The Plus Addons for Elementor Vulnerability – Multiple Authenticated (Contributor+) Stored Cross-Site Scripting Vulnerabilities – CVE-2024-4485, CVE-2024-4484, CVE-2024-3718, CVE-2024-2784 | WordPress Plugin Vulnerability Report

Plugin Name: The Plus Addons for Elementor Key Information: Software Type: Plugin Software Slug: the-plus-addons-for-elementor-page-builder Software Status: Active Software Author: posimyththemes Software Downloads: 2,380,817 Active Installs: 100,000 Last Updated: May 23, 2024 Patched Versions: 5.5.5 Affected Versions: <= 5.5.4 Vulnerability Details: Name: Multiple Authenticated (Contributor+) Stored Cross-Site Scripting Vulnerabilities Type: Improper Neutralization of Input During…

Read More

LearnPress Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter – CVE-2024-4971 | WordPress Plugin Vulnerability Report

Plugin Name: LearnPress Key Information: Software Type: Plugin Software Slug: learnpress Software Status: Active Software Author: thimpress Software Downloads: 4,287,642 Active Installs: 90,000 Last Updated: May 21, 2024 Patched Versions: 4.2.6.7 Affected Versions: <= 4.2.6.6 Vulnerability Details: Name: LearnPress – WordPress LMS Plugin <= 4.2.6.6 – Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter Type:…

Read More

Media Library Assistant Vulnerability – Authenticated (Contributor+) SQL Injection via Shortcode & Reflected Cross-Site Scripting via lang – CVE-2024-3518 & CVE-2024-3519 | WordPress Plugin Vulnerability Report

Plugin Name: Media Library Assistant Key Information: Software Type: Plugin Software Slug: media-library-assistant Software Status: Active Software Author: dglingren Software Downloads: 1,952,519 Active Installs: 70,000 Last Updated: May 21, 2024 Patched Versions: 3.16 Affected Versions: <= 3.15 Vulnerability 1 Details: Name: Media Library Assistant <= 3.15 – Authenticated (Contributor+) SQL Injection via Shortcode Type: Improper…

Read More

Element Pack Elementor Addons Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via custom_attributes and Form Submission Admin Email Bypass – CVE-2024-3926, CVE-2024-3927 | WordPress Plugin Vulnerability Report

Plugin Name: Element Pack Elementor Addons Key Information: Software Type: Plugin Software Slug: bdthemes-element-pack-lite Software Status: Active Software Author: bdthemes Software Downloads: 2,152,863 Active Installs: 100,000 Last Updated: May 21, 2024 Patched Versions: 5.6.4 Affected Versions: <= 5.6.3 Vulnerability 1 Details: Name: Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote…

Read More

Page Builder by SiteOrigin Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via ‘siteorigin_widget’ Shortcode – CVE-2024-4361 | WordPress Plugin Vulnerability Report

Plugin Name: Page Builder by SiteOrigin Key Information: Software Type: Plugin Software Slug: siteorigin-panels Software Status: Active Software Author: gpriday Software Downloads: 51,387,711 Active Installs: 700,000 Last Updated: May 20, 2024 Patched Versions: 2.29.16 Affected Versions: <= 2.29.15 Vulnerability Details: Name: Page Builder by SiteOrigin <= 2.29.15 – Authenticated (Contributor+) Stored Cross-Site Scripting via ‘siteorigin_widget’…

Read More

Rank Math SEO Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-4617 | WordPress Plugin Vulnerability Report

Plugin Name: Rank Math SEO Key Information: Software Type: Plugin Software Slug: seo-by-rank-math Software Status: Active Software Author: rankmath Software Downloads: 95,765,382 Active Installs: 2,000,000 Last Updated: May 15, 2024 Patched Versions: 1.0.219-beta Affected Versions: <= 1.0.218 Vulnerability Details: Name: Rank Math SEO with AI Best SEO Tools <= 1.0.218 – Authenticated (Contributor+) Stored Cross-Site…

Read More

Jetpack Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via wpvideo Shortcode – CVE-2024-4392 | WordPress Plugin Vulnerability Report

Plugin Name: Jetpack Key Information: Software Type: Plugin Software Slug: jetpack Software Status: Active Software Author: automattic Software Downloads: 407,764,904 Active Installs: 4,000,000 Last Updated: May 13, 2024 Patched Versions: 13.4 Affected Versions: <= 13.3.1 Vulnerability Details: Name: Jetpack – WP Security, Backup, Speed, & Growth <= 13.3.1 – Authenticated (Contributor+) Stored Cross-Site Scripting via…

Read More

Blocksy Companion Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via SVG Uploads – CVE-2024-4487 | WordPress Plugin Vulnerability Report

Plugin Name: Blocksy Companion Key Information: Software Type: Plugin Software Slug: blocksy-companion Software Status: Active Software Author: creativethemeshq Software Downloads: 7,639,072 Active Installs: 200,000 Last Updated: May 10, 2024 Patched Versions: 2.0.46 Affected Versions: <= 2.0.45 Vulnerability Details: Name: Blocksy Companion <= 2.0.45 – Authenticated (Contributor+) Stored Cross-Site Scripting via SVG Uploads Type: Improper Neutralization…

Read More

Content Views Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via pagingType Parameter – CVE-2024-4446 | WordPress Plugin Vulnerability Report

Plugin Name: Content Views Key Information: Software Type: Plugin Software Slug: content-views-query-and-display-post-page Software Status: Active Software Author: pt-guy Software Downloads: 4,327,206 Active Installs: 100,000 Last Updated: May 6, 2024 Vulnerability Details: Name: Content Views – Post Grid & Filter, Recent Posts, Category Posts, & More (Gutenberg Blocks and Shortcode) <= 3.7.1 – Authenticated (Contributor+) Stored…

Read More

The Plus Addons for Elementor Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-0445, CVE-2024-2785 | WordPress Plugin Vulnerability Report

Plugin Name: The Plus Addons for Elementor Key Information: Software Type: Plugin Software Slug: the-plus-addons-for-elementor-page-builder Software Status: Active Software Author: posimyththemes Software Downloads: 2,291,624 Active Installs: 100,000 Last Updated: May 6, 2024 Patched Versions: 5.5.0 Affected Versions: <= 5.4.2 Vulnerability Details: Name: The Plus Addons for Elementor <= 5.4.2 – Authenticated (Contributor+) Stored Cross-Site Scripting…

Read More