Jeg Elementor Kit Vulnerability – Multiple Stored Cross-Site Scripting Issues – CVE-2024-1327 & CVE-2024-3162 |WordPress Plugin Vulnerability Report

Plugin Name: Jeg Elementor Kit Key Information: Software Type: Plugin Software Slug: jeg-elementor-kit Software Status: Active Software Author: jegtheme Software Downloads: 1,029,705 Active Installs: 200,000 Last Updated: April 2, 2024 Patched Versions: 2.6.4 Affected Versions: <= 2.6.3 Vulnerability 1 Details: Name: Jeg Elementor Kit <= 2.6.3 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via Image Box…

Read More

Pods Vulnerability – Custom Content Types and Fields – Authenticated (Contributor+) SQL Injection via Shortcode – CVE-2023-6967 | WordPress Plugin Vulnerability Report

Plugin Name: Pods – Custom Content Types and Fields Key Information: Software Type: Plugin Software Slug: pods Software Status: Active Software Author: sc0ttkclark Software Downloads: 4,033,656 Active Installs: 100,000 Last Updated: April 1, 2024 Patched Versions: 2.7.31.2, 2.8.23.2, 2.9.19.2, 3.0.10.2 Affected Versions: < 2.7.31, 3 – 3.0.10, 2.8 – 2.8.23 Vulnerability Details: Name: Pods -…

Read More

Sydney Toolbox Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via _id – CVE-2024-2936 |WordPress Plugin Vulnerability Report

Plugin Name: Sydney Toolbox Key Information: Software Type: Plugin Software Slug: sydney-toolbox Software Status: Active Software Author: athemes Software Downloads: 2,161,148 Active Installs: 80,000 Last Updated: April 1, 2024 Patched Versions: 1.27 Affected Versions: <= 1.26 Vulnerability Details: Name: Sydney Toolbox <= 1.26 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via _id Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N CVE: CVE-2024-2936…

Read More

Happy Addons for Elementor Vulnerability- Authenticated (Contributor+) Stored Cross-Site Scripting via Archive Title Widget – CVE-2024-1366 | WordPress Plugin Vulnerability Report

Plugin Name: Happy Addons for Elementor Key Information: Software Type: Plugin Software Slug: happy-elementor-addons Software Status: Active Software Author: thehappymonster Software Downloads: 6,213,235 Active Installs: 400,000 Last Updated: March 8, 2024 Patched Versions: 3.10.4 Affected Versions: <= 3.10.3 Vulnerability Details: Name: Happy Addons for Elementor <= 3.10.3 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via Archive…

Read More

Calculated Fields Form Vulnerability – Unauthenticated Stored Cross-Site Scripting – CVE-2024-2020 | WordPress Plugin Vulnerability Report

Plugin Name: Calculated Fields Form Key Information: Software Type: Plugin Software Slug: calculated-fields-form Software Status: Active Software Author: codepeople Software Downloads: 6,626,617 Active Installs: 60,000 Last Updated: March 1, 2024 Patched Versions: 5.1.57 Affected Versions: <= 5.1.56 Vulnerability Details: Name: Calculated Fields Form Professional <= 5.1.56 Title: Unauthenticated Stored Cross-Site Scripting Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N CVE: CVE-2024-2020…

Read More

GenerateBlocks Vulnerability – Sensitive Information Exposure – CVE-2024-1452 | WordPress Plugin Vulnerability Report

Plugin Name: GenerateBlocks Key Information: Software Type: Plugin Software Slug: generateblocks Software Status: Active Software Author: edge22 Software Downloads: 1,658,618 Active Installs: 200,000 Last Updated: March 1, 2024 Patched Versions: 1.8.3 Affected Versions: <= 1.8.2 Vulnerability Details: Name: GenerateBlocks <= 1.8.2 Title: Sensitive Information Exposure Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE: CVE-2024-1452 CVSS Score: 4.3 Publicly Published: March…

Read More

WP Show Posts Vulnerability – Information Exposure – CVE-2024-1479 | WordPress Plugin Vulnerability Report

Plugin Name: WP Show Posts Key Information: Software Type: Plugin Software Slug: wp-show-posts Software Status: Active Software Author: edge22 Software Downloads: 477,238 Active Installs: 90,000 Last Updated: March 1, 2024 Patched Versions: 1.1.5 Affected Versions: <= 1.1.4 Vulnerability Details: Name: WP Show Posts <= 1.1.4 Title: Information Exposure Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE: CVE-2024-1479 CVSS Score: 5.3…

Read More

Exclusive Addons for Elementor Vulnerability – Authenticated Contributor+ Stored Cross-Site Scripting – CVE-2024-1234 | WordPress Plugin Vulnerability Report

Plugin Name: Exclusive Addons for Elementor Key Information: Software Type: Plugin Software Slug: exclusive-addons-for-elementor Software Status: Active Software Author: timstrifler Software Downloads: 717,031 Active Installs: 60,000 Last Updated: March 1, 2024 Patched Versions: 2.6.9.1 Affected Versions: <= 2.6.9 Vulnerability Details: Name: Exclusive Addons for Elementor <= 2.6.9 Title: Authenticated (Contributor+) Stored Cross-Site Scripting Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N…

Read More

Beaver Builder Vulnerability– WordPress Page Builder – Authenticated Contributor+ Stored Cross-Site Scripting via Audio Widget – CVE-2024-1074 | WordPress Plugin Vulnerability Report

Plugin Name: Beaver Builder – WordPress Page Builder Key Information: Software Type: Plugin Software Slug: beaver-builder-lite-version Software Status: Active Software Author: justinbusa Software Downloads: 9,601,854 Active Installs: 100,000 Last Updated: February 28, 2024 Patched Versions: 2.7.4.3 Affected Versions: <= 2.7.4.2 Vulnerability Details: Name: Beaver Builder – WordPress Page Builder <= 2.7.4.2 Title: Authenticated Contributor+ Stored…

Read More

Download Manager Vulnerability- Missing Authorization – CVE-2023-6785 | WordPress Plugin Vulnerability Report

Plugin Name: Download Manager Key Information: Software Type: Plugin Software Slug: download-manager Software Status: Active Software Author: codename065 Software Downloads: 8,301,669 Active Installs: 100,000 Last Updated: March 1, 2024 Patched Versions: 3.2.85 Affected Versions: <=3.2.84 Vulnerability Details: Name: Download Manager <= 3.2.84 Title: Missing Authorization Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE: CVE-2023-6785 CVSS Score: 5.3 Publicly Published: February…

Read More