Clone Vulnerability – Missing Authorization – CVE-2024-31435 | WordPress Plugin Vulnerability Report

By Your WP Guy | April 10, 2024
WP Plugin Vulnerabilities Image - Clone Vulnerability - Missing Authorization - CVE-2024-31435 | WordPress Plugin Vulnerability Report - Vulnerabilities

Plugin Name: Clone Key Information: Software Type: Plugin Software Slug: wp-clone-by-wp-academy Software Status: Active Software Author: migrate Software Downloads: 3,222,101 Active Installs: 80,000 Last Updated: April 24, 2024 Patched Versions: 2.4.4 Affected Versions: <= 2.4.3 Vulnerability Details: Name: Inisev Analyst Module <= 2.4.3 Title: Missing Authorization Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVE: CVE-2024-31435 CVSS Score: 4.3 Publicly Published:…

Read More

Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) Vulnerability – Sensitive Information Exposure – CVE-2024-2966 | WordPress Plugin Vulnerability Report

By Your WP Guy | April 10, 2024
WP Plugin Vulnerabilities Image - Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) Vulnerability - Sensitive Information Exposure - CVE-2024-2966 | WordPress Plugin Vulnerability Report - Vulnerabilities

Plugin Name: Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) Key Information: Software Type: Plugin Software Slug: bdthemes-element-pack-lite Software Status: Active Software Author: bdthemes Software Downloads: 2,021,948 Active Installs: 100,000 Last Updated: April 24, 2024 Patched Versions: 5.6.0 Affected Versions: <= 5.5.6 Vulnerability Details: Name: Element Pack Elementor Addons…

Read More

Favicon by RealFaviconGenerator Vulnerability – Cross-Site Request Forgery to Notice Dismissal – CVE-2024-31422 | WordPress Plugin Vulnerability Report

By Your WP Guy | April 10, 2024
WP Plugin Vulnerabilities Image - Favicon by RealFaviconGenerator Vulnerability - Cross-Site Request Forgery to Notice Dismissal - CVE-2024-31422 | WordPress Plugin Vulnerability Report - Vulnerabilities

Plugin Name: Favicon by RealFaviconGenerator Key Information: Software Type: Plugin Software Slug: favicon-by-realfavicongenerator Software Status: Active Software Author: phbernard Software Downloads: 3,235,128 Active Installs: 300,000 Last Updated: April 24, 2024 Patched Versions: 1.3.30 Affected Versions: <= 1.3.29 Vulnerability Details: Name: Favicon <= 1.3.29 Title: Cross-Site Request Forgery to Notice Dismissal Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE: CVE-2024-31422 CVSS…

Read More

Import any XML or CSV File to WordPress Vulnerability – Cross-Site Request Forgery to Notice Dismissal – CVE-2024-31939 | WordPress Plugin Vulnerability Report

By Your WP Guy | April 10, 2024
WP Plugin Vulnerabilities Image - Import any XML or CSV File to WordPress Vulnerability - Cross-Site Request Forgery to Notice Dismissal - CVE-2024-31939 | WordPress Plugin Vulnerability Report - Vulnerabilities

Plugin Name: Import any XML or CSV File to WordPress Key Information: Software Type: Plugin Software Slug: wp-all-import Software Status: Active Software Author: wpallimport Software Downloads: 3,920,346 Active Installs: 100,000 Last Updated: April 24, 2024 Patched Versions: 3.7.4 Affected Versions: <= 3.7.3 Vulnerability Details: Name: Import any XML or CSV File to WordPress <= 3.7.3…

Read More

Inline Related Posts Vulnerability – Cross-Site Request Forgery – CVE-2024-31426 | WordPress Plugin Vulnerability Report 

By Your WP Guy | April 10, 2024
WP Plugin Vulnerabilities Image - Inline Related Posts Vulnerability - Cross-Site Request Forgery - CVE-2024-31426 | WordPress Plugin Vulnerability Report  - Vulnerabilities

