Lucene search

K
wordfenceChloe ChamberlandWORDFENCE:15D13D66B505D254CC68A3DA142982DD
HistoryApr 18, 2024 - 3:58 p.m.

Wordfence Intelligence Weekly WordPress Vulnerability Report (April 8, 2024 to April 14, 2024)

2024-04-1815:58:54
Chloe Chamberland
www.wordfence.com
29
wordfence
wordpress
vulnerabilities
firewall
protection
threats

8.8 High

AI Score

Confidence

High

0.092 Low

EPSS

Percentile

94.7%


πŸŽ‰ Did you know we're running a Bug Bounty Extravaganza again?

Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure!


Last week, there were 219 vulnerabilities disclosed in 209 WordPress Plugins, 21 WordPress Themes, and one in WordPress Core that have been added to the Wordfence Intelligence Vulnerability Database, and there were 69 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.

Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface, vulnerability API, webhook integration, and Wordfence CLI Vulnerability Scanner are all completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.

Enterprises, Hosting Providers, and even Individuals can use the Wordfence CLI Vulnerability Scanner to run regular vulnerability scans across the sites they protect. Or alternatively, utilize the vulnerability Database API to receive a complete dump of our database of over 15,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.


New Firewall Rules Deployed Last Week

The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.

The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our Premium, Care, and Response customers last week:

Wordfence Premium, Care, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.


Total Unpatched & Patched Vulnerabilities Last Week

Patch Status Number of Vulnerabilities
Patched 180
Unpatched 39

Total Vulnerabilities by CVSS Severity Last Week

Severity Rating Number of Vulnerabilities
Medium Severity 195
High Severity 11
Critical Severity 13

Total Vulnerabilities by CWE Type Last Week

Vulnerability Type by CWE Number of Vulnerabilities
Cross-Site Request Forgery (CSRF) 101
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 56
Missing Authorization 24
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') 14
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) 6
Deserialization of Untrusted Data 3
Information Exposure 3
Server-Side Request Forgery (SSRF) 3
Improper Authorization 2
Improper Input Validation 2
Unrestricted Upload of File with Dangerous Type 2
URL Redirection to Untrusted Site ('Open Redirect') 2
Improper Access Control 1

Researchers That Contributed to WordPress Security Last Week

Researcher Name Number of Vulnerabilities

Dhabaleshwar Das

| 53

Majed Refaea

| 12

Joshua Chan

| 11

Krzysztof ZajΔ…c

| 7

Bob Matyas

| 7

Mika

| 6

wesley (wcraft)

| 5

JoΓ£o Pedro Soares de AlcΓ’ntara

| 5

Nikolas

| 5

Dave Jong

| 5

Brandon James Roldan (tomorrowisnew)

| 5

Dimas Maulana

| 4

Nguyen Xuan Chien

| 4

Le Ngoc Anh

| 4

Abdi Pranata

| 4

NgΓ΄ ThiΓͺn An (ancorn_)

| 4

Steven Julian

| 4

stealthcopter

| 4

Francesco Carlucci

| 3

thiennv

| 3

Cronus

| 3

Rafie Muhammad

| 3

Lucio SΓ‘

| 3

Webbernaut

| 2

Ananda Dhakal

| 2

CatFather

| 2

1337_Wannabe

| 2

Byeongjun Jo

| 2

Vladislav Pokrovsky (ΞX.MI)

| 2

emad

| 2

John Blackbourn

| 2

Khalid

| 2

Muhammad Daffa

| 2

Myungju Kim

| 2

younsoung kim

| 2

SeoHyeon Lee

| 2

SeoHee Kang

| 2

Ryotaro Imamura

| 2

Ivan Spiridonov (xbz0n)

| 2

Peng Zhou

| 2

Thura Moe Myint (mgthuramoemyint)

| 2

Duc Manh

| 2

Thanh Nam Tran

| 1

Karl Emil Nikka

| 1

Krugov Artyom

| 1

Erwan LR

| 1

Liu Shaohong

| 1

cyc707

| 1

Joel Indra

| 1

Ulyses Saicha

| 1

Trình Vũ

| 1

Dmitrii Ignatyev

| 1

tiborisaak

| 1

Skalucy

| 1

Christiaan Swiers (YouGina)

| 1

Yuchen Ji

| 1

Nathaniel Oh (0x4n3)

| 1

Briana Campbell (TerraByte)

| 1

Maksim Kosenko

| 1

Dau Hoang Tai

| 1

Emili Castells

| 1

Manab Jyoti Dowarah

| 1

hoanpk

| 1

Phill Sav (Savphill)

| 1

Mohamed Azarudheen

| 1

Ray Wilson

| 1

beluga

| 1

Sharanabasappa

| 1

AtaTurk1925

| 1

Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and earn a bounty on in-scope vulnerabilities through our Bug Bounty Program. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.


