Exclusive Addons for Elementor Vulnerability – Missing Authorization to Post Duplication – CVE-2024-33914 | WordPress Plugin Vulnerability Report 

Plugin Name: Exclusive Addons for Elementor Key Information: Software Type: Plugin Software Slug: exclusive-addons-for-elementor Software Status: Active Software Author: timstrifler Software Downloads: 859,237 Active Installs: 60,000 Last Updated: May 13, 2024 Patched Versions: 2.6.9.2 Affected Versions: <= 2.6.9.1 Vulnerability Details: Name: Exclusive Addons Elementor <= 2.6.9.1 Title: Missing Authorization to Post Duplication Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVE:…

Read More

BackUpWordPress Vulnerability – Authenticated (Admin+) Directory Traversal – CVE-2024-3034 | WordPress Plugin Vulnerability Report

Plugin Name: BackUpWordPress Key Information: Software Type: Plugin Software Slug: backupwordpress Software Status: Active Software Author: willmot Software Downloads: 4,796,104 Active Installs: 100,000 Last Updated: May 10, 2024 Patched Versions: 3.14 Affected Versions: <= 3.13 Vulnerability Details: Name: BackUpWordPress <= 3.13 Title: Authenticated (Admin+) Directory Traversal Type: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N CVE: CVE-2024-3034 CVSS Score: 2.7 Publicly Published:…

Read More

Getwid Vulnerability – Gutenberg Blocks – Authenticated DOM-Based Stored Cross-Site Scripting via ‘Countdown’ – CVE-2024-3588 | WordPress Plugin Vulnerability Report 

Plugin Name: Getwid – Gutenberg Blocks Key Information: Software Type: Plugin Software Slug: getwid Software Status: Active Software Author: jetmonsters Software Downloads: 1,173,120 Active Installs: 60,000 Last Updated: May 10, 2024 Patched Versions: 2.0.8 Affected Versions: <= 2.0.7 Vulnerability Details: Name: Getwid – Gutenberg Blocks <= 2.0.7 Title: Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via…

Read More

Happy Addons for Elementor Vulnerability – Authenticated Stored Cross-Site Scripting via Calendly Widget – CVE-2024-3890 | WordPress Plugin Vulnerability Report 

Plugin Name: Happy Addons for Elementor Key Information: Software Type: Plugin Software Slug: happy-elementor-addons Software Status: Active Software Author: thehappymonster Software Downloads: 6,800,239 Active Installs: 400,000 Last Updated: May 10, 2024 Patched Versions: 3.10.7 Affected Versions: <= 3.10.6 Vulnerability Details: Name: Happy Addons for Elementor <= 3.10.6 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via Calendly…

Read More

Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Sina Fancy Text Widget – CVE-2024-3988 | WordPress Plugin Vulnerability Report

Plugin Name: Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) Key Information: Software Type: Plugin Software Slug: sina-extension-for-elementor Software Status: Active Software Author: shaonsina Software Downloads: 529,922 Active Installs: 50,000 Last Updated: May 9, 2024 Patched Versions: 3.5.3 Affected Versions: <= 3.5.2 Vulnerability Details: Name:…

Read More

ElementsKit Elementor addons and Templates Library Vulnerability – Authenticated Local File Inclusion via Onepage Scroll Module – CVE-2024-3499 | WordPress Plugin Vulnerability Report 

Plugin Name: ElementsKit Elementor addons and Templates Library Key Information: Software Type: Plugin Software Slug: elementskit-lite Software Status: Active Software Author: xpeedstudio Software Downloads: 19,188,614 Active Installs: 1,000,000 Last Updated: May 8, 2024 Patched Versions: 3.1.1 Affected Versions: <= 3.1.0 Vulnerability Details: Name: ElementsKit Elementor addons <= 3.1.0 Title: Authenticated (Contributor+) Local File Inclusion via…

Read More

Royal Elementor Addons and Templates Vulnerability – Multiple Stored XSS Issues and IP Spoofing – Various CVEs |WordPress Plugin Vulnerability Report 

Plugin Name: Royal Elementor Addons and Templates Key Information: Software Type: Plugin Software Slug: royal-elementor-addons Software Status: Active Software Author: wproyal Software Downloads: 5,140,265 Active Installs: 300,000 Last Updated: May 6, 2024 Patched Versions: 1.3.972, 1.3.95 Affected Versions: <= 1.3.971, <= 1.3.93 Vulnerability Details: Authenticated Stored Cross-Site Scripting via Flip Carousel, Flip Box, Post Grid,…

Read More

ShopLentor Vulnerability – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-1057 | WordPress Plugin Vulnerability Report 

Plugin Name: ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) Key Information: Software Type: Plugin Software Slug: woolentor-addons Software Status: Active Software Author: devitemsllc Software Downloads: 3,443,357 Active Installs: 100,000 Last Updated: May 2, 2024 Patched Versions: 2.8.2 Affected Versions: <= 2.8.1 Vulnerability Details: Name: ShopLentor…

Read More

RSS Aggregator by Feedzy Vulnerability – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator – Authenticated Blind Server-Side Request Forgery (SSRF) – CVE-2023-6805 | WordPress Plugin Vulnerability Report

Plugin Name: RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator Key Information: Software Type: Plugin Software Slug: feedzy-rss-feeds Software Status: Active Software Author: themeisle Software Downloads: 2,223,288 Active Installs: 50,000 Last Updated: April 25, 2024 Patched Versions: 4.4.8 Affected Versions: <= 4.4.7 Vulnerability Details: Name: RSS Aggregator by…

Read More

Exclusive Addons for Elementor Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via InfoBox – CVE-2024-2751 | WordPress Plugin Vulnerability Report

Plugin Name: Exclusive Addons for Elementor Key Information: Software Type: Plugin Software Slug: exclusive-addons-for-elementor Software Status: Active Software Author: timstrifler Software Downloads: 814,796 Active Installs: 60,000 Last Updated: April 25, 2024 Patched Versions: 2.6.9.3 Affected Versions: <= 2.6.9.2 Vulnerability Details: Name: Exclusive Addons for Elementor <= 2.6.9.2 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via InfoBox…

Read More