BackUpWordPress Vulnerability – Authenticated (Admin+) Directory Traversal – CVE-2024-3034 | WordPress Plugin Vulnerability Report

Plugin Name: BackUpWordPress Key Information: Software Type: Plugin Software Slug: backupwordpress Software Status: Active Software Author: willmot Software Downloads: 4,796,104 Active Installs: 100,000 Last Updated: May 10, 2024 Patched Versions: 3.14 Affected Versions: <= 3.13 Vulnerability Details: Name: BackUpWordPress <= 3.13 Title: Authenticated (Admin+) Directory Traversal Type: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N CVE: CVE-2024-3034 CVSS Score: 2.7 Publicly Published:…

Read More

WordPress Infinite Scroll Vulnerability – Ajax Load More – Authenticated (Admin+) Directory Traversal to Arbitrary File Read – CVE-2024-1790 |WordPress Plugin Vulnerability Report

Plugin Name: WordPress Infinite Scroll – Ajax Load More Key Information: Software Type: Plugin Software Slug: ajax-load-more Software Status: Active Software Author: connekthq Software Downloads: 1,877,054 Active Installs: 50,000 Last Updated: March 26, 2024 Patched Versions: 7.1.0 Affected Versions: <= 7.0.1 Vulnerability Details: Name: Ajax Load More <= 7.0.1 Authenticated (Admin+) Directory Traversal to Arbitrary…

Read More

Backuply Vulnerability– Backup, Restore, Migrate and Clone – Authenticated (Admin+) Directory Traversal – CVE-2024-2294 | WordPress Plugin Vulnerability Report

Plugin Name: Backuply – Backup, Restore, Migrate and Clone Key Information: Software Type: Plugin Software Slug: backuply Software Status: Active Software Author: softaculous Software Downloads: 2,266,088 Active Installs: 200,000 Last Updated: March 19, 2024 Patched Versions: 1.2.8 Affected Versions: <= 1.2.7 Vulnerability Details: Name: Backuply – Backup, Restore, Migrate and Clone <= 1.2.7 Title: Authenticated…

Read More

HT Mega Vulnerability– Absolute Addons For Elementor – Authenticated Directory Traversal – CVE-2024-1974 |WordPress Plugin Vulnerability Report

Plugin Name: HT Mega – Absolute Addons For Elementor Key Information: Software Type: Plugin Software Slug: ht-mega-for-elementor Software Status: Active Software Author: devitemsllc Software Downloads: 3,604,562 Active Installs: 100,000 Last Updated: March 14, 2024 Patched Versions: 2.4.7 Affected Versions: <= 2.4.6 Vulnerability Details: Name: HT Mega – Absolute Addons For Elementor <= 2.4.6 Title: Authenticated…

Read More

File Manager Vulnerability- Directory Traversal – CVE-2023-6825 | WordPress Plugin Vulnerability Report 

Plugin Name: File Manager Key Information: Software Type: Plugin Software Slug: wp-file-manager Software Status: Active Software Author: mndpsingh287 Software Downloads: 20,544,237 Active Installs: 1,000,000 Last Updated: March 7, 2024 Patched Versions: 7.2.2 Affected Versions: <= 7.2.1 Vulnerability Details: Name: File Manager And File Manager Pro (Multiple Versions) Type: Directory Traversal CVE: CVE-2023-6825 CVSS Score: 9.9…

Read More

Backuply Vulnerability– Backup, Restore, Migrate and Clone – Authenticated (Administrator+) Directory Traversal – CVE-2024-0697 |WordPress Plugin Vulnerability Report 

Plugin Name: Backuply – Backup, Restore, Migrate and Clone Key Information: Software Type: Plugin Software Slug: backuply Software Status: Active Software Author: Softaculous Software Downloads: 1,893,554 Active Installs: 200,000 Last Updated: February 1, 2024 Patched Versions: 1.2.4 Affected Versions: <= 1.2.3 Vulnerability Details: Name: Backuply – Backup, Restore, Migrate and Clone <= 1.2.3 Title: Authenticated…

Read More

WordPress Plugin Vulnerability Report – BackWPup – Authenticated (Administrator+) Directory Traversal – CVE-2023-5504

Plugin Name: BackWPup Key Information: Software Type: Plugin Software Slug: backwpup Software Status: Active Software Author: wp_media Software Downloads: 13,284,859 Active Installs: 600,000 Last Updated: November 22, 2023 Patched Versions: 4.0.2 Affected Versions: <= 4.0.1 Vulnerability Details: Name: BackWPup <= 4.0.1 – Authenticated (Administrator+) Directory Traversal Title: Authenticated (Administrator+) Directory Traversal Type: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) CVE: CVE-2023-5504 CVSS Score: 8.7 (High)…

Read More

WordPress Plugin Vulnerability Report – Icegram Express – Email Marketing, Newsletters and Automation for WordPress & WooCommerce – Authenticated Directory Traversal – CVE-2023-5414

Plugin Name: Icegram Express – Email Marketing, Newsletters and Automation for WordPress & WooCommerce Key Information: Software Type: Plugin Software Slug: email-subscribers Software Status: Active Software Author: icegram Software Downloads: 9,788,187 Active Installs: 100,000 Last Updated: October 11, 2023 Patched Versions: 5.6.24 Affected Versions: <= 5.6.23 Vulnerability Details: Name: Icegram Express <= 5.6.23 – Authenticated (Administrator+) Directory Traversal to Arbitrary File Read Type: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H CVE: CVE-2023-5414 CVSS…

Read More