WordPress Plugins with Reported Vulnerabilities Last Week

Software Name Software Slug
Account Engagement pardot
ActiveCampaign – Forms, Site Tracking, Live Chat activecampaign-subscription-forms
Ads.txt Admin ads-txt-admin
Advanced Cron Manager – debug & control advanced-cron-manager
Advanced iFrame advanced-iframe
Advanced Page Visit Counter – Most Wanted Analytics Plugin for WordPress advanced-page-visit-counter
Advanced Post Block – Display Posts, Pages, or Custom Posts on Your Page advanced-post-block
AffiEasy affieasy
AIKit - WordPress AI Automatic Writer, Chatbot, Writing Assistant & Content Repurposer / OpenAI GPT aikit-wordpress-ai-writing-assistant-using-gpt3
All-in-One Addons for Elementor – WidgetKit widgetkit-for-elementor
Appointment Bookings for Zoom GoogleMeet and more – Wappointment wappointment
AppPresser – Mobile App Framework apppresser
Asgaros Forum asgaros-forum
Aspose.Words – Import and Export word documents aspose-doc-exporter
BA Book Everything ba-book-everything
Backup Migration backup-backup
BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net woo-bulk-editor
Before And After: Lead Capture Forms For WordPress before-and-after
Benchmark Email Lite benchmark-email-lite
Better Chat Support – Chat Bubble and Chat Button with Gutenberg, Elementor and Shortcode chat-help
BizCalendar Web bizcalendar-web
Blocksy Companion blocksy-companion
Bold Page Builder bold-page-builder
Booking for Appointments and Events Calendar – Amelia ameliabooking
Boostify Header Footer Builder for Elementor boostify-header-footer-builder
Build 5 Star Reviews on Google Reviews, Yelp, Facebook… easily and risk-free RRatingg
bunny.net – WordPress CDN Plugin bunnycdn
Button Generator – easily Button Builder button-generation
BWL Advanced FAQ Manager bwl-advanced-faq-manager
Calendarista Basic Edition – WordPress appointment booking system calendarista-basic-edition
Carousel Slider carousel-slider
Carousel, Slider, Gallery by WP Carousel – Image Carousel & Photo Gallery, Post Carousel & Post Grid, Product Carousel & Product Grid for WooCommerce wp-carousel-free
CBX Bookmark & Favorite cbxwpbookmark
Church Admin church-admin
Church Content – Sermons, Events and More church-theme-content
Citadela Directory citadela-directory
Clone wp-clone-by-wp-academy
Contact Form Plugin contact-form-lite
Convert Post Types convert-post-types
Counter Box: Create Engaging Countdowns, Timers & Counters counter-box
Crony Cronjob Manager crony
Currency per Product for WooCommerce currency-per-product-for-woocommerce
Customily Product Personalizer customily-v2
Dashboard To-Do List dashboard-to-do-list
Dashboard Welcome for Elementor dashboard-welcome-for-elementor
Disable Comments WPZest
Download Manager downloadmanager
Duplicate Post copy-delete-posts
E2Pdf – Export To Pdf Tool for WordPress e2pdf
Easy Logo easylogo
eCommerce Product Catalog Plugin for WordPress ecommerce-product-catalog
Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) bdthemes-element-pack-lite
Elementor Addons by Livemesh addons-for-elementor
ELEX WooCommerce Dynamic Pricing and Discounts elex-woocommerce-dynamic-pricing-and-discounts
Email Marketing for WooCommerce by Omnisend omnisend-connect
Enhanced Text Widget enhanced-text-widget
eRoom – Zoom Meetings & Webinars eroom-zoom-meetings-webinar
Essential Grid Gallery WordPress Plugin essential-grid
Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress Plugin mage-eventpress
EWWW Image Optimizer ewww-image-optimizer
Exclusive Addons for Elementor exclusive-addons-for-elementor
Extra Product Options Builder for WooCommerce additional-product-fields-for-woocommerce
EZ Form Calculator ez-form-calculator
F4 Improvements f4-improvements
Favicon by RealFaviconGenerator favicon-by-realfavicongenerator
Filter Custom Fields & Taxonomies Light filter-custom-fields-taxonomies-light
Finale Lite – Sales Countdown Timer & Discount for WooCommerce finale-woocommerce-sales-countdown-timer-discount
Find Duplicates find-duplicates
Float menu – awesome floating side menu float-menu
Forminator – Contact Form, Payment Form & Custom Form Builder forminator
Forms to Zapier, Integromat, IFTTT, Workato, Automate.io, elastic.io, Built.io, APIANT, Webhook forms-to-zapier
Freshdesk (official) freshdesk-support
FV Flowplayer Video Player fv-wordpress-flowplayer
Gallery Box gallery-box
GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress gamipress
GEO my WordPress geo-my-wp
Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported) gift-voucher
GiveWP – Donation Plugin and Fundraising Platform give
GP Unique ID gp-unique-id
Gutenberg gutenberg
Gutenberg Blocks with AI by Kadence WP – Page Builder Features kadence-blocks
Gutenverse – Gutenberg Blocks – Page Builder for Site Editor gutenverse
Herd Effects – fake notifications and social proof plugin mwp-herd-effect
Import any XML or CSV File to WordPress wp-all-import
Import Users from CSV import-users-from-csv
Inline Related Posts intelly-related-posts
InstaWP Connect – 1-click WP Staging & Migration instawp-connect
Intagrate Lite instagrate-to-wordpress
IP2Location Country Blocker ip2location-country-blocker
Ivory Search – WordPress Search Plugin add-search-to-menu
Jobs for WordPress job-postings
Kattene kattene
Kimili Flash Embed kimili-flash-embed
Language Translate Widget for WordPress – ConveyThis conveythis-translate
Leadinfo leadinfo
Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps) leaflet-maps-marker
Legal Pages – Privacy Policy, Terms & Conditions, GDPR, CCPA, and Cookie Notice Generator legal-pages
Libsyn Publisher Hub libsyn-podcasting
LifterLMS – WordPress LMS Plugin for eLearning lifterlms
Link Whisper Free link-whisper
Load More Anything ajax-load-more-anything
Login With Ajax – Fast Logins, 2FA, Redirects login-with-ajax
Login with phone number login-with-phone-number
Login Login Page
Mail logging – WP Mail Catcher wp-mail-catcher
MailChimp Forms by MailMunch mailchimp-forms-by-mailmunch
Marker.io – Visual Website Feedback marker-io
Matterport Shortcode shortcode-gallery-for-matterport-showcase
Membership Plugin – Restrict Content restrict-content
Migration, Backup, Staging – WPvivid wpvivid-backuprestore
MihanPanel – User Login , Registration and Dashboard mihanpanel-lite
Modal Window – create popup modal window modal-window
MultiParcels Shipping For WooCommerce multiparcels-shipping-for-woocommerce
MWW Disclaimer Buttons mww-disclaimer-buttons
Newsletter – Send awesome emails from WordPress newsletter
NextMove Lite – Thank You Page for WooCommerce woo-thank-you-page-nextmove-lite
Ninja Forms – The Contact Form Builder That Grows With You ninja-forms
No-Bot Registration no-bot-registration
Novelist novelist
Ocean Extra ocean-extra
Order Delivery Date for WooCommerce order-delivery-date-for-woocommerce
Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE otter-blocks
Ovic Addon Toolkit ovic-addon-toolkit
Page Builder: Live Composer live-composer-page-builder
Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress wp-user-avatar
Podlove Podcast Publisher podlove-podcasting-plugin-for-wordpress
POEditor poeditor
Pop-up pop-up-pop-up
Popup Box – new WordPress popup plugin popup-box
Popup by Supsystic popup-by-supsystic
Popup Like box – Page Plugin ays-facebook-popup-likebox
Post Type Builder themify-ptb
Premium Addons for Elementor premium-addons-for-elementor
Premmerce Product Filter for WooCommerce premmerce-woocommerce-product-filter
Product Feed on WooCommerce for Google, Awin, Shareasale, Bing, and More purple-xmls-google-product-feed-for-woocommerce
Product Input Fields for WooCommerce product-input-fields-for-woocommerce
ProfileGrid – User Profiles, Groups and Communities profilegrid-user-profiles-groups-and-communities
Realtyna Organic IDX plugin + WPL Real Estate real-estate-listing-realtyna-wpl
ReDi Restaurant Reservation redi-restaurant-reservation
Redirection redirect-redirection
Remove Footer Credit remove-footer-credit
Responsive Contact Form Builder & Lead Generation Plugin lead-form-builder
Responsive Slider – Sangar Slider sangar-slider-lite
RestroPress – Online Food Ordering System restropress
RSS Redirect & Feedburner Alternative feedburner-alternative-and-rss-redirect
Save as Image Plugin by Pdfcrowd save-as-image-by-pdfcrowd
Save as PDF Plugin by Pdfcrowd save-as-pdf-by-pdfcrowd
Search Keyword Redirect wp-search-keyword-redirect
SEO Booster seo-booster
Shopkeeper Extender shopkeeper-extender
Shopping Cart & eCommerce Store wp-easycart
Short URL shorten-url
Simple Post Notes simple-post-notes
Siteimprove siteimprove
Slider Revolution revslider
Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Slideshows ml-slider
Smart Forms – when you need more than just a contact form smart-forms
Smart Slider 3 smart-slider-3
Smash Balloon Social Post Feed – Simple Social Feeds for WordPress custom-facebook-feed
Social Media Social Share Icon add-social-share
Social Share Icons & Social Share Buttons ultimate-social-media-plus
Spotlight Social Feeds [Block, Shortcode, and Widget] spotlight-social-photo-feeds
SSL Mixed Content Fix http-https-remover
Sticky Buttons – floating buttons builder sticky-buttons
Subscribe2 – Form, Email Subscribers & Newsletters subscribe2
Sync Post With Other Site sync-post-with-other-site
Table Plugin for WordPress with Google Sheets Integration – Sheets to WP Table Live Sync sheets-to-wp-table-live-sync
Tablesome – Responsive Table, Woocommerce Automation, Email Log, Form Automation – Contact Form 7, Elementor, WPForms, Forminator tablesome
TempTool [Show Current Template Info] current-template-name
The Events Calendar the-events-calendar
Top Bar top-bar
TOP Table Of Contents top-table-of-contents
TWIPLA (Visitor Analytics IO) – Privacy-First Website Stats, Session Recordings, Heatmaps, Polls and Surveys visitor-analytics-io
Ultimate Before After Image Slider & Gallery – BEAF beaf-before-and-after-gallery
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin ultimate-member
Ultimate Posts Widget ultimate-posts-widget
Ultimate Product Catalog ultimate-product-catalogue
Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider ultimate-store-kit
UNKNOWN-CVE-2014-4663 UNKNOWN-CVE-2014-4663
Unlimited Elementor Inner Sections By BoomDevs unlimited-elementor-inner-sections-by-boomdevs
User Activity Log Pro user-activity-log-pro
UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress userswp
USPS Shipping for WooCommerce – Live Rates flexible-shipping-usps
Wallet System for WooCommerce – Digital Wallet, Cashback Rewards, Recharge User Wallets, View Transaction History wallet-system-for-woocommerce
Webinar Solution: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings WebinarIgnition
Website Builder by SeedProd β€” Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode coming-soon
Welcart e-Commerce usc-e-shop
WOLF – WordPress Posts Bulk Editor and Manager Professional bulk-editor
WooCommerce UPS Shipping – Live Rates and Access Points flexible-shipping-ups
WordPress Classifieds Plugin – Ad Directory & Listings by AWP Classifieds another-wordpress-classifieds-plugin
WordPress Flipbook by Supsystic digital-publications-by-supsystic
WordPress Hosting Benchmark tool wpbenchmark
WordPress Tour & Travel Booking Plugin for WooCommerce – WpTravelly tour-booking-manager
WP Accessibility Helper (WAH) wp-accessibility-helper
WP Activity Log Premium wp-security-audit-log-premium
WP Client Reports wp-client-reports
WP Compress – Image Optimizer [All-In-One] wp-compress-image-optimizer
WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to Force HTTPS, Security+ wp-letsencrypt-ssl
WP Event Aggregator: Import Eventbrite events, Meetup events, social events and any iCal Events into WordPress wp-event-aggregator
WP Google Analytics Events – No-Code Custom Event Tracking for Google Analytics wp-google-analytics-events
WP Login and Logout Redirect wp-login-and-logout-redirect
WP Radio – Worldwide Online Radio Stations Directory for WordPress wp-radio
WP Synchro – WordPress Migration Plugin for Database & Files wpsynchro
WP2LEADS WordPress und KlickTipp einfach verbinden – WooCommerce und KlickTipp einfach verbinden
WPBakery Visual Composer js_composer
WPC Smart Quick View for WooCommerce woo-smart-quick-view
WPZOOM Social Feed Widget & Block instagram-widget-by-wpzoom
XPlainer – WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin] faq-for-woocommerce
Zoho Campaigns zoho-campaigns

WordPress Themes with Reported Vulnerabilities Last Week

Software Name Software Slug
Blocksy blocksy
CityLogic citylogic
Default Mag default-mag
Emmet Lite emmet-lite
Gridsby gridsby
HappenStance happenstance
i-excel i-excel
i-max i-max
Lightning lightning
Namaha namaha
NewsXpress newsxpress
Panoramic panoramic
PopularFX popularfx
Sarada Lite sarada-lite
Sensible WP sensible-wp
Shopstar! shopstar
Sliding Door sliding-door
Soledad soledad
Spa and Salon spa-and-salon
The Conference the-conference
X-T9 x-t9

Vulnerability Details

Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you'd like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.

