Image Watermark Vulnerability – Missing Authorization to Authenticated (Subscriber+) Watermark Modification – CVE-2024-1994 | WordPress Plugin Vulnerability Report

Plugin Name: Image Watermark Key Information: Software Type: Plugin Software Slug: image-watermark Software Status: Active Software Author: dfactory Software Downloads: 842,453 Active Installs: 50,000 Last Updated: April 10, 2024 Patched Versions: 1.7.4 Affected Versions: <= 1.7.3 Vulnerability Details: Name: Image Watermark <= 1.7.3 Title: Missing Authorization to Authenticated (Subscriber+) Watermark Modification Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVE: CVE-2024-1994…

Read More

Download Manager Vulnerability- Missing Authorization – CVE-2023-6785 | WordPress Plugin Vulnerability Report

Plugin Name: Download Manager Key Information: Software Type: Plugin Software Slug: download-manager Software Status: Active Software Author: codename065 Software Downloads: 8,301,669 Active Installs: 100,000 Last Updated: March 1, 2024 Patched Versions: 3.2.85 Affected Versions: <=3.2.84 Vulnerability Details: Name: Download Manager <= 3.2.84 Title: Missing Authorization Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE: CVE-2023-6785 CVSS Score: 5.3 Publicly Published: February…

Read More

WP Dashboard Notes Vulnerability- Missing Authorization to Arbitrary Private Notes Update – CVE-2023-7239 |WordPress Plugin Vulnerability Report

Plugin Name: WP Dashboard Notes Key Information: Software Type: Plugin Software Slug: wp-dashboard-notes Software Status: Active Software Author: sormano Software Downloads: 176,276 Active Installs: 30,000 Last Updated: January 30, 2024 Patched Versions: 1.0.10 Affected Versions: <= 1.0.10 Vulnerability Details: Name: WP Dashboard Notes <= 1.0.10 Title: Missing Authorization to Arbitrary Private Notes Update Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N…

Read More

Ninja Tables Vulnerability – Missing Authorization – CVE-2024-23504 | WordPress Plugin Vulnerability Report

Plugin Name: Ninja Tables Key Information: Software Type: Plugin Software Slug: ninja-tables Software Status: Active Software Author: techjewel Software Downloads: 1,636,926 Active Installs: 80,000 Last Updated: January 19, 2024 Patched Versions: 5.0.6 Affected Versions: <= 5.0.5 Vulnerability Details: Name: Ninja Tables <= 5.0.5 – Missing Authorization Title: Missing Authorization Type: Missing Authorization CVE: CVE-2024-23504 CVSS Score: 5.3 (Medium) Publicly Published: January 19, 2024 Researcher: emad Description: The Ninja Tables plugin for WordPress…

Read More

SpeedyCache Vulnerability – Missing Authorization to Plugin Options Update – CVE-2023-6598 | WordPress Plugin Vulnerability Report

Plugin Name: SpeedyCache Key Information: Software Type: Plugin Software Slug: speedycache Software Status: Active Software Author: softaculous Software Downloads: 861,450 Active Installs: 100,000 Last Updated: December 16, 2023 Patched Versions: 1.1.4 Affected Versions: <= 1.1.3 Vulnerability Details: Name: SpeedyCache <= 1.1.3 – Missing Authorization to Plugin Options Update Type: Missing Authorization CVE: CVE-2023-6598 CVSS Score: 4.3 (Medium) Publicly Published: December 16, 2023 Researcher: Lucio Sá Description: The SpeedyCache plugin for WordPress…

Read More

WordPress Plugin Vulnerability Report – Abandoned Cart Lite for WooCommerce – Improper Authorization Vulnerabilities

Plugin Name: Abandoned Cart Lite for WooCommerce Key Information: Software Type: Plugin Software Slug: woocommerce-abandoned-cart Software Status: Active Software Author: tychesoftwares Software Downloads: 995,970 Active Installs: 30,000 Last Updated: November 21, 2023 Patched Versions: 5.16.1 Affected Versions: < 5.16.1 Vulnerability Details: Name: Abandoned Cart Lite for WooCommerce <= 5.16.0 – Improper Authorization via wcal_delete_expired_used_coupon_code Title:…

Read More

WordPress Plugin Vulnerability Report – Slider – Missing Authorization via AJAX action

Plugin Name: Slider – Ultimate Responsive Image Slider Key Information: Software Type: Plugin Software Slug: ultimate-responsive-image-slider Software Status: Active Software Author: farazfrank Software Downloads: 1,338,384 Active Installs: 40,000 Last Updated: November 16, 2023 Patched Versions: 3.5.12 Affected Versions: <= 3.5.11 Vulnerability Details: Name: Ultimate Responsive Image Slider <= 3.5.11 – Missing Authorization via AJAX action Title: Missing Authorization via AJAX action Type: Missing Authorization CVSS Score: 4.3 (Medium)…

Read More

WordPress Plugin Vulnerability Report – Ad Inserter – Unauthenticated Sensitive Information Exposure – CVE-2023-4668, CVE-2023-4645

Plugin Name: Ad Inserter Key Information: Software Type: Plugin Software Slug: ad-inserter Software Status: Active Software Author: Spacetime Software Downloads: 13,908,300 Active Installs: 300,000 Last Updated: September 22, 2023 Patched Versions: 2.7.31 Affected Versions: 2.7.30 Vulnerability Details: Name: Ad Inserter <= 2.7.30 – Unauthenticated Sensitive Information Exposure via ai-debug-processing-fe Type: Missing Authorization CVE: CVE-2023-4668 CVSS…

Read More

WordPress Plugin Vulnerability Report: Slimstat Analytics – Authenticated (Contributor+) Blind SQL Injection via Shortcode – CVE-2023-4598

Key Information: Software Type: Plugin Software Slug: wp-slimstat Software Status: Active Software Author: mostafas1990 Software Downloads: 5,922,898 Active Installs: 100,000 Last Updated: September 11, 2023 Patched Versions: 5.0.10 Affected Versions: <=5.0.9 Vulnerability Details: Name: Slimstat Analytics <= 5.0.9 – Authenticated (Contributor+) Blind SQL Injection via Shortcode Type: Improper Neutralization of Special Elements used in an…

Read More