WP Security Plugin CVE AUG 2023: 113 Public Risks

By Csaba, Miklós WP Security WP SERVICES 29 August 2023

WP SECURITY PLUGIN CVE AUG 2023

WP Security Plugin CVE AUG 2023

Be informed about the latest WP Security Plugin CVE AUG 2023 Threat Case Study, identified and reported publicly. It is a +88% INCREASE as specifically targeted WP Security Plugin Vulnerabilities compared to last month. Consider for your online safety, a WP/Woo PageSpeed AUDIT, – OR – switching with a TOP10LIST alternative WP Security Plugin - OR - Hire professionals for tailored WP Security.

What is CVE?

TLDR: the details on how to hack a specific software is made public, forcing the vendor to provide a solution (patch or upgrade), that closes that specific vulnerability.

CVE is short for Common Vulnerabilities and Exposures. The Common Vulnerabilities and Exposures (CVE) system provides a reference method for publicly known information-security vulnerabilities and exposures. Read more on wikipedia.org: Common Vulnerabilities and Exposures, Common Vulnerability Scoring System, Common Weakness Enumeration.

If you are serious about your business, then you need to pay attention to the WordPress security best practices. The following cases made headlines PUBLICLY just last month in the WP Security Plugin CVE AUG 2023 category:

Patch today the publicly reported cases of WP Security Plugin CVE AUG 2023 BEFORE IT’S TOO LATE! You will also protect your customers, your reputation and your online business!

