White Label CMS Vulnerability – Missing Authorization to Plugin Settings Reset – CVE-2024-4280 | WordPress Plugin Vulnerability Report

By Your WP Guy | May 9, 2024
WP Plugin Vulnerabilities Image - White Label CMS Vulnerability - Missing Authorization to Plugin Settings Reset - CVE-2024-4280 | WordPress Plugin Vulnerability Report - Vulnerabilities

Plugin Name: White Label CMS Key Information: Software Type: Plugin Software Slug: white-label-cms Software Status: Active Software Author: videousermanuals Software Downloads: 3,439,358 Active Installs: 200,000 Last Updated: May 9, 2024 Patched Versions: 2.7.4 Affected Versions: <= 2.7.3 Vulnerability Details: Name: White Label CMS <= 2.7.3 – Missing Authorization to Plugin Settings Reset Type: Missing Authorization…

Read More

Prime Slider Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-4339 | WordPress Plugin Vulnerability Report

By Your WP Guy | May 7, 2024
WP Plugin Vulnerabilities Image - Prime Slider Vulnerability - Authenticated (Contributor+) Stored Cross-Site Scripting - CVE-2024-4339 | WordPress Plugin Vulnerability Report - Vulnerabilities

Plugin Name: Prime Slider Key Information: Software Type: Plugin Software Slug: bdthemes-prime-slider-lite Software Status: Active Software Author: bdthemes Software Downloads: 2,368,030 Active Installs: 100,000 Last Updated: May 7, 2024 Patched Versions: 3.14.4 Affected Versions: <= 3.14.3 Vulnerability Details: Name: Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) <= 3.14.3…

Read More

Form Maker by 10Web Vulnerability – Authenticated (Administrator+) Stored Cross-Site Scripting – CVE-2024-34437 | WordPress Plugin Vulnerability Report

By Your WP Guy | May 7, 2024
WP Plugin Vulnerabilities Image - Form Maker by 10Web Vulnerability - Authenticated (Administrator+) Stored Cross-Site Scripting - CVE-2024-34437 | WordPress Plugin Vulnerability Report - Vulnerabilities

Plugin Name: Form Maker by 10Web Key Information: Software Type: Plugin Software Slug: form-maker Software Status: Active Software Author: 10web Software Downloads: 4,739,339 Active Installs: 50,000 Last Updated: May 7, 2024 Patched Versions: 1.15.25 Affected Versions: <= 1.15.24 Vulnerability Details: Name: Form Maker by 10Web <= 1.15.24 – Authenticated (Administrator+) Stored Cross-Site Scripting Type: Improper…

Read More

WP Job Manager Vulnerability – Unauthenticated Information Exposure – CVE-2024-34549 | WordPress Plugin Vulnerability Report

By Your WP Guy | May 7, 2024
WP Plugin Vulnerabilities Image - WP Job Manager Vulnerability - Unauthenticated Information Exposure - CVE-2024-34549 | WordPress Plugin Vulnerability Report - Vulnerabilities

Plugin Name: WP Job Manager Key Information: Software Type: Plugin Software Slug: wp-job-manager Software Status: Active Software Author: automattic Software Downloads: 4,332,123 Active Installs: 100,000 Last Updated: May 7, 2024 Patched Versions: 2.3.0 Affected Versions: <= 2.2.2 Vulnerability Details: Name: WP Job Manager <= 2.2.2 – Unauthenticated Information Exposure Type: Information Exposure CVE: CVE-2024-34549 CVSS…

Read More

Mesmerize Companion Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via mesmerize_contact_form Shortcode – CVE-2024-3494 | WordPress Plugin Vulnerability Report

By Your WP Guy | May 7, 2024
WP Plugin Vulnerabilities Image - Mesmerize Companion Vulnerability - Authenticated (Contributor+) Stored Cross-Site Scripting via mesmerize_contact_form Shortcode - CVE-2024-3494 | WordPress Plugin Vulnerability Report - Vulnerabilities

Plugin Name: Mesmerize Companion Key Information: Software Type: Plugin Software Slug: mesmerize-companion Software Status: Active Software Author: horearadu Software Downloads: 1,857,988 Active Installs: 80,000 Last Updated: May 7, 2024 Patched Versions: 1.6.149 Affected Versions: <= 1.6.148 Vulnerability Details: Name: Mesmerize Companion <= 1.6.148 – Authenticated (Contributor+) Stored Cross-Site Scripting via mesmerize_contact_form Shortcode Type: Improper Neutralization…

