Wordfence Intelligence Weekly WordPress Vulnerability Report (March 25, 2024 to March 31, 2024)

🎉 Did you know we’re running a Bug Bounty Extravaganza again?

Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure!

Last week, there were 428 vulnerabilities disclosed in 333 WordPress Plugins and 7 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 83 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.

Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface, vulnerability API, webhook integration, and Wordfence CLI Vulnerability Scanner are all completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.

Enterprises, Hosting Providers, and even Individuals can use the Wordfence CLI Vulnerability Scanner to run regular vulnerability scans across the sites they protect. Or alternatively, utilize the vulnerability Database API to receive a complete dump of our database of over 15,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.

New Firewall Rules Deployed Last Week

The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.

The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our Premium, Care, and Response customers last week:

• WAF-RULE-685 – Data redacted while we work with the vendor on a patch.
• WAF-RULE-687 – Data redacted while we work with the vendor on a patch.

Wordfence Premium, Care, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.

Total Unpatched & Patched Vulnerabilities Last Week

Total Vulnerabilities by CVSS Severity Last Week

Total Vulnerabilities by CWE Type Last Week

Researchers That Contributed to WordPress Security Last Week

Researcher Name	Number of Vulnerabilities
LVT-tholv2k	53
Rafie Muhammad	34
Dimas Maulana	32
Ngô Thiên An (ancorn_)	24
Krzysztof Zając	16
beluga	15
wesley (wcraft)	14
Dhabaleshwar Das	14
Abu Hurayra	12
Francesco Carlucci	12
CatFather	11
Dmitrii Ignatyev	11
Steven Julian	9
Mika	9
Jean Tirstan T	8
Majed Refaea	8
stealthcopter	7
Bob Matyas	7
Webbernaut	6
Le Ngoc Anh	6
Joshua Chan	6
Khalid	5
Abdi Pranata	5
Peng Zhou	5
Benedictus Jovan (aillesiM)	5
AppCheck	4
Tim Coen	4
Cronus	4
Skalucy	3
Nex Team	3
Dave Jong	3
Ananda Dhakal	3
Muhammad Daffa	3
Kyle Sanchez	3
Phill Sav (Savphill)	3
Edwin Siebel (edwinsiebel)	3
Emili Castells	3
Mochamad Sofyan	2
Joel Indra	2
resecured.io	2
ST	2
Muhammad Zeeshan (Xib3rR4dAr)	2
Kursat Cetin	2
Ivan Spiridonov (xbz0n)	2
Lucio Sá	2
Brandon James Roldan (tomorrowisnew)	2
emad	2
Scott Kingsley Clark	2
Dau Hoang Tai	2
Hiroho Shimada	2
Vincent Fourcade (vinceMatsui)	2
Sushmita Poudel	2
Elliot	1
Phuoc Pham (p3tl0v3r)	1
Yuchen Ji	1
Nguyen Xuan Chien	1
Felipe Restrepo Rodriguez (pfelilpe)	1
Daiki Sueyoshi	1
Ray Wilson	1
cyc707	1
Tobias Weißhaar (kun_19)	1
Xinzhi Luo	1
Faizal Abroni	1
Amir Hossein Fallahi	1
Tien Luong	1
Justin Kennedy	1
haidv35	1
Friday	1
kodaichodai	1
Ankit Patel	1
Hoa Le Ngoc (lengochoa)	1
Sean Murphy	1
Priyanka Pande	1
afei	1
Van Lyubov	1
Erwan LR	1
Pham Ho Anh Dung	1
thiennv	1
isacaya	1
Jorge Diaz (ddiax)	1
Pichaya Morimoto	1
Nanchanan Sanapun	1
RE-ALTER	1

Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and earn a bounty on in-scope vulnerabilities through our Bug Bounty Program. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.

WordPress Plugins with Reported Vulnerabilities Last Week

WordPress Themes with Reported Vulnerabilities Last Week

Vulnerability Details

Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you’d like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.

Chauffeur Taxi Booking System for WordPress <= 6.9 - Unauthenticated Arbitrary File Upload

10.0

CVSS Rating
Critical (10.0)

CVE-ID
CVE-2024-31115

Patch Status
Unpatched

Published
Mar 29, 2024

Affected Software
Chauffeur Taxi Booking System for WordPress

Researcher

Kursat Cetin

More Details >

CRM Perks Forms <= 1.1.4 - Unauthenticated SQL Injection

10.0

CVSS Rating
Critical (10.0)

CVE-ID
CVE-2024-30498

Patch Status
Patched

Published
Mar 28, 2024

Affected Software
CRM Perks Forms – WordPress Form Builder

Researcher

LVT-tholv2k

More Details >

Integrate Google Drive <= 1.3.8 - Missing Authorization to Unauthenticated Settings Modification and Export

10.0

CVSS Rating
Critical (10.0)

CVE-ID
CVE-2024-2086

Patch Status
Patched

Published
Mar 29, 2024

Affected Software
Integrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files into Your WordPress Site

Researcher

Krzysztof Zając

More Details >

Layouts for Elementor <= 1.7 - Missing Authorization to Unauthenticated Arbitrary File Upload

10.0

CVSS Rating
Critical (10.0)

CVE-ID
CVE-2024-30533

Patch Status
Patched

Published
Mar 29, 2024

Affected Software
Layouts for Elementor

Researcher

Abdi Pranata

More Details >

ProfileGrid <= 5.7.8 - Unauthenticated SQL Injection

10.0

CVSS Rating
Critical (10.0)

CVE-ID
CVE-2024-30490

Patch Status
Patched

Published
Mar 28, 2024

Affected Software
ProfileGrid – User Profiles, Groups and Communities

Researcher

LVT-tholv2k

More Details >

Salon booking system <= 9.5 - Unauthenticated Arbitrary File Upload

10.0

CVSS Rating
Critical (10.0)

CVE-ID
CVE-2024-30510

Patch Status
Patched

Published
Mar 28, 2024

Affected Software
Salon Booking System

Researcher

stealthcopter

More Details >

WP Travel Engine <= 5.7.9 - Unauthenticated SQL Injection

10.0

CVSS Rating
Critical (10.0)

CVE-ID
CVE-2024-30502

Patch Status
Patched

Published
Mar 28, 2024

Affected Software
WP Travel Engine – Tour Booking Plugin – Tour Operator Software

Researcher

beluga

More Details >

Calendarista <= 15.5.7 - Authenticated (Subscriber+) SQL Injection

9.9

CVSS Rating
Critical (9.9)

CVE-ID
CVE-2024-30240

Patch Status
Patched

Published
Mar 26, 2024

Affected Software
Calendarista

Researcher

Ivan Spiridonov (xbz0n)

More Details >

Contact Form to Any API <= 1.1.8 - Authenticated (Subscriber+) SQL Injection

9.9

CVSS Rating
Critical (9.9)

CVE-ID
CVE-2024-30242

Patch Status
Patched

Published
Mar 26, 2024

Affected Software
Contact Form to Any API

Researcher

Le Ngoc Anh

More Details >

CRM Perks Forms <= 1.1.4 - Authenticated (Contributor+) SQL Injection

9.9

CVSS Rating
Critical (9.9)

CVE-ID
CVE-2024-30499

Patch Status
Patched

Published
Mar 28, 2024

Affected Software
CRM Perks Forms – WordPress Form Builder

Researcher

LVT-tholv2k

More Details >

CubeWP – All-in-One Dynamic Content Framework <= 1.1.12 - Authenticated (Subscriber+) Arbitrary File Upload

9.9

CVSS Rating
Critical (9.9)

CVE-ID
CVE-2024-30500

Patch Status
Patched

Published
Mar 28, 2024

Affected Software
CubeWP – All-in-One Dynamic Content Framework

Researcher

Peng Zhou

More Details >

Easy Form Builder <= 3.7.4 - Authenticated (Contributor+) SQL Injection

9.9

CVSS Rating
Critical (9.9)

CVE-ID
CVE-2024-30535

Patch Status
Patched

Published
Mar 29, 2024

Affected Software
Easy Form Builder – WordPress plugin form builder: contact form, survey form, payment form, and custom form builder

Researcher

LVT-tholv2k

More Details >

Element Pack Elementor Addons <= 5.5.3 - Authenticated (Contributor+) SQL Injection

9.9

CVSS Rating
Critical (9.9)

CVE-ID
CVE-2024-30496

Patch Status
Patched

Published
Mar 28, 2024

Affected Software
Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows)

Researcher

Rafie Muhammad

More Details >

Media Library Folders <= 8.1.7 - Authenticated (Author+) SQL Injection

9.9

CVSS Rating
Critical (9.9)

CVE-ID
CVE-2024-30486

Patch Status
Patched

Published
Mar 28, 2024

Affected Software
Media Library Folders

Researcher

Le Ngoc Anh

More Details >

Photos and Files Contest Gallery <= 21.3.2 - Authenticated (Contributor+) SQL Injection

9.9

CVSS Rating
Critical (9.9)

CVE-ID
CVE-2024-30238

Patch Status
Patched

Published
Mar 26, 2024

Affected Software
Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal, Social Share Buttons

Researcher

LVT-tholv2k

More Details >

Photos and Files Contest Gallery <= 21.3.4 - Authenticated (Contributor+) SQL Injection

9.9

CVSS Rating
Critical (9.9)

CVE-ID
CVE-2024-30236

Patch Status
Patched

Published
Mar 26, 2024

Affected Software
Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal, Social Share Buttons

Researcher

Emili Castells

More Details >

ProfileGrid <= 5.7.8 - Authenticated (Subscriber+) SQL Injection

9.9

CVSS Rating
Critical (9.9)

CVE-ID
CVE-2024-30491

Patch Status
Patched

Published
Mar 28, 2024

Affected Software
ProfileGrid – User Profiles, Groups and Communities

Researcher

LVT-tholv2k

More Details >

WooCommerce Customers Manager <= 29.6 - Authenticated (Subscriber+) SQL Injection

9.9

CVSS Rating
Critical (9.9)

CVE-ID
CVE-2024-0399

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
WooCommerce Customers Manager

Researcher

Ivan Spiridonov (xbz0n)

More Details >

WordPress Tooltips <= 9.4.3 - Authenticated (Contributor+) SQL Injection

9.9

CVSS Rating
Critical (9.9)

CVE-ID
CVE-2024-30243

Patch Status
Patched

Published
Mar 26, 2024

Affected Software
WordPress Tooltips

Researcher

beluga

More Details >

WP Cost Estimation & Payment Forms Builder <= 10.1.75 - Authenticated (Contributor+) SQL Injection

9.9

CVSS Rating
Critical (9.9)

CVE-ID
CVE-2024-30489

Patch Status
Patched

Published
Mar 28, 2024

Affected Software
WP Cost Estimation & Payment Forms Builder

Researcher

Rafie Muhammad

More Details >

WP Responsive Tabs horizontal vertical and accordion Tabs <= 1.1.17 - Authenticated (Contributor+) SQL Injection

9.9

CVSS Rating
Critical (9.9)

CVE-ID
CVE-2024-30497

Patch Status
Patched

Published
Mar 28, 2024

Affected Software
WP Responsive Tabs horizontal vertical and accordion Tabs

Researcher

LVT-tholv2k

More Details >

Zoho Campaigns <= 2.0.6 - Authenticated (Contributor+) SQL Injection

9.9

CVSS Rating
Critical (9.9)

CVE-ID
CVE-2024-30239

Patch Status
Patched

Published
Mar 26, 2024

Affected Software
Zoho Campaigns

Researcher

LVT-tholv2k

More Details >

Zotpress <= 7.3.7 - Authenticated (Contributor+) SQL Injection

9.9

CVSS Rating
Critical (9.9)

CVE-ID
CVE-2024-30488

Patch Status
Patched

Published
Mar 28, 2024

Affected Software
Zotpress

Researcher

LVT-tholv2k

More Details >

ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup <= 4.0.26 - Unauthenticated PHP Object Injection

9.8

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2024-30223

Patch Status
Patched

Published
Mar 26, 2024

Affected Software
ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup

Researcher

LVT-tholv2k

More Details >

BetterDocs – Best Documentation, FAQ & Knowledge Base Plugin with AI Support & Instant Answer for Elementor & Gutenberg <= 3.3.3 - Unauthenticated PHP Object Injection

9.8

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2024-30226

Patch Status
Patched

Published
Mar 26, 2024

Affected Software
BetterDocs – Best Documentation, FAQ & Knowledge Base Plugin with AI Support & Instant Answer for Elementor & Gutenberg

Researcher

stealthcopter

More Details >

MasterStudy LMS <= 3.3.0 - Unauthenticated Local File Inclusion via modal

9.8

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2024-2411

Patch Status
Patched

Published
Mar 28, 2024

Affected Software
MasterStudy LMS WordPress Plugin – for Online Courses and Education

Researcher

Hiroho Shimada

More Details >

MasterStudy LMS <= 3.3.1 - Unauthenticated Privilege Escalation via stm_lms_register AJAX Action

9.8

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2024-2409

Patch Status
Patched

Published
Mar 28, 2024

Affected Software
MasterStudy LMS WordPress Plugin – for Online Courses and Education

