Cross-Site Scripting
Orbit Fox by ThemeIsle Vulnerability – Authenticated Stored Cross-site Scripting via Pricing Table Elementor Widget – CVE-2024-0508 | WordPress Plugin Vulnerability Report
Plugin Name: Orbit Fox by ThemeIsle Key Information: Software Type: Plugin Software Slug: themeisle-companion Software Status: Active Software Author: themeisle Software Downloads: 11,001,326 Active Installs: 200,000 Last Updated: January 15, 2024 Patched Versions: 2.10.28 Affected Versions: <= 2.10.27 Vulnerability Details: Name: Orbit Fox by ThemeIsle <= 2.10.27 Title: Authenticated (Contributor+) Stored Cross-site Scripting via Pricing…
Plugin for Google Reviews – Authenticated Stored Cross-Site Scripting via Shortcode – CVE-2023-6884 | WordPress Plugin Vulnerability Report
Plugin Name: Plugin for Google Reviews Key Information: Software Type: Plugin Software Slug: widget-google-reviews Software Status: Active Software Author: widgetpack Software Downloads: 3,299,708 Active Installs: 100,000 Last Updated: January 12, 2024 Patched Versions: 3.2 Affected Versions: <= 3.1 Vulnerability Details: Name: Plugin for Google Reviews <= 3.1 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode…
Advanced Woo Search Vulnerability – Reflected Cross-Site Scripting – CVE-2024-0251 | WordPress Plugin Vulnerability Report
Plugin Name: Advanced Woo Search Key Information: Software Type: Plugin Software Slug: advanced-woo-search Software Status: Active Software Author: mihail-barinov Software Downloads: 3,318,679 Active Installs: 70,000 Last Updated: January 12, 2024 Patched Versions: 2.97 Affected Versions: <= 2.96 Vulnerability Details: Name: Advanced Woo Search <= 2.96 Title: Reflected Cross-Site Scripting Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE: CVE-2024-0251 CVSS Score:…
OneClick Chat to Order Vulnerability – Authenticated Stored Cross-Site Scripting via Shortcode | WordPress Plugin Vulnerability Report
Plugin Name: OneClick Chat to Order Key Information: Software Type: Plugin Software Slug: oneclick-whatsapp-order Software Status: Active Software Author: walterpinem Software Downloads: 205,924 Active Installs: 30,000 Last Updated: January 8, 2024 Patched Versions: 1.0.6 Affected Versions: <= 1.0.5 Vulnerability Details: Name: OneClick Chat to Order <= 1.0.5 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode…
WordPress Button Plugin MaxButtons – Authenticated Stored Cross-Site Scripting – CVE-2023-6594 | WordPress Plugin Vulnerability Report
Plugin Name: WordPress Button Plugin MaxButtons Key Information: Software Type: Plugin Software Slug: maxbuttons Software Status: Active Software Author: maxfoundry Software Downloads: 4,640,344 Active Installs: 100,000 Last Updated: January 8, 2024 Patched Versions: 9.7.6 Affected Versions: <= 9.7.4 Vulnerability Details: Name: WordPress Button Plugin MaxButtons <= 9.7.4 Title: Authenticated (Administrator+) Stored Cross-Site Scripting Type: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N…
Formidable Forms Vulnerability – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder – Authenticated (Administrator+) Stored Cross-Site Scripting – CVE-2023-6842 | WordPress Plugin Vulnerability Report
Plugin Name: Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder Key Information: Software Type: Plugin Software Slug: formidable Software Status: Active Software Author: sswells Software Downloads: 19,370,348 Active Installs: 300,000 Last Updated: January 8, 2024 Patched Versions: 6.7.1 Affected Versions: <= 6.7 Vulnerability Details: Name: Formidable Forms <= 6.7…
Orbit Fox by ThemeIsle Vulnerability – Authenticated Stored Cross-Site Scripting – CVE-2023-6781 | WordPress Plugin Vulnerability Report
Plugin Name: Orbit Fox by ThemeIsle Key Information: Software Type: Plugin Software Slug: themeisle-companion Software Status: Active Software Author: themeisle Software Downloads: 10,910,881 Active Installs: 200,000 Last Updated: January 5, 2024 Patched Versions: <= 2.10.26 Affected Versions: 2.10.27 Vulnerability Details: Name: Orbit Fox Companion <= 2.10.26 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via custom…
Happy Addons for Elementor Vulnerability – Reflected Cross-Site Scripting – CVE-2023-6632 | WordPress Plugin Vulnerability Report
Plugin Name: Happy Addons for Elementor Key Information: Software Type: Plugin Software Slug: happy-elementor-addons Software Status: Active Software Author: thehappymonster Software Downloads: 5,728,647 Active Installs: 400,000 Last Updated: January 5, 2024 Patched Versions: 3.10.0 Affected Versions: <= 3.9.1.1 Vulnerability Details: Name: Happy Addons for Elementor <= 3.9.1.1 – Reflected Cross-Site Scripting Title: Reflected Cross-Site Scripting Type: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) CVE: CVE-2023-6632…
Complianz Vulnerability – Authenticated(Administrator+) Stored Cross-site Scripting via settings – CVE-2023-6498 | WordPress Plugin Vulnerability Report
Plugin Name: Complianz Key Information: Software Type: Plugin Software Slug: complianz-gdpr Software Status: Active Software Author: rogierlankhorst Software Downloads: 13,636,569 Active Installs: 800,000 Last Updated: January 3, 2024 Patched Versions: 6.5.6 Affected Versions: <= 6.5.5 Vulnerability Details: Name: Complianz | GDPR/CCPA Cookie Consent <= 6.5.5 – Authenticated(Administrator+) Stored Cross-site Scripting via settings Title: Authenticated(Administrator+) Stored Cross-site Scripting via settings Type: Improper Neutralization of Input During Web Page…
Simple Membership Vulnerability – Reflected Cross-Site Scripting Vulnerability via environment_mode – CVE-2023-6882 | WordPress Plugin Vulnerability Report
Plugin Name: Simple Membership Key Information: Software Type: Plugin Software Slug: simple-membership Software Status: Active Software Author: mra13 Software Downloads: 2,315,432 Active Installs: 50,000 Last Updated: December 18, 2023 Patched Versions: 4.3.9 Affected Versions: <= 4.3.8 Vulnerability Details: Name: Simple Membership <= 4.3.8 – Reflected Cross-Site Scripting Vulnerability via environment_mode Type: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) CVE: CVE-2023-6882 CVSS Score: 6.1 (Medium) Publicly…