Web safety

Jeg Elementor Kit Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget – CVE-2024-3161 | WordPress Plugin Vulnerability Report

By Your WP Guy / Apr 29, 2024

Plugin Name: Jeg Elementor Kit Key Information: Software Type: Plugin Software Slug: jeg-elementor-kit Software Status: Active Software Author: jegtheme Software Downloads: 1,207,029 Active Installs: 200,000 Last Updated: May 10, 2024 Patched Versions: 2.6.5 Affected Versions: <= 2.6.4 Vulnerability Details: Name: Jeg Elementor Kit <= 2.6.4 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget Type:…

Read More

Carousel Slider Vulnerability – Authenticated (Editor+) Stored Cross-Site Scripting – CVE-2024-3703 | WordPress Plugin Vulnerability Report

By Your WP Guy / Apr 12, 2024

Plugin Name: Carousel Slider Key Information: Software Type: Plugin Software Slug: carousel-slider Software Status: Active Software Author: sayful Software Downloads: 908,916 Active Installs: 40,000 Last Updated: April 25, 2024 Patched Versions: 2.2.10 Affected Versions: <= 2.2.9 Vulnerability Details: Name: Carousel Slider <= 2.2.9 Title: Authenticated (Editor+) Stored Cross-Site Scripting Type: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N CVE: CVE-2024-3703 CVSS Score:…

Read More

Ultimate Member Vulnerability – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin – Authenticated (Subscriber+) Stored Cross-Site Scripting – CVE-2024-2765 | WordPress Plugin Vulnerability Report

By Your WP Guy / Apr 10, 2024

Plugin Name: Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin Key Information: Software Type: Plugin Software Slug: ultimate-member Software Status: Active Software Author: ultimatemember Software Downloads: 10,060,431 Active Installs: 200,000 Last Updated: April 21, 2024 Patched Versions: 2.8.5 Affected Versions: <= 2.8.4 Vulnerability Details: Name: Ultimate Member <= 2.8.4…

Read More

Best WordPress Gallery Plugin Vulnerability – FooGallery – Authenticated Stored Cross-Site Scripting – CVE-2024-2081 & CVE-2024-247 | WordPress Plugin Vulnerability Report

By Your WP Guy / Apr 5, 2024

Plugin Name: Best WordPress Gallery Plugin – FooGallery Key Information: Software Type: Plugin Software Slug: foogallery Software Status: Active Software Author: bradvin Software Downloads: 4,914,021 Active Installs: 100,000 Last Updated: April 16, 2024 Patched Versions: 2.4.15 Affected Versions: <= 2.4.14 Vulnerability 1 Details: Name: FooGallery <= 2.4.14 Title: Authenticated (Author+) Stored Cross-Site Scripting Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N…

Read More

Media Library Assistant Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via mla_gallery Shortcode – CVE-2024-2475 |WordPress Plugin Vulnerability Report 

By Your WP Guy / Mar 28, 2024

Plugin Name: Media Library Assistant Key Information: Software Type: Plugin Software Slug: media-library-assistant Software Status: Active Software Author: dglingren Software Downloads: 1,901,312 Active Installs: 70,000 Last Updated: April 1, 2024 Patched Versions: 3.14 Affected Versions: <= 3.13 Vulnerability Details: Name: Media Library Assistant <= 3.13 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via mla_gallery Shortcode Type:…

Read More

HUSKY Vulnerability– Products Filter Professional for WooCommerce – Authenticated Stored Cross-Site Scripting via Shortcode – CVE-2024-1796 | WordPress Plugin Vulnerability Report 

By Your WP Guy / Mar 14, 2024

Plugin Name: HUSKY – Products Filter Professional for WooCommerce Key Information: Software Type: Plugin Software Slug: woocommerce-products-filter Software Status: Active Software Author: realmag777 Software Downloads: 1,674,101 Active Installs: 100,000 Last Updated: March 14, 2024 Patched Versions: 1.3.5.2 Affected Versions: <= 1.3.5.1 Vulnerability Details: Name: HUSKY – Products Filter for WooCommerce Professional <= 1.3.5.1 Title: Authenticated…

Read More

Burst Statistics Vulnerability – Authenticated Stored Cross-Site Scripting via burst_total_pageviews_count – CVE-2024-1894 |WordPress Plugin Vulnerability Report

By Your WP Guy / Mar 12, 2024

Plugin Name: Burst Statistics – Privacy-Friendly Analytics for WordPress Key Information: Software Type: Plugin Software Slug: burst-statistics Software Status: Active Software Author: rogierlankhorst Software Downloads: 1,792,011 Active Installs: 100,000 Last Updated: March 14, 2024 Patched Versions: 1.5.7 Affected Versions: <= 1.5.6.1 Vulnerability Details: Name: Burst Statistics <= 1.5.6.1 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via…

Read More

ProfilePress Vulnerability- Authenticated Stored Cross-Site Scripting via Shortcode – CVE-2024-1535 | WordPress Plugin Vulnerability Report

By Your WP Guy / Mar 12, 2024

Plugin Name: Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress Key Information: Software Type: Plugin Software Slug: wp-user-avatar Software Status: Active Software Author: collizo4sky Software Downloads: 12,610,237 Active Installs: 200,000 Last Updated: March 14, 2024 Patched Versions: 4.15.3 Affected Versions: <= 4.15.2 Vulnerability Details: Name: ProfilePress <=…

Read More

SiteOrigin Widgets Bundle Vulnerability- Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-1058 | WordPress Plugin Vulnerability Report

By Your WP Guy / Feb 12, 2024

Plugin Name: SiteOrigin Widgets Bundle Key Information: Software Type: Plugin Software Slug: so-widgets-bundle Software Status: Active Software Author: gpriday Software Downloads: 37,808,389 Active Installs: 600,000 Last Updated: February 16, 2024 Patched Versions: 1.58.4 Affected Versions: <= 1.58.3 Vulnerability Details: Name: SiteOrigin Widgets Bundle <= 1.58.3 Title: Authenticated (Contributor+) Stored Cross-Site Scripting Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N CVE: CVE-2024-1058…

Read More

Essential Addons for Elementor Vulnerability– Best Elementor Templates, Widgets, Kits & WooCommerce Builders – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-1236 | WordPress Plugin Vulnerability Report

By Your WP Guy / Feb 12, 2024

Plugin Name: Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders Key Information: Software Type: Plugin Software Slug: essential-addons-for-elementor-lite Software Status: Active Software Author: wpdevteam Software Downloads: 66,915,084 Active Installs: 2,000,000 Last Updated: February 27, 2024 Patched Versions: 5.9.9 Affected Versions: <= 5.9.8 Vulnerability Details: Name: Essential Addons for Elementor <=…

Read More