YITH WooCommerce Ajax Search Vulnerability – Unauthenticated Stored Cross-Site Scripting – CVE-2024-4455 | WordPress Plugin Vulnerability Report

Plugin Name: YITH WooCommerce Ajax Search Key Information: Software Type: Plugin Software Slug: yith-woocommerce-ajax-search Software Status: Active Software Author: yithemes Software Downloads: 2,852,419 Active Installs: 70,000 Last Updated: May 23, 2024 Patched Versions: 2.4.1 Affected Versions: <= 2.4.0 Vulnerability Details: Name: YITH WooCommerce Ajax Search <= 2.4.0 – Unauthenticated Stored Cross-Site Scripting Type: Improper Neutralization…

Read More

FooGallery Vulnerability – Authenticated (Author+) Stored Cross-Site Scripting – CVE-2024-2762 | WordPress Plugin Vulnerability Report

Plugin Name: FooGallery Key Information: Software Type: Plugin Software Slug: foogallery Software Status: Active Software Author: bradvin Software Downloads: 4,941,934 Active Installs: 100,000 Last Updated: May 23, 2024 Patched Versions: 2.4.15 Affected Versions: < 2.4.15 Vulnerability Details: Name: FooGallery (Free and Premium) < 2.4.15 – Authenticated (Author+) Stored Cross-Site Scripting Type: Improper Neutralization of Input…

Read More

Search & Replace Vulnerability – Authenticated (Administrator+) SQL injection – CVE-2024-0756 | WordPress Plugin Vulnerability Report

Plugin Name: Search & Replace Key Information: Software Type: Plugin Software Slug: search-and-replace Software Status: Active Software Author: wp_media Software Downloads: 2,867,673 Active Installs: 100,000 Last Updated: May 23, 2024 Patched Versions: 3.2.2 Affected Versions: <= 3.2.1 Vulnerability Details: Name: Search & Replace <= 3.2.1 – Authenticated (Administrator+) SQL injection Type: Improper Neutralization of Special…

Read More

iframe Vulnerability – Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode – CVE-2023-6844 | WordPress Plugin Vulnerability Report

Plugin Name: iframe Key Information: Software Type: Plugin Software Slug: iframe Software Status: Active Software Author: webvitaly Software Downloads: 1,680,907 Active Installs: 90,000 Last Updated: May 22, 2024 Patched Versions: 5.1 Affected Versions: <= 5.0 Vulnerability Details: Name: iframe <= 5.0 – Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode Type: Improper Neutralization of Input During Web…

Read More

Menu Icons by ThemeIsle Vulnerability – Authenticated (Author+) Stored Cross-Site Scripting via SVG Upload – CVE-2024-4635 | WordPress Plugin Vulnerability Report

Plugin Name: Menu Icons by ThemeIsle Key Information: Software Type: Plugin Software Slug: menu-icons Software Status: Active Software Author: themeisle Software Downloads: 3,529,569 Active Installs: 200,000 Last Updated: May 15, 2024 Patched Versions: 0.13.14 Affected Versions: <= 0.13.13 Vulnerability Details: Name: Menu Icons by ThemeIsle <= 0.13.13 – Authenticated (Author+) Stored Cross-Site Scripting via SVG…

Read More

Gutenberg Blocks Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-4057, CVE-2024-3189, CVE-2024-4208 | WordPress Plugin Vulnerability Report

Plugin Name: Gutenberg Blocks Key Information: Software Type: Plugin Software Slug: kadence-blocks Software Status: Active Software Author: britner Software Downloads: 19,473,277 Active Installs: 400,000 Last Updated: May 14, 2024 Patched Versions: 3.2.38 Affected Versions: <= 3.2.37 Vulnerability Details: Name: Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.37 – Authenticated (Contributor+) Stored Cross-Site…

Read More

RSS Aggregator Vulnerability – Reflected Cross-Site Scripting – CVE-2024-4860 | WordPress Plugin Vulnerability Report

Plugin Name: RSS Aggregator Key Information: Software Type: Plugin Software Slug: wp-rss-aggregator Software Status: Active Software Author: jeangalea Software Downloads: 2,771,177 Active Installs: 50,000 Last Updated: May 14, 2024 Patched Versions: 4.23.9 Affected Versions: <= 4.23.8 Vulnerability Details: Name: RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging <= 4.23.8 – Reflected…

Read More

Sydney Toolbox Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via aThemes: Portfolio Widget – CVE-2024-4473 | WordPress Plugin Vulnerability Report

Plugin Name: Sydney Toolbox Key Information: Software Type: Plugin Software Slug: sydney-toolbox Software Status: Active Software Author: athemes Software Downloads: 2,286,558 Active Installs: 80,000 Last Updated: May 13, 2024 Patched Versions: 1.32 Affected Versions: <= 1.31 Vulnerability Details: Name: Sydney Toolbox <= 1.31 – Authenticated (Contributor+) Stored Cross-Site Scripting via aThemes: Portfolio Widget Type: Improper…

Read More

Starter Templates Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-4630 | WordPress Plugin Vulnerability Report

Plugin Name: Starter Templates Key Information: Software Type: Plugin Software Slug: astra-sites Software Status: Active Software Author: brainstormforce Software Downloads: 57,202,843 Active Installs: 1,000,000 Last Updated: May 10, 2024 Patched Versions: 4.2.2 Affected Versions: <= 4.2.1 Vulnerability Details: Name: Starter Templates — Elementor, WordPress & Beaver Builder Templates <= 4.2.1 – Authenticated (Contributor+) Stored Cross-Site…

Read More

Easy Digital Downloads Vulnerability – Cross-Site Request Forgery – CVE-2024-31113 | WordPress Plugin Vulnerability Report

Plugin Name: Easy Digital Downloads Key Information: Software Type: Plugin Software Slug: easy-digital-downloads Software Status: Active Software Author: smub Software Downloads: 4,985,103 Active Installs: 50,000 Last Updated: May 9, 2024 Patched Versions: 3.2.12 Affected Versions: <= 3.2.11 Vulnerability Details: Name: Easy Digital Downloads <= 3.2.11 – Cross-Site Request Forgery Type: Cross-Site Request Forgery (CSRF) CVE:…

Read More