Realtyna Organic IDX plugin <= 4.14.4 - Unauthenticated SQL Injection

10.0

CVSS Rating
Critical (10.0)

CVE-ID
CVE-2024-32128

Patch Status
Unpatched

Published
Apr 12, 2024

Affected Software
Realtyna Organic IDX plugin + WPL Real Estate

Researcher

Joshua Chan

More Details >

AIKit <= 4.14.1 - Authenticated (Contributor+) SQL Injection

9.9

CVSS Rating
Critical (9.9)

CVE-ID
CVE-2024-31370

Patch Status
Unpatched

Published
Apr 9, 2024

Affected Software
AIKit - WordPress AI Automatic Writer, Chatbot, Writing Assistant & Content Repurposer / OpenAI GPT

Researcher

Ivan Spiridonov (xbz0n)

More Details >

BA Book Everything <= 1.6.4 - Authenticated (Contributor+) SQL Injection

9.9

CVSS Rating
Critical (9.9)

CVE-ID
CVE-2024-32125

Patch Status
Patched

Published
Apr 12, 2024

Affected Software
BA Book Everything

Researcher

Thanh Nam Tran

More Details >

Find Duplicates <= 1.4.6 - Authenticated (Subscriber+) SQL Injection

9.9

CVSS Rating
Critical (9.9)

CVE-ID
CVE-2024-32127

Patch Status
Unpatched

Published
Apr 12, 2024

Affected Software
Find Duplicates

Researcher

Le Ngoc Anh

More Details >

Podlove Podcast Publisher <= 4.0.12 - Authenticated (Contributor+) SQL Injection

9.9

CVSS Rating
Critical (9.9)

CVE-ID
CVE-2024-32139

Patch Status
Patched

Published
Apr 12, 2024

Affected Software
Podlove Podcast Publisher

Researcher

Peng Zhou

More Details >

User Activity Log Pro <= 2.3.4 - Authenticated (Subscriber+) SQL Injection

9.9

CVSS Rating
Critical (9.9)

CVE-ID
CVE-2024-32137

Patch Status
Unpatched

Published
Apr 12, 2024

Affected Software
User Activity Log Pro

Researcher

Dave Jong

More Details >

InstaWP Connect – 1-click WP Staging & Migration <= 0.1.0.22 - Unauthenticated Arbitrary File Upload

9.8

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2024-2667

Patch Status
Patched

Published
Apr 12, 2024

Affected Software
InstaWP Connect – 1-click WP Staging & Migration

Researcher

AtaTurk1925

More Details >

Advanced Page Visit Counter <= 8.0.6 - Authenticated (Administrator+) SQL Injection

9.1

CVSS Rating
Critical (9.1)

CVE-ID
CVE-2024-32098

Patch Status
Unpatched

Published
Apr 11, 2024

Affected Software
Advanced Page Visit Counter – Most Wanted Analytics Plugin for WordPress

Researcher

Le Ngoc Anh

More Details >

BWL Advanced FAQ Manager <= 2.0.3 - Authenticated (Administrator+) SQL Injection

9.1

CVSS Rating
Critical (9.1)

CVE-ID
CVE-2024-32136

Patch Status
Patched

Published
Apr 12, 2024

Affected Software
BWL Advanced FAQ Manager

Researcher

Ivan Spiridonov (xbz0n)

More Details >

CBX Bookmark & Favorite <= 1.7.20 - Authenticated (Administrator+) SQL Injection

9.1

CVSS Rating
Critical (9.1)

CVE-ID
CVE-2024-32132

Patch Status
Unpatched

Published
Apr 12, 2024

Affected Software
CBX Bookmark & Favorite

Researcher

Muhammad Daffa

More Details >

Disable Comments | WPZest <= 1.51 - Authenticated (Administrator+) SQL Injection

9.1

CVSS Rating
Critical (9.1)

CVE-ID
CVE-2024-32135

Patch Status
Unpatched

Published
Apr 12, 2024

Affected Software
Disable Comments | WPZest

Researcher

Dimas Maulana

More Details >

Forms to Zapier, Integromat, IFTTT, Workato, Automate.io, elastic.io, Built.io, APIANT, Webhook <= 1.1.12 - Authenticated (Administrator+) SQL Injection

9.1

CVSS Rating
Critical (9.1)

CVE-ID
CVE-2024-32134

Patch Status
Unpatched

Published
Apr 12, 2024

Affected Software
Forms to Zapier, Integromat, IFTTT, Workato, Automate.io, elastic.io, Built.io, APIANT, Webhook

Researcher

Muhammad Daffa

More Details >

Product Feed on WooCommerce for Google <= 3.5.7 - Authenticated (Administrator+) SQL Injection

9.1

CVSS Rating
Critical (9.1)

CVE-ID
CVE-2024-32087

Patch Status
Unpatched

Published
Apr 11, 2024

Affected Software
Product Feed on WooCommerce for Google, Awin, Shareasale, Bing, and More

Researcher

Le Ngoc Anh

More Details >

Shopping Cart & eCommerce Store <= 5.6.3 - Authenticated (Contributor+) SQL Injection

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2024-3211

Patch Status
Patched

Published
Apr 11, 2024

Affected Software
Shopping Cart & eCommerce Store

Researcher

Krzysztof ZajΔ…c

More Details >

WP Activity Log Premium <= 4.6.4 - Authenticated (Subscriber+) SQL Injection

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2024-2018

Patch Status
Patched

Published
Apr 9, 2024

Affected Software
WP Activity Log Premium

Researcher

1337_Wannabe

More Details >

Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.1.26 - Authenticated(Contributor+) Server-Side Request Forgery (SSRF)

8.5

CVSS Rating
High (8.5)

CVE-ID
CVE-2023-6964

Patch Status
Patched

Published
Apr 9, 2024

Affected Software
Gutenberg Blocks with AI by Kadence WP – Page Builder Features

Researcher

Lucio SΓ‘

More Details >

Citadela Listing <= 5.18.1 - Unauthenticated Sensitive Information Exposure

7.5

CVSS Rating
High (7.5)

CVE-ID
CVE-2024-32086

Patch Status
Unpatched

Published
Apr 11, 2024

Affected Software
Citadela Directory

Researcher

Dave Jong

More Details >

WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to Force HTTPS, SSL Score <= 7.0 - Sensitive Information Exposure via insufficiently protected files

7.5

CVSS Rating
High (7.5)

CVE-ID
CVE-2023-7046

Patch Status
Patched

Published
Apr 9, 2024

Affected Software
WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to Force HTTPS, Security+

Researcher

Krzysztof ZajΔ…c

More Details >

Carousel, Slider, Gallery by WP Carousel – Image Carousel & Photo Gallery, Post Carousel & Post Grid, Product Carousel & Product Grid for WooCommerce <= 2.6.3 - Authenticated (Admin+) PHP Object Injection

7.2

CVSS Rating
High (7.2)

CVE-ID
CVE-2024-3020

Patch Status
Patched

Published
Apr 9, 2024

Affected Software
Carousel, Slider, Gallery by WP Carousel – Image Carousel & Photo Gallery, Post Carousel & Post Grid, Product Carousel & Product Grid for WooCommerce

Researcher

hoanpk

More Details >

Customily Product Personalizer <= 1.23.3 - Unauthenticated Stored Cross-Site Scripting

7.2

CVSS Rating
High (7.2)

CVE-ID
CVE-2024-1774

Patch Status
Unpatched

Published
Apr 9, 2024

Affected Software
Customily Product Personalizer

Researcher

Francesco Carlucci

More Details >

Import Users from CSV <= 1.2 - Authenticated (Admin+) PHP Object Injection

7.2

CVSS Rating
High (7.2)

CVE-ID
CVE-2024-32431

Patch Status
Patched

Published
Apr 12, 2024

Affected Software
Import Users from CSV

Researcher

Trình Vũ

More Details >

Language Translate Widget for WordPress – ConveyThis <= 223 - Unauthenticated Stored Cross-Site Scripting via api_key

7.2

CVSS Rating
High (7.2)

CVE-ID
CVE-2023-6811

Patch Status
Patched

Published
Apr 10, 2024

Affected Software
Language Translate Widget for WordPress – ConveyThis

Researcher

Krzysztof ZajΔ…c

More Details >

WordPress Core < 6.5.2 - Unauthenticated & Authenticated (Contributor+) Stored Cross-Site Scripting via Avatar Block

7.2

CVSS Rating
High (7.2)

CVE-ID
CVE-2024-4439

Patch Status
Patched

Published
Apr 9, 2024

Affected Software
WordPress

Researchers

John Blackbourn

stealthcopter

More Details >

WPvivid Backup & Migration Plugin <= 0.9.99 - Authenticated (Admin+) PHAR Deserialization

7.2

CVSS Rating
High (7.2)

CVE-ID
CVE-2024-3054

Patch Status
Patched

Published
Apr 11, 2024

Affected Software
Migration, Backup, Staging – WPvivid

Researcher

Maksim Kosenko

More Details >

Responsive Contact Form Builder & Lead Generation Plugin <= 1.8.9 - Authenticated (Admin+) Stored Cross-Site Scripting

6.6

CVSS Rating
Medium (6.6)

CVE-ID
CVE-2024-3637

Patch Status
Unpatched

Published
Apr 12, 2024

Affected Software
Responsive Contact Form Builder & Lead Generation Plugin

Researcher

Mohamed Azarudheen

More Details >

Premium Addons for Elementor <= 4.10.27 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button

6.5

CVSS Rating
Medium (6.5)

CVE-ID
CVE-2024-2665

Patch Status
Patched

Published
Apr 9, 2024

Affected Software
Premium Addons for Elementor

Researcher

Dau Hoang Tai

More Details >

Advanced iFrame <= 2024.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-32079

Patch Status
Patched

Published
Apr 11, 2024

Affected Software
Advanced iFrame

Researcher

Byeongjun Jo

More Details >

All-in-One Addons for Elementor – WidgetKit <= 2.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Pricing Widgets

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-2137

Patch Status
Unpatched

Published
Apr 11, 2024

Affected Software
All-in-One Addons for Elementor – WidgetKit

Researcher

Francesco Carlucci

More Details >

Bold Page Builder <= 4.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via "Price List" Element

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-2735

Patch Status
Patched

Published
Apr 9, 2024

Affected Software
Bold Page Builder

Researcher

JoΓ£o Pedro Soares de AlcΓ’ntara

More Details >

Bold Page Builder <= 4.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via AI Features

