ElementsKit Elementor addons and Templates Library Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Image Accordion Widget – CVE-2024-3650 | WordPress Plugin Vulnerability Report

Plugin Name: ElementsKit Elementor addons and Templates Library Key Information: Software Type: Plugin Software Slug: elementskit-lite Software Status: Active Software Author: xpeedstudio Software Downloads: 19,230,464 Active Installs: 1,000,000 Last Updated: May 13, 2024 Patched Versions: 3.1.3 Affected Versions: 3.0.7 – 3.1.2 Vulnerability Details: Name: ElementsKit Elementor addons 3.0.7 – 3.1.2 Title: Authenticated (Contributor+) Stored Cross-Site…

Read More

WP Shortcodes Plugin Vulnerability — Shortcodes Ultimate – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2024-3550 | WordPress Plugin Vulnerability Report

Plugin Name: WP Shortcodes Plugin — Shortcodes Ultimate Key Information: Software Type: Plugin Software Slug: shortcodes-ultimate Software Status: Active Software Author: gn_themes Software Downloads: 20,031,592 Active Installs: 600,000 Last Updated: May 13, 2024 Patched Versions: 7.1.3 Affected Versions: <= 7.1.2 Vulnerability Details: Name: WP Shortcodes Plugin — Shortcodes Ultimate <= 7.1.2 Title: Authenticated (Contributor+) Stored…

Read More

BackUpWordPress Vulnerability – Authenticated (Admin+) Directory Traversal – CVE-2024-3034 | WordPress Plugin Vulnerability Report

Plugin Name: BackUpWordPress Key Information: Software Type: Plugin Software Slug: backupwordpress Software Status: Active Software Author: willmot Software Downloads: 4,796,104 Active Installs: 100,000 Last Updated: May 10, 2024 Patched Versions: 3.14 Affected Versions: <= 3.13 Vulnerability Details: Name: BackUpWordPress <= 3.13 Title: Authenticated (Admin+) Directory Traversal Type: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N CVE: CVE-2024-3034 CVSS Score: 2.7 Publicly Published:…

Read More

WP-Members Membership Plugin Vulnerability – Unprotected Storage of Potentially Sensitive Files – CVE-2024-2920 | WordPress Plugin Vulnerability Report 

Plugin Name: WP-Members Membership Plugin Key Information: Software Type: Plugin Software Slug: wp-members Software Status: Active Software Author: cbutlerjr Software Downloads: 3,498,751 Active Installs: 60,000 Last Updated: May 10, 2024 Patched Versions: 3.4.9.4 Affected Versions: <= 3.4.9.3 Vulnerability Details: Name: WP-Members Membership Plugin <= 3.4.9.3 Title: Unprotected Storage of Potentially Sensitive Files Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE:…

Read More

Content Views – Post Grid & Filter, Recent Posts, Category Posts, & More (Gutenberg Blocks and Shortcode) Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Widget Post Overlay – CVE-2024-3929 | WordPress Plugin Vulnerability Report –

Plugin Name: Content Views – Post Grid & Filter, Recent Posts, Category Posts, & More (Gutenberg Blocks and Shortcode) Key Information: Software Type: Plugin Software Slug: content-views-query-and-display-post-page Software Status: Active Software Author: pt-guy Software Downloads: 4,315,608 Active Installs: 100,000 Last Updated: May 10, 2024 Patched Versions: 3.7.1 Affected Versions: <= 3.7.0 Vulnerability Details: Name: Content…

Read More

Collapse-O-Matic Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2023-7030| WordPress Plugin Vulnerability Report 

Plugin Name: Collapse-O-Matic Key Information: Software Type: Plugin Software Slug: jquery-collapse-o-matic Software Status: Active Software Author: baden03 Software Downloads: 1,284,998 Active Installs: 50,000 Last Updated: May 9, 2024 Patched Versions: 1.8.5.6 Affected Versions: <= 1.8.5.5 Vulnerability Details: Name: Collapse-O-Matic <= 1.8.5.5 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N CVE: CVE-2023-7030 CVSS Score:…

Read More

Exclusive Addons for Elementor Vulnerability – Multiple Stored XSS Vulnerabilities – Multiple CVEs | WordPress Plugin Vulnerability Report

Plugin Name: Exclusive Addons for Elementor Key Information: Software Type: Plugin Software Slug: exclusive-addons-for-elementor Software Status: Active Software Author: timstrifler Software Downloads: 841,164 Active Installs: 60,000 Last Updated: May 6, 2024 Patched Versions: 2.6.9.5, 2.6.9.4 Affected Versions: <= 2.6.9.4, <= 2.6.9.3 Vulnerability Details: Name: Exclusive Addons for Elementor <= 2.6.9.4 Title: Authenticated (Contributor+) Stored Cross-Site…

Read More

Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Price List Widget – CVE-2024-1426 | WordPress Plugin Vulnerability Report

Plugin Name: Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) Key Information: Software Type: Plugin Software Slug: bdthemes-element-pack-lite Software Status: Active Software Author: bdthemes Software Downloads: 2,072,488 Active Installs: 100,000 Last Updated: May 2, 2024 Patched Versions: 5.6.1 Affected Versions: <= 5.6.0 Vulnerability Details: Name: Element Pack Elementor Addons…

Read More

Content Control Vulnerability – The Ultimate Content Restriction Plugin! Restrict Content, Create Conditional Blocks & More – Missing Authorization to Sensitive Information Exposure – CVE-2024-0615 | WordPress Plugin Vulnerability Report

Plugin Name: Content Control – The Ultimate Content Restriction Plugin! Restrict Content, Create Conditional Blocks & More Key Information: Software Type: Plugin Software Slug: content-control Software Status: Active Software Author: codeatlantic Software Downloads: 548,038 Active Installs: 40,000 Last Updated: April 29, 2024 Patched Versions: 2.2.0 Affected Versions: <= 2.1.0 Vulnerability Details: Name: Content Control <=…

Read More

Smash Balloon Social Post Feed Vulnerability – Cross-Site Request Forgery – CVE-2024-31379 | WordPress Plugin Vulnerability Report

Plugin Name: Smash Balloon Social Post Feed Key Information: Software Type: Plugin Software Slug: custom-facebook-feed Software Status: Active Software Author: smub Software Downloads: 7,212,481 Active Installs: 200,000 Last Updated: April 22, 2024 Patched Versions: 4.2.2 Affected Versions: <= 4.2.1 Vulnerability Details: Name: Smash Balloon Social Post Feed <= 4.2.1 Title: Cross-Site Request Forgery Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N…

Read More