Researcher

Hiroho Shimada

More Details >

Sunshine Photo Cart: Free Client Photo Galleries for Photographers <= 3.1.1 - Unauthenticated PHP Object Injection

9.8

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2024-30221

Patch Status
Patched

Published
Mar 26, 2024

Affected Software
Sunshine Photo Cart: Free Client Photo Galleries for Photographers

Researcher

CatFather

More Details >

WholesaleX – WooCommerce Wholesale Plugin (Wholesale Prices, Dynamic Pricing, Tiered Pricing) <= 1.3.2 - Unauthenticated PHP Object Injection

9.8

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2024-30224

Patch Status
Patched

Published
Mar 26, 2024

Affected Software
WholesaleX – WooCommerce Wholesale Plugin (Wholesale Prices, Dynamic Pricing, Tiered Pricing)

Researcher

Rafie Muhammad

More Details >

10Web Map Builder for Google Maps <= 1.0.74 - Authenticated (Administrator+) SQL Injection

9.1

CVSS Rating
Critical (9.1)

CVE-ID
CVE-2024-31116

Patch Status
Unpatched

Published
Mar 29, 2024

Affected Software
10Web Map Builder for Google Maps

Researcher

Muhammad Daffa

More Details >

DecaLog <= 3.9.0 - Authenticated (Admin+) SQL injection

9.1

CVSS Rating
Critical (9.1)

CVE-ID
CVE-2024-30245

Patch Status
Patched

Published
Mar 26, 2024

Affected Software
DecaLog

Researcher

isacaya

More Details >

OSS Aliyun <= 1.4.10 - Authenticated (Administrator+) SQL Injection

9.1

CVSS Rating
Critical (9.1)

CVE-ID
CVE-2024-30494

Patch Status
Patched

Published
Mar 28, 2024

Affected Software
OSS Aliyun

Researcher

Majed Refaea

More Details >

Shortcode Addons <= 3.2.5 - Authenticated (Admin+) Arbitrary File Upload

9.1

CVSS Rating
Critical (9.1)

CVE-ID
CVE-2024-31114

Patch Status
Unpatched

Published
Mar 29, 2024

Affected Software
Shortcode Addons- with Visual Composer, Divi, Beaver Builder and Elementor Extension

Researcher

Peng Zhou

More Details >

Slider by Supsystic <= 1.8.10 - Authenticated (Admin+) SQL Injection

9.1

CVSS Rating
Critical (9.1)

CVE-ID
CVE-2024-30237

Patch Status
Patched

Published
Mar 26, 2024

Affected Software
Slider by Supsystic

Researcher

Jean Tirstan T

More Details >

WP Travel Engine <= 5.7.9 - Authenticated (Administrator+) SQL Injection

9.1

CVSS Rating
Critical (9.1)

CVE-ID
CVE-2024-30504

Patch Status
Patched

Published
Mar 28, 2024

Affected Software
WP Travel Engine – Tour Booking Plugin – Tour Operator Software

Researcher

beluga

More Details >

ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup <= 4.0.26 - Authenticated (Contributor+) PHP Object Injection

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2024-30222

Patch Status
Patched

Published
Mar 26, 2024

Affected Software
ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup

Researcher

LVT-tholv2k

More Details >

Button <= 1.1.27 - Authenticated (Contributor+) PHP Object Injection in button_shortcode

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2024-1872

Patch Status
Patched

Published
Mar 28, 2024

Affected Software
Button

Researcher

Francesco Carlucci

More Details >

Church Admin <= 4.0.27 - Authenticated (Contributor+) SQL Injection

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2024-30244

Patch Status
Patched

Published
Mar 26, 2024

Affected Software
Church Admin

Researcher

LVT-tholv2k

More Details >

ElementsKit Elementor addons <= 3.0.6 - Authenticated (Contributor+) Local File Inclusion in render_raw

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2024-2047

Patch Status
Patched

Published
Mar 29, 2024

Affected Software
ElementsKit Elementor addons

Researcher

wesley (wcraft)

More Details >

Essential Addons for Elementor <= 5.9.13 - Authenticated (Author+) PHP Object Injection via error_resetpassword

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2024-3018

Patch Status
Patched

Published
Mar 29, 2024

Affected Software
Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders

Researcher

Ngô Thiên An (ancorn_)

More Details >

Filter Custom Fields & Taxonomies Light <= 1.05 - Authenticated (Contributor+) PHP Object Injection

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2024-31094

Patch Status
Unpatched

Published
Mar 29, 2024

Affected Software
Filter Custom Fields & Taxonomies Light

Researcher

Mika

More Details >

Hercules Core <= 6.4 - Authenticated (Subscriber+) PHP Object Injection

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2024-30228

Patch Status
Patched

Published
Mar 26, 2024

Affected Software
Hercules Core

Researcher

Dave Jong

More Details >

Link Whisper Free <= 0.7.1 - Authenticated (Contributor+) PHP Object Injection

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2024-2693

Patch Status
Patched

Published
Mar 26, 2024

Affected Software
Link Whisper Free

Researcher

Francesco Carlucci

More Details >

Meta Tag Manager <= 3.0.2 - Authenticated (Subscriber+) PHP Object Injection

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2024-1770

Patch Status
Patched

Published
Mar 27, 2024

Affected Software
Meta Tag Manager

Researcher

Francesco Carlucci

More Details >

Pods - Custom Content Types and Fields - Authenticated (Contributor+) Remote Code Execution

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2023-6999

Patch Status
Patched

Published
Mar 28, 2024

Affected Software
Pods – Custom Content Types and Fields

Researcher

Nex Team

More Details >

Pods - Custom Content Types and Fields - Authenticated (Contributor+) SQL Injection via Shortcode

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2023-6967

Patch Status
Patched

Published
Mar 28, 2024

Affected Software
Pods – Custom Content Types and Fields

Researcher

Nex Team

More Details >

RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login <= 5.3.1.0 - Authenticated (Contributor+) SQL Injection via Shortcode

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2024-1990

Patch Status
Patched

Published
Mar 26, 2024

Affected Software
RegistrationMagic – User Registration Plugin with Custom Registration Forms

Researcher

Krzysztof Zając

More Details >

Tumult Hype Animations <= 1.9.12 - Authenticated (Author+) Arbitrary File Upload

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2024-2890

Patch Status
Patched

Published
Mar 26, 2024

Affected Software
Tumult Hype Animations

Researcher

Peng Zhou

More Details >

WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting <= 1.12.9 - Authenticated (Subscriber+) SQL Injection

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2024-0608

Patch Status
Unpatched

Published
Mar 28, 2024

Affected Software
WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting

Researcher

Krzysztof Zając

More Details >

Check & Log Email <= 1.0.9 - Unauthenticated Hook Injection

8.1

CVSS Rating
High (8.1)

CVE-ID
CVE-2024-0866

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
Check & Log Email – Easy Email Testing & Mail logging

Researcher

Sean Murphy

More Details >

Hubbub Lite – Fast, Reliable Social Network Sharing Buttons <= 1.33.1 - PHP Object Injection

7.5

CVSS Rating
High (7.5)

CVE-ID
CVE-2024-2501

Patch Status
Patched

Published
Mar 27, 2024

Affected Software
Hubbub Lite – Fast, Reliable Social Sharing Buttons

Researcher

Webbernaut

More Details >

Responsive <= 5.0.2 - Missing Authorization to HTML Injection

7.5

CVSS Rating
High (7.5)

CVE-ID
CVE-2024-2848

Patch Status
Patched

Published
Mar 28, 2024

Affected Software
Responsive

Researchers

Krzysztof Zając

Muhammad Zeeshan (Xib3rR4dAr)

More Details >

Brave Popup Builder <= 0.6.5 - Unauthenticated Server-Side Request Forgery

7.2

CVSS Rating
High (7.2)

CVE-ID
CVE-2024-30453

Patch Status
Patched

Published
Mar 28, 2024

Affected Software
Brave – Create Popup, Optins, Lead Generation, Survey, Sticky Elements & Interactive Content

Researcher

Majed Refaea

More Details >

Builderall Builder for WordPress <= 2.0.1 - Unauthenticated Server-Side Request Forgery

7.2

CVSS Rating
High (7.2)

CVE-ID
CVE-2024-30532

Patch Status
Patched

Published
Mar 29, 2024

Affected Software
Builderall Builder for WordPress

Researcher

Majed Refaea

More Details >

Everest Backup <= 2.2.4 - Authenticated (Admin+) Arbitrary File Upload

7.2

CVSS Rating
High (7.2)

CVE-ID
CVE-2023-7201

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin

Researcher

emad

More Details >

Falang multilanguage <= 1.3.47 - Authenticated (Administrator+) SQL Injection

7.2

CVSS Rating
High (7.2)

CVE-ID
CVE-2024-30495

Patch Status
Patched

Published
Mar 28, 2024

Affected Software
Falang multilanguage for WordPress

Researcher

Jean Tirstan T

More Details >

Forminator <= 1.29.0 - Unauthenticated Stored Cross-Site Scripting via File Upload

7.2

CVSS Rating
High (7.2)

CVE-ID
CVE-2024-1794

Patch Status
Patched

Published
Mar 29, 2024

Affected Software
Forminator Forms – Contact Form, Payment Form & Custom Form Builder

Researcher

wesley (wcraft)

More Details >

HUSKY – Products Filter Professional for WooCommerce <= 1.3.5.2 - Authenticated (Admin+) Local File Inclusion

7.2

CVSS Rating
High (7.2)

CVE-ID
CVE-2024-3061

Patch Status
Patched

Published
Mar 28, 2024

Affected Software
HUSKY – Products Filter Professional for WooCommerce

Researcher

haidv35

More Details >

Product Import Export for WooCommerce <= 2.4.1 - Authenticated(Shop Manager+) Arbitrary File Upload

7.2

CVSS Rating
High (7.2)

CVE-ID
CVE-2024-30231

Patch Status
Patched

Published
Mar 26, 2024

Affected Software
Product Import Export for WooCommerce – Import Export Product CSV Suite

Researcher

stealthcopter

More Details >

Salon booking system <= 9.6.2 - Authenticated (Customer+) Stored Cross-Site Scripting via 'sms_prefix'

7.2

CVSS Rating
High (7.2)

CVE-ID
CVE-2024-2102

Patch Status
Patched

Published
Mar 27, 2024

Affected Software
Salon Booking System

Researcher

cyc707

More Details >

Simple Ajax Chat <= 20240216 - Unauthenticated Stored Cross-Site Scripting

7.2

CVSS Rating
High (7.2)

CVE-ID
CVE-2024-1983

Patch Status
Patched

Published
Mar 26, 2024

Affected Software
Simple Ajax Chat – Add a Fast, Secure Chat Box

Researcher

Vincent Fourcade (vinceMatsui)

More Details >

Simple Buttons Creator <=1.04 - Unauthenticated Stored Cross-Site Scripting via Add Button

7.2

CVSS Rating
High (7.2)

CVE-ID
CVE-2024-2857

Patch Status
Unpatched

Published
Mar 25, 2024

Affected Software
Simple Buttons Creator

Researcher

Bob Matyas

More Details >

Sticky Anything <= 2.1.5 - Unauthenticated Stored Cross-Site Scripting

7.2

CVSS Rating
High (7.2)

CVE-ID
CVE-2024-30551

Patch Status
Unpatched

Published
Mar 29, 2024

Affected Software
Sticky Anything

Researcher

Mika

More Details >

WordPress Action Network 1.4.3 -Authentcated (Admin+) SQL Injection

7.2

CVSS Rating
High (7.2)

CVE-ID
CVE-2024-2954

Patch Status
Patched

Published
Mar 26, 2024

Affected Software
Action Network

Researchers

Pichaya Morimoto

Nanchanan Sanapun

More Details >

WordPress Announcement & Notification Banner Plugin – Bulletin <= 3.8.5 - Authenticated (Administrator+) SQL Injection

7.2

CVSS Rating
High (7.2)

CVE-ID
CVE-2024-30478

Patch Status
Patched

Published
Mar 28, 2024

Affected Software
Announcement & Notification Banner – Bulletin

Researcher

Muhammad Daffa

More Details >

WP ERP <= 1.12.9 - Authenticated (Accounting Manager+) SQL Injection

7.2

CVSS Rating
High (7.2)

CVE-ID
CVE-2024-0913

Patch Status
Unpatched

Published
Mar 28, 2024

Affected Software
WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting

Researcher

Edwin Siebel (edwinsiebel)

More Details >

WP ERP <= 1.12.9 - Authenticated (Accounting Manager+) SQL Injection via id

7.2

CVSS Rating
High (7.2)

CVE-ID
CVE-2024-0952

Patch Status
Unpatched

Published
Mar 28, 2024

Affected Software
WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting

Researcher

Edwin Siebel (edwinsiebel)

More Details >

WP ERP <= 1.12.9 - Authenticated (AccountingManager+) SQL Injection

7.2

CVSS Rating
High (7.2)

CVE-ID
CVE-2024-0956

Patch Status
Unpatched

Published
Mar 28, 2024

Affected Software
WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting

Researcher

Edwin Siebel (edwinsiebel)

More Details >

WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting <= 1.12.9 - Unauthenticated Stored Cross-Site Scripting

7.2

CVSS Rating
High (7.2)

