Vulnerability Patch
File Manager Vulnerability – Missing Authorization – CVE-2024-37254 | WordPress Plugin Vulnerability Report
Plugin Name: File Manager Key Information: Software Type: Plugin Software Slug: wp-file-manager Software Status: Active Software Author: mndpsingh287 Software Downloads: 24,013,163 Active Installs: 1,000,000 Last Updated: July 19, 2024 Patched Versions: 7.2.8 Affected Versions: <= 7.2.7 Vulnerability Details: Name: File Manager <= 7.2.7 Type: Missing Authorization CVE: CVE-2024-37254 CVSS Score: 4.3 Publicly Published: June 27,…
Read MoreMigration, Backup, Staging Vulnerability– WPvivid – Missing Authorization – CVE-2024-1982 | WordPress Plugin Vulnerability Report
Plugin Name: Migration, Backup, Staging – WPvivid Key Information: Software Type: Plugin Software Slug: wpvivid-backuprestore Software Status: Active Software Author: wpvividplugins Software Downloads: 6,465,323 Active Installs: 400,000 Last Updated: February 28, 2024 Patched Versions: 0.9.69 Affected Versions: <= 0.9.68 Vulnerability Details: Name: WPvivid Backup and Migration <= 0.9.68 Title: Missing Authorization Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L CVE: CVE-2024-1982…
Read MoreNotificationX Vulnerability- Unauthenticated SQL Injection – CVE-2024-1698 | WordPress Plugin Vulnerability Report
Plugin Name: NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor Key Information: Software Type: Plugin Software Slug: notificationx Software Status: Active Software Author: wpdevteam Software Downloads: 1,002,386 Active Installs: 30,000 Last Updated: February 27, 2024 Patched Versions: 2.8.3 Affected Versions: <= 2.8.2 Vulnerability Details: Name: NotificationX <= 2.8.2…
Read MoreProfilePress Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via [reg-select-role] Shortcode – CVE-2024-1409 | WordPress Plugin Vulnerability Report
Plugin Name: ProfilePress Key Information: Software Type: Plugin Software Slug: wp-user-avatar Software Status: Active Software Author: collizo4sky Software Downloads: 12,483,598 Active Installs: 200,000 Last Updated: February 22, 2024 Patched Versions: 4.15.1 Affected Versions: <= 4.15.0 Vulnerability Details: Name: ProfilePress <= 4.15.0 – Authenticated (Contributor+) Stored Cross-Site Scripting via [reg-select-role] Shortcode Type: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) CVE: CVE-2024-1409 CVSS Score: 6.4 (Medium) Publicly…
Read MoreWordPress Plugin Vulnerability Report – Comments – wpDiscuz – Unauthenticated SQL Injection
Plugin Name: Comments – wpDiscuz Key Information: Software Type: Plugin Software Slug: wpdiscuz Software Status: Active Software Author: advancedcoding Software Downloads: 2,865,421 Active Installs: 80,000 Last Updated: September 18, 2023 Patched Versions: 7.6.6 Affected Versions: <=7.6.5 Vulnerability Details: Name: wpDiscuz <= 7.6.5 – Unauthenticated SQL Injection Type: Improper Neutralization of Special Elements used in an…
Read More