CVE-2024-9236 – Team Members Showcase – Stored XSS to Admin Creation – POC

CVE-2024-9236 – Team Members Showcase  – Stored XSS to Admin Creation – POC

The Team Members Showcase plugin for WordPress has discovered a vulnerability CVE-2024-9236, which allows an attacker to execute saved cross-site scripts (XSS) and potentially intercept administrative accounts.It offers website administrators a universal tool for displaying team members on their site using various layouts such as grids and sliders. This plugin is highly customizable, adaptive, and compatible with Elementor, allowing users to easily create professional-looking team storefronts.

Plugin Security Certification (PSC-2024-64530): “Tracking Code Manager” – Version 2.3.0: Use Code manager with Enhanced Security

Plugin Security Certification (PSC-2024-64530): “Tracking Code Manager” – Version 2.3.0: Use Code manager with Enhanced Security

Tracking Code Manager is a powerful WordPress plugin designed to give website owners full control over third-party tracking codes and scripts. Whether you need to implement Google Analytics, Facebook retargeting, or other platforms to improve user experience, this plugin provides a centralized interface to effectively manage all your codes. Developed by Data443, a leader in data protection and privacy, Tracking Code Manager allows you to easily place tracking codes on different pages or in different locations, while respecting global privacy laws such as GDPR. This plugin has also been thoroughly tested for security and has successfully received the Plugin Security Certification (PSC) from CleanTalk, which guarantees its compliance with strict security protocols.

CVE-2024-9021 – Relevanssi – Stored XSS to Admin Account Creation (Contributor+) – POC

CVE-2024-9021 – Relevanssi – Stored XSS to Admin Account Creation (Contributor+) – POC

CVE-2024-9021 An XSS vulnerability found recently in the Relevanssi plugin, which is one of the most popular WordPress plugins, extends the standard WordPress search feature by adding powerful customization options and increasing search relevance. However, the recent discovery of a stored XSS vulnerability in Relevanssi version 4.23.1 and below has raised concerns about the security of the website. This vulnerability may allow developers to inject malicious scripts, which will lead to serious consequences for site administrators

Plugin Security Certification (PSC-2024-64529): “Matomo Analytics” – Version 5.1.3: Use Ethical stats with Enhanced Security

Plugin Security Certification (PSC-2024-64529): “Matomo Analytics” – Version 5.1.3: Use Ethical stats with Enhanced Security

Matomo Analytics is a powerful, secure, and privacy-focused alternative to Google Analytics, offering website owners full control over their data. Unlike many third-party analytics tools, Matomo is hosted on your own servers, ensuring 100% data ownership and privacy compliance. It empowers businesses to make data-driven decisions while protecting user privacy, without sacrificing any advanced analytics features. With an intuitive interface, Matomo makes it easy to gain valuable insights into customer behavior, website performance, and marketing effectiveness, all while adhering to the highest ethical standards. This plugin has also undergone rigorous security testing and has successfully obtained the Plugin Security Certification (PSC) from CleanTalk, ensuring it meets stringent security protocols.

CVE-2024-7758 – Stylish Price List – Stored XSS(Contributor+) – POC

CVE-2024-7758 – Stylish Price List – Stored XSS(Contributor+) – POC

Vulnerability CVE-2024-7758 affects the Stylish Price List plugin, which is used in companies such as beauty salons, spas, restaurants, etc. This plugin allows users to create elegant price lists, helping to convert visitors into customers. However, this vulnerability opens up the possibility for attackers to inject malicious code into a website, leading to potential account hijacking or other serious security breaches.

Plugin Security Certification (PSC-2024-64524): “Events Manager” – Version 6.6.1: Use Events Functions with Enhanced Security

Plugin Security Certification (PSC-2024-64524): “Events Manager” – Version 6.6.1: Use Events Functions with Enhanced Security

The plugin is meticulously engineered to deliver reliability, scalability, and secure handling of user data. Recently, Events Manager has successfully undergone a rigorous security audit, earning the prestigious Plugin Security Certification (PSC) from CleanTalk, further solidifying its reputation as a secure solution for managing events on WordPress.

CVE-2024-6850 – Carousel Slider – Stored XSS to Admin Account Creation – POC

CVE-2024-6850 – Carousel Slider – Stored XSS to Admin Account Creation – POC

The WordPress ecosystem offers a vast array of plugins to enhance website functionality, but it also opens the door to potential security vulnerabilities. One such vulnerability, identified as CVE-2024-6850, has been discovered in the “Carousel Slider” plugin, which is widely used for creating customizable, responsive carousel sliders. This vulnerability allows attackers to execute stored cross-site scripting (XSS) attacks, which could lead to the creation of malicious administrator accounts and full site compromise.