Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
10 vulnerabilities by Very Good Plugins
CVE-2024-32796 (GCVE-0-2024-32796)
Vulnerability from nvd – Published: 2024-04-24 07:44 – Updated: 2026-04-28 16:09
VLAI
Title
WordPress WP Fusion Lite plugin <= 3.42.10 - Sensitive Data Exposure vulnerability
Summary
Insertion of Sensitive Information Into Sent Data vulnerability in Jack Arturo WP Fusion Lite wp-fusion-lite allows Retrieve Embedded Sensitive Data.This issue affects WP Fusion Lite: from n/a through <= 3.42.10.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-201 - Insertion of Sensitive Information Into Sent Data
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://patchstack.com/database/Wordpress/Plugin/… | vdb-entry |
| https://patchstack.com/database/vulnerability/wp-… | vdb-entryx_transferred |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Jack Arturo | WP Fusion Lite |
Affected:
0 , ≤ 3.42.10
(custom)
|
Date Public
2026-04-01 16:25
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-32796",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-29T19:59:20.240019Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:50:06.763Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:20:35.300Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/wp-fusion-lite/wordpress-wp-fusion-lite-3-42-10-sensitive-data-exposure-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "wp-fusion-lite",
"product": "WP Fusion Lite",
"vendor": "Jack Arturo",
"versions": [
{
"changes": [
{
"at": "3.43.0",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.42.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Majed Refaea | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:25:11.546Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insertion of Sensitive Information Into Sent Data vulnerability in Jack Arturo WP Fusion Lite wp-fusion-lite allows Retrieve Embedded Sensitive Data.\u003cp\u003eThis issue affects WP Fusion Lite: from n/a through \u003c= 3.42.10.\u003c/p\u003e"
}
],
"value": "Insertion of Sensitive Information Into Sent Data vulnerability in Jack Arturo WP Fusion Lite wp-fusion-lite allows Retrieve Embedded Sensitive Data.This issue affects WP Fusion Lite: from n/a through \u003c= 3.42.10."
}
],
"impacts": [
{
"capecId": "CAPEC-37",
"descriptions": [
{
"lang": "en",
"value": "Retrieve Embedded Sensitive Data"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-201",
"description": "Insertion of Sensitive Information Into Sent Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:09:40.379Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/wp-fusion-lite/vulnerability/wordpress-wp-fusion-lite-3-42-10-sensitive-data-exposure-vulnerability?_s_id=cve"
}
],
"title": "WordPress WP Fusion Lite plugin \u003c= 3.42.10 - Sensitive Data Exposure vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-32796",
"datePublished": "2024-04-24T07:44:26.623Z",
"dateReserved": "2024-04-18T09:15:38.675Z",
"dateUpdated": "2026-04-28T16:09:40.379Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-32455 (GCVE-0-2024-32455)
Vulnerability from nvd – Published: 2024-04-16 18:57 – Updated: 2026-04-28 16:09
VLAI
Title
WordPress Fatal Error Notify plugin <= 1.5.2 - Broken Access Control vulnerability
Summary
Missing Authorization vulnerability in Very Good Plugins Fatal Error Notify.This issue affects Fatal Error Notify: from n/a through 1.5.2.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/vulnerability/fat… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Very Good Plugins | Fatal Error Notify |
Affected:
n/a , ≤ 1.5.2
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-32455",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-30T16:11:29.258428Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:51:08.677Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:13:39.028Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/fatal-error-notify/wordpress-fatal-error-notify-plugin-1-5-2-broken-access-control-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "fatal-error-notify",
"product": "Fatal Error Notify",
"vendor": "Very Good Plugins",
"versions": [
{
"changes": [
{
"at": "1.5.3",
"status": "unaffected"
}
],
"lessThanOrEqual": "1.5.2",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Abdi Pranata (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authorization vulnerability in Very Good Plugins Fatal Error Notify.\u003cp\u003eThis issue affects Fatal Error Notify: from n/a through 1.5.2.\u003c/p\u003e"
}
],
"value": "Missing Authorization vulnerability in Very Good Plugins Fatal Error Notify.This issue affects Fatal Error Notify: from n/a through 1.5.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:09:35.943Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/fatal-error-notify/wordpress-fatal-error-notify-plugin-1-5-2-broken-access-control-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 1.5.3 or a higher version."