CVE-ID
CVE-2024-0609

Patch Status
Unpatched

Published
Mar 28, 2024

Affected Software
WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting

Researcher

Krzysztof Zając

More Details >

SellKit <= 1.8.1 - Authenticated (Subscriber+) Arbitrary File Download

6.5

CVSS Rating
Medium (6.5)

CVE-ID
CVE-2024-30509

Patch Status
Patched

Published
Mar 28, 2024

Affected Software
SellKit – Funnel builder and checkout optimizer for WooCommerce to sell more, faster

Researcher

stealthcopter

More Details >

VK All in One Expansion Unit <= 9.95.0.1 - Information Exposure

6.5

CVSS Rating
Medium (6.5)

CVE-ID
CVE-2024-2093

Patch Status
Patched

Published
Mar 26, 2024

Affected Software
VK All in One Expansion Unit

Researcher

Krzysztof Zając

More Details >

WholesaleX <= 1.3.2 - Unauthenticated Privilege Escalation

6.5

CVSS Rating
Medium (6.5)

CVE-ID
CVE-2024-30542

Patch Status
Patched

Published
Mar 29, 2024

Affected Software
WholesaleX – WooCommerce Wholesale Plugin (Wholesale Prices, Dynamic Pricing, Tiered Pricing)

Researcher

Rafie Muhammad

More Details >

130+ Widgets | Best Addons For Elementor – FREE <= 1.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-2250

Patch Status
Patched

Published
Mar 28, 2024

Affected Software
140+ Widgets | Xpro Addons For Elementor – FREE

Researcher

Francesco Carlucci

More Details >

Aesop Story Engine <= 2.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-30557

Patch Status
Unpatched

Published
Mar 29, 2024

Affected Software
Aesop Story Engine

Researcher

LVT-tholv2k

More Details >

affiliate-toolkit <= 3.4.5 - Authenticated (Author+) Stored Cross-Site Scripting via ratings

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-29817

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
affiliate-toolkit – WP Affiliate Plugin with Amazon

Researcher

Ngô Thiên An (ancorn_)

More Details >

AI Engine <= 2.1.4 - Authenticated (Editor+) Server-Side Request Forgery

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-29090

Patch Status
Patched

Published
Mar 26, 2024

Affected Software
AI Engine

Researcher

Rafie Muhammad

More Details >

AI Twitter Feeds (Twitter widget & shortcode) <= 2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-31101

Patch Status
Unpatched

Published
Mar 29, 2024

Affected Software
AI Twitter Feeds (Twitter widget & shortcode)

Researcher

Ngô Thiên An (ancorn_)

More Details >

Aparat for WordPress <= 2.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-29765

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
Aparat for WordPress

Researcher

Steven Julian

More Details >

Astra <= 4.6.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Display Name

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-2347

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
Astra

Researcher

stealthcopter

More Details >

B Slider - Slider for your block editor <= 1.1.12 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-30432

Patch Status
Patched

Published
Mar 28, 2024

Affected Software
B Slider- Gutenberg Slider Block for WP

Researcher

Jean Tirstan T

More Details >

Better Elementor Addons <= 1.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-30423

Patch Status
Patched

Published
Mar 28, 2024

Affected Software
Better Elementor Addons

Researcher

Khalid

More Details >

Better Elementor Addons <= 1.4.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via widget links

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-2280

Patch Status
Patched

Published
Mar 28, 2024

Affected Software
Better Elementor Addons

Researcher

Francesco Carlucci

More Details >

BetterDocs – Best Documentation, FAQ & Knowledge Base Plugin with AI Support & Instant Answer For Elementor & Gutenberg <= 3.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-2845

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
BetterDocs – Best Documentation, FAQ & Knowledge Base Plugin with AI Support & Instant Answer for Elementor & Gutenberg

Researcher

Krzysztof Zając

More Details >

Bold Page Builder <= 4.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via class

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-30179

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
Bold Page Builder

Researcher

LVT-tholv2k

More Details >

BoldGrid Easy SEO – Simple and Effective SEO <= 1.6.13 - Authenticated(Contributor+) Stored Cross-Site Scripting via Meta Description

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-1692

Patch Status
Patched

Published
Mar 29, 2024

Affected Software
BoldGrid Easy SEO – Simple and Effective SEO

Researcher

Webbernaut

More Details >

Carousel Anything For WPBakery Page Builder <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-30520

Patch Status
Unpatched

Published
Mar 28, 2024

Affected Software
Carousel Anything For WPBakery Page Builder – Touch Slider and Carousel

Researcher

resecured.io

More Details >

Church Admin <= 4.0.26 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-30197

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
Church Admin

Researcher

LVT-tholv2k

More Details >

Church Admin <= 4.1.17 - Authenticated (Contributor+) Stored Cross-Site Scripting via meta-text

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-30193

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
Church Admin

Researcher

CatFather

More Details >

Co-marquage service-public.fr <= 0.5.71 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-29908

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
Co-marquage service-public.fr

Researcher

LVT-tholv2k

More Details >

collectchat <= 2.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-30436

Patch Status
Patched

Published
Mar 28, 2024

Affected Software
Chatbot for WordPress by Collect.chat ⚡️

Researcher

LVT-tholv2k

More Details >

Compact WP Audio Player <= 1.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via fileurl

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-29917

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
Compact WP Audio Player

Researcher

LVT-tholv2k

More Details >

CRM Perks Forms <= 1.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-30446

Patch Status
Patched

Published
Mar 28, 2024

Affected Software
CRM Perks Forms – WordPress Form Builder

Researcher

LVT-tholv2k

More Details >

Crypto Converter Widget <= 1.8.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-29930

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
Crypto Converter ⚡ Widget

Researcher

beluga

More Details >

DD Rating <= 1.7.1 - Authenticated (Author+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-30554

Patch Status
Unpatched

Published
Mar 29, 2024

Affected Software
DD Rating

Researcher

Cronus

More Details >

DearFlip <= 2.2.26 - Authenticated (Contributor+) Stored Cross-Site Scripting via force_fit

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-29807

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
Dear Flipbook – PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer

Researcher

emad

More Details >

Dracula Dark Mode - The Revolutionary Dark Mode Plugin For WordPress <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-29771

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
Dracula Dark Mode – Enhanced Accessibility, Dark Mode & Reading Mode for WordPress

Researcher

LVT-tholv2k

More Details >

Dropdown Multisite selector <= 0.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-29910

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
Dropdown multisite selector

Researcher

LVT-tholv2k

More Details >

Easy Appointments <= 3.11.18 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-2842

Patch Status
Patched

Published
Mar 28, 2024

Affected Software
Easy Appointments

Researcher

Krzysztof Zając

More Details >

Easy Social Feed <= 6.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via fb_appid

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-30180

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
Easy Social Feed – Social Photos Gallery – Post Feed – Like Box

Researcher

LVT-tholv2k

More Details >

Easy Social Feed <= 6.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-1219

Patch Status
Patched

Published
Mar 27, 2024

Affected Software
Easy Social Feed – Social Photos Gallery – Post Feed – Like Box

Researcher

Dmitrii Ignatyev

More Details >

Easy Textillate <= 2.01 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-2303

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
Easy Textillate

Researcher

Tien Luong

More Details >

Ecwid Ecommerce Shopping Cart <= 6.12.10 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-2456

Patch Status
Patched

Published
Mar 29, 2024

Affected Software
Ecwid by Lightspeed Ecommerce Shopping Cart

Researcher

Krzysztof Zając

More Details >

Element Pack Elementor Addons <= 5.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via link

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-30185

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows)

Researcher

Abu Hurayra

More Details >

Elementor Addon Elements <= 1.13.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-30422

Patch Status
Patched

Published
Mar 28, 2024

Affected Software
Elementor Addon Elements

Researcher

Khalid

More Details >

Elementor Addon Elements <= 1.13.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via 'Text Separator' and 'Image Compare' Widget

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-2792

Patch Status
Patched

Published
Mar 27, 2024

Affected Software
Elementor Addon Elements

Researcher

wesley (wcraft)

More Details >

Elementor Website Builder – More than Just a Page Builder <= 3.20.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Path Widget

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-2117

Patch Status
Patched

Published
Mar 26, 2024

Affected Software
Elementor Website Builder – More than Just a Page Builder

Researcher

Webbernaut

More Details >

Elementor Website Builder Pro <= 3.20.1 - Authententicated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-1364

Patch Status
Patched

Published
Mar 26, 2024

Affected Software
Elementor Website Builder Pro

Researcher

wesley (wcraft)

More Details >

Elementor Website Builder Pro <= 3.20.1 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via video_html_tag

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-2781

Patch Status
Patched

Published
Mar 26, 2024

Affected Software
Elementor Website Builder Pro

Researcher

wesley (wcraft)

More Details >

Elementor Website Builder Pro <= 3.20.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Form Widget SVGZ File Upload

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-1521

Patch Status
Patched

Published
Mar 26, 2024

Affected Software
Elementor Website Builder Pro

Researcher

wesley (wcraft)

More Details >

ElementsKit Elementor addons <= 3.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-1238

Patch Status
Patched

Published
Mar 29, 2024

Affected Software
ElementsKit Elementor addons

Researcher

wesley (wcraft)

More Details >

Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.11 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-2623

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders

Researcher

Webbernaut

More Details >

Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.11 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-2650

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders

Researchers

Ngô Thiên An (ancorn_)

ST

More Details >

Events Manager <= 6.4.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-2111

Patch Status
Patched

Published
Mar 27, 2024

Affected Software
Events Manager – Calendar, Bookings, Tickets, and more!

Researcher

Tim Coen

More Details >

Exchange Rates Widget <= 1.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-29814

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
Exchange Rates Widget

Researcher

Ngô Thiên An (ancorn_)

More Details >

Exclusive Addons Elementor <= 2.6.8 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-30177

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
Exclusive Addons for Elementor

Researcher

Abu Hurayra

More Details >

Exclusive Addons Elementor <= 2.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-30232

Patch Status
Patched

Published
Mar 26, 2024

Affected Software
Exclusive Addons for Elementor

Researcher

Abu Hurayra

More Details >

Fancy Comments WordPress <= 1.2.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-29804

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
Fancy Comments WordPress

Researcher

Ngô Thiên An (ancorn_)

More Details >

Favorites <= 2.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-2948

Patch Status
Patched

Published
Mar 29, 2024

Affected Software
Favorites

Researcher

Krzysztof Zając

More Details >

FlatPM < 3.1.05 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-29803

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
FlatPM – Ad Manager, AdSense and Custom Code

Researcher

Ngô Thiên An (ancorn_)

More Details >

Frontend Dashboard <= 2.2.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-29775

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
Frontend Dashboard

Researcher

CatFather

More Details >

Fullscreen Galleria <= 1.6.11 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-29801

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
Fullscreen Galleria

Researcher

Ngô Thiên An (ancorn_)

More Details >

GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress <= 6.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-2783

Patch Status
Patched

Published
Mar 27, 2024

Affected Software
GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress

Researcher

Krzysztof Zając

More Details >

Geo Controller <= 8.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-30451

Patch Status
Patched

Published
Mar 28, 2024

Affected Software
Geo Controller

Researcher

LVT-tholv2k

More Details >

GetResponse for WordPress <= 5.5.35 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-31104

Patch Status
Unpatched

Published
Mar 29, 2024

Affected Software
GetResponse for WordPress

Researcher

Ngô Thiên An (ancorn_)

More Details >

Gratisfaction <= 4.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-29798

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
Gratisfaction- Loyalty, Rewards , Referral, Birthday and Giveaway Program

Researcher

Ngô Thiên An (ancorn_)

More Details >

Grid Shortcodes <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-29797

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
Grid Shortcodes

Researcher

Ngô Thiên An (ancorn_)

More Details >

GS Pins for Pinterest <= 1.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shorcode

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-30192

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
WordPress Pinterest Plugin – Make a Popup, User Profile, Masonry and Gallery Layout

Researcher

LVT-tholv2k

More Details >

GS Testimonial Slider <= 3.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-30443

Patch Status
Patched

Published
Mar 28, 2024

Affected Software
A WordPress Testimonial Plugin to Showcase Testimonial Slider, Testimonial Grid and More: Solid Testimonials

Researcher

LVT-tholv2k

More Details >

Gutenberg Block Editor Toolkit – EditorsKit <= 1.40.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-2794

Patch Status
Patched

Published
Mar 29, 2024

Affected Software
Gutenberg Block Editor Toolkit – EditorsKit

Researcher

Krzysztof Zając

More Details >

Gutenberg Blocks by Kadence Blocks <= 3.2.25 - Authenticated (Author+) Server-Side Request Forgery

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-24888

Patch Status
Patched

Published
Mar 29, 2024

Affected Software
Gutenberg Blocks with AI by Kadence WP – Page Builder Features

Researcher

Kursat Cetin

More Details >

Gutenberg Blocks with AI by Kadence WP – Page Builder Features <= 3.2.19 - Authenticated (Contributor+) Server-Side Request Forgery

