SiteOrigin Widgets Bundle Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via SiteOrigin Blog Widget – CVE-2024-5090 | WordPress Plugin Vulnerability Report

Plugin Name: SiteOrigin Widgets Bundle Key Information: Software Type: Plugin Software Slug: so-widgets-bundle Software Status: Active Software Author: gpriday Software Downloads: 40,018,306 Active Installs: 600,000 Last Updated: June 19, 2024 Patched Versions: 1.62.0 Affected Versions: <= 1.61.1 Vulnerability Details: Name: SiteOrigin Widgets Bundle <= 1.61.1 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via SiteOrigin Blog Widget…

Read More

WooCommerce Vulnerability – Reflected Cross-Site Scripting via Order Attribution – CVE-2024-37297 | WordPress Plugin Vulnerability Report

Plugin Name: WooCommerce Key Information: Software Type: Plugin Software Slug: woocommerce Software Status: Active Software Author: woothemes Software Downloads: 317,169,418 Active Installs: 7,000,000 Last Updated: June 20, 2024 Patched Versions: 8.8.5, 8.9.3 Affected Versions: 8.8.0 – 8.8.4, 8.9.0 – 8.9.2 Vulnerability Details: Name: WooCommerce 8.8.0 – 8.9.2 Title: Reflected Cross-Site Scripting via Order Attribution Type:…

Read More

Photo Gallery by 10Web – Mobile-Friendly Image Gallery Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Zipped SVG & Path Traversal via esc_dir Function – CVE-2024-5426, CVE-2024-5481 | WordPress Plugin Vulnerability Report

Plugin Name: Photo Gallery by 10Web – Mobile-Friendly Image Gallery Key Information: Software Type: Plugin Software Slug: photo-gallery Software Status: Active Software Author: 10Web Software Downloads: 18,052,863 Active Installs: 200,000 Last Updated: June 19, 2024 Patched Versions: 1.8.24 Affected Versions: <= 1.8.23 Vulnerability 1 Details: Name: Photo Gallery by 10Web – Mobile-Friendly Image Gallery <=…

Read More

WP Mobile Menu – The Mobile-Friendly Responsive Menu Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Image Alt – CVE-2024-3987 | WordPress Plugin Vulnerability Report

Plugin Name: WP Mobile Menu – The Mobile-Friendly Responsive Menu Key Information: Software Type: Plugin Software Slug: mobile-menu Software Status: Active Software Author: takanakui Software Downloads: 1,864,233 Active Installs: 100,000 Last Updated: June 18, 2024 Patched Versions: 2.8.4.3 Affected Versions: <= 2.8.4.2 Vulnerability Details: Name: WP Mobile Menu – The Mobile-Friendly Responsive Menu <= 2.8.4.2…

Read More

EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via EmbedPress PDF Widget – CVE-2024-5571 | WordPress Plugin Vulnerability Report

Plugin Name: EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor Key Information: Software Type: Plugin Software Slug: embedpress Software Status: Active Software Author: wpdevteam Software Downloads: 2,721,459 Active Installs: 90,000 Last Updated: June 18, 2024 Patched Versions:4.0.2 Affected Versions: <= 4.0.1 Vulnerability…

Read More

Newsletter Vulnerability – Unauthenticated Stored Cross-Site Scripting via np1 – CVE-2024-5317 | WordPress Plugin Vulnerability Report

Plugin Name: Newsletter – Send awesome emails from WordPress Key Information: Software Type: Plugin Software Slug: newsletter Software Status: Active Software Author: satollo Software Downloads: 25,847,810 Active Installs: 300,000 Last Updated: June 18, 2024 Patched Versions: 8.3.5 Affected Versions: <= 8.3.4 Vulnerability Details: Name: Newsletter <= 8.3.4 Title: Unauthenticated Stored Cross-Site Scripting via np1 Type:…

Read More

Elementor Header & Footer Builder Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-2618 | WordPress Plugin Vulnerability Report

Plugin Name: Elementor Header & Footer Builder Key Information: Software Type: Plugin Software Slug: header-footer-elementor Software Status: Active Software Author: brainstormforce Software Downloads: 28,801,489 Active Installs: 1,000,000 Last Updated: May 23, 2024 Patched Versions: 1.6.26.1 Affected Versions: <= 1.6.26 Vulnerability Details: Name: Elementor Header & Footer Builder <= 1.6.26 – Authenticated (Contributor+) Stored Cross-Site Scripting…

Read More

Happy Addons for Elementor Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-5088, CVE-2024-4865 | WordPress Plugin Vulnerability Report

Plugin Name: Happy Addons for Elementor Key Information: Software Type: Plugin Software Slug: happy-elementor-addons Software Status: Active Software Author: thehappymonster Software Downloads: 6,974,697 Active Installs: 400,000 Last Updated: May 17, 2024 Patched Versions: 3.10.9 Affected Versions: <= 3.10.8 Vulnerability Details: Name: Happy Addons for Elementor <= 3.10.8 – Authenticated (Contributor+) Stored Cross-Site Scripting Type: Improper…

Read More

Visual Portfolio, Photo Gallery & Post Grid Vulnerability – Authenticated (Author+) Stored Cross-Site Scripting via title_tag Parameter – CVE-2024-4363 | WordPress Plugin Vulnerability Report

Plugin Name: Visual Portfolio, Photo Gallery & Post Grid Key Information: Software Type: Plugin Software Slug: visual-portfolio Software Status: Active Software Author: nko Software Downloads: 1,687,003 Active Installs: 70,000 Last Updated: May 14, 2024 Patched Versions: 3.3.3 Affected Versions: <= 3.3.2 Vulnerability Details: Name: Visual Portfolio, Photo Gallery & Post Grid <= 3.3.2 – Authenticated…

Read More

Beaver Builder Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via photo widget crop attribute – CVE-2024-4430 | WordPress Plugin Vulnerability Report

Plugin Name: Beaver Builder Key Information: Software Type: Plugin Software Slug: beaver-builder-lite-version Software Status: Active Software Author: justinbusa Software Downloads: 10,167,049 Active Installs: 100,000 Last Updated: May 10, 2024 Patched Versions: 2.8.1.3 Affected Versions: <= 2.8.1.2 Vulnerability Details: Name: Beaver Builder <= 2.8.1.2 – Authenticated (Contributor+) Stored Cross-Site Scripting via photo widget crop attribute Type:…

Read More