Ultimate Member Vulnerability – Unauthenticated SQL Injection – CVE-2024-1071 | WordPress Plugin Vulnerability Report

Plugin Name: Ultimate Member Key Information: Software Type: Plugin Software Slug: ultimate-member Software Status: Active Software Author: ultimatemember Software Downloads: 9,722,132 Active Installs: 200,000 Last Updated: February 23, 2024 Patched Versions: 2.8.3 Affected Versions: 2.1.3 – 2.8.2 Vulnerability Details: Name: Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin 2.1.3 – 2.8.2 – Unauthenticated SQL Injection Type: Improper Neutralization of Special…

Read More

Tutor LMS Vulnerability – Missing Authorization & Authenticated HTML Injection – CVE-2024-1133 & CVE-2024-1128 | WordPress Plugin Vulnerability Report

Plugin Name: Tutor LMS Key Information: Software Type: Plugin Software Slug: tutor Software Status: Active Software Author: themeum Software Downloads: 1,925,315 Active Installs: 80,000 Last Updated: February 20, 2024 Patched Versions: 2.6.1 Affected Versions: <= 2.6.0 Vulnerability 1 Details: Name: Tutor LMS <= 2.6.0 – Missing Authorization Title: Missing Authorization Type: Missing Authorization CVE: CVE-2024-1133 CVSS Score: 4.3 (Medium) Publicly Published: February 20, 2024 Researcher: drop Description: The Tutor LMS – eLearning…

Read More

Photo Gallery by 10Web Vulnerability – Directory Traversal to Arbitrary File Rename – CVE-2024-0221 | WordPress Plugin Vulnerability Report

Plugin Name: Photo Gallery by 10Web Key Information: Software Type: Plugin Software Slug: photo-gallery Software Status: Active Software Author: 10web Software Downloads: 17,512,296 Active Installs: 200,000 Last Updated: January 19, 2024 Patched Versions: 1.8.20 Affected Versions: <= 1.8.19 Vulnerability Details: Name: Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.19 – Directory Traversal to Arbitrary File Rename Type: Improper Limitation of a Pathname to a…

Read More

VK Block Patterns Vulnerability – Cross-Site Request Forgery – CVE-2024-0623 | WordPress Plugin Vulnerability Report

Plugin Name: VK Block Patterns Key Information: Software Type: Plugin Software Slug: vk-block-patterns Software Status: Active Software Author: vektor-inc Software Downloads: 1,113,989 Active Installs: 80,000 Last Updated: January 19, 2024 Patched Versions: 1.31.2.0 Affected Versions: <= 1.31.1.1 Vulnerability Details: Name: VK Block Patterns <= 1.31.1.1 – Cross-Site Request Forgery Type: Cross-Site Request Forgery (CSRF) CVE: CVE-2024-0623 CVSS Score: 4.3 (Medium) Publicly Published: January 19, 2024 Researcher: kodaichodai Description: The VK Block…

Read More

Depicter Slider Vulnerability – Cross-Site Request Forgery via save – CVE-2023-6493 | WordPress Plugin Vulnerability Report

Plugin Name: Depicter Slider Key Information: Software Type: Plugin Software Slug: depicter Software Status: Active Software Author: averta Software Downloads: 727,890 Active Installs: 80,000 Last Updated: January 4, 2024 Patched Versions: 2.0.7 Affected Versions: <= 2.0.6 Vulnerability Details: Name: Depicter Slider – Responsive Image Slider, Video Slider & Post Slider <= 2.0.6 – Cross-Site Request Forgery via save Title: Cross-Site Request Forgery via save Type: Cross-Site Request…

Read More

Demystifying the Backend: A Layman’s Guide to Website Technicalities

Website technicalities often seem utterly bewildering to the average small business owner. You built your site, filled it with stellar content, and want to focus on your actual business, not the perplexing intricacies behind the scenes. But whether you pay attention or not, those complex backend functions have a huge impact on your site’s speed,…

Read More

WordPress Plugin Vulnerability Report – Burst Statistics and Burst Statistics Pro – Unauthenticated SQL Injection – CVE-2023-5761

Plugin Name: Burst Statistics and Burst Statistics Pro Key Information: Software Type: Plugin Software Slug: burst-statistics Software Status: Active Software Author: rogierlankhorst Software Downloads: 1,201,064 Active Installs: 100,000 Last Updated: December 6, 2023 Patched Versions (Burst Statistics): 1.4.0 – 1.4.6.1 Affected Versions (Burst Statistics): 1.5.0 Patched Versions (Burst Statistics Pro): 1.4.0 – 1.5.0 Affected Versions (Burst Statistics Pro): 1.5.1 Vulnerability Details: Name: Burst Statistics – Privacy-Friendly Analytics…

Read More

WordPress Plugin Vulnerability Report – Elementor Website Builder – Authenticated(Contributor+) Arbitrary File Upload to Remote Code Execution via Template Import

Plugin Name: Elementor Website Builder Key Information: Software Type: Plugin Software Slug: elementor Software Status: Active Software Author: elemntor Software Downloads: 357,725,852 Active Installs: 5,000,000 Last Updated: December 6, 2023 Patched Versions: No patched version Affected Versions: <= 3.18.0 Vulnerability Details: Name: Elementor <= 3.18.0 Authenticated(Contributor+) Arbitrary File Upload to Remote Code Execution via Template Import Title: Authenticated(Contributor+) Arbitrary File Upload to Remote Code Execution via…

Read More

WordPress Plugin Vulnerability Report – SpeedyCache – Missing Authorization via speedycache_create_test_cache

Plugin Name: SpeedyCache Key Information: Software Type: Plugin Software Slug: speedycache Software Status: Active Software Author: softaculous Software Downloads: 746,740 Active Installs: 100,000 Last Updated: December 1, 2023 Patched Versions: 1.1.3 Affected Versions: <= 1.1.2 Vulnerability Details: Name: SpeedyCache <= 1.1.2 – Missing Authorization via speedycache_create_test_cache Title: Missing Authorization via speedycache_create_test_cache Type: Missing Authorization CVSS Score: 4.3 (Medium) Publicly Published: December 1, 2023 Description: The SpeedyCache – Cache, Optimization, Performance…

Read More

WordPress Plugin Vulnerability Report – Razorpay for WooCommerce – Missing Authorization and Cross-Site Request Forgery

Plugin Name: Razorpay for WooCommerce Key Information: Software Type: Plugin Software Slug: woo-razorpay Software Status: Active Software Author: NA Software Downloads: 1,366,539 Active Installs: 60,000 Last Updated: November 28, 2023 Patched Versions: 4.5.7 Affected Versions: <= 4.5.6 Vulnerability 1 Details: Name: Razorpay for WooCommerce <= 4.5.6 – Missing Authorization Title: Missing Authorization Type: Missing Authorization CVSS Score: 4.3 (Medium) Publicly Published: November 28, 2023 Description: The Razorpay for WooCommerce plugin…

Read More