Sydney Toolbox Vulnerability – Authenticated Stored Cross-Site Scripting via Filterable Gallery – CVE-2024-3208 | WordPress Plugin Vulnerability Report

Plugin Name: Sydney Toolbox Key Information: Software Type: Plugin Software Slug: sydney-toolbox Software Status: Active Software Author: athemes Software Downloads: 2,211,650 Active Installs: 80,000 Last Updated: April 8, 2024 Patched Versions: 1.29 Affected Versions: <= 1.28 Vulnerability Details: Name: Sydney Toolbox <= 1.28 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via Filterable Gallery Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N CVE:…

Read More

CMB2 Vulnerability – Authenticated PHP Object Injection – CVE-2024-1792 | WordPress Plugin Vulnerability Report

Plugin Name: CMB2 Key Information: Software Type: Plugin Software Slug: cmb2 Software Status: Active Software Author: jtsternberg Software Downloads: 4,198,199 Active Installs: 300,000 Last Updated: April 3, 2024 Patched Versions: 2.11.0 Affected Versions: <= 2.10.1 Vulnerability Details: Name: CMB2 <= 2.10.1 Title: Authenticated PHP Object Injection Type: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE: CVE-2024-1792 CVSS Score: 7.2 Publicly Published:…

Read More

BoldGrid Easy SEO Vulnerability – Authenticated(Contributor+) Stored Cross-Site Scripting via Meta Description – CVE-2024-1692 |WordPress Plugin Vulnerability Report

Plugin Name: BoldGrid Easy SEO – Simple and Effective SEO Key Information: Software Type: Plugin Software Slug: boldgrid-easy-seo Software Status: Active Software Author: boldgrid Software Downloads: 692,441 Active Installs: 70,000 Last Updated: April 1, 2024 Patched Versions: 1.6.14 Affected Versions: <= 1.6.13 Vulnerability Details: Name: BoldGrid Easy SEO – Simple and Effective SEO <= 1.6.13…

Read More

Elementor Addon Elements Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-2091 |WordPress Plugin Vulnerability Report

Plugin Name: Elementor Addon Elements Key Information: Software Type: Plugin Software Slug: addon-elements-for-elementor-page-builder Software Status: Active Software Author: webtechstreet Software Downloads: 2,523,308 Active Installs: 100,000 Last Updated: March 26, 2024 Patched Versions: 1.13.2 Affected Versions: <= 1.13.1 Vulnerability Details: Name: Elementor Addon Elements <= 1.13.1 Authenticated (Contributor+) Stored Cross-Site Scripting Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVE: CVE-2024-2091 CVSS…

Read More

Page Builder Gutenberg Blocks Vulnerability – CoBlocks – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-1049 | WordPress Plugin Vulnerability Report

Plugin Name: Page Builder Gutenberg Blocks – CoBlocks Key Information: Software Type: Plugin Software Slug: coblocks Software Status: Active Software Author: GoDaddy Software Downloads: 19,886,964 Active Installs: 400,000 Last Updated: March 22, 2024 Patched Versions: 3.1.7 Affected Versions: <= 3.1.6 Vulnerability Details: Name: Page Builder Gutenberg Blocks – CoBlocks <= 3.1.6 Title: Authenticated (Contributor+) Stored…

Read More

Page Builder by SiteOrigin Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Legacy Image Widget – CVE-2024-2202 | WordPress Plugin Vulnerability Report

Plugin Name: Page Builder by SiteOrigin Key Information: Software Type: Plugin Software Slug: siteorigin-panels Software Status: Active Software Author: gpriday Software Downloads: 49,798,891 Active Installs: 700,000 Last Updated: March 22, 2024 Patched Versions: 2.29.7 Affected Versions: <= 2.29.6 Vulnerability Details: Name: Page Builder by SiteOrigin <= 2.29.6 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via Legacy…

Read More

Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor – Authenticated (Contributor+) Stored Cross-site Scripting via ’embedpress_doc_custom_color’ – CVE-2024-2688 | WordPress Plugin Vulnerability Report – EmbedPress

Plugin Name: EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor Key Information: Software Type: Plugin Software Slug: embedpress Software Status: Active Software Author: wpdevteam Software Downloads: 2,350,234 Active Installs: 90,000 Last Updated: March 22, 2024 Patched Versions: 3.9.13 Affected Versions: <= 3.9.12…

Read More

Hustle Vulnerability – Sensitive Information Exposure via Exposed Hubspot API Keys – CVE-2024-0368 | WordPress Plugin Vulnerability Report

Plugin Name: Hustle – Email Marketing, Lead Generation, Optins, Popups Key Information: Software Type: Plugin Software Slug: wordpress-popup Software Status: Active Software Author: wpmudev Software Downloads: 3,659,904 Active Installs: 100,000 Last Updated: March 13, 2024 Patched Versions: 7.8.4 Affected Versions: <= 7.8.3 Vulnerability Details: Name: Hustle <= 7.8.3 Title: Sensitive Information Exposure via Exposed Hubspot…

Read More

WP Chat App Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Block Attributes – CVE-2024-1761 |WordPress Plugin Vulnerability Report

Plugin Name: WP Chat App Key Information: Software Type: Plugin Software Slug: wp-whatsapp Software Status: Active Software Author: ninjateam Software Downloads: 880,497 Active Installs: 100,000 Last Updated: March 8, 2024 Patched Versions: 3.6.2 Affected Versions: <= 3.6.1 Vulnerability Details: Name: WP Chat App <= 3.6.1 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via Block Attributes Type:…

Read More

User Registration Vulnerability– Custom Registration Form, Login Form, and User Profile WordPress Plugin – Unauthenticated Stored Self-Based Cross-Site Scripting – CVE-2024-1720 | WordPress Plugin Vulnerability Report

Plugin Name: User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin Key Information: Software Type: Plugin Software Slug: user-registration Software Status: Active Software Author: wpeverest Software Downloads: 2,562,763 Active Installs: 60,000 Last Updated: March 8, 2024 Patched Versions: 3.1.5 Affected Versions: <= 3.1.4 Vulnerability Details: Name: User Registration – Custom Registration…

Read More