VK Block Patterns Vulnerability – Cross-Site Request Forgery – CVE-2024-0623 | WordPress Plugin Vulnerability Report

Plugin Name: VK Block Patterns Key Information: Software Type: Plugin Software Slug: vk-block-patterns Software Status: Active Software Author: vektor-inc Software Downloads: 1,113,989 Active Installs: 80,000 Last Updated: January 19, 2024 Patched Versions: 1.31.2.0 Affected Versions: <= 1.31.1.1 Vulnerability Details: Name: VK Block Patterns <= 1.31.1.1 – Cross-Site Request Forgery Type: Cross-Site Request Forgery (CSRF) CVE: CVE-2024-0623 CVSS Score: 4.3 (Medium) Publicly Published: January 19, 2024 Researcher: kodaichodai Description: The VK Block…

Read More

Depicter Slider Vulnerability – Cross-Site Request Forgery via save – CVE-2023-6493 | WordPress Plugin Vulnerability Report

Plugin Name: Depicter Slider Key Information: Software Type: Plugin Software Slug: depicter Software Status: Active Software Author: averta Software Downloads: 727,890 Active Installs: 80,000 Last Updated: January 4, 2024 Patched Versions: 2.0.7 Affected Versions: <= 2.0.6 Vulnerability Details: Name: Depicter Slider – Responsive Image Slider, Video Slider & Post Slider <= 2.0.6 – Cross-Site Request Forgery via save Title: Cross-Site Request Forgery via save Type: Cross-Site Request…

Read More

WordPress Plugin Vulnerability Report – Ocean Extra – Cross-Site Request Forgery to Arbitrary Plugin Activation

Plugin Name: Ocean Extra Key Information: Software Type: Plugin Software Slug: ocean-extra Software Status: Active Software Author: oceanwp Software Downloads: 19,047,434 Active Installs: 700,000 Last Updated: November 28, 2023 Patched Versions: 2.2.3 Affected Versions: <= 2.2.2 Vulnerability Details: Name: Ocean Extra <= 2.2.2 – Cross-Site Request Forgery to Arbitrary Plugin Activation Title: Cross-Site Request Forgery to Arbitrary Plugin Activation Type: Cross-Site Request Forgery (CSRF) CVSS Score: 4.3 (Medium)…

Read More

WordPress Plugin Vulnerability Report – Razorpay for WooCommerce – Missing Authorization and Cross-Site Request Forgery

Plugin Name: Razorpay for WooCommerce Key Information: Software Type: Plugin Software Slug: woo-razorpay Software Status: Active Software Author: NA Software Downloads: 1,366,539 Active Installs: 60,000 Last Updated: November 28, 2023 Patched Versions: 4.5.7 Affected Versions: <= 4.5.6 Vulnerability 1 Details: Name: Razorpay for WooCommerce <= 4.5.6 – Missing Authorization Title: Missing Authorization Type: Missing Authorization CVSS Score: 4.3 (Medium) Publicly Published: November 28, 2023 Description: The Razorpay for WooCommerce plugin…

Read More

WordPress Plugin Vulnerability Report – Analytify – Cross-Site Request Forgery

Plugin Name: Analytify Key Information: Software Type: Plugin Software Slug: wp-analytify Software Status: Active Software Author: hiddenpearls Software Downloads: 1,817,063 Active Installs: 40,000 Last Updated: November 20, 2023 Patched Versions: 5.2.0 Affected Versions: <= 5.1.0 Vulnerability Details: Name: Analytify Dashboard <= 5.1.0 – Cross-Site Request Forgery Title: Cross-Site Request Forgery Type: Cross-Site Request Forgery (CSRF) CVSS Score: 4.3 (Medium) Publicly Published: November 20, 2023 Description: The Analytify – Google Analytics…

Read More

WordPress Plugin Vulnerability Report – Elementor Addon Elements – Cross-Site Request Forgery – CVE-2023-4690

Plugin Name: Elementor Addon Elements Key Information: Software Type: Plugin Software Slug: addon-elements-for-elementor-page-builder Software Status: Active Software Author: webtechstreet Software Downloads: 2,143,312 Active Installs: 100,000 Last Updated: November 15, 2023 Patched Versions: 1.12.8 Affected Versions: <= 1.12.7 Vulnerability Details: Name: Elementor Addon Elements <= 1.12.7 – Cross-Site Request Forgery Title: Cross-Site Request Forgery Type: Cross-Site Request Forgery (CSRF) CVE: CVE-2023-4690 CVSS Score: 5.4 (Medium) Publicly Published: November 15, 2023 Researcher: Marco…

Read More

WordPress Plugin Vulnerability Report – Quiz And Survey Master – Multiple Cross-Site Request Forgery

Plugin Name: Quiz And Survey Master Key Information: Software Type: Plugin Software Slug: quiz-master-next Software Status: Active Software Author: expresstech Software Downloads: 2,153,834 Active Installs: 40,000 Last Updated: November 8, 2023 Patched Versions: 8.1.19 Affected Versions: <= 8.1.18 Vulnerability Details: Name: Quiz And Survey Master <= 8.1.18 – Multiple Cross-Site Request Forgery Title: Multiple Cross-Site Request Forgery Type: Cross-Site Request Forgery (CSRF) CVSS Score: 5.4 (Medium) Publicly Published: November…

Read More

WordPress Plugin Vulnerability Report – Code Snippets – Cross-Site Request Forgery via load

Plugin Name: Code Snippets Key Information: Software Type: Plugin Software Slug: code-snippets Software Status: Active Software Author: bungeshea Software Downloads: 8,867,266 Active Installs: 800,000 Last Updated: November 6, 2023 Patched Versions: 3.6.0 Affected Versions: < 3.6.0 Vulnerability Details: Name: Code Snippets <= 3.5.0 – Cross-Site Request Forgery via load Type: Cross-Site Request Forgery (CSRF) CVSS Score: 5.4 (Medium) Publicly Published: November 6, 2023 Description: The Code Snippets plugin for…

Read More

WordPress Plugin Vulnerability Report – Top 10 – Cross-Site Request Forgery via edit_count_ajax

Plugin Name: Top 10 Key Information: Software Type: Plugin Software Slug: top-10 Software Status: Active Software Author: ajay Software Downloads: 1,049,082 Active Installs: 20,000 Last Updated: November 3, 2023 Patched Versions: 3.3.3 Affected Versions: <= 3.3.2 Vulnerability Details: Name: Top 10 <= 3.3.2 – Cross-Site Request Forgery via edit_count_ajax Title: Cross-Site Request Forgery via edit_count_ajax…

Read More