor+) Arbitrary File Upload via add_image_from_url Type: Unrestricted Upload of File with Dangerous Type CVE: CVE-2024-0699 CVSS…

Read More

WordPress Plugin Vulnerability Report – Export and Import Users and Customers – Authenticated (Shop Manager+) Arbitrary File Upload – CVE-2023-6558

By Your WP Guy / Dec 12, 2023

Plugin Name: Export and Import Users and Customers Key Information: Software Type: Plugin Software Slug: users-customers-import-export-for-wp-woocommerce Software Status: Active Software Author: webtoffee Software Downloads: 2,025,020 Active Installs: 70,000 Last Updated: December 12, 2023 Patched Versions: 2.4.9 Affected Versions: <= 2.4.8 Vulnerability Details: Name: Export and Import Users and Customers <= 2.4.8 – Authenticated (Shop Manager+) Arbitrary File Upload Title: Authenticated (Shop Manager+) Arbitrary File Upload Type: Unrestricted…

Read More

WordPress Plugin Vulnerability Report – Backup Migration – Unauthenticated Remote Code Execution – CVE-2023-6553

By Your WP Guy / Dec 11, 2023

Plugin Name: Backup Migration Key Information: Software Type: Plugin Software Slug: backup-backup Software Status: Active Software Author: migrate Software Downloads: 1,095,099 Active Installs: 90,000 Last Updated: December 11, 2023 Patched Versions: 1.3.8 Affected Versions: <= 1.3.7 Vulnerability Details: Name: Backup Migration <= 1.3.7 – Unauthenticated Remote Code Execution Type: Improper Control of Generation of Code (‘Code Injection’) CVE: CVE-2023-6553 CVSS Score: 9.8 (Critical) Publicly Published: December 11, 2023 Researcher: Nex…

Read More

WordPress Plugin Vulnerability Report – Elementor Website Builder – Authenticated(Contributor+) Arbitrary File Upload to Remote Code Execution via Template Import

By Your WP Guy / Dec 6, 2023

Plugin Name: Elementor Website Builder Key Information: Software Type: Plugin Software Slug: elementor Software Status: Active Software Author: elemntor Software Downloads: 357,725,852 Active Installs: 5,000,000 Last Updated: December 6, 2023 Patched Versions: No patched version Affected Versions: <= 3.18.0 Vulnerability Details: Name: Elementor <= 3.18.0 Authenticated(Contributor+) Arbitrary File Upload to Remote Code Execution via Template Import Title: Authenticated(Contributor+) Arbitrary File Upload to Remote Code Execution via…

Read More

WordPress Plugin Vulnerability Report – MW WP Form – Unauthenticated Arbitrary File Upload – CVE-2023-6316

By Your WP Guy / Dec 4, 2023

Plugin Name: MW WP Form Key Information: Software Type: Plugin Software Slug: mw-wp-form Software Status: Active Software Author: inc2734 Software Downloads: 1,305,500 Active Installs: 200,000 Last Updated: December 4, 2023 Patched Versions: 5.0.2 Affected Versions: <= 5.0.1 Vulnerability Details: Name: MW WP Form <= 5.0.1 – Unauthenticated Arbitrary File Upload Title: Unauthenticated Arbitrary File Upload Type: Unrestricted Upload of File with Dangerous Type CVE: CVE-2023-6316 CVSS Score: 9.8 (Critical)…

Read More