File Manager Vulnerability – Missing Authorization – CVE-2024-37254 | WordPress Plugin Vulnerability Report

Plugin Name: File Manager Key Information: Software Type: Plugin Software Slug: wp-file-manager Software Status: Active Software Author: mndpsingh287 Software Downloads: 24,013,163 Active Installs: 1,000,000 Last Updated: July 19, 2024 Patched Versions: 7.2.8 Affected Versions: <= 7.2.7 Vulnerability Details: Name: File Manager <= 7.2.7 Type: Missing Authorization CVE: CVE-2024-37254 CVSS Score: 4.3 Publicly Published: June 27,…

Read More

Prime Slider Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-4339 | WordPress Plugin Vulnerability Report

Plugin Name: Prime Slider Key Information: Software Type: Plugin Software Slug: bdthemes-prime-slider-lite Software Status: Active Software Author: bdthemes Software Downloads: 2,368,030 Active Installs: 100,000 Last Updated: May 7, 2024 Patched Versions: 3.14.4 Affected Versions: <= 3.14.3 Vulnerability Details: Name: Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) <= 3.14.3…

Read More

Migration, Backup, Staging Vulnerability– WPvivid – Missing Authorization – CVE-2024-1982 | WordPress Plugin Vulnerability Report 

Plugin Name: Migration, Backup, Staging – WPvivid Key Information: Software Type: Plugin Software Slug: wpvivid-backuprestore Software Status: Active Software Author: wpvividplugins Software Downloads: 6,465,323 Active Installs: 400,000 Last Updated: February 28, 2024 Patched Versions: 0.9.69 Affected Versions: <= 0.9.68 Vulnerability Details: Name: WPvivid Backup and Migration <= 0.9.68 Title: Missing Authorization Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L CVE: CVE-2024-1982…

Read More

NotificationX Vulnerability- Unauthenticated SQL Injection – CVE-2024-1698 | WordPress Plugin Vulnerability Report

Plugin Name: NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor Key Information: Software Type: Plugin Software Slug: notificationx Software Status: Active Software Author: wpdevteam Software Downloads: 1,002,386 Active Installs: 30,000 Last Updated: February 27, 2024 Patched Versions: 2.8.3 Affected Versions: <= 2.8.2 Vulnerability Details: Name: NotificationX <= 2.8.2…

Read More

ProfilePress Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via [reg-select-role] Shortcode – CVE-2024-1409 | WordPress Plugin Vulnerability Report

Plugin Name: ProfilePress Key Information: Software Type: Plugin Software Slug: wp-user-avatar Software Status: Active Software Author: collizo4sky Software Downloads: 12,483,598 Active Installs: 200,000 Last Updated: February 22, 2024 Patched Versions: 4.15.1 Affected Versions: <= 4.15.0 Vulnerability Details: Name: ProfilePress <= 4.15.0 – Authenticated (Contributor+) Stored Cross-Site Scripting via [reg-select-role] Shortcode Type: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) CVE: CVE-2024-1409 CVSS Score: 6.4 (Medium) Publicly…

Read More

WordPress Plugin Vulnerability Report – Icegram Express – Email Marketing, Newsletters and Automation for WordPress & WooCommerce – Authenticated Directory Traversal – CVE-2023-5414

Plugin Name: Icegram Express – Email Marketing, Newsletters and Automation for WordPress & WooCommerce Key Information: Software Type: Plugin Software Slug: email-subscribers Software Status: Active Software Author: icegram Software Downloads: 9,788,187 Active Installs: 100,000 Last Updated: October 11, 2023 Patched Versions: 5.6.24 Affected Versions: <= 5.6.23 Vulnerability Details: Name: Icegram Express <= 5.6.23 – Authenticated (Administrator+) Directory Traversal to Arbitrary File Read Type: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H CVE: CVE-2023-5414 CVSS…

Read More

WordPress Plugin Vulnerability Report – Ad Inserter – Unauthenticated Sensitive Information Exposure – CVE-2023-4668, CVE-2023-4645

Plugin Name: Ad Inserter Key Information: Software Type: Plugin Software Slug: ad-inserter Software Status: Active Software Author: Spacetime Software Downloads: 13,908,300 Active Installs: 300,000 Last Updated: September 22, 2023 Patched Versions: 2.7.31 Affected Versions: 2.7.30 Vulnerability Details: Name: Ad Inserter <= 2.7.30 – Unauthenticated Sensitive Information Exposure via ai-debug-processing-fe Type: Missing Authorization CVE: CVE-2023-4668 CVSS…

Read More

WordPress Plugin Vulnerability Report – Comments – wpDiscuz – Unauthenticated SQL Injection

Plugin Name: Comments – wpDiscuz Key Information: Software Type: Plugin Software Slug: wpdiscuz Software Status: Active Software Author: advancedcoding Software Downloads: 2,865,421 Active Installs: 80,000 Last Updated: September 18, 2023 Patched Versions: 7.6.6 Affected Versions: <=7.6.5 Vulnerability Details: Name: wpDiscuz <= 7.6.5 – Unauthenticated SQL Injection Type: Improper Neutralization of Special Elements used in an…

Read More

WordPress Plugin Vulnerability Report: Duplicate Post Page Menu & Custom Post Type – Missing Authorization to Post Duplication – CVE-2023-4792

Plugin Name: Duplicate Post Page Menu & Custom Post Type Key Information: Software Type: Plugin Software Slug: duplicate-post-page-menu-custom-post-type Software Status: Removed Software Author: inqsys Software Downloads: 300,152 Active Installs: 30,000 Last Updated: September 7, 2023 Patched Versions: 2.4.0 Affected Versions: <=2.3.1 Vulnerability Details: Name: Duplicate Post Page Menu & Custom Post Type <= 2.3.1 -…

Read More