The Events Calendar Vulnerability – Cross-Site Request Forgery via action_restore_events – CVE-2024-37518 | WordPress Plugin Vulnerability Report 

Plugin Name: The Events Calendar Key Information: Software Type: Plugin Software Slug: the-events-calendar Software Status: Active Software Author: theeventscalendar Software Downloads: 60,464,127 Active Installs: 700,000 Last Updated: July 27, 2024 Patched Versions: 6.5.1.5 Affected Versions: <= 6.5.1.4 Vulnerability Details: Name: The Events Calendar <= 6.5.1.4 Title: Cross-Site Request Forgery via action_restore_events Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE: CVE-2024-37518…

Read More

Spectra – WordPress Gutenberg Blocks Vulnerability – Missing Authorization via generate_ai_content – CVE-2024-37517 | WordPress Plugin Vulnerability Report

Plugin Name: Spectra – WordPress Gutenberg Blocks Key Information: Software Type: Plugin Software Slug: ultimate-addons-for-gutenberg Software Status: Active Software Author: brainstormforce Software Downloads: 24,630,054 Active Installs: 800,000 Last Updated: July 27, 2024 Patched Versions: <= 2.13.7 Affected Versions: 2.13.8 Vulnerability Details: Name: Spectra <= 2.13.7 Title: Missing Authorization via generate_ai_content Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVE: CVE-2024-37517 CVSS…

Read More

Ninja Forms – The Contact Form Builder That Grows With You Vulnerability – Authenticated (Subscriber+) Arbitrary Shortcode Execution – CVE-2024-37934 | WordPress Plugin Vulnerability Report

Plugin name: Ninja Forms – The Contact Form Builder That Grows With You  Key Information: Software Type: Plugin Software Slug: ninja-forms Software Status: Active Software Author: kstover Software Downloads: 45,866,064 Active Installs: 800,000 Last Updated: July 27, 2024 Patched Versions: 3.8.5 Affected Versions: <= 3.8.4 Vulnerability Details: Name: Ninja Forms <= 3.8.4 Title: Authenticated (Subscriber+)…

Read More

Elementor Header & Footer Builder Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-33933 | WordPress Plugin Vulnerability Report

Plugin name: Elementor Header & Footer Builder Key Information: Software Type: Plugin Software Slug: header-footer-elementor Software Status: Active Software Author: brainstormforce Software Downloads: 30,625,064 Active Installs: 2,000,000 Last Updated: July 27, 2024 Patched Versions: NA Affected Versions: <= 1.6.35 Vulnerability Details: Name: Elementor – Header, Footer & Blocks Template <= 1.6.35 Title: Authenticated (Contributor+) Stored…

Read More

Easy Table of Contents Vulnerability- Authenticated (Editor+) Stored Cross-Site Scripting – CVE-2024-6334 |WordPress Plugin Vulnerability Report

Plugin Name: Easy Table of Contents Key Information: Software Type: Plugin Software Slug: easy-table-of-contents Software Status: Active Software Author: magazine3 Software Downloads: 12,901,982 Active Installs: 500,000 Last Updated: July 26, 2024 Patched Versions: 2.0.67.1 Affected Versions: <= 2.0.67 Vulnerability Details: Name: Easy Table of Contents <= 2.0.67 Title: Authenticated (Editor+) Stored Cross-Site Scripting Type: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N…

Read More

ElementsKit Elementor addons and Templates Library Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Image Accordion Widget – CVE-2024-3650 | WordPress Plugin Vulnerability Report

Plugin Name: ElementsKit Elementor addons and Templates Library Key Information: Software Type: Plugin Software Slug: elementskit-lite Software Status: Active Software Author: xpeedstudio Software Downloads: 19,230,464 Active Installs: 1,000,000 Last Updated: May 13, 2024 Patched Versions: 3.1.3 Affected Versions: 3.0.7 – 3.1.2 Vulnerability Details: Name: ElementsKit Elementor addons 3.0.7 – 3.1.2 Title: Authenticated (Contributor+) Stored Cross-Site…

Read More

All in One SEO Vulnerability – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2024-3554 | WordPress Plugin Vulnerability Report

Plugin Name: All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic Key Information: Software Type: Plugin Software Slug: all-in-one-seo-pack Software Status: Active Software Author: smub Software Downloads: 148,632,678 Active Installs: 3,000,000 Last Updated: May 13, 2024 Patched Versions: 4.6.1.1 Affected Versions: <= 4.6.0 Vulnerability Details: Name: All…

Read More

Elementor Addon Elements Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-3743 | WordPress Plugin Vulnerability Report

Plugin Name: Elementor Addon Elements Key Information: Software Type: Plugin Software Slug: addon-elements-for-elementor-page-builder Software Status: Active Software Author: webtechstreet Software Downloads: 2,632,773 Active Installs: 100,000 Last Updated: May 12, 2024 Patched Versions: 1.13.4 Affected Versions: <= 1.13.3 Vulnerability Details: Name: Elementor Addon Elements <= 1.13.3 Title: Authenticated (Contributor+) Stored Cross-Site Scripting Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N CVE: CVE-2024-3743…

Read More

Exclusive Addons for Elementor Vulnerability – Multiple Stored XSS Vulnerabilities – Multiple CVEs | WordPress Plugin Vulnerability Report

Plugin Name: Exclusive Addons for Elementor Key Information: Software Type: Plugin Software Slug: exclusive-addons-for-elementor Software Status: Active Software Author: timstrifler Software Downloads: 841,164 Active Installs: 60,000 Last Updated: May 6, 2024 Patched Versions: 2.6.9.5, 2.6.9.4 Affected Versions: <= 2.6.9.4, <= 2.6.9.3 Vulnerability Details: Name: Exclusive Addons for Elementor <= 2.6.9.4 Title: Authenticated (Contributor+) Stored Cross-Site…

Read More

Social Sharing Plugin Vulnerability – Social Warfare – Authenticated Stored Cross-Site Scripting via Shortcode – CVE-2024-1959 | WordPress Plugin Vulnerability Report

Plugin Name: Social Sharing Plugin – Social Warfare Key Information: Software Type: Plugin Software Slug: social-warfare Software Status: Active Software Author: warfareplugins Software Downloads: 1,728,768 Active Installs: 30,000 Last Updated: May 3, 2024 Patched Versions: 4.4.6.2 Affected Versions: <= 4.4.6.1 Vulnerability Details: Name: Social Sharing Plugin – Social Warfare <= 4.4.6.1 Title: Authenticated Stored Cross-Site…

Read More