Premium Addons for Elementor Vulnerability – Missing Authorization to Authenticated (Contributor+) Arbitrary Content Deletion and Arbitrary Title Update – CVE-2024-6824 | WordPress Plugin Vulnerability Report

Plugin Name: Premium Addons for Elementor Key Information: Software Type: Plugin Software Slug: premium-addons-for-elementor Software Status: Active Software Author: leap13 Software Downloads: 34,020,583 Active Installs: 700,000 Last Updated: August 12, 2024 Patched Versions: 4.10.39 Affected Versions: <= 4.10.38 Vulnerability Details: Name: Premium Addons for Elementor <= 4.10.38 Title: Missing Authorization to Authenticated (Contributor+) Arbitrary Content…

Read More

Lightbox & Modal Popup WordPress Plugin – FooBox Vulnerability – Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via HTML Data Attributes – CVE-2024-5668 | WordPress Plugin Vulnerability Report

Plugin Name: Lightbox & Modal Popup WordPress Plugin – FooBox Key Information: Software Type: Plugin Software Slug: foobox-image-lightbox Software Status: Active Software Author: bradvin Software Downloads: 2,407,136 Active Installs: 100,000 Last Updated: August 12, 2024 Patched Versions: 2.7.32 Affected Versions: <= 2.7.28 Vulnerability Details: Name: Lightbox & Modal Popup WordPress Plugin – FooBox <= 2.7.28…

Read More

Forminator – Contact Form, Payment Form & Custom Form Builder Vulnerability – HubSpot Developer API Key Sensitive Information Exposure – CVE-2024-7389 | WordPress Plugin Vulnerability Report

Plugin Name: Forminator – Contact Form, Payment Form & Custom Form Builder Key Information: Software Type: Plugin Software Slug: forminator Software Status: Active Software Author: wpmudev Software Downloads: 7,946,481 Active Installs: 500,000 Last Updated: August 6, 2024 Patched Versions: 1.29.2 Affected Versions: <= 1.29.1 Vulnerability Details: Name: Forminator <= 1.29.1 Title: HubSpot Developer API Key…

Read More

Essential Addons for Elementor Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-39649 | WordPress Plugin Vulnerability Report

Plugin Name: Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders Key Information: Software Type: Plugin Software Slug: essential-addons-for-elementor-lite Software Status: Active Software Author: wpdevteam Software Downloads: 79,388,161 Active Installs: 2,000,000 Last Updated: August 12, 2024 Patched Versions: 5.9.27 Affected Versions: <= 5.9.26 Vulnerability Details: Name: Essential Addons for Elementor <=…

Read More

Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder Vulnerability – Authenticated (Subscriber+) Stored Cross-Site Scripting – CVE-2024-6725 | WordPress Plugin Vulnerability Report

Plugin Name: Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder Key Information: Software Type: Plugin Software Slug: formidable Software Status: Active Software Author: strategy11team Software Downloads: 21,415,029 Active Installs: 400,000 Last Updated: August 6, 2024 Patched Versions: 6.11.2 Affected Versions: <= 6.11.1 Vulnerability Details: Name: Formidable Forms <=…

Read More

Download Manager Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2024-6208 | WordPress Plugin Vulnerability Report

Plugin Name: Download Manager Key Information: Software Type: Plugin Software Slug: download-manager Software Status: Active Software Author: codename065 Software Downloads: 8,808,376 Active Installs: 100,000 Last Updated: August 12, 2024 Patched Versions: 3.2.98 Affected Versions: <= 3.2.97 Vulnerability Details: Name: Download Manager <= 3.2.97 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Type: Stored Cross-Site Scripting…

Read More

SiteOrigin Widgets Bundle Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting in Image Grid Widget – CVE-2024-5901 | WordPress Plugin Vulnerability Report

Plugin Name: SiteOrigin Widgets Bundle Key Information: Software Type: Plugin Software Slug: so-widgets-bundle Software Status: Active Software Author: gpriday Software Downloads: 40,680,217 Active Installs: 600,000 Last Updated: August 12, 2024 Patched Versions: 1.62.3 Affected Versions: <= 1.62.2 Vulnerability Details: Name: SiteOrigin Widgets Bundle <= 1.62.2 Title: Authenticated (Contributor+) Stored Cross-Site Scripting in Image Grid Widget…

Read More

Page Builder Gutenberg Blocks – CoBlocks Vulnerability – Authenticated (Contributor+) Server-Side Request Forgery – CVE-2024-4260 | WordPress Plugin Vulnerability Report

Plugin Name: Page Builder Gutenberg Blocks – CoBlocks Key Information: Software Type: Plugin Software Slug: coblocks Software Status: Active Software Author: godaddy Software Downloads: 22,484,801 Active Installs: 400,000 Last Updated: August 6, 2024 Patched Versions: 3.1.12 Affected Versions: <= 3.1.11 Vulnerability Details: Name: Page Builder Gutenberg Blocks – CoBlocks <= 3.1.11 Type: Authenticated (Contributor+) Server-Side…

Read More

Orbit Fox by ThemeIsle Vulnerability – Authenticated Stored Cross-site Scripting via Pricing Table Elementor Widget – CVE-2024-0508 | WordPress Plugin Vulnerability Report

Plugin Name: Orbit Fox by ThemeIsle Key Information: Software Type: Plugin Software Slug: themeisle-companion Software Status: Active Software Author: themeisle Software Downloads: 11,001,326 Active Installs: 200,000 Last Updated: January 15, 2024 Patched Versions: 2.10.28 Affected Versions: <= 2.10.27 Vulnerability Details: Name: Orbit Fox by ThemeIsle <= 2.10.27 Title: Authenticated (Contributor+) Stored Cross-site Scripting via Pricing…

Read More

WordPress Plugin Vulnerability Report – Embed Calendly – Authenticated Stored Cross-Site Scripting – CVE-2023-4995

Plugin Name: Embed Calendly Key Information: Software Type: Plugin Software Slug: embed-calendly-scheduling Software Status: Active Software Author: turn2honey Software Downloads: 165,873 Active Installs: 20,000 Last Updated: October 13th, 2023 Patched Versions: 3.7 Affected Versions: <= 3.6 Vulnerability Details: Name: Embed Calendly <= 3.6 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N CVE: CVE-2023-4995…

Read More