Posts Tagged ‘WordPress plugin update’
Elementor Addon Elements Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Parameters – CVE-2024-4401, CVE-2024-7122 | WordPress Plugin Vulnerability Report
Plugin Name: Elementor Addon Elements Key Information: Software Type: Plugin Software Slug: addon-elements-for-elementor-page-builder Software Status: Active Software Author: webtechstreet Software Downloads: 2,783,086 Active Installs: 100,000 Last Updated: September 14, 2024 Patched Versions: 1.13.6, 1.13.7 Affected Versions: <= 1.13.5, <= 1.13.6 Vulnerability 1 Details: Name: Elementor Addon Elements <= 1.13.5 Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N CVE: CVE-2024-4401 CVSS Score:…
Read MoreBeaver Builder – WordPress Page Builder Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via type Parameter – CVE-2024-7895 | WordPress Plugin Vulnerability Report
Plugin Name: Beaver Builder – WordPress Page Builder Key Information: Software Type: Plugin Software Slug: beaver-builder-lite-version Software Status: Active Software Author: justinbusa Software Downloads: 10,741,953 Active Installs: 100,000 Last Updated: September 3, 2024 Patched Versions: 2.8.3.6 Affected Versions: <= 2.8.3.5 Vulnerability Details: Name: Beaver Builder (Lite Version) <= 2.8.3.5 Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N CVE: CVE-2024-7895 CVSS Score:…
Read MoreJeg Elementor Kit Vulnerability – Authenticated (Author+) Stored Cross-Site Scripting via SVG File – CVE-2024-6804 | WordPress Plugin Vulnerability Report
Plugin Name: Jeg Elementor Kit Key Information: Software Type: Plugin Software Slug: jeg-elementor-kit Software Status: Active Software Author: jegtheme Software Downloads: 1,587,316 Active Installs: 200,000 Last Updated: September 14, 2024 Patched Versions: 2.6.8 Affected Versions: <= 2.6.7 Vulnerability Details: Name: Jeg Elementor Kit <= 2.6.7 Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N CVE: CVE-2024-6804 CVSS Score: 6.4 Publicly Published: August…
Read MorePhoto Gallery by 10Web – Mobile-Friendly Image Gallery Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Zipped SVG & Path Traversal via esc_dir Function – CVE-2024-5426, CVE-2024-5481 | WordPress Plugin Vulnerability Report
Plugin Name: Photo Gallery by 10Web – Mobile-Friendly Image Gallery Key Information: Software Type: Plugin Software Slug: photo-gallery Software Status: Active Software Author: 10Web Software Downloads: 18,052,863 Active Installs: 200,000 Last Updated: June 19, 2024 Patched Versions: 1.8.24 Affected Versions: <= 1.8.23 Vulnerability 1 Details: Name: Photo Gallery by 10Web – Mobile-Friendly Image Gallery <=…
Read MoreElementor Header & Footer Builder Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-2618 | WordPress Plugin Vulnerability Report
Plugin Name: Elementor Header & Footer Builder Key Information: Software Type: Plugin Software Slug: header-footer-elementor Software Status: Active Software Author: brainstormforce Software Downloads: 28,801,489 Active Installs: 1,000,000 Last Updated: May 23, 2024 Patched Versions: 1.6.26.1 Affected Versions: <= 1.6.26 Vulnerability Details: Name: Elementor Header & Footer Builder <= 1.6.26 – Authenticated (Contributor+) Stored Cross-Site Scripting…
Read MoreProfilePress Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via ProfilePress User Panel Widget – CVE-2024-2861 | WordPress Plugin Vulnerability Report
Plugin Name: ProfilePress Key Information: Software Type: Plugin Software Slug: wp-user-avatar Software Status: Active Software Author: collizo4sky Software Downloads: 13,011,623 Active Installs: 200,000 Last Updated: May 22, 2024 Patched Versions: 4.15.9 Affected Versions: <= 4.15.8 Vulnerability Details: Name: ProfilePress <= 4.15.8 – Authenticated (Contributor+) Stored Cross-Site Scripting via ProfilePress User Panel Widget Type: Improper Neutralization…
Read MoreLearnPress Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter – CVE-2024-4971 | WordPress Plugin Vulnerability Report
Plugin Name: LearnPress Key Information: Software Type: Plugin Software Slug: learnpress Software Status: Active Software Author: thimpress Software Downloads: 4,287,642 Active Installs: 90,000 Last Updated: May 21, 2024 Patched Versions: 4.2.6.7 Affected Versions: <= 4.2.6.6 Vulnerability Details: Name: LearnPress – WordPress LMS Plugin <= 4.2.6.6 – Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter Type:…
Read MoreSina Extension for Elementor Vulnerability – Authenticated (Contributor+) Stored Cross-site Scriping via ‘Sina Particle Layer’ – CVE-2024-4373 | WordPress Plugin Vulnerability Report
Plugin Name: Sina Extension for Elementor Key Information: Software Type: Plugin Software Slug: sina-extension-for-elementor Software Status: Active Software Author: shaonsina Software Downloads: 550,459 Active Installs: 50,000 Last Updated: May 14, 2024 Patched Versions: 3.5.4 Affected Versions: <= 3.5.3 Vulnerability Details: Name: Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor…
Read MoreOne Click Demo Import Vulnerability – Authenticated (Admin+) PHP Object Injection – CVE-2024-34433 | WordPress Plugin Vulnerability Report
Plugin Name: One Click Demo Import Key Information: Software Type: Plugin Software Slug: one-click-demo-import Software Status: Active Software Author: smub Software Downloads: 15,730,116 Active Installs: 1,000,000 Last Updated: May 7, 2024 Patched Versions: 3.2.1 Affected Versions: <= 3.2.0 Vulnerability Details: Name: One Click Demo Import <= 3.2.0 – Authenticated (Admin+) PHP Object Injection Type: Deserialization…
Read MoreFileBird Vulnerability – WordPress Media Library Folders & File Manager – Authenticated Insecure Direct Object Reference – CVE-2024-2346 | WordPress Plugin Vulnerability Report
Plugin Name: FileBird – WordPress Media Library Folders & File Manager Key Information: Software Type: Plugin Software Slug: filebird Software Status: Active Software Author: ninjateam Software Downloads: 4,220,916 Active Installs: 200,000 Last Updated: April 25, 2024 Patched Versions: 5.6.4 Affected Versions: <= 5.6.3 Vulnerability Details: Name: FileBird – WordPress Media Library Folders & File Manager…
Read More