Lucene search

K
wordfenceChloe ChamberlandWORDFENCE:71500F4C4909EA5D5619D4EB0AD0AE46
HistoryMar 21, 2024 - 3:55 p.m.

Wordfence Intelligence Weekly WordPress Vulnerability Report (March 11, 2024 to March 17, 2024)

2024-03-2115:55:11
Chloe Chamberland
www.wordfence.com
42
wordfence
wordpress
vulnerabilities
premium
care
response
patched
unpatched
firewall

10 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

21.4%


🎉 Did you know we're running a Bug Bounty Extravaganza again?

Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure!


Last week, there were 163 vulnerabilities disclosed in 126 WordPress Plugins and 1 WordPress Theme that have been added to the Wordfence Intelligence Vulnerability Database, and there were 70 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.

Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface, vulnerability API, webhook integration, and Wordfence CLI Vulnerability Scanner are all completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.

Enterprises, Hosting Providers, and even Individuals can use the Wordfence CLI Vulnerability Scanner to run regular vulnerability scans across the sites they protect. Or alternatively, utilize the vulnerability Database API to receive a complete dump of our database of over 14,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.


New Firewall Rules Deployed Last Week

The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.

The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our Premium, Care, and Response customers last week:

  • WAF-RULE-684 – Data redacted while we work with the vendor on a patch.

Wordfence Premium, Care, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.


Total Unpatched & Patched Vulnerabilities Last Week

Patch Status Number of Vulnerabilities
Patched 151
Unpatched 12

Total Vulnerabilities by CVSS Severity Last Week

Severity Rating Number of Vulnerabilities
Medium Severity 136
High Severity 21
Critical Severity 6

Total Vulnerabilities by CWE Type Last Week

Vulnerability Type by CWE Number of Vulnerabilities
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 101
Missing Authorization 18
Cross-Site Request Forgery (CSRF) 14
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) 7
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') 4
Deserialization of Untrusted Data 3
Improper Control of Generation of Code ('Code Injection') 2
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') 2
Server-Side Request Forgery (SSRF) 2
Unrestricted Upload of File with Dangerous Type 2
Authorization Bypass Through User-Controlled Key 1
Exposure of Sensitive Data Through Data Queries 1
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') 1
Improper Input Validation 1
Incorrect Authorization 1
Information Exposure 1
Insufficiently Protected Credentials 1
Missing Critical Step in Authentication 1

Researchers That Contributed to WordPress Security Last Week

Researcher Name Number of Vulnerabilities

Francesco Carlucci

| 18

Krzysztof Zając

| 11

stealthcopter

| 11

Lucio Sá

| 8

Rafie Muhammad

| 8

GiongfNef

| 7

wesley (wcraft)

| 6

Webbernaut

| 5

LVT-tholv2k

| 5

Joshua Chan

| 4

Richard Telleng (stueotue)

| 3

Nikolas

| 3

RandomRoot

| 3

Dmitrii Ignatyev

| 3

beluga

| 3

Majed Refaea

| 2

Abu Hurayra

| 2

Ngô Thiên An (ancorn_)

| 2

Eldar Zeynalli

| 2

Dave Jong

| 2

CatFather

| 2

Mochamad Sofyan

| 2

Bassem Essam

| 2

wpdabh

| 2

István Márton

| 2

Brandon James Roldan (tomorrowisnew)

| 2

Vladislav Pokrovsky (ΞX.MI)

| 2

resecured.io

| 1

isacaya

| 1

Marco Wotschka

| 1

Akbar Kustirama

| 1

Kang SeoHee

| 1

Byeongjun Jo

| 1

Maksim Kosenko

| 1

Arkadiusz Hydzik

| 1

Jean Tirstan T

| 1

thiennv

| 1

Drian

| 1

Dhabaleshwar Das

| 1

Stiofan

| 1

Erwan LR

| 1

hye0ngseok

| 1

Sh

| 1

0liveira

| 1

Dimas Maulana

| 1

Muhammad Daffa

| 1

Huynh Tien Si

| 1

Alex Thomas

| 1

Kursat Cetin

| 1

Faizal Abroni

| 1

Tien Luong

| 1

Ala Arfaoui

| 1

Joel Indra

| 1

Dau Hoang Tai

| 1

Rafshanzani Suhada

| 1

Le Ngoc Anh

| 1

Steven Julian

| 1

hir0ot

| 1

Van Lyubov

| 1

Asaf Mozes

| 1

Abdi Pranata

| 1

Marzieh Hashemi

| 1

Tim Coen

| 1

Sean Murphy

| 1

Ulyses Saicha

| 1

Delbert Giovanni Lie

| 1

Phill Sav (Savphill)

| 1

drop

| 1

Muhammad Hassham Nagori

| 1

Hung -mov Nguyen

| 1

Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and earn a bounty on in-scope vulnerabilities through our Bug Bounty Program. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.


