WordPress Vulnerability Daily Update

Post and Page Builder by BoldGrid Vulnerability – Authenticated (Contributer+) Stored Cross-Site Scripting – CVE-2024-4400 | WordPress Plugin Vulnerability Report

May 15, 2024

Plugin Name: Post and Page Builder by BoldGrid Key Information: Software Type: Plugin Software Slug: post-and-page-builder Software Status: Active Software…

Read about this Latest WordPress Vulnerability

Rank Math SEO Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-4617 | WordPress Plugin Vulnerability Report

May 15, 2024

Posted in Security, Vulnerabilities

Plugin Name: Rank Math SEO Key Information: Software Type: Plugin Software Slug: seo-by-rank-math Software Status: Active Software Author: rankmath Software…

Read about this Latest WordPress Vulnerability

Royal Elementor Addons and Templates Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Form Builder Widget – CVE-2024-3887 | WordPress Plugin Vulnerability Report

May 15, 2024

Posted in Security, Vulnerabilities

Plugin Name: Royal Elementor Addons and Templates Key Information: Software Type: Plugin Software Slug: royal-elementor-addons Software Status: Active Software Author:…

Read about this Latest WordPress Vulnerability

Tutor LMS Vulnerability – Multiple Vulnerabilities – CVE-2024-4279, CVE-2024-4318, CVE-2024-4223 | WordPress Plugin Vulnerability Report

May 15, 2024

Posted in Security, Vulnerabilities

Plugin Name: Tutor LMS Key Information: Software Type: Plugin Software Slug: tutor Software Status: Active Software Author: themeum Software Downloads: 2,095,500 Active Installs: 80,000 Last…

Read about this Latest WordPress Vulnerability

Sina Extension for Elementor Vulnerability – Authenticated (Contributor+) Stored Cross-site Scriping via ‘Sina Particle Layer’ – CVE-2024-4373 | WordPress Plugin Vulnerability Report

May 14, 2024

Posted in Security, Vulnerabilities

Plugin Name: Sina Extension for Elementor Key Information: Software Type: Plugin Software Slug: sina-extension-for-elementor Software Status: Active Software Author: shaonsina…

Read about this Latest WordPress Vulnerability

Exclusive Addons for Elementor Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Team Member Widget – CVE-2024-4618 | WordPress Plugin Vulnerability Report

May 14, 2024

Posted in Security, Vulnerabilities

Plugin Name: Exclusive Addons for Elementor Key Information: Software Type: Plugin Software Slug: exclusive-addons-for-elementor Software Status: Active Software Author: timstrifler…

Read about this Latest WordPress Vulnerability

Import and export users and customers Vulnerability – Authenticated (Administrator+) Stored Cross-Site Scripting – CVE-2024-4656, CVE-2024-4734 | WordPress Plugin Vulnerability Report

May 14, 2024

Posted in Security, Vulnerabilities

Plugin Name: Import and export users and customers Key Information: Software Type: Plugin Software Slug: import-users-from-csv-with-meta Software Status: Active Software…

Read about this Latest WordPress Vulnerability

Visual Portfolio, Photo Gallery & Post Grid Vulnerability – Authenticated (Author+) Stored Cross-Site Scripting via title_tag Parameter – CVE-2024-4363 | WordPress Plugin Vulnerability Report

May 14, 2024

Posted in Security, Vulnerabilities

Plugin Name: Visual Portfolio, Photo Gallery & Post Grid Key Information: Software Type: Plugin Software Slug: visual-portfolio Software Status: Active…

Read about this Latest WordPress Vulnerability

Gutenberg Blocks Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-4057, CVE-2024-3189, CVE-2024-4208 | WordPress Plugin Vulnerability Report

May 14, 2024

Posted in Security, Vulnerabilities

Plugin Name: Gutenberg Blocks Key Information: Software Type: Plugin Software Slug: kadence-blocks Software Status: Active Software Author: britner Software Downloads:…