}
],
"value": "Update to 1.5.3 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Fatal Error Notify plugin \u003c= 1.5.2 - Broken Access Control vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-32455",
"datePublished": "2024-04-16T18:57:23.066Z",
"dateReserved": "2024-04-12T14:58:19.453Z",
"dateUpdated": "2026-04-28T16:09:35.943Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-27972 (GCVE-0-2024-27972)
Vulnerability from nvd – Published: 2024-04-03 11:51 – Updated: 2026-04-28 16:09
VLAI
Title
WordPress WP Fusion Lite plugin <= 3.41.24 - Remote Code Execution (RCE) vulnerability
Summary
Improper Control of Generation of Code ('Code Injection') vulnerability in Jack Arturo WP Fusion Lite wp-fusion-lite.This issue affects WP Fusion Lite: from n/a through <= 3.41.24.
Severity
9.9 (Critical)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://patchstack.com/database/Wordpress/Plugin/… | vdb-entry |
| https://patchstack.com/database/vulnerability/wp-… | vdb-entryx_transferred |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Jack Arturo | WP Fusion Lite |
Affected:
0 , ≤ 3.41.24
(custom)
|
|
| verygoodplugins | wp_fusion |
Affected:
0 , ≤ 3.41.24
(custom)
cpe:2.3:a:verygoodplugins:wp_fusion:-:*:*:*:lite:wordpress:*:* |
Date Public
2026-04-28 13:51
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:verygoodplugins:wp_fusion:-:*:*:*:lite:wordpress:*:*"
],
"defaultStatus": "unknown",
"product": "wp_fusion",
"vendor": "verygoodplugins",
"versions": [
{
"lessThanOrEqual": "3.41.24",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27972",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-09T15:43:09.718010Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-19T14:27:03.299Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:41:55.963Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/wp-fusion-lite/wordpress-wp-fusion-lite-plugin-3-41-24-remote-code-execution-rce-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "wp-fusion-lite",
"product": "WP Fusion Lite",
"vendor": "Jack Arturo",
"versions": [
{
"changes": [
{
"at": "3.42.10",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.41.24",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "LVT-tholv2k | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-28T13:51:16.583Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability in Jack Arturo WP Fusion Lite wp-fusion-lite.\u003cp\u003eThis issue affects WP Fusion Lite: from n/a through \u003c= 3.41.24.\u003c/p\u003e"
}
],
"value": "Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability in Jack Arturo WP Fusion Lite wp-fusion-lite.This issue affects WP Fusion Lite: from n/a through \u003c= 3.41.24."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:09:14.831Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/wp-fusion-lite/vulnerability/wordpress-wp-fusion-lite-plugin-3-41-24-remote-code-execution-rce-vulnerability?_s_id=cve"
}
],
"title": "WordPress WP Fusion Lite plugin \u003c= 3.41.24 - Remote Code Execution (RCE) vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-27972",
"datePublished": "2024-04-03T11:51:43.101Z",
"dateReserved": "2024-02-28T16:46:55.227Z",
"dateUpdated": "2026-04-28T16:09:14.831Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-34660 (GCVE-0-2021-34660)
Vulnerability from nvd – Published: 2021-08-09 12:23 – Updated: 2025-05-23 20:11
VLAI
Title
WP Fusion Lite <= 3.37.18 Reflected Cross-Site Scripting
Summary
The WP Fusion Lite WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the startdate parameter found in the ~/includes/admin/logging/class-log-table-list.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.37.18.
