Microsoft Clarity Vulnerability- Cross-Site Request Forgery to Stored Cross-Site Scripting – CVE-2024-0590 |WordPress Plugin Vulnerability Report

By Your WP Guy | February 16, 2024
WP Plugin Vulnerabilities Image - Microsoft Clarity Vulnerability- Cross-Site Request Forgery to Stored Cross-Site Scripting - CVE-2024-0590 |WordPress Plugin Vulnerability Report - Vulnerabilities

Plugin Name: Microsoft Clarity Key Information: Software Type: Plugin Software Slug: microsoft-clarity Software Status: Active Software Author: sammartin Software Downloads: 312,923 Active Installs: 70,000 Last Updated: February 27, 2024 Patched Versions: 0.9.4 Affected Versions: <= 0.9.3 Vulnerability Details: Name: Microsoft Clarity <= 0.9.3 Title: Cross-Site Request Forgery to Stored Cross-Site Scripting Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE: CVE-2024-0590…

Read More

 PowerPack Addons for Elementor Vulnerability- Authenticated (Contributor+) Stored Cross-Site Scripting via Twitter Buttons Widget – CVE-2024-1411 | WordPress Plugin Vulnerability Report

By Your WP Guy | February 15, 2024
WP Plugin Vulnerabilities Image -  PowerPack Addons for Elementor Vulnerability- Authenticated (Contributor+) Stored Cross-Site Scripting via Twitter Buttons Widget - CVE-2024-1411 | WordPress Plugin Vulnerability Report - Vulnerabilities

Plugin Name:PowerPack Addons for Elementor Key Information: Software Type: Plugin Software Slug: powerpack-lite-for-elementor Software Status: Active Software Author: ideaboxcreations Software Downloads: 2,157,052 Active Installs: 100,000 Last Updated: February 16, 2024 Patched Versions: 2.7.16 Affected Versions: <= 2.7.15 Vulnerability Details: Name: PowerPack Addons for Elementor <= 2.7.15 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via Twitter Buttons…

Read More

EmbedPress Vulnerability– Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2024-1349 |WordPress Plugin Vulnerability Report 

By Your WP Guy | February 14, 2024
WP Plugin Vulnerabilities Image - EmbedPress Vulnerability– Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode - CVE-2024-1349 |WordPress Plugin Vulnerability Report  - Vulnerabilities

Plugin Name: EmbedPress Key Information: Software Type: Plugin Software Slug: embedpress Software Status: Active Software Author: wpdevteam Software Downloads: 2,184,657 Active Installs: 80,000 Last Updated: February 16, 2024 Patched Versions: 3.9.9 Affected Versions: <= 3.9.8 Vulnerability Details: Name: EmbedPress <= 3.9.8 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N CVE: CVE-2024-1349 CVSS Score:…

Read More

Simple Share Buttons Adder Vulnerability- Authenticated(Administrator+) Stored Cross-Site Scripting via CSS Settings – CVE-2024-0621 | WordPress Plugin Vulnerability Report

By Your WP Guy | February 14, 2024
WP Plugin Vulnerabilities Image - Simple Share Buttons Adder Vulnerability- Authenticated(Administrator+) Stored Cross-Site Scripting via CSS Settings - CVE-2024-0621 | WordPress Plugin Vulnerability Report - Vulnerabilities

Plugin Name: Simple Share Buttons Adder Key Information: Software Type: Plugin Software Slug: simple-share-buttons-adder Software Status: Active Software Author: davidoffneal Software Downloads: 4,036,990 Active Installs: 70,000 Last Updated: February 16, 2024 Patched Versions: 8.4.12 Affected Versions: <= 8.4.11 Vulnerability Details: Name: Simple Share Buttons Adder <= 8.4.11 Title: Authenticated(Administrator+) Stored Cross-Site Scripting via CSS Settings…

Read More

Premium Addons for Elementor Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via onClick Events – CVE-2024-0326 | WordPress Plugin Vulnerability Report

By Your WP Guy | February 14, 2024
WP Plugin Vulnerabilities Image - Premium Addons for Elementor Vulnerability - Authenticated (Contributor+) Stored Cross-Site Scripting via onClick Events - CVE-2024-0326 | WordPress Plugin Vulnerability Report - Vulnerabilities

Plugin Name: Premium Addons for Elementor Key Information: Software Type: Plugin Software Slug: premium-addons-for-elementor Software Status: Active Software Author: leap13 Software Downloads: 29,259,716 Active Installs: 700,000 Last Updated: February 16, 2024 Patched Versions: 4.10.19 Affected Versions: <= 4.10.18 Vulnerability Details: Name: Premium Addons for Elementor <= 4.10.18 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via onClick…

