WP Encryption Vulnerability – One Click Free SSL Certificate & SSL / HTTPS Redirect to Force HTTPS – Sensitive Information Exposure via Insufficiently Protected Files – CVE-2023-7046 | WordPress Plugin Vulnerability Report

Plugin Name: WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to Force HTTPS, Security+ Key Information: Software Type: Plugin Software Slug: wp-letsencrypt-ssl Software Status: Active Software Author: gowebsmarty Software Downloads: 2,018,679 Active Installs: 60,000 Last Updated: April 16, 2024 Patched Versions: 7.1.0 Affected Versions: <= 7.0 Vulnerability Details: Name: WP…

Read More

Sydney Toolbox Vulnerability – Authenticated Stored Cross-Site Scripting via Filterable Gallery – CVE-2024-3208 | WordPress Plugin Vulnerability Report

Plugin Name: Sydney Toolbox Key Information: Software Type: Plugin Software Slug: sydney-toolbox Software Status: Active Software Author: athemes Software Downloads: 2,211,650 Active Installs: 80,000 Last Updated: April 8, 2024 Patched Versions: 1.29 Affected Versions: <= 1.28 Vulnerability Details: Name: Sydney Toolbox <= 1.28 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via Filterable Gallery Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N CVE:…

Read More

WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels Vulnerability – Missing Authorization to Unauthenticated Settings Reset – CVE-2024-3216 | WordPress Plugin Vulnerability Report

Plugin Name: WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels Key Information: Software Type: Plugin Software Slug: print-invoices-packing-slip-labels-for-woocommerce Software Status: Active Software Author: webtoffee Software Downloads: 1,383,697 Active Installs: 50,000 Last Updated: April 8, 2024 Patched Versions: 4.4.3 Affected Versions: <= 4.4.2 Vulnerability Details: Name: WooCommerce PDF Invoices, Packing Slips, Delivery Notes and…

Read More

Image Watermark Vulnerability – Missing Authorization to Authenticated (Subscriber+) Watermark Modification – CVE-2024-1994 | WordPress Plugin Vulnerability Report

Plugin Name: Image Watermark Key Information: Software Type: Plugin Software Slug: image-watermark Software Status: Active Software Author: dfactory Software Downloads: 842,453 Active Installs: 50,000 Last Updated: April 10, 2024 Patched Versions: 1.7.4 Affected Versions: <= 1.7.3 Vulnerability Details: Name: Image Watermark <= 1.7.3 Title: Missing Authorization to Authenticated (Subscriber+) Watermark Modification Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVE: CVE-2024-1994…

Read More

ShopLentor Vulnerability – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) – Authenticated Stored Cross-site Scripting via QR Code Widget – CVE-2024-2946 | WordPress Plugin Vulnerability Report

Plugin Name: ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) Key Information: Software Type: Plugin Software Slug: woolentor-addons Software Status: Active Software Author: devitemsllc Software Downloads: 3,355,176 Active Installs: 100,000 Last Updated: April 4, 2024 Patched Versions: 2.8.5 Affected Versions: <= 2.8.4 Vulnerability Details: Name: ShopLentor…

Read More

ShopLentor Vulnerability – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) – Authenticated Stored Cross-site Scripting via QR Code Widget – CVE-2024-2946 | WordPress Plugin Vulnerability Report 

Plugin Name: ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) Key Information: Software Type: Plugin Software Slug: woolentor-addons Software Status: Active Software Author: devitemsllc Software Downloads: 3,355,176 Active Installs: 100,000 Last Updated: April 4, 2024 Patched Versions: 2.8.5 Affected Versions: <= 2.8.4 Vulnerability Details: Name: ShopLentor…

Read More

Relevanssi Vulnerability – A Better Search – Multiple Vulnerabilities – CVE-2024-3213 & CVE-2024-3214 | WordPress Plugin Vulnerability Report

Plugin Name: Relevanssi – A Better Search Key Information: Software Type: Plugin Software Slug: relevanssi Software Status: Active Software Author: msaari Software Downloads: 6,389,194 Active Installs: 100,000 Last Updated: April 4, 2024 Patched Versions: 4.22.2 Affected Versions: <= 4.22.1 Vulnerability Details:  Vulnerability 1: Missing Authorization to Unauthenticated Count Option Update Type: Insecure Direct Object Reference…

Read More

File Manager Vulnerability – Authenticated Directory Traversal – CVE-2024-2654 | WordPress Plugin Vulnerability Report

Plugin Name: File Manager Key Information: Software Type: Plugin Software Slug: wp-file-manager Software Status: Active Software Author: mndpsingh287 Software Downloads: 21,240,440 Active Installs: 1,000,000 Last Updated: April 3, 2024 Patched Versions: 7.2.6 Affected Versions: <= 7.2.5 Vulnerability Details: Name: File Manager <= 7.2.5 Title: Authenticated (Administrator+) Directory Traversal Type: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N CVE: CVE-2024-2654 CVSS Score: 6.4…

Read More

Beaver Builder Vulnerability – WordPress Page Builder – Authenticated Stored Cross-Site Scripting via Button – CVE-2024-2925 | WordPress Plugin Vulnerability Report 

Plugin Name: Beaver Builder – WordPress Page Builder Key Information: Software Type: Plugin Software Slug: beaver-builder-lite-version Software Status: Active Software Author: justinbusa Software Downloads: 9,939,163 Active Installs: 10,000 Last Updated: April 3, 2024 Patched Versions: 2.8.0.7 Affected Versions: <= 2.8.0.5 Vulnerability Details: Name: Beaver Builder – WordPress Page Builder <= 2.8.0.5 Title: Authenticated (Contributor+) Stored…

Read More

BoldGrid Easy SEO Vulnerability – Authenticated(Contributor+) Stored Cross-Site Scripting via Meta Description – CVE-2024-1692 |WordPress Plugin Vulnerability Report

Plugin Name: BoldGrid Easy SEO – Simple and Effective SEO Key Information: Software Type: Plugin Software Slug: boldgrid-easy-seo Software Status: Active Software Author: boldgrid Software Downloads: 692,441 Active Installs: 70,000 Last Updated: April 1, 2024 Patched Versions: 1.6.14 Affected Versions: <= 1.6.13 Vulnerability Details: Name: BoldGrid Easy SEO – Simple and Effective SEO <= 1.6.13…

Read More