Severity
6.1 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.wordfence.com/vulnerability-advisorie… | x_refsource_MISC |
| https://plugins.trac.wordpress.org/browser/wp-fus… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Very Good Plugins | WP Fusion Lite |
Affected:
3.37.18 , ≤ 3.37.18
(custom)
|
Date Public
2021-08-06 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:19:47.331Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-34660"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/wp-fusion-lite/trunk/includes/admin/logging/class-log-table-list.php?rev=2497097#L427"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-34660",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-23T20:10:57.237514Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-23T20:11:00.382Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "WP Fusion Lite",
"vendor": "Very Good Plugins",
"versions": [
{
"lessThanOrEqual": "3.37.18",
"status": "affected",
"version": "3.37.18",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Xu-Liang Liao"
}
],
"datePublic": "2021-08-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The WP Fusion Lite WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the startdate parameter found in the ~/includes/admin/logging/class-log-table-list.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.37.18."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-09T12:23:26.000Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-34660"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://plugins.trac.wordpress.org/browser/wp-fusion-lite/trunk/includes/admin/logging/class-log-table-list.php?rev=2497097#L427"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to version 3.37.30 or newer of the plugin."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WP Fusion Lite \u003c= 3.37.18 Reflected Cross-Site Scripting",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "Wordfence",
"ASSIGNER": "security@wordfence.com",
"DATE_PUBLIC": "2021-08-06T17:51:00.000Z",
"ID": "CVE-2021-34660",
"STATE": "PUBLIC",
"TITLE": "WP Fusion Lite \u003c= 3.37.18 Reflected Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WP Fusion Lite",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "3.37.18",
"version_value": "3.37.18"
}
]
}
}
]
},
"vendor_name": "Very Good Plugins"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Xu-Liang Liao"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WP Fusion Lite WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the startdate parameter found in the ~/includes/admin/logging/class-log-table-list.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.37.18."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-34660",
"refsource": "MISC",
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-34660"
},
{
"name": "https://plugins.trac.wordpress.org/browser/wp-fusion-lite/trunk/includes/admin/logging/class-log-table-list.php?rev=2497097#L427",
"refsource": "MISC",
"url": "https://plugins.trac.wordpress.org/browser/wp-fusion-lite/trunk/includes/admin/logging/class-log-table-list.php?rev=2497097#L427"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to version 3.37.30 or newer of the plugin."
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2021-34660",
"datePublished": "2021-08-09T12:23:26.100Z",
"dateReserved": "2021-06-10T00:00:00.000Z",
"dateUpdated": "2025-05-23T20:11:00.382Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-34661 (GCVE-0-2021-34661)
Vulnerability from nvd – Published: 2021-08-09 12:23 – Updated: 2025-05-23 20:11
VLAI
Title
WP Fusion Lite <= 3.37.18 Cross-Site Request Forgery to Data Deletion
Summary
The WP Fusion Lite WordPress plugin is vulnerable to Cross-Site Request Forgery via the `show_logs_section` function found in the ~/includes/admin/logging/class-log-handler.php file which allows attackers to drop all logs for the plugin, in versions up to and including 3.37.18.
