Posts Tagged ‘website safety’
WP ULike Vulnerability– Most Advanced WordPress Marketing Toolkit – Multiple Vulnerabilities – Multiple CVEs | WordPress Plugin Vulnerability Report
Plugin Name: WP ULike – Most Advanced WordPress Marketing Toolkit Key Information: Software Type: Plugin Software Slug: wp-ulike Software Status: Active Software Author: alimir Software Downloads: 1,709,226 Active Installs: 80,000 Last Updated: May 10, 2024 Patched Versions: 4.7.0 Affected Versions: <= 4.6.9 Vulnerability Details: Name: WP ULike <= 4.6.9 Title: Authenticated (Subscriber+) Stored Cross-Site Scripting…
Read MoreSina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Sina Fancy Text Widget – CVE-2024-3988 | WordPress Plugin Vulnerability Report
Plugin Name: Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) Key Information: Software Type: Plugin Software Slug: sina-extension-for-elementor Software Status: Active Software Author: shaonsina Software Downloads: 529,922 Active Installs: 50,000 Last Updated: May 9, 2024 Patched Versions: 3.5.3 Affected Versions: <= 3.5.2 Vulnerability Details: Name:…
Read MorehCaptcha for WordPress Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via cf7-hcaptcha Shortcode – CVE-2024-4014 | WordPress Plugin Vulnerability Report
Plugin Name: hCaptcha for WordPress Key Information: Software Type: Plugin Software Slug: hcaptcha-for-forms-and-more Software Status: Active Software Author: hcaptcha Software Downloads: 867,958 Active Installs: 50,000 Last Updated: May 3, 2024 Patched Versions: 4.0.1 Affected Versions: <= 4.0.0 Vulnerability Details: Name: hCaptcha for WordPress <= 4.0.0 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via cf7-hcaptcha Shortcode Type:…
Read MoreWPC Smart Quick View for WooCommerce Vulnerability – Authenticated (Administrator+) Stored Cross-Site Scripting – CVE-2023-6494 | WordPress Plugin Vulnerability Report
Plugin Name: WPC Smart Quick View for WooCommerce Key Information: Software Type: Plugin Software Slug: woo-smart-quick-view Software Status: Active Software Author: wpclever Software Downloads: 1,038,524 Active Installs: 60,000 Last Updated: April 25, 2024 Patched Versions: 4.0.3 Affected Versions: <= 4.0.2 Vulnerability Details: Name: WPC Smart Quick View for WooCommerce <= 4.0.2 Title: Authenticated (Administrator+) Stored…
Read MoreGutenberg Vulnerability – Unauthenticated & Authenticated (Contributor+) Stored Cross-Site Scripting via Avatar Block | WordPress Plugin Vulnerability Report
Plugin Name: Gutenberg Key Information: Software Type: Plugin Software Slug: gutenberg Software Status: Active Software Author: matveb Software Downloads: 41,476,476 Active Installs: 300,000 Last Updated: April 16, 2024 Patched Versions: 18.01 Affected Versions: 12.9.0 – 18.0.0 Vulnerability Details: Name: Gutenberg 12.9.0 – 18.0.0 Title: Unauthenticated & Authenticated (Contributor+) Stored Cross-Site Scripting via Avatar Block Type:…
Read MoreCarousel, Slider, Gallery by WP Carousel Vulnerability – Authenticated Stored Cross-Site Scripting – CVE-2024-2949 | WordPress Plugin Vulnerability Report
Plugin Name: Carousel, Slider, Gallery by WP Carousel – Image Carousel & Photo Gallery, Post Carousel & Post Grid, Product Carousel & Product Grid for WooCommerce Key Information: Software Type: Plugin Software Slug: wp-carousel-free Software Status: Active Software Author: shapedplugin Software Downloads: 1,321,112 Active Installs: 60,000 Last Updated: April 15, 2024 Patched Versions: 2.6.4 Affected…
Read MoreJeg Elementor Kit Vulnerability – Multiple Stored Cross-Site Scripting Issues – CVE-2024-1327 & CVE-2024-3162 |WordPress Plugin Vulnerability Report
Plugin Name: Jeg Elementor Kit Key Information: Software Type: Plugin Software Slug: jeg-elementor-kit Software Status: Active Software Author: jegtheme Software Downloads: 1,029,705 Active Installs: 200,000 Last Updated: April 2, 2024 Patched Versions: 2.6.4 Affected Versions: <= 2.6.3 Vulnerability 1 Details: Name: Jeg Elementor Kit <= 2.6.3 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via Image Box…
Read MoreUnlimited Elements For Elementor (Free Widgets, Addons, Templates) Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Widget Link – CVE-2024-0367 | WordPress Plugin Vulnerability Report
Plugin Name: Unlimited Elements For Elementor (Free Widgets, Addons, Templates) Key Information: Software Type: Plugin Software Slug: unlimited-elements-for-elementor Software Status: Active Software Author: unitecms Software Downloads: 7,783,251 Active Installs: 200,000 Last Updated: April 1, 2024 Patched Versions: 1.5.97 Affected Versions: <= 1.5.96 Vulnerability Details: Name: Unlimited Elements For Elementor <= 1.5.96 Title: Authenticated (Contributor+) Stored…
Read MoreBlocksy Companion Vulnerability- Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-2392 |WordPress Plugin Vulnerability Report
Plugin Name: Blocksy Companion Key Information: Software Type: Plugin Software Slug: blocksy-companion Software Status: Active Software Author: creativethemeshq Software Downloads: 6,618,702 Active Installs: 200,000 Last Updated: March 12, 2024 Patched Versions: 2.0.32 Affected Versions: <= 2.0.31 Vulnerability Details: Name: Blocksy Companion <= 2.0.31 Title: Authenticated (Contributor+) Stored Cross-Site Scripting Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVE: CVE-2024-2392 CVSS Score:…
Read MorePermalink Manager Pro Vulnerability – Missing Authorization to Authenticated (Author+) Arbitrary Post Slug Modification – CVE-2024-2538 | WordPress Plugin Vulnerability Report
Plugin Name: Permalink Manager Pro Key Information: Software Type: Plugin Software Slug: permalink-manager Software Status: Active Software Author: mbis Software Downloads: 1,661,826 Active Installs: 80,000 Last Updated: March 19, 2024 Patched Versions: 2.4.3.2 Affected Versions: <= 2.4.3.1 Vulnerability Details: Name: Permalink Manager <= 2.4.3.1 Title: Missing Authorization to Authenticated (Author+) Arbitrary Post Slug Modification Type:…
Read More