Security

Gutenberg Blocks by Kadence Blocks Vulnerability – Page Builder Features – Multiple Vulnerabilities – CVE-2024-0598 & CVE-2024-2919 | WordPress Plugin Vulnerability Report

By Your WP Guy / Apr 3, 2024

Plugin Name: Gutenberg Blocks by Kadence Blocks – Page Builder Features Key Information: Software Type: Plugin Software Slug: kadence-blocks Software Status: Active Software Author: britner Software Downloads: 17,837,802 Active Installs: 400,000 Last Updated: April 3, 2024 Patched Versions: 3.2.18 Affected Versions: <= 3.2.17 for CVE-2024-0598 and <= 3.2.31 for CVE-2024-2919 Vulnerability 1 Details: Name: Gutenberg…

Happy Addons for Elementor Vulnerability – Multiple XSS Vulnerabilities –  CVE-2024-2787, CVE-2024-2789, CVE-2024-1498, CVE-2024-1387 | WordPress Plugin Vulnerability Report

By Your WP Guy / Apr 3, 2024

Plugin Name: Happy Addons for Elementor Key Information Software Type: Plugin Software Slug: happy-elementor-addons Software Status: Active Software Author: thehappymonster Software Downloads: 6,284,286 Active Installs: 400,000 Last Updated: April 4, 2024 Patched Versions: 3.10.5, 3.10.4 Affected Versions: <= 3.10.3 Vulnerability Details Vulnerability 1 Name: Happy Addons for Elementor <= 3.10.4 – Authenticated Stored Cross-Site Scripting…

WordPress Tag and Category Manager Vulnerability – AI Autotagger – Authenticated Stored Cross-Site Scripting via Shortcode – CVE-2024-2830 | WordPress Plugin Vulnerability Report

By Your WP Guy / Apr 3, 2024

Plugin Name: WordPress Tag and Category Manager – AI Autotagger Key Information: Software Type: Plugin Software Slug: simple-tags Software Status: Active Software Author: stevejburge Software Downloads: 4,604,554 Active Installs: 60,000 Last Updated: April 3, 2024 Patched Versions: 3.20.0 Affected Versions: <= 3.13.0 Vulnerability Details: Name: WordPress Tag and Category Manager – AI Autotagger <= 3.13.0…

Spectra Vulnerability – WordPress Gutenberg Blocks – Authenticated Cross-Site Scripting via Custom CSS – CVE-2023-6486 | WordPress Plugin Vulnerability Report

By Your WP Guy / Apr 3, 2024

Plugin Name: Spectra – WordPress Gutenberg Blocks Key Information Software Type: Plugin Software Slug: ultimate-addons-for-gutenberg Software Status: Active Software Author: brainstormforce Software Downloads: 20,112,321 Active Installs: 600,000 Last Updated: April 3, 2024 Patched Versions: 2.10.4 Affected Versions: <= 2.10.3 Vulnerability Details Name: Spectra – WordPress Gutenberg Blocks <= 2.10.3 Title: Authenticated(Contributor+) Cross-Site Scripting via Custom…

ShopLentor Vulnerability – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) – Authenticated Stored Cross-Site Scripting via WL Universal Product Layout – CVE-2024-2868 | WordPress Plugin Vulnerability Report

By Your WP Guy / Apr 3, 2024

Plugin Name: ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) Key Information: Software Type: Plugin Software Slug: woolentor-addons Software Status: Active Software Author: devitemsllc Software Downloads: 3,355,176 Active Installs: 100,000 Last Updated: April 4, 2024 Patched Versions: 2.8.4 Affected Versions: <= 2.8.3 Vulnerability Details: Name: ShopLentor…

Jeg Elementor Kit Vulnerability – Multiple Stored Cross-Site Scripting Issues – CVE-2024-1327 & CVE-2024-3162 |WordPress Plugin Vulnerability Report

By Your WP Guy / Apr 2, 2024

Plugin Name: Jeg Elementor Kit Key Information: Software Type: Plugin Software Slug: jeg-elementor-kit Software Status: Active Software Author: jegtheme Software Downloads: 1,029,705 Active Installs: 200,000 Last Updated: April 2, 2024 Patched Versions: 2.6.4 Affected Versions: <= 2.6.3 Vulnerability 1 Details: Name: Jeg Elementor Kit <= 2.6.3 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via Image Box…

WPFront User Role Editor Vulnerability – Limited Information Exposure – CVE-2024-2931 | WordPress Plugin Vulnerability Report

By Your WP Guy / Apr 1, 2024

Plugin Name: WPFront User Role Editor Key Information: Software Type: Plugin Software Slug: wpfront-user-role-editor Software Status: Active Software Author: syammohanm Software Downloads: 787,036 Active Installs: 50,000 Last Updated: April 2, 2024 Patched Versions: 4.1.0 Affected Versions: <= 3.2.1.11184 Vulnerability Details: Name: WPFront User Role Editor <= 3.2.1.11184 Title: Limited Information Exposure Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE: CVE-2024-2931…

WP-Members Membership Plugin Vulnerability – Unauthenticated Stored Cross-Site Scripting – CVE-2024-1852 | WordPress Plugin Vulnerability Report

By Your WP Guy / Apr 1, 2024

Plugin Name: WP-Members Membership Plugin Key Information: Software Type: Plugin Software Slug: wp-members Software Status: Active Software Author: cbutlerjr Software Downloads: 3,453,636 Active Installs: 60,000 Last Updated: April 1, 2024 Patched Versions: 3.4.9.3 Affected Versions: <= 3.4.9.2 Vulnerability Details: Name: WP-Members Membership Plugin <= 3.4.9.2 Title: Unauthenticated Stored Cross-Site Scripting Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N CVE: CVE-2024-1852 CVSS…

Template Kit – Import Vulnerability – Authenticated Stored Cross-Site Scripting via Template Upload – CVE-2024-2334 | WordPress Plugin Vulnerability Report

By Your WP Guy / Apr 1, 2024

Plugin Name: Template Kit – Import Key Information: Software Type: Plugin Software Slug: template-kit-import Software Status: Active Software Author: Envato Software Downloads: 548,134 Active Installs: 100,000 Last Updated: April 2, 2024 Patched Versions: 1.0.15 Affected Versions: <= 1.0.14 Vulnerability Details: Name: Template Kit – Import <= 1.0.14 Title: Authenticated (Author+) Stored Cross-Site Scripting via Template…

SecuPress Free Vulnerability — WordPress Security – Cross-Site Request Forgery to Banned IP Address – CVE-2024-1504 | WordPress Plugin Vulnerability Report

By Your WP Guy / Apr 1, 2024

Plugin Name: SecuPress Free – WordPress Security Key Information: Software Type: Plugin Software Slug: secupress Software Status: Active Software Author: SecuPress Software Downloads: 623,070 Active Installs: 40,000 Last Updated: April 2, 2024 Patched Versions: 2.2.5.2 Affected Versions: <= 2.2.5.1 Vulnerability Details: Name: SecuPress Free – WordPress Security <= 2.2.5.1 Title: Cross-Site Request Forgery to Banned…