Website Security
AI Engine Vulnerability – Authenticated(Editor+) Arbitrary File Upload via add_image_from_url – CVE-2024-0699 | WordPress Plugin Vulnerability Report
Plugin Name: AI Engine Key Information: Software Type: Plugin Software Slug: ai-engine Software Status: Active Software Author: tigroumeow Software Downloads: 1,716,148 Active Installs: 50,000 Last Updated: January 18, 2024 Patched Versions: 2.1.5 Affected Versions: <= 2.1.4 Vulnerability Details: Name: AI Engine <= 2.1.4 – Authenticated(Editor+) Arbitrary File Upload via add_image_from_url Title: Authenticated(Editor+) Arbitrary File Upload via add_image_from_url Type: Unrestricted Upload of File with Dangerous Type CVE: CVE-2024-0699 CVSS…
Paid Memberships Pro Vulnerability – Information Exposure in Debug Logs | WordPress Plugin Vulnerability Report
Plugin Name: Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions Key Information: Software Type: Plugin Software Slug: paid-memberships-pro Software Status: Active Software Author: strangerstudios Software Downloads: 5,525,093 Active Installs: 90,000 Last Updated: January 12, 2024 Patched Versions: 2.12.7 Affected Versions: <= 2.12.6 Vulnerability Details: Name: Paid Memberships Pro <= 2.12.6 Title: Information…
OneClick Chat to Order Vulnerability – Authenticated Stored Cross-Site Scripting via Shortcode | WordPress Plugin Vulnerability Report
Plugin Name: OneClick Chat to Order Key Information: Software Type: Plugin Software Slug: oneclick-whatsapp-order Software Status: Active Software Author: walterpinem Software Downloads: 205,924 Active Installs: 30,000 Last Updated: January 8, 2024 Patched Versions: 1.0.6 Affected Versions: <= 1.0.5 Vulnerability Details: Name: OneClick Chat to Order <= 1.0.5 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode…
WordPress Button Plugin MaxButtons – Authenticated Stored Cross-Site Scripting – CVE-2023-6594 | WordPress Plugin Vulnerability Report
Plugin Name: WordPress Button Plugin MaxButtons Key Information: Software Type: Plugin Software Slug: maxbuttons Software Status: Active Software Author: maxfoundry Software Downloads: 4,640,344 Active Installs: 100,000 Last Updated: January 8, 2024 Patched Versions: 9.7.6 Affected Versions: <= 9.7.4 Vulnerability Details: Name: WordPress Button Plugin MaxButtons <= 9.7.4 Title: Authenticated (Administrator+) Stored Cross-Site Scripting Type: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N…
ElementsKit Vulnerability – Unauthenticated Sensitive Information Exposure – CVE-2023-6582 | WordPress Plugin Vulnerability Report
Plugin Name: ElementsKit Elementor addons Key Information: Software Type: Plugin Software Slug: elementskit-lite Software Status: Active Software Author: xpeedstudio Software Downloads: 15,802,981 Active Installs: 1,000,000 Last Updated: January 9, 2024 Patched Versions: 3.0.4 Affected Versions: <= 3.0.3 Vulnerability Details: Name: ElementsKit Lite <= 3.0.3 Title: Unauthenticated Sensitive Information Exposure Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE: CVE-2023-6582 CVSS Score:…
Formidable Forms Vulnerability – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder – Authenticated (Administrator+) Stored Cross-Site Scripting – CVE-2023-6842 | WordPress Plugin Vulnerability Report
Plugin Name: Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder Key Information: Software Type: Plugin Software Slug: formidable Software Status: Active Software Author: sswells Software Downloads: 19,370,348 Active Installs: 300,000 Last Updated: January 8, 2024 Patched Versions: 6.7.1 Affected Versions: <= 6.7 Vulnerability Details: Name: Formidable Forms <= 6.7…
User Profile Builder – Insecure Direct Object Reference – CVE-2023-6504 | WordPress Plugin Vulnerability Report
Plugin Name: User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor Key Information: Software Type: Plugin Software Slug: profile-builder Software Status: Active Software Author: reflectionmedia Software Downloads: 4,108,981 Active Installs: 50,000 Last Updated: January 5, 2024 Patched Versions: 3.10.8 Affected Versions: <= 3.10.6 Vulnerability Details: Name: Profile Builder <= 3.10.7…
RSS Aggregator by Feedzy Vulnerability – Missing Authorization – CVE-2023-6798 | WordPress Plugin Vulnerability Report
Plugin Name: RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator Key Information: Software Type: Plugin Software Slug: feedzy-rss-feeds Software Status: Active Software Author: themeisle Software Downloads: 1,986,458 Active Installs: 50,000 Last Updated: January 5, 2024 Patched Versions: 4.3.3 Affected Versions: <= 4.3.2 Vulnerability Details: Name: RSS Aggregator by…
Orbit Fox by ThemeIsle Vulnerability – Authenticated Stored Cross-Site Scripting – CVE-2023-6781 | WordPress Plugin Vulnerability Report
Plugin Name: Orbit Fox by ThemeIsle Key Information: Software Type: Plugin Software Slug: themeisle-companion Software Status: Active Software Author: themeisle Software Downloads: 10,910,881 Active Installs: 200,000 Last Updated: January 5, 2024 Patched Versions: <= 2.10.26 Affected Versions: 2.10.27 Vulnerability Details: Name: Orbit Fox Companion <= 2.10.26 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via custom…
LightStart Vulnerability – Maintenance Mode, Coming Soon and Landing Page Builder – Missing Authorization – CVE-2023-7019| WordPress Plugin Vulnerability Report
Plugin Name: LightStart – Maintenance Mode, Coming Soon and Landing Page Builder Key Information: Software Type: Plugin Software Slug: wp-maintenance-mode Software Status: Active Software Author: themeisle Software Downloads: 15,432,322 Active Installs: 700,000 Last Updated: January 5th, 2024 Patched Versions: 2.6.9 Affected Versions: <= 2.6.8 Vulnerability Details: Name: LightStart – Maintenance Mode, Coming Soon and Landing…