WordPress Vulnerability Daily Update

WP Plugin Vulnerabilities Image - Hide Dashboard Notifications Vulnerability - Cross-Site Request Forgery - CVE-2024-33683 | WordPress Plugin Vulnerability Report - Vulnerabilities

Hide Dashboard Notifications Vulnerability – Cross-Site Request Forgery – CVE-2024-33683 | WordPress Plugin Vulnerability Report

April 26, 2024

Plugin Name: Hide Dashboard Notifications Key Information: Software Type: Plugin Software Slug: wp-hide-backed-notices Software Status: Active Software Author: wprepublic Software…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Happy Addons for Elementor Vulnerability - Authenticated Stored Cross-Site Scripting via Calendly Widget - CVE-2024-3890 | WordPress Plugin Vulnerability Report - Vulnerabilities

Happy Addons for Elementor Vulnerability – Authenticated Stored Cross-Site Scripting via Calendly Widget – CVE-2024-3890 | WordPress Plugin Vulnerability Report

April 25, 2024

Posted in Vulnerabilities, Security

Plugin Name: Happy Addons for Elementor Key Information: Software Type: Plugin Software Slug: happy-elementor-addons Software Status: Active Software Author: thehappymonster…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - The Plus Addons for Elementor Vulnerability – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce - Authenticated Stored Cross-Site Scripting - CVE-2024-3197, CVE-2024-3199 | WordPress Plugin Vulnerability Report - Vulnerabilities

The Plus Addons for Elementor Vulnerability – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce – Authenticated Stored Cross-Site Scripting – CVE-2024-3197, CVE-2024-3199 | WordPress Plugin Vulnerability Report

April 25, 2024

Posted in Vulnerabilities, Security

Plugin Name: The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce Key Information: Software Type:…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - FOX – Currency Switcher Professional for WooCommerce Vulnerability - Unauthenticated Arbitrary Shortcode Execution - CVE-2024-3734 |WordPress Plugin Vulnerability Report - Vulnerabilities

FOX – Currency Switcher Professional for WooCommerce Vulnerability – Unauthenticated Arbitrary Shortcode Execution – CVE-2024-3734 |WordPress Plugin Vulnerability Report

April 24, 2024

Posted in Vulnerabilities, Security

Plugin Name: FOX – Currency Switcher Professional for WooCommerce Key Information: Software Type: Plugin Software Slug: woocommerce-currency-switcher Software Status: Active…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - PDF Invoices & Packing Slips for WooCommerce Vulnerability - Multiple Vulnerabilities - CVE-2024-3045, CVE-2024-3047 | WordPress Plugin Vulnerability Report - Vulnerabilities

PDF Invoices & Packing Slips for WooCommerce Vulnerability – Multiple Vulnerabilities – CVE-2024-3045, CVE-2024-3047 | WordPress Plugin Vulnerability Report

April 24, 2024

Posted in Vulnerabilities, Security

Plugin Name: PDF Invoices & Packing Slips for WooCommerce Key Information: Software Type: Plugin Software Slug: woocommerce-pdf-invoices-packing-slips Software Status: Active…

Read about this Latest WordPress Vulnerability

Popup Box Vulnerability – Best WordPress Popup Plugin – Missing Authorization to Information Exposure – CVE-2024-3897 | WordPress Plugin Vulnerability Report

April 24, 2024

Posted in Vulnerabilities, Security

Plugin Name: Popup Box – Best WordPress Popup Plugin Key Information: Software Type: Plugin Software Slug: ays-popup-box Software Status: Active…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Premium Addons for Elementor Vulnerability - Authenticated (Contributor+) Stored Cross-Site Scripting via 'arrow_style' - CVE-2024-3647 | WordPress Plugin Vulnerability Report - Vulnerabilities

Premium Addons for Elementor Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via ‘arrow_style’ – CVE-2024-3647 | WordPress Plugin Vulnerability Report

April 24, 2024

Posted in Vulnerabilities, Security

Plugin Name: Premium Addons for Elementor Key Information: Software Type: Plugin Software Slug: premium-addons-for-elementor Software Status: Active Software Author: leap13…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Blog2Social: Social Media Auto Post & Scheduler Vulnerability - Information Exposure - CVE-2024-3678 | WordPress Plugin Vulnerability Report - Vulnerabilities

Blog2Social: Social Media Auto Post & Scheduler Vulnerability – Information Exposure – CVE-2024-3678 | WordPress Plugin Vulnerability Report

April 24, 2024

Posted in Vulnerabilities, Security

Plugin Name: Blog2Social: Social Media Auto Post & Scheduler Key Information: Software Type: Plugin Software Slug: blog2social Software Status: Active…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Simple Membership Vulnerability - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode - CVE-2024-3730 | WordPress Plugin Vulnerability Report - Vulnerabilities

