WordPress Vulnerability Daily Update

FooGallery Vulnerability – Authenticated (Author+) Stored Cross-Site Scripting – CVE-2024-2762 | WordPress Plugin Vulnerability Report

May 23, 2024

Plugin Name: FooGallery Key Information: Software Type: Plugin Software Slug: foogallery Software Status: Active Software Author: bradvin Software Downloads: 4,941,934…

Read about this Latest WordPress Vulnerability

Spectra Vulnerability – Authenticated (Author+) Stored Cross-Site Scripting – CVE-2024-4366 | WordPress Plugin Vulnerability Report

May 23, 2024

Posted in Security, Vulnerabilities

Plugin Name: Spectra Key Information: Software Type: Plugin Software Slug: ultimate-addons-for-gutenberg Software Status: Active Software Author: brainstormforce Software Downloads: 22,257,534…

Read about this Latest WordPress Vulnerability

Custom Fonts Vulnerability – Authenticated (Author+) Stored Cross-Site Scripting – CVE-2024-1332 | WordPress Plugin Vulnerability Report

May 23, 2024

Posted in Security, Vulnerabilities

Plugin Name: Custom Fonts Key Information: Software Type: Plugin Software Slug: custom-fonts Software Status: Active Software Author: brainstormforce Software Downloads:…

Read about this Latest WordPress Vulnerability

Email Log Vulnerability – Unauthenticated Hook Injection – CVE-2024-0867 | WordPress Plugin Vulnerability Report

May 23, 2024

Posted in Security, Vulnerabilities

Plugin Name: Email Log Key Information: Software Type: Plugin Software Slug: email-log Software Status: Active Software Author: sudar Software Downloads:…

Read about this Latest WordPress Vulnerability

iframe Vulnerability – Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode – CVE-2023-6844 | WordPress Plugin Vulnerability Report

May 22, 2024

Posted in Security, Vulnerabilities

Plugin Name: iframe Key Information: Software Type: Plugin Software Slug: iframe Software Status: Active Software Author: webvitaly Software Downloads: 1,680,907…

Read about this Latest WordPress Vulnerability

Advanced iFrame Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-4365 | WordPress Plugin Vulnerability Report

May 22, 2024

Posted in Security, Vulnerabilities

Plugin Name: Advanced iFrame Key Information: Software Type: Plugin Software Slug: advanced-iframe Software Status: Active Software Author: mdempfle Software Downloads:…

Read about this Latest WordPress Vulnerability

ProfilePress Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via ProfilePress User Panel Widget – CVE-2024-2861 | WordPress Plugin Vulnerability Report

May 22, 2024

Posted in Security, Vulnerabilities

Plugin Name: ProfilePress Key Information: Software Type: Plugin Software Slug: wp-user-avatar Software Status: Active Software Author: collizo4sky Software Downloads: 13,011,623…

Read about this Latest WordPress Vulnerability

Post SMTP Vulnerability – Authenticated (Administrator+) SQL Injection – CVE-2024-5207 | WordPress Plugin Vulnerability Report

May 22, 2024

Posted in Security, Vulnerabilities

Plugin Name: Post SMTP Key Information: Software Type: Plugin Software Slug: post-smtp Software Status: Active Software Author: wpexpertsio Software Downloads:…

Read about this Latest WordPress Vulnerability

Prime Slider Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Pagepiling Widget – CVE-2024-3997 | WordPress Plugin Vulnerability Report

May 22, 2024

Posted in Security, Vulnerabilities

Plugin Name: Prime Slider Key Information: Software Type: Plugin Software Slug: bdthemes-prime-slider-lite Software Status: Active Software Author: bdthemes Software Downloads:…

Read about this Latest WordPress Vulnerability

Sassy Social Share Vulnerability – Authenticated (Administrator+) Stored Cross-Site Scripting – CVE-2024-4924 | WordPress Plugin Vulnerability Report

May 22, 2024

Posted in Security, Vulnerabilities

Plugin Name: Sassy Social Share Key Information: Software Type: Plugin Software Slug: sassy-social-share Software Status: Active Software Author: heateor Software…

Read about this Latest WordPress Vulnerability

LearnPress Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter – CVE-2024-4971 | WordPress Plugin Vulnerability Report

May 21, 2024

Posted in Security, Vulnerabilities

Plugin Name: LearnPress Key Information: Software Type: Plugin Software Slug: learnpress Software Status: Active Software Author: thimpress Software Downloads: 4,287,642…

Read about this Latest WordPress Vulnerability

Media Library Assistant Vulnerability – Authenticated (Contributor+) SQL Injection via Shortcode & Reflected Cross-Site Scripting via lang – CVE-2024-3518 & CVE-2024-3519 | WordPress Plugin Vulnerability Report

May 21, 2024

Posted in Security, Vulnerabilities

Plugin Name: Media Library Assistant Key Information: Software Type: Plugin Software Slug: media-library-assistant Software Status: Active Software Author: dglingren Software…

Read about this Latest WordPress Vulnerability

FooGallery Vulnerability – Authenticated (Author+) Stored Cross-Site Scripting – CVE-2024-2762 | WordPress Plugin Vulnerability Report

Spectra Vulnerability – Authenticated (Author+) Stored Cross-Site Scripting – CVE-2024-4366 | WordPress Plugin Vulnerability Report

Custom Fonts Vulnerability – Authenticated (Author+) Stored Cross-Site Scripting – CVE-2024-1332 | WordPress Plugin Vulnerability Report

Email Log Vulnerability – Unauthenticated Hook Injection – CVE-2024-0867 | WordPress Plugin Vulnerability Report

iframe Vulnerability – Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode – CVE-2023-6844 | WordPress Plugin Vulnerability Report

Advanced iFrame Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-4365 | WordPress Plugin Vulnerability Report

ProfilePress Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via ProfilePress User Panel Widget – CVE-2024-2861 | WordPress Plugin Vulnerability Report

Post SMTP Vulnerability – Authenticated (Administrator+) SQL Injection – CVE-2024-5207 | WordPress Plugin Vulnerability Report

Prime Slider Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Pagepiling Widget – CVE-2024-3997 | WordPress Plugin Vulnerability Report

LearnPress Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter – CVE-2024-4971 | WordPress Plugin Vulnerability Report

Media Library Assistant Vulnerability – Authenticated (Contributor+) SQL Injection via Shortcode & Reflected Cross-Site Scripting via lang – CVE-2024-3518 & CVE-2024-3519 | WordPress Plugin Vulnerability Report

Recent Blog Posts

LiteSpeed Cache Vulnerability – Unauthenticated Sensitive Information Exposure via Log Files – CVE-2024-44000 | WordPress Plugin Vulnerability Report

Elementor Addon Elements Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Parameters – CVE-2024-4401, CVE-2024-7122 | WordPress Plugin Vulnerability Report

The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid Vulnerability – Authenticated (Contributor+) Information Disclosure – CVE-2024-7418 | WordPress Plugin Vulnerability Report

Additional Resources

About Your WP Guy