WordPress Vulnerability Daily Update

Royal Elementor Addons and Templates Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Form Builder Widget – CVE-2024-3887 | WordPress Plugin Vulnerability Report

May 15, 2024

Plugin Name: Royal Elementor Addons and Templates Key Information: Software Type: Plugin Software Slug: royal-elementor-addons Software Status: Active Software Author:…

Tutor LMS Vulnerability – Multiple Vulnerabilities – CVE-2024-4279, CVE-2024-4318, CVE-2024-4223 | WordPress Plugin Vulnerability Report

May 15, 2024

Posted in Vulnerabilities, Security

Plugin Name: Tutor LMS Key Information: Software Type: Plugin Software Slug: tutor Software Status: Active Software Author: themeum Software Downloads: 2,095,500 Active Installs: 80,000 Last…

Sina Extension for Elementor Vulnerability – Authenticated (Contributor+) Stored Cross-site Scriping via ‘Sina Particle Layer’ – CVE-2024-4373 | WordPress Plugin Vulnerability Report

May 14, 2024

Posted in Vulnerabilities, Security

Plugin Name: Sina Extension for Elementor Key Information: Software Type: Plugin Software Slug: sina-extension-for-elementor Software Status: Active Software Author: shaonsina…

Exclusive Addons for Elementor Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Team Member Widget – CVE-2024-4618 | WordPress Plugin Vulnerability Report

May 14, 2024

Posted in Vulnerabilities, Security

Plugin Name: Exclusive Addons for Elementor Key Information: Software Type: Plugin Software Slug: exclusive-addons-for-elementor Software Status: Active Software Author: timstrifler…

Import and export users and customers Vulnerability – Authenticated (Administrator+) Stored Cross-Site Scripting – CVE-2024-4656, CVE-2024-4734 | WordPress Plugin Vulnerability Report

May 14, 2024

Posted in Vulnerabilities, Security

Plugin Name: Import and export users and customers Key Information: Software Type: Plugin Software Slug: import-users-from-csv-with-meta Software Status: Active Software…

Visual Portfolio, Photo Gallery & Post Grid Vulnerability – Authenticated (Author+) Stored Cross-Site Scripting via title_tag Parameter – CVE-2024-4363 | WordPress Plugin Vulnerability Report

May 14, 2024

Posted in Vulnerabilities, Security

Plugin Name: Visual Portfolio, Photo Gallery & Post Grid Key Information: Software Type: Plugin Software Slug: visual-portfolio Software Status: Active…

Gutenberg Blocks Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-4057, CVE-2024-3189, CVE-2024-4208 | WordPress Plugin Vulnerability Report

May 14, 2024

Posted in Vulnerabilities, Security

Plugin Name: Gutenberg Blocks Key Information: Software Type: Plugin Software Slug: kadence-blocks Software Status: Active Software Author: britner Software Downloads:…

Image Optimization by Optimole Vulnerability – Authenticated (Author+) Stored Cross-Site Scripting via SVG Upload – CVE-2024-4636 | WordPress Plugin Vulnerability Report

May 14, 2024

Posted in Vulnerabilities, Security

Plugin Name: Image Optimization by Optimole Key Information: Software Type: Plugin Software Slug: optimole-wp Software Status: Active Software Author: optimole…

Order Export & Order Import for WooCommerce Vulnerability – Authenticated (Administrator+) PHP Object Injection – CVE-2024-34751 | WordPress Plugin Vulnerability Report

May 14, 2024

Posted in Vulnerabilities, Security

Plugin Name: Order Export & Order Import for WooCommerce Key Information: Software Type: Plugin Software Slug: order-import-export-for-woocommerce Software Status: Active…

Password Protected Vulnerability – Missing Authorization to Sensitive Information Exposure – CVE-2024-0437 | WordPress Plugin Vulnerability Report

May 14, 2024

Posted in Vulnerabilities, Security

Plugin Name: Password Protected Key Information: Software Type: Plugin Software Slug: password-protected Software Status: Active Software Author: wpexpertsio Software Downloads:…

RSS Aggregator Vulnerability – Reflected Cross-Site Scripting – CVE-2024-4860 | WordPress Plugin Vulnerability Report

May 14, 2024

Posted in Vulnerabilities, Security

Plugin Name: RSS Aggregator Key Information: Software Type: Plugin Software Slug: wp-rss-aggregator Software Status: Active Software Author: jeangalea Software Downloads:…

Yoast SEO Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-4984 | WordPress Plugin Vulnerability Report

May 14, 2024

Posted in Vulnerabilities, Security

Plugin Name: Yoast SEO Key Information: Software Type: Plugin Software Slug: wordpress-seo Software Status: Active Software Author: yoast Software Downloads:…

Royal Elementor Addons and Templates Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Form Builder Widget – CVE-2024-3887 | WordPress Plugin Vulnerability Report

Tutor LMS Vulnerability – Multiple Vulnerabilities – CVE-2024-4279, CVE-2024-4318, CVE-2024-4223 | WordPress Plugin Vulnerability Report

Sina Extension for Elementor Vulnerability – Authenticated (Contributor+) Stored Cross-site Scriping via ‘Sina Particle Layer’ – CVE-2024-4373 | WordPress Plugin Vulnerability Report

Exclusive Addons for Elementor Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Team Member Widget – CVE-2024-4618 | WordPress Plugin Vulnerability Report

Import and export users and customers Vulnerability – Authenticated (Administrator+) Stored Cross-Site Scripting – CVE-2024-4656, CVE-2024-4734 | WordPress Plugin Vulnerability Report

Visual Portfolio, Photo Gallery & Post Grid Vulnerability – Authenticated (Author+) Stored Cross-Site Scripting via title_tag Parameter – CVE-2024-4363 | WordPress Plugin Vulnerability Report

Gutenberg Blocks Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-4057, CVE-2024-3189, CVE-2024-4208 | WordPress Plugin Vulnerability Report

Image Optimization by Optimole Vulnerability – Authenticated (Author+) Stored Cross-Site Scripting via SVG Upload – CVE-2024-4636 | WordPress Plugin Vulnerability Report

Order Export & Order Import for WooCommerce Vulnerability – Authenticated (Administrator+) PHP Object Injection – CVE-2024-34751 | WordPress Plugin Vulnerability Report

Password Protected Vulnerability – Missing Authorization to Sensitive Information Exposure – CVE-2024-0437 | WordPress Plugin Vulnerability Report

RSS Aggregator Vulnerability – Reflected Cross-Site Scripting – CVE-2024-4860 | WordPress Plugin Vulnerability Report

Yoast SEO Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-4984 | WordPress Plugin Vulnerability Report

Recent Blog Posts

WordPress 500 Internal Server Error: What It Means and How to Fix It

Yoast SEO – Advanced SEO with real-time guidance and built-in AI Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via ‘jsonText’ Block Attribute – CVE-2026-3427 | WordPress Plugin Vulnerability Report

The Events Calendar Vulnerability – Missing Authorization to Authenticated (Subscriber+) Data Migration Control – CVE-2025-15043 | WordPress Plugin Vulnerability Report

Additional Resources

About Your WP Guy