Author: Artyom Krugov

During a recent security test, a vulnerability identified as CVE-2024-8983 was discovered in Custom Twitter Feeds, a popular plugin. This vulnerability allows you to embed saved cross-site scripts (XSS) on the site, which can potentially lead to the creation of a backdoor and account hijacking.

CVE-2024-8617 detects a stored XSS vulnerability in the popular QuizMaker plugin for WordPress, which allows users to create various quizzes with different types of questions. Although it offers extensive functionality for creating quizzes, it also contains a critical security flaw

Vulnerability CVE-2024-7758 affects the Stylish Price List plugin, which is used in companies such as beauty salons, spas, restaurants, etc. This plugin allows users to create elegant price lists, helping to convert visitors into customers. However, this vulnerability opens up the possibility for attackers to inject malicious code into a website, leading to potential account hijacking or other serious security breaches.

The WordPress ecosystem offers a vast array of plugins to enhance website functionality, but it also opens the door to potential security vulnerabilities. One such vulnerability, identified as CVE-2024-6850, has been discovered in the “Carousel Slider” plugin, which is widely used for creating customizable, responsive carousel sliders. This vulnerability allows attackers to execute stored cross-site scripting (XSS) attacks, which could lead to the creation of malicious administrator accounts and full site compromise.

Progressive Web Apps (PWAs) have revolutionized the way websites interact with users, offering a mobile app-like experience directly from the web. One popular WordPress plugin, “PWA For WP & AMP,” integrates this advanced technology into WordPress sites, promising seamless offline support, app-like user interfaces, and faster loading times. However, with the increasing adoption of such technologies, security concerns have also grown. Recently, a significant vulnerability—CVE-2024-7759—was discovered in the “PWA For WP & AMP” plugin, posing a serious risk to website administrators and users alike.

One of the latest vulnerabilities discovered is CVE-2024-7955, discovered in the popular Starbox plugin. This preserved XSS vulnerability poses a serious danger because it allows attackers to inject malicious scripts into a website, which could potentially lead to a complete account hijacking. In this article, we will take a detailed look at this vulnerability, its consequences, and the steps you can take to protect your WordPress site.

In the realm of WordPress plugins, security vulnerabilities can pose significant threats to website integrity and user safety. One such vulnerability, identified as CVE-2024-7716, has been discovered in the GS Logo Slider Lite plugin. This Stored Cross-Site Scripting (XSS) vulnerability allows attackers to inject malicious JavaScript code, leading to the creation of a backdoor that can compromise administrator accounts and overall site security.