security vulnerability
Elementor Header & Footer Builder Vulnerability – Authenticated Stored Cross-Site Scripting – CVE-2024-1237 | WordPress Plugin Vulnerability Report
Plugin Name: Elementor Header & Footer Builder Key Information: Software Type: Plugin Software Slug: header-footer-elementor Software Status: Active Software Author: brainstormforce Software Downloads: 24,612,698 Active Installs: 1,000,000 Last Updated: March 13, 2024 Patched Versions: 1.6.25 Affected Versions: <= 1.6.24 Vulnerability Details: Name: Elementor Header & Footer Builder <= 1.6.24 Title: Authenticated (Contributor+) Stored Cross-Site Scripting…
Essential Addons for Elementor Vulnerability- Authenticated Stored Cross-Site Scripting via Data Table – CVE-2024-1537 |WordPress Plugin Vulnerability Report
Plugin Name: Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders Key Information: Software Type: Plugin Software Slug: essential-addons-for-elementor-lite Software Status: Active Software Author: wpdevteam Software Downloads: 67,142,962 Active Installs: 2,000,000 Last Updated: March 13, 2024 Patched Versions: 5.9.10 Affected Versions: <= 5.9.9 Vulnerability Details: Name: Essential Addons for Elementor <=…
Site Reviews Vulnerability – Authenticated Stored Cross-Site Scripting via Display Name – CVE-2024-2293 | WordPress Plugin Vulnerability Report
Plugin Name: Site Reviews Key Information: Software Type: Plugin Software Slug: site-reviews Software Status: Active Software Author: geminilabs Software Downloads: 2,210,571 Active Installs: 60,000 Last Updated: March 13, 2024 Patched Versions: 6.11.7 Affected Versions: <= 6.11.4 Vulnerability Details: Name: Site Reviews <= 6.11.4 Title: Authenticated(Subscriber+) Stored Cross-Site Scripting via Display Name Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N CVE: CVE-2024-2293…
WP Statistics Vulnerability- Unauthenticated Stored Cross-Site Scripting – CVE-2024-2194 |WordPress Plugin Vulnerability Report
Plugin Name: WP Statistics Key Information: Software Type: Plugin Software Slug: wp-statistics Software Status: Active Software Author: mostafas1990 Software Downloads: 22,569,004 Active Installs: 600,000 Last Updated: March 13, 2024 Patched Versions: 14.5.1 Affected Versions: <= 14.5 Vulnerability Details: Name: WP Statistics <= 14.5 Title: Unauthenticated Stored Cross-Site Scripting Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N CVE: CVE-2024-2194 CVSS Score: 7.2…
Ultimate Member Vulnerability – Unauthenticated Stored Cross-Site Scripting – CVE-2024-2123 |WordPress Plugin Vulnerability Report
Plugin Name: Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin Key Information: Software Type: Plugin Software Slug: ultimate-member Software Status: Active Software Author: ultimatemember Software Downloads: 9,871,019 Active Installs: 200,000 Last Updated: March 12, 2024 Patched Versions: 2.8.4 Affected Versions: <= 2.8.3 Vulnerability Details: Name: Ultimate Member <= 2.8.3…
Premium Addons for Elementor Vulnerability- Authenticated Stored Cross-Site Scripting – CVE-2024-1680 | WordPress Plugin Vulnerability Report
Plugin Name: Premium Addons for Elementor Key Information: Software Type: Plugin Software Slug: premium-addons-for-elementor Software Status: Active Software Author: leap13 Software Downloads: 29,801,020 Active Installs: 700,000 Last Updated: February 28, 2024 Patched Versions: 4.10.22 Affected Versions: <= 4.10.21 Vulnerability Details: Name: Premium Addons for Elementor <= 4.10.21 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via Banner,…
Events Manager Vulnerability– Calendar, Bookings, Tickets, and more! – Authenticated (Administrator+) Stored Cross-Site Scripting – CVE-2024-0614 | WordPress Plugin Vulnerability Report
Plugin Name: Events Manager – Calendar, Bookings, Tickets, and more! Key Information: Software Type: Plugin Software Slug: events-manager Software Status: Active Software Author: netweblogic Software Downloads: 4,542,882 Active Installs: 90,000 Last Updated: February 28, 2024 Patched Versions: 6.4.7 Affected Versions: <= 6.4.6.4 Vulnerability Details: Name: Events Manager <= 6.4.6.4 Title: Authenticated (Administrator+) Stored Cross-Site Scripting…
WP Shortcodes Plugin Vulnerability— Shortcodes Ultimate – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-1808 | WordPress Plugin Vulnerability Report
Plugin Name: WP Shortcodes Plugin – Shortcodes Ultimate Key Information: Software Type: Plugin Software Slug: shortcodes-ultimate Software Status: Active Software Author: gn_themes Software Downloads: 18,807,873 Active Installs: 600,000 Last Updated: February 28, 2024 Patched Versions: 7.0.4 Affected Versions: <= 7.0.3 Vulnerability Details: Name: WP Shortcodes Plugin – Shortcodes Ultimate <= 7.0.3 Title: Authenticated (Contributor+) Stored…
BackWPup Vulnerability– WordPress Backup Plugin – Plaintext Storage of Backup Destination Password – CVE-2023-5775 | WordPress Plugin Vulnerability Report
Plugin Name: BackWPup – WordPress Backup Plugin Key Information: Software Type: Plugin Software Slug: backwpup Software Status: Active Software Author: wp_media Software Downloads: 13,687,961 Active Installs: 600,000 Last Updated: February 27, 2024 Patched Versions: 4.0.3 Affected Versions: <= 4.0.2 Vulnerability Details: Name: BackWPup <= 4.0.2 Title: Plaintext Storage of Backup Destination Password Type: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N CVE:…
Brizy Vulnerability– Page Builder – Authenticated (Contributor+) Arbitrary File Upload – CVE-2024-1311| WordPress Plugin Vulnerability Report
Plugin Name: Brizy – Page Builder Key Information: Software Type: Plugin Software Slug: brizy Software Status: Active Software Author: themefusecom Software Downloads: 4,542,478 Active Installs: 80,000 Last Updated: February 27, 2024 Patched Versions: 2.4.41 Affected Versions: 2.4.40 – 2.4.40 Vulnerability Details: Name: Brizy – Page Builder <= 2.4.40 Title: Authenticated (Contributor+) Arbitrary File Upload Type:…