Royal Elementor Addons and Templates Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting, Authenticated (Author+) Stored Cross-Site Scripting via SVG Uploads – CVE-2024-4488, CVE-2024-4489 | WordPress Plugin Vulnerability Report

Plugin Name: Royal Elementor Addons and Templates Key Information: Software Type: Plugin Software Slug: royal-elementor-addons Software Status: Active Software Author: wproyal Software Downloads: 5,750,699 Active Installs: 300,000 Last Updated: June 19, 2024 Patched Versions: 1.3.977 Affected Versions: <= 1.3.976 Vulnerability 1 Details: Name: Royal Elementor Addons and Templates <= 1.3.976 Title: Authenticated (Contributor+) Stored Cross-Site…

Read More

EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via EmbedPress PDF Widget – CVE-2024-5571 | WordPress Plugin Vulnerability Report

Plugin Name: EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor Key Information: Software Type: Plugin Software Slug: embedpress Software Status: Active Software Author: wpdevteam Software Downloads: 2,721,459 Active Installs: 90,000 Last Updated: June 18, 2024 Patched Versions:4.0.2 Affected Versions: <= 4.0.1 Vulnerability…

Read More

Newsletter Vulnerability – Unauthenticated Stored Cross-Site Scripting via np1 – CVE-2024-5317 | WordPress Plugin Vulnerability Report

Plugin Name: Newsletter – Send awesome emails from WordPress Key Information: Software Type: Plugin Software Slug: newsletter Software Status: Active Software Author: satollo Software Downloads: 25,847,810 Active Installs: 300,000 Last Updated: June 18, 2024 Patched Versions: 8.3.5 Affected Versions: <= 8.3.4 Vulnerability Details: Name: Newsletter <= 8.3.4 Title: Unauthenticated Stored Cross-Site Scripting via np1 Type:…

Read More

Shield Security – Smart Bot Blocking & Intrusion Prevention Security Vulnerability – Cross-Site Request Forgery – CVE-2024-4344 | WordPress Plugin Vulnerability Report

Plugin Name: Shield Security – Smart Bot Blocking & Intrusion Prevention Security Key Information: Software Type: Plugin Software Slug: wp-simple-firewall Software Status: Active Software Author: paultgoodchild Software Downloads: 11,891,211 Active Installs: 50,000 Last Updated: June 12, 2024 Patched Versions: 19.1.11 Affected Versions: <= 19.1.10 Vulnerability Details: Name: Shield Security – Smart Bot Blocking & Intrusion…

Read More

Page Builder Gutenberg Blocks – CoBlocks Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Social Profiles – CVE-2024-2933 | WordPress Plugin Vulnerability Report

Plugin Name: Page Builder Gutenberg Blocks – CoBlocks Key Information: Software Type: Plugin Software Slug: coblocks Software Status: Active Software Author: GoDaddy Software Downloads: 21,200,695 Active Installs: 400,000 Last Updated: June 12, 2024 Patched Versions: 3.1.10 Affected Versions: <= 3.1.9 Vulnerability Details: Name: Page Builder Gutenberg Blocks – CoBlocks <= 3.1.9 Title: Authenticated (Contributor+) Stored…

Read More

WordPress Infinite Scroll – Ajax Load More Vulnerability – Authenticated (Contributor+) Cross-Site Scripting – CVE-2024-4711 | WordPress Plugin Vulnerability Report

Plugin Name: WordPress Infinite Scroll – Ajax Load More Key Information: Software Type: Plugin Software Slug: ajax-load-more Software Status: Active Software Author: connekthq Software Downloads: 1,937,345 Active Installs: 50,000 Last Updated: June 12, 2024 Patched Versions: 7.1.2 Affected Versions: <= 7.1.1 Vulnerability Details: Name: WordPress Infinite Scroll – Ajax Load More <= 7.1.1 Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N…

Read More

YITH WooCommerce Wishlist Vulnerability – Authenticated (Admin+) Stored Cross-Site Scripting – CVE-2024-34385 | WordPress Plugin Vulnerability Report

Plugin Name: YITH WooCommerce Wishlist Key Information: Software Type: Plugin Software Slug: yith-woocommerce-wishlist Software Status: Active Software Author: yithemes Software Downloads: 25,691,780 Active Installs: 900,000 Last Updated: June 11, 2024 Patched Versions: 3.33.0 Affected Versions: <= 3.32.0 Vulnerability Details: Name: YITH WooCommerce Wishlist <= 3.32.0 Title: Authenticated (Admin+) Stored Cross-Site Scripting Type: CVE: CVE-2024-34385 CVSS…

Read More

WP STAGING WordPress Backup Plugin – Migration Backup Restore Vulnerability – Authenticated (Admin+) Arbitrary File Upload – CVE-2024-3412 | WordPress Plugin Vulnerability Report

Plugin Name: WP STAGING WordPress Backup Plugin – Migration Backup Restore Key Information: Software Type: Plugin Software Slug: wp-staging Software Status: Active Software Author: renehermi Software Downloads: 3,261,328 Active Installs: 100,000 Last Updated: June 11, 2024 Patched Versions: <= 3.4.3 Affected Versions: 3.5.0 Vulnerability Details: Name: WP STAGING WordPress Backup Plugin – Migration Backup Restore…

Read More

Popup Builder by OptinMonster Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-4045 | WordPress Plugin Vulnerability Report

Plugin Name: Popup Builder by OptinMonster – WordPress Popups for Optins, Email Newsletters and Lead Generation Key Information: Software Type: Plugin Software Slug: optinmonster Software Status: Active Software Author: optinmonster Software Downloads: 105,301,858 Active Installs: 1,000,000 Last Updated: June 11, 2024 Patched Versions: <= 2.16.1 Affected Versions: 2.16.2 Vulnerability Details: Name: Popup Builder by OptinMonster…

Read More

The Events Calendar Vulnerability – Missing Authorization to Authenticated (Contributor+) Arbitrary Events Access – CVE-2024-1295 | WordPress Plugin Vulnerability Report

Plugin Name: The Events Calendar Key Information: Software Type: Plugin Software Slug: the-events-calendar Software Status: Active Software Author: theeventscalendar Software Downloads: 57,657,454 Active Installs: 700,000 Last Updated: June 11, 2024 Patched Versions: <= 6.4.0 Affected Versions: 6.4.0.1 Vulnerability Details: Name: The Events Calendar Free & Pro <= 6.4.0 Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE: CVE-2024-1295 CVSS Score: 4.3…

Read More