updates
WordPress Plugin Vulnerability Report – Elementor Website Builder – Authenticated(Contributor+) Arbitrary File Upload to Remote Code Execution via Template Import
Plugin Name: Elementor Website Builder Key Information: Software Type: Plugin Software Slug: elementor Software Status: Active Software Author: elemntor Software Downloads: 357,725,852 Active Installs: 5,000,000 Last Updated: December 6, 2023 Patched Versions: No patched version Affected Versions: <= 3.18.0 Vulnerability Details: Name: Elementor <= 3.18.0 Authenticated(Contributor+) Arbitrary File Upload to Remote Code Execution via Template Import Title: Authenticated(Contributor+) Arbitrary File Upload to Remote Code Execution via…
WordPress Plugin Vulnerability Report – SpeedyCache – Missing Authorization via speedycache_create_test_cache
Plugin Name: SpeedyCache Key Information: Software Type: Plugin Software Slug: speedycache Software Status: Active Software Author: softaculous Software Downloads: 746,740 Active Installs: 100,000 Last Updated: December 1, 2023 Patched Versions: 1.1.3 Affected Versions: <= 1.1.2 Vulnerability Details: Name: SpeedyCache <= 1.1.2 – Missing Authorization via speedycache_create_test_cache Title: Missing Authorization via speedycache_create_test_cache Type: Missing Authorization CVSS Score: 4.3 (Medium) Publicly Published: December 1, 2023 Description: The SpeedyCache – Cache, Optimization, Performance…
WordPress Plugin Vulnerability Report – Razorpay for WooCommerce – Missing Authorization and Cross-Site Request Forgery
Plugin Name: Razorpay for WooCommerce Key Information: Software Type: Plugin Software Slug: woo-razorpay Software Status: Active Software Author: NA Software Downloads: 1,366,539 Active Installs: 60,000 Last Updated: November 28, 2023 Patched Versions: 4.5.7 Affected Versions: <= 4.5.6 Vulnerability 1 Details: Name: Razorpay for WooCommerce <= 4.5.6 – Missing Authorization Title: Missing Authorization Type: Missing Authorization CVSS Score: 4.3 (Medium) Publicly Published: November 28, 2023 Description: The Razorpay for WooCommerce plugin…
WordPress Plugin Vulnerability Report – Abandoned Cart Lite for WooCommerce – Improper Authorization Vulnerabilities
Plugin Name: Abandoned Cart Lite for WooCommerce Key Information: Software Type: Plugin Software Slug: woocommerce-abandoned-cart Software Status: Active Software Author: tychesoftwares Software Downloads: 995,970 Active Installs: 30,000 Last Updated: November 21, 2023 Patched Versions: 5.16.1 Affected Versions: < 5.16.1 Vulnerability Details: Name: Abandoned Cart Lite for WooCommerce <= 5.16.0 – Improper Authorization via wcal_delete_expired_used_coupon_code Title:…
WordPress Plugin Vulnerability Report – WP Fastest Cache – Unauthenticated SQL Injection – CVE-2023-6063
Plugin Name: WP Fastest Cache Key Information: Software Type: Plugin Software Slug: wp-fastest-cache Software Status: Active Software Author: emrevona Software Downloads: 45,149,633 Active Installs: 1,000,000 Last Updated: November 13, 2023 Patched Versions: 1.2.2 Affected Versions: <= 1.2.1 Vulnerability Details: Name: WP Fastest Cache <= 1.2.2 – Unauthenticated SQL Injection Title: Unauthenticated SQL Injection Type: Improper…
WordPress Plugin Vulnerability Report – UpdraftPlus – Cross-Site Request Forgery to Google Drive Storage Update – CVE-2023-5982
Plugin Name: UpdraftPlus Key Information: Software Type: Plugin Software Slug: updraftplus Software Status: Active Software Author: davidanderson Software Downloads: 107,410,188 Active Installs: 3,000,000 Last Updated: November 7, 2023 Patched Versions: 1.23.11 Affected Versions: <= 1.23.10 Vulnerability Details: Name: UpdraftPlus <= 1.23.10 – Cross-Site Request Forgery to Google Drive Storage Update Title: Cross-Site Request Forgery to Google Drive Storage Update Type: Cross-Site Request Forgery (CSRF) CVE: CVE-2023-5982 CVSS Score: 5.4…
WordPress Plugin Vulnerability Report – GiveWP – Cross-Site Request Forgery – CVE-2023-4247, CVE-2023-4248
Plugin Name: GiveWP Key Information: Software Type: Plugin Software Slug: give Software Status: Active Software Author: webdevmattcrom Software Downloads: 6,043,447 Active Installs: 100,000 Last Updated: October 31, 2023 Patched Versions: 2.33.4 Affected Versions: <= 2.33.3 Vulnerability 1 Details: Name: GiveWP <= 2.33.3 – Cross-Site Request Forgery to plugin deactivation Title: Cross-Site Request Forgery to plugin deactivation Type: Cross-Site Request Forgery (CSRF) CVE: CVE-2023-4247 CVSS Score: 5.4 (Medium) Publicly Published: October…
WordPress Plugin Vulnerability Report – News & Blog Designer Pack – Unauthenticated Remote Code Execution via Local File Inclusion – CVE-2023-5815
Plugin Name: News & Blog Designer Pack Key Information: Software Type: Plugin Software Slug: blog-designer-pack Software Status: Active Software Author: infornweb Software Downloads: 408,098 Active Installs: 30,000 Last Updated: October 26, 2023 Patched Versions: 3.4.2 Affected Versions: <=3.4.1 Vulnerability Details: Name: News & Blog Designer Pack – WordPress Blog Plugin <= 3.4.1 – Unauthenticated Remote Code Execution via Local File Inclusion Title: Unauthenticated Remote Code Execution…
WordPress Plugin Vulnerability Report – LiteSpeed Cache – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2023-4372
Plugin Name: LiteSpeed Cache Key Information: Software Type: Plugin Software Slug: litespeed-Cache Software Status: Active Software Author: litespeedtech Software Downloads: 52m564,430 Active Installs: 4,000,000 Last Updated: October 23, 2023 Patched Versions: 5.7 Affected Versions: <=5.6 Vulnerability Details: Name: LiteSpeed Cache <= 5.6 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Type: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) CVE: CVE-2023-4372 CVSS Score: 6.4 (Medium) Publicly…
WordPress Plugin Vulnerability Report – WordPress Popular Posts – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Plugin Name: WordPress Popular Posts Key Information: Software Type: Plugin Software Slug: wordpress-popular-posts Software Status: Active Software Author: hcabrera Software Downloads: 7,045,880 Active Installs: 200,000 Last Updated: October 6, 2023 Patched Versions: <=6.3.2 Affected Versions: 6.3.3 Vulnerability Details: Name: WordPress Popular Posts <= 6.3.2 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Type: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)…