plugin vulnerabilities
Jeg Elementor Kit Vulnerability – Multiple Stored Cross-Site Scripting Issues – CVE-2024-1327 & CVE-2024-3162 |WordPress Plugin Vulnerability Report
Plugin Name: Jeg Elementor Kit Key Information: Software Type: Plugin Software Slug: jeg-elementor-kit Software Status: Active Software Author: jegtheme Software Downloads: 1,029,705 Active Installs: 200,000 Last Updated: April 2, 2024 Patched Versions: 2.6.4 Affected Versions: <= 2.6.3 Vulnerability 1 Details: Name: Jeg Elementor Kit <= 2.6.3 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via Image Box…
Read MorePowerPack Addons for Elementor Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-2491, CVE-2024-2492 | WordPress Plugin Vulnerability Report
Plugin Name: PowerPack Addons for Elementor Key Information: Software Type: Plugin Software Slug: powerpack-lite-for-elementor Software Status: Active Software Author: ideaboxcreations Software Downloads: 2,280,809 Active Installs: 100,000 Last Updated: March 29, 2024 Patched Versions: 2.7.19 Affected Versions: <= 2.7.18 Vulnerability Details: Name: PowerPack Addons for Elementor <= 2.7.18 – Authenticated (Contributor+) Stored Cross-Site Scripting via Twitter Tweet Widget, PowerPack Addons for Elementor <= 2.7.17 – Authenticated…
Read MoreSchema & Structured Data for WP & AMP Vulnerability – Missing Authorization to reCaptcha Key Modification & Authenticated (Custom) Stored Cross-Site Scripting – CVE-2024-1288 & CVE-2024-1586 | WordPress Plugin Vulnerability Report
Plugin Name: Schema & Structured Data for WP & AMP Key Information: Software Type: Plugin Software Slug: schema-and-structured-data-for-wp Software Status: Active Software Author: magazine3 Software Downloads: 4,923,980 Active Installs: 100,000 Last Updated: February 19, 2024 Patched Versions: 1.27 Affected Versions: <= 1.26 Vulnerability 1 Details: Name: Schema & Structured Data for WP & AMP <=…
Read MoreFeatured Image from URL Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via fifu_input_url – CVE-2024-1496 | WordPress Plugin Vulnerability Report
Plugin Name: Featured Image from URL Key Information: Software Type: Plugin Software Slug: featured-image-from-url Software Status: Active Software Author: marceljm Software Downloads: 4,896,915 Active Installs: 100,000 Last Updated: February 19, 2024 Patched Versions: 4.6.3 Affected Versions: <= 4.6.2 Vulnerability Details: Name: Featured Image from URL (FIFU) <= 4.6.2 – Authenticated (Contributor+) Stored Cross-Site Scripting via…
Read MoreAMP for WP Vulnerability – Reflected Cross-Site Scripting – CVE-2024-0587 | WordPress Plugin Vulnerability Report
Plugin Name: AMP for WP Key Information: Software Type: Plugin Software Slug: accelerated-mobile-pages Software Status: Active Software Author: mohammed_kaludi Software Downloads: 17,593,156 Active Installs: 100,000 Last Updated: January 22, 2024 Patched Versions: 1.0.93 Affected Versions: <= 1.0.92.1 Vulnerability Details: Name: Accelerated Mobile Pages <= 1.0.92.1 – Reflected Cross-Site Scripting Title: Reflected Cross-Site Scripting Type: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) CVE: CVE-2024-0587 CVSS Score: 6.1…
Read MoreContact Form Plugin – Authenticated(Administrator+) Stored Cross-Site Scripting via imported form title – CVE-2024-0618 | WordPress Plugin Vulnerability Report
Plugin Name: Contact Form Plugin – Fastest Contact Form Builder Plugin for WordPress by Fluent Forms Key Information: Software Type: Plugin Software Slug: fluentform Software Status: Active Software Author: techjewel Software Downloads: 5,679,069 Active Installs: 400,000 Last Updated: January 18, 2024 Patched Versions: 5.1.7 Affected Versions: <= 5.1.5 Vulnerability Details: Name: Fluent Forms <= 5.1.5…
Read MoreGetwid – Gutenberg Blocks – Missing Authorization & Captcha Bypass – CVE-2023-6959 & CVE-2023-6963 | WordPress Plugin Vulnerability Report
Plugin Name: Getwid – Gutenberg Blocks Key Information: Software Type: Plugin Software Slug: getwid Software Status: Active Software Author: jetmonsters Software Downloads: 1,066,235 Active Installs: 50,000 Last Updated: January 25, 2024 Patched Versions: 2.0.5 Affected Versions: <= 2.0.4 Vulnerability Details – Section 1: Name: Getwid – Gutenberg Blocks <= 2.0.4 Title: Missing Authorization to Recaptcha…
Read MoreEnable Media Replace Vulnerability – Reflected Cross-Site Scripting – CVE-2023-6737 | WordPress Plugin Vulnerability Report
Plugin Name: Enable Media Replace Key Information: Software Type: Plugin Software Slug: enable-media-replace Software Status: Active Software Author: shortpixel Software Downloads: 10,049,054 Active Installs: 600,000 Last Updated: December 18, 2023 Patched Versions: 4.1.5 Affected Versions: <= 4.1.4 Vulnerability Details: Name: Enable Media Replace <= 4.1.4 – Reflected Cross-Site Scripting Title: Reflected Cross-Site Scripting Type: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) CVE: CVE-2023-6737 CVSS Score: 4.7…
Read MoreFeatured Image from URL Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via featured image alt text – CVE-2023-6561 | WordPress Plugin Vulnerability Report
Plugin Name: Featured Image from URL Key Information: Software Type: Plugin Software Slug: featured-image-from-url Software Status: Active Software Author: marceljm Software Downloads: 4,535,007 Active Installs: 90,000 Last Updated: December 14, 2023 Patched Versions: NA Affected Versions: <= 4.5.3 Vulnerability Details: Name: Featured Image from URL (FIFU) <= 4.5.3 – Authenticated (Contributor+) Stored Cross-Site Scripting via featured image alt text Title: Authenticated (Contributor+) Stored Cross-Site Scripting via…
Read More