Vulnerabilities
Page Builder: Pagelayer Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Button – CVE-2024-1590 | WordPress Plugin Vulnerability Report
Plugin Name: Page Builder: Pagelayer Key Information: Software Type: Plugin Software Slug: pagelayer Software Status: Active Software Author: softaculous Software Downloads: 5,658,195 Active Installs: 200,000 Last Updated: February 22, 2024 Patched Versions: 1.8.3 Affected Versions: <= 1.8.2 Vulnerability Details: Name: Page Builder: Pagelayer – Drag and Drop website builder <= 1.8.2 – Authenticated (Contributor+) Stored Cross-Site Scripting via Button Title: Authenticated (Contributor+) Stored Cross-Site Scripting via…
User Feedback Vulnerability – Unauthenticated Stored Cross-Site Scripting – CVE-2024-0903 | WordPress Plugin Vulnerability Report
Plugin Name: User Feedback Key Information: Software Type: Plugin Software Slug: userfeedback-lite Software Status: Active Software Author: smub Software Downloads: 1,054,695 Active Installs: 200,000 Last Updated: February 21, 2024 Patched Versions: 1.0.14 Affected Versions: <= 1.0.13 Vulnerability Details: Name: User Feedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds <= 1.0.13 – Unauthenticated Stored Cross-Site Scripting Title: Unauthenticated Stored Cross-Site Scripting Type: Improper Neutralization…
Event Tickets and Registration Vulnerability – Missing Authorization – CVE-2024-1053 | WordPress Plugin Vulnerability Report
Plugin Name: Event Tickets and Registration Key Information: Software Type: Plugin Software Slug: event-tickets Software Status: Active Software Author: theeventscalendar Software Downloads: 3,388,630 Active Installs: 80,000 Last Updated: February 21, 2024 Patched Versions: 5.8.2 Affected Versions: <= 5.8.1 Vulnerability Details: Name: Event Tickets and Registration <= 5.8.1 – Missing Authorization Title: Missing Authorization Type: Improper Access Control CVE: CVE-2024-1053 CVSS Score: 4.3 (Medium) Publicly Published: February 21, 2024 Researcher: Muhammad Daffa…
Elementor Addon Elements Vulnerability – Directory Traversal to Local File Inclusion – CVE-2024-1358 | WordPress Plugin Vulnerability Report
Plugin Name: Elementor Addon Elements Key Information: Software Type: Plugin Software Slug: addon-elements-for-elementor-page-builder Software Status: Active Software Author: webtechstreet Software Downloads: 2,406,134 Active Installs: 100,000 Last Updated: February 21, 2024 Patched Versions: 1.13 Affected Versions: <= 1.12.12 Vulnerability 1 Details: Name: Elementor Addon Elements <= 1.12.12 – Directory Traversal to Local File Inclusion Title: Directory Traversal to Local File Inclusion Type: Improper Limitation of a Pathname to…
Enhanced Text Widget Vulnerability – Authenticated (Administrator+) Stored Cross-Site Scripting – CVE-2024-0559 | WordPress Plugin Vulnerability Report
Plugin Name: Enhanced Text Widget Key Information: Software Type: Plugin Software Slug: enhanced-text-widget Software Status: Active Software Author: cl272 Software Downloads: 773,012 Active Installs: 50,000 Last Updated: February 20, 2024 Patched Versions: 1.6.6 Affected Versions: <= 1.6.5 Vulnerability Details: Name: Enhanced Text Widget <= 1.6.5 – Authenticated (Administrator+) Stored Cross-Site Scripting Title: Authenticated (Administrator+) Stored Cross-Site Scripting Type: Improper Neutralization of Input During Web Page Generation (‘Cross-site…
wpDataTables Vulnerability – Reflected Cross-Site Scripting – CVE-2024-0591 | WordPress Plugin Vulnerability Report
Plugin Name: wpDataTables Key Information: Software Type: Plugin Software Slug: wpdatatables Software Status: Active Software Author: wpdatatables Software Downloads: 1,303,680 Active Installs: 70,000 Last Updated: February 20, 2024 Patched Versions: 3.4.2.5 Affected Versions: <= 3.4.2.4 Vulnerability Details: Name: wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin <= 3.4.2.2 – Reflected Cross-Site Scripting. Title: Reflected Cross-Site Scripting Type: Improper Neutralization of Input During Web Page…
Tutor LMS Vulnerability – Missing Authorization & Authenticated HTML Injection – CVE-2024-1133 & CVE-2024-1128 | WordPress Plugin Vulnerability Report
Plugin Name: Tutor LMS Key Information: Software Type: Plugin Software Slug: tutor Software Status: Active Software Author: themeum Software Downloads: 1,925,315 Active Installs: 80,000 Last Updated: February 20, 2024 Patched Versions: 2.6.1 Affected Versions: <= 2.6.0 Vulnerability 1 Details: Name: Tutor LMS <= 2.6.0 – Missing Authorization Title: Missing Authorization Type: Missing Authorization CVE: CVE-2024-1133 CVSS Score: 4.3 (Medium) Publicly Published: February 20, 2024 Researcher: drop Description: The Tutor LMS – eLearning…
YARPP Vulnerability – Authenticated(Administrator+) Stored Cross-Site Scripting via settings – CVE-2024-0602 | WordPress Plugin Vulnerability Report
Plugin Name: YARPP Key Information: Software Type: Plugin Software Slug: yet-another-related-posts-plugin Software Status: Active Software Author: jeffparker Software Downloads: 7,579,644 Active Installs: 100,000 Last Updated: February 20, 2024 Patched Versions: 5.30.10 Affected Versions: 5.30.9 Vulnerability Details: Name: Yet Another Related Posts Plugin (YARPP) <= 5.30.9 – Authenticated(Administrator+) Stored Cross-Site Scripting via settings Title: Authenticated(Administrator+) Stored Cross-Site Scripting via settings Type: Improper Neutralization of Script-Related HTML Tags in…
Sassy Social Share Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-1448 | WordPress Plugin Vulnerability Report
Plugin Name: Sassy Social Share Key Information: Software Type: Plugin Software Slug: sassy-social-share Software Status: Active Software Author: heateor Software Downloads: 5,064,928 Active Installs: 100,000 Last Updated: February 20, 2024 Patched Versions: 3.3.57 Affected Versions: <= 3.3.56 Vulnerability Details: Name: Sassy Social Share <= 3.3.56 – Authenticated (Contributor+) Stored Cross-Site Scripting Title: Authenticated (Contributor+) Stored…
Beaver Builder Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-0897 | WordPress Plugin Vulnerability Report
Plugin Name: Beaver Builder Key Information: Software Type: Plugin Software Slug: beaver-builder-lite-version Software Status: Active Software Author: justinbusa Software Downloads: 9,597,835 Active Installs: 100,000 Last Updated: February 20, 2024 Patched Versions: 2.7.4.3 Affected Versions: <= 2.7.4.2 Vulnerability Details: Name: Beaver Builder – WordPress Page Builder <= 2.7.4.2 – Authenticated (Contributor+) Stored Cross-Site Scripting Type: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)…