Read More

XML Sitemap & Google News Vulnerability – Unauthenticated Local File Inclusion – CVE-2024-4441 | WordPress Plugin Vulnerability Report

By Your WP Guy | May 7, 2024
WP Plugin Vulnerabilities Image - XML Sitemap & Google News Vulnerability - Unauthenticated Local File Inclusion - CVE-2024-4441 | WordPress Plugin Vulnerability Report - Vulnerabilities

Plugin Name: XML Sitemap & Google News Key Information: Software Type: Plugin Software Slug: xml-sitemap-feed Software Status: Active Software Author: ravanh Software Downloads: 3,261,414 Active Installs: 100,000 Last Updated: May 7, 2024 Patched Versions: 5.4.9 Affected Versions: <= 5.4.8 Vulnerability Details: Name: XML Sitemap & Google News <= 5.4.8 – Unauthenticated Local File Inclusion Type:…

Read More

One Click Demo Import Vulnerability – Authenticated (Admin+) PHP Object Injection – CVE-2024-34433 | WordPress Plugin Vulnerability Report

By Your WP Guy | May 7, 2024
WP Plugin Vulnerabilities Image - One Click Demo Import Vulnerability - Authenticated (Admin+) PHP Object Injection - CVE-2024-34433 | WordPress Plugin Vulnerability Report - Vulnerabilities

Plugin Name: One Click Demo Import Key Information: Software Type: Plugin Software Slug: one-click-demo-import Software Status: Active Software Author: smub Software Downloads: 15,730,116 Active Installs: 1,000,000 Last Updated: May 7, 2024 Patched Versions: 3.2.1 Affected Versions: <= 3.2.0 Vulnerability Details: Name: One Click Demo Import <= 3.2.0 – Authenticated (Admin+) PHP Object Injection Type: Deserialization…

Read More

Advanced Ads Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Ad Widget – CVE-2024-3952 | WordPress Plugin Vulnerability Report

By Your WP Guy | May 7, 2024
WP Plugin Vulnerabilities Image - Advanced Ads Vulnerability - Authenticated (Contributor+) Stored Cross-Site Scripting via Ad Widget - CVE-2024-3952 | WordPress Plugin Vulnerability Report - Vulnerabilities

Plugin Name: Advanced Ads Key Information: Software Type: Plugin Software Slug: advanced-ads Software Status: Active Software Author: monetizemore Software Downloads: 9,195,831 Active Installs: 100,000 Last Updated: May 7, 2024 Patched Versions: 1.52.2 Affected Versions: <= 1.52.1 Vulnerability Details: Name: Advanced Ads – Ad Manager & AdSense <= 1.52.1 – Authenticated (Contributor+) Stored Cross-Site Scripting via…

Read More

AI Engine Vulnerability – Authenticated (Editor+) Arbitrary File Upload – CVE-2024-34440 | WordPress Plugin Vulnerability Report

By Your WP Guy | May 7, 2024
WP Plugin Vulnerabilities Image - AI Engine Vulnerability - Authenticated (Editor+) Arbitrary File Upload - CVE-2024-34440 | WordPress Plugin Vulnerability Report - Vulnerabilities

Plugin Name: AI Engine Key Information: Software Type: Plugin Software Slug: ai-engine Software Status: Active Software Author: tigroumeow Software Downloads: 2,383,435 Active Installs: 70,000 Last Updated: May 7, 2024 Patched Versions: 2.2.70 Affected Versions: <= 2.2.63 Vulnerability Details: Name: AI Engine: ChatGPT Chatbot <= 2.2.63 – Authenticated (Editor+) Arbitrary File Upload Type: Unrestricted Upload of…

Read More

Custom Field Suite Vulnerability – Authenticated (Admin+) Stored Cross-Site Scripting – CVE-2024-3068 | WordPress Plugin Vulnerability Report

By Your WP Guy | May 7, 2024
WP Plugin Vulnerabilities Image - Custom Field Suite Vulnerability - Authenticated (Admin+) Stored Cross-Site Scripting - CVE-2024-3068 | WordPress Plugin Vulnerability Report - Vulnerabilities

Plugin Name: Custom Field Suite Key Information: Software Type: Plugin Software Slug: custom-field-suite Software Status: Active Software Author: mgibbs189 Software Downloads: 629,966 Active Installs: 50,000 Last Updated: May 7, 2024 Patched Versions: 2.6.6 Affected Versions: <= 2.6.5 Vulnerability Details: Name: Custom Field Suite <= 2.6.5 – Authenticated (Admin+) Stored Cross-Site Scripting Type: Improper Neutralization of…

Read More