LearnPress Vulnerability – WordPress LMS Plugin – CVE-2024-1289, CVE-2024-1463, CVE-2024-2115 – WordPress Plugin Vulnerability Report

Plugin Name: LearnPress – WordPress LMS Plugin Key Information: Software Type: Plugin Software Slug: learnpress Software Status: Active Software Author: thimpress Software Downloads: 4,139,739 Active Installs: 90,000 Last Updated: April 4, 2024 Patched Versions: 4.2.6.4, 4.0.1 Affected Versions: <= 4.2.6.3, <= 4.0.0 Vulnerability 1: Insecure Direct Object Reference CVE: CVE-2024-1289 CVSS Score: 6.5 Publicly Published:…

Read More

ElementsKit Elementor addons Vulnerability – Authenticated Stored Cross-Site Scripting via Countdown Widget – CVE-2024-2803 | WordPress Plugin Vulnerability Report

Plugin Name: ElementsKit Elementor addons Key Information: Software Type: Plugin Software Slug: elementskit-lite Software Status: Active Software Author: xpeedstudio Software Downloads: 17,727,023 Active Installs: 1,000,000 Last Updated: April 3, 2024 Patched Versions: 3.1.0 Affected Versions: <= 3.0.7 Vulnerability Details: Name: ElementsKit Elementor addons <= 3.0.7 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget Type:…

Read More

Happy Addons for Elementor Vulnerability – Multiple XSS Vulnerabilities –  CVE-2024-2787, CVE-2024-2789, CVE-2024-1498, CVE-2024-1387 | WordPress Plugin Vulnerability Report

Plugin Name: Happy Addons for Elementor Key Information Software Type: Plugin Software Slug: happy-elementor-addons Software Status: Active Software Author: thehappymonster Software Downloads: 6,284,286 Active Installs: 400,000 Last Updated: April 4, 2024 Patched Versions: 3.10.5, 3.10.4 Affected Versions: <= 3.10.3 Vulnerability Details Vulnerability 1 Name: Happy Addons for Elementor <= 3.10.4 – Authenticated Stored Cross-Site Scripting…

Read More

Beaver Builder Vulnerability – WordPress Page Builder – Authenticated Stored Cross-Site Scripting via Button – CVE-2024-2925 | WordPress Plugin Vulnerability Report 

Plugin Name: Beaver Builder – WordPress Page Builder Key Information: Software Type: Plugin Software Slug: beaver-builder-lite-version Software Status: Active Software Author: justinbusa Software Downloads: 9,939,163 Active Installs: 10,000 Last Updated: April 3, 2024 Patched Versions: 2.8.0.7 Affected Versions: <= 2.8.0.5 Vulnerability Details: Name: Beaver Builder – WordPress Page Builder <= 2.8.0.5 Title: Authenticated (Contributor+) Stored…

Read More

WP Chat App Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Block Image Attribute – CVE-2024-2513 |WordPress Plugin Vulnerability Report

Plugin Name: WP Chat App Key Information: Software Type: Plugin Software Slug: wp-whatsapp Software Status: Active Software Author: ninjateam Software Downloads: 950,913 Active Installs: 100,000 Last Updated: April 1, 2024 Patched Versions: 3.6.3 Affected Versions: <= 3.6.2 Vulnerability Details: Name: WP Chat App <= 3.6.2 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via Block Image Attribute…

Read More

Ultimate Addons for Beaver Builder Vulnerability – Lite – Authenticated (Contributor+) Stored Cross-Site Scripting via Image Separator Widget – CVE-2024-2144 | WordPress Plugin Vulnerability Report

Plugin Name: Ultimate Addons for Beaver Builder – Lite Key Information: Software Type: Plugin Software Slug: ultimate-addons-for-beaver-builder-lite Software Status: Active Software Author: brainstormforce Software Downloads: 499,391 Active Installs: 30,000 Last Updated: April 1, 2024 Patched Versions: 1.5.8 Affected Versions: <= 1.5.7 Vulnerability Details: Name: Ultimate Addons for Beaver Builder – Lite <= 1.5.7 Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N…

Read More

Media Library Assistant Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via mla_gallery Shortcode – CVE-2024-2475 |WordPress Plugin Vulnerability Report 

Plugin Name: Media Library Assistant Key Information: Software Type: Plugin Software Slug: media-library-assistant Software Status: Active Software Author: dglingren Software Downloads: 1,901,312 Active Installs: 70,000 Last Updated: April 1, 2024 Patched Versions: 3.14 Affected Versions: <= 3.13 Vulnerability Details: Name: Media Library Assistant <= 3.13 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via mla_gallery Shortcode Type:…

Read More

Stackable Vulnerability – Page Builder Gutenberg Blocks – Authenticated Stored Cross-Site Scripting via Posts Block – CVE-2024-2039 |WordPress Plugin Vulnerability Report

Plugin Name: Stackable – Page Builder Gutenberg Blocks Key Information: Software Type: Plugin Software Slug: stackable-ultimate-gutenberg-blocks Software Status: Active Software Author: bfintal Software Downloads: 2,943,541 Active Installs: 100,000 Last Updated: March 28, 2024 Patched Versions: 3.12.12 Affected Versions: <= 3.12.11 Vulnerability Details: Name: Stackable – Page Builder Gutenberg Blocks <= 3.12.11 Title: Authenticated (Contributor+) Stored…

Read More

Sydney Toolbox Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via _id – CVE-2024-2936 |WordPress Plugin Vulnerability Report

Plugin Name: Sydney Toolbox Key Information: Software Type: Plugin Software Slug: sydney-toolbox Software Status: Active Software Author: athemes Software Downloads: 2,161,148 Active Installs: 80,000 Last Updated: April 1, 2024 Patched Versions: 1.27 Affected Versions: <= 1.26 Vulnerability Details: Name: Sydney Toolbox <= 1.26 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via _id Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N CVE: CVE-2024-2936…

Read More

Events Manager Vulnerability – Calendar, Bookings, Tickets, and more! – Multiple Vulnerabilities – CVE-2024-2111 & CVE-2024-2110 |WordPress Plugin Vulnerability Report

Plugin Name: Events Manager – Calendar, Bookings, Tickets, and more! Key Information: Software Type: Plugin Software Slug: events-manager Software Status: Active Software Author: netweblogic Software Downloads: 4,637,218 Active Installs: 90,000 Last Updated: March 27, 2024 Patched Versions: 6.4.7.2 Affected Versions: <= 6.4.7.1 Vulnerability 1 Details: Name: Events Manager <= 6.4.7.1 Title: Authenticated (Contributor+) Stored Cross-Site…

Read More