The Events Calendar Vulnerability – Cross-Site Request Forgery via action_restore_events – CVE-2024-37518 | WordPress Plugin Vulnerability Report 

Plugin Name: The Events Calendar Key Information: Software Type: Plugin Software Slug: the-events-calendar Software Status: Active Software Author: theeventscalendar Software Downloads: 60,464,127 Active Installs: 700,000 Last Updated: July 27, 2024 Patched Versions: 6.5.1.5 Affected Versions: <= 6.5.1.4 Vulnerability Details: Name: The Events Calendar <= 6.5.1.4 Title: Cross-Site Request Forgery via action_restore_events Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE: CVE-2024-37518…

Read More

Spectra Vulnerability – Authenticated (Author+) Stored Cross-Site Scripting – CVE-2024-4366 | WordPress Plugin Vulnerability Report

Plugin Name: Spectra Key Information: Software Type: Plugin Software Slug: ultimate-addons-for-gutenberg Software Status: Active Software Author: brainstormforce Software Downloads: 22,257,534 Active Installs: 700,000 Last Updated: May 23, 2024 Patched Versions: 2.13.1 Affected Versions: <= 2.13.0 Vulnerability Details: Name: Spectra – WordPress Gutenberg Blocks <= 2.13.0 – Authenticated (Author+) Stored Cross-Site Scripting Title: Authenticated (Author+) Stored…

Read More

WP Shortcodes Plugin Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via su_members Shortcode – CVE-2024-4553 | WordPress Plugin Vulnerability Report

Plugin Name: WP Shortcodes Plugin Key Information: Software Type: Plugin Software Slug: shortcodes-ultimate Software Status: Active Software Author: gn_themes Software Downloads: 20,236,762 Active Installs: 600,000 Last Updated: May 20, 2024 Patched Versions: 7.1.6 Affected Versions: <= 7.1.5 Vulnerability Details: Name: WP Shortcodes Plugin — Shortcodes Ultimate <= 7.1.5 – Authenticated (Contributor+) Stored Cross-Site Scripting via…

Read More

GiveWP Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-3714 | WordPress Plugin Vulnerability Report

Plugin Name: GiveWP Key Information: Software Type: Plugin Software Slug: give Software Status: Active Software Author: webdevmattcrom Software Downloads: 7,298,288 Active Installs: 100,000 Last Updated: May 17, 2024 Patched Versions: 3.11.0 Affected Versions: <= 3.10.0 Vulnerability Details: Name: GiveWP – Donation Plugin and Fundraising Platform <= 3.10.0 – Authenticated (Contributor+) Stored Cross-Site Scripting Type: Improper…

Read More

Menu Icons by ThemeIsle Vulnerability – Authenticated (Author+) Stored Cross-Site Scripting via SVG Upload – CVE-2024-4635 | WordPress Plugin Vulnerability Report

Plugin Name: Menu Icons by ThemeIsle Key Information: Software Type: Plugin Software Slug: menu-icons Software Status: Active Software Author: themeisle Software Downloads: 3,529,569 Active Installs: 200,000 Last Updated: May 15, 2024 Patched Versions: 0.13.14 Affected Versions: <= 0.13.13 Vulnerability Details: Name: Menu Icons by ThemeIsle <= 0.13.13 – Authenticated (Author+) Stored Cross-Site Scripting via SVG…

Read More

Exclusive Addons for Elementor Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Team Member Widget – CVE-2024-4618 | WordPress Plugin Vulnerability Report

Plugin Name: Exclusive Addons for Elementor Key Information: Software Type: Plugin Software Slug: exclusive-addons-for-elementor Software Status: Active Software Author: timstrifler Software Downloads: 870,318 Active Installs: 60,000 Last Updated: May 14, 2024 Patched Versions: 2.6.9.7 Affected Versions: <= 2.6.9.6 Vulnerability Details: Name: Exclusive Addons for Elementor <= 2.6.9.6 – Authenticated (Contributor+) Stored Cross-Site Scripting via Team…

Read More

Gutenberg Blocks Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-4057, CVE-2024-3189, CVE-2024-4208 | WordPress Plugin Vulnerability Report

Plugin Name: Gutenberg Blocks Key Information: Software Type: Plugin Software Slug: kadence-blocks Software Status: Active Software Author: britner Software Downloads: 19,473,277 Active Installs: 400,000 Last Updated: May 14, 2024 Patched Versions: 3.2.38 Affected Versions: <= 3.2.37 Vulnerability Details: Name: Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.37 – Authenticated (Contributor+) Stored Cross-Site…

Read More

Order Export & Order Import for WooCommerce Vulnerability – Authenticated (Administrator+) PHP Object Injection – CVE-2024-34751 | WordPress Plugin Vulnerability Report

Plugin Name: Order Export & Order Import for WooCommerce Key Information: Software Type: Plugin Software Slug: order-import-export-for-woocommerce Software Status: Active Software Author: webtoffee Software Downloads: 1,536,946 Active Installs: 50,000 Last Updated: May 14, 2024 Patched Versions: 2.5.0 Affected Versions: <= 2.4.9 Vulnerability Details: Name: Order Export & Order Import for WooCommerce <= 2.4.9 – Authenticated…

Read More

RSS Aggregator Vulnerability – Reflected Cross-Site Scripting – CVE-2024-4860 | WordPress Plugin Vulnerability Report

Plugin Name: RSS Aggregator Key Information: Software Type: Plugin Software Slug: wp-rss-aggregator Software Status: Active Software Author: jeangalea Software Downloads: 2,771,177 Active Installs: 50,000 Last Updated: May 14, 2024 Patched Versions: 4.23.9 Affected Versions: <= 4.23.8 Vulnerability Details: Name: RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging <= 4.23.8 – Reflected…

Read More

Form Maker by 10Web Vulnerability – Authenticated (Administrator+) Stored Cross-Site Scripting – CVE-2024-34437 | WordPress Plugin Vulnerability Report

Plugin Name: Form Maker by 10Web Key Information: Software Type: Plugin Software Slug: form-maker Software Status: Active Software Author: 10web Software Downloads: 4,739,339 Active Installs: 50,000 Last Updated: May 7, 2024 Patched Versions: 1.15.25 Affected Versions: <= 1.15.24 Vulnerability Details: Name: Form Maker by 10Web <= 1.15.24 – Authenticated (Administrator+) Stored Cross-Site Scripting Type: Improper…

Read More