Jeg Elementor Kit Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget – CVE-2024-3161 | WordPress Plugin Vulnerability Report

Plugin Name: Jeg Elementor Kit Key Information: Software Type: Plugin Software Slug: jeg-elementor-kit Software Status: Active Software Author: jegtheme Software Downloads: 1,207,029 Active Installs: 200,000 Last Updated: May 10, 2024 Patched Versions: 2.6.5 Affected Versions: <= 2.6.4 Vulnerability Details: Name: Jeg Elementor Kit <= 2.6.4 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget Type:…

Read More

Premium Addons for Elementor Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-4203 | WordPress Plugin Vulnerability Report

Plugin Name: Premium Addons for Elementor Key Information: Software Type: Plugin Software Slug: premium-addons-for-elementor Software Status: Active Software Author: leap13 Software Downloads: 31,890,759 Active Installs: 700,000 Last Updated: May 13, 2024 Patched Versions: 4.10.31 Affected Versions: <= 4.10.30 Vulnerability Details: Name: Premium Addons for Elementor <= 4.10.30 Title: Authenticated (Contributor+) Stored Cross-Site Scripting Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N…

Read More

Comments – wpDiscuz Vulnerability – Authenticated Stored Cross-Site Scripting via Uploaded Image Alternative Text – CVE-2024-2477 | WordPress Plugin Vulnerability Report 

Plugin Name: Comments – wpDiscuz Key Information: Software Type: Plugin Software Slug: wpdiscuz Software Status: Active Software Author: advancedcoding Software Downloads: 3,284,736 Active Installs: 80,000 Last Updated: May 9, 2024 Patched Versions: 7.6.16 Affected Versions: <= 7.6.15 Vulnerability Details: Name: wpDiscuz <= 7.6.15 Title: Authenticated (Author+) Stored Cross-Site Scripting via Uploaded Image Alternative Text Type:…

Read More

Schema & Structured Data for WP & AMP Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via How To and FAQ Blocks – CVE-2024-3491 | WordPress Plugin Vulnerability Report

Plugin Name: Schema & Structured Data for WP & AMP Key Information: Software Type: Plugin Software Slug: schema-and-structured-data-for-wp Software Status: Active Software Author: magazine3 Software Downloads: 5,175,623 Active Installs: 100,000 Last Updated: May 6, 2024 Patched Versions: 1.30 Affected Versions: <= 1.29 Vulnerability Details: Name: Schema & Structured Data for WP & AMP <= 1.29…

Read More

LearnPress Vulnerability – WordPress LMS Plugin – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-3560 | WordPress Plugin Vulnerability Report

Plugin Name: LearnPress – WordPress LMS Plugin Key Information: Software Type: Plugin Software Slug: learnpress Software Status: Active Software Author: thimpress Software Downloads: 4,188,254 Active Installs: 90,000 Last Updated: May 2, 2024 Patched Versions: 4.2.6.5 Affected Versions: <= 4.2.6.4 Vulnerability Details: Name: LearnPress – WordPress LMS Plugin <= 4.2.6.4 Title: Authenticated (Contributor+) Stored Cross-Site Scripting…

Read More

HT Mega Vulnerability – Absolute Addons For Elementor – Multiple Vulnerabilities – Various CVEs |WordPress Plugin Vulnerability Report

Plugin Name: HT Mega – Absolute Addons For Elementor Key Information: Software Type: Plugin Software Slug: ht-mega-for-elementor Software Status: Active Software Author: devitemsllc Software Downloads: 3,754,207 Active Installs: 100,000 Last Updated: April 26, 2024 Patched Versions: 2.4.7, 2.4.9 Affected Versions: <= 2.4.6, <= 2.4.8 Vulnerability Details: Name: HT Mega – Absolute Addons For Elementor <=…

Read More

Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content Vulnerability – ProfilePress – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-2867 | WordPress Plugin Vulnerability Report

Plugin Name: Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress Key Information: Software Type: Plugin Software Slug: wp-user-avatar Software Status: Active Software Author: collizo4sky Software Downloads: 12,831,916 Active Installs: 200,000 Last Updated: April 25, 2024 Patched Versions: 4.15.5 Affected Versions: <= 4.15.4 Vulnerability Details: Name: Paid Membership…

Read More

Forminator Vulnerability – Contact Form, Payment Form & Custom Form Builder – Authenticated (Contributor+) Stored Cross-Site Scripting via forminator_form Shortcode – CVE-2024-3053 | WordPress Plugin Vulnerability Report

Plugin Name: Forminator – Contact Form, Payment Form & Custom Form Builder Key Information: Software Type: Plugin Software Slug: forminator Software Status: Active Software Author: wpmudev Software Downloads: 6,757,114 Active Installs: 500,000 Last Updated: April 16, 2024 Patched Versions: 1.29.3 Affected Versions: <= 1.29.2 Vulnerability Details: Name: Forminator – Contact Form, Payment Form & Custom…

Read More

Sydney Toolbox Vulnerability – Authenticated Stored Cross-Site Scripting via Filterable Gallery – CVE-2024-3208 | WordPress Plugin Vulnerability Report

Plugin Name: Sydney Toolbox Key Information: Software Type: Plugin Software Slug: sydney-toolbox Software Status: Active Software Author: athemes Software Downloads: 2,211,650 Active Installs: 80,000 Last Updated: April 8, 2024 Patched Versions: 1.29 Affected Versions: <= 1.28 Vulnerability Details: Name: Sydney Toolbox <= 1.28 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via Filterable Gallery Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N CVE:…

Read More

Colibri Page Builder Vulnerability – Authenticated Stored Cross-Site Scripting – CVE-2024-2839 | WordPress Plugin Vulnerability Report

Plugin Name: Colibri Page Builder Key Information: Software Type: Plugin Software Slug: colibri-page-builder Software Status: Active Software Author: extendthemes Software Downloads: 2,492,925 Active Installs: 100,000 Last Updated: April 2, 2024 Patched Versions: 1.0.270 Affected Versions: <= 1.0.263 Vulnerability Details: Name: Colibri Page Builder <= 1.0.263 Title: Authenticated (Contributor+) Stored Cross-Site Scripting Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N CVE: CVE-2024-2839…

Read More