Email Log Vulnerability – Unauthenticated Hook Injection – CVE-2024-0867 | WordPress Plugin Vulnerability Report

Plugin Name: Email Log Key Information: Software Type: Plugin Software Slug: email-log Software Status: Active Software Author: sudar Software Downloads: 80,000 Active Installs: 736,687 Last Updated: May 23, 2024 Patched Versions: 2.4.9 Affected Versions: <= 2.4.8 Vulnerability Details: Name: Email Log <= 2.4.8 – Unauthenticated Hook Injection Type: Improper Control of Generation of Code (‘Code…

Read More

Happy Addons for Elementor Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-5088, CVE-2024-4865 | WordPress Plugin Vulnerability Report

Plugin Name: Happy Addons for Elementor Key Information: Software Type: Plugin Software Slug: happy-elementor-addons Software Status: Active Software Author: thehappymonster Software Downloads: 6,974,697 Active Installs: 400,000 Last Updated: May 17, 2024 Patched Versions: 3.10.9 Affected Versions: <= 3.10.8 Vulnerability Details: Name: Happy Addons for Elementor <= 3.10.8 – Authenticated (Contributor+) Stored Cross-Site Scripting Type: Improper…

Read More

Mesmerize Companion Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via mesmerize_contact_form Shortcode – CVE-2024-3494 | WordPress Plugin Vulnerability Report

Plugin Name: Mesmerize Companion Key Information: Software Type: Plugin Software Slug: mesmerize-companion Software Status: Active Software Author: horearadu Software Downloads: 1,857,988 Active Installs: 80,000 Last Updated: May 7, 2024 Patched Versions: 1.6.149 Affected Versions: <= 1.6.148 Vulnerability Details: Name: Mesmerize Companion <= 1.6.148 – Authenticated (Contributor+) Stored Cross-Site Scripting via mesmerize_contact_form Shortcode Type: Improper Neutralization…

Read More

Advanced Ads Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Ad Widget – CVE-2024-3952 | WordPress Plugin Vulnerability Report

Plugin Name: Advanced Ads Key Information: Software Type: Plugin Software Slug: advanced-ads Software Status: Active Software Author: monetizemore Software Downloads: 9,195,831 Active Installs: 100,000 Last Updated: May 7, 2024 Patched Versions: 1.52.2 Affected Versions: <= 1.52.1 Vulnerability Details: Name: Advanced Ads – Ad Manager & AdSense <= 1.52.1 – Authenticated (Contributor+) Stored Cross-Site Scripting via…

Read More

Contact Form by WPForms Vulnerability – Unauthenticated Price Manipulation – CVE-2024-3649 | WordPress Plugin Vulnerability Report

Plugin Name: Contact Form by WPForms Key Information: Software Type: Plugin Software Slug: wpforms-lite Software Status: Active Software Author: smub Software Downloads: 201,516,943 Active Installs: 5,000,000 Last Updated: May 1, 2024 Patched Versions: 1.8.8.2 Affected Versions: <= 1.8.7.2 Vulnerability Details: Name: Contact Form by WPForms – Drag & Drop Form Builder for WordPress <= 1.8.7.2…

Read More

Happy Addons for Elementor Vulnerability – Multiple XSS Vulnerabilities –  CVE-2024-2787, CVE-2024-2789, CVE-2024-1498, CVE-2024-1387 | WordPress Plugin Vulnerability Report

Plugin Name: Happy Addons for Elementor Key Information Software Type: Plugin Software Slug: happy-elementor-addons Software Status: Active Software Author: thehappymonster Software Downloads: 6,284,286 Active Installs: 400,000 Last Updated: April 4, 2024 Patched Versions: 3.10.5, 3.10.4 Affected Versions: <= 3.10.3 Vulnerability Details Vulnerability 1 Name: Happy Addons for Elementor <= 3.10.4 – Authenticated Stored Cross-Site Scripting…

Read More

ShopLentor Vulnerability – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) – Authenticated Stored Cross-Site Scripting via WL Universal Product Layout – CVE-2024-2868 | WordPress Plugin Vulnerability Report

Plugin Name: ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) Key Information: Software Type: Plugin Software Slug: woolentor-addons Software Status: Active Software Author: devitemsllc Software Downloads: 3,355,176 Active Installs: 100,000 Last Updated: April 4, 2024 Patched Versions: 2.8.4 Affected Versions: <= 2.8.3 Vulnerability Details: Name: ShopLentor…

Read More

List category posts Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-1051 | WordPress Plugin Vulnerability Report

Plugin Name: List category posts Key Information: Software Type: Plugin Software Slug: list-category-posts Software Status: Active Software Author: fernandobt Software Downloads: 3,812,968 Active Installs: 100,000 Last Updated: March 29, 2024 Patched Versions: 0.89.7 Affected Versions: <= 0.89.6 Vulnerability Details: Name: List category posts <= 0.89.6 – Authenticated (Contributor+) Stored Cross-Site Scripting Type: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) CVE: CVE-2024-1051 CVSS Score: 6.4 (Medium)…

Read More

WP Maintenance Vulnerability – Information Exposure – CVE-2024-1472 | WordPress Plugin Vulnerability Report

Plugin Name: WP Maintenance Key Information: Software Type: Plugin Software Slug: wp-maintenance Software Status: Active Software Author: florent73 Software Downloads: 903,892 Active Installs: 50,000 Last Updated: February 27, 2024 Patched Versions: 6.1.7 Affected Versions: <= 6.1.6 Vulnerability Details: Name: WP Maintenance <= 6.1.6 Title: Information Exposure Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE: CVE-2024-1472 CVSS Score: 5.3 Publicly Published:…

Read More

WordPress Button Plugin MaxButtons Vulnerability – Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode – CVE-2023-7029 | WordPress Plugin Vulnerability Report

Plugin Name: WordPress Button Plugin MaxButtons Key Information: Software Type: Plugin Software Slug: maxbuttons Software Status: Active Software Author: maxfoundry Software Downloads: 4,681,976 Active Installs: 100,000 Last Updated: January 23, 2024 Patched Versions: 9.7.7 Affected Versions: <= 9.7.6 Vulnerability Details: Name: WordPress Button Plugin MaxButtons <= 9.7.6 – Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode Title:…

Read More