Website Security
Easy Accordion Vulnerability – Best Accordion FAQ Plugin for WordPress – Authenticated Stored Cross-Site Scripting – CVE-2024-1363 |WordPress Plugin Vulnerability Report
Plugin Name: Easy Accordion – Best Accordion FAQ Plugin for WordPress Key Information: Software Type: Plugin Software Slug: easy-accordion-free Software Status: Active Software Author: shapedplugin Software Downloads: 735,064 Active Installs: 50,000 Last Updated: March 13, 2024 Patched Versions: 2.3.5 Affected Versions: <= 2.3.4 Vulnerability Details: Name: Easy Accordion <= 2.3.4 – Authenticated Stored Cross-Site Scripting…
Ultimate Member Vulnerability – Unauthenticated Stored Cross-Site Scripting – CVE-2024-2123 |WordPress Plugin Vulnerability Report
Plugin Name: Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin Key Information: Software Type: Plugin Software Slug: ultimate-member Software Status: Active Software Author: ultimatemember Software Downloads: 9,871,019 Active Installs: 200,000 Last Updated: March 12, 2024 Patched Versions: 2.8.4 Affected Versions: <= 2.8.3 Vulnerability Details: Name: Ultimate Member <= 2.8.3…
User Registration Vulnerability– Custom Registration Form, Login Form, and User Profile WordPress Plugin – Unauthenticated Stored Self-Based Cross-Site Scripting – CVE-2024-1720 | WordPress Plugin Vulnerability Report
Plugin Name: User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin Key Information: Software Type: Plugin Software Slug: user-registration Software Status: Active Software Author: wpeverest Software Downloads: 2,562,763 Active Installs: 60,000 Last Updated: March 8, 2024 Patched Versions: 3.1.5 Affected Versions: <= 3.1.4 Vulnerability Details: Name: User Registration – Custom Registration…
Social Sharing Plugin Vulnerability– Sassy Social Share – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2024-1989 | WordPress Plugin Vulnerability Report
Plugin Name: Social Sharing Plugin – Sassy Social Share Key Information: Software Type: Plugin Software Slug: sassy-social-share Software Status: Active Software Author: heateor Software Downloads: 5,140,975 Active Installs: 10,000 Last Updated: March 8, 2024 Patched Versions: 3.3.59 Affected Versions: <= 3.3.58 Vulnerability Details: Name: Social Sharing Plugin – Sassy Social Share <= 3.3.58 Title: Authenticated…
Brizy Vulnerability– Page Builder – Authenticated (Contributor+) Arbitrary File Upload – CVE-2024-1311| WordPress Plugin Vulnerability Report
Plugin Name: Brizy – Page Builder Key Information: Software Type: Plugin Software Slug: brizy Software Status: Active Software Author: themefusecom Software Downloads: 4,542,478 Active Installs: 80,000 Last Updated: February 27, 2024 Patched Versions: 2.4.41 Affected Versions: 2.4.40 – 2.4.40 Vulnerability Details: Name: Brizy – Page Builder <= 2.4.40 Title: Authenticated (Contributor+) Arbitrary File Upload Type:…
ProfilePress Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via profilepress-edit-profile Shortcode – CVE-2024-1806 | WordPress Plugin Vulnerability Report
Plugin Name: Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress Key Information: Software Type: Plugin Software Slug: wp-user-avatar Software Status: Active Software Author: collizo4sky Software Downloads: 12,533,974 Active Installs: 200,000 Last Updated: February 27, 2024 Patched Versions: 4.15.1 Affected Versions: <= 4.15.1 Vulnerability Details: Name: ProfilePress <=…
Ultimate Member Vulnerability – Unauthenticated SQL Injection – CVE-2024-1071 | WordPress Plugin Vulnerability Report
Plugin Name: Ultimate Member Key Information: Software Type: Plugin Software Slug: ultimate-member Software Status: Active Software Author: ultimatemember Software Downloads: 9,722,132 Active Installs: 200,000 Last Updated: February 23, 2024 Patched Versions: 2.8.3 Affected Versions: 2.1.3 – 2.8.2 Vulnerability Details: Name: Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin 2.1.3 – 2.8.2 – Unauthenticated SQL Injection Type: Improper Neutralization of Special…
Colibri Page Builder Vulnerability – Cross-Site Request Fogery – CVE-2024-1362, CVE-2024-1361 | WordPress Plugin Vulnerability Report
Plugin Name: Colibri Page Builder Key Information: Software Type: Plugin Software Slug: colibri-page-builder Software Status: Active Software Author: extendthemes Software Downloads: 2,380,495 Active Installs: 100,000 Last Updated: February 22, 2024 Patched Versions: 1.0.260 Affected Versions: <= 1.0.253 Vulnerability Details: Name: Colibri Page Builder <= 1.0.253 – Cross-Site Request Fogery via cp_shortcode_refresh Title: Cross-Site Request Fogery via cp_shortcode_refresh Type: Cross-Site Request Forgery (CSRF) CVE: CVE-2024-1362 CVSS Score: 4.3 (Medium) Publicly…
Event Tickets and Registration Vulnerability – Missing Authorization – CVE-2024-1053 | WordPress Plugin Vulnerability Report
Plugin Name: Event Tickets and Registration Key Information: Software Type: Plugin Software Slug: event-tickets Software Status: Active Software Author: theeventscalendar Software Downloads: 3,388,630 Active Installs: 80,000 Last Updated: February 21, 2024 Patched Versions: 5.8.2 Affected Versions: <= 5.8.1 Vulnerability Details: Name: Event Tickets and Registration <= 5.8.1 – Missing Authorization Title: Missing Authorization Type: Improper Access Control CVE: CVE-2024-1053 CVSS Score: 4.3 (Medium) Publicly Published: February 21, 2024 Researcher: Muhammad Daffa…
Enhanced Text Widget Vulnerability – Authenticated (Administrator+) Stored Cross-Site Scripting – CVE-2024-0559 | WordPress Plugin Vulnerability Report
Plugin Name: Enhanced Text Widget Key Information: Software Type: Plugin Software Slug: enhanced-text-widget Software Status: Active Software Author: cl272 Software Downloads: 773,012 Active Installs: 50,000 Last Updated: February 20, 2024 Patched Versions: 1.6.6 Affected Versions: <= 1.6.5 Vulnerability Details: Name: Enhanced Text Widget <= 1.6.5 – Authenticated (Administrator+) Stored Cross-Site Scripting Title: Authenticated (Administrator+) Stored Cross-Site Scripting Type: Improper Neutralization of Input During Web Page Generation (‘Cross-site…