Page Builder: Pagelayer Vulnerability– Drag and Drop website builder – Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Attributes – CVE-2024-2127 |WordPress Plugin Vulnerability Report

By Your WP Guy | March 7, 2024
WP Plugin Vulnerabilities Image - Page Builder: Pagelayer Vulnerability– Drag and Drop website builder - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Attributes - CVE-2024-2127 |WordPress Plugin Vulnerability Report - Vulnerabilities

Plugin Name: Page Builder: Pagelayer – Drag and Drop website builder Key Information: Software Type: Plugin Software Slug: pagelayer Software Status: Active Software Author: softaculous Software Downloads: 5,791,472 Active Installs: 200,000 Last Updated: March 12, 2024 Patched Versions: 1.8.4 Affected Versions: <= 1.8.3 Vulnerability Details: Name: Page Builder: Pagelayer – Drag and Drop website builder…

Read More

WP-Members Membership Plugin – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2024-1987 | WordPress Plugin Vulnerability Report

By Your WP Guy | March 7, 2024
WP Plugin Vulnerabilities Image - WP-Members Membership Plugin - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode - CVE-2024-1987 | WordPress Plugin Vulnerability Report - Vulnerabilities

Plugin Name: WP-Members Membership Plugin Key Information: Software Type: Plugin Software Slug: wp-members Software Status: Active Software Author: cbutlerjr Software Downloads: 3,443,217 Active Installs: 60,000 Last Updated: March 12, 2024 Patched Versions: 3.4.9.2 Affected Versions: <= 3.4.9.1 Vulnerability Details: Name: WP-Members Membership Plugin <= 3.4.9.1 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N…

Read More

EmbedPress – Embed Various Content Types – Authenticated (Contributor+) Stored Cross-Site Scripting via EmbedPress PDF Widget – CVE-2024-2128 | WordPress Plugin Vulnerability Report

By Your WP Guy | March 7, 2024
WP Plugin Vulnerabilities Image - EmbedPress – Embed Various Content Types - Authenticated (Contributor+) Stored Cross-Site Scripting via EmbedPress PDF Widget - CVE-2024-2128 | WordPress Plugin Vulnerability Report - Vulnerabilities

Plugin Name: EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor Key Information: Software Type: Plugin Software Slug: embedpress Software Status: Active Software Author: wpdevteam Software Downloads: 2,279,058 Active Installs: 90,000 Last Updated: March 12, 2024 Patched Versions: 3.9.11 Affected Versions: <= 3.9.10…

Read More

WP Chat App Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Block Attributes – CVE-2024-1761 |WordPress Plugin Vulnerability Report

By Your WP Guy | March 6, 2024
WP Plugin Vulnerabilities Image - WP Chat App Vulnerability - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Attributes - CVE-2024-1761 |WordPress Plugin Vulnerability Report - Vulnerabilities

Plugin Name: WP Chat App Key Information: Software Type: Plugin Software Slug: wp-whatsapp Software Status: Active Software Author: ninjateam Software Downloads: 880,497 Active Installs: 100,000 Last Updated: March 8, 2024 Patched Versions: 3.6.2 Affected Versions: <= 3.6.1 Vulnerability Details: Name: WP Chat App <= 3.6.1 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via Block Attributes Type:…

Read More

User Registration Vulnerability– Custom Registration Form, Login Form, and User Profile WordPress Plugin – Unauthenticated Stored Self-Based Cross-Site Scripting – CVE-2024-1720 | WordPress Plugin Vulnerability Report

By Your WP Guy | March 6, 2024
WP Plugin Vulnerabilities Image - User Registration Vulnerability– Custom Registration Form, Login Form, and User Profile WordPress Plugin - Unauthenticated Stored Self-Based Cross-Site Scripting - CVE-2024-1720 | WordPress Plugin Vulnerability Report - Vulnerabilities

Plugin Name: User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin Key Information: Software Type: Plugin Software Slug: user-registration Software Status: Active Software Author: wpeverest Software Downloads: 2,562,763 Active Installs: 60,000 Last Updated: March 8, 2024 Patched Versions: 3.1.5 Affected Versions: <= 3.1.4 Vulnerability Details: Name: User Registration – Custom Registration…

Read More

The Plus Addons for Elementor – Authenticated (Contributor+) Stored Cross-Site Scripting Header Meta Content Widget – CVE-2024-1419 | WordPress Plugin Vulnerability Report

