data protection

Smush Image Optimization – Optimize Images | Compress & Lazy Load Images | Convert WebP | Image CDN Vulnerability – Missing Authorization to Resmush List Deletion – CVE-2023-3352 | WordPress Plugin Vulnerability Report

By Your WP Guy / Jun 20, 2024

Plugin Name: Smush Image Optimization – Optimize Images | Compress & Lazy Load Images | Convert WebP | Image CDN Key Information: Software Type: Plugin Software Slug: wp-smushit Software Status: Active Software Author: wpmudev Software Downloads: 54,994,090 Active Installs: 1,000,000 Last Updated: July 22, 2024 Patched Versions: 3.16.5 Affected Versions: <= 3.16.4 Vulnerability Details: Name:…

Read More

WP STAGING WordPress Backup Plugin – Migration Backup Restore Vulnerability – Authenticated (Admin+) Arbitrary File Upload – CVE-2024-3412 | WordPress Plugin Vulnerability Report

By Your WP Guy / May 28, 2024

Plugin Name: WP STAGING WordPress Backup Plugin – Migration Backup Restore Key Information: Software Type: Plugin Software Slug: wp-staging Software Status: Active Software Author: renehermi Software Downloads: 3,261,328 Active Installs: 100,000 Last Updated: June 11, 2024 Patched Versions: <= 3.4.3 Affected Versions: 3.5.0 Vulnerability Details: Name: WP STAGING WordPress Backup Plugin – Migration Backup Restore…

Read More

Popup Builder by OptinMonster Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-4045 | WordPress Plugin Vulnerability Report

By Your WP Guy / May 24, 2024

Plugin Name: Popup Builder by OptinMonster – WordPress Popups for Optins, Email Newsletters and Lead Generation Key Information: Software Type: Plugin Software Slug: optinmonster Software Status: Active Software Author: optinmonster Software Downloads: 105,301,858 Active Installs: 1,000,000 Last Updated: June 11, 2024 Patched Versions: <= 2.16.1 Affected Versions: 2.16.2 Vulnerability Details: Name: Popup Builder by OptinMonster…

Read More

The Events Calendar Vulnerability – Missing Authorization to Authenticated (Contributor+) Arbitrary Events Access – CVE-2024-1295 | WordPress Plugin Vulnerability Report

By Your WP Guy / May 24, 2024

Plugin Name: The Events Calendar Key Information: Software Type: Plugin Software Slug: the-events-calendar Software Status: Active Software Author: theeventscalendar Software Downloads: 57,657,454 Active Installs: 700,000 Last Updated: June 11, 2024 Patched Versions: <= 6.4.0 Affected Versions: 6.4.0.1 Vulnerability Details: Name: The Events Calendar Free & Pro <= 6.4.0 Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE: CVE-2024-1295 CVSS Score: 4.3…

Read More

Post SMTP Vulnerability – Authenticated (Administrator+) SQL Injection – CVE-2024-5207 | WordPress Plugin Vulnerability Report

By Your WP Guy / May 22, 2024

Plugin Name: Post SMTP Key Information: Software Type: Plugin Software Slug: post-smtp Software Status: Active Software Author: wpexpertsio Software Downloads: 12,562,258 Active Installs: 400,000 Last Updated: May 22, 2024 Patched Versions: 2.9.4 Affected Versions: <=2.9.3 Vulnerability Details: Name: POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress <= 2.9.3…

Read More

LearnPress Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter – CVE-2024-4971 | WordPress Plugin Vulnerability Report

By Your WP Guy / May 21, 2024

Plugin Name: LearnPress Key Information: Software Type: Plugin Software Slug: learnpress Software Status: Active Software Author: thimpress Software Downloads: 4,287,642 Active Installs: 90,000 Last Updated: May 21, 2024 Patched Versions: 4.2.6.7 Affected Versions: <= 4.2.6.6 Vulnerability Details: Name: LearnPress – WordPress LMS Plugin <= 4.2.6.6 – Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter Type:…

Read More

Media Library Assistant Vulnerability – Authenticated (Contributor+) SQL Injection via Shortcode & Reflected Cross-Site Scripting via lang – CVE-2024-3518 & CVE-2024-3519 | WordPress Plugin Vulnerability Report

By Your WP Guy / May 21, 2024

Plugin Name: Media Library Assistant Key Information: Software Type: Plugin Software Slug: media-library-assistant Software Status: Active Software Author: dglingren Software Downloads: 1,952,519 Active Installs: 70,000 Last Updated: May 21, 2024 Patched Versions: 3.16 Affected Versions: <= 3.15 Vulnerability 1 Details: Name: Media Library Assistant <= 3.15 – Authenticated (Contributor+) SQL Injection via Shortcode Type: Improper…

Read More

Contact Form Plugin Vulnerability – PHP Object Injection via extractDynamicValues – CVE-2024-4157 | WordPress Plugin Vulnerability Report

By Your WP Guy / May 21, 2024

Plugin Name: Contact Form Plugin Key Information: Software Type: Plugin Software Slug: fluentform Software Status: Active Software Author: techjewel Software Downloads: 7,048,138 Active Installs: 400,000 Last Updated: May 21, 2024 Patched Versions: 5.1.16 Affected Versions: <= 5.1.15 Vulnerability Details: Name: Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form…

Read More

Happy Addons for Elementor Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-5088, CVE-2024-4865 | WordPress Plugin Vulnerability Report

By Your WP Guy / May 17, 2024

Plugin Name: Happy Addons for Elementor Key Information: Software Type: Plugin Software Slug: happy-elementor-addons Software Status: Active Software Author: thehappymonster Software Downloads: 6,974,697 Active Installs: 400,000 Last Updated: May 17, 2024 Patched Versions: 3.10.9 Affected Versions: <= 3.10.8 Vulnerability Details: Name: Happy Addons for Elementor <= 3.10.8 – Authenticated (Contributor+) Stored Cross-Site Scripting Type: Improper…

Read More

Exclusive Addons for Elementor Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Team Member Widget – CVE-2024-4618 | WordPress Plugin Vulnerability Report

By Your WP Guy / May 14, 2024

Plugin Name: Exclusive Addons for Elementor Key Information: Software Type: Plugin Software Slug: exclusive-addons-for-elementor Software Status: Active Software Author: timstrifler Software Downloads: 870,318 Active Installs: 60,000 Last Updated: May 14, 2024 Patched Versions: 2.6.9.7 Affected Versions: <= 2.6.9.6 Vulnerability Details: Name: Exclusive Addons for Elementor <= 2.6.9.6 – Authenticated (Contributor+) Stored Cross-Site Scripting via Team…

Read More