WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels Vulnerability – Missing Authorization to Unauthenticated Settings Reset – CVE-2024-3216 | WordPress Plugin Vulnerability Report

Plugin Name: WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels Key Information: Software Type: Plugin Software Slug: print-invoices-packing-slip-labels-for-woocommerce Software Status: Active Software Author: webtoffee Software Downloads: 1,383,697 Active Installs: 50,000 Last Updated: April 8, 2024 Patched Versions: 4.4.3 Affected Versions: <= 4.4.2 Vulnerability Details: Name: WooCommerce PDF Invoices, Packing Slips, Delivery Notes and…

Read More

ShopLentor Vulnerability – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) – Authenticated Stored Cross-site Scripting via QR Code Widget – CVE-2024-2946 | WordPress Plugin Vulnerability Report 

Plugin Name: ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) Key Information: Software Type: Plugin Software Slug: woolentor-addons Software Status: Active Software Author: devitemsllc Software Downloads: 3,355,176 Active Installs: 100,000 Last Updated: April 4, 2024 Patched Versions: 2.8.5 Affected Versions: <= 2.8.4 Vulnerability Details: Name: ShopLentor…

Read More

LearnPress Vulnerability – WordPress LMS Plugin – CVE-2024-1289, CVE-2024-1463, CVE-2024-2115 – WordPress Plugin Vulnerability Report

Plugin Name: LearnPress – WordPress LMS Plugin Key Information: Software Type: Plugin Software Slug: learnpress Software Status: Active Software Author: thimpress Software Downloads: 4,139,739 Active Installs: 90,000 Last Updated: April 4, 2024 Patched Versions: 4.2.6.4, 4.0.1 Affected Versions: <= 4.2.6.3, <= 4.0.0 Vulnerability 1: Insecure Direct Object Reference CVE: CVE-2024-1289 CVSS Score: 6.5 Publicly Published:…

Read More

File Manager Vulnerability – Authenticated Directory Traversal – CVE-2024-2654 | WordPress Plugin Vulnerability Report

Plugin Name: File Manager Key Information: Software Type: Plugin Software Slug: wp-file-manager Software Status: Active Software Author: mndpsingh287 Software Downloads: 21,240,440 Active Installs: 1,000,000 Last Updated: April 3, 2024 Patched Versions: 7.2.6 Affected Versions: <= 7.2.5 Vulnerability Details: Name: File Manager <= 7.2.5 Title: Authenticated (Administrator+) Directory Traversal Type: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N CVE: CVE-2024-2654 CVSS Score: 6.4…

Read More

Easy Digital Downloads Vulnerability – Sensitive Information Exposure – CVE-2024-2302 | WordPress Plugin Vulnerability Report 

Plugin Name: Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) Key Information: Software Type: Plugin Software Slug: easy-digital-downloads Software Status: Active Software Author: smub Software Downloads: 4,925,252 Active Installs: 50,000 Last Updated: April 4, 2024 Patched Versions: 3.2.10 Affected Versions: <= 3.2.9 Vulnerability Details: Name: Easy Digital Downloads…

Read More

CMB2 Vulnerability – Authenticated PHP Object Injection – CVE-2024-1792 | WordPress Plugin Vulnerability Report

Plugin Name: CMB2 Key Information: Software Type: Plugin Software Slug: cmb2 Software Status: Active Software Author: jtsternberg Software Downloads: 4,198,199 Active Installs: 300,000 Last Updated: April 3, 2024 Patched Versions: 2.11.0 Affected Versions: <= 2.10.1 Vulnerability Details: Name: CMB2 <= 2.10.1 Title: Authenticated PHP Object Injection Type: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE: CVE-2024-1792 CVSS Score: 7.2 Publicly Published:…

Read More

Happy Addons for Elementor Vulnerability – Multiple XSS Vulnerabilities –  CVE-2024-2787, CVE-2024-2789, CVE-2024-1498, CVE-2024-1387 | WordPress Plugin Vulnerability Report

Plugin Name: Happy Addons for Elementor Key Information Software Type: Plugin Software Slug: happy-elementor-addons Software Status: Active Software Author: thehappymonster Software Downloads: 6,284,286 Active Installs: 400,000 Last Updated: April 4, 2024 Patched Versions: 3.10.5, 3.10.4 Affected Versions: <= 3.10.3 Vulnerability Details Vulnerability 1 Name: Happy Addons for Elementor <= 3.10.4 – Authenticated Stored Cross-Site Scripting…

Read More

Spectra Vulnerability – WordPress Gutenberg Blocks – Authenticated Cross-Site Scripting via Custom CSS – CVE-2023-6486 | WordPress Plugin Vulnerability Report

Plugin Name: Spectra – WordPress Gutenberg Blocks Key Information Software Type: Plugin Software Slug: ultimate-addons-for-gutenberg Software Status: Active Software Author: brainstormforce Software Downloads: 20,112,321 Active Installs: 600,000 Last Updated: April 3, 2024 Patched Versions: 2.10.4 Affected Versions: <= 2.10.3 Vulnerability Details Name: Spectra – WordPress Gutenberg Blocks <= 2.10.3 Title: Authenticated(Contributor+) Cross-Site Scripting via Custom…

Read More

Template Kit – Import Vulnerability – Authenticated Stored Cross-Site Scripting via Template Upload – CVE-2024-2334 | WordPress Plugin Vulnerability Report

Plugin Name: Template Kit – Import Key Information: Software Type: Plugin Software Slug: template-kit-import Software Status: Active Software Author: Envato Software Downloads: 548,134 Active Installs: 100,000 Last Updated: April 2, 2024 Patched Versions: 1.0.15 Affected Versions: <= 1.0.14 Vulnerability Details: Name: Template Kit – Import <= 1.0.14 Title: Authenticated (Author+) Stored Cross-Site Scripting via Template…

Read More

MetForm Vulnerability – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor – Authenticated Stored Cross-Site Scripting via Widgets – CVE-2024-2791 | WordPress Plugin Vulnerability Report

Plugin Name: MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor Key Information: Software Type: Plugin Software Slug: metform Software Status: Active Software Author: XpeedStudio Software Downloads: 3,334,058 Active Installs: 300,000 Last Updated: April 4, 2024 Patched Versions: 3.8.6 Affected Versions: <= 3.8.5 Vulnerability Details: Name: Metform Elementor Contact Form Builder <=…

Read More