WordPress Vulnerability Daily Update

Custom Fonts Vulnerability – Authenticated (Author+) Stored Cross-Site Scripting – CVE-2024-1332 | WordPress Plugin Vulnerability Report

May 23, 2024

Plugin Name: Custom Fonts Key Information: Software Type: Plugin Software Slug: custom-fonts Software Status: Active Software Author: brainstormforce Software Downloads:…

Email Log Vulnerability – Unauthenticated Hook Injection – CVE-2024-0867 | WordPress Plugin Vulnerability Report

May 23, 2024

Posted in Vulnerabilities, Security

Plugin Name: Email Log Key Information: Software Type: Plugin Software Slug: email-log Software Status: Active Software Author: sudar Software Downloads:…

iframe Vulnerability – Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode – CVE-2023-6844 | WordPress Plugin Vulnerability Report

May 22, 2024

Posted in Vulnerabilities, Security

Plugin Name: iframe Key Information: Software Type: Plugin Software Slug: iframe Software Status: Active Software Author: webvitaly Software Downloads: 1,680,907…

Advanced iFrame Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-4365 | WordPress Plugin Vulnerability Report

May 22, 2024

Posted in Vulnerabilities, Security

Plugin Name: Advanced iFrame Key Information: Software Type: Plugin Software Slug: advanced-iframe Software Status: Active Software Author: mdempfle Software Downloads:…

ProfilePress Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via ProfilePress User Panel Widget – CVE-2024-2861 | WordPress Plugin Vulnerability Report

May 22, 2024

Posted in Vulnerabilities, Security

Plugin Name: ProfilePress Key Information: Software Type: Plugin Software Slug: wp-user-avatar Software Status: Active Software Author: collizo4sky Software Downloads: 13,011,623…

Post SMTP Vulnerability – Authenticated (Administrator+) SQL Injection – CVE-2024-5207 | WordPress Plugin Vulnerability Report

May 22, 2024

Posted in Vulnerabilities, Security

Plugin Name: Post SMTP Key Information: Software Type: Plugin Software Slug: post-smtp Software Status: Active Software Author: wpexpertsio Software Downloads:…

Prime Slider Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Pagepiling Widget – CVE-2024-3997 | WordPress Plugin Vulnerability Report

May 22, 2024

Posted in Vulnerabilities, Security

Plugin Name: Prime Slider Key Information: Software Type: Plugin Software Slug: bdthemes-prime-slider-lite Software Status: Active Software Author: bdthemes Software Downloads:…

Sassy Social Share Vulnerability – Authenticated (Administrator+) Stored Cross-Site Scripting – CVE-2024-4924 | WordPress Plugin Vulnerability Report

May 22, 2024

Posted in Vulnerabilities, Security

Plugin Name: Sassy Social Share Key Information: Software Type: Plugin Software Slug: sassy-social-share Software Status: Active Software Author: heateor Software…

LearnPress Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter – CVE-2024-4971 | WordPress Plugin Vulnerability Report

May 21, 2024

Posted in Vulnerabilities, Security

Plugin Name: LearnPress Key Information: Software Type: Plugin Software Slug: learnpress Software Status: Active Software Author: thimpress Software Downloads: 4,287,642…

Media Library Assistant Vulnerability – Authenticated (Contributor+) SQL Injection via Shortcode & Reflected Cross-Site Scripting via lang – CVE-2024-3518 & CVE-2024-3519 | WordPress Plugin Vulnerability Report

May 21, 2024

Posted in Vulnerabilities, Security

Plugin Name: Media Library Assistant Key Information: Software Type: Plugin Software Slug: media-library-assistant Software Status: Active Software Author: dglingren Software…

Contact Form Plugin Vulnerability – PHP Object Injection via extractDynamicValues – CVE-2024-4157 | WordPress Plugin Vulnerability Report

May 21, 2024

Posted in Vulnerabilities, Security

Plugin Name: Contact Form Plugin Key Information: Software Type: Plugin Software Slug: fluentform Software Status: Active Software Author: techjewel Software…

Element Pack Elementor Addons Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via custom_attributes and Form Submission Admin Email Bypass – CVE-2024-3926, CVE-2024-3927 | WordPress Plugin Vulnerability Report

May 21, 2024

Posted in Vulnerabilities, Security

Plugin Name: Element Pack Elementor Addons Key Information: Software Type: Plugin Software Slug: bdthemes-element-pack-lite Software Status: Active Software Author: bdthemes…

Custom Fonts Vulnerability – Authenticated (Author+) Stored Cross-Site Scripting – CVE-2024-1332 | WordPress Plugin Vulnerability Report

Email Log Vulnerability – Unauthenticated Hook Injection – CVE-2024-0867 | WordPress Plugin Vulnerability Report

iframe Vulnerability – Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode – CVE-2023-6844 | WordPress Plugin Vulnerability Report

Advanced iFrame Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-4365 | WordPress Plugin Vulnerability Report

ProfilePress Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via ProfilePress User Panel Widget – CVE-2024-2861 | WordPress Plugin Vulnerability Report

Post SMTP Vulnerability – Authenticated (Administrator+) SQL Injection – CVE-2024-5207 | WordPress Plugin Vulnerability Report

Prime Slider Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Pagepiling Widget – CVE-2024-3997 | WordPress Plugin Vulnerability Report

LearnPress Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter – CVE-2024-4971 | WordPress Plugin Vulnerability Report

Media Library Assistant Vulnerability – Authenticated (Contributor+) SQL Injection via Shortcode & Reflected Cross-Site Scripting via lang – CVE-2024-3518 & CVE-2024-3519 | WordPress Plugin Vulnerability Report

Contact Form Plugin Vulnerability – PHP Object Injection via extractDynamicValues – CVE-2024-4157 | WordPress Plugin Vulnerability Report

Element Pack Elementor Addons Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via custom_attributes and Form Submission Admin Email Bypass – CVE-2024-3926, CVE-2024-3927 | WordPress Plugin Vulnerability Report

Recent Blog Posts

WordPress 500 Internal Server Error: What It Means and How to Fix It

Yoast SEO – Advanced SEO with real-time guidance and built-in AI Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via ‘jsonText’ Block Attribute – CVE-2026-3427 | WordPress Plugin Vulnerability Report

The Events Calendar Vulnerability – Missing Authorization to Authenticated (Subscriber+) Data Migration Control – CVE-2025-15043 | WordPress Plugin Vulnerability Report

Additional Resources

About Your WP Guy