Website Maintenance
MapPress Maps for WordPress Vulnerability- Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2023-7225 |WordPress Plugin Vulnerability Report
Plugin Name: MapPress Maps for WordPress Key Information: Software Type: Plugin Software Slug: mappress-google-maps-for-wordpress Software Status: Active Software Author: chrisvrichardson Software Downloads: 4,193,183 Active Installs: 50,000 Last Updated: February 2, 2024 Patched Versions: 2.88.17 Affected Versions: <= 2.88.16 Vulnerability Details: Name: MapPress <= 2.88.16 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via Map Settings Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N…
SEO Plugin by Squirrly SEO Vulnerability- Authenticated (Administrator+) Stored Cross-Site Scripting – CVE-2024-0597 |WordPress Plugin Vulnerability Report
Plugin Name: SEO Plugin by Squirrly SEO Key Information: Software Type: Plugin Software Slug: squirrly-seo Software Status: Active Software Author: cifi Software Downloads: 4,689,778 Active Installs: 200,000 Last Updated: February 2, 2024 Patched Versions: 12.3.16 Affected Versions: <= 12.3.15 Vulnerability Details: Name: SEO Plugin by Squirrly SEO <= 12.3.15 Title: Authenticated (Administrator+) Stored Cross-Site Scripting…
SiteOrigin Widgets Bundle Vulnerability- Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-0961 |WordPress Plugin Vulnerability Report
Plugin Name: SiteOrigin Widgets Bundle Key Information: Software Type: Plugin Software Slug: so-widgets-bundle Software Status: Active Software Author: gpriday Software Downloads: 37,152,267 Active Installs: 600,000 Last Updated: February 1, 2024 Patched Versions: 1.58.2 Affected Versions: <= 1.58.1 Vulnerability Details: Name: SiteOrigin Widgets Bundle <= 1.58.1 Title: Authenticated (Contributor+) Stored Cross-Site Scripting Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N CVE: CVE-2024-0961…
Backuply Vulnerability– Backup, Restore, Migrate and Clone – Authenticated (Administrator+) Directory Traversal – CVE-2024-0697 |WordPress Plugin Vulnerability Report
Plugin Name: Backuply – Backup, Restore, Migrate and Clone Key Information: Software Type: Plugin Software Slug: backuply Software Status: Active Software Author: Softaculous Software Downloads: 1,893,554 Active Installs: 200,000 Last Updated: February 1, 2024 Patched Versions: 1.2.4 Affected Versions: <= 1.2.3 Vulnerability Details: Name: Backuply – Backup, Restore, Migrate and Clone <= 1.2.3 Title: Authenticated…
Better Search Replace Vulnerability – Unauthenticated PHP Object Injection – CVE-2023-6933 | WordPress Plugin Vulnerability Report
Plugin Name: Better Search Replace Key Information: Software Type: Plugin Software Slug: better-search-replace Software Status: Active Software Author: wpengine Software Downloads: 12,169,696 Active Installs: 1,000,000 Last Updated: January 24, 2024 Patched Versions: 1.4.5 Affected Versions: <= 1.4.4 Vulnerability Details: Name: Better Search Replace <= 1.4.4 – Unauthenticated PHP Object Injection Type: Deserialization of Untrusted Data CVE: CVE-2023-6933 CVSS Score: 9.8 (Critical) Publicly Published: January 24, 2024 Researcher: Sam Pizzey Description: The…
Paid Memberships Pro Vulnerability – Cross-Site Request Forgery to Level Orders Update – CVE-2024-0624 | WordPress Plugin Vulnerability Report
Plugin Name: Paid Memberships Pro Key Information: Software Type: Plugin Software Slug: paid-memberships-pro Software Status: Active Software Author: strangerstudios Software Downloads: 5,532,954 Active Installs: 90,000 Last Updated: January 24, 2024 Patched Versions: 2.12.8 Affected Versions: <= 2.12.7 Vulnerability Details: Name: Paid Memberships Pro <= 2.12.7 – Cross-Site Request Forgery to Level Orders Update Type: Cross-Site Request Forgery (CSRF) CVE: CVE-2024-0624 CVSS Score: 5.3 (Medium) Publicly Published: January 24, 2024…
WPvivid Vulnerability – Missing Authorization – CVE-2023-4637 | WordPress Plugin Vulnerability Report
Plugin Name: WPvivid Key Information: Software Type: Plugin Software Slug: wpvivid-backuprestore Software Status: Active Software Author: wpvividplugins Software Downloads: 6,203,119 Active Installs: 400,000 Last Updated: January 19, 2024 Patched Versions: 0.9.95 Affected Versions: <= 0.9.94 Vulnerability Details: Name: WPvivid <= 0.9.94 – Missing Authorization Title: Missing Authorization Type: Missing Authorization CVE: CVE-2023-4637 CVSS Score: 4.3 (Medium) Publicly Published: January 19, 2024 Researcher: Revan Arifio Description: The WPvivid plugin for WordPress is vulnerable…
VK Block Patterns Vulnerability – Cross-Site Request Forgery – CVE-2024-0623 | WordPress Plugin Vulnerability Report
Plugin Name: VK Block Patterns Key Information: Software Type: Plugin Software Slug: vk-block-patterns Software Status: Active Software Author: vektor-inc Software Downloads: 1,113,989 Active Installs: 80,000 Last Updated: January 19, 2024 Patched Versions: 1.31.2.0 Affected Versions: <= 1.31.1.1 Vulnerability Details: Name: VK Block Patterns <= 1.31.1.1 – Cross-Site Request Forgery Type: Cross-Site Request Forgery (CSRF) CVE: CVE-2024-0623 CVSS Score: 4.3 (Medium) Publicly Published: January 19, 2024 Researcher: kodaichodai Description: The VK Block…
Contact Form Plugin – Authenticated(Administrator+) Stored Cross-Site Scripting via imported form title – CVE-2024-0618 | WordPress Plugin Vulnerability Report
Plugin Name: Contact Form Plugin – Fastest Contact Form Builder Plugin for WordPress by Fluent Forms Key Information: Software Type: Plugin Software Slug: fluentform Software Status: Active Software Author: techjewel Software Downloads: 5,679,069 Active Installs: 400,000 Last Updated: January 18, 2024 Patched Versions: 5.1.7 Affected Versions: <= 5.1.5 Vulnerability Details: Name: Fluent Forms <= 5.1.5…
User Profile Builder Vulnerability – Missing Authorization to Plugin Settings Change via wppb_two_factor_authentication_settings_update – CVE-2024-0324 | WordPress Plugin Vulnerability Report
Plugin Name: User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor Key Information: Software Type: Plugin Software Slug: profile-builder Software Status: Active Software Author: reflectionmedia Software Downloads: 4,133,093 Active Installs: 50,000 Last Updated: January 23, 2024 Patched Versions: 3.10.9 Affected Versions: <= 3.10.8 Vulnerability Details: Name: User Profile Builder <=…