WooCommerce Vulnerability – Authenticated (Shop Manager+) Content Injection – CVE-2024-35777 | WordPress Plugin Vulnerability Report

Plugin Name: WooCommerce Key Information: Software Type: Plugin Software Status: Active Software Author: woocommerce Software Downloads: 322,936,863 Active Installs: 7,000,000 Last Updated: July 11, 2024 Patched Versions: 9.0.0 Affected Versions: <= 8.9.2 Vulnerability Details: Name: WooCommerce <= 8.9.2 Title: Authenticated (Shop Manager+) Content Injection Type: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N CVE: CVE-2024-35777 CVSS Score: 2.7 Publicly Published: June 27,…

Read More

Simple Sitemap Vulnerability – Cross-Site Request Forgery via admin_notices – CVE-2023-6492 | WordPress Plugin Vulnerability Report

Plugin Name: Simple Sitemap – Create a Responsive HTML Sitemap Key Information: Software Type: Plugin Software Slug: simple-sitemap Software Status: Active Software Author: dgwyer Software Downloads: 1,541,369 Active Installs: 90,000 Last Updated: July 2, 2024 Patched Versions: 3.5.14 Affected Versions: <= 3.5.13 Vulnerability Details: Name: Simple Sitemap <= 3.5.13 Title: Cross-Site Request Forgery via admin_notices…

Read More

WP Mobile Menu – The Mobile-Friendly Responsive Menu Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Image Alt – CVE-2024-3987 | WordPress Plugin Vulnerability Report

Plugin Name: WP Mobile Menu – The Mobile-Friendly Responsive Menu Key Information: Software Type: Plugin Software Slug: mobile-menu Software Status: Active Software Author: takanakui Software Downloads: 1,864,233 Active Installs: 100,000 Last Updated: June 18, 2024 Patched Versions: 2.8.4.3 Affected Versions: <= 2.8.4.2 Vulnerability Details: Name: WP Mobile Menu – The Mobile-Friendly Responsive Menu <= 2.8.4.2…

Read More

Unlimited Elements For Elementor (Free Widgets, Addons, Templates) Vulnerability – Authenticated (Contributor+) Information Exposure, Blind SQL Injection – CVE-2024-35674, CVE-2024-5329 | WordPress Plugin Vulnerability Report

Plugin Name: Unlimited Elements For Elementor (Free Widgets, Addons, Templates) Key Information: Software Type: Plugin Software Slug: unlimited-elements-for-elementor Software Status: Active Software Author: unitecms Software Downloads: 8,821,358 Active Installs: 200,000 Last Updated: June 20, 2024 Patched Versions: 1.5.110 Affected Versions: <= 1.5.109 Vulnerability 1 Details: Name: Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <=…

Read More

Download Manager Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via wpdm_modal_login_form Shortcode – CVE-2024-4001 | WordPress Plugin Vulnerability Report

Plugin Name: Download Manager Key Information: Software Type: Plugin Software Slug: download-manager Software Status: Active Software Author: codename065 Software Downloads: 8,675,361 Active Installs: 100,000 Last Updated: June 11, 2024 Patched Versions: 3.2.94 Affected Versions: <= 3.2.93 Vulnerability Details: Name: Download Manager <= 3.2.93 Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N CVE: CVE-2024-4001 CVSS Score: 6.4 Publicly Published: June 4, 2024…

Read More

LearnPress – WordPress LMS Plugin Vulnerability – Basic Information Disclosure via JSON API – CVE-2024-5483 | WordPress Plugin Vulnerability Report

Plugin Name: LearnPress – WordPress LMS Plugin Key Information: Software Type: Plugin Software Slug: learnpress Software Status: Active Software Author: thimpress Software Downloads: 4,325,110 Active Installs: 90,000 Last Updated: June 18, 2024 Patched Versions: 4.2.6.8.1 Affected Versions: <= 4.2.6.8 Vulnerability Details: Name: LearnPress – WordPress LMS Plugin <= 4.2.6.8 Title: Basic Information Disclosure via JSON…

Read More

wpDataTables Vulnerability – Missing Authorization to DataTable Access & Modification – CVE-2024-3821 | WordPress Plugin Vulnerability Report

Plugin Name: wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin Key Information: Software Type: Plugin Software Slug: wpdatatables Software Status: Active Software Author: wpdatatables Software Downloads: 1,479,590 Active Installs: 70,000 Last Updated: June 12, 2024 Patched Versions: 6.4 Affected Versions: <= 6.3.2 Vulnerability Details: Name: wpDataTables – Tables & Table Charts (Premium)…

Read More

Import and export users and customers Vulnerability – Authenticated (Administrator+) Stored Cross-Site Scripting – CVE-2024-4656, CVE-2024-4734 | WordPress Plugin Vulnerability Report

Plugin Name: Import and export users and customers Key Information: Software Type: Plugin Software Slug: import-users-from-csv-with-meta Software Status: Active Software Author: carazo Software Downloads: 4,320,707 Active Installs: 80,000 Last Updated: May 14, 2024 Patched Versions: 1.26.7 Affected Versions: <= 1.26.6.1 Vulnerability Details: Name: Import and export users and customers <= 1.26.6.1 – Authenticated (Administrator+) Stored…

Read More

WP Job Manager Vulnerability – Unauthenticated Information Exposure – CVE-2024-34549 | WordPress Plugin Vulnerability Report

Plugin Name: WP Job Manager Key Information: Software Type: Plugin Software Slug: wp-job-manager Software Status: Active Software Author: automattic Software Downloads: 4,332,123 Active Installs: 100,000 Last Updated: May 7, 2024 Patched Versions: 2.3.0 Affected Versions: <= 2.2.2 Vulnerability Details: Name: WP Job Manager <= 2.2.2 – Unauthenticated Information Exposure Type: Information Exposure CVE: CVE-2024-34549 CVSS…

Read More

Hide Dashboard Notifications Vulnerability – Cross-Site Request Forgery – CVE-2024-33683 | WordPress Plugin Vulnerability Report 

Plugin Name: Hide Dashboard Notifications Key Information: Software Type: Plugin Software Slug: wp-hide-backed-notices Software Status: Active Software Author: wprepublic Software Downloads: 168,065 Active Installs: 30,000 Last Updated: May 10, 2024 Patched Versions: 1.3 Affected Versions: <= 1.2.3 Vulnerability Details: Name: Hide Dashboard Notifications <= 1.2.3 Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE: CVE-2024-33683 CVSS Score: 4.3 Publicly Published: April…

Read More