Booster for WooCommerce Vulnerability – Unauthenticated Arbitrary Shortcode Execution – CVE-2024-3957 | WordPress Plugin Vulnerability Report

Plugin Name: Booster for WooCommerce Key Information: Software Type: Plugin Software Slug: woocommerce-jetpack Software Status: Active Software Author: pluggabl Software Downloads: 3,639,153 Active Installs: 50,000 Last Updated: May 1, 2024 Patched Versions: 7.1.9 Affected Versions: <= 7.1.8 Vulnerability Details: Name: Booster for WooCommerce <= 7.1.8 – Unauthenticated Arbitrary Shortcode Execution Type: Improper Control of Generation…

Read More

PowerPack Addons for Elementor Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-2491, CVE-2024-2492 | WordPress Plugin Vulnerability Report

Plugin Name: PowerPack Addons for Elementor Key Information: Software Type: Plugin Software Slug: powerpack-lite-for-elementor Software Status: Active Software Author: ideaboxcreations Software Downloads: 2,280,809 Active Installs: 100,000 Last Updated: March 29, 2024 Patched Versions: 2.7.19 Affected Versions: <= 2.7.18 Vulnerability Details: Name: PowerPack Addons for Elementor <= 2.7.18 – Authenticated (Contributor+) Stored Cross-Site Scripting via Twitter Tweet Widget, PowerPack Addons for Elementor <= 2.7.17 – Authenticated…

Read More

Shortcodes Ultimate Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via su_tooltip Shortcode – CVE-2024-1510 | WordPress Plugin Vulnerability Report

Plugin Name: Shortcodes Ultimate Key Information ormation: Software Type: Plugin Software Slug: shortcodes-ultimate Software Status: Active Software Author: gn_themes Software Downloads: 18,644,577 Active Installs: 600,000 Last Updated: February 19, 2024 Patched Versions: 7.0.3 Affected Versions: <= 7.0.2 Vulnerability Details: Name: WP Shortcodes Plugin — Shortcodes Ultimate <= 7.0.2 – Authenticated (Contributor+) Stored Cross-Site Scripting via su_tooltip Shortcode Type: Improper Neutralization of Input During Web Page Generation…

Read More

WP 404 Auto Redirect to Similar Post Vulnerability- Reflected Cross-Site Scripting via request – CVE-2024-0509 |WordPress Plugin Vulnerability Report

Plugin Name: WP 404 Auto Redirect to Similar Post Key Information: Software Type: Plugin Software Slug: wp-404-auto-redirect-to-similar-post Software Status: Active Software Author: hwk-fr Software Downloads: 266,878 Active Installs: 40,000 Last Updated: February 8, 2024 Patched Versions: 1.0.4 Affected Versions: <= 1.0.3 Vulnerability Details: Name: WP 404 Auto Redirect to Similar Post <= 1.0.3 Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N…

Read More

Essential Addons for Elementor Vulnerability– Best Elementor Templates, Widgets, Kits & WooCommerce Builders – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-0954 | WordPress Plugin Vulnerability Report

Plugin Name: Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders Key Information: Software Type: Plugin Software Slug: essential-addons-for-elementor-lite Software Status: Active Software Author: wpdevteam Software Downloads: 66,002,609 Active Installs: 2,000,000 Last Updated: February 12, 2024 Patched Versions: 5.9.8 Affected Versions: <= 5.9.7 Vulnerability Details: Name: Essential Addons for Elementor –…

Read More

AMP for WP Vulnerability – Authenticated (Contributor+) Cross-Site Scripting via Shortcode – CVE-2023-6782 | WordPress Plugin Vulnerability Report

Plugin Name: AMP for WP Key Information: Software Type: Plugin Software Slug: accelerated-mobile-pages Software Status: Active Software Author: mohammed_kaludi Software Downloads: 17,465,196 Active Installs: 100,000 Last Updated: December 18, 2023 Patched Versions: 1.0.92.1 Affected Versions: <= 1.0.92 Vulnerability Details: Name: AMP for WP – Accelerated Mobile Pages <= 1.0.92 – Authenticated (Contributor+) Cross-Site Scripting via Shortcode Title: Authenticated (Contributor+) Cross-Site Scripting via Shortcode Type: Improper Neutralization of…

Read More

Enable Media Replace Vulnerability – Reflected Cross-Site Scripting – CVE-2023-6737 | WordPress Plugin Vulnerability Report

Plugin Name: Enable Media Replace Key Information: Software Type: Plugin Software Slug: enable-media-replace Software Status: Active Software Author: shortpixel Software Downloads: 10,049,054 Active Installs: 600,000 Last Updated: December 18, 2023 Patched Versions: 4.1.5 Affected Versions: <= 4.1.4 Vulnerability Details: Name: Enable Media Replace <= 4.1.4 – Reflected Cross-Site Scripting Title: Reflected Cross-Site Scripting Type: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) CVE: CVE-2023-6737 CVSS Score: 4.7…

Read More