vulnerability
WordPress Plugin Vulnerability Report – Simple Calendar – Cross-Site Request Forgery
Plugin Name: Simple Calendar – Google Calendar Plugin Key Information: Software Type: Plugin Software Slug: google-calendar-events Software Status: Active Software Author: simplecalendar Software Downloads: 2,568,146 Active Installs: 60,000 Last Updated: October 20, 2023 Patched Versions: 3.2.5 Affected Versions: <3.2.5 Vulnerability Details: Name: Simple Calendar <= 3.2.4 – Cross-Site Request Forgery via duplicate_feed Title: Cross-Site Request…
WordPress Plugin Vulnerability Report – WooCommerce Stripe Payment Gateway – Cross-Site Request Forgery
Plugin Name: WooCommerce Stripe Payment Gateway Key Information: Software Type: Plugin Software Slug: woocommerce-gateway-stripe Software Status: Active Software Author: automattic Software Downloads: 28,425,774 Active Installs: 800,000 Last Updated: October 17, 2023 Patched Versions: 7.6.1 Affected Versions: <=7.6.0 Vulnerability Details: Name: Stripe Gateway <= 7.6.0 – Cross-Site Request Forgery Type: Cross-Site Request Forgery (CSRF) CVSS Score:…
WordPress Plugin Vulnerability Report – Social Media Share Buttons & Social Sharing Icons – Cross-Site Request Forgery – CVE-2023-5602 – Information Exposure – CVE-2023-5070
Plugin Name: Social Media Share Buttons & Social Sharing Icons Key Information: Software Type: Plugin Software Slug: ultimate-social-media-icons Software Status: Active Software Author: socialdude Software Downloads: 10,654,500 Active Installs: 100,000 Last Updated: October 16, 2023 Patched Versions: 2.8.6 Affected Versions: <=2.8.5 Vulnerability 1 Details: Name: Social Media Share Buttons & Social Sharing Icons <= 2.8.5 – Cross-Site Request Forgery Type: Cross-Site…
WordPress Plugin Vulnerability Report – WPLegalPages – Authenticated (Author+) Stored Cross-Site Scripting via Shortcode – CVE-2023-4968
Plugin Name: Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin: WPLegalPages Key Information: Software Type: Plugin Software Slug: wplegalpages Software Status: Active Software Author: wpeka-club Software Downloads: 585,699 Active Installs: 20,000 Last Updated: October 10, 2023 Patched Versions: 2.9.3 Affected Versions: <=2.9.2 Vulnerability Details: Name: WPLegalPages <= 2.9.2 – Authenticated (Author+) Stored Cross-Site Scripting…
WordPress Plugin Vulnerability Report – Hotjar – Authenticated (Administrator+) Stored Cross-Site Scripting – CVE-2023-1259
Plugin Name: Hotjar Key Information: Software Type: Plugin Software Slug: hotjar Software Status: Removed Software Author: hotjar Software Downloads: 868,850 Active Installs: 100,000 Last Updated: October 5, 2023 Patched Versions: Not yet patched Affected Versions: <=1.0.15 Vulnerability Details: Name: Hotjar <= 1.0.15 – Authenticated (Administrator+) Stored Cross-Site Scripting Type: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) CVE: CVE-2023-1259 CVSS Score: 4.4 (Medium)…
WordPress Plugin Vulnerability Report – Booster for WooCommerce – Authenticated (Subscriber+) Information Disclosure via Shortcode
Plugin Name: Booster for WooCommerce Key Information: Software Type: Plugin Software Slug: woocommerce-jetpack Software Status: Active Software Author: pluggabl Software Downloads: 3,383,182 Active Installs: 60,000 Last Updated: October 4, 2023 Patched Versions: <=7.1.1 Affected Versions: 7.1.2 Vulnerability Details: Name: Booster for WooCommerce <= 7.1.1 – Authenticated (Subscriber+) Information Disclosure via Shortcode Title: Authenticated (Subscriber+) Information Disclosure via Shortcode Type: Information Exposure CVSS Score: 4.3 (medium)…
WordPress Plugin Vulnerability Report – Ad Inserter – Unauthenticated Sensitive Information Exposure – CVE-2023-4668, CVE-2023-4645
Plugin Name: Ad Inserter Key Information: Software Type: Plugin Software Slug: ad-inserter Software Status: Active Software Author: Spacetime Software Downloads: 13,908,300 Active Installs: 300,000 Last Updated: September 22, 2023 Patched Versions: 2.7.31 Affected Versions: 2.7.30 Vulnerability Details: Name: Ad Inserter <= 2.7.30 – Unauthenticated Sensitive Information Exposure via ai-debug-processing-fe Type: Missing Authorization CVE: CVE-2023-4668 CVSS…
WordPress Plugin Vulnerability Report – Media Library Assistant – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2023-4716
Plugin Name: Media Library Assistant Key Information: Software Type: Plugin Software Slug: media-library-assistant Software Status: Active Software Author: David Lingren Software Downloads: 1,759,449 Active Installs: 70,000 Last Updated: September 21, 2023 Patched Versions: <=3.10 Affected Versions: 3.11 Vulnerability Details: Name: Media Library Assistant <= 3.10 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Type: Improper…
WordPress Plugin Vulnerability Report – Essential Addons for Elementor – Authenticated (Contributor+) Privilege Escalation
Plugin Name: Essential Addons for Elementor Key Information: Software Type: Plugin Software Slug: essential-addons-for-elementor-lite Software Status: Active Software Author: wpdevteam Software Downloads: 55,164,924 Active Installs: 1,000,000 Last Updated: September 14, 2023 Patched Versions: 5.8.9 Affected Versions: <=5.8.8 Vulnerability Details: Name: Essential Addons for Elementor <= 5.8.8 – Authenticated (Contributor+) Privilege Escalation Type: Missing Authorization CVSS…
WordPress Plugin Vulnerability Report: Slimstat Analytics – Authenticated (Contributor+) Blind SQL Injection via Shortcode – CVE-2023-4598
Key Information: Software Type: Plugin Software Slug: wp-slimstat Software Status: Active Software Author: mostafas1990 Software Downloads: 5,922,898 Active Installs: 100,000 Last Updated: September 11, 2023 Patched Versions: 5.0.10 Affected Versions: <=5.0.9 Vulnerability Details: Name: Slimstat Analytics <= 5.0.9 – Authenticated (Contributor+) Blind SQL Injection via Shortcode Type: Improper Neutralization of Special Elements used in an…