Sydney Toolbox Vulnerability – Authenticated Stored Cross-Site Scripting via Filterable Gallery – CVE-2024-3208 | WordPress Plugin Vulnerability Report

Plugin Name: Sydney Toolbox Key Information: Software Type: Plugin Software Slug: sydney-toolbox Software Status: Active Software Author: athemes Software Downloads: 2,211,650 Active Installs: 80,000 Last Updated: April 8, 2024 Patched Versions: 1.29 Affected Versions: <= 1.28 Vulnerability Details: Name: Sydney Toolbox <= 1.28 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via Filterable Gallery Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N CVE:…

Read More

ShopLentor Vulnerability – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) – Authenticated Stored Cross-site Scripting via QR Code Widget – CVE-2024-2946 | WordPress Plugin Vulnerability Report

Plugin Name: ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) Key Information: Software Type: Plugin Software Slug: woolentor-addons Software Status: Active Software Author: devitemsllc Software Downloads: 3,355,176 Active Installs: 100,000 Last Updated: April 4, 2024 Patched Versions: 2.8.5 Affected Versions: <= 2.8.4 Vulnerability Details: Name: ShopLentor…

Read More

Relevanssi Vulnerability – A Better Search – Multiple Vulnerabilities – CVE-2024-3213 & CVE-2024-3214 | WordPress Plugin Vulnerability Report

Plugin Name: Relevanssi – A Better Search Key Information: Software Type: Plugin Software Slug: relevanssi Software Status: Active Software Author: msaari Software Downloads: 6,389,194 Active Installs: 100,000 Last Updated: April 4, 2024 Patched Versions: 4.22.2 Affected Versions: <= 4.22.1 Vulnerability Details:  Vulnerability 1: Missing Authorization to Unauthenticated Count Option Update Type: Insecure Direct Object Reference…

Read More

File Manager Vulnerability – Authenticated Directory Traversal – CVE-2024-2654 | WordPress Plugin Vulnerability Report

Plugin Name: File Manager Key Information: Software Type: Plugin Software Slug: wp-file-manager Software Status: Active Software Author: mndpsingh287 Software Downloads: 21,240,440 Active Installs: 1,000,000 Last Updated: April 3, 2024 Patched Versions: 7.2.6 Affected Versions: <= 7.2.5 Vulnerability Details: Name: File Manager <= 7.2.5 Title: Authenticated (Administrator+) Directory Traversal Type: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N CVE: CVE-2024-2654 CVSS Score: 6.4…

Read More

Contact Form 7 Vulnerability – Reflected Cross-Site Scripting – CVE-2024-2242 | WordPress Plugin Vulnerability Report

Plugin Name: Contact Form 7 Key Information: Software Type: Plugin Software Slug: contact-form-7 Software Status: Active Software Author: takayukister Software Downloads: 318,916,329 Active Installs: 5,000,000 Last Updated: March 14, 2024 Patched Versions: 5.9.2 Affected Versions: <= 5.9 Vulnerability Details: Name: Contact Form 7 <= 5.9 Title: Reflected Cross-Site Scripting Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE: CVE-2024-2242 CVSS Score:…

Read More

Burst Statistics Vulnerability – Authenticated Stored Cross-Site Scripting via burst_total_pageviews_count – CVE-2024-1894 | WordPress Plugin Vulnerability Report

Plugin Name: Burst Statistics – Privacy-Friendly Analytics for WordPress Key Information: Software Type: Plugin Software Slug: burst-statistics Software Status: Active Software Author: rogierlankhorst Software Downloads: 1,792,011 Active Installs: 100,000 Last Updated: March 14, 2024 Patched Versions: 1.5.7 Affected Versions: <= 1.5.6.1 Vulnerability Details: Name: Burst Statistics – Privacy-Friendly Analytics for WordPress <= 1.5.6.1 Title: Authenticated…

Read More

Easy Social Feed Vulnerability – Social Photos Gallery – Post Feed – Like Box – Cross-Site Request Forgery – CVE-2024-1214 | WordPress Plugin Vulnerability Report

Plugin Name: Easy Social Feed – Social Photos Gallery – Post Feed – Like Box Key Information: Software Type: Plugin Software Slug: easy-facebook-likebox Software Status: Active Software Author: sjaved Software Downloads: 2,976,834 Active Installs: 50,000 Last Updated: March 14, 2024 Patched Versions: 6.5.5 Affected Versions: <= 6.5.4 Vulnerability Details: Name: Easy Social Feed <= 6.5.4…

Read More

HT Mega Vulnerability – Absolute Addons For Elementor – Authenticated Stored Cross-Site Scripting via Post Carousel Widget – CVE-2024-1421 | WordPress Plugin Vulnerability Report

Plugin Name: HT Mega – Absolute Addons For Elementor Key Information: Software Type: Plugin Software Slug: ht-mega-for-elementor Software Status: Active Software Author: devitemsllc Software Downloads: 3,603,212 Active Installs: 100,000 Last Updated: March 13, 2024 Patched Versions: 2.4.5 Affected Versions: <= 2.4.4 Vulnerability Details: Name: HT Mega – Absolute Addons For Elementor <= 2.4.4 Title: Authenticated…

Read More

Hustle Vulnerability – Sensitive Information Exposure via Exposed Hubspot API Keys – CVE-2024-0368 | WordPress Plugin Vulnerability Report

Plugin Name: Hustle – Email Marketing, Lead Generation, Optins, Popups Key Information: Software Type: Plugin Software Slug: wordpress-popup Software Status: Active Software Author: wpmudev Software Downloads: 3,659,904 Active Installs: 100,000 Last Updated: March 13, 2024 Patched Versions: 7.8.4 Affected Versions: <= 7.8.3 Vulnerability Details: Name: Hustle <= 7.8.3 Title: Sensitive Information Exposure via Exposed Hubspot…

Read More

Post Grid Combo Vulnerability – 36+ Gutenberg Blocks – Information Exposure via get_posts API Endpoint – CVE-2023-7072 | WordPress Plugin Vulnerability Report

Plugin Name: Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks Key Information: Software Type: Plugin Software Slug: post-grid Software Status: Active Software Author: pickplugins Software Downloads: 2,751,180 Active Installs: 50,000 Last Updated: March 13, 2024 Patched Versions: 2.2.69 Affected Versions: <= 2.2.68 Vulnerability Details: Name: Post Grid Combo…

Read More