Plugin Security Certification: “FileBird” – Version 5.5: Secure Media Library Management

Plugin Security Certification: “FileBird” – Version 5.5: Secure Media Library Management

In the world of WordPress media library management, one aspect that should never be overlooked is security. The “FileBird” plugin, specifically version 5.5, is not only a powerhouse in organizing your media library but also a guardian of your website’s security. In this article, we delve into how this plugin goes above and beyond in

CVE-2023-4795 – Testimonial Slider Shortcode < 1.1.9 - Contributor+ Stored XSS

CVE-2023-4795 – Testimonial Slider Shortcode < 1.1.9 - Contributor+ Stored XSS

While evaluating the plugin, we uncovered a vulnerability that permits the execution of Stored Cross-Site Scripting (XSS) on behalf of a contributor. This vulnerability is exploited by inserting a shortcode into a newly created post, potentially resulting in an account takeover. Main info: CVE CVE-2023-4795 Plugin Testimonial Slider Shortcode Critical High Publicly Published September 25,

CVE-2023-4725 – Simple Posts Ticker < 1.1.6 - Admin+ Stored XSS

CVE-2023-4725 – Simple Posts Ticker < 1.1.6 - Admin+ Stored XSS

During testing, a vulnerability was found that allows, through changing the settings, to implement Stored XSS on all pages where there is a mention of the plugin. This vulnerability is available on behalf of the administrator and allows you to leave javascript “backdoor” when capturing an administrative account, which will allow account takeover. Unfiltered_html capability

CVE-2023-4646 – Simple Posts Ticker < 1.1.6 - Contributor + Stored XSS via shortcode

CVE-2023-4646 – Simple Posts Ticker < 1.1.6 - Contributor + Stored XSS via shortcode

While examining the plugin during the testing phase, we uncovered a vulnerability that enables the execution of Stored Cross-Site Scripting (XSS) attacks, accomplished by incorporating a shortcode into a new post. This vulnerability has the potential to lead to the compromise of user accounts, particularly those of contributors. Main info: CVE CVE-2023-4646 Plugin Simple Posts

CVE-2023-4798 – User Avatar – Reloaded < 1.2.2 - Contributor+ Stored XSS

CVE-2023-4798 – User Avatar – Reloaded < 1.2.2 - Contributor+ Stored XSS

During the plugin’s testing phase, a vulnerability was identified that enables the execution of Stored XSS by an attacker who embeds a shortcode in a new post, potentially leading to an account takeover. Main info: CVE CVE-2023-4798 Plugin User Avatar – Reloaded Critical High Publicly Published September 25, 2023 Last Updated September 25, 2023 Researcher

CVE-2023-4933 – WP Job Openings < 3.4.3 – Sensitive Data Exposure via Directory Listing

CVE-2023-4933 – WP Job Openings < 3.4.3 – Sensitive Data Exposure via Directory Listing

During testing, a critical vulnerability was discovered in the plugin, namely a vulnerability in the Directory Listings system, which allows an unauthorized user to view and download private files of other users. This vulnerability poses a serious security threat because it allows an attacker to gain access to confidential data and files of other users

CVE-2023-4289 – WP Matterport Shortcode < 2.1.8 - Contributor+ Stored XSS via shortcode

CVE-2023-4289 – WP Matterport Shortcode < 2.1.8 - Contributor+ Stored XSS via shortcode

In the process of testing the plugin, a vulnerability was found that allows you to implement Stored XSS on behalf of the contributor by embedding the shortcode in a new post, which entails account takeover Main info: CVE CVE-2023-4289 Plugin WP Matterport Shortcode Critical High Publicly Published September 25, 2023 Last Updated September 25, 2023

Plugin Security Certification: “WP Reset” – Version 1.97: Fortifying WordPress Security

Plugin Security Certification: “WP Reset” – Version 1.97: Fortifying WordPress Security

In the realm of WordPress development, security is paramount. Enter the “WP Reset” plugin, specifically version 1.97, which stands as a testament to the importance of safeguarding your WordPress site against vulnerabilities. In this article, we delve into how this plugin not only empowers users to reset their website but does so with a heightened

Improving Security on WordPress with CleanTalk HTTP Response Headers

Improving Security on WordPress with CleanTalk HTTP Response Headers

Securing your WordPress website is a critical aspect of website maintenance. In this article, we will explore how using the “Send additional HTTP headers” option from CleanTalk can help bolster your site’s security. We’ll delve into three crucial HTTP headers: “X-Content-Type-Options,” “X-XSS-Protection,” and “Strict-Transport-Security.” We will understand how they work and the benefits they bring

Plugin Security Certification: “File Manager Pro” — Filester Version 1.8.1: Enhanced Security

Plugin Security Certification: “File Manager Pro” — Filester Version 1.8.1: Enhanced Security

Security is paramount in the world of WordPress plugins, and we are excited to bring you the latest on the “File Manager Pro — Filester” plugin version 1.8.1. In this article, we delve into the recent security improvements in this plugin, highlighting its enhanced safety. We’ll also touch on a previous vulnerability, CVE-2023-4827, which has