Simple Sitemap Vulnerability – Cross-Site Request Forgery via admin_notices – CVE-2023-6492 | WordPress Plugin Vulnerability Report

Plugin Name: Simple Sitemap – Create a Responsive HTML Sitemap Key Information: Software Type: Plugin Software Slug: simple-sitemap Software Status: Active Software Author: dgwyer Software Downloads: 1,541,369 Active Installs: 90,000 Last Updated: July 2, 2024 Patched Versions: 3.5.14 Affected Versions: <= 3.5.13 Vulnerability Details: Name: Simple Sitemap <= 3.5.13 Title: Cross-Site Request Forgery via admin_notices…

Read More

YITH WooCommerce Wishlist Vulnerability – Authenticated (Admin+) Stored Cross-Site Scripting – CVE-2024-34385 | WordPress Plugin Vulnerability Report

Plugin Name: YITH WooCommerce Wishlist Key Information: Software Type: Plugin Software Slug: yith-woocommerce-wishlist Software Status: Active Software Author: yithemes Software Downloads: 25,691,780 Active Installs: 900,000 Last Updated: June 11, 2024 Patched Versions: 3.33.0 Affected Versions: <= 3.32.0 Vulnerability Details: Name: YITH WooCommerce Wishlist <= 3.32.0 Title: Authenticated (Admin+) Stored Cross-Site Scripting Type: CVE: CVE-2024-34385 CVSS…

Read More

WP STAGING WordPress Backup Plugin – Migration Backup Restore Vulnerability – Authenticated (Admin+) Arbitrary File Upload – CVE-2024-3412 | WordPress Plugin Vulnerability Report

Plugin Name: WP STAGING WordPress Backup Plugin – Migration Backup Restore Key Information: Software Type: Plugin Software Slug: wp-staging Software Status: Active Software Author: renehermi Software Downloads: 3,261,328 Active Installs: 100,000 Last Updated: June 11, 2024 Patched Versions: <= 3.4.3 Affected Versions: 3.5.0 Vulnerability Details: Name: WP STAGING WordPress Backup Plugin – Migration Backup Restore…

Read More

Popup Builder by OptinMonster Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-4045 | WordPress Plugin Vulnerability Report

Plugin Name: Popup Builder by OptinMonster – WordPress Popups for Optins, Email Newsletters and Lead Generation Key Information: Software Type: Plugin Software Slug: optinmonster Software Status: Active Software Author: optinmonster Software Downloads: 105,301,858 Active Installs: 1,000,000 Last Updated: June 11, 2024 Patched Versions: <= 2.16.1 Affected Versions: 2.16.2 Vulnerability Details: Name: Popup Builder by OptinMonster…

Read More

The Events Calendar Vulnerability – Missing Authorization to Authenticated (Contributor+) Arbitrary Events Access – CVE-2024-1295 | WordPress Plugin Vulnerability Report

Plugin Name: The Events Calendar Key Information: Software Type: Plugin Software Slug: the-events-calendar Software Status: Active Software Author: theeventscalendar Software Downloads: 57,657,454 Active Installs: 700,000 Last Updated: June 11, 2024 Patched Versions: <= 6.4.0 Affected Versions: 6.4.0.1 Vulnerability Details: Name: The Events Calendar Free & Pro <= 6.4.0 Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE: CVE-2024-1295 CVSS Score: 4.3…

Read More

Hide Dashboard Notifications Vulnerability – Cross-Site Request Forgery – CVE-2024-33683 | WordPress Plugin Vulnerability Report 

Plugin Name: Hide Dashboard Notifications Key Information: Software Type: Plugin Software Slug: wp-hide-backed-notices Software Status: Active Software Author: wprepublic Software Downloads: 168,065 Active Installs: 30,000 Last Updated: May 10, 2024 Patched Versions: 1.3 Affected Versions: <= 1.2.3 Vulnerability Details: Name: Hide Dashboard Notifications <= 1.2.3 Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE: CVE-2024-33683 CVSS Score: 4.3 Publicly Published: April…

Read More

Quick Featured Images Vulnerability – Missing Authorization to Authenticated (Contributor+) Arbitrary Thumbnail Deletion/Setting – CVE-2024-3664 | WordPress Plugin Vulnerability Report

Plugin Name: Quick Featured Images Key Information: Software Type: Plugin Software Slug: quick-featured-images Software Status: Active Software Author: hinjiriyo Software Downloads: 992,333 Active Installs: 50,000 Last Updated: May 6, 2024 Patched Versions: 13.7.1 Affected Versions: <= 13.7.0 Vulnerability Details: Name: Quick Featured Images <= 13.7.0 Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVE: CVE-2024-3664 CVSS Score: 4.3 Publicly Published: April…

Read More

Social Sharing Plugin Vulnerability – Social Warfare – Authenticated Stored Cross-Site Scripting via Shortcode – CVE-2024-1959 | WordPress Plugin Vulnerability Report

Plugin Name: Social Sharing Plugin – Social Warfare Key Information: Software Type: Plugin Software Slug: social-warfare Software Status: Active Software Author: warfareplugins Software Downloads: 1,728,768 Active Installs: 30,000 Last Updated: May 3, 2024 Patched Versions: 4.4.6.2 Affected Versions: <= 4.4.6.1 Vulnerability Details: Name: Social Sharing Plugin – Social Warfare <= 4.4.6.1 Title: Authenticated Stored Cross-Site…

Read More

hCaptcha for WordPress Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via cf7-hcaptcha Shortcode – CVE-2024-4014 | WordPress Plugin Vulnerability Report 

Plugin Name: hCaptcha for WordPress Key Information: Software Type: Plugin Software Slug: hcaptcha-for-forms-and-more Software Status: Active Software Author: hcaptcha Software Downloads: 867,958 Active Installs: 50,000 Last Updated: May 3, 2024 Patched Versions: 4.0.1 Affected Versions: <= 4.0.0 Vulnerability Details: Name: hCaptcha for WordPress <= 4.0.0 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via cf7-hcaptcha Shortcode Type:…

Read More

Prime Slider Vulnerability – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-1730 | WordPress Plugin Vulnerability Report

Plugin Name: Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) Key Information: Software Type: Plugin Software Slug: bdthemes-prime-slider-lite Software Status: Active Software Author: bdthemes Software Downloads: 2,292,838 Active Installs: 100,000 Last Updated: May 3, 2024 Patched Versions: 3.14.1 Affected Versions: <= 3.14.0 Vulnerability Details: Name: Prime Slider – Addons…

Read More