WP Job Manager Vulnerability – Unauthenticated Information Exposure – CVE-2024-34549 | WordPress Plugin Vulnerability Report

Plugin Name: WP Job Manager Key Information: Software Type: Plugin Software Slug: wp-job-manager Software Status: Active Software Author: automattic Software Downloads: 4,332,123 Active Installs: 100,000 Last Updated: May 7, 2024 Patched Versions: 2.3.0 Affected Versions: <= 2.2.2 Vulnerability Details: Name: WP Job Manager <= 2.2.2 – Unauthenticated Information Exposure Type: Information Exposure CVE: CVE-2024-34549 CVSS…

Read More

XML Sitemap & Google News Vulnerability – Unauthenticated Local File Inclusion – CVE-2024-4441 | WordPress Plugin Vulnerability Report

Plugin Name: XML Sitemap & Google News Key Information: Software Type: Plugin Software Slug: xml-sitemap-feed Software Status: Active Software Author: ravanh Software Downloads: 3,261,414 Active Installs: 100,000 Last Updated: May 7, 2024 Patched Versions: 5.4.9 Affected Versions: <= 5.4.8 Vulnerability Details: Name: XML Sitemap & Google News <= 5.4.8 – Unauthenticated Local File Inclusion Type:…

Read More

Booster for WooCommerce Vulnerability – Unauthenticated Arbitrary Shortcode Execution – CVE-2024-3957 | WordPress Plugin Vulnerability Report

Plugin Name: Booster for WooCommerce Key Information: Software Type: Plugin Software Slug: woocommerce-jetpack Software Status: Active Software Author: pluggabl Software Downloads: 3,639,153 Active Installs: 50,000 Last Updated: May 1, 2024 Patched Versions: 7.1.9 Affected Versions: <= 7.1.8 Vulnerability Details: Name: Booster for WooCommerce <= 7.1.8 – Unauthenticated Arbitrary Shortcode Execution Type: Improper Control of Generation…

Read More

3D FlipBook Vulnerability – Authenticated (Author+) Stored Cross-Site Scripting via Bookmark URL – CVE-2024-3883 | WordPress Plugin Vulnerability Report

Plugin Name: 3D FlipBook Key Information: Software Type: Plugin Software Slug: interactive-3d-flipbook-powered-physics-engine Software Status: Active Software Author: iberezansky Software Downloads: 1,595,226 Active Installs: 70,000 Last Updated: May 1, 2024 Patched Versions: 1.15.5 Affected Versions: <= 1.15.4 Vulnerability Details: Name: 3D FlipBook <= 1.15.4 – Authenticated (Author+) Stored Cross-Site Scritping via Bookmark URL Type: Improper Neutralization…

Read More

Contact Form by WPForms Vulnerability – Unauthenticated Price Manipulation – CVE-2024-3649 | WordPress Plugin Vulnerability Report

Plugin Name: Contact Form by WPForms Key Information: Software Type: Plugin Software Slug: wpforms-lite Software Status: Active Software Author: smub Software Downloads: 201,516,943 Active Installs: 5,000,000 Last Updated: May 1, 2024 Patched Versions: 1.8.8.2 Affected Versions: <= 1.8.7.2 Vulnerability Details: Name: Contact Form by WPForms – Drag & Drop Form Builder for WordPress <= 1.8.7.2…

Read More

Supreme Modules Lite Vulnerability – Authenticated (Contributor+) DOM-Based Cross-Site Scripting – CVE-2024-4334 | WordPress Plugin Vulnerability Report

Plugin Name: Supreme Modules Lite Key Information: Software Type: Plugin Software Slug: supreme-modules-for-divi Software Status: Active Software Author: divisupreme Software Downloads: 2,191,354 Active Installs: 200,000 Last Updated: May 1, 2024 Patched Versions: 2.5.4 Affected Versions: <= 2.5.3 Vulnerability Details: Name: Supreme Modules Lite – Divi Theme, Extra Theme and Divi Builder <= 2.5.3 – Authenticated…

Read More

WordPress Plugin Vulnerability Report – WP Recipe Maker – Authenticated (Contributor+) Stored Cross-Site Scripting via wprm-recipe-roundup-item Shortcode – CVE-2024-3490 | WordPress Vulnerability Report

Plugin Name: WP Recipe Maker Key Information: Software Type: Plugin Software Slug: wp-recipe-maker Software Status: Active Software Author: brechtvds Software Downloads: 2,782,126 Active Installs: 50,000 Last Updated: May 1, 2024 Patched Versions: 9.4.0 Affected Versions: <= 9.3.1 Vulnerability Details: Name: WP Recipe Maker <= 9.3.1 – Authenticated (Contributor+) Stored Cross-Site Scripting via wprm-recipe-roundup-item Shortcode Type:…

Read More

Jeg Elementor Kit Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget – CVE-2024-3161 | WordPress Plugin Vulnerability Report

Plugin Name: Jeg Elementor Kit Key Information: Software Type: Plugin Software Slug: jeg-elementor-kit Software Status: Active Software Author: jegtheme Software Downloads: 1,207,029 Active Installs: 200,000 Last Updated: May 10, 2024 Patched Versions: 2.6.5 Affected Versions: <= 2.6.4 Vulnerability Details: Name: Jeg Elementor Kit <= 2.6.4 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget Type:…

Read More

All in One SEO Vulnerability – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2024-3554 | WordPress Plugin Vulnerability Report

Plugin Name: All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic Key Information: Software Type: Plugin Software Slug: all-in-one-seo-pack Software Status: Active Software Author: smub Software Downloads: 148,632,678 Active Installs: 3,000,000 Last Updated: May 13, 2024 Patched Versions: 4.6.1.1 Affected Versions: <= 4.6.0 Vulnerability Details: Name: All…

Read More

Exclusive Addons for Elementor Vulnerability – Missing Authorization to Post Duplication – CVE-2024-33914 | WordPress Plugin Vulnerability Report 

Plugin Name: Exclusive Addons for Elementor Key Information: Software Type: Plugin Software Slug: exclusive-addons-for-elementor Software Status: Active Software Author: timstrifler Software Downloads: 859,237 Active Installs: 60,000 Last Updated: May 13, 2024 Patched Versions: 2.6.9.2 Affected Versions: <= 2.6.9.1 Vulnerability Details: Name: Exclusive Addons Elementor <= 2.6.9.1 Title: Missing Authorization to Post Duplication Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVE:…

Read More