Security
Download Monitor Vulnerability – Missing Authorization – CVE-2024-3269 | WordPress Plugin Vulnerability Report
Plugin Name: Download Monitor Key Information: Software Type: Plugin Software Slug: download-monitor Software Status: Active Software Author: wpchill Software Downloads: 5,153,537 Active Installs: 100,000 Last Updated: June 11, 2024 Patched Versions: 4.9.14 Affected Versions: <= 4.9.13 Vulnerability Details: Name: Download Monitor <= 4.9.13 Title: Missing Authorization Type: CVE: CVE-2024-3269 CVSS Score: 5.4 Publicly Published: May…
HUSKY – Products Filter Professional for WooCommerce Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2024-5039 | WordPress Plugin Vulnerability Report
Plugin Name: HUSKY – Products Filter Professional for WooCommerce Key Information: Software Type: Plugin Software Slug: woocommerce-products-filter Software Status: Active Software Author: realmag777 Software Downloads: 1,732,922 Active Installs: 100,000 Last Updated: June 11, 2024 Patched Versions: 1.3.6 Affected Versions: <= 1.3.5.3 Vulnerability Details: Name: HUSKY – Products Filter Professional for WooCommerce <= 1.3.5.3 Title: Authenticated…
Lightbox & Modal Popup WordPress Plugin – FooBox Vulnerability – Authenticated (Admin+) Stored Cross-Site Scripting – CVE-2024-3276 | WordPress Plugin Vulnerability Report
Plugin Name: Lightbox & Modal Popup WordPress Plugin – FooBox Key Information: Software Type: Plugin Software Slug: foobox-image-lightbox Software Status: Active Software Author: bradvin Software Downloads: 2,339,156 Active Installs: 100,000 Last Updated: June 11, 2024 Patched Versions: <= 2.7.27 Affected Versions: 2.7.28 Vulnerability Details: Name: Lightbox & Modal Popup WordPress Plugin – FooBox (Free and…
WP STAGING WordPress Backup Plugin – Migration Backup Restore Vulnerability – Authenticated (Admin+) Arbitrary File Upload – CVE-2024-3412 | WordPress Plugin Vulnerability Report
Plugin Name: WP STAGING WordPress Backup Plugin – Migration Backup Restore Key Information: Software Type: Plugin Software Slug: wp-staging Software Status: Active Software Author: renehermi Software Downloads: 3,261,328 Active Installs: 100,000 Last Updated: June 11, 2024 Patched Versions: <= 3.4.3 Affected Versions: 3.5.0 Vulnerability Details: Name: WP STAGING WordPress Backup Plugin – Migration Backup Restore…
Popup Builder by OptinMonster Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-4045 | WordPress Plugin Vulnerability Report
Plugin Name: Popup Builder by OptinMonster – WordPress Popups for Optins, Email Newsletters and Lead Generation Key Information: Software Type: Plugin Software Slug: optinmonster Software Status: Active Software Author: optinmonster Software Downloads: 105,301,858 Active Installs: 1,000,000 Last Updated: June 11, 2024 Patched Versions: <= 2.16.1 Affected Versions: 2.16.2 Vulnerability Details: Name: Popup Builder by OptinMonster…
The Events Calendar Vulnerability – Missing Authorization to Authenticated (Contributor+) Arbitrary Events Access – CVE-2024-1295 | WordPress Plugin Vulnerability Report
Plugin Name: The Events Calendar Key Information: Software Type: Plugin Software Slug: the-events-calendar Software Status: Active Software Author: theeventscalendar Software Downloads: 57,657,454 Active Installs: 700,000 Last Updated: June 11, 2024 Patched Versions: <= 6.4.0 Affected Versions: 6.4.0.1 Vulnerability Details: Name: The Events Calendar Free & Pro <= 6.4.0 Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE: CVE-2024-1295 CVSS Score: 4.3…
The Plus Addons for Elementor Vulnerability – Multiple Authenticated (Contributor+) Stored Cross-Site Scripting Vulnerabilities – CVE-2024-4485, CVE-2024-4484, CVE-2024-3718, CVE-2024-2784 | WordPress Plugin Vulnerability Report
Plugin Name: The Plus Addons for Elementor Key Information: Software Type: Plugin Software Slug: the-plus-addons-for-elementor-page-builder Software Status: Active Software Author: posimyththemes Software Downloads: 2,380,817 Active Installs: 100,000 Last Updated: May 23, 2024 Patched Versions: 5.5.5 Affected Versions: <= 5.5.4 Vulnerability Details: Name: Multiple Authenticated (Contributor+) Stored Cross-Site Scripting Vulnerabilities Type: Improper Neutralization of Input During…
YITH WooCommerce Ajax Search Vulnerability – Unauthenticated Stored Cross-Site Scripting – CVE-2024-4455 | WordPress Plugin Vulnerability Report
Plugin Name: YITH WooCommerce Ajax Search Key Information: Software Type: Plugin Software Slug: yith-woocommerce-ajax-search Software Status: Active Software Author: yithemes Software Downloads: 2,852,419 Active Installs: 70,000 Last Updated: May 23, 2024 Patched Versions: 2.4.1 Affected Versions: <= 2.4.0 Vulnerability Details: Name: YITH WooCommerce Ajax Search <= 2.4.0 – Unauthenticated Stored Cross-Site Scripting Type: Improper Neutralization…
WP Go Maps Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2024-3557 | WordPress Plugin Vulnerability Report
Plugin Name: WP Go Maps Key Information: Software Type: Plugin Software Slug: wp-google-maps Software Status: Active Software Author: wpgmaps Software Downloads: 23,515,825 Active Installs: 400,000 Last Updated: May 23, 2024 Patched Versions: 9.0.37 Affected Versions: <= 9.0.36 Vulnerability Details: Name: WP Go Maps (formerly WP Google Maps) <= 9.0.36 – Authenticated (Contributor+) Stored Cross-Site Scripting via…
Elementor Header & Footer Builder Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-2618 | WordPress Plugin Vulnerability Report
Plugin Name: Elementor Header & Footer Builder Key Information: Software Type: Plugin Software Slug: header-footer-elementor Software Status: Active Software Author: brainstormforce Software Downloads: 28,801,489 Active Installs: 1,000,000 Last Updated: May 23, 2024 Patched Versions: 1.6.26.1 Affected Versions: <= 1.6.26 Vulnerability Details: Name: Elementor Header & Footer Builder <= 1.6.26 – Authenticated (Contributor+) Stored Cross-Site Scripting…