WordPress Plugin Vulnerability Report – POST SMTP Mailer – Authenticated (Administrator+) SQL Injection

Plugin Name: POST SMTP Mailer Key Information: Software Type: Plugin Software Slug: post-smtp Software Status: Active Software Author: wpexpertsio Software Downloads: 9,128,571 Active Installs: 300,000 Last Updated: October 3, 2023 Patched Versions: 2.6.1 Affected Versions: <=2.6.0 Vulnerability Details: Name: Post SMTP <= 2.6.0 – Authenticated (Administrator+) SQL Injection Type: Improper Neutralization of Special Elements used…

Read More

WordPress Plugin Vulnerability Report – iframe – Authenticated (Contributor+) Stored Cross-Site Scripting via ‘iframe’ Shortcode – CVE-2023-4919

Plugin Name: iframe Key Information: Software Type: Plugin Software Slug: iframe Software Status: Active Software Author: webvitaly Software Downloads: 1,423,357 Active Installs: 100,000 Last Updated: September 25, 2023 Patched Versions: 4.6 Affected Versions: <=4.6 Vulnerability Details: Name: iframe <= 4.6 – Authenticated (Contributor+) Stored Cross-Site Scripting via ‘iframe’ Shortcode Title: Authenticated (Contributor+) Stored Cross-Site Scripting…

Read More

WordPress Plugin Vulnerability Report – Leaflet Map – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2023-5050

Plugin Name: Leaflet Map Key Information: Software Type: Plugin Software Slug: leaflet-map Software Status: Active Software Author: bozdoz Software Downloads: 339,670 Active Installs: 30,000 Last Updated: September 20, 2023 Patched Versions: <=3.3.0 Affected Versions: 3.3.1 Vulnerability Details: Name: Leaflet Map <= 3.3.0 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Type: Improper Neutralization of Input…

Read More