Sydney Toolbox Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via _id – CVE-2024-2936 |WordPress Plugin Vulnerability Report

Plugin Name: Sydney Toolbox Key Information: Software Type: Plugin Software Slug: sydney-toolbox Software Status: Active Software Author: athemes Software Downloads: 2,161,148 Active Installs: 80,000 Last Updated: April 1, 2024 Patched Versions: 1.27 Affected Versions: <= 1.26 Vulnerability Details: Name: Sydney Toolbox <= 1.26 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via _id Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N CVE: CVE-2024-2936…

Read More

Elementor Addon Elements Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-2091 |WordPress Plugin Vulnerability Report

Plugin Name: Elementor Addon Elements Key Information: Software Type: Plugin Software Slug: addon-elements-for-elementor-page-builder Software Status: Active Software Author: webtechstreet Software Downloads: 2,523,308 Active Installs: 100,000 Last Updated: March 26, 2024 Patched Versions: 1.13.2 Affected Versions: <= 1.13.1 Vulnerability Details: Name: Elementor Addon Elements <= 1.13.1 Authenticated (Contributor+) Stored Cross-Site Scripting Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVE: CVE-2024-2091 CVSS…

Read More

User Registration Vulnerability– Custom Registration Form, Login Form, and User Profile WordPress Plugin – Unauthenticated Stored Self-Based Cross-Site Scripting – CVE-2024-1720 | WordPress Plugin Vulnerability Report

Plugin Name: User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin Key Information: Software Type: Plugin Software Slug: user-registration Software Status: Active Software Author: wpeverest Software Downloads: 2,562,763 Active Installs: 60,000 Last Updated: March 8, 2024 Patched Versions: 3.1.5 Affected Versions: <= 3.1.4 Vulnerability Details: Name: User Registration – Custom Registration…

Read More

Beaver Builder Vulnerability– WordPress Page Builder – Authenticated Contributor+ Stored Cross-Site Scripting via Audio Widget – CVE-2024-1074 | WordPress Plugin Vulnerability Report

Plugin Name: Beaver Builder – WordPress Page Builder Key Information: Software Type: Plugin Software Slug: beaver-builder-lite-version Software Status: Active Software Author: justinbusa Software Downloads: 9,601,854 Active Installs: 100,000 Last Updated: February 28, 2024 Patched Versions: 2.7.4.3 Affected Versions: <= 2.7.4.2 Vulnerability Details: Name: Beaver Builder – WordPress Page Builder <= 2.7.4.2 Title: Authenticated Contributor+ Stored…

Read More