WordPress Vulnerability Daily Update

Exclusive Addons for Elementor Vulnerability – Missing Authorization to Post Duplication – CVE-2024-33914 | WordPress Plugin Vulnerability Report

April 29, 2024

Plugin Name: Exclusive Addons for Elementor Key Information: Software Type: Plugin Software Slug: exclusive-addons-for-elementor Software Status: Active Software Author: timstrifler…

Read about this Latest WordPress Vulnerability

MailerLite Vulnerability – Signup forms (official) – Multiple Vulnerabilities – CVE-2024-2797, CVE-2024-1386 | WordPress Plugin Vulnerability Report

April 29, 2024

Posted in Security, Vulnerabilities

Plugin Name: MailerLite – Signup forms (official) Key Information: Software Type: Plugin Software Slug: official-mailerlite-sign-up-forms Software Status: Active Software Author:…

Read about this Latest WordPress Vulnerability

Media Cleaner: Clean your WordPress! Vulnerability – Unauthenticated Information Exposure – CVE-2024-33922 | WordPress Plugin Vulnerability Report

April 29, 2024

Posted in Security, Vulnerabilities

Plugin Name: Media Cleaner: Clean your WordPress! Key Information: Software Type: Plugin Software Slug: media-cleaner Software Status: Active Software Author:…

Read about this Latest WordPress Vulnerability

Premium Addons for Elementor Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-4203 | WordPress Plugin Vulnerability Report

April 29, 2024

Posted in Security, Vulnerabilities

Plugin Name: Premium Addons for Elementor Key Information: Software Type: Plugin Software Slug: premium-addons-for-elementor Software Status: Active Software Author: leap13…

Read about this Latest WordPress Vulnerability

WP Shortcodes Plugin Vulnerability — Shortcodes Ultimate – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2024-3550 | WordPress Plugin Vulnerability Report

April 29, 2024

Posted in Security, Vulnerabilities

Plugin Name: WP Shortcodes Plugin – Shortcodes Ultimate Key Information: Software Type: Plugin Software Slug: shortcodes-ultimate Software Status: Active Software…

Read about this Latest WordPress Vulnerability

MainWP Child Reports Vulnerability – Cross-Site Request Forgery – CVE-2024-33680 | WordPress Plugin Vulnerability Report

April 26, 2024

Posted in Security, Vulnerabilities

Plugin Name: MainWP Child Reports Key Information: Software Type: Plugin Software Slug: mainwp-child-reports Software Status: Active Software Author: mainwp Software…

Read about this Latest WordPress Vulnerability

NextGEN Gallery Vulnerability – Authenticated Stored Cross-Site Scripting – CVE-2024-2744 | WordPress Plugin Vulnerability Report

April 26, 2024

Posted in Security, Vulnerabilities

Plugin Name: NextGEN Gallery – Create an Amazing Photo Gallery in Seconds Key Information: Software Type: Plugin Software Slug: nextgen-gallery…

Read about this Latest WordPress Vulnerability

Popup Builder by OptinMonster Vulnerability – WordPress Popups for Optins, Email Newsletters and Lead Generation – Cross-Site Request Forgery to Notice Dismissal – CVE-2024-33691 | WordPress Plugin Vulnerability Report

April 26, 2024

Posted in Security, Vulnerabilities

Plugin Name: Popup Builder by OptinMonster – WordPress Popups for Optins, Email Newsletters and Lead Generation Key Information: Software Type:…

Read about this Latest WordPress Vulnerability

Print Invoice & Delivery Notes for WooCommerce Vulnerability – Missing Authorization to Notice Dismissal – CVE-2024-4233 | WordPress Plugin Vulnerability Report

April 26, 2024

Posted in Security, Vulnerabilities

Plugin Name: Print Invoice & Delivery Notes for WooCommerce Key Information: Software Type: Plugin Software Slug: woocommerce-delivery-notes Software Status: Active…