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-2734

Patch Status
Patched

Published
Apr 9, 2024

Affected Software
Bold Page Builder

Researcher

JoΓ£o Pedro Soares de AlcΓ’ntara

More Details >

Bold Page Builder <= 4.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via HTML Tags

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-2736

Patch Status
Patched

Published
Apr 9, 2024

Affected Software
Bold Page Builder

Researcher

JoΓ£o Pedro Soares de AlcΓ’ntara

More Details >

Easy Contact Form Lite <= 1.1.23 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-32147

Patch Status
Patched

Published
Apr 12, 2024

Affected Software
Contact Form Plugin

Researcher

Abdi Pranata

More Details >

Elementor Addons by Livemesh <= 8.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Display Name

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-2655

Patch Status
Patched

Published
Apr 9, 2024

Affected Software
Elementor Addons by Livemesh

Researcher

stealthcopter

More Details >

Elementor Addons by Livemesh <= 8.3.6 - Authenticated(Contributor+) Stored Cross-Site Scripting via widget _id attribute

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-2539

Patch Status
Patched

Published
Apr 9, 2024

Affected Software
Elementor Addons by Livemesh

Researcher

NgΓ΄ ThiΓͺn An (ancorn_)

More Details >

Forminator – Contact Form, Payment Form & Custom Form Builder <= 1.29.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via forminator_form Shortcode

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-3053

Patch Status
Patched

Published
Apr 8, 2024

Affected Software
Forminator – Contact Form, Payment Form & Custom Form Builder

Researcher

wesley (wcraft)

More Details >

GiveWP – Donation Plugin and Fundraising Platform <= 3.6.1 – Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-1957

Patch Status
Patched

Published
Apr 12, 2024

Affected Software
GiveWP – Donation Plugin and Fundraising Platform

Researcher

NgΓ΄ ThiΓͺn An (ancorn_)

More Details >

Gutenberg 12.9.0 - 18.0.0 - Unauthenticated & Authenticated (Contributor+) Stored Cross-Site Scripting via Avatar Block

6.4

CVSS Rating
Medium (6.4)

CVE-ID
Unknown

Patch Status
Patched

Published
Apr 9, 2024

Affected Software
Gutenberg

Researchers

John Blackbourn

stealthcopter

More Details >

Gutenverse <= 1.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-3692

Patch Status
Patched

Published
Apr 12, 2024

Affected Software
Gutenverse – Gutenberg Blocks – Page Builder for Site Editor

Researcher

Dmitrii Ignatyev

More Details >

Kattene <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-32590

Patch Status
Patched

Published
Apr 9, 2024

Affected Software
Kattene

Researcher

CatFather

More Details >

Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps) <= 3.12.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-3670

Patch Status
Patched

Published
Apr 8, 2024

Affected Software
Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps)

Researcher

Krzysztof ZajΔ…c

More Details >

Libsyn Publisher Hub <= 1.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-32140

Patch Status
Unpatched

Published
Apr 12, 2024

Affected Software
Libsyn Publisher Hub

Researcher

CatFather

More Details >

Ocean Extra <= 2.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-3167

Patch Status
Patched

Published
Apr 8, 2024

Affected Software
Ocean Extra

Researcher

wesley (wcraft)

More Details >

Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE <= 2.6.8 - Authenticated (Author+) Limited File Upload to Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-3344

Patch Status
Patched

Published
Apr 10, 2024

Affected Software
Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE

Researcher

JoΓ£o Pedro Soares de AlcΓ’ntara

More Details >

Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE <= 2.6.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Attributes

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-3343

Patch Status
Patched

Published
Apr 10, 2024

Affected Software
Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE

Researcher

NgΓ΄ ThiΓͺn An (ancorn_)

More Details >

Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.15.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-2867

Patch Status
Patched

Published
Apr 11, 2024

Affected Software
Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress

Researcher

NgΓ΄ ThiΓͺn An (ancorn_)

More Details >

Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.15.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'reg-single-checkbox'

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-3210

Patch Status
Patched

Published
Apr 9, 2024

Affected Software
Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress

Researcher

stealthcopter

More Details >

Premium Addons for Elementor <= 4.10.16 - Authenticated(Contributor+) Stored Cross-Site Scripting via Wrapper Link Widget

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-0376

Patch Status
Patched

Published
Apr 9, 2024

Affected Software
Premium Addons for Elementor

Researcher

Webbernaut

More Details >

Premium Addons for Elementor <= 4.10.24 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-2664

Patch Status
Patched

Published
Apr 9, 2024

Affected Software
Premium Addons for Elementor

Researcher

Webbernaut

More Details >

Revslider <= 6.6.20 - Authenticated (Author+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-2306

Patch Status
Patched

Published
Apr 8, 2024

Affected Software
Slider Revolution

Researchers

wesley (wcraft)

Nikolas

More Details >

Shopkeeper Extender <= 3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-2801

Patch Status
Unpatched

Published
Apr 11, 2024

Affected Software
Shopkeeper Extender

Researcher

Francesco Carlucci

More Details >

Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Slideshows <= 3.70.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via metaslider Shortcode

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-3285

Patch Status
Patched

Published
Apr 10, 2024

Affected Software
Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Slideshows

Researcher

wesley (wcraft)

More Details >

Smart Slider 3 <= 3.5.1.22 - Missing Authorization to Limited File Upload

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-3027

Patch Status
Patched

Published
Apr 12, 2024

Affected Software
Smart Slider 3

Researcher

Christiaan Swiers (YouGina)

More Details >

Ultimate Store Kit Elementor Addons <= 1.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-31357

Patch Status
Patched

Published
Apr 8, 2024

Affected Software
Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider

Researcher

Ray Wilson

More Details >

WP Radio – Worldwide Online Radio Stations Directory for WordPress <= 3.1.9 - Authenticated(Subscriber+) Stored Cross-Site Scripting via Settings

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-1041

Patch Status
Unpatched

Published
Apr 9, 2024

Affected Software
WP Radio – Worldwide Online Radio Stations Directory for WordPress

Researcher

Lucio SΓ‘

More Details >

WP Radio – Worldwide Online Radio Stations Directory for WordPress <= 3.1.9 - Missing Authorization via multiple AJAX actions

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-1042

Patch Status
Unpatched

Published
Apr 9, 2024

Affected Software
WP Radio – Worldwide Online Radio Stations Directory for WordPress

Researcher

Lucio SΓ‘

More Details >

WPBakery Visual Composer <= 7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button onclick attribute

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-1805

Patch Status
Patched

Published
Apr 11, 2024

Affected Software
WPBakery Visual Composer

Researcher

Nikolas

More Details >

WPBakery Visual Composer <= 7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Heading tag attribute

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-1842

Patch Status
Patched

Published
Apr 11, 2024

Affected Software
WPBakery Visual Composer

Researcher

Nikolas

More Details >

WPBakery Visual Composer <= 7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Author

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-1840

Patch Status
Patched

Published
Apr 11, 2024

Affected Software
WPBakery Visual Composer

Researcher

Nikolas

More Details >

WPBakery Visual Composer <= 7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Title tag attribute

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-1841

Patch Status
Patched

Published
Apr 11, 2024

Affected Software
WPBakery Visual Composer

Researcher

Nikolas

More Details >

BizCalendar Web <= 1.1.0.19 - Reflected Cross-Site Scripting via 'tab'

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-1780

Patch Status
Unpatched

Published
Apr 9, 2024

Affected Software
BizCalendar Web

Researchers

Nathaniel Oh (0x4n3)

Briana Campbell (TerraByte)

More Details >

EZ Form Calculator <= 2.14.0.3 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-32133

Patch Status
Unpatched

Published
Apr 12, 2024

Affected Software
EZ Form Calculator

Researcher

Dimas Maulana

More Details >

Freshdesk (official) <= 2.3.6 - Open Redirect

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-32129

Patch Status
Patched

Published
Apr 12, 2024

Affected Software
Freshdesk (official)

Researcher

Le Ngoc Anh

More Details >

Jobs for WordPress <= 2.7.5 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-32149

Patch Status
Patched

Published
Apr 12, 2024

Affected Software
Jobs for WordPress

Researcher

Khalid

More Details >

Post Type Builder <= 2.0.8 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-31365

Patch Status
Unpatched

Published
Apr 9, 2024

Affected Software
Post Type Builder

Researcher

Dave Jong

More Details >

Short URL <= 1.6.8 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-32138

Patch Status
Unpatched

Published
Apr 12, 2024

Affected Software
Short URL

Researcher

Dimas Maulana

More Details >

WP Google Analytics Events <= 2.8.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-32145

Patch Status
Patched

Published
Apr 12, 2024

Affected Software
WP Google Analytics Events – No-Code Custom Event Tracking for Google Analytics

Researcher

Brandon James Roldan (tomorrowisnew)

More Details >

Finale Lite <= 2.18.0 - Cross-Site Request Forgery

5.8

CVSS Rating
Medium (5.8)

CVE-ID
CVE-2024-32107

Patch Status
Patched

Published
Apr 11, 2024

Affected Software
Finale Lite – Sales Countdown Timer & Discount for WooCommerce

Researcher

Dhabaleshwar Das

More Details >

ActiveCampaign <= 8.1.14 - Authenticated (Administrator+) Server-Side Request Forgery

5.5

CVSS Rating
Medium (5.5)

CVE-ID
CVE-2024-32430

Patch Status
Patched

Published
Apr 12, 2024

Affected Software
ActiveCampaign – Forms, Site Tracking, Live Chat

Researcher

Yuchen Ji

More Details >

Appointment Bookings for Zoom GoogleMeet and more – Wappointment <= 2.6.0 - Authenticated (Administrator+) Server-Side Request Forgery

