CVE-2024-5084 - Critical RCE via Arbitrary File Upload in Hash Form – Drag & Drop Form Builder Plugin for WordPress
WordPress sites worldwide rely on plugins to save time and add powerful features. But sometimes, these plugins come with vulnerabilities that can put your entire
CVE-2024-4471 - PHP Object Injection Vulnerability in “The 140+ Widgets | Best Addons For Elementor – FREE” WordPress Plugin
In June 2024, a serious security issue (CVE-2024-4471) was uncovered in the popular WordPress plugin The 140+ Widgets | Best Addons For Elementor – FREE. This plugin,
CVE-2024-4575 - How a Simple LayerSlider Shortcode Bug Exposed WordPress Sites to Stored XSS (With PoC)
The LayerSlider plugin is one of the most popular tools for building fancy sliders on WordPress sites. But in version 7.11., a serious security
CVE-2024-1814 - How a Spectra WordPress Plugin Vulnerability Puts Your Site at Risk
WordPress is the engine behind millions of websites, and its plugins like Spectra (formerly called Ultimate Addons for Gutenberg) help users create rich pages without
CVE-2024-2861 - Exploiting Stored XSS in ProfilePress WordPress Plugin (v4.15.8 and Below)
In the first half of 2024, a critical vulnerability—CVE-2024-2861—was discovered in the popular ProfilePress plugin for WordPress. If you’re running a site
Episode
00:00:00
00:00:00