Cornerstone Vulnerability – Reflected Cross-Site Scripting – CVE-2024-28002 | WordPress Plugin Vulnerability Report 

Plugin Name: Cornerstone Key Information: Software Type: Plugin Software Slug: cornerstone Software Status: Active Software Author: archetyped Software Downloads: 57,853 Active Installs: 60,000 Last Updated: May 10, 2024 Patched Versions: 0.8.1 Affected Versions: <= 0.8.0 Vulnerability Details: Name: Cornerstone <= 0.8.0 Title: Reflected Cross-Site Scripting (XSS) Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE: CVE-2024-28002 CVSS Score: 6.1 Publicly Published:…

Read More

Customer Reviews for WooCommerce Vulnerability – Reflected Cross-Site Scripting via ‘s’ – CVE-2024-3731 | WordPress Plugin Vulnerability Report

Plugin Name: Customer Reviews for WooCommerce Key Information: Software Type: Plugin Software Slug: customer-reviews-woocommerce Software Status: Active Software Author: ivole Software Downloads: 4,233,598 Active Installs: 60,000 Last Updated: May 2, 2024 Patched Versions: 5.48.0 Affected Versions: <= 5.47.0 Vulnerability Details: Name: Customer Reviews for WooCommerce <= 5.47.0 Title: Reflected Cross-Site Scripting via ‘s’ Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N…

Read More

Advanced Access Manager Vulnerability– Restricted Content, Users & Roles, Enhanced Security and More – Reflected Cross-Site Scripting – CVE-2024-29127 | WordPress Plugin Vulnerability Report

Plugin Name: Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More Key Information: Software Type: Plugin Software Slug: advanced-access-manager Software Status: Active Software Author: vasyltech Software Downloads: 5,341,354 Active Installs: 100,000 Last Updated: March 20, 2024 Patched Versions: 6.9.21 Affected Versions: <= 6.9.20 Vulnerability Details: Name: Advanced Access Manager <= 6.9.20…

Read More

Amelia Vulnerability – Reflected Cross-Site Scripting – CVE-2024-1484 | WordPress Plugin Vulnerability Report

Plugin Name: Booking for Appointments and Events Calendar – Amelia Key Information: Software Type: Plugin Software Slug: ameliabooking Software Status: Active Software Author: ameliabooking Active Installs: 60,000 Last Updated: March 1, 2024 Patched Versions: 1.0.99 Affected Versions: <= 1.0.98 Vulnerability Details: Name: Booking for Appointments and Events Calendar – Amelia <= 1.0.98 Title: Reflected Cross-Site…

Read More

WP Go Maps Vulnerability – Reflected Cross-Site Scripting – CVE-2023-6697 | WordPress Plugin Vulnerability Report

Plugin Name: WP Go Maps (formerly WP Google Maps) Key Information: Software Type: Plugin Software Slug: wp-google-maps Software Status: Active Software Author: wpgmaps Software Downloads: 22,527,179 Active Installs: 400,000 Last Updated: January 23, 2024 Patched Versions: 9.0.29 Affected Versions: <= 9.0.28 Vulnerability Details: Name: WP Go Maps (formerly WP Google Maps) <= 9.0.28 – Reflected Cross-Site Scripting Type: Improper Neutralization of Input During Web Page Generation…

Read More

AMP for WP Vulnerability – Reflected Cross-Site Scripting – CVE-2024-0587 | WordPress Plugin Vulnerability Report

Plugin Name: AMP for WP Key Information: Software Type: Plugin Software Slug: accelerated-mobile-pages Software Status: Active Software Author: mohammed_kaludi Software Downloads: 17,593,156 Active Installs: 100,000 Last Updated: January 22, 2024 Patched Versions: 1.0.93 Affected Versions: <= 1.0.92.1 Vulnerability Details: Name: Accelerated Mobile Pages <= 1.0.92.1 – Reflected Cross-Site Scripting Title: Reflected Cross-Site Scripting Type: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) CVE: CVE-2024-0587 CVSS Score: 6.1…

Read More

WooCommerce Vulnerability – Reflected Cross-Site Scripting | WordPress Plugin Vulnerability Report

Plugin Name: WooCommerce Key Information: Software Type: Plugin Software Slug: woocommerce Software Status: Active Software Author: woothemes Software Downloads: 289,194,192 Active Installs: 5,000,000 Last Updated: January 12, 2024 Patched Versions: 8.4.0 Affected Versions: < 8.4.0 Vulnerability Details: Name: WooCommerce < 8.4.0 Title: Reflected Cross-Site Scripting Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE: NA CVSS Score: 6.1 Publicly Published: January…

Read More

Simple Membership Vulnerability – Reflected Cross-Site Scripting Vulnerability via environment_mode – CVE-2023-6882 | WordPress Plugin Vulnerability Report

Plugin Name: Simple Membership Key Information: Software Type: Plugin Software Slug: simple-membership Software Status: Active Software Author: mra13 Software Downloads: 2,315,432 Active Installs: 50,000 Last Updated: December 18, 2023 Patched Versions: 4.3.9 Affected Versions: <= 4.3.8 Vulnerability Details: Name: Simple Membership <= 4.3.8 – Reflected Cross-Site Scripting Vulnerability via environment_mode Type: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) CVE: CVE-2023-6882 CVSS Score: 6.1 (Medium) Publicly…

Read More