WordPress Vulnerability Daily Update

Tutor LMS Vulnerability – eLearning and online course solution – Missing Authorization to Unauthenticated Limited Options Update – CVE-2024-3553 | WordPress Plugin Vulnerability Report

April 26, 2024

Plugin Name: Tutor LMS – eLearning and online course solution Key Information: Software Type: Plugin Software Slug: tutor Software Status:…

Read about this Latest WordPress Vulnerability

WP ULike Vulnerability– Most Advanced WordPress Marketing Toolkit – Multiple Vulnerabilities – Multiple CVEs | WordPress Plugin Vulnerability Report

April 26, 2024

Posted in Security, Vulnerabilities

Plugin Name: WP ULike – Most Advanced WordPress Marketing Toolkit Key Information: Software Type: Plugin Software Slug: wp-ulike Software Status:…

Read about this Latest WordPress Vulnerability

BackUpWordPress Vulnerability – Authenticated (Admin+) Directory Traversal – CVE-2024-3034 | WordPress Plugin Vulnerability Report

April 26, 2024

Posted in Security, Vulnerabilities

Plugin Name: BackUpWordPress Key Information: Software Type: Plugin Software Slug: backupwordpress Software Status: Active Software Author: willmot Software Downloads: 4,796,104…

Read about this Latest WordPress Vulnerability

Contact Form 7 Database Addon Vulnerability – CFDB7 – Unauthenticated Sensitive Information Exposure – CVE-2024-3870 | WordPress Plugin Vulnerability Report

April 26, 2024

Posted in Security, Vulnerabilities

Plugin Name: Contact Form 7 Database Addon – CFDB7 Key Information: Software Type: Plugin Software Slug: contact-form-cfdb7 Software Status: Active…

Read about this Latest WordPress Vulnerability

Cornerstone Vulnerability – Reflected Cross-Site Scripting – CVE-2024-28002 | WordPress Plugin Vulnerability Report

April 26, 2024

Posted in Security, Vulnerabilities

Plugin Name: Cornerstone Key Information: Software Type: Plugin Software Slug: cornerstone Software Status: Active Software Author: archetyped Software Downloads: 57,853…

Read about this Latest WordPress Vulnerability

FameTheme Demo Importer Vulnerability – Cross-Site Request Forgery – CVE-2024-33679 | WordPress Plugin Vulnerability Report

April 26, 2024

Posted in Security, Vulnerabilities

Plugin Name: FameTheme Demo Importer Key Information: Software Type: Plugin Software Slug: famethemes-demo-importer Software Status: Active Software Author: famethemes Software…

Read about this Latest WordPress Vulnerability

Form Maker by 10Web Vulnerability – Mobile-Friendly Drag & Drop Contact Form Builder – Authenticated Stored Self-Based Cross-Site Scripting – CVE-2024-2258 | WordPress Plugin Vulnerability Report

April 26, 2024

Posted in Security, Vulnerabilities

Plugin Name: Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder Key Information: Software Type: Plugin Software…

Read about this Latest WordPress Vulnerability

Getwid Vulnerability – Gutenberg Blocks – Authenticated DOM-Based Stored Cross-Site Scripting via ‘Countdown’ – CVE-2024-3588 | WordPress Plugin Vulnerability Report

April 26, 2024

Posted in Security, Vulnerabilities

Plugin Name: Getwid – Gutenberg Blocks Key Information: Software Type: Plugin Software Slug: getwid Software Status: Active Software Author: jetmonsters…

Read about this Latest WordPress Vulnerability

GiveWP Vulnerability – Donation Plugin and Fundraising Platform – Authenticated PHP Object Injection – CVE-2024-30229 | WordPress Plugin Vulnerability Report

April 26, 2024

Posted in Security, Vulnerabilities

Plugin Name: GiveWP – Donation Plugin and Fundraising Platform Key Information: Software Type: Plugin Software Slug: give Software Status: Active…

