wordpress security
Sydney Toolbox Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via aThemes: Portfolio Widget – CVE-2024-4473 | WordPress Plugin Vulnerability Report
Plugin Name: Sydney Toolbox Key Information: Software Type: Plugin Software Slug: sydney-toolbox Software Status: Active Software Author: athemes Software Downloads: 2,286,558 Active Installs: 80,000 Last Updated: May 13, 2024 Patched Versions: 1.32 Affected Versions: <= 1.31 Vulnerability Details: Name: Sydney Toolbox <= 1.31 – Authenticated (Contributor+) Stored Cross-Site Scripting via aThemes: Portfolio Widget Type: Improper…
Jetpack Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via wpvideo Shortcode – CVE-2024-4392 | WordPress Plugin Vulnerability Report
Plugin Name: Jetpack Key Information: Software Type: Plugin Software Slug: jetpack Software Status: Active Software Author: automattic Software Downloads: 407,764,904 Active Installs: 4,000,000 Last Updated: May 13, 2024 Patched Versions: 13.4 Affected Versions: <= 13.3.1 Vulnerability Details: Name: Jetpack – WP Security, Backup, Speed, & Growth <= 13.3.1 – Authenticated (Contributor+) Stored Cross-Site Scripting via…
WP Fastest Cache Vulnerability – Authenticated (Administrator+) Arbitrary File Deletion – CVE-2024-4347 | WordPress Plugin Vulnerability Report
Plugin Name: WP Fastest Cache Key Information: Software Type: Plugin Software Slug: wp-fastest-cache Software Status: Active Software Author: emrevona Software Downloads: 49,228,358 Active Installs: 1,000,000 Last Updated: May 10, 2024 Patched Versions: 1.2.7 Affected Versions: <= 1.2.6 Vulnerability Details: Name: WP Fastest Cache <= 1.2.6 – Authenticated (Administrator+) Arbitrary File Deletion Type: Improper Limitation of…
Beaver Builder Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via photo widget crop attribute – CVE-2024-4430 | WordPress Plugin Vulnerability Report
Plugin Name: Beaver Builder Key Information: Software Type: Plugin Software Slug: beaver-builder-lite-version Software Status: Active Software Author: justinbusa Software Downloads: 10,167,049 Active Installs: 100,000 Last Updated: May 10, 2024 Patched Versions: 2.8.1.3 Affected Versions: <= 2.8.1.2 Vulnerability Details: Name: Beaver Builder <= 2.8.1.2 – Authenticated (Contributor+) Stored Cross-Site Scripting via photo widget crop attribute Type:…
Blocksy Companion Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via SVG Uploads – CVE-2024-4487 | WordPress Plugin Vulnerability Report
Plugin Name: Blocksy Companion Key Information: Software Type: Plugin Software Slug: blocksy-companion Software Status: Active Software Author: creativethemeshq Software Downloads: 7,639,072 Active Installs: 200,000 Last Updated: May 10, 2024 Patched Versions: 2.0.46 Affected Versions: <= 2.0.45 Vulnerability Details: Name: Blocksy Companion <= 2.0.45 – Authenticated (Contributor+) Stored Cross-Site Scripting via SVG Uploads Type: Improper Neutralization…
Starter Templates Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-4630 | WordPress Plugin Vulnerability Report
Plugin Name: Starter Templates Key Information: Software Type: Plugin Software Slug: astra-sites Software Status: Active Software Author: brainstormforce Software Downloads: 57,202,843 Active Installs: 1,000,000 Last Updated: May 10, 2024 Patched Versions: 4.2.2 Affected Versions: <= 4.2.1 Vulnerability Details: Name: Starter Templates – Elementor, WordPress & Beaver Builder Templates <= 4.2.1 – Authenticated (Contributor+) Stored Cross-Site…
Easy Digital Downloads Vulnerability – Cross-Site Request Forgery – CVE-2024-31113 | WordPress Plugin Vulnerability Report
Plugin Name: Easy Digital Downloads Key Information: Software Type: Plugin Software Slug: easy-digital-downloads Software Status: Active Software Author: smub Software Downloads: 4,985,103 Active Installs: 50,000 Last Updated: May 9, 2024 Patched Versions: 3.2.12 Affected Versions: <= 3.2.11 Vulnerability Details: Name: Easy Digital Downloads <= 3.2.11 – Cross-Site Request Forgery Type: Cross-Site Request Forgery (CSRF) CVE:…
TranslatePress Vulnerability – Cross-Site Request Forgery – CVE-2024-34827 | WordPress Plugin Vulnerability Report
Plugin Name: TranslatePress Key Information: Software Type: Plugin Software Slug: translatepress-multilingual Software Status: Active Software Author: madalinungureanu Software Downloads: 10,058,842 Active Installs: 300,000 Last Updated: May 9, 2024 Patched Versions: 2.7.6 Affected Versions: <= 2.7.5 Vulnerability Details: Name: Translate Multilingual sites – TranslatePress <= 2.7.5 – Cross-Site Request Forgery Type: Cross-Site Request Forgery (CSRF) CVE:…
Unyson Vulnerability – Cross-Site Request Forgery – CVE-2024-34814 | WordPress Plugin Vulnerability Report
Plugin Name: Unyson Key Information: Software Type: Plugin Software Slug: unyson Software Status: Removed Software Author: unyson Software Downloads: 3,375,089 Active Installs: 200,000 Last Updated: May 9, 2024 Patched Versions: 2.7.31 Affected Versions: <= 2.7.30 Vulnerability Details: Name: Unyson <= 2.7.29 – Cross-Site Request Forgery Type: Cross-Site Request Forgery (CSRF) CVE: CVE-2024-34814 CVSS Score: 4.3…
Pods Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Pod Form Redirect URL – CVE-2024-3956 | WordPress Plugin Vulnerability Report
Plugin Name: Pods Key Information: Software Type: Plugin Software Slug: pods Software Status: Active Software Author: sc0ttkclark Software Downloads: 4,123,314 Active Installs: 100,000 Last Updated: May 9, 2024 Patched Versions: 3.2.1.1 Affected Versions: <= 3.2.1 Vulnerability Details: Name: Pods – Custom Content Types and Fields <= 3.2.1 – Authenticated (Contributor+) Stored Cross-Site Scripting via Pod…