WP Go Maps Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2024-3557 | WordPress Plugin Vulnerability Report

Plugin Name: WP Go Maps Key Information: Software Type: Plugin Software Slug: wp-google-maps Software Status: Active Software Author: wpgmaps Software Downloads: 23,515,825 Active Installs: 400,000 Last Updated: May 23, 2024 Patched Versions: 9.0.37 Affected Versions: <= 9.0.36 Vulnerability Details: Name: WP Go Maps (formerly WP Google Maps) <= 9.0.36 – Authenticated (Contributor+) Stored Cross-Site Scripting via…

Read More

Media Library Assistant Vulnerability – Authenticated (Contributor+) SQL Injection via Shortcode & Reflected Cross-Site Scripting via lang – CVE-2024-3518 & CVE-2024-3519 | WordPress Plugin Vulnerability Report

Plugin Name: Media Library Assistant Key Information: Software Type: Plugin Software Slug: media-library-assistant Software Status: Active Software Author: dglingren Software Downloads: 1,952,519 Active Installs: 70,000 Last Updated: May 21, 2024 Patched Versions: 3.16 Affected Versions: <= 3.15 Vulnerability 1 Details: Name: Media Library Assistant <= 3.15 – Authenticated (Contributor+) SQL Injection via Shortcode Type: Improper…

Read More

WP Shortcodes Plugin Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via su_members Shortcode – CVE-2024-4553 | WordPress Plugin Vulnerability Report

Plugin Name: WP Shortcodes Plugin Key Information: Software Type: Plugin Software Slug: shortcodes-ultimate Software Status: Active Software Author: gn_themes Software Downloads: 20,236,762 Active Installs: 600,000 Last Updated: May 20, 2024 Patched Versions: 7.1.6 Affected Versions: <= 7.1.5 Vulnerability Details: Name: WP Shortcodes Plugin — Shortcodes Ultimate <= 7.1.5 – Authenticated (Contributor+) Stored Cross-Site Scripting via…

Read More

Order Export & Order Import for WooCommerce Vulnerability – Authenticated (Administrator+) PHP Object Injection – CVE-2024-34751 | WordPress Plugin Vulnerability Report

Plugin Name: Order Export & Order Import for WooCommerce Key Information: Software Type: Plugin Software Slug: order-import-export-for-woocommerce Software Status: Active Software Author: webtoffee Software Downloads: 1,536,946 Active Installs: 50,000 Last Updated: May 14, 2024 Patched Versions: 2.5.0 Affected Versions: <= 2.4.9 Vulnerability Details: Name: Order Export & Order Import for WooCommerce <= 2.4.9 – Authenticated…

Read More

Custom Field Suite Vulnerability – Authenticated (Admin+) Stored Cross-Site Scripting – CVE-2024-3068 | WordPress Plugin Vulnerability Report

Plugin Name: Custom Field Suite Key Information: Software Type: Plugin Software Slug: custom-field-suite Software Status: Active Software Author: mgibbs189 Software Downloads: 629,966 Active Installs: 50,000 Last Updated: May 7, 2024 Patched Versions: 2.6.6 Affected Versions: <= 2.6.5 Vulnerability Details: Name: Custom Field Suite <= 2.6.5 – Authenticated (Admin+) Stored Cross-Site Scripting Type: Improper Neutralization of…

Read More

WordPress Plugin Vulnerability Report – WP Recipe Maker – Authenticated (Contributor+) Stored Cross-Site Scripting via wprm-recipe-roundup-item Shortcode – CVE-2024-3490 | WordPress Vulnerability Report

Plugin Name: WP Recipe Maker Key Information: Software Type: Plugin Software Slug: wp-recipe-maker Software Status: Active Software Author: brechtvds Software Downloads: 2,782,126 Active Installs: 50,000 Last Updated: May 1, 2024 Patched Versions: 9.4.0 Affected Versions: <= 9.3.1 Vulnerability Details: Name: WP Recipe Maker <= 9.3.1 – Authenticated (Contributor+) Stored Cross-Site Scripting via wprm-recipe-roundup-item Shortcode Type:…

Read More

Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Price List Widget – CVE-2024-1426 | WordPress Plugin Vulnerability Report

Plugin Name: Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) Key Information: Software Type: Plugin Software Slug: bdthemes-element-pack-lite Software Status: Active Software Author: bdthemes Software Downloads: 2,072,488 Active Installs: 100,000 Last Updated: May 2, 2024 Patched Versions: 5.6.1 Affected Versions: <= 5.6.0 Vulnerability Details: Name: Element Pack Elementor Addons…

Read More

Redirection Vulnerability – Missing Authorization – CVE-2024-31435 | WordPress Plugin Vulnerability Report 

Plugin Name: Redirection Key Information: Software Type: Plugin Software Slug: redirect-redirection Software Status: Active Software Author: inisev Software Downloads: 329,941 Active Installs: 60,000 Last Updated: April 22, 2024 Patched Versions: 1.2.0 Affected Versions: <= 1.1.9 Vulnerability Details: Name: Inisev Analyst Module <= 1.1.9 Title: Missing Authorization Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVE: CVE-2024-31435 CVSS Score: 4.3 Publicly Published:…

Read More

Spotlight Social Feeds [Block, Shortcode, and Widget] Vulnerability – Cross-Site Request Forgery – CVE-2024-31381 | WordPress Plugin Vulnerability Report

Plugin Name: Spotlight Social Feeds [Block, Shortcode, and Widget] Key Information: Software Type: Plugin Software Slug: spotlight-social-photo-feeds Software Status: Active Software Author: rebelcode Software Downloads: 1,093,293 Active Installs: 60,000 Last Updated: April 22, 2024 Patched Versions: 1.6.11 Affected Versions: <= 1.6.10 Vulnerability Details: Name: Spotlight Social Media Feeds <= 1.6.10 Title: Cross-Site Request Forgery Type:…

Read More

The Events Calendar Vulnerability – Cross-Site Request Forgery to Notice Dismissal – CVE-2024-31433 | WordPress Plugin Vulnerability Report

Plugin Name: The Events Calendar Key Information: Software Type: Plugin Software Slug: the-events-calendar Software Status: Active Software Author: theeventscalendar Software Downloads: 56,148,469 Active Installs: 700,000 Last Updated: April 22, 2024 Patched Versions: 6.3.1 Affected Versions: <= 6.3.0 Vulnerability Details: Name: The Events Calendar <= 6.3.0 Title: Cross-Site Request Forgery to Notice Dismissal Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE:…

Read More