plugin security
Contact Form 7 Vulnerability – Reflected Cross-Site Scripting – CVE-2024-2242 | WordPress Plugin Vulnerability Report
Plugin Name: Contact Form 7 Key Information: Software Type: Plugin Software Slug: contact-form-7 Software Status: Active Software Author: takayukister Software Downloads: 318,916,329 Active Installs: 5,000,000 Last Updated: March 14, 2024 Patched Versions: 5.9.2 Affected Versions: <= 5.9 Vulnerability Details: Name: Contact Form 7 <= 5.9 Title: Reflected Cross-Site Scripting Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE: CVE-2024-2242 CVSS Score:…
WP Statistics Vulnerability- Unauthenticated Stored Cross-Site Scripting – CVE-2024-2194 |WordPress Plugin Vulnerability Report
Plugin Name: WP Statistics Key Information: Software Type: Plugin Software Slug: wp-statistics Software Status: Active Software Author: mostafas1990 Software Downloads: 22,569,004 Active Installs: 600,000 Last Updated: March 13, 2024 Patched Versions: 14.5.1 Affected Versions: <= 14.5 Vulnerability Details: Name: WP Statistics <= 14.5 Title: Unauthenticated Stored Cross-Site Scripting Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N CVE: CVE-2024-2194 CVSS Score: 7.2…
Events Manager Vulnerability– Calendar, Bookings, Tickets, and more! – Authenticated (Administrator+) Stored Cross-Site Scripting – CVE-2024-0614 | WordPress Plugin Vulnerability Report
Plugin Name: Events Manager – Calendar, Bookings, Tickets, and more! Key Information: Software Type: Plugin Software Slug: events-manager Software Status: Active Software Author: netweblogic Software Downloads: 4,542,882 Active Installs: 90,000 Last Updated: February 28, 2024 Patched Versions: 6.4.7 Affected Versions: <= 6.4.6.4 Vulnerability Details: Name: Events Manager <= 6.4.6.4 Title: Authenticated (Administrator+) Stored Cross-Site Scripting…
WP Shortcodes Plugin Vulnerability— Shortcodes Ultimate – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-1808 | WordPress Plugin Vulnerability Report
Plugin Name: WP Shortcodes Plugin – Shortcodes Ultimate Key Information: Software Type: Plugin Software Slug: shortcodes-ultimate Software Status: Active Software Author: gn_themes Software Downloads: 18,807,873 Active Installs: 600,000 Last Updated: February 28, 2024 Patched Versions: 7.0.4 Affected Versions: <= 7.0.3 Vulnerability Details: Name: WP Shortcodes Plugin – Shortcodes Ultimate <= 7.0.3 Title: Authenticated (Contributor+) Stored…
NotificationX Vulnerability- Unauthenticated SQL Injection – CVE-2024-1698 | WordPress Plugin Vulnerability Report
Plugin Name: NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor Key Information: Software Type: Plugin Software Slug: notificationx Software Status: Active Software Author: wpdevteam Software Downloads: 1,002,386 Active Installs: 30,000 Last Updated: February 27, 2024 Patched Versions: 2.8.3 Affected Versions: <= 2.8.2 Vulnerability Details: Name: NotificationX <= 2.8.2…
ProfilePress Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via profilepress-edit-profile Shortcode – CVE-2024-1806 | WordPress Plugin Vulnerability Report
Plugin Name: Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress Key Information: Software Type: Plugin Software Slug: wp-user-avatar Software Status: Active Software Author: collizo4sky Software Downloads: 12,533,974 Active Installs: 200,000 Last Updated: February 27, 2024 Patched Versions: 4.15.1 Affected Versions: <= 4.15.1 Vulnerability Details: Name: ProfilePress <=…
Ocean Extra Vulnerability- Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-1277 | WordPress Plugin Vulnerability Report
Plugin Name: Ocean Extra Key Information: Software Type: Plugin Software Slug: ocean-extra Software Status: Active Software Author: oceanwp Software Downloads: 20,016,876 Active Installs: 700,000 Last Updated: February 27, 2024 Patched Versions: 2.2.5 Affected Versions: <= 2.2.4 Vulnerability Details: Name: Ocean Extra <= 2.2.4 Title: Authenticated (Contributor+) Stored Cross-Site Scripting Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N CVE: CVE-2024-1277 CVSS Score:…
WP Maintenance Vulnerability – Information Exposure – CVE-2024-1472 | WordPress Plugin Vulnerability Report
Plugin Name: WP Maintenance Key Information: Software Type: Plugin Software Slug: wp-maintenance Software Status: Active Software Author: florent73 Software Downloads: 903,892 Active Installs: 50,000 Last Updated: February 27, 2024 Patched Versions: 6.1.7 Affected Versions: <= 6.1.6 Vulnerability Details: Name: WP Maintenance <= 6.1.6 Title: Information Exposure Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE: CVE-2024-1472 CVSS Score: 5.3 Publicly Published:…
Orbit Fox by ThemeIsle Vulnerability – Authenticated Stored Cross-site Scripting via Pricing Table Elementor Widget – CVE-2024-0508 | WordPress Plugin Vulnerability Report
Plugin Name: Orbit Fox by ThemeIsle Key Information: Software Type: Plugin Software Slug: themeisle-companion Software Status: Active Software Author: themeisle Software Downloads: 11,001,326 Active Installs: 200,000 Last Updated: January 15, 2024 Patched Versions: 2.10.28 Affected Versions: <= 2.10.27 Vulnerability Details: Name: Orbit Fox by ThemeIsle <= 2.10.27 Title: Authenticated (Contributor+) Stored Cross-site Scripting via Pricing…
Advanced Woo Search Vulnerability – Reflected Cross-Site Scripting – CVE-2024-0251 | WordPress Plugin Vulnerability Report
Plugin Name: Advanced Woo Search Key Information: Software Type: Plugin Software Slug: advanced-woo-search Software Status: Active Software Author: Mihail Barinov Software Downloads: 3,318,679 Active Installs: 70,000 Last Updated: January 12, 2024 Patched Versions: 2.97 Affected Versions: <= 2.96 Vulnerability Details: Name: Advanced Woo Search <= 2.96 Title: Reflected Cross-Site Scripting Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE: CVE-2024-0251 CVSS…