Ninja Tables Vulnerability – Missing Authorization – CVE-2024-23504 | WordPress Plugin Vulnerability Report

Plugin Name: Ninja Tables Key Information: Software Type: Plugin Software Slug: ninja-tables Software Status: Active Software Author: techjewel Software Downloads: 1,636,926 Active Installs: 80,000 Last Updated: January 19, 2024 Patched Versions: 5.0.6 Affected Versions: <= 5.0.5 Vulnerability Details: Name: Ninja Tables <= 5.0.5 – Missing Authorization Title: Missing Authorization Type: Missing Authorization CVE: CVE-2024-23504 CVSS Score: 5.3 (Medium) Publicly Published: January 19, 2024 Researcher: emad Description: The Ninja Tables plugin for WordPress…

Read More

Simple Membership Vulnerability – Open Redirect – CVE-2024-22308 | WordPress Plugin Vulnerability Report

Plugin Name: Simple Membership Key Information: Software Type: Plugin Software Slug: simple-membership Software Status: Active Software Author: mra13 Software Downloads: 2,388,048 Active Installs: 50,000 Last Updated: January 19, 2024 Patched Versions: 4.4.2 Affected Versions: <= 4.4.1 Vulnerability Details: Name: Simple Membership <= 4.4.1 – Open Redirect Title: Open Redirect Type: URL Redirection to Untrusted Site (‘Open Redirect’) CVE: CVE-2024-22308 CVSS Score: 6.1 (Medium) Publicly Published: January 19, 2024 Researcher: Joshua Chan…

Read More

Happy Addons for Elementor Vulnerability – Reflected Cross-Site Scripting – CVE-2023-6632 | WordPress Plugin Vulnerability Report

Plugin Name: Happy Addons for Elementor Key Information: Software Type: Plugin Software Slug: happy-elementor-addons Software Status: Active Software Author: thehappymonster Software Downloads: 5,728,647 Active Installs: 400,000 Last Updated: January 5, 2024 Patched Versions: 3.10.0 Affected Versions: <= 3.9.1.1 Vulnerability Details: Name: Happy Addons for Elementor <= 3.9.1.1 – Reflected Cross-Site Scripting Title: Reflected Cross-Site Scripting Type: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) CVE: CVE-2023-6632…

Read More

Pagelayer Vulnerability – Authenticated(Contributor+) Stored Cross-Site Scripting via meta fields – CVE-2023-6738 | WordPress Plugin Vulnerability Report

Plugin Name: Pagelayer Key Information: Software Type: Plugin Software Slug: pagelayer Software Status: Active Software Author: softaculous Software Downloads: 5,480,305 Active Installs: 200,000 Last Updated: January 3, 2024 Patched Versions: 1.7.9 Affected Versions: <= 1.7.8 Vulnerability Details: Name: PageLayer <= 1.7.8 – Authenticated(Contributor+) Stored Cross-Site Scripting via meta fields Title: Authenticated(Contributor+) Stored Cross-Site Scripting via meta fields Type: Improper Input Validation CVE: CVE-2023-6738 CVSS Score: 5.4 (Medium) Publicly Published: January…

Read More

SpeedyCache Vulnerability – Missing Authorization to Plugin Options Update – CVE-2023-6598 | WordPress Plugin Vulnerability Report

Plugin Name: SpeedyCache Key Information: Software Type: Plugin Software Slug: speedycache Software Status: Active Software Author: softaculous Software Downloads: 861,450 Active Installs: 100,000 Last Updated: December 16, 2023 Patched Versions: 1.1.4 Affected Versions: <= 1.1.3 Vulnerability Details: Name: SpeedyCache <= 1.1.3 – Missing Authorization to Plugin Options Update Type: Missing Authorization CVE: CVE-2023-6598 CVSS Score: 4.3 (Medium) Publicly Published: December 16, 2023 Researcher: Lucio Sá Description: The SpeedyCache plugin for WordPress…

Read More

WordPress Plugin Vulnerability Report – Manage Notification E-mails – Missing Authorization – CVE-2023-6496

Plugin Name: Manage Notification E-mails Key Information: Software Type: Plugin Software Slug: manage-notification-emails Software Status: Active Software Author: virgial Software Downloads: 612,816 Active Installs: 100,000 Last Updated: December 8, 2023 Patched Versions: 1.8.6 Affected Versions: <= 1.8.5 Vulnerability Details: Name: Manage Notification E-mails <= 1.8.5 – Missing Authorization Title: Missing Authorization Type: Improper Authorization CVE: CVE-2023-6496 CVSS Score: 5.3 (Medium) Publicly Published: December 8, 2023 Researcher: Rafshanzani Suhada Description: The Manage Notification…

Read More

WordPress Plugin Vulnerability Report – wpDiscuz – Authenticated (Administrator+) Stored Cross-Site Scripting

Plugin Name: wpDiscuz Key Information: Software Type: Plugin Software Slug: wpdiscuz Software Status: Active Software Author: advancedcoding Software Downloads: 3,042,036 Active Installs: 80,000 Last Updated: November 17, 2023 Patched Versions: 7.6.13 Affected Versions: <= 7.6.12 Vulnerability Details: Name: wpDiscuz <= 7.6.12 – Authenticated (Administrator+) Stored Cross-Site Scripting Title: Authenticated (Administrator+) Stored Cross-Site Scripting Type: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) CVSS Score: 4.4 (Medium)…

Read More

WordPress Plugin Vulnerability Report – Icegram Express – Email Marketing, Newsletters and Automation for WordPress & WooCommerce – Authenticated Directory Traversal – CVE-2023-5414

Plugin Name: Icegram Express – Email Marketing, Newsletters and Automation for WordPress & WooCommerce Key Information: Software Type: Plugin Software Slug: email-subscribers Software Status: Active Software Author: icegram Software Downloads: 9,788,187 Active Installs: 100,000 Last Updated: October 11, 2023 Patched Versions: 5.6.24 Affected Versions: <= 5.6.23 Vulnerability Details: Name: Icegram Express <= 5.6.23 – Authenticated (Administrator+) Directory Traversal to Arbitrary File Read Type: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H CVE: CVE-2023-5414 CVSS…

Read More

WordPress Plugin Vulnerability Report – Ad Inserter – Unauthenticated Sensitive Information Exposure – CVE-2023-4668, CVE-2023-4645

Plugin Name: Ad Inserter Key Information: Software Type: Plugin Software Slug: ad-inserter Software Status: Active Software Author: Spacetime Software Downloads: 13,908,300 Active Installs: 300,000 Last Updated: September 22, 2023 Patched Versions: 2.7.31 Affected Versions: 2.7.30 Vulnerability Details: Name: Ad Inserter <= 2.7.30 – Unauthenticated Sensitive Information Exposure via ai-debug-processing-fe Type: Missing Authorization CVE: CVE-2023-4668 CVSS…

Read More

WordPress Plugin Vulnerability Report – Essential Addons for Elementor – Authenticated (Contributor+) Privilege Escalation

Plugin Name: Essential Addons for Elementor Key Information: Software Type: Plugin Software Slug: essential-addons-for-elementor-lite Software Status: Active Software Author: wpdevteam Software Downloads: 55,164,924 Active Installs: 1,000,000 Last Updated: September 14, 2023 Patched Versions: 5.8.9 Affected Versions: <=5.8.8 Vulnerability Details: Name: Essential Addons for Elementor <= 5.8.8 – Authenticated (Contributor+) Privilege Escalation Type: Missing Authorization CVSS…

Read More