WP Go Maps Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2024-3557 | WordPress Plugin Vulnerability Report

Plugin Name: WP Go Maps Key Information: Software Type: Plugin Software Slug: wp-google-maps Software Status: Active Software Author: wpgmaps Software Downloads: 23,515,825 Active Installs: 400,000 Last Updated: May 23, 2024 Patched Versions: 9.0.37 Affected Versions: <= 9.0.36 Vulnerability Details: Name: WP Go Maps (formerly WP Google Maps) <= 9.0.36 – Authenticated (Contributor+) Stored Cross-Site Scripting via…

Read More

FooGallery Vulnerability – Authenticated (Author+) Stored Cross-Site Scripting – CVE-2024-2762 | WordPress Plugin Vulnerability Report

Plugin Name: FooGallery Key Information: Software Type: Plugin Software Slug: foogallery Software Status: Active Software Author: bradvin Software Downloads: 4,941,934 Active Installs: 100,000 Last Updated: May 23, 2024 Patched Versions: 2.4.15 Affected Versions: < 2.4.15 Vulnerability Details: Name: FooGallery (Free and Premium) < 2.4.15 – Authenticated (Author+) Stored Cross-Site Scripting Type: Improper Neutralization of Input…

Read More

Spectra Vulnerability – Authenticated (Author+) Stored Cross-Site Scripting – CVE-2024-4366 | WordPress Plugin Vulnerability Report

Plugin Name: Spectra Key Information: Software Type: Plugin Software Slug: ultimate-addons-for-gutenberg Software Status: Active Software Author: brainstormforce Software Downloads: 22,257,534 Active Installs: 700,000 Last Updated: May 23, 2024 Patched Versions: 2.13.1 Affected Versions: <= 2.13.0 Vulnerability Details: Name: Spectra – WordPress Gutenberg Blocks <= 2.13.0 – Authenticated (Author+) Stored Cross-Site Scripting Title: Authenticated (Author+) Stored…

Read More

Advanced iFrame Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-4365 | WordPress Plugin Vulnerability Report

Plugin Name: Advanced iFrame Key Information: Software Type: Plugin Software Slug: advanced-iframe Software Status: Active Software Author: mdempfle Software Downloads: 1,950,020 Active Installs: 60,000 Last Updated: May 22, 2024 Patched Versions: 2024.4 Affected Versions: <= 2024.3 Vulnerability Details: Name: Advanced iFrame <= 2024.3 – Authenticated (Contributor+) Stored Cross-Site Scripting Type: Improper Neutralization of Input During…

Read More

ProfilePress Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via ProfilePress User Panel Widget – CVE-2024-2861 | WordPress Plugin Vulnerability Report

Plugin Name: ProfilePress Key Information: Software Type: Plugin Software Slug: wp-user-avatar Software Status: Active Software Author: collizo4sky Software Downloads: 13,011,623 Active Installs: 200,000 Last Updated: May 22, 2024 Patched Versions: 4.15.9 Affected Versions: <= 4.15.8 Vulnerability Details: Name: ProfilePress <= 4.15.8 – Authenticated (Contributor+) Stored Cross-Site Scripting via ProfilePress User Panel Widget Type: Improper Neutralization…

Read More

Prime Slider Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Pagepiling Widget – CVE-2024-3997 | WordPress Plugin Vulnerability Report

Plugin Name: Prime Slider Key Information: Software Type: Plugin Software Slug: bdthemes-prime-slider-lite Software Status: Active Software Author: bdthemes Software Downloads: 2,413,655 Active Installs: 100,000 Last Updated: May 22, 2024 Patched Versions: 3.14.2 Affected Versions: <= 3.14.1 Vulnerability Details: Name: Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) <= 3.14.1…

Read More

WP Shortcodes Plugin Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via su_members Shortcode – CVE-2024-4553 | WordPress Plugin Vulnerability Report

Plugin Name: WP Shortcodes Plugin Key Information: Software Type: Plugin Software Slug: shortcodes-ultimate Software Status: Active Software Author: gn_themes Software Downloads: 20,236,762 Active Installs: 600,000 Last Updated: May 20, 2024 Patched Versions: 7.1.6 Affected Versions: <= 7.1.5 Vulnerability Details: Name: WP Shortcodes Plugin — Shortcodes Ultimate <= 7.1.5 – Authenticated (Contributor+) Stored Cross-Site Scripting via…

Read More

Essential Blocks Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-4891 | WordPress Plugin Vulnerability Report

Plugin Name: Essential Blocks Key Information: Software Type: Plugin Software Slug: essential-blocks Software Status: Active Software Author: wpdevteam Software Downloads: 3,418,922 Active Installs: 100,000 Last Updated: May 16, 2024 Patched Versions: 4.5.13 Affected Versions: <= 4.5.12 Vulnerability Details: Name: Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 4.5.12 – Authenticated (Contributor+) Stored…

Read More

Post and Page Builder by BoldGrid Vulnerability – Authenticated (Contributer+) Stored Cross-Site Scripting – CVE-2024-4400 | WordPress Plugin Vulnerability Report

Plugin Name: Post and Page Builder by BoldGrid Key Information: Software Type: Plugin Software Slug: post-and-page-builder Software Status: Active Software Author: boldgrid Software Downloads: 1,446,399 Active Installs: 80,000 Last Updated: May 15, 2024 Patched Versions: 1.26.5 Affected Versions: <= 1.26.4 Vulnerability Details: Name: Post and Page Builder by BoldGrid – Visual Drag and Drop Editor…

Read More

 WPC Smart Quick View for WooCommerce Vulnerability – Authenticated (Administrator+) Stored Cross-Site Scripting – CVE-2023-6494 | WordPress Plugin Vulnerability Report

Plugin Name: WPC Smart Quick View for WooCommerce Key Information: Software Type: Plugin Software Slug: woo-smart-quick-view Software Status: Active Software Author: wpclever Software Downloads: 1,038,524 Active Installs: 60,000 Last Updated: April 25, 2024 Patched Versions: 4.0.3 Affected Versions: <= 4.0.2 Vulnerability Details: Name: WPC Smart Quick View for WooCommerce <= 4.0.2 Title: Authenticated (Administrator+) Stored…

Read More