MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor Vulnerability – Unauthenticated Double-Extension Arbitrary File Upload – CVE-2023-0714 | WordPress Plugin Vulnerability Report

Plugin Name: MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor Key Information: Software Type: Plugin Software Slug: metform Software Status: Active Software Author: xpeedstudio Software Downloads: 3,995,704 Active Installs: 400,000 Last Updated: August 19, 2024 Patched Versions: 3.3.0 Affected Versions: <= 3.2.4 Vulnerability Details: Name: Metform Elementor Contact Form Builder <=…

Read More

 Colibri Page Builder Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-5038, CVE-2024-4451 | WordPress Plugin Vulnerability Report

Plugin Name: Colibri Page Builder Key Information: Software Type: Plugin Software Slug: colibri-page-builder Software Status: Active Software Author: extendthemes Software Downloads: 2,729,511 Active Installs: 100,000 Last Updated: June 20, 2024 Patched Versions: 1.0.277 Affected Versions: <= 1.0.276 Vulnerability 1 Details: Name: Colibri Page Builder <= 1.0.276 – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Type:…

Read More

LearnPress Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter – CVE-2024-4971 | WordPress Plugin Vulnerability Report

Plugin Name: LearnPress Key Information: Software Type: Plugin Software Slug: learnpress Software Status: Active Software Author: thimpress Software Downloads: 4,287,642 Active Installs: 90,000 Last Updated: May 21, 2024 Patched Versions: 4.2.6.7 Affected Versions: <= 4.2.6.6 Vulnerability Details: Name: LearnPress – WordPress LMS Plugin <= 4.2.6.6 – Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter Type:…

Read More

Order Export & Order Import for WooCommerce Vulnerability – Authenticated (Administrator+) PHP Object Injection – CVE-2024-34751 | WordPress Plugin Vulnerability Report

Plugin Name: Order Export & Order Import for WooCommerce Key Information: Software Type: Plugin Software Slug: order-import-export-for-woocommerce Software Status: Active Software Author: webtoffee Software Downloads: 1,536,946 Active Installs: 50,000 Last Updated: May 14, 2024 Patched Versions: 2.5.0 Affected Versions: <= 2.4.9 Vulnerability Details: Name: Order Export & Order Import for WooCommerce <= 2.4.9 – Authenticated…

Read More

AI Engine Vulnerability – Authenticated (Editor+) Arbitrary File Upload – CVE-2024-34440 | WordPress Plugin Vulnerability Report

Plugin Name: AI Engine Key Information: Software Type: Plugin Software Slug: ai-engine Software Status: Active Software Author: tigroumeow Software Downloads: 2,383,435 Active Installs: 70,000 Last Updated: May 7, 2024 Patched Versions: 2.2.70 Affected Versions: <= 2.2.63 Vulnerability Details: Name: AI Engine: ChatGPT Chatbot <= 2.2.63 – Authenticated (Editor+) Arbitrary File Upload Type: Unrestricted Upload of…

Read More

Drag and Drop Multiple File Upload Vulnerability – Contact Form 7 – Sensitive Information Exposure – CVE-2024-3717 | WordPress Plugin Vulnerability Report 

Plugin Name: Drag and Drop Multiple File Upload – Contact Form 7 Key Information: Software Type: Plugin Software Slug: drag-and-drop-multiple-file-upload-contact-form-7 Software Status: Active Software Author: glenwpcoder Software Downloads: 717,544 Active Installs: 60,000 Last Updated: May 10, 2024 Patched Versions: 1.3.7.8 Affected Versions: <= 1.3.7.7 Vulnerability Details: Name: Drag and Drop Multiple File Upload – Contact…

Read More

MailerLite Vulnerability – Signup forms (official) – Multiple Vulnerabilities – CVE-2024-2797, CVE-2024-1386 | WordPress Plugin Vulnerability Report

Plugin Name: MailerLite – Signup forms (official) Key Information: Software Type: Plugin Software Slug: official-mailerlite-sign-up-forms Software Status: Active Software Author: mailerlite Software Downloads: 1,634,637 Active Installs: 80,000 Last Updated: May 10, 2024 Patched Versions: 1.7.7 Affected Versions: <= 1.7.6 Vulnerability Details: Name: MailerLite – Signup forms (official) <= 1.7.6 Title: Missing Authorization Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE:…

Read More

Form Maker by 10Web Vulnerability – Mobile-Friendly Drag & Drop Contact Form Builder – Authenticated Stored Self-Based Cross-Site Scripting – CVE-2024-2258 | WordPress Plugin Vulnerability Report 

Plugin Name: Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder Key Information: Software Type: Plugin Software Slug: form-maker Software Status: Active Software Author: 10web Software Downloads: 4,737,462 Active Installs: 50,000 Last Updated: May 13, 2024 Patched Versions: 1.15.25 Affected Versions: 1.15.24 Vulnerability Details: Name: Form Maker by 10Web <= 1.15.24 Title:…

Read More

hCaptcha for WordPress Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via cf7-hcaptcha Shortcode – CVE-2024-4014 | WordPress Plugin Vulnerability Report 

Plugin Name: hCaptcha for WordPress Key Information: Software Type: Plugin Software Slug: hcaptcha-for-forms-and-more Software Status: Active Software Author: hcaptcha Software Downloads: 867,958 Active Installs: 50,000 Last Updated: May 3, 2024 Patched Versions: 4.0.1 Affected Versions: <= 4.0.0 Vulnerability Details: Name: hCaptcha for WordPress <= 4.0.0 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via cf7-hcaptcha Shortcode Type:…

Read More

Backup Migration Vulnerability – Information Exposure via Log Files – CVE-2024-32686 | WordPress Plugin Vulnerability Report

Plugin Name: Backup Migration Key Information: Software Type: Plugin Software Slug: backup-backup Software Status: Active Software Author: inisev Software Downloads: 1,449,047 Active Installs: 80,000 Last Updated: May 2, 2024 Patched Versions: 1.4.4 Affected Versions: <= 1.4.3 Vulnerability Details: Name: Backup Migration <= 1.4.3 Title: Information Exposure via Log Files Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE: CVE-2024-32686 CVSS Score:…

Read More