Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Gallery and Countdown Widgets – CVE-2024-7247 | WordPress Plugin Vulnerability Report

Plugin Name: Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) Key Information: Software Type: Plugin Software Slug: bdthemes-element-pack-lite Software Status: Active Software Author: bdthemes Software Downloads: 2,552,973 Active Installs: 100,000 Last Updated: August 12, 2024 Patched Versions: 5.7.3 Affected Versions: <= 5.7.2 Vulnerability Details: Name: Element Pack Elementor Addons…

Read More

Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-4643 | WordPress Plugin Vulnerability Report

Plugin Name: Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) Key Information: Software Type: Plugin Software Slug: bdthemes-element-pack-lite Software Status: Active Software Author: bdthemes Software Downloads: 2,552,973 Active Installs: 100,000 Last Updated: August 12, 2024 Patched Versions: 5.6.12 Affected Versions: <= 5.6.11 Vulnerability Details: Name: Element Pack Elementor Addons…

Read More

Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder Vulnerability – Multiple Stored Cross-Site Scripting Vulnerabilities – CVE-2024-6703, CVE-2024-6521, CVE-2024-6518, CVE-2024-6520 | WordPress Plugin Vulnerability Report

Plugin Name: Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder Key Information: Software Type: Plugin Software Slug: fluentform Software Status: Active Software Author: techjewel Software Downloads: 7,722,361 Active Installs: 400,000 Last Updated: August 12, 2024 Patched Versions: 5.1.20 Affected Versions: <= 5.1.19 Vulnerability 1 Details: Name: Contact…

Read More

Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) Vulnerability – Multiple Authenticated (Contributor+) Stored Cross-Site Scripting Vulnerabilities – CVE-2024-5554, CVE-2024-5555 | WordPress Plugin Vulnerability Report

Plugin Name: Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) Key Information: Software Type: Plugin Software Slug: bdthemes-element-pack-lite Software Status: Active Software Author: bdthemes Software Downloads: 2,552,973 Active Installs: 100,000 Last Updated: August 12, 2024 Patched Versions: 5.6.12, 5.6.6 Affected Versions: <= 5.6.11, <= 5.6.5 Vulnerability 1 Details: Name:…

Read More

User Feedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds Vulnerability – Unauthenticated Stored Cross-Site Scripting via Name Parameter – CVE-2024-5902 | WordPress Plugin Vulnerability Report

Plugin Name: User Feedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds Key Information: Software Type: Plugin Software Slug: userfeedback-lite Software Status: Active Software Author: smub Software Downloads: 1,961,766 Active Installs: 200,000 Last Updated: August 8, 2024 Patched Versions: 1.0.16 Affected Versions: <= 1.0.15 Vulnerability Details: Name: UserFeedback Lite <= 1.0.15 Title:…

Read More

Page Builder Gutenberg Blocks – CoBlocks Vulnerability – Authenticated (Contributor+) Server-Side Request Forgery – CVE-2024-4260 | WordPress Plugin Vulnerability Report

Plugin Name: Page Builder Gutenberg Blocks – CoBlocks Key Information: Software Type: Plugin Software Slug: coblocks Software Status: Active Software Author: godaddy Software Downloads: 22,494,227 Active Installs: 400,000 Last Updated: August 12, 2024 Patched Versions: 3.1.12 Affected Versions: <= 3.1.11 Vulnerability Details: Name: Page Builder Gutenberg Blocks – CoBlocks <= 3.1.11 Title: Authenticated (Contributor+) Server-Side…

Read More

SEOPress – On-site SEO Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Social Image URL – CVE-2024-1168 | WordPress Plugin Vulnerability Report

Plugin Name: SEOPress – On-site SEO Key Information: Software Type: Plugin Software Slug: wp-seopress Software Status: Active Software Author: rainbowgeek Software Downloads: 12,850,995 Active Installs: 300,000 Last Updated: August 12, 2024 Patched Versions: 7.9.1 Affected Versions: <= 7.9 Vulnerability Details: Name: SEOPress – On-site SEO <= 7.9 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via Social…

Read More

Download Manager Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via wpdm_modal_login_form Shortcode – CVE-2024-4001 | WordPress Plugin Vulnerability Report

Plugin Name: Download Manager Key Information: Software Type: Plugin Software Slug: download-manager Software Status: Active Software Author: codename065 Software Downloads: 8,675,361 Active Installs: 100,000 Last Updated: June 11, 2024 Patched Versions: 3.2.94 Affected Versions: <= 3.2.93 Vulnerability Details: Name: Download Manager <= 3.2.93 Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N CVE: CVE-2024-4001 CVSS Score: 6.4 Publicly Published: June 4, 2024…

Read More

ElementsKit Elementor addons and Templates Library Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Image Accordion Widget – CVE-2024-3650 | WordPress Plugin Vulnerability Report

Plugin Name: ElementsKit Elementor addons and Templates Library Key Information: Software Type: Plugin Software Slug: elementskit-lite Software Status: Active Software Author: xpeedstudio Software Downloads: 19,230,464 Active Installs: 1,000,000 Last Updated: May 13, 2024 Patched Versions: 3.1.3 Affected Versions: 3.0.7 – 3.1.2 Vulnerability Details: Name: ElementsKit Elementor addons 3.0.7 – 3.1.2 Title: Authenticated (Contributor+) Stored Cross-Site…

Read More

WP Shortcodes Plugin Vulnerability — Shortcodes Ultimate – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2024-3550 | WordPress Plugin Vulnerability Report

Plugin Name: WP Shortcodes Plugin — Shortcodes Ultimate Key Information: Software Type: Plugin Software Slug: shortcodes-ultimate Software Status: Active Software Author: gn_themes Software Downloads: 20,031,592 Active Installs: 600,000 Last Updated: May 13, 2024 Patched Versions: 7.1.3 Affected Versions: <= 7.1.2 Vulnerability Details: Name: WP Shortcodes Plugin — Shortcodes Ultimate <= 7.1.2 Title: Authenticated (Contributor+) Stored…

Read More