WordPress Plugins with Reported Vulnerabilities Last Week

Software Name Software Slug
Accordion accordions
Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More advanced-access-manager
Advanced Sermons advanced-sermons
AntiSpam for Contact Form 7 cf7-antispam
ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup armember-membership
Auto Affiliate Links wp-auto-affiliate-links
Awesome Support – WordPress HelpDesk & Support Plugin awesome-support
Backuply – Backup, Restore, Migrate and Clone backuply
Barcode Scanner and Inventory manager. POS (Point of Sale) – scan barcodes & create orders with barcode reader. barcode-scanner-lite-pos-to-manage-products-inventory-and-orders
Beaver Builder Addons by WPZOOM wpzoom-addons-for-beaver-builder
Beaver Builder – WordPress Page Builder beaver-builder-lite-version
Builder for WooCommerce product reviews shortcodes – ReviewShort woo-product-reviews-shortcode
Bulgarisation for WooCommerce bulgarisation-for-woocommerce
Burst Statistics – Privacy-Friendly Analytics for WordPress burst-statistics
Calendarista Basic Edition – WordPress appointment booking system calendarista-basic-edition
Contact Form 7 contact-form-7
Contact Form 7 – PayPal & Stripe Add-on contact-form-7-paypal-add-on
Contact Form Builder by Bit Form: Create WP Contact Form, Multi Step, Conversational & Payment Form plugin bit-form
Contact Form by BestWebSoft – Advanced Contact Us Form Builder for WordPress contact-form-plugin
Crisp – Live Chat and Chatbot crisp
Cryptocurrency Widgets – Price Ticker & Coins List cryptocurrency-price-ticker-widget
CWW Companion cww-companion
Database for Contact Form 7 cf7-database
Download Manager Pro download-manager
DSGVO All in one for WP dsgvo-all-in-one-for-wp
Easiest Sales Funnel Builder For WordPress & WooCommerce by WPFunnels wpfunnels
Easy Social Feed – Social Photos Gallery – Post Feed – Like Box easy-facebook-likebox
ElementInvader Addons for Elementor elementinvader-addons-for-elementor
Elementor Addon Elements addon-elements-for-elementor-page-builder
Elementor Addons by Livemesh addons-for-elementor
Elementor Header & Footer Builder header-footer-elementor
Elements Plus! elements-plus
ElementsKit Elementor addons elementskit-lite
Email Subscription Popup email-subscribe
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders essential-addons-for-elementor-lite
Everest Forms – Build Contact Forms, Surveys, Polls, Quizzes, Newsletter & Application Forms, and Many More with Ease! everest-forms
Evergreen Content Poster – Auto Post and Schedule Your Best Content to Social Media evergreen-content-poster
Extensions For CF7 (Contact form 7 Database, Conditional Fields and Redirection) extensions-for-cf7
f(x) Private Site fx-private-site
Free Downloads WooCommerce download-now-for-woocommerce
FV Flowplayer Video Player fv-wordpress-flowplayer
GiveWP – Donation Plugin and Fundraising Platform give
Gutenberg Blocks by Kadence Blocks – Page Builder Features kadence-blocks
HT Easy GA4 – Google Analytics WordPress Plugin ht-easy-google-analytics
HT Mega – Absolute Addons For Elementor ht-mega-for-elementor
HUSKY – Products Filter Professional for WooCommerce woocommerce-products-filter
Hustle – Email Marketing, Lead Generation, Optins, Popups wordpress-popup
Inline Related Posts intelly-related-posts
JetWidgets For Elementor jetwidgets-for-elementor
Knight Lab Timeline knight-lab-timelinejs
LA-Studio Element Kit for Elementor lastudio-element-kit
LadiApp: Landing Page, PopupX, Marketing Automation, Affiliate Marketing… ladipage
Link Library link-library
Link Whisper Free link-whisper
Malware Scanner miniorange-malware-protection
MasterStudy LMS WordPress Plugin – for Online Courses and Education masterstudy-lms-learning-management-system
MJM Clinic mjm-clinic
Mollie Forms mollie-forms
Multiple Page Generator Plugin – MPG multiple-pages-generator-by-porthas
News Announcement Scroll news-announcement-scroll
Newsletter2Go newsletter2go
oik oik
Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE otter-blocks
OxyExtras oxyextras
Page Builder Gutenberg Blocks – CoBlocks coblocks
Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress wp-user-avatar
Permalink Manager Lite permalink-manager
Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks post-grid
Premium Addons for Elementor premium-addons-for-elementor
Premmerce Permalink Manager for WooCommerce woo-permalink-manager
Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) bdthemes-prime-slider-lite
PropertyHive propertyhive
Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress quiz-master-next
Registration Forms – User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction pie-register
RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login custom-registration-form-builder-with-submission-manager
Related Posts for WordPress related-posts-for-wp
Restaurant Menu and Food Ordering food-and-drink-menu
Scrollsequence – Cinematic Scroll Image Animation Plugin scrollsequence
Sell Tickets – Event Ticketing and Event Registration – Ticket Tailor for WordPress ticket-tailor
Shariff Wrapper shariff
ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) woolentor-addons
Simple Job Board simple-job-board
Site Reviews site-reviews
Sitekit sitekit
Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blogs) sky-elementor-addons
Smart Online Order for Clover clover-online-orders
Social Media Share Buttons social-media-builder
Specific Content For Mobile – Customize the mobile version without redirections specific-content-for-mobile
Super Page Cache for Cloudflare wp-cloudflare-page-cache
SupportCandy – Helpdesk & Customer Support Ticket System supportcandy
Survey Maker – Best WordPress Survey Plugin survey-maker
Tablesome – Responsive Table, Email Log, Form Automation – Contact Form 7, Elementor, WPForms, Gravity Forms, Fluent, Forminator tablesome
Team Circle Image Slider With Lightbox circle-image-slider-with-lightbox
The Moneytizer the-moneytizer
Tutor LMS – eLearning and online course solution tutor
Ultimate Gift Cards for WooCommerce – Create, Redeem & Manage Digital Gift Certificates with Personalized Templates woo-gift-cards-lite
User profile user-profile
UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress userswp
Video Conferencing with Zoom video-conferencing-with-zoom-api
Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode & Coming Soon Pages visualcomposer
Visualizer: Tables and Charts Manager for WordPress visualizer
WC Shop Sync – Integrate Square and WooCommerce for Seamless Shop Management woosquare
Web Application Firewall – website security web-application-firewall
weForms – Easy Drag & Drop Contact Form Builder For WordPress weforms
WEN Responsive Columns wen-responsive-columns
WooCommerce Affiliate Plugin – Coupon Affiliates woo-coupon-usage
WooCommerce Cart Abandonment Recovery woo-cart-abandonment-recovery
WooCommerce Google Feed Manager wp-product-feed-manager
WooCommerce License Manager fs-license-manager
WooThumbs for WooCommerce by Iconic iconic-woothumbs
Word Replacer Pro word-replacer-ultra
WordPress Automatic Plugin wp-automatic
WordPress Contact Forms by Cimatti contact-forms
WP Armour – Honeypot Anti Spam honeypot
WP Calameo wp-calameo
WP Fusion Lite – Marketing Automation and CRM Integration for WordPress wp-fusion-lite
WP Go Maps (formerly WP Google Maps) wp-google-maps
WP Popups – WordPress Popup builder wp-popups-lite
WP Recipe Maker wp-recipe-maker
WP Responsive Tabs horizontal vertical and accordion Tabs responsive-horizontal-vertical-and-accordion-tabs
WP SendFox wp-sendfox
WP Statistics wp-statistics
wp-mpdf wp-mpdf
WPBakery Page Builder Addons by Livemesh addons-for-visual-composer
YITH WooCommerce Product Add-Ons yith-woocommerce-product-add-ons
Zippy zippy

WordPress Themes with Reported Vulnerabilities Last Week

Software Name Software Slug
Blossom Spa blossom-spa

Vulnerability Details

Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you'd like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.

Automatic <= 3.92.0 - Unauthenticated Arbitrary File Download and Server-Side Request Forgery

9.8

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2024-27954

Patch Status
Patched

Published
Mar 13, 2024

Affected Software
WordPress Automatic Plugin

Researcher

Rafie Muhammad

More Details >

Automatic <= 3.92.0 - Unauthenticated SQL Injection

9.8

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2024-27956

Patch Status
Patched

Published
Mar 13, 2024

Affected Software
WordPress Automatic Plugin

Researcher

Rafie Muhammad

More Details >

Malware Scanner <= 4.7.2 and Web Application Firewall <= 2.1.1 - Unauthenticated Privilege Escalation

9.8

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2024-2172

Patch Status
Patched

Published
Mar 13, 2024

Affected Software
Web Application Firewall – website security
Malware Scanner

Researcher

Stiofan

More Details >

Pie Register <= 3.8.3.1 - Unauthenticated Arbitrary File Upload

9.8

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2024-27957

Patch Status
Unpatched

Published
Mar 13, 2024

Affected Software
Registration Forms – User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction

