WordPress Vulnerability Daily Update

WooCommerce Google Feed Manager Vulnerability – Missing Authorization to Authenticated (Contributor+) Arbitrary File Deletion and Arbitrary Feed Actions – CVE-2024-7258 | WordPress Plugin Vulnerability Report

August 22, 2024

Plugin Name: WooCommerce Google Feed Manager Key Information: Software Type: Plugin Software Slug: wp-product-feed-manager Software Status: Active Software Author: aukejomm…

Read about this Latest WordPress Vulnerability

Piotnet Addons For Elementor Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets – CVE-2024-5502 | WordPress Plugin Vulnerability Report

August 22, 2024

Posted in Security, Vulnerabilities

Plugin Name: Piotnet Addons For Elementor Key Information: Software Type: Plugin Software Slug: piotnet-addons-for-elementor Software Status: Active Software Author: piotnetdotcom…

Read about this Latest WordPress Vulnerability

Responsive Lightbox & Gallery Vulnerability – Authenticated (Author+) Stored Cross-Site Scripting via File Upload – CVE-2024-6870 | WordPress Plugin Vulnerability Report

August 21, 2024

Posted in Security, Vulnerabilities

Plugin Name: Responsive Lightbox & Gallery Key Information: Software Type: Plugin Software Slug: responsive-lightbox Software Status: Active Software Author: dfactory…

Read about this Latest WordPress Vulnerability

Orbit Fox by ThemeIsle Vulnerability – Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload – CVE-2024-7778 | WordPress Plugin Vulnerability Report

August 21, 2024

Posted in Security, Vulnerabilities

Plugin Name: Orbit Fox by ThemeIsle Key Information: Software Type: Plugin Software Slug: themeisle-companion Software Status: Active Software Author: themeisle…

Read about this Latest WordPress Vulnerability

GiveWP Vulnerability– Donation Plugin and Fundraising Platform – Multiple Vulnerabilities – CVE-2024-5939, CVE-2024-5940, CVE-2024-5941, CVE-2024-5932 | WordPress Plugin Vulnerability Report

August 19, 2024

Posted in Security, Vulnerabilities

Plugin Name: GiveWP – Donation Plugin and Fundraising Platform Key Information: Software Type: Plugin Software Slug: give Software Status: Active…

Read about this Latest WordPress Vulnerability

The Plus Addons for Elementor Vulnerability- Multiple Stored Cross-Site Scripting Vulnerabilities – CVE-2024-6575 and CVE-2024-5763 | WordPress Plugin Vulnerability Report

August 19, 2024

Posted in Security, Vulnerabilities

Plugin Name: The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce Key Information: Software Type:…

Read about this Latest WordPress Vulnerability

BackWPup – WordPress Backup & Restore Plugin Vulnerability – Authenticated (Administrator+) Directory Traversal – CVE-2023-5505 | WordPress Plugin Vulnerability Report

August 16, 2024

Posted in Security, Vulnerabilities

Plugin Name: BackWPup – WordPress Backup & Restore Plugin Key Information: Software Type: Plugin Software Slug: backwpup Software Status: Active…

Read about this Latest WordPress Vulnerability

MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor Vulnerability – Unauthenticated Double-Extension Arbitrary File Upload – CVE-2023-0714 | WordPress Plugin Vulnerability Report

August 16, 2024

Posted in Security, Vulnerabilities

Plugin Name: MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor Key Information: Software Type: Plugin Software…

Read about this Latest WordPress Vulnerability

Relevanssi – A Better Search Vulnerability – Unauthenticated Information Exposure – CVE-2024-7630 | WordPress Plugin Vulnerability Report

August 15, 2024

Posted in Security, Vulnerabilities

Plugin Name: Relevanssi – A Better Search Key Information: Software Type: Plugin Software Slug: relevanssi Software Status: Active Software Author:…

Read about this Latest WordPress Vulnerability

Theme My Login Vulnrability – Cross-Site Request Forgery to Settings Update – CVE-2024-7422 | WordPress Plugin Vulnerability Report

August 15, 2024

Posted in Security, Vulnerabilities

Plugin Name: Theme My Login Key Information: Software Type: Plugin Software Slug: theme-my-login Software Status: Active Software Author: jfarthing84 Software…

Read about this Latest WordPress Vulnerability

ElementsKit Pro Vulnerability – Authenticated Sensitive Information Exposure & Stored Cross-Site Scripting – CVE-2024-7063, CVE-2024-7064 | WordPress Plugin Vulnerability Report

August 14, 2024

Posted in Security, Vulnerabilities

Plugin Name: ElementsKit Pro Key Information: Software Type: Plugin Software Slug: elementskit Software Status: Active Software Author: wpmet Software Downloads:…

Read about this Latest WordPress Vulnerability

Insert PHP Code Snippet Vulnerability – Cross-Site Request Forgery to Code Snippet Activate/Deactivate/Deletion – CVE-2024-7420 | WordPress Plugin Vulnerability Report

August 14, 2024

Posted in Security, Vulnerabilities

Plugin Name: Insert PHP Code Snippet Key Information: Software Type: Plugin Software Slug: insert-php-code-snippet Software Status: Active Software Author: f1logic…

Read about this Latest WordPress Vulnerability

WooCommerce Google Feed Manager Vulnerability – Missing Authorization to Authenticated (Contributor+) Arbitrary File Deletion and Arbitrary Feed Actions – CVE-2024-7258 | WordPress Plugin Vulnerability Report

Piotnet Addons For Elementor Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets – CVE-2024-5502 | WordPress Plugin Vulnerability Report

Orbit Fox by ThemeIsle Vulnerability – Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload – CVE-2024-7778 | WordPress Plugin Vulnerability Report

GiveWP Vulnerability– Donation Plugin and Fundraising Platform – Multiple Vulnerabilities – CVE-2024-5939, CVE-2024-5940, CVE-2024-5941, CVE-2024-5932 | WordPress Plugin Vulnerability Report

The Plus Addons for Elementor Vulnerability- Multiple Stored Cross-Site Scripting Vulnerabilities – CVE-2024-6575 and CVE-2024-5763 | WordPress Plugin Vulnerability Report

BackWPup – WordPress Backup & Restore Plugin Vulnerability – Authenticated (Administrator+) Directory Traversal – CVE-2023-5505 | WordPress Plugin Vulnerability Report

MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor Vulnerability – Unauthenticated Double-Extension Arbitrary File Upload – CVE-2023-0714 | WordPress Plugin Vulnerability Report

Relevanssi – A Better Search Vulnerability – Unauthenticated Information Exposure – CVE-2024-7630 | WordPress Plugin Vulnerability Report

ElementsKit Pro Vulnerability – Authenticated Sensitive Information Exposure & Stored Cross-Site Scripting – CVE-2024-7063, CVE-2024-7064 | WordPress Plugin Vulnerability Report

Insert PHP Code Snippet Vulnerability – Cross-Site Request Forgery to Code Snippet Activate/Deactivate/Deletion – CVE-2024-7420 | WordPress Plugin Vulnerability Report

Recent Blog Posts

LiteSpeed Cache Vulnerability – Unauthenticated Sensitive Information Exposure via Log Files – CVE-2024-44000 | WordPress Plugin Vulnerability Report

Elementor Addon Elements Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Parameters – CVE-2024-4401, CVE-2024-7122 | WordPress Plugin Vulnerability Report

The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid Vulnerability – Authenticated (Contributor+) Information Disclosure – CVE-2024-7418 | WordPress Plugin Vulnerability Report

Additional Resources

About Your WP Guy