Web Security

Elementor Addon Elements Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-2091 |WordPress Plugin Vulnerability Report

By Your WP Guy / Mar 26, 2024

Plugin Name: Elementor Addon Elements Key Information: Software Type: Plugin Software Slug: addon-elements-for-elementor-page-builder Software Status: Active Software Author: webtechstreet Software Downloads: 2,523,308 Active Installs: 100,000 Last Updated: March 26, 2024 Patched Versions: 1.13.2 Affected Versions: <= 1.13.1 Vulnerability Details: Name: Elementor Addon Elements <= 1.13.1 Authenticated (Contributor+) Stored Cross-Site Scripting Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVE: CVE-2024-2091 CVSS…

Read More

WordPress Infinite Scroll Vulnerability – Ajax Load More – Authenticated (Admin+) Directory Traversal to Arbitrary File Read – CVE-2024-1790 |WordPress Plugin Vulnerability Report

By Your WP Guy / Mar 26, 2024

Plugin Name: WordPress Infinite Scroll – Ajax Load More Key Information: Software Type: Plugin Software Slug: ajax-load-more Software Status: Active Software Author: connekthq Software Downloads: 1,877,054 Active Installs: 50,000 Last Updated: March 26, 2024 Patched Versions: 7.1.0 Affected Versions: <= 7.0.1 Vulnerability Details: Name: Ajax Load More <= 7.0.1 Authenticated (Admin+) Directory Traversal to Arbitrary…

Read More

The Plus Addons for Elementor Vulnerability – Authenticated (Contributor+) Local File Inclusion via Team Member Listing – CVE-2024-2210 |WordPress Plugin Vulnerability Report

By Your WP Guy / Mar 26, 2024

Plugin Name: The Plus Addons for Elementor Key Information: Software Type: Plugin Software Slug: the-plus-addons-for-elementor-page-builder Software Status: Active Software Author: posimyththemes Software Downloads: 2,111,525 Active Installs: 100,000 Last Updated: March 26, 2024 Patched Versions: Not specified Affected Versions: <= 5.4.1 Vulnerability Details: Name: The Plus Addons for Elementor <= 5.4.1 Authenticated Local File Inclusion via…

Read More

Page Builder by SiteOrigin Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Legacy Image Widget – CVE-2024-2202 | WordPress Plugin Vulnerability Report

By Your WP Guy / Mar 22, 2024

Plugin Name: Page Builder by SiteOrigin Key Information: Software Type: Plugin Software Slug: siteorigin-panels Software Status: Active Software Author: gpriday Software Downloads: 49,798,891 Active Installs: 700,000 Last Updated: March 22, 2024 Patched Versions: 2.29.7 Affected Versions: <= 2.29.6 Vulnerability Details: Name: Page Builder by SiteOrigin <= 2.29.6 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via Legacy…

Read More

Contact Form 7 Vulnerability – Reflected Cross-Site Scripting – CVE-2024-2242 | WordPress Plugin Vulnerability Report

By Your WP Guy / Mar 13, 2024

Plugin Name: Contact Form 7 Key Information: Software Type: Plugin Software Slug: contact-form-7 Software Status: Active Software Author: takayukister Software Downloads: 318,916,329 Active Installs: 5,000,000 Last Updated: March 14, 2024 Patched Versions: 5.9.2 Affected Versions: <= 5.9 Vulnerability Details: Name: Contact Form 7 <= 5.9 Title: Reflected Cross-Site Scripting Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE: CVE-2024-2242 CVSS Score:…

Read More

Elementor Addons by Livemesh Vulnerability – Authenticated Stored Cross-Site Scripting via Posts Multislider Widget – CVE-2024-1466 | WordPress Plugin Vulnerability Report 

By Your WP Guy / Mar 13, 2024

Plugin Name: Elementor Addons by Livemesh Key Information: Software Type: Plugin Software Slug: addons-for-elementor Software Status: Active Software Author: livemesh Software Downloads: 3,775,245 Active Installs: 70,000 Last Updated: March 14, 2024 Patched Versions: 8.3.6 Affected Versions: <= 8.3.4 Vulnerability Details: Name: Elementor Addons by Livemesh <= 8.3.4 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via Posts…

Read More

Prime Slider Vulnerability – Authenticated Stored Cross-Site Scripting via Rubix Widget – CVE-2024-1507 | WordPress Plugin Vulnerability Report – 

By Your WP Guy / Mar 12, 2024

Plugin Name: Prime Slider – Addons For Elementor Key Information: Software Type: Plugin Software Slug: bdthemes-prime-slider-lite Software Status: Active Software Author: bdthemes Software Downloads: 2,042,074 Active Installs: 100,000 Last Updated: March 13, 2024 Patched Versions: 3.13.3 Affected Versions: <= 3.13.2 Vulnerability Details: Name: Prime Slider – Addons For Elementor <= 3.13.2 Title: Authenticated (Contributor+) Stored…

Read More

 Elementor Header & Footer Builder Vulnerability – Authenticated Stored Cross-Site Scripting – CVE-2024-1237 | WordPress Plugin Vulnerability Report 

By Your WP Guy / Mar 11, 2024

Plugin Name: Elementor Header & Footer Builder Key Information: Software Type: Plugin Software Slug: header-footer-elementor Software Status: Active Software Author: brainstormforce Software Downloads: 24,612,698 Active Installs: 1,000,000 Last Updated: March 13, 2024 Patched Versions: 1.6.25 Affected Versions: <= 1.6.24 Vulnerability Details: Name: Elementor Header & Footer Builder <= 1.6.24 Title: Authenticated (Contributor+) Stored Cross-Site Scripting…

Read More

Essential Addons for Elementor Vulnerability- Authenticated Stored Cross-Site Scripting via Data Table – CVE-2024-1537 |WordPress Plugin Vulnerability Report

By Your WP Guy / Mar 11, 2024

Plugin Name: Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders Key Information: Software Type: Plugin Software Slug: essential-addons-for-elementor-lite Software Status: Active Software Author: wpdevteam Software Downloads: 67,142,962 Active Installs: 2,000,000 Last Updated: March 13, 2024 Patched Versions: 5.9.10 Affected Versions: <= 5.9.9 Vulnerability Details: Name: Essential Addons for Elementor <=…

Read More

Complianz Vulnerability – GDPR/CCPA Cookie Consent – Cross-Site Request Forgery to Data Request Deletion – CVE-2024-1592 | WordPress Plugin Vulnerability Report

By Your WP Guy / Mar 1, 2024

Plugin Name: Complianz – GDPR/CCPA Cookie Consent Key Information: Software Type: Plugin Software Slug: complianz-gdpr Software Status: Active Software Author: rogierlankhorst Software Downloads: 14,458,989 Active Installs: 900,000 Last Updated: March 1, 2024 Patched Versions: 7.0.0 Affected Versions: <= 6.5.6 Vulnerability Details: Name: Complianz – GDPR/CCPA Cookie Consent <= 6.5.6 Title: Cross-Site Request Forgery to Data…

Read More