wordpress plugins
Mesmerize Companion Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via mesmerize_contact_form Shortcode – CVE-2024-3494 | WordPress Plugin Vulnerability Report
Plugin Name: Mesmerize Companion Key Information: Software Type: Plugin Software Slug: mesmerize-companion Software Status: Active Software Author: horearadu Software Downloads: 1,857,988 Active Installs: 80,000 Last Updated: May 7, 2024 Patched Versions: 1.6.149 Affected Versions: <= 1.6.148 Vulnerability Details: Name: Mesmerize Companion <= 1.6.148 – Authenticated (Contributor+) Stored Cross-Site Scripting via mesmerize_contact_form Shortcode Type: Improper Neutralization…
Read More
Custom Field Suite Vulnerability – Authenticated (Admin+) Stored Cross-Site Scripting – CVE-2024-3068 | WordPress Plugin Vulnerability Report
Plugin Name: Custom Field Suite Key Information: Software Type: Plugin Software Slug: custom-field-suite Software Status: Active Software Author: mgibbs189 Software Downloads: 629,966 Active Installs: 50,000 Last Updated: May 7, 2024 Patched Versions: 2.6.6 Affected Versions: <= 2.6.5 Vulnerability Details: Name: Custom Field Suite <= 2.6.5 – Authenticated (Admin+) Stored Cross-Site Scripting Type: Improper Neutralization of…
Read More
Image Hover Effects Vulnerability – Authenticated(Contributor+) DOM-based Stored Cross-Site Scripting via Image Hover Effects Widget – CVE-2024-1166 | WordPress Plugin Vulnerability Report
Plugin Name: Image Hover Effects Key Information: Software Type: Plugin Software Slug: image-hover-effects-addon-for-elementor Software Status: Active Software Author: blocksera Software Downloads: 583,781 Active Installs: 50,000 Last Updated: May 6, 2024 Patched Versions: 1.4.2 Affected Versions: <= 1.4.1 Vulnerability Details: Name: Image Hover Effects – Elementor Addon <= 1.4.1 – Authenticated(Contributor+) DOM-based Stored Cross-Site Scripting via…
Read More
3D FlipBook Vulnerability – Authenticated (Author+) Stored Cross-Site Scripting via Bookmark URL – CVE-2024-3883 | WordPress Plugin Vulnerability Report
Plugin Name: 3D FlipBook Key Information: Software Type: Plugin Software Slug: interactive-3d-flipbook-powered-physics-engine Software Status: Active Software Author: iberezansky Software Downloads: 1,595,226 Active Installs: 70,000 Last Updated: May 1, 2024 Patched Versions: 1.15.5 Affected Versions: <= 1.15.4 Vulnerability Details: Name: 3D FlipBook <= 1.15.4 – Authenticated (Author+) Stored Cross-Site Scritping via Bookmark URL Type: Improper Neutralization…
Read More
Contact Form by WPForms Vulnerability – Unauthenticated Price Manipulation – CVE-2024-3649 | WordPress Plugin Vulnerability Report
Plugin Name: Contact Form by WPForms Key Information: Software Type: Plugin Software Slug: wpforms-lite Software Status: Active Software Author: smub Software Downloads: 201,516,943 Active Installs: 5,000,000 Last Updated: May 1, 2024 Patched Versions: 1.8.8.2 Affected Versions: <= 1.8.7.2 Vulnerability Details: Name: Contact Form by WPForms – Drag & Drop Form Builder for WordPress <= 1.8.7.2…
Read More
Supreme Modules Lite Vulnerability – Authenticated (Contributor+) DOM-Based Cross-Site Scripting – CVE-2024-4334 | WordPress Plugin Vulnerability Report
Plugin Name: Supreme Modules Lite Key Information: Software Type: Plugin Software Slug: supreme-modules-for-divi Software Status: Active Software Author: divisupreme Software Downloads: 2,191,354 Active Installs: 200,000 Last Updated: May 1, 2024 Patched Versions: 2.5.4 Affected Versions: <= 2.5.3 Vulnerability Details: Name: Supreme Modules Lite – Divi Theme, Extra Theme and Divi Builder <= 2.5.3 – Authenticated…
Read More
WordPress Plugin Vulnerability Report – WP Recipe Maker – Authenticated (Contributor+) Stored Cross-Site Scripting via wprm-recipe-roundup-item Shortcode – CVE-2024-3490 | WordPress Vulnerability Report
Plugin Name: WP Recipe Maker Key Information: Software Type: Plugin Software Slug: wp-recipe-maker Software Status: Active Software Author: brechtvds Software Downloads: 2,782,126 Active Installs: 50,000 Last Updated: May 1, 2024 Patched Versions: 9.4.0 Affected Versions: <= 9.3.1 Vulnerability Details: Name: WP Recipe Maker <= 9.3.1 – Authenticated (Contributor+) Stored Cross-Site Scripting via wprm-recipe-roundup-item Shortcode Type:…
Read More
Qi Addons For Elementor Vulnerability – Authenticated Stored Cross-Site Scripting via Countdown Widget – CVE-2024-3309 | WordPress Plugin Vulnerability Report
Plugin Name: Qi Addons For Elementor Key Information: Software Type: Plugin Software Slug: qi-addons-for-elementor Software Status: Active Software Author: qodeinteractive Software Downloads: 1,882,207 Active Installs: 200,000 Last Updated: May 10, 2024 Patched Versions: 1.7.1 Affected Versions: <= 1.7.0 Vulnerability Details: Name: Qi Addons For Elementor <= 1.7.0 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown…
Read More
Cornerstone Vulnerability – Reflected Cross-Site Scripting – CVE-2024-28002 | WordPress Plugin Vulnerability Report
Plugin Name: Cornerstone Key Information: Software Type: Plugin Software Slug: cornerstone Software Status: Active Software Author: archetyped Software Downloads: 57,853 Active Installs: 60,000 Last Updated: May 10, 2024 Patched Versions: 0.8.1 Affected Versions: <= 0.8.0 Vulnerability Details: Name: Cornerstone <= 0.8.0 Title: Reflected Cross-Site Scripting (XSS) Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE: CVE-2024-28002 CVSS Score: 6.1 Publicly Published:…
Read More
Blog2Social: Social Media Auto Post & Scheduler Vulnerability – Information Exposure – CVE-2024-3678 | WordPress Plugin Vulnerability Report
Plugin Name: Blog2Social: Social Media Auto Post & Scheduler Key Information: Software Type: Plugin Software Slug: blog2social Software Status: Active Software Author: pr-gateway Software Downloads: 3,487,933 Active Installs: 60,000 Last Updated: May 10, 2024 Patched Versions: 7.5.0 Affected Versions: <= 7.4.2 Vulnerability Details: Name: Blog2Social: Social Media Auto Post & Scheduler <= 7.4.2 Title: Information…
Read More