LiteSpeed Cache Vulnerability – Cross-Site Request Forgery to Stored Cross-Site Scripting – CVE-2024-3246 | WordPress Plugin Vulnerability Report

Plugin Name: LiteSpeed Cache Key Information: Software Type: Plugin Software Slug: litespeed-cache Software Status: Active Software Author: litespeedtech Software Downloads: 70,093,541 Active Installs: 5,000,000 Last Updated: July 29, 2024 Patched Versions: 6.3 Affected Versions: <= 6.2.0.1 Vulnerability Details: Name: LiteSpeed Cache <= 6.2.0.1 Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE: CVE-2024-3246 CVSS Score: 6.1 Publicly Published: July 23, 2024…

Read More

Redux Framework Vulnerability – Unauthenticated JSON File Upload to Stored Cross-Site Scripting – CVE-2024-6828 | WordPress Plugin Vulnerability Report

Plugin Name: Redux Framework Key Information: Software Type: Plugin Software Slug: redux-framework Software Status: Active Software Author: davidanderson Software Downloads: 26,600,180 Active Installs: 1,000,000 Last Updated: July 29, 2024 Patched Versions: 4.4.18 Affected Versions: 4.4.12 – 4.4.17 Vulnerability Details: Name: Redux Framework 4.4.12 – 4.4.17 Type: Unauthenticated JSON File Upload to Stored Cross-Site Scripting CVE:…

Read More

WP Mail SMTP by WPForms Vulnerability – Authenticated (Admin+) SMTP Password Exposure – CVE-2024-6694 | WordPress Plugin Vulnerability Report

Plugin Name: WP Mail SMTP by WPForms – The Most Popular SMTP and Email Log Plugin Key Information: Software Type: Plugin Software Slug: wp-mail-smtp Software Status: Active Software Author: smub Software Downloads: 54,987,682 Active Installs: 3,000,000 Last Updated: July 29, 2024 Patched Versions: 4.1.0 Affected Versions: <= 4.0.1 Vulnerability Details: Name: WP Mail SMTP <=…

Read More

Duplicator – Migration & Backup Plugin Vulnerability – Full Path Disclosure – CVE-2024-6210 | WordPress Plugin Vulnerability Report

Plugin Name: Duplicator – Migration & Backup Plugin Key Information: Software Type: Plugin Software Slug: duplicator Software Status: Active Software Author: smub Software Downloads: 43,284,982 Active Installs: 1,000,000 Last Updated: July 29, 2024 Patched Versions: 1.5.10 Affected Versions: <= 1.5.9 Vulnerability Details: Name: Duplicator <= 1.5.9 Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE: CVE-2024-6210 CVSS Score: 5.3 Publicly Published:…

Read More

WooCommerce Vulnerability – Authenticated (Shop Manager+) Content Injection – CVE-2024-35777 | WordPress Plugin Vulnerability Report

Plugin Name: WooCommerce Key Information: Software Type: Plugin Software Status: Active Software Author: woocommerce Software Downloads: 322,936,863 Active Installs: 7,000,000 Last Updated: July 11, 2024 Patched Versions: 9.0.0 Affected Versions: <= 8.9.2 Vulnerability Details: Name: WooCommerce <= 8.9.2 Title: Authenticated (Shop Manager+) Content Injection Type: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N CVE: CVE-2024-35777 CVSS Score: 2.7 Publicly Published: June 27,…

Read More

Easy Table of Contents Vulnerability- Authenticated (Editor+) Stored Cross-Site Scripting – CVE-2024-6334 |WordPress Plugin Vulnerability Report

Plugin Name: Easy Table of Contents Key Information: Software Type: Plugin Software Slug: easy-table-of-contents Software Status: Active Software Author: magazine3 Software Downloads: 12,901,982 Active Installs: 500,000 Last Updated: July 26, 2024 Patched Versions: 2.0.67.1 Affected Versions: <= 2.0.67 Vulnerability Details: Name: Easy Table of Contents <= 2.0.67 Title: Authenticated (Editor+) Stored Cross-Site Scripting Type: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N…

Read More

Simple Sitemap Vulnerability – Cross-Site Request Forgery via admin_notices – CVE-2023-6492 | WordPress Plugin Vulnerability Report

Plugin Name: Simple Sitemap – Create a Responsive HTML Sitemap Key Information: Software Type: Plugin Software Slug: simple-sitemap Software Status: Active Software Author: dgwyer Software Downloads: 1,541,369 Active Installs: 90,000 Last Updated: July 2, 2024 Patched Versions: 3.5.14 Affected Versions: <= 3.5.13 Vulnerability Details: Name: Simple Sitemap <= 3.5.13 Title: Cross-Site Request Forgery via admin_notices…

Read More

Download Manager Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via wpdm_modal_login_form Shortcode – CVE-2024-4001 | WordPress Plugin Vulnerability Report

Plugin Name: Download Manager Key Information: Software Type: Plugin Software Slug: download-manager Software Status: Active Software Author: codename065 Software Downloads: 8,675,361 Active Installs: 100,000 Last Updated: June 11, 2024 Patched Versions: 3.2.94 Affected Versions: <= 3.2.93 Vulnerability Details: Name: Download Manager <= 3.2.93 Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N CVE: CVE-2024-4001 CVSS Score: 6.4 Publicly Published: June 4, 2024…

Read More

Newsletter, SMTP, Email marketing and Subscribe forms by Brevo (formerly Sendinblue) Vulnerability – Reflected Cross-Site Scripting – CVE-2024-35668 | WordPress Plugin Vulnerability Report

Plugin Name: Newsletter, SMTP, Email marketing and Subscribe forms by Brevo (formerly Sendinblue) Key Information: Software Type: Plugin Software Slug: mailin Software Status: Active Software Author: neeraj_slit Software Downloads: 4,539,519 Active Installs: 100,000 Last Updated: June 12, 2024 Patched Versions: 3.1.78 Affected Versions: <= 3.1.77 Vulnerability Details: Name: Newsletter, SMTP, Email marketing and Subscribe forms…

Read More

Sydney Toolbox Vulnerability – Authenticated Stored Cross-Site Scripting via Filterable Gallery – CVE-2024-3208 | WordPress Plugin Vulnerability Report

Plugin Name: Sydney Toolbox Key Information: Software Type: Plugin Software Slug: sydney-toolbox Software Status: Active Software Author: athemes Software Downloads: 2,211,650 Active Installs: 80,000 Last Updated: April 8, 2024 Patched Versions: 1.29 Affected Versions: <= 1.28 Vulnerability Details: Name: Sydney Toolbox <= 1.28 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via Filterable Gallery Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N CVE:…

Read More