XSS
Sina Extension for Elementor Vulnerability – Authenticated (Contributor+) Stored Cross-site Scriping via ‘Sina Particle Layer’ – CVE-2024-4373 | WordPress Plugin Vulnerability Report
Plugin Name: Sina Extension for Elementor Key Information: Software Type: Plugin Software Slug: sina-extension-for-elementor Software Status: Active Software Author: shaonsina Software Downloads: 550,459 Active Installs: 50,000 Last Updated: May 14, 2024 Patched Versions: 3.5.4 Affected Versions: <= 3.5.3 Vulnerability Details: Name: Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor…
Exclusive Addons for Elementor Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Team Member Widget – CVE-2024-4618 | WordPress Plugin Vulnerability Report
Plugin Name: Exclusive Addons for Elementor Key Information: Software Type: Plugin Software Slug: exclusive-addons-for-elementor Software Status: Active Software Author: timstrifler Software Downloads: 870,318 Active Installs: 60,000 Last Updated: May 14, 2024 Patched Versions: 2.6.9.7 Affected Versions: <= 2.6.9.6 Vulnerability Details: Name: Exclusive Addons for Elementor <= 2.6.9.6 – Authenticated (Contributor+) Stored Cross-Site Scripting via Team…
Import and export users and customers Vulnerability – Authenticated (Administrator+) Stored Cross-Site Scripting – CVE-2024-4656, CVE-2024-4734 | WordPress Plugin Vulnerability Report
Plugin Name: Import and export users and customers Key Information: Software Type: Plugin Software Slug: import-users-from-csv-with-meta Software Status: Active Software Author: carazo Software Downloads: 4,320,707 Active Installs: 80,000 Last Updated: May 14, 2024 Patched Versions: 1.26.7 Affected Versions: <= 1.26.6.1 Vulnerability Details: Name: Import and export users and customers <= 1.26.6.1 – Authenticated (Administrator+) Stored…
Gutenberg Blocks Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-4057, CVE-2024-3189, CVE-2024-4208 | WordPress Plugin Vulnerability Report
Plugin Name: Gutenberg Blocks Key Information: Software Type: Plugin Software Slug: kadence-blocks Software Status: Active Software Author: britner Software Downloads: 19,473,277 Active Installs: 400,000 Last Updated: May 14, 2024 Patched Versions: 3.2.38 Affected Versions: <= 3.2.37 Vulnerability Details: Name: Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.37 – Authenticated (Contributor+) Stored Cross-Site…
Yoast SEO Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-4984 | WordPress Plugin Vulnerability Report
Plugin Name: Yoast SEO Key Information: Software Type: Plugin Software Slug: wordpress-seo Software Status: Active Software Author: yoast Software Downloads: 678,383,360 Active Installs: 10,000,000 Last Updated: May 14, 2024 Patched Versions: 22.7 Affected Versions: <= 22.6 Vulnerability Details: Name: Yoast SEO <= 22.6 – Authenticated (Contributor+) Stored Cross-Site Scripting Type: Improper Neutralization of Input During…
Sydney Toolbox Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via aThemes: Portfolio Widget – CVE-2024-4473 | WordPress Plugin Vulnerability Report
Plugin Name: Sydney Toolbox Key Information: Software Type: Plugin Software Slug: sydney-toolbox Software Status: Active Software Author: athemes Software Downloads: 2,286,558 Active Installs: 80,000 Last Updated: May 13, 2024 Patched Versions: 1.32 Affected Versions: <= 1.31 Vulnerability Details: Name: Sydney Toolbox <= 1.31 – Authenticated (Contributor+) Stored Cross-Site Scripting via aThemes: Portfolio Widget Type: Improper…
Starter Templates Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-4630 | WordPress Plugin Vulnerability Report
Plugin Name: Starter Templates Key Information: Software Type: Plugin Software Slug: astra-sites Software Status: Active Software Author: brainstormforce Software Downloads: 57,202,843 Active Installs: 1,000,000 Last Updated: May 10, 2024 Patched Versions: 4.2.2 Affected Versions: <= 4.2.1 Vulnerability Details: Name: Starter Templates – Elementor, WordPress & Beaver Builder Templates <= 4.2.1 – Authenticated (Contributor+) Stored Cross-Site…
Pods Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Pod Form Redirect URL – CVE-2024-3956 | WordPress Plugin Vulnerability Report
Plugin Name: Pods Key Information: Software Type: Plugin Software Slug: pods Software Status: Active Software Author: sc0ttkclark Software Downloads: 4,123,314 Active Installs: 100,000 Last Updated: May 9, 2024 Patched Versions: 3.2.1.1 Affected Versions: <= 3.2.1 Vulnerability Details: Name: Pods – Custom Content Types and Fields <= 3.2.1 – Authenticated (Contributor+) Stored Cross-Site Scripting via Pod…
Prime Slider Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-4339 | WordPress Plugin Vulnerability Report
Plugin Name: Prime Slider Key Information: Software Type: Plugin Software Slug: bdthemes-prime-slider-lite Software Status: Active Software Author: bdthemes Software Downloads: 2,368,030 Active Installs: 100,000 Last Updated: May 7, 2024 Patched Versions: 3.14.4 Affected Versions: <= 3.14.3 Vulnerability Details: Name: Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) <= 3.14.3…
Mesmerize Companion Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via mesmerize_contact_form Shortcode – CVE-2024-3494 | WordPress Plugin Vulnerability Report
Plugin Name: Mesmerize Companion Key Information: Software Type: Plugin Software Slug: mesmerize-companion Software Status: Active Software Author: horearadu Software Downloads: 1,857,988 Active Installs: 80,000 Last Updated: May 7, 2024 Patched Versions: 1.6.149 Affected Versions: <= 1.6.148 Vulnerability Details: Name: Mesmerize Companion <= 1.6.148 – Authenticated (Contributor+) Stored Cross-Site Scripting via mesmerize_contact_form Shortcode Type: Improper Neutralization…