stored XSS

ProfilePress Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via [reg-select-role] Shortcode – CVE-2024-1409 | WordPress Plugin Vulnerability Report

By Your WP Guy / Feb 22, 2024

Plugin Name: ProfilePress Key Information: Software Type: Plugin Software Slug: wp-user-avatar Software Status: Active Software Author: collizo4sky Software Downloads: 12,483,598 Active Installs: 200,000 Last Updated: February 22, 2024 Patched Versions: 4.15.1 Affected Versions: <= 4.15.0 Vulnerability Details: Name: ProfilePress <= 4.15.0 – Authenticated (Contributor+) Stored Cross-Site Scripting via [reg-select-role] Shortcode Type: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) CVE: CVE-2024-1409 CVSS Score: 6.4 (Medium) Publicly…

Read More

Page Builder: Pagelayer Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Button – CVE-2024-1590 | WordPress Plugin Vulnerability Report

By Your WP Guy / Feb 22, 2024

Plugin Name: Page Builder: Pagelayer Key Information: Software Type: Plugin Software Slug: pagelayer Software Status: Active Software Author: softaculous Software Downloads: 5,658,195 Active Installs: 200,000 Last Updated: February 22, 2024 Patched Versions: 1.8.3 Affected Versions: <= 1.8.2 Vulnerability Details: Name: Page Builder: Pagelayer – Drag and Drop website builder <= 1.8.2 – Authenticated (Contributor+) Stored Cross-Site Scripting via Button Title: Authenticated (Contributor+) Stored Cross-Site Scripting via…

Read More

3D FlipBook Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Bookmarks – CVE-2024-1081 | WordPress Plugin Vulnerability Report

By Your WP Guy / Feb 20, 2024

Plugin Name: 3D FlipBook Key Information: Software Type: Plugin Software Slug: interactive-3d-flipbook-powered-physics-engine Software Status: Active Software Author: iberezansky Software Downloads: 1,524,371 Active Installs: 70,000 Last Updated: February 20, 2024 Patched Versions: 1.15.4 Affected Versions: <= 1.15.3 Vulnerability Details: Name: 3D FlipBook – PDF Flipbook WordPress <= 1.15.3 – Authenticated (Contributor+) Stored Cross-Site Scripting via Bookmarks Title: Authenticated (Contributor+) Stored Cross-Site Scripting via Bookmarks Type: Improper Neutralization of…

Read More

Shortcodes Ultimate Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via su_tooltip Shortcode – CVE-2024-1510 | WordPress Plugin Vulnerability Report

By Your WP Guy / Feb 19, 2024

Plugin Name: Shortcodes Ultimate Key Information ormation: Software Type: Plugin Software Slug: shortcodes-ultimate Software Status: Active Software Author: gn_themes Software Downloads: 18,644,577 Active Installs: 600,000 Last Updated: February 19, 2024 Patched Versions: 7.0.3 Affected Versions: <= 7.0.2 Vulnerability Details: Name: WP Shortcodes Plugin – Shortcodes Ultimate <= 7.0.2 – Authenticated (Contributor+) Stored Cross-Site Scripting via su_tooltip Shortcode Type: Improper Neutralization of Input During Web Page Generation…

Read More

SlimStat Analytics Vulnerability – Authenticated (Subscriber+) Stored Cross-Site Scripting – CVE-2024-1073 | WordPress Plugin Vulnerability Report

By Your WP Guy / Feb 1, 2024

Plugin Name: SlimStat Analytics Key Information: Software Type: Plugin Software Slug: wp-slimstat Software Status: Active Software Author: mostafas1990 Software Downloads: 6,082,430 Active Installs: 90,000 Last Updated: February 5, 2024 Patched Versions: 5.1.4 Affected Versions: <= 5.1.3 Vulnerability Details: Name: SlimStat Analytics <= 5.1.3 Title: Authenticated (Subscriber+) Stored Cross-Site Scripting (XSS) Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N CVE: CVE-2024-1073 CVSS…

Read More

WebSub Vulnerability – Authenticated (Admin+) Stored Cross-Site Scripting – CVE-2024-0688 | WordPress Plugin Vulnerability Report

By Your WP Guy / Jan 24, 2024

Plugin Name: WebSub Key Information: Software Type: Plugin Software Slug: pubsubhubbub Software Status: Active Software Author: joshfraz Software Downloads: 1,744,325 Active Installs: 100,000 Last Updated: January 24, 2024 Patched Versions: 3.2.0 Affected Versions: <= 3.1.4 Vulnerability Details: Name: WebSub (FKA. PubSubHubbub) <= 3.1.4 – Authenticated (Admin+) Stored Cross-Site Scripting Title: Authenticated (Admin+) Stored Cross-Site Scripting…

Read More

Contact Form Plugin – Authenticated(Administrator+) Stored Cross-Site Scripting via imported form title – CVE-2024-0618 | WordPress Plugin Vulnerability Report

By Your WP Guy / Jan 18, 2024

Plugin Name: Contact Form Plugin – Fastest Contact Form Builder Plugin for WordPress by Fluent Forms Key Information: Software Type: Plugin Software Slug: fluentform Software Status: Active Software Author: techjewel Software Downloads: 5,679,069 Active Installs: 400,000 Last Updated: January 18, 2024 Patched Versions: 5.1.7 Affected Versions: <= 5.1.5 Vulnerability Details: Name: Fluent Forms <= 5.1.5…

Read More

OneClick Chat to Order Vulnerability – Authenticated Stored Cross-Site Scripting via Shortcode | WordPress Plugin Vulnerability Report

By Your WP Guy / Jan 8, 2024

Plugin Name: OneClick Chat to Order Key Information: Software Type: Plugin Software Slug: oneclick-whatsapp-order Software Status: Active Software Author: walterpinem Software Downloads: 205,924 Active Installs: 30,000 Last Updated: January 8, 2024 Patched Versions: 1.0.6 Affected Versions: <= 1.0.5 Vulnerability Details: Name: OneClick Chat to Order <= 1.0.5 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode…

Read More

WordPress Button Plugin MaxButtons – Authenticated Stored Cross-Site Scripting – CVE-2023-6594 | WordPress Plugin Vulnerability Report

By Your WP Guy / Jan 8, 2024

Plugin Name: WordPress Button Plugin MaxButtons Key Information: Software Type: Plugin Software Slug: maxbuttons Software Status: Active Software Author: maxfoundry Software Downloads: 4,640,344 Active Installs: 100,000 Last Updated: January 8, 2024 Patched Versions: 9.7.6 Affected Versions: <= 9.7.4 Vulnerability Details: Name: WordPress Button Plugin MaxButtons <= 9.7.4 Title: Authenticated (Administrator+) Stored Cross-Site Scripting Type: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N…

Read More

Orbit Fox by ThemeIsle Vulnerability – Authenticated Stored Cross-Site Scripting – CVE-2023-6781 | WordPress Plugin Vulnerability Report

By Your WP Guy / Jan 5, 2024

  Plugin Name: Orbit Fox by ThemeIsle Key Information: Software Type: Plugin Software Slug: themeisle-companion Software Status: Active Software Author: themeisle Software Downloads: 10,910,881 Active Installs: 200,000 Last Updated: January 5, 2024 Patched Versions: <= 2.10.26 Affected Versions: 2.10.27 Vulnerability Details: Name: Orbit Fox Companion <= 2.10.26 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via custom…

Read More