Patch
PowerPack Addons for Elementor Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-2492 | WordPress Plugin Vulnerability Report
Plugin Name: PowerPack Addons for Elementor Key Information: Software Type: Plugin Software Slug: powerpack-lite-for-elementor Software Status: Active Software Author: ideaboxcreations Software Downloads: 2,358,863 Active Installs: 100,000 Last Updated: June 11, 2024 Patched Versions: 2.7.18, 2.7.19, 2.7.20 Affected Versions: <= 2.7.19 Vulnerability 1 Details: Name: PowerPack Addons for Elementor <= 2.7.18 Title: Authenticated (Contributor+) Stored Cross-Site…
Read MoreEmail Log Vulnerability – Unauthenticated Hook Injection – CVE-2024-0867 | WordPress Plugin Vulnerability Report
Plugin Name: Email Log Key Information: Software Type: Plugin Software Slug: email-log Software Status: Active Software Author: sudar Software Downloads: 80,000 Active Installs: 736,687 Last Updated: May 23, 2024 Patched Versions: 2.4.9 Affected Versions: <= 2.4.8 Vulnerability Details: Name: Email Log <= 2.4.8 – Unauthenticated Hook Injection Type: Improper Control of Generation of Code (‘Code…
Read MoreColibri Page Builder Vulnerability – Cross-Site Request Fogery – CVE-2024-1362, CVE-2024-1361 | WordPress Plugin Vulnerability Report
Plugin Name: Colibri Page Builder Key Information: Software Type: Plugin Software Slug: colibri-page-builder Software Status: Active Software Author: extendthemes Software Downloads: 2,380,495 Active Installs: 100,000 Last Updated: February 22, 2024 Patched Versions: 1.0.260 Affected Versions: <= 1.0.253 Vulnerability Details: Name: Colibri Page Builder <= 1.0.253 – Cross-Site Request Fogery via cp_shortcode_refresh Title: Cross-Site Request Fogery via cp_shortcode_refresh Type: Cross-Site Request Forgery (CSRF) CVE: CVE-2024-1362 CVSS Score: 4.3 (Medium) Publicly…
Read MoreBeaver Builder Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-0897 | WordPress Plugin Vulnerability Report
Plugin Name: Beaver Builder Key Information: Software Type: Plugin Software Slug: beaver-builder-lite-version Software Status: Active Software Author: justinbusa Software Downloads: 9,597,835 Active Installs: 100,000 Last Updated: February 20, 2024 Patched Versions: 2.7.4.3 Affected Versions: <= 2.7.4.2 Vulnerability Details: Name: Beaver Builder – WordPress Page Builder <= 2.7.4.2 – Authenticated (Contributor+) Stored Cross-Site Scripting Type: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)…
Read MorePassword Protected Vulnerability – Authenticated (Admin+) Stored Cross-Site Scripting – CVE-2024-0656 | WordPress Plugin Vulnerability Report
Plugin Name: Password Protected Key Information: Software Type: Plugin Software Slug: password-protected Software Status: Active Software Author: wpexpertsio Software Downloads: 4,493,510 Active Installs: 400,000 Last Updated: February 19, 2024 Patched Versions: 2.6.7 Affected Versions: <= 2.6.6 Vulnerability Details: Name: Password Protected <= 2.6.6 – Authenticated (Admin+) Stored Cross-Site Scripting Title: Authenticated (Admin+) Stored Cross-Site Scripting Type: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic…
Read MoreAdvanced Database Cleaner Vulnerability – Authenticated(Administrator+) PHP Object Injection via process_bulk_action – CVE-2024-0668 | WordPress Plugin Vulnerability Report
Plugin Name: Advanced Database Cleaner Key Information: Software Type: Plugin Software Slug: advanced-database-cleaner Software Status: Active Software Author: symptote Software Downloads: 1,283,477 Active Installs: 100,000 Last Updated: January 24, 2024 Patched Versions: 3.1.4 Affected Versions: <= 3.1.3 Vulnerability Details: Name: Advanced Database Cleaner <= 3.1.3 – Authenticated(Administrator+) PHP Object Injection via process_bulk_action Title: Authenticated(Administrator+) PHP Object Injection via process_bulk_action Type: Deserialization of Untrusted Data CVE: CVE-2024-0668 CVSS Score: 6.6…
Read More