WordPress Vulnerability Daily Update

WP Plugin Vulnerabilities Image - Blocksy Companion Vulnerability - Authenticated (Admin+) Server-Side Request Forgery - CVE-2024-35633 | WordPress Plugin Vulnerability Report - Vulnerabilities

Blocksy Companion Vulnerability – Authenticated (Admin+) Server-Side Request Forgery – CVE-2024-35633 | WordPress Plugin Vulnerability Report

May 30, 2024

Plugin Name: Blocksy Companion Key Information: Software Type: Plugin Software Slug: blocksy-companion Software Status: Active Software Author: creativethemeshq Software Downloads:…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - YITH WooCommerce Wishlist Vulnerability - Authenticated (Admin+) Stored Cross-Site Scripting - CVE-2024-34385 | WordPress Plugin Vulnerability Report - Vulnerabilities

YITH WooCommerce Wishlist Vulnerability – Authenticated (Admin+) Stored Cross-Site Scripting – CVE-2024-34385 | WordPress Plugin Vulnerability Report

May 30, 2024

Posted in Vulnerabilities, Security

Plugin Name: YITH WooCommerce Wishlist Key Information: Software Type: Plugin Software Slug: yith-woocommerce-wishlist Software Status: Active Software Author: yithemes Software…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Happy Addons for Elementor Vulnerability - Authenticated Stored Cross-Site Scripting - CVE-2024-5041, CVE-2024-5347 | WordPress Plugin Vulnerability Report - Vulnerabilities

Happy Addons for Elementor Vulnerability – Authenticated Stored Cross-Site Scripting – CVE-2024-5041, CVE-2024-5347 | WordPress Plugin Vulnerability Report

May 30, 2024

Posted in Vulnerabilities, Security

Plugin Name: Happy Addons for Elementor Key Information: Software Type: Plugin Software Slug: happy-elementor-addons Software Status: Active Software Author: thehappymonster…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Ninja Tables – Easiest Data Table Builder Vulnerability - Authenticated (Admin+) Server-Side Request Forgery - CVE-2024-35635 | WordPress Plugin Vulnerability Report - Vulnerabilities

Ninja Tables – Easiest Data Table Builder Vulnerability – Authenticated (Admin+) Server-Side Request Forgery – CVE-2024-35635 | WordPress Plugin Vulnerability Report

May 30, 2024

Posted in Vulnerabilities, Security

Plugin Name: Ninja Tables – Easiest Data Table Builder Key Information: Software Type: Plugin Software Slug: ninja-tables Software Status: Active…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - PowerPack Addons for Elementor Vulnerability - Authenticated (Contributor+) Stored Cross-Site Scripting - CVE-2024-2492 | WordPress Plugin Vulnerability Report - Vulnerabilities

PowerPack Addons for Elementor Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-2492 | WordPress Plugin Vulnerability Report

May 29, 2024

Posted in Vulnerabilities, Security

Plugin Name: PowerPack Addons for Elementor Key Information: Software Type: Plugin Software Slug: powerpack-lite-for-elementor Software Status: Active Software Author: ideaboxcreations…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Download Monitor Vulnerability - Missing Authorization - CVE-2024-3269 | WordPress Plugin Vulnerability Report - Vulnerabilities

Download Monitor Vulnerability – Missing Authorization – CVE-2024-3269 | WordPress Plugin Vulnerability Report

May 29, 2024

Posted in Vulnerabilities, Security

Plugin Name: Download Monitor Key Information: Software Type: Plugin Software Slug: download-monitor Software Status: Active Software Author: wpchill Software Downloads:…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - HUSKY – Products Filter Professional for WooCommerce Vulnerability - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode - CVE-2024-5039 | WordPress Plugin Vulnerability Report - Vulnerabilities

HUSKY – Products Filter Professional for WooCommerce Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2024-5039 | WordPress Plugin Vulnerability Report

May 28, 2024

Posted in Vulnerabilities, Security

Plugin Name: HUSKY – Products Filter Professional for WooCommerce Key Information: Software Type: Plugin Software Slug: woocommerce-products-filter Software Status: Active…

Read about this Latest WordPress Vulnerability

Lightbox & Modal Popup WordPress Plugin – FooBox Vulnerability – Authenticated (Admin+) Stored Cross-Site Scripting – CVE-2024-3276 | WordPress Plugin Vulnerability Report

May 28, 2024

Posted in Vulnerabilities, Security

Plugin Name: Lightbox & Modal Popup WordPress Plugin – FooBox Key Information: Software Type: Plugin Software Slug: foobox-image-lightbox Software Status:…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - WP STAGING WordPress Backup Plugin – Migration Backup Restore Vulnerability - Authenticated (Admin+) Arbitrary File Upload - CVE-2024-3412 | WordPress Plugin Vulnerability Report - Vulnerabilities