Plugin Name: Inline Related Posts Key Information: Software Type: Plugin Software Slug: intelly-related-posts Software Status: Active Software Author: data443 Software Downloads: 1,297,547 Active Installs: 100,000 Last Updated: April 24, 2024 Patched Versions: 3.4.0 Affected Versions: <= 3.3.1 Vulnerability Details: Name: Inline Related Posts <= 3.3.1 Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE: CVE-2024-31426 CVSS Score: 4.3 Publicly Published: April…

Read More

Link Whisper Free Vulnerability – Cross-Site Request Forgery – CVE-2024-31934 | WordPress Plugin Vulnerability Report

By Your WP Guy | April 10, 2024
WP Plugin Vulnerabilities Image - Link Whisper Free Vulnerability - Cross-Site Request Forgery - CVE-2024-31934 | WordPress Plugin Vulnerability Report - Vulnerabilities

Plugin Name: Link Whisper Free Key Information: Software Type: Plugin Software Slug: link-whisper Software Status: Active Software Author: linkwhspr Software Downloads: 480,622 Active Installs: 30,000 Last Updated: April 24, 2024 Patched Versions: 0.7.0 Affected Versions: <= 0.6.9 Vulnerability Details: Name: Link Whisper Free <= 0.6.9 Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE: CVE-2024-31934 CVSS Score: 4.3 Publicly Published: April…

Read More

 Advanced Cron Manager Vulnerability – debug & control – Authenticated (Admin+) Stored Cross-Site Scripting – CVE-2024-31926 | WordPress Plugin Vulnerability Report

By Your WP Guy | April 10, 2024
WP Plugin Vulnerabilities Image -  Advanced Cron Manager Vulnerability – debug & control - Authenticated (Admin+) Stored Cross-Site Scripting - CVE-2024-31926 | WordPress Plugin Vulnerability Report - Vulnerabilities

Plugin Name: Advanced Cron Manager – debug & control Key Information: Software Type: Plugin Software Slug: advanced-cron-manager Software Status: Active Software Author: kubitomakita Software Downloads: 573,600 Active Installs: 30,000 Last Updated: April 25, 2024 Patched Versions: 2.5.3 Affected Versions: <= 2.5.2 Vulnerability Details: Name: Advanced Cron Manager – debug & control <= 2.5.2 Title: Authenticated…

Read More

Newsletter Vulnerability – Cross-Site Request Forgery – CVE-2024-31434 | WordPress Plugin Vulnerability Report

By Your WP Guy | April 10, 2024
WP Plugin Vulnerabilities Image - Newsletter Vulnerability - Cross-Site Request Forgery - CVE-2024-31434 | WordPress Plugin Vulnerability Report - Vulnerabilities

Plugin Name: Newsletter – Send awesome emails from WordPress Key Information: Software Type: Plugin Software Slug: newsletter Software Status: Active Software Author: satollo Software Downloads: 25,010,511 Active Installs: 300,000 Last Updated: April 24, 2024 Patched Versions: 8.0.7 Affected Versions: <= 8.0.6 Vulnerability Details: Name: Newsletter <= 8.0.6 Title: Cross-Site Request Forgery Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE: CVE-2024-31434…

Read More

BEAR Vulnerability – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net – Cross-Site Request Forgery to Notice Dismissal – CVE-2024-31430 | WordPress Plugin Vulnerability Report

By Your WP Guy | April 10, 2024
WP Plugin Vulnerabilities Image - BEAR Vulnerability – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net - Cross-Site Request Forgery to Notice Dismissal - CVE-2024-31430 | WordPress Plugin Vulnerability Report - Vulnerabilities

Plugin Name: BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net Key Information: Software Type: Plugin Software Slug: woo-bulk-editor Software Status: Active Software Author: realmag777 Software Downloads: 580,051 Active Installs: 30,000 Last Updated: April 25, 2024 Patched Versions: 1.1.4.2 Affected Versions: <= 1.1.4.1 Vulnerability Details: Name: BEAR <= 1.1.4.1 Title: Cross-Site Request…

Read More