Pods Vulnerability – Custom Content Types and Fields – Authenticated (Contributor+) SQL Injection via Shortcode – CVE-2023-6967 | WordPress Plugin Vulnerability Report

Plugin Name: Pods – Custom Content Types and Fields Key Information: Software Type: Plugin Software Slug: pods Software Status: Active Software Author: sc0ttkclark Software Downloads: 4,033,656 Active Installs: 100,000 Last Updated: April 1, 2024 Patched Versions: 2.7.31.2, 2.8.23.2, 2.9.19.2, 3.0.10.2 Affected Versions: < 2.7.31, 3 – 3.0.10, 2.8 – 2.8.23 Vulnerability Details: Name: Pods -…

Read More

Appointment Booking Calendar Vulnerability— Simply Schedule Appointments Booking Plugin – Authenticated (Subscriber+) SQL Injection – CVE-2024-2341 |WordPress Plugin Vulnerability Report

Plugin Name: Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin Key Information: Software Type: Plugin Software Slug: simply-schedule-appointments Software Status: Active Software Author: croixhaug Software Downloads: 963,505 Active Installs: 30,000 Last Updated: March 20, 2024 Patched Versions: 1.6.7.9 Affected Versions: <= 1.6.7.7 Vulnerability Details: Name: Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin…

Read More

NotificationX Vulnerability- Unauthenticated SQL Injection – CVE-2024-1698 | WordPress Plugin Vulnerability Report

Plugin Name: NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor Key Information: Software Type: Plugin Software Slug: notificationx Software Status: Active Software Author: wpdevteam Software Downloads: 1,002,386 Active Installs: 30,000 Last Updated: February 27, 2024 Patched Versions: 2.8.3 Affected Versions: <= 2.8.2 Vulnerability Details: Name: NotificationX <= 2.8.2…

Read More

Ultimate Member Vulnerability – Unauthenticated SQL Injection – CVE-2024-1071 | WordPress Plugin Vulnerability Report

Plugin Name: Ultimate Member Key Information: Software Type: Plugin Software Slug: ultimate-member Software Status: Active Software Author: ultimatemember Software Downloads: 9,722,132 Active Installs: 200,000 Last Updated: February 23, 2024 Patched Versions: 2.8.3 Affected Versions: 2.1.3 – 2.8.2 Vulnerability Details: Name: Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin 2.1.3 – 2.8.2 – Unauthenticated SQL Injection Type: Improper Neutralization of Special…

Read More

WP Booking Calendar Vulnerability- Unauthenticated SQL Injection – CVE-2024-1207 | WordPress Plugin Vulnerability Report

Plugin Name: WP Booking Calendar Key Information: Software Type: Plugin Software Slug: booking Software Status: Active Software Author: wpdevelop Software Downloads: 3,262,200 Active Installs: 60,000 Last Updated: February 12, 2024 Patched Versions: 9.9.1 Affected Versions: <= 9.9 Vulnerability Details: Name: Booking Calendar <= 9.9 Title: Unauthenticated SQL Injection Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE: CVE-2024-1207 CVSS Score: 9.8…

Read More

WP Recipe Maker Vulnerability- Missing Authorization to Authenticated SQL Injection – CVE-2024-1206 |WordPress Plugin Vulnerability Report

Plugin Name: WP Recipe Maker Key Information: Software Type: Plugin Software Slug: wp-recipe-maker Software Status: Active Software Author: brechtvds Software Downloads: 2,598,010 Active Installs: 50,000 Last Updated: February 13, 2024 Patched Versions: 9.2.0 Affected Versions: <= 9.1.2 Vulnerability Details: Name: WP Recipe Maker <= 9.1.2 Title: Missing Authorization to Authenticated (Subscriber+) SQL Injection Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H…

Read More

Ninja Forms Contact Form Vulnerability– The Drag and Drop Form Builder for WordPress – Unauthenticated Second Order SQL Injection – CVE-2024-0685 | WordPress Plugin Vulnerability Report

Plugin Name: Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress Key Information: Software Type: Plugin Software Slug: ninja-forms Software Status: Active Software Author: kstover Software Downloads: 42,568,387 Active Installs: 800,000 Last Updated: February 12, 2024 Patched Versions: 3.7.2 Affected Versions: <= 3.7.1 Vulnerability Details: Name: Ninja Forms Contact Form <=…

Read More

PDF Invoices & Packing Slips for WooCommerce – Authenticated SQL Injection – CVE-2024-22147 | WordPress Plugin Vulnerability Report

Plugin Name: PDF Invoices & Packing Slips for WooCommerce Key Information: Software Type: Plugin Software Slug: woocommerce-pdf-invoices-packing-slips Software Status: Active Software Author: wpovernight Software Downloads: 14,467,174 Active Installs: 300,000 Last Updated: January 12, 2024 Patched Versions: 3.7.6 Affected Versions: <= 3.7.5 Vulnerability Details: Name: PDF Invoices & Packing Slips for WooCommerce <= 3.7.5 Title: Authenticated…

Read More

Download Monitor Vulnerability – Authenticated (Admin+) SQL Injection | WordPress Plugin Vulnerability Report

Plugin Name: Download Monitor Key Information: Software Type: Plugin Software Slug: download-monitor Software Status: Active Software Author: wpchill Software Downloads: 4,783,527 Active Installs: 100,000 Last Updated: January 8, 2024 Patched Versions: 4.9.5 Affected Versions: < 4.9.5 Vulnerability Details: Name: Download Monitor <= 4.9.4 Title: Authenticated (Admin+) SQL Injection Type: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE: NA CVSS Score: 7.2…

Read More

WordPress Plugin Vulnerability Report – Burst Statistics and Burst Statistics Pro – Unauthenticated SQL Injection – CVE-2023-5761

Plugin Name: Burst Statistics and Burst Statistics Pro Key Information: Software Type: Plugin Software Slug: burst-statistics Software Status: Active Software Author: rogierlankhorst Software Downloads: 1,201,064 Active Installs: 100,000 Last Updated: December 6, 2023 Patched Versions (Burst Statistics): 1.4.0 – 1.4.6.1 Affected Versions (Burst Statistics): 1.5.0 Patched Versions (Burst Statistics Pro): 1.4.0 – 1.5.0 Affected Versions (Burst Statistics Pro): 1.5.1 Vulnerability Details: Name: Burst Statistics – Privacy-Friendly Analytics…

Read More