Website Security
Advanced Database Cleaner Vulnerability – Authenticated(Administrator+) PHP Object Injection via process_bulk_action – CVE-2024-0668 | WordPress Plugin Vulnerability Report
Plugin Name: Advanced Database Cleaner Key Information: Software Type: Plugin Software Slug: advanced-database-cleaner Software Status: Active Software Author: symptote Software Downloads: 1,283,477 Active Installs: 100,000 Last Updated: January 24, 2024 Patched Versions: 3.1.4 Affected Versions: <= 3.1.3 Vulnerability Details: Name: Advanced Database Cleaner <= 3.1.3 – Authenticated(Administrator+) PHP Object Injection via process_bulk_action Title: Authenticated(Administrator+) PHP Object Injection via process_bulk_action Type: Deserialization of Untrusted Data CVE: CVE-2024-0668 CVSS Score: 6.6…
Paid Memberships Pro Vulnerability – Cross-Site Request Forgery to Level Orders Update – CVE-2024-0624 | WordPress Plugin Vulnerability Report
Plugin Name: Paid Memberships Pro Key Information: Software Type: Plugin Software Slug: paid-memberships-pro Software Status: Active Software Author: strangerstudios Software Downloads: 5,532,954 Active Installs: 90,000 Last Updated: January 24, 2024 Patched Versions: 2.12.8 Affected Versions: <= 2.12.7 Vulnerability Details: Name: Paid Memberships Pro <= 2.12.7 – Cross-Site Request Forgery to Level Orders Update Type: Cross-Site Request Forgery (CSRF) CVE: CVE-2024-0624 CVSS Score: 5.3 (Medium) Publicly Published: January 24, 2024…
WebSub Vulnerability – Authenticated (Admin+) Stored Cross-Site Scripting – CVE-2024-0688 | WordPress Plugin Vulnerability Report
Plugin Name: WebSub Key Information: Software Type: Plugin Software Slug: pubsubhubbub Software Status: Active Software Author: joshfraz Software Downloads: 1,744,325 Active Installs: 100,000 Last Updated: January 24, 2024 Patched Versions: 3.2.0 Affected Versions: <= 3.1.4 Vulnerability Details: Name: WebSub (FKA. PubSubHubbub) <= 3.1.4 – Authenticated (Admin+) Stored Cross-Site Scripting Title: Authenticated (Admin+) Stored Cross-Site Scripting…
WPFront Notification Bar Vulnerability – Authenticated (Admin+) Stored Cross-Site Scripting via wpfront-notification-bar-options[custom_class] – CVE-2024-0625 | WordPress Plugin Vulnerability Report
Plugin Name: WPFront Notification Bar Key Information: Software Type: Plugin Software Slug: wpfront-notification-bar Software Status: Active Software Author: syammohanm Software Downloads: 803,067 Active Installs: 50,000 Last Updated: January 24, 2024 Patched Versions: <= 3.3.2 Affected Versions: <= 3.3.2 Vulnerability Details: Name: WPFront Notification Bar <= 3.3.2 – Authenticated (Admin+) Stored Cross-Site Scripting via wpfront-notification-bar-options[custom_class] Title: Authenticated (Admin+) Stored Cross-Site Scripting via wpfront-notification-bar-options[custom_class] Type: Improper Neutralization of Input…
WordPress Button Plugin MaxButtons Vulnerability – Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode – CVE-2023-7029 | WordPress Plugin Vulnerability Report
Plugin Name: WordPress Button Plugin MaxButtons Key Information: Software Type: Plugin Software Slug: maxbuttons Software Status: Active Software Author: maxfoundry Software Downloads: 4,681,976 Active Installs: 100,000 Last Updated: January 23, 2024 Patched Versions: 9.7.7 Affected Versions: <= 9.7.6 Vulnerability Details: Name: WordPress Button Plugin MaxButtons <= 9.7.6 – Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode Title:…
AMP for WP Vulnerability – Reflected Cross-Site Scripting – CVE-2024-0587 | WordPress Plugin Vulnerability Report
Plugin Name: AMP for WP Key Information: Software Type: Plugin Software Slug: accelerated-mobile-pages Software Status: Active Software Author: mohammed_kaludi Software Downloads: 17,593,156 Active Installs: 100,000 Last Updated: January 22, 2024 Patched Versions: 1.0.93 Affected Versions: <= 1.0.92.1 Vulnerability Details: Name: Accelerated Mobile Pages <= 1.0.92.1 – Reflected Cross-Site Scripting Title: Reflected Cross-Site Scripting Type: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) CVE: CVE-2024-0587 CVSS Score: 6.1…
File Manager Vulnerability – Sensitive Information Exposure via Backup Filenames – CVE-2024-0761 | WordPress Plugin Vulnerability Report
Plugin Name: File Manager Key Information: Software Type: Plugin Software Slug: wp-file-manager Software Status: Active Software Author: mndpsingh287 Software Downloads: 19,681,705 Active Installs: 1,000,000 Last Updated: January 22, 2024 Patched Versions: 7.2.2 Affected Versions: <= 7.2.1 Vulnerability Details: Name: File Manager <= 7.2.1 – Sensitive Information Exposure via Backup Filenames Title: Sensitive Information Exposure via…
WPvivid Vulnerability – Missing Authorization – CVE-2023-4637 | WordPress Plugin Vulnerability Report
Plugin Name: WPvivid Key Information: Software Type: Plugin Software Slug: wpvivid-backuprestore Software Status: Active Software Author: wpvividplugins Software Downloads: 6,203,119 Active Installs: 400,000 Last Updated: January 19, 2024 Patched Versions: 0.9.95 Affected Versions: <= 0.9.94 Vulnerability Details: Name: WPvivid <= 0.9.94 – Missing Authorization Title: Missing Authorization Type: Missing Authorization CVE: CVE-2023-4637 CVSS Score: 4.3 (Medium) Publicly Published: January 19, 2024 Researcher: Revan Arifio Description: The WPvivid plugin for WordPress is vulnerable…
Ninja Tables Vulnerability – Missing Authorization – CVE-2024-23504 | WordPress Plugin Vulnerability Report
Plugin Name: Ninja Tables Key Information: Software Type: Plugin Software Slug: ninja-tables Software Status: Active Software Author: techjewel Software Downloads: 1,636,926 Active Installs: 80,000 Last Updated: January 19, 2024 Patched Versions: 5.0.6 Affected Versions: <= 5.0.5 Vulnerability Details: Name: Ninja Tables <= 5.0.5 – Missing Authorization Title: Missing Authorization Type: Missing Authorization CVE: CVE-2024-23504 CVSS Score: 5.3 (Medium) Publicly Published: January 19, 2024 Researcher: emad Description: The Ninja Tables plugin for WordPress…
Simple Membership Vulnerability – Open Redirect – CVE-2024-22308 | WordPress Plugin Vulnerability Report
Plugin Name: Simple Membership Key Information: Software Type: Plugin Software Slug: simple-membership Software Status: Active Software Author: mra13 Software Downloads: 2,388,048 Active Installs: 50,000 Last Updated: January 19, 2024 Patched Versions: 4.4.2 Affected Versions: <= 4.4.1 Vulnerability Details: Name: Simple Membership <= 4.4.1 – Open Redirect Title: Open Redirect Type: URL Redirection to Untrusted Site (‘Open Redirect’) CVE: CVE-2024-22308 CVSS Score: 6.1 (Medium) Publicly Published: January 19, 2024 Researcher: Joshua Chan…