Plugin Updates
Rank Math SEO Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-4617 | WordPress Plugin Vulnerability Report
Plugin Name: Rank Math SEO Key Information: Software Type: Plugin Software Slug: seo-by-rank-math Software Status: Active Software Author: rankmath Software Downloads: 95,765,382 Active Installs: 2,000,000 Last Updated: May 15, 2024 Patched Versions: 1.0.219-beta Affected Versions: <= 1.0.218 Vulnerability Details: Name: Rank Math SEO with AI Best SEO Tools <= 1.0.218 – Authenticated (Contributor+) Stored Cross-Site…
Tutor LMS Vulnerability – Multiple Vulnerabilities – CVE-2024-4279, CVE-2024-4318, CVE-2024-4223 | WordPress Plugin Vulnerability Report
Plugin Name: Tutor LMS Key Information: Software Type: Plugin Software Slug: tutor Software Status: Active Software Author: themeum Software Downloads: 2,095,500 Active Installs: 80,000 Last Updated: May 15, 2024 Patched Versions: 2.7.1 Affected Versions: <= 2.7.0 Vulnerability 1 Details: Name: Tutor LMS – eLearning and online course solution <= 2.7.0 – Authenticated (Instructor+) Insecure Direct Object Reference to Arbitrary Course Deletion Title: Authenticated (Instructor+) Insecure…
Exclusive Addons for Elementor Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Team Member Widget – CVE-2024-4618 | WordPress Plugin Vulnerability Report
Plugin Name: Exclusive Addons for Elementor Key Information: Software Type: Plugin Software Slug: exclusive-addons-for-elementor Software Status: Active Software Author: timstrifler Software Downloads: 870,318 Active Installs: 60,000 Last Updated: May 14, 2024 Patched Versions: 2.6.9.7 Affected Versions: <= 2.6.9.6 Vulnerability Details: Name: Exclusive Addons for Elementor <= 2.6.9.6 – Authenticated (Contributor+) Stored Cross-Site Scripting via Team…
Order Export & Order Import for WooCommerce Vulnerability – Authenticated (Administrator+) PHP Object Injection – CVE-2024-34751 | WordPress Plugin Vulnerability Report
Plugin Name: Order Export & Order Import for WooCommerce Key Information: Software Type: Plugin Software Slug: order-import-export-for-woocommerce Software Status: Active Software Author: webtoffee Software Downloads: 1,536,946 Active Installs: 50,000 Last Updated: May 14, 2024 Patched Versions: 2.5.0 Affected Versions: <= 2.4.9 Vulnerability Details: Name: Order Export & Order Import for WooCommerce <= 2.4.9 – Authenticated…
Yoast SEO Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-4984 | WordPress Plugin Vulnerability Report
Plugin Name: Yoast SEO Key Information: Software Type: Plugin Software Slug: wordpress-seo Software Status: Active Software Author: yoast Software Downloads: 678,383,360 Active Installs: 10,000,000 Last Updated: May 14, 2024 Patched Versions: 22.7 Affected Versions: <= 22.6 Vulnerability Details: Name: Yoast SEO <= 22.6 – Authenticated (Contributor+) Stored Cross-Site Scripting Type: Improper Neutralization of Input During…
Jetpack Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via wpvideo Shortcode – CVE-2024-4392 | WordPress Plugin Vulnerability Report
Plugin Name: Jetpack Key Information: Software Type: Plugin Software Slug: jetpack Software Status: Active Software Author: automattic Software Downloads: 407,764,904 Active Installs: 4,000,000 Last Updated: May 13, 2024 Patched Versions: 13.4 Affected Versions: <= 13.3.1 Vulnerability Details: Name: Jetpack – WP Security, Backup, Speed, & Growth <= 13.3.1 – Authenticated (Contributor+) Stored Cross-Site Scripting via…
Blocksy Companion Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via SVG Uploads – CVE-2024-4487 | WordPress Plugin Vulnerability Report
Plugin Name: Blocksy Companion Key Information: Software Type: Plugin Software Slug: blocksy-companion Software Status: Active Software Author: creativethemeshq Software Downloads: 7,639,072 Active Installs: 200,000 Last Updated: May 10, 2024 Patched Versions: 2.0.46 Affected Versions: <= 2.0.45 Vulnerability Details: Name: Blocksy Companion <= 2.0.45 – Authenticated (Contributor+) Stored Cross-Site Scripting via SVG Uploads Type: Improper Neutralization…
Easy Digital Downloads Vulnerability – Cross-Site Request Forgery – CVE-2024-31113 | WordPress Plugin Vulnerability Report
Plugin Name: Easy Digital Downloads Key Information: Software Type: Plugin Software Slug: easy-digital-downloads Software Status: Active Software Author: smub Software Downloads: 4,985,103 Active Installs: 50,000 Last Updated: May 9, 2024 Patched Versions: 3.2.12 Affected Versions: <= 3.2.11 Vulnerability Details: Name: Easy Digital Downloads <= 3.2.11 – Cross-Site Request Forgery Type: Cross-Site Request Forgery (CSRF) CVE:…
TranslatePress Vulnerability – Cross-Site Request Forgery – CVE-2024-34827 | WordPress Plugin Vulnerability Report
Plugin Name: TranslatePress Key Information: Software Type: Plugin Software Slug: translatepress-multilingual Software Status: Active Software Author: madalinungureanu Software Downloads: 10,058,842 Active Installs: 300,000 Last Updated: May 9, 2024 Patched Versions: 2.7.6 Affected Versions: <= 2.7.5 Vulnerability Details: Name: Translate Multilingual sites – TranslatePress <= 2.7.5 – Cross-Site Request Forgery Type: Cross-Site Request Forgery (CSRF) CVE:…
White Label CMS Vulnerability – Missing Authorization to Plugin Settings Reset – CVE-2024-4280 | WordPress Plugin Vulnerability Report
Plugin Name: White Label CMS Key Information: Software Type: Plugin Software Slug: white-label-cms Software Status: Active Software Author: videousermanuals Software Downloads: 3,439,358 Active Installs: 200,000 Last Updated: May 9, 2024 Patched Versions: 2.7.4 Affected Versions: <= 2.7.3 Vulnerability Details: Name: White Label CMS <= 2.7.3 – Missing Authorization to Plugin Settings Reset Type: Missing Authorization…