WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels Vulnerability – Missing Authorization to Unauthenticated Settings Reset – CVE-2024-3216 | WordPress Plugin Vulnerability Report

Plugin Name: WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels Key Information: Software Type: Plugin Software Slug: print-invoices-packing-slip-labels-for-woocommerce Software Status: Active Software Author: webtoffee Software Downloads: 1,383,697 Active Installs: 50,000 Last Updated: April 8, 2024 Patched Versions: 4.4.3 Affected Versions: <= 4.4.2 Vulnerability Details: Name: WooCommerce PDF Invoices, Packing Slips, Delivery Notes and…

Read More

Photo Gallery by 10Web Vulnerability – Mobile-Friendly Image Gallery – Authenticated (Admin+) Stored Cross-Site Scripting via SVG – CVE-2024-2296 | WordPress Plugin Vulnerability Report

Plugin Name: Photo Gallery by 10Web – Mobile-Friendly Image Gallery Key Information: Software Type: Plugin Software Slug: photo-gallery Software Status: Active Software Author: 10web Software Downloads: 17,757,662 Active Installs: 200,000 Last Updated: April 10, 2024 Patched Versions: 1.8.22 Affected Versions: <= 1.8.21 Vulnerability Details: Name: Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.21…

Read More

ElementsKit Elementor addons Vulnerability – Authenticated Stored Cross-Site Scripting via Countdown Widget – CVE-2024-2803 | WordPress Plugin Vulnerability Report

Plugin Name: ElementsKit Elementor addons Key Information: Software Type: Plugin Software Slug: elementskit-lite Software Status: Active Software Author: xpeedstudio Software Downloads: 17,727,023 Active Installs: 1,000,000 Last Updated: April 3, 2024 Patched Versions: 3.1.0 Affected Versions: <= 3.0.7 Vulnerability Details: Name: ElementsKit Elementor addons <= 3.0.7 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget Type:…

Read More

Easy Digital Downloads Vulnerability – Sensitive Information Exposure – CVE-2024-2302 | WordPress Plugin Vulnerability Report 

Plugin Name: Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) Key Information: Software Type: Plugin Software Slug: easy-digital-downloads Software Status: Active Software Author: smub Software Downloads: 4,925,252 Active Installs: 50,000 Last Updated: April 4, 2024 Patched Versions: 3.2.10 Affected Versions: <= 3.2.9 Vulnerability Details: Name: Easy Digital Downloads…

Read More

Spectra Vulnerability – WordPress Gutenberg Blocks – Authenticated Cross-Site Scripting via Custom CSS – CVE-2023-6486 | WordPress Plugin Vulnerability Report

Plugin Name: Spectra – WordPress Gutenberg Blocks Key Information Software Type: Plugin Software Slug: ultimate-addons-for-gutenberg Software Status: Active Software Author: brainstormforce Software Downloads: 20,112,321 Active Installs: 600,000 Last Updated: April 3, 2024 Patched Versions: 2.10.4 Affected Versions: <= 2.10.3 Vulnerability Details Name: Spectra – WordPress Gutenberg Blocks <= 2.10.3 Title: Authenticated(Contributor+) Cross-Site Scripting via Custom…

Read More

ShopLentor Vulnerability – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) – Authenticated Stored Cross-Site Scripting via WL Universal Product Layout – CVE-2024-2868 | WordPress Plugin Vulnerability Report

Plugin Name: ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) Key Information: Software Type: Plugin Software Slug: woolentor-addons Software Status: Active Software Author: devitemsllc Software Downloads: 3,355,176 Active Installs: 100,000 Last Updated: April 4, 2024 Patched Versions: 2.8.4 Affected Versions: <= 2.8.3 Vulnerability Details: Name: ShopLentor…

Read More

Colibri Page Builder Vulnerability – Authenticated Stored Cross-Site Scripting – CVE-2024-2839 | WordPress Plugin Vulnerability Report

Plugin Name: Colibri Page Builder Key Information: Software Type: Plugin Software Slug: colibri-page-builder Software Status: Active Software Author: extendthemes Software Downloads: 2,492,925 Active Installs: 100,000 Last Updated: April 2, 2024 Patched Versions: 1.0.270 Affected Versions: <= 1.0.263 Vulnerability Details: Name: Colibri Page Builder <= 1.0.263 Title: Authenticated (Contributor+) Stored Cross-Site Scripting Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N CVE: CVE-2024-2839…

Read More

WP Chat App Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Block Image Attribute – CVE-2024-2513 |WordPress Plugin Vulnerability Report

Plugin Name: WP Chat App Key Information: Software Type: Plugin Software Slug: wp-whatsapp Software Status: Active Software Author: ninjateam Software Downloads: 950,913 Active Installs: 100,000 Last Updated: April 1, 2024 Patched Versions: 3.6.3 Affected Versions: <= 3.6.2 Vulnerability Details: Name: WP Chat App <= 3.6.2 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via Block Image Attribute…

Read More

Forminator Vulnerability – Unauthenticated Stored Cross-Site Scripting via File Upload – CVE-2024-1794 | WordPress Plugin Vulnerability Report

Plugin Name: Forminator Key Information: Software Type: Plugin Software Slug: forminator Software Status: Active Software Author: wpmudev Software Downloads: 6,543,744 Active Installs: 500,000 Last Updated: March 29, 2024 Patched Versions: 1.29.1 Affected Versions: <= 1.29.0 Vulnerability Details: Name: Forminator <= 1.29.0 – Unauthenticated Stored Cross-Site Scripting via File Upload Type: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) CVE: CVE-2024-1794 CVSS Score: 7.2 (High) Publicly Published: March…

Read More

List category posts Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-1051 | WordPress Plugin Vulnerability Report

Plugin Name: List category posts Key Information: Software Type: Plugin Software Slug: list-category-posts Software Status: Active Software Author: fernandobt Software Downloads: 3,812,968 Active Installs: 100,000 Last Updated: March 29, 2024 Patched Versions: 0.89.7 Affected Versions: <= 0.89.6 Vulnerability Details: Name: List category posts <= 0.89.6 – Authenticated (Contributor+) Stored Cross-Site Scripting Type: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) CVE: CVE-2024-1051 CVSS Score: 6.4 (Medium)…

Read More