Severity
6.1 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.wordfence.com/vulnerability-advisorie… | x_refsource_MISC |
| https://plugins.trac.wordpress.org/browser/wp-fus… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Very Good Plugins | WP Fusion Lite |
Affected:
3.37.18 , ≤ 3.37.18
(custom)
|
Date Public
2021-08-06 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:19:47.864Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-34661"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/wp-fusion-lite/trunk/includes/admin/logging/class-log-handler.php?rev=2533608#L302"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-34661",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-23T20:11:15.622012Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-23T20:11:24.408Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "WP Fusion Lite",
"vendor": "Very Good Plugins",
"versions": [
{
"lessThanOrEqual": "3.37.18",
"status": "affected",
"version": "3.37.18",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Xu-Liang Liao"
}
],
"datePublic": "2021-08-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The WP Fusion Lite WordPress plugin is vulnerable to Cross-Site Request Forgery via the `show_logs_section` function found in the ~/includes/admin/logging/class-log-handler.php file which allows attackers to drop all logs for the plugin, in versions up to and including 3.37.18."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-09T12:23:20.000Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-34661"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://plugins.trac.wordpress.org/browser/wp-fusion-lite/trunk/includes/admin/logging/class-log-handler.php?rev=2533608#L302"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to version 3.37.30 or newer of the plugin."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WP Fusion Lite \u003c= 3.37.18 Cross-Site Request Forgery to Data Deletion",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "Wordfence",
"ASSIGNER": "security@wordfence.com",
"DATE_PUBLIC": "2021-08-06T17:51:00.000Z",
"ID": "CVE-2021-34661",
"STATE": "PUBLIC",
"TITLE": "WP Fusion Lite \u003c= 3.37.18 Cross-Site Request Forgery to Data Deletion"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WP Fusion Lite",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "3.37.18",
"version_value": "3.37.18"
}
]
}
}
]
},
"vendor_name": "Very Good Plugins"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Xu-Liang Liao"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WP Fusion Lite WordPress plugin is vulnerable to Cross-Site Request Forgery via the `show_logs_section` function found in the ~/includes/admin/logging/class-log-handler.php file which allows attackers to drop all logs for the plugin, in versions up to and including 3.37.18."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-34661",
"refsource": "MISC",
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-34661"
},
{
"name": "https://plugins.trac.wordpress.org/browser/wp-fusion-lite/trunk/includes/admin/logging/class-log-handler.php?rev=2533608#L302",
"refsource": "MISC",
"url": "https://plugins.trac.wordpress.org/browser/wp-fusion-lite/trunk/includes/admin/logging/class-log-handler.php?rev=2533608#L302"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to version 3.37.30 or newer of the plugin."
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2021-34661",
"datePublished": "2021-08-09T12:23:20.384Z",
"dateReserved": "2021-06-10T00:00:00.000Z",
"dateUpdated": "2025-05-23T20:11:24.408Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-32796 (GCVE-0-2024-32796)
Vulnerability from cvelistv5 – Published: 2024-04-24 07:44 – Updated: 2026-04-28 16:09
VLAI
Title
WordPress WP Fusion Lite plugin <= 3.42.10 - Sensitive Data Exposure vulnerability
Summary
Insertion of Sensitive Information Into Sent Data vulnerability in Jack Arturo WP Fusion Lite wp-fusion-lite allows Retrieve Embedded Sensitive Data.This issue affects WP Fusion Lite: from n/a through <= 3.42.10.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-201 - Insertion of Sensitive Information Into Sent Data
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://patchstack.com/database/Wordpress/Plugin/… | vdb-entry |
| https://patchstack.com/database/vulnerability/wp-… | vdb-entryx_transferred |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Jack Arturo | WP Fusion Lite |
Affected:
0 , ≤ 3.42.10
(custom)
|
Date Public
2026-04-01 16:25
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-32796",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-29T19:59:20.240019Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:50:06.763Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:20:35.300Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/wp-fusion-lite/wordpress-wp-fusion-lite-3-42-10-sensitive-data-exposure-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "wp-fusion-lite",
"product": "WP Fusion Lite",
"vendor": "Jack Arturo",
"versions": [
{
"changes": [
{
"at": "3.43.0",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.42.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Majed Refaea | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:25:11.546Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insertion of Sensitive Information Into Sent Data vulnerability in Jack Arturo WP Fusion Lite wp-fusion-lite allows Retrieve Embedded Sensitive Data.\u003cp\u003eThis issue affects WP Fusion Lite: from n/a through \u003c= 3.42.10.\u003c/p\u003e"
}
],
"value": "Insertion of Sensitive Information Into Sent Data vulnerability in Jack Arturo WP Fusion Lite wp-fusion-lite allows Retrieve Embedded Sensitive Data.This issue affects WP Fusion Lite: from n/a through \u003c= 3.42.10."
