session hijacking

WP Shortcodes Plugin Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via su_members Shortcode – CVE-2024-4553 | WordPress Plugin Vulnerability Report

By Your WP Guy / May 20, 2024

Plugin Name: WP Shortcodes Plugin Key Information: Software Type: Plugin Software Slug: shortcodes-ultimate Software Status: Active Software Author: gn_themes Software Downloads: 20,236,762 Active Installs: 600,000 Last Updated: May 20, 2024 Patched Versions: 7.1.6 Affected Versions: <= 7.1.5 Vulnerability Details: Name: WP Shortcodes Plugin – Shortcodes Ultimate <= 7.1.5 – Authenticated (Contributor+) Stored Cross-Site Scripting via…

Read More

Starter Templates Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-4630 | WordPress Plugin Vulnerability Report

By Your WP Guy / May 10, 2024

Plugin Name: Starter Templates Key Information: Software Type: Plugin Software Slug: astra-sites Software Status: Active Software Author: brainstormforce Software Downloads: 57,202,843 Active Installs: 1,000,000 Last Updated: May 10, 2024 Patched Versions: 4.2.2 Affected Versions: <= 4.2.1 Vulnerability Details: Name: Starter Templates – Elementor, WordPress & Beaver Builder Templates <= 4.2.1 – Authenticated (Contributor+) Stored Cross-Site…

Read More