BUY NOW

Activity Log For MainWP	Cross-Site Scripting (XSS)
Add Pinterest conversion tags for Pinterest Ads + Site verification	Cross-Site Scripting (XSS)
Admin Quick Panel	Cross-Site Scripting (XSS)
Admin Speedo	Cross-Site Scripting (XSS)
Admin User Search	Cross-Site Scripting (XSS)
All In One WP Security & Firewall	Sensitive Data Exposure (BAC) of Plaintext Credentials
Ant Admin Notices for Team	Cross-Site Scripting (XSS)
APIExperts Square for WooCommerce	Broken Access Control (BAC)
APIExperts Square for WooCommerce	Cross-Site Scripting (XSS)
Auto Set Admin Colour on Staging and Dev	Cross-Site Scripting (XSS)
Awesome SSL	Cross-Site Scripting (XSS)
Bulk Attachment Download	Cross-Site Scripting (XSS)
Church Admin	Server-Side Request Forgery (SSRF)
Client Portal : SuiteDash Direct Login	Cross-Site Scripting (XSS)
Cloud SAML SSO - Single Sign On Login	Cross-Site Scripting (XSS)
Custom Login Page Customizer	Cross-Site Scripting (XSS)
Custom Registration and Custom Login Forms with New Recaptcha	Cross-Site Scripting (XSS)
Display WP Admin Pages in the Frontend – WP Frontend Admin	Cross-Site Scripting (XSS)
Domain Mapping System – Manage Unlimited Domains on your Site	Cross-Site Scripting (XSS)
Emails Blacklist for Everest Forms	Cross-Site Scripting (XSS)
Embed Docs - Elementor Files Addon,Elementor Docs Addon,Embed PDF, Word, PowerPoint and Excel Files in Gutenberg & Elementor	Cross-Site Scripting (XSS)
EmbedPress	Cross-Site Scripting (XSS)
Embed Tik Tok Video Feed (Tiktok feed) for WordPress	Cross-Site Scripting (XSS)
Error Log Monitor	Cross-Site Scripting (XSS)
EthPress – Web3 Login	Cross-Site Scripting (XSS)
Files Download Delay	Cross-Site Scripting (XSS)
Forms to Zapier, Integromat, IFTTT, Workato, Automate.io, elastic.io, Built.io, APIANT, Webhook	Cross-Site Scripting (XSS)
Free SSL Certificate Plugin, HTTPS Redirect, Renewal Reminder â Auto-Install Free SSL	Cross-Site Scripting (XSS)
Frontend Admin – Add and edit posts, pages, users and more all from the frontend	Cross-Site Scripting (XSS)
GraphComment Comment system	Cross-Site Scripting (XSS)
Hide Admin Bar Based on User Roles	Cross-Site Scripting (XSS)
HTTP Auth	Cross-Site Request Forgery (CSRF)
HTTP Headers	Cross-Site Scripting (XSS)
HTTP Headers	Remote Code Execution (RCE)
HTTP Headers	Server-Side Request Forgery (SSRF)
Integrate Automate – WordPress, WooCommerce & CF7 for IFTTT, Zapier, Automate.io other API glue Platforms.	Cross-Site Scripting (XSS)
Locked Payment Methods for WooCommerce	Cross-Site Scripting (XSS)
Login Designer	Cross-Site Scripting (XSS)
Magic Login API	Cross-Site Scripting (XSS)
Mail Control	Cross-Site Scripting (XSS)
Mail Control	Unauthenticated Cross-Site Scripting (XSS) via Email Subject
MoceanAPI Abandoned Carts for WooCommerce	Cross-Site Scripting (XSS)
MoceanAPI Order SMS Notification for WooCommerce	Cross-Site Scripting (XSS)
MoceanAPI SendSMS	Cross-Site Scripting (XSS)
Notification Bar, Announcement and Cookie Notice WordPress Plugin – FooBar	Cross-Site Scripting (XSS)
Notification	Cross-Site Scripting (XSS)
oAuth Twitter Feed for Developers	Cross-Site Scripting (XSS)
One Click Login	Cross-Site Scripting (XSS)
Passwordless Login with OTP / SMS & Email – Account Kit	Cross-Site Scripting (XSS)
PHP Everywhere	Remote Code Execution (RCE) by users via gutenberg block
PHP Everywhere	Remote Code Execution (RCE) by users via shortcode
PHP Everywhere	Remote Code Execution (RCE) via Metabox
Pinblocks — Gutenberg blocks with Pinterest widgets	Cross-Site Scripting (XSS)
Pinpoint Booking System	Parameter Tampering
Premmerce Pinterest for WooCommerce	Cross-Site Scripting (XSS)
Premmerce User Roles	Cross-Site Scripting (XSS)
Protect Admin	Cross-Site Scripting (XSS)
Protect Uploads with Login – Protect Your Uploads	Cross-Site Scripting (XSS)
Restrict Content	Cross-Site Scripting (XSS)
Restrict for Elementor	Cross-Site Scripting (XSS)
Restrict – membership, site, content and user access restrictions for WordPress	Cross-Site Scripting (XSS)
Restrict Posts based on Conditions – Conditional Post Restrictions	Cross-Site Scripting (XSS)
Restrict User Access – Membership Plugin with Force	Cross-Site Scripting (XSS)
Rest Routes – Custom Endpoints for WP REST API	Cross-Site Scripting (XSS)
RSS Control	Cross-Site Scripting (XSS)
RSS feed with featured images \| RSS Chimp	Cross-Site Scripting (XSS)
RSS Redirect & Feedburner Alternative	Cross-Site Request Forgery (CSRF) on handle_installation function
RSS Redirect & Feedburner Alternative	Missing Authorization (BAC) on handle_installation function
Salon booking system	Cross-Site Scripting (XSS)
Script Planner	Cross-Site Scripting (XSS)
Secure IP Logins	Cross-Site Scripting (XSS)
Security Ninja – Secure Firewall & Secure Malware Scanner	Cross-Site Scripting (XSS)
Server Info	Cross-Site Scripting (XSS)
Shared Files	Cross-Site Scripting (XSS)
Sky Login Redirect	Cross-Site Scripting (XSS)
Smart Admin Menu Filter	Cross-Site Scripting (XSS)
Smart Protect	Cross-Site Scripting (XSS)
SMS OTP Easy Login with Mocean	Cross-Site Scripting (XSS)
SnazzyAdmin WP Admin Theme	Cross-Site Scripting (XSS)
SSL Atlas – Free SSL Certificate & HTTPS Redirect for WordPress	Cross-Site Scripting (XSS)
SSL Mixed Content Fix	Cross-Site Request Forgery (CSRF) on handle_installation function
SSL Mixed Content Fix	Missing Authorization (BAC) on handle_installation function
SSL Zen – Free SSL Certificate & HTTPS Redirect for WordPress	Cross-Site Scripting (XSS)
Stop User Enumeration	Cross-Site Scripting (XSS)
Stop WP Comment Spam	Cross-Site Scripting (XSS)
Stop WP Emails Going to Spam	Cross-Site Scripting (XSS)
Super Notes – create Admin Notes with ease	Cross-Site Scripting (XSS)
User Activity Log	SQL Injection (SQLi)
User Activity Log	UnauthenticatedSQL Injection (SQLi)
User Registration	Arbitrary File Upload (BAC)
WC REST Payment	Cross-Site Scripting (XSS)
Web3 – Crypto wallet Login & NFT token gating	Authentication Bypass
Woo Admin Product Notes	Cross-Site Scripting (XSS)
WordPress Admin Tables Extra Columns : Easy way to create custom columns on WordPress post, page & user admin tables	Cross-Site Scripting (XSS)
WordPress HelpDesk & Support Ticket System Plugin – Octrace Support	Cross-Site Scripting (XSS)
WordPress Persistent Login	Cross-Site Scripting (XSS)
WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn)	Authentication Bypass
WordPress User Management and User Admin Plugin – User Magic	Cross-Site Scripting (XSS)
WP Activity Log	Cross-Site Scripting (XSS)
WPAdmin AWS CDN	Cross-Site Request Forgery (CSRF)
WP Adminify – Powerhouse Toolkit for WordPress Dashboard	Cross-Site Scripting (XSS)
WP Content Copy Protection & No Right Click	Cross-Site Scripting (XSS)
WP-CopyProtect [Protect your blog posts]	Cross-Site Request Forgery (CSRF)
WP Database Administrator	Unauthenticated SQL Injection (SQLi)
WP Dev Powers – Display Screen Dimensions to Admin Plugin	Cross-Site Scripting (XSS)
WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to fix Insecure Content	Cross-Site Scripting (XSS)
WP Free SSL – Free SSL Certificate for WordPress and force HTTPS	Cross-Site Scripting (XSS)
Wp My Admin Bar	Cross-Site Scripting (XSS)
WP REST Filter	Cross-Site Scripting (XSS)
WP REST User	Cross-Site Scripting (XSS)
WP Security Safe	Cross-Site Scripting (XSS)
WPS Limit Login	Race Condition
WP System Log	Cross-Site Scripting (XSS)

