Cross-Site Scripting

Smart Slider 3 Vulnerability – Missing Authorization to Limited File Upload – CVE-2024-3027 | WordPress Plugin Vulnerability Report

By Your WP Guy / Apr 12, 2024

Plugin Name: Smart Slider 3 Key Information: Software Type: Plugin Software Slug: smart-slider-3 Software Status: Active Software Author: nextendweb Software Downloads: 17,368,541 Active Installs: 900,000 Last Updated: April 25, 2024 Patched Versions: 3.5.1.23 Affected Versions: <= 3.5.1.22 Vulnerability Details: Name: Smart Slider 3 <= 3.5.1.22 Title: Missing Authorization to Limited File Upload Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N CVE:…

Ultimate Member Vulnerability – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin – Authenticated (Subscriber+) Stored Cross-Site Scripting – CVE-2024-2765 | WordPress Plugin Vulnerability Report

By Your WP Guy / Apr 10, 2024

Plugin Name: Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin Key Information: Software Type: Plugin Software Slug: ultimate-member Software Status: Active Software Author: ultimatemember Software Downloads: 10,060,431 Active Installs: 200,000 Last Updated: April 21, 2024 Patched Versions: 2.8.5 Affected Versions: <= 2.8.4 Vulnerability Details: Name: Ultimate Member <= 2.8.4…

RSS Aggregator by Feedzy Vulnerability – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator – Authenticated Stored Cross-Site Scripting via Shortcode Error Message – CVE-2023-6877 | WordPress Plugin Vulnerability Report 

By Your WP Guy / Apr 6, 2024

Plugin Name: RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator Key Information: Software Type: Plugin Software Slug: feedzy-rss-feeds Software Status: Active Software Author: themeisle Software Downloads: 2,215,056 Active Installs: 50,000 Last Updated: April 16, 2024 Patched Versions: 4.3.4 Affected Versions: <= 4.3.3 Vulnerability Details: Name: RSS Aggregator by…

FancyBox for WordPress Vulnerability – Authenticated (Admin+) Stored Cross-Site Scripting – CVE-2024-0662 | WordPress Plugin Vulnerability Report

By Your WP Guy / Apr 5, 2024

Plugin Name: FancyBox for WordPress Key Information: Software Type: Plugin Software Slug: fancybox-for-wordpress Software Status: Active Software Author: colorlibplugins Software Downloads: 1,832,612 Active Installs: 50,000 Last Updated: April 10, 2024 Patched Versions: 3.3.4 Affected Versions: 3.0.2 – 3.3.3 Vulnerability Details: Name: FancyBox for WordPress 3.0.2 – 3.3.3 Title: Authenticated (Admin+) Stored Cross-Site Scripting Type: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N…

ShopLentor Vulnerability – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) – Authenticated Stored Cross-site Scripting via QR Code Widget – CVE-2024-2946 | WordPress Plugin Vulnerability Report

By Your WP Guy / Apr 4, 2024

Plugin Name: ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) Key Information: Software Type: Plugin Software Slug: woolentor-addons Software Status: Active Software Author: devitemsllc Software Downloads: 3,355,176 Active Installs: 100,000 Last Updated: April 4, 2024 Patched Versions: 2.8.5 Affected Versions: <= 2.8.4 Vulnerability Details: Name: ShopLentor…

WordPress Tag and Category Manager Vulnerability – AI Autotagger – Authenticated Stored Cross-Site Scripting via Shortcode – CVE-2024-2830 | WordPress Plugin Vulnerability Report

By Your WP Guy / Apr 3, 2024

Plugin Name: WordPress Tag and Category Manager – AI Autotagger Key Information: Software Type: Plugin Software Slug: simple-tags Software Status: Active Software Author: stevejburge Software Downloads: 4,604,554 Active Installs: 60,000 Last Updated: April 3, 2024 Patched Versions: 3.20.0 Affected Versions: <= 3.13.0 Vulnerability Details: Name: WordPress Tag and Category Manager – AI Autotagger <= 3.13.0…

Spectra Vulnerability – WordPress Gutenberg Blocks – Authenticated Cross-Site Scripting via Custom CSS – CVE-2023-6486 | WordPress Plugin Vulnerability Report

By Your WP Guy / Apr 3, 2024

Plugin Name: Spectra – WordPress Gutenberg Blocks Key Information Software Type: Plugin Software Slug: ultimate-addons-for-gutenberg Software Status: Active Software Author: brainstormforce Software Downloads: 20,112,321 Active Installs: 600,000 Last Updated: April 3, 2024 Patched Versions: 2.10.4 Affected Versions: <= 2.10.3 Vulnerability Details Name: Spectra – WordPress Gutenberg Blocks <= 2.10.3 Title: Authenticated(Contributor+) Cross-Site Scripting via Custom…

ShopLentor Vulnerability – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) – Authenticated Stored Cross-Site Scripting via WL Universal Product Layout – CVE-2024-2868 | WordPress Plugin Vulnerability Report

By Your WP Guy / Apr 3, 2024

Plugin Name: ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) Key Information: Software Type: Plugin Software Slug: woolentor-addons Software Status: Active Software Author: devitemsllc Software Downloads: 3,355,176 Active Installs: 100,000 Last Updated: April 4, 2024 Patched Versions: 2.8.4 Affected Versions: <= 2.8.3 Vulnerability Details: Name: ShopLentor…

BoldGrid Easy SEO Vulnerability – Authenticated(Contributor+) Stored Cross-Site Scripting via Meta Description – CVE-2024-1692 |WordPress Plugin Vulnerability Report

By Your WP Guy / Mar 29, 2024

Plugin Name: BoldGrid Easy SEO – Simple and Effective SEO Key Information: Software Type: Plugin Software Slug: boldgrid-easy-seo Software Status: Active Software Author: boldgrid Software Downloads: 692,441 Active Installs: 70,000 Last Updated: April 1, 2024 Patched Versions: 1.6.14 Affected Versions: <= 1.6.13 Vulnerability Details: Name: BoldGrid Easy SEO – Simple and Effective SEO <= 1.6.13…

Forminator Vulnerability – Unauthenticated Stored Cross-Site Scripting via File Upload – CVE-2024-1794 | WordPress Plugin Vulnerability Report

By Your WP Guy / Mar 29, 2024

Plugin Name: Forminator Key Information: Software Type: Plugin Software Slug: forminator Software Status: Active Software Author: wpmudev Software Downloads: 6,543,744 Active Installs: 500,000 Last Updated: March 29, 2024 Patched Versions: 1.29.1 Affected Versions: <= 1.29.0 Vulnerability Details: Name: Forminator <= 1.29.0 – Unauthenticated Stored Cross-Site Scripting via File Upload Type: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) CVE: CVE-2024-1794 CVSS Score: 7.2 (High) Publicly Published: March…