website safety

ShopLentor Vulnerability – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) – Authenticated Stored Cross-Site Scripting via Banner Link – CVE-2024-1960 | WordPress Plugin Vulnerability Report

By Your WP Guy / Mar 14, 2024

Plugin Name: ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) Key Information: Software Type: Plugin Software Slug: woolentor-addons Software Status: Active Software Author: devitemsllc Software Downloads: 3,272,321 Active Installs: 100,000 Last Updated: March 14, 2024 Patched Versions: 2.8.2 Affected Versions: <= 2.8.1 Vulnerability Details: Name: ShopLentor…

Read More

Metform Elementor Contact Form Builder Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2024-1585 |WordPress Plugin Vulnerability Report

By Your WP Guy / Mar 7, 2024

Plugin Name: Metform Elementor Contact Form Builder Key Information: Software Type: Plugin Software Slug: metform Software Status: Active Software Author: xpeedstudio Software Downloads: 3,185,155 Active Installs: 300,000 Last Updated: March 12, 2024 Patched Versions: 3.8.4 Affected Versions: <= 3.8.3 Vulnerability Details: Name: Metform Elementor Contact Form Builder <= 3.8.3 Title: Authenticated (Contributor+) Stored Cross-Site Scripting…

Read More

Orbit Fox by ThemeIsle Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Registration Form Widget – CVE-2024-2126 |WordPress Plugin Vulnerability Report 

By Your WP Guy / Mar 7, 2024

Plugin Name: Orbit Fox by ThemeIsle Key Information: Software Type: Plugin Software Slug: themeisle-companion Software Status: Active Software Author: ThemeIsle Software Downloads: 11,445,655 Active Installs: 200,000 Last Updated: March 12, 2024 Patched Versions: 2.10.33 Affected Versions: <= 2.10.32 Vulnerability Details: Name: Orbit Fox by ThemeIsle <= 2.10.32 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via Registration…

Read More

EmbedPress – Embed Various Content Types – Authenticated (Contributor+) Stored Cross-Site Scripting via EmbedPress PDF Widget – CVE-2024-2128 | WordPress Plugin Vulnerability Report

By Your WP Guy / Mar 7, 2024

Plugin Name: EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor Key Information: Software Type: Plugin Software Slug: embedpress Software Status: Active Software Author: wpdevteam Software Downloads: 2,279,058 Active Installs: 90,000 Last Updated: March 12, 2024 Patched Versions: 3.9.11 Affected Versions: <= 3.9.10…

Read More

Happy Addons for Elementor Vulnerability- Authenticated (Contributor+) Stored Cross-Site Scripting via Archive Title Widget – CVE-2024-1366 | WordPress Plugin Vulnerability Report

By Your WP Guy / Mar 6, 2024

Plugin Name: Happy Addons for Elementor Key Information: Software Type: Plugin Software Slug: happy-elementor-addons Software Status: Active Software Author: thehappymonster Software Downloads: 6,213,235 Active Installs: 400,000 Last Updated: March 8, 2024 Patched Versions: 3.10.4 Affected Versions: <= 3.10.3 Vulnerability Details: Name: Happy Addons for Elementor <= 3.10.3 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via Archive…

Read More

Database for Contact Form 7, WPforms, Elementor forms Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2024-2030 | WordPress Plugin Vulnerability Report

By Your WP Guy / Mar 6, 2024

Plugin Name: Database for Contact Form 7, WPforms, Elementor forms Key Information: Software Type: Plugin Software Slug: contact-form-entries Software Status: Active Software Author: crmperks Software Downloads: 537,257 Active Installs: 60,000 Last Updated: March 8, 2024 Patched Versions: 1.3.4 Affected Versions: <= 1.3.3 Vulnerability Details: Name: Database for Contact Form 7, WPforms, Elementor forms <= 1.3.3…

Read More

WP Show Posts Vulnerability – Information Exposure – CVE-2024-1479 | WordPress Plugin Vulnerability Report

By Your WP Guy / Mar 1, 2024

Plugin Name: WP Show Posts Key Information: Software Type: Plugin Software Slug: wp-show-posts Software Status: Active Software Author: edge22 Software Downloads: 477,238 Active Installs: 90,000 Last Updated: March 1, 2024 Patched Versions: 1.1.5 Affected Versions: <= 1.1.4 Vulnerability Details: Name: WP Show Posts <= 1.1.4 Title: Information Exposure Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE: CVE-2024-1479 CVSS Score: 5.3…

Read More

Visual Composer Vulnerability – Authenticated Contributor+ Stored Cross-Site Scripting – CVE-2023-6880 | WordPress Plugin Vulnerability Report

By Your WP Guy / Feb 29, 2024

Plugin Name: Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode & Coming Soon Pages Key Information: Software Type: Plugin Software Slug: visualcomposer Software Status: Active Software Author: visualcomposer Software Downloads: 2,579,334 Active Installs: 60,000 Last Updated: March 1, 2024 Patched Versions: <= 45.6.0 Affected Versions: 45.7.0 Vulnerability Details: Name: Visual Composer…

Read More

3D FlipBook Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Bookmarks – CVE-2024-1081 | WordPress Plugin Vulnerability Report

By Your WP Guy / Feb 20, 2024

Plugin Name: 3D FlipBook Key Information: Software Type: Plugin Software Slug: interactive-3d-flipbook-powered-physics-engine Software Status: Active Software Author: iberezansky Software Downloads: 1,524,371 Active Installs: 70,000 Last Updated: February 20, 2024 Patched Versions: 1.15.4 Affected Versions: <= 1.15.3 Vulnerability Details: Name: 3D FlipBook – PDF Flipbook WordPress <= 1.15.3 – Authenticated (Contributor+) Stored Cross-Site Scripting via Bookmarks Title: Authenticated (Contributor+) Stored Cross-Site Scripting via Bookmarks Type: Improper Neutralization of…

Read More

Booster for WooCommerce Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-1054 |WordPress Plugin Vulnerability Report

By Your WP Guy / Feb 12, 2024

Plugin Name: Booster for WooCommerce Key Information: Software Type: Plugin Software Slug: woocommerce-jetpack Software Status: Active Software Author: pluggabl Software Downloads: 3,564,084 Active Installs: 50,000 Last Updated: February 27, 2024 Patched Versions: 7.1.7 Affected Versions: <= 7.1.6 Vulnerability Details: Name: Booster for WooCommerce <= 7.1.6 Title: Authenticated (Contributor+) Stored Cross-Site Scripting Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N CVE: CVE-2024-1054…

Read More