Cross-Site Scripting
Gutenberg Blocks Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-4057, CVE-2024-3189, CVE-2024-4208 | WordPress Plugin Vulnerability Report
Plugin Name: Gutenberg Blocks Key Information: Software Type: Plugin Software Slug: kadence-blocks Software Status: Active Software Author: britner Software Downloads: 19,473,277 Active Installs: 400,000 Last Updated: May 14, 2024 Patched Versions: 3.2.38 Affected Versions: <= 3.2.37 Vulnerability Details: Name: Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.37 – Authenticated (Contributor+) Stored Cross-Site…
Image Optimization by Optimole Vulnerability – Authenticated (Author+) Stored Cross-Site Scripting via SVG Upload – CVE-2024-4636 | WordPress Plugin Vulnerability Report
Plugin Name: Image Optimization by Optimole Key Information: Software Type: Plugin Software Slug: optimole-wp Software Status: Active Software Author: optimole Software Downloads: 4,855,287 Active Installs: 200,000 Last Updated: May 14, 2024 Patched Versions: 3.13.0 Affected Versions: <= 3.12.10 Vulnerability Details: Name: Image Optimization by Optimole – Lazy Load, CDN, Convert WebP & AVIF <= 3.12.10…
RSS Aggregator Vulnerability – Reflected Cross-Site Scripting – CVE-2024-4860 | WordPress Plugin Vulnerability Report
Plugin Name: RSS Aggregator Key Information: Software Type: Plugin Software Slug: wp-rss-aggregator Software Status: Active Software Author: jeangalea Software Downloads: 2,771,177 Active Installs: 50,000 Last Updated: May 14, 2024 Patched Versions: 4.23.9 Affected Versions: <= 4.23.8 Vulnerability Details: Name: RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging <= 4.23.8 – Reflected…
Yoast SEO Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-4984 | WordPress Plugin Vulnerability Report
Plugin Name: Yoast SEO Key Information: Software Type: Plugin Software Slug: wordpress-seo Software Status: Active Software Author: yoast Software Downloads: 678,383,360 Active Installs: 10,000,000 Last Updated: May 14, 2024 Patched Versions: 22.7 Affected Versions: <= 22.6 Vulnerability Details: Name: Yoast SEO <= 22.6 – Authenticated (Contributor+) Stored Cross-Site Scripting Type: Improper Neutralization of Input During…
Sydney Toolbox Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via aThemes: Portfolio Widget – CVE-2024-4473 | WordPress Plugin Vulnerability Report
Plugin Name: Sydney Toolbox Key Information: Software Type: Plugin Software Slug: sydney-toolbox Software Status: Active Software Author: athemes Software Downloads: 2,286,558 Active Installs: 80,000 Last Updated: May 13, 2024 Patched Versions: 1.32 Affected Versions: <= 1.31 Vulnerability Details: Name: Sydney Toolbox <= 1.31 – Authenticated (Contributor+) Stored Cross-Site Scripting via aThemes: Portfolio Widget Type: Improper…
Beaver Builder Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via photo widget crop attribute – CVE-2024-4430 | WordPress Plugin Vulnerability Report
Plugin Name: Beaver Builder Key Information: Software Type: Plugin Software Slug: beaver-builder-lite-version Software Status: Active Software Author: justinbusa Software Downloads: 10,167,049 Active Installs: 100,000 Last Updated: May 10, 2024 Patched Versions: 2.8.1.3 Affected Versions: <= 2.8.1.2 Vulnerability Details: Name: Beaver Builder <= 2.8.1.2 – Authenticated (Contributor+) Stored Cross-Site Scripting via photo widget crop attribute Type:…
Starter Templates Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-4630 | WordPress Plugin Vulnerability Report
Plugin Name: Starter Templates Key Information: Software Type: Plugin Software Slug: astra-sites Software Status: Active Software Author: brainstormforce Software Downloads: 57,202,843 Active Installs: 1,000,000 Last Updated: May 10, 2024 Patched Versions: 4.2.2 Affected Versions: <= 4.2.1 Vulnerability Details: Name: Starter Templates – Elementor, WordPress & Beaver Builder Templates <= 4.2.1 – Authenticated (Contributor+) Stored Cross-Site…
Pods Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Pod Form Redirect URL – CVE-2024-3956 | WordPress Plugin Vulnerability Report
Plugin Name: Pods Key Information: Software Type: Plugin Software Slug: pods Software Status: Active Software Author: sc0ttkclark Software Downloads: 4,123,314 Active Installs: 100,000 Last Updated: May 9, 2024 Patched Versions: 3.2.1.1 Affected Versions: <= 3.2.1 Vulnerability Details: Name: Pods – Custom Content Types and Fields <= 3.2.1 – Authenticated (Contributor+) Stored Cross-Site Scripting via Pod…
Prime Slider Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-4339 | WordPress Plugin Vulnerability Report
Plugin Name: Prime Slider Key Information: Software Type: Plugin Software Slug: bdthemes-prime-slider-lite Software Status: Active Software Author: bdthemes Software Downloads: 2,368,030 Active Installs: 100,000 Last Updated: May 7, 2024 Patched Versions: 3.14.4 Affected Versions: <= 3.14.3 Vulnerability Details: Name: Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) <= 3.14.3…
Form Maker by 10Web Vulnerability – Authenticated (Administrator+) Stored Cross-Site Scripting – CVE-2024-34437 | WordPress Plugin Vulnerability Report
Plugin Name: Form Maker by 10Web Key Information: Software Type: Plugin Software Slug: form-maker Software Status: Active Software Author: 10web Software Downloads: 4,739,339 Active Installs: 50,000 Last Updated: May 7, 2024 Patched Versions: 1.15.25 Affected Versions: <= 1.15.24 Vulnerability Details: Name: Form Maker by 10Web <= 1.15.24 – Authenticated (Administrator+) Stored Cross-Site Scripting Type: Improper…