website vulnerabilities

Unyson Vulnerability – Cross-Site Request Forgery – CVE-2024-34814 | WordPress Plugin Vulnerability Report

By Your WP Guy / May 9, 2024

Plugin Name: Unyson Key Information: Software Type: Plugin Software Slug: unyson Software Status: Removed Software Author: unyson Software Downloads: 3,375,089 Active Installs: 200,000 Last Updated: May 9, 2024 Patched Versions: 2.7.31 Affected Versions: <= 2.7.30 Vulnerability Details: Name: Unyson <= 2.7.29 – Cross-Site Request Forgery Type: Cross-Site Request Forgery (CSRF) CVE: CVE-2024-34814 CVSS Score: 4.3…

Read More

AI Engine Vulnerability – Authenticated (Editor+) Arbitrary File Upload – CVE-2024-34440 | WordPress Plugin Vulnerability Report

By Your WP Guy / May 7, 2024

Plugin Name: AI Engine Key Information: Software Type: Plugin Software Slug: ai-engine Software Status: Active Software Author: tigroumeow Software Downloads: 2,383,435 Active Installs: 70,000 Last Updated: May 7, 2024 Patched Versions: 2.2.70 Affected Versions: <= 2.2.63 Vulnerability Details: Name: AI Engine: ChatGPT Chatbot <= 2.2.63 – Authenticated (Editor+) Arbitrary File Upload Type: Unrestricted Upload of…

Read More

Paid Memberships Pro Vulnerability – Cross-Site Request Forgery to Level Orders Update – CVE-2024-0624 | WordPress Plugin Vulnerability Report

By Your WP Guy / Jan 24, 2024

Plugin Name: Paid Memberships Pro Key Information: Software Type: Plugin Software Slug: paid-memberships-pro Software Status: Active Software Author: strangerstudios Software Downloads: 5,532,954 Active Installs: 90,000 Last Updated: January 24, 2024 Patched Versions: 2.12.8 Affected Versions: <= 2.12.7 Vulnerability Details: Name: Paid Memberships Pro <= 2.12.7 – Cross-Site Request Forgery to Level Orders Update Type: Cross-Site Request Forgery (CSRF) CVE: CVE-2024-0624 CVSS Score: 5.3 (Medium) Publicly Published: January 24, 2024…

Read More

Avoiding Information Overload: Filtering Reliable WordPress Advice

By Your WP Guy / Nov 14, 2023

With over 40% of websites using WordPress as their CMS, there is plenty of information out there when you need advice. But with such high volumes, there are bound to be a few bad eggs. The internet is saturated with so-called “WordPress experts” offering contradicting advice. So, how do you know who to trust? As…

Read More

WordPress Plugin Vulnerability Report – GiveWP – Cross-Site Request Forgery – CVE-2023-4247, CVE-2023-4248

By Your WP Guy / Oct 31, 2023

Plugin Name: GiveWP Key Information: Software Type: Plugin Software Slug: give Software Status: Active Software Author: webdevmattcrom Software Downloads: 6,043,447 Active Installs: 100,000 Last Updated: October 31, 2023 Patched Versions: 2.33.4 Affected Versions: <= 2.33.3 Vulnerability 1 Details: Name: GiveWP <= 2.33.3 – Cross-Site Request Forgery to plugin deactivation Title: Cross-Site Request Forgery to plugin deactivation Type: Cross-Site Request Forgery (CSRF) CVE: CVE-2023-4247 CVSS Score: 5.4 (Medium) Publicly Published: October…

Read More