By Your WP Guy | March 6, 2024
WP Plugin Vulnerabilities Image - The Plus Addons for Elementor - Authenticated (Contributor+) Stored Cross-Site Scripting Header Meta Content Widget - CVE-2024-1419 | WordPress Plugin Vulnerability Report - Vulnerabilities

Plugin Name: The Plus Addons for Elementor Key Information: Software Type: Plugin Software Slug: the-plus-addons-for-elementor-page-builder Software Status: Active Software Author: posimyththemes Software Downloads: 2,065,890 Active Installs: 100,000 Last Updated: March 8, 2024 Patched Versions: 5.4.1 Affected Versions: <= 5.4.0 Vulnerability Details: Name: The Plus Addons for Elementor <= 5.4.0 Title: Authenticated (Contributor+) Stored Cross-Site Scripting…

Read More

Royal Elementor Addons and Templates – Authenticated (Contributor+) Stored Cross-Site Scripting via Logo Widget – CVE-2024-1500 | WordPress Plugin Vulnerability Report

By Your WP Guy | March 6, 2024
WP Plugin Vulnerabilities Image - Royal Elementor Addons and Templates - Authenticated (Contributor+) Stored Cross-Site Scripting via Logo Widget - CVE-2024-1500 | WordPress Plugin Vulnerability Report - Vulnerabilities

Plugin Name: Royal Elementor Addons and Templates Key Information: Software Type: Plugin Software Slug: royal-elementor-addons Software Status: Active Software Author: wproyal Software Downloads: 4,248,687 Active Installs: 300,000 Last Updated: March 8, 2024 Patched Versions: Information not provided Affected Versions: <= 1.3.91 Vulnerability Details: Name: Royal Elementor Addons and Templates <= 1.3.91 Title: Authenticated (Contributor+) Stored…

Read More

Prime Slider Addons For Elementor Vulnerability- Authenticated (Contributor+) Stored Cross-Site Scripting via Fiestar Widget – CVE-2024-1506 |WordPress Plugin Vulnerability Report

By Your WP Guy | March 6, 2024
WP Plugin Vulnerabilities Image - Prime Slider Addons For Elementor Vulnerability- Authenticated (Contributor+) Stored Cross-Site Scripting via Fiestar Widget - CVE-2024-1506 |WordPress Plugin Vulnerability Report - Vulnerabilities

Plugin Name: Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) Key Information: Software Type: Plugin Software Slug: bdthemes-prime-slider-lite Software Status: Active Software Author: bdthemes Software Downloads: 1,987,618 Active Installs: 100,000 Last Updated: March 8, 2024 Patched Versions: 3.13.2 Affected Versions: <= 3.13.1 Vulnerability Details: Name: Prime Slider – Addons…

Read More

Happy Addons for Elementor Vulnerability- Authenticated (Contributor+) Stored Cross-Site Scripting via Archive Title Widget – CVE-2024-1366 | WordPress Plugin Vulnerability Report

By Your WP Guy | March 6, 2024
WP Plugin Vulnerabilities Image - Happy Addons for Elementor Vulnerability- Authenticated (Contributor+) Stored Cross-Site Scripting via Archive Title Widget - CVE-2024-1366 | WordPress Plugin Vulnerability Report - Vulnerabilities

Plugin Name: Happy Addons for Elementor Key Information: Software Type: Plugin Software Slug: happy-elementor-addons Software Status: Active Software Author: thehappymonster Software Downloads: 6,213,235 Active Installs: 400,000 Last Updated: March 8, 2024 Patched Versions: 3.10.4 Affected Versions: <= 3.10.3 Vulnerability Details: Name: Happy Addons for Elementor <= 3.10.3 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via Archive…

Read More

Database for Contact Form 7, WPforms, Elementor forms Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2024-2030 | WordPress Plugin Vulnerability Report

By Your WP Guy | March 6, 2024
WP Plugin Vulnerabilities Image - Database for Contact Form 7, WPforms, Elementor forms Vulnerability - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode - CVE-2024-2030 | WordPress Plugin Vulnerability Report - Vulnerabilities

Plugin Name: Database for Contact Form 7, WPforms, Elementor forms Key Information: Software Type: Plugin Software Slug: contact-form-entries Software Status: Active Software Author: crmperks Software Downloads: 537,257 Active Installs: 60,000 Last Updated: March 8, 2024 Patched Versions: 1.3.4 Affected Versions: <= 1.3.3 Vulnerability Details: Name: Database for Contact Form 7, WPforms, Elementor forms <= 1.3.3…

Read More