A critical vulnerability, CVE-2024-2729, found in Otter Blocks, a popular WordPress plugin with over 300,000 installations, poses a significant risk to website security. This exploit allows attackers to execute malicious JavaScript code, potentially leading to the creation of admin accounts.
A critical security flaw has been uncovered in “The Ultimate Video Player For WordPress” plugin, tagged as CVE-2024-2428. This vulnerability jeopardizes over 100,000 WordPress installations, enabling attackers to execute Stored Cross-Site Scripting (XSS) attacks, potentially leading to Admin Account Creation.
CVE-2024-2444 poses a significant threat to WordPress sites utilizing Inline Related Posts plugin, with over 100,000 installations. This vulnerability allows malicious actors to execute Stored XSS attacks, potentially leading to the creation of JavaScript backdoors, compromising website integrity. (if an attacker has previously hijacked an administrator or editor account, he can plant a backdoor to regain access back).
A critical security flaw, identified as CVE-2024-2369, threatens the integrity of over 400,000 WordPress sites leveraging the Page Builder Gutenberg Blocks plugin. This vulnerability, allowing Stored XSS to Admin Account Creation, poses an imminent risk of unauthorized access and control over administrative privileges.
A critical vulnerability, CVE-2024-2583, has been uncovered in Shortcodes Ultimate, a popular WordPress plugin with over 600,000 installations. This flaw allows attackers to exploit Stored XSS, potentially leading to unauthorized admin account creation and compromising entire websites.
A critical vulnerability, CVE-2023-7164, has been uncovered in the popular WordPress plugin BackWPup, impacting over 600,000 active installations. This flaw exposes sensitive data and paves the way for potential account takeovers, posing a severe threat to website security.
A critical vulnerability, CVE-2024-2509, has been uncovered in the popular Gutenberg Blocks by Kadence Blocks plugin, boasting over 400,000 active installations. This flaw opens the door to malicious attackers, allowing them to execute Stored XSS attacks and potentially create admin accounts, posing a significant threat to WordPress sites.
A critical vulnerability, CVE-2024-0673, has been uncovered in the Pz-LinkCard plugin for WordPress. This flaw allows for the execution of Stored Cross-Site Scripting (XSS) attacks, enabling malicious actors to create JavaScript backdoors and potentially compromise admin accounts. As a result, high privilege users such as administrators can exploit this flaw to execute malicious scripts, potentially leading to account takeover (if an attacker has previously hijacked an administrator or editor account, he can plant a backdoor to regain access back).
The Call Now Button plugin simplifies communication for mobile users by adding a convenient click-to-call button at the bottom of the screen. With a single touch, visitors can initiate a call, eliminating the need for manual dialing or navigating to the contact page. In addition to its primary function, the plugin offers enhanced security features, including robust protection against potential vulnerabilities, validated through the Plugin Security Certification (PSC) from CleanTalk.
CVE-2024-0677 shines a light on a critical vulnerability lurking in the Pz-LinkCard WordPress plugin. This flaw exposes websites to SSRF attacks, posing a significant threat to their security and integrity. Let’s delve deeper into the discovery, implications, and potential countermeasures to safeguard your WordPress installations.
