Small Business
WordPress Plugin Vulnerability Report – Elementor Website Builder – Authenticated(Contributor+) Arbitrary File Upload to Remote Code Execution via Template Import
Plugin Name: Elementor Website Builder Key Information: Software Type: Plugin Software Slug: elementor Software Status: Active Software Author: elemntor Software Downloads: 357,725,852 Active Installs: 5,000,000 Last Updated: December 6, 2023 Patched Versions: No patched version Affected Versions: <= 3.18.0 Vulnerability Details: Name: Elementor <= 3.18.0 Authenticated(Contributor+) Arbitrary File Upload to Remote Code Execution via Template Import Title: Authenticated(Contributor+) Arbitrary File Upload to Remote Code Execution via…
WordPress Plugin Vulnerability Report – AMP for WP – Accelerated Mobile Pages – Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode – CVE-2023-48321
Plugin Name: AMP for WP – Accelerated Mobile Pages Key Information: Software Type: Plugin Software Slug: accelerated-mobile-pages Software Status: Active Software Author: mohammed_kaludi Software Downloads: 17,408,260 Active Installs: 100,000 Last Updated: November 28, 2023 Patched Versions: 1.0.89 Affected Versions: <= 1.0.88.1 Vulnerability Details: Name: Accelerated Mobile Pages <= 1.0.88.1 – Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode Title: Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode Type: Improper…
Avoiding Information Overload: Filtering Reliable WordPress Advice
With over 40% of websites using WordPress as their CMS, there is plenty of information out there when you need advice. But with such high volumes, there are bound to be a few bad eggs. The internet is saturated with so-called “WordPress experts” offering contradicting advice. So, how do you know who to trust? As…
WordPress Plugin Vulnerability Report – Top 10 – Cross-Site Request Forgery via edit_count_ajax
Plugin Name: Top 10 Key Information: Software Type: Plugin Software Slug: top-10 Software Status: Active Software Author: ajay Software Downloads: 1,049,082 Active Installs: 20,000 Last Updated: November 3, 2023 Patched Versions: 3.3.3 Affected Versions: <= 3.3.2 Vulnerability Details: Name: Top 10 <= 3.3.2 – Cross-Site Request Forgery via edit_count_ajax Title: Cross-Site Request Forgery via edit_count_ajax…
WordPress Plugin Vulnerability Report – Simple Calendar – Cross-Site Request Forgery
Plugin Name: Simple Calendar – Google Calendar Plugin Key Information: Software Type: Plugin Software Slug: google-calendar-events Software Status: Active Software Author: simplecalendar Software Downloads: 2,568,146 Active Installs: 60,000 Last Updated: October 20, 2023 Patched Versions: 3.2.5 Affected Versions: <3.2.5 Vulnerability Details: Name: Simple Calendar <= 3.2.4 – Cross-Site Request Forgery via duplicate_feed Title: Cross-Site Request…
WordPress Plugin Vulnerability Report – Essential Addons for Elementor – Authenticated (Contributor+) Privilege Escalation
Plugin Name: Essential Addons for Elementor Key Information: Software Type: Plugin Software Slug: essential-addons-for-elementor-lite Software Status: Active Software Author: wpdevteam Software Downloads: 55,164,924 Active Installs: 1,000,000 Last Updated: September 14, 2023 Patched Versions: 5.8.9 Affected Versions: <=5.8.8 Vulnerability Details: Name: Essential Addons for Elementor <= 5.8.8 – Authenticated (Contributor+) Privilege Escalation Type: Missing Authorization CVSS…
WordPress Plugin Vulnerability Report: Starter Templates – Incorrect Authorization – CVE-2023-41805
Plugin Name: Starter Templates Key Information: Software Type: Plugin Software Slug: astra-sites Software Status: Active Software Author: brainstormforce Software Downloads: 38,934,354 Active Installs: 1,000,000 Last Updated: September 8, 2023 Patched Versions: 3.2.6 Affected Versions: <=3.2.5 Vulnerability Details: Name: Starter Templates <= 3.2.5 – Incorrect Authorization Type: Missing Authorization CVE: CVE-2023-41805 CVSS Score: 4.3 (Medium) Publicly…
WordPress Plugin Vulnerability Report: User Feedback – Unauthenticated Stored Cross-Site Scripting – CVE-2023-39308
Plugin Name: User Feedback Key Information: Software Type: Plugin Software Slug: userfeedback-lite Software Status: Active Software Author: smub Software Downloads: 348,588 Active Installs: 100,000 Last Updated: September 7, 2023 Patched Versions: 1.0.8 Affected Versions: <=1.0.7 Vulnerability Details: Name: User Feedback <= 1.0.7 – Unauthenticated Stored Cross-Site Scripting Type: Improper Neutralization of Input During Web Page…
A Guide to WordPress Maintenance: Timelines, Tasks, and Triumphs for Your Business
If you’re using WordPress to showcase your business, you’re already on the right track. This powerful platform is a great tool that, when properly maintained, can help your business thrive online. But, like a Harley, a piano, or even yourself, it needs regular tune-ups to keep running at peak performance. But how often should you…
What are WordPress Translations?
Hearing about all the plugins that WordPress has to offer can sound like speaking Greek. But what if we told you your website could translate Greek at the press of a button? WordPress Translations make it possible for users to localize the content and interface of their websites. Localization is a process of adapting websites,…