Read about this Latest WordPress Vulnerability

Hide Dashboard Notifications Vulnerability – Cross-Site Request Forgery – CVE-2024-33683 | WordPress Plugin Vulnerability Report

April 26, 2024

Posted in Security, Vulnerabilities

Plugin Name: Hide Dashboard Notifications Key Information: Software Type: Plugin Software Slug: wp-hide-backed-notices Software Status: Active Software Author: wprepublic Software…

Read about this Latest WordPress Vulnerability

Happy Addons for Elementor Vulnerability – Authenticated Stored Cross-Site Scripting via Calendly Widget – CVE-2024-3890 | WordPress Plugin Vulnerability Report

April 25, 2024

Posted in Security, Vulnerabilities

Plugin Name: Happy Addons for Elementor Key Information: Software Type: Plugin Software Slug: happy-elementor-addons Software Status: Active Software Author: thehappymonster…

Read about this Latest WordPress Vulnerability

The Plus Addons for Elementor Vulnerability – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce – Authenticated Stored Cross-Site Scripting – CVE-2024-3197, CVE-2024-3199 | WordPress Plugin Vulnerability Report

April 25, 2024

Posted in Security, Vulnerabilities

Plugin Name: The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce Key Information: Software Type:…

Read about this Latest WordPress Vulnerability

Tutor LMS Vulnerability – eLearning and online course solution – Missing Authorization to Unauthenticated Limited Options Update – CVE-2024-3553 | WordPress Plugin Vulnerability Report

WP ULike Vulnerability– Most Advanced WordPress Marketing Toolkit – Multiple Vulnerabilities – Multiple CVEs | WordPress Plugin Vulnerability Report

BackUpWordPress Vulnerability – Authenticated (Admin+) Directory Traversal – CVE-2024-3034 | WordPress Plugin Vulnerability Report

Contact Form 7 Database Addon Vulnerability – CFDB7 – Unauthenticated Sensitive Information Exposure – CVE-2024-3870 | WordPress Plugin Vulnerability Report

Cornerstone Vulnerability – Reflected Cross-Site Scripting – CVE-2024-28002 | WordPress Plugin Vulnerability Report

FameTheme Demo Importer Vulnerability – Cross-Site Request Forgery – CVE-2024-33679 | WordPress Plugin Vulnerability Report

Form Maker by 10Web Vulnerability – Mobile-Friendly Drag & Drop Contact Form Builder – Authenticated Stored Self-Based Cross-Site Scripting – CVE-2024-2258 | WordPress Plugin Vulnerability Report

Getwid Vulnerability – Gutenberg Blocks – Authenticated DOM-Based Stored Cross-Site Scripting via ‘Countdown’ – CVE-2024-3588 | WordPress Plugin Vulnerability Report

GiveWP Vulnerability – Donation Plugin and Fundraising Platform – Authenticated PHP Object Injection – CVE-2024-30229 | WordPress Plugin Vulnerability Report

Hide Dashboard Notifications Vulnerability – Cross-Site Request Forgery – CVE-2024-33683 | WordPress Plugin Vulnerability Report

Happy Addons for Elementor Vulnerability – Authenticated Stored Cross-Site Scripting via Calendly Widget – CVE-2024-3890 | WordPress Plugin Vulnerability Report

The Plus Addons for Elementor Vulnerability – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce – Authenticated Stored Cross-Site Scripting – CVE-2024-3197, CVE-2024-3199 | WordPress Plugin Vulnerability Report

Recent Blog Posts

LiteSpeed Cache Vulnerability – Unauthenticated Sensitive Information Exposure via Log Files – CVE-2024-44000 | WordPress Plugin Vulnerability Report

Elementor Addon Elements Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Parameters – CVE-2024-4401, CVE-2024-7122 | WordPress Plugin Vulnerability Report

The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid Vulnerability – Authenticated (Contributor+) Information Disclosure – CVE-2024-7418 | WordPress Plugin Vulnerability Report

Additional Resources

About Your WP Guy