User Feedback Vulnerability – Unauthenticated Stored Cross-Site Scripting – CVE-2024-0903 | WordPress Plugin Vulnerability Report

Plugin Name: User Feedback Key Information: Software Type: Plugin Software Slug: userfeedback-lite Software Status: Active Software Author: smub Software Downloads: 1,054,695 Active Installs: 200,000 Last Updated: February 21, 2024 Patched Versions: 1.0.14 Affected Versions: <= 1.0.13 Vulnerability Details: Name: User Feedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds <= 1.0.13 – Unauthenticated Stored Cross-Site Scripting Title: Unauthenticated Stored Cross-Site Scripting Type: Improper Neutralization…

Read More

Elementor Addon Elements Vulnerability – Directory Traversal to Local File Inclusion – CVE-2024-1358 | WordPress Plugin Vulnerability Report

Plugin Name: Elementor Addon Elements Key Information: Software Type: Plugin Software Slug: addon-elements-for-elementor-page-builder Software Status: Active Software Author: webtechstreet Software Downloads: 2,406,134 Active Installs: 100,000 Last Updated: February 21, 2024 Patched Versions: 1.13 Affected Versions: <= 1.12.12 Vulnerability 1 Details: Name: Elementor Addon Elements <= 1.12.12 – Directory Traversal to Local File Inclusion Title: Directory Traversal to Local File Inclusion Type: Improper Limitation of a Pathname to…

Read More

Elementor Addon Elements Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-0834 |WordPress Plugin Vulnerability Report

Plugin Name: Elementor Addon Elements Key Information: Software Type: Plugin Software Slug: addon-elements-for-elementor-page-builder Software Status: Active Software Author: webtechstreet Software Downloads: 2,364,972 Active Installs: 100,000 Last Updated: February 8, 2024 Patched Versions: 1.12.12 Affected Versions: 1.12.11 – 1.12.11 Vulnerability Details: Name: Elementor Addon Elements <= 1.12.11 Title: Authenticated (Contributor+) Stored Cross-Site Scripting Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N CVE:…

Read More

SiteOrigin Widgets Bundle Vulnerability- Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-0961 |WordPress Plugin Vulnerability Report

Plugin Name: SiteOrigin Widgets Bundle Key Information: Software Type: Plugin Software Slug: so-widgets-bundle Software Status: Active Software Author: gpriday Software Downloads: 37,152,267 Active Installs: 600,000 Last Updated: February 1, 2024 Patched Versions: 1.58.2 Affected Versions: <= 1.58.1 Vulnerability Details: Name: SiteOrigin Widgets Bundle <= 1.58.1 Title: Authenticated (Contributor+) Stored Cross-Site Scripting Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N CVE: CVE-2024-0961…

Read More

Exclusive Addons for Elementor Vulnerability- Stored Cross-Site Scripting Vulnerabilities – CVE-2024-0824 & CVE-2024-0823 |WordPress Plugin Vulnerability Report 

Plugin Name: Exclusive Addons for Elementor Key Information: Software Type: Plugin Software Slug: exclusive-addons-for-elementor Software Status: Active Software Author: timstrifler Software Downloads: 688,917 Active Installs: 50,000 Last Updated: February 1, 2024 Patched Versions: 2.6.9 Affected Versions: <= 2.6.8 Vulnerability Details (Section 1): Name: Exclusive Addons for Elementor <= 2.6.8 Title: Authenticated (Contributor+) Stored Cross-Site Scripting…

Read More

Paid Memberships Pro Vulnerability – Cross-Site Request Forgery to Level Orders Update – CVE-2024-0624 | WordPress Plugin Vulnerability Report

Plugin Name: Paid Memberships Pro Key Information: Software Type: Plugin Software Slug: paid-memberships-pro Software Status: Active Software Author: strangerstudios Software Downloads: 5,532,954 Active Installs: 90,000 Last Updated: January 24, 2024 Patched Versions: 2.12.8 Affected Versions: <= 2.12.7 Vulnerability Details: Name: Paid Memberships Pro <= 2.12.7 – Cross-Site Request Forgery to Level Orders Update Type: Cross-Site Request Forgery (CSRF) CVE: CVE-2024-0624 CVSS Score: 5.3 (Medium) Publicly Published: January 24, 2024…

Read More

WP Go Maps Vulnerability – Reflected Cross-Site Scripting – CVE-2023-6697 | WordPress Plugin Vulnerability Report

Plugin Name: WP Go Maps (formerly WP Google Maps) Key Information: Software Type: Plugin Software Slug: wp-google-maps Software Status: Active Software Author: wpgmaps Software Downloads: 22,527,179 Active Installs: 400,000 Last Updated: January 23, 2024 Patched Versions: 9.0.29 Affected Versions: <= 9.0.28 Vulnerability Details: Name: WP Go Maps (formerly WP Google Maps) <= 9.0.28 – Reflected Cross-Site Scripting Type: Improper Neutralization of Input During Web Page Generation…

Read More

File Manager Vulnerability – Sensitive Information Exposure via Backup Filenames – CVE-2024-0761 | WordPress Plugin Vulnerability Report

Plugin Name: File Manager Key Information: Software Type: Plugin Software Slug: wp-file-manager Software Status: Active Software Author: mndpsingh287 Software Downloads: 19,681,705 Active Installs: 1,000,000 Last Updated: January 22, 2024 Patched Versions: 7.2.2 Affected Versions: <= 7.2.1 Vulnerability Details: Name: File Manager <= 7.2.1 – Sensitive Information Exposure via Backup Filenames Title: Sensitive Information Exposure via…

Read More

Contact Form Plugin – Authenticated(Administrator+) Stored Cross-Site Scripting via imported form title – CVE-2024-0618 | WordPress Plugin Vulnerability Report

Plugin Name: Contact Form Plugin – Fastest Contact Form Builder Plugin for WordPress by Fluent Forms Key Information: Software Type: Plugin Software Slug: fluentform Software Status: Active Software Author: techjewel Software Downloads: 5,679,069 Active Installs: 400,000 Last Updated: January 18, 2024 Patched Versions: 5.1.7 Affected Versions: <= 5.1.5 Vulnerability Details: Name: Fluent Forms <= 5.1.5…

Read More

Plugin for Google Reviews – Authenticated Stored Cross-Site Scripting via Shortcode – CVE-2023-6884 | WordPress Plugin Vulnerability Report

Plugin Name: Plugin for Google Reviews Key Information: Software Type: Plugin Software Slug: widget-google-reviews Software Status: Active Software Author: widgetpack Software Downloads: 3,299,708 Active Installs: 100,000 Last Updated: January 12, 2024 Patched Versions: 3.2 Affected Versions: <= 3.1 Vulnerability Details: Name: Plugin for Google Reviews <= 3.1 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode…

Read More