Site Maintenance

Redux Framework Vulnerability – Unauthenticated JSON File Upload to Stored Cross-Site Scripting – CVE-2024-6828 | WordPress Plugin Vulnerability Report

By Your WP Guy / Jul 22, 2024

Plugin Name: Redux Framework Key Information: Software Type: Plugin Software Slug: redux-framework Software Status: Active Software Author: davidanderson Software Downloads: 26,600,180 Active Installs: 1,000,000 Last Updated: July 29, 2024 Patched Versions: 4.4.18 Affected Versions: 4.4.12 – 4.4.17 Vulnerability Details: Name: Redux Framework 4.4.12 – 4.4.17 Type: Unauthenticated JSON File Upload to Stored Cross-Site Scripting CVE:…

Read More

Security Optimizer Vulnerability – Missing Authorization via hide_notice() – CVE-2024-38774 | WordPress Plugin Vulnerability Report

By Your WP Guy / Jul 19, 2024

Plugin Name: Security Optimizer – The All-In-One Protection Plugin Key Information: Software Type: Plugin Software Slug: sg-security Software Status: Active Software Author: siteground Software Downloads: 22,051,479 Active Installs: 1,000,000 Last Updated: July 29, 2024 Patched Versions: 1.5.1 Affected Versions: <= 1.5.0 Vulnerability Details: Name: Security Optimizer – The All-In-One Protection Plugin <= 1.5.0 Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N…

Read More

Meta Tag Manager Vulnerability – Authenticated (Subscriber+) PHP Object Injection – CVE-2024-1770 |WordPress Plugin Vulnerability Report

By Your WP Guy / Mar 27, 2024

Plugin Name: Meta Tag Manager Key Information: Software Type: Plugin Software Slug: meta-tag-manager Software Status: Active Software Author: netweblogic Software Downloads: 865,531 Active Installs: 100,000 Last Updated: March 27, 2024 Patched Versions: 3.1 Affected Versions: <= 3.0.2 Vulnerability Details: Name: Meta Tag Manager <= 3.0.2 Title: Authenticated (Subscriber+) PHP Object Injection Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE: CVE-2024-1770…

Read More

Migration, Backup, Staging Vulnerability– WPvivid – Missing Authorization – CVE-2024-1982 | WordPress Plugin Vulnerability Report 

By Your WP Guy / Feb 28, 2024

Plugin Name: Migration, Backup, Staging – WPvivid Key Information: Software Type: Plugin Software Slug: wpvivid-backuprestore Software Status: Active Software Author: wpvividplugins Software Downloads: 6,465,323 Active Installs: 400,000 Last Updated: February 28, 2024 Patched Versions: 0.9.69 Affected Versions: <= 0.9.68 Vulnerability Details: Name: WPvivid Backup and Migration <= 0.9.68 Title: Missing Authorization Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L CVE: CVE-2024-1982…

Read More

Cookie Information | Free GDPR Consent Solution Vulnerability – Authenticated (Subscriber+) Arbitrary Options Update – CVE-2023-6700 | WordPress Plugin Vulnerability Report

By Your WP Guy / Jan 29, 2024

Plugin Name: Cookie Information | Free GDPR Consent Solution Key Information: Software Type: Plugin Software Slug: wp-gdpr-compliance Software Status: Active Software Author: cookieinformation Software Downloads: 3,745,212 Active Installs: 100,000 Last Updated: February 2, 2024 Patched Versions: 2.0.23 Affected Versions: <= 2.0.22 Vulnerability Details: Name: Cookie Information | Free GDPR Consent Solution <= 2.0.22 Title: Authenticated…

Read More

MW WP Form Vulnerability – Improper Limitation of File Name to Unauthenticated Arbitrary File Deletion – CVE-2023-6559 | WordPress Plugin Vulnerability Report

By Your WP Guy / Dec 15, 2023

Plugin Name: MW WP Form Key Information: Software Type: Plugin Software Slug: mw-wp-form Software Status: Active Software Author: inc2734 Software Downloads: 1,536,050 Active Installs: 200,000 Last Updated: December 15, 2023 Patched Versions: 5.0.4 Affected Versions: <= 5.0.3 Vulnerability Details: Name: MW WP Form <= 5.0.3 – Improper Limitation of File Name to Unauthenticated Arbitrary File Deletion Title: Improper Limitation of File Name to Unauthenticated Arbitrary File…

Read More

Common Signs Your WordPress Website May Be Compromised

By Your WP Guy / Oct 3, 2023

You’ve invested time, money, and energy into building your business’s website on WordPress. It’s become a vital online presence and valuable asset for your company. But lurking in the shadows are potential security threats that can wreak havoc on your site. WordPress powers over 40% of all websites, making it an enticing target for hackers.…

Read More

WordPress Plugin Vulnerability Report – Migration, Backup, Staging – WPvivid – Missing Authorization & Stored Cross-Site Scripting

By Your WP Guy / Sep 12, 2023

Plugin Name: Migration, Backup, Staging – WPvivid Key Information: Software Type: Plugin Software Slug: wpvivid-backuprestore Software Status: Active Software Author: wpvividplugins Software Downloads: 5,141,419 Active Installs: 300,000 Last Updated: September 12, 2023 Patched Versions: 0.9.91 Affected Versions: <=0.9.90 First Vulnerability: Vulnerability Details: Name: WPvivid Backup Plugin <= 0.9.90 – Missing Authorization via ‘start_staging’ and ‘get_staging_progress’…

Read More