SQL Injection
Tutor LMS – eLearning and online course solution Vulnerability – Authenticated (Instructor+) Insecure Direct Object Reference to Arbitrary Quiz Attempt Deletion & Authenticated (Administrator+) SQL Injection – CVE-2024-5438, CVE-2024-4902 | WordPress Plugin Vulnerability Report
Plugin Name: Tutor LMS – eLearning and online course solution Key Information: Software Type: Plugin Software Slug: tutor Software Status: Active Software Author: themeum Software Downloads: 2,142,088 Active Installs: 90,000 Last Updated: June 20, 2024 Patched Versions: 2.7.2 Affected Versions: <= 2.7.1 Vulnerability 1 Details: Name: Tutor LMS – eLearning and online course solution <=…
Read MoreUnlimited Elements For Elementor (Free Widgets, Addons, Templates) Vulnerability – Authenticated (Contributor+) Information Exposure, Blind SQL Injection – CVE-2024-35674, CVE-2024-5329 | WordPress Plugin Vulnerability Report
Plugin Name: Unlimited Elements For Elementor (Free Widgets, Addons, Templates) Key Information: Software Type: Plugin Software Slug: unlimited-elements-for-elementor Software Status: Active Software Author: unitecms Software Downloads: 8,821,358 Active Installs: 200,000 Last Updated: June 20, 2024 Patched Versions: 1.5.110 Affected Versions: <= 1.5.109 Vulnerability 1 Details: Name: Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <=…
Read MoreEmail Subscribers by Icegram Express Vulnerability – Unauthenticated SQL Injection via hash – CVE-2024-4295 | WordPress Plugin Vulnerability Report
Plugin Name: Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce Key Information: Software Type: Plugin Software Slug: email-subscribers Software Status: Active Software Author: icegram Software Downloads: 10,659,578 Active Installs: 90,000 Last Updated: June 18, 2024 Patched Versions: 5.7.21 Affected Versions: <= 5.7.20 Vulnerability Details: Name: Email Subscribers by Icegram…
Read MoreSearch & Replace Vulnerability – Authenticated (Administrator+) SQL injection – CVE-2024-0756 | WordPress Plugin Vulnerability Report
Plugin Name: Search & Replace Key Information: Software Type: Plugin Software Slug: search-and-replace Software Status: Active Software Author: wp_media Software Downloads: 2,867,673 Active Installs: 100,000 Last Updated: May 23, 2024 Patched Versions: 3.2.2 Affected Versions: <= 3.2.1 Vulnerability Details: Name: Search & Replace <= 3.2.1 – Authenticated (Administrator+) SQL injection Type: Improper Neutralization of Special…
Read MorePost SMTP Vulnerability – Authenticated (Administrator+) SQL Injection – CVE-2024-5207 | WordPress Plugin Vulnerability Report
Plugin Name: Post SMTP Key Information: Software Type: Plugin Software Slug: post-smtp Software Status: Active Software Author: wpexpertsio Software Downloads: 12,562,258 Active Installs: 400,000 Last Updated: May 22, 2024 Patched Versions: 2.9.4 Affected Versions: <=2.9.3 Vulnerability Details: Name: POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress <= 2.9.3…
Read MoreMedia Library Assistant Vulnerability – Authenticated (Contributor+) SQL Injection via Shortcode & Reflected Cross-Site Scripting via lang – CVE-2024-3518 & CVE-2024-3519 | WordPress Plugin Vulnerability Report
Plugin Name: Media Library Assistant Key Information: Software Type: Plugin Software Slug: media-library-assistant Software Status: Active Software Author: dglingren Software Downloads: 1,952,519 Active Installs: 70,000 Last Updated: May 21, 2024 Patched Versions: 3.16 Affected Versions: <= 3.15 Vulnerability 1 Details: Name: Media Library Assistant <= 3.15 – Authenticated (Contributor+) SQL Injection via Shortcode Type: Improper…
Read MoreWP ULike Vulnerability– Most Advanced WordPress Marketing Toolkit – Multiple Vulnerabilities – Multiple CVEs | WordPress Plugin Vulnerability Report
Plugin Name: WP ULike – Most Advanced WordPress Marketing Toolkit Key Information: Software Type: Plugin Software Slug: wp-ulike Software Status: Active Software Author: alimir Software Downloads: 1,709,226 Active Installs: 80,000 Last Updated: May 10, 2024 Patched Versions: 4.7.0 Affected Versions: <= 4.6.9 Vulnerability Details: Name: WP ULike <= 4.6.9 Title: Authenticated (Subscriber+) Stored Cross-Site Scripting…
Read More