Slimstat: Stored XSS from Visitors

Slimstat: Stored XSS from Visitors

The WordPress Slimstat plugin, which currently has over 100k installs, allows your website to gather analytics data for your WordPress website. It will track certain information such as the browser and operating system details, plus page visits to optimize the website analytics. Versions below 4.8.1 are affected by an unauthenticated ... Read More
WordPress Plugin Give – Stored XSS for Donors

WordPress Plugin Give – Stored XSS for Donors

​​Give is a WordPress plugin which allows users to setup a donation page on a website. It currently has 60k installs. ​​During a recent audit of the plugin, we found a severe vulnerability which allows donors to inject arbitrary code on an administrative page. ​​If you are using a version ... Read More
Multiple Vulnerabilities in the WordPress Ultimate Member Plugin

Multiple Vulnerabilities in the WordPress Ultimate Member Plugin

The Ultimate member plugin version 2.0.45 and lower is affected by multiple vulnerabilities, among them is a critical vulnerability allowing malicious users to read and delete your wp-config.php file, which can lead to a complete website takeover. All of our clients behind our website firewall are already protected, and are ... Read More