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-23500

Patch Status
Patched

Published
Mar 26, 2024

Affected Software
Gutenberg Blocks with AI by Kadence WP – Page Builder Features

Researcher

Rafie Muhammad

More Details >

Hash Elements <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-30426

Patch Status
Patched

Published
Mar 28, 2024

Affected Software
Hash Elements

Researcher

Khalid

More Details >

HeartThis <= 0.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-31121

Patch Status
Unpatched

Published
Mar 29, 2024

Affected Software
HeartThis

Researcher

CatFather

More Details >

Hot Random Image <= 1.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-29796

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
Hot Random Image

Researcher

Ngô Thiên An (ancorn_)

More Details >

HT Mega <= 2.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-30182

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
HT Mega – Absolute Addons For Elementor

Researcher

Abu Hurayra

More Details >

iCalendrier <= 1.80 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-29912

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
iCalendrier

Researcher

LVT-tholv2k

More Details >

iFlyChat – WordPress Chat <= 4.7.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-31108

Patch Status
Unpatched

Published
Mar 29, 2024

Affected Software
iFlyChat – WordPress Chat

Researcher

LVT-tholv2k

More Details >

Image Hover Effects – Elementor Addon <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'eihe_align'

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-29936

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
Image Hover Effects – Elementor Addon

Researcher

Abu Hurayra

More Details >

List category posts <= 0.89.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-1051

Patch Status
Patched

Published
Mar 29, 2024

Affected Software
List category posts

Researcher

Ngô Thiên An (ancorn_)

More Details >

Livemesh Addons for WPBakery Page Builder <= 3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-30183

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
WPBakery Page Builder Addons by Livemesh

Researcher

Abu Hurayra

More Details >

Lordicon Animated Icons <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-30519

Patch Status
Unpatched

Published
Mar 28, 2024

Affected Software
Lordicon Animated Icons

Researcher

resecured.io

More Details >

MailChimp Forms by MailMunch <= 3.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-29793

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
MailChimp Forms by MailMunch

Researcher

Ngô Thiên An (ancorn_)

More Details >

Master Addons for Elementor <= 2.0.5.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-29911

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations

Researcher

Abu Hurayra

More Details >

Master Addons for Elementor <= 2.0.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Pricing Table Widget

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-2139

Patch Status
Patched

Published
Mar 26, 2024

Affected Software
Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations

Researcher

Francesco Carlucci

More Details >

Media Cloud for Amazon S3, Imgix, Google Cloud Storage, DigitalOcean Spaces and more <= 4.5.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-29795

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
Media Cloud for Bunny CDN, Amazon S3, Cloudflare R2, Google Cloud Storage, DigitalOcean and more

Researcher

Ngô Thiên An (ancorn_)

More Details >

Media Library Assistant <= 3.13 - Authenticated (Contributor+) SQL Injection via Shortcode

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-2871

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
Media Library Assistant

Researcher

stealthcopter

More Details >

Media Library Assistant <= 3.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via mla_gallery Shortcode

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-2475

Patch Status
Patched

Published
Mar 28, 2024

Affected Software
Media Library Assistant

Researcher

stealthcopter

More Details >

Mighty Classic Pros And Cons <= 2.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-30556

Patch Status
Unpatched

Published
Mar 29, 2024

Affected Software
Mighty Classic Pros And Cons

Researcher

LVT-tholv2k

More Details >

MP3 Audio Player for Music, Radio & Podcast by Sonaar <= 5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-30530

Patch Status
Patched

Published
Mar 29, 2024

Affected Software
MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar

Researcher

Steven Julian

More Details >

MyBookTable Bookstore <= 3.3.7 - Authenticated (Author+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-29772

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
MyBookTable Bookstore by Stormhill Media

Researcher

CatFather

More Details >

Nelio Content <= 3.2.0 - Authenticated (Contributor+) Server-Side Request Forgery

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-30531

Patch Status
Patched

Published
Mar 29, 2024

Affected Software
Nelio Content – Editorial Calendar & Social Media Scheduling

Researcher

Majed Refaea

More Details >

Off-Canvas Sidebars & Menus (Slidebars) <= 0.5.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-29762

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
Off-Canvas Sidebars & Menus (Slidebars)

Researcher

LVT-tholv2k

More Details >

OneClick Chat to Order <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-29789

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
OneClick Chat to Order

Researcher

Ngô Thiên An (ancorn_)

More Details >

OpenStreetMap for Gutenberg and WPBakery Page Builder (formerly Visual Composer) <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-30450

Patch Status
Patched

Published
Mar 28, 2024

Affected Software
OpenStreetMap for Gutenberg and WPBakery Page Builder (formerly Visual Composer)

Researcher

LVT-tholv2k

More Details >

Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE <= 2.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-2841

Patch Status
Patched

Published
Mar 28, 2024

Affected Software
Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE

Researcher

Ngô Thiên An (ancorn_)

More Details >

Otter Blocks <= 2.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-2729

Patch Status
Patched

Published
Mar 28, 2024

Affected Software
Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE

Researcher

Dmitrii Ignatyev

More Details >

PDF Builder for WPForms <= 1.2.88 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-29820

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
PDF Builder for WPForms

Researcher

LVT-tholv2k

More Details >

PDF Viewer for Elementor <= 2.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-30524

Patch Status
Unpatched

Published
Mar 29, 2024

Affected Software
PDF Viewer for Elementor

Researcher

Khalid

More Details >

Piotnet Addons For Elementor <= 2.4.25 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-29934

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
Piotnet Addons For Elementor

Researcher

Abu Hurayra

More Details >

Podlove Web Player <= 5.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-29788

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
Podlove Web Player

Researcher

Ngô Thiên An (ancorn_)

More Details >

Popup Builder <= 4.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-30184

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
Popup Builder – Create highly converting, mobile friendly marketing popups.

Researcher

LVT-tholv2k

More Details >

Portfolio Gallery – Image Gallery Plugin <= 1.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-29769

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
Portfolio Gallery – Image Gallery Plugin

Researcher

LVT-tholv2k

More Details >

Post and Page Builder by BoldGrid – Visual Drag and Drop Editor Plugin <= 1.26.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-2888

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
Post and Page Builder by BoldGrid – Visual Drag and Drop Editor

Researcher

Phill Sav (Savphill)

More Details >

Post Grid, Slider & Carousel Ultimate <= 1.6.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-29925

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget

Researcher

LVT-tholv2k

More Details >

PowerPack Addons for Elementor <= 2.7.17 - Authenticated (Contributor+) Stored Cross-Site Scripting via *_html_tag*

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-2491

Patch Status
Patched

Published
Mar 29, 2024

Affected Software
PowerPack Elementor Addons (Free Widgets, Extensions and Templates)

Researcher

wesley (wcraft)

More Details >

PowerPack Addons for Elementor <= 2.7.18 - Authenticated (Contributor+) Stored Cross-Site Scripting via Twitter Tweet Widget

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-2492

Patch Status
Patched

Published
Mar 29, 2024

Affected Software
PowerPack Elementor Addons (Free Widgets, Extensions and Templates)

Researcher

wesley (wcraft)

More Details >

Prime Slider – Addons For Elementor <= 3.13.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via title

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-30186

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider)

Researcher

Abu Hurayra

More Details >

Print Page block <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-30438

Patch Status
Patched

Published
Mar 28, 2024

Affected Software
Print Page block – Print the entire page or Section.

Researcher

CatFather

More Details >

Real Media Library: Media Library Folder & File Manager <= 4.22.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-2027

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
Real Media Library: Media Library Folder & File Manager

Researchers

Ngô Thiên An (ancorn_)

Dau Hoang Tai

More Details >

Responsive flipbook <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-30552

Patch Status
Unpatched

Published
Mar 29, 2024

Affected Software
Responsive flipbook wordpress plugin free download

Researcher

LVT-tholv2k

More Details >

Responsive Image Gallery, Gallery Album <= 2.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-31120

Patch Status
Unpatched

Published
Mar 29, 2024

Affected Software
Gallery – Image and Video Gallery with Thumbnails

Researcher

LVT-tholv2k

More Details >

Responsive Tabs <= 4.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-1846

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
Responsive Tabs

Researcher

Dmitrii Ignatyev

More Details >

ReviewX <= 1.6.22 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-29812

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
ReviewX – Multi-criteria Rating & Reviews for WooCommerce

Researcher

LVT-tholv2k

More Details >

Sina Extension for Elementor <= 3.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-29935

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates)

Researcher

Abu Hurayra

More Details >

SP Project & Document Manager <= 4.70 - Missing Authorization Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-31118

Patch Status
Unpatched

Published
Mar 29, 2024

Affected Software
SP Project & Document Manager

Researcher

CatFather

More Details >

Spin 360 deg and 3D Model Viewer <= 1.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-30559

Patch Status
Unpatched

Published
Mar 29, 2024

Affected Software
Spin 360 deg and 3D Model Viewer

Researcher

LVT-tholv2k

More Details >

Sponsors <= 3.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-30483

Patch Status
Unpatched

Published
Mar 28, 2024

Affected Software
Sponsors

Researcher

Ray Wilson

More Details >

Stackable – Page Builder Gutenberg Blocks <= 3.12.11 - Authenticated(Contributor+) Stored Cross-Site Scripting via Posts Block

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-2039

Patch Status
Patched

Published
Mar 28, 2024

Affected Software
Stackable – Page Builder Gutenberg Blocks

Researchers

Ngô Thiên An (ancorn_)

Dau Hoang Tai

More Details >

Stratum <= 1.3.15 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-29914

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
Stratum – Elementor Widgets

Researcher

Abu Hurayra

More Details >

StreamWeasels Twitch Integration <= 1.7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-29766

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
StreamWeasels Twitch Integration

Researcher

LVT-tholv2k

More Details >

Sydney Toolbox <= 1.26 - Authenticated (Contributor+) Stored Cross-Site Scripting via _id

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-2936

Patch Status
Patched

Published
Mar 28, 2024

Affected Software
Sydney Toolbox

Researchers

Ngô Thiên An (ancorn_)

Phuoc Pham (p3tl0v3r)

More Details >

The Plus Addons for Elementor <= 5.4.1 - Authenticated (Contributor+) Local File Inclusion via Clients Widget

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-2203

Patch Status
Patched

Published
Mar 26, 2024

Affected Software
The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce

Researcher

wesley (wcraft)

More Details >

The Plus Addons for Elementor <= 5.4.1 - Authenticated (Contributor+) Local File Inclusion via Team Member Listing

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-2210

Patch Status
Patched

Published
Mar 26, 2024

Affected Software
The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce

Researcher

wesley (wcraft)

More Details >

Travelers' Map <= 2.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-29909

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
Travelers' Map

Researcher

LVT-tholv2k

More Details >

Tutor LMS Elementor Addons <= 2.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-29913

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
Tutor LMS Elementor Addons

Researcher

Abu Hurayra

More Details >

Ultimate Addons for Beaver Builder – Lite <= 1.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Advanced Icons Widget

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-2140

Patch Status
Patched

Published
Mar 29, 2024

Affected Software
Ultimate Addons for Beaver Builder – Lite

Researcher

Francesco Carlucci

More Details >

Ultimate Addons for Beaver Builder – Lite <= 1.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Widget

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-2141

Patch Status
Patched

Published
Mar 29, 2024

Affected Software
Ultimate Addons for Beaver Builder – Lite

Researcher

Francesco Carlucci

More Details >

Ultimate Addons for Beaver Builder – Lite <= 1.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Heading Widget

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-2143

Patch Status
Patched

Published
Mar 29, 2024

Affected Software
Ultimate Addons for Beaver Builder – Lite

Researcher

Francesco Carlucci

More Details >

Ultimate Addons for Beaver Builder – Lite <= 1.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Separator Widget

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-2144

Patch Status
Patched

Published
Mar 29, 2024

Affected Software
Ultimate Addons for Beaver Builder – Lite

Researcher

Francesco Carlucci

More Details >

Ultimate Addons for Beaver Builder – Lite <= 1.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Info Table Widget

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-2142

Patch Status
Patched

Published
Mar 29, 2024

Affected Software
Ultimate Addons for Beaver Builder – Lite

Researcher

Francesco Carlucci

More Details >

Ultimate Social Comments – Email Notification & Lazy Load <= 1.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-30555

Patch Status
Unpatched

Published
Mar 29, 2024

Affected Software
Ultimate Social Comments – Email Notification & Lazy Load

Researcher

LVT-tholv2k

More Details >

Unlimited Elements For Elementor <= 1.5.96 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widget Link

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-0367

Patch Status
Patched

Published
Mar 29, 2024

Affected Software
Unlimited Elements For Elementor (Free Widgets, Addons, Templates)

Researcher

Webbernaut

More Details >

VK All in One Expansion Unit <= 9.96.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via className

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-2170

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
VK All in One Expansion Unit

Researchers

Ngô Thiên An (ancorn_)

ST

More Details >

WC Builder <= 1.0.18 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-29926

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
WC Builder – WooCommerce Page Builder for WPBakery

Researcher

LVT-tholv2k

More Details >

WC Marketplace <= 4.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-30433

Patch Status
Patched

Published
Mar 28, 2024

Affected Software
MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution

Researcher

LVT-tholv2k

More Details >

Web Icons <= 1.0.0.10 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-30445

