Vulnerability Management
Security Optimizer Vulnerability – Missing Authorization via hide_notice() – CVE-2024-38774 | WordPress Plugin Vulnerability Report
Plugin Name: Security Optimizer – The All-In-One Protection Plugin Key Information: Software Type: Plugin Software Slug: sg-security Software Status: Active Software Author: siteground Software Downloads: 22,051,479 Active Installs: 1,000,000 Last Updated: July 29, 2024 Patched Versions: 1.5.1 Affected Versions: <= 1.5.0 Vulnerability Details: Name: Security Optimizer – The All-In-One Protection Plugin <= 1.5.0 Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N…
Read MoreDuplicator – Migration & Backup Plugin Vulnerability – Full Path Disclosure – CVE-2024-6210 | WordPress Plugin Vulnerability Report
Plugin Name: Duplicator – Migration & Backup Plugin Key Information: Software Type: Plugin Software Slug: duplicator Software Status: Active Software Author: smub Software Downloads: 43,284,982 Active Installs: 1,000,000 Last Updated: July 29, 2024 Patched Versions: 1.5.10 Affected Versions: <= 1.5.9 Vulnerability Details: Name: Duplicator <= 1.5.9 Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE: CVE-2024-6210 CVSS Score: 5.3 Publicly Published:…
Read MoreYITH WooCommerce Wishlist Vulnerability – Authenticated (Admin+) Stored Cross-Site Scripting – CVE-2024-34385 | WordPress Plugin Vulnerability Report
Plugin Name: YITH WooCommerce Wishlist Key Information: Software Type: Plugin Software Slug: yith-woocommerce-wishlist Software Status: Active Software Author: yithemes Software Downloads: 25,691,780 Active Installs: 900,000 Last Updated: June 11, 2024 Patched Versions: 3.33.0 Affected Versions: <= 3.32.0 Vulnerability Details: Name: YITH WooCommerce Wishlist <= 3.32.0 Title: Authenticated (Admin+) Stored Cross-Site Scripting Type: CVE: CVE-2024-34385 CVSS…
Read MoreHappy Addons for Elementor Vulnerability – Authenticated Stored Cross-Site Scripting – CVE-2024-5041, CVE-2024-5347 | WordPress Plugin Vulnerability Report
Plugin Name: Happy Addons for Elementor Key Information: Software Type: Plugin Software Slug: happy-elementor-addons Software Status: Active Software Author: thehappymonster Software Downloads: 7,124,353 Active Installs: 400,000 Last Updated: June 13, 2024 Patched Versions: 3.11.0 Affected Versions: <= 3.10.9 Vulnerability Details: Vulnerability 1: Name: Happy Addons for Elementor <= 3.10.9 Title: Authenticated (Contributor+) Stored Cross-Site Scripting…
Read MoreDownload Monitor Vulnerability – Missing Authorization – CVE-2024-3269 | WordPress Plugin Vulnerability Report
Plugin Name: Download Monitor Key Information: Software Type: Plugin Software Slug: download-monitor Software Status: Active Software Author: wpchill Software Downloads: 5,153,537 Active Installs: 100,000 Last Updated: June 11, 2024 Patched Versions: 4.9.14 Affected Versions: <= 4.9.13 Vulnerability Details: Name: Download Monitor <= 4.9.13 Title: Missing Authorization Type: CVE: CVE-2024-3269 CVSS Score: 5.4 Publicly Published: May…
Read MoreImage Hover Effects Vulnerability – Authenticated(Contributor+) DOM-based Stored Cross-Site Scripting via Image Hover Effects Widget – CVE-2024-1166 | WordPress Plugin Vulnerability Report
Plugin Name: Image Hover Effects Key Information: Software Type: Plugin Software Slug: image-hover-effects-addon-for-elementor Software Status: Active Software Author: blocksera Software Downloads: 583,781 Active Installs: 50,000 Last Updated: May 6, 2024 Patched Versions: 1.4.2 Affected Versions: <= 1.4.1 Vulnerability Details: Name: Image Hover Effects – Elementor Addon <= 1.4.1 – Authenticated(Contributor+) DOM-based Stored Cross-Site Scripting via…
Read MorePowerPack Addons for Elementor Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-2491, CVE-2024-2492 | WordPress Plugin Vulnerability Report
Plugin Name: PowerPack Addons for Elementor Key Information: Software Type: Plugin Software Slug: powerpack-lite-for-elementor Software Status: Active Software Author: ideaboxcreations Software Downloads: 2,280,809 Active Installs: 100,000 Last Updated: March 29, 2024 Patched Versions: 2.7.19 Affected Versions: <= 2.7.18 Vulnerability Details: Name: PowerPack Addons for Elementor <= 2.7.18 – Authenticated (Contributor+) Stored Cross-Site Scripting via Twitter Tweet Widget, PowerPack Addons for Elementor <= 2.7.17 – Authenticated…
Read More