WordPress Updates
Minimal Coming Soon – Coming Soon Page Vulnerability – Missing Authorization to Limited Settings Change – CVE-2024-5087 | WordPress Plugin Vulnerability Report
Plugin Name: Minimal Coming Soon – Coming Soon Page Key Information: Software Type: Plugin Software Slug: minimal-coming-soon-maintenance-mode Software Status: Active Software Author: webfactory Software Downloads: 2,009,191 Active Installs: 100,000 Last Updated: June 19, 2024 Patched Versions: 2.39 Affected Versions: <= 2.38 Vulnerability Details: Name: Minimal Coming Soon – Coming Soon Page <= 2.38 Title: Missing…
Read MoreTablePress – Tables in WordPress made easy Vulnerability – Authenticated (Author+) Server-Side Request Forgery via DNS Rebind – CVE-2024-4354 | WordPress Plugin Vulnerability Report
Plugin Name: TablePress – Tables in WordPress made easy Key Information: Software Type: Plugin Software Slug: tablepress Software Status: Active Software Author: tobiasbg Software Downloads: 15,366,391 Active Installs: 800,000 Last Updated: June 18, 2024 Patched Versions: 2.3.2 Affected Versions: <= 2.3.1 Vulnerability Details: Name: TablePress – Tables in WordPress made easy <= 2.3 Title: Authenticated…
Read MoreStrong Testimonials Vulnerability – Authenticated(Contributor+) Improper Authorization to Views Modification – CVE-2023-6491 | WordPress Plugin Vulnerability Report
Plugin Name: Strong Testimonials Key Information: Software Type: Plugin Software Slug: strong-testimonials Software Status: Active Software Author: wpchill Software Downloads: 3,337,363 Active Installs: 100,000 Last Updated: June 18, 2024 Patched Versions: 3.1.13 Affected Versions: <= 3.1.12 Vulnerability Details: Name: Strong Testimonials <= 3.1.12 Title: Authenticated(Contributor+) Improper Authorization to Views Modification Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVE: CVE-2023-6491 CVSS…
Read MoreRoyal Elementor Addons and Templates Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting, Authenticated (Author+) Stored Cross-Site Scripting via SVG Uploads – CVE-2024-4488, CVE-2024-4489 | WordPress Plugin Vulnerability Report
Plugin Name: Royal Elementor Addons and Templates Key Information: Software Type: Plugin Software Slug: royal-elementor-addons Software Status: Active Software Author: wproyal Software Downloads: 5,750,699 Active Installs: 300,000 Last Updated: June 19, 2024 Patched Versions: 1.3.977 Affected Versions: <= 1.3.976 Vulnerability 1 Details: Name: Royal Elementor Addons and Templates <= 1.3.976 Title: Authenticated (Contributor+) Stored Cross-Site…
Read MoreClever Fox Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-1768 | WordPress Plugin Vulnerability Report
Plugin Name: Clever Fox Key Information: Software Type: Plugin Software Slug: clever-fox Software Status: Active Software Author: nayrathemes Software Downloads: 4,092,244 Active Installs: 50,000 Last Updated: June 20, 2024 Patched Versions: 25.2.1 Affected Versions: <= 25.2.0 Vulnerability 1 Details: Name: Clever Fox <= 25.2.0 Title: Authenticated (Contributor+) Stored Cross-Site Scripting Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N CVE: CVE-2024-1768 CVSS…
Read MoreBrizy – Page Builder Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Attributes and Widget Link To URL – CVE-2024-1161, CVE-2024-3667, CVE-2024-2087, CVE-2024-1164 | WordPress Plugin Vulnerability Report
Plugin Name: Brizy – Page Builder Key Information: Software Type: Plugin Software Slug: brizy Software Status: Active Software Author: themefusecom Software Downloads: 4,689,320 Active Installs: 80,000 Last Updated: June 18, 2024 Patched Versions: 2.4.44 Affected Versions: <= 2.4.43 Vulnerability Details: Vulnerability 1: Name: Brizy – Page Builder <= 2.4.43 Title: Authenticated (Contributor+) Stored Cross-Site Scripting…
Read MoreEmail Subscribers by Icegram Express Vulnerability – Unauthenticated SQL Injection via hash – CVE-2024-4295 | WordPress Plugin Vulnerability Report
Plugin Name: Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce Key Information: Software Type: Plugin Software Slug: email-subscribers Software Status: Active Software Author: icegram Software Downloads: 10,659,578 Active Installs: 90,000 Last Updated: June 18, 2024 Patched Versions: 5.7.21 Affected Versions: <= 5.7.20 Vulnerability Details: Name: Email Subscribers by Icegram…
Read MoreWP Go Maps Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2024-3557 | WordPress Plugin Vulnerability Report
Plugin Name: WP Go Maps Key Information: Software Type: Plugin Software Slug: wp-google-maps Software Status: Active Software Author: wpgmaps Software Downloads: 23,515,825 Active Installs: 400,000 Last Updated: May 23, 2024 Patched Versions: 9.0.37 Affected Versions: <= 9.0.36 Vulnerability Details: Name: WP Go Maps (formerly WP Google Maps) <= 9.0.36 – Authenticated (Contributor+) Stored Cross-Site Scripting via…
Read MoreSpectra Vulnerability – Authenticated (Author+) Stored Cross-Site Scripting – CVE-2024-4366 | WordPress Plugin Vulnerability Report
Plugin Name: Spectra Key Information: Software Type: Plugin Software Slug: ultimate-addons-for-gutenberg Software Status: Active Software Author: brainstormforce Software Downloads: 22,257,534 Active Installs: 700,000 Last Updated: May 23, 2024 Patched Versions: 2.13.1 Affected Versions: <= 2.13.0 Vulnerability Details: Name: Spectra – WordPress Gutenberg Blocks <= 2.13.0 – Authenticated (Author+) Stored Cross-Site Scripting Title: Authenticated (Author+) Stored…
Read More