WordPress Vulnerability Daily Update

WP Plugin Vulnerabilities Image - Qi Addons For Elementor Vulnerability - Authenticated Stored Cross-Site Scripting via Countdown Widget - CVE-2024-3309 | WordPress Plugin Vulnerability Report - Vulnerabilities

Qi Addons For Elementor Vulnerability – Authenticated Stored Cross-Site Scripting via Countdown Widget – CVE-2024-3309 | WordPress Plugin Vulnerability Report

April 26, 2024

Plugin Name: Qi Addons For Elementor Key Information: Software Type: Plugin Software Slug: qi-addons-for-elementor Software Status: Active Software Author: qodeinteractive…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Spectra Vulnerability – WordPress Gutenberg Blocks - Authenticated Path Traversal - CVE-2024-3107 | WordPress Plugin Vulnerability Report - Vulnerabilities

Spectra Vulnerability – WordPress Gutenberg Blocks – Authenticated Path Traversal – CVE-2024-3107 | WordPress Plugin Vulnerability Report

April 26, 2024

Posted in Vulnerabilities, Security

Plugin Name: Spectra – WordPress Gutenberg Blocks Key Information: Software Type: Plugin Software Slug: ultimate-addons-for-gutenberg Software Status: Active Software Author:…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Timetable and Event Schedule by MotoPress Vulnerability - Authenticated SQL Injection - CVE-2024-3342 | WordPress Plugin Vulnerability Report - Vulnerabilities

Timetable and Event Schedule by MotoPress Vulnerability – Authenticated SQL Injection – CVE-2024-3342 | WordPress Plugin Vulnerability Report

April 26, 2024

Posted in Vulnerabilities, Security

Plugin Name: Timetable and Event Schedule by MotoPress Key Information: Software Type: Plugin Software Slug: mp-timetable Software Status: Active Software…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Tutor LMS Vulnerability – eLearning and online course solution - Missing Authorization to Unauthenticated Limited Options Update - CVE-2024-3553 | WordPress Plugin Vulnerability Report - Vulnerabilities

Tutor LMS Vulnerability – eLearning and online course solution – Missing Authorization to Unauthenticated Limited Options Update – CVE-2024-3553 | WordPress Plugin Vulnerability Report

April 26, 2024

Posted in Vulnerabilities, Security

Plugin Name: Tutor LMS – eLearning and online course solution Key Information: Software Type: Plugin Software Slug: tutor Software Status:…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - WP ULike Vulnerability– Most Advanced WordPress Marketing Toolkit - Multiple Vulnerabilities - Multiple CVEs | WordPress Plugin Vulnerability Report - Vulnerabilities

WP ULike Vulnerability– Most Advanced WordPress Marketing Toolkit – Multiple Vulnerabilities – Multiple CVEs | WordPress Plugin Vulnerability Report

April 26, 2024

Posted in Vulnerabilities, Security

Plugin Name: WP ULike – Most Advanced WordPress Marketing Toolkit Key Information: Software Type: Plugin Software Slug: wp-ulike Software Status:…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - BackUpWordPress Vulnerability - Authenticated (Admin+) Directory Traversal - CVE-2024-3034 | WordPress Plugin Vulnerability Report - Vulnerabilities

BackUpWordPress Vulnerability – Authenticated (Admin+) Directory Traversal – CVE-2024-3034 | WordPress Plugin Vulnerability Report

April 26, 2024

Posted in Vulnerabilities, Security

Plugin Name: BackUpWordPress Key Information: Software Type: Plugin Software Slug: backupwordpress Software Status: Active Software Author: willmot Software Downloads: 4,796,104…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Contact Form 7 Database Addon Vulnerability – CFDB7 - Unauthenticated Sensitive Information Exposure - CVE-2024-3870 | WordPress Plugin Vulnerability Report - Vulnerabilities

Contact Form 7 Database Addon Vulnerability – CFDB7 – Unauthenticated Sensitive Information Exposure – CVE-2024-3870 | WordPress Plugin Vulnerability Report

April 26, 2024

Posted in Vulnerabilities, Security

Plugin Name: Contact Form 7 Database Addon – CFDB7 Key Information: Software Type: Plugin Software Slug: contact-form-cfdb7 Software Status: Active…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Cornerstone Vulnerability - Reflected Cross-Site Scripting - CVE-2024-28002 | WordPress Plugin Vulnerability Report - Vulnerabilities

Cornerstone Vulnerability – Reflected Cross-Site Scripting – CVE-2024-28002 | WordPress Plugin Vulnerability Report

April 26, 2024

Posted in Vulnerabilities, Security

Plugin Name: Cornerstone Key Information: Software Type: Plugin Software Slug: cornerstone Software Status: Active Software Author: archetyped Software Downloads: 57,853…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - FameTheme Demo Importer Vulnerability - Cross-Site Request Forgery - CVE-2024-33679 | WordPress Plugin Vulnerability Report - Vulnerabilities

