cybersecurity tips

Carousel Slider Vulnerability – Authenticated (Editor+) Stored Cross-Site Scripting – CVE-2024-3703 | WordPress Plugin Vulnerability Report

By Your WP Guy / Apr 12, 2024

Plugin Name: Carousel Slider Key Information: Software Type: Plugin Software Slug: carousel-slider Software Status: Active Software Author: sayful Software Downloads: 908,916 Active Installs: 40,000 Last Updated: April 25, 2024 Patched Versions: 2.2.10 Affected Versions: <= 2.2.9 Vulnerability Details: Name: Carousel Slider <= 2.2.9 Title: Authenticated (Editor+) Stored Cross-Site Scripting Type: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N CVE: CVE-2024-3703 CVSS Score:…

Read More

Email Subscribers by Icegram Express Vulnerability – Authenticated (Administrator+) Cross-Site Scripting & Missing Authorization – CVE-2024-2656 & CVE-2024-31352 | WordPress Plugin Vulnerability Report

By Your WP Guy / Apr 5, 2024

Plugin Name: Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce Key Information: Software Type: Plugin Software Slug: email-subscribers Software Status: Active Software Author: icegram Software Downloads: 10,401,859 Active Installs: 90,000 Last Updated: April 15, 2024 Patched Versions: 5.7.16 Affected Versions: <= 5.7.15 Vulnerability Details: Name: Icegram Express <= 5.7.14…

Read More

Essential Blocks Vulnerability – Page Builder Gutenberg Blocks, Patterns & Templates – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-2255 |WordPress Plugin Vulnerability Report

By Your WP Guy / Mar 19, 2024

Plugin Name: Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates Key Information: Software Type: Plugin Software Slug: essential-blocks Software Status: Active Software Author: wpdevteam Software Downloads: 2,747,397 Active Installs: 100,000 Last Updated: March 19, 2024 Patched Versions: 4.5.4 Affected Versions: <= 4.5.2 Vulnerability Details: Name: Essential Blocks – Page Builder Gutenberg Blocks, Patterns…

Read More

SiteOrigin Widgets Bundle Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-1723 | WordPress Plugin Vulnerability Report

By Your WP Guy / Mar 4, 2024

Plugin Name: SiteOrigin Widgets Bundle Key Information: Software Type: Plugin Software Slug: so-widgets-bundle Software Status: Active Software Author: gpriday Software Downloads: 38,486,908 Active Installs: 600,000 Last Updated: March 7, 2024 Patched Versions: 1.58.8 Affected Versions: <= 1.58.7 Vulnerability Details: Name: SiteOrigin Widgets Bundle <= 1.58.7 Title: Authenticated (Contributor+) Stored Cross-Site Scripting Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N CVE: CVE-2024-1723…

Read More

Starbox Vulnerability – the Author Box for Humans – Insecure Direct Object Reference – CVE-2024-0366 | WordPress Plugin Vulnerability Report

By Your WP Guy / Jan 30, 2024

Plugin Name: Starbox – the Author Box for Humans Key Information: Software Type: Plugin Software Slug: starbox Software Status: Active Software Author: cifi Software Downloads: 441,960 Active Installs: 50,000 Last Updated: February 1, 2024 Patched Versions: 3.4.8 Affected Versions: <= 3.4.7 Vulnerability Details: Name: Starbox – the Author Box for Humans <= 3.4.7 Title: Insecure…

Read More