Read about this Latest WordPress Vulnerability

Image Optimization by Optimole Vulnerability – Authenticated (Author+) Stored Cross-Site Scripting via SVG Upload – CVE-2024-4636 | WordPress Plugin Vulnerability Report

May 14, 2024

Posted in Security, Vulnerabilities

Plugin Name: Image Optimization by Optimole Key Information: Software Type: Plugin Software Slug: optimole-wp Software Status: Active Software Author: optimole…

Read about this Latest WordPress Vulnerability

Order Export & Order Import for WooCommerce Vulnerability – Authenticated (Administrator+) PHP Object Injection – CVE-2024-34751 | WordPress Plugin Vulnerability Report

May 14, 2024

Posted in Security, Vulnerabilities

Plugin Name: Order Export & Order Import for WooCommerce Key Information: Software Type: Plugin Software Slug: order-import-export-for-woocommerce Software Status: Active…

Read about this Latest WordPress Vulnerability

Password Protected Vulnerability – Missing Authorization to Sensitive Information Exposure – CVE-2024-0437 | WordPress Plugin Vulnerability Report

May 14, 2024

Posted in Security, Vulnerabilities

Plugin Name: Password Protected Key Information: Software Type: Plugin Software Slug: password-protected Software Status: Active Software Author: wpexpertsio Software Downloads:…

Read about this Latest WordPress Vulnerability

Post and Page Builder by BoldGrid Vulnerability – Authenticated (Contributer+) Stored Cross-Site Scripting – CVE-2024-4400 | WordPress Plugin Vulnerability Report

Rank Math SEO Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-4617 | WordPress Plugin Vulnerability Report

Royal Elementor Addons and Templates Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Form Builder Widget – CVE-2024-3887 | WordPress Plugin Vulnerability Report

Tutor LMS Vulnerability – Multiple Vulnerabilities – CVE-2024-4279, CVE-2024-4318, CVE-2024-4223 | WordPress Plugin Vulnerability Report

Sina Extension for Elementor Vulnerability – Authenticated (Contributor+) Stored Cross-site Scriping via ‘Sina Particle Layer’ – CVE-2024-4373 | WordPress Plugin Vulnerability Report

Exclusive Addons for Elementor Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Team Member Widget – CVE-2024-4618 | WordPress Plugin Vulnerability Report

Import and export users and customers Vulnerability – Authenticated (Administrator+) Stored Cross-Site Scripting – CVE-2024-4656, CVE-2024-4734 | WordPress Plugin Vulnerability Report

Visual Portfolio, Photo Gallery & Post Grid Vulnerability – Authenticated (Author+) Stored Cross-Site Scripting via title_tag Parameter – CVE-2024-4363 | WordPress Plugin Vulnerability Report

Gutenberg Blocks Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-4057, CVE-2024-3189, CVE-2024-4208 | WordPress Plugin Vulnerability Report

Image Optimization by Optimole Vulnerability – Authenticated (Author+) Stored Cross-Site Scripting via SVG Upload – CVE-2024-4636 | WordPress Plugin Vulnerability Report

Order Export & Order Import for WooCommerce Vulnerability – Authenticated (Administrator+) PHP Object Injection – CVE-2024-34751 | WordPress Plugin Vulnerability Report

Password Protected Vulnerability – Missing Authorization to Sensitive Information Exposure – CVE-2024-0437 | WordPress Plugin Vulnerability Report

Recent Blog Posts

LiteSpeed Cache Vulnerability – Unauthenticated Sensitive Information Exposure via Log Files – CVE-2024-44000 | WordPress Plugin Vulnerability Report

Elementor Addon Elements Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Parameters – CVE-2024-4401, CVE-2024-7122 | WordPress Plugin Vulnerability Report

The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid Vulnerability – Authenticated (Contributor+) Information Disclosure – CVE-2024-7418 | WordPress Plugin Vulnerability Report

Additional Resources

About Your WP Guy