VK Block Patterns Vulnerability – Cross-Site Request Forgery – CVE-2024-0623 | WordPress Plugin Vulnerability Report

Plugin Name: VK Block Patterns Key Information: Software Type: Plugin Software Slug: vk-block-patterns Software Status: Active Software Author: vektor-inc Software Downloads: 1,113,989 Active Installs: 80,000 Last Updated: January 19, 2024 Patched Versions: 1.31.2.0 Affected Versions: <= 1.31.1.1 Vulnerability Details: Name: VK Block Patterns <= 1.31.1.1 – Cross-Site Request Forgery Type: Cross-Site Request Forgery (CSRF) CVE: CVE-2024-0623 CVSS Score: 4.3 (Medium) Publicly Published: January 19, 2024 Researcher: kodaichodai Description: The VK Block…

Read More

Depicter Slider Vulnerability – Cross-Site Request Forgery via save – CVE-2023-6493 | WordPress Plugin Vulnerability Report

Plugin Name: Depicter Slider Key Information: Software Type: Plugin Software Slug: depicter Software Status: Active Software Author: averta Software Downloads: 727,890 Active Installs: 80,000 Last Updated: January 4, 2024 Patched Versions: 2.0.7 Affected Versions: <= 2.0.6 Vulnerability Details: Name: Depicter Slider – Responsive Image Slider, Video Slider & Post Slider <= 2.0.6 – Cross-Site Request Forgery via save Title: Cross-Site Request Forgery via save Type: Cross-Site Request…

Read More

AMP for WP Vulnerability – Authenticated (Contributor+) Cross-Site Scripting via Shortcode – CVE-2023-6782 | WordPress Plugin Vulnerability Report

Plugin Name: AMP for WP Key Information: Software Type: Plugin Software Slug: accelerated-mobile-pages Software Status: Active Software Author: mohammed_kaludi Software Downloads: 17,465,196 Active Installs: 100,000 Last Updated: December 18, 2023 Patched Versions: 1.0.92.1 Affected Versions: <= 1.0.92 Vulnerability Details: Name: AMP for WP – Accelerated Mobile Pages <= 1.0.92 – Authenticated (Contributor+) Cross-Site Scripting via Shortcode Title: Authenticated (Contributor+) Cross-Site Scripting via Shortcode Type: Improper Neutralization of…

Read More

WordPress Plugin Vulnerability Report – SpeedyCache – Missing Authorization via speedycache_create_test_cache

Plugin Name: SpeedyCache Key Information: Software Type: Plugin Software Slug: speedycache Software Status: Active Software Author: softaculous Software Downloads: 746,740 Active Installs: 100,000 Last Updated: December 1, 2023 Patched Versions: 1.1.3 Affected Versions: <= 1.1.2 Vulnerability Details: Name: SpeedyCache <= 1.1.2 – Missing Authorization via speedycache_create_test_cache Title: Missing Authorization via speedycache_create_test_cache Type: Missing Authorization CVSS Score: 4.3 (Medium) Publicly Published: December 1, 2023 Description: The SpeedyCache – Cache, Optimization, Performance…

Read More

WordPress Plugin Vulnerability Report – BackWPup – Authenticated (Administrator+) Directory Traversal – CVE-2023-5504

Plugin Name: BackWPup Key Information: Software Type: Plugin Software Slug: backwpup Software Status: Active Software Author: wp_media Software Downloads: 13,284,859 Active Installs: 600,000 Last Updated: November 22, 2023 Patched Versions: 4.0.2 Affected Versions: <= 4.0.1 Vulnerability Details: Name: BackWPup <= 4.0.1 – Authenticated (Administrator+) Directory Traversal Title: Authenticated (Administrator+) Directory Traversal Type: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) CVE: CVE-2023-5504 CVSS Score: 8.7 (High)…

Read More

WordPress Plugin Vulnerability Report – WP Fastest Cache – Unauthenticated SQL Injection – CVE-2023-6063

Plugin Name: WP Fastest Cache Key Information: Software Type: Plugin Software Slug: wp-fastest-cache Software Status: Active Software Author: emrevona Software Downloads: 45,149,633 Active Installs: 1,000,000 Last Updated: November 13, 2023 Patched Versions: 1.2.2 Affected Versions: <= 1.2.1 Vulnerability Details: Name: WP Fastest Cache <= 1.2.2 – Unauthenticated SQL Injection Title: Unauthenticated SQL Injection Type: Improper…

Read More

WordPress Plugin Vulnerability Report – Quiz And Survey Master – Multiple Cross-Site Request Forgery

Plugin Name: Quiz And Survey Master Key Information: Software Type: Plugin Software Slug: quiz-master-next Software Status: Active Software Author: expresstech Software Downloads: 2,153,834 Active Installs: 40,000 Last Updated: November 8, 2023 Patched Versions: 8.1.19 Affected Versions: <= 8.1.18 Vulnerability Details: Name: Quiz And Survey Master <= 8.1.18 – Multiple Cross-Site Request Forgery Title: Multiple Cross-Site Request Forgery Type: Cross-Site Request Forgery (CSRF) CVSS Score: 5.4 (Medium) Publicly Published: November…

Read More

WordPress Plugin Vulnerability Report – UpdraftPlus – Cross-Site Request Forgery to Google Drive Storage Update – CVE-2023-5982

Plugin Name: UpdraftPlus Key Information: Software Type: Plugin Software Slug: updraftplus Software Status: Active Software Author: davidanderson Software Downloads: 107,410,188 Active Installs: 3,000,000 Last Updated: November 7, 2023 Patched Versions: 1.23.11 Affected Versions: <= 1.23.10 Vulnerability Details: Name: UpdraftPlus <= 1.23.10 – Cross-Site Request Forgery to Google Drive Storage Update Title: Cross-Site Request Forgery to Google Drive Storage Update Type: Cross-Site Request Forgery (CSRF) CVE: CVE-2023-5982 CVSS Score: 5.4…

Read More

WordPress Plugin Vulnerability Report – Code Snippets – Cross-Site Request Forgery via load

Plugin Name: Code Snippets Key Information: Software Type: Plugin Software Slug: code-snippets Software Status: Active Software Author: bungeshea Software Downloads: 8,867,266 Active Installs: 800,000 Last Updated: November 6, 2023 Patched Versions: 3.6.0 Affected Versions: < 3.6.0 Vulnerability Details: Name: Code Snippets <= 3.5.0 – Cross-Site Request Forgery via load Type: Cross-Site Request Forgery (CSRF) CVSS Score: 5.4 (Medium) Publicly Published: November 6, 2023 Description: The Code Snippets plugin for…

Read More

WordPress Plugin Vulnerability Report – Top 10 – Cross-Site Request Forgery via edit_count_ajax

Plugin Name: Top 10 Key Information: Software Type: Plugin Software Slug: top-10 Software Status: Active Software Author: ajay Software Downloads: 1,049,082 Active Installs: 20,000 Last Updated: November 3, 2023 Patched Versions: 3.3.3 Affected Versions: <= 3.3.2 Vulnerability Details: Name: Top 10 <= 3.3.2 – Cross-Site Request Forgery via edit_count_ajax Title: Cross-Site Request Forgery via edit_count_ajax…

Read More