5.5

CVSS Rating
Medium (5.5)

CVE-ID
CVE-2024-32454

Patch Status
Patched

Published
Apr 12, 2024

Affected Software
Appointment Bookings for Zoom GoogleMeet and more – Wappointment

Researcher

Manab Jyoti Dowarah

More Details >

Bold Page Builder <= 4.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Separator Element

5.4

CVSS Rating
Medium (5.4)

CVE-ID
CVE-2024-2733

Patch Status
Patched

Published
Apr 9, 2024

Affected Software
Bold Page Builder

Researcher

JoΓ£o Pedro Soares de AlcΓ’ntara

More Details >

FV Flowplayer Video Player <= 7.5.44.7212 - Authenticated (Contributor+) Arbitrary Redirect

5.4

CVSS Rating
Medium (5.4)

CVE-ID
CVE-2024-32078

Patch Status
Patched

Published
Apr 11, 2024

Affected Software
FV Flowplayer Video Player

Researcher

Byeongjun Jo

More Details >

Premium Addons for Elementor <= 4.10.24 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting

5.4

CVSS Rating
Medium (5.4)

CVE-ID
CVE-2024-2666

Patch Status
Patched

Published
Apr 9, 2024

Affected Software
Premium Addons for Elementor

Researcher

wesley (wcraft)

More Details >

Ultimate Member <= 2.8.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting

5.4

CVSS Rating
Medium (5.4)

CVE-ID
CVE-2024-2765

Patch Status
Patched

Published
Apr 10, 2024

Affected Software
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin

Researcher

tiborisaak

More Details >

USPS Shipping for WooCommerce – Live Rates <= 1.9.2 - Cross-Site Request Forgery

5.4

CVSS Rating
Medium (5.4)

CVE-ID
CVE-2024-31943

Patch Status
Patched

Published
Apr 10, 2024

Affected Software
USPS Shipping for WooCommerce – Live Rates

Researcher

Dhabaleshwar Das

More Details >

Welcart e-Commerce <= 2.9.14 - Missing Authorization

5.4

CVSS Rating
Medium (5.4)

CVE-ID
CVE-2024-32144

Patch Status
Patched

Published
Apr 12, 2024

Affected Software
Welcart e-Commerce

Researcher

emad

More Details >

5 star review funnel for Google Reviews, Trustpilot, ProvenExpert and more | RRatingg <= 1.2.67 - Missing Authorization

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-31358

Patch Status
Patched

Published
Apr 8, 2024

Affected Software
Build 5 Star Reviews on Google Reviews, Yelp, Facebook… easily and risk-free | RRatingg

Researcher

Emili Castells

More Details >

Advanced Post Block – Display Posts, Pages, or Custom Posts on Your Page <= 1.13.4 - Missing Authorization to Information Disclosure

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-0908

Patch Status
Patched

Published
Apr 11, 2024

Affected Software
Advanced Post Block – Display Posts, Pages, or Custom Posts on Your Page

Researcher

Krzysztof ZajΔ…c

More Details >

BEAR <= 1.1.4.1 & WOLF <= 1.0.8.1 - Cross-Site Request Forgery to Notice Dismissal

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-31430

Patch Status
Patched

Published
Apr 10, 2024

Affected Software
BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net
WOLF – WordPress Posts Bulk Editor and Manager Professional

Researcher

Dhabaleshwar Das

More Details >

Blocksy Companion <= 2.0.28 - Cross-Site Request Forgery

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-31932

Patch Status
Patched

Published
Apr 10, 2024

Affected Software
Blocksy Companion

Researcher

Vladislav Pokrovsky (ΞX.MI)

More Details >

Download Manager <= 3.2.82 - Password Protected File Bypass

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-32131

Patch Status
Patched

Published
Apr 12, 2024

Affected Software
Download Manager

Researcher

Liu Shaohong

More Details >

Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.5.6 - Sensitive Information Exposure via element_pack_ajax_search

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-2966

Patch Status
Patched

Published
Apr 10, 2024

Affected Software
Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)

Researcher

Krzysztof ZajΔ…c

More Details >

ELEX WooCommerce Dynamic Pricing and Discounts <= 2.1.2 - Cross-Site Request Forgery

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-32105

Patch Status
Patched

Published
Apr 11, 2024

Affected Software
ELEX WooCommerce Dynamic Pricing and Discounts

Researcher

Ananda Dhakal

More Details >

Essential Grid <= 3.1.1 - Unauthenticated Private Post Disclosure

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-3235

Patch Status
Patched

Published
Apr 9, 2024

Affected Software
Essential Grid Gallery WordPress Plugin

Researcher

1337_Wannabe

More Details >

GP Unique ID <= 1.5.5 - Unauthenticated Form Submission Unique ID Modification

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-0710

Patch Status
Patched

Published
Apr 10, 2024

Affected Software
GP Unique ID

Researcher

Karl Emil Nikka

More Details >

Leadinfo <= 1.0 - Cross-Site Request Forgery

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-32112

Patch Status
Unpatched

Published
Apr 11, 2024

Affected Software
Leadinfo

Researcher

Nguyen Xuan Chien

More Details >

Premmerce Product Filter for WooCommerce <= 3.7.2 - Missing Authorization

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-31359

Patch Status
Patched

Published
Apr 8, 2024

Affected Software
Premmerce Product Filter for WooCommerce

Researcher

Dhabaleshwar Das

More Details >

Restrict Content <= 3.2.8 - Missing Authorization

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-31432

Patch Status
Patched

Published
Apr 10, 2024

Affected Software
Membership Plugin – Restrict Content

Researcher

Dhabaleshwar Das

More Details >

Soledad <= 8.4.5 - Missing Authorization

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-31368

Patch Status
Patched

Published
Apr 9, 2024

Affected Software
Soledad

Researcher

Rafie Muhammad

More Details >

Advanced Cron Manager – debug & control <= 2.5.2 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2024-31926

Patch Status
Patched

Published
Apr 10, 2024

Affected Software
Advanced Cron Manager – debug & control

Researcher

emad

More Details >

bunny.net – WordPress CDN Plugin <= 2.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2024-31361

Patch Status
Patched

Published
Apr 8, 2024

Affected Software
bunny.net – WordPress CDN Plugin

Researcher

Joshua Chan

More Details >

Carousel Slider <= 2.2.9 - Authenticated (Editor+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2024-3703

Patch Status
Patched

Published
Apr 12, 2024

Affected Software
Carousel Slider

Researcher

Krugov Artyom

More Details >

Easy Logo <= 1.9.3 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2024-32083

Patch Status
Unpatched

Published
Apr 11, 2024

Affected Software
Easy Logo

Researcher

Cronus

More Details >

F4 Improvements <= 1.8.0 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2024-31925

Patch Status
Patched

Published
Apr 10, 2024

Affected Software
F4 Improvements

Researcher

Mika

More Details >

Intagrate Lite <= 1.3.7 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2024-31929

Patch Status
Patched

Published
Apr 10, 2024

Affected Software
Intagrate Lite

Researcher

Joshua Chan

More Details >

MWW Disclaimer Buttons <= 3.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2024-32428

Patch Status
Patched

Published
Apr 12, 2024

Affected Software
MWW Disclaimer Buttons

Researcher

Cronus

More Details >

Ninja Forms – The Contact Form Builder That Grows With You <= 3.8.0 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2024-29220

Patch Status
Patched

Published
Apr 8, 2024

Affected Software
Ninja Forms – The Contact Form Builder That Grows With You

Researcher

Ryotaro Imamura

More Details >

Ninja Forms – The Contact Form Builder That Grows With You <= 3.8.0 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2024-26019

Patch Status
Patched

Published
Apr 8, 2024

Affected Software
Ninja Forms – The Contact Form Builder That Grows With You

Researcher

Ryotaro Imamura

More Details >

POEditor <= 0.9.8 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2024-32453

Patch Status
Patched

Published
Apr 12, 2024

Affected Software
POEditor

Researcher

Joshua Chan

More Details >

Popup Like box – Page <= 3.7.2 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2024-31387

Patch Status
Patched

Published
Apr 10, 2024

Affected Software
Popup Like box – Page Plugin

Researcher

Cronus

More Details >

Remove Footer Credit <= 1.0.13 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2024-32429

Patch Status
Patched

Published
Apr 12, 2024

Affected Software
Remove Footer Credit

Researcher

Phill Sav (Savphill)

More Details >

Save as Image <= 3.2.1 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2024-31931

Patch Status
Patched

Published
Apr 10, 2024

Affected Software
Save as Image Plugin by Pdfcrowd

Researchers

Myungju Kim

younsoung kim

SeoHyeon Lee

SeoHee Kang

More Details >

Save as PDF <= 3.2.1 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2024-31930

Patch Status
Patched

Published
Apr 10, 2024

Affected Software
Save as PDF Plugin by Pdfcrowd

Researchers

Myungju Kim

younsoung kim

SeoHyeon Lee

SeoHee Kang

More Details >

Search Keyword Redirect <= 1.0 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2024-32080

Patch Status
Unpatched

Published
Apr 11, 2024

Affected Software
Search Keyword Redirect

Researcher

Sharanabasappa

More Details >

Smart Forms – when you need more than just a contact form <= 2.9.95 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2024-1905

Patch Status
Patched

Published
Apr 8, 2024

Affected Software
Smart Forms – when you need more than just a contact form

Researcher

Bob Matyas

More Details >

Top Bar <= 3.0.5 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2024-31928

Patch Status
Patched

Published
Apr 10, 2024

Affected Software
Top Bar

Researcher

Joel Indra

More Details >

TWIPLA (Visitor Analytics IO) <= 1.2.0 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2024-31937

