Plugin Updates
Redirection Vulnerability – Missing Authorization – CVE-2024-31435 | WordPress Plugin Vulnerability Report
Plugin Name: Redirection Key Information: Software Type: Plugin Software Slug: redirect-redirection Software Status: Active Software Author: inisev Software Downloads: 329,941 Active Installs: 60,000 Last Updated: April 22, 2024 Patched Versions: 1.2.0 Affected Versions: <= 1.1.9 Vulnerability Details: Name: Inisev Analyst Module <= 1.1.9 Title: Missing Authorization Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVE: CVE-2024-31435 CVSS Score: 4.3 Publicly Published:…
Slider, Gallery, and Carousel by MetaSlider Vulnerability – Responsive WordPress Slideshows – Authenticated (Contributor+) Stored Cross-Site Scripting via metaslider Shortcode – CVE-2024-3285 | WordPress Plugin Vulnerability Report
Plugin Name: Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Slideshows Key Information: Software Type: Plugin Software Slug: ml-slider Software Status: Active Software Author: metaslider Software Downloads: 27,208,376 Active Installs: 600,000 Last Updated: April 22, 2024 Patched Versions: 3.70.1 Affected Versions: <= 3.70.0 Vulnerability Details: Name: Slider, Gallery, and Carousel by MetaSlider <= 3.70.0…
Smash Balloon Social Post Feed Vulnerability – Cross-Site Request Forgery – CVE-2024-31379 | WordPress Plugin Vulnerability Report
Plugin Name: Smash Balloon Social Post Feed Key Information: Software Type: Plugin Software Slug: custom-facebook-feed Software Status: Active Software Author: smub Software Downloads: 7,212,481 Active Installs: 200,000 Last Updated: April 22, 2024 Patched Versions: 4.2.2 Affected Versions: <= 4.2.1 Vulnerability Details: Name: Smash Balloon Social Post Feed <= 4.2.1 Title: Cross-Site Request Forgery Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N…
Spotlight Social Feeds [Block, Shortcode, and Widget] Vulnerability – Cross-Site Request Forgery – CVE-2024-31381 | WordPress Plugin Vulnerability Report
Plugin Name: Spotlight Social Feeds [Block, Shortcode, and Widget] Key Information: Software Type: Plugin Software Slug: spotlight-social-photo-feeds Software Status: Active Software Author: rebelcode Software Downloads: 1,093,293 Active Installs: 60,000 Last Updated: April 22, 2024 Patched Versions: 1.6.11 Affected Versions: <= 1.6.10 Vulnerability Details: Name: Spotlight Social Media Feeds <= 1.6.10 Title: Cross-Site Request Forgery Type:…
The Events Calendar Vulnerability – Cross-Site Request Forgery to Notice Dismissal – CVE-2024-31433 | WordPress Plugin Vulnerability Report
Plugin Name: The Events Calendar Key Information: Software Type: Plugin Software Slug: the-events-calendar Software Status: Active Software Author: theeventscalendar Software Downloads: 56,148,469 Active Installs: 700,000 Last Updated: April 22, 2024 Patched Versions: 6.3.1 Affected Versions: <= 6.3.0 Vulnerability Details: Name: The Events Calendar <= 6.3.0 Title: Cross-Site Request Forgery to Notice Dismissal Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE:…
Ultimate Member Vulnerability – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin – Authenticated (Subscriber+) Stored Cross-Site Scripting – CVE-2024-2765 | WordPress Plugin Vulnerability Report
Plugin Name: Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin Key Information: Software Type: Plugin Software Slug: ultimate-member Software Status: Active Software Author: ultimatemember Software Downloads: 10,060,431 Active Installs: 200,000 Last Updated: April 21, 2024 Patched Versions: 2.8.5 Affected Versions: <= 2.8.4 Vulnerability Details: Name: Ultimate Member <= 2.8.4…
Booking for Appointments and Events Calendar Vulnerability – Amelia – Cross-Site Request Forgery – CVE-2024-31425 | WordPress Plugin Vulnerability Report
Plugin Name: Booking for Appointments and Events Calendar – Amelia Key Information: Software Type: Plugin Software Slug: ameliabooking Software Status: Active Software Author: ameliabooking Software Downloads: 602,133 Active Installs: 60,000 Last Updated: April 24, 2024 Patched Versions: 1.0.96 Affected Versions: <= 1.0.95 Vulnerability Details: Name: Amelia <= 1.0.95 Title: Cross-Site Request Forgery Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE:…
Clone Vulnerability – Missing Authorization – CVE-2024-31435 | WordPress Plugin Vulnerability Report
Plugin Name: Clone Key Information: Software Type: Plugin Software Slug: wp-clone-by-wp-academy Software Status: Active Software Author: migrate Software Downloads: 3,222,101 Active Installs: 80,000 Last Updated: April 24, 2024 Patched Versions: 2.4.4 Affected Versions: <= 2.4.3 Vulnerability Details: Name: Inisev Analyst Module <= 2.4.3 Title: Missing Authorization Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVE: CVE-2024-31435 CVSS Score: 4.3 Publicly Published:…
Favicon by RealFaviconGenerator Vulnerability – Cross-Site Request Forgery to Notice Dismissal – CVE-2024-31422 | WordPress Plugin Vulnerability Report
Plugin Name: Favicon by RealFaviconGenerator Key Information: Software Type: Plugin Software Slug: favicon-by-realfavicongenerator Software Status: Active Software Author: phbernard Software Downloads: 3,235,128 Active Installs: 300,000 Last Updated: April 24, 2024 Patched Versions: 1.3.30 Affected Versions: <= 1.3.29 Vulnerability Details: Name: Favicon <= 1.3.29 Title: Cross-Site Request Forgery to Notice Dismissal Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE: CVE-2024-31422 CVSS…
Import any XML or CSV File to WordPress Vulnerability – Cross-Site Request Forgery to Notice Dismissal – CVE-2024-31939 | WordPress Plugin Vulnerability Report
Plugin Name: Import any XML or CSV File to WordPress Key Information: Software Type: Plugin Software Slug: wp-all-import Software Status: Active Software Author: wpallimport Software Downloads: 3,920,346 Active Installs: 100,000 Last Updated: April 24, 2024 Patched Versions: 3.7.4 Affected Versions: <= 3.7.3 Vulnerability Details: Name: Import any XML or CSV File to WordPress <= 3.7.3…