WordPress Vulnerability Daily Update

WP Plugin Vulnerabilities Image - YITH WooCommerce Ajax Search Vulnerability - Unauthenticated Stored Cross-Site Scripting - CVE-2024-4455 | WordPress Plugin Vulnerability Report - Vulnerabilities

YITH WooCommerce Ajax Search Vulnerability – Unauthenticated Stored Cross-Site Scripting – CVE-2024-4455 | WordPress Plugin Vulnerability Report

May 23, 2024

Plugin Name: YITH WooCommerce Ajax Search Key Information: Software Type: Plugin Software Slug: yith-woocommerce-ajax-search Software Status: Active Software Author: yithemes…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - WP Go Maps Vulnerability - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode - CVE-2024-3557 | WordPress Plugin Vulnerability Report - Vulnerabilities

WP Go Maps Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2024-3557 | WordPress Plugin Vulnerability Report

May 23, 2024

Posted in Vulnerabilities, Security

Plugin Name: WP Go Maps Key Information: Software Type: Plugin Software Slug: wp-google-maps Software Status: Active Software Author: wpgmaps Software Downloads:…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Elementor Header & Footer Builder Vulnerability - Authenticated (Contributor+) Stored Cross-Site Scripting - CVE-2024-2618 | WordPress Plugin Vulnerability Report - Vulnerabilities

Elementor Header & Footer Builder Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-2618 | WordPress Plugin Vulnerability Report

May 23, 2024

Posted in Vulnerabilities, Security

Plugin Name: Elementor Header & Footer Builder Key Information: Software Type: Plugin Software Slug: header-footer-elementor Software Status: Active Software Author:…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - FooGallery Vulnerability - Authenticated (Author+) Stored Cross-Site Scripting - CVE-2024-2762 | WordPress Plugin Vulnerability Report - Vulnerabilities

FooGallery Vulnerability – Authenticated (Author+) Stored Cross-Site Scripting – CVE-2024-2762 | WordPress Plugin Vulnerability Report

May 23, 2024

Posted in Vulnerabilities, Security

Plugin Name: FooGallery Key Information: Software Type: Plugin Software Slug: foogallery Software Status: Active Software Author: bradvin Software Downloads: 4,941,934…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Spectra Vulnerability - Authenticated (Author+) Stored Cross-Site Scripting - CVE-2024-4366 | WordPress Plugin Vulnerability Report - Vulnerabilities

Spectra Vulnerability – Authenticated (Author+) Stored Cross-Site Scripting – CVE-2024-4366 | WordPress Plugin Vulnerability Report

May 23, 2024

Posted in Vulnerabilities, Security

Plugin Name: Spectra Key Information: Software Type: Plugin Software Slug: ultimate-addons-for-gutenberg Software Status: Active Software Author: brainstormforce Software Downloads: 22,257,534…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Custom Fonts Vulnerability - Authenticated (Author+) Stored Cross-Site Scripting - CVE-2024-1332 | WordPress Plugin Vulnerability Report - Vulnerabilities

Custom Fonts Vulnerability – Authenticated (Author+) Stored Cross-Site Scripting – CVE-2024-1332 | WordPress Plugin Vulnerability Report

May 23, 2024

Posted in Vulnerabilities, Security

Plugin Name: Custom Fonts Key Information: Software Type: Plugin Software Slug: custom-fonts Software Status: Active Software Author: brainstormforce Software Downloads:…

Read about this Latest WordPress Vulnerability

Email Log Vulnerability – Unauthenticated Hook Injection – CVE-2024-0867 | WordPress Plugin Vulnerability Report

May 23, 2024

Posted in Vulnerabilities, Security

Plugin Name: Email Log Key Information: Software Type: Plugin Software Slug: email-log Software Status: Active Software Author: sudar Software Downloads:…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - iframe Vulnerability - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode - CVE-2023-6844 | WordPress Plugin Vulnerability Report - Vulnerabilities

iframe Vulnerability – Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode – CVE-2023-6844 | WordPress Plugin Vulnerability Report

May 22, 2024

Posted in Vulnerabilities, Security

Plugin Name: iframe Key Information: Software Type: Plugin Software Slug: iframe Software Status: Active Software Author: webvitaly Software Downloads: 1,680,907…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Advanced iFrame Vulnerability - Authenticated (Contributor+) Stored Cross-Site Scripting - CVE-2024-4365 | WordPress Plugin Vulnerability Report - Vulnerabilities

