Cross-Site Scripting
Mesmerize Companion Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via mesmerize_contact_form Shortcode – CVE-2024-3494 | WordPress Plugin Vulnerability Report
Plugin Name: Mesmerize Companion Key Information: Software Type: Plugin Software Slug: mesmerize-companion Software Status: Active Software Author: horearadu Software Downloads: 1,857,988 Active Installs: 80,000 Last Updated: May 7, 2024 Patched Versions: 1.6.149 Affected Versions: <= 1.6.148 Vulnerability Details: Name: Mesmerize Companion <= 1.6.148 – Authenticated (Contributor+) Stored Cross-Site Scripting via mesmerize_contact_form Shortcode Type: Improper Neutralization…
Advanced Ads Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Ad Widget – CVE-2024-3952 | WordPress Plugin Vulnerability Report
Plugin Name: Advanced Ads Key Information: Software Type: Plugin Software Slug: advanced-ads Software Status: Active Software Author: monetizemore Software Downloads: 9,195,831 Active Installs: 100,000 Last Updated: May 7, 2024 Patched Versions: 1.52.2 Affected Versions: <= 1.52.1 Vulnerability Details: Name: Advanced Ads – Ad Manager & AdSense <= 1.52.1 – Authenticated (Contributor+) Stored Cross-Site Scripting via…
Custom Field Suite Vulnerability – Authenticated (Admin+) Stored Cross-Site Scripting – CVE-2024-3068 | WordPress Plugin Vulnerability Report
Plugin Name: Custom Field Suite Key Information: Software Type: Plugin Software Slug: custom-field-suite Software Status: Active Software Author: mgibbs189 Software Downloads: 629,966 Active Installs: 50,000 Last Updated: May 7, 2024 Patched Versions: 2.6.6 Affected Versions: <= 2.6.5 Vulnerability Details: Name: Custom Field Suite <= 2.6.5 – Authenticated (Admin+) Stored Cross-Site Scripting Type: Improper Neutralization of…
Image Hover Effects Vulnerability – Authenticated(Contributor+) DOM-based Stored Cross-Site Scripting via Image Hover Effects Widget – CVE-2024-1166 | WordPress Plugin Vulnerability Report
Plugin Name: Image Hover Effects Key Information: Software Type: Plugin Software Slug: image-hover-effects-addon-for-elementor Software Status: Active Software Author: blocksera Software Downloads: 583,781 Active Installs: 50,000 Last Updated: May 6, 2024 Patched Versions: 1.4.2 Affected Versions: <= 1.4.1 Vulnerability Details: Name: Image Hover Effects – Elementor Addon <= 1.4.1 – Authenticated(Contributor+) DOM-based Stored Cross-Site Scripting via…
3D FlipBook Vulnerability – Authenticated (Author+) Stored Cross-Site Scripting via Bookmark URL – CVE-2024-3883 | WordPress Plugin Vulnerability Report
Plugin Name: 3D FlipBook Key Information: Software Type: Plugin Software Slug: interactive-3d-flipbook-powered-physics-engine Software Status: Active Software Author: iberezansky Software Downloads: 1,595,226 Active Installs: 70,000 Last Updated: May 1, 2024 Patched Versions: 1.15.5 Affected Versions: <= 1.15.4 Vulnerability Details: Name: 3D FlipBook <= 1.15.4 – Authenticated (Author+) Stored Cross-Site Scritping via Bookmark URL Type: Improper Neutralization…
Supreme Modules Lite Vulnerability – Authenticated (Contributor+) DOM-Based Cross-Site Scripting – CVE-2024-4334 | WordPress Plugin Vulnerability Report
Plugin Name: Supreme Modules Lite Key Information: Software Type: Plugin Software Slug: supreme-modules-for-divi Software Status: Active Software Author: divisupreme Software Downloads: 2,191,354 Active Installs: 200,000 Last Updated: May 1, 2024 Patched Versions: 2.5.4 Affected Versions: <= 2.5.3 Vulnerability Details: Name: Supreme Modules Lite – Divi Theme, Extra Theme and Divi Builder <= 2.5.3 – Authenticated…
WordPress Plugin Vulnerability Report – WP Recipe Maker – Authenticated (Contributor+) Stored Cross-Site Scripting via wprm-recipe-roundup-item Shortcode – CVE-2024-3490 | WordPress Vulnerability Report
Plugin Name: WP Recipe Maker Key Information: Software Type: Plugin Software Slug: wp-recipe-maker Software Status: Active Software Author: brechtvds Software Downloads: 2,782,126 Active Installs: 50,000 Last Updated: May 1, 2024 Patched Versions: 9.4.0 Affected Versions: <= 9.3.1 Vulnerability Details: Name: WP Recipe Maker <= 9.3.1 – Authenticated (Contributor+) Stored Cross-Site Scripting via wprm-recipe-roundup-item Shortcode Type:…
WP ULike Vulnerability– Most Advanced WordPress Marketing Toolkit – Multiple Vulnerabilities – Multiple CVEs | WordPress Plugin Vulnerability Report
Plugin Name: WP ULike – Most Advanced WordPress Marketing Toolkit Key Information: Software Type: Plugin Software Slug: wp-ulike Software Status: Active Software Author: alimir Software Downloads: 1,709,226 Active Installs: 80,000 Last Updated: May 10, 2024 Patched Versions: 4.7.0 Affected Versions: <= 4.6.9 Vulnerability Details: Name: WP ULike <= 4.6.9 Title: Authenticated (Subscriber+) Stored Cross-Site Scripting…
Form Maker by 10Web Vulnerability – Mobile-Friendly Drag & Drop Contact Form Builder – Authenticated Stored Self-Based Cross-Site Scripting – CVE-2024-2258 | WordPress Plugin Vulnerability Report
Plugin Name: Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder Key Information: Software Type: Plugin Software Slug: form-maker Software Status: Active Software Author: 10web Software Downloads: 4,737,462 Active Installs: 50,000 Last Updated: May 13, 2024 Patched Versions: 1.15.25 Affected Versions: 1.15.24 Vulnerability Details: Name: Form Maker by 10Web <= 1.15.24 Title:…
Comments – wpDiscuz Vulnerability – Authenticated Stored Cross-Site Scripting via Uploaded Image Alternative Text – CVE-2024-2477 | WordPress Plugin Vulnerability Report
Plugin Name: Comments – wpDiscuz Key Information: Software Type: Plugin Software Slug: wpdiscuz Software Status: Active Software Author: advancedcoding Software Downloads: 3,284,736 Active Installs: 80,000 Last Updated: May 9, 2024 Patched Versions: 7.6.16 Affected Versions: <= 7.6.15 Vulnerability Details: Name: wpDiscuz <= 7.6.15 Title: Authenticated (Author+) Stored Cross-Site Scripting via Uploaded Image Alternative Text Type:…