WordPress plugin

 Orbit Fox by ThemeIsle Vulnerability- Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-1323 | WordPress Plugin Vulnerability Report

By Your WP Guy / Feb 26, 2024

Plugin Name: Orbit Fox by ThemeIsle Key Information: Software Type: Plugin Software Slug: themeisle-companion Software Status: Active Software Author: themeisle Software Downloads: 11,350,926 Active Installs: 200,000 Last Updated: February 27, 2024 Patched Versions: 2.10.32 Affected Versions: <= 2.10.31 Vulnerability Details: Name: Orbit Fox by ThemeIsle <= 2.10.30 Title: Authenticated (Contributor+) Stored Cross-Site Scripting Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N…

Read More

Enhanced Text Widget Vulnerability – Authenticated (Administrator+) Stored Cross-Site Scripting – CVE-2024-0559 | WordPress Plugin Vulnerability Report

By Your WP Guy / Feb 20, 2024

Plugin Name: Enhanced Text Widget Key Information: Software Type: Plugin Software Slug: enhanced-text-widget Software Status: Active Software Author: cl272 Software Downloads: 773,012 Active Installs: 50,000 Last Updated: February 20, 2024 Patched Versions: 1.6.6 Affected Versions: <= 1.6.5 Vulnerability Details: Name: Enhanced Text Widget <= 1.6.5 – Authenticated (Administrator+) Stored Cross-Site Scripting Title: Authenticated (Administrator+) Stored Cross-Site Scripting Type: Improper Neutralization of Input During Web Page Generation (‘Cross-site…

Read More

wpDataTables Vulnerability – Reflected Cross-Site Scripting – CVE-2024-0591 | WordPress Plugin Vulnerability Report

By Your WP Guy / Feb 20, 2024

Plugin Name: wpDataTables Key Information: Software Type: Plugin Software Slug: wpdatatables Software Status: Active Software Author: wpdatatables Software Downloads: 1,303,680 Active Installs: 70,000 Last Updated: February 20, 2024 Patched Versions: 3.4.2.5 Affected Versions: <= 3.4.2.4 Vulnerability Details: Name: wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin <= 3.4.2.2 – Reflected Cross-Site Scripting. Title: Reflected Cross-Site Scripting Type: Improper Neutralization of Input During Web Page…

Read More

Advanced Database Cleaner Vulnerability – Authenticated(Administrator+) PHP Object Injection via process_bulk_action – CVE-2024-0668 | WordPress Plugin Vulnerability Report

By Your WP Guy / Jan 24, 2024

Plugin Name: Advanced Database Cleaner Key Information: Software Type: Plugin Software Slug: advanced-database-cleaner Software Status: Active Software Author: symptote Software Downloads: 1,283,477 Active Installs: 100,000 Last Updated: January 24, 2024 Patched Versions: 3.1.4 Affected Versions: <= 3.1.3 Vulnerability Details: Name: Advanced Database Cleaner <= 3.1.3 – Authenticated(Administrator+) PHP Object Injection via process_bulk_action Title: Authenticated(Administrator+) PHP Object Injection via process_bulk_action Type: Deserialization of Untrusted Data CVE: CVE-2024-0668 CVSS Score: 6.6…

Read More

WordPress Button Plugin MaxButtons Vulnerability – Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode – CVE-2023-7029 | WordPress Plugin Vulnerability Report

By Your WP Guy / Jan 23, 2024

Plugin Name: WordPress Button Plugin MaxButtons Key Information: Software Type: Plugin Software Slug: maxbuttons Software Status: Active Software Author: maxfoundry Software Downloads: 4,681,976 Active Installs: 100,000 Last Updated: January 23, 2024 Patched Versions: 9.7.7 Affected Versions: <= 9.7.6 Vulnerability Details: Name: WordPress Button Plugin MaxButtons <= 9.7.6 – Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode Title:…

Read More

WP Go Maps Vulnerability – Reflected Cross-Site Scripting – CVE-2023-6697 | WordPress Plugin Vulnerability Report

