WordPress plugin updates
Login With Ajax Vulnerability – Cross-Site Request Forgery to Notice Dismissal – CVE-2024-30546 | WordPress Plugin Vulnerability Report
Plugin Name: Login With Ajax – Fast Logins, 2FA, Redirects Key Information: Software Type: Plugin Software Slug: login-with-ajax Software Status: Active Software Author: netweblogic Software Downloads: 1,056,131 Active Installs: 30,000 Last Updated: April 24, 2024 Patched Versions: 4.2 Affected Versions: <= 4.1 Vulnerability Details: Name: Login With Ajax <= 4.1 Title: Cross-Site Request Forgery to…
Read MoreGutenberg Blocks by Kadence Blocks Vulnerability – Page Builder Features – Authenticated(Contributor+) Server-Side Request Forgery (SSRF) – CVE-2023-6964 | WordPress Plugin Vulnerability Report
Plugin Name: Gutenberg Blocks by Kadence Blocks – Page Builder Features Key Information: Software Type: Plugin Software Slug: kadence-blocks Software Status: Active Software Author: britner Software Downloads: 18,430,842 Active Installs: 400,000 Last Updated: April 16, 2024 Patched Versions: 3.2.12 Affected Versions: <= 3.1.26 Vulnerability Details: Name: Gutenberg Blocks by Kadence Blocks – Page Builder Features…
Read MoreCarousel, Slider, Gallery by WP Carousel Vulnerability Vulnerability – Authenticated (Admin+) PHP Object Injection – CVE-2024-3020 | WordPress Plugin Vulnerability Report
Plugin Name: Carousel, Slider, Gallery by WP Carousel – Image Carousel & Photo Gallery, Post Carousel & Post Grid, Product Carousel & Product Grid for WooCommerce Key Information: Software Type: Plugin Software Slug: wp-carousel-free Software Status: Active Software Author: shapedplugin Software Downloads: 1,322,070 Active Installs: 60,000 Last Updated: April 16, 2024 Patched Versions: 2.6.4 Affected…
Read MoreRSS Aggregator by Feedzy Vulnerability – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator – Authenticated Stored Cross-Site Scripting via Shortcode Error Message – CVE-2023-6877 | WordPress Plugin Vulnerability Report
Plugin Name: RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator Key Information: Software Type: Plugin Software Slug: feedzy-rss-feeds Software Status: Active Software Author: themeisle Software Downloads: 2,215,056 Active Installs: 50,000 Last Updated: April 16, 2024 Patched Versions: 4.3.4 Affected Versions: <= 4.3.3 Vulnerability Details: Name: RSS Aggregator by…
Read MoreColibri Page Builder Vulnerability – Authenticated Stored Cross-Site Scripting – CVE-2024-2839 | WordPress Plugin Vulnerability Report
Plugin Name: Colibri Page Builder Key Information: Software Type: Plugin Software Slug: colibri-page-builder Software Status: Active Software Author: extendthemes Software Downloads: 2,492,925 Active Installs: 100,000 Last Updated: April 2, 2024 Patched Versions: 1.0.270 Affected Versions: <= 1.0.263 Vulnerability Details: Name: Colibri Page Builder <= 1.0.263 Title: Authenticated (Contributor+) Stored Cross-Site Scripting Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N CVE: CVE-2024-2839…
Read MoreWordPress Infinite Scroll Vulnerability – Ajax Load More – Authenticated (Administrator+) Stored Cross-Site Scripting | WordPress Plugin Vulnerability Report
Plugin Name: WordPress Infinite Scroll – Ajax Load More Key Information: Software Type: Plugin Software Slug: ajax-load-more Software Status: Active Software Author: connekthq Software Downloads: 1,881,197 Active Installs: 50,000 Last Updated: April 1, 2024 Patched Versions: 7.0.2 Affected Versions: <= 7.0.1 Vulnerability Details: Name: Ajax Load More <= 7.0.1 Title: Authenticated (Administrator+) Stored Cross-Site Scripting…
Read MoreReal Media Library: Media Library Folder & File Manager – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-2027 |WordPress Plugin Vulnerability Report
Plugin Name: Real Media Library: Media Library Folder & File Manager Key Information: Software Type: Plugin Software Slug: real-media-library-lite Software Status: Active Software Author: devowl Software Downloads: 2,429,162 Active Installs: 80,000 Last Updated: March 25, 2024 Patched Versions: 4.22.8 Affected Versions: <= 4.22.7 Vulnerability Details: Name: Real Media Library: Media Library Folder & File Manager…
Read MoreProfilePress Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via [reg-select-role] Shortcode – CVE-2024-1409 | WordPress Plugin Vulnerability Report
Plugin Name: ProfilePress Key Information: Software Type: Plugin Software Slug: wp-user-avatar Software Status: Active Software Author: collizo4sky Software Downloads: 12,483,598 Active Installs: 200,000 Last Updated: February 22, 2024 Patched Versions: 4.15.1 Affected Versions: <= 4.15.0 Vulnerability Details: Name: ProfilePress <= 4.15.0 – Authenticated (Contributor+) Stored Cross-Site Scripting via [reg-select-role] Shortcode Type: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) CVE: CVE-2024-1409 CVSS Score: 6.4 (Medium) Publicly…
Read More