Author: Artyom Krugov

The Mobile Contact Bar plugin for WordPress provides website owners with an intuitive way to create customizable contact options for their visitors. However, a critical Stored Cross-Site Scripting (XSS) vulnerability has been identified in versions below 3.0.5, which can lead to JavaScript backdoor creation and potential full site compromise. This article explores the discovery, exploitation, risks, and mitigation strategies for this vulnerability

WP Tabs is a widely used WordPress plugin designed to help users create and manage tabbed navigation on their websites. With its user-friendly interface and extensive customization options, WP Tabs has gained popularity among WordPress site owners. However, a security vulnerability (CVE-2024-111503) was discovered in versions below 2.2.7, exposing websites to a Stored Cross-Site Scripting (XSS) attack. This article delves into the discovery, exploitation, risks, and remediation of this vulnerability.

Lead Form Builder is a popular WordPress plugin designed to create and manage contact forms. It offers an easy-to-use drag-and-drop interface and integration with page builders like Elementor, Brizy, SiteOrigin, and Gutenberg. However, a security vulnerability (CVE-2024-10475) was discovered in versions prior to 1.9.8, which allows attackers to inject and execute malicious JavaScript code through Stored Cross-Site Scripting (XSS). This article explores the vulnerability, its risks, exploitation, and best practices to mitigate the issue.

Stored Cross-Site Scripting (Stored XSS) is a critical web security vulnerability that allows attackers to inject malicious scripts into a website, which are then executed in the browsers of unsuspecting users. This article focuses on CVE-2024-10703, a Stored XSS vulnerability found in versions below 2.13.4 of the “Registrations for The Events Calendar” plugin for WordPress. This vulnerability can be exploited by an attacker with administrator privileges to inject harmful scripts that execute when users interact with certain elements of the website.

WordPress plugins play a crucial role in extending the functionality of websites. However, vulnerabilities in these plugins can introduce significant security risks. One such vulnerability has been discovered in the Stylish Price List plugin (versions below 7.1.12), which enables users to create visually appealing price lists and pricing tables. The vulnerability allows a malicious actor to inject and store JavaScript code, leading to a Stored Cross-Site Scripting (XSS) attack that can compromise an administrator’s session.

In the ever-evolving landscape of cybersecurity, vulnerabilities in WordPress plugins remain a persistent threat. One such recent discovery is CVE-2024-9390, a Stored Cross-Site Scripting (XSS) vulnerability affecting versions of the RegistrationMagic plugin prior to 6.0.2.1. This flaw allows attackers with certain privileges to inject malicious scripts, which can execute arbitrary JavaScript in the administrator’s session, potentially leading to account hijacking or further exploitation of the system.

WordPress plugins are essential tools that enhance the functionality of websites, allowing users to extend features without modifying core code. However, security vulnerabilities in plugins can expose websites to serious threats, including Cross-Site Scripting (XSS) attacks. One such vulnerability has been identified in the “MB Custom Post Types & Custom Taxonomies” plugin (CVE-2024-10143), allowing stored XSS exploitation that could lead to administrative account creation and malicious script execution.

Hubbub Lite, a popular WordPress plugin for social sharing, allows users to integrate share buttons for major social networks such as Facebook, Twitter (X), Pinterest, and LinkedIn. However, a recently discovered vulnerability (CVE-2024-10145) exposes websites to stored cross-site scripting (XSS) attacks. This flaw could allow malicious actors to inject harmful scripts, leading to account hijacking and unauthorized actions within the site.