Simple Sitemap Vulnerability – Cross-Site Request Forgery via admin_notices – CVE-2023-6492 | WordPress Plugin Vulnerability Report

Plugin Name: Simple Sitemap – Create a Responsive HTML Sitemap Key Information: Software Type: Plugin Software Slug: simple-sitemap Software Status: Active Software Author: dgwyer Software Downloads: 1,541,369 Active Installs: 90,000 Last Updated: July 2, 2024 Patched Versions: 3.5.14 Affected Versions: <= 3.5.13 Vulnerability Details: Name: Simple Sitemap <= 3.5.13 Title: Cross-Site Request Forgery via admin_notices…

Read More

MainWP Child Reports Vulnerability – Cross-Site Request Forgery – CVE-2024-33680 | WordPress Plugin Vulnerability Report

Plugin Name: MainWP Child Reports Key Information: Software Type: Plugin Software Slug: mainwp-child-reports Software Status: Active Software Author: mainwp Software Downloads: 943,776 Active Installs: 80,000 Last Updated: May 10, 2024 Patched Versions: 2.2 Affected Versions: <= 2.1.1 Vulnerability Details: Name: MainWP Child Reports <= 2.1.1 Title: Cross-Site Request Forgery Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE: CVE-2024-33680 CVSS Score:…

Read More

Popup Builder by OptinMonster Vulnerability – WordPress Popups for Optins, Email Newsletters and Lead Generation – Cross-Site Request Forgery to Notice Dismissal – CVE-2024-33691 | WordPress Plugin Vulnerability Report

Plugin Name: Popup Builder by OptinMonster – WordPress Popups for Optins, Email Newsletters and Lead Generation Key Information: Software Type: Plugin Software Slug: optinmonster Software Status: Active Software Author: optinmonster Software Downloads: 103,821,350 Active Installs: 1,000,000 Last Updated: May 10, 2024 Patched Versions: 2.16.0 Affected Versions: <= 2.15.3 Vulnerability Details: Name: Popup Builder by OptinMonster…

Read More

FameTheme Demo Importer Vulnerability – Cross-Site Request Forgery – CVE-2024-33679 | WordPress Plugin Vulnerability Report 

Plugin Name: FameTheme Demo Importer Key Information: Software Type: Plugin Software Slug: famethemes-demo-importer Software Status: Active Software Author: famethemes Software Downloads: 708,614 Active Installs: 50,000 Last Updated: May 10, 2024 Patched Versions: Not available Affected Versions: <= 1.1.5 Vulnerability Details: Name: FameTheme Demo Importer <= 1.1.5 Title: Cross-Site Request Forgery (CSRF) Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE: CVE-2024-33679…

Read More

Hide Dashboard Notifications Vulnerability – Cross-Site Request Forgery – CVE-2024-33683 | WordPress Plugin Vulnerability Report 

Plugin Name: Hide Dashboard Notifications Key Information: Software Type: Plugin Software Slug: wp-hide-backed-notices Software Status: Active Software Author: wprepublic Software Downloads: 168,065 Active Installs: 30,000 Last Updated: May 10, 2024 Patched Versions: 1.3 Affected Versions: <= 1.2.3 Vulnerability Details: Name: Hide Dashboard Notifications <= 1.2.3 Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE: CVE-2024-33683 CVSS Score: 4.3 Publicly Published: April…

Read More

Paid Memberships Pro Vulnerability – Content Restriction, User Registration, & Paid Subscriptions – Cross-Site Request Forgery – CVE-2024-3215 | WordPress Plugin Vulnerability Report

Plugin Name: Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions Key Information: Software Type: Plugin Software Slug: paid-memberships-pro Software Status: Active Software Author: strangerstudios Software Downloads: 5,775,005 Active Installs: 90,000 Last Updated: April 25, 2024 Patched Versions: 3.0.2 Affected Versions: <= 3.0.1 Vulnerability Details: Name: Paid Memberships Pro <= 3.0.1 Title: Cross-Site…

Read More

Blocksy Companion Vulnerability – Cross-Site Request Forgery – CVE-2024-31932 | WordPress Plugin Vulnerability Report 

Plugin Name: Blocksy Companion Key Information: Software Type: Plugin Software Slug: blocksy-companion Software Status: Active Software Author: creativethemeshq Software Downloads: 7,114,824 Active Installs: 200,000 Last Updated: April 24, 2024 Patched Versions: 2.0.29 Affected Versions: <= 2.0.28 Vulnerability Details: Name: Blocksy Companion <= 2.0.28 Title: Cross-Site Request Forgery Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE: CVE-2024-31932 CVSS Score: 5.3 Publicly…

Read More

Smash Balloon Social Post Feed Vulnerability – Cross-Site Request Forgery – CVE-2024-31379 | WordPress Plugin Vulnerability Report

Plugin Name: Smash Balloon Social Post Feed Key Information: Software Type: Plugin Software Slug: custom-facebook-feed Software Status: Active Software Author: smub Software Downloads: 7,212,481 Active Installs: 200,000 Last Updated: April 22, 2024 Patched Versions: 4.2.2 Affected Versions: <= 4.2.1 Vulnerability Details: Name: Smash Balloon Social Post Feed <= 4.2.1 Title: Cross-Site Request Forgery Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N…

Read More

Spotlight Social Feeds [Block, Shortcode, and Widget] Vulnerability – Cross-Site Request Forgery – CVE-2024-31381 | WordPress Plugin Vulnerability Report

Plugin Name: Spotlight Social Feeds [Block, Shortcode, and Widget] Key Information: Software Type: Plugin Software Slug: spotlight-social-photo-feeds Software Status: Active Software Author: rebelcode Software Downloads: 1,093,293 Active Installs: 60,000 Last Updated: April 22, 2024 Patched Versions: 1.6.11 Affected Versions: <= 1.6.10 Vulnerability Details: Name: Spotlight Social Media Feeds <= 1.6.10 Title: Cross-Site Request Forgery Type:…

Read More

The Events Calendar Vulnerability – Cross-Site Request Forgery to Notice Dismissal – CVE-2024-31433 | WordPress Plugin Vulnerability Report

Plugin Name: The Events Calendar Key Information: Software Type: Plugin Software Slug: the-events-calendar Software Status: Active Software Author: theeventscalendar Software Downloads: 56,148,469 Active Installs: 700,000 Last Updated: April 22, 2024 Patched Versions: 6.3.1 Affected Versions: <= 6.3.0 Vulnerability Details: Name: The Events Calendar <= 6.3.0 Title: Cross-Site Request Forgery to Notice Dismissal Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE:…

Read More