Advanced iFrame Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-4365 | WordPress Plugin Vulnerability Report

May 22, 2024

Posted in Vulnerabilities, Security

Plugin Name: Advanced iFrame Key Information: Software Type: Plugin Software Slug: advanced-iframe Software Status: Active Software Author: mdempfle Software Downloads:…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - ProfilePress Vulnerability - Authenticated (Contributor+) Stored Cross-Site Scripting via ProfilePress User Panel Widget - CVE-2024-2861 | WordPress Plugin Vulnerability Report - Vulnerabilities

ProfilePress Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via ProfilePress User Panel Widget – CVE-2024-2861 | WordPress Plugin Vulnerability Report

May 22, 2024

Posted in Vulnerabilities, Security

Plugin Name: ProfilePress Key Information: Software Type: Plugin Software Slug: wp-user-avatar Software Status: Active Software Author: collizo4sky Software Downloads: 13,011,623…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Post SMTP Vulnerability - Authenticated (Administrator+) SQL Injection - CVE-2024-5207 | WordPress Plugin Vulnerability Report - Vulnerabilities

Post SMTP Vulnerability – Authenticated (Administrator+) SQL Injection – CVE-2024-5207 | WordPress Plugin Vulnerability Report

May 22, 2024

Posted in Vulnerabilities, Security

Plugin Name: Post SMTP Key Information: Software Type: Plugin Software Slug: post-smtp Software Status: Active Software Author: wpexpertsio Software Downloads:…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Prime Slider Vulnerability - Authenticated (Contributor+) Stored Cross-Site Scripting via Pagepiling Widget - CVE-2024-3997 | WordPress Plugin Vulnerability Report - Vulnerabilities

Prime Slider Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Pagepiling Widget – CVE-2024-3997 | WordPress Plugin Vulnerability Report

May 22, 2024

Posted in Vulnerabilities, Security

Plugin Name: Prime Slider Key Information: Software Type: Plugin Software Slug: bdthemes-prime-slider-lite Software Status: Active Software Author: bdthemes Software Downloads:…

Read about this Latest WordPress Vulnerability

YITH WooCommerce Ajax Search Vulnerability – Unauthenticated Stored Cross-Site Scripting – CVE-2024-4455 | WordPress Plugin Vulnerability Report

WP Go Maps Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2024-3557 | WordPress Plugin Vulnerability Report

Elementor Header & Footer Builder Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-2618 | WordPress Plugin Vulnerability Report

FooGallery Vulnerability – Authenticated (Author+) Stored Cross-Site Scripting – CVE-2024-2762 | WordPress Plugin Vulnerability Report

Spectra Vulnerability – Authenticated (Author+) Stored Cross-Site Scripting – CVE-2024-4366 | WordPress Plugin Vulnerability Report

Custom Fonts Vulnerability – Authenticated (Author+) Stored Cross-Site Scripting – CVE-2024-1332 | WordPress Plugin Vulnerability Report

Email Log Vulnerability – Unauthenticated Hook Injection – CVE-2024-0867 | WordPress Plugin Vulnerability Report

iframe Vulnerability – Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode – CVE-2023-6844 | WordPress Plugin Vulnerability Report

Advanced iFrame Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-4365 | WordPress Plugin Vulnerability Report

ProfilePress Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via ProfilePress User Panel Widget – CVE-2024-2861 | WordPress Plugin Vulnerability Report

Post SMTP Vulnerability – Authenticated (Administrator+) SQL Injection – CVE-2024-5207 | WordPress Plugin Vulnerability Report

Prime Slider Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Pagepiling Widget – CVE-2024-3997 | WordPress Plugin Vulnerability Report

Recent Blog Posts

Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App Vulnerability – Missing Authorization to Account Takeover via Unauthenticated Email Log Disclosure – CVE: NA | WordPress Plugin Vulnerability Report

SiteSEO – SEO Simplified Vulnerability – Missing Authorization to Authenticated (Author+) Plugin Settings Update – CVE-2025-12367 | WordPress Plugin Vulnerability Report

Qi Blocks Vulnerability – Missing Authorization to Authenticated (Contributor+) Plugin Settings Update – CVE-2025-12180 | WordPress Plugin Vulnerability Report

Additional Resources

About Your WP Guy