3D FlipBook Vulnerability – Authenticated (Author+) Stored Cross-Site Scripting via Bookmark URL – CVE-2024-3883 | WordPress Plugin Vulnerability Report

Plugin Name: 3D FlipBook Key Information: Software Type: Plugin Software Slug: interactive-3d-flipbook-powered-physics-engine Software Status: Active Software Author: iberezansky Software Downloads: 1,595,226 Active Installs: 70,000 Last Updated: May 1, 2024 Patched Versions: 1.15.5 Affected Versions: <= 1.15.4 Vulnerability Details: Name: 3D FlipBook <= 1.15.4 – Authenticated (Author+) Stored Cross-Site Scritping via Bookmark URL Type: Improper Neutralization…

Read More

Supreme Modules Lite Vulnerability – Authenticated (Contributor+) DOM-Based Cross-Site Scripting – CVE-2024-4334 | WordPress Plugin Vulnerability Report

Plugin Name: Supreme Modules Lite Key Information: Software Type: Plugin Software Slug: supreme-modules-for-divi Software Status: Active Software Author: divisupreme Software Downloads: 2,191,354 Active Installs: 200,000 Last Updated: May 1, 2024 Patched Versions: 2.5.4 Affected Versions: <= 2.5.3 Vulnerability Details: Name: Supreme Modules Lite – Divi Theme, Extra Theme and Divi Builder <= 2.5.3 – Authenticated…

Read More

WordPress Plugin Vulnerability Report – WP Recipe Maker – Authenticated (Contributor+) Stored Cross-Site Scripting via wprm-recipe-roundup-item Shortcode – CVE-2024-3490 | WordPress Vulnerability Report

Plugin Name: WP Recipe Maker Key Information: Software Type: Plugin Software Slug: wp-recipe-maker Software Status: Active Software Author: brechtvds Software Downloads: 2,782,126 Active Installs: 50,000 Last Updated: May 1, 2024 Patched Versions: 9.4.0 Affected Versions: <= 9.3.1 Vulnerability Details: Name: WP Recipe Maker <= 9.3.1 – Authenticated (Contributor+) Stored Cross-Site Scripting via wprm-recipe-roundup-item Shortcode Type:…

Read More

WP ULike Vulnerability– Most Advanced WordPress Marketing Toolkit – Multiple Vulnerabilities – Multiple CVEs | WordPress Plugin Vulnerability Report 

Plugin Name: WP ULike – Most Advanced WordPress Marketing Toolkit Key Information: Software Type: Plugin Software Slug: wp-ulike Software Status: Active Software Author: alimir Software Downloads: 1,709,226 Active Installs: 80,000 Last Updated: May 10, 2024 Patched Versions: 4.7.0 Affected Versions: <= 4.6.9 Vulnerability Details: Name: WP ULike <= 4.6.9 Title: Authenticated (Subscriber+) Stored Cross-Site Scripting…

Read More

Form Maker by 10Web Vulnerability – Mobile-Friendly Drag & Drop Contact Form Builder – Authenticated Stored Self-Based Cross-Site Scripting – CVE-2024-2258 | WordPress Plugin Vulnerability Report 

Plugin Name: Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder Key Information: Software Type: Plugin Software Slug: form-maker Software Status: Active Software Author: 10web Software Downloads: 4,737,462 Active Installs: 50,000 Last Updated: May 13, 2024 Patched Versions: 1.15.25 Affected Versions: 1.15.24 Vulnerability Details: Name: Form Maker by 10Web <= 1.15.24 Title:…

Read More

Comments – wpDiscuz Vulnerability – Authenticated Stored Cross-Site Scripting via Uploaded Image Alternative Text – CVE-2024-2477 | WordPress Plugin Vulnerability Report 

Plugin Name: Comments – wpDiscuz Key Information: Software Type: Plugin Software Slug: wpdiscuz Software Status: Active Software Author: advancedcoding Software Downloads: 3,284,736 Active Installs: 80,000 Last Updated: May 9, 2024 Patched Versions: 7.6.16 Affected Versions: <= 7.6.15 Vulnerability Details: Name: wpDiscuz <= 7.6.15 Title: Authenticated (Author+) Stored Cross-Site Scripting via Uploaded Image Alternative Text Type:…

Read More

Smart Slider 3 Vulnerability – Missing Authorization to Limited File Upload – CVE-2024-3027 | WordPress Plugin Vulnerability Report

Plugin Name: Smart Slider 3 Key Information: Software Type: Plugin Software Slug: smart-slider-3 Software Status: Active Software Author: nextendweb Software Downloads: 17,368,541 Active Installs: 900,000 Last Updated: April 25, 2024 Patched Versions: 3.5.1.23 Affected Versions: <= 3.5.1.22 Vulnerability Details: Name: Smart Slider 3 <= 3.5.1.22 Title: Missing Authorization to Limited File Upload Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N CVE:…

Read More

Ultimate Member Vulnerability – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin – Authenticated (Subscriber+) Stored Cross-Site Scripting – CVE-2024-2765 | WordPress Plugin Vulnerability Report

Plugin Name: Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin Key Information: Software Type: Plugin Software Slug: ultimate-member Software Status: Active Software Author: ultimatemember Software Downloads: 10,060,431 Active Installs: 200,000 Last Updated: April 21, 2024 Patched Versions: 2.8.5 Affected Versions: <= 2.8.4 Vulnerability Details: Name: Ultimate Member <= 2.8.4…

Read More

RSS Aggregator by Feedzy Vulnerability – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator – Authenticated Stored Cross-Site Scripting via Shortcode Error Message – CVE-2023-6877 | WordPress Plugin Vulnerability Report 

Plugin Name: RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator Key Information: Software Type: Plugin Software Slug: feedzy-rss-feeds Software Status: Active Software Author: themeisle Software Downloads: 2,215,056 Active Installs: 50,000 Last Updated: April 16, 2024 Patched Versions: 4.3.4 Affected Versions: <= 4.3.3 Vulnerability Details: Name: RSS Aggregator by…

Read More

FancyBox for WordPress Vulnerability – Authenticated (Admin+) Stored Cross-Site Scripting – CVE-2024-0662 | WordPress Plugin Vulnerability Report

Plugin Name: FancyBox for WordPress Key Information: Software Type: Plugin Software Slug: fancybox-for-wordpress Software Status: Active Software Author: colorlibplugins Software Downloads: 1,832,612 Active Installs: 50,000 Last Updated: April 10, 2024 Patched Versions: 3.3.4 Affected Versions: 3.0.2 – 3.3.3 Vulnerability Details: Name: FancyBox for WordPress 3.0.2 – 3.3.3 Title: Authenticated (Admin+) Stored Cross-Site Scripting Type: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N…

Read More