Website Maintenance
WordPress Plugin Vulnerability Report – UpdraftPlus – Cross-Site Request Forgery to Google Drive Storage Update – CVE-2023-5982
Plugin Name: UpdraftPlus Key Information: Software Type: Plugin Software Slug: updraftplus Software Status: Active Software Author: davidanderson Software Downloads: 107,410,188 Active Installs: 3,000,000 Last Updated: November 7, 2023 Patched Versions: 1.23.11 Affected Versions: <= 1.23.10 Vulnerability Details: Name: UpdraftPlus <= 1.23.10 – Cross-Site Request Forgery to Google Drive Storage Update Title: Cross-Site Request Forgery to Google Drive Storage Update Type: Cross-Site Request Forgery (CSRF) CVE: CVE-2023-5982 CVSS Score: 5.4…
WordPress Plugin Vulnerability Report – GiveWP – Cross-Site Request Forgery – CVE-2023-4247, CVE-2023-4248
Plugin Name: GiveWP Key Information: Software Type: Plugin Software Slug: give Software Status: Active Software Author: webdevmattcrom Software Downloads: 6,043,447 Active Installs: 100,000 Last Updated: October 31, 2023 Patched Versions: 2.33.4 Affected Versions: <= 2.33.3 Vulnerability 1 Details: Name: GiveWP <= 2.33.3 – Cross-Site Request Forgery to plugin deactivation Title: Cross-Site Request Forgery to plugin deactivation Type: Cross-Site Request Forgery (CSRF) CVE: CVE-2023-4247 CVSS Score: 5.4 (Medium) Publicly Published: October…
How to Choose Between Manual and Automated WordPress Maintenance
If you’re running a small business owner, you’re likely wearing many hats and juggling countless tasks. And if you’re using WordPress for your website (which, let’s be honest, is pretty likely considering WordPress powers over 40% of the web), that’s another hat to add to your collection: The WordPress maintenance hat! Before you start panicking…
WordPress Plugin Vulnerability Report – WP Customer Reviews – Authenticated (Subscriber+) Sensitive Information Exposure – CVE-2023-4686
Plugin Name: WP Customer Reviews Key Information: Software Type: Plugin Software Slug: wp-customer-reviews Software Status: Active Software Author: bompus Software Downloads: 1,108,443 Active Installs: 30,000 Last Updated: October 31, 2023 Patched Versions: No Patched Version Affected Versions: <= 3.6.8 Vulnerability Details: Name: WP Customer Reviews <= 3.6.8 – Authenticated (Subscriber+) Sensitive Information Exposure Title: Authenticated (Subscriber+) Sensitive Information Exposure Type: Missing Authorization CVE: CVE-2023-4686 CVSS Score: 4.3 (Medium) Publicly…
WordPress Plugin Vulnerability Report – News & Blog Designer Pack – Unauthenticated Remote Code Execution via Local File Inclusion – CVE-2023-5815
Plugin Name: News & Blog Designer Pack Key Information: Software Type: Plugin Software Slug: blog-designer-pack Software Status: Active Software Author: infornweb Software Downloads: 408,098 Active Installs: 30,000 Last Updated: October 26, 2023 Patched Versions: 3.4.2 Affected Versions: <=3.4.1 Vulnerability Details: Name: News & Blog Designer Pack – WordPress Blog Plugin <= 3.4.1 – Unauthenticated Remote Code Execution via Local File Inclusion Title: Unauthenticated Remote Code Execution…
WordPress Plugin Vulnerability Report – Social Media Share Buttons & Social Sharing Icons – Cross-Site Request Forgery – CVE-2023-5602 – Information Exposure – CVE-2023-5070
Plugin Name: Social Media Share Buttons & Social Sharing Icons Key Information: Software Type: Plugin Software Slug: ultimate-social-media-icons Software Status: Active Software Author: socialdude Software Downloads: 10,654,500 Active Installs: 100,000 Last Updated: October 16, 2023 Patched Versions: 2.8.6 Affected Versions: <=2.8.5 Vulnerability 1 Details: Name: Social Media Share Buttons & Social Sharing Icons <= 2.8.5 – Cross-Site Request Forgery Type: Cross-Site…
WordPress Plugin Vulnerability Report – Ad Inserter – Unauthenticated Sensitive Information Exposure – CVE-2023-4668, CVE-2023-4645
Plugin Name: Ad Inserter Key Information: Software Type: Plugin Software Slug: ad-inserter Software Status: Active Software Author: Spacetime Software Downloads: 13,908,300 Active Installs: 300,000 Last Updated: September 22, 2023 Patched Versions: 2.7.31 Affected Versions: 2.7.30 Vulnerability Details: Name: Ad Inserter <= 2.7.30 – Unauthenticated Sensitive Information Exposure via ai-debug-processing-fe Type: Missing Authorization CVE: CVE-2023-4668 CVSS…
The High Cost of Waiting: Real-world Impacts of Slow Support Responses
Your website crashes during a sale. Pages load at a crawl. Online forms stop working. You reach out for support, only to wait helplessly as the precious minutes tick by without resolution. The lackadaisical response from your website management team obstructs progress and drains productivity across your business. As a small business owner, you feel…
WordPress Plugin Vulnerability Report – Comments – wpDiscuz – Unauthenticated SQL Injection
Plugin Name: Comments – wpDiscuz Key Information: Software Type: Plugin Software Slug: wpdiscuz Software Status: Active Software Author: advancedcoding Software Downloads: 2,865,421 Active Installs: 80,000 Last Updated: September 18, 2023 Patched Versions: 7.6.6 Affected Versions: <=7.6.5 Vulnerability Details: Name: wpDiscuz <= 7.6.5 – Unauthenticated SQL Injection Type: Improper Neutralization of Special Elements used in an…
Broken Website Emergency: First Steps to Diagnose and Fix
It’s every business owner’s nightmare – you wake up one morning to find your website is down. Or even worse, it’s up but full of glaring errors. Customers are complaining they can’t access your site or complete purchases. Your daily traffic has plummeted. Panic sets in. What caused this? Who can fix it? How quickly…