remote code execution
Redux Framework Vulnerability – Unauthenticated JSON File Upload to Stored Cross-Site Scripting – CVE-2024-6828 | WordPress Plugin Vulnerability Report
Plugin Name: Redux Framework Key Information: Software Type: Plugin Software Slug: redux-framework Software Status: Active Software Author: davidanderson Software Downloads: 26,600,180 Active Installs: 1,000,000 Last Updated: July 29, 2024 Patched Versions: 4.4.18 Affected Versions: 4.4.12 – 4.4.17 Vulnerability Details: Name: Redux Framework 4.4.12 – 4.4.17 Type: Unauthenticated JSON File Upload to Stored Cross-Site Scripting CVE:…
Read MoreAI Engine Vulnerability – Authenticated (Editor+) Arbitrary File Upload – CVE-2024-34440 | WordPress Plugin Vulnerability Report
Plugin Name: AI Engine Key Information: Software Type: Plugin Software Slug: ai-engine Software Status: Active Software Author: tigroumeow Software Downloads: 2,383,435 Active Installs: 70,000 Last Updated: May 7, 2024 Patched Versions: 2.2.70 Affected Versions: <= 2.2.63 Vulnerability Details: Name: AI Engine: ChatGPT Chatbot <= 2.2.63 – Authenticated (Editor+) Arbitrary File Upload Type: Unrestricted Upload of…
Read MoreHUSKY Vulnerability – Products Filter Professional for WooCommerce – Authenticated (Subscriber+) Remote Code Execution – CVE-2024-32680 | WordPress Plugin Vulnerability Report
Plugin Name: HUSKY – Products Filter Professional for WooCommerce Key Information: Software Type: Plugin Software Slug: woocommerce-products-filter Software Status: Active Software Author: realmag777 Software Downloads: 1,705,152 Active Installs: 100,000 Last Updated: April 29, 2024 Patched Versions: 1.3.5.3 Affected Versions: <= 1.3.5.2 Vulnerability Details: Name: HUSKY – Products Filter for WooCommerce (formerly WOOF) <= 1.3.5.2 Title:…
Read MoreAdvanced Database Cleaner Vulnerability – Authenticated(Administrator+) PHP Object Injection via process_bulk_action – CVE-2024-0668 | WordPress Plugin Vulnerability Report
Plugin Name: Advanced Database Cleaner Key Information: Software Type: Plugin Software Slug: advanced-database-cleaner Software Status: Active Software Author: symptote Software Downloads: 1,283,477 Active Installs: 100,000 Last Updated: January 24, 2024 Patched Versions: 3.1.4 Affected Versions: <= 3.1.3 Vulnerability Details: Name: Advanced Database Cleaner <= 3.1.3 – Authenticated(Administrator+) PHP Object Injection via process_bulk_action Title: Authenticated(Administrator+) PHP Object Injection via process_bulk_action Type: Deserialization of Untrusted Data CVE: CVE-2024-0668 CVSS Score: 6.6…
Read MoreBetter Search Replace Vulnerability – Unauthenticated PHP Object Injection – CVE-2023-6933 | WordPress Plugin Vulnerability Report
Plugin Name: Better Search Replace Key Information: Software Type: Plugin Software Slug: better-search-replace Software Status: Active Software Author: wpengine Software Downloads: 12,169,696 Active Installs: 1,000,000 Last Updated: January 24, 2024 Patched Versions: 1.4.5 Affected Versions: <= 1.4.4 Vulnerability Details: Name: Better Search Replace <= 1.4.4 – Unauthenticated PHP Object Injection Type: Deserialization of Untrusted Data CVE: CVE-2023-6933 CVSS Score: 9.8 (Critical) Publicly Published: January 24, 2024 Researcher: Sam Pizzey Description: The…
Read MoreAI Engine Vulnerability – Authenticated(Editor+) Arbitrary File Upload via add_image_from_url – CVE-2024-0699 | WordPress Plugin Vulnerability Report
Plugin Name: AI Engine Key Information: Software Type: Plugin Software Slug: ai-engine Software Status: Active Software Author: tigroumeow Software Downloads: 1,716,148 Active Installs: 50,000 Last Updated: January 18, 2024 Patched Versions: 2.1.5 Affected Versions: <= 2.1.4 Vulnerability Details: Name: AI Engine <= 2.1.4 – Authenticated(Editor+) Arbitrary File Upload via add_image_from_url Title: Authenticated(Editor+) Arbitrary File Upload via add_image_from_url Type: Unrestricted Upload of File with Dangerous Type CVE: CVE-2024-0699 CVSS…
Read MoreWordPress Plugin Vulnerability Report – Export and Import Users and Customers – Authenticated (Shop Manager+) Arbitrary File Upload – CVE-2023-6558
Plugin Name: Export and Import Users and Customers Key Information: Software Type: Plugin Software Slug: users-customers-import-export-for-wp-woocommerce Software Status: Active Software Author: webtoffee Software Downloads: 2,025,020 Active Installs: 70,000 Last Updated: December 12, 2023 Patched Versions: 2.4.9 Affected Versions: <= 2.4.8 Vulnerability Details: Name: Export and Import Users and Customers <= 2.4.8 – Authenticated (Shop Manager+) Arbitrary File Upload Title: Authenticated (Shop Manager+) Arbitrary File Upload Type: Unrestricted…
Read MoreWordPress Plugin Vulnerability Report – Backup Migration – Unauthenticated Remote Code Execution – CVE-2023-6553
Plugin Name: Backup Migration Key Information: Software Type: Plugin Software Slug: backup-backup Software Status: Active Software Author: migrate Software Downloads: 1,095,099 Active Installs: 90,000 Last Updated: December 11, 2023 Patched Versions: 1.3.8 Affected Versions: <= 1.3.7 Vulnerability Details: Name: Backup Migration <= 1.3.7 – Unauthenticated Remote Code Execution Type: Improper Control of Generation of Code (‘Code Injection’) CVE: CVE-2023-6553 CVSS Score: 9.8 (Critical) Publicly Published: December 11, 2023 Researcher: Nex…
Read MoreWordPress Plugin Vulnerability Report – MW WP Form – Unauthenticated Arbitrary File Upload – CVE-2023-6316
Plugin Name: MW WP Form Key Information: Software Type: Plugin Software Slug: mw-wp-form Software Status: Active Software Author: inc2734 Software Downloads: 1,305,500 Active Installs: 200,000 Last Updated: December 4, 2023 Patched Versions: 5.0.2 Affected Versions: <= 5.0.1 Vulnerability Details: Name: MW WP Form <= 5.0.1 – Unauthenticated Arbitrary File Upload Title: Unauthenticated Arbitrary File Upload Type: Unrestricted Upload of File with Dangerous Type CVE: CVE-2023-6316 CVSS Score: 9.8 (Critical)…
Read More