Read about this Latest WordPress Vulnerability

Qi Addons For Elementor Vulnerability – Authenticated Stored Cross-Site Scripting via Countdown Widget – CVE-2024-3309 | WordPress Plugin Vulnerability Report

April 26, 2024

Posted in Security, Vulnerabilities

Plugin Name: Qi Addons For Elementor Key Information: Software Type: Plugin Software Slug: qi-addons-for-elementor Software Status: Active Software Author: qodeinteractive…

Read about this Latest WordPress Vulnerability

Spectra Vulnerability – WordPress Gutenberg Blocks – Authenticated Path Traversal – CVE-2024-3107 | WordPress Plugin Vulnerability Report

April 26, 2024

Posted in Security, Vulnerabilities

Plugin Name: Spectra – WordPress Gutenberg Blocks Key Information: Software Type: Plugin Software Slug: ultimate-addons-for-gutenberg Software Status: Active Software Author:…

Read about this Latest WordPress Vulnerability

Timetable and Event Schedule by MotoPress Vulnerability – Authenticated SQL Injection – CVE-2024-3342 | WordPress Plugin Vulnerability Report

April 26, 2024

Posted in Security, Vulnerabilities

Plugin Name: Timetable and Event Schedule by MotoPress Key Information: Software Type: Plugin Software Slug: mp-timetable Software Status: Active Software…

Read about this Latest WordPress Vulnerability

Exclusive Addons for Elementor Vulnerability – Missing Authorization to Post Duplication – CVE-2024-33914 | WordPress Plugin Vulnerability Report

MailerLite Vulnerability – Signup forms (official) – Multiple Vulnerabilities – CVE-2024-2797, CVE-2024-1386 | WordPress Plugin Vulnerability Report

Media Cleaner: Clean your WordPress! Vulnerability – Unauthenticated Information Exposure – CVE-2024-33922 | WordPress Plugin Vulnerability Report

Premium Addons for Elementor Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-4203 | WordPress Plugin Vulnerability Report

WP Shortcodes Plugin Vulnerability — Shortcodes Ultimate – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2024-3550 | WordPress Plugin Vulnerability Report

MainWP Child Reports Vulnerability – Cross-Site Request Forgery – CVE-2024-33680 | WordPress Plugin Vulnerability Report

NextGEN Gallery Vulnerability – Authenticated Stored Cross-Site Scripting – CVE-2024-2744 | WordPress Plugin Vulnerability Report

Popup Builder by OptinMonster Vulnerability – WordPress Popups for Optins, Email Newsletters and Lead Generation – Cross-Site Request Forgery to Notice Dismissal – CVE-2024-33691 | WordPress Plugin Vulnerability Report

Print Invoice & Delivery Notes for WooCommerce Vulnerability – Missing Authorization to Notice Dismissal – CVE-2024-4233 | WordPress Plugin Vulnerability Report

Qi Addons For Elementor Vulnerability – Authenticated Stored Cross-Site Scripting via Countdown Widget – CVE-2024-3309 | WordPress Plugin Vulnerability Report

Spectra Vulnerability – WordPress Gutenberg Blocks – Authenticated Path Traversal – CVE-2024-3107 | WordPress Plugin Vulnerability Report

Timetable and Event Schedule by MotoPress Vulnerability – Authenticated SQL Injection – CVE-2024-3342 | WordPress Plugin Vulnerability Report

Recent Blog Posts

LiteSpeed Cache Vulnerability – Unauthenticated Sensitive Information Exposure via Log Files – CVE-2024-44000 | WordPress Plugin Vulnerability Report

Elementor Addon Elements Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Parameters – CVE-2024-4401, CVE-2024-7122 | WordPress Plugin Vulnerability Report

The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid Vulnerability – Authenticated (Contributor+) Information Disclosure – CVE-2024-7418 | WordPress Plugin Vulnerability Report

Additional Resources

About Your WP Guy