Posts Tagged ‘web security best practices’
The Post Grid Vulnerability – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid – Missing Authorization – CVE-2024-3936 | WordPress Plugin Vulnerability Report
Plugin Name: The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid Key Information: Software Type: Plugin Software Slug: the-post-grid Software Status: Active Software Author: techlabpro1 Software Downloads: 1,704,748 Active Installs: 90,000 Last Updated: May 10, 2024 Patched Versions: 7.7.0 Affected Versions: <= 7.6.1 Vulnerability Details: Name: The Post Grid – Shortcode,…
Read MoreFameTheme Demo Importer Vulnerability – Cross-Site Request Forgery – CVE-2024-33679 | WordPress Plugin Vulnerability Report
Plugin Name: FameTheme Demo Importer Key Information: Software Type: Plugin Software Slug: famethemes-demo-importer Software Status: Active Software Author: famethemes Software Downloads: 708,614 Active Installs: 50,000 Last Updated: May 10, 2024 Patched Versions: Not available Affected Versions: <= 1.1.5 Vulnerability Details: Name: FameTheme Demo Importer <= 1.1.5 Title: Cross-Site Request Forgery (CSRF) Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE: CVE-2024-33679…
Read MoreComments – wpDiscuz Vulnerability – Authenticated Stored Cross-Site Scripting via Uploaded Image Alternative Text – CVE-2024-2477 | WordPress Plugin Vulnerability Report
Plugin Name: Comments – wpDiscuz Key Information: Software Type: Plugin Software Slug: wpdiscuz Software Status: Active Software Author: advancedcoding Software Downloads: 3,284,736 Active Installs: 80,000 Last Updated: May 9, 2024 Patched Versions: 7.6.16 Affected Versions: <= 7.6.15 Vulnerability Details: Name: wpDiscuz <= 7.6.15 Title: Authenticated (Author+) Stored Cross-Site Scripting via Uploaded Image Alternative Text Type:…
Read MoreElementor Addons by Livemesh Vulnerability – Authenticated Stored Cross-Site Scripting Vulnerabilities – CVE-2024-2539 & CVE-2024-2655 | WordPress Plugin Vulnerability Report
Plugin Name: Elementor Addons by Livemesh Key Information: Software Type: Plugin Software Slug: addons-for-elementor Software Status: Active Software Author: livemesh Software Downloads: 3,814,639 Active Installs: 60,000 Last Updated: April 16, 2024 Patched Versions: 8.3.7 Affected Versions: <= 8.3.6 Vulnerability 1 Details: Name: Elementor Addons by Livemesh <= 8.3.6 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via…
Read MoreSydney Toolbox Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via _id – CVE-2024-2936 |WordPress Plugin Vulnerability Report
Plugin Name: Sydney Toolbox Key Information: Software Type: Plugin Software Slug: sydney-toolbox Software Status: Active Software Author: athemes Software Downloads: 2,161,148 Active Installs: 80,000 Last Updated: April 1, 2024 Patched Versions: 1.27 Affected Versions: <= 1.26 Vulnerability Details: Name: Sydney Toolbox <= 1.26 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via _id Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N CVE: CVE-2024-2936…
Read MoreEvents Manager Vulnerability – Calendar, Bookings, Tickets, and more! – Multiple Vulnerabilities – CVE-2024-2111 & CVE-2024-2110 |WordPress Plugin Vulnerability Report
Plugin Name: Events Manager – Calendar, Bookings, Tickets, and more! Key Information: Software Type: Plugin Software Slug: events-manager Software Status: Active Software Author: netweblogic Software Downloads: 4,637,218 Active Installs: 90,000 Last Updated: March 27, 2024 Patched Versions: 6.4.7.2 Affected Versions: <= 6.4.7.1 Vulnerability 1 Details: Name: Events Manager <= 6.4.7.1 Title: Authenticated (Contributor+) Stored Cross-Site…
Read MoreMeta Tag Manager Vulnerability – Authenticated (Subscriber+) PHP Object Injection – CVE-2024-1770 |WordPress Plugin Vulnerability Report
Plugin Name: Meta Tag Manager Key Information: Software Type: Plugin Software Slug: meta-tag-manager Software Status: Active Software Author: netweblogic Software Downloads: 865,531 Active Installs: 100,000 Last Updated: March 27, 2024 Patched Versions: 3.1 Affected Versions: <= 3.0.2 Vulnerability Details: Name: Meta Tag Manager <= 3.0.2 Title: Authenticated (Subscriber+) PHP Object Injection Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE: CVE-2024-1770…
Read MoreElementor Website Builder Vulnerability – More than Just a Page Builder – Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Path Widget – CVE-2024-2117 |WordPress Plugin Vulnerability Report
Plugin Name: Elementor Website Builder – More than Just a Page Builder Key Information: Software Type: Plugin Software Slug: elementor Software Status: Active Software Author: elemntor Software Downloads: 401,702,579 Active Installs: 5,000,000 Last Updated: March 27, 2024 Patched Versions: 3.20.3 Affected Versions: <= 3.20.2 Vulnerability Details: Name: Elementor Website Builder – More than Just a…
Read MoreVK All in One Expansion Unit – Authenticated (Contributor+) Stored Cross-Site Scripting via className – CVE-2024-2170 |WordPress Plugin Vulnerability Report
Plugin Name: VK All in One Expansion Unit Key Information: Software Type: Plugin Software Slug: vk-all-in-one-expansion-unit Software Status: Active Software Author: kurudrive Software Downloads: 5,085,263 Active Installs: 100,000 Last Updated: March 25, 2024 Patched Versions: 9.97.0.0 Affected Versions: <= 9.96.0.1 Vulnerability Details: Name: VK All in One Expansion Unit <= 9.96.0.1 Title: Authenticated (Contributor+) Stored…
Read MoreGiveWP Vulnerability– Donation Plugin and Fundraising Platform – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-1424 | WordPress Plugin Vulnerability Report
Plugin Name: GiveWP – Donation Plugin and Fundraising Platform Key Information: Software Type: Plugin Software Slug: give Software Status: Active Software Author: webdevmattcrom Software Downloads: 6,822,276 Active Installs: 100,000 Last Updated: March 19, 2024 Patched Versions: 3.6.0 Affected Versions: <= 3.5.1 Vulnerability Details: Name: GiveWP – Donation Plugin and Fundraising Platform <= 3.5.1 Title: Authenticated…
Read More