wordpress security
WordPress Plugin Vulnerability Report – WPLegalPages – Authenticated (Author+) Stored Cross-Site Scripting via Shortcode – CVE-2023-4968
Plugin Name: Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin: WPLegalPages Key Information: Software Type: Plugin Software Slug: wplegalpages Software Status: Active Software Author: wpeka-club Software Downloads: 585,699 Active Installs: 20,000 Last Updated: October 10, 2023 Patched Versions: 2.9.3 Affected Versions: <=2.9.2 Vulnerability Details: Name: WPLegalPages <= 2.9.2 – Authenticated (Author+) Stored Cross-Site Scripting…
WordPress Plugin Vulnerability Report – POST SMTP Mailer – Authenticated (Administrator+) SQL Injection
Plugin Name: POST SMTP Mailer Key Information: Software Type: PluginSoftware Slug: post-smtpSoftware Status: ActiveSoftware Author: wpexpertsioSoftware Downloads: 9,128,571Active Installs: 300,000Last Updated: October 3, 2023Patched Versions: 2.6.1Affected Versions: <=2.6.0 Vulnerability Details: Name: Post SMTP <= 2.6.0 – Authenticated (Administrator+) SQL InjectionType: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)CVE: NACVSS Score: 7.2…
WordPress Plugin Vulnerability Report – Modern Events Calendar Lite – Authenticated (Admin+) Stored Cross-Site Scripting – CVE-2023-4021
Plugin Name: Modern Events Calendar Lite Key Information: Software Type: PluginSoftware Slug: modern-events-calendar-liteSoftware Status: RemovedSoftware Author: webnus/Software Downloads: 3,047,787Active Installs: 100,000Last Updated: September 28, 2023Patched Versions: 7.1.0Affected Versions: <7.1.0 Vulnerability Details: Name: Modern Events Calendar lite < 7.1.0 – Authenticated (Admin+) Stored Cross-Site ScriptingType: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)CVE: CVE-2023-4021CVSS…
WordPress Plugin Vulnerability Report – iframe – Authenticated (Contributor+) Stored Cross-Site Scripting via ‘iframe’ Shortcode – CVE-2023-4919
Plugin Name: iframe Key Information: Software Type: Plugin Software Slug: iframe Software Status: Active Software Author: webvitaly Software Downloads: 1,423,357 Active Installs: 100,000 Last Updated: September 25, 2023 Patched Versions: 4.6 Affected Versions: <=4.6 Vulnerability Details: Name: iframe <= 4.6 – Authenticated (Contributor+) Stored Cross-Site Scripting via ‘iframe’ Shortcode Title: Authenticated (Contributor+) Stored Cross-Site Scripting…
WordPress Plugin Vulnerability Report – Comments – wpDiscuz – Unauthenticated SQL Injection
Plugin Name: Comments – wpDiscuz Key Information: Software Type: Plugin Software Slug: wpdiscuz Software Status: Active Software Author: advancedcoding Software Downloads: 2,865,421 Active Installs: 80,000 Last Updated: September 18, 2023 Patched Versions: 7.6.6 Affected Versions: <=7.6.5 Vulnerability Details: Name: wpDiscuz <= 7.6.5 – Unauthenticated SQL Injection Type: Improper Neutralization of Special Elements used in an…
WordPress Plugin Vulnerability Report – Essential Addons for Elementor – Authenticated (Contributor+) Privilege Escalation
Plugin Name: Essential Addons for Elementor Key Information: Software Type: Plugin Software Slug: essential-addons-for-elementor-lite Software Status: Active Software Author: wpdevteam Software Downloads: 55,164,924 Active Installs: 1,000,000 Last Updated: September 14, 2023 Patched Versions: 5.8.9 Affected Versions: <=5.8.8 Vulnerability Details: Name: Essential Addons for Elementor <= 5.8.8 – Authenticated (Contributor+) Privilege Escalation Type: Missing Authorization CVSS…
WordPress Plugin Vulnerability Report: EWWW Image Optimizer – Sensitive Information Exposure
Plugin Name: EWWW Image Optimizer Key Information: Software Type: Plugin Software Slug: ewww-image-optimizer Software Status: Active Software Author: nosilver4u Software Downloads: 33,159,954 Active Installs: 1,000,000 Last Updated: September 7, 2023 Patched Versions: 7.2.1 Affected Versions: <7.2.1 Vulnerability Details: Name: EWWW Image Optimizer <= 7.2.0 – Sensitive Information Exposure Type: Information Exposure CVSS Score: 5.3 (medium)…
WordPress Plugin Vulnerability Report: EmbedPress – Cross-Site Request Forgery
Plugin Name: EmbedPress Key Information: Software Type: Plugin Software Slug: embedpress Software Status: Active Software Author: wpdevteam Software Downloads: 1,709,151 Active Installs: 80,000 Last Updated: September 8, 2023 Patched Versions: 3.8.4 Affected Versions: <3.8.4 Vulnerability Details: Name: EmbedPress <= 3.8.3 – Cross-Site Request Forgery Type: Cross-Site Request Forgery (CSRF) CVSS Score: 4.3 (Medium) Publicly Published:…
WordPress Plugin Vulnerability Report: Duplicate Post Page Menu & Custom Post Type – Missing Authorization to Post Duplication – CVE-2023-4792
Plugin Name: Duplicate Post Page Menu & Custom Post Type Key Information: Software Type: Plugin Software Slug: duplicate-post-page-menu-custom-post-type Software Status: Removed Software Author: inqsys Software Downloads: 300,152 Active Installs: 30,000 Last Updated: September 7, 2023 Patched Versions: 2.4.0 Affected Versions: <=2.3.1 Vulnerability Details: Name: Duplicate Post Page Menu & Custom Post Type <= 2.3.1 –…
Common Signs Your WordPress Website May Be Compromised
You’ve invested time, money, and energy into building your business’s website on WordPress. It’s become a vital online presence and valuable asset for your company. But lurking in the shadows are potential security threats that can wreak havoc on your site. WordPress powers over 40% of all websites, making it an enticing target for hackers.…
Read More about Common Signs Your WordPress Website May Be Compromised