Cross-Site Scripting
Essential Addons for Elementor Vulnerability- Authenticated Stored Cross-Site Scripting via Data Table – CVE-2024-1537 |WordPress Plugin Vulnerability Report
Plugin Name: Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders Key Information: Software Type: Plugin Software Slug: essential-addons-for-elementor-lite Software Status: Active Software Author: wpdevteam Software Downloads: 67,142,962 Active Installs: 2,000,000 Last Updated: March 13, 2024 Patched Versions: 5.9.10 Affected Versions: <= 5.9.9 Vulnerability Details: Name: Essential Addons for Elementor <=…
Site Reviews Vulnerability – Authenticated Stored Cross-Site Scripting via Display Name – CVE-2024-2293 | WordPress Plugin Vulnerability Report
Plugin Name: Site Reviews Key Information: Software Type: Plugin Software Slug: site-reviews Software Status: Active Software Author: geminilabs Software Downloads: 2,210,571 Active Installs: 60,000 Last Updated: March 13, 2024 Patched Versions: 6.11.7 Affected Versions: <= 6.11.4 Vulnerability Details: Name: Site Reviews <= 6.11.4 Title: Authenticated(Subscriber+) Stored Cross-Site Scripting via Display Name Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N CVE: CVE-2024-2293…
WP Statistics Vulnerability- Unauthenticated Stored Cross-Site Scripting – CVE-2024-2194 |WordPress Plugin Vulnerability Report
Plugin Name: WP Statistics Key Information: Software Type: Plugin Software Slug: wp-statistics Software Status: Active Software Author: mostafas1990 Software Downloads: 22,569,004 Active Installs: 600,000 Last Updated: March 13, 2024 Patched Versions: 14.5.1 Affected Versions: <= 14.5 Vulnerability Details: Name: WP Statistics <= 14.5 Title: Unauthenticated Stored Cross-Site Scripting Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N CVE: CVE-2024-2194 CVSS Score: 7.2…
Easy Accordion Vulnerability – Best Accordion FAQ Plugin for WordPress – Authenticated Stored Cross-Site Scripting – CVE-2024-1363 |WordPress Plugin Vulnerability Report
Plugin Name: Easy Accordion – Best Accordion FAQ Plugin for WordPress Key Information: Software Type: Plugin Software Slug: easy-accordion-free Software Status: Active Software Author: shapedplugin Software Downloads: 735,064 Active Installs: 50,000 Last Updated: March 13, 2024 Patched Versions: 2.3.5 Affected Versions: <= 2.3.4 Vulnerability Details: Name: Easy Accordion <= 2.3.4 – Authenticated Stored Cross-Site Scripting…
Ultimate Member Vulnerability – Unauthenticated Stored Cross-Site Scripting – CVE-2024-2123 |WordPress Plugin Vulnerability Report
Plugin Name: Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin Key Information: Software Type: Plugin Software Slug: ultimate-member Software Status: Active Software Author: ultimatemember Software Downloads: 9,871,019 Active Installs: 200,000 Last Updated: March 12, 2024 Patched Versions: 2.8.4 Affected Versions: <= 2.8.3 Vulnerability Details: Name: Ultimate Member <= 2.8.3…
Metform Elementor Contact Form Builder Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2024-1585 |WordPress Plugin Vulnerability Report
Plugin Name: Metform Elementor Contact Form Builder Key Information: Software Type: Plugin Software Slug: metform Software Status: Active Software Author: xpeedstudio Software Downloads: 3,185,155 Active Installs: 300,000 Last Updated: March 12, 2024 Patched Versions: 3.8.4 Affected Versions: <= 3.8.3 Vulnerability Details: Name: Metform Elementor Contact Form Builder <= 3.8.3 Title: Authenticated (Contributor+) Stored Cross-Site Scripting…
EmbedPress – Embed Various Content Types – Authenticated (Contributor+) Stored Cross-Site Scripting via EmbedPress PDF Widget – CVE-2024-2128 | WordPress Plugin Vulnerability Report
Plugin Name: EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor Key Information: Software Type: Plugin Software Slug: embedpress Software Status: Active Software Author: wpdevteam Software Downloads: 2,279,058 Active Installs: 90,000 Last Updated: March 12, 2024 Patched Versions: 3.9.11 Affected Versions: <= 3.9.10…
Royal Elementor Addons and Templates – Authenticated (Contributor+) Stored Cross-Site Scripting via Logo Widget – CVE-2024-1500 | WordPress Plugin Vulnerability Report
Plugin Name: Royal Elementor Addons and Templates Key Information: Software Type: Plugin Software Slug: royal-elementor-addons Software Status: Active Software Author: wproyal Software Downloads: 4,248,687 Active Installs: 300,000 Last Updated: March 8, 2024 Patched Versions: Information not provided Affected Versions: <= 1.3.91 Vulnerability Details: Name: Royal Elementor Addons and Templates <= 1.3.91 Title: Authenticated (Contributor+) Stored…
Prime Slider Addons For Elementor Vulnerability- Authenticated (Contributor+) Stored Cross-Site Scripting via Fiestar Widget – CVE-2024-1506 |WordPress Plugin Vulnerability Report
Plugin Name: Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) Key Information: Software Type: Plugin Software Slug: bdthemes-prime-slider-lite Software Status: Active Software Author: bdthemes Software Downloads: 1,987,618 Active Installs: 100,000 Last Updated: March 8, 2024 Patched Versions: 3.13.2 Affected Versions: <= 3.13.1 Vulnerability Details: Name: Prime Slider – Addons…
Simple Membership Vulnerability- Unauthenticated Stored Self-Based Cross-Site Scripting – CVE-2024-1985 |WordPress Plugin Vulnerability Report
Plugin Name: Simple Membership Key Information: Software Type: Plugin Software Slug: simple-membership Software Status: Active Software Author: mra13 Software Downloads: 2,421,375 Active Installs: 50,000 Last Updated: March 7, 2024 Patched Versions: 4.4.3 Affected Versions: <= 4.4.2 Vulnerability Details: Name: Simple Membership <= 4.4.2 Title: Unauthenticated Stored Self-Based Cross-Site Scripting Type: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N CVE: CVE-2024-1985 CVSS Score:…