WordPress Updates

File Manager Vulnerability – Sensitive Information Exposure via Backup Filenames – CVE-2024-0761 | WordPress Plugin Vulnerability Report

By Your WP Guy / Jan 22, 2024

Plugin Name: File Manager Key Information: Software Type: Plugin Software Slug: wp-file-manager Software Status: Active Software Author: mndpsingh287 Software Downloads: 19,681,705 Active Installs: 1,000,000 Last Updated: January 22, 2024 Patched Versions: 7.2.2 Affected Versions: <= 7.2.1 Vulnerability Details: Name: File Manager <= 7.2.1 – Sensitive Information Exposure via Backup Filenames Title: Sensitive Information Exposure via…

Contact Form Plugin – Authenticated(Administrator+) Stored Cross-Site Scripting via imported form title – CVE-2024-0618 | WordPress Plugin Vulnerability Report

By Your WP Guy / Jan 18, 2024

Plugin Name: Contact Form Plugin – Fastest Contact Form Builder Plugin for WordPress by Fluent Forms Key Information: Software Type: Plugin Software Slug: fluentform Software Status: Active Software Author: techjewel Software Downloads: 5,679,069 Active Installs: 400,000 Last Updated: January 18, 2024 Patched Versions: 5.1.7 Affected Versions: <= 5.1.5 Vulnerability Details: Name: Fluent Forms <= 5.1.5…

List Category Posts Vulnerability- Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2023-6994 |WordPress Plugin Vulnerability Report 

By Your WP Guy / Jan 9, 2024

Plugin Name: List Category Posts Key Information: Software Type: Plugin Software Slug: list-category-posts Software Status: Active Software Author: fernandobt Software Downloads: 3,740,714 Active Installs: 100,000 Last Updated: January 9, 2024 Patched Versions: 0.89.4 Affected Versions: <= 0.89.3 Vulnerability Details: Name: List Category Posts <= 0.89.3 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N…

Clone Vulnerability – Sensitive Information Exposure – CVE-2023-6750 | WordPress Plugin Vulnerability Report

By Your WP Guy / Dec 18, 2023

Plugin Name: Clone Key Information: Software Type: Plugin Software Slug: wp-clone-by-wp-academy Software Status: Active Software Author: migrate Software Downloads: 3,152,544 Active Installs: 90,000 Last Updated: December 18, 2023 Patched Versions: 2.4.3 Affected Versions: <= 2.4.2 Vulnerability Details: Name: WP Clone <= 2.4.2 – Sensitive Information Exposure Title: Sensitive Information Exposure Type: Information Exposure CVE: CVE-2023-6750 CVSS Score: 9.8 (Critical) Publicly Published: December 18, 2023 Researcher: Dmitrii Ignatyev Description: The Clone plugin for…

WordPress Plugin Vulnerability Report – Google Language Translator – Missing Authorization to Notice Dismissal

By Your WP Guy / Dec 8, 2023

Plugin Name: Google Language Translator Key Information: Software Type: Plugin Software Slug: google-language-translator Software Status: Active Software Author: edo888 Software Downloads: 3,145,040 Active Installs: 100,000 Last Updated: December 8, 2023 Patched Versions: 6.0.20 Affected Versions: < 6.0.20 Vulnerability Details: Name: Google Language Translator <= 6.0.20 – Missing Authorization to Notice Dismissal Type: Missing Authorization CVSS Score: 5.3 (Medium) Publicly Published: December 8, 2023 Description: The Translate WordPress – Google…

WordPress Plugin Vulnerability Report – Widgets for Google Reviews – Authenticated (Editor+) Arbitrary File Upload – CVE-2023-48275

By Your WP Guy / Nov 22, 2023

Plugin Name: Widgets for Google Reviews Key Information: Software Type: Plugin Software Slug: wp-reviews-plugin-for-google Software Status: Active Software Author: trustindex Software Downloads: 4,619,317 Active Installs: 300,000 Last Updated: November 22, 2023 Patched Versions: 11.1 Affected Versions: <= 11.0.2 Vulnerability Details: Name: Widgets for Google Reviews <= 11.0.2 – Authenticated (Editor+) Arbitrary File Upload Title: Authenticated…

How to Choose Between Manual and Automated WordPress Maintenance

By Your WP Guy / Oct 31, 2023

If you’re running a small business owner, you’re likely wearing many hats and juggling countless tasks. And if you’re using WordPress for your website (which, let’s be honest, is pretty likely considering WordPress powers over 40% of the web), that’s another hat to add to your collection: The WordPress maintenance hat! Before you start panicking…

WordPress Plugin Vulnerability Report – Comments – wpDiscuz – Unauthenticated SQL Injection

By Your WP Guy / Sep 18, 2023

Plugin Name: Comments – wpDiscuz Key Information: Software Type: Plugin Software Slug: wpdiscuz Software Status: Active Software Author: advancedcoding Software Downloads: 2,865,421 Active Installs: 80,000 Last Updated: September 18, 2023 Patched Versions: 7.6.6 Affected Versions: <=7.6.5 Vulnerability Details: Name: wpDiscuz <= 7.6.5 – Unauthenticated SQL Injection Type: Improper Neutralization of Special Elements used in an…

WordPress Plugin Vulnerability Report: Starter Templates – Incorrect Authorization – CVE-2023-41805

By Your WP Guy / Sep 8, 2023

Plugin Name: Starter Templates Key Information: Software Type: Plugin Software Slug: astra-sites Software Status: Active Software Author: brainstormforce Software Downloads: 38,934,354 Active Installs: 1,000,000 Last Updated: September 8, 2023 Patched Versions: 3.2.6 Affected Versions: <=3.2.5 Vulnerability Details: Name: Starter Templates <= 3.2.5 – Incorrect Authorization Type: Missing Authorization CVE: CVE-2023-41805 CVSS Score: 4.3 (Medium) Publicly…

How Can I Improve the Security of My WordPress Site through Maintenance?

By Your WP Guy / Jul 25, 2023

As an entrepreneur, you likely have a laundry list of responsibilities, and chances are high that website security might not be at the top of that list. However, if you’re using WordPress for your business website, it’s time to rethink your priorities. With the ever-increasing risk of cyber threats, it’s more important than ever to…