WordPress
User Profile Builder – Insecure Direct Object Reference – CVE-2023-6504 | WordPress Plugin Vulnerability Report
Plugin Name: User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor Key Information: Software Type: Plugin Software Slug: profile-builder Software Status: Active Software Author: reflectionmedia Software Downloads: 4,108,981 Active Installs: 50,000 Last Updated: January 5, 2024 Patched Versions: 3.10.8 Affected Versions: <= 3.10.6 Vulnerability Details: Name: Profile Builder <= 3.10.7…
RSS Aggregator by Feedzy Vulnerability – Missing Authorization – CVE-2023-6798 | WordPress Plugin Vulnerability Report
Plugin Name: RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator Key Information: Software Type: Plugin Software Slug: feedzy-rss-feeds Software Status: Active Software Author: themeisle Software Downloads: 1,986,458 Active Installs: 50,000 Last Updated: January 5, 2024 Patched Versions: 4.3.3 Affected Versions: <= 4.3.2 Vulnerability Details: Name: RSS Aggregator by…
Hostinger Vulnerability – Missing Authorization to Maintenance Mode Activation – CVE-2023-6751 | WordPress Plugin Vulnerability Report
Plugin Name: Hostinger Key Information: Software Type: Plugin Software Slug: hostinger Software Status: Active Software Author: hostinger Software Downloads: 1,609,570 Active Installs: 1,000,000 Last Updated: January 5, 2024 Patched Versions: 1.9.8 Affected Versions: <= 1.9.7 Vulnerability Details: Name: Hostinger <= 1.9.7 – Missing Authorization to Maintenance Mode Activation Title: Missing Authorization to Maintenance Mode Activation Type: Missing Authorization CVE: CVE-2023-6751 CVSS Score: 7.3 (High) Publicly Published: January 5, 2024 Researcher: Lucio…
Orbit Fox by ThemeIsle Vulnerability – Authenticated Stored Cross-Site Scripting – CVE-2023-6781 | WordPress Plugin Vulnerability Report
Plugin Name: Orbit Fox by ThemeIsle Key Information: Software Type: Plugin Software Slug: themeisle-companion Software Status: Active Software Author: themeisle Software Downloads: 10,910,881 Active Installs: 200,000 Last Updated: January 5, 2024 Patched Versions: <= 2.10.26 Affected Versions: 2.10.27 Vulnerability Details: Name: Orbit Fox Companion <= 2.10.26 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via custom…
LightStart Vulnerability – Maintenance Mode, Coming Soon and Landing Page Builder – Missing Authorization – CVE-2023-7019| WordPress Plugin Vulnerability Report
Plugin Name: LightStart – Maintenance Mode, Coming Soon and Landing Page Builder Key Information: Software Type: Plugin Software Slug: wp-maintenance-mode Software Status: Active Software Author: themeisle Software Downloads: 15,432,322 Active Installs: 700,000 Last Updated: January 5th, 2024 Patched Versions: 2.6.9 Affected Versions: <= 2.6.8 Vulnerability Details: Name: LightStart – Maintenance Mode, Coming Soon and Landing…
Complianz Vulnerability – Authenticated(Administrator+) Stored Cross-site Scripting via settings – CVE-2023-6498 | WordPress Plugin Vulnerability Report
Plugin Name: Complianz Key Information: Software Type: Plugin Software Slug: complianz-gdpr Software Status: Active Software Author: rogierlankhorst Software Downloads: 13,636,569 Active Installs: 800,000 Last Updated: January 3, 2024 Patched Versions: 6.5.6 Affected Versions: <= 6.5.5 Vulnerability Details: Name: Complianz | GDPR/CCPA Cookie Consent <= 6.5.5 – Authenticated(Administrator+) Stored Cross-site Scripting via settings Title: Authenticated(Administrator+) Stored Cross-site Scripting via settings Type: Improper Neutralization of Input During Web Page…
Database Dangers: Why Overloaded Databases Threaten Your Website
It’s a small ecommerce business’s first holiday season when disaster strikes – error messages blanket the site, pages time out under surging traffic, images and links break inexplicably. Thousands in potential revenue vanish despite desperately contacting the hosting provider for solutions. This can quickly and unexpectedly become a reality for any business on shared hosting…
WP Shortcodes Plugin Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2023-6488 | WordPress Plugin Vulnerability Report
Plugin Name: WP Shortcodes Plugin Key Information: Software Type: Plugin Software Slug: shortcodes-ultimate Software Status: Active Software Author: gn_themes Software Downloads: 18,131,157 Active Installs: 600,000 Last Updated: December 18, 2023 Patched Versions: <= 7.0.0 Affected Versions: 7.0.1 Vulnerability Details: Name: WP Shortcodes Plugin – Shortcodes Ultimate <= 7.0.0 – Authenticated (Contributor+) Stored Cross-Site Scripting Title: Authenticated (Contributor+) Stored Cross-Site Scripting Type: Improper Neutralization of Input During Web…
Your Website Down? Your WP Guy Won’t Leave You Hanging in a Crisis
What’s Your Plan When Your Website Goes Dark at 3 AM? It’s every business owner’s nightmare – you wake up to an emergency text that your WordPress site is down. The overnight traffic surge from your new product launch has crashed your server and you’re losing thousands in sales by the minute. In this insightful…
SpeedyCache Vulnerability – Missing Authorization to Plugin Options Update – CVE-2023-6598 | WordPress Plugin Vulnerability Report
Plugin Name: SpeedyCache Key Information: Software Type: Plugin Software Slug: speedycache Software Status: Active Software Author: softaculous Software Downloads: 861,450 Active Installs: 100,000 Last Updated: December 16, 2023 Patched Versions: 1.1.4 Affected Versions: <= 1.1.3 Vulnerability Details: Name: SpeedyCache <= 1.1.3 – Missing Authorization to Plugin Options Update Type: Missing Authorization CVE: CVE-2023-6598 CVSS Score: 4.3 (Medium) Publicly Published: December 16, 2023 Researcher: Lucio Sá Description: The SpeedyCache plugin for WordPress…