WordPress Vulnerability Daily Update

WP Plugin Vulnerabilities Image - String Locator Vulnerability - Reflected Cross-Site Scripting - CVE-2023-6987 | WordPress Plugin Vulnerability Report - Vulnerabilities

String Locator Vulnerability – Reflected Cross-Site Scripting – CVE-2023-6987 | WordPress Plugin Vulnerability Report

August 23, 2024

Plugin Name: String Locator Key Information: Software Type: Plugin Software Slug: string-locator Software Status: Active Software Author: instawp Software Downloads:…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Custom Permalinks Vulnerability - Authenticated (Editor+) Stored Cross-Site Scripting - CVE-2023-0926 | WordPress Plugin Vulnerability Report - Vulnerabilities

Custom Permalinks Vulnerability – Authenticated (Editor+) Stored Cross-Site Scripting – CVE-2023-0926 | WordPress Plugin Vulnerability Report

August 23, 2024

Posted in Vulnerabilities, Security

Plugin Name: Custom Permalinks Key Information: Software Type: Plugin Software Slug: custom-permalinks Software Status: Active Software Author: sasiddiqui Software Downloads:…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - WordPress Button Plugin MaxButtons Vulnerability - Full Path Disclosure - CVE-2024-6499 | WordPress Plugin Vulnerability Report - Vulnerabilities

WordPress Button Plugin MaxButtons Vulnerability – Full Path Disclosure – CVE-2024-6499 | WordPress Plugin Vulnerability Report

August 23, 2024

Posted in Vulnerabilities, Security

Plugin Name: WordPress Button Plugin MaxButtons Key Information: Software Type: Plugin Software Slug: maxbuttons Software Status: Active Software Author: maxfoundry…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - WooCommerce Google Feed Manager Vulnerability - Missing Authorization to Authenticated (Contributor+) Arbitrary File Deletion and Arbitrary Feed Actions - CVE-2024-7258 | WordPress Plugin Vulnerability Report - Vulnerabilities

WooCommerce Google Feed Manager Vulnerability – Missing Authorization to Authenticated (Contributor+) Arbitrary File Deletion and Arbitrary Feed Actions – CVE-2024-7258 | WordPress Plugin Vulnerability Report

August 22, 2024

Posted in Vulnerabilities, Security

Plugin Name: WooCommerce Google Feed Manager Key Information: Software Type: Plugin Software Slug: wp-product-feed-manager Software Status: Active Software Author: aukejomm…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Piotnet Addons For Elementor Vulnerability - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets - CVE-2024-5502 | WordPress Plugin Vulnerability Report - Vulnerabilities

Piotnet Addons For Elementor Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets – CVE-2024-5502 | WordPress Plugin Vulnerability Report

August 22, 2024

Posted in Vulnerabilities, Security

Plugin Name: Piotnet Addons For Elementor Key Information: Software Type: Plugin Software Slug: piotnet-addons-for-elementor Software Status: Active Software Author: piotnetdotcom…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Responsive Lightbox & Gallery Vulnerability - Authenticated (Author+) Stored Cross-Site Scripting via File Upload - CVE-2024-6870 | WordPress Plugin Vulnerability Report - Vulnerabilities

Responsive Lightbox & Gallery Vulnerability – Authenticated (Author+) Stored Cross-Site Scripting via File Upload – CVE-2024-6870 | WordPress Plugin Vulnerability Report

August 21, 2024

Posted in Vulnerabilities, Security

Plugin Name: Responsive Lightbox & Gallery Key Information: Software Type: Plugin Software Slug: responsive-lightbox Software Status: Active Software Author: dfactory…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Orbit Fox by ThemeIsle Vulnerability - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload - CVE-2024-7778 | WordPress Plugin Vulnerability Report - Vulnerabilities

Orbit Fox by ThemeIsle Vulnerability – Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload – CVE-2024-7778 | WordPress Plugin Vulnerability Report

August 21, 2024

Posted in Vulnerabilities, Security

Plugin Name: Orbit Fox by ThemeIsle Key Information: Software Type: Plugin Software Slug: themeisle-companion Software Status: Active Software Author: themeisle…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - GiveWP Vulnerability– Donation Plugin and Fundraising Platform - Multiple Vulnerabilities - CVE-2024-5939, CVE-2024-5940, CVE-2024-5941, CVE-2024-5932 | WordPress Plugin Vulnerability Report - Vulnerabilities

GiveWP Vulnerability– Donation Plugin and Fundraising Platform – Multiple Vulnerabilities – CVE-2024-5939, CVE-2024-5940, CVE-2024-5941, CVE-2024-5932 | WordPress Plugin Vulnerability Report