Researcher

Rafie Muhammad

More Details >

Premmerce Permalink Manager for WooCommerce <= 2.3.10 - Unauthenticated Local File Inclusion

9.8

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2024-27971

Patch Status
Patched

Published
Mar 13, 2024

Affected Software
Premmerce Permalink Manager for WooCommerce

Researcher

Rafie Muhammad

More Details >

Simple Job Board <= 2.11.0 - Unauthenticated PHP Object Injection via Job Application Fields

9.8

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2024-1813

Patch Status
Patched

Published
Mar 15, 2024

Affected Software
Simple Job Board

Researcher

Francesco Carlucci

More Details >

Automatic <= 3.92.0 - Cross-Site Request Forgery to Privilege Escalation

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2024-27955

Patch Status
Patched

Published
Mar 13, 2024

Affected Software
WordPress Automatic Plugin

Researcher

Rafie Muhammad

More Details >

HT Mega – Absolute Addons For Elementor <= 2.4.6 - Authenticated (Contributor+) Directory Traversal

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2024-1974

Patch Status
Patched

Published
Mar 14, 2024

Affected Software
HT Mega – Absolute Addons For Elementor

Researcher

Webbernaut

More Details >

HUSKY – Products Filter for WooCommerce Professional <= 1.3.5.2 - Authenticated (Contributor+) SQL Injection

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2024-1795

Patch Status
Patched

Published
Mar 14, 2024

Affected Software
HUSKY – Products Filter Professional for WooCommerce

Researchers

Krzysztof Zając

Bassem Essam

More Details >

News Announcement Scroll <= 9.0.0 - Authenticated (Contributor+) SQL Injection via Shortcode

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2023-5663

Patch Status
Patched

Published
Mar 11, 2024

Affected Software
News Announcement Scroll

Researcher

István Márton

More Details >

PropertyHive <= 2.0.9 - Authenticated (Subscriber+) PHP Object Injection

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2024-27985

Patch Status
Patched

Published
Mar 13, 2024

Affected Software
PropertyHive

Researcher(s): Unknown

More Details >

RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login <= 5.3.0.0 - Authenticated (Subscriber+) Privilege Escalation

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2024-1991

Patch Status
Patched

Published
Mar 14, 2024

Affected Software
RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login

Researcher

Krzysztof Zając

More Details >

Social Media Share Buttons <= 2.1.0 - Authenticated (Subscriber+) PHP Object Injection

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2024-1685

Patch Status
Unpatched

Published
Mar 15, 2024

Affected Software
Social Media Share Buttons

Researcher

Francesco Carlucci

More Details >

Tutor LMS – eLearning and online course solution <= 2.6.1 - Authenticated (Subscriber+) SQL Injection

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2024-1751

Patch Status
Patched

Published
Mar 11, 2024

Affected Software
Tutor LMS – eLearning and online course solution

Researcher

Muhammad Hassham Nagori

More Details >

WP Fusion Lite <= 3.41.24 - Authenticated (Contributor+) Remote Code Execution

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2024-27972

Patch Status
Patched

Published
Mar 13, 2024

Affected Software
WP Fusion Lite – Marketing Automation and CRM Integration for WordPress

Researcher

LVT-tholv2k

More Details >

Hustle <= 7.8.3 - Sensitive Information Exposure via Exposed Hubspot API Keys

8.6

CVSS Rating
High (8.6)

CVE-ID
CVE-2024-0368

Patch Status
Patched

Published
Mar 12, 2024

Affected Software
Hustle – Email Marketing, Lead Generation, Optins, Popups

Researcher

Sean Murphy

More Details >

Post Grid Combo – 36+ Gutenberg Blocks <= 2.2.68 - Information Exposure via get_posts API Endpoint

7.5

CVSS Rating
High (7.5)

CVE-ID
CVE-2023-7072

Patch Status
Patched

Published
Mar 12, 2024

Affected Software
Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks

Researcher

Hung -mov Nguyen

More Details >

Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Event Calendar

7.4

CVSS Rating
High (7.4)

CVE-ID
CVE-2024-1536

Patch Status
Patched

Published
Mar 11, 2024

Affected Software
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders

Researcher

Webbernaut

More Details >

Bulgarisation for WooCommerce <= 3.0.14 - Cross-Site Request Forgery

7.3

CVSS Rating
High (7.3)

CVE-ID
CVE-2024-2395

Patch Status
Patched

Published
Mar 12, 2024

Affected Software
Bulgarisation for WooCommerce

Researcher

Francesco Carlucci

More Details >

Bulgarisation for WooCommerce <= 3.0.14 - Missing Authorization

7.3

CVSS Rating
High (7.3)

CVE-ID
CVE-2024-0683

Patch Status
Patched

Published
Mar 12, 2024

Affected Software
Bulgarisation for WooCommerce

Researcher

Francesco Carlucci

More Details >

Contact Forms by Cimatti <= 1.7.0 - Unauthenticated Stored Cross-Site Scripting

7.2

CVSS Rating
High (7.2)

CVE-ID
CVE-2024-29117

Patch Status
Patched

Published
Mar 16, 2024

Affected Software
WordPress Contact Forms by Cimatti

Researcher

Joshua Chan

More Details >

Everest Forms <= 2.0.7 - Unauthenticated Server-Side Request Forgery via font_url

7.2

CVSS Rating
High (7.2)

CVE-ID
CVE-2024-1812

Patch Status
Patched

Published
Mar 15, 2024

Affected Software
Everest Forms – Build Contact Forms, Surveys, Polls, Quizzes, Newsletter & Application Forms, and Many More with Ease!

Researcher

hir0ot

More Details >

Extensions For CF7 <= 3.0.6 - Unauthenticated Stored Cross-Site Scripting

7.2

CVSS Rating
High (7.2)

CVE-ID
CVE-2024-29102

Patch Status
Patched

Published
Mar 15, 2024

Affected Software
Extensions For CF7 (Contact form 7 Database, Conditional Fields and Redirection)

Researcher

Vladislav Pokrovsky (ΞX.MI)

More Details >

Multiple Page Generator Plugin – MPG <= 3.4.0 - Authenticated (Editor+) Remote Code Execution

7.2

CVSS Rating
High (7.2)

CVE-ID
CVE-2024-27951

Patch Status
Patched

Published
Mar 13, 2024

Affected Software
Multiple Page Generator Plugin – MPG

Researcher

Majed Refaea

More Details >

weForms <= 1.6.21 - Unauthenticated Stored Cross-Site Scripting via Referer

7.2

CVSS Rating
High (7.2)

CVE-ID
CVE-2024-0386

Patch Status
Patched

Published
Mar 12, 2024

Affected Software
weForms – Easy Drag & Drop Contact Form Builder For WordPress

Researcher

drop

More Details >

WP Statistics <= 14.5 - Unauthenticated Stored Cross-Site Scripting

7.2

CVSS Rating
High (7.2)

CVE-ID
CVE-2024-2194

Patch Status
Patched

Published
Mar 11, 2024

Affected Software
WP Statistics

Researcher

Tim Coen

More Details >

Zippy <= 1.6.9 - Authenticated (Editor+) Arbitrary File Upload

7.2

CVSS Rating
High (7.2)

