secure WordPress installations

MainWP Child Reports Vulnerability – Cross-Site Request Forgery – CVE-2024-33680 | WordPress Plugin Vulnerability Report

By Your WP Guy / Apr 26, 2024

Plugin Name: MainWP Child Reports Key Information: Software Type: Plugin Software Slug: mainwp-child-reports Software Status: Active Software Author: mainwp Software Downloads: 943,776 Active Installs: 80,000 Last Updated: May 10, 2024 Patched Versions: 2.2 Affected Versions: <= 2.1.1 Vulnerability Details: Name: MainWP Child Reports <= 2.1.1 Title: Cross-Site Request Forgery Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE: CVE-2024-33680 CVSS Score:…

Read More

NextGEN Gallery Vulnerability – Authenticated Stored Cross-Site Scripting – CVE-2024-2744 | WordPress Plugin Vulnerability Report 

By Your WP Guy / Apr 26, 2024

Plugin Name: NextGEN Gallery – Create an Amazing Photo Gallery in Seconds Key Information: Software Type: Plugin Software Slug: nextgen-gallery Software Status: Active Software Author: smub Software Downloads: 40,372,789 Active Installs: 500,000 Last Updated: May 12, 2024 Patched Versions: 3.59.1 Affected Versions: <= 3.59 Vulnerability Details: Name: NextGEN Gallery <= 3.59 Title: Authenticated (Administrator+) Stored…

Read More

Template Kit – Import Vulnerability – Authenticated Stored Cross-Site Scripting via Template Upload – CVE-2024-2334 | WordPress Plugin Vulnerability Report

By Your WP Guy / Apr 1, 2024

Plugin Name: Template Kit – Import Key Information: Software Type: Plugin Software Slug: template-kit-import Software Status: Active Software Author: Envato Software Downloads: 548,134 Active Installs: 100,000 Last Updated: April 2, 2024 Patched Versions: 1.0.15 Affected Versions: <= 1.0.14 Vulnerability Details: Name: Template Kit – Import <= 1.0.14 Title: Authenticated (Author+) Stored Cross-Site Scripting via Template…

Read More

WP Chat App Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Block Image Attribute – CVE-2024-2513 |WordPress Plugin Vulnerability Report

By Your WP Guy / Mar 29, 2024

Plugin Name: WP Chat App Key Information: Software Type: Plugin Software Slug: wp-whatsapp Software Status: Active Software Author: ninjateam Software Downloads: 950,913 Active Installs: 100,000 Last Updated: April 1, 2024 Patched Versions: 3.6.3 Affected Versions: <= 3.6.2 Vulnerability Details: Name: WP Chat App <= 3.6.2 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via Block Image Attribute…

Read More