Plugin Vulnerability
Exclusive Addons for Elementor Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Team Member Widget – CVE-2024-4618 | WordPress Plugin Vulnerability Report
Plugin Name: Exclusive Addons for Elementor Key Information: Software Type: Plugin Software Slug: exclusive-addons-for-elementor Software Status: Active Software Author: timstrifler Software Downloads: 870,318 Active Installs: 60,000 Last Updated: May 14, 2024 Patched Versions: 2.6.9.7 Affected Versions: <= 2.6.9.6 Vulnerability Details: Name: Exclusive Addons for Elementor <= 2.6.9.6 – Authenticated (Contributor+) Stored Cross-Site Scripting via Team…
Import and export users and customers Vulnerability – Authenticated (Administrator+) Stored Cross-Site Scripting – CVE-2024-4656, CVE-2024-4734 | WordPress Plugin Vulnerability Report
Plugin Name: Import and export users and customers Key Information: Software Type: Plugin Software Slug: import-users-from-csv-with-meta Software Status: Active Software Author: carazo Software Downloads: 4,320,707 Active Installs: 80,000 Last Updated: May 14, 2024 Patched Versions: 1.26.7 Affected Versions: <= 1.26.6.1 Vulnerability Details: Name: Import and export users and customers <= 1.26.6.1 – Authenticated (Administrator+) Stored…
Visual Portfolio, Photo Gallery & Post Grid Vulnerability – Authenticated (Author+) Stored Cross-Site Scripting via title_tag Parameter – CVE-2024-4363 | WordPress Plugin Vulnerability Report
Plugin Name: Visual Portfolio, Photo Gallery & Post Grid Key Information: Software Type: Plugin Software Slug: visual-portfolio Software Status: Active Software Author: nko Software Downloads: 1,687,003 Active Installs: 70,000 Last Updated: May 14, 2024 Patched Versions: 3.3.3 Affected Versions: <= 3.3.2 Vulnerability Details: Name: Visual Portfolio, Photo Gallery & Post Grid <= 3.3.2 – Authenticated…
Gutenberg Blocks Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-4057, CVE-2024-3189, CVE-2024-4208 | WordPress Plugin Vulnerability Report
Plugin Name: Gutenberg Blocks Key Information: Software Type: Plugin Software Slug: kadence-blocks Software Status: Active Software Author: britner Software Downloads: 19,473,277 Active Installs: 400,000 Last Updated: May 14, 2024 Patched Versions: 3.2.38 Affected Versions: <= 3.2.37 Vulnerability Details: Name: Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.37 – Authenticated (Contributor+) Stored Cross-Site…
Image Optimization by Optimole Vulnerability – Authenticated (Author+) Stored Cross-Site Scripting via SVG Upload – CVE-2024-4636 | WordPress Plugin Vulnerability Report
Plugin Name: Image Optimization by Optimole Key Information: Software Type: Plugin Software Slug: optimole-wp Software Status: Active Software Author: optimole Software Downloads: 4,855,287 Active Installs: 200,000 Last Updated: May 14, 2024 Patched Versions: 3.13.0 Affected Versions: <= 3.12.10 Vulnerability Details: Name: Image Optimization by Optimole – Lazy Load, CDN, Convert WebP & AVIF <= 3.12.10…
Password Protected Vulnerability – Missing Authorization to Sensitive Information Exposure – CVE-2024-0437 | WordPress Plugin Vulnerability Report
Plugin Name: Password Protected Key Information: Software Type: Plugin Software Slug: password-protected Software Status: Active Software Author: wpexpertsio Software Downloads: 4,907,933 Active Installs: 400,000 Last Updated: May 14, 2024 Patched Versions: 2.6.7 Affected Versions: <= 2.6.6 Vulnerability Details: Name: Password Protected – Ultimate Plugin to Password Protect Your WordPress Content with Ease <= 2.6.6 –…
RSS Aggregator Vulnerability – Reflected Cross-Site Scripting – CVE-2024-4860 | WordPress Plugin Vulnerability Report
Plugin Name: RSS Aggregator Key Information: Software Type: Plugin Software Slug: wp-rss-aggregator Software Status: Active Software Author: jeangalea Software Downloads: 2,771,177 Active Installs: 50,000 Last Updated: May 14, 2024 Patched Versions: 4.23.9 Affected Versions: <= 4.23.8 Vulnerability Details: Name: RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging <= 4.23.8 – Reflected…
Yoast SEO Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-4984 | WordPress Plugin Vulnerability Report
Plugin Name: Yoast SEO Key Information: Software Type: Plugin Software Slug: wordpress-seo Software Status: Active Software Author: yoast Software Downloads: 678,383,360 Active Installs: 10,000,000 Last Updated: May 14, 2024 Patched Versions: 22.7 Affected Versions: <= 22.6 Vulnerability Details: Name: Yoast SEO <= 22.6 – Authenticated (Contributor+) Stored Cross-Site Scripting Type: Improper Neutralization of Input During…
Sydney Toolbox Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via aThemes: Portfolio Widget – CVE-2024-4473 | WordPress Plugin Vulnerability Report
Plugin Name: Sydney Toolbox Key Information: Software Type: Plugin Software Slug: sydney-toolbox Software Status: Active Software Author: athemes Software Downloads: 2,286,558 Active Installs: 80,000 Last Updated: May 13, 2024 Patched Versions: 1.32 Affected Versions: <= 1.31 Vulnerability Details: Name: Sydney Toolbox <= 1.31 – Authenticated (Contributor+) Stored Cross-Site Scripting via aThemes: Portfolio Widget Type: Improper…
WP Fastest Cache Vulnerability – Authenticated (Administrator+) Arbitrary File Deletion – CVE-2024-4347 | WordPress Plugin Vulnerability Report
Plugin Name: WP Fastest Cache Key Information: Software Type: Plugin Software Slug: wp-fastest-cache Software Status: Active Software Author: emrevona Software Downloads: 49,228,358 Active Installs: 1,000,000 Last Updated: May 10, 2024 Patched Versions: 1.2.7 Affected Versions: <= 1.2.6 Vulnerability Details: Name: WP Fastest Cache <= 1.2.6 – Authenticated (Administrator+) Arbitrary File Deletion Type: Improper Limitation of…