Latest Articles
CVE-2023-3601 – Simple Author Box < 2.52 - Contributor+ Arbitrary User Information Disclosure via IDOR (Thief of Creds)
Security
We have discovered a severe security vulnerability in the Simple Author Box plugin (CVE-2023-3601), which puts your WordPress accounts at…
CVE-2023-4023 – All Users Messenger <= 1.24 - Subscriber + Message Deletion via IDOR
Uncategorized
In a recent round of intensive plugin testing, a concerning security flaw has come to light. The All Users Messenger…
CVE-2023-3720 – Upload Media By URL < 1.0.8 - Stored XSS via CSRF
Security
During a thorough security assessment of the Upload Media By URL plugin for WordPress, a concerning medium-level vulnerability has been…
CVE-2023-4035 – Simple Blog Card < 1.31 - Contributor+ Stored XSS via Shortcode
Uncategorized
In our recent in-depth security analysis of the widely used Simple Blog Card plugin for WordPress, a concerning vulnerability has…
CVE-2023-4209 – POEditor < 0.9.8 - Settings Reset via CSRF
Uncategorized
In our quest for a secure WordPress environment, a significant discovery has emerged. The POEditor plugin, a powerful translation tool,…
CVE-2023-3814 – Advanced File Manager < 5.1.1 - Admin+ Arbitrary File/Folder Access via Path Traversal
Security
In the realm of WordPress plugins, a severe security vulnerability has been unveiled. A comprehensive testing process revealed a critical…
CVE-2023-4019 – Media from FTP < 11.17 - Author + Arbitrary File Access via Path Traversal
Security
In a profound exploration of WordPress plugins, a chilling revelation has come to light. During meticulous testing, a high-impact vulnerability…
CVE-2023-4307 – Lock User Account <= 1.0.3 - Arbitrary Lock/Unlock All Account's via CSRF
Security
In the pursuit of robust website security, a profound vulnerability has emerged during the assessment of WordPress plugins. A striking…
CVE-2023-3664 – FileOrganizer <= 1.0.2 - Admin+ Arbitrary File Access
Security
During a security assessment of the FileOrganizer plugin, a medium vulnerability was uncovered in versions up to and including 1.0.2.…
CVE-2023-4238 – Prevent files / folders access < 2.5.2 - Remote Code Execution
Security
A severe security loophole has come to light in the Prevent files / folders access plugin, triggering concerns over the…