wordpress security
Backuply Vulnerability– Backup, Restore, Migrate and Clone – Authenticated (Administrator+) Directory Traversal – CVE-2024-0697 |WordPress Plugin Vulnerability Report
Plugin Name: Backuply – Backup, Restore, Migrate and Clone Key Information: Software Type: Plugin Software Slug: backuply Software Status: Active Software Author: Softaculous Software Downloads: 1,893,554 Active Installs: 200,000 Last Updated: February 1, 2024 Patched Versions: 1.2.4 Affected Versions: <= 1.2.3 Vulnerability Details: Name: Backuply – Backup, Restore, Migrate and Clone <= 1.2.3 Title: Authenticated…
Exclusive Addons for Elementor Vulnerability- Stored Cross-Site Scripting Vulnerabilities – CVE-2024-0824 & CVE-2024-0823 |WordPress Plugin Vulnerability Report
Plugin Name: Exclusive Addons for Elementor Key Information: Software Type: Plugin Software Slug: exclusive-addons-for-elementor Software Status: Active Software Author: timstrifler Software Downloads: 688,917 Active Installs: 50,000 Last Updated: February 1, 2024 Patched Versions: 2.6.9 Affected Versions: <= 2.6.8 Vulnerability Details (Section 1): Name: Exclusive Addons for Elementor <= 2.6.8 Title: Authenticated (Contributor+) Stored Cross-Site Scripting…
Form Maker by 10Web Vulnerability– Mobile-Friendly Drag & Drop Contact Form Builder – Cross-Site Request Forgery to Limited Code Execution via Execute – CVE-2024-0667 |WordPress Plugin Vulnerability Report
Plugin Name: Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder Key Information: Software Type: Plugin Software Slug: form-maker Software Status: Active Software Author: 10web Software Downloads: 4,670,950 Active Installs: 60,000 Last Updated: February 1, 2024 Patched Versions: 1.15.22 Affected Versions: <= 1.15.21 Vulnerability Details: Name: Form-Maker (twb_form-maker) <= 1.15.21 Title: Cross-Site…
10Web AI Assistant Vulnerability – AI Content Writing Assistant – Missing Authorization to Arbitrary Plugin Installation – CVE-2023-6985 |WordPress Plugin Vulnerability Report
Plugin Name: 10Web AI Assistant – AI Content Writing Assistant Key Information: Software Type: Plugin Software Slug: ai-assistant-by-10web Software Status: Active Software Author: 10web Software Downloads: 20,225 Active Installs: 30,000 Last Updated: January 30, 2024 Patched Versions: 1.0.19 Affected Versions: <= 1.0.18 Vulnerability Details: Name: 10Web AI Assistant – AI Content Writing Assistant <= 1.0.18…
Elementor Addons by Livemesh Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-0448 |WordPress Plugin Vulnerability Report
Plugin Name: Elementor Addons by Livemesh Key Information: Software Type: Plugin Software Slug: addons-for-elementor Software Status: Active Software Author: livemesh Software Downloads: 3,692,182 Active Installs: 70,000 Last Updated: January 30, 2024 Patched Versions: 8.3.2 Affected Versions: <= 8.3.1 Vulnerability Details: Name: Elementor Addons by Livemesh <= 8.3.1 Title: Authenticated (Contributor+) Stored Cross-Site Scripting Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N…
WP RSS Aggregator Vulnerability– RSS Import, News Feeds, Feed to Post, and Autoblogging – Authenticated (Admin+) Stored Cross-Site Scripting via RSS Feed Source – CVE-2024-0630 |WordPress Plugin Vulnerability Report
Plugin Name: WP RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging Key Information: Software Type: Plugin Software Slug: wp-rss-aggregator Software Status: Active Software Author: jeangalea Software Downloads: 2,603,596 Active Installs: 60,000 Last Updated: January 30, 2024 Patched Versions: 4.23.5 Affected Versions: <= 4.23.4 Vulnerability Details: Name: WP RSS Aggregator <= 4.23.4…
Advanced Database Cleaner Vulnerability – Authenticated(Administrator+) PHP Object Injection via process_bulk_action – CVE-2024-0668 | WordPress Plugin Vulnerability Report
Plugin Name: Advanced Database Cleaner Key Information: Software Type: Plugin Software Slug: advanced-database-cleaner Software Status: Active Software Author: symptote Software Downloads: 1,283,477 Active Installs: 100,000 Last Updated: January 24, 2024 Patched Versions: 3.1.4 Affected Versions: <= 3.1.3 Vulnerability Details: Name: Advanced Database Cleaner <= 3.1.3 – Authenticated(Administrator+) PHP Object Injection via process_bulk_action Title: Authenticated(Administrator+) PHP Object Injection via process_bulk_action Type: Deserialization of Untrusted Data CVE: CVE-2024-0668 CVSS Score: 6.6…
Better Search Replace Vulnerability – Unauthenticated PHP Object Injection – CVE-2023-6933 | WordPress Plugin Vulnerability Report
Plugin Name: Better Search Replace Key Information: Software Type: Plugin Software Slug: better-search-replace Software Status: Active Software Author: wpengine Software Downloads: 12,169,696 Active Installs: 1,000,000 Last Updated: January 24, 2024 Patched Versions: 1.4.5 Affected Versions: <= 1.4.4 Vulnerability Details: Name: Better Search Replace <= 1.4.4 – Unauthenticated PHP Object Injection Type: Deserialization of Untrusted Data CVE: CVE-2023-6933 CVSS Score: 9.8 (Critical) Publicly Published: January 24, 2024 Researcher: Sam Pizzey Description: The…
Paid Memberships Pro Vulnerability – Cross-Site Request Forgery to Level Orders Update – CVE-2024-0624 | WordPress Plugin Vulnerability Report
Plugin Name: Paid Memberships Pro Key Information: Software Type: Plugin Software Slug: paid-memberships-pro Software Status: Active Software Author: strangerstudios Software Downloads: 5,532,954 Active Installs: 90,000 Last Updated: January 24, 2024 Patched Versions: 2.12.8 Affected Versions: <= 2.12.7 Vulnerability Details: Name: Paid Memberships Pro <= 2.12.7 – Cross-Site Request Forgery to Level Orders Update Type: Cross-Site Request Forgery (CSRF) CVE: CVE-2024-0624 CVSS Score: 5.3 (Medium) Publicly Published: January 24, 2024…
WebSub Vulnerability – Authenticated (Admin+) Stored Cross-Site Scripting – CVE-2024-0688 | WordPress Plugin Vulnerability Report
Plugin Name: WebSub Key Information: Software Type: Plugin Software Slug: pubsubhubbub Software Status: Active Software Author: joshfraz Software Downloads: 1,744,325 Active Installs: 100,000 Last Updated: January 24, 2024 Patched Versions: 3.2.0 Affected Versions: <= 3.1.4 Vulnerability Details: Name: WebSub (FKA. PubSubHubbub) <= 3.1.4 – Authenticated (Admin+) Stored Cross-Site Scripting Title: Authenticated (Admin+) Stored Cross-Site Scripting…