Cybersecurity
Drag and Drop Multiple File Upload Vulnerability – Contact Form 7 – Sensitive Information Exposure – CVE-2024-3717 | WordPress Plugin Vulnerability Report
Plugin Name: Drag and Drop Multiple File Upload – Contact Form 7 Key Information: Software Type: Plugin Software Slug: drag-and-drop-multiple-file-upload-contact-form-7 Software Status: Active Software Author: glenwpcoder Software Downloads: 717,544 Active Installs: 60,000 Last Updated: May 10, 2024 Patched Versions: 1.3.7.8 Affected Versions: <= 1.3.7.7 Vulnerability Details: Name: Drag and Drop Multiple File Upload – Contact…
Elementor Addon Elements Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-3743 | WordPress Plugin Vulnerability Report
Plugin Name: Elementor Addon Elements Key Information: Software Type: Plugin Software Slug: addon-elements-for-elementor-page-builder Software Status: Active Software Author: webtechstreet Software Downloads: 2,632,773 Active Installs: 100,000 Last Updated: May 12, 2024 Patched Versions: 1.13.4 Affected Versions: <= 1.13.3 Vulnerability Details: Name: Elementor Addon Elements <= 1.13.3 Title: Authenticated (Contributor+) Stored Cross-Site Scripting Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N CVE: CVE-2024-3743…
Exclusive Addons for Elementor Vulnerability – Missing Authorization to Post Duplication – CVE-2024-33914 | WordPress Plugin Vulnerability Report
Plugin Name: Exclusive Addons for Elementor Key Information: Software Type: Plugin Software Slug: exclusive-addons-for-elementor Software Status: Active Software Author: timstrifler Software Downloads: 859,237 Active Installs: 60,000 Last Updated: May 13, 2024 Patched Versions: 2.6.9.2 Affected Versions: <= 2.6.9.1 Vulnerability Details: Name: Exclusive Addons Elementor <= 2.6.9.1 Title: Missing Authorization to Post Duplication Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVE:…
NextGEN Gallery Vulnerability – Authenticated Stored Cross-Site Scripting – CVE-2024-2744 | WordPress Plugin Vulnerability Report
Plugin Name: NextGEN Gallery – Create an Amazing Photo Gallery in Seconds Key Information: Software Type: Plugin Software Slug: nextgen-gallery Software Status: Active Software Author: smub Software Downloads: 40,372,789 Active Installs: 500,000 Last Updated: May 12, 2024 Patched Versions: 3.59.1 Affected Versions: <= 3.59 Vulnerability Details: Name: NextGEN Gallery <= 3.59 Title: Authenticated (Administrator+) Stored…
Qi Addons For Elementor Vulnerability – Authenticated Stored Cross-Site Scripting via Countdown Widget – CVE-2024-3309 | WordPress Plugin Vulnerability Report
Plugin Name: Qi Addons For Elementor Key Information: Software Type: Plugin Software Slug: qi-addons-for-elementor Software Status: Active Software Author: qodeinteractive Software Downloads: 1,882,207 Active Installs: 200,000 Last Updated: May 10, 2024 Patched Versions: 1.7.1 Affected Versions: <= 1.7.0 Vulnerability Details: Name: Qi Addons For Elementor <= 1.7.0 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown…
Spectra Vulnerability – WordPress Gutenberg Blocks – Authenticated Path Traversal – CVE-2024-3107 | WordPress Plugin Vulnerability Report
Plugin Name: Spectra – WordPress Gutenberg Blocks Key Information: Software Type: Plugin Software Slug: ultimate-addons-for-gutenberg Software Status: Active Software Author: brainstormforce Software Downloads: 21,536,049 Active Installs: 700,000 Last Updated: May 12, 2024 Patched Versions: 2.12.7 Affected Versions: <= 2.12.6 Vulnerability Details: Name: Spectra – WordPress Gutenberg Blocks <= 2.12.6 Title: Authenticated (Contributor+) Path Traversal Type:…
Tutor LMS Vulnerability – eLearning and online course solution – Missing Authorization to Unauthenticated Limited Options Update – CVE-2024-3553 | WordPress Plugin Vulnerability Report
Plugin Name: Tutor LMS – eLearning and online course solution Key Information: Software Type: Plugin Software Slug: tutor Software Status: Active Software Author: themeum Software Downloads: 2,052,510 Active Installs: 80,000 Last Updated: May 10, 2024 Patched Versions: 2.7.0 Affected Versions: <= 2.6.2 Vulnerability Details: Name: Tutor LMS <= 2.6.2 Title: Missing Authorization to Unauthenticated Limited…
WP ULike Vulnerability– Most Advanced WordPress Marketing Toolkit – Multiple Vulnerabilities – Multiple CVEs | WordPress Plugin Vulnerability Report
Plugin Name: WP ULike – Most Advanced WordPress Marketing Toolkit Key Information: Software Type: Plugin Software Slug: wp-ulike Software Status: Active Software Author: alimir Software Downloads: 1,709,226 Active Installs: 80,000 Last Updated: May 10, 2024 Patched Versions: 4.7.0 Affected Versions: <= 4.6.9 Vulnerability Details: Name: WP ULike <= 4.6.9 Title: Authenticated (Subscriber+) Stored Cross-Site Scripting…
Cornerstone Vulnerability – Reflected Cross-Site Scripting – CVE-2024-28002 | WordPress Plugin Vulnerability Report
Plugin Name: Cornerstone Key Information: Software Type: Plugin Software Slug: cornerstone Software Status: Active Software Author: archetyped Software Downloads: 57,853 Active Installs: 60,000 Last Updated: May 10, 2024 Patched Versions: 0.8.1 Affected Versions: <= 0.8.0 Vulnerability Details: Name: Cornerstone <= 0.8.0 Title: Reflected Cross-Site Scripting (XSS) Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE: CVE-2024-28002 CVSS Score: 6.1 Publicly Published:…
Happy Addons for Elementor Vulnerability – Authenticated Stored Cross-Site Scripting via Calendly Widget – CVE-2024-3890 | WordPress Plugin Vulnerability Report
Plugin Name: Happy Addons for Elementor Key Information: Software Type: Plugin Software Slug: happy-elementor-addons Software Status: Active Software Author: thehappymonster Software Downloads: 6,800,239 Active Installs: 400,000 Last Updated: May 10, 2024 Patched Versions: 3.10.7 Affected Versions: <= 3.10.6 Vulnerability Details: Name: Happy Addons for Elementor <= 3.10.6 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via Calendly…