Website Protection

User Feedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds Vulnerability – Unauthenticated Stored Cross-Site Scripting via Name Parameter – CVE-2024-5902 | WordPress Plugin Vulnerability Report

By Your WP Guy / Jul 12, 2024

Plugin Name: User Feedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds Key Information: Software Type: Plugin Software Slug: userfeedback-lite Software Status: Active Software Author: smub Software Downloads: 1,961,766 Active Installs: 200,000 Last Updated: August 8, 2024 Patched Versions: 1.0.16 Affected Versions: <= 1.0.15 Vulnerability Details: Name: UserFeedback Lite <= 1.0.15 Title:…

Read More

Elementor Header & Footer Builder Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-33933 | WordPress Plugin Vulnerability Report

By Your WP Guy / Jul 1, 2024

Plugin name: Elementor Header & Footer Builder Key Information: Software Type: Plugin Software Slug: header-footer-elementor Software Status: Active Software Author: brainstormforce Software Downloads: 30,625,064 Active Installs: 2,000,000 Last Updated: July 27, 2024 Patched Versions: NA Affected Versions: <= 1.6.35 Vulnerability Details: Name: Elementor – Header, Footer & Blocks Template <= 1.6.35 Title: Authenticated (Contributor+) Stored…

Read More

Easy Table of Contents Vulnerability- Authenticated (Editor+) Stored Cross-Site Scripting – CVE-2024-6334 |WordPress Plugin Vulnerability Report

By Your WP Guy / Jun 18, 2024

Plugin Name: Easy Table of Contents Key Information: Software Type: Plugin Software Slug: easy-table-of-contents Software Status: Active Software Author: magazine3 Software Downloads: 12,901,982 Active Installs: 500,000 Last Updated: July 26, 2024 Patched Versions: 2.0.67.1 Affected Versions: <= 2.0.67 Vulnerability Details: Name: Easy Table of Contents <= 2.0.67 Title: Authenticated (Editor+) Stored Cross-Site Scripting Type: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N…

Read More

Simple Sitemap Vulnerability – Cross-Site Request Forgery via admin_notices – CVE-2023-6492 | WordPress Plugin Vulnerability Report

By Your WP Guy / Jun 13, 2024

Plugin Name: Simple Sitemap – Create a Responsive HTML Sitemap Key Information: Software Type: Plugin Software Slug: simple-sitemap Software Status: Active Software Author: dgwyer Software Downloads: 1,541,369 Active Installs: 90,000 Last Updated: July 2, 2024 Patched Versions: 3.5.14 Affected Versions: <= 3.5.13 Vulnerability Details: Name: Simple Sitemap <= 3.5.13 Title: Cross-Site Request Forgery via admin_notices…

Read More

WP Reset – Most Advanced WordPress Reset Tool Vulnerability – Missing Authorization to License Key Modification – CVE-2024-4661 | WordPress Plugin Vulnerability Report

By Your WP Guy / Jun 7, 2024

Plugin Name: WP Reset – Most Advanced WordPress Reset Tool Key Information: Software Type: Plugin Software Slug: wp-reset Software Status: Active Software Author: webfactory Software Downloads: 7,859,387 Active Installs: 300,000 Last Updated: June 20, 2024 Patched Versions: 2.03 Affected Versions: <= 2.01 Vulnerability Details: Name: WP Reset <= 2.02 Title: Missing Authorization to License Key…

Read More

LearnPress – WordPress LMS Plugin Vulnerability – Basic Information Disclosure via JSON API – CVE-2024-5483 | WordPress Plugin Vulnerability Report

By Your WP Guy / Jun 4, 2024

Plugin Name: LearnPress – WordPress LMS Plugin Key Information: Software Type: Plugin Software Slug: learnpress Software Status: Active Software Author: thimpress Software Downloads: 4,325,110 Active Installs: 90,000 Last Updated: June 18, 2024 Patched Versions: 4.2.6.8.1 Affected Versions: <= 4.2.6.8 Vulnerability Details: Name: LearnPress – WordPress LMS Plugin <= 4.2.6.8 Title: Basic Information Disclosure via JSON…

Read More

Shield Security – Smart Bot Blocking & Intrusion Prevention Security Vulnerability – Cross-Site Request Forgery – CVE-2024-4344 | WordPress Plugin Vulnerability Report

By Your WP Guy / Jun 1, 2024

Plugin Name: Shield Security – Smart Bot Blocking & Intrusion Prevention Security Key Information: Software Type: Plugin Software Slug: wp-simple-firewall Software Status: Active Software Author: paultgoodchild Software Downloads: 11,891,211 Active Installs: 50,000 Last Updated: June 12, 2024 Patched Versions: 19.1.11 Affected Versions: <= 19.1.10 Vulnerability Details: Name: Shield Security – Smart Bot Blocking & Intrusion…

Read More

FooGallery Vulnerability – Authenticated (Author+) Stored Cross-Site Scripting – CVE-2024-2762 | WordPress Plugin Vulnerability Report

By Your WP Guy / May 23, 2024

Plugin Name: FooGallery Key Information: Software Type: Plugin Software Slug: foogallery Software Status: Active Software Author: bradvin Software Downloads: 4,941,934 Active Installs: 100,000 Last Updated: May 23, 2024 Patched Versions: 2.4.15 Affected Versions: < 2.4.15 Vulnerability Details: Name: FooGallery (Free and Premium) < 2.4.15 – Authenticated (Author+) Stored Cross-Site Scripting Type: Improper Neutralization of Input…

Read More

SiteOrigin Widgets Bundle Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via ‘siteorigin_widget’ Shortcode – CVE-2024-4362 | WordPress Plugin Vulnerability Report

By Your WP Guy / May 21, 2024

Plugin Name: SiteOrigin Widgets Bundle Key Information: Software Type: Plugin Software Slug: so-widgets-bundle Software Status: Active Software Author: gpriday Software Downloads: 39,647,522 Active Installs: 600,000 Last Updated: May 21, 2024 Patched Versions: 1.61.0 Affected Versions: <= 1.60.0 Vulnerability Details: Name: SiteOrigin Widgets Bundle <= 1.60.0 – Authenticated (Contributor+) Stored Cross-Site Scripting via ‘siteorigin_widget’ Shortcode Type:…

Read More