WordPress Plugin Vulnerability Report – WPLegalPages – Authenticated (Author+) Stored Cross-Site Scripting via Shortcode – CVE-2023-4968
Plugin Name: Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin: WPLegalPages Key Information: Software Type: Plugin Software Slug: wplegalpages…
WordPress Plugin Vulnerability Report – WordPress Popular Posts – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Plugin Name: WordPress Popular Posts Key Information: Software Type: Plugin Software Slug: wordpress-popular-posts Software Status: Active Software Author: hcabrera Software Downloads: 7,045,880 Active Installs: 200,000 Last…
WordPress Plugin Vulnerability Report – Hotjar – Authenticated (Administrator+) Stored Cross-Site Scripting – CVE-2023-1259
Plugin Name: Hotjar Key Information: Software Type: Plugin Software Slug: hotjar Software Status: Removed Software Author: hotjar Software Downloads: 868,850 Active Installs: 100,000 Last Updated: October…
WordPress Plugin Vulnerability Report – Booster for WooCommerce – Authenticated (Subscriber+) Information Disclosure via Shortcode
Plugin Name: Booster for WooCommerce Key Information: Software Type: Plugin Software Slug: woocommerce-jetpack Software Status: Active Software Author: pluggabl Software Downloads: 3,383,182 Active Installs: 60,000 Last…
WordPress Plugin Vulnerability Report – POST SMTP Mailer – Authenticated (Administrator+) SQL Injection
Plugin Name: POST SMTP Mailer Key Information: Software Type: PluginSoftware Slug: post-smtpSoftware Status: ActiveSoftware Author: wpexpertsioSoftware Downloads: 9,128,571Active Installs: 300,000Last…
WordPress Plugin Vulnerability Report – Modern Events Calendar Lite – Authenticated (Admin+) Stored Cross-Site Scripting – CVE-2023-4021
Plugin Name: Modern Events Calendar Lite Key Information: Software Type: PluginSoftware Slug: modern-events-calendar-liteSoftware Status: RemovedSoftware Author: webnus/Software Downloads: 3,047,787Active Installs:…
WordPress Plugin Vulnerability Report – iframe – Authenticated (Contributor+) Stored Cross-Site Scripting via ‘iframe’ Shortcode – CVE-2023-4919
Plugin Name: iframe Key Information: Software Type: Plugin Software Slug: iframe Software Status: Active Software Author: webvitaly Software Downloads: 1,423,357…
WordPress Plugin Vulnerability Report – Ad Inserter – Unauthenticated Sensitive Information Exposure – CVE-2023-4668, CVE-2023-4645
Plugin Name: Ad Inserter Key Information: Software Type: Plugin Software Slug: ad-inserter Software Status: Active Software Author: Spacetime Software Downloads:…
WordPress Plugin Vulnerability Report – Media Library Assistant – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2023-4716
Plugin Name: Media Library Assistant Key Information: Software Type: Plugin Software Slug: media-library-assistant Software Status: Active Software Author: David Lingren…
WordPress Plugin Vulnerability Report – Leaflet Map – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2023-5050
Plugin Name: Leaflet Map Key Information: Software Type: Plugin Software Slug: leaflet-map Software Status: Active Software Author: bozdoz Software Downloads:…
WordPress Plugin Vulnerability Report – Table of Contents Plus – Authenticated (Administrator+) Stored Cross-Site Scripting
Plugin Name: Table of Contents Plus Key Information: Software Type: Plugin Software Slug: table-of-contents-plus Software Status: Active Software Author: conjur3r…
WordPress Plugin Vulnerability Report – Comments – wpDiscuz – Unauthenticated SQL Injection
Plugin Name: Comments – wpDiscuz Key Information: Software Type: Plugin Software Slug: wpdiscuz Software Status: Active Software Author: advancedcoding Software…