WordPress Vulnerability Daily Update

WP Plugin Vulnerabilities Image - Sassy Social Share Vulnerability - Authenticated (Administrator+) Stored Cross-Site Scripting - CVE-2024-4924 | WordPress Plugin Vulnerability Report - Vulnerabilities

Sassy Social Share Vulnerability – Authenticated (Administrator+) Stored Cross-Site Scripting – CVE-2024-4924 | WordPress Plugin Vulnerability Report

May 22, 2024

Plugin Name: Sassy Social Share Key Information: Software Type: Plugin Software Slug: sassy-social-share Software Status: Active Software Author: heateor Software…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - LearnPress Vulnerability - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter - CVE-2024-4971 | WordPress Plugin Vulnerability Report - Vulnerabilities

LearnPress Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter – CVE-2024-4971 | WordPress Plugin Vulnerability Report

May 21, 2024

Posted in Vulnerabilities, Security

Plugin Name: LearnPress Key Information: Software Type: Plugin Software Slug: learnpress Software Status: Active Software Author: thimpress Software Downloads: 4,287,642…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Media Library Assistant Vulnerability - Authenticated (Contributor+) SQL Injection via Shortcode & Reflected Cross-Site Scripting via lang - CVE-2024-3518 & CVE-2024-3519 | WordPress Plugin Vulnerability Report - Vulnerabilities

Media Library Assistant Vulnerability – Authenticated (Contributor+) SQL Injection via Shortcode & Reflected Cross-Site Scripting via lang – CVE-2024-3518 & CVE-2024-3519 | WordPress Plugin Vulnerability Report

May 21, 2024

Posted in Vulnerabilities, Security

Plugin Name: Media Library Assistant Key Information: Software Type: Plugin Software Slug: media-library-assistant Software Status: Active Software Author: dglingren Software…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Contact Form Plugin Vulnerability - PHP Object Injection via extractDynamicValues - CVE-2024-4157 | WordPress Plugin Vulnerability Report - Vulnerabilities

Contact Form Plugin Vulnerability – PHP Object Injection via extractDynamicValues – CVE-2024-4157 | WordPress Plugin Vulnerability Report

May 21, 2024

Posted in Vulnerabilities, Security

Plugin Name: Contact Form Plugin Key Information: Software Type: Plugin Software Slug: fluentform Software Status: Active Software Author: techjewel Software…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Element Pack Elementor Addons Vulnerability - Authenticated (Contributor+) Stored Cross-Site Scripting via custom_attributes and Form Submission Admin Email Bypass - CVE-2024-3926, CVE-2024-3927 | WordPress Plugin Vulnerability Report - Vulnerabilities

Element Pack Elementor Addons Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via custom_attributes and Form Submission Admin Email Bypass – CVE-2024-3926, CVE-2024-3927 | WordPress Plugin Vulnerability Report

May 21, 2024

Posted in Vulnerabilities, Security

Plugin Name: Element Pack Elementor Addons Key Information: Software Type: Plugin Software Slug: bdthemes-element-pack-lite Software Status: Active Software Author: bdthemes…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - SiteOrigin Widgets Bundle Vulnerability - Authenticated (Contributor+) Stored Cross-Site Scripting via 'siteorigin_widget' Shortcode - CVE-2024-4362 | WordPress Plugin Vulnerability Report - Vulnerabilities

SiteOrigin Widgets Bundle Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via ‘siteorigin_widget’ Shortcode – CVE-2024-4362 | WordPress Plugin Vulnerability Report

May 21, 2024

Posted in Vulnerabilities, Security

Plugin Name: SiteOrigin Widgets Bundle Key Information: Software Type: Plugin Software Slug: so-widgets-bundle Software Status: Active Software Author: gpriday Software…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Elementor Website Builder Vulnerability - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting - CVE-2024-4619 | WordPress Plugin Vulnerability Report - Vulnerabilities

Elementor Website Builder Vulnerability – Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting – CVE-2024-4619 | WordPress Plugin Vulnerability Report

May 20, 2024

Posted in Vulnerabilities, Security

Plugin Name: Elementor Website Builder Key Information: Software Type: Plugin Software Slug: elementor Software Status: Active Software Author: elemntor Software…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Page Builder by SiteOrigin Vulnerability - Authenticated (Contributor+) Stored Cross-Site Scripting via 'siteorigin_widget' Shortcode - CVE-2024-4361 | WordPress Plugin Vulnerability Report - Vulnerabilities

Page Builder by SiteOrigin Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via ‘siteorigin_widget’ Shortcode – CVE-2024-4361 | WordPress Plugin Vulnerability Report

