WP Job Manager Vulnerability – Unauthenticated Information Exposure – CVE-2024-34549 | WordPress Plugin Vulnerability Report

Plugin Name: WP Job Manager Key Information: Software Type: Plugin Software Slug: wp-job-manager Software Status: Active Software Author: automattic Software Downloads: 4,332,123 Active Installs: 100,000 Last Updated: May 7, 2024 Patched Versions: 2.3.0 Affected Versions: <= 2.2.2 Vulnerability Details: Name: WP Job Manager <= 2.2.2 – Unauthenticated Information Exposure Type: Information Exposure CVE: CVE-2024-34549 CVSS…

Read More

XML Sitemap & Google News Vulnerability – Unauthenticated Local File Inclusion – CVE-2024-4441 | WordPress Plugin Vulnerability Report

Plugin Name: XML Sitemap & Google News Key Information: Software Type: Plugin Software Slug: xml-sitemap-feed Software Status: Active Software Author: ravanh Software Downloads: 3,261,414 Active Installs: 100,000 Last Updated: May 7, 2024 Patched Versions: 5.4.9 Affected Versions: <= 5.4.8 Vulnerability Details: Name: XML Sitemap & Google News <= 5.4.8 – Unauthenticated Local File Inclusion Type:…

Read More

Booster for WooCommerce Vulnerability – Unauthenticated Arbitrary Shortcode Execution – CVE-2024-3957 | WordPress Plugin Vulnerability Report

Plugin Name: Booster for WooCommerce Key Information: Software Type: Plugin Software Slug: woocommerce-jetpack Software Status: Active Software Author: pluggabl Software Downloads: 3,639,153 Active Installs: 50,000 Last Updated: May 1, 2024 Patched Versions: 7.1.9 Affected Versions: <= 7.1.8 Vulnerability Details: Name: Booster for WooCommerce <= 7.1.8 – Unauthenticated Arbitrary Shortcode Execution Type: Improper Control of Generation…

Read More

3D FlipBook Vulnerability – Authenticated (Author+) Stored Cross-Site Scripting via Bookmark URL – CVE-2024-3883 | WordPress Plugin Vulnerability Report

Plugin Name: 3D FlipBook Key Information: Software Type: Plugin Software Slug: interactive-3d-flipbook-powered-physics-engine Software Status: Active Software Author: iberezansky Software Downloads: 1,595,226 Active Installs: 70,000 Last Updated: May 1, 2024 Patched Versions: 1.15.5 Affected Versions: <= 1.15.4 Vulnerability Details: Name: 3D FlipBook <= 1.15.4 – Authenticated (Author+) Stored Cross-Site Scritping via Bookmark URL Type: Improper Neutralization…

Read More

Contact Form by WPForms Vulnerability – Unauthenticated Price Manipulation – CVE-2024-3649 | WordPress Plugin Vulnerability Report

Plugin Name: Contact Form by WPForms Key Information: Software Type: Plugin Software Slug: wpforms-lite Software Status: Active Software Author: smub Software Downloads: 201,516,943 Active Installs: 5,000,000 Last Updated: May 1, 2024 Patched Versions: 1.8.8.2 Affected Versions: <= 1.8.7.2 Vulnerability Details: Name: Contact Form by WPForms – Drag & Drop Form Builder for WordPress <= 1.8.7.2…

Read More

Supreme Modules Lite Vulnerability – Authenticated (Contributor+) DOM-Based Cross-Site Scripting – CVE-2024-4334 | WordPress Plugin Vulnerability Report

Plugin Name: Supreme Modules Lite Key Information: Software Type: Plugin Software Slug: supreme-modules-for-divi Software Status: Active Software Author: divisupreme Software Downloads: 2,191,354 Active Installs: 200,000 Last Updated: May 1, 2024 Patched Versions: 2.5.4 Affected Versions: <= 2.5.3 Vulnerability Details: Name: Supreme Modules Lite – Divi Theme, Extra Theme and Divi Builder <= 2.5.3 – Authenticated…

Read More

WordPress Plugin Vulnerability Report – WP Recipe Maker – Authenticated (Contributor+) Stored Cross-Site Scripting via wprm-recipe-roundup-item Shortcode – CVE-2024-3490 | WordPress Vulnerability Report

Plugin Name: WP Recipe Maker Key Information: Software Type: Plugin Software Slug: wp-recipe-maker Software Status: Active Software Author: brechtvds Software Downloads: 2,782,126 Active Installs: 50,000 Last Updated: May 1, 2024 Patched Versions: 9.4.0 Affected Versions: <= 9.3.1 Vulnerability Details: Name: WP Recipe Maker <= 9.3.1 – Authenticated (Contributor+) Stored Cross-Site Scripting via wprm-recipe-roundup-item Shortcode Type:…

Read More

ElementsKit Elementor addons and Templates Library Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Image Accordion Widget – CVE-2024-3650 | WordPress Plugin Vulnerability Report

Plugin Name: ElementsKit Elementor addons and Templates Library Key Information: Software Type: Plugin Software Slug: elementskit-lite Software Status: Active Software Author: xpeedstudio Software Downloads: 19,230,464 Active Installs: 1,000,000 Last Updated: May 13, 2024 Patched Versions: 3.1.3 Affected Versions: 3.0.7 – 3.1.2 Vulnerability Details: Name: ElementsKit Elementor addons 3.0.7 – 3.1.2 Title: Authenticated (Contributor+) Stored Cross-Site…

Read More

The Post Grid Vulnerability – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid – Missing Authorization – CVE-2024-3936 | WordPress Plugin Vulnerability Report

Plugin Name: The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid Key Information: Software Type: Plugin Software Slug: the-post-grid Software Status: Active Software Author: techlabpro1 Software Downloads: 1,704,748 Active Installs: 90,000 Last Updated: May 10, 2024 Patched Versions: 7.7.0 Affected Versions: <= 7.6.1 Vulnerability Details: Name: The Post Grid – Shortcode,…

Read More

Jeg Elementor Kit Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget – CVE-2024-3161 | WordPress Plugin Vulnerability Report

Plugin Name: Jeg Elementor Kit Key Information: Software Type: Plugin Software Slug: jeg-elementor-kit Software Status: Active Software Author: jegtheme Software Downloads: 1,207,029 Active Installs: 200,000 Last Updated: May 10, 2024 Patched Versions: 2.6.5 Affected Versions: <= 2.6.4 Vulnerability Details: Name: Jeg Elementor Kit <= 2.6.4 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget Type:…

Read More