WordPress Security Plugin CVE (public vulnerabilities) reported in 2023 so far	300
ALL WordPress plugin Common Vulnerabilities and Exposures reported in 2023 so far	3772

Get Healthy, Stay Healthy! A healthier online business starts today and it begins with you. Hire security experts to solve all your vulnerabilities created from WP Security Plugin CVE AUG 2023.

START NOW

Security isn’t something that you can just do once. It's something that's constantly evolving and you need to regularly update your site’s Security standards and conduct routine website safety checks if you want to stay protected.

There isn’t a way to 100% protect your website from hackers and other malicious attempts. But, if you want to give your site the highest level of protection possible, then it’s a good idea to update immediately these WP Security Plugin CVE AUG 2023. You rely on a Security guard that currently is sleeping!

Why do you need updated security?

A WordPress Security plugin provides many valuable functions, but at its most basic, a WordPress security plugin protects your website from attacks during the time it is vulnerable. WordPress security is a subject of big relevance for every single internet site proprietor. Google blacklists ~ daily 10,000+ internet domains for malware as well as ~ weekly 50,000 for phishing.

Even if your website starts protected, in time it will certainly come to be much less and less protected. It's important to secure on your own from hackers who are continuously seeking vulnerabilities within the popular WordPress CMS.

Once hackers find and exploit these vulnerabilities, then developers will patch those holes and release an update for their users. However, there’s a time gap of weeks or even months, between the time when the vulnerability is exploited and the patch is provided. During this time you’re exposed.

What is Vulnerability Knowledge?

As time passes, vulnerabilities are discovered in your plugins, theme and the version of WordPress core you are using. Those vulnerabilities (or Security holes) ALWAYS become public knowledge sooner rather, than later.

Can MY WordPress be hacked?

"No System Is Safe" and also WordPress is not an exemption. WordPress simply BY ITSELF is very secure. Stats reveal that 41% of hacked WordPress websites get hacked through WordPress hosting vulnerabilities, 29% through a theme, 22% through a plugin, and also 8% as a result of weak passwords. The Security of your site is only as good as the foundation it’s running on. That’s why it’s important to audit existing security measures already in place, such as WP Security Plugin CVE AUG 2023.

SOLVE TODAY any reported WP Security Plugin CVE AUG 2023 vulnerability! Do you suspect any security circumvention in your WordPress?

SHOP NOW

Not sure that our recurrent security offer is worthy of long-term consideration? Contact us: WP Security Plugin CVE AUG 2023 audit! Decide after you compare RISK + IMPACT versus COST.

Table of Contents

WP Security Plugin CVE AUG 2023: 113 public risks