FameTheme Demo Importer Vulnerability – Cross-Site Request Forgery – CVE-2024-33679 | WordPress Plugin Vulnerability Report

April 26, 2024

Posted in Vulnerabilities, Security

Plugin Name: FameTheme Demo Importer Key Information: Software Type: Plugin Software Slug: famethemes-demo-importer Software Status: Active Software Author: famethemes Software…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Form Maker by 10Web Vulnerability – Mobile-Friendly Drag & Drop Contact Form Builder - Authenticated Stored Self-Based Cross-Site Scripting - CVE-2024-2258 | WordPress Plugin Vulnerability Report - Vulnerabilities

Form Maker by 10Web Vulnerability – Mobile-Friendly Drag & Drop Contact Form Builder – Authenticated Stored Self-Based Cross-Site Scripting – CVE-2024-2258 | WordPress Plugin Vulnerability Report

April 26, 2024

Posted in Vulnerabilities, Security

Plugin Name: Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder Key Information: Software Type: Plugin Software…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Getwid Vulnerability – Gutenberg Blocks - Authenticated DOM-Based Stored Cross-Site Scripting via 'Countdown' - CVE-2024-3588 | WordPress Plugin Vulnerability Report - Vulnerabilities

Getwid Vulnerability – Gutenberg Blocks – Authenticated DOM-Based Stored Cross-Site Scripting via ‘Countdown’ – CVE-2024-3588 | WordPress Plugin Vulnerability Report

April 26, 2024

Posted in Vulnerabilities, Security

Plugin Name: Getwid – Gutenberg Blocks Key Information: Software Type: Plugin Software Slug: getwid Software Status: Active Software Author: jetmonsters…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - GiveWP Vulnerability – Donation Plugin and Fundraising Platform - Authenticated PHP Object Injection - CVE-2024-30229 | WordPress Plugin Vulnerability Report - Vulnerabilities

GiveWP Vulnerability – Donation Plugin and Fundraising Platform – Authenticated PHP Object Injection – CVE-2024-30229 | WordPress Plugin Vulnerability Report

April 26, 2024

Posted in Vulnerabilities, Security

Plugin Name: GiveWP – Donation Plugin and Fundraising Platform Key Information: Software Type: Plugin Software Slug: give Software Status: Active…

Read about this Latest WordPress Vulnerability

Qi Addons For Elementor Vulnerability – Authenticated Stored Cross-Site Scripting via Countdown Widget – CVE-2024-3309 | WordPress Plugin Vulnerability Report

Spectra Vulnerability – WordPress Gutenberg Blocks – Authenticated Path Traversal – CVE-2024-3107 | WordPress Plugin Vulnerability Report

Timetable and Event Schedule by MotoPress Vulnerability – Authenticated SQL Injection – CVE-2024-3342 | WordPress Plugin Vulnerability Report

Tutor LMS Vulnerability – eLearning and online course solution – Missing Authorization to Unauthenticated Limited Options Update – CVE-2024-3553 | WordPress Plugin Vulnerability Report

WP ULike Vulnerability– Most Advanced WordPress Marketing Toolkit – Multiple Vulnerabilities – Multiple CVEs | WordPress Plugin Vulnerability Report

BackUpWordPress Vulnerability – Authenticated (Admin+) Directory Traversal – CVE-2024-3034 | WordPress Plugin Vulnerability Report

Contact Form 7 Database Addon Vulnerability – CFDB7 – Unauthenticated Sensitive Information Exposure – CVE-2024-3870 | WordPress Plugin Vulnerability Report

Cornerstone Vulnerability – Reflected Cross-Site Scripting – CVE-2024-28002 | WordPress Plugin Vulnerability Report

FameTheme Demo Importer Vulnerability – Cross-Site Request Forgery – CVE-2024-33679 | WordPress Plugin Vulnerability Report

Form Maker by 10Web Vulnerability – Mobile-Friendly Drag & Drop Contact Form Builder – Authenticated Stored Self-Based Cross-Site Scripting – CVE-2024-2258 | WordPress Plugin Vulnerability Report

Getwid Vulnerability – Gutenberg Blocks – Authenticated DOM-Based Stored Cross-Site Scripting via ‘Countdown’ – CVE-2024-3588 | WordPress Plugin Vulnerability Report

GiveWP Vulnerability – Donation Plugin and Fundraising Platform – Authenticated PHP Object Injection – CVE-2024-30229 | WordPress Plugin Vulnerability Report

Recent Blog Posts

Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App Vulnerability – Missing Authorization to Account Takeover via Unauthenticated Email Log Disclosure – CVE: NA | WordPress Plugin Vulnerability Report

SiteSEO – SEO Simplified Vulnerability – Missing Authorization to Authenticated (Author+) Plugin Settings Update – CVE-2025-12367 | WordPress Plugin Vulnerability Report

Qi Blocks Vulnerability – Missing Authorization to Authenticated (Contributor+) Plugin Settings Update – CVE-2025-12180 | WordPress Plugin Vulnerability Report

Additional Resources

About Your WP Guy