MailerLite Vulnerability – Signup forms (official) – Multiple Vulnerabilities – CVE-2024-2797, CVE-2024-1386 | WordPress Plugin Vulnerability Report

Plugin Name: MailerLite – Signup forms (official) Key Information: Software Type: Plugin Software Slug: official-mailerlite-sign-up-forms Software Status: Active Software Author: mailerlite Software Downloads: 1,634,637 Active Installs: 80,000 Last Updated: May 10, 2024 Patched Versions: 1.7.7 Affected Versions: <= 1.7.6 Vulnerability Details: Name: MailerLite – Signup forms (official) <= 1.7.6 Title: Missing Authorization Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE:…

Read More

MainWP Child Reports Vulnerability – Cross-Site Request Forgery – CVE-2024-33680 | WordPress Plugin Vulnerability Report

Plugin Name: MainWP Child Reports Key Information: Software Type: Plugin Software Slug: mainwp-child-reports Software Status: Active Software Author: mainwp Software Downloads: 943,776 Active Installs: 80,000 Last Updated: May 10, 2024 Patched Versions: 2.2 Affected Versions: <= 2.1.1 Vulnerability Details: Name: MainWP Child Reports <= 2.1.1 Title: Cross-Site Request Forgery Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE: CVE-2024-33680 CVSS Score:…

Read More

Popup Builder by OptinMonster Vulnerability – WordPress Popups for Optins, Email Newsletters and Lead Generation – Cross-Site Request Forgery to Notice Dismissal – CVE-2024-33691 | WordPress Plugin Vulnerability Report

Plugin Name: Popup Builder by OptinMonster – WordPress Popups for Optins, Email Newsletters and Lead Generation Key Information: Software Type: Plugin Software Slug: optinmonster Software Status: Active Software Author: optinmonster Software Downloads: 103,821,350 Active Installs: 1,000,000 Last Updated: May 10, 2024 Patched Versions: 2.16.0 Affected Versions: <= 2.15.3 Vulnerability Details: Name: Popup Builder by OptinMonster…

Read More

Schema & Structured Data for WP & AMP Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via How To and FAQ Blocks – CVE-2024-3491 | WordPress Plugin Vulnerability Report

Plugin Name: Schema & Structured Data for WP & AMP Key Information: Software Type: Plugin Software Slug: schema-and-structured-data-for-wp Software Status: Active Software Author: magazine3 Software Downloads: 5,175,623 Active Installs: 100,000 Last Updated: May 6, 2024 Patched Versions: 1.30 Affected Versions: <= 1.29 Vulnerability Details: Name: Schema & Structured Data for WP & AMP <= 1.29…

Read More

Backup Migration Vulnerability – Information Exposure via Log Files – CVE-2024-32686 | WordPress Plugin Vulnerability Report

Plugin Name: Backup Migration Key Information: Software Type: Plugin Software Slug: backup-backup Software Status: Active Software Author: inisev Software Downloads: 1,449,047 Active Installs: 80,000 Last Updated: May 2, 2024 Patched Versions: 1.4.4 Affected Versions: <= 1.4.3 Vulnerability Details: Name: Backup Migration <= 1.4.3 Title: Information Exposure via Log Files Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE: CVE-2024-32686 CVSS Score:…

Read More

Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content Vulnerability – ProfilePress – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-2867 | WordPress Plugin Vulnerability Report

Plugin Name: Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress Key Information: Software Type: Plugin Software Slug: wp-user-avatar Software Status: Active Software Author: collizo4sky Software Downloads: 12,831,916 Active Installs: 200,000 Last Updated: April 25, 2024 Patched Versions: 4.15.5 Affected Versions: <= 4.15.4 Vulnerability Details: Name: Paid Membership…

Read More

Slider, Gallery, and Carousel by MetaSlider Vulnerability – Responsive WordPress Slideshows – Authenticated (Contributor+) Stored Cross-Site Scripting via metaslider Shortcode – CVE-2024-3285 | WordPress Plugin Vulnerability Report

Plugin Name: Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Slideshows Key Information: Software Type: Plugin Software Slug: ml-slider Software Status: Active Software Author: metaslider Software Downloads: 27,208,376 Active Installs: 600,000 Last Updated: April 22, 2024 Patched Versions: 3.70.1 Affected Versions: <= 3.70.0 Vulnerability Details: Name: Slider, Gallery, and Carousel by MetaSlider <= 3.70.0…

Read More

Favicon by RealFaviconGenerator Vulnerability – Cross-Site Request Forgery to Notice Dismissal – CVE-2024-31422 | WordPress Plugin Vulnerability Report

Plugin Name: Favicon by RealFaviconGenerator Key Information: Software Type: Plugin Software Slug: favicon-by-realfavicongenerator Software Status: Active Software Author: phbernard Software Downloads: 3,235,128 Active Installs: 300,000 Last Updated: April 24, 2024 Patched Versions: 1.3.30 Affected Versions: <= 1.3.29 Vulnerability Details: Name: Favicon <= 1.3.29 Title: Cross-Site Request Forgery to Notice Dismissal Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE: CVE-2024-31422 CVSS…

Read More

Inline Related Posts Vulnerability – Cross-Site Request Forgery – CVE-2024-31426 | WordPress Plugin Vulnerability Report 

Plugin Name: Inline Related Posts Key Information: Software Type: Plugin Software Slug: intelly-related-posts Software Status: Active Software Author: data443 Software Downloads: 1,297,547 Active Installs: 100,000 Last Updated: April 24, 2024 Patched Versions: 3.4.0 Affected Versions: <= 3.3.1 Vulnerability Details: Name: Inline Related Posts <= 3.3.1 Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE: CVE-2024-31426 CVSS Score: 4.3 Publicly Published: April…

Read More

Link Whisper Free Vulnerability – Cross-Site Request Forgery – CVE-2024-31934 | WordPress Plugin Vulnerability Report

Plugin Name: Link Whisper Free Key Information: Software Type: Plugin Software Slug: link-whisper Software Status: Active Software Author: linkwhspr Software Downloads: 480,622 Active Installs: 30,000 Last Updated: April 24, 2024 Patched Versions: 0.7.0 Affected Versions: <= 0.6.9 Vulnerability Details: Name: Link Whisper Free <= 0.6.9 Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE: CVE-2024-31934 CVSS Score: 4.3 Publicly Published: April…

Read More