Posts Tagged ‘digital risk management’
Timetable and Event Schedule by MotoPress Vulnerability – Authenticated SQL Injection – CVE-2024-3342 | WordPress Plugin Vulnerability Report
Plugin Name: Timetable and Event Schedule by MotoPress Key Information: Software Type: Plugin Software Slug: mp-timetable Software Status: Active Software Author: jetmonsters Software Downloads: 738,183 Active Installs: 30,000 Last Updated: May 10, 2024 Patched Versions: 2.4.12 Affected Versions: <= 2.4.11 Vulnerability Details: Name: Timetable and Event Schedule by MotoPress <= 2.4.11 Title: Authenticated (Contributor+) SQL…
Read MoreEssential Addons for Elementor Vulnerability – Best Elementor Templates, Widgets, Kits & WooCommerce Builders – Authenticated (Author+) PHP Object Injection via error_resetpassword – CVE-2024-3018 | WordPress Plugin Vulnerability Report
Plugin Name: Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders Key Information: Software Type: Plugin Software Slug: essential-addons-for-elementor-lite Software Status: Active Software Author: wpdevteam Software Downloads: 69,249,566 Active Installs: 2,000,000 Last Updated: April 3, 2024 Patched Versions: 5.9.14 Affected Versions: <= 5.9.13 Vulnerability Details: Name: Essential Addons for Elementor <=…
Read MoreElementsKit Elementor addons Vulnerability – Authenticated (Contributor+) Local File Inclusion in render_raw – CVE-2024-2047 | WordPress Plugin Vulnerability Report
Plugin Name: ElementsKit Elementor addons Key Information: Software Type: Plugin Software Slug: elementskit-lite Software Status: Active Software Author: xpeedstudio Software Downloads: 17,423,199 Active Installs: 1,000,000 Last Updated: April 1, 2024 Patched Versions: 3.0.7 Affected Versions: <= 3.0.6 Vulnerability Details: Name: ElementsKit Elementor addons <= 3.0.6 Authenticated (Contributor+) Local File Inclusion in render_raw Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE:…
Read MoreDatabase for Contact Form 7, WPforms, Elementor forms Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2024-2030 | WordPress Plugin Vulnerability Report
Plugin Name: Database for Contact Form 7, WPforms, Elementor forms Key Information: Software Type: Plugin Software Slug: contact-form-entries Software Status: Active Software Author: crmperks Software Downloads: 537,257 Active Installs: 60,000 Last Updated: March 8, 2024 Patched Versions: 1.3.4 Affected Versions: <= 1.3.3 Vulnerability Details: Name: Database for Contact Form 7, WPforms, Elementor forms <= 1.3.3…
Read MoreAdvanced iFrame Vulnerability- Authenticated Contributor+ Stored Cross-Site Scripting – CVE-2024-1341 | WordPress Plugin Vulnerability Report
Plugin Name: Advanced iFrame Key Information: Software Type: Plugin Software Slug: advanced-iframe Software Status: Active Software Author: mdempfle Software Downloads: 1,864,724 Active Installs: 60,000 Last Updated: February 28, 2024 Patched Versions: 2024.2 Affected Versions: <= 2024.1 Vulnerability Details: Name: Advanced iFrame <= 2024.1 Title: Authenticated (Contributor+) Stored Cross-Site Scripting Type: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N CVE: CVE-2024-1341 CVSS Score:…
Read MoreRSS Aggregator by Feedzy Vulnerability– Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator – Missing Authorization to Arbitrary Page Creation and Publication – CVE-2024-1318 | WordPress Plugin Vulnerability Report
Plugin Name: RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator Key Information: Software Type: Plugin Software Slug: feedzy-rss-feeds Software Status: Active Software Author: themeisle Software Downloads: 2,093,546 Active Installs: 50,000 Last Updated: February 13, 2024 Patched Versions: 4.4.3 Affected Versions: <= 4.4.2 Vulnerability Details: Name: RSS Aggregator by…
Read MoreShariff Wrapper Vulnerability – Authenticated (Admin+) Stored Cross-Site Scripting – CVE-2024-1106 |WordPress Plugin Vulnerability Report
Plugin Name: Shariff Wrapper Key Information: Software Type: Plugin Software Slug: shariff Software Status: Active Software Author: 3uu Software Downloads: 848,443 Active Installs: 50,000 Last Updated: February 8, 2024 Patched Versions: 4.6.10 Affected Versions: <= 4.6.9 Vulnerability Details: Name: Shariff Wrapper <= 4.6.9 Title: Authenticated (Admin+) Stored Cross-Site Scripting Type: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N CVE: CVE-2024-1106 CVSS Score:…
Read More