website vulnerability

WP-Members Membership Plugin Vulnerability – Unauthenticated Stored Cross-Site Scripting – CVE-2024-1852 | WordPress Plugin Vulnerability Report

By Your WP Guy / Apr 1, 2024

Plugin Name: WP-Members Membership Plugin Key Information: Software Type: Plugin Software Slug: wp-members Software Status: Active Software Author: cbutlerjr Software Downloads: 3,453,636 Active Installs: 60,000 Last Updated: April 1, 2024 Patched Versions: 3.4.9.3 Affected Versions: <= 3.4.9.2 Vulnerability Details: Name: WP-Members Membership Plugin <= 3.4.9.2 Title: Unauthenticated Stored Cross-Site Scripting Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N CVE: CVE-2024-1852 CVSS…

BoldGrid Easy SEO Vulnerability – Authenticated(Contributor+) Stored Cross-Site Scripting via Meta Description – CVE-2024-1692 |WordPress Plugin Vulnerability Report

By Your WP Guy / Mar 29, 2024

Plugin Name: BoldGrid Easy SEO – Simple and Effective SEO Key Information: Software Type: Plugin Software Slug: boldgrid-easy-seo Software Status: Active Software Author: boldgrid Software Downloads: 692,441 Active Installs: 70,000 Last Updated: April 1, 2024 Patched Versions: 1.6.14 Affected Versions: <= 1.6.13 Vulnerability Details: Name: BoldGrid Easy SEO – Simple and Effective SEO <= 1.6.13…

Permalink Manager Pro Vulnerability- Missing Authorization via get_uri_editor – CVE-2024-2543 |WordPress Plugin Vulnerability Report

By Your WP Guy / Mar 20, 2024

Plugin Name: Permalink Manager Pro Key Information: Software Type: Plugin Software Slug: permalink-manager Software Status: Active Software Author: mbis Software Downloads: 1,664,850 Active Installs: 80,000 Last Updated: March 20, 2024 Patched Versions: 2.4.3.2 Affected Versions: <= 2.4.3.1 Vulnerability Details: Name: Plugin Permalink <= 2.4.3.1 Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE: CVE-2024-2543 CVSS Score: 4.3 Publicly Published: March 20,…

Page Builder: Pagelayer Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Button – CVE-2024-1590 | WordPress Plugin Vulnerability Report

By Your WP Guy / Feb 22, 2024

Plugin Name: Page Builder: Pagelayer Key Information: Software Type: Plugin Software Slug: pagelayer Software Status: Active Software Author: softaculous Software Downloads: 5,658,195 Active Installs: 200,000 Last Updated: February 22, 2024 Patched Versions: 1.8.3 Affected Versions: <= 1.8.2 Vulnerability Details: Name: Page Builder: Pagelayer – Drag and Drop website builder <= 1.8.2 – Authenticated (Contributor+) Stored Cross-Site Scripting via Button Title: Authenticated (Contributor+) Stored Cross-Site Scripting via…

Happy Addons for Elementor Vulnerability- Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-0438 |WordPress Plugin Vulnerability Report

By Your WP Guy / Feb 13, 2024

Plugin Name: Happy Addons for Elementor Key Information: Software Type: Plugin Software Slug: happy-elementor-addons Software Status: Active Software Author: thehappymonster Software Downloads: 5,986,507 Active Installs: 400,000 Last Updated: February 27, 2024 Patched Versions: 3.10.2 Affected Versions: <= 3.10.1 Vulnerability Details: Name: Happy Addons for Elementor <= 3.10.1 Title: Authenticated (Contributor+) Stored Cross-Site Scripting Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N…

Shield Security Vulnerability– Smart Bot Blocking & Intrusion Prevention Security – Unauthenticated Local File Inclusion – CVE-2023-6989 |WordPress Plugin Vulnerability Report

By Your WP Guy / Feb 5, 2024

Plugin Name: Shield Security – Smart Bot Blocking & Intrusion Prevention Security Key Information: Software Type: Plugin Software Slug: wp-simple-firewall Software Status: Active Software Author: paultgoodchild Software Downloads: 11,714,137 Active Installs: 50,000 Last Updated: February 8, 2024 Patched Versions: 18.5.10 Affected Versions: <= 18.5.9 Vulnerability Details: Name: Shield Security – Smart Bot Blocking & Intrusion…

Advanced Database Cleaner Vulnerability – Authenticated(Administrator+) PHP Object Injection via process_bulk_action – CVE-2024-0668 | WordPress Plugin Vulnerability Report

By Your WP Guy / Jan 24, 2024

Plugin Name: Advanced Database Cleaner Key Information: Software Type: Plugin Software Slug: advanced-database-cleaner Software Status: Active Software Author: symptote Software Downloads: 1,283,477 Active Installs: 100,000 Last Updated: January 24, 2024 Patched Versions: 3.1.4 Affected Versions: <= 3.1.3 Vulnerability Details: Name: Advanced Database Cleaner <= 3.1.3 – Authenticated(Administrator+) PHP Object Injection via process_bulk_action Title: Authenticated(Administrator+) PHP Object Injection via process_bulk_action Type: Deserialization of Untrusted Data CVE: CVE-2024-0668 CVSS Score: 6.6…

Scalability and Security: How Growth Can Present New Security Challenges

By Your WP Guy / Dec 19, 2023

Every entrepreneur dreams of the day that their business becomes a viral sensation. After all, business growth comes with more opportunities, more sales, and more loyal customers. But rapid business growth online, as encouraging as it is, inevitably comes with its share of growing pains. As your web presence expands exponentially to meet rising customer…

Simple Membership Vulnerability – Reflected Cross-Site Scripting Vulnerability via environment_mode – CVE-2023-6882 | WordPress Plugin Vulnerability Report

By Your WP Guy / Dec 18, 2023

Plugin Name: Simple Membership Key Information: Software Type: Plugin Software Slug: simple-membership Software Status: Active Software Author: mra13 Software Downloads: 2,315,432 Active Installs: 50,000 Last Updated: December 18, 2023 Patched Versions: 4.3.9 Affected Versions: <= 4.3.8 Vulnerability Details: Name: Simple Membership <= 4.3.8 – Reflected Cross-Site Scripting Vulnerability via environment_mode Type: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) CVE: CVE-2023-6882 CVSS Score: 6.1 (Medium) Publicly…

Featured Image from URL Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via featured image alt text – CVE-2023-6561 | WordPress Plugin Vulnerability Report

By Your WP Guy / Dec 14, 2023

Plugin Name: Featured Image from URL Key Information: Software Type: Plugin Software Slug: featured-image-from-url Software Status: Active Software Author: marceljm Software Downloads: 4,535,007 Active Installs: 90,000 Last Updated: December 14, 2023 Patched Versions: NA Affected Versions: <= 4.5.3 Vulnerability Details: Name: Featured Image from URL (FIFU) <= 4.5.3 – Authenticated (Contributor+) Stored Cross-Site Scripting via featured image alt text Title: Authenticated (Contributor+) Stored Cross-Site Scripting via…