Popup Box Vulnerability – Best WordPress Popup Plugin – Missing Authorization to Information Exposure – CVE-2024-3897 | WordPress Plugin Vulnerability Report

Plugin Name: Popup Box – Best WordPress Popup Plugin Key Information: Software Type: Plugin Software Slug: ays-popup-box Software Status: Active Software Author: ays-pro Software Downloads: 1,223,022 Active Installs: 30,000 Last Updated: May 9, 2024 Patched Versions: 4.3.7 Affected Versions: <= 4.3.6 Vulnerability Details: Name: Popup Box – Best WordPress Popup Plugin <= 4.3.6 Title: Missing…

Read More

Content Control Vulnerability – The Ultimate Content Restriction Plugin! Restrict Content, Create Conditional Blocks & More – Missing Authorization to Sensitive Information Exposure – CVE-2024-0615 | WordPress Plugin Vulnerability Report

Plugin Name: Content Control – The Ultimate Content Restriction Plugin! Restrict Content, Create Conditional Blocks & More Key Information: Software Type: Plugin Software Slug: content-control Software Status: Active Software Author: codeatlantic Software Downloads: 548,038 Active Installs: 40,000 Last Updated: April 29, 2024 Patched Versions: 2.2.0 Affected Versions: <= 2.1.0 Vulnerability Details: Name: Content Control <=…

Read More

Forminator Vulnerability – Contact Form, Payment Form & Custom Form Builder – Authenticated (Contributor+) Stored Cross-Site Scripting via forminator_form Shortcode – CVE-2024-3053 | WordPress Plugin Vulnerability Report

Plugin Name: Forminator – Contact Form, Payment Form & Custom Form Builder Key Information: Software Type: Plugin Software Slug: forminator Software Status: Active Software Author: wpmudev Software Downloads: 6,757,114 Active Installs: 500,000 Last Updated: April 16, 2024 Patched Versions: 1.29.3 Affected Versions: <= 1.29.2 Vulnerability Details: Name: Forminator – Contact Form, Payment Form & Custom…

Read More

Event Tickets and Registration Vulnerability – Improper Authorization to Information Disclosure – CVE-2024-2261 |WordPress Plugin Vulnerability Report

Plugin Name: Event Tickets and Registration Key Information: Software Type: Plugin Software Slug: event-tickets Software Status: Active Software Author: theeventscalendar Software Downloads: 3,490,727 Active Installs: 80,000 Last Updated: March 27, 2024 Patched Versions: 5.8.3 Affected Versions: <= 5.8.2 Vulnerability Details: Name: Event Tickets and Registration <= 5.8.2 Title: Improper Authorization to Information Disclosure Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N…

Read More

Backuply Vulnerability– Backup, Restore, Migrate and Clone – Authenticated (Admin+) Directory Traversal – CVE-2024-2294 | WordPress Plugin Vulnerability Report

Plugin Name: Backuply – Backup, Restore, Migrate and Clone Key Information: Software Type: Plugin Software Slug: backuply Software Status: Active Software Author: softaculous Software Downloads: 2,266,088 Active Installs: 200,000 Last Updated: March 19, 2024 Patched Versions: 1.2.8 Affected Versions: <= 1.2.7 Vulnerability Details: Name: Backuply – Backup, Restore, Migrate and Clone <= 1.2.7 Title: Authenticated…

Read More

File Manager Vulnerability- Directory Traversal – CVE-2023-6825 | WordPress Plugin Vulnerability Report 

Plugin Name: File Manager Key Information: Software Type: Plugin Software Slug: wp-file-manager Software Status: Active Software Author: mndpsingh287 Software Downloads: 20,544,237 Active Installs: 1,000,000 Last Updated: March 7, 2024 Patched Versions: 7.2.2 Affected Versions: <= 7.2.1 Vulnerability Details: Name: File Manager And File Manager Pro (Multiple Versions) Type: Directory Traversal CVE: CVE-2023-6825 CVSS Score: 9.9…

Read More

Ninja Forms Contact Form Vulnerability– The Drag and Drop Form Builder for WordPress – Unauthenticated Second Order SQL Injection – CVE-2024-0685 | WordPress Plugin Vulnerability Report

Plugin Name: Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress Key Information: Software Type: Plugin Software Slug: ninja-forms Software Status: Active Software Author: kstover Software Downloads: 42,568,387 Active Installs: 800,000 Last Updated: February 12, 2024 Patched Versions: 3.7.2 Affected Versions: <= 3.7.1 Vulnerability Details: Name: Ninja Forms Contact Form <=…

Read More

Burst Statistics Vulnerability – Authenticated (Editor+) SQL Injection – CVE-2024-0405 | WordPress Plugin Vulnerability Report 

Plugin Name: Burst Statistics – Privacy-Friendly Analytics for WordPress Key Information: Software Type: Plugin Software Slug: burst-statistics Software Status: Active Software Author: rogierlankhorst Software Downloads: 1,470,512 Active Installs: 100,000 Last Updated: January 25, 2024 Patched Versions: 1.5.4 Affected Versions: <= 1.5.3 Vulnerability Details: Name: Burst Statistics Really Simple Plugins <= 1.5.3 Title: Authenticated (Editor+) SQL…

Read More

WordPress Plugin Vulnerability Report – Comments – wpDiscuz – Unauthenticated SQL Injection

Plugin Name: Comments – wpDiscuz Key Information: Software Type: Plugin Software Slug: wpdiscuz Software Status: Active Software Author: advancedcoding Software Downloads: 2,865,421 Active Installs: 80,000 Last Updated: September 18, 2023 Patched Versions: 7.6.6 Affected Versions: <=7.6.5 Vulnerability Details: Name: wpDiscuz <= 7.6.5 – Unauthenticated SQL Injection Type: Improper Neutralization of Special Elements used in an…

Read More