CVE-ID
CVE-2024-27964

Patch Status
Patched

Published
Mar 13, 2024

Affected Software
Zippy

Researcher

stealthcopter

More Details >

Beaver Builder – WordPress Page Builder <= 2.7.4.4 - Authenticated(Contributor+) Stored Cross-Site Scripting via heading tag

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-1080

Patch Status
Patched

Published
Mar 11, 2024

Affected Software
Beaver Builder – WordPress Page Builder

Researcher

Nikolas

More Details >

Beaver Builder Addons by WPZOOM <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Widget

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-2181

Patch Status
Patched

Published
Mar 13, 2024

Affected Software
Beaver Builder Addons by WPZOOM

Researcher

Francesco Carlucci

More Details >

Beaver Builder Addons by WPZOOM <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Heading Widget

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-2183

Patch Status
Patched

Published
Mar 13, 2024

Affected Software
Beaver Builder Addons by WPZOOM

Researcher

Francesco Carlucci

More Details >

Beaver Builder Addons by WPZOOM <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Box Widget

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-2185

Patch Status
Patched

Published
Mar 13, 2024

Affected Software
Beaver Builder Addons by WPZOOM

Researcher

Francesco Carlucci

More Details >

Beaver Builder Addons by WPZOOM <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Team Members Widget

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-2186

Patch Status
Patched

Published
Mar 13, 2024

Affected Software
Beaver Builder Addons by WPZOOM

Researcher

Francesco Carlucci

More Details >

Beaver Builder Addons by WPZOOM <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Testimonials Widget

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-2187

Patch Status
Patched

Published
Mar 13, 2024

Affected Software
Beaver Builder Addons by WPZOOM

Researcher

Francesco Carlucci

More Details >

Burst Statistics – Privacy-Friendly Analytics for WordPress <= 1.5.6.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via burst_total_pageviews_count

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-1894

Patch Status
Patched

Published
Mar 12, 2024

Affected Software
Burst Statistics – Privacy-Friendly Analytics for WordPress

Researcher

Webbernaut

More Details >

Crisp <= 0.44 - Authenticated (Subscriber+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-27963

Patch Status
Patched

Published
Mar 13, 2024

Affected Software
Crisp – Live Chat and Chatbot

Researcher

stealthcopter

More Details >

CWW Companion <= 1.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-2130

Patch Status
Patched

Published
Mar 12, 2024

Affected Software
CWW Companion

Researcher

Francesco Carlucci

More Details >

Database for Contact Form 7 <= 3.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-29103

Patch Status
Patched

Published
Mar 15, 2024

Affected Software
Database for Contact Form 7

Researcher

Vladislav Pokrovsky (ΞX.MI)

More Details >

Download Manager <= 3.2.84 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-29114

Patch Status
Patched

Published
Mar 16, 2024

Affected Software
Download Manager Pro

Researcher

LVT-tholv2k

More Details >

Easy Social Feed – Social Photos Gallery – Post Feed – Like Box <= 6.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-1278

Patch Status
Patched

Published
Mar 12, 2024

Affected Software
Easy Social Feed – Social Photos Gallery – Post Feed – Like Box

Researcher

Richard Telleng (stueotue)

More Details >

ElementInvader Addons for Elementor <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-2308

Patch Status
Patched

Published
Mar 15, 2024

Affected Software
ElementInvader Addons for Elementor

Researcher

Francesco Carlucci

More Details >

Elementor Addon Elements <= 1.12.10 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-29107

Patch Status
Patched

Published
Mar 15, 2024

Affected Software
Elementor Addon Elements

Researcher

Abu Hurayra

More Details >

Elementor Addons by Livemesh <= 8.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Animated Text Widget

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-1458

Patch Status
Patched

Published
Mar 13, 2024

Affected Software
Elementor Addons by Livemesh

Researcher

wesley (wcraft)

More Details >

Elementor Addons by Livemesh <= 8.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Posts Carousel Widget

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-1465

Patch Status
Patched

Published
Mar 13, 2024

Affected Software
Elementor Addons by Livemesh

Researcher

RandomRoot

More Details >

Elementor Addons by Livemesh <= 8.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Posts Multislider Widget

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-1466

Patch Status
Patched

Published
Mar 13, 2024

Affected Software
Elementor Addons by Livemesh

Researcher

Drian

More Details >

Elementor Addons by Livemesh <= 8.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Posts Slider Widget

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-1464

Patch Status
Patched

Published
Mar 13, 2024

Affected Software
Elementor Addons by Livemesh

Researcher

0liveira

More Details >

Elementor Addons by Livemesh <= 8.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Team Members Widget

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-1461

Patch Status
Patched

Published
Mar 13, 2024

Affected Software
Elementor Addons by Livemesh

Researcher

Nikolas

More Details >

Elementor Header & Footer Builder <= 1.6.24 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-1237

Patch Status
Patched

Published
Mar 11, 2024

Affected Software
Elementor Header & Footer Builder

Researcher

wesley (wcraft)

More Details >

Elements Plus! <= 2.16.2 - Authenticated(Contributor+) Stored Cross-Site Scripting via widget links

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-2335

Patch Status
Patched

Published
Mar 14, 2024

Affected Software
Elements Plus!

Researcher

Francesco Carlucci

More Details >

ElementsKit Elementor addons <= 3.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-1239

Patch Status
Patched

Published
Mar 15, 2024

Affected Software
ElementsKit Elementor addons

Researcher

RandomRoot

More Details >

ElementsKit Elementor addons <= 3.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Accordion Widget

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-2042

Patch Status
Patched

Published
Mar 15, 2024

Affected Software
ElementsKit Elementor addons

Researcher

wesley (wcraft)

More Details >

Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Data Table

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-1537

Patch Status
Patched

Published
Mar 11, 2024

Affected Software
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders

Researcher

wesley (wcraft)

More Details >

Five Star Restaurant Menu <= 2.4.14 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-29089

Patch Status
Patched

Published
Mar 15, 2024

Affected Software
Restaurant Menu and Food Ordering

Researcher

Steven Julian

More Details >

Free Downloads WooCommerce <= 3.5.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-27969

Patch Status
Patched

Published
Mar 13, 2024

Affected Software
Free Downloads WooCommerce

Researcher

Abu Hurayra

More Details >

FV Flowplayer Video Player <= 7.5.41.7212 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-29122

Patch Status
Patched

Published
Mar 16, 2024

Affected Software
FV Flowplayer Video Player

Researcher

Byeongjun Jo

More Details >

Gutenberg Blocks by Kadence Blocks <= 3.2.25 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-2509

Patch Status
Patched

Published
Mar 15, 2024

Affected Software
Gutenberg Blocks by Kadence Blocks – Page Builder Features

Researcher

Dmitrii Ignatyev

More Details >

HT Mega – Absolute Addons For Elementor <= 2.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Carousel Widget

