MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor Vulnerability – Unauthenticated Sensitive Information Exposure – CVE-2024-4266 | WordPress Plugin Vulnerability Report

Plugin Name: MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor Key Information: Software Type: Plugin Software Slug: metform Software Status: Active Software Author: xpeedstudio Software Downloads: 3,830,788 Active Installs: 300,000 Last Updated: June 20, 2024 Patched Versions: 3.8.9 Affected Versions: <= 3.8.8 Vulnerability Details: Name: MetForm – Contact Form, Survey, Quiz,…

Read More

Minimal Coming Soon – Coming Soon Page Vulnerability – Missing Authorization to Limited Settings Change – CVE-2024-5087 | WordPress Plugin Vulnerability Report

Plugin Name: Minimal Coming Soon – Coming Soon Page Key Information: Software Type: Plugin Software Slug: minimal-coming-soon-maintenance-mode Software Status: Active Software Author: webfactory Software Downloads: 2,009,191 Active Installs: 100,000 Last Updated: June 19, 2024 Patched Versions: 2.39 Affected Versions: <= 2.38 Vulnerability Details: Name: Minimal Coming Soon – Coming Soon Page <= 2.38 Title: Missing…

Read More

Strong Testimonials Vulnerability – Authenticated(Contributor+) Improper Authorization to Views Modification – CVE-2023-6491 | WordPress Plugin Vulnerability Report

Plugin Name: Strong Testimonials Key Information: Software Type: Plugin Software Slug: strong-testimonials Software Status: Active Software Author: wpchill Software Downloads: 3,337,363 Active Installs: 100,000 Last Updated: June 18, 2024 Patched Versions: 3.1.13 Affected Versions: <= 3.1.12 Vulnerability Details: Name: Strong Testimonials <= 3.1.12 Title: Authenticated(Contributor+) Improper Authorization to Views Modification Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVE: CVE-2023-6491 CVSS…

Read More

Prime Slider – Addons For Elementor Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Pacific Widget – CVE-2024-5640 | WordPress Plugin Vulnerability Report

Plugin Name: Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) Key Information: Software Type: Plugin Software Slug: bdthemes-prime-slider-lite Software Status: Active Software Author: bdthemes Software Downloads: 2,491,843 Active Installs: 100,000 Last Updated: June 20, 2024 Patched Versions: 3.14.8 Affected Versions: <= 3.14.7 Vulnerability Details: Name: Prime Slider – Addons…

Read More

Media Cleaner: Clean your WordPress! Vulnerability – Unauthenticated Information Exposure – CVE-2024-33922 | WordPress Plugin Vulnerability Report

Plugin Name: Media Cleaner: Clean your WordPress! Key Information: Software Type: Plugin Software Slug: media-cleaner Software Status: Active Software Author: tigroumeow Software Downloads: 2,778,078 Active Installs: 70,000 Last Updated: May 10, 2024 Patched Versions: 6.7.3 Affected Versions: <= 6.7.2 Vulnerability Details: Name: Media Cleaner: Clean your WordPress! <= 6.7.2 Title: Unauthenticated Information Exposure Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N…

Read More

MainWP Child Reports Vulnerability – Cross-Site Request Forgery – CVE-2024-33680 | WordPress Plugin Vulnerability Report

Plugin Name: MainWP Child Reports Key Information: Software Type: Plugin Software Slug: mainwp-child-reports Software Status: Active Software Author: mainwp Software Downloads: 943,776 Active Installs: 80,000 Last Updated: May 10, 2024 Patched Versions: 2.2 Affected Versions: <= 2.1.1 Vulnerability Details: Name: MainWP Child Reports <= 2.1.1 Title: Cross-Site Request Forgery Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE: CVE-2024-33680 CVSS Score:…

Read More

GiveWP Vulnerability – Donation Plugin and Fundraising Platform – Authenticated PHP Object Injection – CVE-2024-30229 | WordPress Plugin Vulnerability Report 

Plugin Name: GiveWP – Donation Plugin and Fundraising Platform Key Information: Software Type: Plugin Software Slug: give Software Status: Active Software Author: webdevmattcrom Software Downloads: 7,225,697 Active Installs: 100,000 Last Updated: May 13, 2024 Patched Versions: 3.5.0 Affected Versions: <= 3.4.2 Vulnerability Details: Name: GiveWP – Donation Plugin and Fundraising Platform <= 3.4.2 Title: Authenticated…

Read More

Happy Addons for Elementor Vulnerability – Authenticated Stored Cross-Site Scripting via Calendly Widget – CVE-2024-3890 | WordPress Plugin Vulnerability Report 

Plugin Name: Happy Addons for Elementor Key Information: Software Type: Plugin Software Slug: happy-elementor-addons Software Status: Active Software Author: thehappymonster Software Downloads: 6,800,239 Active Installs: 400,000 Last Updated: May 10, 2024 Patched Versions: 3.10.7 Affected Versions: <= 3.10.6 Vulnerability Details: Name: Happy Addons for Elementor <= 3.10.6 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via Calendly…

Read More

The Plus Addons for Elementor Vulnerability – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce – Authenticated Stored Cross-Site Scripting – CVE-2024-3197, CVE-2024-3199 | WordPress Plugin Vulnerability Report 

Plugin Name: The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce Key Information: Software Type: Plugin Software Slug: the-plus-addons-for-elementor-page-builder Software Status: Active Software Author: posimyththemes Software Downloads: 2,244,805 Active Installs: 100,000 Last Updated: May 10, 2024 Patched Versions: 5.5.0 Affected Versions: <= 5.4.2 Vulnerability Details: Name: The Plus Addons for…

Read More

Comments – wpDiscuz Vulnerability – Authenticated Stored Cross-Site Scripting via Uploaded Image Alternative Text – CVE-2024-2477 | WordPress Plugin Vulnerability Report 

Plugin Name: Comments – wpDiscuz Key Information: Software Type: Plugin Software Slug: wpdiscuz Software Status: Active Software Author: advancedcoding Software Downloads: 3,284,736 Active Installs: 80,000 Last Updated: May 9, 2024 Patched Versions: 7.6.16 Affected Versions: <= 7.6.15 Vulnerability Details: Name: wpDiscuz <= 7.6.15 Title: Authenticated (Author+) Stored Cross-Site Scripting via Uploaded Image Alternative Text Type:…

Read More