YITH WooCommerce Ajax Search Vulnerability – Unauthenticated Stored Cross-Site Scripting – CVE-2024-4455 | WordPress Plugin Vulnerability Report

Plugin Name: YITH WooCommerce Ajax Search Key Information: Software Type: Plugin Software Slug: yith-woocommerce-ajax-search Software Status: Active Software Author: yithemes Software Downloads: 2,852,419 Active Installs: 70,000 Last Updated: May 23, 2024 Patched Versions: 2.4.1 Affected Versions: <= 2.4.0 Vulnerability Details: Name: YITH WooCommerce Ajax Search <= 2.4.0 – Unauthenticated Stored Cross-Site Scripting Type: Improper Neutralization…

Read More

WP Go Maps Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2024-3557 | WordPress Plugin Vulnerability Report

Plugin Name: WP Go Maps Key Information: Software Type: Plugin Software Slug: wp-google-maps Software Status: Active Software Author: wpgmaps Software Downloads: 23,515,825 Active Installs: 400,000 Last Updated: May 23, 2024 Patched Versions: 9.0.37 Affected Versions: <= 9.0.36 Vulnerability Details: Name: WP Go Maps (formerly WP Google Maps) <= 9.0.36 – Authenticated (Contributor+) Stored Cross-Site Scripting via…

Read More

Elementor Header & Footer Builder Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-2618 | WordPress Plugin Vulnerability Report

Plugin Name: Elementor Header & Footer Builder Key Information: Software Type: Plugin Software Slug: header-footer-elementor Software Status: Active Software Author: brainstormforce Software Downloads: 28,801,489 Active Installs: 1,000,000 Last Updated: May 23, 2024 Patched Versions: 1.6.26.1 Affected Versions: <= 1.6.26 Vulnerability Details: Name: Elementor Header & Footer Builder <= 1.6.26 – Authenticated (Contributor+) Stored Cross-Site Scripting…

Read More

Search & Replace Vulnerability – Authenticated (Administrator+) SQL injection – CVE-2024-0756 | WordPress Plugin Vulnerability Report

Plugin Name: Search & Replace Key Information: Software Type: Plugin Software Slug: search-and-replace Software Status: Active Software Author: wp_media Software Downloads: 2,867,673 Active Installs: 100,000 Last Updated: May 23, 2024 Patched Versions: 3.2.2 Affected Versions: <= 3.2.1 Vulnerability Details: Name: Search & Replace <= 3.2.1 – Authenticated (Administrator+) SQL injection Type: Improper Neutralization of Special…

Read More

Custom Fonts Vulnerability – Authenticated (Author+) Stored Cross-Site Scripting – CVE-2024-1332 | WordPress Plugin Vulnerability Report

Plugin Name: Custom Fonts Key Information: Software Type: Plugin Software Slug: custom-fonts Software Status: Active Software Author: brainstormforce Software Downloads: 4,030,759 Active Installs: 300,000 Last Updated: May 23, 2024 Patched Versions: 2.1.5 Affected Versions: <= 2.1.4 Vulnerability Details: Name: Custom Fonts – Host Your Fonts Locally <= 2.1.4 – Authenticated (Author+) Stored Cross-Site Scripting Type:…

Read More

iframe Vulnerability – Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode – CVE-2023-6844 | WordPress Plugin Vulnerability Report

Plugin Name: iframe Key Information: Software Type: Plugin Software Slug: iframe Software Status: Active Software Author: webvitaly Software Downloads: 1,680,907 Active Installs: 90,000 Last Updated: May 22, 2024 Patched Versions: 5.1 Affected Versions: <= 5.0 Vulnerability Details: Name: iframe <= 5.0 – Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode Type: Improper Neutralization of Input During Web…

Read More

Advanced iFrame Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-4365 | WordPress Plugin Vulnerability Report

Plugin Name: Advanced iFrame Key Information: Software Type: Plugin Software Slug: advanced-iframe Software Status: Active Software Author: mdempfle Software Downloads: 1,950,020 Active Installs: 60,000 Last Updated: May 22, 2024 Patched Versions: 2024.4 Affected Versions: <= 2024.3 Vulnerability Details: Name: Advanced iFrame <= 2024.3 – Authenticated (Contributor+) Stored Cross-Site Scripting Type: Improper Neutralization of Input During…

Read More

ProfilePress Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via ProfilePress User Panel Widget – CVE-2024-2861 | WordPress Plugin Vulnerability Report

Plugin Name: ProfilePress Key Information: Software Type: Plugin Software Slug: wp-user-avatar Software Status: Active Software Author: collizo4sky Software Downloads: 13,011,623 Active Installs: 200,000 Last Updated: May 22, 2024 Patched Versions: 4.15.9 Affected Versions: <= 4.15.8 Vulnerability Details: Name: ProfilePress <= 4.15.8 – Authenticated (Contributor+) Stored Cross-Site Scripting via ProfilePress User Panel Widget Type: Improper Neutralization…

Read More

LearnPress Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter – CVE-2024-4971 | WordPress Plugin Vulnerability Report

Plugin Name: LearnPress Key Information: Software Type: Plugin Software Slug: learnpress Software Status: Active Software Author: thimpress Software Downloads: 4,287,642 Active Installs: 90,000 Last Updated: May 21, 2024 Patched Versions: 4.2.6.7 Affected Versions: <= 4.2.6.6 Vulnerability Details: Name: LearnPress – WordPress LMS Plugin <= 4.2.6.6 – Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter Type:…

Read More

Media Library Assistant Vulnerability – Authenticated (Contributor+) SQL Injection via Shortcode & Reflected Cross-Site Scripting via lang – CVE-2024-3518 & CVE-2024-3519 | WordPress Plugin Vulnerability Report

Plugin Name: Media Library Assistant Key Information: Software Type: Plugin Software Slug: media-library-assistant Software Status: Active Software Author: dglingren Software Downloads: 1,952,519 Active Installs: 70,000 Last Updated: May 21, 2024 Patched Versions: 3.16 Affected Versions: <= 3.15 Vulnerability 1 Details: Name: Media Library Assistant <= 3.15 – Authenticated (Contributor+) SQL Injection via Shortcode Type: Improper…

Read More