CVE-2023-4209 – POEditor < 0.9.8 - Settings Reset via CSRF

CVE-2023-4209 – POEditor < 0.9.8 - Settings Reset via CSRF

In our quest for a secure WordPress environment, a significant discovery has emerged. The POEditor plugin, a powerful translation tool, harbors a critical vulnerability. Prior to version 0.9.8, the absence of Cross-Site Request Forgery (CSRF) protection has exposed the plugin to potential manipulation by attackers. Main info: CVE CVE-2023-4209 Plugin POEditor Critical Medium Publicly Published

CVE-2023-4023 – All Users Messenger <= 1.24 - Subscriber + Message Deletion via IDOR

CVE-2023-4023 – All Users Messenger <= 1.24 - Subscriber + Message Deletion via IDOR

In a recent round of intensive plugin testing, a concerning security flaw has come to light. The All Users Messenger plugin, a widely used communication tool for WordPress, harbors a significant Insecure Direct Object Reference (IDOR) vulnerability. Main info: CVE CVE-2023-4023 Plugin All Users Messenger Critical Medium Publicly Published August 7, 2023 Last Updated August

CVE-2023-4035 – Simple Blog Card < 1.31 - Contributor+ Stored XSS via Shortcode

CVE-2023-4035 – Simple Blog Card < 1.31 - Contributor+ Stored XSS via Shortcode

In our recent in-depth security analysis of the widely used Simple Blog Card plugin for WordPress, a concerning vulnerability has come to light. Versions prior to 1.31 have a critical flaw, leaving your website exposed to potential Stored Cross-Site Scripting (XSS) attacks! Main info: CVE CVE-2023-4035 Plugin Simple Blog Card Critical High Publicly Published August

CVE-2023-3720 – Upload Media By URL < 1.0.8 - Stored XSS via CSRF

CVE-2023-3720 – Upload Media By URL < 1.0.8 - Stored XSS via CSRF

During a thorough security assessment of the Upload Media By URL plugin for WordPress, a concerning medium-level vulnerability has been uncovered in versions prior to 1.0.8. This vulnerability poses a significant risk to your website’s security and calls for immediate action! If exploited, this vulnerability allows attackers to potentially upload files containing malicious code directly

CVE-2023-3601 – Simple Author Box < 2.52 - Contributor+ Arbitrary User Information Disclosure via IDOR (Thief of Creds)

CVE-2023-3601 – Simple Author Box < 2.52 - Contributor+ Arbitrary User Information Disclosure via IDOR (Thief of Creds)

We have discovered a severe security vulnerability in the Simple Author Box plugin (CVE-2023-3601), which puts your WordPress accounts at high risk of being compromised. This vulnerability allows attackers with Contributor-level access or higher to steal sensitive user information, including hashed passwords. Main info: CVE CVE-2023-3601 Plugin Simple Author Box Critical Very High Publicly Published

Create your CleanTalk account



By signing up, you agree with license. Have an account? Log in.