WordPress Vulnerability Daily Update

WP Plugin Vulnerabilities Image - TranslatePress Vulnerability - Cross-Site Request Forgery - CVE-2024-34827 | WordPress Plugin Vulnerability Report - Vulnerabilities

TranslatePress Vulnerability – Cross-Site Request Forgery – CVE-2024-34827 | WordPress Plugin Vulnerability Report

May 9, 2024

Plugin Name: TranslatePress Key Information: Software Type: Plugin Software Slug: translatepress-multilingual Software Status: Active Software Author: madalinungureanu Software Downloads: 10,058,842…

Read about this Latest WordPress Vulnerability

Unyson Vulnerability – Cross-Site Request Forgery – CVE-2024-34814 | WordPress Plugin Vulnerability Report

May 9, 2024

Posted in Vulnerabilities, Security

Plugin Name: Unyson Key Information: Software Type: Plugin Software Slug: unyson Software Status: Removed Software Author: unyson Software Downloads: 3,375,089…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Pods Vulnerability - Authenticated (Contributor+) Stored Cross-Site Scripting via Pod Form Redirect URL - CVE-2024-3956 | WordPress Plugin Vulnerability Report - Vulnerabilities

Pods Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Pod Form Redirect URL – CVE-2024-3956 | WordPress Plugin Vulnerability Report

May 9, 2024

Posted in Vulnerabilities, Security

Plugin Name: Pods Key Information: Software Type: Plugin Software Slug: pods Software Status: Active Software Author: sc0ttkclark Software Downloads: 4,123,314…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - White Label CMS Vulnerability - Missing Authorization to Plugin Settings Reset - CVE-2024-4280 | WordPress Plugin Vulnerability Report - Vulnerabilities

White Label CMS Vulnerability – Missing Authorization to Plugin Settings Reset – CVE-2024-4280 | WordPress Plugin Vulnerability Report

May 9, 2024

Posted in Vulnerabilities, Security

Plugin Name: White Label CMS Key Information: Software Type: Plugin Software Slug: white-label-cms Software Status: Active Software Author: videousermanuals Software…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Prime Slider Vulnerability - Authenticated (Contributor+) Stored Cross-Site Scripting - CVE-2024-4339 | WordPress Plugin Vulnerability Report - Vulnerabilities

Prime Slider Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-4339 | WordPress Plugin Vulnerability Report

May 7, 2024

Posted in Vulnerabilities, Security

Plugin Name: Prime Slider Key Information: Software Type: Plugin Software Slug: bdthemes-prime-slider-lite Software Status: Active Software Author: bdthemes Software Downloads:…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Form Maker by 10Web Vulnerability - Authenticated (Administrator+) Stored Cross-Site Scripting - CVE-2024-34437 | WordPress Plugin Vulnerability Report - Vulnerabilities

Form Maker by 10Web Vulnerability – Authenticated (Administrator+) Stored Cross-Site Scripting – CVE-2024-34437 | WordPress Plugin Vulnerability Report

May 7, 2024

Posted in Vulnerabilities, Security

Plugin Name: Form Maker by 10Web Key Information: Software Type: Plugin Software Slug: form-maker Software Status: Active Software Author: 10web…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - WP Job Manager Vulnerability - Unauthenticated Information Exposure - CVE-2024-34549 | WordPress Plugin Vulnerability Report - Vulnerabilities

WP Job Manager Vulnerability – Unauthenticated Information Exposure – CVE-2024-34549 | WordPress Plugin Vulnerability Report

May 7, 2024

Posted in Vulnerabilities, Security

Plugin Name: WP Job Manager Key Information: Software Type: Plugin Software Slug: wp-job-manager Software Status: Active Software Author: automattic Software…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Mesmerize Companion Vulnerability - Authenticated (Contributor+) Stored Cross-Site Scripting via mesmerize_contact_form Shortcode - CVE-2024-3494 | WordPress Plugin Vulnerability Report - Vulnerabilities

Mesmerize Companion Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via mesmerize_contact_form Shortcode – CVE-2024-3494 | WordPress Plugin Vulnerability Report

May 7, 2024

Posted in Vulnerabilities, Security

Plugin Name: Mesmerize Companion Key Information: Software Type: Plugin Software Slug: mesmerize-companion Software Status: Active Software Author: horearadu Software Downloads:…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - XML Sitemap & Google News Vulnerability - Unauthenticated Local File Inclusion - CVE-2024-4441 | WordPress Plugin Vulnerability Report - Vulnerabilities

