security patches

Security Optimizer Vulnerability – Missing Authorization via hide_notice() – CVE-2024-38774 | WordPress Plugin Vulnerability Report

By Your WP Guy / Jul 19, 2024

Plugin Name: Security Optimizer – The All-In-One Protection Plugin Key Information: Software Type: Plugin Software Slug: sg-security Software Status: Active Software Author: siteground Software Downloads: 22,051,479 Active Installs: 1,000,000 Last Updated: July 29, 2024 Patched Versions: 1.5.1 Affected Versions: <= 1.5.0 Vulnerability Details: Name: Security Optimizer – The All-In-One Protection Plugin <= 1.5.0 Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N…

Read More

Custom Fonts Vulnerability – Authenticated (Author+) Stored Cross-Site Scripting – CVE-2024-1332 | WordPress Plugin Vulnerability Report

By Your WP Guy / May 23, 2024

Plugin Name: Custom Fonts Key Information: Software Type: Plugin Software Slug: custom-fonts Software Status: Active Software Author: brainstormforce Software Downloads: 4,030,759 Active Installs: 300,000 Last Updated: May 23, 2024 Patched Versions: 2.1.5 Affected Versions: <= 2.1.4 Vulnerability Details: Name: Custom Fonts – Host Your Fonts Locally <= 2.1.4 – Authenticated (Author+) Stored Cross-Site Scripting Type:…

Read More

GiveWP Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-3714 | WordPress Plugin Vulnerability Report

By Your WP Guy / May 17, 2024

Plugin Name: GiveWP Key Information: Software Type: Plugin Software Slug: give Software Status: Active Software Author: webdevmattcrom Software Downloads: 7,298,288 Active Installs: 100,000 Last Updated: May 17, 2024 Patched Versions: 3.11.0 Affected Versions: <= 3.10.0 Vulnerability Details: Name: GiveWP – Donation Plugin and Fundraising Platform <= 3.10.0 – Authenticated (Contributor+) Stored Cross-Site Scripting Type: Improper…

Read More

Password Protected Vulnerability – Missing Authorization to Sensitive Information Exposure – CVE-2024-0437 | WordPress Plugin Vulnerability Report

By Your WP Guy / May 14, 2024

Plugin Name: Password Protected Key Information: Software Type: Plugin Software Slug: password-protected Software Status: Active Software Author: wpexpertsio Software Downloads: 4,907,933 Active Installs: 400,000 Last Updated: May 14, 2024 Patched Versions: 2.6.7 Affected Versions: <= 2.6.6 Vulnerability Details: Name: Password Protected – Ultimate Plugin to Password Protect Your WordPress Content with Ease <= 2.6.6 –…

Read More

Unyson Vulnerability – Cross-Site Request Forgery – CVE-2024-34814 | WordPress Plugin Vulnerability Report

By Your WP Guy / May 9, 2024

Plugin Name: Unyson Key Information: Software Type: Plugin Software Slug: unyson Software Status: Removed Software Author: unyson Software Downloads: 3,375,089 Active Installs: 200,000 Last Updated: May 9, 2024 Patched Versions: 2.7.31 Affected Versions: <= 2.7.30 Vulnerability Details: Name: Unyson <= 2.7.29 – Cross-Site Request Forgery Type: Cross-Site Request Forgery (CSRF) CVE: CVE-2024-34814 CVSS Score: 4.3…

Read More

AI Engine Vulnerability – Authenticated (Editor+) Arbitrary File Upload – CVE-2024-34440 | WordPress Plugin Vulnerability Report

By Your WP Guy / May 7, 2024

Plugin Name: AI Engine Key Information: Software Type: Plugin Software Slug: ai-engine Software Status: Active Software Author: tigroumeow Software Downloads: 2,383,435 Active Installs: 70,000 Last Updated: May 7, 2024 Patched Versions: 2.2.70 Affected Versions: <= 2.2.63 Vulnerability Details: Name: AI Engine: ChatGPT Chatbot <= 2.2.63 – Authenticated (Editor+) Arbitrary File Upload Type: Unrestricted Upload of…

Read More

WP ULike Vulnerability– Most Advanced WordPress Marketing Toolkit – Multiple Vulnerabilities – Multiple CVEs | WordPress Plugin Vulnerability Report 

By Your WP Guy / Apr 26, 2024

Plugin Name: WP ULike – Most Advanced WordPress Marketing Toolkit Key Information: Software Type: Plugin Software Slug: wp-ulike Software Status: Active Software Author: alimir Software Downloads: 1,709,226 Active Installs: 80,000 Last Updated: May 10, 2024 Patched Versions: 4.7.0 Affected Versions: <= 4.6.9 Vulnerability Details: Name: WP ULike <= 4.6.9 Title: Authenticated (Subscriber+) Stored Cross-Site Scripting…

Read More

GiveWP Vulnerability – Donation Plugin and Fundraising Platform – Authenticated PHP Object Injection – CVE-2024-30229 | WordPress Plugin Vulnerability Report 

By Your WP Guy / Apr 26, 2024

Plugin Name: GiveWP – Donation Plugin and Fundraising Platform Key Information: Software Type: Plugin Software Slug: give Software Status: Active Software Author: webdevmattcrom Software Downloads: 7,225,697 Active Installs: 100,000 Last Updated: May 13, 2024 Patched Versions: 3.5.0 Affected Versions: <= 3.4.2 Vulnerability Details: Name: GiveWP – Donation Plugin and Fundraising Platform <= 3.4.2 Title: Authenticated…

Read More

User Registration Vulnerability – Custom Registration Form, Login Form, and User Profile WordPress Plugin – Missing Authorization to Unauthenticated Media Deletion – CVE-2024-3295 | WordPress Plugin Vulnerability Report 

By Your WP Guy / Apr 15, 2024

Plugin Name: User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin Key Information: Software Type: Plugin Software Slug: user-registration Software Status: Active Software Author: wpeverest Software Downloads: 2,629,292 Active Installs: 70,000 Last Updated: April 25, 2024 Patched Versions: 3.2.0 Affected Versions: <= 3.1.5 Vulnerability Details: Name: User Registration – Custom Registration…

Read More

Carousel Slider Vulnerability – Authenticated (Editor+) Stored Cross-Site Scripting – CVE-2024-3703 | WordPress Plugin Vulnerability Report

By Your WP Guy / Apr 12, 2024

Plugin Name: Carousel Slider Key Information: Software Type: Plugin Software Slug: carousel-slider Software Status: Active Software Author: sayful Software Downloads: 908,916 Active Installs: 40,000 Last Updated: April 25, 2024 Patched Versions: 2.2.10 Affected Versions: <= 2.2.9 Vulnerability Details: Name: Carousel Slider <= 2.2.9 Title: Authenticated (Editor+) Stored Cross-Site Scripting Type: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N CVE: CVE-2024-3703 CVSS Score:…

Read More