Website Security
Timetable and Event Schedule by MotoPress Vulnerability – Authenticated SQL Injection – CVE-2024-3342 | WordPress Plugin Vulnerability Report
Plugin Name: Timetable and Event Schedule by MotoPress Key Information: Software Type: Plugin Software Slug: mp-timetable Software Status: Active Software Author: jetmonsters Software Downloads: 738,183 Active Installs: 30,000 Last Updated: May 10, 2024 Patched Versions: 2.4.12 Affected Versions: <= 2.4.11 Vulnerability Details: Name: Timetable and Event Schedule by MotoPress <= 2.4.11 Title: Authenticated (Contributor+) SQL…
BackUpWordPress Vulnerability – Authenticated (Admin+) Directory Traversal – CVE-2024-3034 | WordPress Plugin Vulnerability Report
Plugin Name: BackUpWordPress Key Information: Software Type: Plugin Software Slug: backupwordpress Software Status: Active Software Author: willmot Software Downloads: 4,796,104 Active Installs: 100,000 Last Updated: May 10, 2024 Patched Versions: 3.14 Affected Versions: <= 3.13 Vulnerability Details: Name: BackUpWordPress <= 3.13 Title: Authenticated (Admin+) Directory Traversal Type: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N CVE: CVE-2024-3034 CVSS Score: 2.7 Publicly Published:…
Contact Form 7 Database Addon Vulnerability – CFDB7 – Unauthenticated Sensitive Information Exposure – CVE-2024-3870 | WordPress Plugin Vulnerability Report
Plugin Name: Contact Form 7 Database Addon – CFDB7 Key Information: Software Type: Plugin Software Slug: contact-form-cfdb7 Software Status: Active Software Author: arshidkv12 Software Downloads: 5,113,134 Active Installs: 600,000 Last Updated: May 10, 2024 Patched Versions: 1.2.7 Affected Versions: <= 1.2.6.8 Vulnerability Details: Name: Contact Form 7 Database Addon – CFDB7 <= 1.2.6.8 Title: Unauthenticated…
Collapse-O-Matic Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2023-7030| WordPress Plugin Vulnerability Report
Plugin Name: Collapse-O-Matic Key Information: Software Type: Plugin Software Slug: jquery-collapse-o-matic Software Status: Active Software Author: baden03 Software Downloads: 1,284,998 Active Installs: 50,000 Last Updated: May 9, 2024 Patched Versions: 1.8.5.6 Affected Versions: <= 1.8.5.5 Vulnerability Details: Name: Collapse-O-Matic <= 1.8.5.5 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N CVE: CVE-2023-7030 CVSS Score:…
Colibri Page Builder Vulnerability – Multiple Stored XSS Vulnerabilities – CVE-2024-3340, CVE-2024-3337, CVE-2024-3338 | WordPress Plugin Vulnerability Report
Plugin Name: Colibri Page Builder Key Information: Software Type: Plugin Software Slug: colibri-page-builder Software Status: Active Software Author: extendthemes Software Downloads: 2,612,262 Active Installs: 100,000 Last Updated: May 9, 2024 Patched Versions: 1.0.274 Affected Versions: <= 1.0.272 Vulnerability Details: Name: Colibri Page Builder <= 1.0.272 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via ‘colibri-gallery-slideshow’ Shortcode Type:…
ElementsKit Elementor addons and Templates Library Vulnerability – Authenticated Local File Inclusion via Onepage Scroll Module – CVE-2024-3499 | WordPress Plugin Vulnerability Report
Plugin Name: ElementsKit Elementor addons and Templates Library Key Information: Software Type: Plugin Software Slug: elementskit-lite Software Status: Active Software Author: xpeedstudio Software Downloads: 19,188,614 Active Installs: 1,000,000 Last Updated: May 8, 2024 Patched Versions: 3.1.1 Affected Versions: <= 3.1.0 Vulnerability Details: Name: ElementsKit Elementor addons <= 3.1.0 Title: Authenticated (Contributor+) Local File Inclusion via…
User Registration Vulnerability – Custom Registration Form, Login Form, and User Profile – Missing Authorization to Authenticated (Subscriber+) Privilege Escalation – CVE-2024-2417 | WordPress Plugin Vulnerability Report
Plugin Name: User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin Key Information: Software Type: Plugin Software Slug: user-registration Software Status: Active Software Author: wpeverest Software Downloads: 2,655,257 Active Installs: 70,000 Last Updated: May 2, 2024 Patched Versions: 3.2.0 Affected Versions: <=3.1.5 Vulnerability Details: Name: User Registration – Custom Registration Form,…
Prime Slider Vulnerability – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-1730 | WordPress Plugin Vulnerability Report
Plugin Name: Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) Key Information: Software Type: Plugin Software Slug: bdthemes-prime-slider-lite Software Status: Active Software Author: bdthemes Software Downloads: 2,292,838 Active Installs: 100,000 Last Updated: May 3, 2024 Patched Versions: 3.14.1 Affected Versions: <= 3.14.0 Vulnerability Details: Name: Prime Slider – Addons…
Customer Reviews for WooCommerce Vulnerability – Reflected Cross-Site Scripting via ‘s’ – CVE-2024-3731 | WordPress Plugin Vulnerability Report
Plugin Name: Customer Reviews for WooCommerce Key Information: Software Type: Plugin Software Slug: customer-reviews-woocommerce Software Status: Active Software Author: ivole Software Downloads: 4,233,598 Active Installs: 60,000 Last Updated: May 2, 2024 Patched Versions: 5.48.0 Affected Versions: <= 5.47.0 Vulnerability Details: Name: Customer Reviews for WooCommerce <= 5.47.0 Title: Reflected Cross-Site Scripting via ‘s’ Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N…
Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Price List Widget – CVE-2024-1426 | WordPress Plugin Vulnerability Report
Plugin Name: Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) Key Information: Software Type: Plugin Software Slug: bdthemes-element-pack-lite Software Status: Active Software Author: bdthemes Software Downloads: 2,072,488 Active Installs: 100,000 Last Updated: May 2, 2024 Patched Versions: 5.6.1 Affected Versions: <= 5.6.0 Vulnerability Details: Name: Element Pack Elementor Addons…