Qi Addons For Elementor Vulnerability – Authenticated Stored Cross-Site Scripting via Countdown Widget – CVE-2024-3309 | WordPress Plugin Vulnerability Report

Plugin Name: Qi Addons For Elementor Key Information: Software Type: Plugin Software Slug: qi-addons-for-elementor Software Status: Active Software Author: qodeinteractive Software Downloads: 1,882,207 Active Installs: 200,000 Last Updated: May 10, 2024 Patched Versions: 1.7.1 Affected Versions: <= 1.7.0 Vulnerability Details: Name: Qi Addons For Elementor <= 1.7.0 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown…

Read More

Content Views – Post Grid & Filter, Recent Posts, Category Posts, & More (Gutenberg Blocks and Shortcode) Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Widget Post Overlay – CVE-2024-3929 | WordPress Plugin Vulnerability Report –

Plugin Name: Content Views – Post Grid & Filter, Recent Posts, Category Posts, & More (Gutenberg Blocks and Shortcode) Key Information: Software Type: Plugin Software Slug: content-views-query-and-display-post-page Software Status: Active Software Author: pt-guy Software Downloads: 4,315,608 Active Installs: 100,000 Last Updated: May 10, 2024 Patched Versions: 3.7.1 Affected Versions: <= 3.7.0 Vulnerability Details: Name: Content…

Read More

Smart Slider 3 Vulnerability – Missing Authorization to Limited File Upload – CVE-2024-3027 | WordPress Plugin Vulnerability Report

Plugin Name: Smart Slider 3 Key Information: Software Type: Plugin Software Slug: smart-slider-3 Software Status: Active Software Author: nextendweb Software Downloads: 17,368,541 Active Installs: 900,000 Last Updated: April 25, 2024 Patched Versions: 3.5.1.23 Affected Versions: <= 3.5.1.22 Vulnerability Details: Name: Smart Slider 3 <= 3.5.1.22 Title: Missing Authorization to Limited File Upload Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N CVE:…

Read More

Otter Blocks Vulnerability – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE – Multiple XSS Vulnerabilities – CVE-2024-3344, CVE-2024-3343 | WordPress Plugin Vulnerability Report

Plugin Name: Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE Key Information: Software Type: Plugin Software Slug: otter-blocks Software Status: Active Software Author: themeisle Software Downloads: 7,620,535 Active Installs: 300,000 Last Updated: April 22, 2024 Patched Versions: 2.6.9 Affected Versions: <= 2.6.8 Vulnerability 1 Details: Name: Otter Blocks <= 2.6.8 -…

Read More

ProfilePress Vulnerability- Authenticated Stored Cross-Site Scripting via Shortcode – CVE-2024-1535 | WordPress Plugin Vulnerability Report

Plugin Name: Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress Key Information: Software Type: Plugin Software Slug: wp-user-avatar Software Status: Active Software Author: collizo4sky Software Downloads: 12,610,237 Active Installs: 200,000 Last Updated: March 14, 2024 Patched Versions: 4.15.3 Affected Versions: <= 4.15.2 Vulnerability Details: Name: ProfilePress <=…

Read More

WP-Members Membership Plugin – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2024-1987 | WordPress Plugin Vulnerability Report

Plugin Name: WP-Members Membership Plugin Key Information: Software Type: Plugin Software Slug: wp-members Software Status: Active Software Author: cbutlerjr Software Downloads: 3,443,217 Active Installs: 60,000 Last Updated: March 12, 2024 Patched Versions: 3.4.9.2 Affected Versions: <= 3.4.9.1 Vulnerability Details: Name: WP-Members Membership Plugin <= 3.4.9.1 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N…

Read More

Migration, Backup, Staging Vulnerability– WPvivid – Missing Authorization – CVE-2024-1982 | WordPress Plugin Vulnerability Report 

Plugin Name: Migration, Backup, Staging – WPvivid Key Information: Software Type: Plugin Software Slug: wpvivid-backuprestore Software Status: Active Software Author: wpvividplugins Software Downloads: 6,465,323 Active Installs: 400,000 Last Updated: February 28, 2024 Patched Versions: 0.9.69 Affected Versions: <= 0.9.68 Vulnerability Details: Name: WPvivid Backup and Migration <= 0.9.68 Title: Missing Authorization Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L CVE: CVE-2024-1982…

Read More

WP Go Maps Vulnerability – Reflected Cross-Site Scripting – CVE-2023-6697 | WordPress Plugin Vulnerability Report

Plugin Name: WP Go Maps (formerly WP Google Maps) Key Information: Software Type: Plugin Software Slug: wp-google-maps Software Status: Active Software Author: wpgmaps Software Downloads: 22,527,179 Active Installs: 400,000 Last Updated: January 23, 2024 Patched Versions: 9.0.29 Affected Versions: <= 9.0.28 Vulnerability Details: Name: WP Go Maps (formerly WP Google Maps) <= 9.0.28 – Reflected Cross-Site Scripting Type: Improper Neutralization of Input During Web Page Generation…

Read More

Photo Gallery by 10Web Vulnerability – Directory Traversal to Arbitrary File Rename – CVE-2024-0221 | WordPress Plugin Vulnerability Report

Plugin Name: Photo Gallery by 10Web Key Information: Software Type: Plugin Software Slug: photo-gallery Software Status: Active Software Author: 10web Software Downloads: 17,512,296 Active Installs: 200,000 Last Updated: January 19, 2024 Patched Versions: 1.8.20 Affected Versions: <= 1.8.19 Vulnerability Details: Name: Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.19 – Directory Traversal to Arbitrary File Rename Type: Improper Limitation of a Pathname to a…

Read More

Pagelayer Vulnerability – Authenticated(Contributor+) Stored Cross-Site Scripting via meta fields – CVE-2023-6738 | WordPress Plugin Vulnerability Report

Plugin Name: Pagelayer Key Information: Software Type: Plugin Software Slug: pagelayer Software Status: Active Software Author: softaculous Software Downloads: 5,480,305 Active Installs: 200,000 Last Updated: January 3, 2024 Patched Versions: 1.7.9 Affected Versions: <= 1.7.8 Vulnerability Details: Name: PageLayer <= 1.7.8 – Authenticated(Contributor+) Stored Cross-Site Scripting via meta fields Title: Authenticated(Contributor+) Stored Cross-Site Scripting via meta fields Type: Improper Input Validation CVE: CVE-2023-6738 CVSS Score: 5.4 (Medium) Publicly Published: January…

Read More