Small Business Website Security
Jetpack Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via wpvideo Shortcode – CVE-2024-4392 | WordPress Plugin Vulnerability Report
Plugin Name: Jetpack Key Information: Software Type: Plugin Software Slug: jetpack Software Status: Active Software Author: automattic Software Downloads: 407,764,904 Active Installs: 4,000,000 Last Updated: May 13, 2024 Patched Versions: 13.4 Affected Versions: <= 13.3.1 Vulnerability Details: Name: Jetpack – WP Security, Backup, Speed, & Growth <= 13.3.1 – Authenticated (Contributor+) Stored Cross-Site Scripting via…
Beaver Builder Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via photo widget crop attribute – CVE-2024-4430 | WordPress Plugin Vulnerability Report
Plugin Name: Beaver Builder Key Information: Software Type: Plugin Software Slug: beaver-builder-lite-version Software Status: Active Software Author: justinbusa Software Downloads: 10,167,049 Active Installs: 100,000 Last Updated: May 10, 2024 Patched Versions: 2.8.1.3 Affected Versions: <= 2.8.1.2 Vulnerability Details: Name: Beaver Builder <= 2.8.1.2 – Authenticated (Contributor+) Stored Cross-Site Scripting via photo widget crop attribute Type:…
Blocksy Companion Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via SVG Uploads – CVE-2024-4487 | WordPress Plugin Vulnerability Report
Plugin Name: Blocksy Companion Key Information: Software Type: Plugin Software Slug: blocksy-companion Software Status: Active Software Author: creativethemeshq Software Downloads: 7,639,072 Active Installs: 200,000 Last Updated: May 10, 2024 Patched Versions: 2.0.46 Affected Versions: <= 2.0.45 Vulnerability Details: Name: Blocksy Companion <= 2.0.45 – Authenticated (Contributor+) Stored Cross-Site Scripting via SVG Uploads Type: Improper Neutralization…
Unyson Vulnerability – Cross-Site Request Forgery – CVE-2024-34814 | WordPress Plugin Vulnerability Report
Plugin Name: Unyson Key Information: Software Type: Plugin Software Slug: unyson Software Status: Removed Software Author: unyson Software Downloads: 3,375,089 Active Installs: 200,000 Last Updated: May 9, 2024 Patched Versions: 2.7.31 Affected Versions: <= 2.7.30 Vulnerability Details: Name: Unyson <= 2.7.29 – Cross-Site Request Forgery Type: Cross-Site Request Forgery (CSRF) CVE: CVE-2024-34814 CVSS Score: 4.3…
White Label CMS Vulnerability – Missing Authorization to Plugin Settings Reset – CVE-2024-4280 | WordPress Plugin Vulnerability Report
Plugin Name: White Label CMS Key Information: Software Type: Plugin Software Slug: white-label-cms Software Status: Active Software Author: videousermanuals Software Downloads: 3,439,358 Active Installs: 200,000 Last Updated: May 9, 2024 Patched Versions: 2.7.4 Affected Versions: <= 2.7.3 Vulnerability Details: Name: White Label CMS <= 2.7.3 – Missing Authorization to Plugin Settings Reset Type: Missing Authorization…
Prime Slider Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-4339 | WordPress Plugin Vulnerability Report
Plugin Name: Prime Slider Key Information: Software Type: Plugin Software Slug: bdthemes-prime-slider-lite Software Status: Active Software Author: bdthemes Software Downloads: 2,368,030 Active Installs: 100,000 Last Updated: May 7, 2024 Patched Versions: 3.14.4 Affected Versions: <= 3.14.3 Vulnerability Details: Name: Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) <= 3.14.3…
Form Maker by 10Web Vulnerability – Authenticated (Administrator+) Stored Cross-Site Scripting – CVE-2024-34437 | WordPress Plugin Vulnerability Report
Plugin Name: Form Maker by 10Web Key Information: Software Type: Plugin Software Slug: form-maker Software Status: Active Software Author: 10web Software Downloads: 4,739,339 Active Installs: 50,000 Last Updated: May 7, 2024 Patched Versions: 1.15.25 Affected Versions: <= 1.15.24 Vulnerability Details: Name: Form Maker by 10Web <= 1.15.24 – Authenticated (Administrator+) Stored Cross-Site Scripting Type: Improper…
Mesmerize Companion Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via mesmerize_contact_form Shortcode – CVE-2024-3494 | WordPress Plugin Vulnerability Report
Plugin Name: Mesmerize Companion Key Information: Software Type: Plugin Software Slug: mesmerize-companion Software Status: Active Software Author: horearadu Software Downloads: 1,857,988 Active Installs: 80,000 Last Updated: May 7, 2024 Patched Versions: 1.6.149 Affected Versions: <= 1.6.148 Vulnerability Details: Name: Mesmerize Companion <= 1.6.148 – Authenticated (Contributor+) Stored Cross-Site Scripting via mesmerize_contact_form Shortcode Type: Improper Neutralization…
XML Sitemap & Google News Vulnerability – Unauthenticated Local File Inclusion – CVE-2024-4441 | WordPress Plugin Vulnerability Report
Plugin Name: XML Sitemap & Google News Key Information: Software Type: Plugin Software Slug: xml-sitemap-feed Software Status: Active Software Author: ravanh Software Downloads: 3,261,414 Active Installs: 100,000 Last Updated: May 7, 2024 Patched Versions: 5.4.9 Affected Versions: <= 5.4.8 Vulnerability Details: Name: XML Sitemap & Google News <= 5.4.8 – Unauthenticated Local File Inclusion Type:…
One Click Demo Import Vulnerability – Authenticated (Admin+) PHP Object Injection – CVE-2024-34433 | WordPress Plugin Vulnerability Report
Plugin Name: One Click Demo Import Key Information: Software Type: Plugin Software Slug: one-click-demo-import Software Status: Active Software Author: smub Software Downloads: 15,730,116 Active Installs: 1,000,000 Last Updated: May 7, 2024 Patched Versions: 3.2.1 Affected Versions: <= 3.2.0 Vulnerability Details: Name: One Click Demo Import <= 3.2.0 – Authenticated (Admin+) PHP Object Injection Type: Deserialization…