Import any XML or CSV File to WordPress Vulnerability – Cross-Site Request Forgery to Notice Dismissal – CVE-2024-31939 | WordPress Plugin Vulnerability Report

Plugin Name: Import any XML or CSV File to WordPress Key Information: Software Type: Plugin Software Slug: wp-all-import Software Status: Active Software Author: wpallimport Software Downloads: 3,920,346 Active Installs: 100,000 Last Updated: April 24, 2024 Patched Versions: 3.7.4 Affected Versions: <= 3.7.3 Vulnerability Details: Name: Import any XML or CSV File to WordPress <= 3.7.3…

Read More

Template Kit – Import Vulnerability – Authenticated Stored Cross-Site Scripting via Template Upload – CVE-2024-2334 | WordPress Plugin Vulnerability Report

Plugin Name: Template Kit – Import Key Information: Software Type: Plugin Software Slug: template-kit-import Software Status: Active Software Author: Envato Software Downloads: 548,134 Active Installs: 100,000 Last Updated: April 2, 2024 Patched Versions: 1.0.15 Affected Versions: <= 1.0.14 Vulnerability Details: Name: Template Kit – Import <= 1.0.14 Title: Authenticated (Author+) Stored Cross-Site Scripting via Template…

Read More

MetForm Vulnerability – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor – Authenticated Stored Cross-Site Scripting via Widgets – CVE-2024-2791 | WordPress Plugin Vulnerability Report

Plugin Name: MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor Key Information: Software Type: Plugin Software Slug: metform Software Status: Active Software Author: XpeedStudio Software Downloads: 3,334,058 Active Installs: 300,000 Last Updated: April 4, 2024 Patched Versions: 3.8.6 Affected Versions: <= 3.8.5 Vulnerability Details: Name: Metform Elementor Contact Form Builder <=…

Read More

Genesis Blocks – Authenticated Stored Cross-Site Scripting via Block Content – CVE-2024-1946 | WordPress Plugin Vulnerability Report 

Plugin Name: Genesis Blocks Key Information: Software Type: Plugin Software Slug: genesis-blocks Software Status: Active Software Author: StudioPress Software Downloads: 1,333,603 Active Installs: 100,000 Last Updated: April 2, 2024 Patched Versions: 3.1.3 Affected Versions: <= 3.1.2 Vulnerability Details: Name: Genesis Blocks <= 3.1.2 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via Block Content Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N CVE:…

Read More

Beaver Builder Vulnerability – WordPress Page Builder – Authenticated Stored Cross-Site Scripting via Button – CVE-2024-2925 | WordPress Plugin Vulnerability Report 

Plugin Name: Beaver Builder – WordPress Page Builder Key Information: Software Type: Plugin Software Slug: beaver-builder-lite-version Software Status: Active Software Author: justinbusa Software Downloads: 9,939,163 Active Installs: 10,000 Last Updated: April 3, 2024 Patched Versions: 2.8.0.7 Affected Versions: <= 2.8.0.5 Vulnerability Details: Name: Beaver Builder – WordPress Page Builder <= 2.8.0.5 Title: Authenticated (Contributor+) Stored…

Read More

Gutenberg Block Editor Toolkit Vulnerability – EditorsKit – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-2794 | WordPress Plugin Vulnerability Report

Plugin Name: Gutenberg Block Editor Toolkit – EditorsKit Key Information: Software Type: Plugin Software Slug: block-options Software Status: Active Software Author: munirkamal Software Downloads: 725,563 Active Installs: 30,000 Last Updated: April 1, 2024 Patched Versions: 1.40.5 Affected Versions: <= 1.40.4 Vulnerability Details: Name: Gutenberg Block Editor Toolkit – EditorsKit <= 1.40.4 Title: Authenticated (Contributor+) Stored…

Read More

Paid Memberships Pro Vulnerability– Content Restriction, User Registration, & Paid Subscriptions – Cross-Site Request Forgery – CVE-2024-0588 |WordPress Plugin Vulnerability Report

Plugin Name: Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions Key Information: Software Type: Plugin Software Slug: paid-memberships-pro Software Status: Active Software Author: strangerstudios Software Downloads: 5,653,134 Active Installs: 90,000 Last Updated: March 26, 2024 Patched Versions: 3.0 Affected Versions: <= 2.12.10 Vulnerability Details: Name: Paid Memberships Pro <= 2.12.10 Title: Cross-Site…

Read More

WP Recipe Maker Vulnerability- Missing Authorization to Authenticated SQL Injection – CVE-2024-1206 |WordPress Plugin Vulnerability Report

Plugin Name: WP Recipe Maker Key Information: Software Type: Plugin Software Slug: wp-recipe-maker Software Status: Active Software Author: brechtvds Software Downloads: 2,598,010 Active Installs: 50,000 Last Updated: February 13, 2024 Patched Versions: 9.2.0 Affected Versions: <= 9.1.2 Vulnerability Details: Name: WP Recipe Maker <= 9.1.2 Title: Missing Authorization to Authenticated (Subscriber+) SQL Injection Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H…

Read More

RSS Aggregator Vulnerability– RSS Import, News Feeds, Feed to Post, and Autoblogging – Authenticated (Admin+) Server-Side Request Forgery via RSS Feed Source – CVE-2024-0628 | WordPress Plugin Vulnerability Report 

Plugin Name: RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging Key Information: Software Type: Plugin Software Slug: wp-rss-aggregator Software Status: Active Software Author: jeangalea Software Downloads: 2,636,080 Active Installs: 60,000 Last Updated: February 13, 2024 Patched Versions: 4.23.6 Affected Versions: 4.23.5 – 4.23.5 Vulnerability Details: Name: WP RSS Aggregator <= 4.23.5…

Read More