updates
Redux Framework Vulnerability – Unauthenticated JSON File Upload to Stored Cross-Site Scripting – CVE-2024-6828 | WordPress Plugin Vulnerability Report
Plugin Name: Redux Framework Key Information: Software Type: Plugin Software Slug: redux-framework Software Status: Active Software Author: davidanderson Software Downloads: 26,600,180 Active Installs: 1,000,000 Last Updated: July 29, 2024 Patched Versions: 4.4.18 Affected Versions: 4.4.12 – 4.4.17 Vulnerability Details: Name: Redux Framework 4.4.12 – 4.4.17 Type: Unauthenticated JSON File Upload to Stored Cross-Site Scripting CVE:…
Read MoreWP Mail SMTP by WPForms Vulnerability – Authenticated (Admin+) SMTP Password Exposure – CVE-2024-6694 | WordPress Plugin Vulnerability Report
Plugin Name: WP Mail SMTP by WPForms – The Most Popular SMTP and Email Log Plugin Key Information: Software Type: Plugin Software Slug: wp-mail-smtp Software Status: Active Software Author: smub Software Downloads: 54,987,682 Active Installs: 3,000,000 Last Updated: July 29, 2024 Patched Versions: 4.1.0 Affected Versions: <= 4.0.1 Vulnerability Details: Name: WP Mail SMTP <=…
Read MorePopup Builder Vulnerability – Authenticated(Contributor+) Stored Cross-Site Scripting via Custom JS – CVE-2024-2506 | WordPress Plugin Vulnerability Report
Plugin Name: Popup Builder – Create highly converting, mobile friendly marketing popups. Key Information: Software Type: Plugin Software Slug: popup-builder Software Status: Active Software Author: popupbuilder Software Downloads: 10,104,066 Active Installs: 200,000 Last Updated: June 12, 2024 Patched Versions: 4.3.0 Affected Versions: <= 4.2.7 Vulnerability Details: Name: Popup Builder <= 4.2.7 Title: Authenticated(Contributor+) Stored Cross-Site…
Read MoreUltimate Member Vulnerability – Unauthenticated SQL Injection – CVE-2024-1071 | WordPress Plugin Vulnerability Report
Plugin Name: Ultimate Member Key Information: Software Type: Plugin Software Slug: ultimate-member Software Status: Active Software Author: ultimatemember Software Downloads: 9,722,132 Active Installs: 200,000 Last Updated: February 23, 2024 Patched Versions: 2.8.3 Affected Versions: 2.1.3 – 2.8.2 Vulnerability Details: Name: Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin 2.1.3 – 2.8.2 – Unauthenticated SQL Injection Type: Improper Neutralization of Special…
Read MoreTutor LMS Vulnerability – Missing Authorization & Authenticated HTML Injection – CVE-2024-1133 & CVE-2024-1128 | WordPress Plugin Vulnerability Report
Plugin Name: Tutor LMS Key Information: Software Type: Plugin Software Slug: tutor Software Status: Active Software Author: themeum Software Downloads: 1,925,315 Active Installs: 80,000 Last Updated: February 20, 2024 Patched Versions: 2.6.1 Affected Versions: <= 2.6.0 Vulnerability 1 Details: Name: Tutor LMS <= 2.6.0 – Missing Authorization Title: Missing Authorization Type: Missing Authorization CVE: CVE-2024-1133 CVSS Score: 4.3 (Medium) Publicly Published: February 20, 2024 Researcher: drop Description: The Tutor LMS – eLearning…
Read MorePhoto Gallery by 10Web Vulnerability – Directory Traversal to Arbitrary File Rename – CVE-2024-0221 | WordPress Plugin Vulnerability Report
Plugin Name: Photo Gallery by 10Web Key Information: Software Type: Plugin Software Slug: photo-gallery Software Status: Active Software Author: 10web Software Downloads: 17,512,296 Active Installs: 200,000 Last Updated: January 19, 2024 Patched Versions: 1.8.20 Affected Versions: <= 1.8.19 Vulnerability Details: Name: Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.19 – Directory Traversal to Arbitrary File Rename Type: Improper Limitation of a Pathname to a…
Read MoreVK Block Patterns Vulnerability – Cross-Site Request Forgery – CVE-2024-0623 | WordPress Plugin Vulnerability Report
Plugin Name: VK Block Patterns Key Information: Software Type: Plugin Software Slug: vk-block-patterns Software Status: Active Software Author: vektor-inc Software Downloads: 1,113,989 Active Installs: 80,000 Last Updated: January 19, 2024 Patched Versions: 1.31.2.0 Affected Versions: <= 1.31.1.1 Vulnerability Details: Name: VK Block Patterns <= 1.31.1.1 – Cross-Site Request Forgery Type: Cross-Site Request Forgery (CSRF) CVE: CVE-2024-0623 CVSS Score: 4.3 (Medium) Publicly Published: January 19, 2024 Researcher: kodaichodai Description: The VK Block…
Read MoreDemystifying the Backend: A Layman’s Guide to Website Technicalities
Website technicalities often seem utterly bewildering to the average small business owner. You built your site, filled it with stellar content, and want to focus on your actual business, not the perplexing intricacies behind the scenes. But whether you pay attention or not, those complex backend functions have a huge impact on your site’s speed,…
Read MoreWordPress Plugin Vulnerability Report – Burst Statistics and Burst Statistics Pro – Unauthenticated SQL Injection – CVE-2023-5761
Plugin Name: Burst Statistics and Burst Statistics Pro Key Information: Software Type: Plugin Software Slug: burst-statistics Software Status: Active Software Author: rogierlankhorst Software Downloads: 1,201,064 Active Installs: 100,000 Last Updated: December 6, 2023 Patched Versions (Burst Statistics): 1.4.0 – 1.4.6.1 Affected Versions (Burst Statistics): 1.5.0 Patched Versions (Burst Statistics Pro): 1.4.0 – 1.5.0 Affected Versions (Burst Statistics Pro): 1.5.1 Vulnerability Details: Name: Burst Statistics – Privacy-Friendly Analytics…
Read More