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-1421

Patch Status
Patched

Published
Mar 12, 2024

Affected Software
HT Mega – Absolute Addons For Elementor

Researcher

wesley (wcraft)

More Details >

HT Mega <= 2.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via titleTag

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-1397

Patch Status
Patched

Published
Mar 12, 2024

Affected Software
HT Mega – Absolute Addons For Elementor

Researchers

István Márton

Alex Thomas

More Details >

HUSKY – Products Filter for WooCommerce Professional <= 1.3.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-1796

Patch Status
Patched

Published
Mar 14, 2024

Affected Software
HUSKY – Products Filter Professional for WooCommerce

Researcher

Bassem Essam

More Details >

JetWidgets For Elementor <= 1.0.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via Animated Box Widget

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-2138

Patch Status
Patched

Published
Mar 13, 2024

Affected Software
JetWidgets For Elementor

Researcher

Francesco Carlucci

More Details >

Knight Lab Timeline <= 3.9.3.3 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-2287

Patch Status
Patched

Published
Mar 15, 2024

Affected Software
Knight Lab Timeline

Researcher

Tien Luong

More Details >

LA-Studio Element Kit for Elementor <= 1.3.7.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-2249

Patch Status
Patched

Published
Mar 14, 2024

Affected Software
LA-Studio Element Kit for Elementor

Researcher

Francesco Carlucci

More Details >

Newsletter2Go <= 4.0.13 - Authenticated(Subscriber+) Stored Cross-Site Scripting via style

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-1328

Patch Status
Unpatched

Published
Mar 11, 2024

Affected Software
Newsletter2Go

Researcher

Francesco Carlucci

More Details >

oik <= 4.10.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-2256

Patch Status
Patched

Published
Mar 14, 2024

Affected Software
oik

Researcher

Francesco Carlucci

More Details >

Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE <= 2.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-2226

Patch Status
Patched

Published
Mar 13, 2024

Affected Software
Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE

Researcher

Ngô Thiên An (ancorn_)

More Details >

Page Builder Gutenberg Blocks – CoBlocks <= 3.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-2369

Patch Status
Patched

Published
Mar 12, 2024

Affected Software
Page Builder Gutenberg Blocks – CoBlocks

Researcher

Dmitrii Ignatyev

More Details >

Premium Addons for Elementor <= 4.10.17 - Authenticated(Contributor+) Stored Cross-Site Scripting via Link Wrapper

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-0326

Patch Status
Patched

Published
Mar 12, 2024

Affected Software
Premium Addons for Elementor

Researcher

Webbernaut

More Details >

Premium Addons for Elementor <= 4.10.23 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-2399

Patch Status
Patched

Published
Mar 14, 2024

Affected Software
Premium Addons for Elementor

Researcher

wesley (wcraft)

More Details >

Prime Slider – Addons For Elementor <= 3.13.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Mercury Widget

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-1508

Patch Status
Patched

Published
Mar 12, 2024

Affected Software
Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider)

Researcher

RandomRoot

More Details >

Prime Slider – Addons For Elementor <= 3.13.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Rubix Widget

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-1507

Patch Status
Patched

Published
Mar 12, 2024

Affected Software
Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider)

Researcher

Nikolas

More Details >

ProfilePress <= 4.15.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-1535

Patch Status
Patched

Published
Mar 12, 2024

Affected Software
Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress

Researcher

Arkadiusz Hydzik

More Details >

Scrollsequence <= 1.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-29118

Patch Status
Patched

Published
Mar 16, 2024

Affected Software
Scrollsequence – Cinematic Scroll Image Animation Plugin

Researcher

resecured.io

More Details >

Shariff Wrapper <= 4.6.10 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-1450

Patch Status
Patched

Published
Mar 12, 2024

Affected Software
Shariff Wrapper

Researcher

Richard Telleng (stueotue)

More Details >

Shariff Wrapper <= 4.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-0966

Patch Status
Patched

Published
Mar 12, 2024

Affected Software
Shariff Wrapper

Researcher

Muhammad Daffa

More Details >

Shariff Wrapper <= 4.6.9 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2023-6500

Patch Status
Patched

Published
Mar 12, 2024

Affected Software
Shariff Wrapper

Researcher

Rafshanzani Suhada

More Details >

ShopLentor <= 2.8.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via Banner Link

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-1960

Patch Status
Patched

Published
Mar 14, 2024

Affected Software
ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor)

Researcher

Webbernaut

More Details >

Site Reviews <= 6.11.4 - Authenticated(Subscriber+) Stored Cross-Site Scripting via display name

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-2293

Patch Status
Patched

Published
Mar 11, 2024

Affected Software
Site Reviews

Researcher

stealthcopter

More Details >

Site Reviews <= 6.11.6 - Authenticated (Author+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-29095

Patch Status
Patched

Published
Mar 15, 2024

Affected Software
Site Reviews

Researcher

isacaya

More Details >

Sitekit <= 1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-29111

Patch Status
Patched

Published
Mar 16, 2024

Affected Software
Sitekit

Researcher

CatFather

More Details >

Sky Addons for Elementor <= 2.4.0 - Authenticated(Contributor+) Stored Cross-site scripting via Wrapper Link URL

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-2286

Patch Status
Patched

Published
Mar 12, 2024

Affected Software
Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blogs)

Researcher

Francesco Carlucci

More Details >

Smart Online Order for Clover <= 1.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-29115

Patch Status
Patched

Published
Mar 16, 2024

Affected Software
Smart Online Order for Clover

Researcher

Ngô Thiên An (ancorn_)

More Details >

SupportCandy <= 3.2.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-27991

Patch Status
Patched

Published
Mar 15, 2024

Affected Software
SupportCandy – Helpdesk & Customer Support Ticket System

Researcher

Mochamad Sofyan

More Details >

The Moneytizer <= 9.5.20 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-27990

Patch Status
Patched

Published
Mar 15, 2024

Affected Software
The Moneytizer

Researcher

LVT-tholv2k

More Details >

Ticket Tailor <= 1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-29104

Patch Status
Patched

Published
Mar 15, 2024

Affected Software
Sell Tickets – Event Ticketing and Event Registration – Ticket Tailor for WordPress

Researcher

wpdabh

More Details >

User profile <= 2.0.20 - Authenticated (Subscriber+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-29097

Patch Status
Patched

Published
Mar 15, 2024

Affected Software
User profile

Researcher

Kang SeoHee

More Details >

UsersWP <= 1.2.6 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-2423

Patch Status
Patched

Published
Mar 14, 2024

Affected Software
UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress

Researcher

Krzysztof Zając

More Details >

Video Conferencing with Zoom <= 4.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-2031

Patch Status
Patched

Published
Mar 12, 2024

Affected Software
Video Conferencing with Zoom

Researcher

Krzysztof Zając

More Details >

WEN Responsive Columns <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-27988

