BackWPup – WordPress Backup & Restore Plugin Vulnerability – Authenticated (Administrator+) Directory Traversal – CVE-2023-5505 | WordPress Plugin Vulnerability Report

Plugin Name: BackWPup – WordPress Backup & Restore Plugin Key Information: Software Type: Plugin Software Slug: backwpup Software Status: Active Software Author: wp_media Software Downloads: 15,311,423 Active Installs: 600,000 Last Updated: August 18, 2024 Patched Versions: 4.0.2 Affected Versions: <= 4.0.1 Vulnerability Details: Name: BackWPup <= 4.0.1 Type: CVE: CVE-2023-5505 CVSS Score: 6.8 Publicly Published:…

Read More

Loco Translate Vulnerability – Cross-Site Request Forgery – CVE-2024-37236 | WordPress Plugin Vulnerability Report

Plugin Name: Loco Translate Key Information: Software Type: Plugin Software Slug: loco-translate Software Status: Active Software Author: timwhitlock Software Downloads: 26,085,928 Active Installs: 1,000,000 Last Updated: July 16, 2024 Patched Versions: 2.6.10 Affected Versions: <= 2.6.9 Vulnerability Details: Name: Loco Translate <= 2.6.9 Type: Cross-Site Request Forgery CVE: CVE-2024-37236 CVSS Score: 4.3 Publicly Published: June…

Read More

WP Reset – Most Advanced WordPress Reset Tool Vulnerability – Missing Authorization to License Key Modification – CVE-2024-4661 | WordPress Plugin Vulnerability Report

Plugin Name: WP Reset – Most Advanced WordPress Reset Tool Key Information: Software Type: Plugin Software Slug: wp-reset Software Status: Active Software Author: webfactory Software Downloads: 7,859,387 Active Installs: 300,000 Last Updated: June 20, 2024 Patched Versions: 2.03 Affected Versions: <= 2.01 Vulnerability Details: Name: WP Reset <= 2.02 Title: Missing Authorization to License Key…

Read More

Strong Testimonials Vulnerability – Authenticated(Contributor+) Improper Authorization to Views Modification – CVE-2023-6491 | WordPress Plugin Vulnerability Report

Plugin Name: Strong Testimonials Key Information: Software Type: Plugin Software Slug: strong-testimonials Software Status: Active Software Author: wpchill Software Downloads: 3,337,363 Active Installs: 100,000 Last Updated: June 18, 2024 Patched Versions: 3.1.13 Affected Versions: <= 3.1.12 Vulnerability Details: Name: Strong Testimonials <= 3.1.12 Title: Authenticated(Contributor+) Improper Authorization to Views Modification Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVE: CVE-2023-6491 CVSS…

Read More

Unlimited Elements For Elementor (Free Widgets, Addons, Templates) Vulnerability – Authenticated (Contributor+) Information Exposure, Blind SQL Injection – CVE-2024-35674, CVE-2024-5329 | WordPress Plugin Vulnerability Report

Plugin Name: Unlimited Elements For Elementor (Free Widgets, Addons, Templates) Key Information: Software Type: Plugin Software Slug: unlimited-elements-for-elementor Software Status: Active Software Author: unitecms Software Downloads: 8,821,358 Active Installs: 200,000 Last Updated: June 20, 2024 Patched Versions: 1.5.110 Affected Versions: <= 1.5.109 Vulnerability 1 Details: Name: Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <=…

Read More

Advanced iFrame Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-4365 | WordPress Plugin Vulnerability Report

Plugin Name: Advanced iFrame Key Information: Software Type: Plugin Software Slug: advanced-iframe Software Status: Active Software Author: mdempfle Software Downloads: 1,950,020 Active Installs: 60,000 Last Updated: May 22, 2024 Patched Versions: 2024.4 Affected Versions: <= 2024.3 Vulnerability Details: Name: Advanced iFrame <= 2024.3 – Authenticated (Contributor+) Stored Cross-Site Scripting Type: Improper Neutralization of Input During…

Read More

Post SMTP Vulnerability – Authenticated (Administrator+) SQL Injection – CVE-2024-5207 | WordPress Plugin Vulnerability Report

Plugin Name: Post SMTP Key Information: Software Type: Plugin Software Slug: post-smtp Software Status: Active Software Author: wpexpertsio Software Downloads: 12,562,258 Active Installs: 400,000 Last Updated: May 22, 2024 Patched Versions: 2.9.4 Affected Versions: <=2.9.3 Vulnerability Details: Name: POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress <= 2.9.3…

Read More

WP Table Builder Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-4700 | WordPress Plugin Vulnerability Report

Plugin Name: WP Table Builder Key Information: Software Type: Plugin Software Slug: wp-table-builder Software Status: Active Software Author: wptb Software Downloads: 60,000 Active Installs: 1,060,392 Last Updated: May 20, 2024 Patched Versions: 1.4.15 Affected Versions: <= 1.4.14 Vulnerability Details: Name: WP Table Builder – WordPress Table Plugin <= 1.4.14 – Authenticated (Contributor+) Stored Cross-Site Scripting…

Read More

Jetpack Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via wpvideo Shortcode – CVE-2024-4392 | WordPress Plugin Vulnerability Report

Plugin Name: Jetpack Key Information: Software Type: Plugin Software Slug: jetpack Software Status: Active Software Author: automattic Software Downloads: 407,764,904 Active Installs: 4,000,000 Last Updated: May 13, 2024 Patched Versions: 13.4 Affected Versions: <= 13.3.1 Vulnerability Details: Name: Jetpack – WP Security, Backup, Speed, & Growth <= 13.3.1 – Authenticated (Contributor+) Stored Cross-Site Scripting via…

Read More

The Post Grid Vulnerability – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid – Missing Authorization – CVE-2024-3936 | WordPress Plugin Vulnerability Report

Plugin Name: The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid Key Information: Software Type: Plugin Software Slug: the-post-grid Software Status: Active Software Author: techlabpro1 Software Downloads: 1,704,748 Active Installs: 90,000 Last Updated: May 10, 2024 Patched Versions: 7.7.0 Affected Versions: <= 7.6.1 Vulnerability Details: Name: The Post Grid – Shortcode,…

Read More