Vulnerabilities
Drag and Drop Multiple File Upload Vulnerability – Contact Form 7 – Sensitive Information Exposure – CVE-2024-3717 | WordPress Plugin Vulnerability Report
Plugin Name: Drag and Drop Multiple File Upload – Contact Form 7 Key Information: Software Type: Plugin Software Slug: drag-and-drop-multiple-file-upload-contact-form-7 Software Status: Active Software Author: glenwpcoder Software Downloads: 717,544 Active Installs: 60,000 Last Updated: May 10, 2024 Patched Versions: 1.3.7.8 Affected Versions: <= 1.3.7.7 Vulnerability Details: Name: Drag and Drop Multiple File Upload – Contact…
Elementor Addon Elements Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-3743 | WordPress Plugin Vulnerability Report
Plugin Name: Elementor Addon Elements Key Information: Software Type: Plugin Software Slug: addon-elements-for-elementor-page-builder Software Status: Active Software Author: webtechstreet Software Downloads: 2,632,773 Active Installs: 100,000 Last Updated: May 12, 2024 Patched Versions: 1.13.4 Affected Versions: <= 1.13.3 Vulnerability Details: Name: Elementor Addon Elements <= 1.13.3 Title: Authenticated (Contributor+) Stored Cross-Site Scripting Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N CVE: CVE-2024-3743…
Exclusive Addons for Elementor Vulnerability – Missing Authorization to Post Duplication – CVE-2024-33914 | WordPress Plugin Vulnerability Report
Plugin Name: Exclusive Addons for Elementor Key Information: Software Type: Plugin Software Slug: exclusive-addons-for-elementor Software Status: Active Software Author: timstrifler Software Downloads: 859,237 Active Installs: 60,000 Last Updated: May 13, 2024 Patched Versions: 2.6.9.2 Affected Versions: <= 2.6.9.1 Vulnerability Details: Name: Exclusive Addons Elementor <= 2.6.9.1 Title: Missing Authorization to Post Duplication Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVE:…
MailerLite Vulnerability – Signup forms (official) – Multiple Vulnerabilities – CVE-2024-2797, CVE-2024-1386 | WordPress Plugin Vulnerability Report
Plugin Name: MailerLite – Signup forms (official) Key Information: Software Type: Plugin Software Slug: official-mailerlite-sign-up-forms Software Status: Active Software Author: mailerlite Software Downloads: 1,634,637 Active Installs: 80,000 Last Updated: May 10, 2024 Patched Versions: 1.7.7 Affected Versions: <= 1.7.6 Vulnerability Details: Name: MailerLite – Signup forms (official) <= 1.7.6 Title: Missing Authorization Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE:…
Media Cleaner: Clean your WordPress! Vulnerability – Unauthenticated Information Exposure – CVE-2024-33922 | WordPress Plugin Vulnerability Report
Plugin Name: Media Cleaner: Clean your WordPress! Key Information: Software Type: Plugin Software Slug: media-cleaner Software Status: Active Software Author: tigroumeow Software Downloads: 2,778,078 Active Installs: 70,000 Last Updated: May 10, 2024 Patched Versions: 6.7.3 Affected Versions: <= 6.7.2 Vulnerability Details: Name: Media Cleaner: Clean your WordPress! <= 6.7.2 Title: Unauthenticated Information Exposure Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N…
Premium Addons for Elementor Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-4203 | WordPress Plugin Vulnerability Report
Plugin Name: Premium Addons for Elementor Key Information: Software Type: Plugin Software Slug: premium-addons-for-elementor Software Status: Active Software Author: leap13 Software Downloads: 31,890,759 Active Installs: 700,000 Last Updated: May 13, 2024 Patched Versions: 4.10.31 Affected Versions: <= 4.10.30 Vulnerability Details: Name: Premium Addons for Elementor <= 4.10.30 Title: Authenticated (Contributor+) Stored Cross-Site Scripting Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N…
WP Shortcodes Plugin Vulnerability — Shortcodes Ultimate – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2024-3550 | WordPress Plugin Vulnerability Report
Plugin Name: WP Shortcodes Plugin – Shortcodes Ultimate Key Information: Software Type: Plugin Software Slug: shortcodes-ultimate Software Status: Active Software Author: gn_themes Software Downloads: 20,031,592 Active Installs: 600,000 Last Updated: May 13, 2024 Patched Versions: 7.1.3 Affected Versions: <= 7.1.2 Vulnerability Details: Name: WP Shortcodes Plugin – Shortcodes Ultimate <= 7.1.2 Title: Authenticated (Contributor+) Stored…
MainWP Child Reports Vulnerability – Cross-Site Request Forgery – CVE-2024-33680 | WordPress Plugin Vulnerability Report
Plugin Name: MainWP Child Reports Key Information: Software Type: Plugin Software Slug: mainwp-child-reports Software Status: Active Software Author: mainwp Software Downloads: 943,776 Active Installs: 80,000 Last Updated: May 10, 2024 Patched Versions: 2.2 Affected Versions: <= 2.1.1 Vulnerability Details: Name: MainWP Child Reports <= 2.1.1 Title: Cross-Site Request Forgery Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE: CVE-2024-33680 CVSS Score:…
NextGEN Gallery Vulnerability – Authenticated Stored Cross-Site Scripting – CVE-2024-2744 | WordPress Plugin Vulnerability Report
Plugin Name: NextGEN Gallery – Create an Amazing Photo Gallery in Seconds Key Information: Software Type: Plugin Software Slug: nextgen-gallery Software Status: Active Software Author: smub Software Downloads: 40,372,789 Active Installs: 500,000 Last Updated: May 12, 2024 Patched Versions: 3.59.1 Affected Versions: <= 3.59 Vulnerability Details: Name: NextGEN Gallery <= 3.59 Title: Authenticated (Administrator+) Stored…
Popup Builder by OptinMonster Vulnerability – WordPress Popups for Optins, Email Newsletters and Lead Generation – Cross-Site Request Forgery to Notice Dismissal – CVE-2024-33691 | WordPress Plugin Vulnerability Report
Plugin Name: Popup Builder by OptinMonster – WordPress Popups for Optins, Email Newsletters and Lead Generation Key Information: Software Type: Plugin Software Slug: optinmonster Software Status: Active Software Author: optinmonster Software Downloads: 103,821,350 Active Installs: 1,000,000 Last Updated: May 10, 2024 Patched Versions: 2.16.0 Affected Versions: <= 2.15.3 Vulnerability Details: Name: Popup Builder by OptinMonster…