}
],
"impacts": [
{
"capecId": "CAPEC-37",
"descriptions": [
{
"lang": "en",
"value": "Retrieve Embedded Sensitive Data"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-201",
"description": "Insertion of Sensitive Information Into Sent Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:09:40.379Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/wp-fusion-lite/vulnerability/wordpress-wp-fusion-lite-3-42-10-sensitive-data-exposure-vulnerability?_s_id=cve"
}
],
"title": "WordPress WP Fusion Lite plugin \u003c= 3.42.10 - Sensitive Data Exposure vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-32796",
"datePublished": "2024-04-24T07:44:26.623Z",
"dateReserved": "2024-04-18T09:15:38.675Z",
"dateUpdated": "2026-04-28T16:09:40.379Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-32455 (GCVE-0-2024-32455)
Vulnerability from cvelistv5 – Published: 2024-04-16 18:57 – Updated: 2026-04-28 16:09
VLAI
Title
WordPress Fatal Error Notify plugin <= 1.5.2 - Broken Access Control vulnerability
Summary
Missing Authorization vulnerability in Very Good Plugins Fatal Error Notify.This issue affects Fatal Error Notify: from n/a through 1.5.2.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/vulnerability/fat… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Very Good Plugins | Fatal Error Notify |
Affected:
n/a , ≤ 1.5.2
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-32455",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-30T16:11:29.258428Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:51:08.677Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:13:39.028Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/fatal-error-notify/wordpress-fatal-error-notify-plugin-1-5-2-broken-access-control-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "fatal-error-notify",
"product": "Fatal Error Notify",
"vendor": "Very Good Plugins",
"versions": [
{
"changes": [
{
"at": "1.5.3",
"status": "unaffected"
}
],
"lessThanOrEqual": "1.5.2",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Abdi Pranata (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authorization vulnerability in Very Good Plugins Fatal Error Notify.\u003cp\u003eThis issue affects Fatal Error Notify: from n/a through 1.5.2.\u003c/p\u003e"
}
],
"value": "Missing Authorization vulnerability in Very Good Plugins Fatal Error Notify.This issue affects Fatal Error Notify: from n/a through 1.5.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:09:35.943Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/fatal-error-notify/wordpress-fatal-error-notify-plugin-1-5-2-broken-access-control-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 1.5.3 or a higher version."
}
],
"value": "Update to 1.5.3 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Fatal Error Notify plugin \u003c= 1.5.2 - Broken Access Control vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-32455",
"datePublished": "2024-04-16T18:57:23.066Z",
"dateReserved": "2024-04-12T14:58:19.453Z",
"dateUpdated": "2026-04-28T16:09:35.943Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-27972 (GCVE-0-2024-27972)
Vulnerability from cvelistv5 – Published: 2024-04-03 11:51 – Updated: 2026-04-28 16:09
VLAI
Title
WordPress WP Fusion Lite plugin <= 3.41.24 - Remote Code Execution (RCE) vulnerability
Summary
Improper Control of Generation of Code ('Code Injection') vulnerability in Jack Arturo WP Fusion Lite wp-fusion-lite.This issue affects WP Fusion Lite: from n/a through <= 3.41.24.
