A critical vulnerability, CVE-2024-2509, has been uncovered in the popular Gutenberg Blocks by Kadence Blocks plugin, boasting over 400,000 active installations. This flaw opens the door to malicious attackers, allowing them to execute Stored XSS attacks and potentially create admin accounts, posing a significant threat to WordPress sites.
A critical vulnerability, CVE-2024-0673, has been uncovered in the Pz-LinkCard plugin for WordPress. This flaw allows for the execution of Stored Cross-Site Scripting (XSS) attacks, enabling malicious actors to create JavaScript backdoors and potentially compromise admin accounts. As a result, high privilege users such as administrators can exploit this flaw to execute malicious scripts, potentially leading to account takeover (if an attacker has previously hijacked an administrator or editor account, he can plant a backdoor to regain access back).
The Call Now Button plugin simplifies communication for mobile users by adding a convenient click-to-call button at the bottom of the screen. With a single touch, visitors can initiate a call, eliminating the need for manual dialing or navigating to the contact page. In addition to its primary function, the plugin offers enhanced security features, including robust protection against potential vulnerabilities, validated through the Plugin Security Certification (PSC) from CleanTalk.
CVE-2024-0677 shines a light on a critical vulnerability lurking in the Pz-LinkCard WordPress plugin. This flaw exposes websites to SSRF attacks, posing a significant threat to their security and integrity. Let’s delve deeper into the discovery, implications, and potential countermeasures to safeguard your WordPress installations.
A critical vulnerability, CVE-2024-1745, has emerged in the Testimonial Slider plugin for WordPress, compromising the integrity of website settings. This flaw grants non-privileged users unauthorized access to manipulate plugin configurations, posing significant security risks.
A critical security vulnerability has been identified in the “Profile Box Shortcode And Widget” plugin for WordPress, marked as CVE-2024-1401. This flaw enables attackers to execute malicious scripts and potentially create backdoors through the plugin’s functionality. In this article, we delve into the discovery of the vulnerability, understand the implications of Stored XSS in WordPress, explore the exploitation process, discuss potential risks and real-world scenarios, and conclude with recommendations for enhanced security measures. As a result, high privilege users such as administrators can exploit this flaw to execute malicious scripts, potentially leading to account takeover (if an attacker has previously hijacked an administrator or editor account, he can plant a backdoor to regain access back).
Social Chat (Click To Chat App) is a powerful plugin designed to streamline customer communication by enabling seamless integration with WhatsApp. With just a click, users can initiate conversations directly from your website to your WhatsApp or WhatsApp Business phone number. In this article, we explore the significance of Social Chat, emphasizing its security features and its recognition through the “Plugin Security Certification” (PSC) from CleanTalk.
A critical vulnerability, identified as CVE-2024-1658, has been unearthed in the “Grid Shortcodes” plugin for WordPress. This vulnerability, stemming from a Stored XSS flaw, enables malicious actors to create admin accounts via a simple shortcode, posing significant security risks to WordPress websites.
A critical vulnerability has been unearthed in the “Responsive Pricing Table” WordPress plugin, designated as CVE-2024-1333. This flaw, exploitable via Stored Cross-Site Scripting (XSS), facilitates the illicit creation of admin accounts by injecting malicious scripts. Such vulnerabilities pose significant risks
A critical security vulnerability, CVE-2024-1331, has been uncovered in the Team Members plugin for WordPress. This flaw, a Stored Cross-Site Scripting (XSS) vulnerability, allows attackers to execute malicious scripts on behalf of contributors, potentially leading to account takeover and compromising the security of WordPress sites.