vulnerability
Pagelayer Vulnerability – Authenticated(Contributor+) Stored Cross-Site Scripting via meta fields – CVE-2023-6738 | WordPress Plugin Vulnerability Report
Plugin Name: Pagelayer Key Information: Software Type: Plugin Software Slug: pagelayer Software Status: Active Software Author: softaculous Software Downloads: 5,480,305 Active Installs: 200,000 Last Updated: January 3, 2024 Patched Versions: 1.7.9 Affected Versions: <= 1.7.8 Vulnerability Details: Name: PageLayer <= 1.7.8 – Authenticated(Contributor+) Stored Cross-Site Scripting via meta fields Title: Authenticated(Contributor+) Stored Cross-Site Scripting via meta fields Type: Improper Input Validation CVE: CVE-2023-6738 CVSS Score: 5.4 (Medium) Publicly Published: January…
Complianz Vulnerability – Authenticated(Administrator+) Stored Cross-site Scripting via settings – CVE-2023-6498 | WordPress Plugin Vulnerability Report
Plugin Name: Complianz Key Information: Software Type: Plugin Software Slug: complianz-gdpr Software Status: Active Software Author: rogierlankhorst Software Downloads: 13,636,569 Active Installs: 800,000 Last Updated: January 3, 2024 Patched Versions: 6.5.6 Affected Versions: <= 6.5.5 Vulnerability Details: Name: Complianz | GDPR/CCPA Cookie Consent <= 6.5.5 – Authenticated(Administrator+) Stored Cross-site Scripting via settings Title: Authenticated(Administrator+) Stored Cross-site Scripting via settings Type: Improper Neutralization of Input During Web Page…
WP Shortcodes Plugin Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2023-6488 | WordPress Plugin Vulnerability Report
Plugin Name: WP Shortcodes Plugin Key Information: Software Type: Plugin Software Slug: shortcodes-ultimate Software Status: Active Software Author: gn_themes Software Downloads: 18,131,157 Active Installs: 600,000 Last Updated: December 18, 2023 Patched Versions: <= 7.0.0 Affected Versions: 7.0.1 Vulnerability Details: Name: WP Shortcodes Plugin – Shortcodes Ultimate <= 7.0.0 – Authenticated (Contributor+) Stored Cross-Site Scripting Title: Authenticated (Contributor+) Stored Cross-Site Scripting Type: Improper Neutralization of Input During Web…
SpeedyCache Vulnerability – Missing Authorization to Plugin Options Update – CVE-2023-6598 | WordPress Plugin Vulnerability Report
Plugin Name: SpeedyCache Key Information: Software Type: Plugin Software Slug: speedycache Software Status: Active Software Author: softaculous Software Downloads: 861,450 Active Installs: 100,000 Last Updated: December 16, 2023 Patched Versions: 1.1.4 Affected Versions: <= 1.1.3 Vulnerability Details: Name: SpeedyCache <= 1.1.3 – Missing Authorization to Plugin Options Update Type: Missing Authorization CVE: CVE-2023-6598 CVSS Score: 4.3 (Medium) Publicly Published: December 16, 2023 Researcher: Lucio Sá Description: The SpeedyCache plugin for WordPress…
WordPress Plugin Vulnerability Report – Backup Migration – Unauthenticated Remote Code Execution – CVE-2023-6553
Plugin Name: Backup Migration Key Information: Software Type: Plugin Software Slug: backup-backup Software Status: Active Software Author: migrate Software Downloads: 1,095,099 Active Installs: 90,000 Last Updated: December 11, 2023 Patched Versions: 1.3.8 Affected Versions: <= 1.3.7 Vulnerability Details: Name: Backup Migration <= 1.3.7 – Unauthenticated Remote Code Execution Type: Improper Control of Generation of Code (‘Code Injection’) CVE: CVE-2023-6553 CVSS Score: 9.8 (Critical) Publicly Published: December 11, 2023 Researcher: Nex…
WordPress Plugin Vulnerability Report – Import and export users and customers – Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode – CVE-2023-6624
Plugin Name: Import and export users and customers Key Information: Software Type: Plugin Software Slug: import-users-from-csv-with-meta Software Status: Active Software Author: carazo Software Downloads: 3,901,440 Active Installs: 80,000 Last Updated: December 11, 2023 Patched Versions: Affected Versions: Vulnerability Details: Name: Import and export users and customers <= 1.24.3 – Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode Title: Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode Type: Improper Neutralization…
WordPress Plugin Vulnerability Report – EmbedPress – Missing Authorization
Plugin Name: EmbedPress Key Information: Software Type: Plugin Software Slug: embedpress Software Status: Active Software Author: wpdevteam Software Downloads: 2,004,277 Active Installs: 80,000 Last Updated: December 8, 2023 Patched Versions: NA Affected Versions: <= 3.9.4 Vulnerability Details: Name: EmbedPress <= 3.9.4 – Missing Authorization Title: Missing Authorization Type: Missing Authorization CVSS Score: 5.3 (Medium) Publicly Published: December 8, 2023 Description: The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia…
WordPress Plugin Vulnerability Report – Manage Notification E-mails – Missing Authorization – CVE-2023-6496
Plugin Name: Manage Notification E-mails Key Information: Software Type: Plugin Software Slug: manage-notification-emails Software Status: Active Software Author: virgial Software Downloads: 612,816 Active Installs: 100,000 Last Updated: December 8, 2023 Patched Versions: 1.8.6 Affected Versions: <= 1.8.5 Vulnerability Details: Name: Manage Notification E-mails <= 1.8.5 – Missing Authorization Title: Missing Authorization Type: Improper Authorization CVE: CVE-2023-6496 CVSS Score: 5.3 (Medium) Publicly Published: December 8, 2023 Researcher: Rafshanzani Suhada Description: The Manage Notification…
WordPress Plugin Vulnerability Report – Elementor Website Builder – Authenticated(Contributor+) Arbitrary File Upload to Remote Code Execution via Template Import
Plugin Name: Elementor Website Builder Key Information: Software Type: Plugin Software Slug: elementor Software Status: Active Software Author: elemntor Software Downloads: 357,725,852 Active Installs: 5,000,000 Last Updated: December 6, 2023 Patched Versions: No patched version Affected Versions: <= 3.18.0 Vulnerability Details: Name: Elementor <= 3.18.0 Authenticated(Contributor+) Arbitrary File Upload to Remote Code Execution via Template Import Title: Authenticated(Contributor+) Arbitrary File Upload to Remote Code Execution via…
WordPress Plugin Vulnerability Report – Calculated Fields Form – Authenticated (Admin+) Stored Cross-Site Scripting – CVE-2023-6446
Plugin Name: Calculated Fields Form Key Information: Software Type: Plugin Software Slug: calculated-fields-form Software Status: Active Software Author: codepeople Software Downloads: 6,352,767 Active Installs: 60,000 Last Updated: December 5, 2023 Patched Versions: 1.2.41 Affected Versions: <= 1.2.40 Vulnerability Details: Name: Calculated Fields Form <= 1.2.40 – Authenticated (Admin+) Stored Cross-Site Scripting Title: Authenticated (Admin+) Stored Cross-Site Scripting Type: Improper Neutralization of Alternate XSS Syntax CVE: CVE-2023-6446 CVSS Score: 4.4…