Patch Status
Patched

Published
Mar 28, 2024

Affected Software
Web Icons

Researcher

Steven Julian

More Details >

Web Icons <= 1.0.0.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-29933

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
Web Icons

Researcher

LVT-tholv2k

More Details >

Webinar and Video Conference with Jitsi Meet <= 2.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-30437

Patch Status
Patched

Published
Mar 28, 2024

Affected Software
Webinar and Video Conference with Jitsi Meet – Create Branded Webinars for WordPress, Meetings & Livestreaming

Researcher

LVT-tholv2k

More Details >

WishSuite <= 1.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-29927

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
WishSuite – Wishlist for WooCommerce

Researcher

LVT-tholv2k

More Details >

WooCommerce Bookings Calendar <= 1.0.36 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-31117

Patch Status
Unpatched

Published
Mar 29, 2024

Affected Software
WooCommerce Bookings Calendar

Researcher

LVT-tholv2k

More Details >

WordPress File Upload <= 4.24.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-2847

Patch Status
Patched

Published
Mar 29, 2024

Affected Software
WordPress File Upload

Researcher

Krzysztof Zając

More Details >

WordPress Meta Data and Taxonomies Filter (MDTF) <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-29906

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
MDTF – Meta Data and Taxonomies Filter

Researcher

LVT-tholv2k

More Details >

WordPress Meta Data and Taxonomies Filter (MDTF) <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-29932

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
MDTF – Meta Data and Taxonomies Filter

Researcher

beluga

More Details >

WordPress Meta Data and Taxonomies Filter (MDTF) <= 1.3.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-29763

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
MDTF – Meta Data and Taxonomies Filter

Researcher

Abdi Pranata

More Details >

WP Chat App <= 3.6.2 - Authenticated(Contributor+) Stored Cross-Site Scripting via Block Image Attribute

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-2513

Patch Status
Patched

Published
Mar 29, 2024

Affected Software
WP Chat App

Researcher

Ngô Thiên An (ancorn_)

More Details >

WP Customer Reviews <= 3.7.0 - Authenticated (Contributor+) Malicious Redirect via HTTP-EQUIV Injection

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-1849

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
WP Customer Reviews

Researcher

Dmitrii Ignatyev

More Details >

WP Fast Total Search <= 1.59.211 - Authenticated (Contributor+) Stored Cross-Site Scripting via WPFTS Live Search Widget

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-29799

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
WP Fast Total Search – The Power of Indexed Search

Researcher

Ngô Thiên An (ancorn_)

More Details >

WP Post Disclaimer <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-29761

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
WP Post Disclaimer

Researcher

LVT-tholv2k

More Details >

WP User Profile Avatar <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2023-6067

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
WP User Profile Avatar

Researcher

Dmitrii Ignatyev

More Details >

wp-forecast <= 9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-30429

Patch Status
Patched

Published
Mar 28, 2024

Affected Software
wp-forecast

Researcher

LVT-tholv2k

More Details >

WPFront Notification Bar <= 3.3.2 - Authenticated (Editor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-29819

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
WPFront Notification Bar

Researcher

Joel Indra

More Details >

Add Shortcodes Actions And Filters <= 2.10 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-30558

Patch Status
Unpatched

Published
Mar 29, 2024

Affected Software
Add Shortcodes Actions And Filters

Researcher

Dimas Maulana

More Details >

AdsPlace'r – Ad Manager, Inserter, AdSense Ads <= 1.1.5 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-31088

Patch Status
Unpatched

Published
Mar 29, 2024

Affected Software
AdsPlace'r – Ad Manager, Inserter, AdSense Ads

Researcher

Dimas Maulana

More Details >

Advanced Sermons <= 3.1 - Reflected Cross-Site Scripting via s

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-29928

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
Advanced Sermons

Researcher

Dhabaleshwar Das

More Details >

All In One Redirection <= 2.2.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-30506

Patch Status
Unpatched

Published
Mar 28, 2024

Affected Software
All In One Redirection

Researcher

Pham Ho Anh Dung

More Details >

Appointment Calendar <= 2.9.6 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-30561

Patch Status
Unpatched

Published
Mar 29, 2024

Affected Software
Appointment Calendar

Researcher

Dimas Maulana

More Details >

BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net <= 1.1.4.2 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-30200

Patch Status
Patched

Published
Mar 26, 2024

Affected Software
BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net

Researcher

Rafie Muhammad

More Details >

BizPrint <= 4.5.4 - Cross-Site Request Forgery to Cross-Site Scripting via process.php

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-29773

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
Print Anywhere & Create PDFs of Order Receipts, Invoices, Labels & More.

Researcher

Joshua Chan

More Details >

Booking Activities <= 1.15.19 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-30449

Patch Status
Patched

Published
Mar 28, 2024

Affected Software
Booking Activities

Researcher

Jean Tirstan T

More Details >

Booster for WooCommerce <= 7.1.7 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-29760

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
Booster for WooCommerce

Researcher

Rafie Muhammad

More Details >

BuddyForms <= 2.8.5 - Reflected Cross-Site Scripting via page

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-30198

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC)

Researcher

Dimas Maulana

More Details >

Buddypress Moderation <= 1.2.5 - Unauthenticated Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-2864

Patch Status
Unpatched

Published
Mar 25, 2024

Affected Software
BuddyPress Moderation

Researcher(s): Unknown

More Details >

Bulk NoIndex & NoFollow Toolkit <= 2.01 - Reflected Cross-Site Scripting via tab, order, and orderby

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-29791

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
Bulk NoIndex & NoFollow Toolkit

Researcher

Le Ngoc Anh

More Details >

Calculated Fields Form <= 1.2.54 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-29759

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
Calculated Fields Form

Researcher

Rafie Muhammad

More Details >

Christmas Greetings <= 1.2.5 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-2116

Patch Status
Patched

Published
Mar 28, 2024

Affected Software
Christmas Greetings

Researcher

Lucio Sá

More Details >

Co-marquage service-public.fr <= 0.5.72 - Reflected Cross-Site Scripting via search_term

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-29758

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
Co-marquage service-public.fr

Researcher

beluga

More Details >

Comic Easel <= 1.15 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-31092

Patch Status
Unpatched

Published
Mar 29, 2024

Affected Software
Comic Easel

Researcher

Dimas Maulana

More Details >

Contact Form 7 Newsletter <= 2.2 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-31110

Patch Status
Unpatched

Published
Mar 29, 2024

Affected Software
Contact Form 7 Newsletter

Researcher

Dimas Maulana

More Details >

Contest Gallery <= 21.3.5 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-30428

Patch Status
Patched

Published
Mar 28, 2024

Affected Software
Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal, Social Share Buttons

Researcher

Dimas Maulana

More Details >

Conversios.io <= 6.9.1 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-29794

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
Google Analytics 4 (GA4), Google Ads, Meta Pixel, GTM & Multiple Pixels for Woocommerce & WordPress

Researcher

Le Ngoc Anh

More Details >

Convert Post Types <= 1.4 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-31112

Patch Status
Unpatched

Published
Mar 29, 2024

Affected Software
Convert Post Types

Researcher

Dimas Maulana

More Details >

Creative Image Slider – Responsive Slider Plugin <= 2.1.3 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-30447

Patch Status
Patched

Published
Mar 28, 2024

Affected Software
Creative Image Slider – Responsive Slider Plugin

Researcher

Jean Tirstan T

More Details >

Custom Field Bulk Editor <= 1.9.1 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-31091

Patch Status
Unpatched

Published
Mar 29, 2024

Affected Software
Custom Field Bulk Editor

Researcher

Dimas Maulana

More Details >

Doneren met Mollie <= 2.10.2 - Unauthenticated Reflected Cross-Site Scripting via search

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-29767

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
Doneren met Mollie

Researcher

Dimas Maulana

More Details >

Easy Social Share Buttons <= 9.4 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-30196

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
Easy Social Share Buttons for WordPress

Researcher

Rafie Muhammad

More Details >

Email Subscribers & Newsletters <= 5.7.11 - Reflected Cross-Site Scripting via campaign_id

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-22300

Patch Status
Patched

Published
Mar 26, 2024

Affected Software
Email Subscribers by Icegram Express – Affordable, Powerful Email Marketing for WordPress & WooCommerce

Researcher

Rafie Muhammad

More Details >

Favicon Rotator <= 1.2.10 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-28001

Patch Status
Patched

Published
Mar 26, 2024

Affected Software
Favicon Rotator

Researcher

Rafie Muhammad

More Details >

Forminator <= 1.29.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-29777

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
Forminator Forms – Contact Form, Payment Form & Custom Form Builder

Researcher

Rafie Muhammad

More Details >

FV Flowplayer Video Player <= 7.5.41.7212 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-22299

Patch Status
Patched

Published
Mar 26, 2024

Affected Software
FV Flowplayer Video Player

Researcher

Rafie Muhammad

More Details >

Hacklog Down As PDF <= 2.3.6 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-31090

Patch Status
Unpatched

Published
Mar 29, 2024

Affected Software
Hacklog Down As PDF

Researcher

Dimas Maulana

More Details >

Header Image Slider <= 0.3 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-30547

Patch Status
Unpatched

Published
Mar 29, 2024

Affected Software
Header Image Slider

Researcher

Dimas Maulana

More Details >

Jobeleon Theme <= 1.9.1 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2022-47153

Patch Status
Patched

Published
Mar 28, 2024

Affected Software
Jobeleon WPJobBoard

Researcher

RE-ALTER

More Details >

Kanban Boards for WordPress <= 2.5.21 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-31103

Patch Status
Unpatched

Published
Mar 29, 2024

Affected Software
Kanban Boards for WordPress

Researcher

beluga

More Details >

Limit Attempts by BestWebSoft <= 1.2.9 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-30439

Patch Status
Patched

Published
Mar 28, 2024

Affected Software
Limit Attempts by BestWebSoft – WordPress Anti-Bot and Security Plugin for Login and Forms

Researcher

Dimas Maulana

More Details >

Mailster <= 1.0.3 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-30503

Patch Status
Patched

Published
Mar 28, 2024

Affected Software
Mailster WordPress Newsletter Plugin

Researcher

Rafie Muhammad

More Details >

Mang Board WP <= 1.8.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-30431

Patch Status
Patched

Published
Mar 28, 2024

Affected Software
Mang Board WP

Researcher

Dimas Maulana

More Details >

OpenID <= 3.6.1 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-31107

Patch Status
Unpatched

Published
Mar 29, 2024

Affected Software
OpenID

Researcher

Dimas Maulana

More Details >

pageMash > Page Management <= 1.3.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-31087

Patch Status
Unpatched

Published
Mar 29, 2024

Affected Software
pageMash > Page Management

Researcher

Dimas Maulana

More Details >

Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.21 - Reflected Cross-Site Scripting via 'current_url'

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-29832

Patch Status
Patched

Published
Mar 26, 2024

Affected Software
Photo Gallery by 10Web – Mobile-Friendly Image Gallery

Researcher

AppCheck

More Details >

Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.21 - Reflected Cross-Site Scripting via 'image_id'

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-29808

Patch Status
Patched

Published
Mar 26, 2024

Affected Software
Photo Gallery by 10Web – Mobile-Friendly Image Gallery

Researcher

AppCheck

More Details >

Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.21 - Reflected Cross-Site Scripting via 'image_url'

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-29809

Patch Status
Patched

Published
Mar 26, 2024

Affected Software
Photo Gallery by 10Web – Mobile-Friendly Image Gallery

Researcher

AppCheck

More Details >

Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.21 - Reflected Cross-Site Scripting via 'thumb_url'

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-29810

Patch Status
Patched

Published
Mar 26, 2024

Affected Software
Photo Gallery by 10Web – Mobile-Friendly Image Gallery

Researcher

AppCheck

More Details >

Photo Gallery by Ays <= 5.5.2 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-29919

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
Photo Gallery by Ays – Responsive Image Gallery

Researcher

Majed Refaea

More Details >

Podlove Podcast Publisher <= 4.0.9 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-29915

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
Podlove Podcast Publisher

Researcher

Dimas Maulana

More Details >

Post Grid <= 2.2.74 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-30441

Patch Status
Patched

Published
Mar 28, 2024

Affected Software
Post Grid and Gutenberg Blocks – ComboBlocks

Researcher

Rafie Muhammad

More Details >

Post-Plugin Library <= 2.6.2.1 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-31085

Patch Status
Unpatched

Published
Mar 29, 2024

Affected Software
Post-Plugin Library

Researcher

Dimas Maulana

More Details >

Premium Packages <= 5.8.2 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-29924

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
Premium Packages – Sell Digital Products Securely

Researcher

beluga

More Details >

Preview E-mails for WooCommerce <= 2.2.1 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-27999

Patch Status
Patched

Published
Mar 26, 2024

Affected Software
Preview E-mails for WooCommerce

Researcher

Rafie Muhammad

More Details >

Product Feed PRO for WooCommerce by AdTribes – WooCommerce Product Feeds for Google, Facebook/Meta, Bing, & More <= 13.2.5 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-24800

Patch Status
Patched

Published
Mar 26, 2024

Affected Software
Product Feed PRO for WooCommerce by AdTribes – WooCommerce Product Feeds

Researcher

Rafie Muhammad

More Details >

PropertyHive <= 2.0.8 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-29923

