security

Supreme Modules Lite – Divi Theme, Extra Theme and Divi Builder Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-5501 | WordPress Plugin Vulnerability Report

By Your WP Guy / May 31, 2024

Plugin Name: Supreme Modules Lite – Divi Theme, Extra Theme and Divi Builder Key Information: Software Type: Plugin Software Slug: supreme-modules-for-divi Software Status: Active Software Author: divisupreme Software Downloads: 2,590,021 Active Installs: 200,000 Last Updated: June 12, 2024 Patched Versions: 2.5.52 Affected Versions: <= 2.5.51 Vulnerability Details: Name: Supreme Modules Lite – Divi Theme, Extra…

Read More

Master Slider – Responsive Touch Slider Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2023-6382 | WordPress Plugin Vulnerability Report

By Your WP Guy / May 31, 2024

Plugin Name: Master Slider – Responsive Touch Slider Key Information: Software Type: Plugin Software Slug: master-slider Software Status: Active Software Author: averta Software Downloads: 2,830,772 Active Installs: 90,000 Last Updated: June 12, 2024 Patched Versions: 3.9.10 Affected Versions: <= 3.9.9 Vulnerability Details: Name: Master Slider – Responsive Touch Slider <= 3.9.9 Title: Authenticated (Contributor+) Stored…

Read More

Popup Builder Vulnerability – Authenticated(Contributor+) Stored Cross-Site Scripting via Custom JS – CVE-2024-2506 | WordPress Plugin Vulnerability Report

By Your WP Guy / May 31, 2024

Plugin Name: Popup Builder – Create highly converting, mobile friendly marketing popups. Key Information: Software Type: Plugin Software Slug: popup-builder Software Status: Active Software Author: popupbuilder Software Downloads: 10,104,066 Active Installs: 200,000 Last Updated: June 12, 2024 Patched Versions: 4.3.0 Affected Versions: <= 4.2.7 Vulnerability Details: Name: Popup Builder <= 4.2.7 Title: Authenticated(Contributor+) Stored Cross-Site…

Read More

YITH WooCommerce Wishlist Vulnerability – Authenticated (Admin+) Stored Cross-Site Scripting – CVE-2024-34385 | WordPress Plugin Vulnerability Report

By Your WP Guy / May 30, 2024

Plugin Name: YITH WooCommerce Wishlist Key Information: Software Type: Plugin Software Slug: yith-woocommerce-wishlist Software Status: Active Software Author: yithemes Software Downloads: 25,691,780 Active Installs: 900,000 Last Updated: June 11, 2024 Patched Versions: 3.33.0 Affected Versions: <= 3.32.0 Vulnerability Details: Name: YITH WooCommerce Wishlist <= 3.32.0 Title: Authenticated (Admin+) Stored Cross-Site Scripting Type: CVE: CVE-2024-34385 CVSS…

Read More

Happy Addons for Elementor Vulnerability – Authenticated Stored Cross-Site Scripting – CVE-2024-5041, CVE-2024-5347 | WordPress Plugin Vulnerability Report

By Your WP Guy / May 30, 2024

Plugin Name: Happy Addons for Elementor Key Information: Software Type: Plugin Software Slug: happy-elementor-addons Software Status: Active Software Author: thehappymonster Software Downloads: 7,124,353 Active Installs: 400,000 Last Updated: June 13, 2024 Patched Versions: 3.11.0 Affected Versions: <= 3.10.9 Vulnerability Details: Vulnerability 1: Name: Happy Addons for Elementor <= 3.10.9 Title: Authenticated (Contributor+) Stored Cross-Site Scripting…

Read More

Download Monitor Vulnerability – Missing Authorization – CVE-2024-3269 | WordPress Plugin Vulnerability Report

By Your WP Guy / May 29, 2024

Plugin Name: Download Monitor Key Information: Software Type: Plugin Software Slug: download-monitor Software Status: Active Software Author: wpchill Software Downloads: 5,153,537 Active Installs: 100,000 Last Updated: June 11, 2024 Patched Versions: 4.9.14 Affected Versions: <= 4.9.13 Vulnerability Details: Name: Download Monitor <= 4.9.13 Title: Missing Authorization Type: CVE: CVE-2024-3269 CVSS Score: 5.4 Publicly Published: May…

Read More

Burst Statistics Vulnerability – Authenticated Stored Cross-Site Scripting via burst_total_pageviews_count – CVE-2024-1894 |WordPress Plugin Vulnerability Report

By Your WP Guy / Mar 12, 2024

Plugin Name: Burst Statistics – Privacy-Friendly Analytics for WordPress Key Information: Software Type: Plugin Software Slug: burst-statistics Software Status: Active Software Author: rogierlankhorst Software Downloads: 1,792,011 Active Installs: 100,000 Last Updated: March 14, 2024 Patched Versions: 1.5.7 Affected Versions: <= 1.5.6.1 Vulnerability Details: Name: Burst Statistics <= 1.5.6.1 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via…

Read More

Ultimate Member Vulnerability – Unauthenticated SQL Injection – CVE-2024-1071 | WordPress Plugin Vulnerability Report

By Your WP Guy / Feb 23, 2024

Plugin Name: Ultimate Member Key Information: Software Type: Plugin Software Slug: ultimate-member Software Status: Active Software Author: ultimatemember Software Downloads: 9,722,132 Active Installs: 200,000 Last Updated: February 23, 2024 Patched Versions: 2.8.3 Affected Versions: 2.1.3 – 2.8.2 Vulnerability Details: Name: Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin 2.1.3 – 2.8.2 – Unauthenticated SQL Injection Type: Improper Neutralization of Special…

Read More

Colibri Page Builder Vulnerability – Cross-Site Request Fogery – CVE-2024-1362, CVE-2024-1361 | WordPress Plugin Vulnerability Report

By Your WP Guy / Feb 22, 2024

Plugin Name: Colibri Page Builder Key Information: Software Type: Plugin Software Slug: colibri-page-builder Software Status: Active Software Author: extendthemes Software Downloads: 2,380,495 Active Installs: 100,000 Last Updated: February 22, 2024 Patched Versions: 1.0.260 Affected Versions: <= 1.0.253 Vulnerability Details: Name: Colibri Page Builder <= 1.0.253 – Cross-Site Request Fogery via cp_shortcode_refresh Title: Cross-Site Request Fogery via cp_shortcode_refresh Type: Cross-Site Request Forgery (CSRF) CVE: CVE-2024-1362 CVSS Score: 4.3 (Medium) Publicly…

Read More

YARPP Vulnerability – Authenticated(Administrator+) Stored Cross-Site Scripting via settings – CVE-2024-0602 | WordPress Plugin Vulnerability Report

By Your WP Guy / Feb 20, 2024

Plugin Name: YARPP Key Information: Software Type: Plugin Software Slug: yet-another-related-posts-plugin Software Status: Active Software Author: jeffparker Software Downloads: 7,579,644 Active Installs: 100,000 Last Updated: February 20, 2024 Patched Versions: 5.30.10 Affected Versions: 5.30.9 Vulnerability Details: Name: Yet Another Related Posts Plugin (YARPP) <= 5.30.9 – Authenticated(Administrator+) Stored Cross-Site Scripting via settings Title: Authenticated(Administrator+) Stored Cross-Site Scripting via settings Type: Improper Neutralization of Script-Related HTML Tags in…

Read More