User Feedback Vulnerability – Unauthenticated Stored Cross-Site Scripting – CVE-2024-0903 | WordPress Plugin Vulnerability Report

Plugin Name: User Feedback Key Information: Software Type: Plugin Software Slug: userfeedback-lite Software Status: Active Software Author: smub Software Downloads: 1,054,695 Active Installs: 200,000 Last Updated: February 21, 2024 Patched Versions: 1.0.14 Affected Versions: <= 1.0.13 Vulnerability Details: Name: User Feedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds <= 1.0.13 – Unauthenticated Stored Cross-Site Scripting Title: Unauthenticated Stored Cross-Site Scripting Type: Improper Neutralization…

Read More

Elementor Addon Elements Vulnerability – Directory Traversal to Local File Inclusion – CVE-2024-1358 | WordPress Plugin Vulnerability Report

Plugin Name: Elementor Addon Elements Key Information: Software Type: Plugin Software Slug: addon-elements-for-elementor-page-builder Software Status: Active Software Author: webtechstreet Software Downloads: 2,406,134 Active Installs: 100,000 Last Updated: February 21, 2024 Patched Versions: 1.13 Affected Versions: <= 1.12.12 Vulnerability 1 Details: Name: Elementor Addon Elements <= 1.12.12 – Directory Traversal to Local File Inclusion Title: Directory Traversal to Local File Inclusion Type: Improper Limitation of a Pathname to…

Read More

WP Booking Calendar Vulnerability- Unauthenticated SQL Injection – CVE-2024-1207 | WordPress Plugin Vulnerability Report

Plugin Name: WP Booking Calendar Key Information: Software Type: Plugin Software Slug: booking Software Status: Active Software Author: wpdevelop Software Downloads: 3,262,200 Active Installs: 60,000 Last Updated: February 12, 2024 Patched Versions: 9.9.1 Affected Versions: <= 9.9 Vulnerability Details: Name: Booking Calendar <= 9.9 Title: Unauthenticated SQL Injection Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE: CVE-2024-1207 CVSS Score: 9.8…

Read More

WP Recipe Maker Vulnerability- Missing Authorization to Authenticated SQL Injection – CVE-2024-1206 |WordPress Plugin Vulnerability Report

Plugin Name: WP Recipe Maker Key Information: Software Type: Plugin Software Slug: wp-recipe-maker Software Status: Active Software Author: brechtvds Software Downloads: 2,598,010 Active Installs: 50,000 Last Updated: February 13, 2024 Patched Versions: 9.2.0 Affected Versions: <= 9.1.2 Vulnerability Details: Name: WP Recipe Maker <= 9.1.2 Title: Missing Authorization to Authenticated (Subscriber+) SQL Injection Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H…

Read More

WP Shortcodes Plugin Vulnerability— Shortcodes Ultimate – Authenticated Stored Cross-Site Scripting via shortcode – CVE-2024-0792 |WordPress Plugin Vulnerability Report 

Plugin Name: WP Shortcodes Plugin — Shortcodes Ultimate Key Information: Software Type: Plugin Software Slug: shortcodes-ultimate Software Status: Active Software Author: gn_themes Software Downloads: 18,460,707 Active Installs: 600,000 Last Updated: February 12, 2024 Patched Versions: 7.0.2 Affected Versions: <= 7.0.1 Vulnerability Details: Name: WP Shortcodes Plugin — Shortcodes Ultimate <= 7.0.1 Title: Authenticated(Contributor+) Stored Cross-Site…

Read More

AMP for WP Vulnerability– Accelerated Mobile Pages – Authenticated Arbitrary Post Deletion via amppb_remove_saved_layout_data – CVE-2024-1043 |WordPress Plugin Vulnerability Report

Key Information: Software Type: Plugin Software Slug: accelerated-mobile-pages Software Status: Active Software Author: mohammed_kaludi Software Downloads: 17,665,548 Active Installs: 100,000 Last Updated: February 13, 2024 Patched Versions: 1.0.93.2 Affected Versions: <= 1.0.93.1 Vulnerability Details: Name: AMP for WP <= 1.0.93.1 Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE: CVE-2024-1043 CVSS Score: 6.5 Publicly Published: February 6, 2024 Researcher: Sean Murphy…

Read More

PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-1055 | WordPress Plugin Vulnerability Report

Plugin Name: PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) Key Information: Software Type: Plugin Software Slug: powerpack-lite-for-elementor Software Status: Active Software Author: ideaboxcreations Software Downloads: 2,129,545 Active Installs: 100,000 Last Updated: February 13, 2024 Patched Versions: 2.7.15 Affected Versions: <= 2.7.14 Vulnerability Details: Name: PowerPack Addons for Elementor <= 2.7.14 Title: Authenticated (Contributor+)…

Read More

WP 404 Auto Redirect to Similar Post Vulnerability- Reflected Cross-Site Scripting via request – CVE-2024-0509 |WordPress Plugin Vulnerability Report

Plugin Name: WP 404 Auto Redirect to Similar Post Key Information: Software Type: Plugin Software Slug: wp-404-auto-redirect-to-similar-post Software Status: Active Software Author: hwk-fr Software Downloads: 266,878 Active Installs: 40,000 Last Updated: February 8, 2024 Patched Versions: 1.0.4 Affected Versions: <= 1.0.3 Vulnerability Details: Name: WP 404 Auto Redirect to Similar Post <= 1.0.3 Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N…

Read More

Meta Box Vulnerability– WordPress Custom Fields Framework – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2023-6526 |WordPress Plugin Vulnerability Report

Plugin Name: Meta Box – WordPress Custom Fields Framework Key Information: Software Type: Plugin Software Slug: meta-box Software Status: Active Software Author: rilwis Software Downloads: 16,593,050 Active Installs: 700,000 Last Updated: February 8, 2024 Patched Versions: 5.9.3 Affected Versions: <= 5.9.2 Vulnerability Details: Name: Meta Box – WordPress Custom Fields Framework <= 5.9.2 Title: Authenticated…

Read More

Calculated Fields Form Vulnerability- Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-0963 | WordPress Plugin Vulnerability Report

Plugin Name: Calculated Fields Form Key Information: Software Type: Plugin Software Slug: calculated-fields-form Software Status: Active Software Author: codepeople Software Downloads: 6,585,834 Active Installs: 60,000 Last Updated: February 12, 2024 Patched Versions: 1.2.53 Affected Versions: <= 1.2.52 Vulnerability Details: Name: Calculated Fields Form <= 1.2.52 Title: Authenticated (Contributor+) Stored Cross-Site Scripting Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N CVE: CVE-2024-0963…

Read More