Exclusive Addons for Elementor Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via InfoBox – CVE-2024-2751 | WordPress Plugin Vulnerability Report
Plugin Name: Exclusive Addons for Elementor Key Information: Software Type: Plugin Software Slug: exclusive-addons-for-elementor Software Status: Active Software Author: timstrifler Software Downloads: 814,796 Active Installs: 60,000 Last Updated: April 25, 2024 Patched Versions: 2.6.9.3 Affected Versions: <= 2.6.9.2 Vulnerability Details: Name: Exclusive Addons for Elementor <= 2.6.9.2 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via InfoBox…
Read MorePaid Memberships Pro Vulnerability – Content Restriction, User Registration, & Paid Subscriptions – Cross-Site Request Forgery – CVE-2024-3215 | WordPress Plugin Vulnerability Report
Plugin Name: Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions Key Information: Software Type: Plugin Software Slug: paid-memberships-pro Software Status: Active Software Author: strangerstudios Software Downloads: 5,775,005 Active Installs: 90,000 Last Updated: April 25, 2024 Patched Versions: 3.0.2 Affected Versions: <= 3.0.1 Vulnerability Details: Name: Paid Memberships Pro <= 3.0.1 Title: Cross-Site…
Read MoreReal Media Library: Media Library Folder & File Manager Vulnerability – Authenticated (Author+) Stored Cross-Site Scripting – CVE-2024-2328 | WordPress Plugin Vulnerability Report
Plugin Name: Real Media Library: Media Library Folder & File Manager Key Information: Software Type: Plugin Software Slug: real-media-library-lite Software Status: Active Software Author: devowl Software Downloads: 2,483,272 Active Installs: 80,000 Last Updated: April 25, 2024 Patched Versions: 4.11.12 Affected Versions: <= 4.22.11 Vulnerability Details: Name: Real Media Library <= 4.22.11 Title: Authenticated (Author+) Stored…
Read MoreUser Registration Vulnerability – Custom Registration Form, Login Form, and User Profile WordPress Plugin – Missing Authorization to Unauthenticated Media Deletion – CVE-2024-3295 | WordPress Plugin Vulnerability Report
Plugin Name: User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin Key Information: Software Type: Plugin Software Slug: user-registration Software Status: Active Software Author: wpeverest Software Downloads: 2,629,292 Active Installs: 70,000 Last Updated: April 25, 2024 Patched Versions: 3.2.0 Affected Versions: <= 3.1.5 Vulnerability Details: Name: User Registration – Custom Registration…
Read MoreCarousel Slider Vulnerability – Authenticated (Editor+) Stored Cross-Site Scripting – CVE-2024-3703 | WordPress Plugin Vulnerability Report
Plugin Name: Carousel Slider Key Information: Software Type: Plugin Software Slug: carousel-slider Software Status: Active Software Author: sayful Software Downloads: 908,916 Active Installs: 40,000 Last Updated: April 25, 2024 Patched Versions: 2.2.10 Affected Versions: <= 2.2.9 Vulnerability Details: Name: Carousel Slider <= 2.2.9 Title: Authenticated (Editor+) Stored Cross-Site Scripting Type: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N CVE: CVE-2024-3703 CVSS Score:…
Read MoreGiveWP Vulnerability – Donation Plugin and Fundraising Platform – Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode – CVE-2024-1957 | WordPress Plugin Vulnerability Report
Plugin Name: GiveWP – Donation Plugin and Fundraising Platform Key Information: Software Type: Plugin Software Slug: give Software Status: Active Software Author: webdevmattcrom Software Downloads: 7,093,144 Active Installs: 100,000 Last Updated: April 25, 2024 Patched Versions: 3.7.0 Affected Versions: <= 3.6.1 Vulnerability Details: Name: GiveWP – Donation Plugin and Fundraising Platform <= 3.6.1 Title: Authenticated…
Read MoreSmart Slider 3 Vulnerability – Missing Authorization to Limited File Upload – CVE-2024-3027 | WordPress Plugin Vulnerability Report
Plugin Name: Smart Slider 3 Key Information: Software Type: Plugin Software Slug: smart-slider-3 Software Status: Active Software Author: nextendweb Software Downloads: 17,368,541 Active Installs: 900,000 Last Updated: April 25, 2024 Patched Versions: 3.5.1.23 Affected Versions: <= 3.5.1.22 Vulnerability Details: Name: Smart Slider 3 <= 3.5.1.22 Title: Missing Authorization to Limited File Upload Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N CVE:…
Read MoreWPC Smart Quick View for WooCommerce Vulnerability – Authenticated (Administrator+) Stored Cross-Site Scripting – CVE-2023-6494 | WordPress Plugin Vulnerability Report
Plugin Name: WPC Smart Quick View for WooCommerce Key Information: Software Type: Plugin Software Slug: woo-smart-quick-view Software Status: Active Software Author: wpclever Software Downloads: 1,038,524 Active Installs: 60,000 Last Updated: April 25, 2024 Patched Versions: 4.0.3 Affected Versions: <= 4.0.2 Vulnerability Details: Name: WPC Smart Quick View for WooCommerce <= 4.0.2 Title: Authenticated (Administrator+) Stored…
Read MoreWPZOOM Social Feed Widget & Block Vulnerability – Missing Authorization to Authenticated (Subscriber+) Instagram Image Deletion – CVE-2024-3662 | WordPress Plugin Vulnerability Report
Plugin Name: WPZOOM Social Feed Widget & Block Key Information: Software Type: Plugin Software Slug: instagram-widget-by-wpzoom Software Status: Active Software Author: wpzoom Software Downloads: 1,824,393 Active Installs: 80,000 Last Updated: April 25, 2024 Patched Versions: 2.1.14 Affected Versions: <= 2.1.13 Vulnerability Details: Name: WPZOOM Social Feed Widget & Block <= 2.1.13 Title: Missing Authorization to…
Read MoreWPvivid Backup & Migration Plugin Vulnerability – Authenticated (Admin+) PHAR Deserialization – CVE-2024-3054 | WordPress Plugin Vulnerability Report
Plugin Name: WPvivid Backup & Migration Plugin Key Information: Software Type: Plugin Software Slug: wpvivid-backuprestore Software Status: Active Software Author: wpvividplugins Software Downloads: 7,313,881 Active Installs: 400,000 Last Updated: April 25, 2024 Patched Versions: 0.9.100 Affected Versions: <= 0.9.99 Vulnerability Details: Name: WPvivid Backup & Migration Plugin <= 0.9.99 Title: Authenticated (Admin+) PHAR Deserialization Type:…
Read More