WPZOOM Social Feed Widget & Block Vulnerability – Missing Authorization to Authenticated (Subscriber+) Instagram Image Deletion – CVE-2024-3662 | WordPress Plugin Vulnerability Report
Plugin Name: WPZOOM Social Feed Widget & Block Key Information: Software Type: Plugin Software Slug: instagram-widget-by-wpzoom Software Status: Active Software…
WPvivid Backup & Migration Plugin Vulnerability – Authenticated (Admin+) PHAR Deserialization – CVE-2024-3054 | WordPress Plugin Vulnerability Report
Plugin Name: WPvivid Backup & Migration Plugin Key Information: Software Type: Plugin Software Slug: wpvivid-backuprestore Software Status: Active Software Author:…
Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content Vulnerability – ProfilePress – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-2867 | WordPress Plugin Vulnerability Report
Plugin Name: Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress Key Information:…
Otter Blocks Vulnerability – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE – Multiple XSS Vulnerabilities – CVE-2024-3344, CVE-2024-3343 | WordPress Plugin Vulnerability Report
Plugin Name: Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE Key Information: Software Type: Plugin Software…
Blocksy Companion Vulnerability – Cross-Site Request Forgery – CVE-2024-31932 | WordPress Plugin Vulnerability Report
Plugin Name: Blocksy Companion Key Information: Software Type: Plugin Software Slug: blocksy-companion Software Status: Active Software Author: creativethemeshq Software Downloads:…
Redirection Vulnerability – Missing Authorization – CVE-2024-31435 | WordPress Plugin Vulnerability Report
Plugin Name: Redirection Key Information: Software Type: Plugin Software Slug: redirect-redirection Software Status: Active Software Author: inisev Software Downloads: 329,941…
Slider, Gallery, and Carousel by MetaSlider Vulnerability – Responsive WordPress Slideshows – Authenticated (Contributor+) Stored Cross-Site Scripting via metaslider Shortcode – CVE-2024-3285 | WordPress Plugin Vulnerability Report
Plugin Name: Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Slideshows Key Information: Software Type: Plugin Software Slug: ml-slider…
Smash Balloon Social Post Feed Vulnerability – Cross-Site Request Forgery – CVE-2024-31379 | WordPress Plugin Vulnerability Report
Plugin Name: Smash Balloon Social Post Feed Key Information: Software Type: Plugin Software Slug: custom-facebook-feed Software Status: Active Software Author:…
Spotlight Social Feeds [Block, Shortcode, and Widget] Vulnerability – Cross-Site Request Forgery – CVE-2024-31381 | WordPress Plugin Vulnerability Report
Plugin Name: Spotlight Social Feeds [Block, Shortcode, and Widget] Key Information: Software Type: Plugin Software Slug: spotlight-social-photo-feeds Software Status: Active…
The Events Calendar Vulnerability – Cross-Site Request Forgery to Notice Dismissal – CVE-2024-31433 | WordPress Plugin Vulnerability Report
Plugin Name: The Events Calendar Key Information: Software Type: Plugin Software Slug: the-events-calendar Software Status: Active Software Author: theeventscalendar Software…
Ultimate Member Vulnerability – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin – Authenticated (Subscriber+) Stored Cross-Site Scripting – CVE-2024-2765 | WordPress Plugin Vulnerability Report
Plugin Name: Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin Key Information: Software Type:…
Booking for Appointments and Events Calendar Vulnerability – Amelia – Cross-Site Request Forgery – CVE-2024-31425 | WordPress Plugin Vulnerability Report
Plugin Name: Booking for Appointments and Events Calendar – Amelia Key Information: Software Type: Plugin Software Slug: ameliabooking Software Status:…