securing wordpress

The Post Grid Vulnerability – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid – Missing Authorization – CVE-2024-3936 | WordPress Plugin Vulnerability Report

By Your WP Guy / Apr 30, 2024

Plugin Name: The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid Key Information: Software Type: Plugin Software Slug: the-post-grid Software Status: Active Software Author: techlabpro1 Software Downloads: 1,704,748 Active Installs: 90,000 Last Updated: May 10, 2024 Patched Versions: 7.7.0 Affected Versions: <= 7.6.1 Vulnerability Details: Name: The Post Grid – Shortcode,…

Read More

Blog2Social: Social Media Auto Post & Scheduler Vulnerability – Information Exposure – CVE-2024-3678 | WordPress Plugin Vulnerability Report 

By Your WP Guy / Apr 24, 2024

Plugin Name: Blog2Social: Social Media Auto Post & Scheduler Key Information: Software Type: Plugin Software Slug: blog2social Software Status: Active Software Author: pr-gateway Software Downloads: 3,487,933 Active Installs: 60,000 Last Updated: May 10, 2024 Patched Versions: 7.5.0 Affected Versions: <= 7.4.2 Vulnerability Details: Name: Blog2Social: Social Media Auto Post & Scheduler <= 7.4.2 Title: Information…

Read More

Schema & Structured Data for WP & AMP Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via How To and FAQ Blocks – CVE-2024-3491 | WordPress Plugin Vulnerability Report

By Your WP Guy / Apr 22, 2024

Plugin Name: Schema & Structured Data for WP & AMP Key Information: Software Type: Plugin Software Slug: schema-and-structured-data-for-wp Software Status: Active Software Author: magazine3 Software Downloads: 5,175,623 Active Installs: 100,000 Last Updated: May 6, 2024 Patched Versions: 1.30 Affected Versions: <= 1.29 Vulnerability Details: Name: Schema & Structured Data for WP & AMP <= 1.29…

Read More

Backup Migration Vulnerability – Information Exposure via Log Files – CVE-2024-32686 | WordPress Plugin Vulnerability Report

By Your WP Guy / Apr 17, 2024

Plugin Name: Backup Migration Key Information: Software Type: Plugin Software Slug: backup-backup Software Status: Active Software Author: inisev Software Downloads: 1,449,047 Active Installs: 80,000 Last Updated: May 2, 2024 Patched Versions: 1.4.4 Affected Versions: <= 1.4.3 Vulnerability Details: Name: Backup Migration <= 1.4.3 Title: Information Exposure via Log Files Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE: CVE-2024-32686 CVSS Score:…

Read More

Check & Log Email Vulnerability – Unauthenticated Hook Injection – CVE-2024-0866 |WordPress Plugin Vulnerability Report

By Your WP Guy / Mar 25, 2024

Plugin Name: Check & Log Email Key Information: Software Type: Plugin Software Slug: check-email Software Status: Active Software Author: checkemail Software Downloads: 1,430,487 Active Installs: 100,000 Last Updated: March 25, 2024 Patched Versions: 1.0.10 Affected Versions: <= 1.0.9 Vulnerability Details: Name: Check & Log Email <= 1.0.9 Title: Unauthenticated Hook Injection Type: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE: CVE-2024-0866…

Read More

Shortcodes Ultimate Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via su_tooltip Shortcode – CVE-2024-1510 | WordPress Plugin Vulnerability Report

By Your WP Guy / Feb 19, 2024

Plugin Name: Shortcodes Ultimate Key Information ormation: Software Type: Plugin Software Slug: shortcodes-ultimate Software Status: Active Software Author: gn_themes Software Downloads: 18,644,577 Active Installs: 600,000 Last Updated: February 19, 2024 Patched Versions: 7.0.3 Affected Versions: <= 7.0.2 Vulnerability Details: Name: WP Shortcodes Plugin – Shortcodes Ultimate <= 7.0.2 – Authenticated (Contributor+) Stored Cross-Site Scripting via su_tooltip Shortcode Type: Improper Neutralization of Input During Web Page Generation…

Read More

MapPress Maps for WordPress Vulnerability- Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2023-7225 |WordPress Plugin Vulnerability Report

By Your WP Guy / Jan 29, 2024

Plugin Name: MapPress Maps for WordPress Key Information: Software Type: Plugin Software Slug: mappress-google-maps-for-wordpress Software Status: Active Software Author: chrisvrichardson Software Downloads: 4,193,183 Active Installs: 50,000 Last Updated: February 2, 2024 Patched Versions: 2.88.17 Affected Versions: <= 2.88.16 Vulnerability Details: Name: MapPress <= 2.88.16 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via Map Settings Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N…

Read More

Paid Memberships Pro Vulnerability – Cross-Site Request Forgery to Level Orders Update – CVE-2024-0624 | WordPress Plugin Vulnerability Report

By Your WP Guy / Jan 24, 2024

Plugin Name: Paid Memberships Pro Key Information: Software Type: Plugin Software Slug: paid-memberships-pro Software Status: Active Software Author: strangerstudios Software Downloads: 5,532,954 Active Installs: 90,000 Last Updated: January 24, 2024 Patched Versions: 2.12.8 Affected Versions: <= 2.12.7 Vulnerability Details: Name: Paid Memberships Pro <= 2.12.7 – Cross-Site Request Forgery to Level Orders Update Type: Cross-Site Request Forgery (CSRF) CVE: CVE-2024-0624 CVSS Score: 5.3 (Medium) Publicly Published: January 24, 2024…

Read More

OneClick Chat to Order Vulnerability – Authenticated Stored Cross-Site Scripting via Shortcode | WordPress Plugin Vulnerability Report

By Your WP Guy / Jan 8, 2024

Plugin Name: OneClick Chat to Order Key Information: Software Type: Plugin Software Slug: oneclick-whatsapp-order Software Status: Active Software Author: walterpinem Software Downloads: 205,924 Active Installs: 30,000 Last Updated: January 8, 2024 Patched Versions: 1.0.6 Affected Versions: <= 1.0.5 Vulnerability Details: Name: OneClick Chat to Order <= 1.0.5 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode…

Read More

WordPress Button Plugin MaxButtons – Authenticated Stored Cross-Site Scripting – CVE-2023-6594 | WordPress Plugin Vulnerability Report

By Your WP Guy / Jan 8, 2024

Plugin Name: WordPress Button Plugin MaxButtons Key Information: Software Type: Plugin Software Slug: maxbuttons Software Status: Active Software Author: maxfoundry Software Downloads: 4,640,344 Active Installs: 100,000 Last Updated: January 8, 2024 Patched Versions: 9.7.6 Affected Versions: <= 9.7.4 Vulnerability Details: Name: WordPress Button Plugin MaxButtons <= 9.7.4 Title: Authenticated (Administrator+) Stored Cross-Site Scripting Type: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N…

Read More