XML Sitemap & Google News Vulnerability – Unauthenticated Local File Inclusion – CVE-2024-4441 | WordPress Plugin Vulnerability Report

May 7, 2024

Posted in Vulnerabilities, Security

Plugin Name: XML Sitemap & Google News Key Information: Software Type: Plugin Software Slug: xml-sitemap-feed Software Status: Active Software Author:…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - One Click Demo Import Vulnerability - Authenticated (Admin+) PHP Object Injection - CVE-2024-34433 | WordPress Plugin Vulnerability Report - Vulnerabilities

One Click Demo Import Vulnerability – Authenticated (Admin+) PHP Object Injection – CVE-2024-34433 | WordPress Plugin Vulnerability Report

May 7, 2024

Posted in Vulnerabilities, Security

Plugin Name: One Click Demo Import Key Information: Software Type: Plugin Software Slug: one-click-demo-import Software Status: Active Software Author: smub…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Advanced Ads Vulnerability - Authenticated (Contributor+) Stored Cross-Site Scripting via Ad Widget - CVE-2024-3952 | WordPress Plugin Vulnerability Report - Vulnerabilities

Advanced Ads Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Ad Widget – CVE-2024-3952 | WordPress Plugin Vulnerability Report

May 7, 2024

Posted in Vulnerabilities, Security

Plugin Name: Advanced Ads Key Information: Software Type: Plugin Software Slug: advanced-ads Software Status: Active Software Author: monetizemore Software Downloads:…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - AI Engine Vulnerability - Authenticated (Editor+) Arbitrary File Upload - CVE-2024-34440 | WordPress Plugin Vulnerability Report - Vulnerabilities

AI Engine Vulnerability – Authenticated (Editor+) Arbitrary File Upload – CVE-2024-34440 | WordPress Plugin Vulnerability Report

May 7, 2024

Posted in Vulnerabilities, Security

Plugin Name: AI Engine Key Information: Software Type: Plugin Software Slug: ai-engine Software Status: Active Software Author: tigroumeow Software Downloads:…

Read about this Latest WordPress Vulnerability

TranslatePress Vulnerability – Cross-Site Request Forgery – CVE-2024-34827 | WordPress Plugin Vulnerability Report

Unyson Vulnerability – Cross-Site Request Forgery – CVE-2024-34814 | WordPress Plugin Vulnerability Report

Pods Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Pod Form Redirect URL – CVE-2024-3956 | WordPress Plugin Vulnerability Report

White Label CMS Vulnerability – Missing Authorization to Plugin Settings Reset – CVE-2024-4280 | WordPress Plugin Vulnerability Report

Prime Slider Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-4339 | WordPress Plugin Vulnerability Report

Form Maker by 10Web Vulnerability – Authenticated (Administrator+) Stored Cross-Site Scripting – CVE-2024-34437 | WordPress Plugin Vulnerability Report

WP Job Manager Vulnerability – Unauthenticated Information Exposure – CVE-2024-34549 | WordPress Plugin Vulnerability Report

Mesmerize Companion Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via mesmerize_contact_form Shortcode – CVE-2024-3494 | WordPress Plugin Vulnerability Report

XML Sitemap & Google News Vulnerability – Unauthenticated Local File Inclusion – CVE-2024-4441 | WordPress Plugin Vulnerability Report

One Click Demo Import Vulnerability – Authenticated (Admin+) PHP Object Injection – CVE-2024-34433 | WordPress Plugin Vulnerability Report

Advanced Ads Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Ad Widget – CVE-2024-3952 | WordPress Plugin Vulnerability Report

AI Engine Vulnerability – Authenticated (Editor+) Arbitrary File Upload – CVE-2024-34440 | WordPress Plugin Vulnerability Report

Recent Blog Posts

Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App Vulnerability – Missing Authorization to Account Takeover via Unauthenticated Email Log Disclosure – CVE: NA | WordPress Plugin Vulnerability Report

SiteSEO – SEO Simplified Vulnerability – Missing Authorization to Authenticated (Author+) Plugin Settings Update – CVE-2025-12367 | WordPress Plugin Vulnerability Report

Qi Blocks Vulnerability – Missing Authorization to Authenticated (Contributor+) Plugin Settings Update – CVE-2025-12180 | WordPress Plugin Vulnerability Report

Additional Resources

About Your WP Guy