WordPress Vulnerability Daily Update

WP Plugin Vulnerabilities Image - Custom Field Suite Vulnerability - Authenticated (Admin+) Stored Cross-Site Scripting - CVE-2024-3068 | WordPress Plugin Vulnerability Report - Vulnerabilities

Custom Field Suite Vulnerability – Authenticated (Admin+) Stored Cross-Site Scripting – CVE-2024-3068 | WordPress Plugin Vulnerability Report

May 7, 2024

Plugin Name: Custom Field Suite Key Information: Software Type: Plugin Software Slug: custom-field-suite Software Status: Active Software Author: mgibbs189 Software…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Content Views Vulnerability - Authenticated (Contributor+) Stored Cross-Site Scripting via pagingType Parameter - CVE-2024-4446 | WordPress Plugin Vulnerability Report - Vulnerabilities

Content Views Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via pagingType Parameter – CVE-2024-4446 | WordPress Plugin Vulnerability Report

May 6, 2024

Posted in Vulnerabilities, Security

Plugin Name: Content Views Key Information: Software Type: Plugin Software Slug: content-views-query-and-display-post-page Software Status: Active Software Author: pt-guy Software Downloads:…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Image Hover Effects Vulnerability - Authenticated(Contributor+) DOM-based Stored Cross-Site Scripting via Image Hover Effects Widget - CVE-2024-1166 | WordPress Plugin Vulnerability Report - Vulnerabilities

Image Hover Effects Vulnerability – Authenticated(Contributor+) DOM-based Stored Cross-Site Scripting via Image Hover Effects Widget – CVE-2024-1166 | WordPress Plugin Vulnerability Report

May 6, 2024

Posted in Vulnerabilities, Security

Plugin Name: Image Hover Effects Key Information: Software Type: Plugin Software Slug: image-hover-effects-addon-for-elementor Software Status: Active Software Author: blocksera Software…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - The Plus Addons for Elementor Vulnerability - Authenticated (Contributor+) Stored Cross-Site Scripting - CVE-2024-0445, CVE-2024-2785 | WordPress Plugin Vulnerability Report - Vulnerabilities

The Plus Addons for Elementor Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-0445, CVE-2024-2785 | WordPress Plugin Vulnerability Report

May 6, 2024

Posted in Vulnerabilities, Security

Plugin Name: The Plus Addons for Elementor Key Information: Software Type: Plugin Software Slug: the-plus-addons-for-elementor-page-builder Software Status: Active Software Author:…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Booster for WooCommerce Vulnerability - Unauthenticated Arbitrary Shortcode Execution - CVE-2024-3957 | WordPress Plugin Vulnerability Report - Vulnerabilities

Booster for WooCommerce Vulnerability – Unauthenticated Arbitrary Shortcode Execution – CVE-2024-3957 | WordPress Plugin Vulnerability Report

May 1, 2024

Posted in Vulnerabilities, Security

Plugin Name: Booster for WooCommerce Key Information: Software Type: Plugin Software Slug: woocommerce-jetpack Software Status: Active Software Author: pluggabl Software…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - 3D FlipBook Vulnerability - Authenticated (Author+) Stored Cross-Site Scripting via Bookmark URL - CVE-2024-3883 | WordPress Plugin Vulnerability Report - Vulnerabilities

3D FlipBook Vulnerability – Authenticated (Author+) Stored Cross-Site Scripting via Bookmark URL – CVE-2024-3883 | WordPress Plugin Vulnerability Report

May 1, 2024

Posted in Vulnerabilities, Security

Plugin Name: 3D FlipBook Key Information: Software Type: Plugin Software Slug: interactive-3d-flipbook-powered-physics-engine Software Status: Active Software Author: iberezansky Software Downloads:…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Contact Form by WPForms Vulnerability - Unauthenticated Price Manipulation - CVE-2024-3649 | WordPress Plugin Vulnerability Report - Vulnerabilities

Contact Form by WPForms Vulnerability – Unauthenticated Price Manipulation – CVE-2024-3649 | WordPress Plugin Vulnerability Report

May 1, 2024

Posted in Vulnerabilities, Security

Plugin Name: Contact Form by WPForms Key Information: Software Type: Plugin Software Slug: wpforms-lite Software Status: Active Software Author: smub…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Supreme Modules Lite Vulnerability - Authenticated (Contributor+) DOM-Based Cross-Site Scripting - CVE-2024-4334 | WordPress Plugin Vulnerability Report - Vulnerabilities

Supreme Modules Lite Vulnerability – Authenticated (Contributor+) DOM-Based Cross-Site Scripting – CVE-2024-4334 | WordPress Plugin Vulnerability Report