Patch Status
Patched

Published
Mar 15, 2024

Affected Software
WEN Responsive Columns

Researcher

LVT-tholv2k

More Details >

WP Calameo <= 2.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-29098

Patch Status
Patched

Published
Mar 15, 2024

Affected Software
WP Calameo

Researcher

wpdabh

More Details >

WP Go Maps (formerly WP Google Maps) <= 9.0.32 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-1582

Patch Status
Patched

Published
Mar 12, 2024

Affected Software
WP Go Maps (formerly WP Google Maps)

Researcher

Richard Telleng (stueotue)

More Details >

WP Responsive Tabs horizontal vertical and accordion Tabs <= 1.1.17 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-27989

Patch Status
Patched

Published
Mar 15, 2024

Affected Software
WP Responsive Tabs horizontal vertical and accordion Tabs

Researcher

LVT-tholv2k

More Details >

WPBakery Page Builder Addons by Livemesh <= 3.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-2079

Patch Status
Patched

Published
Mar 13, 2024

Affected Software
WPBakery Page Builder Addons by Livemesh

Researcher

Krzysztof Zając

More Details >

Advanced Sermons <= 3.2 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-27952

Patch Status
Patched

Published
Mar 13, 2024

Affected Software
Advanced Sermons

Researcher

Le Ngoc Anh

More Details >

AntiSpam for Contact Form 7 <= 0.6.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-27961

Patch Status
Patched

Published
Mar 13, 2024

Affected Software
AntiSpam for Contact Form 7

Researcher

stealthcopter

More Details >

APIExperts Square for WooCommerce <= 4.2.9 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-27959

Patch Status
Patched

Published
Mar 13, 2024

Affected Software
WC Shop Sync – Integrate Square and WooCommerce for Seamless Shop Management

Researcher

stealthcopter

More Details >

Barcode Scanner with Inventory & Order Manager <= 1.5.3 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-27998

Patch Status
Patched

Published
Mar 15, 2024

Affected Software
Barcode Scanner and Inventory manager. POS (Point of Sale) – scan barcodes & create orders with barcode reader.

Researcher

Maksim Kosenko

More Details >

Calendarista Basic Edition <= 3.0.2 - Unauthenticated Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-27993

Patch Status
Patched

Published
Mar 15, 2024

Affected Software
Calendarista Basic Edition – WordPress appointment booking system

Researcher

Mochamad Sofyan

More Details >

Contact Form 7 – PayPal & Stripe Add-on <= 2.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-29130

Patch Status
Patched

Published
Mar 16, 2024

Affected Software
Contact Form 7 – PayPal & Stripe Add-on

Researcher

Brandon James Roldan (tomorrowisnew)

More Details >

Contact Form 7 <= 5.9 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-2242

Patch Status
Patched

Published
Mar 13, 2024

Affected Software
Contact Form 7

Researcher

Asaf Mozes

More Details >

Contact Form by BestWebSoft <= 4.2.8 - Reflected Cross-Site Scripting via cntctfrm_contact_address

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-2198

Patch Status
Patched

Published
Mar 13, 2024

Affected Software
Contact Form by BestWebSoft – Advanced Contact Us Form Builder for WordPress

Researcher

stealthcopter

More Details >

Contact Form by BestWebSoft <= 4.2.8 - Reflected Cross-Site Scripting via cntctfrm_contact_subject

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-2200

Patch Status
Patched

Published
Mar 13, 2024

Affected Software
Contact Form by BestWebSoft – Advanced Contact Us Form Builder for WordPress

Researcher

Krzysztof Zając

More Details >

Coupon Affiliates <= 5.12.7 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-29125

Patch Status
Patched

Published
Mar 16, 2024

Affected Software
WooCommerce Affiliate Plugin – Coupon Affiliates

Researcher

stealthcopter

More Details >

Email Subscription Popup <= 1.2.20 - Unauthenticated Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-27960

Patch Status
Patched

Published
Mar 13, 2024

Affected Software
Email Subscription Popup

Researcher

stealthcopter

More Details >

Evergreen Content Poster <= 1.4.1 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-29099

Patch Status
Patched

Published
Mar 15, 2024

Affected Software
Evergreen Content Poster – Auto Post and Schedule Your Best Content to Social Media

Researcher

Joshua Chan

More Details >

GiveWP <= 3.3.1 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-27987

Patch Status
Patched

Published
Mar 15, 2024

Affected Software
GiveWP – Donation Plugin and Fundraising Platform

Researcher

Rafie Muhammad

More Details >

HT Easy GA4 ( Google Analytics 4 ) <= 1.1.7 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-29094

Patch Status
Patched

Published
Mar 15, 2024

Affected Software
HT Easy GA4 – Google Analytics WordPress Plugin

Researcher

beluga

More Details >

Link Library <= 7.6 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-29123

Patch Status
Patched

Published
Mar 16, 2024

Affected Software
Link Library

Researcher

stealthcopter

More Details >

Link Library <= 7.6.6 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-2325

Patch Status
Patched

Published
Mar 13, 2024

Affected Software
Link Library

Researcher

Krzysztof Zając

More Details >

Link Whisper Free <= 0.6.8 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-27992

Patch Status
Patched

Published
Mar 15, 2024

Affected Software
Link Whisper Free

Researcher

Dimas Maulana

More Details >

OxyExtras <= 1.4.4 - Unauthenticated Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-29129

Patch Status
Patched

Published
Mar 16, 2024

Affected Software
OxyExtras

Researcher

Kursat Cetin

More Details >

Permalink Manager Lite <= 2.4.3 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-29092

Patch Status
Patched

Published
Mar 15, 2024

Affected Software
Permalink Manager Lite

Researcher

Rafie Muhammad

More Details >

RegistrationMagic <= 5.2.5.9 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-29113

Patch Status
Patched

Published
Mar 16, 2024

Affected Software
RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login

Researcher

beluga

More Details >

Specific Content For Mobile – Customize the mobile version without redirections <= 0.1.9.5 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-29126

Patch Status
Patched

Published
Mar 16, 2024

Affected Software
Specific Content For Mobile – Customize the mobile version without redirections

Researcher

thiennv

More Details >

Table & Contact Form 7 Database – Tablesome <= 1.0.27 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-29110

Patch Status
Patched

Published
Mar 16, 2024

Affected Software
Tablesome – Responsive Table, Email Log, Form Automation – Contact Form 7, Elementor, WPForms, Gravity Forms, Fluent, Forminator

Researcher

Jean Tirstan T

More Details >

Visualizer <= 3.10.5 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-27958

Patch Status
Patched

Published
Mar 13, 2024

Affected Software
Visualizer: Tables and Charts Manager for WordPress

Researcher

stealthcopter

More Details >

WooCommerce License Manager <= 5.3.1 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-29121

Patch Status
Patched

Published
Mar 16, 2024

Affected Software
WooCommerce License Manager

Researcher

Dave Jong

More Details >

WooThumbs for WooCommerce by Iconic <= 5.5.3 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-29116

Patch Status
Patched

Published
Mar 16, 2024

Affected Software
WooThumbs for WooCommerce by Iconic

Researcher

Dave Jong

More Details >

WP Armour – Honeypot Anti Spam <= 2.1.13 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-29091

