Image Watermark Vulnerability – Missing Authorization to Authenticated (Subscriber+) Watermark Modification – CVE-2024-1994 | WordPress Plugin Vulnerability Report

Plugin Name: Image Watermark Key Information: Software Type: Plugin Software Slug: image-watermark Software Status: Active Software Author: dfactory Software Downloads: 842,453 Active Installs: 50,000 Last Updated: April 10, 2024 Patched Versions: 1.7.4 Affected Versions: <= 1.7.3 Vulnerability Details: Name: Image Watermark <= 1.7.3 Title: Missing Authorization to Authenticated (Subscriber+) Watermark Modification Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVE: CVE-2024-1994…

Read More

ShopLentor Vulnerability – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) – Authenticated Stored Cross-site Scripting via QR Code Widget – CVE-2024-2946 | WordPress Plugin Vulnerability Report

Plugin Name: ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) Key Information: Software Type: Plugin Software Slug: woolentor-addons Software Status: Active Software Author: devitemsllc Software Downloads: 3,355,176 Active Installs: 100,000 Last Updated: April 4, 2024 Patched Versions: 2.8.5 Affected Versions: <= 2.8.4 Vulnerability Details: Name: ShopLentor…

Read More

ElementsKit Elementor addons Vulnerability – Authenticated Stored Cross-Site Scripting via Countdown Widget – CVE-2024-2803 | WordPress Plugin Vulnerability Report

Plugin Name: ElementsKit Elementor addons Key Information: Software Type: Plugin Software Slug: elementskit-lite Software Status: Active Software Author: xpeedstudio Software Downloads: 17,727,023 Active Installs: 1,000,000 Last Updated: April 3, 2024 Patched Versions: 3.1.0 Affected Versions: <= 3.0.7 Vulnerability Details: Name: ElementsKit Elementor addons <= 3.0.7 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget Type:…

Read More

CMB2 Vulnerability – Authenticated PHP Object Injection – CVE-2024-1792 | WordPress Plugin Vulnerability Report

Plugin Name: CMB2 Key Information: Software Type: Plugin Software Slug: cmb2 Software Status: Active Software Author: jtsternberg Software Downloads: 4,198,199 Active Installs: 300,000 Last Updated: April 3, 2024 Patched Versions: 2.11.0 Affected Versions: <= 2.10.1 Vulnerability Details: Name: CMB2 <= 2.10.1 Title: Authenticated PHP Object Injection Type: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE: CVE-2024-1792 CVSS Score: 7.2 Publicly Published:…

Read More

WPFront User Role Editor Vulnerability – Limited Information Exposure – CVE-2024-2931 | WordPress Plugin Vulnerability Report

Plugin Name: WPFront User Role Editor Key Information: Software Type: Plugin Software Slug: wpfront-user-role-editor Software Status: Active Software Author: syammohanm Software Downloads: 787,036 Active Installs: 50,000 Last Updated: April 2, 2024 Patched Versions: 4.1.0 Affected Versions: <= 3.2.1.11184 Vulnerability Details: Name: WPFront User Role Editor <= 3.2.1.11184 Title: Limited Information Exposure Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE: CVE-2024-2931…

Read More

Link Whisper Free Vulnerability- Authenticated (Contributor+) PHP Object Injection – CVE-2024-2693 |WordPress Plugin Vulnerability Report

Plugin Name: Link Whisper Free Key Information: Software Type: Plugin Software Slug: link-whisper Software Status: Active Software Author: linkwhspr Software Downloads: 449,941 Active Installs: 30,000 Last Updated: March 26, 2024 Patched Versions: 0.7.2 Affected Versions: <= 0.7.1 Vulnerability Details: Name: Link Whisper Free <= 0.7.1 Authenticated (Contributor+) PHP Object Injection Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE: CVE-2024-2693 CVSS…

Read More

BetterDocs Vulnerability – Best Documentation, FAQ & Knowledge Base Plugin with AI Support & Instant Answer for Elementor & Gutenberg – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2024-2845 | WordPress Plugin Vulnerability Report

Plugin Name: BetterDocs – Best Documentation, FAQ & Knowledge Base Plugin with AI Support & Instant Answer for Elementor & Gutenberg Key Information: Software Type: Plugin Software Slug: betterdocs Software Status: Active Software Author: wpdevteam Software Downloads: 1,219,559 Active Installs: 30,000 Last Updated: March 26, 2024 Patched Versions: 3.5.0 Affected Versions: <= 3.4.2 Vulnerability Details:…

Read More

Post and Page Builder by BoldGrid Vulnerability – Visual Drag and Drop Editor – Authenticated (Contributor+) Stored Cross-Site Scripting |WordPress Plugin Vulnerability Report

Plugin Name: Post and Page Builder by BoldGrid – Visual Drag and Drop Editor Key Information: Software Type: Plugin Software Slug: post-and-page-builder Software Status: Active Software Author: BoldGrid Software Downloads: 1,381,114 Active Installs: 80,000 Last Updated: March 25, 2024 Patched Versions: 1.26.3 Affected Versions: <= 1.26.2 Vulnerability Details: Name: Post and Page Builder by BoldGrid…

Read More

Affiliate Links, Link Branding, Link Tracking & Marketing Plugin Vulnerability – Cross-Site Request Forgery to Plugin Settings Update – CVE-2024-2326 |WordPress Plugin Vulnerability Report – Pretty Links

Plugin Name: Pretty Links – Affiliate Links, Link Branding, Link Tracking & Marketing Plugin Key Information: Software Type: Plugin Software Slug: pretty-link Software Status: Active Software Author: supercleanse Software Downloads: 7,316,398 Active Installs: 300,000 Last Updated: March 22, 2024 Patched Versions: 3.6.4 Affected Versions: <= 3.6.3 Vulnerability Details: Name: Pretty Links <= 3.6.3 Title: Cross-Site…

Read More

Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor – Authenticated (Contributor+) Stored Cross-site Scripting via ’embedpress_doc_custom_color’ – CVE-2024-2688 | WordPress Plugin Vulnerability Report – EmbedPress

Plugin Name: EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor Key Information: Software Type: Plugin Software Slug: embedpress Software Status: Active Software Author: wpdevteam Software Downloads: 2,350,234 Active Installs: 90,000 Last Updated: March 22, 2024 Patched Versions: 3.9.13 Affected Versions: <= 3.9.12…

Read More