Plugin Update
WooCommerce Vulnerability – Authenticated (Shop Manager+) Content Injection – CVE-2024-35777 | WordPress Plugin Vulnerability Report
Plugin Name: WooCommerce Key Information: Software Type: Plugin Software Status: Active Software Author: woocommerce Software Downloads: 322,936,863 Active Installs: 7,000,000 Last Updated: July 11, 2024 Patched Versions: 9.0.0 Affected Versions: <= 8.9.2 Vulnerability Details: Name: WooCommerce <= 8.9.2 Title: Authenticated (Shop Manager+) Content Injection Type: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N CVE: CVE-2024-35777 CVSS Score: 2.7 Publicly Published: June 27,…
ElementsKit Elementor addons Vulnerability – Missing Authorization – CVE-2024-37255 | WordPress Plugin Vulnerability Report
Plugin Name: ElementsKit Elementor addons Key Information: Software Type: Plugin Software Slug: elementskit-lite Software Status: Active Software Author: xpeedstudio Software Downloads: 20,999,885 Active Installs: 1,000,000 Last Updated: July 22, 2024 Patched Versions: 3.2.0 Affected Versions: <= 3.1.4 Vulnerability Details: Name: ElementsKit Elementor addons <= 3.1.4 Title: Missing Authorization Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE: CVE-2024-37255 CVSS Score: 5.3…
File Manager Vulnerability – Missing Authorization – CVE-2024-37254 | WordPress Plugin Vulnerability Report
Plugin Name: File Manager Key Information: Software Type: Plugin Software Slug: wp-file-manager Software Status: Active Software Author: mndpsingh287 Software Downloads: 24,013,163 Active Installs: 1,000,000 Last Updated: July 19, 2024 Patched Versions: 7.2.8 Affected Versions: <= 7.2.7 Vulnerability Details: Name: File Manager <= 7.2.7 Type: Missing Authorization CVE: CVE-2024-37254 CVSS Score: 4.3 Publicly Published: June 27,…
SiteGuard WP Plugin Vulnerability – Login Page Disclosure – CVE-2024-37881 | WordPress Plugin Vulnerability Report
Plugin Name: SiteGuard WP Plugin Key Information: Software Type: Plugin Software Slug: siteguard Software Status: Active Software Author: jp-secure Software Downloads: 4,227,647 Active Installs: 500,000 Last Updated: July 26, 2024 Patched Versions: 1.7.7 Affected Versions: <= 1.7.6 Vulnerability Details: Name: SiteGuard WP Plugin <= 1.7.6 Title: Login Page Disclosure Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE: CVE-2024-37881 CVSS Score:…
Solid Security – Password, Two Factor Authentication, and Brute Force Protection Vulnerability – IP Address Spoofing to Denial of Service – CVE-2022-44593 | WordPress Plugin Vulnerability Report
Plugin Name: Solid Security – Password, Two Factor Authentication, and Brute Force Protection Key Information: Software Type: Plugin Software Slug: better-wp-security Software Status: Active Software Author: ithemes Software Downloads: 31,710,465 Active Installs: 900,000 Last Updated: July 22, 2024 Patched Versions: 9.3.2 Affected Versions: <= 9.3.1 Vulnerability Details: Name: Solid Security <= 9.3.1 Title: IP Address…
Smush Image Optimization – Optimize Images | Compress & Lazy Load Images | Convert WebP | Image CDN Vulnerability – Missing Authorization to Resmush List Deletion – CVE-2023-3352 | WordPress Plugin Vulnerability Report
Plugin Name: Smush Image Optimization – Optimize Images | Compress & Lazy Load Images | Convert WebP | Image CDN Key Information: Software Type: Plugin Software Slug: wp-smushit Software Status: Active Software Author: wpmudev Software Downloads: 54,994,090 Active Installs: 1,000,000 Last Updated: July 22, 2024 Patched Versions: 3.16.5 Affected Versions: <= 3.16.4 Vulnerability Details: Name:…
Easy Table of Contents Vulnerability- Authenticated (Editor+) Stored Cross-Site Scripting – CVE-2024-6334 |WordPress Plugin Vulnerability Report
Plugin Name: Easy Table of Contents Key Information: Software Type: Plugin Software Slug: easy-table-of-contents Software Status: Active Software Author: magazine3 Software Downloads: 12,901,982 Active Installs: 500,000 Last Updated: July 26, 2024 Patched Versions: 2.0.67.1 Affected Versions: <= 2.0.67 Vulnerability Details: Name: Easy Table of Contents <= 2.0.67 Title: Authenticated (Editor+) Stored Cross-Site Scripting Type: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N…
Simple Sitemap Vulnerability – Cross-Site Request Forgery via admin_notices – CVE-2023-6492 | WordPress Plugin Vulnerability Report
Plugin Name: Simple Sitemap – Create a Responsive HTML Sitemap Key Information: Software Type: Plugin Software Slug: simple-sitemap Software Status: Active Software Author: dgwyer Software Downloads: 1,541,369 Active Installs: 90,000 Last Updated: July 2, 2024 Patched Versions: 3.5.14 Affected Versions: <= 3.5.13 Vulnerability Details: Name: Simple Sitemap <= 3.5.13 Title: Cross-Site Request Forgery via admin_notices…
WP Mobile Menu – The Mobile-Friendly Responsive Menu Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Image Alt – CVE-2024-3987 | WordPress Plugin Vulnerability Report
Plugin Name: WP Mobile Menu – The Mobile-Friendly Responsive Menu Key Information: Software Type: Plugin Software Slug: mobile-menu Software Status: Active Software Author: takanakui Software Downloads: 1,864,233 Active Installs: 100,000 Last Updated: June 18, 2024 Patched Versions: 2.8.4.3 Affected Versions: <= 2.8.4.2 Vulnerability Details: Name: WP Mobile Menu – The Mobile-Friendly Responsive Menu <= 2.8.4.2…
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) Vulnerability – Authenticated (Contributor+) Information Exposure, Blind SQL Injection – CVE-2024-35674, CVE-2024-5329 | WordPress Plugin Vulnerability Report
Plugin Name: Unlimited Elements For Elementor (Free Widgets, Addons, Templates) Key Information: Software Type: Plugin Software Slug: unlimited-elements-for-elementor Software Status: Active Software Author: unitecms Software Downloads: 8,821,358 Active Installs: 200,000 Last Updated: June 20, 2024 Patched Versions: 1.5.110 Affected Versions: <= 1.5.109 Vulnerability 1 Details: Name: Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <=…