wordpress security
Relevanssi Vulnerability – A Better Search – Multiple Vulnerabilities – CVE-2024-3213 & CVE-2024-3214 | WordPress Plugin Vulnerability Report
Plugin Name: Relevanssi – A Better Search Key Information: Software Type: Plugin Software Slug: relevanssi Software Status: Active Software Author: msaari Software Downloads: 6,389,194 Active Installs: 100,000 Last Updated: April 4, 2024 Patched Versions: 4.22.2 Affected Versions: <= 4.22.1 Vulnerability Details: Vulnerability 1: Missing Authorization to Unauthenticated Count Option Update Type: Insecure Direct Object Reference…
ElementsKit Elementor addons Vulnerability – Authenticated Stored Cross-Site Scripting via Countdown Widget – CVE-2024-2803 | WordPress Plugin Vulnerability Report
Plugin Name: ElementsKit Elementor addons Key Information: Software Type: Plugin Software Slug: elementskit-lite Software Status: Active Software Author: xpeedstudio Software Downloads: 17,727,023 Active Installs: 1,000,000 Last Updated: April 3, 2024 Patched Versions: 3.1.0 Affected Versions: <= 3.0.7 Vulnerability Details: Name: ElementsKit Elementor addons <= 3.0.7 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget Type:…
Easy Digital Downloads Vulnerability – Sensitive Information Exposure – CVE-2024-2302 | WordPress Plugin Vulnerability Report
Plugin Name: Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) Key Information: Software Type: Plugin Software Slug: easy-digital-downloads Software Status: Active Software Author: smub Software Downloads: 4,925,252 Active Installs: 50,000 Last Updated: April 4, 2024 Patched Versions: 3.2.10 Affected Versions: <= 3.2.9 Vulnerability Details: Name: Easy Digital Downloads…
CMB2 Vulnerability – Authenticated PHP Object Injection – CVE-2024-1792 | WordPress Plugin Vulnerability Report
Plugin Name: CMB2 Key Information: Software Type: Plugin Software Slug: cmb2 Software Status: Active Software Author: jtsternberg Software Downloads: 4,198,199 Active Installs: 300,000 Last Updated: April 3, 2024 Patched Versions: 2.11.0 Affected Versions: <= 2.10.1 Vulnerability Details: Name: CMB2 <= 2.10.1 Title: Authenticated PHP Object Injection Type: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE: CVE-2024-1792 CVSS Score: 7.2 Publicly Published:…
Gutenberg Blocks by Kadence Blocks Vulnerability – Page Builder Features – Multiple Vulnerabilities – CVE-2024-0598 & CVE-2024-2919 | WordPress Plugin Vulnerability Report
Plugin Name: Gutenberg Blocks by Kadence Blocks – Page Builder Features Key Information: Software Type: Plugin Software Slug: kadence-blocks Software Status: Active Software Author: britner Software Downloads: 17,837,802 Active Installs: 400,000 Last Updated: April 3, 2024 Patched Versions: 3.2.18 Affected Versions: <= 3.2.17 for CVE-2024-0598 and <= 3.2.31 for CVE-2024-2919 Vulnerability 1 Details: Name: Gutenberg…
Jeg Elementor Kit Vulnerability – Multiple Stored Cross-Site Scripting Issues – CVE-2024-1327 & CVE-2024-3162 |WordPress Plugin Vulnerability Report
Plugin Name: Jeg Elementor Kit Key Information: Software Type: Plugin Software Slug: jeg-elementor-kit Software Status: Active Software Author: jegtheme Software Downloads: 1,029,705 Active Installs: 200,000 Last Updated: April 2, 2024 Patched Versions: 2.6.4 Affected Versions: <= 2.6.3 Vulnerability 1 Details: Name: Jeg Elementor Kit <= 2.6.3 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via Image Box…
WPFront User Role Editor Vulnerability – Limited Information Exposure – CVE-2024-2931 | WordPress Plugin Vulnerability Report
Plugin Name: WPFront User Role Editor Key Information: Software Type: Plugin Software Slug: wpfront-user-role-editor Software Status: Active Software Author: syammohanm Software Downloads: 787,036 Active Installs: 50,000 Last Updated: April 2, 2024 Patched Versions: 4.1.0 Affected Versions: <= 3.2.1.11184 Vulnerability Details: Name: WPFront User Role Editor <= 3.2.1.11184 Title: Limited Information Exposure Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE: CVE-2024-2931…
WP-Members Membership Plugin Vulnerability – Unauthenticated Stored Cross-Site Scripting – CVE-2024-1852 | WordPress Plugin Vulnerability Report
Plugin Name: WP-Members Membership Plugin Key Information: Software Type: Plugin Software Slug: wp-members Software Status: Active Software Author: cbutlerjr Software Downloads: 3,453,636 Active Installs: 60,000 Last Updated: April 1, 2024 Patched Versions: 3.4.9.3 Affected Versions: <= 3.4.9.2 Vulnerability Details: Name: WP-Members Membership Plugin <= 3.4.9.2 Title: Unauthenticated Stored Cross-Site Scripting Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N CVE: CVE-2024-1852 CVSS…
Template Kit – Import Vulnerability – Authenticated Stored Cross-Site Scripting via Template Upload – CVE-2024-2334 | WordPress Plugin Vulnerability Report
Plugin Name: Template Kit – Import Key Information: Software Type: Plugin Software Slug: template-kit-import Software Status: Active Software Author: Envato Software Downloads: 548,134 Active Installs: 100,000 Last Updated: April 2, 2024 Patched Versions: 1.0.15 Affected Versions: <= 1.0.14 Vulnerability Details: Name: Template Kit – Import <= 1.0.14 Title: Authenticated (Author+) Stored Cross-Site Scripting via Template…
SecuPress Free Vulnerability — WordPress Security – Cross-Site Request Forgery to Banned IP Address – CVE-2024-1504 | WordPress Plugin Vulnerability Report
Plugin Name: SecuPress Free – WordPress Security Key Information: Software Type: Plugin Software Slug: secupress Software Status: Active Software Author: SecuPress Software Downloads: 623,070 Active Installs: 40,000 Last Updated: April 2, 2024 Patched Versions: 2.2.5.2 Affected Versions: <= 2.2.5.1 Vulnerability Details: Name: SecuPress Free – WordPress Security <= 2.2.5.1 Title: Cross-Site Request Forgery to Banned…