software updates

ShopLentor Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via woolentorsearch Shortcode – CVE-2024-3345 | WordPress Plugin Vulnerability Report

By Your WP Guy / May 20, 2024

Plugin Name: ShopLentor Key Information: Software Type: Plugin Software Slug: woolentor-addons Software Status: Active Software Author: devitemsllc Software Downloads: 3,557,867 Active Installs: 100,000 Last Updated: May 20, 2024 Patched Versions: 2.8.9 Affected Versions: <= 2.8.8 Vulnerability Details: Name: ShopLentor <= 2.8.8 – Authenticated (Contributor+) Stored Cross-Site Scripting via woolentorsearch Shortcode Type: Improper Neutralization of Input…

Read More

WordPress Plugin Vulnerability Report – WP Recipe Maker – Authenticated (Contributor+) Stored Cross-Site Scripting via wprm-recipe-roundup-item Shortcode – CVE-2024-3490 | WordPress Vulnerability Report

By Your WP Guy / May 1, 2024

Plugin Name: WP Recipe Maker Key Information: Software Type: Plugin Software Slug: wp-recipe-maker Software Status: Active Software Author: brechtvds Software Downloads: 2,782,126 Active Installs: 50,000 Last Updated: May 1, 2024 Patched Versions: 9.4.0 Affected Versions: <= 9.3.1 Vulnerability Details: Name: WP Recipe Maker <= 9.3.1 – Authenticated (Contributor+) Stored Cross-Site Scripting via wprm-recipe-roundup-item Shortcode Type:…

Read More

Media Cleaner: Clean your WordPress! Vulnerability – Unauthenticated Information Exposure – CVE-2024-33922 | WordPress Plugin Vulnerability Report

By Your WP Guy / Apr 29, 2024

Plugin Name: Media Cleaner: Clean your WordPress! Key Information: Software Type: Plugin Software Slug: media-cleaner Software Status: Active Software Author: tigroumeow Software Downloads: 2,778,078 Active Installs: 70,000 Last Updated: May 10, 2024 Patched Versions: 6.7.3 Affected Versions: <= 6.7.2 Vulnerability Details: Name: Media Cleaner: Clean your WordPress! <= 6.7.2 Title: Unauthenticated Information Exposure Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N…

Read More

FileOrganizer Vulnerability – Manage WordPress and Website Files – Authenticated Stored Cross-Site Scripting – CVE-2024-2324 | WordPress Plugin Vulnerability Report 

By Your WP Guy / Apr 23, 2024

Plugin Name: FileOrganizer – Manage WordPress and Website Files Key Information: Software Type: Plugin Software Slug: fileorganizer Software Status: Active Software Author: softaculous Software Downloads: 653,721 Active Installs: 100,000 Last Updated: May 9, 2024 Patched Versions: 1.0.7 Affected Versions: <= 1.0.6 Vulnerability Details: Name: FileOrganizer and FileOrganizer Pro <= 1.0.6 Title: Authenticated Stored Cross-Site Scripting…

Read More

Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) Vulnerability – Authenticated Stored Cross-Site Scripting – CVE-2024-1428 & CVE-2024-0837 | WordPress Plugin Vulnerability Report

By Your WP Guy / Apr 5, 2024

Plugin Name: Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) Key Information: Software Type: Plugin Software Slug: bdthemes-element-pack-lite Software Status: Active Software Author: bdthemes Software Downloads: 1,990,743 Active Installs: 100,000 Last Updated: April 15, 2024 Patched Versions: 5.5.4 Affected Versions: <= 5.5.3 Vulnerability Details: Name: Element Pack Elementor Addons…

Read More

ElementsKit Elementor addons Vulnerability – Authenticated Stored Cross-Site Scripting via Countdown Widget – CVE-2024-2803 | WordPress Plugin Vulnerability Report

By Your WP Guy / Apr 3, 2024

Plugin Name: ElementsKit Elementor addons Key Information: Software Type: Plugin Software Slug: elementskit-lite Software Status: Active Software Author: xpeedstudio Software Downloads: 17,727,023 Active Installs: 1,000,000 Last Updated: April 3, 2024 Patched Versions: 3.1.0 Affected Versions: <= 3.0.7 Vulnerability Details: Name: ElementsKit Elementor addons <= 3.0.7 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget Type:…

Read More

Easy Digital Downloads Vulnerability – Sensitive Information Exposure – CVE-2024-2302 | WordPress Plugin Vulnerability Report 

By Your WP Guy / Apr 3, 2024

Plugin Name: Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) Key Information: Software Type: Plugin Software Slug: easy-digital-downloads Software Status: Active Software Author: smub Software Downloads: 4,925,252 Active Installs: 50,000 Last Updated: April 4, 2024 Patched Versions: 3.2.10 Affected Versions: <= 3.2.9 Vulnerability Details: Name: Easy Digital Downloads…

Read More

WordPress Tag and Category Manager Vulnerability – AI Autotagger – Authenticated Stored Cross-Site Scripting via Shortcode – CVE-2024-2830 | WordPress Plugin Vulnerability Report

By Your WP Guy / Apr 3, 2024

Plugin Name: WordPress Tag and Category Manager – AI Autotagger Key Information: Software Type: Plugin Software Slug: simple-tags Software Status: Active Software Author: stevejburge Software Downloads: 4,604,554 Active Installs: 60,000 Last Updated: April 3, 2024 Patched Versions: 3.20.0 Affected Versions: <= 3.13.0 Vulnerability Details: Name: WordPress Tag and Category Manager – AI Autotagger <= 3.13.0…

Read More

Colibri Page Builder Vulnerability – Authenticated Stored Cross-Site Scripting – CVE-2024-2839 | WordPress Plugin Vulnerability Report

By Your WP Guy / Apr 1, 2024

Plugin Name: Colibri Page Builder Key Information: Software Type: Plugin Software Slug: colibri-page-builder Software Status: Active Software Author: extendthemes Software Downloads: 2,492,925 Active Installs: 100,000 Last Updated: April 2, 2024 Patched Versions: 1.0.270 Affected Versions: <= 1.0.263 Vulnerability Details: Name: Colibri Page Builder <= 1.0.263 Title: Authenticated (Contributor+) Stored Cross-Site Scripting Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N CVE: CVE-2024-2839…

Read More

User Registration Vulnerability– Custom Registration Form, Login Form, and User Profile WordPress Plugin – Unauthenticated Stored Self-Based Cross-Site Scripting – CVE-2024-1720 | WordPress Plugin Vulnerability Report

By Your WP Guy / Mar 6, 2024

Plugin Name: User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin Key Information: Software Type: Plugin Software Slug: user-registration Software Status: Active Software Author: wpeverest Software Downloads: 2,562,763 Active Installs: 60,000 Last Updated: March 8, 2024 Patched Versions: 3.1.5 Affected Versions: <= 3.1.4 Vulnerability Details: Name: User Registration – Custom Registration…

Read More