secure WordPress site

Hide Dashboard Notifications Vulnerability – Cross-Site Request Forgery – CVE-2024-33683 | WordPress Plugin Vulnerability Report 

By Your WP Guy / Apr 26, 2024

Plugin Name: Hide Dashboard Notifications Key Information: Software Type: Plugin Software Slug: wp-hide-backed-notices Software Status: Active Software Author: wprepublic Software Downloads: 168,065 Active Installs: 30,000 Last Updated: May 10, 2024 Patched Versions: 1.3 Affected Versions: <= 1.2.3 Vulnerability Details: Name: Hide Dashboard Notifications <= 1.2.3 Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE: CVE-2024-33683 CVSS Score: 4.3 Publicly Published: April…

Read More

WordPress Plugin Vulnerability Report – Shortcodes Ultimate – Authenticated (Contributor+) Stored Cross-Site Scripting & Insecure Direct Object Reference to Information Disclosure – CVE-2023-6225 & CVE-2023-6226

By Your WP Guy / Nov 27, 2023

Plugin Name: Shortcodes Ultimate Key Information: Software Type: Plugin Software Slug: shortcodes-ultimate Software Status: Active Software Author: gn_themes Software Downloads: 17,874,399 Active Installs: 600,000 Last Updated: November 27, 2023 Patched Versions: 7.0.0 Affected Versions: <= 5.13.3 Vulnerability 1 Details: Name: WP Shortcodes Plugin – Shortcodes Ultimate <= 5.13.3 – Authenticated (Contributor+) Stored Cross-Site Scripting Title: Authenticated (Contributor+) Stored Cross-Site Scripting Type: Improper Neutralization of Input During Web…

Read More