Web Security

Qi Addons For Elementor Vulnerability – Authenticated Stored Cross-Site Scripting via Countdown Widget – CVE-2024-3309 | WordPress Plugin Vulnerability Report

By Your WP Guy / Apr 26, 2024

Plugin Name: Qi Addons For Elementor Key Information: Software Type: Plugin Software Slug: qi-addons-for-elementor Software Status: Active Software Author: qodeinteractive Software Downloads: 1,882,207 Active Installs: 200,000 Last Updated: May 10, 2024 Patched Versions: 1.7.1 Affected Versions: <= 1.7.0 Vulnerability Details: Name: Qi Addons For Elementor <= 1.7.0 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown…

Read More

Cornerstone Vulnerability – Reflected Cross-Site Scripting – CVE-2024-28002 | WordPress Plugin Vulnerability Report 

By Your WP Guy / Apr 26, 2024

Plugin Name: Cornerstone Key Information: Software Type: Plugin Software Slug: cornerstone Software Status: Active Software Author: archetyped Software Downloads: 57,853 Active Installs: 60,000 Last Updated: May 10, 2024 Patched Versions: 0.8.1 Affected Versions: <= 0.8.0 Vulnerability Details: Name: Cornerstone <= 0.8.0 Title: Reflected Cross-Site Scripting (XSS) Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE: CVE-2024-28002 CVSS Score: 6.1 Publicly Published:…

Read More

Form Maker by 10Web Vulnerability – Mobile-Friendly Drag & Drop Contact Form Builder – Authenticated Stored Self-Based Cross-Site Scripting – CVE-2024-2258 | WordPress Plugin Vulnerability Report 

By Your WP Guy / Apr 26, 2024

Plugin Name: Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder Key Information: Software Type: Plugin Software Slug: form-maker Software Status: Active Software Author: 10web Software Downloads: 4,737,462 Active Installs: 50,000 Last Updated: May 13, 2024 Patched Versions: 1.15.25 Affected Versions: 1.15.24 Vulnerability Details: Name: Form Maker by 10Web <= 1.15.24 Title:…

Read More

Happy Addons for Elementor Vulnerability – Authenticated Stored Cross-Site Scripting via Calendly Widget – CVE-2024-3890 | WordPress Plugin Vulnerability Report 

By Your WP Guy / Apr 25, 2024

Plugin Name: Happy Addons for Elementor Key Information: Software Type: Plugin Software Slug: happy-elementor-addons Software Status: Active Software Author: thehappymonster Software Downloads: 6,800,239 Active Installs: 400,000 Last Updated: May 10, 2024 Patched Versions: 3.10.7 Affected Versions: <= 3.10.6 Vulnerability Details: Name: Happy Addons for Elementor <= 3.10.6 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via Calendly…

Read More

Premium Addons for Elementor Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via ‘arrow_style’ – CVE-2024-3647 | WordPress Plugin Vulnerability Report

By Your WP Guy / Apr 24, 2024

Plugin Name: Premium Addons for Elementor Key Information: Software Type: Plugin Software Slug: premium-addons-for-elementor Software Status: Active Software Author: leap13 Software Downloads: 31,878,013 Active Installs: 700,000 Last Updated: May 9, 2024 Patched Versions: 4.10.29 Affected Versions: <= 4.10.28 Vulnerability Details: Name: Premium Addons for Elementor <= 4.10.28 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via ‘arrow_style’…

Read More

Database for Contact Form 7, WPforms, Elementor forms Vulnrability – Unauthenticated Stored Cross-Site Scripting – CVE-2024-3715 | WordPress Plugin Vulnerability Report

By Your WP Guy / Apr 22, 2024

Plugin Name: Database for Contact Form 7, WPforms, Elementor forms Key Information: Software Type: Plugin Software Slug: contact-form-entries Software Status: Active Software Author: crmperks Software Downloads: 661,856 Active Installs: 70,000 Last Updated: May 8, 2024 Patched Versions: 1.3.9 Affected Versions: <= 1.3.8 Vulnerability Details: Name: Database for Contact Form 7, WPforms, Elementor forms <= 1.3.8…

Read More

Rank Math SEO with AI Best SEO Tools Vulnerability – Authenticated Stored Cross-Site Scripting via ‘titleWrapper’ – CVE-2024-3665 | WordPress Plugin Vulnerability Report

By Your WP Guy / Apr 22, 2024

Plugin Name: Rank Math SEO with AI Best SEO Tools Key Information: Software Type: Plugin Software Slug: seo-by-rank-math Software Status: Active Software Author: rankmath Software Downloads: 94,115,243 Active Installs: 2,000,000 Last Updated: May 6, 2024 Patched Versions: 1.0.217 Affected Versions: <= 1.0.216 Vulnerability Details: Name: Rank Math SEO with AI SEO Tools <= 1.0.216 Title:…

Read More

FileBird Vulnerability – WordPress Media Library Folders & File Manager – Authenticated Insecure Direct Object Reference – CVE-2024-2346 | WordPress Plugin Vulnerability Report

By Your WP Guy / Apr 16, 2024

Plugin Name: FileBird – WordPress Media Library Folders & File Manager Key Information: Software Type: Plugin Software Slug: filebird Software Status: Active Software Author: ninjateam Software Downloads: 4,220,916 Active Installs: 200,000 Last Updated: April 25, 2024 Patched Versions: 5.6.4 Affected Versions: <= 5.6.3 Vulnerability Details: Name: FileBird – WordPress Media Library Folders & File Manager…

Read More

HT Mega Vulnerability – Absolute Addons For Elementor – Multiple Vulnerabilities – Various CVEs |WordPress Plugin Vulnerability Report

By Your WP Guy / Apr 16, 2024

Plugin Name: HT Mega – Absolute Addons For Elementor Key Information: Software Type: Plugin Software Slug: ht-mega-for-elementor Software Status: Active Software Author: devitemsllc Software Downloads: 3,754,207 Active Installs: 100,000 Last Updated: April 26, 2024 Patched Versions: 2.4.7, 2.4.9 Affected Versions: <= 2.4.6, <= 2.4.8 Vulnerability Details: Name: HT Mega – Absolute Addons For Elementor <=…

Read More

Otter Blocks Vulnerability – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE – Authenticated Stored Cross-Site Scripting via ‘titleTag’ – CVE-2024-3725 | WordPress Plugin Vulnerability Report

By Your WP Guy / Apr 16, 2024

Plugin Name: Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE Key Information: Software Type: Plugin Software Slug: otter-blocks Software Status: Active Software Author: themeisle Software Downloads: 7,631,372 Active Installs: 300,000 Last Updated: April 25, 2024 Patched Versions: 2.6.10 Affected Versions: <= 2.6.9 Vulnerability Details: Name: Otter Blocks <= 2.6.9 Title: Authenticated…

Read More