Mollie Payments for WooCommerce Vulnerability – Unauthenticated Full Path Disclosure – CVE-2024-6448 | WordPress Plugin Vulnerability Report

Plugin Name: Mollie Payments for WooCommerce Key Information: Software Type: Plugin Software Slug: mollie-payments-for-woocommerce Software Status: Active Software Author: mollieintegration Software Downloads: 3,421,407 Active Installs: 100,000 Last Updated: August 27, 2024 Patched Versions: 7.8.0 Affected Versions: <= 7.7.0 Vulnerability Details: Name: Mollie Payments for WooCommerce <= 7.7.0 Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE: CVE-2024-6448 CVSS Score: 5.3 Publicly…

Read More

Slider & Popup Builder by Depicter Vulnerability – Authenticated (Contributor+) Arbitrary File Upload – CVE-2024-4389 | WordPress Plugin Vulnerability Report

Plugin Name: Slider & Popup Builder by Depicter – Add Image Slider, Carousel Slider, Exit Intent Popup, Popup Modal, Coupon Popup, Post Slider Carousel Key Information: Software Type: Plugin Software Slug: depicter Software Status: Active Software Author: averta Software Downloads: 1,314,164 Active Installs: 100,000 Last Updated: August 19, 2024 Patched Versions: 3.1.2 Affected Versions: <=…

Read More

Media Library Assistant Vulnerability- Authenticated (Author+) Arbitrary File Upload via mla-inline-edit-upload-scripts AJAX Action – CVE-2024-6823 | WordPress Plugin Vulnerability Report

Plugin Name: Media Library Assistant Key Information: Software Type: Plugin Software Slug: media-library-assistant Software Status: Active Software Author: dglingren Software Downloads: 2,044,116 Active Installs: 70,000 Last Updated: August 18, 2024 Patched Versions: 3.19 Affected Versions: <= 3.18 Vulnerability Details: Name: Media Library Assistant <= 3.18 Title: Authenticated (Author+) Arbitrary File Upload via mla-inline-edit-upload-scripts AJAX Action…

Read More

Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Gallery and Countdown Widgets – CVE-2024-7247 | WordPress Plugin Vulnerability Report

Plugin Name: Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) Key Information: Software Type: Plugin Software Slug: bdthemes-element-pack-lite Software Status: Active Software Author: bdthemes Software Downloads: 2,552,973 Active Installs: 100,000 Last Updated: August 12, 2024 Patched Versions: 5.7.3 Affected Versions: <= 5.7.2 Vulnerability Details: Name: Element Pack Elementor Addons…

Read More

Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-4643 | WordPress Plugin Vulnerability Report

Plugin Name: Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) Key Information: Software Type: Plugin Software Slug: bdthemes-element-pack-lite Software Status: Active Software Author: bdthemes Software Downloads: 2,552,973 Active Installs: 100,000 Last Updated: August 12, 2024 Patched Versions: 5.6.12 Affected Versions: <= 5.6.11 Vulnerability Details: Name: Element Pack Elementor Addons…

Read More

Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder Vulnerability – Multiple Stored Cross-Site Scripting Vulnerabilities – CVE-2024-6703, CVE-2024-6521, CVE-2024-6518, CVE-2024-6520 | WordPress Plugin Vulnerability Report

Plugin Name: Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder Key Information: Software Type: Plugin Software Slug: fluentform Software Status: Active Software Author: techjewel Software Downloads: 7,722,361 Active Installs: 400,000 Last Updated: August 12, 2024 Patched Versions: 5.1.20 Affected Versions: <= 5.1.19 Vulnerability 1 Details: Name: Contact…

Read More

Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) Vulnerability – Multiple Authenticated (Contributor+) Stored Cross-Site Scripting Vulnerabilities – CVE-2024-5554, CVE-2024-5555 | WordPress Plugin Vulnerability Report

Plugin Name: Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) Key Information: Software Type: Plugin Software Slug: bdthemes-element-pack-lite Software Status: Active Software Author: bdthemes Software Downloads: 2,552,973 Active Installs: 100,000 Last Updated: August 12, 2024 Patched Versions: 5.6.12, 5.6.6 Affected Versions: <= 5.6.11, <= 5.6.5 Vulnerability 1 Details: Name:…

Read More

User Feedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds Vulnerability – Unauthenticated Stored Cross-Site Scripting via Name Parameter – CVE-2024-5902 | WordPress Plugin Vulnerability Report

Plugin Name: User Feedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds Key Information: Software Type: Plugin Software Slug: userfeedback-lite Software Status: Active Software Author: smub Software Downloads: 1,961,766 Active Installs: 200,000 Last Updated: August 8, 2024 Patched Versions: 1.0.16 Affected Versions: <= 1.0.15 Vulnerability Details: Name: UserFeedback Lite <= 1.0.15 Title:…

Read More

The Events Calendar Vulnerability – Cross-Site Request Forgery via action_restore_events – CVE-2024-37518 | WordPress Plugin Vulnerability Report 

Plugin Name: The Events Calendar Key Information: Software Type: Plugin Software Slug: the-events-calendar Software Status: Active Software Author: theeventscalendar Software Downloads: 60,464,127 Active Installs: 700,000 Last Updated: July 27, 2024 Patched Versions: 6.5.1.5 Affected Versions: <= 6.5.1.4 Vulnerability Details: Name: The Events Calendar <= 6.5.1.4 Title: Cross-Site Request Forgery via action_restore_events Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE: CVE-2024-37518…

Read More

Page Builder Gutenberg Blocks – CoBlocks Vulnerability – Authenticated (Contributor+) Server-Side Request Forgery – CVE-2024-4260 | WordPress Plugin Vulnerability Report

Plugin Name: Page Builder Gutenberg Blocks – CoBlocks Key Information: Software Type: Plugin Software Slug: coblocks Software Status: Active Software Author: godaddy Software Downloads: 22,494,227 Active Installs: 400,000 Last Updated: August 12, 2024 Patched Versions: 3.1.12 Affected Versions: <= 3.1.11 Vulnerability Details: Name: Page Builder Gutenberg Blocks – CoBlocks <= 3.1.11 Title: Authenticated (Contributor+) Server-Side…

Read More