MainWP Child Reports Vulnerability – Cross-Site Request Forgery – CVE-2024-33680 | WordPress Plugin Vulnerability Report

Plugin Name: MainWP Child Reports Key Information: Software Type: Plugin Software Slug: mainwp-child-reports Software Status: Active Software Author: mainwp Software Downloads: 943,776 Active Installs: 80,000 Last Updated: May 10, 2024 Patched Versions: 2.2 Affected Versions: <= 2.1.1 Vulnerability Details: Name: MainWP Child Reports <= 2.1.1 Title: Cross-Site Request Forgery Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE: CVE-2024-33680 CVSS Score:…

Read More

Happy Addons for Elementor Vulnerability – Authenticated Stored Cross-Site Scripting via Calendly Widget – CVE-2024-3890 | WordPress Plugin Vulnerability Report 

Plugin Name: Happy Addons for Elementor Key Information: Software Type: Plugin Software Slug: happy-elementor-addons Software Status: Active Software Author: thehappymonster Software Downloads: 6,800,239 Active Installs: 400,000 Last Updated: May 10, 2024 Patched Versions: 3.10.7 Affected Versions: <= 3.10.6 Vulnerability Details: Name: Happy Addons for Elementor <= 3.10.6 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via Calendly…

Read More

Quick Featured Images Vulnerability – Missing Authorization to Authenticated (Contributor+) Arbitrary Thumbnail Deletion/Setting – CVE-2024-3664 | WordPress Plugin Vulnerability Report

Plugin Name: Quick Featured Images Key Information: Software Type: Plugin Software Slug: quick-featured-images Software Status: Active Software Author: hinjiriyo Software Downloads: 992,333 Active Installs: 50,000 Last Updated: May 6, 2024 Patched Versions: 13.7.1 Affected Versions: <= 13.7.0 Vulnerability Details: Name: Quick Featured Images <= 13.7.0 Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVE: CVE-2024-3664 CVSS Score: 4.3 Publicly Published: April…

Read More

RSS Aggregator by Feedzy Vulnerability – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator – Authenticated Blind Server-Side Request Forgery (SSRF) – CVE-2023-6805 | WordPress Plugin Vulnerability Report

Plugin Name: RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator Key Information: Software Type: Plugin Software Slug: feedzy-rss-feeds Software Status: Active Software Author: themeisle Software Downloads: 2,223,288 Active Installs: 50,000 Last Updated: April 25, 2024 Patched Versions: 4.4.8 Affected Versions: <= 4.4.7 Vulnerability Details: Name: RSS Aggregator by…

Read More

WP Show Posts Vulnerability – Improper Authorization to Information Exposure – CVE-2023-6731 | WordPress Plugin Vulnerability Report

Plugin Name: WP Show Posts Key Information: Software Type: Plugin Software Slug: wp-show-posts Software Status: Active Software Author: edge22 Software Downloads: 534,403 Active Installs: 90,000 Last Updated: April 25, 2024 Patched Versions: 1.1.6 Affected Versions: <= 1.1.5 Vulnerability Details: Name: WP Show Posts <= 1.1.5 Title: Improper Authorization to Information Exposure Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE: CVE-2023-6731…

Read More

Email Subscribers by Icegram Express Vulnerability – Email Marketing, Newsletters, Automation for WordPress & WooCommerce – Unauthenticated SQL Injection – CVE-2024-2876 | WordPress Plugin Vulnerability Report

Plugin Name: Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce Key Information: Software Type: Plugin Software Slug: email-subscribers Software Status: Active Software Author: icegram Software Downloads: 10,452,815 Active Installs: 90,000 Last Updated: April 25, 2024 Patched Versions: 5.7.15 Affected Versions: <= 5.7.14 Vulnerability Details: Name: Icegram Express – Email…

Read More

Smart Slider 3 Vulnerability – Missing Authorization to Limited File Upload – CVE-2024-3027 | WordPress Plugin Vulnerability Report

Plugin Name: Smart Slider 3 Key Information: Software Type: Plugin Software Slug: smart-slider-3 Software Status: Active Software Author: nextendweb Software Downloads: 17,368,541 Active Installs: 900,000 Last Updated: April 25, 2024 Patched Versions: 3.5.1.23 Affected Versions: <= 3.5.1.22 Vulnerability Details: Name: Smart Slider 3 <= 3.5.1.22 Title: Missing Authorization to Limited File Upload Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N CVE:…

Read More

Email Subscribers by Icegram Express Vulnerability – Authenticated (Administrator+) Cross-Site Scripting & Missing Authorization – CVE-2024-2656 & CVE-2024-31352 | WordPress Plugin Vulnerability Report

Plugin Name: Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce Key Information: Software Type: Plugin Software Slug: email-subscribers Software Status: Active Software Author: icegram Software Downloads: 10,401,859 Active Installs: 90,000 Last Updated: April 15, 2024 Patched Versions: 5.7.16 Affected Versions: <= 5.7.15 Vulnerability Details: Name: Icegram Express <= 5.7.14…

Read More

BoldGrid Easy SEO Vulnerability – Simple and Effective SEO – Information Exposure – CVE-2024-2950 | WordPress Plugin Vulnerability Report

Plugin Name: BoldGrid Easy SEO – Simple and Effective SEO Key Information: Software Type: Plugin Software Slug: boldgrid-easy-seo Software Status: Active Software Author: BoldGrid Software Downloads: 737,899 Active Installs: 70,000 Last Updated: April 15, 2024 Patched Versions: 1.6.15 Affected Versions: <= 1.6.14 Vulnerability Details: Name: BoldGrid Easy SEO – Simple and Effective SEO <= 1.6.14…

Read More

Permalink Manager Pro Vulnerability- Missing Authorization via get_uri_editor – CVE-2024-2543 |WordPress Plugin Vulnerability Report

Plugin Name: Permalink Manager Pro Key Information: Software Type: Plugin Software Slug: permalink-manager Software Status: Active Software Author: mbis Software Downloads: 1,664,850 Active Installs: 80,000 Last Updated: March 20, 2024 Patched Versions: 2.4.3.2 Affected Versions: <= 2.4.3.1 Vulnerability Details: Name: Plugin Permalink <= 2.4.3.1 Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE: CVE-2024-2543 CVSS Score: 4.3 Publicly Published: March 20,…

Read More