FileBird Vulnerability – WordPress Media Library Folders & File Manager – Authenticated Insecure Direct Object Reference – CVE-2024-2346 | WordPress Plugin Vulnerability Report

Plugin Name: FileBird – WordPress Media Library Folders & File Manager Key Information: Software Type: Plugin Software Slug: filebird Software Status: Active Software Author: ninjateam Software Downloads: 4,220,916 Active Installs: 200,000 Last Updated: April 25, 2024 Patched Versions: 5.6.4 Affected Versions: <= 5.6.3 Vulnerability Details: Name: FileBird – WordPress Media Library Folders & File Manager…

Read More

Beaver Builder Vulnerability – WordPress Page Builder – Authenticated Stored Cross-Site Scripting via Button – CVE-2024-2925 | WordPress Plugin Vulnerability Report 

Plugin Name: Beaver Builder – WordPress Page Builder Key Information: Software Type: Plugin Software Slug: beaver-builder-lite-version Software Status: Active Software Author: justinbusa Software Downloads: 9,939,163 Active Installs: 10,000 Last Updated: April 3, 2024 Patched Versions: 2.8.0.7 Affected Versions: <= 2.8.0.5 Vulnerability Details: Name: Beaver Builder – WordPress Page Builder <= 2.8.0.5 Title: Authenticated (Contributor+) Stored…

Read More

WordPress Infinite Scroll Vulnerability – Ajax Load More – Authenticated (Admin+) Directory Traversal to Arbitrary File Read – CVE-2024-1790 |WordPress Plugin Vulnerability Report

Plugin Name: WordPress Infinite Scroll – Ajax Load More Key Information: Software Type: Plugin Software Slug: ajax-load-more Software Status: Active Software Author: connekthq Software Downloads: 1,877,054 Active Installs: 50,000 Last Updated: March 26, 2024 Patched Versions: 7.1.0 Affected Versions: <= 7.0.1 Vulnerability Details: Name: Ajax Load More <= 7.0.1 Authenticated (Admin+) Directory Traversal to Arbitrary…

Read More

HUSKY Vulnerability– Products Filter Professional for WooCommerce – Authenticated Stored Cross-Site Scripting via Shortcode – CVE-2024-1796 | WordPress Plugin Vulnerability Report 

Plugin Name: HUSKY – Products Filter Professional for WooCommerce Key Information: Software Type: Plugin Software Slug: woocommerce-products-filter Software Status: Active Software Author: realmag777 Software Downloads: 1,674,101 Active Installs: 100,000 Last Updated: March 14, 2024 Patched Versions: 1.3.5.2 Affected Versions: <= 1.3.5.1 Vulnerability Details: Name: HUSKY – Products Filter for WooCommerce Professional <= 1.3.5.1 Title: Authenticated…

Read More

EmbedPress – Embed Various Content Types – Authenticated (Contributor+) Stored Cross-Site Scripting via EmbedPress PDF Widget – CVE-2024-2128 | WordPress Plugin Vulnerability Report

Plugin Name: EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor Key Information: Software Type: Plugin Software Slug: embedpress Software Status: Active Software Author: wpdevteam Software Downloads: 2,279,058 Active Installs: 90,000 Last Updated: March 12, 2024 Patched Versions: 3.9.11 Affected Versions: <= 3.9.10…

Read More

Calculated Fields Form Vulnerability – Unauthenticated Stored Cross-Site Scripting – CVE-2024-2020 | WordPress Plugin Vulnerability Report

Plugin Name: Calculated Fields Form Key Information: Software Type: Plugin Software Slug: calculated-fields-form Software Status: Active Software Author: codepeople Software Downloads: 6,626,617 Active Installs: 60,000 Last Updated: March 1, 2024 Patched Versions: 5.1.57 Affected Versions: <= 5.1.56 Vulnerability Details: Name: Calculated Fields Form Professional <= 5.1.56 Title: Unauthenticated Stored Cross-Site Scripting Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N CVE: CVE-2024-2020…

Read More

Advanced iFrame Vulnerability- Authenticated Contributor+ Stored Cross-Site Scripting – CVE-2024-1341 | WordPress Plugin Vulnerability Report

Plugin Name: Advanced iFrame Key Information: Software Type: Plugin Software Slug: advanced-iframe Software Status: Active Software Author: mdempfle Software Downloads: 1,864,724 Active Installs: 60,000 Last Updated: February 28, 2024 Patched Versions: 2024.2 Affected Versions: <= 2024.1 Vulnerability Details: Name: Advanced iFrame <= 2024.1 Title: Authenticated (Contributor+) Stored Cross-Site Scripting Type: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N CVE: CVE-2024-1341 CVSS Score:…

Read More

Custom Field Suite Vulnerability- Authenticated (Admin+) Stored Cross-Site Scripting – CVE-2024-0689 | WordPress Plugin Vulnerability Report

Plugin Name: Custom Field Suite Key Information: Software Type: Plugin Software Slug: custom-field-suite Software Status: Active Software Author: mgibbs189 Software Downloads: 590,448 Active Installs: 50,000 Last Updated: February 28, 2024 Patched Versions: 2.6.5 Affected Versions: <= 2.6.4 Vulnerability Details: Name: Custom Field Suite <= 2.6.4 Title: Authenticated (Admin+) Stored Cross-Site Scripting Type: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N CVE: CVE-2024-0689…

Read More

Calculated Fields Form Vulnerability- Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-0963 | WordPress Plugin Vulnerability Report

Plugin Name: Calculated Fields Form Key Information: Software Type: Plugin Software Slug: calculated-fields-form Software Status: Active Software Author: codepeople Software Downloads: 6,585,834 Active Installs: 60,000 Last Updated: February 12, 2024 Patched Versions: 1.2.53 Affected Versions: <= 1.2.52 Vulnerability Details: Name: Calculated Fields Form <= 1.2.52 Title: Authenticated (Contributor+) Stored Cross-Site Scripting Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N CVE: CVE-2024-0963…

Read More

Advanced iFrame Vulnerability- Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2023-7069 | WordPress Plugin Vulnerability Report

 Plugin Name: Advanced iFrame Key Information: Software Type: Plugin Software Slug: advanced-iframe Software Status: Active Software Author: mdempfle Software Downloads: 1,840,037 Active Installs: 60,000 Last Updated: February 1, 2024 Patched Versions: 2024.0 Affected Versions: <= 2023.10 Vulnerability Details: Name: Advanced iFrame <= 2023.10 Title: Authenticated (Contributor+) Stored Cross-Site Scripting (XSS) Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N CVE: CVE-2023-7069 CVSS…

Read More