WordPress Maintenance

WP Plugin Vulnerabilities Image - User Registration Vulnerability– Custom Registration Form, Login Form, and User Profile WordPress Plugin - Unauthenticated Stored Self-Based Cross-Site Scripting - CVE-2024-1720 | WordPress Plugin Vulnerability Report - WordPress Maintenance

User Registration Vulnerability– Custom Registration Form, Login Form, and User Profile WordPress Plugin – Unauthenticated Stored Self-Based Cross-Site Scripting – CVE-2024-1720 | WordPress Plugin Vulnerability Report

By Your WP Guy / Mar 6, 2024

Plugin Name: User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin Key Information: Software Type: Plugin Software Slug: user-registration Software Status: Active Software Author: wpeverest Software Downloads: 2,562,763 Active Installs: 60,000 Last Updated: March 8, 2024 Patched Versions: 3.1.5 Affected Versions: <= 3.1.4 Vulnerability Details: Name: User Registration – Custom Registration…

Read More
WP Plugin Vulnerabilities Image - Prime Slider Addons For Elementor Vulnerability- Authenticated (Contributor+) Stored Cross-Site Scripting via Fiestar Widget - CVE-2024-1506 |WordPress Plugin Vulnerability Report - WordPress Maintenance

Prime Slider Addons For Elementor Vulnerability- Authenticated (Contributor+) Stored Cross-Site Scripting via Fiestar Widget – CVE-2024-1506 |WordPress Plugin Vulnerability Report

By Your WP Guy / Mar 6, 2024

Plugin Name: Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) Key Information: Software Type: Plugin Software Slug: bdthemes-prime-slider-lite Software Status: Active Software Author: bdthemes Software Downloads: 1,987,618 Active Installs: 100,000 Last Updated: March 8, 2024 Patched Versions: 3.13.2 Affected Versions: <= 3.13.1 Vulnerability Details: Name: Prime Slider – Addons…

Read More
WP Plugin Vulnerabilities Image - File Manager Vulnerability- Directory Traversal - CVE-2023-6825 | WordPress Plugin Vulnerability Report  - WordPress Maintenance

File Manager Vulnerability- Directory Traversal – CVE-2023-6825 | WordPress Plugin Vulnerability Report 

By Your WP Guy / Mar 4, 2024

Plugin Name: File Manager Key Information: Software Type: Plugin Software Slug: wp-file-manager Software Status: Active Software Author: mndpsingh287 Software Downloads: 20,544,237 Active Installs: 1,000,000 Last Updated: March 7, 2024 Patched Versions: 7.2.2 Affected Versions: <= 7.2.1 Vulnerability Details: Name: File Manager And File Manager Pro (Multiple Versions) Type: Directory Traversal CVE: CVE-2023-6825 CVSS Score: 9.9…

Read More
WP Plugin Vulnerabilities Image - ProfilePress Vulnerability - Authenticated (Contributor+) Stored Cross-Site Scripting via [reg-select-role] Shortcode - CVE-2024-1409 | WordPress Plugin Vulnerability Report - WordPress Maintenance

ProfilePress Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via [reg-select-role] Shortcode – CVE-2024-1409 | WordPress Plugin Vulnerability Report

By Your WP Guy / Feb 22, 2024

Plugin Name: ProfilePress Key Information: Software Type: Plugin Software Slug: wp-user-avatar Software Status: Active Software Author: collizo4sky Software Downloads: 12,483,598 Active Installs: 200,000 Last Updated: February 22, 2024 Patched Versions: 4.15.1 Affected Versions: <= 4.15.0 Vulnerability Details: Name: ProfilePress <= 4.15.0 – Authenticated (Contributor+) Stored Cross-Site Scripting via [reg-select-role] Shortcode Type: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) CVE: CVE-2024-1409 CVSS Score: 6.4 (Medium) Publicly…

Read More
WP Plugin Vulnerabilities Image - Page Builder: Pagelayer Vulnerability - Authenticated (Contributor+) Stored Cross-Site Scripting via Button - CVE-2024-1590 | WordPress Plugin Vulnerability Report - WordPress Maintenance

Page Builder: Pagelayer Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Button – CVE-2024-1590 | WordPress Plugin Vulnerability Report

By Your WP Guy / Feb 22, 2024

Plugin Name: Page Builder: Pagelayer Key Information: Software Type: Plugin Software Slug: pagelayer Software Status: Active Software Author: softaculous Software Downloads: 5,658,195 Active Installs: 200,000 Last Updated: February 22, 2024 Patched Versions: 1.8.3 Affected Versions: <= 1.8.2 Vulnerability Details: Name: Page Builder: Pagelayer – Drag and Drop website builder <= 1.8.2 – Authenticated (Contributor+) Stored Cross-Site Scripting via Button Title: Authenticated (Contributor+) Stored Cross-Site Scripting via…

