A critical vulnerability, CVE-2024-2583, has been uncovered in Shortcodes Ultimate, a popular WordPress plugin with over 600,000 installations. This flaw allows attackers to exploit Stored XSS, potentially leading to unauthorized admin account creation and compromising entire websites.
A critical vulnerability, CVE-2023-7164, has been uncovered in the popular WordPress plugin BackWPup, impacting over 600,000 active installations. This flaw exposes sensitive data and paves the way for potential account takeovers, posing a severe threat to website security.
A critical vulnerability, CVE-2024-2509, has been uncovered in the popular Gutenberg Blocks by Kadence Blocks plugin, boasting over 400,000 active installations. This flaw opens the door to malicious attackers, allowing them to execute Stored XSS attacks and potentially create admin accounts, posing a significant threat to WordPress sites.
A critical vulnerability, CVE-2024-0673, has been uncovered in the Pz-LinkCard plugin for WordPress. This flaw allows for the execution of Stored Cross-Site Scripting (XSS) attacks, enabling malicious actors to create JavaScript backdoors and potentially compromise admin accounts. As a result, high privilege users such as administrators can exploit this flaw to execute malicious scripts, potentially leading to account takeover (if an attacker has previously hijacked an administrator or editor account, he can plant a backdoor to regain access back).
The Call Now Button plugin simplifies communication for mobile users by adding a convenient click-to-call button at the bottom of the screen. With a single touch, visitors can initiate a call, eliminating the need for manual dialing or navigating to the contact page. In addition to its primary function, the plugin offers enhanced security features, including robust protection against potential vulnerabilities, validated through the Plugin Security Certification (PSC) from CleanTalk.
CVE-2024-0677 shines a light on a critical vulnerability lurking in the Pz-LinkCard WordPress plugin. This flaw exposes websites to SSRF attacks, posing a significant threat to their security and integrity. Let’s delve deeper into the discovery, implications, and potential countermeasures to safeguard your WordPress installations.
A critical vulnerability, CVE-2024-1745, has emerged in the Testimonial Slider plugin for WordPress, compromising the integrity of website settings. This flaw grants non-privileged users unauthorized access to manipulate plugin configurations, posing significant security risks.
A critical security vulnerability has been identified in the “Profile Box Shortcode And Widget” plugin for WordPress, marked as CVE-2024-1401. This flaw enables attackers to execute malicious scripts and potentially create backdoors through the plugin’s functionality. In this article, we delve into the discovery of the vulnerability, understand the implications of Stored XSS in WordPress, explore the exploitation process, discuss potential risks and real-world scenarios, and conclude with recommendations for enhanced security measures. As a result, high privilege users such as administrators can exploit this flaw to execute malicious scripts, potentially leading to account takeover (if an attacker has previously hijacked an administrator or editor account, he can plant a backdoor to regain access back).
Social Chat (Click To Chat App) is a powerful plugin designed to streamline customer communication by enabling seamless integration with WhatsApp. With just a click, users can initiate conversations directly from your website to your WhatsApp or WhatsApp Business phone number. In this article, we explore the significance of Social Chat, emphasizing its security features and its recognition through the “Plugin Security Certification” (PSC) from CleanTalk.
A critical vulnerability, identified as CVE-2024-1658, has been unearthed in the “Grid Shortcodes” plugin for WordPress. This vulnerability, stemming from a Stored XSS flaw, enables malicious actors to create admin accounts via a simple shortcode, posing significant security risks to WordPress websites.