Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Sina Fancy Text Widget – CVE-2024-3988 | WordPress Plugin Vulnerability Report

Plugin Name: Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) Key Information: Software Type: Plugin Software Slug: sina-extension-for-elementor Software Status: Active Software Author: shaonsina Software Downloads: 529,922 Active Installs: 50,000 Last Updated: May 9, 2024 Patched Versions: 3.5.3 Affected Versions: <= 3.5.2 Vulnerability Details: Name:…

Read More

Tutor LMS Vulnerability – eLearning and online course solution – Authenticated (Contributor+) Stored Cross-Site Scripting via ‘tutor_instructor_list’ Shortcode – CVE-2024-3994 | WordPress Plugin Vulnerability Report

Plugin Name: Tutor LMS – eLearning and online course solution Key Information: Software Type: Plugin Software Slug: tutor Software Status: Active Software Author: themeum Software Downloads: 2,051,836 Active Installs: 80,000 Last Updated: May 9, 2024 Patched Versions: 2.7.0 Affected Versions: <= 2.6.2 Vulnerability Details: Name: Tutor LMS – eLearning and online course solution <= 2.6.2…

Read More

Gutenberg Vulnerability – Unauthenticated & Authenticated (Contributor+) Stored Cross-Site Scripting via Avatar Block | WordPress Plugin Vulnerability Report

Plugin Name: Gutenberg Key Information: Software Type: Plugin Software Slug: gutenberg Software Status: Active Software Author: matveb Software Downloads: 41,476,476 Active Installs: 300,000 Last Updated: April 16, 2024 Patched Versions: 18.01 Affected Versions: 12.9.0 – 18.0.0 Vulnerability Details: Name: Gutenberg 12.9.0 – 18.0.0 Title: Unauthenticated & Authenticated (Contributor+) Stored Cross-Site Scripting via Avatar Block Type:…

Read More

Photo Gallery by 10Web Vulnerability – Mobile-Friendly Image Gallery – Authenticated (Admin+) Stored Cross-Site Scripting via SVG – CVE-2024-2296 | WordPress Plugin Vulnerability Report

Plugin Name: Photo Gallery by 10Web – Mobile-Friendly Image Gallery Key Information: Software Type: Plugin Software Slug: photo-gallery Software Status: Active Software Author: 10web Software Downloads: 17,757,662 Active Installs: 200,000 Last Updated: April 10, 2024 Patched Versions: 1.8.22 Affected Versions: <= 1.8.21 Vulnerability Details: Name: Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.21…

Read More

ElementsKit Elementor addons Vulnerability – Authenticated Stored Cross-Site Scripting via Countdown Widget – CVE-2024-2803 | WordPress Plugin Vulnerability Report

Plugin Name: ElementsKit Elementor addons Key Information: Software Type: Plugin Software Slug: elementskit-lite Software Status: Active Software Author: xpeedstudio Software Downloads: 17,727,023 Active Installs: 1,000,000 Last Updated: April 3, 2024 Patched Versions: 3.1.0 Affected Versions: <= 3.0.7 Vulnerability Details: Name: ElementsKit Elementor addons <= 3.0.7 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget Type:…

Read More

WPFront User Role Editor Vulnerability – Limited Information Exposure – CVE-2024-2931 | WordPress Plugin Vulnerability Report

Plugin Name: WPFront User Role Editor Key Information: Software Type: Plugin Software Slug: wpfront-user-role-editor Software Status: Active Software Author: syammohanm Software Downloads: 787,036 Active Installs: 50,000 Last Updated: April 2, 2024 Patched Versions: 4.1.0 Affected Versions: <= 3.2.1.11184 Vulnerability Details: Name: WPFront User Role Editor <= 3.2.1.11184 Title: Limited Information Exposure Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE: CVE-2024-2931…

Read More

Colibri Page Builder Vulnerability – Authenticated Stored Cross-Site Scripting – CVE-2024-2839 | WordPress Plugin Vulnerability Report

Plugin Name: Colibri Page Builder Key Information: Software Type: Plugin Software Slug: colibri-page-builder Software Status: Active Software Author: extendthemes Software Downloads: 2,492,925 Active Installs: 100,000 Last Updated: April 2, 2024 Patched Versions: 1.0.270 Affected Versions: <= 1.0.263 Vulnerability Details: Name: Colibri Page Builder <= 1.0.263 Title: Authenticated (Contributor+) Stored Cross-Site Scripting Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N CVE: CVE-2024-2839…

Read More

Otter Blocks Vulnerability – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-2841 | WordPress Plugin Vulnerability Report

Plugin Name: Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE Key Information: Software Type: Plugin Software Slug: otter-blocks Software Status: Active Software Author: themeisle Software Downloads: 7,072,421 Active Installs: 300,000 Last Updated: April 1, 2024 Patched Versions: 2.6.6 Affected Versions: <= 2.6.5 Vulnerability Details: Name: Otter Blocks – Gutenberg Blocks, Page…

Read More

Blocksy Companion Vulnerability- Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-2392 |WordPress Plugin Vulnerability Report

Plugin Name: Blocksy Companion Key Information: Software Type: Plugin Software Slug: blocksy-companion Software Status: Active Software Author: creativethemeshq Software Downloads: 6,618,702 Active Installs: 200,000 Last Updated: March 12, 2024 Patched Versions: 2.0.32 Affected Versions: <= 2.0.31 Vulnerability Details: Name: Blocksy Companion <= 2.0.31 Title: Authenticated (Contributor+) Stored Cross-Site Scripting Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVE: CVE-2024-2392 CVSS Score:…

Read More