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
PropertyHive

Researcher

beluga

More Details >

ReDi Restaurant Reservation <= 24.0128 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-29806

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
ReDi Restaurant Reservation

Researcher

Le Ngoc Anh

More Details >

Responsive Image Gallery, Gallery Album <= 2.0.3 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-30550

Patch Status
Unpatched

Published
Mar 29, 2024

Affected Software
Gallery – Image and Video Gallery with Thumbnails

Researcher

LVT-tholv2k

More Details >

RoyalSlider <= 3.4.2 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-30195

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
RoyalSlider

Researcher

Rafie Muhammad

More Details >

SEO Backlink Monitor <= 1.5.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-29907

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
SEO Backlink Monitor

Researcher

Dimas Maulana

More Details >

SEO Plugin by Squirrly SEO <= 12.3.16 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-29790

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
SEO Plugin by Squirrly SEO

Researcher

Rafie Muhammad

More Details >

SEO Title Tag <= 3.5.9 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-31097

Patch Status
Unpatched

Published
Mar 29, 2024

Affected Software
SEO Title Tag

Researcher

Dimas Maulana

More Details >

Seriously Simple Podcasting <= 3.0.2 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-25599

Patch Status
Patched

Published
Mar 26, 2024

Affected Software
Seriously Simple Podcasting

Researcher

Rafie Muhammad

More Details >

Shipping with Venipak for WooCommerce <= 1.19.5 - Reflected Cross-Site Scripting via 'venipak_labels_link'

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-29805

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
Shipping with Venipak for WooCommerce

Researcher

Le Ngoc Anh

More Details >

Shortlinks by Pretty Links <= 3.6.2 - Reflected Cross-Site Scripting via post_status

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-29770

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
PrettyLinks – Affiliate Links, Link Branding, Link Tracking & Marketing Plugin

Researcher

Rafie Muhammad

More Details >

Simply Schedule Appointments <= 1.6.6.20 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-22311

Patch Status
Patched

Published
Mar 26, 2024

Affected Software
Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin

Researcher

Rafie Muhammad

More Details >

Social Author Bio <= 2.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-30545

Patch Status
Unpatched

Published
Mar 29, 2024

Affected Software
Social Author Bio

Researcher

Cronus

More Details >

SpiderFAQ <= 1.3.2 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-31123

Patch Status
Unpatched

Published
Mar 29, 2024

Affected Software
SpiderFAQ

Researcher

Dimas Maulana

More Details >

Spiffy Calendar <= 4.9.7 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-30427

Patch Status
Patched

Published
Mar 28, 2024

Affected Software
Spiffy Calendar

Researcher

Dimas Maulana

More Details >

Sunshine Photo Cart <= 3.1.1 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-30194

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
Sunshine Photo Cart: Free Client Photo Galleries for Photographers

Researcher

Dimas Maulana

More Details >

Survey Maker <= 4.0.6 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-29918

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
Survey Maker

Researcher

Dimas Maulana

More Details >

Tax Rate Upload <= 2.4.5 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-31105

Patch Status
Unpatched

Published
Mar 29, 2024

Affected Software
Tax Rate Upload

Researcher

thiennv

More Details >

The Plus Blocks for Block Editor | Gutenberg <= 3.2.5 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-30435

Patch Status
Patched

Published
Mar 28, 2024

Affected Software
Nexter Blocks – WordPress Gutenberg Blocks & 1000+ Starter Templates

Researcher

LVT-tholv2k

More Details >

Tumult Hype Animations <= 1.9.11 - Cross-Site Request Forgery to Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-30461

Patch Status
Patched

Published
Mar 28, 2024

Affected Software
Tumult Hype Animations

Researcher

Majed Refaea

More Details >

Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.93 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-29792

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
Unlimited Elements For Elementor (Free Widgets, Addons, Templates)

Researcher

Rafie Muhammad

More Details >

User Rights Access Manager <= 1.1.2 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-31122

Patch Status
Unpatched

Published
Mar 29, 2024

Affected Software
User Rights Access Manager

Researcher

beluga

More Details >

Weekly Class Schedule <= 3.19 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-31084

Patch Status
Unpatched

Published
Mar 29, 2024

Affected Software
Weekly Class Schedule

Researcher

Dimas Maulana

More Details >

WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels <= 4.4.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-22288

Patch Status
Patched

Published
Mar 26, 2024

Affected Software
WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels

Researcher

Rafie Muhammad

More Details >

Woocommerce Social Media Share Buttons <= 1.3.0 - Cross-Site Request Forgery to Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-31109

Patch Status
Unpatched

Published
Mar 29, 2024

Affected Software
Woocommerce Social Media Share Buttons

Researcher

Dimas Maulana

More Details >

WordPress Importer <= 1.0.4 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-30201

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
WP Smart Import : Import any XML File to WordPress

Researcher

Dimas Maulana

More Details >

WP Directory Kit <= 1.2.9 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-29774

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
WP Directory Kit

Researcher

Dimas Maulana

More Details >

WP Editor <= 1.2.8 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-24700

Patch Status
Patched

Published
Mar 26, 2024

Affected Software
WP Editor

Researcher

Rafie Muhammad

More Details >

WP Google Maps <= 9.0.29 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-29931

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
WP Go Maps (formerly WP Google Maps)

Researcher

Rafie Muhammad

More Details >

WP-Lister Lite for Amazon <= 2.6.8 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-30199

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
WP-Lister Lite for Amazon

Researcher

beluga

More Details >

Yoo Slider <= 2.1.1 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-31106

Patch Status
Unpatched

Published
Mar 29, 2024

Affected Software
Yoo Slider – Image Slider & Video Slider

Researcher

Dimas Maulana

More Details >

WP Reset <= 2.0 - Sensitive Information Exposure due to Insufficient Randomness

5.9

CVSS Rating
Medium (5.9)

CVE-ID
CVE-2023-6799

Patch Status
Patched

Published
Mar 26, 2024

Affected Software
WP Reset – Most Advanced WordPress Reset Tool

Researcher

Justin Kennedy

More Details >

AI WP Writer <= 3.6.5 - Missing Authorization

5.6

CVSS Rating
Medium (5.6)

CVE-ID
CVE-2024-30459

Patch Status
Patched

Published
Mar 28, 2024

Affected Software
AI WP Writer – automatic content creator, ChatGPT, GPT-4, Dalle 3, FLUX

Researcher

Majed Refaea

More Details >

Astra <= 4.6.4 - Authenticated (Editor+) Stored Cross-Site Scripting via Theme Header/Footer

5.5

CVSS Rating
Medium (5.5)

CVE-ID
CVE-2024-29768

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
Astra

Researcher

Phill Sav (Savphill)

More Details >

Breeze <= 2.1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via breeze_api_token

5.5

CVSS Rating
Medium (5.5)

CVE-ID
CVE-2024-27188

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
Breeze – WordPress Cache Plugin

Researcher

Jorge Diaz (ddiax)

More Details >

Carousel Slider <= 2.2.6 - Authenticated (Editor+) Stored Cross-Site Scripting

5.5

CVSS Rating
Medium (5.5)

CVE-ID
CVE-2024-1712

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
Responsive Tabs

Researcher

Dmitrii Ignatyev

More Details >

CMP – Coming Soon & Maintenance <= 4.1.10 - Authenticated (Admin+) Server-Side Request Forgery

5.5

CVSS Rating
Medium (5.5)

CVE-ID
CVE-2023-50374

Patch Status
Patched

Published
Mar 27, 2024

Affected Software
CMP – Coming Soon & Maintenance Plugin by NiteoThemes

Researcher

Yuchen Ji

More Details >

EventPrime <= 3.3.9 - Authenticated (Administrator+) Stored Cross-Site Scripting

5.5

CVSS Rating
Medium (5.5)

CVE-ID
CVE-2024-29776

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
EventPrime – Events Calendar, Bookings and Tickets

Researcher

Mochamad Sofyan

More Details >

Funnel Builder by CartFlows <= 2.0.1 - Authenticated (Editor+) Stored Cross-Site Scripting via settings

5.5

CVSS Rating
Medium (5.5)

CVE-ID
CVE-2024-29813

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
WooCommerce Checkout & Funnel Builder by CartFlows – Create High Converting Stores For WooCommerce

Researcher

LVT-tholv2k

More Details >

Locatoraid Store Locator <= 3.9.30 - Authenticated (Administrator+) Stored Cross-Site Scripting

5.5

CVSS Rating
Medium (5.5)

CVE-ID
CVE-2024-30181

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
Locatoraid Store Locator

Researcher

Joshua Chan

More Details >

Molongui <= 4.7.7 - Authenticated (Author+) Stored Cross-Site Scripting

5.5

CVSS Rating
Medium (5.5)

CVE-ID
CVE-2024-29764

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
Author Box, Guest Author and Co-Authors for Your Posts – Molongui

Researcher

CatFather

More Details >

Photo Gallery by Supsystic <= 1.15.16 - Authenticated (Administrator+) Stored Cross-Site Scripting

5.5

CVSS Rating
Medium (5.5)

CVE-ID
CVE-2024-29921

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
Photo Gallery by Supsystic

Researcher

Jean Tirstan T

More Details >

Simply Static <= 3.1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting

5.5

CVSS Rating
Medium (5.5)

CVE-ID
CVE-2024-30178

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
Simply Static – The WordPress Static Site Generator

Researcher

CatFather

More Details >

Slider Hero <= 8.6.1 - Authenticated (Administrator+) Stored Cross-Site Scripting

5.5

CVSS Rating
Medium (5.5)

CVE-ID
CVE-2024-29922

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
Slider Hero with Video Background, Animation

Researcher

Jean Tirstan T

More Details >

Elementor Addon Elements <= 1.13.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

5.4

CVSS Rating
Medium (5.4)

CVE-ID
CVE-2024-2091

Patch Status
Patched

Published
Mar 27, 2024

Affected Software
Elementor Addon Elements

Researcher

wesley (wcraft)

More Details >

Elementor Website Builder Pro <= 3.20.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

5.4

CVSS Rating
Medium (5.4)

CVE-ID
CVE-2024-2121

Patch Status
Patched

Published
Mar 26, 2024

Affected Software
Elementor Website Builder Pro

Researcher

wesley (wcraft)

More Details >

Elementor Website Builder Pro <= 3.20.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Navigation

5.4

CVSS Rating
Medium (5.4)

CVE-ID
CVE-2024-2120

Patch Status
Patched

Published
Mar 26, 2024

Affected Software
Elementor Website Builder Pro

Researcher

wesley (wcraft)

More Details >

Finale Lite <= 2.18.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation and Activation

5.4

CVSS Rating
Medium (5.4)

CVE-ID
CVE-2024-30485

Patch Status
Patched

Published
Mar 28, 2024

Affected Software
Finale Lite – Sales Countdown Timer & Discount for WooCommerce

Researcher

beluga

More Details >

Lightbox slider – Responsive Lightbox Gallery <= 1.9.9 - Authenticated (Contributor+) PHP Object Injection

5.4

CVSS Rating
Medium (5.4)

CVE-ID
CVE-2024-1858

Patch Status
Patched

Published
Mar 28, 2024

Affected Software
Lightbox slider – Responsive Lightbox Gallery

Researcher

Francesco Carlucci

More Details >

Pocket News Generator <= 0.2.0 - Cross-Site Request Forgery to Settings Update

5.4

CVSS Rating
Medium (5.4)

CVE-ID
CVE-2024-2964

Patch Status
Unpatched

Published
Mar 28, 2024

Affected Software
Pocket News Generator

Researcher

Benedictus Jovan (aillesiM)

More Details >

Salon booking system <= 9.6.2 - Authenticated (Customer+) Stored Cross-Site Scripting

5.4

CVSS Rating
Medium (5.4)

CVE-ID
CVE-2024-2101

Patch Status
Patched

Published
Mar 27, 2024

Affected Software
Salon Booking System

Researcher

Priyanka Pande

More Details >

Themify Shortcodes <= 2.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting

5.4

CVSS Rating
Medium (5.4)

CVE-ID
CVE-2024-2732

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
Themify Shortcodes

Researcher

Krzysztof Zając

More Details >

Whizzy <= 1.1.18 - Authenticated (Subscriber+) Insecure Direct Object Reference

5.4

CVSS Rating
Medium (5.4)

CVE-ID
CVE-2024-30543

Patch Status
Unpatched

Published
Mar 29, 2024

Affected Software
Whizzy

Researcher

Steven Julian

More Details >

WP-Eggdrop <= 0.1 - Cross-Site Request Forgery to Settings Update

5.4

CVSS Rating
Medium (5.4)

CVE-ID
CVE-2024-2969

Patch Status
Unpatched

Published
Mar 28, 2024

Affected Software
WP-Eggdrop

Researcher

Benedictus Jovan (aillesiM)

More Details >

Awesome Support <= 6.1.7 - Missing Authorization

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-30539

Patch Status
Patched

Published
Mar 29, 2024

Affected Software
Awesome Support – WordPress HelpDesk & Support Plugin

Researcher

Khalid

More Details >

BEAR <= 1.1.4.3 - Missing Authorization

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-30463

Patch Status
Patched

Published
Mar 28, 2024

Affected Software
BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net

Researcher

Dhabaleshwar Das

More Details >

Booking Package <= 1.6.27 - Unauthenticated Price Manipulation

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-30516

Patch Status
Patched

Published
Mar 28, 2024

Affected Software
Booking Package

Researcher

Abdi Pranata

More Details >

Calendarista Basic Edition <= 3.0.5 - Missing Authorization

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-30534

Patch Status
Patched

Published
Mar 29, 2024

Affected Software
Calendarista Basic Edition – WordPress appointment booking system

