wordpress security
WordPress Plugin Vulnerability Report – Ultimate Dashboard – Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings – CVE-2023-4726
Plugin Name: Ultimate Dashboard Key Information: Software Type: Plugin Software Slug: ultimate-dashboard Software Status: Active Software Author: davidvongries Software Downloads: 539,497 Active Installs: 60,000 Last Updated: November 13, 2023 Patched Versions: 3.7.8 Affected Versions: <= 3.7.7 Vulnerability Details: Name: Ultimate Dashboard <= 3.7.7 – Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings Title: Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings Type: Improper Neutralization of Input During…
WordPress Plugin Vulnerability Report – User Profile Builder – Cross-Site Request Forgery via pms-cross-promotion.php
Plugin Name: User Profile Builder Key Information: Software Type: Plugin Software Slug: profile-builder Software Status: Active Software Author: reflectionmedia Software Downloads: 3,998,068 Active Installs: 50,000 Last Updated: November 7, 2023 Patched Versions: 3.10.4 Affected Versions: <= 3.10.3 Vulnerability Details: Name: Profile Builder <= 3.10.4 – Cross-Site Request Forgery via pms-cross-promotion.php Title: Cross-Site Request Forgery via pms-cross-promotion.php Type: Cross-Site Request Forgery (CSRF) CVSS Score: 7.1 (High) Publicly Published: November 7,…
How to Choose Between Manual and Automated WordPress Maintenance
If you’re running a small business owner, you’re likely wearing many hats and juggling countless tasks. And if you’re using WordPress for your website (which, let’s be honest, is pretty likely considering WordPress powers over 40% of the web), that’s another hat to add to your collection: The WordPress maintenance hat! Before you start panicking…
WordPress Plugin Vulnerability Report – WP Customer Reviews – Authenticated (Subscriber+) Sensitive Information Exposure – CVE-2023-4686
Plugin Name: WP Customer Reviews Key Information: Software Type: Plugin Software Slug: wp-customer-reviews Software Status: Active Software Author: bompus Software Downloads: 1,108,443 Active Installs: 30,000 Last Updated: October 31, 2023 Patched Versions: No Patched Version Affected Versions: <= 3.6.8 Vulnerability Details: Name: WP Customer Reviews <= 3.6.8 – Authenticated (Subscriber+) Sensitive Information Exposure Title: Authenticated (Subscriber+) Sensitive Information Exposure Type: Missing Authorization CVE: CVE-2023-4686 CVSS Score: 4.3 (Medium) Publicly…
WordPress Plugin Vulnerability Report – 10Web Booster – Unauthenticated Arbitrary Option Deletion
Plugin Name: 10Web Booster Key Information: Software Type: Plugin Software Slug: tenweb-speed-optimizer Software Status: Active Software Author: 10web Software Downloads: 864,591 Active Installs: 80,000 Last Updated: October 29, 2023 Patched Versions: 2.24.18 Affected Versions: <= 2.24.14 Vulnerability Details: Name: 10Web Booster <= 2.24.14 – Unauthenticated Arbitrary Option Deletion Type: Authorization Bypass Through User-Controlled Key CVSS Score: 6.5 (Medium) Publicly Published: Description: The 10Web Booster – Website speed optimization,…
WordPress Plugin Vulnerability Report – All-In-One Security – Protection Bypass of Renamed Login Page via URL Encoding
Plugin Name: All-In-One Security Key Information: Software Type: Plugin Software Slug: all-in-one-wp-security-and-firewall Software Status: Active Software Author: davidanderson Software Downloads: 24,151,775 Active Installs: 1,000,000 Last Updated: October 25, 2023 Patched Versions: 5.2.5 Affected Versions: <5.2.5 Vulnerability Details: Name: All In One WP Security <= 5.2.4 – Protection Bypass of Renamed Login Page via URL Encoding Type: Protection Mechanism Failure CVSS Score: 5.3 (Medium) Publicly…
WordPress Plugin Vulnerability Report – Booster for WooCommerce – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2023-5638
Plugin Name: Booster for WooCommerce Key Information: Software Type: Plugin Software Slug: woocommerce-jetpack Software Status: Active Software Author: pluggabl Software Downloads: 3,411,990 Active Installs: 60,000 Last Updated: October 18, 2023 Patched Versions: 7.1.3 Affected Versions: <=7.1.2 Vulnerability Details: Name: Booster for WooCommerce <= 7.1.2 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Type: Improper Neutralization…
How Does Cross Site Scripting (XSS) Differ From Other Web Vulnerabilities?
Whether you run an e-commerce store, a SaaS platform, or simply use your site to acquire leads, you depend on your website to connect with customers and drive revenue. But without proper security, your website is vulnerable to attacks like Cross Site Scripting that can wreak havoc on your business. Cross Site Scripting, commonly know…
WordPress Plugin Vulnerability Report – Social Media Share Buttons & Social Sharing Icons – Cross-Site Request Forgery – CVE-2023-5602 – Information Exposure – CVE-2023-5070
Plugin Name: Social Media Share Buttons & Social Sharing Icons Key Information: Software Type: Plugin Software Slug: ultimate-social-media-icons Software Status: Active Software Author: socialdude Software Downloads: 10,654,500 Active Installs: 100,000 Last Updated: October 16, 2023 Patched Versions: 2.8.6 Affected Versions: <=2.8.5 Vulnerability 1 Details: Name: Social Media Share Buttons & Social Sharing Icons <= 2.8.5 – Cross-Site Request Forgery Type: Cross-Site…
WordPress Plugin Vulnerability Report – Embed Calendly – Authenticated Stored Cross-Site Scripting – CVE-2023-4995
Plugin Name: Embed Calendly Key Information: Software Type: Plugin Software Slug: embed-calendly-scheduling Software Status: Active Software Author: turn2honey Software Downloads: 165,873 Active Installs: 20,000 Last Updated: October 13th, 2023 Patched Versions: 3.7 Affected Versions: <= 3.6 Vulnerability Details: Name: Embed Calendly <= 3.6 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N CVE: CVE-2023-4995…