Premium Addons for Elementor Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-4203 | WordPress Plugin Vulnerability Report

Plugin Name: Premium Addons for Elementor Key Information: Software Type: Plugin Software Slug: premium-addons-for-elementor Software Status: Active Software Author: leap13 Software Downloads: 31,890,759 Active Installs: 700,000 Last Updated: May 13, 2024 Patched Versions: 4.10.31 Affected Versions: <= 4.10.30 Vulnerability Details: Name: Premium Addons for Elementor <= 4.10.30 Title: Authenticated (Contributor+) Stored Cross-Site Scripting Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N…

Read More

WP Shortcodes Plugin Vulnerability — Shortcodes Ultimate – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2024-3550 | WordPress Plugin Vulnerability Report

Plugin Name: WP Shortcodes Plugin — Shortcodes Ultimate Key Information: Software Type: Plugin Software Slug: shortcodes-ultimate Software Status: Active Software Author: gn_themes Software Downloads: 20,031,592 Active Installs: 600,000 Last Updated: May 13, 2024 Patched Versions: 7.1.3 Affected Versions: <= 7.1.2 Vulnerability Details: Name: WP Shortcodes Plugin — Shortcodes Ultimate <= 7.1.2 Title: Authenticated (Contributor+) Stored…

Read More

ShopLentor Vulnerability – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) – Authenticated Stored Cross-site Scripting via QR Code Widget – CVE-2024-2946 | WordPress Plugin Vulnerability Report

Plugin Name: ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) Key Information: Software Type: Plugin Software Slug: woolentor-addons Software Status: Active Software Author: devitemsllc Software Downloads: 3,355,176 Active Installs: 100,000 Last Updated: April 4, 2024 Patched Versions: 2.8.5 Affected Versions: <= 2.8.4 Vulnerability Details: Name: ShopLentor…

Read More

Genesis Blocks – Authenticated Stored Cross-Site Scripting via Block Content – CVE-2024-1946 | WordPress Plugin Vulnerability Report 

Plugin Name: Genesis Blocks Key Information: Software Type: Plugin Software Slug: genesis-blocks Software Status: Active Software Author: StudioPress Software Downloads: 1,333,603 Active Installs: 100,000 Last Updated: April 2, 2024 Patched Versions: 3.1.3 Affected Versions: <= 3.1.2 Vulnerability Details: Name: Genesis Blocks <= 3.1.2 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via Block Content Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N CVE:…

Read More

Link Whisper Free Vulnerability- Authenticated (Contributor+) PHP Object Injection – CVE-2024-2693 |WordPress Plugin Vulnerability Report

Plugin Name: Link Whisper Free Key Information: Software Type: Plugin Software Slug: link-whisper Software Status: Active Software Author: linkwhspr Software Downloads: 449,941 Active Installs: 30,000 Last Updated: March 26, 2024 Patched Versions: 0.7.2 Affected Versions: <= 0.7.1 Vulnerability Details: Name: Link Whisper Free <= 0.7.1 Authenticated (Contributor+) PHP Object Injection Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE: CVE-2024-2693 CVSS…

Read More

Paid Memberships Pro Vulnerability– Content Restriction, User Registration, & Paid Subscriptions – Cross-Site Request Forgery – CVE-2024-0588 |WordPress Plugin Vulnerability Report

Plugin Name: Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions Key Information: Software Type: Plugin Software Slug: paid-memberships-pro Software Status: Active Software Author: strangerstudios Software Downloads: 5,653,134 Active Installs: 90,000 Last Updated: March 26, 2024 Patched Versions: 3.0 Affected Versions: <= 2.12.10 Vulnerability Details: Name: Paid Memberships Pro <= 2.12.10 Title: Cross-Site…

Read More

Premium Addons for Elementor – Authenticated Stored Cross-Site Scripting via Link Wrapper – CVE-2024-0326 | WordPress Plugin Vulnerability Report

Plugin Name: Premium Addons for Elementor Key Information: Software Type: Plugin Software Slug: premium-addons-for-elementor Software Status: Active Software Author: leap13 Software Downloads: 30,089,290 Active Installs: 700,000 Last Updated: March 13, 2024 Patched Versions: 4.0.18 Affected Versions: <= 4.0.17 Vulnerability Details: Name: Premium Addons for Elementor <= 4.0.17 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via Link…

Read More

RSS Aggregator by Feedzy Vulnerability– Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator – Missing Authorization to Arbitrary Page Creation and Publication – CVE-2024-1318 | WordPress Plugin Vulnerability Report

Plugin Name: RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator Key Information: Software Type: Plugin Software Slug: feedzy-rss-feeds Software Status: Active Software Author: themeisle Software Downloads: 2,093,546 Active Installs: 50,000 Last Updated: February 13, 2024 Patched Versions: 4.4.3 Affected Versions: <= 4.4.2 Vulnerability Details: Name: RSS Aggregator by…

Read More

WP Booking Calendar Vulnerability- Unauthenticated SQL Injection – CVE-2024-1207 | WordPress Plugin Vulnerability Report

Plugin Name: WP Booking Calendar Key Information: Software Type: Plugin Software Slug: booking Software Status: Active Software Author: wpdevelop Software Downloads: 3,262,200 Active Installs: 60,000 Last Updated: February 12, 2024 Patched Versions: 9.9.1 Affected Versions: <= 9.9 Vulnerability Details: Name: Booking Calendar <= 9.9 Title: Unauthenticated SQL Injection Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE: CVE-2024-1207 CVSS Score: 9.8…

Read More