WordPress Vulnerability Daily Update

FOX – Currency Switcher Professional for WooCommerce Vulnerability – Unauthenticated Arbitrary Shortcode Execution – CVE-2024-3734 |WordPress Plugin Vulnerability Report

April 24, 2024

Plugin Name: FOX – Currency Switcher Professional for WooCommerce Key Information: Software Type: Plugin Software Slug: woocommerce-currency-switcher Software Status: Active…

Read about this Latest WordPress Vulnerability

PDF Invoices & Packing Slips for WooCommerce Vulnerability – Multiple Vulnerabilities – CVE-2024-3045, CVE-2024-3047 | WordPress Plugin Vulnerability Report

April 24, 2024

Posted in Security, Vulnerabilities

Plugin Name: PDF Invoices & Packing Slips for WooCommerce Key Information: Software Type: Plugin Software Slug: woocommerce-pdf-invoices-packing-slips Software Status: Active…

Read about this Latest WordPress Vulnerability

Popup Box Vulnerability – Best WordPress Popup Plugin – Missing Authorization to Information Exposure – CVE-2024-3897 | WordPress Plugin Vulnerability Report

April 24, 2024

Posted in Security, Vulnerabilities

Plugin Name: Popup Box – Best WordPress Popup Plugin Key Information: Software Type: Plugin Software Slug: ays-popup-box Software Status: Active…

Read about this Latest WordPress Vulnerability

Premium Addons for Elementor Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via ‘arrow_style’ – CVE-2024-3647 | WordPress Plugin Vulnerability Report

April 24, 2024

Posted in Security, Vulnerabilities

Plugin Name: Premium Addons for Elementor Key Information: Software Type: Plugin Software Slug: premium-addons-for-elementor Software Status: Active Software Author: leap13…

Read about this Latest WordPress Vulnerability

Blog2Social: Social Media Auto Post & Scheduler Vulnerability – Information Exposure – CVE-2024-3678 | WordPress Plugin Vulnerability Report

April 24, 2024

Posted in Security, Vulnerabilities

Plugin Name: Blog2Social: Social Media Auto Post & Scheduler Key Information: Software Type: Plugin Software Slug: blog2social Software Status: Active…

Read about this Latest WordPress Vulnerability

Simple Membership Vulnerability – Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2024-3730 | WordPress Plugin Vulnerability Report

April 24, 2024

Posted in Security, Vulnerabilities

Plugin Name: Simple Membership Key Information: Software Type: Plugin Software Slug: simple-membership Software Status: Active Software Author: mra13 Software Downloads:…

Read about this Latest WordPress Vulnerability

Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Sina Fancy Text Widget – CVE-2024-3988 | WordPress Plugin Vulnerability Report

April 24, 2024

Posted in Security, Vulnerabilities

Plugin Name: Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates)…

Read about this Latest WordPress Vulnerability

WP-Members Membership Plugin Vulnerability – Unprotected Storage of Potentially Sensitive Files – CVE-2024-2920 | WordPress Plugin Vulnerability Report

April 24, 2024

Posted in Security, Vulnerabilities

Plugin Name: WP-Members Membership Plugin Key Information: Software Type: Plugin Software Slug: wp-members Software Status: Active Software Author: cbutlerjr Software…

Read about this Latest WordPress Vulnerability

Content Views – Post Grid & Filter, Recent Posts, Category Posts, & More (Gutenberg Blocks and Shortcode) Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Widget Post Overlay – CVE-2024-3929 | WordPress Plugin Vulnerability Report –

April 24, 2024

Posted in Security, Vulnerabilities

Plugin Name: Content Views – Post Grid & Filter, Recent Posts, Category Posts, & More (Gutenberg Blocks and Shortcode) Key…

Read about this Latest WordPress Vulnerability

FileOrganizer Vulnerability – Manage WordPress and Website Files – Authenticated Stored Cross-Site Scripting – CVE-2024-2324 | WordPress Plugin Vulnerability Report

April 23, 2024

Posted in Security, Vulnerabilities

Plugin Name: FileOrganizer – Manage WordPress and Website Files Key Information: Software Type: Plugin Software Slug: fileorganizer Software Status: Active…

Read about this Latest WordPress Vulnerability

Tutor LMS Vulnerability – eLearning and online course solution – Authenticated (Contributor+) Stored Cross-Site Scripting via ‘tutor_instructor_list’ Shortcode – CVE-2024-3994 | WordPress Plugin Vulnerability Report

April 23, 2024

Posted in Security, Vulnerabilities

Plugin Name: Tutor LMS – eLearning and online course solution Key Information: Software Type: Plugin Software Slug: tutor Software Status:…

Read about this Latest WordPress Vulnerability

Collapse-O-Matic Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2023-7030| WordPress Plugin Vulnerability Report

April 23, 2024

Posted in Security, Vulnerabilities

Plugin Name: Collapse-O-Matic Key Information: Software Type: Plugin Software Slug: jquery-collapse-o-matic Software Status: Active Software Author: baden03 Software Downloads: 1,284,998…

Read about this Latest WordPress Vulnerability

FOX – Currency Switcher Professional for WooCommerce Vulnerability – Unauthenticated Arbitrary Shortcode Execution – CVE-2024-3734 |WordPress Plugin Vulnerability Report

PDF Invoices & Packing Slips for WooCommerce Vulnerability – Multiple Vulnerabilities – CVE-2024-3045, CVE-2024-3047 | WordPress Plugin Vulnerability Report

Premium Addons for Elementor Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via ‘arrow_style’ – CVE-2024-3647 | WordPress Plugin Vulnerability Report

Blog2Social: Social Media Auto Post & Scheduler Vulnerability – Information Exposure – CVE-2024-3678 | WordPress Plugin Vulnerability Report

Simple Membership Vulnerability – Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2024-3730 | WordPress Plugin Vulnerability Report

Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Sina Fancy Text Widget – CVE-2024-3988 | WordPress Plugin Vulnerability Report

WP-Members Membership Plugin Vulnerability – Unprotected Storage of Potentially Sensitive Files – CVE-2024-2920 | WordPress Plugin Vulnerability Report

Content Views – Post Grid & Filter, Recent Posts, Category Posts, & More (Gutenberg Blocks and Shortcode) Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Widget Post Overlay – CVE-2024-3929 | WordPress Plugin Vulnerability Report –

FileOrganizer Vulnerability – Manage WordPress and Website Files – Authenticated Stored Cross-Site Scripting – CVE-2024-2324 | WordPress Plugin Vulnerability Report

Tutor LMS Vulnerability – eLearning and online course solution – Authenticated (Contributor+) Stored Cross-Site Scripting via ‘tutor_instructor_list’ Shortcode – CVE-2024-3994 | WordPress Plugin Vulnerability Report

Collapse-O-Matic Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2023-7030| WordPress Plugin Vulnerability Report

Recent Blog Posts

LiteSpeed Cache Vulnerability – Unauthenticated Sensitive Information Exposure via Log Files – CVE-2024-44000 | WordPress Plugin Vulnerability Report

Elementor Addon Elements Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Parameters – CVE-2024-4401, CVE-2024-7122 | WordPress Plugin Vulnerability Report

The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid Vulnerability – Authenticated (Contributor+) Information Disclosure – CVE-2024-7418 | WordPress Plugin Vulnerability Report

Additional Resources

About Your WP Guy