Posts Tagged ‘Patch Update’
WooCommerce Vulnerability – Authenticated (Shop Manager+) Content Injection – CVE-2024-35777 | WordPress Plugin Vulnerability Report
Plugin Name: WooCommerce Key Information: Software Type: Plugin Software Status: Active Software Author: woocommerce Software Downloads: 322,936,863 Active Installs: 7,000,000 Last Updated: July 11, 2024 Patched Versions: 9.0.0 Affected Versions: <= 8.9.2 Vulnerability Details: Name: WooCommerce <= 8.9.2 Title: Authenticated (Shop Manager+) Content Injection Type: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N CVE: CVE-2024-35777 CVSS Score: 2.7 Publicly Published: June 27,…
Read MoreSmart Custom Fields Vulnerability – Missing Authorization to Authenticated (Subscriber+) Post Content Disclosure – CVE-2024-1995 | WordPress Plugin Vulnerability Report
Plugin Name: Smart Custom Fields Key Information: Software Type: Plugin Software Slug: smart-custom-fields Software Status: Active Software Author: inc2734 Software Downloads: 224,550 Active Installs: 50,000 Last Updated: March 19, 2024 Patched Versions: 5.0.0 Affected Versions: <= 4.2.2 Vulnerability Details: Name: Smart Custom Fields <= 4.2.2 Title: Missing Authorization to Authenticated (Subscriber+) Post Content Disclosure Type:…
Read MoreShopLentor Vulnerability – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) – Authenticated Stored Cross-Site Scripting via Banner Link – CVE-2024-1960 | WordPress Plugin Vulnerability Report
Plugin Name: ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) Key Information: Software Type: Plugin Software Slug: woolentor-addons Software Status: Active Software Author: devitemsllc Software Downloads: 3,272,321 Active Installs: 100,000 Last Updated: March 14, 2024 Patched Versions: 2.8.2 Affected Versions: <= 2.8.1 Vulnerability Details: Name: ShopLentor…
Read MoreContact Form 7 Vulnerability – Reflected Cross-Site Scripting – CVE-2024-2242 | WordPress Plugin Vulnerability Report
Plugin Name: Contact Form 7 Key Information: Software Type: Plugin Software Slug: contact-form-7 Software Status: Active Software Author: takayukister Software Downloads: 318,916,329 Active Installs: 5,000,000 Last Updated: March 14, 2024 Patched Versions: 5.9.2 Affected Versions: <= 5.9 Vulnerability Details: Name: Contact Form 7 <= 5.9 Title: Reflected Cross-Site Scripting Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE: CVE-2024-2242 CVSS Score:…
Read MoreEasy Social Feed Vulnerability – Social Photos Gallery – Post Feed – Like Box – Cross-Site Request Forgery – CVE-2024-1214 | WordPress Plugin Vulnerability Report
Plugin Name: Easy Social Feed – Social Photos Gallery – Post Feed – Like Box Key Information: Software Type: Plugin Software Slug: easy-facebook-likebox Software Status: Active Software Author: sjaved Software Downloads: 2,976,834 Active Installs: 50,000 Last Updated: March 14, 2024 Patched Versions: 6.5.5 Affected Versions: <= 6.5.4 Vulnerability Details: Name: Easy Social Feed <= 6.5.4…
Read MorePremium Addons for Elementor Vulnerability- Authenticated Stored Cross-Site Scripting – CVE-2024-1680 | WordPress Plugin Vulnerability Report
Plugin Name: Premium Addons for Elementor Key Information: Software Type: Plugin Software Slug: premium-addons-for-elementor Software Status: Active Software Author: leap13 Software Downloads: 29,801,020 Active Installs: 700,000 Last Updated: February 28, 2024 Patched Versions: 4.10.22 Affected Versions: <= 4.10.21 Vulnerability Details: Name: Premium Addons for Elementor <= 4.10.21 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via Banner,…
Read More