Exclusive Addons for Elementor Vulnerability – Missing Authorization to Post Duplication – CVE-2024-33914 | WordPress Plugin Vulnerability Report 

Plugin Name: Exclusive Addons for Elementor Key Information: Software Type: Plugin Software Slug: exclusive-addons-for-elementor Software Status: Active Software Author: timstrifler Software Downloads: 859,237 Active Installs: 60,000 Last Updated: May 13, 2024 Patched Versions: 2.6.9.2 Affected Versions: <= 2.6.9.1 Vulnerability Details: Name: Exclusive Addons Elementor <= 2.6.9.1 Title: Missing Authorization to Post Duplication Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVE:…

Read More

Page Builder: Pagelayer Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Button – CVE-2024-1590 | WordPress Plugin Vulnerability Report

Plugin Name: Page Builder: Pagelayer Key Information: Software Type: Plugin Software Slug: pagelayer Software Status: Active Software Author: softaculous Software Downloads: 5,658,195 Active Installs: 200,000 Last Updated: February 22, 2024 Patched Versions: 1.8.3 Affected Versions: <= 1.8.2 Vulnerability Details: Name: Page Builder: Pagelayer – Drag and Drop website builder <= 1.8.2 – Authenticated (Contributor+) Stored Cross-Site Scripting via Button Title: Authenticated (Contributor+) Stored Cross-Site Scripting via…

Read More

Event Tickets and Registration Vulnerability – Missing Authorization – CVE-2024-1053 | WordPress Plugin Vulnerability Report

Plugin Name: Event Tickets and Registration Key Information: Software Type: Plugin Software Slug: event-tickets Software Status: Active Software Author: theeventscalendar Software Downloads: 3,388,630 Active Installs: 80,000 Last Updated: February 21, 2024 Patched Versions: 5.8.2 Affected Versions: <= 5.8.1 Vulnerability Details: Name: Event Tickets and Registration <= 5.8.1 – Missing Authorization Title: Missing Authorization Type: Improper Access Control CVE: CVE-2024-1053 CVSS Score: 4.3 (Medium) Publicly Published: February 21, 2024 Researcher: Muhammad Daffa…

Read More

WPFront Notification Bar Vulnerability – Authenticated (Admin+) Stored Cross-Site Scripting via wpfront-notification-bar-options[custom_class] – CVE-2024-0625 | WordPress Plugin Vulnerability Report

Plugin Name: WPFront Notification Bar Key Information: Software Type: Plugin Software Slug: wpfront-notification-bar Software Status: Active Software Author: syammohanm Software Downloads: 803,067 Active Installs: 50,000 Last Updated: January 24, 2024 Patched Versions: <= 3.3.2 Affected Versions: <= 3.3.2 Vulnerability Details: Name: WPFront Notification Bar <= 3.3.2 – Authenticated (Admin+) Stored Cross-Site Scripting via wpfront-notification-bar-options[custom_class] Title: Authenticated (Admin+) Stored Cross-Site Scripting via wpfront-notification-bar-options[custom_class] Type: Improper Neutralization of Input…

Read More

Hostinger Vulnerability – Missing Authorization to Maintenance Mode Activation – CVE-2023-6751 | WordPress Plugin Vulnerability Report

Plugin Name: Hostinger Key Information: Software Type: Plugin Software Slug: hostinger Software Status: Active Software Author: hostinger Software Downloads: 1,609,570 Active Installs: 1,000,000 Last Updated: January 5, 2024 Patched Versions: 1.9.8 Affected Versions: <= 1.9.7 Vulnerability Details: Name: Hostinger <= 1.9.7 – Missing Authorization to Maintenance Mode Activation Title: Missing Authorization to Maintenance Mode Activation Type: Missing Authorization CVE: CVE-2023-6751 CVSS Score: 7.3 (High) Publicly Published: January 5, 2024 Researcher: Lucio…

Read More

Clone Vulnerability – Sensitive Information Exposure – CVE-2023-6750 | WordPress Plugin Vulnerability Report

Plugin Name: Clone Key Information: Software Type: Plugin Software Slug: wp-clone-by-wp-academy Software Status: Active Software Author: migrate Software Downloads: 3,152,544 Active Installs: 90,000 Last Updated: December 18, 2023 Patched Versions: 2.4.3 Affected Versions: <= 2.4.2 Vulnerability Details: Name: WP Clone <= 2.4.2 – Sensitive Information Exposure Title: Sensitive Information Exposure Type: Information Exposure CVE: CVE-2023-6750 CVSS Score: 9.8 (Critical) Publicly Published: December 18, 2023 Researcher: Dmitrii Ignatyev Description: The Clone plugin for…

Read More

WordPress Plugin Vulnerability Report – Google Language Translator – Missing Authorization to Notice Dismissal

Plugin Name: Google Language Translator Key Information: Software Type: Plugin Software Slug: google-language-translator Software Status: Active Software Author: edo888 Software Downloads: 3,145,040 Active Installs: 100,000 Last Updated: December 8, 2023 Patched Versions: 6.0.20 Affected Versions: < 6.0.20 Vulnerability Details: Name: Google Language Translator <= 6.0.20 – Missing Authorization to Notice Dismissal Type: Missing Authorization CVSS Score: 5.3 (Medium) Publicly Published: December 8, 2023 Description: The Translate WordPress – Google…

Read More

WordPress Plugin Vulnerability Report – Mollie Payments for WooCommerce – Authenticated (Shop Manager+) Arbitrary File Upload – CVE-2023-6090

Plugin Name: Mollie Payments for WooCommerce Key Information: Software Type: Plugin Software Slug: mollie-payments-for-woocommerce Software Status: Active Software Author: mollieintegration Software Downloads: 2,934,315 Active Installs: 100,000 Last Updated: November 27, 2023 Patched Versions: 7.3.12 Affected Versions: <= 7.3.11 Vulnerability Details: Name: Mollie Payments for WooCommerce <= 7.3.11 – Authenticated (Shop Manager+) Arbitrary File Upload Title: Authenticated (Shop Manager+) Arbitrary File Upload Type: Unrestricted Upload of File with…

Read More

WordPress Plugin Vulnerability Report – BackWPup – Authenticated (Administrator+) Directory Traversal – CVE-2023-5504

Plugin Name: BackWPup Key Information: Software Type: Plugin Software Slug: backwpup Software Status: Active Software Author: wp_media Software Downloads: 13,284,859 Active Installs: 600,000 Last Updated: November 22, 2023 Patched Versions: 4.0.2 Affected Versions: <= 4.0.1 Vulnerability Details: Name: BackWPup <= 4.0.1 – Authenticated (Administrator+) Directory Traversal Title: Authenticated (Administrator+) Directory Traversal Type: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) CVE: CVE-2023-5504 CVSS Score: 8.7 (High)…

Read More

WordPress Plugin Vulnerability Report – Slider – Missing Authorization via AJAX action

Plugin Name: Slider – Ultimate Responsive Image Slider Key Information: Software Type: Plugin Software Slug: ultimate-responsive-image-slider Software Status: Active Software Author: farazfrank Software Downloads: 1,338,384 Active Installs: 40,000 Last Updated: November 16, 2023 Patched Versions: 3.5.12 Affected Versions: <= 3.5.11 Vulnerability Details: Name: Ultimate Responsive Image Slider <= 3.5.11 – Missing Authorization via AJAX action Title: Missing Authorization via AJAX action Type: Missing Authorization CVSS Score: 4.3 (Medium)…

Read More