Plugin Update
Premium Addons for Elementor – Authenticated Stored Cross-Site Scripting via Link Wrapper – CVE-2024-0326 | WordPress Plugin Vulnerability Report
Plugin Name: Premium Addons for Elementor Key Information: Software Type: Plugin Software Slug: premium-addons-for-elementor Software Status: Active Software Author: leap13 Software Downloads: 30,089,290 Active Installs: 700,000 Last Updated: March 13, 2024 Patched Versions: 4.0.18 Affected Versions: <= 4.0.17 Vulnerability Details: Name: Premium Addons for Elementor <= 4.0.17 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via Link…
Prime Slider Vulnerability – Authenticated Stored Cross-Site Scripting via Rubix Widget – CVE-2024-1507 | WordPress Plugin Vulnerability Report –
Plugin Name: Prime Slider – Addons For Elementor Key Information: Software Type: Plugin Software Slug: bdthemes-prime-slider-lite Software Status: Active Software Author: bdthemes Software Downloads: 2,042,074 Active Installs: 100,000 Last Updated: March 13, 2024 Patched Versions: 3.13.3 Affected Versions: <= 3.13.2 Vulnerability Details: Name: Prime Slider – Addons For Elementor <= 3.13.2 Title: Authenticated (Contributor+) Stored…
Elementor Header & Footer Builder Vulnerability – Authenticated Stored Cross-Site Scripting – CVE-2024-1237 | WordPress Plugin Vulnerability Report
Plugin Name: Elementor Header & Footer Builder Key Information: Software Type: Plugin Software Slug: header-footer-elementor Software Status: Active Software Author: brainstormforce Software Downloads: 24,612,698 Active Installs: 1,000,000 Last Updated: March 13, 2024 Patched Versions: 1.6.25 Affected Versions: <= 1.6.24 Vulnerability Details: Name: Elementor Header & Footer Builder <= 1.6.24 Title: Authenticated (Contributor+) Stored Cross-Site Scripting…
Essential Addons for Elementor Vulnerability- Authenticated Stored Cross-Site Scripting via Data Table – CVE-2024-1537 |WordPress Plugin Vulnerability Report
Plugin Name: Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders Key Information: Software Type: Plugin Software Slug: essential-addons-for-elementor-lite Software Status: Active Software Author: wpdevteam Software Downloads: 67,142,962 Active Installs: 2,000,000 Last Updated: March 13, 2024 Patched Versions: 5.9.10 Affected Versions: <= 5.9.9 Vulnerability Details: Name: Essential Addons for Elementor <=…
Site Reviews Vulnerability – Authenticated Stored Cross-Site Scripting via Display Name – CVE-2024-2293 | WordPress Plugin Vulnerability Report
Plugin Name: Site Reviews Key Information: Software Type: Plugin Software Slug: site-reviews Software Status: Active Software Author: geminilabs Software Downloads: 2,210,571 Active Installs: 60,000 Last Updated: March 13, 2024 Patched Versions: 6.11.7 Affected Versions: <= 6.11.4 Vulnerability Details: Name: Site Reviews <= 6.11.4 Title: Authenticated(Subscriber+) Stored Cross-Site Scripting via Display Name Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N CVE: CVE-2024-2293…
Colibri Page Builder Vulnerability – Missing Authorization – CVE-2024-1870 | WordPress Plugin Vulnerability Report
Plugin Name: Colibri Page Builder Key Information: Software Type: Plugin Software Slug: colibri-page-builder Software Status: Active Software Author: extendthemes Software Downloads: 2,440,741 Active Installs: 100,000 Last Updated: March 13, 2024 Patched Versions: 1.0.263 Affected Versions: <= 1.0.260 Vulnerability Details: Name: Colibri Page Builder <= 1.0.260 Title: Missing Authorization Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVE: CVE-2024-1870 CVSS Score: 4.3…
Ultimate Member Vulnerability – Unauthenticated Stored Cross-Site Scripting – CVE-2024-2123 |WordPress Plugin Vulnerability Report
Plugin Name: Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin Key Information: Software Type: Plugin Software Slug: ultimate-member Software Status: Active Software Author: ultimatemember Software Downloads: 9,871,019 Active Installs: 200,000 Last Updated: March 12, 2024 Patched Versions: 2.8.4 Affected Versions: <= 2.8.3 Vulnerability Details: Name: Ultimate Member <= 2.8.3…
SiteOrigin Widgets Bundle Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-1723 | WordPress Plugin Vulnerability Report
Plugin Name: SiteOrigin Widgets Bundle Key Information: Software Type: Plugin Software Slug: so-widgets-bundle Software Status: Active Software Author: gpriday Software Downloads: 38,486,908 Active Installs: 600,000 Last Updated: March 7, 2024 Patched Versions: 1.58.8 Affected Versions: <= 1.58.7 Vulnerability Details: Name: SiteOrigin Widgets Bundle <= 1.58.7 Title: Authenticated (Contributor+) Stored Cross-Site Scripting Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N CVE: CVE-2024-1723…
Calculated Fields Form Vulnerability – Unauthenticated Stored Cross-Site Scripting – CVE-2024-2020 | WordPress Plugin Vulnerability Report
Plugin Name: Calculated Fields Form Key Information: Software Type: Plugin Software Slug: calculated-fields-form Software Status: Active Software Author: codepeople Software Downloads: 6,626,617 Active Installs: 60,000 Last Updated: March 1, 2024 Patched Versions: 5.1.57 Affected Versions: <= 5.1.56 Vulnerability Details: Name: Calculated Fields Form Professional <= 5.1.56 Title: Unauthenticated Stored Cross-Site Scripting Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N CVE: CVE-2024-2020…
Migration, Backup, Staging Vulnerability– WPvivid – Missing Authorization – CVE-2024-1982 | WordPress Plugin Vulnerability Report
Plugin Name: Migration, Backup, Staging – WPvivid Key Information: Software Type: Plugin Software Slug: wpvivid-backuprestore Software Status: Active Software Author: wpvividplugins Software Downloads: 6,465,323 Active Installs: 400,000 Last Updated: February 28, 2024 Patched Versions: 0.9.69 Affected Versions: <= 0.9.68 Vulnerability Details: Name: WPvivid Backup and Migration <= 0.9.68 Title: Missing Authorization Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L CVE: CVE-2024-1982…