Posts Tagged ‘Small Business’
The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Testimonials Widget Settings – CVE-2024-5583 | WordPress Plugin Vulnerability Report
Plugin Name: The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce Key Information: Software Type: Plugin Software Slug: the-plus-addons-for-elementor-page-builder Software Status: Active Software Author: posimyththemes Software Downloads: 2,615,839 Active Installs: 100,000 Last Updated: August 21, 2024 Patched Versions: 5.6.3 Affected Versions: <= 5.6.2 Vulnerability Details: Name: The Plus Addons for…
Read MoreLiteSpeed Cache Vulnerability – Unauthenticated Privilege Escalation – CVE-2024-28000 | WordPress Plugin Vulnerability Report
Plugin Name: LiteSpeed Cache Key Information: Software Type: Plugin Software Slug: litespeed-cache Software Status: Active Software Author: litespeedtech Software Downloads: 75,818,864 Active Installs: 5,000,000 Last Updated: August 21, 2024 Patched Versions: 6.4 Affected Versions: <= 6.3.0.1 Vulnerability Details: Name: LiteSpeed Cache <= 6.3.0.1 Title: Unauthenticated Privilege Escalation Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE: CVE-2024-28000 CVSS Score: 9.8 Publicly…
Read MoreString Locator Vulnerability – Reflected Cross-Site Scripting – CVE-2023-6987 | WordPress Plugin Vulnerability Report
Plugin Name: String Locator Key Information: Software Type: Plugin Software Slug: string-locator Software Status: Active Software Author: instawp Software Downloads: 1,093,003 Active Installs: 100,000 Last Updated: August 23, 2024 Patched Versions: 2.6.6 Affected Versions: <= 2.6.5 Vulnerability Details: Name: String Locator <= 2.6.5 Title: Reflected Cross-Site Scripting Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE: CVE-2023-6987 CVSS Score: 6.1 Publicly…
Read MoreCustom Permalinks Vulnerability – Authenticated (Editor+) Stored Cross-Site Scripting – CVE-2023-0926 | WordPress Plugin Vulnerability Report
Plugin Name: Custom Permalinks Key Information: Software Type: Plugin Software Slug: custom-permalinks Software Status: Active Software Author: sasiddiqui Software Downloads: 2,177,680 Active Installs: 100,000 Last Updated: August 23, 2024 Patched Versions: 2.7.0 Affected Versions: <= 2.6.0 Vulnerability Details: Name: Custom Permalinks <= 2.6.0 Title: Authenticated (Editor+) Stored Cross-Site Scripting Type: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N CVE: CVE-2023-0926 CVSS Score:…
Read MoreWordPress Button Plugin MaxButtons Vulnerability – Full Path Disclosure – CVE-2024-6499 | WordPress Plugin Vulnerability Report
Plugin Name: WordPress Button Plugin MaxButtons Key Information: Software Type: Plugin Software Slug: maxbuttons Software Status: Active Software Author: maxfoundry Software Downloads: 4,784,085 Active Installs: 100,000 Last Updated: August 23, 2024 Patched Versions: 9.8.0 Affected Versions: <= 9.7.8 Vulnerability Details: Name: WordPress Button Plugin MaxButtons <= 9.7.8 Title: Full Path Disclosure Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE: CVE-2024-6499…
Read MoreWooCommerce Google Feed Manager Vulnerability – Missing Authorization to Authenticated (Contributor+) Arbitrary File Deletion and Arbitrary Feed Actions – CVE-2024-7258 | WordPress Plugin Vulnerability Report
Plugin Name: WooCommerce Google Feed Manager Key Information: Software Type: Plugin Software Slug: wp-product-feed-manager Software Status: Active Software Author: aukejomm Software Downloads: 797,636 Active Installs: 10,000 Last Updated: August 23, 2024 Patched Versions: 2.9.0 Affected Versions: <= 2.8.0 Vulnerability Details Vulnerability 1: Name: WooCommerce Google Feed Manager <= 2.8.0 Title: Missing Authorization to Authenticated (Contributor+)…
Read MorePiotnet Addons For Elementor Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets – CVE-2024-5502 | WordPress Plugin Vulnerability Report
Plugin Name: Piotnet Addons For Elementor Key Information: Software Type: Plugin Software Slug: piotnet-addons-for-elementor Software Status: Active Software Author: piotnetdotcom Software Downloads: 565,317 Active Installs: 40,000 Last Updated: August 23, 2024 Patched Versions: 2.4.31 Affected Versions: <= 2.4.30 Vulnerability Details: Name: Piotnet Addons For Elementor <= 2.4.30 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple…
Read MoreResponsive Lightbox & Gallery Vulnerability – Authenticated (Author+) Stored Cross-Site Scripting via File Upload – CVE-2024-6870 | WordPress Plugin Vulnerability Report
Plugin Name: Responsive Lightbox & Gallery Key Information: Software Type: Plugin Software Slug: responsive-lightbox Software Status: Active Software Author: dfactory Software Downloads: 5,285,709 Active Installs: 200,000 Last Updated: August 23, 2024 Patched Versions: 2.4.8 Affected Versions: <= 2.4.7 Vulnerability Details: Name: Responsive Lightbox & Gallery <= 2.4.7 Title: Authenticated (Author+) Stored Cross-Site Scripting via File…
Read MoreOrbit Fox by ThemeIsle Vulnerability – Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload – CVE-2024-7778 | WordPress Plugin Vulnerability Report
Plugin Name: Orbit Fox by ThemeIsle Key Information: Software Type: Plugin Software Slug: themeisle-companion Software Status: Active Software Author: themeisle Software Downloads: 11,901,676 Active Installs: 200,000 Last Updated: August 23, 2024 Patched Versions: 2.10.37 Affected Versions: <= 2.10.36 Vulnerability Details: Name: Orbit Fox by ThemeIsle <= 2.10.36 Title: Authenticated (Author+) Stored Cross-Site Scripting via SVG…
Read MoreTheme My Login Vulnrability – Cross-Site Request Forgery to Settings Update – CVE-2024-7422 | WordPress Plugin Vulnerability Report
Plugin Name: Theme My Login Key Information: Software Type: Plugin Software Slug: theme-my-login Software Status: Active Software Author: jfarthing84 Software Downloads: 4,025,356 Active Installs: 80,000 Last Updated: August 18, 2024 Patched Versions: 7.1.8 Affected Versions: <= 7.1.7 Vulnerability Details: Name: Theme My Login <= 7.1.7 Title: Cross-Site Request Forgery to Settings Update Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE:…
Read More