updates

Redux Framework Vulnerability – Unauthenticated JSON File Upload to Stored Cross-Site Scripting – CVE-2024-6828 | WordPress Plugin Vulnerability Report

By Your WP Guy / Jul 22, 2024

Plugin Name: Redux Framework Key Information: Software Type: Plugin Software Slug: redux-framework Software Status: Active Software Author: davidanderson Software Downloads: 26,600,180 Active Installs: 1,000,000 Last Updated: July 29, 2024 Patched Versions: 4.4.18 Affected Versions: 4.4.12 – 4.4.17 Vulnerability Details: Name: Redux Framework 4.4.12 – 4.4.17 Type: Unauthenticated JSON File Upload to Stored Cross-Site Scripting CVE:…

Read More

WP Mail SMTP by WPForms Vulnerability – Authenticated (Admin+) SMTP Password Exposure – CVE-2024-6694 | WordPress Plugin Vulnerability Report

By Your WP Guy / Jul 19, 2024

Plugin Name: WP Mail SMTP by WPForms – The Most Popular SMTP and Email Log Plugin Key Information: Software Type: Plugin Software Slug: wp-mail-smtp Software Status: Active Software Author: smub Software Downloads: 54,987,682 Active Installs: 3,000,000 Last Updated: July 29, 2024 Patched Versions: 4.1.0 Affected Versions: <= 4.0.1 Vulnerability Details: Name: WP Mail SMTP <=…

Read More

Popup Builder Vulnerability – Authenticated(Contributor+) Stored Cross-Site Scripting via Custom JS – CVE-2024-2506 | WordPress Plugin Vulnerability Report

By Your WP Guy / May 31, 2024

Plugin Name: Popup Builder – Create highly converting, mobile friendly marketing popups. Key Information: Software Type: Plugin Software Slug: popup-builder Software Status: Active Software Author: popupbuilder Software Downloads: 10,104,066 Active Installs: 200,000 Last Updated: June 12, 2024 Patched Versions: 4.3.0 Affected Versions: <= 4.2.7 Vulnerability Details: Name: Popup Builder <= 4.2.7 Title: Authenticated(Contributor+) Stored Cross-Site…

Read More

Ultimate Member Vulnerability – Unauthenticated SQL Injection – CVE-2024-1071 | WordPress Plugin Vulnerability Report

By Your WP Guy / Feb 23, 2024

Plugin Name: Ultimate Member Key Information: Software Type: Plugin Software Slug: ultimate-member Software Status: Active Software Author: ultimatemember Software Downloads: 9,722,132 Active Installs: 200,000 Last Updated: February 23, 2024 Patched Versions: 2.8.3 Affected Versions: 2.1.3 – 2.8.2 Vulnerability Details: Name: Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin 2.1.3 – 2.8.2 – Unauthenticated SQL Injection Type: Improper Neutralization of Special…

Read More

Tutor LMS Vulnerability – Missing Authorization & Authenticated HTML Injection – CVE-2024-1133 & CVE-2024-1128 | WordPress Plugin Vulnerability Report

By Your WP Guy / Feb 20, 2024

Plugin Name: Tutor LMS Key Information: Software Type: Plugin Software Slug: tutor Software Status: Active Software Author: themeum Software Downloads: 1,925,315 Active Installs: 80,000 Last Updated: February 20, 2024 Patched Versions: 2.6.1 Affected Versions: <= 2.6.0 Vulnerability 1 Details: Name: Tutor LMS <= 2.6.0 – Missing Authorization Title: Missing Authorization Type: Missing Authorization CVE: CVE-2024-1133 CVSS Score: 4.3 (Medium) Publicly Published: February 20, 2024 Researcher: drop Description: The Tutor LMS – eLearning…

Read More

Photo Gallery by 10Web Vulnerability – Directory Traversal to Arbitrary File Rename – CVE-2024-0221 | WordPress Plugin Vulnerability Report

By Your WP Guy / Jan 19, 2024

Plugin Name: Photo Gallery by 10Web Key Information: Software Type: Plugin Software Slug: photo-gallery Software Status: Active Software Author: 10web Software Downloads: 17,512,296 Active Installs: 200,000 Last Updated: January 19, 2024 Patched Versions: 1.8.20 Affected Versions: <= 1.8.19 Vulnerability Details: Name: Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.19 – Directory Traversal to Arbitrary File Rename Type: Improper Limitation of a Pathname to a…

Read More

VK Block Patterns Vulnerability – Cross-Site Request Forgery – CVE-2024-0623 | WordPress Plugin Vulnerability Report

By Your WP Guy / Jan 19, 2024

Plugin Name: VK Block Patterns Key Information: Software Type: Plugin Software Slug: vk-block-patterns Software Status: Active Software Author: vektor-inc Software Downloads: 1,113,989 Active Installs: 80,000 Last Updated: January 19, 2024 Patched Versions: 1.31.2.0 Affected Versions: <= 1.31.1.1 Vulnerability Details: Name: VK Block Patterns <= 1.31.1.1 – Cross-Site Request Forgery Type: Cross-Site Request Forgery (CSRF) CVE: CVE-2024-0623 CVSS Score: 4.3 (Medium) Publicly Published: January 19, 2024 Researcher: kodaichodai Description: The VK Block…

Read More

Depicter Slider Vulnerability – Cross-Site Request Forgery via save – CVE-2023-6493 | WordPress Plugin Vulnerability Report

By Your WP Guy / Jan 4, 2024

Plugin Name: Depicter Slider Key Information: Software Type: Plugin Software Slug: depicter Software Status: Active Software Author: averta Software Downloads: 727,890 Active Installs: 80,000 Last Updated: January 4, 2024 Patched Versions: 2.0.7 Affected Versions: <= 2.0.6 Vulnerability Details: Name: Depicter Slider – Responsive Image Slider, Video Slider & Post Slider <= 2.0.6 – Cross-Site Request Forgery via save Title: Cross-Site Request Forgery via save Type: Cross-Site Request…

Read More

Demystifying the Backend: A Layman’s Guide to Website Technicalities

By Your WP Guy / Dec 12, 2023

Website technicalities often seem utterly bewildering to the average small business owner. You built your site, filled it with stellar content, and want to focus on your actual business, not the perplexing intricacies behind the scenes. But whether you pay attention or not, those complex backend functions have a huge impact on your site’s speed,…

Read More

WordPress Plugin Vulnerability Report – Burst Statistics and Burst Statistics Pro – Unauthenticated SQL Injection – CVE-2023-5761

By Your WP Guy / Dec 6, 2023

Plugin Name: Burst Statistics and Burst Statistics Pro Key Information: Software Type: Plugin Software Slug: burst-statistics Software Status: Active Software Author: rogierlankhorst Software Downloads: 1,201,064 Active Installs: 100,000 Last Updated: December 6, 2023 Patched Versions (Burst Statistics): 1.4.0 – 1.4.6.1 Affected Versions (Burst Statistics): 1.5.0 Patched Versions (Burst Statistics Pro): 1.4.0 – 1.5.0 Affected Versions (Burst Statistics Pro): 1.5.1 Vulnerability Details: Name: Burst Statistics – Privacy-Friendly Analytics…

Read More