Security
File Manager Vulnerability – Sensitive Information Exposure via Backup Filenames – CVE-2024-0761 | WordPress Plugin Vulnerability Report
Plugin Name: File Manager Key Information: Software Type: Plugin Software Slug: wp-file-manager Software Status: Active Software Author: mndpsingh287 Software Downloads: 19,681,705 Active Installs: 1,000,000 Last Updated: January 22, 2024 Patched Versions: 7.2.2 Affected Versions: <= 7.2.1 Vulnerability Details: Name: File Manager <= 7.2.1 – Sensitive Information Exposure via Backup Filenames Title: Sensitive Information Exposure via…
GiveWP Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2023-51415 | WordPress Plugin Vulnerability Report
Plugin Name: GiveWP Key Information: Software Type: Plugin Software Slug: give Software Status: Active Software Author: webdevmattcrom Software Downloads: 6,478,131 Active Installs: 100,000 Last Updated: January 19, 2024 Patched Versions: 3.3.0 Affected Versions: <= 3.2.2 Vulnerability Details: Name: GiveWP <= 3.2.2 – Authenticated (Contributor+) Stored Cross-Site Scripting Title: Authenticated (Contributor+) Stored Cross-Site Scripting Type: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) CVE: CVE-2023-51415 CVSS Score: 6.4…
WPvivid Vulnerability – Missing Authorization – CVE-2023-4637 | WordPress Plugin Vulnerability Report
Plugin Name: WPvivid Key Information: Software Type: Plugin Software Slug: wpvivid-backuprestore Software Status: Active Software Author: wpvividplugins Software Downloads: 6,203,119 Active Installs: 400,000 Last Updated: January 19, 2024 Patched Versions: 0.9.95 Affected Versions: <= 0.9.94 Vulnerability Details: Name: WPvivid <= 0.9.94 – Missing Authorization Title: Missing Authorization Type: Missing Authorization CVE: CVE-2023-4637 CVSS Score: 4.3 (Medium) Publicly Published: January 19, 2024 Researcher: Revan Arifio Description: The WPvivid plugin for WordPress is vulnerable…
Ninja Tables Vulnerability – Missing Authorization – CVE-2024-23504 | WordPress Plugin Vulnerability Report
Plugin Name: Ninja Tables Key Information: Software Type: Plugin Software Slug: ninja-tables Software Status: Active Software Author: techjewel Software Downloads: 1,636,926 Active Installs: 80,000 Last Updated: January 19, 2024 Patched Versions: 5.0.6 Affected Versions: <= 5.0.5 Vulnerability Details: Name: Ninja Tables <= 5.0.5 – Missing Authorization Title: Missing Authorization Type: Missing Authorization CVE: CVE-2024-23504 CVSS Score: 5.3 (Medium) Publicly Published: January 19, 2024 Researcher: emad Description: The Ninja Tables plugin for WordPress…
Photo Gallery by 10Web Vulnerability – Directory Traversal to Arbitrary File Rename – CVE-2024-0221 | WordPress Plugin Vulnerability Report
Plugin Name: Photo Gallery by 10Web Key Information: Software Type: Plugin Software Slug: photo-gallery Software Status: Active Software Author: 10web Software Downloads: 17,512,296 Active Installs: 200,000 Last Updated: January 19, 2024 Patched Versions: 1.8.20 Affected Versions: <= 1.8.19 Vulnerability Details: Name: Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.19 – Directory Traversal to Arbitrary File Rename Type: Improper Limitation of a Pathname to a…
Simple Membership Vulnerability – Open Redirect – CVE-2024-22308 | WordPress Plugin Vulnerability Report
Plugin Name: Simple Membership Key Information: Software Type: Plugin Software Slug: simple-membership Software Status: Active Software Author: mra13 Software Downloads: 2,388,048 Active Installs: 50,000 Last Updated: January 19, 2024 Patched Versions: 4.4.2 Affected Versions: <= 4.4.1 Vulnerability Details: Name: Simple Membership <= 4.4.1 – Open Redirect Title: Open Redirect Type: URL Redirection to Untrusted Site (‘Open Redirect’) CVE: CVE-2024-22308 CVSS Score: 6.1 (Medium) Publicly Published: January 19, 2024 Researcher: Joshua Chan…
VK Block Patterns Vulnerability – Cross-Site Request Forgery – CVE-2024-0623 | WordPress Plugin Vulnerability Report
Plugin Name: VK Block Patterns Key Information: Software Type: Plugin Software Slug: vk-block-patterns Software Status: Active Software Author: vektor-inc Software Downloads: 1,113,989 Active Installs: 80,000 Last Updated: January 19, 2024 Patched Versions: 1.31.2.0 Affected Versions: <= 1.31.1.1 Vulnerability Details: Name: VK Block Patterns <= 1.31.1.1 – Cross-Site Request Forgery Type: Cross-Site Request Forgery (CSRF) CVE: CVE-2024-0623 CVSS Score: 4.3 (Medium) Publicly Published: January 19, 2024 Researcher: kodaichodai Description: The VK Block…
AI Engine Vulnerability – Authenticated(Editor+) Arbitrary File Upload via add_image_from_url – CVE-2024-0699 | WordPress Plugin Vulnerability Report
Plugin Name: AI Engine Key Information: Software Type: Plugin Software Slug: ai-engine Software Status: Active Software Author: tigroumeow Software Downloads: 1,716,148 Active Installs: 50,000 Last Updated: January 18, 2024 Patched Versions: 2.1.5 Affected Versions: <= 2.1.4 Vulnerability Details: Name: AI Engine <= 2.1.4 – Authenticated(Editor+) Arbitrary File Upload via add_image_from_url Title: Authenticated(Editor+) Arbitrary File Upload via add_image_from_url Type: Unrestricted Upload of File with Dangerous Type CVE: CVE-2024-0699 CVSS…
Amelia Booking Vulnerability – Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode – CVE-2023-6808 | WordPress Plugin Vulnerability Report
Plugin Name: Amelia Booking Key Information: Software Type: Plugin Software Slug: ameliabooking Software Status: Active Software Author: ameliabooking Software Downloads: 535,131 Active Installs: 60,000 Last Updated: January 18, 2024 Patched Versions: 1.0.94 Affected Versions: <= 1.0.93 Vulnerability Details: Name: Booking for Appointments and Events Calendar – Amelia <= 1.0.93 – Authenticated(Contributor+) Stored Cross-Site Scripting via…
Contact Form Plugin – Authenticated(Administrator+) Stored Cross-Site Scripting via imported form title – CVE-2024-0618 | WordPress Plugin Vulnerability Report
Plugin Name: Contact Form Plugin – Fastest Contact Form Builder Plugin for WordPress by Fluent Forms Key Information: Software Type: Plugin Software Slug: fluentform Software Status: Active Software Author: techjewel Software Downloads: 5,679,069 Active Installs: 400,000 Last Updated: January 18, 2024 Patched Versions: 5.1.7 Affected Versions: <= 5.1.5 Vulnerability Details: Name: Fluent Forms <= 5.1.5…