WP STAGING WordPress Backup Plugin – Migration Backup Restore Vulnerability – Authenticated (Admin+) Arbitrary File Upload – CVE-2024-3412 | WordPress Plugin Vulnerability Report

May 28, 2024

Posted in Vulnerabilities, Security

Plugin Name: WP STAGING WordPress Backup Plugin – Migration Backup Restore Key Information: Software Type: Plugin Software Slug: wp-staging Software…

Read about this Latest WordPress Vulnerability

Popup Builder by OptinMonster Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-4045 | WordPress Plugin Vulnerability Report

May 24, 2024

Posted in Vulnerabilities, Security

Plugin Name: Popup Builder by OptinMonster – WordPress Popups for Optins, Email Newsletters and Lead Generation Key Information: Software Type:…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - The Events Calendar Vulnerability - Missing Authorization to Authenticated (Contributor+) Arbitrary Events Access - CVE-2024-1295 | WordPress Plugin Vulnerability Report - Vulnerabilities

The Events Calendar Vulnerability – Missing Authorization to Authenticated (Contributor+) Arbitrary Events Access – CVE-2024-1295 | WordPress Plugin Vulnerability Report

May 24, 2024

Posted in Vulnerabilities, Security

Plugin Name: The Events Calendar Key Information: Software Type: Plugin Software Slug: the-events-calendar Software Status: Active Software Author: theeventscalendar Software…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - The Plus Addons for Elementor Vulnerability - Multiple Authenticated (Contributor+) Stored Cross-Site Scripting Vulnerabilities - CVE-2024-4485, CVE-2024-4484, CVE-2024-3718, CVE-2024-2784 | WordPress Plugin Vulnerability Report - Vulnerabilities

The Plus Addons for Elementor Vulnerability – Multiple Authenticated (Contributor+) Stored Cross-Site Scripting Vulnerabilities – CVE-2024-4485, CVE-2024-4484, CVE-2024-3718, CVE-2024-2784 | WordPress Plugin Vulnerability Report

May 23, 2024

Posted in Vulnerabilities, Security

Plugin Name: The Plus Addons for Elementor Key Information: Software Type: Plugin Software Slug: the-plus-addons-for-elementor-page-builder Software Status: Active Software Author:…

Read about this Latest WordPress Vulnerability

Blocksy Companion Vulnerability – Authenticated (Admin+) Server-Side Request Forgery – CVE-2024-35633 | WordPress Plugin Vulnerability Report

YITH WooCommerce Wishlist Vulnerability – Authenticated (Admin+) Stored Cross-Site Scripting – CVE-2024-34385 | WordPress Plugin Vulnerability Report

Happy Addons for Elementor Vulnerability – Authenticated Stored Cross-Site Scripting – CVE-2024-5041, CVE-2024-5347 | WordPress Plugin Vulnerability Report

Ninja Tables – Easiest Data Table Builder Vulnerability – Authenticated (Admin+) Server-Side Request Forgery – CVE-2024-35635 | WordPress Plugin Vulnerability Report

PowerPack Addons for Elementor Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-2492 | WordPress Plugin Vulnerability Report

Download Monitor Vulnerability – Missing Authorization – CVE-2024-3269 | WordPress Plugin Vulnerability Report

HUSKY – Products Filter Professional for WooCommerce Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2024-5039 | WordPress Plugin Vulnerability Report

WP STAGING WordPress Backup Plugin – Migration Backup Restore Vulnerability – Authenticated (Admin+) Arbitrary File Upload – CVE-2024-3412 | WordPress Plugin Vulnerability Report

Popup Builder by OptinMonster Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-4045 | WordPress Plugin Vulnerability Report

The Events Calendar Vulnerability – Missing Authorization to Authenticated (Contributor+) Arbitrary Events Access – CVE-2024-1295 | WordPress Plugin Vulnerability Report

The Plus Addons for Elementor Vulnerability – Multiple Authenticated (Contributor+) Stored Cross-Site Scripting Vulnerabilities – CVE-2024-4485, CVE-2024-4484, CVE-2024-3718, CVE-2024-2784 | WordPress Plugin Vulnerability Report

Recent Blog Posts

Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App Vulnerability – Missing Authorization to Account Takeover via Unauthenticated Email Log Disclosure – CVE: NA | WordPress Plugin Vulnerability Report

SiteSEO – SEO Simplified Vulnerability – Missing Authorization to Authenticated (Author+) Plugin Settings Update – CVE-2025-12367 | WordPress Plugin Vulnerability Report

Qi Blocks Vulnerability – Missing Authorization to Authenticated (Contributor+) Plugin Settings Update – CVE-2025-12180 | WordPress Plugin Vulnerability Report

Additional Resources

About Your WP Guy