Update
WordPress Plugin Vulnerability Report – Simple Calendar – Cross-Site Request Forgery
Plugin Name: Simple Calendar – Google Calendar Plugin Key Information: Software Type: Plugin Software Slug: google-calendar-events Software Status: Active Software Author: simplecalendar Software Downloads: 2,568,146 Active Installs: 60,000 Last Updated: October 20, 2023 Patched Versions: 3.2.5 Affected Versions: <3.2.5 Vulnerability Details: Name: Simple Calendar <= 3.2.4 – Cross-Site Request Forgery via duplicate_feed Title: Cross-Site Request…
WordPress Plugin Vulnerability Report – WooCommerce Stripe Payment Gateway – Cross-Site Request Forgery
Plugin Name: WooCommerce Stripe Payment Gateway Key Information: Software Type: Plugin Software Slug: woocommerce-gateway-stripe Software Status: Active Software Author: automattic Software Downloads: 28,425,774 Active Installs: 800,000 Last Updated: October 17, 2023 Patched Versions: 7.6.1 Affected Versions: <=7.6.0 Vulnerability Details: Name: Stripe Gateway <= 7.6.0 – Cross-Site Request Forgery Type: Cross-Site Request Forgery (CSRF) CVSS Score:…
WordPress Plugin Vulnerability Report – Hotjar – Authenticated (Administrator+) Stored Cross-Site Scripting – CVE-2023-1259
Plugin Name: Hotjar Key Information: Software Type: Plugin Software Slug: hotjar Software Status: Removed Software Author: hotjar Software Downloads: 868,850 Active Installs: 100,000 Last Updated: October 5, 2023 Patched Versions: Not yet patched Affected Versions: <=1.0.15 Vulnerability Details: Name: Hotjar <= 1.0.15 – Authenticated (Administrator+) Stored Cross-Site Scripting Type: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) CVE: CVE-2023-1259 CVSS Score: 4.4 (Medium)…
WordPress Plugin Vulnerability Report – Booster for WooCommerce – Authenticated (Subscriber+) Information Disclosure via Shortcode
Plugin Name: Booster for WooCommerce Key Information: Software Type: Plugin Software Slug: woocommerce-jetpack Software Status: Active Software Author: pluggabl Software Downloads: 3,383,182 Active Installs: 60,000 Last Updated: October 4, 2023 Patched Versions: <=7.1.1 Affected Versions: 7.1.2 Vulnerability Details: Name: Booster for WooCommerce <= 7.1.1 – Authenticated (Subscriber+) Information Disclosure via Shortcode Title: Authenticated (Subscriber+) Information Disclosure via Shortcode Type: Information Exposure CVSS Score: 4.3 (medium)…
WordPress Plugin Vulnerability Report – Essential Addons for Elementor – Authenticated (Contributor+) Privilege Escalation
Plugin Name: Essential Addons for Elementor Key Information: Software Type: Plugin Software Slug: essential-addons-for-elementor-lite Software Status: Active Software Author: wpdevteam Software Downloads: 55,164,924 Active Installs: 1,000,000 Last Updated: September 14, 2023 Patched Versions: 5.8.9 Affected Versions: <=5.8.8 Vulnerability Details: Name: Essential Addons for Elementor <= 5.8.8 – Authenticated (Contributor+) Privilege Escalation Type: Missing Authorization CVSS…
WordPress Plugin Vulnerabilities Report – Booster for WooCommerce – Authenticated Stored Cross-Site Scripting & Information Disclosure – CVE-2023-4945, CVE-2023-4796
Plugin Name: Booster for WooCommerce Key Information: Software Type: Plugin Software Slug: woocommerce-jetpack Software Status: Active Software Author: pluggabl Software Downloads: 3,353,295 Active Installs: 60,000 Last Updated: September 13, 2023 Patched Versions: 7.1.1 Affected Versions: <=7.1.0 Vulnerability Details: 1. Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Type: Improper Neutralization of Input During Web Page Generation…
WordPress Plugin Vulnerability Report – Migration, Backup, Staging – WPvivid – Missing Authorization & Stored Cross-Site Scripting
Plugin Name: Migration, Backup, Staging – WPvivid Key Information: Software Type: Plugin Software Slug: wpvivid-backuprestore Software Status: Active Software Author: wpvividplugins Software Downloads: 5,141,419 Active Installs: 300,000 Last Updated: September 12, 2023 Patched Versions: 0.9.91 Affected Versions: <=0.9.90 First Vulnerability: Vulnerability Details: Name: WPvivid Backup Plugin <= 0.9.90 – Missing Authorization via ‘start_staging’ and ‘get_staging_progress’…
WordPress Plugin Vulnerability Report: Starter Templates – Incorrect Authorization – CVE-2023-41805
Plugin Name: Starter Templates Key Information: Software Type: Plugin Software Slug: astra-sites Software Status: Active Software Author: brainstormforce Software Downloads: 38,934,354 Active Installs: 1,000,000 Last Updated: September 8, 2023 Patched Versions: 3.2.6 Affected Versions: <=3.2.5 Vulnerability Details: Name: Starter Templates <= 3.2.5 – Incorrect Authorization Type: Missing Authorization CVE: CVE-2023-41805 CVSS Score: 4.3 (Medium) Publicly…
WordPress Plugin Vulnerability Report: User Feedback – Unauthenticated Stored Cross-Site Scripting – CVE-2023-39308
Plugin Name: User Feedback Key Information: Software Type: Plugin Software Slug: userfeedback-lite Software Status: Active Software Author: smub Software Downloads: 348,588 Active Installs: 100,000 Last Updated: September 7, 2023 Patched Versions: 1.0.8 Affected Versions: <=1.0.7 Vulnerability Details: Name: User Feedback <= 1.0.7 – Unauthenticated Stored Cross-Site Scripting Type: Improper Neutralization of Input During Web Page…