File Manager Vulnerability- Directory Traversal – CVE-2023-6825 | WordPress Plugin Vulnerability Report 

Plugin Name: File Manager Key Information: Software Type: Plugin Software Slug: wp-file-manager Software Status: Active Software Author: mndpsingh287 Software Downloads: 20,544,237 Active Installs: 1,000,000 Last Updated: March 7, 2024 Patched Versions: 7.2.2 Affected Versions: <= 7.2.1 Vulnerability Details: Name: File Manager And File Manager Pro (Multiple Versions) Type: Directory Traversal CVE: CVE-2023-6825 CVSS Score: 9.9…

Read More

Calculated Fields Form Vulnerability- Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-0963 | WordPress Plugin Vulnerability Report

Plugin Name: Calculated Fields Form Key Information: Software Type: Plugin Software Slug: calculated-fields-form Software Status: Active Software Author: codepeople Software Downloads: 6,585,834 Active Installs: 60,000 Last Updated: February 12, 2024 Patched Versions: 1.2.53 Affected Versions: <= 1.2.52 Vulnerability Details: Name: Calculated Fields Form <= 1.2.52 Title: Authenticated (Contributor+) Stored Cross-Site Scripting Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N CVE: CVE-2024-0963…

Read More

The Events Calendar Vulnerability – Unauthenticated Sensitive Information Exposure – CVE-2023-6557 | WordPress Plugin Vulnerability Report

Plugin Name: The Events Calendar Key Information: Software Type: Plugin Software Slug: the-events-calendar Software Status: Active Software Author: theeventscalendar Software Downloads: 53,054,073 Active Installs: 700,000 Last Updated: January 12, 2024 Patched Versions: 6.2.9 Affected Versions: <= 6.2.8.2 Vulnerability Details: Name: The Events Calendar <= 6.2.8.2 Title: Unauthenticated Sensitive Information Exposure Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE: CVE-2023-6557 CVSS…

Read More

Download Monitor Vulnerability – Authenticated (Admin+) SQL Injection | WordPress Plugin Vulnerability Report

Plugin Name: Download Monitor Key Information: Software Type: Plugin Software Slug: download-monitor Software Status: Active Software Author: wpchill Software Downloads: 4,783,527 Active Installs: 100,000 Last Updated: January 8, 2024 Patched Versions: 4.9.5 Affected Versions: < 4.9.5 Vulnerability Details: Name: Download Monitor <= 4.9.4 Title: Authenticated (Admin+) SQL Injection Type: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE: NA CVSS Score: 7.2…

Read More

Featured Image from URL Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via featured image alt text – CVE-2023-6561 | WordPress Plugin Vulnerability Report

Plugin Name: Featured Image from URL Key Information: Software Type: Plugin Software Slug: featured-image-from-url Software Status: Active Software Author: marceljm Software Downloads: 4,535,007 Active Installs: 90,000 Last Updated: December 14, 2023 Patched Versions: NA Affected Versions: <= 4.5.3 Vulnerability Details: Name: Featured Image from URL (FIFU) <= 4.5.3 – Authenticated (Contributor+) Stored Cross-Site Scripting via featured image alt text Title: Authenticated (Contributor+) Stored Cross-Site Scripting via…

Read More

WordPress Plugin Vulnerability Report – Forminator – Authenticated (Administrator+) Arbitrary File Upload – CVE-2023-6133

Plugin Name: Forminator Key Information: Software Type: Plugin Software Slug: forminator Software Status: Active Software Author: wpmudev Software Downloads: 5,677,838 Active Installs: 400,000 Last Updated: November 14, 2023 Patched Versions: 1.28.0 Affected Versions: <= 1.27.0 Vulnerability Details: Name: Forminator <= 1.27.0 – Authenticated (Administrator+) Arbitrary File Upload Type: Unrestricted Upload of File with Dangerous Type…

Read More