SiteOrigin Widgets Bundle Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via SiteOrigin Blog Widget – CVE-2024-5090 | WordPress Plugin Vulnerability Report

Plugin Name: SiteOrigin Widgets Bundle Key Information: Software Type: Plugin Software Slug: so-widgets-bundle Software Status: Active Software Author: gpriday Software Downloads: 40,018,306 Active Installs: 600,000 Last Updated: June 19, 2024 Patched Versions: 1.62.0 Affected Versions: <= 1.61.1 Vulnerability Details: Name: SiteOrigin Widgets Bundle <= 1.61.1 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via SiteOrigin Blog Widget…

Read More

WP Reset – Most Advanced WordPress Reset Tool Vulnerability – Missing Authorization to License Key Modification – CVE-2024-4661 | WordPress Plugin Vulnerability Report

Plugin Name: WP Reset – Most Advanced WordPress Reset Tool Key Information: Software Type: Plugin Software Slug: wp-reset Software Status: Active Software Author: webfactory Software Downloads: 7,859,387 Active Installs: 300,000 Last Updated: June 20, 2024 Patched Versions: 2.03 Affected Versions: <= 2.01 Vulnerability Details: Name: WP Reset <= 2.02 Title: Missing Authorization to License Key…

Read More

 Qi Addons For Elementor Vulnerability – Authenticated (Contributor+) Local File Inclusion – CVE-2024-4887 | WordPress Plugin Vulnerability Report

Plugin Name: Qi Addons For Elementor Key Information: Software Type: Plugin Software Slug: qi-addons-for-elementor Software Status: Active Software Author: qodeinteractive Software Downloads: 2,212,748 Active Installs: 200,000 Last Updated: June 20, 2024 Patched Versions: 1.7.3 Affected Versions: <= 1.7.2 Vulnerability Details: Name: Qi Addons For Elementor <= 1.7.2 Title: Authenticated (Contributor+) Local File Inclusion Type: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H …

Read More

 Tutor LMS – eLearning and online course solution Vulnerability – Authenticated (Instructor+) Insecure Direct Object Reference to Arbitrary Quiz Attempt Deletion & Authenticated (Administrator+) SQL Injection – CVE-2024-5438, CVE-2024-4902 | WordPress Plugin Vulnerability Report

Plugin Name: Tutor LMS – eLearning and online course solution Key Information: Software Type: Plugin Software Slug: tutor Software Status: Active Software Author: themeum Software Downloads: 2,142,088 Active Installs: 90,000 Last Updated: June 20, 2024 Patched Versions: 2.7.2 Affected Versions: <= 2.7.1 Vulnerability 1 Details: Name: Tutor LMS – eLearning and online course solution <=…

Read More

EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via EmbedPress PDF Widget – CVE-2024-5571 | WordPress Plugin Vulnerability Report

Plugin Name: EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor Key Information: Software Type: Plugin Software Slug: embedpress Software Status: Active Software Author: wpdevteam Software Downloads: 2,721,459 Active Installs: 90,000 Last Updated: June 18, 2024 Patched Versions:4.0.2 Affected Versions: <= 4.0.1 Vulnerability…

Read More

Newsletter Vulnerability – Unauthenticated Stored Cross-Site Scripting via np1 – CVE-2024-5317 | WordPress Plugin Vulnerability Report

Plugin Name: Newsletter – Send awesome emails from WordPress Key Information: Software Type: Plugin Software Slug: newsletter Software Status: Active Software Author: satollo Software Downloads: 25,847,810 Active Installs: 300,000 Last Updated: June 18, 2024 Patched Versions: 8.3.5 Affected Versions: <= 8.3.4 Vulnerability Details: Name: Newsletter <= 8.3.4 Title: Unauthenticated Stored Cross-Site Scripting via np1 Type:…

Read More

Advanced iFrame Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-4365 | WordPress Plugin Vulnerability Report

Plugin Name: Advanced iFrame Key Information: Software Type: Plugin Software Slug: advanced-iframe Software Status: Active Software Author: mdempfle Software Downloads: 1,950,020 Active Installs: 60,000 Last Updated: May 22, 2024 Patched Versions: 2024.4 Affected Versions: <= 2024.3 Vulnerability Details: Name: Advanced iFrame <= 2024.3 – Authenticated (Contributor+) Stored Cross-Site Scripting Type: Improper Neutralization of Input During…

Read More

Post SMTP Vulnerability – Authenticated (Administrator+) SQL Injection – CVE-2024-5207 | WordPress Plugin Vulnerability Report

Plugin Name: Post SMTP Key Information: Software Type: Plugin Software Slug: post-smtp Software Status: Active Software Author: wpexpertsio Software Downloads: 12,562,258 Active Installs: 400,000 Last Updated: May 22, 2024 Patched Versions: 2.9.4 Affected Versions: <=2.9.3 Vulnerability Details: Name: POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress <= 2.9.3…

Read More

SiteOrigin Widgets Bundle Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via ‘siteorigin_widget’ Shortcode – CVE-2024-4362 | WordPress Plugin Vulnerability Report

Plugin Name: SiteOrigin Widgets Bundle Key Information: Software Type: Plugin Software Slug: so-widgets-bundle Software Status: Active Software Author: gpriday Software Downloads: 39,647,522 Active Installs: 600,000 Last Updated: May 21, 2024 Patched Versions: 1.61.0 Affected Versions: <= 1.60.0 Vulnerability Details: Name: SiteOrigin Widgets Bundle <= 1.60.0 – Authenticated (Contributor+) Stored Cross-Site Scripting via ‘siteorigin_widget’ Shortcode Type:…

Read More

Elementor Website Builder Vulnerability – Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting – CVE-2024-4619 | WordPress Plugin Vulnerability Report

Plugin Name: Elementor Website Builder Key Information: Software Type: Plugin Software Slug: elementor Software Status: Active Software Author: elemntor Software Downloads: 443,549,337 Active Installs: 10,000,000 Last Updated: May 20, 2024 Patched Versions: 3.21.6 Affected Versions: <= 3.21.5 Vulnerability Details: Name: Elementor Website Builder – More than Just a Page Builder <= 3.21.5 – Authenticated (Contributor+)…

Read More