Plugin Updates
Pagelayer Vulnerability – Authenticated(Contributor+) Stored Cross-Site Scripting via meta fields – CVE-2023-6738 | WordPress Plugin Vulnerability Report
Plugin Name: Pagelayer Key Information: Software Type: Plugin Software Slug: pagelayer Software Status: Active Software Author: softaculous Software Downloads: 5,480,305 Active Installs: 200,000 Last Updated: January 3, 2024 Patched Versions: 1.7.9 Affected Versions: <= 1.7.8 Vulnerability Details: Name: PageLayer <= 1.7.8 – Authenticated(Contributor+) Stored Cross-Site Scripting via meta fields Title: Authenticated(Contributor+) Stored Cross-Site Scripting via meta fields Type: Improper Input Validation CVE: CVE-2023-6738 CVSS Score: 5.4 (Medium) Publicly Published: January…
Essential Addons for Elementor Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2023-7044 | WordPress Plugin Vulnerability Report
Plugin Name: Essential al Addons for Elementor Key Information: Software Type: Plugin Software Slug: essential-addons-for-elementor-lite Software Status: Active Software Author: wpdevteam Software Downloads: 62,990,243 Active Installs: 1,000,000 Last Updated: January 3, 2024 Patched Versions: 5.9.3 Affected Versions: <= 5.9.2 Vulnerability Details: Name: Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders…
WP Shortcodes Plugin Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2023-6488 | WordPress Plugin Vulnerability Report
Plugin Name: WP Shortcodes Plugin Key Information: Software Type: Plugin Software Slug: shortcodes-ultimate Software Status: Active Software Author: gn_themes Software Downloads: 18,131,157 Active Installs: 600,000 Last Updated: December 18, 2023 Patched Versions: <= 7.0.0 Affected Versions: 7.0.1 Vulnerability Details: Name: WP Shortcodes Plugin – Shortcodes Ultimate <= 7.0.0 – Authenticated (Contributor+) Stored Cross-Site Scripting Title: Authenticated (Contributor+) Stored Cross-Site Scripting Type: Improper Neutralization of Input During Web…
Post Grid Combo Vulnerability – Authenticated (Contributor+) Cross-Site Scripting – CVE-2023-6645 | WordPress Plugin Vulnerability Report
Plugin Name: Post Grid Combo Key Information: Software Type: Plugin Software Slug: post-grid Software Status: Active Software Author: pickplugins Software Downloads: 2,566,872 Active Installs: 50,000 Last Updated: December 15, 2023 Patched Versions: 2.2.65 Affected Versions: <= 2.2.64 Vulnerability Details: Name: Post Grid Combo – 36+ Gutenberg Blocks <= 2.2.64 – Authenticated (Contributor+) Cross-Site Scripting Title: Authenticated (Contributor+) Cross-Site Scripting Type: Improper Neutralization of Script-Related HTML Tags in…
WordPress Plugin Vulnerability Report – Abandoned Cart Lite for WooCommerce – Cross-Site Request Forgery
Plugin Name: Abandoned Cart Lite for WooCommerce Key Information: Software Type: Plugin Software Slug: woocommerce-abandoned-cart Software Status: Active Software Author: tychesoftwares Software Downloads: 1,004,642 Active Installs: 30,000 Last Updated: December 1, 2023 Patched Versions: 5.16.2 Affected Versions: <= 5.16.1 Vulnerability Details: Name: Abandoned Cart Lite for WooCommerce <= 5.16.1 – Cross-Site Request Forgery Title: Cross-Site Request Forgery Type: Cross-Site Request Forgery (CSRF) CVSS Score: 5.3 (Medium) Publicly Published: December…
WordPress Plugin Vulnerability Report – Email Address Encoder – Authenticated (Contributor+) Stored Cross-Site Scripting
Plugin Name: Email Address Encoder Key Information: Software Type: Plugin Software Slug: email-address-encoder Software Status: Active Software Author: tillkruess Software Downloads: 1,241,298 Active Installs: 100,000 Last Updated: November 28, 2023 Patched Versions: 1.0.23 Affected Versions: <=1.0.22 Vulnerability Details: Name: Email Address Encoder 1.0.22 – Authenticated (Contributor+) Stored Cross-Site Scripting Title: Authenticated (Contributor+) Stored Cross-Site Scripting Type: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) CVSS…
WordPress Plugin Vulnerability Report – Widgets for Google Reviews – Authenticated (Editor+) Arbitrary File Upload – CVE-2023-48275
Plugin Name: Widgets for Google Reviews Key Information: Software Type: Plugin Software Slug: wp-reviews-plugin-for-google Software Status: Active Software Author: trustindex Software Downloads: 4,619,317 Active Installs: 300,000 Last Updated: November 22, 2023 Patched Versions: 11.1 Affected Versions: <= 11.0.2 Vulnerability Details: Name: Widgets for Google Reviews <= 11.0.2 – Authenticated (Editor+) Arbitrary File Upload Title: Authenticated…
WordPress Plugin Vulnerability Report – Elementor Addon Elements – Cross-Site Request Forgery – CVE-2023-4690
Plugin Name: Elementor Addon Elements Key Information: Software Type: Plugin Software Slug: addon-elements-for-elementor-page-builder Software Status: Active Software Author: webtechstreet Software Downloads: 2,143,312 Active Installs: 100,000 Last Updated: November 15, 2023 Patched Versions: 1.12.8 Affected Versions: <= 1.12.7 Vulnerability Details: Name: Elementor Addon Elements <= 1.12.7 – Cross-Site Request Forgery Title: Cross-Site Request Forgery Type: Cross-Site Request Forgery (CSRF) CVE: CVE-2023-4690 CVSS Score: 5.4 (Medium) Publicly Published: November 15, 2023 Researcher: Marco…
WordPress Plugin Vulnerability Report – Forminator – Authenticated (Administrator+) Arbitrary File Upload – CVE-2023-6133
Plugin Name: Forminator Key Information: Software Type: Plugin Software Slug: forminator Software Status: Active Software Author: wpmudev Software Downloads: 5,677,838 Active Installs: 400,000 Last Updated: November 14, 2023 Patched Versions: 1.28.0 Affected Versions: <= 1.27.0 Vulnerability Details: Name: Forminator <= 1.27.0 – Authenticated (Administrator+) Arbitrary File Upload Type: Unrestricted Upload of File with Dangerous Type…
WordPress Plugin Vulnerability Report – Shareaholic – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2023-4889
Plugin Name: Shareaholic Key Information: Software Type: Plugin Software Slug: shareaholic Software Status: Active Software Author: shareaholic Software Downloads: 4,734,248 Active Installs: 30,000 Last Updated: November 14, 2023 Patched Versions: 9.7.9 Affected Versions: <= 9.7.8 Vulnerability Details: Name: Shareaholic <= 9.7.8 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Title: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Type: Improper Neutralization of Input During Web Page Generation (‘Cross-site…