Read More

Best WordPress Gallery Plugin Vulnerability– FooGallery – Authenticated(Administrator+) Stored Cross-Site Scripting via Settings – CVE-2024-0604 | WordPress Plugin Vulnerability Report

By Your WP Guy | February 14, 2024
WP Plugin Vulnerabilities Image - Best WordPress Gallery Plugin Vulnerability– FooGallery - Authenticated(Administrator+) Stored Cross-Site Scripting via Settings - CVE-2024-0604 | WordPress Plugin Vulnerability Report - Vulnerabilities

Plugin Name: Best WordPress Gallery Plugin – FooGallery Key Information: Software Type: Plugin Software Slug: foogallery Software Status: Active Software Author: bradvin Software Downloads: 4,701,372 Active Installs: 100,000 Last Updated: February 16, 2024 Patched Versions: 2.4.9 Affected Versions: <= 2.4.7 Vulnerability Details: Name: Best WordPress Gallery Plugin – FooGallery <= 2.4.7 Title: Authenticated(Administrator+) Stored Cross-Site…

Read More

Email Encoder Vulnerability– Protect Email Addresses and Phone Numbers – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2024-1282 |WordPress Plugin Vulnerability Report

By Your WP Guy | February 13, 2024
WP Plugin Vulnerabilities Image - Email Encoder Vulnerability– Protect Email Addresses and Phone Numbers - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode - CVE-2024-1282 |WordPress Plugin Vulnerability Report - Vulnerabilities

Plugin Name: Email Encoder – Protect Email Addresses and Phone Numbers Key Information: Software Type: Plugin Software Slug: email-encoder-bundle Software Status: Active Software Author: ironikus Software Downloads: 1,058,847 Active Installs: 80,000 Last Updated: February 27, 2024 Patched Versions: 2.2.1 Affected Versions: <= 2.2.0 Vulnerability Details: Name: Email Encoder – Protect Email Addresses and Phone Numbers…

Read More

Happy Addons for Elementor Vulnerability- Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-0438 |WordPress Plugin Vulnerability Report

By Your WP Guy | February 13, 2024
WP Plugin Vulnerabilities Image - Happy Addons for Elementor Vulnerability- Authenticated (Contributor+) Stored Cross-Site Scripting - CVE-2024-0438 |WordPress Plugin Vulnerability Report - Vulnerabilities

Plugin Name: Happy Addons for Elementor Key Information: Software Type: Plugin Software Slug: happy-elementor-addons Software Status: Active Software Author: thehappymonster Software Downloads: 5,986,507 Active Installs: 400,000 Last Updated: February 27, 2024 Patched Versions: 3.10.2 Affected Versions: <= 3.10.1 Vulnerability Details: Name: Happy Addons for Elementor <= 3.10.1 Title: Authenticated (Contributor+) Stored Cross-Site Scripting Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N…

Read More

SiteOrigin Widgets Bundle Vulnerability- Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-1058 | WordPress Plugin Vulnerability Report

By Your WP Guy | February 12, 2024
WP Plugin Vulnerabilities Image - SiteOrigin Widgets Bundle Vulnerability- Authenticated (Contributor+) Stored Cross-Site Scripting - CVE-2024-1058 | WordPress Plugin Vulnerability Report - Vulnerabilities

Plugin Name: SiteOrigin Widgets Bundle Key Information: Software Type: Plugin Software Slug: so-widgets-bundle Software Status: Active Software Author: gpriday Software Downloads: 37,808,389 Active Installs: 600,000 Last Updated: February 16, 2024 Patched Versions: 1.58.4 Affected Versions: <= 1.58.3 Vulnerability Details: Name: SiteOrigin Widgets Bundle <= 1.58.3 Title: Authenticated (Contributor+) Stored Cross-Site Scripting Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N CVE: CVE-2024-1058…

Read More

Bold Page Builder Vulnerability- Authenticated (Contributor+) Stored Cross-Site Scripting via Icon Link – CVE-2024-1160 |WordPress Plugin Vulnerability Report

By Your WP Guy | February 12, 2024
WP Plugin Vulnerabilities Image - Bold Page Builder Vulnerability- Authenticated (Contributor+) Stored Cross-Site Scripting via Icon Link - CVE-2024-1160 |WordPress Plugin Vulnerability Report - Vulnerabilities

Plugin Name: Bold Page Builder Key Information: Software Type: Plugin Software Slug: bold-page-builder Software Status: Active Software Author: boldthemes Software Downloads: 1,662,907 Active Installs: 50,000 Last Updated: February 27, 2024 Patched Versions: 4.8.1 Affected Versions: <= 4.8.0 Vulnerability Details: Name: Bold Page Builder <= 4.8.0 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via Icon Link Type:…

Read More