Posts Tagged ‘Plugin Updates’
Newsletter Vulnerability – Unauthenticated Stored Cross-Site Scripting via np1 – CVE-2024-5317 | WordPress Plugin Vulnerability Report
Plugin Name: Newsletter – Send awesome emails from WordPress Key Information: Software Type: Plugin Software Slug: newsletter Software Status: Active Software Author: satollo Software Downloads: 25,847,810 Active Installs: 300,000 Last Updated: June 18, 2024 Patched Versions: 8.3.5 Affected Versions: <= 8.3.4 Vulnerability Details: Name: Newsletter <= 8.3.4 Title: Unauthenticated Stored Cross-Site Scripting via np1 Type:…
Read MoreAdvanced iFrame Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-4365 | WordPress Plugin Vulnerability Report
Plugin Name: Advanced iFrame Key Information: Software Type: Plugin Software Slug: advanced-iframe Software Status: Active Software Author: mdempfle Software Downloads: 1,950,020 Active Installs: 60,000 Last Updated: May 22, 2024 Patched Versions: 2024.4 Affected Versions: <= 2024.3 Vulnerability Details: Name: Advanced iFrame <= 2024.3 – Authenticated (Contributor+) Stored Cross-Site Scripting Type: Improper Neutralization of Input During…
Read MorePost SMTP Vulnerability – Authenticated (Administrator+) SQL Injection – CVE-2024-5207 | WordPress Plugin Vulnerability Report
Plugin Name: Post SMTP Key Information: Software Type: Plugin Software Slug: post-smtp Software Status: Active Software Author: wpexpertsio Software Downloads: 12,562,258 Active Installs: 400,000 Last Updated: May 22, 2024 Patched Versions: 2.9.4 Affected Versions: <=2.9.3 Vulnerability Details: Name: POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress <= 2.9.3…
Read MoreSiteOrigin Widgets Bundle Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via ‘siteorigin_widget’ Shortcode – CVE-2024-4362 | WordPress Plugin Vulnerability Report
Plugin Name: SiteOrigin Widgets Bundle Key Information: Software Type: Plugin Software Slug: so-widgets-bundle Software Status: Active Software Author: gpriday Software Downloads: 39,647,522 Active Installs: 600,000 Last Updated: May 21, 2024 Patched Versions: 1.61.0 Affected Versions: <= 1.60.0 Vulnerability Details: Name: SiteOrigin Widgets Bundle <= 1.60.0 – Authenticated (Contributor+) Stored Cross-Site Scripting via ‘siteorigin_widget’ Shortcode Type:…
Read MoreElementor Website Builder Vulnerability – Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting – CVE-2024-4619 | WordPress Plugin Vulnerability Report
Plugin Name: Elementor Website Builder Key Information: Software Type: Plugin Software Slug: elementor Software Status: Active Software Author: elemntor Software Downloads: 443,549,337 Active Installs: 10,000,000 Last Updated: May 20, 2024 Patched Versions: 3.21.6 Affected Versions: <= 3.21.5 Vulnerability Details: Name: Elementor Website Builder – More than Just a Page Builder <= 3.21.5 – Authenticated (Contributor+)…
Read MorePage Builder by SiteOrigin Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via ‘siteorigin_widget’ Shortcode – CVE-2024-4361 | WordPress Plugin Vulnerability Report
Plugin Name: Page Builder by SiteOrigin Key Information: Software Type: Plugin Software Slug: siteorigin-panels Software Status: Active Software Author: gpriday Software Downloads: 51,387,711 Active Installs: 700,000 Last Updated: May 20, 2024 Patched Versions: 2.29.16 Affected Versions: <= 2.29.15 Vulnerability Details: Name: Page Builder by SiteOrigin <= 2.29.15 – Authenticated (Contributor+) Stored Cross-Site Scripting via ‘siteorigin_widget’…
Read MoreWP Table Builder Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-4700 | WordPress Plugin Vulnerability Report
Plugin Name: WP Table Builder Key Information: Software Type: Plugin Software Slug: wp-table-builder Software Status: Active Software Author: wptb Software Downloads: 60,000 Active Installs: 1,060,392 Last Updated: May 20, 2024 Patched Versions: 1.4.15 Affected Versions: <= 1.4.14 Vulnerability Details: Name: WP Table Builder – WordPress Table Plugin <= 1.4.14 – Authenticated (Contributor+) Stored Cross-Site Scripting…
Read MoreWP Shortcodes Plugin Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via su_members Shortcode – CVE-2024-4553 | WordPress Plugin Vulnerability Report
Plugin Name: WP Shortcodes Plugin Key Information: Software Type: Plugin Software Slug: shortcodes-ultimate Software Status: Active Software Author: gn_themes Software Downloads: 20,236,762 Active Installs: 600,000 Last Updated: May 20, 2024 Patched Versions: 7.1.6 Affected Versions: <= 7.1.5 Vulnerability Details: Name: WP Shortcodes Plugin — Shortcodes Ultimate <= 7.1.5 – Authenticated (Contributor+) Stored Cross-Site Scripting via…
Read MoreEssential Blocks Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-4891 | WordPress Plugin Vulnerability Report
Plugin Name: Essential Blocks Key Information: Software Type: Plugin Software Slug: essential-blocks Software Status: Active Software Author: wpdevteam Software Downloads: 3,418,922 Active Installs: 100,000 Last Updated: May 16, 2024 Patched Versions: 4.5.13 Affected Versions: <= 4.5.12 Vulnerability Details: Name: Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 4.5.12 – Authenticated (Contributor+) Stored…
Read MorePost and Page Builder by BoldGrid Vulnerability – Authenticated (Contributer+) Stored Cross-Site Scripting – CVE-2024-4400 | WordPress Plugin Vulnerability Report
Plugin Name: Post and Page Builder by BoldGrid Key Information: Software Type: Plugin Software Slug: post-and-page-builder Software Status: Active Software Author: boldgrid Software Downloads: 1,446,399 Active Installs: 80,000 Last Updated: May 15, 2024 Patched Versions: 1.26.5 Affected Versions: <= 1.26.4 Vulnerability Details: Name: Post and Page Builder by BoldGrid – Visual Drag and Drop Editor…
Read More