Researcher

Mochamad Sofyan

More Details >

CGC Maintenance Mode <= 1.2 - IP Spoofing

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-30480

Patch Status
Unpatched

Published
Mar 28, 2024

Affected Software
CGC Maintenance Mode

Researcher

Mika

More Details >

coreActivity <= 2.0.1 - IP Spoofing

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-0868

Patch Status
Patched

Published
Mar 27, 2024

Affected Software
coreActivity: Activity Logging plugin for WordPress

Researcher

Erwan LR

More Details >

DELUCKS SEO <= 2.5.4 - Missing Authorization

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-30538

Patch Status
Patched

Published
Mar 29, 2024

Affected Software
DELUCKS SEO

Researcher

Mika

More Details >

Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.13 - Unauthenticated Sensitive Information Exposure

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-2974

Patch Status
Patched

Published
Mar 29, 2024

Affected Software
Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders

Researcher

Ankit Patel

More Details >

FG PrestaShop to WooCommerce <= 4.45.1 - Unauthenticated Sensitive Information Disclosure

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-30511

Patch Status
Patched

Published
Mar 29, 2024

Affected Software
FG PrestaShop to WooCommerce

Researcher

beluga

More Details >

IP Blocker Lite <= 11.1.1 - IP Spoofing

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-30479

Patch Status
Unpatched

Published
Mar 28, 2024

Affected Software
LionScripts: IP Blocker Lite

Researcher

Mika

More Details >

Klarna Payments for WooCommerce <= 3.2.4 - Missing Authorization

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-30477

Patch Status
Patched

Published
Mar 28, 2024

Affected Software
Klarna for WooCommerce

Researcher

Mika

More Details >

Move Addons for Elementor <= 1.2.9 - Missing Authorization

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-30525

Patch Status
Patched

Published
Mar 29, 2024

Affected Software
Move Addons for Elementor

Researcher

Mika

More Details >

Networker - Tech News WordPress Theme with Dark Mode <= 1.1.9 - Missing Authorization

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-2962

Patch Status
Patched

Published
Mar 26, 2024

Affected Software
Networker - Tech News WordPress Theme with Dark Mode

Researcher

Muhammad Zeeshan (Xib3rR4dAr)

More Details >

Newsletter <= 8.2.0 - IP Spoofing

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-30522

Patch Status
Patched

Published
Mar 28, 2024

Affected Software
Newsletter – Send awesome emails from WordPress

Researcher

Mika

More Details >

Newsmatic <= 1.3.4 - Unauthenticated Information Exposure via newsmatic_filter_posts_load_tab_content

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-1587

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
Newsmatic

Researcher

Krzysztof Zając

More Details >

Paid Memberships Pro – Mailchimp Add On <= 2.3.4 - Unauthenticated Information Disclosure

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-30523

Patch Status
Patched

Published
Mar 28, 2024

Affected Software
Paid Memberships Pro – Mailchimp Add On

Researcher

Muhammad Daffa

More Details >

Paid Memberships Pro – Payfast Gateway Add On <= 1.4.1 - Unauthenticated Information Exposure

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-30514

Patch Status
Patched

Published
Mar 28, 2024

Affected Software
Paid Memberships Pro – Payfast Gateway Add On

Researcher

Joshua Chan

More Details >

Radio Player <= 2.0.73 - Missing Authorization via get_players

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-2906

Patch Status
Patched

Published
Mar 26, 2024

Affected Software
Radio Player – Live Shoutcast, Icecast and Any Audio Stream Player for WordPress

Researcher

Elliot

More Details >

RT Easy Builder – Advanced addons for Elementor <= 2.0 - Missing Authorization

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-30484

Patch Status
Patched

Published
Mar 28, 2024

Affected Software
RT Easy Builder – Advanced addons for Elementor

Researcher

Friday

More Details >

Simple Buttons Creator <=1.04 - Cross-Site Request Forgery to Arbitrary Button Deletion

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-2858

Patch Status
Unpatched

Published
Mar 25, 2024

Affected Software
Simple Buttons Creator

Researcher

Bob Matyas

More Details >

Tainacan <= 0.20.7 - Missing Authorization

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-30529

Patch Status
Patched

Published
Mar 29, 2024

Affected Software
Tainacan

Researcher

Dhabaleshwar Das

More Details >

Thumbs Rating <= 5.1.0 - Unauthenticated Insecure Direct Object Reference

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-31095

Patch Status
Unpatched

Published
Mar 29, 2024

Affected Software
Thumbs Rating

Researcher

Kyle Sanchez

More Details >

VS Contact Form <= 14.7 - CAPTCHA Bypass

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-30540

Patch Status
Patched

Published
Mar 29, 2024

Affected Software
VS Contact Form

Researcher

Kyle Sanchez

More Details >

weForms <= 1.6.20 - Missing Authorization

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-30512

Patch Status
Patched

Published
Mar 28, 2024

Affected Software
weForms – Easy Drag & Drop Contact Form Builder For WordPress

Researcher

Kyle Sanchez

More Details >

Whizzy <= 1.1.18 - Missing Authorization

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-30544

Patch Status
Unpatched

Published
Mar 29, 2024

Affected Software
Whizzy

Researcher

Steven Julian

More Details >

Wholesale For WooCommerce <= 2.3.0 - Unauthenticated Information Exposure

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-30469

Patch Status
Patched

Published
Mar 28, 2024

Affected Software
Wholesale For WooCommerce

Researcher

Dave Jong

More Details >

WP Express Checkout (Accept PayPal Payments) <= 2.3.7 - Unauthenticated Price Manipulation

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-30527

Patch Status
Patched

Published
Mar 29, 2024

Affected Software
WP Express Checkout (Accept PayPal Payments Easily)

Researcher

Xinzhi Luo

More Details >

WP Hotel Booking <= 2.0.9.2 - Missing Authorization

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-30508

Patch Status
Patched

Published
Mar 28, 2024

Affected Software
WP Hotel Booking

Researcher

beluga

More Details >

Ajax Load More <= 7.0.1 - Authenticated (Admin+) Directory Traversal to Arbitrary File Read

4.9

CVSS Rating
Medium (4.9)

CVE-ID
CVE-2024-1790

Patch Status
Patched

Published
Mar 26, 2024

Affected Software
WordPress Infinite Scroll – Ajax Load More

Researcher

Hoa Le Ngoc (lengochoa)

More Details >

Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 3.8.0 - Authenticated (Author+) Stored Cross-Site Scripting

4.6

CVSS Rating
Medium (4.6)

CVE-ID
CVE-2024-2108

Patch Status
Patched

Published
Mar 28, 2024

Affected Software
Ninja Forms – The Contact Form Builder That Grows With You

Researcher

Tim Coen

More Details >

Ajax Load More <= 7.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
Unknown

Patch Status
Patched

Published
Mar 28, 2024

Affected Software
WordPress Infinite Scroll – Ajax Load More

Researcher

afei

More Details >

Contact Forms by Cimatti <= 1.8.0 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2024-30549

Patch Status
Patched

Published
Mar 29, 2024

Affected Software
WordPress Contact Forms by Cimatti

Researcher

Joel Indra

More Details >

Fancy Product Designer < 6.1.81 - Authenticated (Admin+) Stored Cross-Site Scripting via Product Title

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2024-0902

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
Fancy Product Designer

Researcher

Bob Matyas

More Details >

Fluent CRM <= 2.8.44 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2024-30430

Patch Status
Patched

Published
Mar 28, 2024

Affected Software
FluentCRM – Email Newsletter, Automation, Email Marketing, Email Campaigns, Optins, Leads, and CRM Solution

Researcher

Ananda Dhakal

More Details >

Landing Page Builder <= 1.5.1.7 - Authenticated (Editor+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2024-30452

Patch Status
Patched

Published
Mar 28, 2024

Affected Software
Landing Page Builder – Coming Soon page, Maintenance Mode, Lead Page, WordPress Landing Pages

Researcher

Steven Julian

More Details >

NPS computy <= 2.7.5 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2024-1754

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
NPS computy

Researcher

Bob Matyas

More Details >

Platinum SEO <= 2.4.0 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2024-31089

Patch Status
Unpatched

Published
Mar 29, 2024

Affected Software
Platinum SEO

Researcher

Mika

More Details >

Pocket News Generator <= 0.2.0 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2024-2963

Patch Status
Unpatched

Published
Mar 28, 2024

Affected Software
Pocket News Generator

Researcher

Benedictus Jovan (aillesiM)

More Details >

Prenotazioni <= 1.7.4 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2024-31102

Patch Status
Unpatched

Published
Mar 29, 2024

Affected Software
Prenotazioni

Researcher

Faizal Abroni

More Details >

Simple Ajax Chat <= 20231101 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2024-2956

Patch Status
Patched

Published
Mar 26, 2024

Affected Software
Simple Ajax Chat – Add a Fast, Secure Chat Box

Researcher

Vincent Fourcade (vinceMatsui)

More Details >

Slider by Supsystic <= 1.8.10 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2024-30448

Patch Status
Patched

Published
Mar 28, 2024

Affected Software
Slider by Supsystic

Researcher

Jean Tirstan T

More Details >

Social Media Share Buttons <= 2.8.8 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2024-2118

Patch Status
Patched

Published
Mar 27, 2024

Affected Software
Social Media Share Buttons & Social Sharing Icons

Researcher

Dmitrii Ignatyev

More Details >

Social Share, Social Login and Social Comments Plugin – Super Socializer <= 7.13.63 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2024-2836

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
Social Share, Social Login and Social Comments Plugin – Super Socializer

Researcher

Dmitrii Ignatyev

More Details >

Special Box for Content <= 1 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2024-31119

Patch Status
Unpatched

Published
Mar 29, 2024

Affected Software
Special Box for Content

Researcher

Cronus

More Details >

Testimonial Slider <= 2.3.7 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2024-1746

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
Testimonial Slider

Researcher

Dmitrii Ignatyev

More Details >

Themify Event Post <= 1.2.7 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2024-30440

Patch Status
Patched

Published
Mar 28, 2024

Affected Software
Themify Event Post

Researcher

Dhabaleshwar Das

More Details >

Top Bar <= 3.0.4 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2024-1660

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
Top Bar

Researcher

Dmitrii Ignatyev

More Details >

underConstruction <= 1.21 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2024-30548

Patch Status
Patched

Published
Mar 29, 2024

Affected Software
underConstruction

Researcher

Felipe Restrepo Rodriguez (pfelilpe)

More Details >

WCFM – Frontend Manager for WooCommerce <= 6.7.8 - Authenticated (Shop manager+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2024-29929

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible

Researcher

Steven Julian

More Details >

Woo Viet <= 1.5.2 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2024-29816

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
Woo Viet – WooCommerce for Vietnam

Researcher

Dhabaleshwar Das

More Details >

WordPress Page Builder – Zion Builder <= 3.6.9 - Authenticated (Editor+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2024-30444

Patch Status
Patched

Published
Mar 28, 2024

Affected Software
WordPress Page Builder – Zion Builder

Researcher

Phill Sav (Savphill)

More Details >

WP Change Email Sender <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2024-29815

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
WP Change Email Sender

Researcher

Dhabaleshwar Das

More Details >

WP Poll Maker <= 3.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2024-29818

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
ePoll – Best WordPress Voting Plugin for Poll & Contest

Researcher

Dhabaleshwar Das

More Details >

WP Staging (Free <= 3.3.3, Pro <= 5.3.3) - Authenticated (Administrator+) Stored Cross-Site-Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2024-2309

Patch Status
Patched

Published
Mar 27, 2024

Affected Software
WP STAGING WordPress Backup Plugin – Migration Backup Restore
WP STAGING Pro WordPress Backup Plugin

Researcher

Dmitrii Ignatyev

More Details >

WP Twitter Mega Fan Box Widget <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2024-30553

Patch Status
Unpatched

Published
Mar 29, 2024

Affected Software
WP Twitter Mega Fan Box Widget

Researcher

Cronus

More Details >

WP-CRM System <= 3.2.9 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2024-30434

Patch Status
Patched

Published
Mar 28, 2024

Affected Software
WordPress CRM Plugin – WP-CRM System

Researcher

Joshua Chan

More Details >

WP-Eggdrop <= 0.1 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2024-2968

Patch Status
Unpatched

Published
Mar 28, 2024

Affected Software
WP-Eggdrop

Researcher

Benedictus Jovan (aillesiM)

More Details >

WP-Lister Lite for Amazon <= 2.6.11 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2024-2889

Patch Status
Patched

Published
Mar 26, 2024

Affected Software
WP-Lister Lite for Amazon

Researcher

Joshua Chan

More Details >

Advance Search <= 1.1.6 - Cross-Site Request Forgery to Shortcode Deletion

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-2739

Patch Status
Unpatched

Published
Mar 25, 2024

Affected Software
Advanced Search

Researcher

Bob Matyas

More Details >

Broken Images <= 0.2 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-31093

Patch Status
Unpatched

Published
Mar 29, 2024

Affected Software
Broken Images

Researcher

Dimas Maulana

More Details >

Change default login logo,url and title <= 2.0 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-31086