Patch Status
Patched

Published
Mar 15, 2024

Affected Software
WP Armour – Honeypot Anti Spam

Researcher

Rafie Muhammad

More Details >

wp-mpdf <= 3.7.1 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-27962

Patch Status
Patched

Published
Mar 13, 2024

Affected Software
wp-mpdf

Researcher

stealthcopter

More Details >

YITH WooCommerce Product Add-Ons <= 4.5.0 - Unuathenticated Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-27994

Patch Status
Patched

Published
Mar 15, 2024

Affected Software
YITH WooCommerce Product Add-Ons

Researcher

beluga

More Details >

Blossom Spa <= 1.3.3 - Sensitive Information Exposure

5.8

CVSS Rating
Medium (5.8)

CVE-ID
CVE-2024-2107

Patch Status
Patched

Published
Mar 12, 2024

Affected Software
Blossom Spa

Researcher

Krzysztof Zając

More Details >

Advanced Access Manager <= 6.9.20 - Authenticated (Administrator+) Stored Cross-Site Scripting

5.5

CVSS Rating
Medium (5.5)

CVE-ID
CVE-2024-29124

Patch Status
Patched

Published
Mar 16, 2024

Affected Software
Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More

Researcher

Delbert Giovanni Lie

More Details >

ElementsKit Elementor addons <= 3.0.3 - Authenticated(Editor+) Stored Cross-Site Scripting

5.5

CVSS Rating
Medium (5.5)

CVE-ID
CVE-2023-6525

Patch Status
Patched

Published
Mar 15, 2024

Affected Software
ElementsKit Elementor addons

Researcher

Ulyses Saicha

More Details >

MJM Clinic <= 1.1.22 - Authenticated (Editor+) Stored Cross-Site Scripting

5.5

CVSS Rating
Medium (5.5)

CVE-ID
CVE-2024-29096

Patch Status
Patched

Published
Mar 15, 2024

Affected Software
MJM Clinic

Researcher

Faizal Abroni

More Details >

WooCommerce Google Feed Manager <= 2.2.0 - Authenticated (Shop manager+) Stored Cross-Site Scripting

5.5

CVSS Rating
Medium (5.5)

CVE-ID
CVE-2024-29112

Patch Status
Patched

Published
Mar 16, 2024

Affected Software
WooCommerce Google Feed Manager

Researcher

Joshua Chan

More Details >

Accordion <= 2.2.96 - Missing Authorization to Authenticated(Contributor+) Post Duplication

5.4

CVSS Rating
Medium (5.4)

CVE-ID
CVE-2024-1641

Patch Status
Patched

Published
Mar 13, 2024

Affected Software
Accordion

Researcher

Lucio Sá

More Details >

Easy Social Feed <= 6.5.4 - Cross-Site Request Forgery

5.4

CVSS Rating
Medium (5.4)

CVE-ID
CVE-2024-1213

Patch Status
Patched

Published
Mar 12, 2024

Affected Software
Easy Social Feed – Social Photos Gallery – Post Feed – Like Box

Researcher

Eldar Zeynalli

More Details >

Related Posts for WordPress <= 2.2.1 - Cross-Site Request Forgery

5.4

CVSS Rating
Medium (5.4)

CVE-ID
CVE-2024-0592

Patch Status
Patched

Published
Mar 13, 2024

Affected Software
Related Posts for WordPress

Researcher

Krzysztof Zając

More Details >

Tutor LMS – eLearning and online course solution <= 2.6.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion

5.4

CVSS Rating
Medium (5.4)

CVE-ID
CVE-2024-1502

Patch Status
Patched

Published
Mar 12, 2024

Affected Software
Tutor LMS – eLearning and online course solution

Researcher

Lucio Sá

More Details >

Contact Form Builder Plugin: Multi Step Contact Form, Payment Form, Custom Contact Form Plugin by Bit Form <= 2.10.1 - Unauthenticated Insecure Direct Object Reference to Form Submission Alteration

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-1640

Patch Status
Patched

Published
Mar 13, 2024

Affected Software
Contact Form Builder by Bit Form: Create WP Contact Form, Multi Step, Conversational & Payment Form plugin

Researcher

Lucio Sá

More Details >

f(x) Private Site <= 1.2.1 - Sensitive Information Exposure

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-0906

Patch Status
Unpatched

Published
Mar 11, 2024

Affected Software
f(x) Private Site

Researcher

Francesco Carlucci

More Details >

Team Circle Image Slider With Lightbox 1.0 - Cross-Site Request Forgery

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2015-10130

Patch Status
Patched

Published
Mar 12, 2024

Affected Software
Team Circle Image Slider With Lightbox

Researcher

Ala Arfaoui

More Details >

Ultimate Gift Cards for WooCommerce – Create, Redeem & Manage Digital Gift Certificates with Personalized Templates <= 2.6.6 - Missing Authorization to Unauthenticated Information Exposure

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-1857

Patch Status
Patched

Published
Mar 15, 2024

Affected Software
Ultimate Gift Cards for WooCommerce – Create, Redeem & Manage Digital Gift Certificates with Personalized Templates

Researcher

Krzysztof Zając

More Details >

Word Replacer Pro <= 1.0 - Missing Authorization to Unauthenticated Arbitrary Content Update

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-1733

Patch Status
Unpatched

Published
Mar 15, 2024

Affected Software
Word Replacer Pro

Researcher

Lucio Sá

More Details >

Backuply – Backup, Restore, Migrate and Clone <= 1.2.7 - Authenticated (Admin+) Directory Traversal

4.9

CVSS Rating
Medium (4.9)

CVE-ID
CVE-2024-2294

Patch Status
Patched

Published
Mar 15, 2024

Affected Software
Backuply – Backup, Restore, Migrate and Clone

Researcher

Dau Hoang Tai

More Details >

ARMember <= 4.0.23 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2024-27995

Patch Status
Patched

Published
Mar 15, 2024

Affected Software
ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup

Researcher

Van Lyubov

More Details >

Inline Related Posts <= 3.4.0 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2024-2444

Patch Status
Patched

Published
Mar 16, 2024

Affected Software
Inline Related Posts

Researcher

Dmitrii Ignatyev

More Details >

Quiz And Survey Master <= 8.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2024-27966

Patch Status
Patched

Published
Mar 13, 2024

Affected Software
Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress

Researcher

Marzieh Hashemi

More Details >

Survey Maker <= 4.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2024-27996

Patch Status
Patched

Published
Mar 15, 2024

Affected Software
Survey Maker – Best WordPress Survey Plugin

Researcher

Joel Indra

More Details >

Visual Composer Website Builder <= 45.6.0 - Authenticated (Editor+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2024-27997

Patch Status
Patched

Published
Mar 15, 2024

Affected Software
Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode & Coming Soon Pages

Researcher

Phill Sav (Savphill)

More Details >

WP Go Maps <= 9.0.32 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2023-4839

