WordPress Updates

SEOPress – On-site SEO Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Social Image URL – CVE-2024-1168 | WordPress Plugin Vulnerability Report

By Your WP Guy / Jun 19, 2024

Plugin Name: SEOPress – On-site SEO Key Information: Software Type: Plugin Software Slug: wp-seopress Software Status: Active Software Author: rainbowgeek Software Downloads: 12,850,995 Active Installs: 300,000 Last Updated: August 12, 2024 Patched Versions: 7.9.1 Affected Versions: <= 7.9 Vulnerability Details: Name: SEOPress – On-site SEO <= 7.9 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via Social…

Read More

Jeg Elementor Kit Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via JKit – Tabs and JKit – Accordion Widgets – CVE-2024-4479 | WordPress Plugin Vulnerability Report

By Your WP Guy / Jun 14, 2024

Plugin Name: Jeg Elementor Kit Key Information: Software Type: Plugin Software Slug: jeg-elementor-kit Software Status: Active Software Author: jegtheme Software Downloads: 1,393,902 Active Installs: 200,000 Last Updated: July 2, 2024 Patched Versions: 2.6.6 Affected Versions: <= 2.6.5 Vulnerability Details: Name: Jeg Elementor Kit <= 2.6.5 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via JKit – Tabs…

Read More

PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Link Effects Widget – CVE-2024-5787 | WordPress Plugin Vulnerability Report

By Your WP Guy / Jun 12, 2024

Plugin Name:PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) Key Information: Software Type: Plugin Software Slug: powerpack-lite-for-elementor Software Status: Active Software Author: ideaboxcreations Software Downloads: 2,434,102 Active Installs: 100,000 Last Updated: July 2, 2024 Patched Versions: 2.7.21 Affected Versions: <= 2.7.20 Vulnerability Details: Name: PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) <=…

Read More

WP Go Maps (formerly WP Google Maps) Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-5994 | WordPress Plugin Vulnerability Report

By Your WP Guy / Jun 12, 2024

Plugin Name:WP Go Maps (formerly WP Google Maps) Key Information: Software Type: Plugin Software Slug: wp-google-maps Software Status: Active Software Author: wpgmaps Software Downloads: 23,828,563 Active Installs: 300,000 Last Updated: July 2, 2024 Patched Versions: 9.0.39 Affected Versions: <= 9.0.38 Vulnerability Details: Name: WP Go Maps (formerly WP Google Maps) <= 9.0.38 Title: Authenticated (Contributor+)…

Read More

Gutenberg Blocks with AI by Kadence WP – Page Builder Features Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via titleFont Parameter – CVE-2024-4863 | WordPress Plugin Vulnerability Report

By Your WP Guy / Jun 12, 2024

Plugin Name:Gutenberg Blocks with AI by Kadence WP – Page Builder Features Key Information: Software Type: Plugin Software Slug: kadence-blocks Software Status: Active Software Author: britner Software Downloads: 20,652,980 Active Installs: 400,000 Last Updated: July 2, 2024 Patched Versions: 3.2.39 Affected Versions: <= 3.2.38 Vulnerability Details: Name: Gutenberg Blocks by Kadence Blocks – Page Builder…

Read More

Easy WP SMTP by SendLayer – WordPress SMTP and Email Log Plugin Vulnerability – Exposure of Sensitive Information via the UI – CVE-2024-3073 | WordPress Plugin Vulnerability Report

By Your WP Guy / Jun 12, 2024

Plugin Name:Easy WP SMTP by SendLayer – WordPress SMTP and Email Log Plugin Key Information: Software Type: Plugin Software Slug: easy-wp-smtp Software Status: Active Software Author: smub Software Downloads: 9,862,613 Active Installs: 600,000 Last Updated: July 2, 2024 Patched Versions: 2.3.1 Affected Versions: <= 2.3.0 Vulnerability Details: Name: Easy WP SMTP by SendLayer <= 2.3.0…

Read More

EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via PDF Widget URL – CVE-2024-1565 | WordPress Plugin Vulnerability Report

By Your WP Guy / Jun 12, 2024

Plugin Name:EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor Key Information: Software Type: Plugin Software Slug: embedpress Software Status: Active Software Author: wpdevteam Software Downloads: 2,770,513 Active Installs: 90,000 Last Updated: July 2, 2024 Patched Versions: 3.9.11 Affected Versions: <= 3.9.10 Vulnerability…

Read More

Elementor Header & Footer Builder Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Site Title Widget – CVE-2024-5757 | WordPress Plugin Vulnerability Report

By Your WP Guy / Jun 12, 2024

Plugin Name:Elementor Header & Footer Builder Key Information: Software Type: Plugin Software Slug: header-footer-elementor Software Status: Active Software Author: brainstormforce Software Downloads: 29,757,187 Active Installs: 2,000,000 Last Updated: July 2, 2024 Patched Versions: 1.6.36 Affected Versions: <= 1.6.35 Vulnerability Details: Name: Elementor Header & Footer Builder <= 1.6.35 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via…

Read More

Essential Addons for Elementor Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-5189 | WordPress Plugin Vulnerability Report

By Your WP Guy / Jun 10, 2024

Plugin Name: Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders Key Information: Software Type: Plugin Software Slug: essential-addons-for-elementor-lite Software Status: Active Software Author: wpdevteam Software Downloads: 76,299,572 Active Installs: 2,000,000 Last Updated: July 2, 2024 Patched Versions: 5.9.24 Affected Versions: <= 5.9.23 Vulnerability Details: Name: Essential Addons for Elementor –…

Read More

WP Force SSL & HTTPS SSL Redirect Vulnerability – Missing Authorization to Settings Update – CVE-2024-5770 | WordPress Plugin Vulnerability Report

By Your WP Guy / Jun 7, 2024

Plugin Name: WP Force SSL & HTTPS SSL Redirect Key Information: Software Type: Plugin Software Slug: wp-force-ssl Software Status: Active Software Author: webfactory Software Downloads: 1,473,630 Active Installs: 100,000 Last Updated: June 19, 2024 Patched Versions: 1.67 Affected Versions: <= 1.66 Vulnerability Details: Name: WP Force SSL & HTTPS SSL Redirect <= 1.66 Title: Missing…

Read More