Patch Status
Patched

Published
Apr 10, 2024

Affected Software
TWIPLA (Visitor Analytics IO) – Privacy-First Website Stats, Session Recordings, Heatmaps, Polls and Surveys

Researcher

Dhabaleshwar Das

More Details >

WP Login and Logout Redirect <= 1.2 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2024-31927

Patch Status
Patched

Published
Apr 10, 2024

Affected Software
WP Login and Logout Redirect

Researcher

Dhabaleshwar Das

More Details >

WPC Smart Quick View for WooCommerce <= 4.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2023-6494

Patch Status
Patched

Published
Apr 12, 2024

Affected Software
WPC Smart Quick View for WooCommerce

Researcher

Ulyses Saicha

More Details >

Ads.txt Admin <= 1.3 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-32448

Patch Status
Unpatched

Published
Apr 12, 2024

Affected Software
Ads.txt Admin

Researcher

Joshua Chan

More Details >

AffiEasy <= 1.1.4 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-32435

Patch Status
Patched

Published
Apr 12, 2024

Affected Software
AffiEasy

Researcher

Dhabaleshwar Das

More Details >

Amelia <= 1.0.95 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-31425

Patch Status
Patched

Published
Apr 10, 2024

Affected Software
Booking for Appointments and Events Calendar – Amelia

Researcher

beluga

More Details >

AppPresser <= 4.3.0 - Cross-Site Request Forgery via force_logging_off()

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-31374

Patch Status
Patched

Published
Apr 10, 2024

Affected Software
AppPresser – Mobile App Framework

Researcher

Mika

More Details >

Appsero <= 2.0.0 - Missing Authorization via handle_optin_optout

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-32110

Patch Status
Patched

Published
Apr 11, 2024

Affected Software
Subscribe2 – Form, Email Subscribers & Newsletters
Table Plugin for WordPress with Google Sheets Integration – Sheets to WP Table Live Sync
Dashboard Welcome for Elementor
XPlainer – WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin]
Load More Anything
Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress Plugin
TempTool [Show Current Template Info]
Exclusive Addons for Elementor
TOP Table Of Contents
Better Chat Support – Chat Bubble and Chat Button with Gutenberg, Elementor and Shortcode
and 3 more…

Researcher

Dhabaleshwar Das

More Details >

Asgaros Forum <= 2.8.0 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-32440

Patch Status
Patched

Published
Apr 12, 2024

Affected Software
Asgaros Forum

Researcher

Ananda Dhakal

More Details >

Aspose.Words Exporter <= 6.3.1 - Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-32146

Patch Status
Unpatched

Published
Apr 12, 2024

Affected Software
Aspose.Words – Import and Export word documents

Researcher

Abdi Pranata

More Details >

AWP Classifieds <= 4.3.1 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-32447

Patch Status
Patched

Published
Apr 12, 2024

Affected Software
WordPress Classifieds Plugin – Ad Directory & Listings by AWP Classifieds

Researcher

Peng Zhou

More Details >

BEAF <= 4.5.4 - Cross-Site Request Forgery to Notice Dismissal

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-32433

Patch Status
Patched

Published
Apr 12, 2024

Affected Software
Ultimate Before After Image Slider & Gallery – BEAF

Researcher

Dhabaleshwar Das

More Details >

Before And After <= 3.9 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-32084

Patch Status
Unpatched

Published
Apr 11, 2024

Affected Software
Before And After: Lead Capture Forms For WordPress

Researcher

Dhabaleshwar Das

More Details >

Benchmark Email Lite <= 4.1 - Cross-Site Request Forgery via page_settings()

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-31360

Patch Status
Patched

Published
Apr 8, 2024

Affected Software
Benchmark Email Lite

Researcher

Joshua Chan

More Details >

Blocksy <= 2.0.22 - Cross-Site Request Forgery to Notice Dismissal

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-31382

Patch Status
Patched

Published
Apr 10, 2024

Affected Software
Blocksy

Researcher

Dhabaleshwar Das

More Details >

Button Generator – easily Button Builder <= 2.3.9 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-3471

Patch Status
Patched

Published
Apr 11, 2024

Affected Software
Button Generator – easily Button Builder

Researcher

Bob Matyas

More Details >

Calendarista Basic Edition <= 3.0.2 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-31942

Patch Status
Patched

Published
Apr 10, 2024

Affected Software
Calendarista Basic Edition – WordPress appointment booking system

Researcher

Dhabaleshwar Das

More Details >

Church Admin <= 4.0.27 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-32090

Patch Status
Patched

Published
Apr 11, 2024

Affected Software
Church Admin

Researcher

Dhabaleshwar Das

More Details >

Church Content – Sermons, Events and More <= 2.6 - Cross-Site Request Forgery to Notice Dismissal

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-32094

Patch Status
Patched

Published
Apr 11, 2024

Affected Software
Church Content – Sermons, Events and More

Researcher

Dhabaleshwar Das

More Details >

Citadela Listing <= 5.18.1 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-32085

Patch Status
Unpatched

Published
Apr 11, 2024

Affected Software
Citadela Directory

Researcher

Dave Jong

More Details >

Coming Soon Page, Under Construction & Maintenance Mode by SeedProd <= 6.15.20 - Cross-Site Request Forgery to Notice Dismissal

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-32088

Patch Status
Patched

Published
Apr 11, 2024

Affected Software
Website Builder by SeedProd β€” Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode

Researcher

Dhabaleshwar Das

More Details >

Convert Post Types <= 1.4 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-32108

Patch Status
Unpatched

Published
Apr 11, 2024

Affected Software
Convert Post Types

Researcher

Dimas Maulana

More Details >

Counter Box – WordPress plugin for countdown, timer, counter <= 1.2.3 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-3481

Patch Status
Patched

Published
Apr 11, 2024

Affected Software
Counter Box: Create Engaging Countdowns, Timers & Counters

Researcher

Bob Matyas

More Details >

Crony Cronjob Manager <= 0.5.0 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-32102

Patch Status
Unpatched

Published
Apr 11, 2024

Affected Software
Crony Cronjob Manager

Researcher

Majed Refaea

More Details >

Currency per Product for WooCommerce <= 1.6.0 - Cross-Site Request Forgery to Notice Dismissal

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-31920

Patch Status
Patched

Published
Apr 10, 2024

Affected Software
Currency per Product for WooCommerce

Researcher

Dhabaleshwar Das

More Details >

Dashboard To-Do List <= 1.3.1 - Cross-Site Request Forgery via ardtdw_widgetupdate()

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-31376

Patch Status
Patched

Published
Apr 10, 2024

Affected Software
Dashboard To-Do List

Researcher

Dhabaleshwar Das

More Details >

Digital Publications by Supsystic <= 1.7.7 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-32089

Patch Status
Patched

Published
Apr 11, 2024

Affected Software
WordPress Flipbook by Supsystic

Researcher

Dhabaleshwar Das

More Details >

Download IP2Location Country Blocker <= 2.34.2 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-32443

Patch Status
Patched

Published
Apr 12, 2024

Affected Software
IP2Location Country Blocker

Researcher

Majed Refaea

More Details >

e2pdf <= 1.20.27 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-31373

Patch Status
Patched

Published
Apr 10, 2024

Affected Software
E2Pdf – Export To Pdf Tool for WordPress

Researcher

Steven Julian

More Details >

eCommerce Product Catalog <= 3.3.28 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-32437

Patch Status
Patched

Published
Apr 12, 2024

Affected Software
eCommerce Product Catalog Plugin for WordPress

Researcher

Dhabaleshwar Das

More Details >

ELEX WooCommerce Dynamic Pricing and Discounts <= 2.1.2 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-31364

Patch Status
Patched

Published
Apr 8, 2024

Affected Software
ELEX WooCommerce Dynamic Pricing and Discounts

Researcher

Dhabaleshwar Das

More Details >

Email Marketing for WooCommerce by Omnisend <= 1.14.3 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-32101

Patch Status
Patched

Published
Apr 11, 2024

Affected Software
Email Marketing for WooCommerce by Omnisend

Researcher

Dhabaleshwar Das

More Details >

eRoom – Zoom Meetings & Webinar <= 1.4.18 - Missing Authorization to Information Exposure

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-3275

Patch Status
Patched

Published
Apr 12, 2024

Affected Software
eRoom – Zoom Meetings & Webinars

Researcher

Krzysztof ZajΔ…c

More Details >

EWWW Image Optimizer <= 7.2.3 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-31924

Patch Status
Patched

Published
Apr 10, 2024

Affected Software
EWWW Image Optimizer

Researcher

Dhabaleshwar Das

More Details >

Extra Product Options Builder for WooCommerce <= 1.2.104 - Cross-Site Request Forgery to Notice Dismissal

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-31940

Patch Status
Patched

Published
Apr 10, 2024

Affected Software
Extra Product Options Builder for WooCommerce

Researcher

Dhabaleshwar Das

More Details >

Favicon <= 1.3.29 - Cross-Site Request Forgery to Notice Dismissal

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-31422

Patch Status
Patched

Published
Apr 10, 2024

Affected Software
Favicon by RealFaviconGenerator

Researcher

Vladislav Pokrovsky (ΞX.MI)

More Details >

Feather Login Page <= 1.1.5 - Cross-Site Request Forgery via saveData()

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-31923

Patch Status
Patched

Published
Apr 10, 2024

Affected Software
Login | Login Page | Login Logo | Rename Login Page | Custom Login Page | Temporary Users | Rebrand Login | Login Captcha