August 19, 2024

Posted in Vulnerabilities, Security

Plugin Name: GiveWP – Donation Plugin and Fundraising Platform Key Information: Software Type: Plugin Software Slug: give Software Status: Active…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - The Plus Addons for Elementor Vulnerability- Multiple Stored Cross-Site Scripting Vulnerabilities - CVE-2024-6575 and CVE-2024-5763 | WordPress Plugin Vulnerability Report - Vulnerabilities

The Plus Addons for Elementor Vulnerability- Multiple Stored Cross-Site Scripting Vulnerabilities – CVE-2024-6575 and CVE-2024-5763 | WordPress Plugin Vulnerability Report

August 19, 2024

Posted in Vulnerabilities, Security

Plugin Name: The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce Key Information: Software Type:…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - BackWPup – WordPress Backup & Restore Plugin Vulnerability - Authenticated (Administrator+) Directory Traversal - CVE-2023-5505 | WordPress Plugin Vulnerability Report - Vulnerabilities

BackWPup – WordPress Backup & Restore Plugin Vulnerability – Authenticated (Administrator+) Directory Traversal – CVE-2023-5505 | WordPress Plugin Vulnerability Report

August 16, 2024

Posted in Vulnerabilities, Security

Plugin Name: BackWPup – WordPress Backup & Restore Plugin Key Information: Software Type: Plugin Software Slug: backwpup Software Status: Active…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor Vulnerability - Unauthenticated Double-Extension Arbitrary File Upload - CVE-2023-0714 | WordPress Plugin Vulnerability Report - Vulnerabilities

MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor Vulnerability – Unauthenticated Double-Extension Arbitrary File Upload – CVE-2023-0714 | WordPress Plugin Vulnerability Report

August 16, 2024

Posted in Vulnerabilities, Security

Plugin Name: MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor Key Information: Software Type: Plugin Software…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Relevanssi – A Better Search Vulnerability - Unauthenticated Information Exposure - CVE-2024-7630 | WordPress Plugin Vulnerability Report - Vulnerabilities

Relevanssi – A Better Search Vulnerability – Unauthenticated Information Exposure – CVE-2024-7630 | WordPress Plugin Vulnerability Report

August 15, 2024

Posted in Vulnerabilities, Security

Plugin Name: Relevanssi – A Better Search Key Information: Software Type: Plugin Software Slug: relevanssi Software Status: Active Software Author:…

Read about this Latest WordPress Vulnerability

String Locator Vulnerability – Reflected Cross-Site Scripting – CVE-2023-6987 | WordPress Plugin Vulnerability Report

Custom Permalinks Vulnerability – Authenticated (Editor+) Stored Cross-Site Scripting – CVE-2023-0926 | WordPress Plugin Vulnerability Report

WordPress Button Plugin MaxButtons Vulnerability – Full Path Disclosure – CVE-2024-6499 | WordPress Plugin Vulnerability Report

WooCommerce Google Feed Manager Vulnerability – Missing Authorization to Authenticated (Contributor+) Arbitrary File Deletion and Arbitrary Feed Actions – CVE-2024-7258 | WordPress Plugin Vulnerability Report

Piotnet Addons For Elementor Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets – CVE-2024-5502 | WordPress Plugin Vulnerability Report

Orbit Fox by ThemeIsle Vulnerability – Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload – CVE-2024-7778 | WordPress Plugin Vulnerability Report

GiveWP Vulnerability– Donation Plugin and Fundraising Platform – Multiple Vulnerabilities – CVE-2024-5939, CVE-2024-5940, CVE-2024-5941, CVE-2024-5932 | WordPress Plugin Vulnerability Report

The Plus Addons for Elementor Vulnerability- Multiple Stored Cross-Site Scripting Vulnerabilities – CVE-2024-6575 and CVE-2024-5763 | WordPress Plugin Vulnerability Report

BackWPup – WordPress Backup & Restore Plugin Vulnerability – Authenticated (Administrator+) Directory Traversal – CVE-2023-5505 | WordPress Plugin Vulnerability Report

MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor Vulnerability – Unauthenticated Double-Extension Arbitrary File Upload – CVE-2023-0714 | WordPress Plugin Vulnerability Report

Relevanssi – A Better Search Vulnerability – Unauthenticated Information Exposure – CVE-2024-7630 | WordPress Plugin Vulnerability Report

Recent Blog Posts

Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App Vulnerability – Missing Authorization to Account Takeover via Unauthenticated Email Log Disclosure – CVE: NA | WordPress Plugin Vulnerability Report

SiteSEO – SEO Simplified Vulnerability – Missing Authorization to Authenticated (Author+) Plugin Settings Update – CVE-2025-12367 | WordPress Plugin Vulnerability Report

Qi Blocks Vulnerability – Missing Authorization to Authenticated (Contributor+) Plugin Settings Update – CVE-2025-12180 | WordPress Plugin Vulnerability Report

Additional Resources

About Your WP Guy