RSS Aggregator Vulnerability– RSS Import, News Feeds, Feed to Post, and Autoblogging – Authenticated (Admin+) Server-Side Request Forgery via RSS Feed Source – CVE-2024-0628 | WordPress Plugin Vulnerability Report 

Plugin Name: RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging Key Information: Software Type: Plugin Software Slug: wp-rss-aggregator Software Status: Active Software Author: jeangalea Software Downloads: 2,636,080 Active Installs: 60,000 Last Updated: February 13, 2024 Patched Versions: 4.23.6 Affected Versions: 4.23.5 – 4.23.5 Vulnerability Details: Name: WP RSS Aggregator <= 4.23.5…

Read More

Starbox Vulnerability– the Author Box for Humans – Authenticated (Subscriber+) Stored Cross-Site Scripting via Job Settings – CVE-2023-6806 | WordPress Plugin Vulnerability Report 

Plugin Name: Starbox – the Author Box for Humans Key Information: Software Type: Plugin Software Slug: starbox Software Status: Active Software Author: cifi Software Downloads: 449,615 Active Installs: 50,000 Last Updated: February 13, 2024 Patched Versions: 3.5.0 Affected Versions: <= 3.4.8 Vulnerability Details: Name: Starbox <= 3.4.8 Title: Authenticated (Subscriber+) Stored Cross-Site Scripting via Job…

Read More

AMP for WP Vulnerability– Accelerated Mobile Pages – Authenticated Arbitrary Post Deletion via amppb_remove_saved_layout_data – CVE-2024-1043 |WordPress Plugin Vulnerability Report

Key Information: Software Type: Plugin Software Slug: accelerated-mobile-pages Software Status: Active Software Author: mohammed_kaludi Software Downloads: 17,665,548 Active Installs: 100,000 Last Updated: February 13, 2024 Patched Versions: 1.0.93.2 Affected Versions: <= 1.0.93.1 Vulnerability Details: Name: AMP for WP <= 1.0.93.1 Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE: CVE-2024-1043 CVSS Score: 6.5 Publicly Published: February 6, 2024 Researcher: Sean Murphy…

Read More

 Customer Reviews for WooCommerce Vulnerability – Improper Authorization via submit_review – CVE-2024-1044 | WordPress Plugin Vulnerability Report

Plugin Name: Customer Reviews for WooCommerce Key Information: Software Type: Plugin Software Slug: customer-reviews-woocommerce Software Status: Active Software Author: ivole Software Downloads: 3,898,158 Active Installs: 60,000 Last Updated: February 13, 2024 Patched Versions: 5.39.0 Affected Versions: <= 5.38.12 Vulnerability Details: Name: Customer Reviews for WooCommerce <= 5.38.12 Title: Improper Authorization via submit_review Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE:…

Read More

PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-1055 | WordPress Plugin Vulnerability Report

Plugin Name: PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) Key Information: Software Type: Plugin Software Slug: powerpack-lite-for-elementor Software Status: Active Software Author: ideaboxcreations Software Downloads: 2,129,545 Active Installs: 100,000 Last Updated: February 13, 2024 Patched Versions: 2.7.15 Affected Versions: <= 2.7.14 Vulnerability Details: Name: PowerPack Addons for Elementor <= 2.7.14 Title: Authenticated (Contributor+)…

Read More

Shield Security Vulnerability– Smart Bot Blocking & Intrusion Prevention Security – Unauthenticated Local File Inclusion – CVE-2023-6989 |WordPress Plugin Vulnerability Report

Plugin Name: Shield Security – Smart Bot Blocking & Intrusion Prevention Security Key Information: Software Type: Plugin Software Slug: wp-simple-firewall Software Status: Active Software Author: paultgoodchild Software Downloads: 11,714,137 Active Installs: 50,000 Last Updated: February 8, 2024 Patched Versions: 18.5.10 Affected Versions: <= 18.5.9 Vulnerability Details: Name: Shield Security – Smart Bot Blocking & Intrusion…

Read More

WP 404 Auto Redirect to Similar Post Vulnerability- Reflected Cross-Site Scripting via request – CVE-2024-0509 |WordPress Plugin Vulnerability Report

Plugin Name: WP 404 Auto Redirect to Similar Post Key Information: Software Type: Plugin Software Slug: wp-404-auto-redirect-to-similar-post Software Status: Active Software Author: hwk-fr Software Downloads: 266,878 Active Installs: 40,000 Last Updated: February 8, 2024 Patched Versions: 1.0.4 Affected Versions: <= 1.0.3 Vulnerability Details: Name: WP 404 Auto Redirect to Similar Post <= 1.0.3 Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N…

Read More

Elementor Addon Elements Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-0834 |WordPress Plugin Vulnerability Report

Plugin Name: Elementor Addon Elements Key Information: Software Type: Plugin Software Slug: addon-elements-for-elementor-page-builder Software Status: Active Software Author: webtechstreet Software Downloads: 2,364,972 Active Installs: 100,000 Last Updated: February 8, 2024 Patched Versions: 1.12.12 Affected Versions: 1.12.11 – 1.12.11 Vulnerability Details: Name: Elementor Addon Elements <= 1.12.11 Title: Authenticated (Contributor+) Stored Cross-Site Scripting Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N CVE:…

Read More

Meta Box Vulnerability– WordPress Custom Fields Framework – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2023-6526 |WordPress Plugin Vulnerability Report

Plugin Name: Meta Box – WordPress Custom Fields Framework Key Information: Software Type: Plugin Software Slug: meta-box Software Status: Active Software Author: rilwis Software Downloads: 16,593,050 Active Installs: 700,000 Last Updated: February 8, 2024 Patched Versions: 5.9.3 Affected Versions: <= 5.9.2 Vulnerability Details: Name: Meta Box – WordPress Custom Fields Framework <= 5.9.2 Title: Authenticated…

Read More