Posts Tagged ‘Web Security’
LiteSpeed Cache Vulnerability – Cross-Site Request Forgery to Stored Cross-Site Scripting – CVE-2024-3246 | WordPress Plugin Vulnerability Report
Plugin Name: LiteSpeed Cache Key Information: Software Type: Plugin Software Slug: litespeed-cache Software Status: Active Software Author: litespeedtech Software Downloads: 70,093,541 Active Installs: 5,000,000 Last Updated: July 29, 2024 Patched Versions: 6.3 Affected Versions: <= 6.2.0.1 Vulnerability Details: Name: LiteSpeed Cache <= 6.2.0.1 Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE: CVE-2024-3246 CVSS Score: 6.1 Publicly Published: July 23, 2024…
Read MoreRedux Framework Vulnerability – Unauthenticated JSON File Upload to Stored Cross-Site Scripting – CVE-2024-6828 | WordPress Plugin Vulnerability Report
Plugin Name: Redux Framework Key Information: Software Type: Plugin Software Slug: redux-framework Software Status: Active Software Author: davidanderson Software Downloads: 26,600,180 Active Installs: 1,000,000 Last Updated: July 29, 2024 Patched Versions: 4.4.18 Affected Versions: 4.4.12 – 4.4.17 Vulnerability Details: Name: Redux Framework 4.4.12 – 4.4.17 Type: Unauthenticated JSON File Upload to Stored Cross-Site Scripting CVE:…
Read MoreSecurity Optimizer Vulnerability – Missing Authorization via hide_notice() – CVE-2024-38774 | WordPress Plugin Vulnerability Report
Plugin Name: Security Optimizer – The All-In-One Protection Plugin Key Information: Software Type: Plugin Software Slug: sg-security Software Status: Active Software Author: siteground Software Downloads: 22,051,479 Active Installs: 1,000,000 Last Updated: July 29, 2024 Patched Versions: 1.5.1 Affected Versions: <= 1.5.0 Vulnerability Details: Name: Security Optimizer – The All-In-One Protection Plugin <= 1.5.0 Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N…
Read MoreWP Mail SMTP by WPForms Vulnerability – Authenticated (Admin+) SMTP Password Exposure – CVE-2024-6694 | WordPress Plugin Vulnerability Report
Plugin Name: WP Mail SMTP by WPForms – The Most Popular SMTP and Email Log Plugin Key Information: Software Type: Plugin Software Slug: wp-mail-smtp Software Status: Active Software Author: smub Software Downloads: 54,987,682 Active Installs: 3,000,000 Last Updated: July 29, 2024 Patched Versions: 4.1.0 Affected Versions: <= 4.0.1 Vulnerability Details: Name: WP Mail SMTP <=…
Read MoreDuplicator – Migration & Backup Plugin Vulnerability – Full Path Disclosure – CVE-2024-6210 | WordPress Plugin Vulnerability Report
Plugin Name: Duplicator – Migration & Backup Plugin Key Information: Software Type: Plugin Software Slug: duplicator Software Status: Active Software Author: smub Software Downloads: 43,284,982 Active Installs: 1,000,000 Last Updated: July 29, 2024 Patched Versions: 1.5.10 Affected Versions: <= 1.5.9 Vulnerability Details: Name: Duplicator <= 1.5.9 Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE: CVE-2024-6210 CVSS Score: 5.3 Publicly Published:…
Read MoreFile Manager Vulnerability – Missing Authorization – CVE-2024-37254 | WordPress Plugin Vulnerability Report
Plugin Name: File Manager Key Information: Software Type: Plugin Software Slug: wp-file-manager Software Status: Active Software Author: mndpsingh287 Software Downloads: 24,013,163 Active Installs: 1,000,000 Last Updated: July 19, 2024 Patched Versions: 7.2.8 Affected Versions: <= 7.2.7 Vulnerability Details: Name: File Manager <= 7.2.7 Type: Missing Authorization CVE: CVE-2024-37254 CVSS Score: 4.3 Publicly Published: June 27,…
Read MoreTablePress – Tables in WordPress made easy Vulnerability – Authenticated (Author+) Server-Side Request Forgery via DNS Rebind – CVE-2024-4354 | WordPress Plugin Vulnerability Report
Plugin Name: TablePress – Tables in WordPress made easy Key Information: Software Type: Plugin Software Slug: tablepress Software Status: Active Software Author: tobiasbg Software Downloads: 15,366,391 Active Installs: 800,000 Last Updated: June 18, 2024 Patched Versions: 2.3.2 Affected Versions: <= 2.3.1 Vulnerability Details: Name: TablePress – Tables in WordPress made easy <= 2.3 Title: Authenticated…
Read MoreRoyal Elementor Addons and Templates Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting, Authenticated (Author+) Stored Cross-Site Scripting via SVG Uploads – CVE-2024-4488, CVE-2024-4489 | WordPress Plugin Vulnerability Report
Plugin Name: Royal Elementor Addons and Templates Key Information: Software Type: Plugin Software Slug: royal-elementor-addons Software Status: Active Software Author: wproyal Software Downloads: 5,750,699 Active Installs: 300,000 Last Updated: June 19, 2024 Patched Versions: 1.3.977 Affected Versions: <= 1.3.976 Vulnerability 1 Details: Name: Royal Elementor Addons and Templates <= 1.3.976 Title: Authenticated (Contributor+) Stored Cross-Site…
Read MorePrime Slider – Addons For Elementor Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Pacific Widget – CVE-2024-5640 | WordPress Plugin Vulnerability Report
Plugin Name: Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) Key Information: Software Type: Plugin Software Slug: bdthemes-prime-slider-lite Software Status: Active Software Author: bdthemes Software Downloads: 2,491,843 Active Installs: 100,000 Last Updated: June 20, 2024 Patched Versions: 3.14.8 Affected Versions: <= 3.14.7 Vulnerability Details: Name: Prime Slider – Addons…
Read MorePopup Builder by OptinMonster Vulnerability – WordPress Popups for Optins, Email Newsletters and Lead Generation – Cross-Site Request Forgery to Notice Dismissal – CVE-2024-33691 | WordPress Plugin Vulnerability Report
Plugin Name: Popup Builder by OptinMonster – WordPress Popups for Optins, Email Newsletters and Lead Generation Key Information: Software Type: Plugin Software Slug: optinmonster Software Status: Active Software Author: optinmonster Software Downloads: 103,821,350 Active Installs: 1,000,000 Last Updated: May 10, 2024 Patched Versions: 2.16.0 Affected Versions: <= 2.15.3 Vulnerability Details: Name: Popup Builder by OptinMonster…
Read More