May 20, 2024

Posted in Vulnerabilities, Security

Plugin Name: Page Builder by SiteOrigin Key Information: Software Type: Plugin Software Slug: siteorigin-panels Software Status: Active Software Author: gpriday…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - ShopLentor Vulnerability - Authenticated (Contributor+) Stored Cross-Site Scripting via woolentorsearch Shortcode - CVE-2024-3345 | WordPress Plugin Vulnerability Report - Vulnerabilities

ShopLentor Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via woolentorsearch Shortcode – CVE-2024-3345 | WordPress Plugin Vulnerability Report

May 20, 2024

Posted in Vulnerabilities, Security

Plugin Name: ShopLentor Key Information: Software Type: Plugin Software Slug: woolentor-addons Software Status: Active Software Author: devitemsllc Software Downloads: 3,557,867…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - WP Table Builder Vulnerability - Authenticated (Contributor+) Stored Cross-Site Scripting - CVE-2024-4700 | WordPress Plugin Vulnerability Report - Vulnerabilities

WP Table Builder Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-4700 | WordPress Plugin Vulnerability Report

May 20, 2024

Posted in Vulnerabilities, Security

Plugin Name: WP Table Builder Key Information: Software Type: Plugin Software Slug: wp-table-builder Software Status: Active Software Author: wptb Software…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - WP Shortcodes Plugin Vulnerability - Authenticated (Contributor+) Stored Cross-Site Scripting via su_members Shortcode - CVE-2024-4553 | WordPress Plugin Vulnerability Report - Vulnerabilities

WP Shortcodes Plugin Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via su_members Shortcode – CVE-2024-4553 | WordPress Plugin Vulnerability Report

May 20, 2024

Posted in Vulnerabilities, Security

Plugin Name: WP Shortcodes Plugin Key Information: Software Type: Plugin Software Slug: shortcodes-ultimate Software Status: Active Software Author: gn_themes Software…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - GiveWP Vulnerability - Authenticated (Contributor+) Stored Cross-Site Scripting - CVE-2024-3714 | WordPress Plugin Vulnerability Report - Vulnerabilities

GiveWP Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-3714 | WordPress Plugin Vulnerability Report

May 17, 2024

Posted in Vulnerabilities, Security

Plugin Name: GiveWP Key Information: Software Type: Plugin Software Slug: give Software Status: Active Software Author: webdevmattcrom Software Downloads: 7,298,288…

Read about this Latest WordPress Vulnerability

LearnPress Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter – CVE-2024-4971 | WordPress Plugin Vulnerability Report

Media Library Assistant Vulnerability – Authenticated (Contributor+) SQL Injection via Shortcode & Reflected Cross-Site Scripting via lang – CVE-2024-3518 & CVE-2024-3519 | WordPress Plugin Vulnerability Report

Contact Form Plugin Vulnerability – PHP Object Injection via extractDynamicValues – CVE-2024-4157 | WordPress Plugin Vulnerability Report

Element Pack Elementor Addons Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via custom_attributes and Form Submission Admin Email Bypass – CVE-2024-3926, CVE-2024-3927 | WordPress Plugin Vulnerability Report

SiteOrigin Widgets Bundle Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via ‘siteorigin_widget’ Shortcode – CVE-2024-4362 | WordPress Plugin Vulnerability Report

Elementor Website Builder Vulnerability – Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting – CVE-2024-4619 | WordPress Plugin Vulnerability Report

Page Builder by SiteOrigin Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via ‘siteorigin_widget’ Shortcode – CVE-2024-4361 | WordPress Plugin Vulnerability Report

ShopLentor Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via woolentorsearch Shortcode – CVE-2024-3345 | WordPress Plugin Vulnerability Report

WP Table Builder Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-4700 | WordPress Plugin Vulnerability Report

WP Shortcodes Plugin Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via su_members Shortcode – CVE-2024-4553 | WordPress Plugin Vulnerability Report

GiveWP Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-3714 | WordPress Plugin Vulnerability Report

Recent Blog Posts

Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App Vulnerability – Missing Authorization to Account Takeover via Unauthenticated Email Log Disclosure – CVE: NA | WordPress Plugin Vulnerability Report

SiteSEO – SEO Simplified Vulnerability – Missing Authorization to Authenticated (Author+) Plugin Settings Update – CVE-2025-12367 | WordPress Plugin Vulnerability Report

Qi Blocks Vulnerability – Missing Authorization to Authenticated (Contributor+) Plugin Settings Update – CVE-2025-12180 | WordPress Plugin Vulnerability Report

Additional Resources

About Your WP Guy