The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid Vulnerability – Authenticated (Contributor+) Information Disclosure – CVE-2024-7418 | WordPress Plugin Vulnerability Report

Plugin Name: The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid Key Information: Software Type: Plugin Software Slug: the-post-grid Software Status: Active Software Author: techlabpro1 Software Downloads: 2,131,603 Active Installs: 100,000 Last Updated: September 14, 2024 Patched Versions: 7.7.12 Affected Versions: <= 7.7.11 Vulnerability Details: Name: The Post Grid <= 7.7.11…

Read More

GiveWP – Donation Plugin and Fundraising Platform Vulnerability – Unauthenticated Full Path Disclosure – CVE-2024-6551 | WordPress Plugin Vulnerability Report

Plugin Name: GiveWP – Donation Plugin and Fundraising Platform Key Information: Software Type: Plugin Software Slug: give Software Status: Active Software Author: webdevmattcrom Software Downloads: 7,990,636 Active Installs: 100,000 Last Updated: September 14, 2024 Patched Versions: 3.16.0 Affected Versions: <= 3.15.1 Vulnerability Details: Name: GiveWP <= 3.15.1 Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE: CVE-2024-6551 CVSS Score: 5.3 Publicly…

Read More

Mollie Payments for WooCommerce Vulnerability – Unauthenticated Full Path Disclosure – CVE-2024-6448 | WordPress Plugin Vulnerability Report

Plugin Name: Mollie Payments for WooCommerce Key Information: Software Type: Plugin Software Slug: mollie-payments-for-woocommerce Software Status: Active Software Author: mollieintegration Software Downloads: 3,421,407 Active Installs: 100,000 Last Updated: August 27, 2024 Patched Versions: 7.8.0 Affected Versions: <= 7.7.0 Vulnerability Details: Name: Mollie Payments for WooCommerce <= 7.7.0 Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE: CVE-2024-6448 CVSS Score: 5.3 Publicly…

Read More

Jeg Elementor Kit Vulnerability – Authenticated (Author+) Stored Cross-Site Scripting via SVG File – CVE-2024-6804 | WordPress Plugin Vulnerability Report

Plugin Name: Jeg Elementor Kit Key Information: Software Type: Plugin Software Slug: jeg-elementor-kit Software Status: Active Software Author: jegtheme Software Downloads: 1,587,316 Active Installs: 200,000 Last Updated: September 14, 2024 Patched Versions: 2.6.8 Affected Versions: <= 2.6.7 Vulnerability Details: Name: Jeg Elementor Kit <= 2.6.7 Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N CVE: CVE-2024-6804 CVSS Score: 6.4 Publicly Published: August…

Read More

Relevanssi – A Better Search Vulnerability – Unauthenticated Information Exposure – CVE-2024-7630 | WordPress Plugin Vulnerability Report

Plugin Name: Relevanssi – A Better Search Key Information: Software Type: Plugin Software Slug: relevanssi Software Status: Active Software Author: msaari Software Downloads: 6,627,696 Active Installs: 100,000 Last Updated: August 18, 2024 Patched Versions: 4.23.0 Affected Versions: <= 4.22.2 Vulnerability Details: Name: Relevanssi <= 4.22.2 Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE: CVE-2024-7630 CVSS Score: 5.3 Publicly Published: August…

Read More

MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor Vulnerability – Unauthenticated Sensitive Information Exposure – CVE-2024-4266 | WordPress Plugin Vulnerability Report

Plugin Name: MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor Key Information: Software Type: Plugin Software Slug: metform Software Status: Active Software Author: xpeedstudio Software Downloads: 3,830,788 Active Installs: 300,000 Last Updated: June 20, 2024 Patched Versions: 3.8.9 Affected Versions: <= 3.8.8 Vulnerability Details: Name: MetForm – Contact Form, Survey, Quiz,…

Read More

SiteOrigin Widgets Bundle Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via SiteOrigin Blog Widget – CVE-2024-5090 | WordPress Plugin Vulnerability Report

Plugin Name: SiteOrigin Widgets Bundle Key Information: Software Type: Plugin Software Slug: so-widgets-bundle Software Status: Active Software Author: gpriday Software Downloads: 40,018,306 Active Installs: 600,000 Last Updated: June 19, 2024 Patched Versions: 1.62.0 Affected Versions: <= 1.61.1 Vulnerability Details: Name: SiteOrigin Widgets Bundle <= 1.61.1 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via SiteOrigin Blog Widget…

Read More

WP Reset – Most Advanced WordPress Reset Tool Vulnerability – Missing Authorization to License Key Modification – CVE-2024-4661 | WordPress Plugin Vulnerability Report

Plugin Name: WP Reset – Most Advanced WordPress Reset Tool Key Information: Software Type: Plugin Software Slug: wp-reset Software Status: Active Software Author: webfactory Software Downloads: 7,859,387 Active Installs: 300,000 Last Updated: June 20, 2024 Patched Versions: 2.03 Affected Versions: <= 2.01 Vulnerability Details: Name: WP Reset <= 2.02 Title: Missing Authorization to License Key…

Read More

Minimal Coming Soon – Coming Soon Page Vulnerability – Missing Authorization to Limited Settings Change – CVE-2024-5087 | WordPress Plugin Vulnerability Report

Plugin Name: Minimal Coming Soon – Coming Soon Page Key Information: Software Type: Plugin Software Slug: minimal-coming-soon-maintenance-mode Software Status: Active Software Author: webfactory Software Downloads: 2,009,191 Active Installs: 100,000 Last Updated: June 19, 2024 Patched Versions: 2.39 Affected Versions: <= 2.38 Vulnerability Details: Name: Minimal Coming Soon – Coming Soon Page <= 2.38 Title: Missing…

Read More

TablePress – Tables in WordPress made easy Vulnerability – Authenticated (Author+) Server-Side Request Forgery via DNS Rebind – CVE-2024-4354 | WordPress Plugin Vulnerability Report

Plugin Name: TablePress – Tables in WordPress made easy Key Information: Software Type: Plugin Software Slug: tablepress Software Status: Active Software Author: tobiasbg Software Downloads: 15,366,391 Active Installs: 800,000 Last Updated: June 18, 2024 Patched Versions: 2.3.2 Affected Versions: <= 2.3.1 Vulnerability Details: Name: TablePress – Tables in WordPress made easy <= 2.3 Title: Authenticated…

Read More