WordPress Plugin Vulnerability Report – Ad Inserter – Unauthenticated Sensitive Information Exposure – CVE-2023-4668, CVE-2023-4645

Plugin Name: Ad Inserter Key Information: Software Type: Plugin Software Slug: ad-inserter Software Status: Active Software Author: Spacetime Software Downloads: 13,908,300 Active Installs: 300,000 Last Updated: September 22, 2023 Patched Versions: 2.7.31 Affected Versions: 2.7.30 Vulnerability Details: Name: Ad Inserter <= 2.7.30 – Unauthenticated Sensitive Information Exposure via ai-debug-processing-fe Type: Missing Authorization CVE: CVE-2023-4668 CVSS…

Read More

WordPress Plugin Vulnerability Report – Comments – wpDiscuz – Unauthenticated SQL Injection

Plugin Name: Comments – wpDiscuz Key Information: Software Type: Plugin Software Slug: wpdiscuz Software Status: Active Software Author: advancedcoding Software Downloads: 2,865,421 Active Installs: 80,000 Last Updated: September 18, 2023 Patched Versions: 7.6.6 Affected Versions: <=7.6.5 Vulnerability Details: Name: wpDiscuz <= 7.6.5 – Unauthenticated SQL Injection Type: Improper Neutralization of Special Elements used in an…

Read More

WordPress Plugin Vulnerability Report – Essential Addons for Elementor – Authenticated (Contributor+) Privilege Escalation

Plugin Name: Essential Addons for Elementor Key Information: Software Type: Plugin Software Slug: essential-addons-for-elementor-lite Software Status: Active Software Author: wpdevteam Software Downloads: 55,164,924 Active Installs: 1,000,000 Last Updated: September 14, 2023 Patched Versions: 5.8.9 Affected Versions: <=5.8.8 Vulnerability Details: Name: Essential Addons for Elementor <= 5.8.8 – Authenticated (Contributor+) Privilege Escalation Type: Missing Authorization CVSS…

Read More

WordPress Plugin Vulnerability Report – Migration, Backup, Staging – WPvivid – Missing Authorization & Stored Cross-Site Scripting

Plugin Name: Migration, Backup, Staging – WPvivid Key Information: Software Type: Plugin Software Slug: wpvivid-backuprestore Software Status: Active Software Author: wpvividplugins Software Downloads: 5,141,419 Active Installs: 300,000 Last Updated: September 12, 2023 Patched Versions: 0.9.91 Affected Versions: <=0.9.90 First Vulnerability: Vulnerability Details: Name: WPvivid Backup Plugin <= 0.9.90 – Missing Authorization via ‘start_staging’ and ‘get_staging_progress’…

Read More