LiteSpeed Cache Vulnerability – Unauthenticated Sensitive Information Exposure via Log Files – CVE-2024-44000 | WordPress Plugin Vulnerability Report

Plugin Name: LiteSpeed Cache Key Information: Software Type: Plugin Software Slug: litespeed-cache Software Status: Active Software Author: litespeedtech Software Downloads: 79,208,611 Active Installs: 6,000,000 Last Updated: September 6, 2024 Patched Versions: 6.5.0.1 Affected Versions: <= 6.4.1 Vulnerability Details: Name: LiteSpeed Cache <= 6.4.1 Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE: CVE-2024-44000 CVSS Score: 7.5 Publicly Published: September 5, 2024…

Read More

Elementor Addon Elements Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Parameters – CVE-2024-4401, CVE-2024-7122 | WordPress Plugin Vulnerability Report

Plugin Name: Elementor Addon Elements Key Information: Software Type: Plugin Software Slug: addon-elements-for-elementor-page-builder Software Status: Active Software Author: webtechstreet Software Downloads: 2,783,086 Active Installs: 100,000 Last Updated: September 14, 2024 Patched Versions: 1.13.6, 1.13.7 Affected Versions: <= 1.13.5, <= 1.13.6 Vulnerability 1 Details: Name: Elementor Addon Elements <= 1.13.5 Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N CVE: CVE-2024-4401 CVSS Score:…

Read More

The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid Vulnerability – Authenticated (Contributor+) Information Disclosure – CVE-2024-7418 | WordPress Plugin Vulnerability Report

Plugin Name: The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid Key Information: Software Type: Plugin Software Slug: the-post-grid Software Status: Active Software Author: techlabpro1 Software Downloads: 2,131,603 Active Installs: 100,000 Last Updated: September 14, 2024 Patched Versions: 7.7.12 Affected Versions: <= 7.7.11 Vulnerability Details: Name: The Post Grid <= 7.7.11…

Read More

GiveWP – Donation Plugin and Fundraising Platform Vulnerability – Unauthenticated Full Path Disclosure – CVE-2024-6551 | WordPress Plugin Vulnerability Report

Plugin Name: GiveWP – Donation Plugin and Fundraising Platform Key Information: Software Type: Plugin Software Slug: give Software Status: Active Software Author: webdevmattcrom Software Downloads: 7,990,636 Active Installs: 100,000 Last Updated: September 14, 2024 Patched Versions: 3.16.0 Affected Versions: <= 3.15.1 Vulnerability Details: Name: GiveWP <= 3.15.1 Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE: CVE-2024-6551 CVSS Score: 5.3 Publicly…

Read More

Beaver Builder – WordPress Page Builder Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via type Parameter – CVE-2024-7895 | WordPress Plugin Vulnerability Report

Plugin Name: Beaver Builder – WordPress Page Builder Key Information: Software Type: Plugin Software Slug: beaver-builder-lite-version Software Status: Active Software Author: justinbusa Software Downloads: 10,741,953 Active Installs: 100,000 Last Updated: September 3, 2024 Patched Versions: 2.8.3.6 Affected Versions: <= 2.8.3.5 Vulnerability Details: Name: Beaver Builder (Lite Version) <= 2.8.3.5 Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N CVE: CVE-2024-7895 CVSS Score:…

Read More

Mollie Payments for WooCommerce Vulnerability – Unauthenticated Full Path Disclosure – CVE-2024-6448 | WordPress Plugin Vulnerability Report

Plugin Name: Mollie Payments for WooCommerce Key Information: Software Type: Plugin Software Slug: mollie-payments-for-woocommerce Software Status: Active Software Author: mollieintegration Software Downloads: 3,421,407 Active Installs: 100,000 Last Updated: August 27, 2024 Patched Versions: 7.8.0 Affected Versions: <= 7.7.0 Vulnerability Details: Name: Mollie Payments for WooCommerce <= 7.7.0 Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE: CVE-2024-6448 CVSS Score: 5.3 Publicly…

Read More

Jeg Elementor Kit Vulnerability – Authenticated (Author+) Stored Cross-Site Scripting via SVG File – CVE-2024-6804 | WordPress Plugin Vulnerability Report

Plugin Name: Jeg Elementor Kit Key Information: Software Type: Plugin Software Slug: jeg-elementor-kit Software Status: Active Software Author: jegtheme Software Downloads: 1,587,316 Active Installs: 200,000 Last Updated: September 14, 2024 Patched Versions: 2.6.8 Affected Versions: <= 2.6.7 Vulnerability Details: Name: Jeg Elementor Kit <= 2.6.7 Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N CVE: CVE-2024-6804 CVSS Score: 6.4 Publicly Published: August…

Read More

The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Testimonials Widget Settings – CVE-2024-5583 | WordPress Plugin Vulnerability Report

Plugin Name: The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce Key Information: Software Type: Plugin Software Slug: the-plus-addons-for-elementor-page-builder Software Status: Active Software Author: posimyththemes Software Downloads: 2,615,839 Active Installs: 100,000 Last Updated: August 21, 2024 Patched Versions: 5.6.3 Affected Versions: <= 5.6.2 Vulnerability Details: Name: The Plus Addons for…

Read More

LiteSpeed Cache Vulnerability – Unauthenticated Privilege Escalation – CVE-2024-28000 | WordPress Plugin Vulnerability Report

Plugin Name: LiteSpeed Cache Key Information: Software Type: Plugin Software Slug: litespeed-cache Software Status: Active Software Author: litespeedtech Software Downloads: 75,818,864 Active Installs: 5,000,000 Last Updated: August 21, 2024 Patched Versions: 6.4 Affected Versions: <= 6.3.0.1 Vulnerability Details: Name: LiteSpeed Cache <= 6.3.0.1 Title: Unauthenticated Privilege Escalation Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE: CVE-2024-28000 CVSS Score: 9.8 Publicly…

Read More

String Locator Vulnerability – Reflected Cross-Site Scripting – CVE-2023-6987 | WordPress Plugin Vulnerability Report

Plugin Name: String Locator Key Information: Software Type: Plugin Software Slug: string-locator Software Status: Active Software Author: instawp Software Downloads: 1,093,003 Active Installs: 100,000 Last Updated: August 23, 2024 Patched Versions: 2.6.6 Affected Versions: <= 2.6.5 Vulnerability Details: Name: String Locator <= 2.6.5 Title: Reflected Cross-Site Scripting Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE: CVE-2023-6987 CVSS Score: 6.1 Publicly…

Read More