CVE-2023-47688 - How a CSRF Bug in Youtube SpeedLoad Plugin <= .6.3 Could Have Let Someone Hijack Your WordPress
---
A major issue was uncovered in an old—but still widely used—WordPress plugin called “Youtube SpeedLoad”, developed by Alexufo. If you have version
CVE-2023-47646 - Authenticated Stored XSS in CedCommerce Recently Viewed And Most Viewed Products (<= 1.1.1)
In late 2023, security researchers discovered a serious bug in the CedCommerce Recently viewed and most viewed products WordPress plugin (versions up to and including
CVE-2023-47654 - How a Contributor Could Hack Your Site With The BZScore WordPress Plugin (Explained)
CVE-2023-47654 is a vulnerability that lets low-privileged users (contributors and above) inject malicious code into WordPress sites using the “BZScore – Live Score” plugin, versions up
CVE-2023-47653 - Critical Stored XSS in TWB WooCommerce Reviews Plugin <= 1.7.5 – How It Works, Exploit Demo, and Fixes
*Date: June 2024*
*By: [Your Name or Alias]*
If you’re running a WooCommerce-powered store on WordPress, there’s a serious security concern you should
CVE-2023-47658 - How a Simple Auth. (ShopManager+) Stored XSS Can Compromise Your WooCommerce Store (Extra Product Options <= 3..3)
In November 2023, a security flaw was disclosed in actpro’s Extra Product Options for WooCommerce plugin (up to version 3..3). Tracked under CVE-2023-47658,
Episode
00:00:00
00:00:00