Print Invoice & Delivery Notes for WooCommerce Vulnerability – Missing Authorization to Notice Dismissal – CVE-2024-4233 | WordPress Plugin Vulnerability Report 

Plugin Name: Print Invoice & Delivery Notes for WooCommerce Key Information: Software Type: Plugin Software Slug: woocommerce-delivery-notes Software Status: Active Software Author: tychesoftwares Software Downloads: 999,558 Active Installs: 40,000 Last Updated: May 10, 2024 Patched Versions: 4.9.0 Affected Versions: <= 4.8.1 Vulnerability Details: Name: Multiple Plugins by tychesoftwares <= 4.8.1 Title: Missing Authorization to Notice…

Read More

Contact Form 7 Database Addon Vulnerability – CFDB7 – Unauthenticated Sensitive Information Exposure – CVE-2024-3870 | WordPress Plugin Vulnerability Report 

Plugin Name: Contact Form 7 Database Addon – CFDB7 Key Information: Software Type: Plugin Software Slug: contact-form-cfdb7 Software Status: Active Software Author: arshidkv12 Software Downloads: 5,113,134 Active Installs: 600,000 Last Updated: May 10, 2024 Patched Versions: 1.2.7 Affected Versions: <= 1.2.6.8 Vulnerability Details: Name: Contact Form 7 Database Addon – CFDB7 <= 1.2.6.8 Title: Unauthenticated…

Read More

Hide Dashboard Notifications Vulnerability – Cross-Site Request Forgery – CVE-2024-33683 | WordPress Plugin Vulnerability Report 

Plugin Name: Hide Dashboard Notifications Key Information: Software Type: Plugin Software Slug: wp-hide-backed-notices Software Status: Active Software Author: wprepublic Software Downloads: 168,065 Active Installs: 30,000 Last Updated: May 10, 2024 Patched Versions: 1.3 Affected Versions: <= 1.2.3 Vulnerability Details: Name: Hide Dashboard Notifications <= 1.2.3 Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE: CVE-2024-33683 CVSS Score: 4.3 Publicly Published: April…

Read More

Schema & Structured Data for WP & AMP Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via How To and FAQ Blocks – CVE-2024-3491 | WordPress Plugin Vulnerability Report

Plugin Name: Schema & Structured Data for WP & AMP Key Information: Software Type: Plugin Software Slug: schema-and-structured-data-for-wp Software Status: Active Software Author: magazine3 Software Downloads: 5,175,623 Active Installs: 100,000 Last Updated: May 6, 2024 Patched Versions: 1.30 Affected Versions: <= 1.29 Vulnerability Details: Name: Schema & Structured Data for WP & AMP <= 1.29…

Read More

Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Price List Widget – CVE-2024-1426 | WordPress Plugin Vulnerability Report

Plugin Name: Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) Key Information: Software Type: Plugin Software Slug: bdthemes-element-pack-lite Software Status: Active Software Author: bdthemes Software Downloads: 2,072,488 Active Installs: 100,000 Last Updated: May 2, 2024 Patched Versions: 5.6.1 Affected Versions: <= 5.6.0 Vulnerability Details: Name: Element Pack Elementor Addons…

Read More

Blocksy Companion Vulnerability – Cross-Site Request Forgery – CVE-2024-31932 | WordPress Plugin Vulnerability Report 

Plugin Name: Blocksy Companion Key Information: Software Type: Plugin Software Slug: blocksy-companion Software Status: Active Software Author: creativethemeshq Software Downloads: 7,114,824 Active Installs: 200,000 Last Updated: April 24, 2024 Patched Versions: 2.0.29 Affected Versions: <= 2.0.28 Vulnerability Details: Name: Blocksy Companion <= 2.0.28 Title: Cross-Site Request Forgery Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE: CVE-2024-31932 CVSS Score: 5.3 Publicly…

Read More

Booking for Appointments and Events Calendar Vulnerability – Amelia – Cross-Site Request Forgery – CVE-2024-31425 | WordPress Plugin Vulnerability Report

Plugin Name: Booking for Appointments and Events Calendar – Amelia Key Information: Software Type: Plugin Software Slug: ameliabooking Software Status: Active Software Author: ameliabooking Software Downloads: 602,133 Active Installs: 60,000 Last Updated: April 24, 2024 Patched Versions: 1.0.96 Affected Versions: <= 1.0.95 Vulnerability Details: Name: Amelia <= 1.0.95 Title: Cross-Site Request Forgery Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE:…

Read More

WPFront User Role Editor Vulnerability – Limited Information Exposure – CVE-2024-2931 | WordPress Plugin Vulnerability Report

Plugin Name: WPFront User Role Editor Key Information: Software Type: Plugin Software Slug: wpfront-user-role-editor Software Status: Active Software Author: syammohanm Software Downloads: 787,036 Active Installs: 50,000 Last Updated: April 2, 2024 Patched Versions: 4.1.0 Affected Versions: <= 3.2.1.11184 Vulnerability Details: Name: WPFront User Role Editor <= 3.2.1.11184 Title: Limited Information Exposure Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE: CVE-2024-2931…

Read More

Beaver Builder Vulnerability – WordPress Page Builder – Authenticated Stored Cross-Site Scripting via Button – CVE-2024-2925 | WordPress Plugin Vulnerability Report 

Plugin Name: Beaver Builder – WordPress Page Builder Key Information: Software Type: Plugin Software Slug: beaver-builder-lite-version Software Status: Active Software Author: justinbusa Software Downloads: 9,939,163 Active Installs: 10,000 Last Updated: April 3, 2024 Patched Versions: 2.8.0.7 Affected Versions: <= 2.8.0.5 Vulnerability Details: Name: Beaver Builder – WordPress Page Builder <= 2.8.0.5 Title: Authenticated (Contributor+) Stored…

Read More

Essential Addons for Elementor Vulnerability – Best Elementor Templates, Widgets, Kits & WooCommerce Builders – Authenticated (Author+) PHP Object Injection via error_resetpassword – CVE-2024-3018 | WordPress Plugin Vulnerability Report

Plugin Name: Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders Key Information: Software Type: Plugin Software Slug: essential-addons-for-elementor-lite Software Status: Active Software Author: wpdevteam Software Downloads: 69,249,566 Active Installs: 2,000,000 Last Updated: April 3, 2024 Patched Versions: 5.9.14 Affected Versions: <= 5.9.13 Vulnerability Details: Name: Essential Addons for Elementor <=…

Read More