Researcher

Steven Julian

More Details >

Filter Custom Fields & Taxonomies Light <= 1.05 - Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-32081

Patch Status
Unpatched

Published
Apr 11, 2024

Affected Software
Filter Custom Fields & Taxonomies Light

Researcher

Mika

More Details >

Float menu – awesome floating side menu <= 6.0 - Cross-Site Request Forgery to Menu Deletion

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-2405

Patch Status
Patched

Published
Apr 11, 2024

Affected Software
Float menu – awesome floating side menu

Researcher

Erwan LR

More Details >

GamiPress <= 6.8.8 - Broken Access Control

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-2505

Patch Status
Patched

Published
Apr 8, 2024

Affected Software
GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress

Researcher

cyc707

More Details >

GEO my WordPress <= 4.1 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-32097

Patch Status
Patched

Published
Apr 11, 2024

Affected Software
GEO my WordPress

Researcher

thiennv

More Details >

Gift Vouchers <= 4.4.0 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-32436

Patch Status
Patched

Published
Apr 12, 2024

Affected Software
Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported)

Researcher

Dhabaleshwar Das

More Details >

Herd Effects – fake notifications and social proof plugin <= 5.2.6 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-3478

Patch Status
Patched

Published
Apr 11, 2024

Affected Software
Herd Effects – fake notifications and social proof plugin

Researcher

Bob Matyas

More Details >

Import any XML or CSV File to WordPress <= 3.7.3 - Cross-Site Request Forgery to Notice Dismissal

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-31939

Patch Status
Patched

Published
Apr 10, 2024

Affected Software
Import any XML or CSV File to WordPress

Researcher

Dhabaleshwar Das

More Details >

Inisev Analyst Module <= Various Versions - Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-31435

Patch Status
Patched

Published
Apr 10, 2024

Affected Software
Redirection
Clone
Pop-up
SSL Mixed Content Fix
Social Share Icons & Social Share Buttons
Ultimate Posts Widget
Backup Migration
RSS Redirect & Feedburner Alternative
Social Media Social Share Icon
Enhanced Text Widget
and 1 more…

Researcher

Dhabaleshwar Das

More Details >

Inline Related Posts <= 3.3.1 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-31426

Patch Status
Patched

Published
Apr 10, 2024

Affected Software
Inline Related Posts

Researcher

Brandon James Roldan (tomorrowisnew)

More Details >

Ivory Search – WordPress Search Plugin <= 5.5.5 - Missing Authorization to Authenticated (Subscriber+) Index Creation

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-3233

Patch Status
Patched

Published
Apr 12, 2024

Affected Software
Ivory Search – WordPress Search Plugin

Researcher

Thura Moe Myint (mgthuramoemyint)

More Details >

Kimili Flash Embed <= 2.5.3 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-32092

Patch Status
Unpatched

Published
Apr 11, 2024

Affected Software
Kimili Flash Embed

Researcher

Nguyen Xuan Chien

More Details >

Legal Pages <= 1.4.2 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-32451

Patch Status
Patched

Published
Apr 12, 2024

Affected Software
Legal Pages – Privacy Policy, Terms & Conditions, GDPR, CCPA, and Cookie Notice Generator

Researcher

Dhabaleshwar Das

More Details >

Libsyn Publisher Hub <= 1.4.4 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-32141

Patch Status
Unpatched

Published
Apr 12, 2024

Affected Software
Libsyn Publisher Hub

Researcher

Majed Refaea

More Details >

LifterLMS <= 7.5.0 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-31363

Patch Status
Patched

Published
Apr 8, 2024

Affected Software
LifterLMS – WordPress LMS Plugin for eLearning

Researcher

Dhabaleshwar Das

More Details >

Link Whisper Free <= 0.6.9

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-31934

Patch Status
Patched

Published
Apr 10, 2024

Affected Software
Link Whisper Free

Researcher

Mika

More Details >

Login With Ajax <= 4.1 - Cross-Site Request Forgery to Notice Dismissal

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-30546

Patch Status
Patched

Published
Apr 10, 2024

Affected Software
Login With Ajax – Fast Logins, 2FA, Redirects

Researcher

Dhabaleshwar Das

More Details >

Login with phone number <= 1.6.93 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-31424

Patch Status
Patched

Published
Apr 10, 2024

Affected Software
Login with phone number

Researcher

Majed Refaea

More Details >

MailChimp Forms by MailMunch <= 3.2.1 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-31378

Patch Status
Patched

Published
Apr 10, 2024

Affected Software
MailChimp Forms by MailMunch

Researcher

Majed Refaea

More Details >

Marker.io <= 1.1.8 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-31427

Patch Status
Patched

Published
Apr 10, 2024

Affected Software
Marker.io – Visual Website Feedback

Researcher

Skalucy

More Details >

MihanPanel <= 12.4 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-31389

Patch Status
Patched

Published
Apr 10, 2024

Affected Software
MihanPanel – User Login , Registration and Dashboard

Researcher

Majed Refaea

More Details >

Modal Window – create popup modal window <= 5.3.9 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-3472

Patch Status
Patched

Published
Apr 11, 2024

Affected Software
Modal Window – create popup modal window

Researcher

Bob Matyas

More Details >

MultiParcels Shipping For WooCommerce < 1.16.9 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-32095

Patch Status
Patched

Published
Apr 11, 2024

Affected Software
MultiParcels Shipping For WooCommerce

Researcher

Dhabaleshwar Das

More Details >

Multiple Themes (Various Versions) - Cross-Site Request Forgery to Notice Dismissal

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-31386

Patch Status
Patched

Published
Apr 10, 2024

Affected Software
Sliding Door
CityLogic
Lightning
i-max
Default Mag
Shopstar!
HappenStance
Emmet Lite
X-T9
i-excel
and 5 more…

Researcher

Dhabaleshwar Das

More Details >

Newsletter <= 8.0.6 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-31434

Patch Status
Patched

Published
Apr 10, 2024

Affected Software
Newsletter – Send awesome emails from WordPress

Researcher

Dhabaleshwar Das

More Details >

NewsXpress <= 1.0.7 - Cross-Site Request Forgery to Notice Dismissal

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-31938

Patch Status
Patched

Published
Apr 10, 2024

Affected Software
NewsXpress

Researcher

Dhabaleshwar Das

More Details >

NextMove Lite <= 2.18.1 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-32104

Patch Status
Patched

Published
Apr 11, 2024

Affected Software
NextMove Lite – Thank You Page for WooCommerce

Researcher

Dhabaleshwar Das

More Details >

No-Bot Registration <= 1.9.1 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-31372

Patch Status
Patched

Published
Apr 9, 2024

Affected Software
No-Bot Registration

Researcher

Majed Refaea

More Details >

Novelist <= 1.2.2 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-32093

Patch Status
Patched

Published
Apr 11, 2024

Affected Software
Novelist

Researcher

Dhabaleshwar Das

More Details >

Order Delivery Date for WooCommerce <= 3.21.0 - Cross-Site Request Forgery to Notice Dismissal

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-32434

Patch Status
Patched

Published
Apr 12, 2024

Affected Software
Order Delivery Date for WooCommerce

Researcher

Dhabaleshwar Das

More Details >

Ovic Addon Toolkit <= 2.6.1 - Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-32432

Patch Status
Unpatched

Published
Apr 12, 2024

Affected Software
Ovic Addon Toolkit

Researcher

Nguyen Xuan Chien

More Details >

Page Builder: Live Composer <= 1.5.35 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-31933

Patch Status
Patched

Published
Apr 10, 2024

Affected Software
Page Builder: Live Composer

Researcher

Brandon James Roldan (tomorrowisnew)

More Details >

Pardot <= 2.1.0 - Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-32148

Patch Status
Patched

Published
Apr 12, 2024

Affected Software
Account Engagement

Researcher

Abdi Pranata

More Details >

Podlove Podcast Publisher <= 4.1.0 - Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-32143

Patch Status
Patched

Published
Apr 12, 2024

Affected Software
Podlove Podcast Publisher

Researcher

Abdi Pranata

More Details >

PopularFX <= 1.2.4 - Cross-Site Request Forgery to Notice Dismissal

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-31383

Patch Status
Patched

Published
Apr 10, 2024

Affected Software
PopularFX

Researcher

Dhabaleshwar Das

More Details >

Popup Box – new WordPress popup plugin <= 2.2.6 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-3477

Patch Status
Patched

Published
Apr 11, 2024

Affected Software
Popup Box – new WordPress popup plugin

Researcher

Bob Matyas

More Details >

Popup by Supsystic <= 1.10.27 - Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-31421

Patch Status
Patched

Published
Apr 10, 2024

Affected Software
Popup by Supsystic

Researcher

Steven Julian

More Details >

Post Type Builder <= 2.0.8 - Missing Authorization to Arbitrary Post/Page Creation

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-31366

Patch Status
Unpatched

Published
Apr 9, 2024

Affected Software
Post Type Builder

Researcher

Dave Jong

More Details >

Product Input Fields for WooCommerce <= 1.7.0 - Cross-Site Request Forgery to Notice Dismissal

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-31431

Patch Status
Patched

Published
Apr 10, 2024

Affected Software
Product Input Fields for WooCommerce

Researcher

Dhabaleshwar Das

More Details >

ProfileGrid <= 5.7.8 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-31362

Patch Status
Patched

Published
Apr 8, 2024

Affected Software
ProfileGrid – User Profiles, Groups and Communities

Researcher

thiennv

More Details >

ReDi Restaurant Reservation <= 24.0128 - Cross-Site Request Forgery via redi_restaurant_admin_options_page()

