WordPress plugin update

LearnPress Vulnerability – WordPress LMS Plugin – CVE-2024-1289, CVE-2024-1463, CVE-2024-2115 – WordPress Plugin Vulnerability Report

By Your WP Guy / Apr 4, 2024

Plugin Name: LearnPress – WordPress LMS Plugin Key Information: Software Type: Plugin Software Slug: learnpress Software Status: Active Software Author: thimpress Software Downloads: 4,139,739 Active Installs: 90,000 Last Updated: April 4, 2024 Patched Versions: 4.2.6.4, 4.0.1 Affected Versions: <= 4.2.6.3, <= 4.0.0 Vulnerability 1: Insecure Direct Object Reference CVE: CVE-2024-1289 CVSS Score: 6.5 Publicly Published:…

Read More

Smart Custom Fields Vulnerability – Missing Authorization to Authenticated (Subscriber+) Post Content Disclosure – CVE-2024-1995 | WordPress Plugin Vulnerability Report

By Your WP Guy / Mar 19, 2024

Plugin Name: Smart Custom Fields Key Information: Software Type: Plugin Software Slug: smart-custom-fields Software Status: Active Software Author: inc2734 Software Downloads: 224,550 Active Installs: 50,000 Last Updated: March 19, 2024 Patched Versions: 5.0.0 Affected Versions: <= 4.2.2 Vulnerability Details: Name: Smart Custom Fields <= 4.2.2 Title: Missing Authorization to Authenticated (Subscriber+) Post Content Disclosure Type:…

Read More

Essential Blocks Vulnerability- Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-1854 | WordPress Plugin Vulnerability Report

By Your WP Guy / Feb 28, 2024

Plugin Name: Essential Blocks Key Information: Software Type: Plugin Software Slug: essential-blocks Software Status: Active Software Author: wpdevteam Software Downloads: 2,615,695 Active Installs: 100,000 Last Updated: February 28, 2024 Patched Versions: <= 4.5.1 Affected Versions: 4.5.2 Vulnerability Details: Name: Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 4.5.1 Title: Authenticated (Contributor+) Stored…

Read More