7 Ways to Prevent Fake Registrations on WordPress (with CleanTalk)

While examining the plugin during the testing phase, we uncovered a vulnerability that enables the execution of Stored Cross-Site Scripting (XSS) attacks, accomplished by incorporating a shortcode into a new post. This vulnerability has the potential to lead to the compromise of user accounts, particularly those of contributors. Main info: CVE CVE-2023-4646 Plugin Simple Posts…

During the plugin’s testing phase, a vulnerability was identified that enables the execution of Stored XSS by an attacker who embeds a shortcode in a new post, potentially leading to an account takeover. Main info: CVE CVE-2023-4798 Plugin User Avatar – Reloaded Critical High Publicly Published September 25, 2023 Last Updated September 25, 2023 Researcher…

During testing, a critical vulnerability was discovered in the plugin, namely a vulnerability in the Directory Listings system, which allows an unauthorized user to view and download private files of other users. This vulnerability poses a serious security threat because it allows an attacker to gain access to confidential data and files of other users…

In the process of testing the plugin, a vulnerability was found that allows you to implement Stored XSS on behalf of the contributor by embedding the shortcode in a new post, which entails account takeover Main info: CVE CVE-2023-4289 Plugin WP Matterport Shortcode Critical High Publicly Published September 25, 2023 Last Updated September 25, 2023…