The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Testimonials Widget Settings – CVE-2024-5583 | WordPress Plugin Vulnerability Report

Plugin Name: The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce Key Information: Software Type: Plugin Software Slug: the-plus-addons-for-elementor-page-builder Software Status: Active Software Author: posimyththemes Software Downloads: 2,615,839 Active Installs: 100,000 Last Updated: August 21, 2024 Patched Versions: 5.6.3 Affected Versions: <= 5.6.2 Vulnerability Details: Name: The Plus Addons for…

Read More

LiteSpeed Cache Vulnerability – Unauthenticated Privilege Escalation – CVE-2024-28000 | WordPress Plugin Vulnerability Report

Plugin Name: LiteSpeed Cache Key Information: Software Type: Plugin Software Slug: litespeed-cache Software Status: Active Software Author: litespeedtech Software Downloads: 75,818,864 Active Installs: 5,000,000 Last Updated: August 21, 2024 Patched Versions: 6.4 Affected Versions: <= 6.3.0.1 Vulnerability Details: Name: LiteSpeed Cache <= 6.3.0.1 Title: Unauthenticated Privilege Escalation Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE: CVE-2024-28000 CVSS Score: 9.8 Publicly…

Read More

String Locator Vulnerability – Reflected Cross-Site Scripting – CVE-2023-6987 | WordPress Plugin Vulnerability Report

Plugin Name: String Locator Key Information: Software Type: Plugin Software Slug: string-locator Software Status: Active Software Author: instawp Software Downloads: 1,093,003 Active Installs: 100,000 Last Updated: August 23, 2024 Patched Versions: 2.6.6 Affected Versions: <= 2.6.5 Vulnerability Details: Name: String Locator <= 2.6.5 Title: Reflected Cross-Site Scripting Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE: CVE-2023-6987 CVSS Score: 6.1 Publicly…

Read More

Custom Permalinks Vulnerability – Authenticated (Editor+) Stored Cross-Site Scripting – CVE-2023-0926 | WordPress Plugin Vulnerability Report

Plugin Name: Custom Permalinks Key Information: Software Type: Plugin Software Slug: custom-permalinks Software Status: Active Software Author: sasiddiqui Software Downloads: 2,177,680 Active Installs: 100,000 Last Updated: August 23, 2024 Patched Versions: 2.7.0 Affected Versions: <= 2.6.0 Vulnerability Details: Name: Custom Permalinks <= 2.6.0 Title: Authenticated (Editor+) Stored Cross-Site Scripting Type: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N CVE: CVE-2023-0926 CVSS Score:…

Read More

WordPress Button Plugin MaxButtons Vulnerability – Full Path Disclosure – CVE-2024-6499 | WordPress Plugin Vulnerability Report

Plugin Name: WordPress Button Plugin MaxButtons Key Information: Software Type: Plugin Software Slug: maxbuttons Software Status: Active Software Author: maxfoundry Software Downloads: 4,784,085 Active Installs: 100,000 Last Updated: August 23, 2024 Patched Versions: 9.8.0 Affected Versions: <= 9.7.8 Vulnerability Details: Name: WordPress Button Plugin MaxButtons <= 9.7.8 Title: Full Path Disclosure Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE: CVE-2024-6499…

Read More

WooCommerce Google Feed Manager Vulnerability – Missing Authorization to Authenticated (Contributor+) Arbitrary File Deletion and Arbitrary Feed Actions – CVE-2024-7258 | WordPress Plugin Vulnerability Report

Plugin Name: WooCommerce Google Feed Manager Key Information: Software Type: Plugin Software Slug: wp-product-feed-manager Software Status: Active Software Author: aukejomm Software Downloads: 797,636 Active Installs: 10,000 Last Updated: August 23, 2024 Patched Versions: 2.9.0 Affected Versions: <= 2.8.0 Vulnerability Details Vulnerability 1: Name: WooCommerce Google Feed Manager <= 2.8.0 Title: Missing Authorization to Authenticated (Contributor+)…

Read More

Piotnet Addons For Elementor Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets – CVE-2024-5502 | WordPress Plugin Vulnerability Report

Plugin Name: Piotnet Addons For Elementor Key Information: Software Type: Plugin Software Slug: piotnet-addons-for-elementor Software Status: Active Software Author: piotnetdotcom Software Downloads: 565,317 Active Installs: 40,000 Last Updated: August 23, 2024 Patched Versions: 2.4.31 Affected Versions: <= 2.4.30 Vulnerability Details: Name: Piotnet Addons For Elementor <= 2.4.30 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple…

Read More

Responsive Lightbox & Gallery Vulnerability – Authenticated (Author+) Stored Cross-Site Scripting via File Upload – CVE-2024-6870 | WordPress Plugin Vulnerability Report

Plugin Name: Responsive Lightbox & Gallery Key Information: Software Type: Plugin Software Slug: responsive-lightbox Software Status: Active Software Author: dfactory Software Downloads: 5,285,709 Active Installs: 200,000 Last Updated: August 23, 2024 Patched Versions: 2.4.8 Affected Versions: <= 2.4.7 Vulnerability Details: Name: Responsive Lightbox & Gallery <= 2.4.7 Title: Authenticated (Author+) Stored Cross-Site Scripting via File…

Read More

Orbit Fox by ThemeIsle Vulnerability – Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload – CVE-2024-7778 | WordPress Plugin Vulnerability Report

Plugin Name: Orbit Fox by ThemeIsle Key Information: Software Type: Plugin Software Slug: themeisle-companion Software Status: Active Software Author: themeisle Software Downloads: 11,901,676 Active Installs: 200,000 Last Updated: August 23, 2024 Patched Versions: 2.10.37 Affected Versions: <= 2.10.36 Vulnerability Details: Name: Orbit Fox by ThemeIsle <= 2.10.36 Title: Authenticated (Author+) Stored Cross-Site Scripting via SVG…

Read More

BackWPup – WordPress Backup & Restore Plugin Vulnerability – Authenticated (Administrator+) Directory Traversal – CVE-2023-5505 | WordPress Plugin Vulnerability Report

Plugin Name: BackWPup – WordPress Backup & Restore Plugin Key Information: Software Type: Plugin Software Slug: backwpup Software Status: Active Software Author: wp_media Software Downloads: 15,311,423 Active Installs: 600,000 Last Updated: August 18, 2024 Patched Versions: 4.0.2 Affected Versions: <= 4.0.1 Vulnerability Details: Name: BackWPup <= 4.0.1 Type: CVE: CVE-2023-5505 CVSS Score: 6.8 Publicly Published:…

Read More