Patch Status
Patched

Published
Mar 12, 2024

Affected Software
WP Go Maps (formerly WP Google Maps)

Researchers

Marco Wotschka

Akbar Kustirama

More Details >

WP Popups <= 2.1.5.5 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2024-29105

Patch Status
Patched

Published
Mar 15, 2024

Affected Software
WP Popups – WordPress Popup builder

Researcher

Huynh Tien Si

More Details >

WP Recipe Maker <= 9.2.1 - Authenticated Stored Cross-Site Scripting via Video Embed

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2024-1571

Patch Status
Patched

Published
Mar 14, 2024

Affected Software
WP Recipe Maker

Researcher

Sh

More Details >

WPFunnels <= 3.0.6 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2024-27965

Patch Status
Patched

Published
Mar 13, 2024

Affected Software
Easiest Sales Funnel Builder For WordPress & WooCommerce by WPFunnels

Researcher

hye0ngseok

More Details >

Auto Affiliate Links <= 6.4.3 - Missing Authorization via aalAddLink

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-1843

Patch Status
Patched

Published
Mar 11, 2024

Affected Software
Auto Affiliate Links

Researcher

Lucio Sá

More Details >

Awesome Support <= 6.1.6 - Insufficient Authorization via wpas_can_delete_attachments()

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-24716

Patch Status
Patched

Published
Mar 12, 2024

Affected Software
Awesome Support – WordPress HelpDesk & Support Plugin

Researcher

Brandon James Roldan (tomorrowisnew)

More Details >

Builder for WooCommerce reviews shortcodes – ReviewShort <= 1.01.3 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-29093

Patch Status
Patched

Published
Mar 15, 2024

Affected Software
Builder for WooCommerce product reviews shortcodes – ReviewShort

Researcher

Dhabaleshwar Das

More Details >

Cryptocurrency Widgets – Price Ticker & Coins List <= 2.6.8 - Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-27953

Patch Status
Patched

Published
Mar 13, 2024

Affected Software
Cryptocurrency Widgets – Price Ticker & Coins List

Researcher

CatFather

More Details >

DSGVO All in one for WP <= 4.3 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-27967

Patch Status
Patched

Published
Mar 13, 2024

Affected Software
DSGVO All in one for WP

Researcher

Joshua Chan

More Details >

Easy Social Feed <= 6.5.4 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-1214

Patch Status
Patched

Published
Mar 12, 2024

Affected Software
Easy Social Feed – Social Photos Gallery – Post Feed – Like Box

Researcher

Eldar Zeynalli

More Details >

LadiApp <= 4.4 - Cross-Site Request Forgery via ladiflow_save_hook()

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2023-4628

Patch Status
Unpatched

Published
Mar 11, 2024

Affected Software
LadiApp: Landing Page, PopupX, Marketing Automation, Affiliate Marketing…

Researcher

GiongfNef

More Details >

LadiApp <= 4.4 - Cross-Site Request Forgery via save_config()

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2023-4629

Patch Status
Unpatched

Published
Mar 11, 2024

Affected Software
LadiApp: Landing Page, PopupX, Marketing Automation, Affiliate Marketing…

Researcher

GiongfNef

More Details >

LadiApp <= 4.4 - Missing Authorization via ladiflow_save_hook()

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2023-4626

Patch Status
Unpatched

Published
Mar 11, 2024

Affected Software
LadiApp: Landing Page, PopupX, Marketing Automation, Affiliate Marketing…

Researcher

GiongfNef

More Details >

LadiApp <= 4.4 - Missing Authorization via save_config()

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2023-4627

Patch Status
Unpatched

Published
Mar 11, 2024

Affected Software
LadiApp: Landing Page, PopupX, Marketing Automation, Affiliate Marketing…

Researcher

GiongfNef

More Details >

LadiApp: Landing Page, PopupX, Marketing Automation, Affiliate Marketing… <= 4.4 - Cross-Site Request Forgery via init_endpoint

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2023-4731

Patch Status
Unpatched

Published
Mar 11, 2024

Affected Software
LadiApp: Landing Page, PopupX, Marketing Automation, Affiliate Marketing…

Researcher

GiongfNef

More Details >

LadiApp: Landing Page, PopupX, Marketing Automation, Affiliate Marketing… <= 4.4 - Cross-Site Request Forgery via publish_lp()

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2023-4729

Patch Status
Unpatched

Published
Mar 11, 2024

Affected Software
LadiApp: Landing Page, PopupX, Marketing Automation, Affiliate Marketing…

Researcher

GiongfNef

More Details >

LadiApp: Landing Page, PopupX, Marketing Automation, Affiliate Marketing… <= 4.4 - Missing Authorization on publish_lp()

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2023-4728

Patch Status
Unpatched

Published
Mar 11, 2024

Affected Software
LadiApp: Landing Page, PopupX, Marketing Automation, Affiliate Marketing…

Researcher

GiongfNef

More Details >

MasterStudy LMS <= 3.2.13 - Missing Authorization to Sensitive Information Exposure in search_posts

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-1904

Patch Status
Patched

Published
Mar 15, 2024

Affected Software
MasterStudy LMS WordPress Plugin – for Online Courses and Education

Researcher

Krzysztof Zając

More Details >

Mollie Forms <= 2.6.3 - Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-1645

Patch Status
Patched

Published
Mar 11, 2024

Affected Software
Mollie Forms

Researcher

Lucio Sá

More Details >

Mollie Forms <= 2.6.3 - Missing Authorization to Arbitrary Post Duplication

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-1400

Patch Status
Patched

Published
Mar 11, 2024

Affected Software
Mollie Forms

Researcher

Lucio Sá

More Details >

Super Page Cache for Cloudflare <= 4.7.5 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-27968

Patch Status
Patched

Published
Mar 13, 2024

Affected Software
Super Page Cache for Cloudflare

Researcher

Majed Refaea

More Details >

Tutor LMS – eLearning and online course solution <= 2.6.1 - Cross-Site Request Forgery to Plugin Deactivation and Data Erase

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-1503

Patch Status
Patched

Published
Mar 12, 2024

Affected Software
Tutor LMS – eLearning and online course solution

Researcher

Lucio Sá

More Details >

WooCommerce Cart Abandonment Recovery <= 1.2.26 - Cross-Site Request Forgery to Templates/Abandoned Orders Deletion

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-2322

Patch Status
Patched

Published
Mar 13, 2024

Affected Software
WooCommerce Cart Abandonment Recovery

Researcher

Erwan LR

More Details >

WP SendFox <= 1.3.0 - Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-27970

Patch Status
Patched

Published
Mar 13, 2024

Affected Software
WP SendFox

Researcher

Abdi Pranata

More Details >


As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.

This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us through our Bug Bounty Program, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.

The post Wordfence Intelligence Weekly WordPress Vulnerability Report (March 11, 2024 to March 17, 2024) appeared first on Wordfence.

10 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

21.4%

Related for WORDFENCE:71500F4C4909EA5D5619D4EB0AD0AE46