Orbit Fox by ThemeIsle Vulnerability – Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload – CVE-2024-7778 | WordPress Plugin Vulnerability Report

Plugin Name: Orbit Fox by ThemeIsle Key Information: Software Type: Plugin Software Slug: themeisle-companion Software Status: Active Software Author: themeisle Software Downloads: 11,901,676 Active Installs: 200,000 Last Updated: August 23, 2024 Patched Versions: 2.10.37 Affected Versions: <= 2.10.36 Vulnerability Details: Name: Orbit Fox by ThemeIsle <= 2.10.36 Title: Authenticated (Author+) Stored Cross-Site Scripting via SVG…

Read More

The Plus Addons for Elementor Vulnerability- Multiple Stored Cross-Site Scripting Vulnerabilities – CVE-2024-6575 and CVE-2024-5763 | WordPress Plugin Vulnerability Report

Plugin Name: The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce Key Information: Software Type: Plugin Software Slug: the-plus-addons-for-elementor-page-builder Software Status: Active Software Author: posimyththemes Software Downloads: 2,607,204 Active Installs: 100,000 Last Updated: August 19, 2024 Patched Versions: 5.6.3 Affected Versions: <= 5.6.2 Vulnerability 1 Details: Name: The Plus Addons…

Read More

Happy Addons for Elementor Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via PDF View Widget – CVE-2024-6627 | WordPress Plugin Vulnerability Report

Plugin Name: Happy Addons for Elementor Key Information: Software Type: Plugin Software Slug: happy-elementor-addons Software Status: Active Software Author: thehappymonster Software Downloads: 7,563,441 Active Installs: 400,000 Last Updated: July 29, 2024 Patched Versions: 3.11.3 Affected Versions: <= 3.11.2 Vulnerability Details: Name: Happy Addons for Elementor <= 3.11.2 Type: Authenticated (Contributor+) Stored Cross-Site Scripting via PDF…

Read More

Royal Elementor Addons and Templates Vulnerability – Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Magazine Grid/Slider Widget – CVE-2024-5818 | WordPress Plugin Vulnerability Report

Plugin Name: Royal Elementor Addons and Templates Key Information: Software Type: Plugin Software Slug: royal-elementor-addons Software Status: Active Software Author: wproyal Software Downloads: 6,367,071 Active Installs: 400,000 Last Updated: July 29, 2024 Patched Versions: 1.3.981 Affected Versions: <= 1.3.980 Vulnerability Details: Name: Royal Elementor Addons and Templates <= 1.3.980 Type: Authenticated (Contributor+) DOM-Based Stored Cross-Site…

Read More

Security Optimizer Vulnerability – Missing Authorization via hide_notice() – CVE-2024-38774 | WordPress Plugin Vulnerability Report

Plugin Name: Security Optimizer – The All-In-One Protection Plugin Key Information: Software Type: Plugin Software Slug: sg-security Software Status: Active Software Author: siteground Software Downloads: 22,051,479 Active Installs: 1,000,000 Last Updated: July 29, 2024 Patched Versions: 1.5.1 Affected Versions: <= 1.5.0 Vulnerability Details: Name: Security Optimizer – The All-In-One Protection Plugin <= 1.5.0 Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N…

Read More

ElementsKit Elementor Addons Vulnerability – Unauthenticated Information Exposure via ekit_widgetarea_content Function – CVE-2024-6455 | WordPress Plugin Vulnerability Report

Plugin Name: ElementsKit Elementor addons Key Information: Software Type: Plugin Software Slug: elementskit-lite Software Status: Active Software Author: xpeedstudio Software Downloads: 21,730,790 Active Installs: 1,000,000 Last Updated: July 29, 2024 Patched Versions: 3.2.1 Affected Versions: <= 3.2.0 Vulnerability Details: Name: ElementsKit Elementor addons <= 3.2.0 Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE: CVE-2024-6455 CVSS Score: 5.4 Publicly Published: July…

Read More

Premium Addons for Elementor Vulnerability – Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Animated Text Widget – CVE-2024-6495 | WordPress Plugin Vulnerability Report

Plugin Name: Premium Addons for Elementor Key Information: Software Type: Plugin Software Slug: premium-addons-for-elementor Software Status: Active Software Author: leap13 Software Downloads: 33,726,442 Active Installs: 700,000 Last Updated: July 27, 2024 Patched Versions: 4.10.37 Affected Versions: <= 4.10.36 Vulnerability Details: Name: Premium Addons for Elementor <= 4.10.36 Type: Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via…

Read More

Duplicator – Migration & Backup Plugin Vulnerability – Full Path Disclosure – CVE-2024-6210 | WordPress Plugin Vulnerability Report

Plugin Name: Duplicator – Migration & Backup Plugin Key Information: Software Type: Plugin Software Slug: duplicator Software Status: Active Software Author: smub Software Downloads: 43,284,982 Active Installs: 1,000,000 Last Updated: July 29, 2024 Patched Versions: 1.5.10 Affected Versions: <= 1.5.9 Vulnerability Details: Name: Duplicator <= 1.5.9 Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE: CVE-2024-6210 CVSS Score: 5.3 Publicly Published:…

Read More

Ocean Extra Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-37489 | WordPress Plugin Vulnerability Report

Plugin Name: Ocean Extra Key Information: Software Type: Plugin Software Slug: ocean-extra Software Status: Active Software Author: oceanwp Software Downloads: 21,640,506 Active Installs: 600,000 Last Updated: July 26, 2024 Patched Versions: 2.3.0 Affected Versions: <= 2.2.9 Vulnerability Details: Name: Ocean Extra <= 2.2.9 Type: Authenticated (Contributor+) Stored Cross-Site Scripting CVE: CVE-2024-37489 CVSS Score: 6.4 Publicly…

Read More

WooCommerce Vulnerability – Authenticated (Shop Manager+) Content Injection – CVE-2024-35777 | WordPress Plugin Vulnerability Report

Plugin Name: WooCommerce Key Information: Software Type: Plugin Software Status: Active Software Author: woocommerce Software Downloads: 322,936,863 Active Installs: 7,000,000 Last Updated: July 11, 2024 Patched Versions: 9.0.0 Affected Versions: <= 8.9.2 Vulnerability Details: Name: WooCommerce <= 8.9.2 Title: Authenticated (Shop Manager+) Content Injection Type: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N CVE: CVE-2024-35777 CVSS Score: 2.7 Publicly Published: June 27,…

Read More