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-31385

Patch Status
Patched

Published
Apr 10, 2024

Affected Software
ReDi Restaurant Reservation

Researcher

Joshua Chan

More Details >

Responsive Contact Form Builder & Lead Generation Plugin <= 1.8.9 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-1415

Patch Status
Unpatched

Published
Apr 11, 2024

Affected Software
Responsive Contact Form Builder & Lead Generation Plugin

Researcher

Duc Manh

More Details >

Responsive Contact Form Builder & Lead Generation Plugin <= 1.8.9 - Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-1416

Patch Status
Unpatched

Published
Apr 11, 2024

Affected Software
Responsive Contact Form Builder & Lead Generation Plugin

Researcher

Duc Manh

More Details >

RestroPress <= 3.1.2 - Cross-Site Request Forgery via rpress_orders_list_table_process_bulk_actions

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-32449

Patch Status
Patched

Published
Apr 12, 2024

Affected Software
RestroPress – Online Food Ordering System

Researcher

Steven Julian

More Details >

Sangar Slider <= 1.3.2 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-32091

Patch Status
Unpatched

Published
Apr 11, 2024

Affected Software
Responsive Slider – Sangar Slider

Researcher

Khalid

More Details >

Sarada Lite <= 1.1.2 - Cross-Site Request Forgery to Notice Dismissal

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-31429

Patch Status
Patched

Published
Apr 10, 2024

Affected Software
Sarada Lite

Researcher

Dhabaleshwar Das

More Details >

SEO Booster <= 3.8.9 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-32438

Patch Status
Patched

Published
Apr 12, 2024

Affected Software
SEO Booster

Researcher

Joshua Chan

More Details >

Simple Post Notes <= 1.7.6 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-31935

Patch Status
Patched

Published
Apr 10, 2024

Affected Software
Simple Post Notes

Researcher

Brandon James Roldan (tomorrowisnew)

More Details >

Siteimprove <= 2.0.6 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-32103

Patch Status
Patched

Published
Apr 11, 2024

Affected Software
Siteimprove

Researcher

Dhabaleshwar Das

More Details >

Smash Balloon Social Post Feed <= 4.2.1 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-31379

Patch Status
Patched

Published
Apr 10, 2024

Affected Software
Smash Balloon Social Post Feed – Simple Social Feeds for WordPress

Researcher

Majed Refaea

More Details >

Soledad <= 8.4.5 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-31369

Patch Status
Patched

Published
Apr 9, 2024

Affected Software
Soledad

Researcher

Rafie Muhammad

More Details >

Soledad <= 8.4.5 - Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-31367

Patch Status
Patched

Published
Apr 9, 2024

Affected Software
Soledad

Researcher

Rafie Muhammad

More Details >

Spa and Salon <= 1.2.7 - Cross-Site Request Forgery to Notice Dismissal

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-31384

Patch Status
Patched

Published
Apr 10, 2024

Affected Software
Spa and Salon

Researcher

Dhabaleshwar Das

More Details >

Spotlight Social Media Feeds <= 1.6.10 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-31381

Patch Status
Patched

Published
Apr 10, 2024

Affected Software
Spotlight Social Feeds [Block, Shortcode, and Widget]

Researcher

Majed Refaea

More Details >

Sticky Buttons – floating buttons builder <= 3.2.3 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-3475

Patch Status
Patched

Published
Apr 11, 2024

Affected Software
Sticky Buttons – floating buttons builder

Researcher

Bob Matyas

More Details >

Sync Post With Other Site <= 1.5.1 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-32082

Patch Status
Unpatched

Published
Apr 11, 2024

Affected Software
Sync Post With Other Site

Researcher

Joshua Chan

More Details >

Table & Contact Form 7 Database – Tablesome <= 1.0.25 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-31388

Patch Status
Patched

Published
Apr 10, 2024

Affected Software
Tablesome – Responsive Table, Woocommerce Automation, Email Log, Form Automation – Contact Form 7, Elementor, WPForms, Forminator

Researcher

thiennv

More Details >

The Conference <= 1.2.0 - Cross-Site Request Forgery to Notice Dismissal

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-31428

Patch Status
Patched

Published
Apr 10, 2024

Affected Software
The Conference

Researcher

Dhabaleshwar Das

More Details >

The Events Calendar <= 6.3.0 - Cross-Site Request Forgery to Notice Dismissal

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-31433

Patch Status
Patched

Published
Apr 10, 2024

Affected Software
The Events Calendar

Researcher

Dhabaleshwar Das

More Details >

Ultimate Product Catalogue <= 5.2.15 - Cross-Site Request Forgery via reset_settings()

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-31921

Patch Status
Patched

Published
Apr 10, 2024

Affected Software
Ultimate Product Catalog

Researcher

Dhabaleshwar Das

More Details >

UsersWP <= 1.2.4 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-31936

Patch Status
Patched

Published
Apr 10, 2024

Affected Software
UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress

Researcher

Brandon James Roldan (tomorrowisnew)

More Details >

Wallet System for WooCommerce <= 2.5.9 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-32446

Patch Status
Patched

Published
Apr 12, 2024

Affected Software
Wallet System for WooCommerce – Digital Wallet, Cashback Rewards, Recharge User Wallets, View Transaction History

Researcher

Joshua Chan

More Details >

WebinarIgnition <= 3.05.8 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-32445

Patch Status
Patched

Published
Apr 12, 2024

Affected Software
Webinar Solution: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition

Researcher

Dhabaleshwar Das

More Details >

WooCommerce UPS Shipping – Live Rates and Access Points <= 2.2.4 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-31944

Patch Status
Patched

Published
Apr 11, 2024

Affected Software
WooCommerce UPS Shipping – Live Rates and Access Points

Researcher

Dhabaleshwar Das

More Details >

WordPress Hosting Benchmark tool <= 1.3.6 - Cross-Site Request Forgery via execute_plugin()

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-31922

Patch Status
Patched

Published
Apr 10, 2024

Affected Software
WordPress Hosting Benchmark tool

Researcher

Dhabaleshwar Das

More Details >

WP Accessibility Helper (WAH) <= 0.6.2.5 - Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-31423

Patch Status
Patched

Published
Apr 10, 2024

Affected Software
WP Accessibility Helper (WAH)

Researcher

Mika

More Details >

WP Client Reports <= 1.0.22 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-32439

Patch Status
Patched

Published
Apr 12, 2024

Affected Software
WP Client Reports

Researcher

Joshua Chan

More Details >

WP Compress – Image Optimizer [All-In-One] <= 6.10.35 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-32106

Patch Status
Patched

Published
Apr 11, 2024

Affected Software
WP Compress – Image Optimizer [All-In-One]

Researcher

Mika

More Details >

WP EasyCart <= 5.5.19 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-32452

Patch Status
Patched

Published
Apr 12, 2024

Affected Software
Shopping Cart & eCommerce Store

Researcher

Dhabaleshwar Das

More Details >

WP Event Aggregator <= 1.7.6 - Cross-Site Request Forgery via wpea_deauthorize_user()

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-31371

Patch Status
Patched

Published
Apr 9, 2024

Affected Software
WP Event Aggregator: Import Eventbrite events, Meetup events, social events and any iCal Events into WordPress

Researcher

Majed Refaea

More Details >

WP Mail Catcher <= 2.1.6 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-32099

Patch Status
Patched

Published
Apr 11, 2024

Affected Software
Mail logging – WP Mail Catcher

Researcher

Dhabaleshwar Das

More Details >

WP Matterport Shortcode <= 2.1.9 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-32109

Patch Status
Patched

Published
Apr 11, 2024

Affected Software
Matterport Shortcode

Researcher

Nguyen Xuan Chien

More Details >

WP Migration Plugin DB & Files – WP Synchro <= 1.11.2 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-32096

Patch Status
Patched

Published
Apr 11, 2024

Affected Software
WP Synchro – WordPress Migration Plugin for Database & Files

Researcher

Dhabaleshwar Das

More Details >

WP2LEADS <= 3.2.7 - Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-31375

Patch Status
Patched

Published
Apr 8, 2024

Affected Software
WP2LEADS | WordPress und KlickTipp einfach verbinden – WooCommerce und KlickTipp einfach verbinden

Researcher

Dhabaleshwar Das

More Details >

WpTravelly <= 1.6.0 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-32450

Patch Status
Patched

Published
Apr 12, 2024

Affected Software
WordPress Tour & Travel Booking Plugin for WooCommerce – WpTravelly

Researcher

Dhabaleshwar Das

More Details >

WPZOOM Social Feed Widget & Block <= 2.1.13 - Missing Authorization to Authenticated (Subscriber+) Instagram Image Deletion

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-3662

Patch Status
Patched

Published
Apr 12, 2024

Affected Software
WPZOOM Social Feed Widget & Block

Researcher

Thura Moe Myint (mgthuramoemyint)

More Details >

Zoho Campaigns <= 2.0.7 - Cross-Site Request Forgery via zcwc_integration_disconnect

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-32442

Patch Status
Patched

Published
Apr 12, 2024

Affected Software
Zoho Campaigns

Researcher

Majed Refaea

More Details >

Zoho Campaigns <= 2.0.7 - Cross-Site Request Forgery via zcwc_optin_save

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-32441

Patch Status
Patched

Published
Apr 12, 2024

Affected Software
Zoho Campaigns

Researcher

Majed Refaea

More Details >


As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.

This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us through our Bug Bounty Program, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.

The post Wordfence Intelligence Weekly WordPress Vulnerability Report (April 8, 2024 to April 14, 2024) appeared first on Wordfence.

8.8 High

AI Score

Confidence

High

0.092 Low

EPSS

Percentile

94.7%

Related for WORDFENCE:15D13D66B505D254CC68A3DA142982DD