XSS

Burst Statistics Vulnerability – Authenticated Stored Cross-Site Scripting via burst_total_pageviews_count – CVE-2024-1894 | WordPress Plugin Vulnerability Report

By Your WP Guy / Mar 12, 2024

Plugin Name: Burst Statistics – Privacy-Friendly Analytics for WordPress Key Information: Software Type: Plugin Software Slug: burst-statistics Software Status: Active Software Author: rogierlankhorst Software Downloads: 1,792,011 Active Installs: 100,000 Last Updated: March 14, 2024 Patched Versions: 1.5.7 Affected Versions: <= 1.5.6.1 Vulnerability Details: Name: Burst Statistics – Privacy-Friendly Analytics for WordPress <= 1.5.6.1 Title: Authenticated…

Essential Addons for Elementor Vulnerability- Authenticated Stored Cross-Site Scripting via Data Table – CVE-2024-1537 |WordPress Plugin Vulnerability Report

By Your WP Guy / Mar 11, 2024

Plugin Name: Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders Key Information: Software Type: Plugin Software Slug: essential-addons-for-elementor-lite Software Status: Active Software Author: wpdevteam Software Downloads: 67,142,962 Active Installs: 2,000,000 Last Updated: March 13, 2024 Patched Versions: 5.9.10 Affected Versions: <= 5.9.9 Vulnerability Details: Name: Essential Addons for Elementor <=…

Site Reviews Vulnerability – Authenticated Stored Cross-Site Scripting via Display Name – CVE-2024-2293 | WordPress Plugin Vulnerability Report 

By Your WP Guy / Mar 11, 2024

Plugin Name: Site Reviews Key Information: Software Type: Plugin Software Slug: site-reviews Software Status: Active Software Author: geminilabs Software Downloads: 2,210,571 Active Installs: 60,000 Last Updated: March 13, 2024 Patched Versions: 6.11.7 Affected Versions: <= 6.11.4 Vulnerability Details: Name: Site Reviews <= 6.11.4 Title: Authenticated(Subscriber+) Stored Cross-Site Scripting via Display Name Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N CVE: CVE-2024-2293…

Premium Addons for Elementor Vulnerability- Authenticated Stored Cross-Site Scripting – CVE-2024-1680 | WordPress Plugin Vulnerability Report

By Your WP Guy / Feb 28, 2024

Plugin Name: Premium Addons for Elementor Key Information: Software Type: Plugin Software Slug: premium-addons-for-elementor Software Status: Active Software Author: leap13 Software Downloads: 29,801,020 Active Installs: 700,000 Last Updated: February 28, 2024 Patched Versions: 4.10.22 Affected Versions: <= 4.10.21 Vulnerability Details: Name: Premium Addons for Elementor <= 4.10.21 Title: Authenticated (Contributor+) Stored Cross-Site Scripting via Banner,…

Events Manager Vulnerability– Calendar, Bookings, Tickets, and more! – Authenticated (Administrator+) Stored Cross-Site Scripting – CVE-2024-0614 | WordPress Plugin Vulnerability Report 

By Your WP Guy / Feb 28, 2024

Plugin Name: Events Manager – Calendar, Bookings, Tickets, and more! Key Information: Software Type: Plugin Software Slug: events-manager Software Status: Active Software Author: netweblogic Software Downloads: 4,542,882 Active Installs: 90,000 Last Updated: February 28, 2024 Patched Versions: 6.4.7 Affected Versions: <= 6.4.6.4 Vulnerability Details: Name: Events Manager <= 6.4.6.4 Title: Authenticated (Administrator+) Stored Cross-Site Scripting…

WP Shortcodes Plugin Vulnerability— Shortcodes Ultimate – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-1808 | WordPress Plugin Vulnerability Report

By Your WP Guy / Feb 27, 2024

Plugin Name: WP Shortcodes Plugin – Shortcodes Ultimate Key Information: Software Type: Plugin Software Slug: shortcodes-ultimate Software Status: Active Software Author: gn_themes Software Downloads: 18,807,873 Active Installs: 600,000 Last Updated: February 28, 2024 Patched Versions: 7.0.4 Affected Versions: <= 7.0.3 Vulnerability Details: Name: WP Shortcodes Plugin – Shortcodes Ultimate <= 7.0.3 Title: Authenticated (Contributor+) Stored…

ProfilePress Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via [reg-select-role] Shortcode – CVE-2024-1409 | WordPress Plugin Vulnerability Report

By Your WP Guy / Feb 22, 2024

Plugin Name: ProfilePress Key Information: Software Type: Plugin Software Slug: wp-user-avatar Software Status: Active Software Author: collizo4sky Software Downloads: 12,483,598 Active Installs: 200,000 Last Updated: February 22, 2024 Patched Versions: 4.15.1 Affected Versions: <= 4.15.0 Vulnerability Details: Name: ProfilePress <= 4.15.0 – Authenticated (Contributor+) Stored Cross-Site Scripting via [reg-select-role] Shortcode Type: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) CVE: CVE-2024-1409 CVSS Score: 6.4 (Medium) Publicly…

Elementor Addon Elements Vulnerability – Directory Traversal to Local File Inclusion – CVE-2024-1358 | WordPress Plugin Vulnerability Report

By Your WP Guy / Feb 21, 2024

Plugin Name: Elementor Addon Elements Key Information: Software Type: Plugin Software Slug: addon-elements-for-elementor-page-builder Software Status: Active Software Author: webtechstreet Software Downloads: 2,406,134 Active Installs: 100,000 Last Updated: February 21, 2024 Patched Versions: 1.13 Affected Versions: <= 1.12.12 Vulnerability 1 Details: Name: Elementor Addon Elements <= 1.12.12 – Directory Traversal to Local File Inclusion Title: Directory Traversal to Local File Inclusion Type: Improper Limitation of a Pathname to…

Enhanced Text Widget Vulnerability – Authenticated (Administrator+) Stored Cross-Site Scripting – CVE-2024-0559 | WordPress Plugin Vulnerability Report

By Your WP Guy / Feb 20, 2024

Plugin Name: Enhanced Text Widget Key Information: Software Type: Plugin Software Slug: enhanced-text-widget Software Status: Active Software Author: cl272 Software Downloads: 773,012 Active Installs: 50,000 Last Updated: February 20, 2024 Patched Versions: 1.6.6 Affected Versions: <= 1.6.5 Vulnerability Details: Name: Enhanced Text Widget <= 1.6.5 – Authenticated (Administrator+) Stored Cross-Site Scripting Title: Authenticated (Administrator+) Stored Cross-Site Scripting Type: Improper Neutralization of Input During Web Page Generation (‘Cross-site…

wpDataTables Vulnerability – Reflected Cross-Site Scripting – CVE-2024-0591 | WordPress Plugin Vulnerability Report

By Your WP Guy / Feb 20, 2024

Plugin Name: wpDataTables Key Information: Software Type: Plugin Software Slug: wpdatatables Software Status: Active Software Author: wpdatatables Software Downloads: 1,303,680 Active Installs: 70,000 Last Updated: February 20, 2024 Patched Versions: 3.4.2.5 Affected Versions: <= 3.4.2.4 Vulnerability Details: Name: wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin <= 3.4.2.2 – Reflected Cross-Site Scripting. Title: Reflected Cross-Site Scripting Type: Improper Neutralization of Input During Web Page…