cyber security

Jeg Elementor Kit Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget – CVE-2024-3161 | WordPress Plugin Vulnerability Report

By Your WP Guy / Apr 29, 2024

Plugin Name: Jeg Elementor Kit Key Information: Software Type: Plugin Software Slug: jeg-elementor-kit Software Status: Active Software Author: jegtheme Software Downloads: 1,207,029 Active Installs: 200,000 Last Updated: May 10, 2024 Patched Versions: 2.6.5 Affected Versions: <= 2.6.4 Vulnerability Details: Name: Jeg Elementor Kit <= 2.6.4 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget Type:…

Read More

FOX – Currency Switcher Professional for WooCommerce Vulnerability – Unauthenticated Arbitrary Shortcode Execution – CVE-2024-3734 |WordPress Plugin Vulnerability Report

By Your WP Guy / Apr 24, 2024

Plugin Name: FOX – Currency Switcher Professional for WooCommerce Key Information: Software Type: Plugin Software Slug: woocommerce-currency-switcher Software Status: Active Software Author: realmag777 Software Downloads: 1,688,317 Active Installs: 60,000 Last Updated: May 9, 2024 Patched Versions: 1.4.1.9 Affected Versions: <= 1.4.1.8 Vulnerability Details: Name: FOX – Currency Switcher Professional for WooCommerce <= 1.4.1.8 Title: Unauthenticated…

Read More

PDF Invoices & Packing Slips for WooCommerce Vulnerability – Multiple Vulnerabilities – CVE-2024-3045, CVE-2024-3047 | WordPress Plugin Vulnerability Report

By Your WP Guy / Apr 24, 2024

Plugin Name: PDF Invoices & Packing Slips for WooCommerce Key Information: Software Type: Plugin Software Slug: woocommerce-pdf-invoices-packing-slips Software Status: Active Software Author: wpovernight Software Downloads: 15,260,685 Active Installs: 300,000 Last Updated: May 9, 2024 Patched Versions: 3.8.1 Affected Versions: <= 3.8.0 Vulnerability 1 Details: Name: PDF Invoices & Packing Slips for WooCommerce <= 3.8.0 Title:…

Read More

Quick Featured Images Vulnerability – Missing Authorization to Authenticated (Contributor+) Arbitrary Thumbnail Deletion/Setting – CVE-2024-3664 | WordPress Plugin Vulnerability Report

By Your WP Guy / Apr 22, 2024

Plugin Name: Quick Featured Images Key Information: Software Type: Plugin Software Slug: quick-featured-images Software Status: Active Software Author: hinjiriyo Software Downloads: 992,333 Active Installs: 50,000 Last Updated: May 6, 2024 Patched Versions: 13.7.1 Affected Versions: <= 13.7.0 Vulnerability Details: Name: Quick Featured Images <= 13.7.0 Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVE: CVE-2024-3664 CVSS Score: 4.3 Publicly Published: April…

Read More

Royal Elementor Addons and Templates Vulnerability – Multiple Stored XSS Issues and IP Spoofing – Various CVEs |WordPress Plugin Vulnerability Report 

By Your WP Guy / Apr 22, 2024

Plugin Name: Royal Elementor Addons and Templates Key Information: Software Type: Plugin Software Slug: royal-elementor-addons Software Status: Active Software Author: wproyal Software Downloads: 5,140,265 Active Installs: 300,000 Last Updated: May 6, 2024 Patched Versions: 1.3.972, 1.3.95 Affected Versions: <= 1.3.971, <= 1.3.93 Vulnerability Details: Authenticated Stored Cross-Site Scripting via Flip Carousel, Flip Box, Post Grid,…

Read More

hCaptcha for WordPress Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via cf7-hcaptcha Shortcode – CVE-2024-4014 | WordPress Plugin Vulnerability Report 

By Your WP Guy / Apr 19, 2024

Plugin Name: hCaptcha for WordPress Key Information: Software Type: Plugin Software Slug: hcaptcha-for-forms-and-more Software Status: Active Software Author: hcaptcha Software Downloads: 867,958 Active Installs: 50,000 Last Updated: May 3, 2024 Patched Versions: 4.0.1 Affected Versions: <= 4.0.0 Vulnerability Details: Name: hCaptcha for WordPress <= 4.0.0 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via cf7-hcaptcha Shortcode Type:…

Read More

ShopLentor Vulnerability – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-1057 | WordPress Plugin Vulnerability Report 

By Your WP Guy / Apr 19, 2024

Plugin Name: ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) Key Information: Software Type: Plugin Software Slug: woolentor-addons Software Status: Active Software Author: devitemsllc Software Downloads: 3,443,357 Active Installs: 100,000 Last Updated: May 2, 2024 Patched Versions: 2.8.2 Affected Versions: <= 2.8.1 Vulnerability Details: Name: ShopLentor…

Read More

GiveWP Vulnerability  – Donation Plugin and Fundraising Platform – Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode – CVE-2024-1957 | WordPress Plugin Vulnerability Report

By Your WP Guy / Apr 12, 2024

Plugin Name: GiveWP – Donation Plugin and Fundraising Platform Key Information: Software Type: Plugin Software Slug: give Software Status: Active Software Author: webdevmattcrom Software Downloads: 7,093,144 Active Installs: 100,000 Last Updated: April 25, 2024 Patched Versions: 3.7.0 Affected Versions: <= 3.6.1 Vulnerability Details: Name: GiveWP – Donation Plugin and Fundraising Platform <= 3.6.1 Title: Authenticated…

Read More

 WPC Smart Quick View for WooCommerce Vulnerability – Authenticated (Administrator+) Stored Cross-Site Scripting – CVE-2023-6494 | WordPress Plugin Vulnerability Report

By Your WP Guy / Apr 12, 2024

Plugin Name: WPC Smart Quick View for WooCommerce Key Information: Software Type: Plugin Software Slug: woo-smart-quick-view Software Status: Active Software Author: wpclever Software Downloads: 1,038,524 Active Installs: 60,000 Last Updated: April 25, 2024 Patched Versions: 4.0.3 Affected Versions: <= 4.0.2 Vulnerability Details: Name: WPC Smart Quick View for WooCommerce <= 4.0.2 Title: Authenticated (Administrator+) Stored…

Read More

RSS Aggregator by Feedzy Vulnerability – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator – Authenticated Stored Cross-Site Scripting via Shortcode Error Message – CVE-2023-6877 | WordPress Plugin Vulnerability Report 

By Your WP Guy / Apr 6, 2024

Plugin Name: RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator Key Information: Software Type: Plugin Software Slug: feedzy-rss-feeds Software Status: Active Software Author: themeisle Software Downloads: 2,215,056 Active Installs: 50,000 Last Updated: April 16, 2024 Patched Versions: 4.3.4 Affected Versions: <= 4.3.3 Vulnerability Details: Name: RSS Aggregator by…

Read More