Simple Sitemap Vulnerability – Cross-Site Request Forgery via admin_notices – CVE-2023-6492 | WordPress Plugin Vulnerability Report

Plugin Name: Simple Sitemap – Create a Responsive HTML Sitemap Key Information: Software Type: Plugin Software Slug: simple-sitemap Software Status: Active Software Author: dgwyer Software Downloads: 1,541,369 Active Installs: 90,000 Last Updated: July 2, 2024 Patched Versions: 3.5.14 Affected Versions: <= 3.5.13 Vulnerability Details: Name: Simple Sitemap <= 3.5.13 Title: Cross-Site Request Forgery via admin_notices…

Read More

Download Manager Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via wpdm_modal_login_form Shortcode – CVE-2024-4001 | WordPress Plugin Vulnerability Report

Plugin Name: Download Manager Key Information: Software Type: Plugin Software Slug: download-manager Software Status: Active Software Author: codename065 Software Downloads: 8,675,361 Active Installs: 100,000 Last Updated: June 11, 2024 Patched Versions: 3.2.94 Affected Versions: <= 3.2.93 Vulnerability Details: Name: Download Manager <= 3.2.93 Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N CVE: CVE-2024-4001 CVSS Score: 6.4 Publicly Published: June 4, 2024…

Read More

Newsletter, SMTP, Email marketing and Subscribe forms by Brevo (formerly Sendinblue) Vulnerability – Reflected Cross-Site Scripting – CVE-2024-35668 | WordPress Plugin Vulnerability Report

Plugin Name: Newsletter, SMTP, Email marketing and Subscribe forms by Brevo (formerly Sendinblue) Key Information: Software Type: Plugin Software Slug: mailin Software Status: Active Software Author: neeraj_slit Software Downloads: 4,539,519 Active Installs: 100,000 Last Updated: June 12, 2024 Patched Versions: 3.1.78 Affected Versions: <= 3.1.77 Vulnerability Details: Name: Newsletter, SMTP, Email marketing and Subscribe forms…

Read More

wpDataTables Vulnerability – Missing Authorization to DataTable Access & Modification – CVE-2024-3821 | WordPress Plugin Vulnerability Report

Plugin Name: wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin Key Information: Software Type: Plugin Software Slug: wpdatatables Software Status: Active Software Author: wpdatatables Software Downloads: 1,479,590 Active Installs: 70,000 Last Updated: June 12, 2024 Patched Versions: 6.4 Affected Versions: <= 6.3.2 Vulnerability Details: Name: wpDataTables – Tables & Table Charts (Premium)…

Read More

Advanced Ads Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Ad Widget – CVE-2024-3952 | WordPress Plugin Vulnerability Report

Plugin Name: Advanced Ads Key Information: Software Type: Plugin Software Slug: advanced-ads Software Status: Active Software Author: monetizemore Software Downloads: 9,195,831 Active Installs: 100,000 Last Updated: May 7, 2024 Patched Versions: 1.52.2 Affected Versions: <= 1.52.1 Vulnerability Details: Name: Advanced Ads – Ad Manager & AdSense <= 1.52.1 – Authenticated (Contributor+) Stored Cross-Site Scripting via…

Read More

WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels Vulnerability – Missing Authorization to Unauthenticated Settings Reset – CVE-2024-3216 | WordPress Plugin Vulnerability Report

Plugin Name: WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels Key Information: Software Type: Plugin Software Slug: print-invoices-packing-slip-labels-for-woocommerce Software Status: Active Software Author: webtoffee Software Downloads: 1,383,697 Active Installs: 50,000 Last Updated: April 8, 2024 Patched Versions: 4.4.3 Affected Versions: <= 4.4.2 Vulnerability Details: Name: WooCommerce PDF Invoices, Packing Slips, Delivery Notes and…

Read More

List category posts Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-1051 | WordPress Plugin Vulnerability Report

Plugin Name: List category posts Key Information: Software Type: Plugin Software Slug: list-category-posts Software Status: Active Software Author: fernandobt Software Downloads: 3,812,968 Active Installs: 100,000 Last Updated: March 29, 2024 Patched Versions: 0.89.7 Affected Versions: <= 0.89.6 Vulnerability Details: Name: List category posts <= 0.89.6 – Authenticated (Contributor+) Stored Cross-Site Scripting Type: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) CVE: CVE-2024-1051 CVSS Score: 6.4 (Medium)…

Read More

HT Mega Vulnerability – Absolute Addons For Elementor – Authenticated Stored Cross-Site Scripting via Post Carousel Widget – CVE-2024-1421 | WordPress Plugin Vulnerability Report

Plugin Name: HT Mega – Absolute Addons For Elementor Key Information: Software Type: Plugin Software Slug: ht-mega-for-elementor Software Status: Active Software Author: devitemsllc Software Downloads: 3,603,212 Active Installs: 100,000 Last Updated: March 13, 2024 Patched Versions: 2.4.5 Affected Versions: <= 2.4.4 Vulnerability Details: Name: HT Mega – Absolute Addons For Elementor <= 2.4.4 Title: Authenticated…

Read More

Migration, Backup, Staging Vulnerability– WPvivid – Missing Authorization – CVE-2024-1982 | WordPress Plugin Vulnerability Report 

Plugin Name: Migration, Backup, Staging – WPvivid Key Information: Software Type: Plugin Software Slug: wpvivid-backuprestore Software Status: Active Software Author: wpvividplugins Software Downloads: 6,465,323 Active Installs: 400,000 Last Updated: February 28, 2024 Patched Versions: 0.9.69 Affected Versions: <= 0.9.68 Vulnerability Details: Name: WPvivid Backup and Migration <= 0.9.68 Title: Missing Authorization Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L CVE: CVE-2024-1982…

Read More

 Orbit Fox by ThemeIsle Vulnerability- Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-1323 | WordPress Plugin Vulnerability Report

Plugin Name: Orbit Fox by ThemeIsle Key Information: Software Type: Plugin Software Slug: themeisle-companion Software Status: Active Software Author: themeisle Software Downloads: 11,350,926 Active Installs: 200,000 Last Updated: February 27, 2024 Patched Versions: 2.10.32 Affected Versions: <= 2.10.31 Vulnerability Details: Name: Orbit Fox by ThemeIsle <= 2.10.30 Title: Authenticated (Contributor+) Stored Cross-Site Scripting Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N…

Read More