Severity
9.9 (Critical)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://patchstack.com/database/Wordpress/Plugin/… | vdb-entry |
| https://patchstack.com/database/vulnerability/wp-… | vdb-entryx_transferred |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Jack Arturo | WP Fusion Lite |
Affected:
0 , ≤ 3.41.24
(custom)
|
|
| verygoodplugins | wp_fusion |
Affected:
0 , ≤ 3.41.24
(custom)
cpe:2.3:a:verygoodplugins:wp_fusion:-:*:*:*:lite:wordpress:*:* |
Date Public
2026-04-28 13:51
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:verygoodplugins:wp_fusion:-:*:*:*:lite:wordpress:*:*"
],
"defaultStatus": "unknown",
"product": "wp_fusion",
"vendor": "verygoodplugins",
"versions": [
{
"lessThanOrEqual": "3.41.24",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27972",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-09T15:43:09.718010Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-19T14:27:03.299Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:41:55.963Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/wp-fusion-lite/wordpress-wp-fusion-lite-plugin-3-41-24-remote-code-execution-rce-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "wp-fusion-lite",
"product": "WP Fusion Lite",
"vendor": "Jack Arturo",
"versions": [
{
"changes": [
{
"at": "3.42.10",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.41.24",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "LVT-tholv2k | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-28T13:51:16.583Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability in Jack Arturo WP Fusion Lite wp-fusion-lite.\u003cp\u003eThis issue affects WP Fusion Lite: from n/a through \u003c= 3.41.24.\u003c/p\u003e"
}
],
"value": "Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability in Jack Arturo WP Fusion Lite wp-fusion-lite.This issue affects WP Fusion Lite: from n/a through \u003c= 3.41.24."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:09:14.831Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/wp-fusion-lite/vulnerability/wordpress-wp-fusion-lite-plugin-3-41-24-remote-code-execution-rce-vulnerability?_s_id=cve"
}
],
"title": "WordPress WP Fusion Lite plugin \u003c= 3.41.24 - Remote Code Execution (RCE) vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-27972",
"datePublished": "2024-04-03T11:51:43.101Z",
"dateReserved": "2024-02-28T16:46:55.227Z",
"dateUpdated": "2026-04-28T16:09:14.831Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-34660 (GCVE-0-2021-34660)
Vulnerability from cvelistv5 – Published: 2021-08-09 12:23 – Updated: 2025-05-23 20:11
VLAI
Title
WP Fusion Lite <= 3.37.18 Reflected Cross-Site Scripting
Summary
The WP Fusion Lite WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the startdate parameter found in the ~/includes/admin/logging/class-log-table-list.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.37.18.
Severity
6.1 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.wordfence.com/vulnerability-advisorie… | x_refsource_MISC |
| https://plugins.trac.wordpress.org/browser/wp-fus… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Very Good Plugins | WP Fusion Lite |
Affected:
3.37.18 , ≤ 3.37.18
(custom)
|
Date Public
2021-08-06 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:19:47.331Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-34660"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/wp-fusion-lite/trunk/includes/admin/logging/class-log-table-list.php?rev=2497097#L427"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-34660",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-23T20:10:57.237514Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-23T20:11:00.382Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "WP Fusion Lite",
"vendor": "Very Good Plugins",
"versions": [
{
"lessThanOrEqual": "3.37.18",
"status": "affected",
"version": "3.37.18",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Xu-Liang Liao"
}
],
"datePublic": "2021-08-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The WP Fusion Lite WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the startdate parameter found in the ~/includes/admin/logging/class-log-table-list.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.37.18."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-09T12:23:26.000Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-34660"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://plugins.trac.wordpress.org/browser/wp-fusion-lite/trunk/includes/admin/logging/class-log-table-list.php?rev=2497097#L427"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to version 3.37.30 or newer of the plugin."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WP Fusion Lite \u003c= 3.37.18 Reflected Cross-Site Scripting",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "Wordfence",
"ASSIGNER": "security@wordfence.com",
"DATE_PUBLIC": "2021-08-06T17:51:00.000Z",
"ID": "CVE-2021-34660",
"STATE": "PUBLIC",
"TITLE": "WP Fusion Lite \u003c= 3.37.18 Reflected Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WP Fusion Lite",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "3.37.18",
"version_value": "3.37.18"
}
]
}
}
]
},
"vendor_name": "Very Good Plugins"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Xu-Liang Liao"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WP Fusion Lite WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the startdate parameter found in the ~/includes/admin/logging/class-log-table-list.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.37.18."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-34660",
"refsource": "MISC",
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-34660"
},
{
"name": "https://plugins.trac.wordpress.org/browser/wp-fusion-lite/trunk/includes/admin/logging/class-log-table-list.php?rev=2497097#L427",
"refsource": "MISC",
"url": "https://plugins.trac.wordpress.org/browser/wp-fusion-lite/trunk/includes/admin/logging/class-log-table-list.php?rev=2497097#L427"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to version 3.37.30 or newer of the plugin."
