patch management
Download Monitor Vulnerability – Missing Authorization – CVE-2024-3269 | WordPress Plugin Vulnerability Report
Plugin Name: Download Monitor Key Information: Software Type: Plugin Software Slug: download-monitor Software Status: Active Software Author: wpchill Software Downloads: 5,153,537 Active Installs: 100,000 Last Updated: June 11, 2024 Patched Versions: 4.9.14 Affected Versions: <= 4.9.13 Vulnerability Details: Name: Download Monitor <= 4.9.13 Title: Missing Authorization Type: CVE: CVE-2024-3269 CVSS Score: 5.4 Publicly Published: May…
Read MoreSearch & Replace Vulnerability – Authenticated (Administrator+) SQL injection – CVE-2024-0756 | WordPress Plugin Vulnerability Report
Plugin Name: Search & Replace Key Information: Software Type: Plugin Software Slug: search-and-replace Software Status: Active Software Author: wp_media Software Downloads: 2,867,673 Active Installs: 100,000 Last Updated: May 23, 2024 Patched Versions: 3.2.2 Affected Versions: <= 3.2.1 Vulnerability Details: Name: Search & Replace <= 3.2.1 – Authenticated (Administrator+) SQL injection Type: Improper Neutralization of Special…
Read MoreMedia Library Assistant Vulnerability – Authenticated (Contributor+) SQL Injection via Shortcode & Reflected Cross-Site Scripting via lang – CVE-2024-3518 & CVE-2024-3519 | WordPress Plugin Vulnerability Report
Plugin Name: Media Library Assistant Key Information: Software Type: Plugin Software Slug: media-library-assistant Software Status: Active Software Author: dglingren Software Downloads: 1,952,519 Active Installs: 70,000 Last Updated: May 21, 2024 Patched Versions: 3.16 Affected Versions: <= 3.15 Vulnerability 1 Details: Name: Media Library Assistant <= 3.15 – Authenticated (Contributor+) SQL Injection via Shortcode Type: Improper…
Read MoreStarter Templates Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-4630 | WordPress Plugin Vulnerability Report
Plugin Name: Starter Templates Key Information: Software Type: Plugin Software Slug: astra-sites Software Status: Active Software Author: brainstormforce Software Downloads: 57,202,843 Active Installs: 1,000,000 Last Updated: May 10, 2024 Patched Versions: 4.2.2 Affected Versions: <= 4.2.1 Vulnerability Details: Name: Starter Templates – Elementor, WordPress & Beaver Builder Templates <= 4.2.1 – Authenticated (Contributor+) Stored Cross-Site…
Read MoreCustom Field Suite Vulnerability – Authenticated (Admin+) Stored Cross-Site Scripting – CVE-2024-3068 | WordPress Plugin Vulnerability Report
Plugin Name: Custom Field Suite Key Information: Software Type: Plugin Software Slug: custom-field-suite Software Status: Active Software Author: mgibbs189 Software Downloads: 629,966 Active Installs: 50,000 Last Updated: May 7, 2024 Patched Versions: 2.6.6 Affected Versions: <= 2.6.5 Vulnerability Details: Name: Custom Field Suite <= 2.6.5 – Authenticated (Admin+) Stored Cross-Site Scripting Type: Improper Neutralization of…
Read MoreContent Views Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via pagingType Parameter – CVE-2024-4446 | WordPress Plugin Vulnerability Report
Plugin Name: Content Views Key Information: Software Type: Plugin Software Slug: content-views-query-and-display-post-page Software Status: Active Software Author: pt-guy Software Downloads: 4,327,206 Active Installs: 100,000 Last Updated: May 6, 2024 Vulnerability Details: Name: Content Views – Post Grid & Filter, Recent Posts, Category Posts, & More (Gutenberg Blocks and Shortcode) <= 3.7.1 – Authenticated (Contributor+) Stored…
Read MoreWordPress Plugin Vulnerability Report – WP Recipe Maker – Authenticated (Contributor+) Stored Cross-Site Scripting via wprm-recipe-roundup-item Shortcode – CVE-2024-3490 | WordPress Vulnerability Report
Plugin Name: WP Recipe Maker Key Information: Software Type: Plugin Software Slug: wp-recipe-maker Software Status: Active Software Author: brechtvds Software Downloads: 2,782,126 Active Installs: 50,000 Last Updated: May 1, 2024 Patched Versions: 9.4.0 Affected Versions: <= 9.3.1 Vulnerability Details: Name: WP Recipe Maker <= 9.3.1 – Authenticated (Contributor+) Stored Cross-Site Scripting via wprm-recipe-roundup-item Shortcode Type:…
Read MoreCollapse-O-Matic Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2023-7030| WordPress Plugin Vulnerability Report
Plugin Name: Collapse-O-Matic Key Information: Software Type: Plugin Software Slug: jquery-collapse-o-matic Software Status: Active Software Author: baden03 Software Downloads: 1,284,998 Active Installs: 50,000 Last Updated: May 9, 2024 Patched Versions: 1.8.5.6 Affected Versions: <= 1.8.5.5 Vulnerability Details: Name: Collapse-O-Matic <= 1.8.5.5 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N CVE: CVE-2023-7030 CVSS Score:…
Read MoreForminator Vulnerability – Unauthenticated Stored Cross-Site Scripting via File Upload – CVE-2024-1794 | WordPress Plugin Vulnerability Report
Plugin Name: Forminator Key Information: Software Type: Plugin Software Slug: forminator Software Status: Active Software Author: wpmudev Software Downloads: 6,543,744 Active Installs: 500,000 Last Updated: March 29, 2024 Patched Versions: 1.29.1 Affected Versions: <= 1.29.0 Vulnerability Details: Name: Forminator <= 1.29.0 – Unauthenticated Stored Cross-Site Scripting via File Upload Type: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) CVE: CVE-2024-1794 CVSS Score: 7.2 (High) Publicly Published: March…
Read MorePowerPack Addons for Elementor Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-2491, CVE-2024-2492 | WordPress Plugin Vulnerability Report
Plugin Name: PowerPack Addons for Elementor Key Information: Software Type: Plugin Software Slug: powerpack-lite-for-elementor Software Status: Active Software Author: ideaboxcreations Software Downloads: 2,280,809 Active Installs: 100,000 Last Updated: March 29, 2024 Patched Versions: 2.7.19 Affected Versions: <= 2.7.18 Vulnerability Details: Name: PowerPack Addons for Elementor <= 2.7.18 – Authenticated (Contributor+) Stored Cross-Site Scripting via Twitter Tweet Widget, PowerPack Addons for Elementor <= 2.7.17 – Authenticated…
Read More