Contact Form by WPForms Vulnerability – Unauthenticated Price Manipulation – CVE-2024-3649 | WordPress Plugin Vulnerability Report

Plugin Name: Contact Form by WPForms Key Information: Software Type: Plugin Software Slug: wpforms-lite Software Status: Active Software Author: smub Software Downloads: 201,516,943 Active Installs: 5,000,000 Last Updated: May 1, 2024 Patched Versions: 1.8.8.2 Affected Versions: <= 1.8.7.2 Vulnerability Details: Name: Contact Form by WPForms – Drag & Drop Form Builder for WordPress <= 1.8.7.2…

Read More

WordPress Plugin Vulnerability Report – WP Recipe Maker – Authenticated (Contributor+) Stored Cross-Site Scripting via wprm-recipe-roundup-item Shortcode – CVE-2024-3490 | WordPress Vulnerability Report

Plugin Name: WP Recipe Maker Key Information: Software Type: Plugin Software Slug: wp-recipe-maker Software Status: Active Software Author: brechtvds Software Downloads: 2,782,126 Active Installs: 50,000 Last Updated: May 1, 2024 Patched Versions: 9.4.0 Affected Versions: <= 9.3.1 Vulnerability Details: Name: WP Recipe Maker <= 9.3.1 – Authenticated (Contributor+) Stored Cross-Site Scripting via wprm-recipe-roundup-item Shortcode Type:…

Read More

Exclusive Addons for Elementor Vulnerability – Missing Authorization to Post Duplication – CVE-2024-33914 | WordPress Plugin Vulnerability Report 

Plugin Name: Exclusive Addons for Elementor Key Information: Software Type: Plugin Software Slug: exclusive-addons-for-elementor Software Status: Active Software Author: timstrifler Software Downloads: 859,237 Active Installs: 60,000 Last Updated: May 13, 2024 Patched Versions: 2.6.9.2 Affected Versions: <= 2.6.9.1 Vulnerability Details: Name: Exclusive Addons Elementor <= 2.6.9.1 Title: Missing Authorization to Post Duplication Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVE:…

Read More

MailerLite Vulnerability – Signup forms (official) – Multiple Vulnerabilities – CVE-2024-2797, CVE-2024-1386 | WordPress Plugin Vulnerability Report

Plugin Name: MailerLite – Signup forms (official) Key Information: Software Type: Plugin Software Slug: official-mailerlite-sign-up-forms Software Status: Active Software Author: mailerlite Software Downloads: 1,634,637 Active Installs: 80,000 Last Updated: May 10, 2024 Patched Versions: 1.7.7 Affected Versions: <= 1.7.6 Vulnerability Details: Name: MailerLite – Signup forms (official) <= 1.7.6 Title: Missing Authorization Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE:…

Read More

Media Cleaner: Clean your WordPress! Vulnerability – Unauthenticated Information Exposure – CVE-2024-33922 | WordPress Plugin Vulnerability Report

Plugin Name: Media Cleaner: Clean your WordPress! Key Information: Software Type: Plugin Software Slug: media-cleaner Software Status: Active Software Author: tigroumeow Software Downloads: 2,778,078 Active Installs: 70,000 Last Updated: May 10, 2024 Patched Versions: 6.7.3 Affected Versions: <= 6.7.2 Vulnerability Details: Name: Media Cleaner: Clean your WordPress! <= 6.7.2 Title: Unauthenticated Information Exposure Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N…

Read More

Spectra Vulnerability – WordPress Gutenberg Blocks – Authenticated Path Traversal – CVE-2024-3107 | WordPress Plugin Vulnerability Report

Plugin Name: Spectra – WordPress Gutenberg Blocks Key Information: Software Type: Plugin Software Slug: ultimate-addons-for-gutenberg Software Status: Active Software Author: brainstormforce Software Downloads: 21,536,049 Active Installs: 700,000 Last Updated: May 12, 2024 Patched Versions: 2.12.7 Affected Versions: <= 2.12.6 Vulnerability Details: Name: Spectra – WordPress Gutenberg Blocks <= 2.12.6 Title: Authenticated (Contributor+) Path Traversal Type:…

Read More

Contact Form 7 Database Addon Vulnerability – CFDB7 – Unauthenticated Sensitive Information Exposure – CVE-2024-3870 | WordPress Plugin Vulnerability Report 

Plugin Name: Contact Form 7 Database Addon – CFDB7 Key Information: Software Type: Plugin Software Slug: contact-form-cfdb7 Software Status: Active Software Author: arshidkv12 Software Downloads: 5,113,134 Active Installs: 600,000 Last Updated: May 10, 2024 Patched Versions: 1.2.7 Affected Versions: <= 1.2.6.8 Vulnerability Details: Name: Contact Form 7 Database Addon – CFDB7 <= 1.2.6.8 Title: Unauthenticated…

Read More

Blog2Social: Social Media Auto Post & Scheduler Vulnerability – Information Exposure – CVE-2024-3678 | WordPress Plugin Vulnerability Report 

Plugin Name: Blog2Social: Social Media Auto Post & Scheduler Key Information: Software Type: Plugin Software Slug: blog2social Software Status: Active Software Author: pr-gateway Software Downloads: 3,487,933 Active Installs: 60,000 Last Updated: May 10, 2024 Patched Versions: 7.5.0 Affected Versions: <= 7.4.2 Vulnerability Details: Name: Blog2Social: Social Media Auto Post & Scheduler <= 7.4.2 Title: Information…

Read More

WP-Members Membership Plugin Vulnerability – Unprotected Storage of Potentially Sensitive Files – CVE-2024-2920 | WordPress Plugin Vulnerability Report 

Plugin Name: WP-Members Membership Plugin Key Information: Software Type: Plugin Software Slug: wp-members Software Status: Active Software Author: cbutlerjr Software Downloads: 3,498,751 Active Installs: 60,000 Last Updated: May 10, 2024 Patched Versions: 3.4.9.4 Affected Versions: <= 3.4.9.3 Vulnerability Details: Name: WP-Members Membership Plugin <= 3.4.9.3 Title: Unprotected Storage of Potentially Sensitive Files Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE:…

Read More

hCaptcha for WordPress Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via cf7-hcaptcha Shortcode – CVE-2024-4014 | WordPress Plugin Vulnerability Report 

Plugin Name: hCaptcha for WordPress Key Information: Software Type: Plugin Software Slug: hcaptcha-for-forms-and-more Software Status: Active Software Author: hcaptcha Software Downloads: 867,958 Active Installs: 50,000 Last Updated: May 3, 2024 Patched Versions: 4.0.1 Affected Versions: <= 4.0.0 Vulnerability Details: Name: hCaptcha for WordPress <= 4.0.0 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via cf7-hcaptcha Shortcode Type:…

Read More