Media Cleaner: Clean your WordPress! Vulnerability – Unauthenticated Information Exposure – CVE-2024-33922 | WordPress Plugin Vulnerability Report

Plugin Name: Media Cleaner: Clean your WordPress! Key Information: Software Type: Plugin Software Slug: media-cleaner Software Status: Active Software Author: tigroumeow Software Downloads: 2,778,078 Active Installs: 70,000 Last Updated: May 10, 2024 Patched Versions: 6.7.3 Affected Versions: <= 6.7.2 Vulnerability Details: Name: Media Cleaner: Clean your WordPress! <= 6.7.2 Title: Unauthenticated Information Exposure Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N…

Read More

NextGEN Gallery Vulnerability – Authenticated Stored Cross-Site Scripting – CVE-2024-2744 | WordPress Plugin Vulnerability Report 

Plugin Name: NextGEN Gallery – Create an Amazing Photo Gallery in Seconds Key Information: Software Type: Plugin Software Slug: nextgen-gallery Software Status: Active Software Author: smub Software Downloads: 40,372,789 Active Installs: 500,000 Last Updated: May 12, 2024 Patched Versions: 3.59.1 Affected Versions: <= 3.59 Vulnerability Details: Name: NextGEN Gallery <= 3.59 Title: Authenticated (Administrator+) Stored…

Read More

FameTheme Demo Importer Vulnerability – Cross-Site Request Forgery – CVE-2024-33679 | WordPress Plugin Vulnerability Report 

Plugin Name: FameTheme Demo Importer Key Information: Software Type: Plugin Software Slug: famethemes-demo-importer Software Status: Active Software Author: famethemes Software Downloads: 708,614 Active Installs: 50,000 Last Updated: May 10, 2024 Patched Versions: Not available Affected Versions: <= 1.1.5 Vulnerability Details: Name: FameTheme Demo Importer <= 1.1.5 Title: Cross-Site Request Forgery (CSRF) Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE: CVE-2024-33679…

Read More

GiveWP Vulnerability – Donation Plugin and Fundraising Platform – Authenticated PHP Object Injection – CVE-2024-30229 | WordPress Plugin Vulnerability Report 

Plugin Name: GiveWP – Donation Plugin and Fundraising Platform Key Information: Software Type: Plugin Software Slug: give Software Status: Active Software Author: webdevmattcrom Software Downloads: 7,225,697 Active Installs: 100,000 Last Updated: May 13, 2024 Patched Versions: 3.5.0 Affected Versions: <= 3.4.2 Vulnerability Details: Name: GiveWP – Donation Plugin and Fundraising Platform <= 3.4.2 Title: Authenticated…

Read More

The Plus Addons for Elementor Vulnerability – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce – Authenticated Stored Cross-Site Scripting – CVE-2024-3197, CVE-2024-3199 | WordPress Plugin Vulnerability Report 

Plugin Name: The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce Key Information: Software Type: Plugin Software Slug: the-plus-addons-for-elementor-page-builder Software Status: Active Software Author: posimyththemes Software Downloads: 2,244,805 Active Installs: 100,000 Last Updated: May 10, 2024 Patched Versions: 5.5.0 Affected Versions: <= 5.4.2 Vulnerability Details: Name: The Plus Addons for…

Read More

FOX – Currency Switcher Professional for WooCommerce Vulnerability – Unauthenticated Arbitrary Shortcode Execution – CVE-2024-3734 |WordPress Plugin Vulnerability Report

Plugin Name: FOX – Currency Switcher Professional for WooCommerce Key Information: Software Type: Plugin Software Slug: woocommerce-currency-switcher Software Status: Active Software Author: realmag777 Software Downloads: 1,688,317 Active Installs: 60,000 Last Updated: May 9, 2024 Patched Versions: 1.4.1.9 Affected Versions: <= 1.4.1.8 Vulnerability Details: Name: FOX – Currency Switcher Professional for WooCommerce <= 1.4.1.8 Title: Unauthenticated…

Read More

Popup Box Vulnerability – Best WordPress Popup Plugin – Missing Authorization to Information Exposure – CVE-2024-3897 | WordPress Plugin Vulnerability Report

Plugin Name: Popup Box – Best WordPress Popup Plugin Key Information: Software Type: Plugin Software Slug: ays-popup-box Software Status: Active Software Author: ays-pro Software Downloads: 1,223,022 Active Installs: 30,000 Last Updated: May 9, 2024 Patched Versions: 4.3.7 Affected Versions: <= 4.3.6 Vulnerability Details: Name: Popup Box – Best WordPress Popup Plugin <= 4.3.6 Title: Missing…

Read More

Colibri Page Builder Vulnerability – Multiple Stored XSS Vulnerabilities – CVE-2024-3340, CVE-2024-3337, CVE-2024-3338 | WordPress Plugin Vulnerability Report 

Plugin Name: Colibri Page Builder Key Information: Software Type: Plugin Software Slug: colibri-page-builder Software Status: Active Software Author: extendthemes Software Downloads: 2,612,262 Active Installs: 100,000 Last Updated: May 9, 2024 Patched Versions: 1.0.274 Affected Versions: <= 1.0.272 Vulnerability Details: Name: Colibri Page Builder <= 1.0.272 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via ‘colibri-gallery-slideshow’ Shortcode Type:…

Read More

Database for Contact Form 7, WPforms, Elementor forms Vulnrability – Unauthenticated Stored Cross-Site Scripting – CVE-2024-3715 | WordPress Plugin Vulnerability Report

Plugin Name: Database for Contact Form 7, WPforms, Elementor forms Key Information: Software Type: Plugin Software Slug: contact-form-entries Software Status: Active Software Author: crmperks Software Downloads: 661,856 Active Installs: 70,000 Last Updated: May 8, 2024 Patched Versions: 1.3.9 Affected Versions: <= 1.3.8 Vulnerability Details: Name: Database for Contact Form 7, WPforms, Elementor forms <= 1.3.8…

Read More

User Registration Vulnerability – Custom Registration Form, Login Form, and User Profile – Missing Authorization to Authenticated (Subscriber+) Privilege Escalation – CVE-2024-2417 | WordPress Plugin Vulnerability Report

Plugin Name: User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin Key Information: Software Type: Plugin Software Slug: user-registration Software Status: Active Software Author: wpeverest Software Downloads: 2,655,257 Active Installs: 70,000 Last Updated: May 2, 2024 Patched Versions: 3.2.0 Affected Versions: <=3.1.5 Vulnerability Details: Name: User Registration – Custom Registration Form,…

Read More