WooCommerce Vulnerability – Authenticated (Shop Manager+) Content Injection – CVE-2024-35777 | WordPress Plugin Vulnerability Report

Plugin Name: WooCommerce Key Information: Software Type: Plugin Software Status: Active Software Author: woocommerce Software Downloads: 322,936,863 Active Installs: 7,000,000 Last Updated: July 11, 2024 Patched Versions: 9.0.0 Affected Versions: <= 8.9.2 Vulnerability Details: Name: WooCommerce <= 8.9.2 Title: Authenticated (Shop Manager+) Content Injection Type: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N CVE: CVE-2024-35777 CVSS Score: 2.7 Publicly Published: June 27,…

Read More

HUSKY – Products Filter Professional for WooCommerce Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2024-5039 | WordPress Plugin Vulnerability Report

Plugin Name: HUSKY – Products Filter Professional for WooCommerce Key Information: Software Type: Plugin Software Slug: woocommerce-products-filter Software Status: Active Software Author: realmag777 Software Downloads: 1,732,922 Active Installs: 100,000 Last Updated: June 11, 2024 Patched Versions: 1.3.6 Affected Versions: <= 1.3.5.3 Vulnerability Details: Name: HUSKY – Products Filter Professional for WooCommerce <= 1.3.5.3 Title: Authenticated…

Read More

ShopLentor Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via woolentorsearch Shortcode – CVE-2024-3345 | WordPress Plugin Vulnerability Report

Plugin Name: ShopLentor Key Information: Software Type: Plugin Software Slug: woolentor-addons Software Status: Active Software Author: devitemsllc Software Downloads: 3,557,867 Active Installs: 100,000 Last Updated: May 20, 2024 Patched Versions: 2.8.9 Affected Versions: <= 2.8.8 Vulnerability Details: Name: ShopLentor <= 2.8.8 – Authenticated (Contributor+) Stored Cross-Site Scripting via woolentorsearch Shortcode Type: Improper Neutralization of Input…

Read More

Booster for WooCommerce Vulnerability – Unauthenticated Arbitrary Shortcode Execution – CVE-2024-3957 | WordPress Plugin Vulnerability Report

Plugin Name: Booster for WooCommerce Key Information: Software Type: Plugin Software Slug: woocommerce-jetpack Software Status: Active Software Author: pluggabl Software Downloads: 3,639,153 Active Installs: 50,000 Last Updated: May 1, 2024 Patched Versions: 7.1.9 Affected Versions: <= 7.1.8 Vulnerability Details: Name: Booster for WooCommerce <= 7.1.8 – Unauthenticated Arbitrary Shortcode Execution Type: Improper Control of Generation…

Read More

WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels Vulnerability – Missing Authorization to Unauthenticated Settings Reset – CVE-2024-3216 | WordPress Plugin Vulnerability Report

Plugin Name: WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels Key Information: Software Type: Plugin Software Slug: print-invoices-packing-slip-labels-for-woocommerce Software Status: Active Software Author: webtoffee Software Downloads: 1,383,697 Active Installs: 50,000 Last Updated: April 8, 2024 Patched Versions: 4.4.3 Affected Versions: <= 4.4.2 Vulnerability Details: Name: WooCommerce PDF Invoices, Packing Slips, Delivery Notes and…

Read More

ShopLentor Vulnerability – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) – Authenticated Stored Cross-site Scripting via QR Code Widget – CVE-2024-2946 | WordPress Plugin Vulnerability Report

Plugin Name: ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) Key Information: Software Type: Plugin Software Slug: woolentor-addons Software Status: Active Software Author: devitemsllc Software Downloads: 3,355,176 Active Installs: 100,000 Last Updated: April 4, 2024 Patched Versions: 2.8.5 Affected Versions: <= 2.8.4 Vulnerability Details: Name: ShopLentor…

Read More

ShopLentor Vulnerability – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) – Authenticated Stored Cross-site Scripting via QR Code Widget – CVE-2024-2946 | WordPress Plugin Vulnerability Report 

Plugin Name: ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) Key Information: Software Type: Plugin Software Slug: woolentor-addons Software Status: Active Software Author: devitemsllc Software Downloads: 3,355,176 Active Installs: 100,000 Last Updated: April 4, 2024 Patched Versions: 2.8.5 Affected Versions: <= 2.8.4 Vulnerability Details: Name: ShopLentor…

Read More

ShopLentor Vulnerability – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) – Authenticated Stored Cross-Site Scripting via WL Universal Product Layout – CVE-2024-2868 | WordPress Plugin Vulnerability Report

Plugin Name: ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) Key Information: Software Type: Plugin Software Slug: woolentor-addons Software Status: Active Software Author: devitemsllc Software Downloads: 3,355,176 Active Installs: 100,000 Last Updated: April 4, 2024 Patched Versions: 2.8.4 Affected Versions: <= 2.8.3 Vulnerability Details: Name: ShopLentor…

Read More

HUSKY Vulnerability– Products Filter Professional for WooCommerce – Authenticated Stored Cross-Site Scripting via Shortcode – CVE-2024-1796 | WordPress Plugin Vulnerability Report 

Plugin Name: HUSKY – Products Filter Professional for WooCommerce Key Information: Software Type: Plugin Software Slug: woocommerce-products-filter Software Status: Active Software Author: realmag777 Software Downloads: 1,674,101 Active Installs: 100,000 Last Updated: March 14, 2024 Patched Versions: 1.3.5.2 Affected Versions: <= 1.3.5.1 Vulnerability Details: Name: HUSKY – Products Filter for WooCommerce Professional <= 1.3.5.1 Title: Authenticated…

Read More

Advanced Woo Search Vulnerability – Reflected Cross-Site Scripting – CVE-2024-0251 | WordPress Plugin Vulnerability Report

Plugin Name: Advanced Woo Search Key Information: Software Type: Plugin Software Slug: advanced-woo-search Software Status: Active Software Author: Mihail Barinov Software Downloads: 3,318,679 Active Installs: 70,000 Last Updated: January 12, 2024 Patched Versions: 2.97 Affected Versions: <= 2.96 Vulnerability Details: Name: Advanced Woo Search <= 2.96 Title: Reflected Cross-Site Scripting Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE: CVE-2024-0251 CVSS…

Read More