Photo Gallery by 10Web – Mobile-Friendly Image Gallery Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Zipped SVG & Path Traversal via esc_dir Function – CVE-2024-5426, CVE-2024-5481 | WordPress Plugin Vulnerability Report

Plugin Name: Photo Gallery by 10Web – Mobile-Friendly Image Gallery Key Information: Software Type: Plugin Software Slug: photo-gallery Software Status: Active Software Author: 10Web Software Downloads: 18,052,863 Active Installs: 200,000 Last Updated: June 19, 2024 Patched Versions: 1.8.24 Affected Versions: <= 1.8.23 Vulnerability 1 Details: Name: Photo Gallery by 10Web – Mobile-Friendly Image Gallery <=…

Read More

Elementor Header & Footer Builder Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-2618 | WordPress Plugin Vulnerability Report

Plugin Name: Elementor Header & Footer Builder Key Information: Software Type: Plugin Software Slug: header-footer-elementor Software Status: Active Software Author: brainstormforce Software Downloads: 28,801,489 Active Installs: 1,000,000 Last Updated: May 23, 2024 Patched Versions: 1.6.26.1 Affected Versions: <= 1.6.26 Vulnerability Details: Name: Elementor Header & Footer Builder <= 1.6.26 – Authenticated (Contributor+) Stored Cross-Site Scripting…

Read More

ProfilePress Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via ProfilePress User Panel Widget – CVE-2024-2861 | WordPress Plugin Vulnerability Report

Plugin Name: ProfilePress Key Information: Software Type: Plugin Software Slug: wp-user-avatar Software Status: Active Software Author: collizo4sky Software Downloads: 13,011,623 Active Installs: 200,000 Last Updated: May 22, 2024 Patched Versions: 4.15.9 Affected Versions: <= 4.15.8 Vulnerability Details: Name: ProfilePress <= 4.15.8 – Authenticated (Contributor+) Stored Cross-Site Scripting via ProfilePress User Panel Widget Type: Improper Neutralization…

Read More

LearnPress Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter – CVE-2024-4971 | WordPress Plugin Vulnerability Report

Plugin Name: LearnPress Key Information: Software Type: Plugin Software Slug: learnpress Software Status: Active Software Author: thimpress Software Downloads: 4,287,642 Active Installs: 90,000 Last Updated: May 21, 2024 Patched Versions: 4.2.6.7 Affected Versions: <= 4.2.6.6 Vulnerability Details: Name: LearnPress – WordPress LMS Plugin <= 4.2.6.6 – Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter Type:…

Read More

Sina Extension for Elementor Vulnerability – Authenticated (Contributor+) Stored Cross-site Scriping via ‘Sina Particle Layer’ – CVE-2024-4373 | WordPress Plugin Vulnerability Report

Plugin Name: Sina Extension for Elementor Key Information: Software Type: Plugin Software Slug: sina-extension-for-elementor Software Status: Active Software Author: shaonsina Software Downloads: 550,459 Active Installs: 50,000 Last Updated: May 14, 2024 Patched Versions: 3.5.4 Affected Versions: <= 3.5.3 Vulnerability Details: Name: Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor…

Read More

One Click Demo Import Vulnerability – Authenticated (Admin+) PHP Object Injection – CVE-2024-34433 | WordPress Plugin Vulnerability Report

Plugin Name: One Click Demo Import Key Information: Software Type: Plugin Software Slug: one-click-demo-import Software Status: Active Software Author: smub Software Downloads: 15,730,116 Active Installs: 1,000,000 Last Updated: May 7, 2024 Patched Versions: 3.2.1 Affected Versions: <= 3.2.0 Vulnerability Details: Name: One Click Demo Import <= 3.2.0 – Authenticated (Admin+) PHP Object Injection Type: Deserialization…

Read More

FileBird Vulnerability – WordPress Media Library Folders & File Manager – Authenticated Insecure Direct Object Reference – CVE-2024-2346 | WordPress Plugin Vulnerability Report

Plugin Name: FileBird – WordPress Media Library Folders & File Manager Key Information: Software Type: Plugin Software Slug: filebird Software Status: Active Software Author: ninjateam Software Downloads: 4,220,916 Active Installs: 200,000 Last Updated: April 25, 2024 Patched Versions: 5.6.4 Affected Versions: <= 5.6.3 Vulnerability Details: Name: FileBird – WordPress Media Library Folders & File Manager…

Read More

LearnPress Vulnerability – WordPress LMS Plugin – CVE-2024-1289, CVE-2024-1463, CVE-2024-2115 – WordPress Plugin Vulnerability Report

Plugin Name: LearnPress – WordPress LMS Plugin Key Information: Software Type: Plugin Software Slug: learnpress Software Status: Active Software Author: thimpress Software Downloads: 4,139,739 Active Installs: 90,000 Last Updated: April 4, 2024 Patched Versions: 4.2.6.4, 4.0.1 Affected Versions: <= 4.2.6.3, <= 4.0.0 Vulnerability 1: Insecure Direct Object Reference CVE: CVE-2024-1289 CVSS Score: 6.5 Publicly Published:…

Read More

Smart Custom Fields Vulnerability – Missing Authorization to Authenticated (Subscriber+) Post Content Disclosure – CVE-2024-1995 | WordPress Plugin Vulnerability Report

Plugin Name: Smart Custom Fields Key Information: Software Type: Plugin Software Slug: smart-custom-fields Software Status: Active Software Author: inc2734 Software Downloads: 224,550 Active Installs: 50,000 Last Updated: March 19, 2024 Patched Versions: 5.0.0 Affected Versions: <= 4.2.2 Vulnerability Details: Name: Smart Custom Fields <= 4.2.2 Title: Missing Authorization to Authenticated (Subscriber+) Post Content Disclosure Type:…

Read More

Essential Blocks Vulnerability- Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-1854 | WordPress Plugin Vulnerability Report

Plugin Name: Essential Blocks Key Information: Software Type: Plugin Software Slug: essential-blocks Software Status: Active Software Author: wpdevteam Software Downloads: 2,615,695 Active Installs: 100,000 Last Updated: February 28, 2024 Patched Versions: <= 4.5.1 Affected Versions: 4.5.2 Vulnerability Details: Name: Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 4.5.1 Title: Authenticated (Contributor+) Stored…

Read More