A critical vulnerability, CVE-2024-2744, has been discovered in NextGen Gallery, a popular WordPress plugin with over 500 000+ installations. This flaw exposes websites to the risk of Stored XSS attacks, potentially leading to account takeover and compromising website integrity. (if an attacker has previously hijacked an administrator or editor account, he can plant a backdoor to regain access back).
CVE-2024-3548 – Shortcodes Ultimate – Stored XSS to Admin Account Creation (Contributor+) Critical-High – POC
A critical vulnerability has emerged in Shortcodes Ultimate – CVE-2024-3548. With over 600k installations, this exploit poses a significant threat to WordPress sites. Let’s delve into the intricacies of this Stored XSS flaw and its potential repercussions.
CVE-2024-3241 – Ultimate Blocks – Stored XSS to Admin Account Creation (Contributor+) – POC
WordPress users beware! CVE-2024-3241 looms over Ultimate Blocks, exposing a Stored XSS vulnerability that enables admin account creation. This threat, originating from a seemingly harmless plugin, demands immediate attention to safeguard your website’s integrity.
CVE-2024-3368 – All in One SEO – Stored XSS to Admin Account Creation (Contributor+) Critical-High – POC
A critical security flaw has been discovered in the widely-used WordPress plugin, All in One SEO with more then 3 millions installations, marked as CVE-2024-3368. This vulnerability poses a significant threat, allowing attackers to execute malicious code through Stored Cross-Site Scripting (XSS) attacks, potentially leading to the creation of admin accounts by contributors.
Plugin Security Certification: “Smash Balloon Social Post Feed” – Version 4.2.4: Display Facebook posts with Enhanced Security
Enhance your WordPress site with a robust Facebook post display plugin that’s not only feature-rich but also prioritizes security. Smash Balloon Social Post Feed, now certified with the Plugin Security Certification (PSC) from CleanTalk, offers unparalleled customization options while maintaining top-notch security standards.
Plugin Security Certification: “Featured Image from URL (FIFU)” – Version 4.7.2: Use external images/videos with Enhanced Security
Are you looking to streamline your website’s media management process while ensuring top-notch security standards? Look no further than the Featured Image from URL (FIFU) plugin. Since its inception in 2015, FIFU has revolutionized the way thousands of websites handle external media, saving valuable resources and bolstering security measures.
CVE-2024-3692 – Gutenverse – Stored XSS to Admin Account Creation (Contributor+) – POC
Gutenverse, a popular WordPress plugin, harbors a serious vulnerability dubbed CVE-2024-3692. This flaw enables attackers to execute Stored XSS attacks, potentially leading to the creation of admin accounts. Let’s delve deeper into the discovery and implications of this vulnerability.
CVE-2024-3239 – PostX – Stored XSS to Admin Account Creation (Contributor+) – POC
The discovery of CVE-2024-3239 in the PostX plugin unveils a concerning vulnerability, exposing WordPress sites to the risk of Stored XSS attacks. This threat poses a significant danger to website security and integrity.
CVE-2024-2837 – WP Chat App – Stored XSS to JS backdoor creation – POC
The discovery of CVE-2024-2837 has unveiled a chilling reality within WP Chat App, where a Stored XSS vulnerability lurks. This flaw permits the injection of malicious scripts, opening the floodgates to potential backdoors. Let’s delve into the depths of this digital menace. (if an attacker has previously hijacked an administrator or editor account, he can plant a backdoor to regain access back).
CVE-2024-2159 – Sassy Social Share – Stored XSS to JS backdoor creation – POC
A critical vulnerability, CVE-2024-2159, has been uncovered in Sassy Social Share, exposing websites to a potent threat. This flaw allows attackers to execute Stored XSS attacks, potentially leading to JavaScript backdoors and compromising website integrity. (if an attacker has previously hijacked an administrator or editor account, he can plant a backdoor to regain access back).