secure WordPress installation

Print Invoice & Delivery Notes for WooCommerce Vulnerability – Missing Authorization to Notice Dismissal – CVE-2024-4233 | WordPress Plugin Vulnerability Report 

By Your WP Guy / Apr 26, 2024

Plugin Name: Print Invoice & Delivery Notes for WooCommerce Key Information: Software Type: Plugin Software Slug: woocommerce-delivery-notes Software Status: Active Software Author: tychesoftwares Software Downloads: 999,558 Active Installs: 40,000 Last Updated: May 10, 2024 Patched Versions: 4.9.0 Affected Versions: <= 4.8.1 Vulnerability Details: Name: Multiple Plugins by tychesoftwares <= 4.8.1 Title: Missing Authorization to Notice…

Read More

Spectra Vulnerability – WordPress Gutenberg Blocks – Authenticated Path Traversal – CVE-2024-3107 | WordPress Plugin Vulnerability Report

By Your WP Guy / Apr 26, 2024

Plugin Name: Spectra – WordPress Gutenberg Blocks Key Information: Software Type: Plugin Software Slug: ultimate-addons-for-gutenberg Software Status: Active Software Author: brainstormforce Software Downloads: 21,536,049 Active Installs: 700,000 Last Updated: May 12, 2024 Patched Versions: 2.12.7 Affected Versions: <= 2.12.6 Vulnerability Details: Name: Spectra – WordPress Gutenberg Blocks <= 2.12.6 Title: Authenticated (Contributor+) Path Traversal Type:…

Read More

Timetable and Event Schedule by MotoPress Vulnerability – Authenticated SQL Injection – CVE-2024-3342 | WordPress Plugin Vulnerability Report

By Your WP Guy / Apr 26, 2024

Plugin Name: Timetable and Event Schedule by MotoPress Key Information: Software Type: Plugin Software Slug: mp-timetable Software Status: Active Software Author: jetmonsters Software Downloads: 738,183 Active Installs: 30,000 Last Updated: May 10, 2024 Patched Versions: 2.4.12 Affected Versions: <= 2.4.11 Vulnerability Details: Name: Timetable and Event Schedule by MotoPress <= 2.4.11 Title: Authenticated (Contributor+) SQL…

Read More

Tutor LMS Vulnerability – eLearning and online course solution – Missing Authorization to Unauthenticated Limited Options Update – CVE-2024-3553 | WordPress Plugin Vulnerability Report

By Your WP Guy / Apr 26, 2024

Plugin Name: Tutor LMS – eLearning and online course solution Key Information: Software Type: Plugin Software Slug: tutor Software Status: Active Software Author: themeum Software Downloads: 2,052,510 Active Installs: 80,000 Last Updated: May 10, 2024 Patched Versions: 2.7.0 Affected Versions: <= 2.6.2 Vulnerability Details: Name: Tutor LMS <= 2.6.2 Title: Missing Authorization to Unauthenticated Limited…

Read More

FileOrganizer Vulnerability – Manage WordPress and Website Files – Authenticated Stored Cross-Site Scripting – CVE-2024-2324 | WordPress Plugin Vulnerability Report 

By Your WP Guy / Apr 23, 2024

Plugin Name: FileOrganizer – Manage WordPress and Website Files Key Information: Software Type: Plugin Software Slug: fileorganizer Software Status: Active Software Author: softaculous Software Downloads: 653,721 Active Installs: 100,000 Last Updated: May 9, 2024 Patched Versions: 1.0.7 Affected Versions: <= 1.0.6 Vulnerability Details: Name: FileOrganizer and FileOrganizer Pro <= 1.0.6 Title: Authenticated Stored Cross-Site Scripting…

Read More

Comments – wpDiscuz Vulnerability – Authenticated Stored Cross-Site Scripting via Uploaded Image Alternative Text – CVE-2024-2477 | WordPress Plugin Vulnerability Report 

By Your WP Guy / Apr 22, 2024

Plugin Name: Comments – wpDiscuz Key Information: Software Type: Plugin Software Slug: wpdiscuz Software Status: Active Software Author: advancedcoding Software Downloads: 3,284,736 Active Installs: 80,000 Last Updated: May 9, 2024 Patched Versions: 7.6.16 Affected Versions: <= 7.6.15 Vulnerability Details: Name: wpDiscuz <= 7.6.15 Title: Authenticated (Author+) Stored Cross-Site Scripting via Uploaded Image Alternative Text Type:…

Read More

User Registration Vulnerability – Custom Registration Form, Login Form, and User Profile – Missing Authorization to Authenticated (Subscriber+) Privilege Escalation – CVE-2024-2417 | WordPress Plugin Vulnerability Report

By Your WP Guy / Apr 19, 2024

Plugin Name: User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin Key Information: Software Type: Plugin Software Slug: user-registration Software Status: Active Software Author: wpeverest Software Downloads: 2,655,257 Active Installs: 70,000 Last Updated: May 2, 2024 Patched Versions: 3.2.0 Affected Versions: <=3.1.5 Vulnerability Details: Name: User Registration – Custom Registration Form,…

Read More