WordPress Vulnerability Daily Update

White Label CMS Vulnerability – Missing Authorization to Plugin Settings Reset – CVE-2024-4280 | WordPress Plugin Vulnerability Report

May 9, 2024

Plugin Name: White Label CMS Key Information: Software Type: Plugin Software Slug: white-label-cms Software Status: Active Software Author: videousermanuals Software…

Read about this Latest WordPress Vulnerability

Prime Slider Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-4339 | WordPress Plugin Vulnerability Report

May 7, 2024

Posted in Security, Vulnerabilities

Plugin Name: Prime Slider Key Information: Software Type: Plugin Software Slug: bdthemes-prime-slider-lite Software Status: Active Software Author: bdthemes Software Downloads:…

Read about this Latest WordPress Vulnerability

Form Maker by 10Web Vulnerability – Authenticated (Administrator+) Stored Cross-Site Scripting – CVE-2024-34437 | WordPress Plugin Vulnerability Report

May 7, 2024

Posted in Security, Vulnerabilities

Plugin Name: Form Maker by 10Web Key Information: Software Type: Plugin Software Slug: form-maker Software Status: Active Software Author: 10web…

Read about this Latest WordPress Vulnerability

WP Job Manager Vulnerability – Unauthenticated Information Exposure – CVE-2024-34549 | WordPress Plugin Vulnerability Report

May 7, 2024

Posted in Security, Vulnerabilities

Plugin Name: WP Job Manager Key Information: Software Type: Plugin Software Slug: wp-job-manager Software Status: Active Software Author: automattic Software…

Read about this Latest WordPress Vulnerability

Mesmerize Companion Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via mesmerize_contact_form Shortcode – CVE-2024-3494 | WordPress Plugin Vulnerability Report

May 7, 2024

Posted in Security, Vulnerabilities

Plugin Name: Mesmerize Companion Key Information: Software Type: Plugin Software Slug: mesmerize-companion Software Status: Active Software Author: horearadu Software Downloads:…

Read about this Latest WordPress Vulnerability

XML Sitemap & Google News Vulnerability – Unauthenticated Local File Inclusion – CVE-2024-4441 | WordPress Plugin Vulnerability Report

May 7, 2024

Posted in Security, Vulnerabilities

Plugin Name: XML Sitemap & Google News Key Information: Software Type: Plugin Software Slug: xml-sitemap-feed Software Status: Active Software Author:…

Read about this Latest WordPress Vulnerability

One Click Demo Import Vulnerability – Authenticated (Admin+) PHP Object Injection – CVE-2024-34433 | WordPress Plugin Vulnerability Report

May 7, 2024

Posted in Security, Vulnerabilities

Plugin Name: One Click Demo Import Key Information: Software Type: Plugin Software Slug: one-click-demo-import Software Status: Active Software Author: smub…

Read about this Latest WordPress Vulnerability

Advanced Ads Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Ad Widget – CVE-2024-3952 | WordPress Plugin Vulnerability Report

May 7, 2024

Posted in Security, Vulnerabilities

Plugin Name: Advanced Ads Key Information: Software Type: Plugin Software Slug: advanced-ads Software Status: Active Software Author: monetizemore Software Downloads:…

Read about this Latest WordPress Vulnerability

AI Engine Vulnerability – Authenticated (Editor+) Arbitrary File Upload – CVE-2024-34440 | WordPress Plugin Vulnerability Report

May 7, 2024

Posted in Security, Vulnerabilities

Plugin Name: AI Engine Key Information: Software Type: Plugin Software Slug: ai-engine Software Status: Active Software Author: tigroumeow Software Downloads:…

Read about this Latest WordPress Vulnerability

Custom Field Suite Vulnerability – Authenticated (Admin+) Stored Cross-Site Scripting – CVE-2024-3068 | WordPress Plugin Vulnerability Report

May 7, 2024

Posted in Security, Vulnerabilities

Plugin Name: Custom Field Suite Key Information: Software Type: Plugin Software Slug: custom-field-suite Software Status: Active Software Author: mgibbs189 Software…

Read about this Latest WordPress Vulnerability

Content Views Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via pagingType Parameter – CVE-2024-4446 | WordPress Plugin Vulnerability Report

May 6, 2024

Posted in Security, Vulnerabilities

Plugin Name: Content Views Key Information: Software Type: Plugin Software Slug: content-views-query-and-display-post-page Software Status: Active Software Author: pt-guy Software Downloads:…

Read about this Latest WordPress Vulnerability

Image Hover Effects Vulnerability – Authenticated(Contributor+) DOM-based Stored Cross-Site Scripting via Image Hover Effects Widget – CVE-2024-1166 | WordPress Plugin Vulnerability Report

May 6, 2024

Posted in Security, Vulnerabilities

Plugin Name: Image Hover Effects Key Information: Software Type: Plugin Software Slug: image-hover-effects-addon-for-elementor Software Status: Active Software Author: blocksera Software…

Read about this Latest WordPress Vulnerability

White Label CMS Vulnerability – Missing Authorization to Plugin Settings Reset – CVE-2024-4280 | WordPress Plugin Vulnerability Report

Prime Slider Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-4339 | WordPress Plugin Vulnerability Report

Form Maker by 10Web Vulnerability – Authenticated (Administrator+) Stored Cross-Site Scripting – CVE-2024-34437 | WordPress Plugin Vulnerability Report

WP Job Manager Vulnerability – Unauthenticated Information Exposure – CVE-2024-34549 | WordPress Plugin Vulnerability Report

Mesmerize Companion Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via mesmerize_contact_form Shortcode – CVE-2024-3494 | WordPress Plugin Vulnerability Report

XML Sitemap & Google News Vulnerability – Unauthenticated Local File Inclusion – CVE-2024-4441 | WordPress Plugin Vulnerability Report

One Click Demo Import Vulnerability – Authenticated (Admin+) PHP Object Injection – CVE-2024-34433 | WordPress Plugin Vulnerability Report

Advanced Ads Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Ad Widget – CVE-2024-3952 | WordPress Plugin Vulnerability Report

AI Engine Vulnerability – Authenticated (Editor+) Arbitrary File Upload – CVE-2024-34440 | WordPress Plugin Vulnerability Report

Custom Field Suite Vulnerability – Authenticated (Admin+) Stored Cross-Site Scripting – CVE-2024-3068 | WordPress Plugin Vulnerability Report

Content Views Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via pagingType Parameter – CVE-2024-4446 | WordPress Plugin Vulnerability Report

Image Hover Effects Vulnerability – Authenticated(Contributor+) DOM-based Stored Cross-Site Scripting via Image Hover Effects Widget – CVE-2024-1166 | WordPress Plugin Vulnerability Report

Recent Blog Posts

LiteSpeed Cache Vulnerability – Unauthenticated Sensitive Information Exposure via Log Files – CVE-2024-44000 | WordPress Plugin Vulnerability Report

Elementor Addon Elements Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Parameters – CVE-2024-4401, CVE-2024-7122 | WordPress Plugin Vulnerability Report

The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid Vulnerability – Authenticated (Contributor+) Information Disclosure – CVE-2024-7418 | WordPress Plugin Vulnerability Report

Additional Resources

About Your WP Guy