WordPress
WordPress Plugin Vulnerability Report – Top 10 – Cross-Site Request Forgery via edit_count_ajax
Plugin Name: Top 10 Key Information: Software Type: Plugin Software Slug: top-10 Software Status: Active Software Author: ajay Software Downloads: 1,049,082 Active Installs: 20,000 Last Updated: November 3, 2023 Patched Versions: 3.3.3 Affected Versions: <= 3.3.2 Vulnerability Details: Name: Top 10 <= 3.3.2 – Cross-Site Request Forgery via edit_count_ajax Title: Cross-Site Request Forgery via edit_count_ajax…
WordPress Plugin Vulnerability Report – Kadence WooCommerce Email Designer – Cross-Site Request Forgery
Plugin Name: Kadence WooCommerce Email Designer Key Information: Software Type: Plugin Software Slug: kadence-woocommerce-email-designer Software Status: Active Software Author: britner Software Downloads: 1,533,682 Active Installs: 100,000 Last Updated: November 2, 2023 Patched Versions: 1.5.12 Affected Versions: <= 1.5.11 Vulnerability Details: Name: Kadence WooCommerce Email Designer <= 1.5.11 – Cross-Site Request Forgery Type: Cross-Site Request Forgery (CSRF) CVSS Score: 4.3 (Medium) Publicly Published: November 2, 2023 Description: The Kadence WooCommerce…
WordPress Plugin Vulnerability Report – Drag and Drop Multiple File Upload– Contact Form 7 – Unauthenticated Arbitrary File Upload – CVE-2023-5822
Plugin Name: Drag and Drop Multiple File Upload- Contact Form 7 Key Information: Software Type: Plugin Software Slug: drag-and-drop-multiple-file-upload-contact-form-7 Software Status: Active Software Author: glenwpcoder Software Downloads: 575,808 Active Installs: 50,000 Last Updated: November 1, 2023 Patched Versions: 1.3.7.4 Affected Versions: <= 1.3.7.3 Vulnerability Details: Name: Drag and Drop Multiple File Upload – Contact Form 7 <= 1.3.7.3 – Unauthenticated Arbitrary File Upload Title: Unauthenticated Arbitrary…
WordPress Plugin Vulnerability Report – GiveWP – Cross-Site Request Forgery – CVE-2023-4247, CVE-2023-4248
Plugin Name: GiveWP Key Information: Software Type: Plugin Software Slug: give Software Status: Active Software Author: webdevmattcrom Software Downloads: 6,043,447 Active Installs: 100,000 Last Updated: October 31, 2023 Patched Versions: 2.33.4 Affected Versions: <= 2.33.3 Vulnerability 1 Details: Name: GiveWP <= 2.33.3 – Cross-Site Request Forgery to plugin deactivation Title: Cross-Site Request Forgery to plugin deactivation Type: Cross-Site Request Forgery (CSRF) CVE: CVE-2023-4247 CVSS Score: 5.4 (Medium) Publicly Published: October…
WordPress Plugin Vulnerability Report – Solid Security – Unauthenticated Login Page Disclosure
Plugin Name: Solid Security Key Information: Software Type: Plugin Software Slug: better-wp-security Software Status: Active Software Author: ithemes Software Downloads: 28,594,364 Active Installs: 900,000 Last Updated: October 31, 2023 Patched Versions: 9.0.1 Affected Versions: <= 9.0.0 Vulnerability Details: Name: Solid Security Basic <= 9.0.0 – Unauthenticated Login Page Disclosure Title: Unauthenticated Login Page Disclosure Type:…
How to Choose Between Manual and Automated WordPress Maintenance
If you’re running a small business owner, you’re likely wearing many hats and juggling countless tasks. And if you’re using WordPress for your website (which, let’s be honest, is pretty likely considering WordPress powers over 40% of the web), that’s another hat to add to your collection: The WordPress maintenance hat! Before you start panicking…
WordPress Plugin Vulnerability Report – News & Blog Designer Pack – Unauthenticated Remote Code Execution via Local File Inclusion – CVE-2023-5815
Plugin Name: News & Blog Designer Pack Key Information: Software Type: Plugin Software Slug: blog-designer-pack Software Status: Active Software Author: infornweb Software Downloads: 408,098 Active Installs: 30,000 Last Updated: October 26, 2023 Patched Versions: 3.4.2 Affected Versions: <=3.4.1 Vulnerability Details: Name: News & Blog Designer Pack – WordPress Blog Plugin <= 3.4.1 – Unauthenticated Remote Code Execution via Local File Inclusion Title: Unauthenticated Remote Code Execution…
WordPress Plugin Vulnerability Report – All-In-One Security – Protection Bypass of Renamed Login Page via URL Encoding
Plugin Name: All-In-One Security Key Information: Software Type: Plugin Software Slug: all-in-one-wp-security-and-firewall Software Status: Active Software Author: davidanderson Software Downloads: 24,151,775 Active Installs: 1,000,000 Last Updated: October 25, 2023 Patched Versions: 5.2.5 Affected Versions: <5.2.5 Vulnerability Details: Name: All In One WP Security <= 5.2.4 – Protection Bypass of Renamed Login Page via URL Encoding Type: Protection Mechanism Failure CVSS Score: 5.3 (Medium) Publicly…
WordPress Plugin Vulnerability Report – VK Blocks – Authenticated (Contributor+) Stored Cross-Site Scripting via Block – CVE-2023-5706
Plugin Name: VK Blocks Key Information: Software Type: Plugin Software Slug: vk-blocks Software Status: Active Software Author: vektor-inc Software Downloads: 2,017,789 Active Installs: 80,000 Last Updated: October 24, 2023 Patched Versions: 1.64.0.0 Affected Versions: <= 1.63.0.1 Vulnerability Details: Name: VK Blocks <= 1.63.0.1 – Authenticated (Contributor+) Stored Cross-Site Scripting via Block Title: Authenticated (Contributor+) Stored Cross-Site Scripting via Block Type: Improper Neutralization of Input…
Deciphering Error Messages on Your WordPress Home Screen: A Beginner’s Guide
“What does this random combination of numbers mean? Is my site broken?” you wonder anxiously. While confusing at first glance, WordPress error codes act as handy clues pointing you to potential issues. Once decoded, they transform from indecipherable codes into helpful guides directing you to solutions. This beginner’s guide will decode common WordPress error messages…