Website Maintenance
WordPress Plugin Vulnerability Report – Manage Notification E-mails – Missing Authorization – CVE-2023-6496
Plugin Name: Manage Notification E-mails Key Information: Software Type: Plugin Software Slug: manage-notification-emails Software Status: Active Software Author: virgial Software Downloads: 612,816 Active Installs: 100,000 Last Updated: December 8, 2023 Patched Versions: 1.8.6 Affected Versions: <= 1.8.5 Vulnerability Details: Name: Manage Notification E-mails <= 1.8.5 – Missing Authorization Title: Missing Authorization Type: Improper Authorization CVE: CVE-2023-6496 CVSS Score: 5.3 (Medium) Publicly Published: December 8, 2023 Researcher: Rafshanzani Suhada Description: The Manage Notification…
The Business Perspective: How Site Neglect Can Impact Brand Image and Sales
It’s 2 AM when the frantic texts from your top customer jerk you awake. Bleary-eyed, you fumble to read the message on your phone. “Error message when trying to checkout on your site…pages look broken on my phone…what’s going on??” You scramble to grab your laptop as your heart races, pulling up your website. You…
WordPress Plugin Vulnerability Report – Abandoned Cart Lite for WooCommerce – Cross-Site Request Forgery
Plugin Name: Abandoned Cart Lite for WooCommerce Key Information: Software Type: Plugin Software Slug: woocommerce-abandoned-cart Software Status: Active Software Author: tychesoftwares Software Downloads: 1,004,642 Active Installs: 30,000 Last Updated: December 1, 2023 Patched Versions: 5.16.2 Affected Versions: <= 5.16.1 Vulnerability Details: Name: Abandoned Cart Lite for WooCommerce <= 5.16.1 – Cross-Site Request Forgery Title: Cross-Site Request Forgery Type: Cross-Site Request Forgery (CSRF) CVSS Score: 5.3 (Medium) Publicly Published: December…
WordPress Plugin Vulnerability Report – Contact Form 7 – Authenticated (Editor+) Arbitrary File Upload – CVE-2023-6449
Plugin Name: Contact Form 7 Key Information: Software Type: Plugin Software Slug: contact-form-7 Software Status: Active Software Author: takayukister Software Downloads: 299,048,263 Active Installs: 5,000,000 Last Updated: November 30, 2023 Patched Versions: 5.8.4 Affected Versions: <= 5.8.3 Vulnerability Details: Name: Contact Form 7 <= 5.8.3 – Authenticated (Editor+) Arbitrary File Upload Title: Authenticated (Editor+) Arbitrary File Upload Type: Unrestricted Upload of File with Dangerous Type CVE: CVE-2023-6449 CVSS…
WordPress Plugin Vulnerability Report – Email Address Encoder – Authenticated (Contributor+) Stored Cross-Site Scripting
Plugin Name: Email Address Encoder Key Information: Software Type: Plugin Software Slug: email-address-encoder Software Status: Active Software Author: tillkruess Software Downloads: 1,241,298 Active Installs: 100,000 Last Updated: November 28, 2023 Patched Versions: 1.0.23 Affected Versions: <=1.0.22 Vulnerability Details: Name: Email Address Encoder 1.0.22 – Authenticated (Contributor+) Stored Cross-Site Scripting Title: Authenticated (Contributor+) Stored Cross-Site Scripting Type: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) CVSS…
Avoiding DIY Pitfalls: Why Professional Support Matters
Managing a business is already a challenge. Now throw in managing a website without expertise. Juggling too much at once is sure to lead to some dropped balls. And when your head is in a thousand places at once, even minor issues can quickly escalate into major headaches and lost revenue. Consider This A small…
WordPress Plugin Vulnerability Report – BackWPup – Authenticated (Administrator+) Directory Traversal – CVE-2023-5504
Plugin Name: BackWPup Key Information: Software Type: Plugin Software Slug: backwpup Software Status: Active Software Author: wp_media Software Downloads: 13,284,859 Active Installs: 600,000 Last Updated: November 22, 2023 Patched Versions: 4.0.2 Affected Versions: <= 4.0.1 Vulnerability Details: Name: BackWPup <= 4.0.1 – Authenticated (Administrator+) Directory Traversal Title: Authenticated (Administrator+) Directory Traversal Type: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) CVE: CVE-2023-5504 CVSS Score: 8.7 (High)…
WordPress Plugin Vulnerability Report – Elementor Addon Elements – Cross-Site Request Forgery – CVE-2023-4690
Plugin Name: Elementor Addon Elements Key Information: Software Type: Plugin Software Slug: addon-elements-for-elementor-page-builder Software Status: Active Software Author: webtechstreet Software Downloads: 2,143,312 Active Installs: 100,000 Last Updated: November 15, 2023 Patched Versions: 1.12.8 Affected Versions: <= 1.12.7 Vulnerability Details: Name: Elementor Addon Elements <= 1.12.7 – Cross-Site Request Forgery Title: Cross-Site Request Forgery Type: Cross-Site Request Forgery (CSRF) CVE: CVE-2023-4690 CVSS Score: 5.4 (Medium) Publicly Published: November 15, 2023 Researcher: Marco…
WordPress Plugin Vulnerability Report – Forminator – Authenticated (Administrator+) Arbitrary File Upload – CVE-2023-6133
Plugin Name: Forminator Key Information: Software Type: Plugin Software Slug: forminator Software Status: Active Software Author: wpmudev Software Downloads: 5,677,838 Active Installs: 400,000 Last Updated: November 14, 2023 Patched Versions: 1.28.0 Affected Versions: <= 1.27.0 Vulnerability Details: Name: Forminator <= 1.27.0 – Authenticated (Administrator+) Arbitrary File Upload Type: Unrestricted Upload of File with Dangerous Type…
WordPress Plugin Vulnerability Report – Advanced iFrame – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2023-4775
Plugin Name: Advanced iFrame Key Information: Software Type: Plugin Software Slug: advanced-iframe Software Status: Active Software Author: mdempfle Software Downloads: 1,768,520 Active Installs: 60,000 Last Updated: November 9, 2023 Patched Versions: 2023.9 Affected Versions: <= 2023.8 Vulnerability Details: Name: Advanced iFrame <= 2023.8 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Title: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Type: Improper Neutralization of Input During Web Page…