ElementsKit Elementor addons and Templates Library Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Image Accordion Widget – CVE-2024-3650 | WordPress Plugin Vulnerability Report

Plugin Name: ElementsKit Elementor addons and Templates Library Key Information: Software Type: Plugin Software Slug: elementskit-lite Software Status: Active Software Author: xpeedstudio Software Downloads: 19,230,464 Active Installs: 1,000,000 Last Updated: May 13, 2024 Patched Versions: 3.1.3 Affected Versions: 3.0.7 – 3.1.2 Vulnerability Details: Name: ElementsKit Elementor addons 3.0.7 – 3.1.2 Title: Authenticated (Contributor+) Stored Cross-Site…

Read More

Elementor Addon Elements Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-3743 | WordPress Plugin Vulnerability Report

Plugin Name: Elementor Addon Elements Key Information: Software Type: Plugin Software Slug: addon-elements-for-elementor-page-builder Software Status: Active Software Author: webtechstreet Software Downloads: 2,632,773 Active Installs: 100,000 Last Updated: May 12, 2024 Patched Versions: 1.13.4 Affected Versions: <= 1.13.3 Vulnerability Details: Name: Elementor Addon Elements <= 1.13.3 Title: Authenticated (Contributor+) Stored Cross-Site Scripting Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N CVE: CVE-2024-3743…

Read More

FameTheme Demo Importer Vulnerability – Cross-Site Request Forgery – CVE-2024-33679 | WordPress Plugin Vulnerability Report 

Plugin Name: FameTheme Demo Importer Key Information: Software Type: Plugin Software Slug: famethemes-demo-importer Software Status: Active Software Author: famethemes Software Downloads: 708,614 Active Installs: 50,000 Last Updated: May 10, 2024 Patched Versions: Not available Affected Versions: <= 1.1.5 Vulnerability Details: Name: FameTheme Demo Importer <= 1.1.5 Title: Cross-Site Request Forgery (CSRF) Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE: CVE-2024-33679…

Read More

hCaptcha for WordPress Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via cf7-hcaptcha Shortcode – CVE-2024-4014 | WordPress Plugin Vulnerability Report 

Plugin Name: hCaptcha for WordPress Key Information: Software Type: Plugin Software Slug: hcaptcha-for-forms-and-more Software Status: Active Software Author: hcaptcha Software Downloads: 867,958 Active Installs: 50,000 Last Updated: May 3, 2024 Patched Versions: 4.0.1 Affected Versions: <= 4.0.0 Vulnerability Details: Name: hCaptcha for WordPress <= 4.0.0 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via cf7-hcaptcha Shortcode Type:…

Read More

Click to Chat Vulnerability – HoliThemes – Authenticated (Contributor+) Local File Inclusion – CVE-2024-3849 |WordPress Plugin Vulnerability Report 

Plugin Name: Click to Chat – HoliThemes Key Information: Software Type: Plugin Software Slug: click-to-chat-for-whatsapp Software Status: Active Software Author: holithemes Software Downloads: 11,311,845 Active Installs: 500,000 Last Updated: May 2, 2024 Patched Versions: 4.0 Affected Versions: <= 3.35 Vulnerability Details: Name: Click to Chat – HoliThemes <= 3.35 Title: Authenticated (Contributor+) Local File Inclusion…

Read More

WPvivid Backup & Migration Plugin Vulnerability – Authenticated (Admin+) PHAR Deserialization – CVE-2024-3054 | WordPress Plugin Vulnerability Report

Plugin Name: WPvivid Backup & Migration Plugin Key Information: Software Type: Plugin Software Slug: wpvivid-backuprestore Software Status: Active Software Author: wpvividplugins Software Downloads: 7,313,881 Active Installs: 400,000 Last Updated: April 25, 2024 Patched Versions: 0.9.100 Affected Versions: <= 0.9.99 Vulnerability Details: Name: WPvivid Backup & Migration Plugin <= 0.9.99 Title: Authenticated (Admin+) PHAR Deserialization Type:…

Read More

Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content Vulnerability – ProfilePress – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-2867 | WordPress Plugin Vulnerability Report

Plugin Name: Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress Key Information: Software Type: Plugin Software Slug: wp-user-avatar Software Status: Active Software Author: collizo4sky Software Downloads: 12,831,916 Active Installs: 200,000 Last Updated: April 25, 2024 Patched Versions: 4.15.5 Affected Versions: <= 4.15.4 Vulnerability Details: Name: Paid Membership…

Read More

BEAR Vulnerability – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net – Cross-Site Request Forgery to Notice Dismissal – CVE-2024-31430 | WordPress Plugin Vulnerability Report

Plugin Name: BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net Key Information: Software Type: Plugin Software Slug: woo-bulk-editor Software Status: Active Software Author: realmag777 Software Downloads: 580,051 Active Installs: 30,000 Last Updated: April 25, 2024 Patched Versions: 1.1.4.2 Affected Versions: <= 1.1.4.1 Vulnerability Details: Name: BEAR <= 1.1.4.1 Title: Cross-Site Request…

Read More

FancyBox for WordPress Vulnerability – Authenticated (Admin+) Stored Cross-Site Scripting – CVE-2024-0662 | WordPress Plugin Vulnerability Report

Plugin Name: FancyBox for WordPress Key Information: Software Type: Plugin Software Slug: fancybox-for-wordpress Software Status: Active Software Author: colorlibplugins Software Downloads: 1,832,612 Active Installs: 50,000 Last Updated: April 10, 2024 Patched Versions: 3.3.4 Affected Versions: 3.0.2 – 3.3.3 Vulnerability Details: Name: FancyBox for WordPress 3.0.2 – 3.3.3 Title: Authenticated (Admin+) Stored Cross-Site Scripting Type: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N…

Read More

Email Subscribers by Icegram Express Vulnerability – Authenticated (Administrator+) Cross-Site Scripting & Missing Authorization – CVE-2024-2656 & CVE-2024-31352 | WordPress Plugin Vulnerability Report

Plugin Name: Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce Key Information: Software Type: Plugin Software Slug: email-subscribers Software Status: Active Software Author: icegram Software Downloads: 10,401,859 Active Installs: 90,000 Last Updated: April 15, 2024 Patched Versions: 5.7.16 Affected Versions: <= 5.7.15 Vulnerability Details: Name: Icegram Express <= 5.7.14…

Read More