Master Slider – Responsive Touch Slider Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2023-6382 | WordPress Plugin Vulnerability Report

Plugin Name: Master Slider – Responsive Touch Slider Key Information: Software Type: Plugin Software Slug: master-slider Software Status: Active Software Author: averta Software Downloads: 2,830,772 Active Installs: 90,000 Last Updated: June 12, 2024 Patched Versions: 3.9.10 Affected Versions: <= 3.9.9 Vulnerability Details: Name: Master Slider – Responsive Touch Slider <= 3.9.9 Title: Authenticated (Contributor+) Stored…

Read More

PowerPack Addons for Elementor Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-2492 | WordPress Plugin Vulnerability Report

Plugin Name: PowerPack Addons for Elementor Key Information: Software Type: Plugin Software Slug: powerpack-lite-for-elementor Software Status: Active Software Author: ideaboxcreations Software Downloads: 2,358,863 Active Installs: 100,000 Last Updated: June 11, 2024 Patched Versions: 2.7.18, 2.7.19, 2.7.20 Affected Versions: <= 2.7.19 Vulnerability 1 Details: Name: PowerPack Addons for Elementor <= 2.7.18 Title: Authenticated (Contributor+) Stored Cross-Site…

Read More

Email Log Vulnerability – Unauthenticated Hook Injection – CVE-2024-0867 | WordPress Plugin Vulnerability Report

Plugin Name: Email Log Key Information: Software Type: Plugin Software Slug: email-log Software Status: Active Software Author: sudar Software Downloads: 80,000 Active Installs: 736,687 Last Updated: May 23, 2024 Patched Versions: 2.4.9 Affected Versions: <= 2.4.8 Vulnerability Details: Name: Email Log <= 2.4.8 – Unauthenticated Hook Injection Type: Improper Control of Generation of Code (‘Code…

Read More

Colibri Page Builder Vulnerability – Cross-Site Request Fogery – CVE-2024-1362, CVE-2024-1361 | WordPress Plugin Vulnerability Report

Plugin Name: Colibri Page Builder Key Information: Software Type: Plugin Software Slug: colibri-page-builder Software Status: Active Software Author: extendthemes Software Downloads: 2,380,495 Active Installs: 100,000 Last Updated: February 22, 2024 Patched Versions: 1.0.260 Affected Versions: <= 1.0.253 Vulnerability Details: Name: Colibri Page Builder <= 1.0.253 – Cross-Site Request Fogery via cp_shortcode_refresh Title: Cross-Site Request Fogery via cp_shortcode_refresh Type: Cross-Site Request Forgery (CSRF) CVE: CVE-2024-1362 CVSS Score: 4.3 (Medium) Publicly…

Read More

Event Tickets and Registration Vulnerability – Missing Authorization – CVE-2024-1053 | WordPress Plugin Vulnerability Report

Plugin Name: Event Tickets and Registration Key Information: Software Type: Plugin Software Slug: event-tickets Software Status: Active Software Author: theeventscalendar Software Downloads: 3,388,630 Active Installs: 80,000 Last Updated: February 21, 2024 Patched Versions: 5.8.2 Affected Versions: <= 5.8.1 Vulnerability Details: Name: Event Tickets and Registration <= 5.8.1 – Missing Authorization Title: Missing Authorization Type: Improper Access Control CVE: CVE-2024-1053 CVSS Score: 4.3 (Medium) Publicly Published: February 21, 2024 Researcher: Muhammad Daffa…

Read More

Enhanced Text Widget Vulnerability – Authenticated (Administrator+) Stored Cross-Site Scripting – CVE-2024-0559 | WordPress Plugin Vulnerability Report

Plugin Name: Enhanced Text Widget Key Information: Software Type: Plugin Software Slug: enhanced-text-widget Software Status: Active Software Author: cl272 Software Downloads: 773,012 Active Installs: 50,000 Last Updated: February 20, 2024 Patched Versions: 1.6.6 Affected Versions: <= 1.6.5 Vulnerability Details: Name: Enhanced Text Widget <= 1.6.5 – Authenticated (Administrator+) Stored Cross-Site Scripting Title: Authenticated (Administrator+) Stored Cross-Site Scripting Type: Improper Neutralization of Input During Web Page Generation (‘Cross-site…

Read More

YARPP Vulnerability – Authenticated(Administrator+) Stored Cross-Site Scripting via settings – CVE-2024-0602 | WordPress Plugin Vulnerability Report

Plugin Name: YARPP Key Information: Software Type: Plugin Software Slug: yet-another-related-posts-plugin Software Status: Active Software Author: jeffparker Software Downloads: 7,579,644 Active Installs: 100,000 Last Updated: February 20, 2024 Patched Versions: 5.30.10 Affected Versions: 5.30.9 Vulnerability Details: Name: Yet Another Related Posts Plugin (YARPP) <= 5.30.9 – Authenticated(Administrator+) Stored Cross-Site Scripting via settings Title: Authenticated(Administrator+) Stored Cross-Site Scripting via settings Type: Improper Neutralization of Script-Related HTML Tags in…

Read More

Beaver Builder Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-0897 | WordPress Plugin Vulnerability Report

Plugin Name: Beaver Builder Key Information: Software Type: Plugin Software Slug: beaver-builder-lite-version Software Status: Active Software Author: justinbusa Software Downloads: 9,597,835 Active Installs: 100,000 Last Updated: February 20, 2024 Patched Versions: 2.7.4.3 Affected Versions: <= 2.7.4.2 Vulnerability Details: Name: Beaver Builder – WordPress Page Builder <= 2.7.4.2 – Authenticated (Contributor+) Stored Cross-Site Scripting Type: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)…

Read More

Password Protected Vulnerability – Authenticated (Admin+) Stored Cross-Site Scripting – CVE-2024-0656 | WordPress Plugin Vulnerability Report

Plugin Name: Password Protected Key Information: Software Type: Plugin Software Slug: password-protected Software Status: Active Software Author: wpexpertsio Software Downloads: 4,493,510 Active Installs: 400,000 Last Updated: February 19, 2024 Patched Versions: 2.6.7 Affected Versions: <= 2.6.6 Vulnerability Details: Name: Password Protected <= 2.6.6 – Authenticated (Admin+) Stored Cross-Site Scripting Title: Authenticated (Admin+) Stored Cross-Site Scripting Type: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic…

Read More

Advanced Database Cleaner Vulnerability – Authenticated(Administrator+) PHP Object Injection via process_bulk_action – CVE-2024-0668 | WordPress Plugin Vulnerability Report

Plugin Name: Advanced Database Cleaner Key Information: Software Type: Plugin Software Slug: advanced-database-cleaner Software Status: Active Software Author: symptote Software Downloads: 1,283,477 Active Installs: 100,000 Last Updated: January 24, 2024 Patched Versions: 3.1.4 Affected Versions: <= 3.1.3 Vulnerability Details: Name: Advanced Database Cleaner <= 3.1.3 – Authenticated(Administrator+) PHP Object Injection via process_bulk_action Title: Authenticated(Administrator+) PHP Object Injection via process_bulk_action Type: Deserialization of Untrusted Data CVE: CVE-2024-0668 CVSS Score: 6.6…

Read More