Prime Slider Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Pagepiling Widget – CVE-2024-3997 | WordPress Plugin Vulnerability Report
Plugin Name: Prime Slider Key Information: Software Type: Plugin Software Slug: bdthemes-prime-slider-lite Software Status: Active Software Author: bdthemes Software Downloads: 2,413,655 Active Installs: 100,000 Last Updated: May 22, 2024 Patched Versions: 3.14.2 Affected Versions: <= 3.14.1 Vulnerability Details: Name: Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) <= 3.14.1…
Read MoreSassy Social Share Vulnerability – Authenticated (Administrator+) Stored Cross-Site Scripting – CVE-2024-4924 | WordPress Plugin Vulnerability Report
Plugin Name: Sassy Social Share Key Information: Software Type: Plugin Software Slug: sassy-social-share Software Status: Active Software Author: heateor Software Downloads: 5,485,608 Active Installs: 100,000 Last Updated: May 22, 2024 Patched Versions: 3.3.63 Affected Versions: <= 3.3.62 Vulnerability Details: Name: Sassy Social Share <= 3.3.62 – Authenticated (Administrator+) Stored Cross-Site Scripting Type: Improper Neutralization of…
Read MoreLearnPress Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter – CVE-2024-4971 | WordPress Plugin Vulnerability Report
Plugin Name: LearnPress Key Information: Software Type: Plugin Software Slug: learnpress Software Status: Active Software Author: thimpress Software Downloads: 4,287,642 Active Installs: 90,000 Last Updated: May 21, 2024 Patched Versions: 4.2.6.7 Affected Versions: <= 4.2.6.6 Vulnerability Details: Name: LearnPress – WordPress LMS Plugin <= 4.2.6.6 – Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter Type:…
Read MoreMedia Library Assistant Vulnerability – Authenticated (Contributor+) SQL Injection via Shortcode & Reflected Cross-Site Scripting via lang – CVE-2024-3518 & CVE-2024-3519 | WordPress Plugin Vulnerability Report
Plugin Name: Media Library Assistant Key Information: Software Type: Plugin Software Slug: media-library-assistant Software Status: Active Software Author: dglingren Software Downloads: 1,952,519 Active Installs: 70,000 Last Updated: May 21, 2024 Patched Versions: 3.16 Affected Versions: <= 3.15 Vulnerability 1 Details: Name: Media Library Assistant <= 3.15 – Authenticated (Contributor+) SQL Injection via Shortcode Type: Improper…
Read MoreContact Form Plugin Vulnerability – PHP Object Injection via extractDynamicValues – CVE-2024-4157 | WordPress Plugin Vulnerability Report
Plugin Name: Contact Form Plugin Key Information: Software Type: Plugin Software Slug: fluentform Software Status: Active Software Author: techjewel Software Downloads: 7,048,138 Active Installs: 400,000 Last Updated: May 21, 2024 Patched Versions: 5.1.16 Affected Versions: <= 5.1.15 Vulnerability Details: Name: Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form…
Read MoreElement Pack Elementor Addons Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via custom_attributes and Form Submission Admin Email Bypass – CVE-2024-3926, CVE-2024-3927 | WordPress Plugin Vulnerability Report
Plugin Name: Element Pack Elementor Addons Key Information: Software Type: Plugin Software Slug: bdthemes-element-pack-lite Software Status: Active Software Author: bdthemes Software Downloads: 2,152,863 Active Installs: 100,000 Last Updated: May 21, 2024 Patched Versions: 5.6.4 Affected Versions: <= 5.6.3 Vulnerability 1 Details: Name: Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote…
Read MoreSiteOrigin Widgets Bundle Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via ‘siteorigin_widget’ Shortcode – CVE-2024-4362 | WordPress Plugin Vulnerability Report
Plugin Name: SiteOrigin Widgets Bundle Key Information: Software Type: Plugin Software Slug: so-widgets-bundle Software Status: Active Software Author: gpriday Software Downloads: 39,647,522 Active Installs: 600,000 Last Updated: May 21, 2024 Patched Versions: 1.61.0 Affected Versions: <= 1.60.0 Vulnerability Details: Name: SiteOrigin Widgets Bundle <= 1.60.0 – Authenticated (Contributor+) Stored Cross-Site Scripting via ‘siteorigin_widget’ Shortcode Type:…
Read MoreElementor Website Builder Vulnerability – Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting – CVE-2024-4619 | WordPress Plugin Vulnerability Report
Plugin Name: Elementor Website Builder Key Information: Software Type: Plugin Software Slug: elementor Software Status: Active Software Author: elemntor Software Downloads: 443,549,337 Active Installs: 10,000,000 Last Updated: May 20, 2024 Patched Versions: 3.21.6 Affected Versions: <= 3.21.5 Vulnerability Details: Name: Elementor Website Builder – More than Just a Page Builder <= 3.21.5 – Authenticated (Contributor+)…
Read MorePage Builder by SiteOrigin Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via ‘siteorigin_widget’ Shortcode – CVE-2024-4361 | WordPress Plugin Vulnerability Report
Plugin Name: Page Builder by SiteOrigin Key Information: Software Type: Plugin Software Slug: siteorigin-panels Software Status: Active Software Author: gpriday Software Downloads: 51,387,711 Active Installs: 700,000 Last Updated: May 20, 2024 Patched Versions: 2.29.16 Affected Versions: <= 2.29.15 Vulnerability Details: Name: Page Builder by SiteOrigin <= 2.29.15 – Authenticated (Contributor+) Stored Cross-Site Scripting via ‘siteorigin_widget’…
Read MoreShopLentor Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via woolentorsearch Shortcode – CVE-2024-3345 | WordPress Plugin Vulnerability Report
Plugin Name: ShopLentor Key Information: Software Type: Plugin Software Slug: woolentor-addons Software Status: Active Software Author: devitemsllc Software Downloads: 3,557,867 Active Installs: 100,000 Last Updated: May 20, 2024 Patched Versions: 2.8.9 Affected Versions: <= 2.8.8 Vulnerability Details: Name: ShopLentor <= 2.8.8 – Authenticated (Contributor+) Stored Cross-Site Scripting via woolentorsearch Shortcode Type: Improper Neutralization of Input…
Read More