Simple Membership Vulnerability – Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2024-3730 | WordPress Plugin Vulnerability Report

April 24, 2024

Posted in Vulnerabilities, Security

Plugin Name: Simple Membership Key Information: Software Type: Plugin Software Slug: simple-membership Software Status: Active Software Author: mra13 Software Downloads:…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) Vulnerability - Authenticated (Contributor+) Stored Cross-Site Scripting via Sina Fancy Text Widget - CVE-2024-3988 | WordPress Plugin Vulnerability Report - Vulnerabilities

Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Sina Fancy Text Widget – CVE-2024-3988 | WordPress Plugin Vulnerability Report

April 24, 2024

Posted in Vulnerabilities, Security

Plugin Name: Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates)…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - WP-Members Membership Plugin Vulnerability - Unprotected Storage of Potentially Sensitive Files - CVE-2024-2920 | WordPress Plugin Vulnerability Report - Vulnerabilities

WP-Members Membership Plugin Vulnerability – Unprotected Storage of Potentially Sensitive Files – CVE-2024-2920 | WordPress Plugin Vulnerability Report

April 24, 2024

Posted in Vulnerabilities, Security

Plugin Name: WP-Members Membership Plugin Key Information: Software Type: Plugin Software Slug: wp-members Software Status: Active Software Author: cbutlerjr Software…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Content Views - Post Grid & Filter, Recent Posts, Category Posts, & More (Gutenberg Blocks and Shortcode) Vulnerability - Authenticated (Contributor+) Stored Cross-Site Scripting via Widget Post Overlay - CVE-2024-3929 | WordPress Plugin Vulnerability Report - Vulnerabilities

Content Views – Post Grid & Filter, Recent Posts, Category Posts, & More (Gutenberg Blocks and Shortcode) Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Widget Post Overlay – CVE-2024-3929 | WordPress Plugin Vulnerability Report –

April 24, 2024

Posted in Vulnerabilities, Security

Plugin Name: Content Views – Post Grid & Filter, Recent Posts, Category Posts, & More (Gutenberg Blocks and Shortcode) Key…

Read about this Latest WordPress Vulnerability

Hide Dashboard Notifications Vulnerability – Cross-Site Request Forgery – CVE-2024-33683 | WordPress Plugin Vulnerability Report

Happy Addons for Elementor Vulnerability – Authenticated Stored Cross-Site Scripting via Calendly Widget – CVE-2024-3890 | WordPress Plugin Vulnerability Report

The Plus Addons for Elementor Vulnerability – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce – Authenticated Stored Cross-Site Scripting – CVE-2024-3197, CVE-2024-3199 | WordPress Plugin Vulnerability Report

FOX – Currency Switcher Professional for WooCommerce Vulnerability – Unauthenticated Arbitrary Shortcode Execution – CVE-2024-3734 |WordPress Plugin Vulnerability Report

PDF Invoices & Packing Slips for WooCommerce Vulnerability – Multiple Vulnerabilities – CVE-2024-3045, CVE-2024-3047 | WordPress Plugin Vulnerability Report

Premium Addons for Elementor Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via ‘arrow_style’ – CVE-2024-3647 | WordPress Plugin Vulnerability Report

Blog2Social: Social Media Auto Post & Scheduler Vulnerability – Information Exposure – CVE-2024-3678 | WordPress Plugin Vulnerability Report

Simple Membership Vulnerability – Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2024-3730 | WordPress Plugin Vulnerability Report

Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Sina Fancy Text Widget – CVE-2024-3988 | WordPress Plugin Vulnerability Report

WP-Members Membership Plugin Vulnerability – Unprotected Storage of Potentially Sensitive Files – CVE-2024-2920 | WordPress Plugin Vulnerability Report

Content Views – Post Grid & Filter, Recent Posts, Category Posts, & More (Gutenberg Blocks and Shortcode) Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Widget Post Overlay – CVE-2024-3929 | WordPress Plugin Vulnerability Report –

Recent Blog Posts

Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App Vulnerability – Missing Authorization to Account Takeover via Unauthenticated Email Log Disclosure – CVE: NA | WordPress Plugin Vulnerability Report

SiteSEO – SEO Simplified Vulnerability – Missing Authorization to Authenticated (Author+) Plugin Settings Update – CVE-2025-12367 | WordPress Plugin Vulnerability Report

Qi Blocks Vulnerability – Missing Authorization to Authenticated (Contributor+) Plugin Settings Update – CVE-2025-12180 | WordPress Plugin Vulnerability Report

Additional Resources

About Your WP Guy