Insert PHP Code Snippet Vulnerability – Cross-Site Request Forgery to Code Snippet Activate/Deactivate/Deletion – CVE-2024-7420 | WordPress Plugin Vulnerability Report

Plugin Name: Insert PHP Code Snippet Key Information: Software Type: Plugin Software Slug: insert-php-code-snippet Software Status: Active Software Author: f1logic Software Downloads: 1,045,147 Active Installs: 100,000 Last Updated: August 18, 2024 Patched Versions: 1.3.7 Affected Versions: <= 1.3.6 Vulnerability Details: Name: Insert PHP Code Snippet <= 1.3.6 Title: Cross-Site Request Forgery to Code Snippet Activate/Deactivate/Deletion…

Read More

LiteSpeed Cache Vulnerability – Cross-Site Request Forgery to Stored Cross-Site Scripting – CVE-2024-3246 | WordPress Plugin Vulnerability Report

Plugin Name: LiteSpeed Cache Key Information: Software Type: Plugin Software Slug: litespeed-cache Software Status: Active Software Author: litespeedtech Software Downloads: 70,093,541 Active Installs: 5,000,000 Last Updated: July 29, 2024 Patched Versions: 6.3 Affected Versions: <= 6.2.0.1 Vulnerability Details: Name: LiteSpeed Cache <= 6.2.0.1 Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE: CVE-2024-3246 CVSS Score: 6.1 Publicly Published: July 23, 2024…

Read More

The Events Calendar Vulnerability – Cross-Site Request Forgery via action_restore_events – CVE-2024-37518 | WordPress Plugin Vulnerability Report 

Plugin Name: The Events Calendar Key Information: Software Type: Plugin Software Slug: the-events-calendar Software Status: Active Software Author: theeventscalendar Software Downloads: 60,464,127 Active Installs: 700,000 Last Updated: July 27, 2024 Patched Versions: 6.5.1.5 Affected Versions: <= 6.5.1.4 Vulnerability Details: Name: The Events Calendar <= 6.5.1.4 Title: Cross-Site Request Forgery via action_restore_events Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE: CVE-2024-37518…

Read More

Loco Translate Vulnerability – Cross-Site Request Forgery – CVE-2024-37236 | WordPress Plugin Vulnerability Report

Plugin Name: Loco Translate Key Information: Software Type: Plugin Software Slug: loco-translate Software Status: Active Software Author: timwhitlock Software Downloads: 26,085,928 Active Installs: 1,000,000 Last Updated: July 16, 2024 Patched Versions: 2.6.10 Affected Versions: <= 2.6.9 Vulnerability Details: Name: Loco Translate <= 2.6.9 Type: Cross-Site Request Forgery CVE: CVE-2024-37236 CVSS Score: 4.3 Publicly Published: June…

Read More

Easy Digital Downloads Vulnerability – Cross-Site Request Forgery – CVE-2024-31113 | WordPress Plugin Vulnerability Report

Plugin Name: Easy Digital Downloads Key Information: Software Type: Plugin Software Slug: easy-digital-downloads Software Status: Active Software Author: smub Software Downloads: 4,985,103 Active Installs: 50,000 Last Updated: May 9, 2024 Patched Versions: 3.2.12 Affected Versions: <= 3.2.11 Vulnerability Details: Name: Easy Digital Downloads <= 3.2.11 – Cross-Site Request Forgery Type: Cross-Site Request Forgery (CSRF) CVE:…

Read More

TranslatePress Vulnerability – Cross-Site Request Forgery – CVE-2024-34827 | WordPress Plugin Vulnerability Report

Plugin Name: TranslatePress Key Information: Software Type: Plugin Software Slug: translatepress-multilingual Software Status: Active Software Author: madalinungureanu Software Downloads: 10,058,842 Active Installs: 300,000 Last Updated: May 9, 2024 Patched Versions: 2.7.6 Affected Versions: <= 2.7.5 Vulnerability Details: Name: Translate Multilingual sites – TranslatePress <= 2.7.5 – Cross-Site Request Forgery Type: Cross-Site Request Forgery (CSRF) CVE:…

Read More

Unyson Vulnerability – Cross-Site Request Forgery – CVE-2024-34814 | WordPress Plugin Vulnerability Report

Plugin Name: Unyson Key Information: Software Type: Plugin Software Slug: unyson Software Status: Removed Software Author: unyson Software Downloads: 3,375,089 Active Installs: 200,000 Last Updated: May 9, 2024 Patched Versions: 2.7.31 Affected Versions: <= 2.7.30 Vulnerability Details: Name: Unyson <= 2.7.29 – Cross-Site Request Forgery Type: Cross-Site Request Forgery (CSRF) CVE: CVE-2024-34814 CVSS Score: 4.3…

Read More

Affiliate Links, Link Branding, Link Tracking & Marketing Plugin Vulnerability – Cross-Site Request Forgery to Plugin Settings Update – CVE-2024-2326 |WordPress Plugin Vulnerability Report – Pretty Links

Plugin Name: Pretty Links – Affiliate Links, Link Branding, Link Tracking & Marketing Plugin Key Information: Software Type: Plugin Software Slug: pretty-link Software Status: Active Software Author: supercleanse Software Downloads: 7,316,398 Active Installs: 300,000 Last Updated: March 22, 2024 Patched Versions: 3.6.4 Affected Versions: <= 3.6.3 Vulnerability Details: Name: Pretty Links <= 3.6.3 Title: Cross-Site…

Read More

Easy Social Feed Vulnerability – Social Photos Gallery – Post Feed – Like Box – Cross-Site Request Forgery – CVE-2024-1214 | WordPress Plugin Vulnerability Report

Plugin Name: Easy Social Feed – Social Photos Gallery – Post Feed – Like Box Key Information: Software Type: Plugin Software Slug: easy-facebook-likebox Software Status: Active Software Author: sjaved Software Downloads: 2,976,834 Active Installs: 50,000 Last Updated: March 14, 2024 Patched Versions: 6.5.5 Affected Versions: <= 6.5.4 Vulnerability Details: Name: Easy Social Feed <= 6.5.4…

Read More