Posts Tagged ‘Small Business Security’
Mollie Payments for WooCommerce Vulnerability – Unauthenticated Full Path Disclosure – CVE-2024-6448 | WordPress Plugin Vulnerability Report
Plugin Name: Mollie Payments for WooCommerce Key Information: Software Type: Plugin Software Slug: mollie-payments-for-woocommerce Software Status: Active Software Author: mollieintegration Software Downloads: 3,421,407 Active Installs: 100,000 Last Updated: August 27, 2024 Patched Versions: 7.8.0 Affected Versions: <= 7.7.0 Vulnerability Details: Name: Mollie Payments for WooCommerce <= 7.7.0 Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE: CVE-2024-6448 CVSS Score: 5.3 Publicly…
Read MoreThe Plus Addons for Elementor Vulnerability- Multiple Stored Cross-Site Scripting Vulnerabilities – CVE-2024-6575 and CVE-2024-5763 | WordPress Plugin Vulnerability Report
Plugin Name: The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce Key Information: Software Type: Plugin Software Slug: the-plus-addons-for-elementor-page-builder Software Status: Active Software Author: posimyththemes Software Downloads: 2,607,204 Active Installs: 100,000 Last Updated: August 19, 2024 Patched Versions: 5.6.3 Affected Versions: <= 5.6.2 Vulnerability 1 Details: Name: The Plus Addons…
Read MoreSlider & Popup Builder by Depicter Vulnerability – Authenticated (Contributor+) Arbitrary File Upload – CVE-2024-4389 | WordPress Plugin Vulnerability Report
Plugin Name: Slider & Popup Builder by Depicter – Add Image Slider, Carousel Slider, Exit Intent Popup, Popup Modal, Coupon Popup, Post Slider Carousel Key Information: Software Type: Plugin Software Slug: depicter Software Status: Active Software Author: averta Software Downloads: 1,314,164 Active Installs: 100,000 Last Updated: August 19, 2024 Patched Versions: 3.1.2 Affected Versions: <=…
Read MoreMedia Library Assistant Vulnerability- Authenticated (Author+) Arbitrary File Upload via mla-inline-edit-upload-scripts AJAX Action – CVE-2024-6823 | WordPress Plugin Vulnerability Report
Plugin Name: Media Library Assistant Key Information: Software Type: Plugin Software Slug: media-library-assistant Software Status: Active Software Author: dglingren Software Downloads: 2,044,116 Active Installs: 70,000 Last Updated: August 18, 2024 Patched Versions: 3.19 Affected Versions: <= 3.18 Vulnerability Details: Name: Media Library Assistant <= 3.18 Title: Authenticated (Author+) Arbitrary File Upload via mla-inline-edit-upload-scripts AJAX Action…
Read MorePremium Addons for Elementor Vulnerability – Missing Authorization to Authenticated (Contributor+) Arbitrary Content Deletion and Arbitrary Title Update – CVE-2024-6824 | WordPress Plugin Vulnerability Report
Plugin Name: Premium Addons for Elementor Key Information: Software Type: Plugin Software Slug: premium-addons-for-elementor Software Status: Active Software Author: leap13 Software Downloads: 34,020,583 Active Installs: 700,000 Last Updated: August 12, 2024 Patched Versions: 4.10.39 Affected Versions: <= 4.10.38 Vulnerability Details: Name: Premium Addons for Elementor <= 4.10.38 Title: Missing Authorization to Authenticated (Contributor+) Arbitrary Content…
Read MoreLightbox & Modal Popup WordPress Plugin – FooBox Vulnerability – Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via HTML Data Attributes – CVE-2024-5668 | WordPress Plugin Vulnerability Report
Plugin Name: Lightbox & Modal Popup WordPress Plugin – FooBox Key Information: Software Type: Plugin Software Slug: foobox-image-lightbox Software Status: Active Software Author: bradvin Software Downloads: 2,407,136 Active Installs: 100,000 Last Updated: August 12, 2024 Patched Versions: 2.7.32 Affected Versions: <= 2.7.28 Vulnerability Details: Name: Lightbox & Modal Popup WordPress Plugin – FooBox <= 2.7.28…
Read MoreForminator – Contact Form, Payment Form & Custom Form Builder Vulnerability – HubSpot Developer API Key Sensitive Information Exposure – CVE-2024-7389 | WordPress Plugin Vulnerability Report
Plugin Name: Forminator – Contact Form, Payment Form & Custom Form Builder Key Information: Software Type: Plugin Software Slug: forminator Software Status: Active Software Author: wpmudev Software Downloads: 7,946,481 Active Installs: 500,000 Last Updated: August 6, 2024 Patched Versions: 1.29.2 Affected Versions: <= 1.29.1 Vulnerability Details: Name: Forminator <= 1.29.1 Title: HubSpot Developer API Key…
Read MoreEssential Addons for Elementor Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-39649 | WordPress Plugin Vulnerability Report
Plugin Name: Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders Key Information: Software Type: Plugin Software Slug: essential-addons-for-elementor-lite Software Status: Active Software Author: wpdevteam Software Downloads: 79,388,161 Active Installs: 2,000,000 Last Updated: August 12, 2024 Patched Versions: 5.9.27 Affected Versions: <= 5.9.26 Vulnerability Details: Name: Essential Addons for Elementor <=…
Read MoreFormidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder Vulnerability – Authenticated (Subscriber+) Stored Cross-Site Scripting – CVE-2024-6725 | WordPress Plugin Vulnerability Report
Plugin Name: Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder Key Information: Software Type: Plugin Software Slug: formidable Software Status: Active Software Author: strategy11team Software Downloads: 21,415,029 Active Installs: 400,000 Last Updated: August 6, 2024 Patched Versions: 6.11.2 Affected Versions: <= 6.11.1 Vulnerability Details: Name: Formidable Forms <=…
Read MoreDownload Manager Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2024-6208 | WordPress Plugin Vulnerability Report
Plugin Name: Download Manager Key Information: Software Type: Plugin Software Slug: download-manager Software Status: Active Software Author: codename065 Software Downloads: 8,808,376 Active Installs: 100,000 Last Updated: August 12, 2024 Patched Versions: 3.2.98 Affected Versions: <= 3.2.97 Vulnerability Details: Name: Download Manager <= 3.2.97 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Type: Stored Cross-Site Scripting…
Read More