During testing of the plugin, a CSRF vulnerability was discovered in action=rename, which can lead to denial of service and theft of the password from the database, thereby allowing an attacker to get inside the web application and gain a foothold in it. Replace any data in the database and do everything that an administrator
CVE-2023-3664 – FileOrganizer <= 1.0.2 - Admin+ Arbitrary File Access
During a security assessment of the FileOrganizer plugin, a medium vulnerability was uncovered in versions up to and including 1.0.2. This vulnerability allows an attacker to manipulate the plugin’s root folder, potentially compromising the security of the entire system. The plugin does not restrict functionality on multisite instances, allowing site admins to gain full control
CVE-2023-4238 – Prevent files / folders access < 2.5.2 - Remote Code Execution
A severe security loophole has come to light in the Prevent files / folders access plugin, triggering concerns over the safety of WordPress websites. This vulnerability, tracked as CVE-2023-4238, opens the door to remote code execution through file uploads. Our testing revealed a startling scenario: an attacker can potentially upload a PHP file to the
CVE-2023-4307 – Lock User Account <= 1.0.3 - Arbitrary Lock/Unlock All Account's via CSRF
In the pursuit of robust website security, a profound vulnerability has emerged during the assessment of WordPress plugins. A striking vulnerability within the Lock User Account plugin was discovered, heralding a serious threat. This vulnerability exposes an avenue for malicious attackers to enact an untraceable lockout of all user accounts, capitalizing on a Cross-Site Request
CVE-2023-4019 – Media from FTP < 11.17 - Author + Arbitrary File Access via Path Traversal
In a profound exploration of WordPress plugins, a chilling revelation has come to light. During meticulous testing, a high-impact vulnerability was unearthed within the Media from FTP plugin, specifically versions preceding 11.17. This alarming flaw exposes an avenue for attackers to exploit Path Traversal techniques, enabling unauthorized access to sensitive files and documents. The plugin
CVE-2023-3814 – Advanced File Manager < 5.1.1 - Admin+ Arbitrary File/Folder Access via Path Traversal
In the realm of WordPress plugins, a severe security vulnerability has been unveiled. A comprehensive testing process revealed a critical flaw within the Advanced File Manager plugin, specifically versions up to 5.1.1. This vulnerability exposes a significant security lapse that can potentially allow unauthorized access to files and folders through Path Traversal techniques. Main info:
CVE-2023-3601 – Simple Author Box < 2.52 - Contributor+ Arbitrary User Information Disclosure via IDOR (Thief of Creds)
We have discovered a severe security vulnerability in the Simple Author Box plugin (CVE-2023-3601), which puts your WordPress accounts at high risk of being compromised. This vulnerability allows attackers with Contributor-level access or higher to steal sensitive user information, including hashed passwords. Main info: CVE CVE-2023-3601 Plugin Simple Author Box Critical Very High Publicly Published
Security vulnerability in Anti-Spam by CleanTalk for WordPress prior 6.11
We have fixed a security vulnerability in Anti-Spam by CleanTalk for WordPress. The vulnerability in the plugin can still be exploited in versions till 6.11. You can see the changelog here. You can check the current version of the plugin in the list of your installed plugins. WordPress Console -> Plugins In case you use