BackWPup – WordPress Backup & Restore Plugin Vulnerability – Authenticated (Administrator+) Directory Traversal – CVE-2023-5505 | WordPress Plugin Vulnerability Report

Plugin Name: BackWPup – WordPress Backup & Restore Plugin Key Information: Software Type: Plugin Software Slug: backwpup Software Status: Active Software Author: wp_media Software Downloads: 15,311,423 Active Installs: 600,000 Last Updated: August 18, 2024 Patched Versions: 4.0.2 Affected Versions: <= 4.0.1 Vulnerability Details: Name: BackWPup <= 4.0.1 Type: CVE: CVE-2023-5505 CVSS Score: 6.8 Publicly Published:…

Read More

MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor Vulnerability – Unauthenticated Double-Extension Arbitrary File Upload – CVE-2023-0714 | WordPress Plugin Vulnerability Report

Plugin Name: MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor Key Information: Software Type: Plugin Software Slug: metform Software Status: Active Software Author: xpeedstudio Software Downloads: 3,995,704 Active Installs: 400,000 Last Updated: August 19, 2024 Patched Versions: 3.3.0 Affected Versions: <= 3.2.4 Vulnerability Details: Name: Metform Elementor Contact Form Builder <=…

Read More

Relevanssi – A Better Search Vulnerability – Unauthenticated Information Exposure – CVE-2024-7630 | WordPress Plugin Vulnerability Report

Plugin Name: Relevanssi – A Better Search Key Information: Software Type: Plugin Software Slug: relevanssi Software Status: Active Software Author: msaari Software Downloads: 6,627,696 Active Installs: 100,000 Last Updated: August 18, 2024 Patched Versions: 4.23.0 Affected Versions: <= 4.22.2 Vulnerability Details: Name: Relevanssi <= 4.22.2 Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE: CVE-2024-7630 CVSS Score: 5.3 Publicly Published: August…

Read More

Loco Translate Vulnerability – Cross-Site Request Forgery – CVE-2024-37236 | WordPress Plugin Vulnerability Report

Plugin Name: Loco Translate Key Information: Software Type: Plugin Software Slug: loco-translate Software Status: Active Software Author: timwhitlock Software Downloads: 26,085,928 Active Installs: 1,000,000 Last Updated: July 16, 2024 Patched Versions: 2.6.10 Affected Versions: <= 2.6.9 Vulnerability Details: Name: Loco Translate <= 2.6.9 Type: Cross-Site Request Forgery CVE: CVE-2024-37236 CVSS Score: 4.3 Publicly Published: June…

Read More

Jeg Elementor Kit Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via JKit – Tabs and JKit – Accordion Widgets – CVE-2024-4479 | WordPress Plugin Vulnerability Report

Plugin Name: Jeg Elementor Kit Key Information: Software Type: Plugin Software Slug: jeg-elementor-kit Software Status: Active Software Author: jegtheme Software Downloads: 1,393,902 Active Installs: 200,000 Last Updated: July 2, 2024 Patched Versions: 2.6.6 Affected Versions: <= 2.6.5 Vulnerability Details: Name: Jeg Elementor Kit <= 2.6.5 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via JKit – Tabs…

Read More

PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Link Effects Widget – CVE-2024-5787 | WordPress Plugin Vulnerability Report

Plugin Name:PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) Key Information: Software Type: Plugin Software Slug: powerpack-lite-for-elementor Software Status: Active Software Author: ideaboxcreations Software Downloads: 2,434,102 Active Installs: 100,000 Last Updated: July 2, 2024 Patched Versions: 2.7.21 Affected Versions: <= 2.7.20 Vulnerability Details: Name: PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) <=…

Read More

WP Go Maps (formerly WP Google Maps) Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-5994 | WordPress Plugin Vulnerability Report

Plugin Name:WP Go Maps (formerly WP Google Maps) Key Information: Software Type: Plugin Software Slug: wp-google-maps Software Status: Active Software Author: wpgmaps Software Downloads: 23,828,563 Active Installs: 300,000 Last Updated: July 2, 2024 Patched Versions: 9.0.39 Affected Versions: <= 9.0.38 Vulnerability Details: Name: WP Go Maps (formerly WP Google Maps) <= 9.0.38 Title: Authenticated (Contributor+)…

Read More

Gutenberg Blocks with AI by Kadence WP – Page Builder Features Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via titleFont Parameter – CVE-2024-4863 | WordPress Plugin Vulnerability Report

Plugin Name:Gutenberg Blocks with AI by Kadence WP – Page Builder Features Key Information: Software Type: Plugin Software Slug: kadence-blocks Software Status: Active Software Author: britner Software Downloads: 20,652,980 Active Installs: 400,000 Last Updated: July 2, 2024 Patched Versions: 3.2.39 Affected Versions: <= 3.2.38 Vulnerability Details: Name: Gutenberg Blocks by Kadence Blocks – Page Builder…

Read More

Easy WP SMTP by SendLayer – WordPress SMTP and Email Log Plugin Vulnerability – Exposure of Sensitive Information via the UI – CVE-2024-3073 | WordPress Plugin Vulnerability Report

Plugin Name:Easy WP SMTP by SendLayer – WordPress SMTP and Email Log Plugin Key Information: Software Type: Plugin Software Slug: easy-wp-smtp Software Status: Active Software Author: smub Software Downloads: 9,862,613 Active Installs: 600,000 Last Updated: July 2, 2024 Patched Versions: 2.3.1 Affected Versions: <= 2.3.0 Vulnerability Details: Name: Easy WP SMTP by SendLayer <= 2.3.0…

Read More

EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via PDF Widget URL – CVE-2024-1565 | WordPress Plugin Vulnerability Report

Plugin Name:EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor Key Information: Software Type: Plugin Software Slug: embedpress Software Status: Active Software Author: wpdevteam Software Downloads: 2,770,513 Active Installs: 90,000 Last Updated: July 2, 2024 Patched Versions: 3.9.11 Affected Versions: <= 3.9.10 Vulnerability…

Read More