Royal Elementor Addons and Templates Vulnerability – Multiple Stored XSS Issues and IP Spoofing – Various CVEs |WordPress Plugin Vulnerability Report 

Plugin Name: Royal Elementor Addons and Templates Key Information: Software Type: Plugin Software Slug: royal-elementor-addons Software Status: Active Software Author: wproyal Software Downloads: 5,140,265 Active Installs: 300,000 Last Updated: May 6, 2024 Patched Versions: 1.3.972, 1.3.95 Affected Versions: <= 1.3.971, <= 1.3.93 Vulnerability Details: Authenticated Stored Cross-Site Scripting via Flip Carousel, Flip Box, Post Grid,…

Read More

WordPress Plugin Vulnerability Report – Icegram Express – Email Marketing, Newsletters and Automation for WordPress & WooCommerce – Authenticated Directory Traversal – CVE-2023-5414

Plugin Name: Icegram Express – Email Marketing, Newsletters and Automation for WordPress & WooCommerce Key Information: Software Type: Plugin Software Slug: email-subscribers Software Status: Active Software Author: icegram Software Downloads: 9,788,187 Active Installs: 100,000 Last Updated: October 11, 2023 Patched Versions: 5.6.24 Affected Versions: <= 5.6.23 Vulnerability Details: Name: Icegram Express <= 5.6.23 – Authenticated (Administrator+) Directory Traversal to Arbitrary File Read Type: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H CVE: CVE-2023-5414 CVSS…

Read More