Shield Security – Smart Bot Blocking & Intrusion Prevention Security Vulnerability – Cross-Site Request Forgery – CVE-2024-4344 | WordPress Plugin Vulnerability Report

Plugin Name: Shield Security – Smart Bot Blocking & Intrusion Prevention Security Key Information: Software Type: Plugin Software Slug: wp-simple-firewall Software Status: Active Software Author: paultgoodchild Software Downloads: 11,891,211 Active Installs: 50,000 Last Updated: June 12, 2024 Patched Versions: 19.1.11 Affected Versions: <= 19.1.10 Vulnerability Details: Name: Shield Security – Smart Bot Blocking & Intrusion…

Read More

LearnPress Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter – CVE-2024-4971 | WordPress Plugin Vulnerability Report

Plugin Name: LearnPress Key Information: Software Type: Plugin Software Slug: learnpress Software Status: Active Software Author: thimpress Software Downloads: 4,287,642 Active Installs: 90,000 Last Updated: May 21, 2024 Patched Versions: 4.2.6.7 Affected Versions: <= 4.2.6.6 Vulnerability Details: Name: LearnPress – WordPress LMS Plugin <= 4.2.6.6 – Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter Type:…

Read More

SiteOrigin Widgets Bundle Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via ‘siteorigin_widget’ Shortcode – CVE-2024-4362 | WordPress Plugin Vulnerability Report

Plugin Name: SiteOrigin Widgets Bundle Key Information: Software Type: Plugin Software Slug: so-widgets-bundle Software Status: Active Software Author: gpriday Software Downloads: 39,647,522 Active Installs: 600,000 Last Updated: May 21, 2024 Patched Versions: 1.61.0 Affected Versions: <= 1.60.0 Vulnerability Details: Name: SiteOrigin Widgets Bundle <= 1.60.0 – Authenticated (Contributor+) Stored Cross-Site Scripting via ‘siteorigin_widget’ Shortcode Type:…

Read More

Content Views – Post Grid & Filter, Recent Posts, Category Posts, & More (Gutenberg Blocks and Shortcode) Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Widget Post Overlay – CVE-2024-3929 | WordPress Plugin Vulnerability Report –

Plugin Name: Content Views – Post Grid & Filter, Recent Posts, Category Posts, & More (Gutenberg Blocks and Shortcode) Key Information: Software Type: Plugin Software Slug: content-views-query-and-display-post-page Software Status: Active Software Author: pt-guy Software Downloads: 4,315,608 Active Installs: 100,000 Last Updated: May 10, 2024 Patched Versions: 3.7.1 Affected Versions: <= 3.7.0 Vulnerability Details: Name: Content…

Read More

Schema & Structured Data for WP & AMP Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via How To and FAQ Blocks – CVE-2024-3491 | WordPress Plugin Vulnerability Report

Plugin Name: Schema & Structured Data for WP & AMP Key Information: Software Type: Plugin Software Slug: schema-and-structured-data-for-wp Software Status: Active Software Author: magazine3 Software Downloads: 5,175,623 Active Installs: 100,000 Last Updated: May 6, 2024 Patched Versions: 1.30 Affected Versions: <= 1.29 Vulnerability Details: Name: Schema & Structured Data for WP & AMP <= 1.29…

Read More

Backup Migration Vulnerability – Information Exposure via Log Files – CVE-2024-32686 | WordPress Plugin Vulnerability Report

Plugin Name: Backup Migration Key Information: Software Type: Plugin Software Slug: backup-backup Software Status: Active Software Author: inisev Software Downloads: 1,449,047 Active Installs: 80,000 Last Updated: May 2, 2024 Patched Versions: 1.4.4 Affected Versions: <= 1.4.3 Vulnerability Details: Name: Backup Migration <= 1.4.3 Title: Information Exposure via Log Files Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE: CVE-2024-32686 CVSS Score:…

Read More

Redirection Vulnerability – Missing Authorization – CVE-2024-31435 | WordPress Plugin Vulnerability Report 

Plugin Name: Redirection Key Information: Software Type: Plugin Software Slug: redirect-redirection Software Status: Active Software Author: inisev Software Downloads: 329,941 Active Installs: 60,000 Last Updated: April 22, 2024 Patched Versions: 1.2.0 Affected Versions: <= 1.1.9 Vulnerability Details: Name: Inisev Analyst Module <= 1.1.9 Title: Missing Authorization Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVE: CVE-2024-31435 CVSS Score: 4.3 Publicly Published:…

Read More

Clone Vulnerability – Missing Authorization – CVE-2024-31435 | WordPress Plugin Vulnerability Report

Plugin Name: Clone Key Information: Software Type: Plugin Software Slug: wp-clone-by-wp-academy Software Status: Active Software Author: migrate Software Downloads: 3,222,101 Active Installs: 80,000 Last Updated: April 24, 2024 Patched Versions: 2.4.4 Affected Versions: <= 2.4.3 Vulnerability Details: Name: Inisev Analyst Module <= 2.4.3 Title: Missing Authorization Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVE: CVE-2024-31435 CVSS Score: 4.3 Publicly Published:…

Read More

WP Encryption Vulnerability – One Click Free SSL Certificate & SSL / HTTPS Redirect to Force HTTPS – Sensitive Information Exposure via Insufficiently Protected Files – CVE-2023-7046 | WordPress Plugin Vulnerability Report

Plugin Name: WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to Force HTTPS, Security+ Key Information: Software Type: Plugin Software Slug: wp-letsencrypt-ssl Software Status: Active Software Author: gowebsmarty Software Downloads: 2,018,679 Active Installs: 60,000 Last Updated: April 16, 2024 Patched Versions: 7.1.0 Affected Versions: <= 7.0 Vulnerability Details: Name: WP…

Read More

Ocean Extra Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-3167 | WordPress Plugin Vulnerability Report

Plugin Name: Ocean Extra Key Information: Software Type: Plugin Software Slug: ocean-extra Software Status: Active Software Author: oceanwp Software Downloads: 20,664,296 Active Installs: 700,000 Last Updated: April 16, 2024 Patched Versions: 2.2.7 Affected Versions: <= 2.2.6 Vulnerability Details: Name: Ocean Extra <= 2.2.6 Title: Authenticated (Contributor+) Stored Cross-Site Scripting Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N CVE: CVE-2024-3167 CVSS Score:…

Read More