WordPress Maintenance
WordPress Plugin Vulnerability Report – Shortcodes Ultimate – Authenticated (Contributor+) Stored Cross-Site Scripting & Insecure Direct Object Reference to Information Disclosure – CVE-2023-6225 & CVE-2023-6226
Plugin Name: Shortcodes Ultimate Key Information: Software Type: Plugin Software Slug: shortcodes-ultimate Software Status: Active Software Author: gn_themes Software Downloads: 17,874,399 Active Installs: 600,000 Last Updated: November 27, 2023 Patched Versions: 7.0.0 Affected Versions: <= 5.13.3 Vulnerability 1 Details: Name: WP Shortcodes Plugin – Shortcodes Ultimate <= 5.13.3 – Authenticated (Contributor+) Stored Cross-Site Scripting Title: Authenticated (Contributor+) Stored Cross-Site Scripting Type: Improper Neutralization of Input During Web…
How to Choose Between Manual and Automated WordPress Maintenance
If you’re running a small business owner, you’re likely wearing many hats and juggling countless tasks. And if you’re using WordPress for your website (which, let’s be honest, is pretty likely considering WordPress powers over 40% of the web), that’s another hat to add to your collection: The WordPress maintenance hat! Before you start panicking…
WordPress Plugin Vulnerability Report – 10Web Booster – Unauthenticated Arbitrary Option Deletion
Plugin Name: 10Web Booster Key Information: Software Type: Plugin Software Slug: tenweb-speed-optimizer Software Status: Active Software Author: 10web Software Downloads: 864,591 Active Installs: 80,000 Last Updated: October 29, 2023 Patched Versions: 2.24.18 Affected Versions: <= 2.24.14 Vulnerability Details: Name: 10Web Booster <= 2.24.14 – Unauthenticated Arbitrary Option Deletion Type: Authorization Bypass Through User-Controlled Key CVSS Score: 6.5 (Medium) Publicly Published: Description: The 10Web Booster – Website speed optimization,…
WordPress Plugin Vulnerability Report – Icegram Express – Email Marketing, Newsletters and Automation for WordPress & WooCommerce – Authenticated Directory Traversal – CVE-2023-5414
Plugin Name: Icegram Express – Email Marketing, Newsletters and Automation for WordPress & WooCommerce Key Information: Software Type: Plugin Software Slug: email-subscribers Software Status: Active Software Author: icegram Software Downloads: 9,788,187 Active Installs: 100,000 Last Updated: October 11, 2023 Patched Versions: 5.6.24 Affected Versions: <= 5.6.23 Vulnerability Details: Name: Icegram Express <= 5.6.23 – Authenticated (Administrator+) Directory Traversal to Arbitrary File Read Type: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H CVE: CVE-2023-5414 CVSS…
White Screen of Death Explained: What It Is and Why It Happens
Few experiences strike fear into the hearts of website owners quite like seeing the dreaded white screen of death. You log in to check on your site, excited to see your latest blog post. But instead of your beautifully crafted content, you’re met with a blank white screen. No errors, no warnings, just… nothing. This…
WordPress Plugin Vulnerability Report – iframe – Authenticated (Contributor+) Stored Cross-Site Scripting via ‘iframe’ Shortcode – CVE-2023-4919
Plugin Name: iframe Key Information: Software Type: Plugin Software Slug: iframe Software Status: Active Software Author: webvitaly Software Downloads: 1,423,357 Active Installs: 100,000 Last Updated: September 25, 2023 Patched Versions: 4.6 Affected Versions: <=4.6 Vulnerability Details: Name: iframe <= 4.6 – Authenticated (Contributor+) Stored Cross-Site Scripting via ‘iframe’ Shortcode Title: Authenticated (Contributor+) Stored Cross-Site Scripting…
WordPress Plugin Vulnerability Report – Ad Inserter – Unauthenticated Sensitive Information Exposure – CVE-2023-4668, CVE-2023-4645
Plugin Name: Ad Inserter Key Information: Software Type: Plugin Software Slug: ad-inserter Software Status: Active Software Author: Spacetime Software Downloads: 13,908,300 Active Installs: 300,000 Last Updated: September 22, 2023 Patched Versions: 2.7.31 Affected Versions: 2.7.30 Vulnerability Details: Name: Ad Inserter <= 2.7.30 – Unauthenticated Sensitive Information Exposure via ai-debug-processing-fe Type: Missing Authorization CVE: CVE-2023-4668 CVSS…
WordPress Plugin Vulnerability Report – Essential Addons for Elementor – Authenticated (Contributor+) Privilege Escalation
Plugin Name: Essential Addons for Elementor Key Information: Software Type: Plugin Software Slug: essential-addons-for-elementor-lite Software Status: Active Software Author: wpdevteam Software Downloads: 55,164,924 Active Installs: 1,000,000 Last Updated: September 14, 2023 Patched Versions: 5.8.9 Affected Versions: <=5.8.8 Vulnerability Details: Name: Essential Addons for Elementor <= 5.8.8 – Authenticated (Contributor+) Privilege Escalation Type: Missing Authorization CVSS…
What are Abandoned WordPress Plugins?
Imagine you own a small online business. You built your website on WordPress and installed a few plugins to add useful features like contact forms, social sharing buttons, and SEO optimization. These plugins worked great initially. But over time some of them have stopped receiving updates. The developers seem to have abandoned these plugins altogether.…
Common Signs Your WordPress Website May Be Compromised
You’ve invested time, money, and energy into building your business’s website on WordPress. It’s become a vital online presence and valuable asset for your company. But lurking in the shadows are potential security threats that can wreak havoc on your site. WordPress powers over 40% of all websites, making it an enticing target for hackers.…
Read More about Common Signs Your WordPress Website May Be Compromised