Plugin: Auto Featured Image
Vulnerability: Authenticated (Contributor+) Arbitrary File Upload
Patched Version: n/a
Recommended Action: No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.
Plugin: Elementor Addon Elements
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: 1.13.6
Recommended Action: Update to version 1.13.6, or a newer patched version
Plugin: DethemeKit For Elementor
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via URL Parameter of the De Gallery Widget
Patched Version: 2.1.6
Recommended Action: Update to version 2.1.6, or a newer patched version
Plugin: Create by Mediavine
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting via Schema Meta Shortcode
Patched Version: 1.9.8
Recommended Action: Update to version 1.9.8, or a newer patched version
Plugin: Elementor Addon Elements
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting
Patched Version: 1.13.6
Recommended Action: Update to version 1.13.6, or a newer patched version
Plugin: Portfolio Gallery – Image Gallery Plugin
Vulnerability: Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting
Patched Version: 1.6.5
Recommended Action: Update to version 1.6.5, or a newer patched version
Plugin: The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce
Vulnerability:
Patched Version: 5.6.1
Recommended Action: Update to version 5.6.1, or a newer patched version
Plugin: Gutenberg Blocks with AI by Kadence WP – Page Builder Features
Vulnerability: Authenticated (Contributor+) Stored Cross-Site Scripting in Google Maps Widget
Patched Version: 3.2.43
Recommended Action: Update to version 3.2.43, or a newer patched version