WordPress
Avoiding Information Overload: Filtering Reliable WordPress Advice
With over 40% of websites using WordPress as their CMS, there is plenty of information out there when you need advice. But with such high volumes, there are bound to be a few bad eggs. The internet is saturated with so-called “WordPress experts” offering contradicting advice. So, how do you know who to trust? As…
WordPress Plugin Vulnerability Report – WP Fastest Cache – Unauthenticated SQL Injection – CVE-2023-6063
Plugin Name: WP Fastest Cache Key Information: Software Type: Plugin Software Slug: wp-fastest-cache Software Status: Active Software Author: emrevona Software Downloads: 45,149,633 Active Installs: 1,000,000 Last Updated: November 13, 2023 Patched Versions: 1.2.2 Affected Versions: <= 1.2.1 Vulnerability Details: Name: WP Fastest Cache <= 1.2.2 – Unauthenticated SQL Injection Title: Unauthenticated SQL Injection Type: Improper…
WordPress Plugin Vulnerability Report – Advanced iFrame – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2023-4775
Plugin Name: Advanced iFrame Key Information: Software Type: Plugin Software Slug: advanced-iframe Software Status: Active Software Author: mdempfle Software Downloads: 1,768,520 Active Installs: 60,000 Last Updated: November 9, 2023 Patched Versions: 2023.9 Affected Versions: <= 2023.8 Vulnerability Details: Name: Advanced iFrame <= 2023.8 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Title: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Type: Improper Neutralization of Input During Web Page…
WordPress Plugin Vulnerability Report – Quiz And Survey Master – Multiple Cross-Site Request Forgery
Plugin Name: Quiz And Survey Master Key Information: Software Type: Plugin Software Slug: quiz-master-next Software Status: Active Software Author: expresstech Software Downloads: 2,153,834 Active Installs: 40,000 Last Updated: November 8, 2023 Patched Versions: 8.1.19 Affected Versions: <= 8.1.18 Vulnerability Details: Name: Quiz And Survey Master <= 8.1.18 – Multiple Cross-Site Request Forgery Title: Multiple Cross-Site Request Forgery Type: Cross-Site Request Forgery (CSRF) CVSS Score: 5.4 (Medium) Publicly Published: November…
WordPress Plugin Vulnerability Report – LearnPress – Reflected Cross-Site Scripting via add_internal_scripts_to_head
Plugin Name: LearnPress Key Information: Software Type: Plugin Software Slug: learnpress Software Status: Active Software Author: thimpress Software Downloads: 3,770,912 Active Installs: 90,000 Last Updated: November 7, 2023 Patched Versions: 4.2.5.4 Affected Versions: < 4.2.5.4 Vulnerability Details: Name: LearnPress <= 4.2.5.3 – Reflected Cross-Site Scripting via add_internal_scripts_to_head Title: Reflected Cross-Site Scripting via add_internal_scripts_to_head Type: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) CVSS Score: 6.1 (Medium)…
WordPress Plugin Vulnerability Report – UpdraftPlus – Cross-Site Request Forgery to Google Drive Storage Update – CVE-2023-5982
Plugin Name: UpdraftPlus Key Information: Software Type: Plugin Software Slug: updraftplus Software Status: Active Software Author: davidanderson Software Downloads: 107,410,188 Active Installs: 3,000,000 Last Updated: November 7, 2023 Patched Versions: 1.23.11 Affected Versions: <= 1.23.10 Vulnerability Details: Name: UpdraftPlus <= 1.23.10 – Cross-Site Request Forgery to Google Drive Storage Update Title: Cross-Site Request Forgery to Google Drive Storage Update Type: Cross-Site Request Forgery (CSRF) CVE: CVE-2023-5982 CVSS Score: 5.4…
Locked Out? Understanding WordPress Login Error Messages
We all know the frustration of trying to access your website only to be met with an error message. As a WordPress website owner, encountering a login error can be incredibly annoying. You want to make changes to your site, write an important blog post, or look at the sales in WooCommerce, but these vague…
WordPress Plugin Vulnerability Report – User Profile Builder – Cross-Site Request Forgery via pms-cross-promotion.php
Plugin Name: User Profile Builder Key Information: Software Type: Plugin Software Slug: profile-builder Software Status: Active Software Author: reflectionmedia Software Downloads: 3,998,068 Active Installs: 50,000 Last Updated: November 7, 2023 Patched Versions: 3.10.4 Affected Versions: <= 3.10.3 Vulnerability Details: Name: Profile Builder <= 3.10.4 – Cross-Site Request Forgery via pms-cross-promotion.php Title: Cross-Site Request Forgery via pms-cross-promotion.php Type: Cross-Site Request Forgery (CSRF) CVSS Score: 7.1 (High) Publicly Published: November 7,…
WordPress Plugin Vulnerability Report – Social Warfare – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2023-4842
Plugin Name: Social Warfare Key Information: Software Type: Plugin Software Slug: social-warfare Software Status: Active Software Author: warfareplugins Software Downloads: 1,609,161 Active Installs: 30,000 Last Updated: November 6, 2023 Patched Versions: 4.4.4 Affected Versions: <= 4.4.3 Vulnerability Details: Name: Social Sharing Plugin – Social Warfare <= 4.4.3 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Type: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Type: Improper Neutralization of…
WordPress Plugin Vulnerability Report – Code Snippets – Cross-Site Request Forgery via load
Plugin Name: Code Snippets Key Information: Software Type: Plugin Software Slug: code-snippets Software Status: Active Software Author: bungeshea Software Downloads: 8,867,266 Active Installs: 800,000 Last Updated: November 6, 2023 Patched Versions: 3.6.0 Affected Versions: < 3.6.0 Vulnerability Details: Name: Code Snippets <= 3.5.0 – Cross-Site Request Forgery via load Type: Cross-Site Request Forgery (CSRF) CVSS Score: 5.4 (Medium) Publicly Published: November 6, 2023 Description: The Code Snippets plugin for…