Plugin Patch

Media Library Assistant Vulnerability- Authenticated (Author+) Arbitrary File Upload via mla-inline-edit-upload-scripts AJAX Action – CVE-2024-6823 | WordPress Plugin Vulnerability Report

By Your WP Guy / Aug 12, 2024

Plugin Name: Media Library Assistant Key Information: Software Type: Plugin Software Slug: media-library-assistant Software Status: Active Software Author: dglingren Software Downloads: 2,044,116 Active Installs: 70,000 Last Updated: August 18, 2024 Patched Versions: 3.19 Affected Versions: <= 3.18 Vulnerability Details: Name: Media Library Assistant <= 3.18 Title: Authenticated (Author+) Arbitrary File Upload via mla-inline-edit-upload-scripts AJAX Action…

Read More

Simple Sitemap Vulnerability – Cross-Site Request Forgery via admin_notices – CVE-2023-6492 | WordPress Plugin Vulnerability Report

By Your WP Guy / Jun 13, 2024

Plugin Name: Simple Sitemap – Create a Responsive HTML Sitemap Key Information: Software Type: Plugin Software Slug: simple-sitemap Software Status: Active Software Author: dgwyer Software Downloads: 1,541,369 Active Installs: 90,000 Last Updated: July 2, 2024 Patched Versions: 3.5.14 Affected Versions: <= 3.5.13 Vulnerability Details: Name: Simple Sitemap <= 3.5.13 Title: Cross-Site Request Forgery via admin_notices…

Read More

Relevanssi Vulnerability – A Better Search – Multiple Vulnerabilities – CVE-2024-3213 & CVE-2024-3214 | WordPress Plugin Vulnerability Report

By Your WP Guy / Apr 4, 2024

Plugin Name: Relevanssi – A Better Search Key Information: Software Type: Plugin Software Slug: relevanssi Software Status: Active Software Author: msaari Software Downloads: 6,389,194 Active Installs: 100,000 Last Updated: April 4, 2024 Patched Versions: 4.22.2 Affected Versions: <= 4.22.1 Vulnerability Details:  Vulnerability 1: Missing Authorization to Unauthenticated Count Option Update Type: Insecure Direct Object Reference…

Read More

ShopLentor Vulnerability – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) – Authenticated Stored Cross-Site Scripting via WL Universal Product Layout – CVE-2024-2868 | WordPress Plugin Vulnerability Report

By Your WP Guy / Apr 3, 2024

Plugin Name: ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) Key Information: Software Type: Plugin Software Slug: woolentor-addons Software Status: Active Software Author: devitemsllc Software Downloads: 3,355,176 Active Installs: 100,000 Last Updated: April 4, 2024 Patched Versions: 2.8.4 Affected Versions: <= 2.8.3 Vulnerability Details: Name: ShopLentor…

Read More

Burst Statistics Vulnerability – Authenticated Stored Cross-Site Scripting via burst_total_pageviews_count – CVE-2024-1894 | WordPress Plugin Vulnerability Report

By Your WP Guy / Mar 12, 2024

Plugin Name: Burst Statistics – Privacy-Friendly Analytics for WordPress Key Information: Software Type: Plugin Software Slug: burst-statistics Software Status: Active Software Author: rogierlankhorst Software Downloads: 1,792,011 Active Installs: 100,000 Last Updated: March 14, 2024 Patched Versions: 1.5.7 Affected Versions: <= 1.5.6.1 Vulnerability Details: Name: Burst Statistics – Privacy-Friendly Analytics for WordPress <= 1.5.6.1 Title: Authenticated…

Read More

ProfilePress Vulnerability- Authenticated Stored Cross-Site Scripting via Shortcode – CVE-2024-1535 | WordPress Plugin Vulnerability Report

By Your WP Guy / Mar 12, 2024

Plugin Name: Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress Key Information: Software Type: Plugin Software Slug: wp-user-avatar Software Status: Active Software Author: collizo4sky Software Downloads: 12,610,237 Active Installs: 200,000 Last Updated: March 14, 2024 Patched Versions: 4.15.3 Affected Versions: <= 4.15.2 Vulnerability Details: Name: ProfilePress <=…

Read More