wordpress security
Page Builder: Pagelayer Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Button – CVE-2024-1590 | WordPress Plugin Vulnerability Report
Plugin Name: Page Builder: Pagelayer Key Information: Software Type: Plugin Software Slug: pagelayer Software Status: Active Software Author: softaculous Software Downloads: 5,658,195 Active Installs: 200,000 Last Updated: February 22, 2024 Patched Versions: 1.8.3 Affected Versions: <= 1.8.2 Vulnerability Details: Name: Page Builder: Pagelayer – Drag and Drop website builder <= 1.8.2 – Authenticated (Contributor+) Stored Cross-Site Scripting via Button Title: Authenticated (Contributor+) Stored Cross-Site Scripting via…
User Feedback Vulnerability – Unauthenticated Stored Cross-Site Scripting – CVE-2024-0903 | WordPress Plugin Vulnerability Report
Plugin Name: User Feedback Key Information: Software Type: Plugin Software Slug: userfeedback-lite Software Status: Active Software Author: smub Software Downloads: 1,054,695 Active Installs: 200,000 Last Updated: February 21, 2024 Patched Versions: 1.0.14 Affected Versions: <= 1.0.13 Vulnerability Details: Name: User Feedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds <= 1.0.13 – Unauthenticated Stored Cross-Site Scripting Title: Unauthenticated Stored Cross-Site Scripting Type: Improper Neutralization…
Event Tickets and Registration Vulnerability – Missing Authorization – CVE-2024-1053 | WordPress Plugin Vulnerability Report
Plugin Name: Event Tickets and Registration Key Information: Software Type: Plugin Software Slug: event-tickets Software Status: Active Software Author: theeventscalendar Software Downloads: 3,388,630 Active Installs: 80,000 Last Updated: February 21, 2024 Patched Versions: 5.8.2 Affected Versions: <= 5.8.1 Vulnerability Details: Name: Event Tickets and Registration <= 5.8.1 – Missing Authorization Title: Missing Authorization Type: Improper Access Control CVE: CVE-2024-1053 CVSS Score: 4.3 (Medium) Publicly Published: February 21, 2024 Researcher: Muhammad Daffa…
Elementor Addon Elements Vulnerability – Directory Traversal to Local File Inclusion – CVE-2024-1358 | WordPress Plugin Vulnerability Report
Plugin Name: Elementor Addon Elements Key Information: Software Type: Plugin Software Slug: addon-elements-for-elementor-page-builder Software Status: Active Software Author: webtechstreet Software Downloads: 2,406,134 Active Installs: 100,000 Last Updated: February 21, 2024 Patched Versions: 1.13 Affected Versions: <= 1.12.12 Vulnerability 1 Details: Name: Elementor Addon Elements <= 1.12.12 – Directory Traversal to Local File Inclusion Title: Directory Traversal to Local File Inclusion Type: Improper Limitation of a Pathname to…
Enhanced Text Widget Vulnerability – Authenticated (Administrator+) Stored Cross-Site Scripting – CVE-2024-0559 | WordPress Plugin Vulnerability Report
Plugin Name: Enhanced Text Widget Key Information: Software Type: Plugin Software Slug: enhanced-text-widget Software Status: Active Software Author: cl272 Software Downloads: 773,012 Active Installs: 50,000 Last Updated: February 20, 2024 Patched Versions: 1.6.6 Affected Versions: <= 1.6.5 Vulnerability Details: Name: Enhanced Text Widget <= 1.6.5 – Authenticated (Administrator+) Stored Cross-Site Scripting Title: Authenticated (Administrator+) Stored Cross-Site Scripting Type: Improper Neutralization of Input During Web Page Generation (‘Cross-site…
Sassy Social Share Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-1448 | WordPress Plugin Vulnerability Report
Plugin Name: Sassy Social Share Key Information: Software Type: Plugin Software Slug: sassy-social-share Software Status: Active Software Author: heateor Software Downloads: 5,064,928 Active Installs: 100,000 Last Updated: February 20, 2024 Patched Versions: 3.3.57 Affected Versions: <= 3.3.56 Vulnerability Details: Name: Sassy Social Share <= 3.3.56 – Authenticated (Contributor+) Stored Cross-Site Scripting Title: Authenticated (Contributor+) Stored…
Beaver Builder Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-0897 | WordPress Plugin Vulnerability Report
Plugin Name: Beaver Builder Key Information: Software Type: Plugin Software Slug: beaver-builder-lite-version Software Status: Active Software Author: justinbusa Software Downloads: 9,597,835 Active Installs: 100,000 Last Updated: February 20, 2024 Patched Versions: 2.7.4.3 Affected Versions: <= 2.7.4.2 Vulnerability Details: Name: Beaver Builder – WordPress Page Builder <= 2.7.4.2 – Authenticated (Contributor+) Stored Cross-Site Scripting Type: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)…
3D FlipBook Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Bookmarks – CVE-2024-1081 | WordPress Plugin Vulnerability Report
Plugin Name: 3D FlipBook Key Information: Software Type: Plugin Software Slug: interactive-3d-flipbook-powered-physics-engine Software Status: Active Software Author: iberezansky Software Downloads: 1,524,371 Active Installs: 70,000 Last Updated: February 20, 2024 Patched Versions: 1.15.4 Affected Versions: <= 1.15.3 Vulnerability Details: Name: 3D FlipBook – PDF Flipbook WordPress <= 1.15.3 – Authenticated (Contributor+) Stored Cross-Site Scripting via Bookmarks Title: Authenticated (Contributor+) Stored Cross-Site Scripting via Bookmarks Type: Improper Neutralization of…
Schema & Structured Data for WP & AMP Vulnerability – Missing Authorization to reCaptcha Key Modification & Authenticated (Custom) Stored Cross-Site Scripting – CVE-2024-1288 & CVE-2024-1586 | WordPress Plugin Vulnerability Report
Plugin Name: Schema & Structured Data for WP & AMP Key Information: Software Type: Plugin Software Slug: schema-and-structured-data-for-wp Software Status: Active Software Author: magazine3 Software Downloads: 4,923,980 Active Installs: 100,000 Last Updated: February 19, 2024 Patched Versions: 1.27 Affected Versions: <= 1.26 Vulnerability 1 Details: Name: Schema & Structured Data for WP & AMP <=…
Featured Image from URL Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via fifu_input_url – CVE-2024-1496 | WordPress Plugin Vulnerability Report
Plugin Name: Featured Image from URL Key Information: Software Type: Plugin Software Slug: featured-image-from-url Software Status: Active Software Author: marceljm Software Downloads: 4,896,915 Active Installs: 100,000 Last Updated: February 19, 2024 Patched Versions: 4.6.3 Affected Versions: <= 4.6.2 Vulnerability Details: Name: Featured Image from URL (FIFU) <= 4.6.2 – Authenticated (Contributor+) Stored Cross-Site Scripting via…