wordpress security
WooCommerce Vulnerability – Authenticated (Shop Manager+) Content Injection – CVE-2024-35777 | WordPress Plugin Vulnerability Report
Plugin Name: WooCommerce Key Information: Software Type: Plugin Software Status: Active Software Author: woocommerce Software Downloads: 322,936,863 Active Installs: 7,000,000 Last Updated: July 11, 2024 Patched Versions: 9.0.0 Affected Versions: <= 8.9.2 Vulnerability Details: Name: WooCommerce <= 8.9.2 Title: Authenticated (Shop Manager+) Content Injection Type: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N CVE: CVE-2024-35777 CVSS Score: 2.7 Publicly Published: June 27,…
ElementsKit Elementor addons Vulnerability – Missing Authorization – CVE-2024-37255 | WordPress Plugin Vulnerability Report
Plugin Name: ElementsKit Elementor addons Key Information: Software Type: Plugin Software Slug: elementskit-lite Software Status: Active Software Author: xpeedstudio Software Downloads: 20,999,885 Active Installs: 1,000,000 Last Updated: July 22, 2024 Patched Versions: 3.2.0 Affected Versions: <= 3.1.4 Vulnerability Details: Name: ElementsKit Elementor addons <= 3.1.4 Title: Missing Authorization Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE: CVE-2024-37255 CVSS Score: 5.3…
File Manager Vulnerability – Missing Authorization – CVE-2024-37254 | WordPress Plugin Vulnerability Report
Plugin Name: File Manager Key Information: Software Type: Plugin Software Slug: wp-file-manager Software Status: Active Software Author: mndpsingh287 Software Downloads: 24,013,163 Active Installs: 1,000,000 Last Updated: July 19, 2024 Patched Versions: 7.2.8 Affected Versions: <= 7.2.7 Vulnerability Details: Name: File Manager <= 7.2.7 Type: Missing Authorization CVE: CVE-2024-37254 CVSS Score: 4.3 Publicly Published: June 27,…
SiteGuard WP Plugin Vulnerability – Login Page Disclosure – CVE-2024-37881 | WordPress Plugin Vulnerability Report
Plugin Name: SiteGuard WP Plugin Key Information: Software Type: Plugin Software Slug: siteguard Software Status: Active Software Author: jp-secure Software Downloads: 4,227,647 Active Installs: 500,000 Last Updated: July 26, 2024 Patched Versions: 1.7.7 Affected Versions: <= 1.7.6 Vulnerability Details: Name: SiteGuard WP Plugin <= 1.7.6 Title: Login Page Disclosure Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE: CVE-2024-37881 CVSS Score:…
Loco Translate Vulnerability – Cross-Site Request Forgery – CVE-2024-37236 | WordPress Plugin Vulnerability Report
Plugin Name: Loco Translate Key Information: Software Type: Plugin Software Slug: loco-translate Software Status: Active Software Author: timwhitlock Software Downloads: 26,085,928 Active Installs: 1,000,000 Last Updated: July 16, 2024 Patched Versions: 2.6.10 Affected Versions: <= 2.6.9 Vulnerability Details: Name: Loco Translate <= 2.6.9 Type: Cross-Site Request Forgery CVE: CVE-2024-37236 CVSS Score: 4.3 Publicly Published: June…
Solid Security – Password, Two Factor Authentication, and Brute Force Protection Vulnerability – IP Address Spoofing to Denial of Service – CVE-2022-44593 | WordPress Plugin Vulnerability Report
Plugin Name: Solid Security – Password, Two Factor Authentication, and Brute Force Protection Key Information: Software Type: Plugin Software Slug: better-wp-security Software Status: Active Software Author: ithemes Software Downloads: 31,710,465 Active Installs: 900,000 Last Updated: July 22, 2024 Patched Versions: 9.3.2 Affected Versions: <= 9.3.1 Vulnerability Details: Name: Solid Security <= 9.3.1 Title: IP Address…
Smush Image Optimization – Optimize Images | Compress & Lazy Load Images | Convert WebP | Image CDN Vulnerability – Missing Authorization to Resmush List Deletion – CVE-2023-3352 | WordPress Plugin Vulnerability Report
Plugin Name: Smush Image Optimization – Optimize Images | Compress & Lazy Load Images | Convert WebP | Image CDN Key Information: Software Type: Plugin Software Slug: wp-smushit Software Status: Active Software Author: wpmudev Software Downloads: 54,994,090 Active Installs: 1,000,000 Last Updated: July 22, 2024 Patched Versions: 3.16.5 Affected Versions: <= 3.16.4 Vulnerability Details: Name:…
SEOPress – On-site SEO Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Social Image URL – CVE-2024-1168 | WordPress Plugin Vulnerability Report
Plugin Name: SEOPress – On-site SEO Key Information: Software Type: Plugin Software Slug: wp-seopress Software Status: Active Software Author: rainbowgeek Software Downloads: 12,850,995 Active Installs: 300,000 Last Updated: August 12, 2024 Patched Versions: 7.9.1 Affected Versions: <= 7.9 Vulnerability Details: Name: SEOPress – On-site SEO <= 7.9 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via Social…
Jeg Elementor Kit Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via JKit – Tabs and JKit – Accordion Widgets – CVE-2024-4479 | WordPress Plugin Vulnerability Report
Plugin Name: Jeg Elementor Kit Key Information: Software Type: Plugin Software Slug: jeg-elementor-kit Software Status: Active Software Author: jegtheme Software Downloads: 1,393,902 Active Installs: 200,000 Last Updated: July 2, 2024 Patched Versions: 2.6.6 Affected Versions: <= 2.6.5 Vulnerability Details: Name: Jeg Elementor Kit <= 2.6.5 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via JKit – Tabs…
Simple Sitemap Vulnerability – Cross-Site Request Forgery via admin_notices – CVE-2023-6492 | WordPress Plugin Vulnerability Report
Plugin Name: Simple Sitemap – Create a Responsive HTML Sitemap Key Information: Software Type: Plugin Software Slug: simple-sitemap Software Status: Active Software Author: dgwyer Software Downloads: 1,541,369 Active Installs: 90,000 Last Updated: July 2, 2024 Patched Versions: 3.5.14 Affected Versions: <= 3.5.13 Vulnerability Details: Name: Simple Sitemap <= 3.5.13 Title: Cross-Site Request Forgery via admin_notices…