Read More
WP Plugin Vulnerabilities Image - Page scroll to id - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode - CVE-2024-1445 |WordPress Plugin Vulnerability Report - WordPress Maintenance

Page scroll to id – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2024-1445 |WordPress Plugin Vulnerability Report

By Your WP Guy / Feb 16, 2024

Plugin Name: Page scroll to id Key Information: Software Type: Plugin Software Slug: page-scroll-to-id Software Status: Active Software Author: malihu Software Downloads: 1,684,219 Active Installs: 100,000 Last Updated: February 27, 2024 Patched Versions: 1.7.9 Affected Versions: <= 1.7.8 Vulnerability Details: Name: Page scroll to id <= 1.7.8 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode…

Read More
WP Plugin Vulnerabilities Image - EmbedPress Vulnerability– Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode - CVE-2024-1349 |WordPress Plugin Vulnerability Report  - WordPress Maintenance

EmbedPress Vulnerability– Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2024-1349 |WordPress Plugin Vulnerability Report 

By Your WP Guy / Feb 14, 2024

Plugin Name: EmbedPress Key Information: Software Type: Plugin Software Slug: embedpress Software Status: Active Software Author: wpdevteam Software Downloads: 2,184,657 Active Installs: 80,000 Last Updated: February 16, 2024 Patched Versions: 3.9.9 Affected Versions: <= 3.9.8 Vulnerability Details: Name: EmbedPress <= 3.9.8 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N CVE: CVE-2024-1349 CVSS Score:…

Read More
WP Plugin Vulnerabilities Image - Simple Share Buttons Adder Vulnerability- Authenticated(Administrator+) Stored Cross-Site Scripting via CSS Settings - CVE-2024-0621 | WordPress Plugin Vulnerability Report - WordPress Maintenance

Simple Share Buttons Adder Vulnerability- Authenticated(Administrator+) Stored Cross-Site Scripting via CSS Settings – CVE-2024-0621 | WordPress Plugin Vulnerability Report

By Your WP Guy / Feb 14, 2024

Plugin Name: Simple Share Buttons Adder Key Information: Software Type: Plugin Software Slug: simple-share-buttons-adder Software Status: Active Software Author: davidoffneal Software Downloads: 4,036,990 Active Installs: 70,000 Last Updated: February 16, 2024 Patched Versions: 8.4.12 Affected Versions: <= 8.4.11 Vulnerability Details: Name: Simple Share Buttons Adder <= 8.4.11 Title: Authenticated(Administrator+) Stored Cross-Site Scripting via CSS Settings…

Read More
WP Plugin Vulnerabilities Image - Premium Addons for Elementor Vulnerability - Authenticated (Contributor+) Stored Cross-Site Scripting via onClick Events - CVE-2024-0326 | WordPress Plugin Vulnerability Report - WordPress Maintenance

Premium Addons for Elementor Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via onClick Events – CVE-2024-0326 | WordPress Plugin Vulnerability Report

By Your WP Guy / Feb 14, 2024

Plugin Name: Premium Addons for Elementor Key Information: Software Type: Plugin Software Slug: premium-addons-for-elementor Software Status: Active Software Author: leap13 Software Downloads: 29,259,716 Active Installs: 700,000 Last Updated: February 16, 2024 Patched Versions: 4.10.19 Affected Versions: <= 4.10.18 Vulnerability Details: Name: Premium Addons for Elementor <= 4.10.18 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via onClick…

Read More
WP Plugin Vulnerabilities Image - SiteOrigin Widgets Bundle Vulnerability- Authenticated (Contributor+) Stored Cross-Site Scripting - CVE-2024-1058 | WordPress Plugin Vulnerability Report - WordPress Maintenance

SiteOrigin Widgets Bundle Vulnerability- Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-1058 | WordPress Plugin Vulnerability Report

By Your WP Guy / Feb 12, 2024

Plugin Name: SiteOrigin Widgets Bundle Key Information: Software Type: Plugin Software Slug: so-widgets-bundle Software Status: Active Software Author: gpriday Software Downloads: 37,808,389 Active Installs: 600,000 Last Updated: February 16, 2024 Patched Versions: 1.58.4 Affected Versions: <= 1.58.3 Vulnerability Details: Name: SiteOrigin Widgets Bundle <= 1.58.3 Title: Authenticated (Contributor+) Stored Cross-Site Scripting Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N CVE: CVE-2024-1058…

Read More