LiteSpeed Cache Vulnerability – Unauthenticated Sensitive Information Exposure via Log Files – CVE-2024-44000 | WordPress Plugin Vulnerability Report

Plugin Name: LiteSpeed Cache Key Information: Software Type: Plugin Software Slug: litespeed-cache Software Status: Active Software Author: litespeedtech Software Downloads: 79,208,611 Active Installs: 6,000,000 Last Updated: September 6, 2024 Patched Versions: 6.5.0.1 Affected Versions: <= 6.4.1 Vulnerability Details: Name: LiteSpeed Cache <= 6.4.1 Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE: CVE-2024-44000 CVSS Score: 7.5 Publicly Published: September 5, 2024…

Read More

LiteSpeed Cache Vulnerability – Unauthenticated Privilege Escalation – CVE-2024-28000 | WordPress Plugin Vulnerability Report

Plugin Name: LiteSpeed Cache Key Information: Software Type: Plugin Software Slug: litespeed-cache Software Status: Active Software Author: litespeedtech Software Downloads: 75,818,864 Active Installs: 5,000,000 Last Updated: August 21, 2024 Patched Versions: 6.4 Affected Versions: <= 6.3.0.1 Vulnerability Details: Name: LiteSpeed Cache <= 6.3.0.1 Title: Unauthenticated Privilege Escalation Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE: CVE-2024-28000 CVSS Score: 9.8 Publicly…

Read More

String Locator Vulnerability – Reflected Cross-Site Scripting – CVE-2023-6987 | WordPress Plugin Vulnerability Report

Plugin Name: String Locator Key Information: Software Type: Plugin Software Slug: string-locator Software Status: Active Software Author: instawp Software Downloads: 1,093,003 Active Installs: 100,000 Last Updated: August 23, 2024 Patched Versions: 2.6.6 Affected Versions: <= 2.6.5 Vulnerability Details: Name: String Locator <= 2.6.5 Title: Reflected Cross-Site Scripting Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE: CVE-2023-6987 CVSS Score: 6.1 Publicly…

Read More

Custom Permalinks Vulnerability – Authenticated (Editor+) Stored Cross-Site Scripting – CVE-2023-0926 | WordPress Plugin Vulnerability Report

Plugin Name: Custom Permalinks Key Information: Software Type: Plugin Software Slug: custom-permalinks Software Status: Active Software Author: sasiddiqui Software Downloads: 2,177,680 Active Installs: 100,000 Last Updated: August 23, 2024 Patched Versions: 2.7.0 Affected Versions: <= 2.6.0 Vulnerability Details: Name: Custom Permalinks <= 2.6.0 Title: Authenticated (Editor+) Stored Cross-Site Scripting Type: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N CVE: CVE-2023-0926 CVSS Score:…

Read More

WordPress Button Plugin MaxButtons Vulnerability – Full Path Disclosure – CVE-2024-6499 | WordPress Plugin Vulnerability Report

Plugin Name: WordPress Button Plugin MaxButtons Key Information: Software Type: Plugin Software Slug: maxbuttons Software Status: Active Software Author: maxfoundry Software Downloads: 4,784,085 Active Installs: 100,000 Last Updated: August 23, 2024 Patched Versions: 9.8.0 Affected Versions: <= 9.7.8 Vulnerability Details: Name: WordPress Button Plugin MaxButtons <= 9.7.8 Title: Full Path Disclosure Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE: CVE-2024-6499…

Read More

Responsive Lightbox & Gallery Vulnerability – Authenticated (Author+) Stored Cross-Site Scripting via File Upload – CVE-2024-6870 | WordPress Plugin Vulnerability Report

Plugin Name: Responsive Lightbox & Gallery Key Information: Software Type: Plugin Software Slug: responsive-lightbox Software Status: Active Software Author: dfactory Software Downloads: 5,285,709 Active Installs: 200,000 Last Updated: August 23, 2024 Patched Versions: 2.4.8 Affected Versions: <= 2.4.7 Vulnerability Details: Name: Responsive Lightbox & Gallery <= 2.4.7 Title: Authenticated (Author+) Stored Cross-Site Scripting via File…

Read More

Orbit Fox by ThemeIsle Vulnerability – Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload – CVE-2024-7778 | WordPress Plugin Vulnerability Report

Plugin Name: Orbit Fox by ThemeIsle Key Information: Software Type: Plugin Software Slug: themeisle-companion Software Status: Active Software Author: themeisle Software Downloads: 11,901,676 Active Installs: 200,000 Last Updated: August 23, 2024 Patched Versions: 2.10.37 Affected Versions: <= 2.10.36 Vulnerability Details: Name: Orbit Fox by ThemeIsle <= 2.10.36 Title: Authenticated (Author+) Stored Cross-Site Scripting via SVG…

Read More

Relevanssi – A Better Search Vulnerability – Unauthenticated Information Exposure – CVE-2024-7630 | WordPress Plugin Vulnerability Report

Plugin Name: Relevanssi – A Better Search Key Information: Software Type: Plugin Software Slug: relevanssi Software Status: Active Software Author: msaari Software Downloads: 6,627,696 Active Installs: 100,000 Last Updated: August 18, 2024 Patched Versions: 4.23.0 Affected Versions: <= 4.22.2 Vulnerability Details: Name: Relevanssi <= 4.22.2 Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE: CVE-2024-7630 CVSS Score: 5.3 Publicly Published: August…

Read More

ElementsKit Pro Vulnerability – Authenticated Sensitive Information Exposure & Stored Cross-Site Scripting – CVE-2024-7063, CVE-2024-7064 | WordPress Plugin Vulnerability Report

Plugin Name: ElementsKit Pro Key Information: Software Type: Plugin Software Slug: elementskit Software Status: Active Software Author: wpmet Software Downloads: NA Active Installs: 104,000 Last Updated: July 24, 2024 Patched Versions: 3.6.6, 3.6.7 Affected Versions: <= 3.6.6, <= 3.6.5 Vulnerability 1 Details: Name: ElementsKit Pro <= 3.6.6 Title: Authenticated (Contributor+) Sensitive Information Exposure Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N…

Read More