SQL Injection

 Tutor LMS – eLearning and online course solution Vulnerability – Authenticated (Instructor+) Insecure Direct Object Reference to Arbitrary Quiz Attempt Deletion & Authenticated (Administrator+) SQL Injection – CVE-2024-5438, CVE-2024-4902 | WordPress Plugin Vulnerability Report

By Your WP Guy / Jun 6, 2024

Plugin Name: Tutor LMS – eLearning and online course solution Key Information: Software Type: Plugin Software Slug: tutor Software Status: Active Software Author: themeum Software Downloads: 2,142,088 Active Installs: 90,000 Last Updated: June 20, 2024 Patched Versions: 2.7.2 Affected Versions: <= 2.7.1 Vulnerability 1 Details: Name: Tutor LMS – eLearning and online course solution <=…

Read More

Unlimited Elements For Elementor (Free Widgets, Addons, Templates) Vulnerability – Authenticated (Contributor+) Information Exposure, Blind SQL Injection – CVE-2024-35674, CVE-2024-5329 | WordPress Plugin Vulnerability Report

By Your WP Guy / Jun 5, 2024

Plugin Name: Unlimited Elements For Elementor (Free Widgets, Addons, Templates) Key Information: Software Type: Plugin Software Slug: unlimited-elements-for-elementor Software Status: Active Software Author: unitecms Software Downloads: 8,821,358 Active Installs: 200,000 Last Updated: June 20, 2024 Patched Versions: 1.5.110 Affected Versions: <= 1.5.109 Vulnerability 1 Details: Name: Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <=…

Read More

Email Subscribers by Icegram Express Vulnerability – Unauthenticated SQL Injection via hash – CVE-2024-4295 | WordPress Plugin Vulnerability Report

By Your WP Guy / Jun 4, 2024

Plugin Name: Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce Key Information: Software Type: Plugin Software Slug: email-subscribers Software Status: Active Software Author: icegram Software Downloads: 10,659,578 Active Installs: 90,000 Last Updated: June 18, 2024 Patched Versions: 5.7.21 Affected Versions: <= 5.7.20 Vulnerability Details: Name: Email Subscribers by Icegram…

Read More

Search & Replace Vulnerability – Authenticated (Administrator+) SQL injection – CVE-2024-0756 | WordPress Plugin Vulnerability Report

By Your WP Guy / May 23, 2024

Plugin Name: Search & Replace Key Information: Software Type: Plugin Software Slug: search-and-replace Software Status: Active Software Author: wp_media Software Downloads: 2,867,673 Active Installs: 100,000 Last Updated: May 23, 2024 Patched Versions: 3.2.2 Affected Versions: <= 3.2.1 Vulnerability Details: Name: Search & Replace <= 3.2.1 – Authenticated (Administrator+) SQL injection Type: Improper Neutralization of Special…

Read More

Post SMTP Vulnerability – Authenticated (Administrator+) SQL Injection – CVE-2024-5207 | WordPress Plugin Vulnerability Report

By Your WP Guy / May 22, 2024

Plugin Name: Post SMTP Key Information: Software Type: Plugin Software Slug: post-smtp Software Status: Active Software Author: wpexpertsio Software Downloads: 12,562,258 Active Installs: 400,000 Last Updated: May 22, 2024 Patched Versions: 2.9.4 Affected Versions: <=2.9.3 Vulnerability Details: Name: POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress <= 2.9.3…

Read More

Media Library Assistant Vulnerability – Authenticated (Contributor+) SQL Injection via Shortcode & Reflected Cross-Site Scripting via lang – CVE-2024-3518 & CVE-2024-3519 | WordPress Plugin Vulnerability Report

By Your WP Guy / May 21, 2024

Plugin Name: Media Library Assistant Key Information: Software Type: Plugin Software Slug: media-library-assistant Software Status: Active Software Author: dglingren Software Downloads: 1,952,519 Active Installs: 70,000 Last Updated: May 21, 2024 Patched Versions: 3.16 Affected Versions: <= 3.15 Vulnerability 1 Details: Name: Media Library Assistant <= 3.15 – Authenticated (Contributor+) SQL Injection via Shortcode Type: Improper…

Read More

Tutor LMS Vulnerability – Multiple Vulnerabilities – CVE-2024-4279, CVE-2024-4318, CVE-2024-4223 | WordPress Plugin Vulnerability Report

By Your WP Guy / May 15, 2024

Plugin Name: Tutor LMS Key Information: Software Type: Plugin Software Slug: tutor Software Status: Active Software Author: themeum Software Downloads: 2,095,500 Active Installs: 80,000 Last Updated: May 15, 2024 Patched Versions: 2.7.1 Affected Versions: <= 2.7.0 Vulnerability 1 Details: Name: Tutor LMS – eLearning and online course solution <= 2.7.0 – Authenticated (Instructor+) Insecure Direct Object Reference to Arbitrary Course Deletion Title: Authenticated (Instructor+) Insecure…

Read More

Timetable and Event Schedule by MotoPress Vulnerability – Authenticated SQL Injection – CVE-2024-3342 | WordPress Plugin Vulnerability Report

By Your WP Guy / Apr 26, 2024

Plugin Name: Timetable and Event Schedule by MotoPress Key Information: Software Type: Plugin Software Slug: mp-timetable Software Status: Active Software Author: jetmonsters Software Downloads: 738,183 Active Installs: 30,000 Last Updated: May 10, 2024 Patched Versions: 2.4.12 Affected Versions: <= 2.4.11 Vulnerability Details: Name: Timetable and Event Schedule by MotoPress <= 2.4.11 Title: Authenticated (Contributor+) SQL…

Read More

WP ULike Vulnerability– Most Advanced WordPress Marketing Toolkit – Multiple Vulnerabilities – Multiple CVEs | WordPress Plugin Vulnerability Report 

By Your WP Guy / Apr 26, 2024

Plugin Name: WP ULike – Most Advanced WordPress Marketing Toolkit Key Information: Software Type: Plugin Software Slug: wp-ulike Software Status: Active Software Author: alimir Software Downloads: 1,709,226 Active Installs: 80,000 Last Updated: May 10, 2024 Patched Versions: 4.7.0 Affected Versions: <= 4.6.9 Vulnerability Details: Name: WP ULike <= 4.6.9 Title: Authenticated (Subscriber+) Stored Cross-Site Scripting…

Read More

WP Show Posts Vulnerability – Improper Authorization to Information Exposure – CVE-2023-6731 | WordPress Plugin Vulnerability Report

By Your WP Guy / Apr 15, 2024

Plugin Name: WP Show Posts Key Information: Software Type: Plugin Software Slug: wp-show-posts Software Status: Active Software Author: edge22 Software Downloads: 534,403 Active Installs: 90,000 Last Updated: April 25, 2024 Patched Versions: 1.1.6 Affected Versions: <= 1.1.5 Vulnerability Details: Name: WP Show Posts <= 1.1.5 Title: Improper Authorization to Information Exposure Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE: CVE-2023-6731…

Read More