WordPress Plugin Vulnerability Report – Widgets for Google Reviews – Authenticated (Editor+) Arbitrary File Upload – CVE-2023-48275
Plugin Name: Widgets for Google Reviews Key Information: Software Type: Plugin Software Slug: wp-reviews-plugin-for-google Software Status: Active Software Author: trustindex…
WordPress Plugin Vulnerability Report – Login Lockdown – Authenticated (Administrator+) SQL Injection
Plugin Name: Login Lockdown Key Information: Software Type: Plugin Software Slug: login-lockdown Software Status: Active Software Author: webfactory Software Downloads: 1,446,808 Active Installs: 100,000 Last Updated: November…
WordPress Plugin Vulnerability Report – Abandoned Cart Lite for WooCommerce – Improper Authorization Vulnerabilities
Plugin Name: Abandoned Cart Lite for WooCommerce Key Information: Software Type: Plugin Software Slug: woocommerce-abandoned-cart Software Status: Active Software Author:…
WordPress Plugin Vulnerability Report – Analytify – Cross-Site Request Forgery
Plugin Name: Analytify Key Information: Software Type: Plugin Software Slug: wp-analytify Software Status: Active Software Author: hiddenpearls Software Downloads: 1,817,063 Active Installs: 40,000 Last Updated: November 20,…
WordPress Plugin Vulnerability Report – EmbedPress – Draft Vulnerability
Plugin Name: EmbedPress Key Information: Software Type: Plugin Software Slug: embedpress Software Status: Active Software Author: wpdevteam Software Downloads: 1,889,041 Active Installs: 80,000 Last Updated: November 17,…
WordPress Plugin Vulnerability Report – wpDiscuz – Authenticated (Administrator+) Stored Cross-Site Scripting
Plugin Name: wpDiscuz Key Information: Software Type: Plugin Software Slug: wpdiscuz Software Status: Active Software Author: advancedcoding Software Downloads: 3,042,036 Active Installs: 80,000 Last Updated: November 17,…
WordPress Plugin Vulnerability Report – Paid Memberships Pro – Authenticated (Subscriber+) Arbitrary File Upload – CVE-2023-6187
Plugin Name: Paid Memberships Pro Key Information: Software Type: Plugin Software Slug: paid-memberships-pro Software Status: Active Software Author: strangerstudios Software Downloads: 5,334,391 Active Installs: 90,000 Last…
WordPress Plugin Vulnerability Report – Slider – Missing Authorization via AJAX action
Plugin Name: Slider – Ultimate Responsive Image Slider Key Information: Software Type: Plugin Software Slug: ultimate-responsive-image-slider Software Status: Active Software Author: farazfrank Software Downloads: 1,338,384…
WordPress Plugin Vulnerability Report – Elementor Addon Elements – Cross-Site Request Forgery – CVE-2023-4690
Plugin Name: Elementor Addon Elements Key Information: Software Type: Plugin Software Slug: addon-elements-for-elementor-page-builder Software Status: Active Software Author: webtechstreet Software Downloads: 2,143,312 Active Installs: 100,000 Last…
WordPress Plugin Vulnerability Report – Forminator – Authenticated (Administrator+) Arbitrary File Upload – CVE-2023-6133
Plugin Name: Forminator Key Information: Software Type: Plugin Software Slug: forminator Software Status: Active Software Author: wpmudev Software Downloads: 5,677,838…
WordPress Plugin Vulnerability Report – Shareaholic – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2023-4889
Plugin Name: Shareaholic Key Information: Software Type: Plugin Software Slug: shareaholic Software Status: Active Software Author: shareaholic Software Downloads: 4,734,248 Active Installs: 30,000 Last Updated: November 14,…
WordPress Plugin Vulnerability Report – Ultimate Dashboard – Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings – CVE-2023-4726
Plugin Name: Ultimate Dashboard Key Information: Software Type: Plugin Software Slug: ultimate-dashboard Software Status: Active Software Author: davidvongries Software Downloads: 539,497 Active Installs: 60,000 Last Updated: November…