ShopLentor Vulnerability – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) – Authenticated Stored Cross-site Scripting via QR Code Widget – CVE-2024-2946 | WordPress Plugin Vulnerability Report 

Plugin Name: ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) Key Information: Software Type: Plugin Software Slug: woolentor-addons Software Status: Active Software Author: devitemsllc Software Downloads: 3,355,176 Active Installs: 100,000 Last Updated: April 4, 2024 Patched Versions: 2.8.5 Affected Versions: <= 2.8.4 Vulnerability Details: Name: ShopLentor…

Read More

Happy Addons for Elementor Vulnerability – Multiple XSS Vulnerabilities –  CVE-2024-2787, CVE-2024-2789, CVE-2024-1498, CVE-2024-1387 | WordPress Plugin Vulnerability Report

Plugin Name: Happy Addons for Elementor Key Information Software Type: Plugin Software Slug: happy-elementor-addons Software Status: Active Software Author: thehappymonster Software Downloads: 6,284,286 Active Installs: 400,000 Last Updated: April 4, 2024 Patched Versions: 3.10.5, 3.10.4 Affected Versions: <= 3.10.3 Vulnerability Details Vulnerability 1 Name: Happy Addons for Elementor <= 3.10.4 – Authenticated Stored Cross-Site Scripting…

Read More

PowerPack Addons for Elementor Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-2491, CVE-2024-2492 | WordPress Plugin Vulnerability Report

Plugin Name: PowerPack Addons for Elementor Key Information: Software Type: Plugin Software Slug: powerpack-lite-for-elementor Software Status: Active Software Author: ideaboxcreations Software Downloads: 2,280,809 Active Installs: 100,000 Last Updated: March 29, 2024 Patched Versions: 2.7.19 Affected Versions: <= 2.7.18 Vulnerability Details: Name: PowerPack Addons for Elementor <= 2.7.18 – Authenticated (Contributor+) Stored Cross-Site Scripting via Twitter Tweet Widget, PowerPack Addons for Elementor <= 2.7.17 – Authenticated…

Read More

HT Mega Vulnerability– Absolute Addons For Elementor – Authenticated Directory Traversal – CVE-2024-1974 |WordPress Plugin Vulnerability Report

Plugin Name: HT Mega – Absolute Addons For Elementor Key Information: Software Type: Plugin Software Slug: ht-mega-for-elementor Software Status: Active Software Author: devitemsllc Software Downloads: 3,604,562 Active Installs: 100,000 Last Updated: March 14, 2024 Patched Versions: 2.4.7 Affected Versions: <= 2.4.6 Vulnerability Details: Name: HT Mega – Absolute Addons For Elementor <= 2.4.6 Title: Authenticated…

Read More

HT Mega Vulnerability – Absolute Addons For Elementor – Authenticated Stored Cross-Site Scripting via Post Carousel Widget – CVE-2024-1421 | WordPress Plugin Vulnerability Report

Plugin Name: HT Mega – Absolute Addons For Elementor Key Information: Software Type: Plugin Software Slug: ht-mega-for-elementor Software Status: Active Software Author: devitemsllc Software Downloads: 3,603,212 Active Installs: 100,000 Last Updated: March 13, 2024 Patched Versions: 2.4.5 Affected Versions: <= 2.4.4 Vulnerability Details: Name: HT Mega – Absolute Addons For Elementor <= 2.4.4 Title: Authenticated…

Read More

Premium Addons for Elementor – Authenticated Stored Cross-Site Scripting via Link Wrapper – CVE-2024-0326 | WordPress Plugin Vulnerability Report

Plugin Name: Premium Addons for Elementor Key Information: Software Type: Plugin Software Slug: premium-addons-for-elementor Software Status: Active Software Author: leap13 Software Downloads: 30,089,290 Active Installs: 700,000 Last Updated: March 13, 2024 Patched Versions: 4.0.18 Affected Versions: <= 4.0.17 Vulnerability Details: Name: Premium Addons for Elementor <= 4.0.17 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via Link…

Read More

Essential Addons for Elementor Vulnerability- Authenticated Stored Cross-Site Scripting via Data Table – CVE-2024-1537 |WordPress Plugin Vulnerability Report

Plugin Name: Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders Key Information: Software Type: Plugin Software Slug: essential-addons-for-elementor-lite Software Status: Active Software Author: wpdevteam Software Downloads: 67,142,962 Active Installs: 2,000,000 Last Updated: March 13, 2024 Patched Versions: 5.9.10 Affected Versions: <= 5.9.9 Vulnerability Details: Name: Essential Addons for Elementor <=…

Read More

Premium Addons for Elementor Vulnerability- Authenticated Stored Cross-Site Scripting – CVE-2024-1680 | WordPress Plugin Vulnerability Report

Plugin Name: Premium Addons for Elementor Key Information: Software Type: Plugin Software Slug: premium-addons-for-elementor Software Status: Active Software Author: leap13 Software Downloads: 29,801,020 Active Installs: 700,000 Last Updated: February 28, 2024 Patched Versions: 4.10.22 Affected Versions: <= 4.10.21 Vulnerability Details: Name: Premium Addons for Elementor <= 4.10.21 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via Banner,…

Read More

Elementor Addon Elements Vulnerability – Directory Traversal to Local File Inclusion – CVE-2024-1358 | WordPress Plugin Vulnerability Report

Plugin Name: Elementor Addon Elements Key Information: Software Type: Plugin Software Slug: addon-elements-for-elementor-page-builder Software Status: Active Software Author: webtechstreet Software Downloads: 2,406,134 Active Installs: 100,000 Last Updated: February 21, 2024 Patched Versions: 1.13 Affected Versions: <= 1.12.12 Vulnerability 1 Details: Name: Elementor Addon Elements <= 1.12.12 – Directory Traversal to Local File Inclusion Title: Directory Traversal to Local File Inclusion Type: Improper Limitation of a Pathname to…

Read More

Happy Addons for Elementor Vulnerability – Reflected Cross-Site Scripting – CVE-2023-6632 | WordPress Plugin Vulnerability Report

Plugin Name: Happy Addons for Elementor Key Information: Software Type: Plugin Software Slug: happy-elementor-addons Software Status: Active Software Author: thehappymonster Software Downloads: 5,728,647 Active Installs: 400,000 Last Updated: January 5, 2024 Patched Versions: 3.10.0 Affected Versions: <= 3.9.1.1 Vulnerability Details: Name: Happy Addons for Elementor <= 3.9.1.1 – Reflected Cross-Site Scripting Title: Reflected Cross-Site Scripting Type: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) CVE: CVE-2023-6632…

Read More