May 1, 2024

Posted in Vulnerabilities, Security

Plugin Name: Supreme Modules Lite Key Information: Software Type: Plugin Software Slug: supreme-modules-for-divi Software Status: Active Software Author: divisupreme Software…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - WordPress Plugin Vulnerability Report - WP Recipe Maker - Authenticated (Contributor+) Stored Cross-Site Scripting via wprm-recipe-roundup-item Shortcode - CVE-2024-3490 | WordPress Vulnerability Report - Vulnerabilities

WordPress Plugin Vulnerability Report – WP Recipe Maker – Authenticated (Contributor+) Stored Cross-Site Scripting via wprm-recipe-roundup-item Shortcode – CVE-2024-3490 | WordPress Vulnerability Report

May 1, 2024

Posted in Vulnerabilities, Security

Plugin Name: WP Recipe Maker Key Information: Software Type: Plugin Software Slug: wp-recipe-maker Software Status: Active Software Author: brechtvds Software…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - ElementsKit Elementor addons and Templates Library Vulnerability - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Accordion Widget - CVE-2024-3650 | WordPress Plugin Vulnerability Report - Vulnerabilities

ElementsKit Elementor addons and Templates Library Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Image Accordion Widget – CVE-2024-3650 | WordPress Plugin Vulnerability Report

April 30, 2024

Posted in Vulnerabilities, Security

Plugin Name: ElementsKit Elementor addons and Templates Library Key Information: Software Type: Plugin Software Slug: elementskit-lite Software Status: Active Software…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - The Post Grid Vulnerability – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid - Missing Authorization - CVE-2024-3936 | WordPress Plugin Vulnerability Report - Vulnerabilities

The Post Grid Vulnerability – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid – Missing Authorization – CVE-2024-3936 | WordPress Plugin Vulnerability Report

April 30, 2024

Posted in Vulnerabilities, Security

Plugin Name: The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid Key Information: Software Type: Plugin…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Jeg Elementor Kit Vulnerability - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget - CVE-2024-3161 | WordPress Plugin Vulnerability Report - Vulnerabilities

Jeg Elementor Kit Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget – CVE-2024-3161 | WordPress Plugin Vulnerability Report

April 29, 2024

Posted in Vulnerabilities, Security

Plugin Name: Jeg Elementor Kit Key Information: Software Type: Plugin Software Slug: jeg-elementor-kit Software Status: Active Software Author: jegtheme Software…

Read about this Latest WordPress Vulnerability

Custom Field Suite Vulnerability – Authenticated (Admin+) Stored Cross-Site Scripting – CVE-2024-3068 | WordPress Plugin Vulnerability Report

Content Views Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via pagingType Parameter – CVE-2024-4446 | WordPress Plugin Vulnerability Report

Image Hover Effects Vulnerability – Authenticated(Contributor+) DOM-based Stored Cross-Site Scripting via Image Hover Effects Widget – CVE-2024-1166 | WordPress Plugin Vulnerability Report

The Plus Addons for Elementor Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-0445, CVE-2024-2785 | WordPress Plugin Vulnerability Report

Booster for WooCommerce Vulnerability – Unauthenticated Arbitrary Shortcode Execution – CVE-2024-3957 | WordPress Plugin Vulnerability Report

3D FlipBook Vulnerability – Authenticated (Author+) Stored Cross-Site Scripting via Bookmark URL – CVE-2024-3883 | WordPress Plugin Vulnerability Report

Contact Form by WPForms Vulnerability – Unauthenticated Price Manipulation – CVE-2024-3649 | WordPress Plugin Vulnerability Report

Supreme Modules Lite Vulnerability – Authenticated (Contributor+) DOM-Based Cross-Site Scripting – CVE-2024-4334 | WordPress Plugin Vulnerability Report

WordPress Plugin Vulnerability Report – WP Recipe Maker – Authenticated (Contributor+) Stored Cross-Site Scripting via wprm-recipe-roundup-item Shortcode – CVE-2024-3490 | WordPress Vulnerability Report

ElementsKit Elementor addons and Templates Library Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Image Accordion Widget – CVE-2024-3650 | WordPress Plugin Vulnerability Report

The Post Grid Vulnerability – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid – Missing Authorization – CVE-2024-3936 | WordPress Plugin Vulnerability Report

Jeg Elementor Kit Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget – CVE-2024-3161 | WordPress Plugin Vulnerability Report

Recent Blog Posts

Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App Vulnerability – Missing Authorization to Account Takeover via Unauthenticated Email Log Disclosure – CVE: NA | WordPress Plugin Vulnerability Report

SiteSEO – SEO Simplified Vulnerability – Missing Authorization to Authenticated (Author+) Plugin Settings Update – CVE-2025-12367 | WordPress Plugin Vulnerability Report

Qi Blocks Vulnerability – Missing Authorization to Authenticated (Contributor+) Plugin Settings Update – CVE-2025-12180 | WordPress Plugin Vulnerability Report

Additional Resources

About Your WP Guy