Posts Tagged ‘Plugin Vulnerability’
LiteSpeed Cache Vulnerability – Unauthenticated Sensitive Information Exposure via Log Files – CVE-2024-44000 | WordPress Plugin Vulnerability Report
Plugin Name: LiteSpeed Cache Key Information: Software Type: Plugin Software Slug: litespeed-cache Software Status: Active Software Author: litespeedtech Software Downloads: 79,208,611 Active Installs: 6,000,000 Last Updated: September 6, 2024 Patched Versions: 6.5.0.1 Affected Versions: <= 6.4.1 Vulnerability Details: Name: LiteSpeed Cache <= 6.4.1 Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE: CVE-2024-44000 CVSS Score: 7.5 Publicly Published: September 5, 2024…
Read MoreGiveWP Vulnerability– Donation Plugin and Fundraising Platform – Multiple Vulnerabilities – CVE-2024-5939, CVE-2024-5940, CVE-2024-5941, CVE-2024-5932 | WordPress Plugin Vulnerability Report
Plugin Name: GiveWP – Donation Plugin and Fundraising Platform Key Information: Software Type: Plugin Software Slug: give Software Status: Active Software Author: webdevmattcrom Software Downloads: 7,784,276 Active Installs: 100,000 Last Updated: August 19, 2024 Patched Versions: 3.14.0, 3.14.2 Affected Versions: <= 3.13.0, <= 3.14.1 Vulnerability 1 Details: Name: GiveWP – Donation Plugin and Fundraising Platform…
Read MoreTheme My Login Vulnrability – Cross-Site Request Forgery to Settings Update – CVE-2024-7422 | WordPress Plugin Vulnerability Report
Plugin Name: Theme My Login Key Information: Software Type: Plugin Software Slug: theme-my-login Software Status: Active Software Author: jfarthing84 Software Downloads: 4,025,356 Active Installs: 80,000 Last Updated: August 18, 2024 Patched Versions: 7.1.8 Affected Versions: <= 7.1.7 Vulnerability Details: Name: Theme My Login <= 7.1.7 Title: Cross-Site Request Forgery to Settings Update Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE:…
Read MoreElementsKit Pro Vulnerability – Authenticated Sensitive Information Exposure & Stored Cross-Site Scripting – CVE-2024-7063, CVE-2024-7064 | WordPress Plugin Vulnerability Report
Plugin Name: ElementsKit Pro Key Information: Software Type: Plugin Software Slug: elementskit Software Status: Active Software Author: wpmet Software Downloads: NA Active Installs: 104,000 Last Updated: July 24, 2024 Patched Versions: 3.6.6, 3.6.7 Affected Versions: <= 3.6.6, <= 3.6.5 Vulnerability 1 Details: Name: ElementsKit Pro <= 3.6.6 Title: Authenticated (Contributor+) Sensitive Information Exposure Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N…
Read MoreInsert PHP Code Snippet Vulnerability – Cross-Site Request Forgery to Code Snippet Activate/Deactivate/Deletion – CVE-2024-7420 | WordPress Plugin Vulnerability Report
Plugin Name: Insert PHP Code Snippet Key Information: Software Type: Plugin Software Slug: insert-php-code-snippet Software Status: Active Software Author: f1logic Software Downloads: 1,045,147 Active Installs: 100,000 Last Updated: August 18, 2024 Patched Versions: 1.3.7 Affected Versions: <= 1.3.6 Vulnerability Details: Name: Insert PHP Code Snippet <= 1.3.6 Title: Cross-Site Request Forgery to Code Snippet Activate/Deactivate/Deletion…
Read MoreSlider & Popup Builder by Depicter Vulnerability – Authenticated (Contributor+) Arbitrary File Upload – CVE-2024-4389 | WordPress Plugin Vulnerability Report
Plugin Name: Slider & Popup Builder by Depicter – Add Image Slider, Carousel Slider, Exit Intent Popup, Popup Modal, Coupon Popup, Post Slider Carousel Key Information: Software Type: Plugin Software Slug: depicter Software Status: Active Software Author: averta Software Downloads: 1,314,164 Active Installs: 100,000 Last Updated: August 19, 2024 Patched Versions: 3.1.2 Affected Versions: <=…
Read MoreMedia Library Assistant Vulnerability- Authenticated (Author+) Arbitrary File Upload via mla-inline-edit-upload-scripts AJAX Action – CVE-2024-6823 | WordPress Plugin Vulnerability Report
Plugin Name: Media Library Assistant Key Information: Software Type: Plugin Software Slug: media-library-assistant Software Status: Active Software Author: dglingren Software Downloads: 2,044,116 Active Installs: 70,000 Last Updated: August 18, 2024 Patched Versions: 3.19 Affected Versions: <= 3.18 Vulnerability Details: Name: Media Library Assistant <= 3.18 Title: Authenticated (Author+) Arbitrary File Upload via mla-inline-edit-upload-scripts AJAX Action…
Read MoreElement Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Gallery and Countdown Widgets – CVE-2024-7247 | WordPress Plugin Vulnerability Report
Plugin Name: Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) Key Information: Software Type: Plugin Software Slug: bdthemes-element-pack-lite Software Status: Active Software Author: bdthemes Software Downloads: 2,552,973 Active Installs: 100,000 Last Updated: August 12, 2024 Patched Versions: 5.7.3 Affected Versions: <= 5.7.2 Vulnerability Details: Name: Element Pack Elementor Addons…
Read MorePremium Addons for Elementor Vulnerability – Missing Authorization to Authenticated (Contributor+) Arbitrary Content Deletion and Arbitrary Title Update – CVE-2024-6824 | WordPress Plugin Vulnerability Report
Plugin Name: Premium Addons for Elementor Key Information: Software Type: Plugin Software Slug: premium-addons-for-elementor Software Status: Active Software Author: leap13 Software Downloads: 34,020,583 Active Installs: 700,000 Last Updated: August 12, 2024 Patched Versions: 4.10.39 Affected Versions: <= 4.10.38 Vulnerability Details: Name: Premium Addons for Elementor <= 4.10.38 Title: Missing Authorization to Authenticated (Contributor+) Arbitrary Content…
Read MoreLightbox & Modal Popup WordPress Plugin – FooBox Vulnerability – Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via HTML Data Attributes – CVE-2024-5668 | WordPress Plugin Vulnerability Report
Plugin Name: Lightbox & Modal Popup WordPress Plugin – FooBox Key Information: Software Type: Plugin Software Slug: foobox-image-lightbox Software Status: Active Software Author: bradvin Software Downloads: 2,407,136 Active Installs: 100,000 Last Updated: August 12, 2024 Patched Versions: 2.7.32 Affected Versions: <= 2.7.28 Vulnerability Details: Name: Lightbox & Modal Popup WordPress Plugin – FooBox <= 2.7.28…
Read More