By Your WP Guy / Jan 23, 2024

Plugin Name: WP Go Maps (formerly WP Google Maps) Key Information: Software Type: Plugin Software Slug: wp-google-maps Software Status: Active Software Author: wpgmaps Software Downloads: 22,527,179 Active Installs: 400,000 Last Updated: January 23, 2024 Patched Versions: 9.0.29 Affected Versions: <= 9.0.28 Vulnerability Details: Name: WP Go Maps (formerly WP Google Maps) <= 9.0.28 – Reflected Cross-Site Scripting Type: Improper Neutralization of Input During Web Page Generation…

Read More

Ninja Tables Vulnerability – Missing Authorization – CVE-2024-23504 | WordPress Plugin Vulnerability Report

By Your WP Guy / Jan 19, 2024

Plugin Name: Ninja Tables Key Information: Software Type: Plugin Software Slug: ninja-tables Software Status: Active Software Author: techjewel Software Downloads: 1,636,926 Active Installs: 80,000 Last Updated: January 19, 2024 Patched Versions: 5.0.6 Affected Versions: <= 5.0.5 Vulnerability Details: Name: Ninja Tables <= 5.0.5 – Missing Authorization Title: Missing Authorization Type: Missing Authorization CVE: CVE-2024-23504 CVSS Score: 5.3 (Medium) Publicly Published: January 19, 2024 Researcher: emad Description: The Ninja Tables plugin for WordPress…

Read More

Simple Membership Vulnerability – Open Redirect – CVE-2024-22308 | WordPress Plugin Vulnerability Report

By Your WP Guy / Jan 19, 2024

Plugin Name: Simple Membership Key Information: Software Type: Plugin Software Slug: simple-membership Software Status: Active Software Author: mra13 Software Downloads: 2,388,048 Active Installs: 50,000 Last Updated: January 19, 2024 Patched Versions: 4.4.2 Affected Versions: <= 4.4.1 Vulnerability Details: Name: Simple Membership <= 4.4.1 – Open Redirect Title: Open Redirect Type: URL Redirection to Untrusted Site (‘Open Redirect’) CVE: CVE-2024-22308 CVSS Score: 6.1 (Medium) Publicly Published: January 19, 2024 Researcher: Joshua Chan…

Read More

Happy Addons for Elementor Vulnerability – Reflected Cross-Site Scripting – CVE-2023-6632 | WordPress Plugin Vulnerability Report

By Your WP Guy / Jan 5, 2024

Plugin Name: Happy Addons for Elementor Key Information: Software Type: Plugin Software Slug: happy-elementor-addons Software Status: Active Software Author: thehappymonster Software Downloads: 5,728,647 Active Installs: 400,000 Last Updated: January 5, 2024 Patched Versions: 3.10.0 Affected Versions: <= 3.9.1.1 Vulnerability Details: Name: Happy Addons for Elementor <= 3.9.1.1 – Reflected Cross-Site Scripting Title: Reflected Cross-Site Scripting Type: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) CVE: CVE-2023-6632…

Read More

Pagelayer Vulnerability – Authenticated(Contributor+) Stored Cross-Site Scripting via meta fields – CVE-2023-6738 | WordPress Plugin Vulnerability Report

By Your WP Guy / Jan 3, 2024

Plugin Name: Pagelayer Key Information: Software Type: Plugin Software Slug: pagelayer Software Status: Active Software Author: softaculous Software Downloads: 5,480,305 Active Installs: 200,000 Last Updated: January 3, 2024 Patched Versions: 1.7.9 Affected Versions: <= 1.7.8 Vulnerability Details: Name: PageLayer <= 1.7.8 – Authenticated(Contributor+) Stored Cross-Site Scripting via meta fields Title: Authenticated(Contributor+) Stored Cross-Site Scripting via meta fields Type: Improper Input Validation CVE: CVE-2023-6738 CVSS Score: 5.4 (Medium) Publicly Published: January…

Read More