WordPress Vulnerability Daily Update

RSS Aggregator Vulnerability – Reflected Cross-Site Scripting – CVE-2024-4860 | WordPress Plugin Vulnerability Report

May 14, 2024

Plugin Name: RSS Aggregator Key Information: Software Type: Plugin Software Slug: wp-rss-aggregator Software Status: Active Software Author: jeangalea Software Downloads:…

Read about this Latest WordPress Vulnerability

Yoast SEO Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-4984 | WordPress Plugin Vulnerability Report

May 14, 2024

Posted in Security, Vulnerabilities

Plugin Name: Yoast SEO Key Information: Software Type: Plugin Software Slug: wordpress-seo Software Status: Active Software Author: yoast Software Downloads:…

Read about this Latest WordPress Vulnerability

Sydney Toolbox Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via aThemes: Portfolio Widget – CVE-2024-4473 | WordPress Plugin Vulnerability Report

May 13, 2024

Posted in Security, Vulnerabilities

Plugin Name: Sydney Toolbox Key Information: Software Type: Plugin Software Slug: sydney-toolbox Software Status: Active Software Author: athemes Software Downloads:…

Read about this Latest WordPress Vulnerability

Jetpack Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via wpvideo Shortcode – CVE-2024-4392 | WordPress Plugin Vulnerability Report

May 13, 2024

Posted in Security, Vulnerabilities

Plugin Name: Jetpack Key Information: Software Type: Plugin Software Slug: jetpack Software Status: Active Software Author: automattic Software Downloads: 407,764,904…

Read about this Latest WordPress Vulnerability

WP Fastest Cache Vulnerability – Authenticated (Administrator+) Arbitrary File Deletion – CVE-2024-4347 | WordPress Plugin Vulnerability Report

May 10, 2024

Posted in Security, Vulnerabilities

Plugin Name: WP Fastest Cache Key Information: Software Type: Plugin Software Slug: wp-fastest-cache Software Status: Active Software Author: emrevona Software…

Read about this Latest WordPress Vulnerability

Beaver Builder Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via photo widget crop attribute – CVE-2024-4430 | WordPress Plugin Vulnerability Report

May 10, 2024

Posted in Security, Vulnerabilities

Plugin Name: Beaver Builder Key Information: Software Type: Plugin Software Slug: beaver-builder-lite-version Software Status: Active Software Author: justinbusa Software Downloads:…

Read about this Latest WordPress Vulnerability

Blocksy Companion Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via SVG Uploads – CVE-2024-4487 | WordPress Plugin Vulnerability Report

May 10, 2024

Posted in Security, Vulnerabilities

Plugin Name: Blocksy Companion Key Information: Software Type: Plugin Software Slug: blocksy-companion Software Status: Active Software Author: creativethemeshq Software Downloads:…

Read about this Latest WordPress Vulnerability

Starter Templates Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-4630 | WordPress Plugin Vulnerability Report

May 10, 2024

Posted in Security, Vulnerabilities

Plugin Name: Starter Templates Key Information: Software Type: Plugin Software Slug: astra-sites Software Status: Active Software Author: brainstormforce Software Downloads:…

Read about this Latest WordPress Vulnerability

Easy Digital Downloads Vulnerability – Cross-Site Request Forgery – CVE-2024-31113 | WordPress Plugin Vulnerability Report

May 9, 2024

Posted in Security, Vulnerabilities

Plugin Name: Easy Digital Downloads Key Information: Software Type: Plugin Software Slug: easy-digital-downloads Software Status: Active Software Author: smub Software…

Read about this Latest WordPress Vulnerability

TranslatePress Vulnerability – Cross-Site Request Forgery – CVE-2024-34827 | WordPress Plugin Vulnerability Report

May 9, 2024

Posted in Security, Vulnerabilities

Plugin Name: TranslatePress Key Information: Software Type: Plugin Software Slug: translatepress-multilingual Software Status: Active Software Author: madalinungureanu Software Downloads: 10,058,842…

Read about this Latest WordPress Vulnerability

Unyson Vulnerability – Cross-Site Request Forgery – CVE-2024-34814 | WordPress Plugin Vulnerability Report

May 9, 2024

Posted in Security, Vulnerabilities

Plugin Name: Unyson Key Information: Software Type: Plugin Software Slug: unyson Software Status: Removed Software Author: unyson Software Downloads: 3,375,089…

Read about this Latest WordPress Vulnerability

Pods Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Pod Form Redirect URL – CVE-2024-3956 | WordPress Plugin Vulnerability Report

May 9, 2024

Posted in Security, Vulnerabilities

Plugin Name: Pods Key Information: Software Type: Plugin Software Slug: pods Software Status: Active Software Author: sc0ttkclark Software Downloads: 4,123,314…

Read about this Latest WordPress Vulnerability

RSS Aggregator Vulnerability – Reflected Cross-Site Scripting – CVE-2024-4860 | WordPress Plugin Vulnerability Report

Yoast SEO Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-4984 | WordPress Plugin Vulnerability Report

Sydney Toolbox Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via aThemes: Portfolio Widget – CVE-2024-4473 | WordPress Plugin Vulnerability Report

Jetpack Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via wpvideo Shortcode – CVE-2024-4392 | WordPress Plugin Vulnerability Report

WP Fastest Cache Vulnerability – Authenticated (Administrator+) Arbitrary File Deletion – CVE-2024-4347 | WordPress Plugin Vulnerability Report

Beaver Builder Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via photo widget crop attribute – CVE-2024-4430 | WordPress Plugin Vulnerability Report

Blocksy Companion Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via SVG Uploads – CVE-2024-4487 | WordPress Plugin Vulnerability Report

Starter Templates Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-4630 | WordPress Plugin Vulnerability Report

Easy Digital Downloads Vulnerability – Cross-Site Request Forgery – CVE-2024-31113 | WordPress Plugin Vulnerability Report

TranslatePress Vulnerability – Cross-Site Request Forgery – CVE-2024-34827 | WordPress Plugin Vulnerability Report

Unyson Vulnerability – Cross-Site Request Forgery – CVE-2024-34814 | WordPress Plugin Vulnerability Report

Pods Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Pod Form Redirect URL – CVE-2024-3956 | WordPress Plugin Vulnerability Report

Recent Blog Posts

LiteSpeed Cache Vulnerability – Unauthenticated Sensitive Information Exposure via Log Files – CVE-2024-44000 | WordPress Plugin Vulnerability Report

Elementor Addon Elements Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Parameters – CVE-2024-4401, CVE-2024-7122 | WordPress Plugin Vulnerability Report

The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid Vulnerability – Authenticated (Contributor+) Information Disclosure – CVE-2024-7418 | WordPress Plugin Vulnerability Report

Additional Resources

About Your WP Guy