Website Security
WordPress Plugin Vulnerability Report – Mollie Payments for WooCommerce – Authenticated (Shop Manager+) Arbitrary File Upload – CVE-2023-6090
Plugin Name: Mollie Payments for WooCommerce Key Information: Software Type: Plugin Software Slug: mollie-payments-for-woocommerce Software Status: Active Software Author: mollieintegration Software Downloads: 2,934,315 Active Installs: 100,000 Last Updated: November 27, 2023 Patched Versions: 7.3.12 Affected Versions: <= 7.3.11 Vulnerability Details: Name: Mollie Payments for WooCommerce <= 7.3.11 – Authenticated (Shop Manager+) Arbitrary File Upload Title: Authenticated (Shop Manager+) Arbitrary File Upload Type: Unrestricted Upload of File with…
WordPress Plugin Vulnerability Report – Shortcodes Ultimate – Authenticated (Contributor+) Stored Cross-Site Scripting & Insecure Direct Object Reference to Information Disclosure – CVE-2023-6225 & CVE-2023-6226
Plugin Name: Shortcodes Ultimate Key Information: Software Type: Plugin Software Slug: shortcodes-ultimate Software Status: Active Software Author: gn_themes Software Downloads: 17,874,399 Active Installs: 600,000 Last Updated: November 27, 2023 Patched Versions: 7.0.0 Affected Versions: <= 5.13.3 Vulnerability 1 Details: Name: WP Shortcodes Plugin – Shortcodes Ultimate <= 5.13.3 – Authenticated (Contributor+) Stored Cross-Site Scripting Title: Authenticated (Contributor+) Stored Cross-Site Scripting Type: Improper Neutralization of Input During Web…
WordPress Plugin Vulnerability Report – SiteOrigin Widgets Bundle – Authenticated (Admin+) Local File Inclusion – CVE-2023-6295
Plugin Name: SiteOrigin Widgets Bundle Key Information: Software Type: Plugin Software Slug: so-widgets-bundle Software Status: Active Software Author: gpriday Software Downloads: 36,509,376 Active Installs: 600,000 Last Updated: November 27, 2023 Patched Versions: 1.51.0 Affected Versions: <= 1.50.1 Vulnerability Details: Name: SiteOrigin Widgets Bundle < 1.51.0 – Authenticated (Admin+) Local File Inclusion Title: Authenticated (Admin+) Local File Inclusion Type: Improper Control of Filename for Include/Require Statement in PHP…
WordPress Plugin Vulnerability Report – Login Lockdown – Authenticated (Administrator+) SQL Injection
Plugin Name: Login Lockdown Key Information: Software Type: Plugin Software Slug: login-lockdown Software Status: Active Software Author: webfactory Software Downloads: 1,446,808 Active Installs: 100,000 Last Updated: November 21, 2023 Patched Versions: 2.07 Affected Versions: <= 2.06 Vulnerability Details: Name: Login Lockdown <= 2.06 – Authenticated (Administrator+) SQL Injection Title: Authenticated (Administrator+) SQL Injection Type: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) CVSS…
WordPress Plugin Vulnerability Report – EmbedPress – Draft Vulnerability
Plugin Name: EmbedPress Key Information: Software Type: Plugin Software Slug: embedpress Software Status: Active Software Author: wpdevteam Software Downloads: 1,889,041 Active Installs: 80,000 Last Updated: November 17, 2023 Patched Versions: 3.9.2 Affected Versions: <= 3.9.1 Vulnerability Details: Name: Draft Vulnerability for EmbedPress 3.9.2 Title: Draft Vulnerability Type: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) CVSS Score: 6.1 (Medium) Publicly Published: November 17, 2023 Description: The EmbedPress –…
WordPress Plugin Vulnerability Report – wpDiscuz – Authenticated (Administrator+) Stored Cross-Site Scripting
Plugin Name: wpDiscuz Key Information: Software Type: Plugin Software Slug: wpdiscuz Software Status: Active Software Author: advancedcoding Software Downloads: 3,042,036 Active Installs: 80,000 Last Updated: November 17, 2023 Patched Versions: 7.6.13 Affected Versions: <= 7.6.12 Vulnerability Details: Name: wpDiscuz <= 7.6.12 – Authenticated (Administrator+) Stored Cross-Site Scripting Title: Authenticated (Administrator+) Stored Cross-Site Scripting Type: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) CVSS Score: 4.4 (Medium)…
WordPress Plugin Vulnerability Report – Paid Memberships Pro – Authenticated (Subscriber+) Arbitrary File Upload – CVE-2023-6187
Plugin Name: Paid Memberships Pro Key Information: Software Type: Plugin Software Slug: paid-memberships-pro Software Status: Active Software Author: strangerstudios Software Downloads: 5,334,391 Active Installs: 90,000 Last Updated: November 16, 2023 Patched Versions: 2.12.4 Affected Versions: <= 2.12.3 Vulnerability Details: Name: Paid Memberships Pro <= 2.12.3 – Authenticated (Subscriber+) Arbitrary File Upload Title: Authenticated (Subscriber+) Arbitrary File Upload Type: Unrestricted Upload of File with Dangerous Type CVE: CVE-2023-6187 CVSS…
WordPress Plugin Vulnerability Report – Shareaholic – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2023-4889
Plugin Name: Shareaholic Key Information: Software Type: Plugin Software Slug: shareaholic Software Status: Active Software Author: shareaholic Software Downloads: 4,734,248 Active Installs: 30,000 Last Updated: November 14, 2023 Patched Versions: 9.7.9 Affected Versions: <= 9.7.8 Vulnerability Details: Name: Shareaholic <= 9.7.8 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Title: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Type: Improper Neutralization of Input During Web Page Generation (‘Cross-site…
WordPress Plugin Vulnerability Report – Ultimate Dashboard – Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings – CVE-2023-4726
Plugin Name: Ultimate Dashboard Key Information: Software Type: Plugin Software Slug: ultimate-dashboard Software Status: Active Software Author: davidvongries Software Downloads: 539,497 Active Installs: 60,000 Last Updated: November 13, 2023 Patched Versions: 3.7.8 Affected Versions: <= 3.7.7 Vulnerability Details: Name: Ultimate Dashboard <= 3.7.7 – Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings Title: Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings Type: Improper Neutralization of Input During…
WordPress Plugin Vulnerability Report – WP Fastest Cache – Unauthenticated SQL Injection – CVE-2023-6063
Plugin Name: WP Fastest Cache Key Information: Software Type: Plugin Software Slug: wp-fastest-cache Software Status: Active Software Author: emrevona Software Downloads: 45,149,633 Active Installs: 1,000,000 Last Updated: November 13, 2023 Patched Versions: 1.2.2 Affected Versions: <= 1.2.1 Vulnerability Details: Name: WP Fastest Cache <= 1.2.2 – Unauthenticated SQL Injection Title: Unauthenticated SQL Injection Type: Improper…