ElementsKit Elementor addons and Templates Library Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Image Accordion Widget – CVE-2024-3650 | WordPress Plugin Vulnerability Report

Plugin Name: ElementsKit Elementor addons and Templates Library Key Information: Software Type: Plugin Software Slug: elementskit-lite Software Status: Active Software Author: xpeedstudio Software Downloads: 19,230,464 Active Installs: 1,000,000 Last Updated: May 13, 2024 Patched Versions: 3.1.3 Affected Versions: 3.0.7 – 3.1.2 Vulnerability Details: Name: ElementsKit Elementor addons 3.0.7 – 3.1.2 Title: Authenticated (Contributor+) Stored Cross-Site…

Read More

All in One SEO Vulnerability – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2024-3554 | WordPress Plugin Vulnerability Report

Plugin Name: All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic Key Information: Software Type: Plugin Software Slug: all-in-one-seo-pack Software Status: Active Software Author: smub Software Downloads: 148,632,678 Active Installs: 3,000,000 Last Updated: May 13, 2024 Patched Versions: 4.6.1.1 Affected Versions: <= 4.6.0 Vulnerability Details: Name: All…

Read More

Elementor Addon Elements Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-3743 | WordPress Plugin Vulnerability Report

Plugin Name: Elementor Addon Elements Key Information: Software Type: Plugin Software Slug: addon-elements-for-elementor-page-builder Software Status: Active Software Author: webtechstreet Software Downloads: 2,632,773 Active Installs: 100,000 Last Updated: May 12, 2024 Patched Versions: 1.13.4 Affected Versions: <= 1.13.3 Vulnerability Details: Name: Elementor Addon Elements <= 1.13.3 Title: Authenticated (Contributor+) Stored Cross-Site Scripting Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N CVE: CVE-2024-3743…

Read More

Exclusive Addons for Elementor Vulnerability – Multiple Stored XSS Vulnerabilities – Multiple CVEs | WordPress Plugin Vulnerability Report

Plugin Name: Exclusive Addons for Elementor Key Information: Software Type: Plugin Software Slug: exclusive-addons-for-elementor Software Status: Active Software Author: timstrifler Software Downloads: 841,164 Active Installs: 60,000 Last Updated: May 6, 2024 Patched Versions: 2.6.9.5, 2.6.9.4 Affected Versions: <= 2.6.9.4, <= 2.6.9.3 Vulnerability Details: Name: Exclusive Addons for Elementor <= 2.6.9.4 Title: Authenticated (Contributor+) Stored Cross-Site…

Read More

Social Sharing Plugin Vulnerability – Social Warfare – Authenticated Stored Cross-Site Scripting via Shortcode – CVE-2024-1959 | WordPress Plugin Vulnerability Report

Plugin Name: Social Sharing Plugin – Social Warfare Key Information: Software Type: Plugin Software Slug: social-warfare Software Status: Active Software Author: warfareplugins Software Downloads: 1,728,768 Active Installs: 30,000 Last Updated: May 3, 2024 Patched Versions: 4.4.6.2 Affected Versions: <= 4.4.6.1 Vulnerability Details: Name: Social Sharing Plugin – Social Warfare <= 4.4.6.1 Title: Authenticated Stored Cross-Site…

Read More

Otter Blocks Vulnerability – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE – Authenticated Stored Cross-Site Scripting via ‘titleTag’ – CVE-2024-3725 | WordPress Plugin Vulnerability Report

Plugin Name: Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE Key Information: Software Type: Plugin Software Slug: otter-blocks Software Status: Active Software Author: themeisle Software Downloads: 7,631,372 Active Installs: 300,000 Last Updated: April 25, 2024 Patched Versions: 2.6.10 Affected Versions: <= 2.6.9 Vulnerability Details: Name: Otter Blocks <= 2.6.9 Title: Authenticated…

Read More

RSS Aggregator by Feedzy Vulnerability – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator – Authenticated Blind Server-Side Request Forgery (SSRF) – CVE-2023-6805 | WordPress Plugin Vulnerability Report

Plugin Name: RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator Key Information: Software Type: Plugin Software Slug: feedzy-rss-feeds Software Status: Active Software Author: themeisle Software Downloads: 2,223,288 Active Installs: 50,000 Last Updated: April 25, 2024 Patched Versions: 4.4.8 Affected Versions: <= 4.4.7 Vulnerability Details: Name: RSS Aggregator by…

Read More

Paid Memberships Pro Vulnerability – Content Restriction, User Registration, & Paid Subscriptions – Cross-Site Request Forgery – CVE-2024-3215 | WordPress Plugin Vulnerability Report

Plugin Name: Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions Key Information: Software Type: Plugin Software Slug: paid-memberships-pro Software Status: Active Software Author: strangerstudios Software Downloads: 5,775,005 Active Installs: 90,000 Last Updated: April 25, 2024 Patched Versions: 3.0.2 Affected Versions: <= 3.0.1 Vulnerability Details: Name: Paid Memberships Pro <= 3.0.1 Title: Cross-Site…

Read More

Smart Slider 3 Vulnerability – Missing Authorization to Limited File Upload – CVE-2024-3027 | WordPress Plugin Vulnerability Report

Plugin Name: Smart Slider 3 Key Information: Software Type: Plugin Software Slug: smart-slider-3 Software Status: Active Software Author: nextendweb Software Downloads: 17,368,541 Active Installs: 900,000 Last Updated: April 25, 2024 Patched Versions: 3.5.1.23 Affected Versions: <= 3.5.1.22 Vulnerability Details: Name: Smart Slider 3 <= 3.5.1.22 Title: Missing Authorization to Limited File Upload Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N CVE:…

Read More

Blocksy Companion Vulnerability – Cross-Site Request Forgery – CVE-2024-31932 | WordPress Plugin Vulnerability Report 

Plugin Name: Blocksy Companion Key Information: Software Type: Plugin Software Slug: blocksy-companion Software Status: Active Software Author: creativethemeshq Software Downloads: 7,114,824 Active Installs: 200,000 Last Updated: April 24, 2024 Patched Versions: 2.0.29 Affected Versions: <= 2.0.28 Vulnerability Details: Name: Blocksy Companion <= 2.0.28 Title: Cross-Site Request Forgery Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE: CVE-2024-31932 CVSS Score: 5.3 Publicly…

Read More