Spectra Vulnerability – Authenticated (Author+) Stored Cross-Site Scripting – CVE-2024-4366 | WordPress Plugin Vulnerability Report

Plugin Name: Spectra Key Information: Software Type: Plugin Software Slug: ultimate-addons-for-gutenberg Software Status: Active Software Author: brainstormforce Software Downloads: 22,257,534 Active Installs: 700,000 Last Updated: May 23, 2024 Patched Versions: 2.13.1 Affected Versions: <= 2.13.0 Vulnerability Details: Name: Spectra – WordPress Gutenberg Blocks <= 2.13.0 – Authenticated (Author+) Stored Cross-Site Scripting Title: Authenticated (Author+) Stored…

Read More

Post SMTP Vulnerability – Authenticated (Administrator+) SQL Injection – CVE-2024-5207 | WordPress Plugin Vulnerability Report

Plugin Name: Post SMTP Key Information: Software Type: Plugin Software Slug: post-smtp Software Status: Active Software Author: wpexpertsio Software Downloads: 12,562,258 Active Installs: 400,000 Last Updated: May 22, 2024 Patched Versions: 2.9.4 Affected Versions: <=2.9.3 Vulnerability Details: Name: POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress <= 2.9.3…

Read More

Prime Slider Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Pagepiling Widget – CVE-2024-3997 | WordPress Plugin Vulnerability Report

Plugin Name: Prime Slider Key Information: Software Type: Plugin Software Slug: bdthemes-prime-slider-lite Software Status: Active Software Author: bdthemes Software Downloads: 2,413,655 Active Installs: 100,000 Last Updated: May 22, 2024 Patched Versions: 3.14.2 Affected Versions: <= 3.14.1 Vulnerability Details: Name: Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) <= 3.14.1…

Read More

GiveWP Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-3714 | WordPress Plugin Vulnerability Report

Plugin Name: GiveWP Key Information: Software Type: Plugin Software Slug: give Software Status: Active Software Author: webdevmattcrom Software Downloads: 7,298,288 Active Installs: 100,000 Last Updated: May 17, 2024 Patched Versions: 3.11.0 Affected Versions: <= 3.10.0 Vulnerability Details: Name: GiveWP – Donation Plugin and Fundraising Platform <= 3.10.0 – Authenticated (Contributor+) Stored Cross-Site Scripting Type: Improper…

Read More

Happy Addons for Elementor Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-5088, CVE-2024-4865 | WordPress Plugin Vulnerability Report

Plugin Name: Happy Addons for Elementor Key Information: Software Type: Plugin Software Slug: happy-elementor-addons Software Status: Active Software Author: thehappymonster Software Downloads: 6,974,697 Active Installs: 400,000 Last Updated: May 17, 2024 Patched Versions: 3.10.9 Affected Versions: <= 3.10.8 Vulnerability Details: Name: Happy Addons for Elementor <= 3.10.8 – Authenticated (Contributor+) Stored Cross-Site Scripting Type: Improper…

Read More

Import and export users and customers Vulnerability – Authenticated (Administrator+) Stored Cross-Site Scripting – CVE-2024-4656, CVE-2024-4734 | WordPress Plugin Vulnerability Report

Plugin Name: Import and export users and customers Key Information: Software Type: Plugin Software Slug: import-users-from-csv-with-meta Software Status: Active Software Author: carazo Software Downloads: 4,320,707 Active Installs: 80,000 Last Updated: May 14, 2024 Patched Versions: 1.26.7 Affected Versions: <= 1.26.6.1 Vulnerability Details: Name: Import and export users and customers <= 1.26.6.1 – Authenticated (Administrator+) Stored…

Read More

WP Fastest Cache Vulnerability – Authenticated (Administrator+) Arbitrary File Deletion – CVE-2024-4347 | WordPress Plugin Vulnerability Report

Plugin Name: WP Fastest Cache Key Information: Software Type: Plugin Software Slug: wp-fastest-cache Software Status: Active Software Author: emrevona Software Downloads: 49,228,358 Active Installs: 1,000,000 Last Updated: May 10, 2024 Patched Versions: 1.2.7 Affected Versions: <= 1.2.6 Vulnerability Details: Name: WP Fastest Cache <= 1.2.6 – Authenticated (Administrator+) Arbitrary File Deletion Type: Improper Limitation of…

Read More

Unyson Vulnerability – Cross-Site Request Forgery – CVE-2024-34814 | WordPress Plugin Vulnerability Report

Plugin Name: Unyson Key Information: Software Type: Plugin Software Slug: unyson Software Status: Removed Software Author: unyson Software Downloads: 3,375,089 Active Installs: 200,000 Last Updated: May 9, 2024 Patched Versions: 2.7.31 Affected Versions: <= 2.7.30 Vulnerability Details: Name: Unyson <= 2.7.29 – Cross-Site Request Forgery Type: Cross-Site Request Forgery (CSRF) CVE: CVE-2024-34814 CVSS Score: 4.3…

Read More

AI Engine Vulnerability – Authenticated (Editor+) Arbitrary File Upload – CVE-2024-34440 | WordPress Plugin Vulnerability Report

Plugin Name: AI Engine Key Information: Software Type: Plugin Software Slug: ai-engine Software Status: Active Software Author: tigroumeow Software Downloads: 2,383,435 Active Installs: 70,000 Last Updated: May 7, 2024 Patched Versions: 2.2.70 Affected Versions: <= 2.2.63 Vulnerability Details: Name: AI Engine: ChatGPT Chatbot <= 2.2.63 – Authenticated (Editor+) Arbitrary File Upload Type: Unrestricted Upload of…

Read More

Custom Field Suite Vulnerability – Authenticated (Admin+) Stored Cross-Site Scripting – CVE-2024-3068 | WordPress Plugin Vulnerability Report

Plugin Name: Custom Field Suite Key Information: Software Type: Plugin Software Slug: custom-field-suite Software Status: Active Software Author: mgibbs189 Software Downloads: 629,966 Active Installs: 50,000 Last Updated: May 7, 2024 Patched Versions: 2.6.6 Affected Versions: <= 2.6.5 Vulnerability Details: Name: Custom Field Suite <= 2.6.5 – Authenticated (Admin+) Stored Cross-Site Scripting Type: Improper Neutralization of…

Read More