User Feedback Vulnerability – Unauthenticated Stored Cross-Site Scripting – CVE-2024-0903 | WordPress Plugin Vulnerability Report

Plugin Name: User Feedback Key Information: Software Type: Plugin Software Slug: userfeedback-lite Software Status: Active Software Author: smub Software Downloads: 1,054,695 Active Installs: 200,000 Last Updated: February 21, 2024 Patched Versions: 1.0.14 Affected Versions: <= 1.0.13 Vulnerability Details: Name: User Feedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds <= 1.0.13 – Unauthenticated Stored Cross-Site Scripting Title: Unauthenticated Stored Cross-Site Scripting Type: Improper Neutralization…

Read More

SiteOrigin Widgets Bundle Vulnerability- Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-1058 | WordPress Plugin Vulnerability Report

Plugin Name: SiteOrigin Widgets Bundle Key Information: Software Type: Plugin Software Slug: so-widgets-bundle Software Status: Active Software Author: gpriday Software Downloads: 37,808,389 Active Installs: 600,000 Last Updated: February 16, 2024 Patched Versions: 1.58.4 Affected Versions: <= 1.58.3 Vulnerability Details: Name: SiteOrigin Widgets Bundle <= 1.58.3 Title: Authenticated (Contributor+) Stored Cross-Site Scripting Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N CVE: CVE-2024-1058…

Read More

WP Recipe Maker Vulnerability- Missing Authorization to Authenticated SQL Injection – CVE-2024-1206 |WordPress Plugin Vulnerability Report

Plugin Name: WP Recipe Maker Key Information: Software Type: Plugin Software Slug: wp-recipe-maker Software Status: Active Software Author: brechtvds Software Downloads: 2,598,010 Active Installs: 50,000 Last Updated: February 13, 2024 Patched Versions: 9.2.0 Affected Versions: <= 9.1.2 Vulnerability Details: Name: WP Recipe Maker <= 9.1.2 Title: Missing Authorization to Authenticated (Subscriber+) SQL Injection Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H…

Read More

WP Shortcodes Plugin Vulnerability— Shortcodes Ultimate – Authenticated Stored Cross-Site Scripting via shortcode – CVE-2024-0792 |WordPress Plugin Vulnerability Report 

Plugin Name: WP Shortcodes Plugin — Shortcodes Ultimate Key Information: Software Type: Plugin Software Slug: shortcodes-ultimate Software Status: Active Software Author: gn_themes Software Downloads: 18,460,707 Active Installs: 600,000 Last Updated: February 12, 2024 Patched Versions: 7.0.2 Affected Versions: <= 7.0.1 Vulnerability Details: Name: WP Shortcodes Plugin — Shortcodes Ultimate <= 7.0.1 Title: Authenticated(Contributor+) Stored Cross-Site…

Read More

RSS Aggregator Vulnerability– RSS Import, News Feeds, Feed to Post, and Autoblogging – Authenticated (Admin+) Server-Side Request Forgery via RSS Feed Source – CVE-2024-0628 | WordPress Plugin Vulnerability Report 

Plugin Name: RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging Key Information: Software Type: Plugin Software Slug: wp-rss-aggregator Software Status: Active Software Author: jeangalea Software Downloads: 2,636,080 Active Installs: 60,000 Last Updated: February 13, 2024 Patched Versions: 4.23.6 Affected Versions: 4.23.5 – 4.23.5 Vulnerability Details: Name: WP RSS Aggregator <= 4.23.5…

Read More

Starbox Vulnerability– the Author Box for Humans – Authenticated (Subscriber+) Stored Cross-Site Scripting via Job Settings – CVE-2023-6806 | WordPress Plugin Vulnerability Report 

Plugin Name: Starbox – the Author Box for Humans Key Information: Software Type: Plugin Software Slug: starbox Software Status: Active Software Author: cifi Software Downloads: 449,615 Active Installs: 50,000 Last Updated: February 13, 2024 Patched Versions: 3.5.0 Affected Versions: <= 3.4.8 Vulnerability Details: Name: Starbox <= 3.4.8 Title: Authenticated (Subscriber+) Stored Cross-Site Scripting via Job…

Read More

AMP for WP Vulnerability– Accelerated Mobile Pages – Authenticated Arbitrary Post Deletion via amppb_remove_saved_layout_data – CVE-2024-1043 |WordPress Plugin Vulnerability Report

Key Information: Software Type: Plugin Software Slug: accelerated-mobile-pages Software Status: Active Software Author: mohammed_kaludi Software Downloads: 17,665,548 Active Installs: 100,000 Last Updated: February 13, 2024 Patched Versions: 1.0.93.2 Affected Versions: <= 1.0.93.1 Vulnerability Details: Name: AMP for WP <= 1.0.93.1 Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE: CVE-2024-1043 CVSS Score: 6.5 Publicly Published: February 6, 2024 Researcher: Sean Murphy…

Read More

 Customer Reviews for WooCommerce Vulnerability – Improper Authorization via submit_review – CVE-2024-1044 | WordPress Plugin Vulnerability Report

Plugin Name: Customer Reviews for WooCommerce Key Information: Software Type: Plugin Software Slug: customer-reviews-woocommerce Software Status: Active Software Author: ivole Software Downloads: 3,898,158 Active Installs: 60,000 Last Updated: February 13, 2024 Patched Versions: 5.39.0 Affected Versions: <= 5.38.12 Vulnerability Details: Name: Customer Reviews for WooCommerce <= 5.38.12 Title: Improper Authorization via submit_review Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE:…

Read More

PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-1055 | WordPress Plugin Vulnerability Report

Plugin Name: PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) Key Information: Software Type: Plugin Software Slug: powerpack-lite-for-elementor Software Status: Active Software Author: ideaboxcreations Software Downloads: 2,129,545 Active Installs: 100,000 Last Updated: February 13, 2024 Patched Versions: 2.7.15 Affected Versions: <= 2.7.14 Vulnerability Details: Name: PowerPack Addons for Elementor <= 2.7.14 Title: Authenticated (Contributor+)…

Read More