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2021-34660",
"datePublished": "2021-08-09T12:23:26.100Z",
"dateReserved": "2021-06-10T00:00:00.000Z",
"dateUpdated": "2025-05-23T20:11:00.382Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-34661 (GCVE-0-2021-34661)
Vulnerability from cvelistv5 – Published: 2021-08-09 12:23 – Updated: 2025-05-23 20:11
VLAI
Title
WP Fusion Lite <= 3.37.18 Cross-Site Request Forgery to Data Deletion
Summary
The WP Fusion Lite WordPress plugin is vulnerable to Cross-Site Request Forgery via the `show_logs_section` function found in the ~/includes/admin/logging/class-log-handler.php file which allows attackers to drop all logs for the plugin, in versions up to and including 3.37.18.
Severity
6.1 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.wordfence.com/vulnerability-advisorie… | x_refsource_MISC |
| https://plugins.trac.wordpress.org/browser/wp-fus… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Very Good Plugins | WP Fusion Lite |
Affected:
3.37.18 , ≤ 3.37.18
(custom)
|
Date Public
2021-08-06 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:19:47.864Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-34661"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/wp-fusion-lite/trunk/includes/admin/logging/class-log-handler.php?rev=2533608#L302"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-34661",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-23T20:11:15.622012Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-23T20:11:24.408Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "WP Fusion Lite",
"vendor": "Very Good Plugins",
"versions": [
{
"lessThanOrEqual": "3.37.18",
"status": "affected",
"version": "3.37.18",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Xu-Liang Liao"
}
],
"datePublic": "2021-08-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The WP Fusion Lite WordPress plugin is vulnerable to Cross-Site Request Forgery via the `show_logs_section` function found in the ~/includes/admin/logging/class-log-handler.php file which allows attackers to drop all logs for the plugin, in versions up to and including 3.37.18."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-09T12:23:20.000Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-34661"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://plugins.trac.wordpress.org/browser/wp-fusion-lite/trunk/includes/admin/logging/class-log-handler.php?rev=2533608#L302"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to version 3.37.30 or newer of the plugin."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WP Fusion Lite \u003c= 3.37.18 Cross-Site Request Forgery to Data Deletion",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "Wordfence",
"ASSIGNER": "security@wordfence.com",
"DATE_PUBLIC": "2021-08-06T17:51:00.000Z",
"ID": "CVE-2021-34661",
"STATE": "PUBLIC",
"TITLE": "WP Fusion Lite \u003c= 3.37.18 Cross-Site Request Forgery to Data Deletion"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WP Fusion Lite",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "3.37.18",
"version_value": "3.37.18"
}
]
}
}
]
},
"vendor_name": "Very Good Plugins"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Xu-Liang Liao"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WP Fusion Lite WordPress plugin is vulnerable to Cross-Site Request Forgery via the `show_logs_section` function found in the ~/includes/admin/logging/class-log-handler.php file which allows attackers to drop all logs for the plugin, in versions up to and including 3.37.18."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-34661",
"refsource": "MISC",
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2021-34661"
},
{
"name": "https://plugins.trac.wordpress.org/browser/wp-fusion-lite/trunk/includes/admin/logging/class-log-handler.php?rev=2533608#L302",
"refsource": "MISC",
"url": "https://plugins.trac.wordpress.org/browser/wp-fusion-lite/trunk/includes/admin/logging/class-log-handler.php?rev=2533608#L302"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to version 3.37.30 or newer of the plugin."
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2021-34661",
"datePublished": "2021-08-09T12:23:20.384Z",
"dateReserved": "2021-06-10T00:00:00.000Z",
"dateUpdated": "2025-05-23T20:11:24.408Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}