CSRF vulnerability
Favicon by RealFaviconGenerator Vulnerability – Cross-Site Request Forgery to Notice Dismissal – CVE-2024-31422 | WordPress Plugin Vulnerability Report
Plugin Name: Favicon by RealFaviconGenerator Key Information: Software Type: Plugin Software Slug: favicon-by-realfavicongenerator Software Status: Active Software Author: phbernard Software Downloads: 3,235,128 Active Installs: 300,000 Last Updated: April 24, 2024 Patched Versions: 1.3.30 Affected Versions: <= 1.3.29 Vulnerability Details: Name: Favicon <= 1.3.29 Title: Cross-Site Request Forgery to Notice Dismissal Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE: CVE-2024-31422 CVSS…
Read More
Import any XML or CSV File to WordPress Vulnerability – Cross-Site Request Forgery to Notice Dismissal – CVE-2024-31939 | WordPress Plugin Vulnerability Report
Plugin Name: Import any XML or CSV File to WordPress Key Information: Software Type: Plugin Software Slug: wp-all-import Software Status: Active Software Author: wpallimport Software Downloads: 3,920,346 Active Installs: 100,000 Last Updated: April 24, 2024 Patched Versions: 3.7.4 Affected Versions: <= 3.7.3 Vulnerability Details: Name: Import any XML or CSV File to WordPress <= 3.7.3…
Read More
Inline Related Posts Vulnerability – Cross-Site Request Forgery – CVE-2024-31426 | WordPress Plugin Vulnerability Report
Plugin Name: Inline Related Posts Key Information: Software Type: Plugin Software Slug: intelly-related-posts Software Status: Active Software Author: data443 Software Downloads: 1,297,547 Active Installs: 100,000 Last Updated: April 24, 2024 Patched Versions: 3.4.0 Affected Versions: <= 3.3.1 Vulnerability Details: Name: Inline Related Posts <= 3.3.1 Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE: CVE-2024-31426 CVSS Score: 4.3 Publicly Published: April…
Read More
Link Whisper Free Vulnerability – Cross-Site Request Forgery – CVE-2024-31934 | WordPress Plugin Vulnerability Report
Plugin Name: Link Whisper Free Key Information: Software Type: Plugin Software Slug: link-whisper Software Status: Active Software Author: linkwhspr Software Downloads: 480,622 Active Installs: 30,000 Last Updated: April 24, 2024 Patched Versions: 0.7.0 Affected Versions: <= 0.6.9 Vulnerability Details: Name: Link Whisper Free <= 0.6.9 Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE: CVE-2024-31934 CVSS Score: 4.3 Publicly Published: April…
Read More
Login With Ajax Vulnerability – Cross-Site Request Forgery to Notice Dismissal – CVE-2024-30546 | WordPress Plugin Vulnerability Report
Plugin Name: Login With Ajax – Fast Logins, 2FA, Redirects Key Information: Software Type: Plugin Software Slug: login-with-ajax Software Status: Active Software Author: netweblogic Software Downloads: 1,056,131 Active Installs: 30,000 Last Updated: April 24, 2024 Patched Versions: 4.2 Affected Versions: <= 4.1 Vulnerability Details: Name: Login With Ajax <= 4.1 Title: Cross-Site Request Forgery to…
Read More
Newsletter Vulnerability – Cross-Site Request Forgery – CVE-2024-31434 | WordPress Plugin Vulnerability Report
Plugin Name: Newsletter – Send awesome emails from WordPress Key Information: Software Type: Plugin Software Slug: newsletter Software Status: Active Software Author: satollo Software Downloads: 25,010,511 Active Installs: 300,000 Last Updated: April 24, 2024 Patched Versions: 8.0.7 Affected Versions: <= 8.0.6 Vulnerability Details: Name: Newsletter <= 8.0.6 Title: Cross-Site Request Forgery Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE: CVE-2024-31434…
Read More
BEAR Vulnerability – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net – Cross-Site Request Forgery to Notice Dismissal – CVE-2024-31430 | WordPress Plugin Vulnerability Report
Plugin Name: BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net Key Information: Software Type: Plugin Software Slug: woo-bulk-editor Software Status: Active Software Author: realmag777 Software Downloads: 580,051 Active Installs: 30,000 Last Updated: April 25, 2024 Patched Versions: 1.1.4.2 Affected Versions: <= 1.1.4.1 Vulnerability Details: Name: BEAR <= 1.1.4.1 Title: Cross-Site Request…
Read More
Ninja Forms Contact Form Vulnerability – The Drag and Drop Form Builder for WordPress – Cross-Site Request Forgery to Publicly Accessible Form Submission Export – CVE-2024-2113 | WordPress Plugin Vulnerability Report
Plugin Name: Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress Key Information: Software Type: Plugin Software Slug: ninja-forms Software Status: Active Software Author: kstover Software Downloads: 43,897,090 Active Installs: 800,000 Last Updated: April 1, 2024 Patched Versions: 3.8.1 Affected Versions: <= 3.8.0 Vulnerability Details: Name: Ninja Forms Contact Form –…
Read More
Events Manager Vulnerability – Calendar, Bookings, Tickets, and more! – Multiple Vulnerabilities – CVE-2024-2111 & CVE-2024-2110 |WordPress Plugin Vulnerability Report
Plugin Name: Events Manager – Calendar, Bookings, Tickets, and more! Key Information: Software Type: Plugin Software Slug: events-manager Software Status: Active Software Author: netweblogic Software Downloads: 4,637,218 Active Installs: 90,000 Last Updated: March 27, 2024 Patched Versions: 6.4.7.2 Affected Versions: <= 6.4.7.1 Vulnerability 1 Details: Name: Events Manager <= 6.4.7.1 Title: Authenticated (Contributor+) Stored Cross-Site…
Read More
Paid Memberships Pro Vulnerability– Content Restriction, User Registration, & Paid Subscriptions – Cross-Site Request Forgery – CVE-2024-0588 |WordPress Plugin Vulnerability Report
Plugin Name: Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions Key Information: Software Type: Plugin Software Slug: paid-memberships-pro Software Status: Active Software Author: strangerstudios Software Downloads: 5,653,134 Active Installs: 90,000 Last Updated: March 26, 2024 Patched Versions: 3.0 Affected Versions: <= 2.12.10 Vulnerability Details: Name: Paid Memberships Pro <= 2.12.10 Title: Cross-Site…
Read More