Site Takeover

Custom Field Suite Vulnerability – Authenticated (Admin+) Stored Cross-Site Scripting – CVE-2024-3068 | WordPress Plugin Vulnerability Report

By Your WP Guy / May 7, 2024

Plugin Name: Custom Field Suite Key Information: Software Type: Plugin Software Slug: custom-field-suite Software Status: Active Software Author: mgibbs189 Software Downloads: 629,966 Active Installs: 50,000 Last Updated: May 7, 2024 Patched Versions: 2.6.6 Affected Versions: <= 2.6.5 Vulnerability Details: Name: Custom Field Suite <= 2.6.5 – Authenticated (Admin+) Stored Cross-Site Scripting Type: Improper Neutralization of…

Read More

Elementor Addon Elements Vulnerability – Directory Traversal to Local File Inclusion – CVE-2024-1358 | WordPress Plugin Vulnerability Report

By Your WP Guy / Feb 21, 2024

Plugin Name: Elementor Addon Elements Key Information: Software Type: Plugin Software Slug: addon-elements-for-elementor-page-builder Software Status: Active Software Author: webtechstreet Software Downloads: 2,406,134 Active Installs: 100,000 Last Updated: February 21, 2024 Patched Versions: 1.13 Affected Versions: <= 1.12.12 Vulnerability 1 Details: Name: Elementor Addon Elements <= 1.12.12 – Directory Traversal to Local File Inclusion Title: Directory Traversal to Local File Inclusion Type: Improper Limitation of a Pathname to…

Read More

AMP for WP Vulnerability – Authenticated (Contributor+) Cross-Site Scripting via Shortcode – CVE-2023-6782 | WordPress Plugin Vulnerability Report

By Your WP Guy / Dec 18, 2023

Plugin Name: AMP for WP Key Information: Software Type: Plugin Software Slug: accelerated-mobile-pages Software Status: Active Software Author: mohammed_kaludi Software Downloads: 17,465,196 Active Installs: 100,000 Last Updated: December 18, 2023 Patched Versions: 1.0.92.1 Affected Versions: <= 1.0.92 Vulnerability Details: Name: AMP for WP – Accelerated Mobile Pages <= 1.0.92 – Authenticated (Contributor+) Cross-Site Scripting via Shortcode Title: Authenticated (Contributor+) Cross-Site Scripting via Shortcode Type: Improper Neutralization of…

Read More

Clone Vulnerability – Sensitive Information Exposure – CVE-2023-6750 | WordPress Plugin Vulnerability Report

By Your WP Guy / Dec 18, 2023

Plugin Name: Clone Key Information: Software Type: Plugin Software Slug: wp-clone-by-wp-academy Software Status: Active Software Author: migrate Software Downloads: 3,152,544 Active Installs: 90,000 Last Updated: December 18, 2023 Patched Versions: 2.4.3 Affected Versions: <= 2.4.2 Vulnerability Details: Name: WP Clone <= 2.4.2 – Sensitive Information Exposure Title: Sensitive Information Exposure Type: Information Exposure CVE: CVE-2023-6750 CVSS Score: 9.8 (Critical) Publicly Published: December 18, 2023 Researcher: Dmitrii Ignatyev Description: The Clone plugin for…

Read More

WordPress Plugin Vulnerability Report – Migration, Backup, Staging – WPvivid – Missing Authorization & Stored Cross-Site Scripting

By Your WP Guy / Sep 12, 2023

Plugin Name: Migration, Backup, Staging – WPvivid Key Information: Software Type: Plugin Software Slug: wpvivid-backuprestore Software Status: Active Software Author: wpvividplugins Software Downloads: 5,141,419 Active Installs: 300,000 Last Updated: September 12, 2023 Patched Versions: 0.9.91 Affected Versions: <=0.9.90 First Vulnerability: Vulnerability Details: Name: WPvivid Backup Plugin <= 0.9.90 – Missing Authorization via ‘start_staging’ and ‘get_staging_progress’…

Read More