Photo Gallery by 10Web Vulnerability – Mobile-Friendly Image Gallery – Authenticated (Admin+) Stored Cross-Site Scripting via SVG – CVE-2024-2296 | WordPress Plugin Vulnerability Report

Plugin Name: Photo Gallery by 10Web – Mobile-Friendly Image Gallery Key Information: Software Type: Plugin Software Slug: photo-gallery Software Status: Active Software Author: 10web Software Downloads: 17,757,662 Active Installs: 200,000 Last Updated: April 10, 2024 Patched Versions: 1.8.22 Affected Versions: <= 1.8.21 Vulnerability Details: Name: Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.21…

Read More

SiteOrigin Widgets Bundle Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-1723 | WordPress Plugin Vulnerability Report

Plugin Name: SiteOrigin Widgets Bundle Key Information: Software Type: Plugin Software Slug: so-widgets-bundle Software Status: Active Software Author: gpriday Software Downloads: 38,486,908 Active Installs: 600,000 Last Updated: March 7, 2024 Patched Versions: 1.58.8 Affected Versions: <= 1.58.7 Vulnerability Details: Name: SiteOrigin Widgets Bundle <= 1.58.7 Title: Authenticated (Contributor+) Stored Cross-Site Scripting Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N CVE: CVE-2024-1723…

Read More

Email Encoder Vulnerability– Protect Email Addresses and Phone Numbers – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2024-1282 |WordPress Plugin Vulnerability Report

Plugin Name: Email Encoder – Protect Email Addresses and Phone Numbers Key Information: Software Type: Plugin Software Slug: email-encoder-bundle Software Status: Active Software Author: ironikus Software Downloads: 1,058,847 Active Installs: 80,000 Last Updated: February 27, 2024 Patched Versions: 2.2.1 Affected Versions: <= 2.2.0 Vulnerability Details: Name: Email Encoder – Protect Email Addresses and Phone Numbers…

Read More

AMP for WP Vulnerability– Accelerated Mobile Pages – Authenticated Arbitrary Post Deletion via amppb_remove_saved_layout_data – CVE-2024-1043 |WordPress Plugin Vulnerability Report

Key Information: Software Type: Plugin Software Slug: accelerated-mobile-pages Software Status: Active Software Author: mohammed_kaludi Software Downloads: 17,665,548 Active Installs: 100,000 Last Updated: February 13, 2024 Patched Versions: 1.0.93.2 Affected Versions: <= 1.0.93.1 Vulnerability Details: Name: AMP for WP <= 1.0.93.1 Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE: CVE-2024-1043 CVSS Score: 6.5 Publicly Published: February 6, 2024 Researcher: Sean Murphy…

Read More

Paid Memberships Pro Vulnerability – Information Exposure in Debug Logs |WordPress Plugin Vulnerability Report 

Plugin Name: Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions Key Information: Software Type: Plugin Software Slug: paid-memberships-pro Software Status: Active Software Author: strangerstudios Software Downloads: 5,525,093 Active Installs: 90,000 Last Updated: January 12, 2024 Patched Versions: 2.12.7 Affected Versions: <= 2.12.6 Vulnerability Details: Name: Paid Memberships Pro <= 2.12.6 Title: Information…

Read More

WordPress Plugin Vulnerability Report – Table of Contents Plus – Authenticated (Administrator+) Stored Cross-Site Scripting

Plugin Name: Table of Contents Plus Key Information: Software Type: Plugin Software Slug: table-of-contents-plus Software Status: Active Software Author: conjur3r Software Downloads: 2,261,612 Active Installs: 300,000 Last Updated: September 19, 2023 Patched Versions: 2309 Affected Versions: <2309 Vulnerability Details: Name: Table of Contents Plus <= 2302 – Authenticated (Administrator+) Stored Cross-Site Scripting Type: Improper Neutralization…

Read More

WordPress Plugin Vulnerabilities Report – Booster for WooCommerce – Authenticated Stored Cross-Site Scripting & Information Disclosure – CVE-2023-4945, CVE-2023-4796

Plugin Name: Booster for WooCommerce Key Information: Software Type: Plugin Software Slug: woocommerce-jetpack Software Status: Active Software Author: pluggabl Software Downloads: 3,353,295 Active Installs: 60,000 Last Updated: September 13, 2023 Patched Versions: 7.1.1 Affected Versions: <=7.1.0 Vulnerability Details: 1. Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Type: Improper Neutralization of Input During Web Page Generation…

Read More

WordPress Plugin Vulnerability Report: Slimstat Analytics – Authenticated (Contributor+) Blind SQL Injection via Shortcode – CVE-2023-4598

Key Information: Software Type: Plugin Software Slug: wp-slimstat Software Status: Active Software Author: mostafas1990 Software Downloads: 5,922,898 Active Installs: 100,000 Last Updated: September 11, 2023 Patched Versions: 5.0.10 Affected Versions: <=5.0.9 Vulnerability Details: Name: Slimstat Analytics <= 5.0.9 – Authenticated (Contributor+) Blind SQL Injection via Shortcode Type: Improper Neutralization of Special Elements used in an…

Read More

WordPress Plugin Vulnerability Report: EWWW Image Optimizer – Sensitive Information Exposure

Plugin Name: EWWW Image Optimizer Key Information: Software Type: Plugin Software Slug: ewww-image-optimizer Software Status: Active Software Author: nosilver4u Software Downloads: 33,159,954 Active Installs: 1,000,000 Last Updated: September 7, 2023 Patched Versions: 7.2.1 Affected Versions: <7.2.1 Vulnerability Details: Name: EWWW Image Optimizer <= 7.2.0 – Sensitive Information Exposure Type: Information Exposure CVSS Score: 5.3 (medium)…

Read More

WordPress Plugin Vulnerability Report: User Feedback – Unauthenticated Stored Cross-Site Scripting – CVE-2023-39308

Plugin Name: User Feedback Key Information: Software Type: Plugin Software Slug: userfeedback-lite Software Status: Active Software Author: smub Software Downloads: 348,588 Active Installs: 100,000 Last Updated: September 7, 2023 Patched Versions: 1.0.8 Affected Versions: <=1.0.7 Vulnerability Details: Name: User Feedback <= 1.0.7 – Unauthenticated Stored Cross-Site Scripting Type: Improper Neutralization of Input During Web Page…

Read More