WooCommerce Vulnerability – Authenticated (Shop Manager+) Content Injection – CVE-2024-35777 | WordPress Plugin Vulnerability Report

Plugin Name: WooCommerce Key Information: Software Type: Plugin Software Status: Active Software Author: woocommerce Software Downloads: 322,936,863 Active Installs: 7,000,000 Last Updated: July 11, 2024 Patched Versions: 9.0.0 Affected Versions: <= 8.9.2 Vulnerability Details: Name: WooCommerce <= 8.9.2 Title: Authenticated (Shop Manager+) Content Injection Type: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N CVE: CVE-2024-35777 CVSS Score: 2.7 Publicly Published: June 27,…

Read More

Page Builder Gutenberg Blocks – CoBlocks Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Social Profiles – CVE-2024-2933 | WordPress Plugin Vulnerability Report

Plugin Name: Page Builder Gutenberg Blocks – CoBlocks Key Information: Software Type: Plugin Software Slug: coblocks Software Status: Active Software Author: GoDaddy Software Downloads: 21,200,695 Active Installs: 400,000 Last Updated: June 12, 2024 Patched Versions: 3.1.10 Affected Versions: <= 3.1.9 Vulnerability Details: Name: Page Builder Gutenberg Blocks – CoBlocks <= 3.1.9 Title: Authenticated (Contributor+) Stored…

Read More

WordPress Infinite Scroll – Ajax Load More Vulnerability – Authenticated (Contributor+) Cross-Site Scripting – CVE-2024-4711 | WordPress Plugin Vulnerability Report

Plugin Name: WordPress Infinite Scroll – Ajax Load More Key Information: Software Type: Plugin Software Slug: ajax-load-more Software Status: Active Software Author: connekthq Software Downloads: 1,937,345 Active Installs: 50,000 Last Updated: June 12, 2024 Patched Versions: 7.1.2 Affected Versions: <= 7.1.1 Vulnerability Details: Name: WordPress Infinite Scroll – Ajax Load More <= 7.1.1 Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N…

Read More

Blocksy Companion Vulnerability – Authenticated (Admin+) Server-Side Request Forgery – CVE-2024-35633 | WordPress Plugin Vulnerability Report

Plugin Name: Blocksy Companion Key Information: Software Type: Plugin Software Slug: blocksy-companion Software Status: Active Software Author: creativethemeshq Software Downloads: 7,853,860 Active Installs: 200,000 Last Updated: June 11, 2024 Patched Versions: 2.0.43 Affected Versions: <= 2.0.42 Vulnerability Details: Name: Blocksy Companion <= 2.0.42 Type: Authenticated (Admin+) Server-Side Request Forgery CVE: CVE-2024-35633 CVSS Score: 5.5 Publicly…

Read More

Ninja Tables – Easiest Data Table Builder Vulnerability – Authenticated (Admin+) Server-Side Request Forgery – CVE-2024-35635 | WordPress Plugin Vulnerability Report

Plugin Name: Ninja Tables – Easiest Data Table Builder Key Information: Software Type: Plugin Software Slug: ninja-tables Software Status: Active Software Author: techjewel Software Downloads: 1,787,948 Active Installs: 80,000 Last Updated: June 11, 2024 Patched Versions: 5.0.10 Affected Versions: <= 5.0.9 Vulnerability Details: Name: Ninja Tables – Easiest Data Table Builder <= 5.0.9 Title: Authenticated…

Read More

Download Monitor Vulnerability – Missing Authorization – CVE-2024-3269 | WordPress Plugin Vulnerability Report

Plugin Name: Download Monitor Key Information: Software Type: Plugin Software Slug: download-monitor Software Status: Active Software Author: wpchill Software Downloads: 5,153,537 Active Installs: 100,000 Last Updated: June 11, 2024 Patched Versions: 4.9.14 Affected Versions: <= 4.9.13 Vulnerability Details: Name: Download Monitor <= 4.9.13 Title: Missing Authorization Type: CVE: CVE-2024-3269 CVSS Score: 5.4 Publicly Published: May…

Read More

HUSKY – Products Filter Professional for WooCommerce Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2024-5039 | WordPress Plugin Vulnerability Report

Plugin Name: HUSKY – Products Filter Professional for WooCommerce Key Information: Software Type: Plugin Software Slug: woocommerce-products-filter Software Status: Active Software Author: realmag777 Software Downloads: 1,732,922 Active Installs: 100,000 Last Updated: June 11, 2024 Patched Versions: 1.3.6 Affected Versions: <= 1.3.5.3 Vulnerability Details: Name: HUSKY – Products Filter Professional for WooCommerce <= 1.3.5.3 Title: Authenticated…

Read More

Lightbox & Modal Popup WordPress Plugin – FooBox Vulnerability – Authenticated (Admin+) Stored Cross-Site Scripting – CVE-2024-3276 | WordPress Plugin Vulnerability Report

Plugin Name: Lightbox & Modal Popup WordPress Plugin – FooBox Key Information: Software Type: Plugin Software Slug: foobox-image-lightbox Software Status: Active Software Author: bradvin Software Downloads: 2,339,156 Active Installs: 100,000 Last Updated: June 11, 2024 Patched Versions: <= 2.7.27 Affected Versions: 2.7.28 Vulnerability Details: Name: Lightbox & Modal Popup WordPress Plugin – FooBox (Free and…

Read More

FooGallery Vulnerability – Authenticated (Author+) Stored Cross-Site Scripting – CVE-2024-2762 | WordPress Plugin Vulnerability Report

Plugin Name: FooGallery Key Information: Software Type: Plugin Software Slug: foogallery Software Status: Active Software Author: bradvin Software Downloads: 4,941,934 Active Installs: 100,000 Last Updated: May 23, 2024 Patched Versions: 2.4.15 Affected Versions: < 2.4.15 Vulnerability Details: Name: FooGallery (Free and Premium) < 2.4.15 – Authenticated (Author+) Stored Cross-Site Scripting Type: Improper Neutralization of Input…

Read More

Spectra Vulnerability – Authenticated (Author+) Stored Cross-Site Scripting – CVE-2024-4366 | WordPress Plugin Vulnerability Report

Plugin Name: Spectra Key Information: Software Type: Plugin Software Slug: ultimate-addons-for-gutenberg Software Status: Active Software Author: brainstormforce Software Downloads: 22,257,534 Active Installs: 700,000 Last Updated: May 23, 2024 Patched Versions: 2.13.1 Affected Versions: <= 2.13.0 Vulnerability Details: Name: Spectra – WordPress Gutenberg Blocks <= 2.13.0 – Authenticated (Author+) Stored Cross-Site Scripting Title: Authenticated (Author+) Stored…

Read More