Spectra – WordPress Gutenberg Blocks Vulnerability – Missing Authorization via generate_ai_content – CVE-2024-37517 | WordPress Plugin Vulnerability Report

Plugin Name: Spectra – WordPress Gutenberg Blocks Key Information: Software Type: Plugin Software Slug: ultimate-addons-for-gutenberg Software Status: Active Software Author: brainstormforce Software Downloads: 24,630,054 Active Installs: 800,000 Last Updated: July 27, 2024 Patched Versions: <= 2.13.7 Affected Versions: 2.13.8 Vulnerability Details: Name: Spectra <= 2.13.7 Title: Missing Authorization via generate_ai_content Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVE: CVE-2024-37517 CVSS…

Read More

Ninja Forms – The Contact Form Builder That Grows With You Vulnerability – Authenticated (Subscriber+) Arbitrary Shortcode Execution – CVE-2024-37934 | WordPress Plugin Vulnerability Report

Plugin name: Ninja Forms – The Contact Form Builder That Grows With You  Key Information: Software Type: Plugin Software Slug: ninja-forms Software Status: Active Software Author: kstover Software Downloads: 45,866,064 Active Installs: 800,000 Last Updated: July 27, 2024 Patched Versions: 3.8.5 Affected Versions: <= 3.8.4 Vulnerability Details: Name: Ninja Forms <= 3.8.4 Title: Authenticated (Subscriber+)…

Read More

Elementor Header & Footer Builder Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-33933 | WordPress Plugin Vulnerability Report

Plugin name: Elementor Header & Footer Builder Key Information: Software Type: Plugin Software Slug: header-footer-elementor Software Status: Active Software Author: brainstormforce Software Downloads: 30,625,064 Active Installs: 2,000,000 Last Updated: July 27, 2024 Patched Versions: NA Affected Versions: <= 1.6.35 Vulnerability Details: Name: Elementor – Header, Footer & Blocks Template <= 1.6.35 Title: Authenticated (Contributor+) Stored…

Read More

Easy Table of Contents Vulnerability- Authenticated (Editor+) Stored Cross-Site Scripting – CVE-2024-6334 |WordPress Plugin Vulnerability Report

Plugin Name: Easy Table of Contents Key Information: Software Type: Plugin Software Slug: easy-table-of-contents Software Status: Active Software Author: magazine3 Software Downloads: 12,901,982 Active Installs: 500,000 Last Updated: July 26, 2024 Patched Versions: 2.0.67.1 Affected Versions: <= 2.0.67 Vulnerability Details: Name: Easy Table of Contents <= 2.0.67 Title: Authenticated (Editor+) Stored Cross-Site Scripting Type: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N…

Read More

3D FlipBook Vulnerability – Authenticated (Author+) Stored Cross-Site Scripting via Bookmark URL – CVE-2024-3883 | WordPress Plugin Vulnerability Report

Plugin Name: 3D FlipBook Key Information: Software Type: Plugin Software Slug: interactive-3d-flipbook-powered-physics-engine Software Status: Active Software Author: iberezansky Software Downloads: 1,595,226 Active Installs: 70,000 Last Updated: May 1, 2024 Patched Versions: 1.15.5 Affected Versions: <= 1.15.4 Vulnerability Details: Name: 3D FlipBook <= 1.15.4 – Authenticated (Author+) Stored Cross-Site Scritping via Bookmark URL Type: Improper Neutralization…

Read More

Social Sharing Plugin Vulnerability – Social Warfare – Authenticated Stored Cross-Site Scripting via Shortcode – CVE-2024-1959 | WordPress Plugin Vulnerability Report

Plugin Name: Social Sharing Plugin – Social Warfare Key Information: Software Type: Plugin Software Slug: social-warfare Software Status: Active Software Author: warfareplugins Software Downloads: 1,728,768 Active Installs: 30,000 Last Updated: May 3, 2024 Patched Versions: 4.4.6.2 Affected Versions: <= 4.4.6.1 Vulnerability Details: Name: Social Sharing Plugin – Social Warfare <= 4.4.6.1 Title: Authenticated Stored Cross-Site…

Read More

Post and Page Builder by BoldGrid Vulnerability – Visual Drag and Drop Editor – Authenticated (Contributor+) Stored Cross-Site Scripting |WordPress Plugin Vulnerability Report

Plugin Name: Post and Page Builder by BoldGrid – Visual Drag and Drop Editor Key Information: Software Type: Plugin Software Slug: post-and-page-builder Software Status: Active Software Author: BoldGrid Software Downloads: 1,381,114 Active Installs: 80,000 Last Updated: March 25, 2024 Patched Versions: 1.26.3 Affected Versions: <= 1.26.2 Vulnerability Details: Name: Post and Page Builder by BoldGrid…

Read More

List Category Posts Vulnerability- Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2023-6994 |WordPress Plugin Vulnerability Report 

Plugin Name: List Category Posts Key Information: Software Type: Plugin Software Slug: list-category-posts Software Status: Active Software Author: fernandobt Software Downloads: 3,740,714 Active Installs: 100,000 Last Updated: January 9, 2024 Patched Versions: 0.89.4 Affected Versions: <= 0.89.3 Vulnerability Details: Name: List Category Posts <= 0.89.3 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N…

Read More