Patch Status
Unpatched

Published
Mar 29, 2024

Affected Software
Change default login logo,url and title

Researcher

Dimas Maulana

More Details >

Church Admin <= 4.1.18 - Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-30505

Patch Status
Patched

Published
Mar 28, 2024

Affected Software
Church Admin

Researcher

CatFather

More Details >

Church Admin <= 4.1.7 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-30493

Patch Status
Patched

Published
Mar 28, 2024

Affected Software
Church Admin

Researcher

Peng Zhou

More Details >

CM Download Manager < 2.9.0 - Cross-Site Request Forgery via delHeader

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-1232

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
CM Download Manager – Document and File Management

Researcher

Sushmita Poudel

More Details >

CM Download Manager < 2.9.0 - Cross-Site Request Forgery via unpublishHeader

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-1231

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
CM Download Manager – Document and File Management

Researcher

Sushmita Poudel

More Details >

CM Download Manager < 2.9.1 - Cross-Site Request Forgery via editHeader

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-1962

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
CM Download Manager – Document and File Management

Researcher

Bob Matyas

More Details >

Colibri Page Builder <= 1.0.248 - Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-28004

Patch Status
Patched

Published
Mar 26, 2024

Affected Software
Colibri Page Builder

Researcher

Rafie Muhammad

More Details >

Custom WooCommerce Checkout Fields Editor <= 1.3.0 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-30518

Patch Status
Patched

Published
Mar 28, 2024

Affected Software
Custom WooCommerce Checkout Fields Editor

Researcher

Skalucy

More Details >

DX-Watermark <= 1.0.4 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-30560

Patch Status
Unpatched

Published
Mar 29, 2024

Affected Software
DX-Watermark

Researcher

Dimas Maulana

More Details >

Easy Appointments <= 3.11.18 - Insufficient Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-2844

Patch Status
Patched

Published
Mar 28, 2024

Affected Software
Easy Appointments

Researcher

Krzysztof Zając

More Details >

Easy PopUp Show <= 0.12 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-29009

Patch Status
Unpatched

Published
Mar 25, 2024

Affected Software
Easy PopUp Show

Researcher

Daiki Sueyoshi

More Details >

Easy Social Feed <= 6.5.6 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-30526

Patch Status
Patched

Published
Mar 29, 2024

Affected Software
Easy Social Feed – Social Photos Gallery – Post Feed – Like Box

Researcher

Brandon James Roldan (tomorrowisnew)

More Details >

Essential Blocks for Gutenberg <= 4.4.9 - Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-30467

Patch Status
Patched

Published
Mar 28, 2024

Affected Software
Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates

Researcher

Rafie Muhammad

More Details >

Event Tickets and Registration <= 5.8.2 - Improper Authorization to Information Disclosure

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-2261

Patch Status
Patched

Published
Mar 26, 2024

Affected Software
Event Tickets and Registration

Researcher

Tim Coen

More Details >

Events Manager <= 6.4.6.4 - Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-30515

Patch Status
Patched

Published
Mar 28, 2024

Affected Software
Events Manager – Calendar, Bookings, Tickets, and more!

Researcher

Abdi Pranata

More Details >

Events Manager <= 6.4.7.1 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-30421

Patch Status
Patched

Published
Mar 28, 2024

Affected Software
Events Manager – Calendar, Bookings, Tickets, and more!

Researcher

Dhabaleshwar Das

More Details >

Events Manager <= 6.4.7.1 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-2110

Patch Status
Patched

Published
Mar 27, 2024

Affected Software
Events Manager – Calendar, Bookings, Tickets, and more!

Researcher

Tim Coen

More Details >

GamiPress <= 6.8.5 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-30455

Patch Status
Patched

Published
Mar 28, 2024

Affected Software
GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress

Researcher

Ananda Dhakal

More Details >

HUSKY – Products Filter for WooCommerce (formerly WOOF) <= 1.3.5.1 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-30462

Patch Status
Patched

Published
Mar 28, 2024

Affected Software
HUSKY – Products Filter Professional for WooCommerce

Researcher

Dhabaleshwar Das

More Details >

Landingi Landing Pages <= 3.1.1 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-30521

Patch Status
Patched

Published
Mar 28, 2024

Affected Software
Landingi Landing Pages

Researcher

Skalucy

More Details >

LWS Optimize <= 1.9.1 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-30541

Patch Status
Patched

Published
Mar 29, 2024

Affected Software
LWS Optimize

Researcher

Dhabaleshwar Das

More Details >

Max Mega Menu <= 3.3. - Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-28003

Patch Status
Patched

Published
Mar 26, 2024

Affected Software
Max Mega Menu

Researcher

Rafie Muhammad

More Details >

Meta Box – WordPress Custom Fields Framework <= 5.9.3 - Authenticated (Contributor+) Information Exposure via Post Meta

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-1204

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
Meta Box

Researcher

Scott Kingsley Clark

More Details >

Molongui <= 4.7.7 - Authenticated (Author+) Insecure Direct Object Reference

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-30507

Patch Status
Patched

Published
Mar 28, 2024

Affected Software
Author Box, Guest Author and Co-Authors for Your Posts – Molongui

Researcher

CatFather

More Details >

MP3 Audio Player for Music, Radio & Podcast by Sonaar <= 5.1 - Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-30487

Patch Status
Patched

Published
Mar 28, 2024

Affected Software
MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar

Researcher

Steven Julian

More Details >

Multiple Page Generator Plugin – MPG <= 3.4.0 - Missing Authorization via mpg_get_log_by_project_id

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-30235

Patch Status
Patched

Published
Mar 26, 2024

Affected Software
Multiple Page Generator Plugin – MPG

Researcher

Majed Refaea

More Details >

New Order Notification for Woocommerce <= 2.0.2 - Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-31098

Patch Status
Unpatched

Published
Mar 29, 2024

Affected Software
New Order Notification for Woocommerce

Researcher

beluga

More Details >

News Wall <= 1.1.0 - Cross-Site Request Forgery to Plugin Settings Update

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-2970

Patch Status
Unpatched

Published
Mar 28, 2024

Affected Software
News Wall

Researcher

Benedictus Jovan (aillesiM)

More Details >

Nictitate <= 1.1.4 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-31096

Patch Status
Unpatched

Published
Mar 29, 2024

Affected Software
Nictitate

Researcher

Dhabaleshwar Das

More Details >

Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 3.8.0 - Cross-Site Request Forgery to Publicly Accessible Form Submission Export

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-2113

Patch Status
Patched

Published
Mar 28, 2024

Affected Software
Ninja Forms – The Contact Form Builder That Grows With You

Researcher

Tobias Weißhaar (kun_19)

More Details >

NPS computy <= 2.7.5 - Cross-Site Request Forgery to Results Deletion

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-1755

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
NPS computy

Researcher

Bob Matyas

More Details >

OceanWP <= 3.5.4 - Missing Authorization to Sensitive Information Exposure via Limited Local File Inclusion

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-2476

Patch Status
Patched

Published
Mar 28, 2024

Affected Software
OceanWP

Researcher

Webbernaut

More Details >

PageLayer <= 1.8.1 - Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-30465

Patch Status
Patched

Published
Mar 28, 2024

Affected Software
Page Builder: Pagelayer – Drag and Drop website builder

Researcher

Rafie Muhammad

More Details >

Paid Memberships Pro <= 2.12.10 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-0588

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions

Researcher

kodaichodai

More Details >

Pods - Custom Content Types and Fields - Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2023-6965

Patch Status
Patched

Published
Mar 28, 2024

Affected Software
Pods – Custom Content Types and Fields

Researcher

Nex Team

More Details >

Popup Cart Lite for WooCommerce <= 1.1 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-31100

Patch Status
Unpatched

Published
Mar 29, 2024

Affected Software
Popup Cart Lite for WooCommerce

Researcher

Skalucy

More Details >

ProfileGrid <= 5.7.2 - Authenticated (Subscriber+) Insecure Direct Object Reference

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-30513

Patch Status
Patched

Published
Mar 28, 2024

Affected Software
ProfileGrid – User Profiles, Groups and Communities

Researcher

Van Lyubov

More Details >

RegistrationMagic <= 5.3.0.0 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-2951

Patch Status
Patched

Published
Mar 26, 2024

Affected Software
RegistrationMagic – User Registration Plugin with Custom Registration Forms

Researcher

Joshua Chan

More Details >

Shortcodes and extra features for Phlox theme <= 2.15.8 - Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-31099

Patch Status
Patched

Published
Mar 29, 2024

Affected Software
Shortcodes and extra features for Phlox theme

Researcher

Rafie Muhammad

More Details >

Simple Revisions Delete <= 1.5.3 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-30482

Patch Status
Patched

Published
Mar 28, 2024

Affected Software
Simple Revisions Delete

Researcher

Brandon James Roldan (tomorrowisnew)

More Details >

Sliced Invoices <= 3.9.2 - Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-30517

Patch Status
Patched

Published
Mar 28, 2024

Affected Software
Sliced Invoices – WordPress Invoice Plugin

Researcher

Lucio Sá

More Details >

Slugs Manager <= 2.6.7 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-30536

Patch Status
Patched

Published
Mar 29, 2024

Affected Software
Slugs Manager: Delete Old Permalinks from WordPress Database

Researcher

Nguyen Xuan Chien

More Details >

Smart Forms <= 2.6.93 - Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-1307

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
Smart Forms – when you need more than just a contact form

Researcher

Amir Hossein Fallahi

More Details >

Social Icons Widget & Block by WPZOOM <= 4.2.15 - Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-30464

Patch Status
Patched

Published
Mar 28, 2024

Affected Software
Social Icons Widget & Block by WPZOOM

Researcher

Rafie Muhammad

More Details >

Spiffy Calendar <= 4.9.10 - Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-30528

Patch Status
Patched

Published
Mar 29, 2024

Affected Software
Spiffy Calendar

Researcher

Steven Julian

More Details >

WholesaleX <= 1.3.1 - Authenticated(Subscriber+) Missing Authorization via multiple AJAX actions

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-30234

Patch Status
Patched

Published
Mar 26, 2024

Affected Software
WholesaleX – WooCommerce Wholesale Plugin (Wholesale Prices, Dynamic Pricing, Tiered Pricing)

Researcher

Emili Castells

More Details >

WholesaleX <= 1.3.1 - Sensitive Information Exposure via export_users

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-30233

Patch Status
Patched

Published
Mar 26, 2024

Affected Software
WholesaleX – WooCommerce Wholesale Plugin (Wholesale Prices, Dynamic Pricing, Tiered Pricing)

Researcher

Emili Castells

More Details >

WooCommerce <= 8.5.2 - Missing Authorization to Private/Draft Product Disclosure

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-1310

Patch Status
Patched

Published
Mar 25, 2024

Affected Software
WooCommerce

Researcher

Scott Kingsley Clark

More Details >

WooCommerce Multilingual & Multicurrency <= 5.3.4 - Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-30466

Patch Status
Patched

Published
Mar 28, 2024

Affected Software
WooCommerce Multilingual & Multicurrency with WPML

Researcher

Rafie Muhammad

More Details >

WOOCS – WooCommerce Currency Switcher <= 1.4.1.7 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-30458

Patch Status
Patched

Published
Mar 28, 2024

Affected Software
FOX – Currency Switcher Professional for WooCommerce

Researcher

Dhabaleshwar Das

More Details >

WordPress Meta Data and Taxonomies Filter (MDTF) <= 1.3.3.1 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-30457

Patch Status
Patched

Published
Mar 28, 2024

Affected Software
MDTF – Meta Data and Taxonomies Filter

Researcher

Dhabaleshwar Das

More Details >

WP SMS <= 6.6.2 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-30454

Patch Status
Patched

Published
Mar 28, 2024

Affected Software
WP SMS – Ultimate SMS & MMS Notifications, 2FA, OTP, and Integrations with WooCommerce, GravityForms, and More

Researcher

Peng Zhou

More Details >

WPC Badge Management for WooCommerce <= 2.4.0 - Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-30537

Patch Status
Patched

Published
Mar 29, 2024

Affected Software
WPC Badge Management for WooCommerce

Researcher

Abdi Pranata

More Details >

WPCS <= 1.2.0.1 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-30456

Patch Status
Patched

Published
Mar 28, 2024

Affected Software
WPCS – WordPress Currency Switcher Professional

Researcher

Dhabaleshwar Das

More Details >

YITH WooCommerce Account Funds Premium <= 1.33.0 - Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-30470

Patch Status
Patched

Published
Mar 28, 2024

Affected Software
YITH WooCommerce Account Funds Premium

Researcher

Dave Jong

More Details >

Import Export WordPress Users <= 2.5.2 - Authenticated (Shop Manager+) Path Traversal

2.7

CVSS Rating
Low (2.7)

CVE-ID
CVE-2024-30492

Patch Status
Patched

Published
Mar 28, 2024

Affected Software
Export and Import Users and Customers

Researcher

Ananda Dhakal

More Details >