Input Sanitization
Custom Field Suite Vulnerability – Authenticated (Admin+) Stored Cross-Site Scripting – CVE-2024-3068 | WordPress Plugin Vulnerability Report
Plugin Name: Custom Field Suite Key Information: Software Type: Plugin Software Slug: custom-field-suite Software Status: Active Software Author: mgibbs189 Software Downloads: 629,966 Active Installs: 50,000 Last Updated: May 7, 2024 Patched Versions: 2.6.6 Affected Versions: <= 2.6.5 Vulnerability Details: Name: Custom Field Suite <= 2.6.5 – Authenticated (Admin+) Stored Cross-Site Scripting Type: Improper Neutralization of…
Read More3D FlipBook Vulnerability – Authenticated (Author+) Stored Cross-Site Scripting via Bookmark URL – CVE-2024-3883 | WordPress Plugin Vulnerability Report
Plugin Name: 3D FlipBook Key Information: Software Type: Plugin Software Slug: interactive-3d-flipbook-powered-physics-engine Software Status: Active Software Author: iberezansky Software Downloads: 1,595,226 Active Installs: 70,000 Last Updated: May 1, 2024 Patched Versions: 1.15.5 Affected Versions: <= 1.15.4 Vulnerability Details: Name: 3D FlipBook <= 1.15.4 – Authenticated (Author+) Stored Cross-Site Scritping via Bookmark URL Type: Improper Neutralization…
Read MoreForminator Vulnerability – Unauthenticated Stored Cross-Site Scripting via File Upload – CVE-2024-1794 | WordPress Plugin Vulnerability Report
Plugin Name: Forminator Key Information: Software Type: Plugin Software Slug: forminator Software Status: Active Software Author: wpmudev Software Downloads: 6,543,744 Active Installs: 500,000 Last Updated: March 29, 2024 Patched Versions: 1.29.1 Affected Versions: <= 1.29.0 Vulnerability Details: Name: Forminator <= 1.29.0 – Unauthenticated Stored Cross-Site Scripting via File Upload Type: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) CVE: CVE-2024-1794 CVSS Score: 7.2 (High) Publicly Published: March…
Read MoreVisual Composer Vulnerability – Authenticated Contributor+ Stored Cross-Site Scripting – CVE-2023-6880 | WordPress Plugin Vulnerability Report
Plugin Name: Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode & Coming Soon Pages Key Information: Software Type: Plugin Software Slug: visualcomposer Software Status: Active Software Author: visualcomposer Software Downloads: 2,579,334 Active Installs: 60,000 Last Updated: March 1, 2024 Patched Versions: <= 45.6.0 Affected Versions: 45.7.0 Vulnerability Details: Name: Visual Composer…
Read MoreAmelia Booking Vulnerability – Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode – CVE-2023-6808 | WordPress Plugin Vulnerability Report
Plugin Name: Amelia Booking Key Information: Software Type: Plugin Software Slug: ameliabooking Software Status: Active Software Author: ameliabooking Software Downloads: 535,131 Active Installs: 60,000 Last Updated: January 18, 2024 Patched Versions: 1.0.94 Affected Versions: <= 1.0.93 Vulnerability Details: Name: Booking for Appointments and Events Calendar – Amelia <= 1.0.93 – Authenticated(Contributor+) Stored Cross-Site Scripting via…
Read MoreWordPress Plugin Vulnerability Report – Modern Events Calendar Lite – Authenticated (Admin+) Stored Cross-Site Scripting – CVE-2023-4021
Plugin Name: Modern Events Calendar Lite Key Information: Software Type: PluginSoftware Slug: modern-events-calendar-liteSoftware Status: RemovedSoftware Author: webnus/Software Downloads: 3,047,787Active Installs: 100,000Last Updated: September 28, 2023Patched Versions: 7.1.0Affected Versions: <7.1.0 Vulnerability Details: Name: Modern Events Calendar lite < 7.1.0 – Authenticated (Admin+) Stored Cross-Site ScriptingType: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)CVE: CVE-2023-4021CVSS…
Read MoreWordPress Plugin Vulnerability Report – iframe – Authenticated (Contributor+) Stored Cross-Site Scripting via ‘iframe’ Shortcode – CVE-2023-4919
Plugin Name: iframe Key Information: Software Type: Plugin Software Slug: iframe Software Status: Active Software Author: webvitaly Software Downloads: 1,423,357 Active Installs: 100,000 Last Updated: September 25, 2023 Patched Versions: 4.6 Affected Versions: <=4.6 Vulnerability Details: Name: iframe <= 4.6 – Authenticated (Contributor+) Stored Cross-Site Scripting via ‘iframe’ Shortcode Title: Authenticated (Contributor+) Stored Cross-Site Scripting…
Read MoreWordPress Plugin Vulnerability Report – Media Library Assistant – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2023-4716
Plugin Name: Media Library Assistant Key Information: Software Type: Plugin Software Slug: media-library-assistant Software Status: Active Software Author: David Lingren Software Downloads: 1,759,449 Active Installs: 70,000 Last Updated: September 21, 2023 Patched Versions: <=3.10 Affected Versions: 3.11 Vulnerability Details: Name: Media Library Assistant <= 3.10 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Type: Improper…
Read MoreWordPress Plugin Vulnerability Report – Leaflet Map – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2023-5050
Plugin Name: Leaflet Map Key Information: Software Type: Plugin Software Slug: leaflet-map Software Status: Active Software Author: bozdoz Software Downloads: 339,670 Active Installs: 30,000 Last Updated: September 20, 2023 Patched Versions: <=3.3.0 Affected Versions: 3.3.1 Vulnerability Details: Name: Leaflet Map <= 3.3.0 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Type: Improper Neutralization of Input…
Read More