wordpress security
Shariff Wrapper Vulnerability – Authenticated (Admin+) Stored Cross-Site Scripting – CVE-2024-1106 |WordPress Plugin Vulnerability Report
Plugin Name: Shariff Wrapper Key Information: Software Type: Plugin Software Slug: shariff Software Status: Active Software Author: 3uu Software Downloads: 848,443 Active Installs: 50,000 Last Updated: February 8, 2024 Patched Versions: 4.6.10 Affected Versions: <= 4.6.9 Vulnerability Details: Name: Shariff Wrapper <= 4.6.9 Title: Authenticated (Admin+) Stored Cross-Site Scripting Type: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N CVE: CVE-2024-1106 CVSS Score:…
BEAR Vulnerability– Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net – Missing Authorization via Several Functions – CVE-2024-24835 | WordPress Plugin Vulnerability Report
Plugin Name: BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net Key Information: Software Type: Plugin Software Slug: woo-bulk-editor Software Status: Active Software Author: realmag777 Software Downloads: 545,399 Active Installs: 30,000 Last Updated: February 8, 2024 Patched Versions: 1.1.4.1 Affected Versions: <= 1.1.4 Vulnerability Details: Name: BEAR <= 1.1.4 Title: Missing Authorization…
Easy Digital Downloads Vulnerability– Sell Digital Files (eCommerce Store & Payments Made Easy) – Authenticated (Shop Manager+) Stored Cross-Site Scripting – CVE-2024-0659 | WordPress Plugin Vulnerability Report
Plugin Name: Easy Digital Downloads – Sell Digital Files (eCommerce Store & Payments Made Easy) Key Information: Software Type: Plugin Software Slug: easy-digital-downloads Software Status: Active Software Author: smub Software Downloads: 4,802,741 Active Installs: 50,000 Last Updated: February 8, 2024 Patched Versions: 3.2.7 Affected Versions: <= 3.2.6 Vulnerability Details: Name: Easy Digital Downloads <= 3.2.6…
PDF Flipbook, 3D Flipbook Vulnerability– DearFlip – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-0895 | WordPress Plugin Vulnerability Report
Plugin Name: PDF Flipbook, 3D Flipbook – DearFlip Key Information: Software Type: Plugin Software Slug: 3d-flipbook-dflip-lite Software Status: Active Software Author: dearhive Software Downloads: 1,178,266 Active Installs: 100,000 Last Updated: February 8, 2024 Patched Versions: 2.2.27 Affected Versions: <= 2.2.26 Vulnerability Details: Name: PDF Flipbook, 3D Flipbook – DearFlip <= 2.2.26 Title: Authenticated (Contributor+) Stored…
Orbit Fox by ThemeIsle Vulnerability – Cross-Site Request Forgery – CVE-2024-1162 | WordPress Plugin Vulnerability Report
Plugin Name: Orbit Fox by ThemeIsle Key Information: Software Type: Plugin Software Slug: themeisle-companion Software Status: Active Software Author: ThemeIsle Software Downloads: 11,093,244 Active Installs: 200,000 Last Updated: February 1, 2024 Patched Versions: 2.10.230 Affected Versions: <= 2.10.29 Vulnerability Details: Name: Orbit Fox by ThemeIsle <= 2.10.29 Title: Cross-Site Request Forgery (CSRF) Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE:…
Calculated Fields Form Vulnerability- Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-0963 | WordPress Plugin Vulnerability Report
Plugin Name: Calculated Fields Form Key Information: Software Type: Plugin Software Slug: calculated-fields-form Software Status: Active Software Author: codepeople Software Downloads: 6,585,834 Active Installs: 60,000 Last Updated: February 12, 2024 Patched Versions: 1.2.53 Affected Versions: <= 1.2.52 Vulnerability Details: Name: Calculated Fields Form <= 1.2.52 Title: Authenticated (Contributor+) Stored Cross-Site Scripting Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N CVE: CVE-2024-0963…
Essential Addons for Elementor Vulnerability– Best Elementor Templates, Widgets, Kits & WooCommerce Builders – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-0954 | WordPress Plugin Vulnerability Report
Plugin Name: Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders Key Information: Software Type: Plugin Software Slug: essential-addons-for-elementor-lite Software Status: Active Software Author: wpdevteam Software Downloads: 66,002,609 Active Installs: 2,000,000 Last Updated: February 12, 2024 Patched Versions: 5.9.8 Affected Versions: <= 5.9.7 Vulnerability Details: Name: Essential Addons for Elementor –…
SlimStat Analytics Vulnerability – Authenticated (Subscriber+) Stored Cross-Site Scripting – CVE-2024-1073 | WordPress Plugin Vulnerability Report
Plugin Name: SlimStat Analytics Key Information: Software Type: Plugin Software Slug: wp-slimstat Software Status: Active Software Author: mostafas1990 Software Downloads: 6,082,430 Active Installs: 90,000 Last Updated: February 5, 2024 Patched Versions: 5.1.4 Affected Versions: <= 5.1.3 Vulnerability Details: Name: SlimStat Analytics <= 5.1.3 Title: Authenticated (Subscriber+) Stored Cross-Site Scripting (XSS) Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N CVE: CVE-2024-1073 CVSS…
Ninja Forms Contact Form Vulnerability– The Drag and Drop Form Builder for WordPress – Unauthenticated Second Order SQL Injection – CVE-2024-0685 | WordPress Plugin Vulnerability Report
Plugin Name: Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress Key Information: Software Type: Plugin Software Slug: ninja-forms Software Status: Active Software Author: kstover Software Downloads: 42,568,387 Active Installs: 800,000 Last Updated: February 12, 2024 Patched Versions: 3.7.2 Affected Versions: <= 3.7.1 Vulnerability Details: Name: Ninja Forms Contact Form <=…
Advanced iFrame Vulnerability- Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2023-7069 | WordPress Plugin Vulnerability Report
Plugin Name: Advanced iFrame Key Information: Software Type: Plugin Software Slug: advanced-iframe Software Status: Active Software Author: mdempfle Software Downloads: 1,840,037 Active Installs: 60,000 Last Updated: February 1, 2024 Patched Versions: 2024.0 Affected Versions: <= 2023.10 Vulnerability Details: Name: Advanced iFrame <= 2023.10 Title: Authenticated (Contributor+) Stored Cross-Site Scripting (XSS) Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N CVE: CVE-2023-7069 CVSS…