Brizy – Page Builder Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Attributes and Widget Link To URL – CVE-2024-1161, CVE-2024-3667, CVE-2024-2087, CVE-2024-1164 | WordPress Plugin Vulnerability Report

Plugin Name: Brizy – Page Builder Key Information: Software Type: Plugin Software Slug: brizy Software Status: Active Software Author: themefusecom Software Downloads: 4,689,320 Active Installs: 80,000 Last Updated: June 18, 2024 Patched Versions: 2.4.44 Affected Versions: <= 2.4.43 Vulnerability Details: Vulnerability 1: Name: Brizy – Page Builder <= 2.4.43 Title: Authenticated (Contributor+) Stored Cross-Site Scripting…

Read More

PDF Invoices & Packing Slips for WooCommerce Vulnerability – Multiple Vulnerabilities – CVE-2024-3045, CVE-2024-3047 | WordPress Plugin Vulnerability Report

Plugin Name: PDF Invoices & Packing Slips for WooCommerce Key Information: Software Type: Plugin Software Slug: woocommerce-pdf-invoices-packing-slips Software Status: Active Software Author: wpovernight Software Downloads: 15,260,685 Active Installs: 300,000 Last Updated: May 9, 2024 Patched Versions: 3.8.1 Affected Versions: <= 3.8.0 Vulnerability 1 Details: Name: PDF Invoices & Packing Slips for WooCommerce <= 3.8.0 Title:…

Read More

Tutor LMS Vulnerability – eLearning and online course solution – Authenticated (Contributor+) Stored Cross-Site Scripting via ‘tutor_instructor_list’ Shortcode – CVE-2024-3994 | WordPress Plugin Vulnerability Report

Plugin Name: Tutor LMS – eLearning and online course solution Key Information: Software Type: Plugin Software Slug: tutor Software Status: Active Software Author: themeum Software Downloads: 2,051,836 Active Installs: 80,000 Last Updated: May 9, 2024 Patched Versions: 2.7.0 Affected Versions: <= 2.6.2 Vulnerability Details: Name: Tutor LMS – eLearning and online course solution <= 2.6.2…

Read More

Customer Reviews for WooCommerce Vulnerability – Reflected Cross-Site Scripting via ‘s’ – CVE-2024-3731 | WordPress Plugin Vulnerability Report

Plugin Name: Customer Reviews for WooCommerce Key Information: Software Type: Plugin Software Slug: customer-reviews-woocommerce Software Status: Active Software Author: ivole Software Downloads: 4,233,598 Active Installs: 60,000 Last Updated: May 2, 2024 Patched Versions: 5.48.0 Affected Versions: <= 5.47.0 Vulnerability Details: Name: Customer Reviews for WooCommerce <= 5.47.0 Title: Reflected Cross-Site Scripting via ‘s’ Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N…

Read More

HUSKY Vulnerability – Products Filter Professional for WooCommerce – Authenticated (Subscriber+) Remote Code Execution – CVE-2024-32680 | WordPress Plugin Vulnerability Report 

Plugin Name: HUSKY – Products Filter Professional for WooCommerce Key Information: Software Type: Plugin Software Slug: woocommerce-products-filter Software Status: Active Software Author: realmag777 Software Downloads: 1,705,152 Active Installs: 100,000 Last Updated: April 29, 2024 Patched Versions: 1.3.5.3 Affected Versions: <= 1.3.5.2 Vulnerability Details: Name: HUSKY – Products Filter for WooCommerce (formerly WOOF) <= 1.3.5.2 Title:…

Read More

Import any XML or CSV File to WordPress Vulnerability – Cross-Site Request Forgery to Notice Dismissal – CVE-2024-31939 | WordPress Plugin Vulnerability Report

Plugin Name: Import any XML or CSV File to WordPress Key Information: Software Type: Plugin Software Slug: wp-all-import Software Status: Active Software Author: wpallimport Software Downloads: 3,920,346 Active Installs: 100,000 Last Updated: April 24, 2024 Patched Versions: 3.7.4 Affected Versions: <= 3.7.3 Vulnerability Details: Name: Import any XML or CSV File to WordPress <= 3.7.3…

Read More

Best WordPress Gallery Plugin Vulnerability – FooGallery – Authenticated Stored Cross-Site Scripting – CVE-2024-2081 & CVE-2024-247 | WordPress Plugin Vulnerability Report

Plugin Name: Best WordPress Gallery Plugin – FooGallery Key Information: Software Type: Plugin Software Slug: foogallery Software Status: Active Software Author: bradvin Software Downloads: 4,914,021 Active Installs: 100,000 Last Updated: April 16, 2024 Patched Versions: 2.4.15 Affected Versions: <= 2.4.14 Vulnerability 1 Details: Name: FooGallery <= 2.4.14 Title: Authenticated (Author+) Stored Cross-Site Scripting Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N…

Read More

Template Kit – Import Vulnerability – Authenticated Stored Cross-Site Scripting via Template Upload – CVE-2024-2334 | WordPress Plugin Vulnerability Report

Plugin Name: Template Kit – Import Key Information: Software Type: Plugin Software Slug: template-kit-import Software Status: Active Software Author: Envato Software Downloads: 548,134 Active Installs: 100,000 Last Updated: April 2, 2024 Patched Versions: 1.0.15 Affected Versions: <= 1.0.14 Vulnerability Details: Name: Template Kit – Import <= 1.0.14 Title: Authenticated (Author+) Stored Cross-Site Scripting via Template…

Read More

Backuply Vulnerability– Backup, Restore, Migrate and Clone – Authenticated (Administrator+) Directory Traversal – CVE-2024-0697 |WordPress Plugin Vulnerability Report 

Plugin Name: Backuply – Backup, Restore, Migrate and Clone Key Information: Software Type: Plugin Software Slug: backuply Software Status: Active Software Author: Softaculous Software Downloads: 1,893,554 Active Installs: 200,000 Last Updated: February 1, 2024 Patched Versions: 1.2.4 Affected Versions: <= 1.2.3 Vulnerability Details: Name: Backuply – Backup, Restore, Migrate and Clone <= 1.2.3 Title: Authenticated…

Read More

Exclusive Addons for Elementor Vulnerability- Stored Cross-Site Scripting Vulnerabilities – CVE-2024-0824 & CVE-2024-0823 |WordPress Plugin Vulnerability Report 

Plugin Name: Exclusive Addons for Elementor Key Information: Software Type: Plugin Software Slug: exclusive-addons-for-elementor Software Status: Active Software Author: timstrifler Software Downloads: 688,917 Active Installs: 50,000 Last Updated: February 1, 2024 Patched Versions: 2.6.9 Affected Versions: <= 2.6.8 Vulnerability Details (Section 1): Name: Exclusive Addons for Elementor <= 2.6.8 Title: Authenticated (Contributor+) Stored Cross-Site Scripting…

Read More