Colibri Page Builder Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-5038, CVE-2024-4451 | WordPress Plugin Vulnerability Report

Plugin Name: Colibri Page Builder Key Information: Software Type: Plugin Software Slug: colibri-page-builder Software Status: Active Software Author: extendthemes Software Downloads: 2,729,511 Active Installs: 100,000 Last Updated: June 20, 2024 Patched Versions: 1.0.277 Affected Versions: <= 1.0.276 Vulnerability 1 Details: Name: Colibri Page Builder <= 1.0.276 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Type:…

Read More

Media Library Assistant Vulnerability – Authenticated (Contributor+) SQL Injection via Shortcode & Reflected Cross-Site Scripting via lang – CVE-2024-3518 & CVE-2024-3519 | WordPress Plugin Vulnerability Report

Plugin Name: Media Library Assistant Key Information: Software Type: Plugin Software Slug: media-library-assistant Software Status: Active Software Author: dglingren Software Downloads: 1,952,519 Active Installs: 70,000 Last Updated: May 21, 2024 Patched Versions: 3.16 Affected Versions: <= 3.15 Vulnerability 1 Details: Name: Media Library Assistant <= 3.15 – Authenticated (Contributor+) SQL Injection via Shortcode Type: Improper…

Read More

Royal Elementor Addons and Templates Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Form Builder Widget – CVE-2024-3887 | WordPress Plugin Vulnerability Report

Plugin Name: Royal Elementor Addons and Templates Key Information: Software Type: Plugin Software Slug: royal-elementor-addons Software Status: Active Software Author: wproyal Software Downloads: 5,453,490 Active Installs: 300,000 Last Updated: May 15, 2024 Patched Versions: 1.3.975 Affected Versions: <= 1.3.974 Vulnerability Details: Name: Royal Elementor Addons and Templates <= 1.3.974 – Authenticated (Contributor+) Stored Cross-Site Scripting…

Read More

Jeg Elementor Kit Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget – CVE-2024-3161 | WordPress Plugin Vulnerability Report

Plugin Name: Jeg Elementor Kit Key Information: Software Type: Plugin Software Slug: jeg-elementor-kit Software Status: Active Software Author: jegtheme Software Downloads: 1,207,029 Active Installs: 200,000 Last Updated: May 10, 2024 Patched Versions: 2.6.5 Affected Versions: <= 2.6.4 Vulnerability Details: Name: Jeg Elementor Kit <= 2.6.4 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget Type:…

Read More

FOX – Currency Switcher Professional for WooCommerce Vulnerability – Unauthenticated Arbitrary Shortcode Execution – CVE-2024-3734 |WordPress Plugin Vulnerability Report

Plugin Name: FOX – Currency Switcher Professional for WooCommerce Key Information: Software Type: Plugin Software Slug: woocommerce-currency-switcher Software Status: Active Software Author: realmag777 Software Downloads: 1,688,317 Active Installs: 60,000 Last Updated: May 9, 2024 Patched Versions: 1.4.1.9 Affected Versions: <= 1.4.1.8 Vulnerability Details: Name: FOX – Currency Switcher Professional for WooCommerce <= 1.4.1.8 Title: Unauthenticated…

Read More

FileBird Vulnerability – WordPress Media Library Folders & File Manager – Authenticated Insecure Direct Object Reference – CVE-2024-2346 | WordPress Plugin Vulnerability Report

Plugin Name: FileBird – WordPress Media Library Folders & File Manager Key Information: Software Type: Plugin Software Slug: filebird Software Status: Active Software Author: ninjateam Software Downloads: 4,220,916 Active Installs: 200,000 Last Updated: April 25, 2024 Patched Versions: 5.6.4 Affected Versions: <= 5.6.3 Vulnerability Details: Name: FileBird – WordPress Media Library Folders & File Manager…

Read More

Customer Reviews for WooCommerce Vulnerability – Multiple Vulnerabilities – CVE-2024-3869 & CVE-2024-3243 | WordPress Plugin Vulnerability Report 

Plugin Name: Customer Reviews for WooCommerce Key Information: Software Type: Plugin Software Slug: customer-reviews-woocommerce Software Status: Active Software Author: ivole Software Downloads: 4,223,317 Active Installs: 60,000 Last Updated: April 25, 2024 Patched Versions: 5.47.0 Affected Versions: <= 5.46.0 Vulnerability Details: Vulnerability 1: Name: Customer Reviews for WooCommerce <= 5.46.0 Title: Missing Authorization to Authenticated (Subscriber+)…

Read More

Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) Vulnerability – Authenticated Stored Cross-Site Scripting – CVE-2024-1428 & CVE-2024-0837 | WordPress Plugin Vulnerability Report

Plugin Name: Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) Key Information: Software Type: Plugin Software Slug: bdthemes-element-pack-lite Software Status: Active Software Author: bdthemes Software Downloads: 1,990,743 Active Installs: 100,000 Last Updated: April 15, 2024 Patched Versions: 5.5.4 Affected Versions: <= 5.5.3 Vulnerability Details: Name: Element Pack Elementor Addons…

Read More

Email Subscribers by Icegram Express Vulnerability – Authenticated (Administrator+) Cross-Site Scripting & Missing Authorization – CVE-2024-2656 & CVE-2024-31352 | WordPress Plugin Vulnerability Report

Plugin Name: Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce Key Information: Software Type: Plugin Software Slug: email-subscribers Software Status: Active Software Author: icegram Software Downloads: 10,401,859 Active Installs: 90,000 Last Updated: April 15, 2024 Patched Versions: 5.7.16 Affected Versions: <= 5.7.15 Vulnerability Details: Name: Icegram Express <= 5.7.14…

Read More

Jeg Elementor Kit Vulnerability – Multiple Stored Cross-Site Scripting Issues – CVE-2024-1327 & CVE-2024-3162 |WordPress Plugin Vulnerability Report

Plugin Name: Jeg Elementor Kit Key Information: Software Type: Plugin Software Slug: jeg-elementor-kit Software Status: Active Software Author: jegtheme Software Downloads: 1,029,705 Active Installs: 200,000 Last Updated: April 2, 2024 Patched Versions: 2.6.4 Affected Versions: <= 2.6.3 Vulnerability 1 Details: Name: Jeg Elementor Kit <= 2.6.3 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via Image Box…

Read More