WooCommerce Vulnerability – Authenticated (Shop Manager+) Content Injection – CVE-2024-35777 | WordPress Plugin Vulnerability Report

Plugin Name: WooCommerce Key Information: Software Type: Plugin Software Status: Active Software Author: woocommerce Software Downloads: 322,936,863 Active Installs: 7,000,000 Last Updated: July 11, 2024 Patched Versions: 9.0.0 Affected Versions: <= 8.9.2 Vulnerability Details: Name: WooCommerce <= 8.9.2 Title: Authenticated (Shop Manager+) Content Injection Type: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N CVE: CVE-2024-35777 CVSS Score: 2.7 Publicly Published: June 27,…

Read More

Simple Sitemap Vulnerability – Cross-Site Request Forgery via admin_notices – CVE-2023-6492 | WordPress Plugin Vulnerability Report

Plugin Name: Simple Sitemap – Create a Responsive HTML Sitemap Key Information: Software Type: Plugin Software Slug: simple-sitemap Software Status: Active Software Author: dgwyer Software Downloads: 1,541,369 Active Installs: 90,000 Last Updated: July 2, 2024 Patched Versions: 3.5.14 Affected Versions: <= 3.5.13 Vulnerability Details: Name: Simple Sitemap <= 3.5.13 Title: Cross-Site Request Forgery via admin_notices…

Read More

Supreme Modules Lite – Divi Theme, Extra Theme and Divi Builder Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-5501 | WordPress Plugin Vulnerability Report

Plugin Name: Supreme Modules Lite – Divi Theme, Extra Theme and Divi Builder Key Information: Software Type: Plugin Software Slug: supreme-modules-for-divi Software Status: Active Software Author: divisupreme Software Downloads: 2,590,021 Active Installs: 200,000 Last Updated: June 12, 2024 Patched Versions: 2.5.52 Affected Versions: <= 2.5.51 Vulnerability Details: Name: Supreme Modules Lite – Divi Theme, Extra…

Read More

Master Slider – Responsive Touch Slider Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2023-6382 | WordPress Plugin Vulnerability Report

Plugin Name: Master Slider – Responsive Touch Slider Key Information: Software Type: Plugin Software Slug: master-slider Software Status: Active Software Author: averta Software Downloads: 2,830,772 Active Installs: 90,000 Last Updated: June 12, 2024 Patched Versions: 3.9.10 Affected Versions: <= 3.9.9 Vulnerability Details: Name: Master Slider – Responsive Touch Slider <= 3.9.9 Title: Authenticated (Contributor+) Stored…

Read More

Page Builder Gutenberg Blocks – CoBlocks Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Social Profiles – CVE-2024-2933 | WordPress Plugin Vulnerability Report

Plugin Name: Page Builder Gutenberg Blocks – CoBlocks Key Information: Software Type: Plugin Software Slug: coblocks Software Status: Active Software Author: GoDaddy Software Downloads: 21,200,695 Active Installs: 400,000 Last Updated: June 12, 2024 Patched Versions: 3.1.10 Affected Versions: <= 3.1.9 Vulnerability Details: Name: Page Builder Gutenberg Blocks – CoBlocks <= 3.1.9 Title: Authenticated (Contributor+) Stored…

Read More

WordPress Infinite Scroll – Ajax Load More Vulnerability – Authenticated (Contributor+) Cross-Site Scripting – CVE-2024-4711 | WordPress Plugin Vulnerability Report

Plugin Name: WordPress Infinite Scroll – Ajax Load More Key Information: Software Type: Plugin Software Slug: ajax-load-more Software Status: Active Software Author: connekthq Software Downloads: 1,937,345 Active Installs: 50,000 Last Updated: June 12, 2024 Patched Versions: 7.1.2 Affected Versions: <= 7.1.1 Vulnerability Details: Name: WordPress Infinite Scroll – Ajax Load More <= 7.1.1 Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N…

Read More

Popup Builder Vulnerability – Authenticated(Contributor+) Stored Cross-Site Scripting via Custom JS – CVE-2024-2506 | WordPress Plugin Vulnerability Report

Plugin Name: Popup Builder – Create highly converting, mobile friendly marketing popups. Key Information: Software Type: Plugin Software Slug: popup-builder Software Status: Active Software Author: popupbuilder Software Downloads: 10,104,066 Active Installs: 200,000 Last Updated: June 12, 2024 Patched Versions: 4.3.0 Affected Versions: <= 4.2.7 Vulnerability Details: Name: Popup Builder <= 4.2.7 Title: Authenticated(Contributor+) Stored Cross-Site…

Read More

Blocksy Companion Vulnerability – Authenticated (Admin+) Server-Side Request Forgery – CVE-2024-35633 | WordPress Plugin Vulnerability Report

Plugin Name: Blocksy Companion Key Information: Software Type: Plugin Software Slug: blocksy-companion Software Status: Active Software Author: creativethemeshq Software Downloads: 7,853,860 Active Installs: 200,000 Last Updated: June 11, 2024 Patched Versions: 2.0.43 Affected Versions: <= 2.0.42 Vulnerability Details: Name: Blocksy Companion <= 2.0.42 Type: Authenticated (Admin+) Server-Side Request Forgery CVE: CVE-2024-35633 CVSS Score: 5.5 Publicly…

Read More

YITH WooCommerce Wishlist Vulnerability – Authenticated (Admin+) Stored Cross-Site Scripting – CVE-2024-34385 | WordPress Plugin Vulnerability Report

Plugin Name: YITH WooCommerce Wishlist Key Information: Software Type: Plugin Software Slug: yith-woocommerce-wishlist Software Status: Active Software Author: yithemes Software Downloads: 25,691,780 Active Installs: 900,000 Last Updated: June 11, 2024 Patched Versions: 3.33.0 Affected Versions: <= 3.32.0 Vulnerability Details: Name: YITH WooCommerce Wishlist <= 3.32.0 Title: Authenticated (Admin+) Stored Cross-Site Scripting Type: CVE: CVE-2024-34385 CVSS…

Read More

Happy Addons for Elementor Vulnerability – Authenticated Stored Cross-Site Scripting – CVE-2024-5041, CVE-2024-5347 | WordPress Plugin Vulnerability Report

Plugin Name: Happy Addons for Elementor Key Information: Software Type: Plugin Software Slug: happy-elementor-addons Software Status: Active Software Author: thehappymonster Software Downloads: 7,124,353 Active Installs: 400,000 Last Updated: June 13, 2024 Patched Versions: 3.11.0 Affected Versions: <= 3.10.9 Vulnerability Details: Vulnerability 1: Name: Happy Addons for Elementor <= 3.10.9 Title: Authenticated (Contributor+) Stored Cross-Site Scripting…

Read More