Website Maintenance
Contact Form Plugin Vulnerability – PHP Object Injection via extractDynamicValues – CVE-2024-4157 | WordPress Plugin Vulnerability Report
Plugin Name: Contact Form Plugin Key Information: Software Type: Plugin Software Slug: fluentform Software Status: Active Software Author: techjewel Software Downloads: 7,048,138 Active Installs: 400,000 Last Updated: May 21, 2024 Patched Versions: 5.1.16 Affected Versions: <= 5.1.15 Vulnerability Details: Name: Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form…
Read More
SiteOrigin Widgets Bundle Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via ‘siteorigin_widget’ Shortcode – CVE-2024-4362 | WordPress Plugin Vulnerability Report
Plugin Name: SiteOrigin Widgets Bundle Key Information: Software Type: Plugin Software Slug: so-widgets-bundle Software Status: Active Software Author: gpriday Software Downloads: 39,647,522 Active Installs: 600,000 Last Updated: May 21, 2024 Patched Versions: 1.61.0 Affected Versions: <= 1.60.0 Vulnerability Details: Name: SiteOrigin Widgets Bundle <= 1.60.0 – Authenticated (Contributor+) Stored Cross-Site Scripting via ‘siteorigin_widget’ Shortcode Type:…
Read More
Page Builder by SiteOrigin Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via ‘siteorigin_widget’ Shortcode – CVE-2024-4361 | WordPress Plugin Vulnerability Report
Plugin Name: Page Builder by SiteOrigin Key Information: Software Type: Plugin Software Slug: siteorigin-panels Software Status: Active Software Author: gpriday Software Downloads: 51,387,711 Active Installs: 700,000 Last Updated: May 20, 2024 Patched Versions: 2.29.16 Affected Versions: <= 2.29.15 Vulnerability Details: Name: Page Builder by SiteOrigin <= 2.29.15 – Authenticated (Contributor+) Stored Cross-Site Scripting via ‘siteorigin_widget’…
Read More
ShopLentor Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via woolentorsearch Shortcode – CVE-2024-3345 | WordPress Plugin Vulnerability Report
Plugin Name: ShopLentor Key Information: Software Type: Plugin Software Slug: woolentor-addons Software Status: Active Software Author: devitemsllc Software Downloads: 3,557,867 Active Installs: 100,000 Last Updated: May 20, 2024 Patched Versions: 2.8.9 Affected Versions: <= 2.8.8 Vulnerability Details: Name: ShopLentor <= 2.8.8 – Authenticated (Contributor+) Stored Cross-Site Scripting via woolentorsearch Shortcode Type: Improper Neutralization of Input…
Read More
WP Table Builder Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-4700 | WordPress Plugin Vulnerability Report
Plugin Name: WP Table Builder Key Information: Software Type: Plugin Software Slug: wp-table-builder Software Status: Active Software Author: wptb Software Downloads: 60,000 Active Installs: 1,060,392 Last Updated: May 20, 2024 Patched Versions: 1.4.15 Affected Versions: <= 1.4.14 Vulnerability Details: Name: WP Table Builder – WordPress Table Plugin <= 1.4.14 – Authenticated (Contributor+) Stored Cross-Site Scripting…
Read More
WP Shortcodes Plugin Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via su_members Shortcode – CVE-2024-4553 | WordPress Plugin Vulnerability Report
Plugin Name: WP Shortcodes Plugin Key Information: Software Type: Plugin Software Slug: shortcodes-ultimate Software Status: Active Software Author: gn_themes Software Downloads: 20,236,762 Active Installs: 600,000 Last Updated: May 20, 2024 Patched Versions: 7.1.6 Affected Versions: <= 7.1.5 Vulnerability Details: Name: WP Shortcodes Plugin – Shortcodes Ultimate <= 7.1.5 – Authenticated (Contributor+) Stored Cross-Site Scripting via…
Read More
GiveWP Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-3714 | WordPress Plugin Vulnerability Report
Plugin Name: GiveWP Key Information: Software Type: Plugin Software Slug: give Software Status: Active Software Author: webdevmattcrom Software Downloads: 7,298,288 Active Installs: 100,000 Last Updated: May 17, 2024 Patched Versions: 3.11.0 Affected Versions: <= 3.10.0 Vulnerability Details: Name: GiveWP – Donation Plugin and Fundraising Platform <= 3.10.0 – Authenticated (Contributor+) Stored Cross-Site Scripting Type: Improper…
Read More
Happy Addons for Elementor Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-5088, CVE-2024-4865 | WordPress Plugin Vulnerability Report
Plugin Name: Happy Addons for Elementor Key Information: Software Type: Plugin Software Slug: happy-elementor-addons Software Status: Active Software Author: thehappymonster Software Downloads: 6,974,697 Active Installs: 400,000 Last Updated: May 17, 2024 Patched Versions: 3.10.9 Affected Versions: <= 3.10.8 Vulnerability Details: Name: Happy Addons for Elementor <= 3.10.8 – Authenticated (Contributor+) Stored Cross-Site Scripting Type: Improper…
Read More
Essential Blocks Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-4891 | WordPress Plugin Vulnerability Report
Plugin Name: Essential Blocks Key Information: Software Type: Plugin Software Slug: essential-blocks Software Status: Active Software Author: wpdevteam Software Downloads: 3,418,922 Active Installs: 100,000 Last Updated: May 16, 2024 Patched Versions: 4.5.13 Affected Versions: <= 4.5.12 Vulnerability Details: Name: Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 4.5.12 – Authenticated (Contributor+) Stored…
Read More
Menu Icons by ThemeIsle Vulnerability – Authenticated (Author+) Stored Cross-Site Scripting via SVG Upload – CVE-2024-4635 | WordPress Plugin Vulnerability Report
Plugin Name: Menu Icons by ThemeIsle Key Information: Software Type: Plugin Software Slug: menu-icons Software Status: Active Software Author: themeisle Software Downloads: 3,529,569 Active Installs: 200,000 Last Updated: May 15, 2024 Patched Versions: 0.13.14 Affected Versions: <= 0.13.13 Vulnerability Details: Name: Menu Icons by ThemeIsle <= 0.13.13 – Authenticated (Author+) Stored Cross-Site Scripting via SVG…
Read More