Posts Tagged ‘website’
Complianz Vulnerability – Authenticated(Administrator+) Stored Cross-site Scripting via settings – CVE-2023-6498 | WordPress Plugin Vulnerability Report
Plugin Name: Complianz Key Information: Software Type: Plugin Software Slug: complianz-gdpr Software Status: Active Software Author: rogierlankhorst Software Downloads: 13,636,569 Active Installs: 800,000 Last Updated: January 3, 2024 Patched Versions: 6.5.6 Affected Versions: <= 6.5.5 Vulnerability Details: Name: Complianz | GDPR/CCPA Cookie Consent <= 6.5.5 – Authenticated(Administrator+) Stored Cross-site Scripting via settings Title: Authenticated(Administrator+) Stored Cross-site Scripting via settings Type: Improper Neutralization of Input During Web Page…
Read MoreWordPress Plugin Vulnerability Report – Elementor Website Builder – Authenticated(Contributor+) Arbitrary File Upload to Remote Code Execution via Template Import
Plugin Name: Elementor Website Builder Key Information: Software Type: Plugin Software Slug: elementor Software Status: Active Software Author: elemntor Software Downloads: 357,725,852 Active Installs: 5,000,000 Last Updated: December 6, 2023 Patched Versions: No patched version Affected Versions: <= 3.18.0 Vulnerability Details: Name: Elementor <= 3.18.0 Authenticated(Contributor+) Arbitrary File Upload to Remote Code Execution via Template Import Title: Authenticated(Contributor+) Arbitrary File Upload to Remote Code Execution via…
Read MoreWordPress Plugin Vulnerability Report – AMP for WP – Accelerated Mobile Pages – Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode – CVE-2023-48321
Plugin Name: AMP for WP – Accelerated Mobile Pages Key Information: Software Type: Plugin Software Slug: accelerated-mobile-pages Software Status: Active Software Author: mohammed_kaludi Software Downloads: 17,408,260 Active Installs: 100,000 Last Updated: November 28, 2023 Patched Versions: 1.0.89 Affected Versions: <= 1.0.88.1 Vulnerability Details: Name: Accelerated Mobile Pages <= 1.0.88.1 – Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode Title: Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode Type: Improper…
Read MoreWordPress Plugin Vulnerability Report – Booster for WooCommerce – Authenticated (Subscriber+) Information Disclosure via Shortcode
Plugin Name: Booster for WooCommerce Key Information: Software Type: Plugin Software Slug: woocommerce-jetpack Software Status: Active Software Author: pluggabl Software Downloads: 3,383,182 Active Installs: 60,000 Last Updated: October 4, 2023 Patched Versions: <=7.1.1 Affected Versions: 7.1.2 Vulnerability Details: Name: Booster for WooCommerce <= 7.1.1 – Authenticated (Subscriber+) Information Disclosure via Shortcode Title: Authenticated (Subscriber+) Information Disclosure via Shortcode Type: Information Exposure CVSS Score: 4.3 (medium)…
Read More