WordPress Vulnerability Daily Update

Colibri Page Builder Vulnerability – Multiple Stored XSS Vulnerabilities – CVE-2024-3340, CVE-2024-3337, CVE-2024-3338 | WordPress Plugin Vulnerability Report

April 22, 2024

Plugin Name: Colibri Page Builder Key Information: Software Type: Plugin Software Slug: colibri-page-builder Software Status: Active Software Author: extendthemes Software…

Read about this Latest WordPress Vulnerability

Comments – wpDiscuz Vulnerability – Authenticated Stored Cross-Site Scripting via Uploaded Image Alternative Text – CVE-2024-2477 | WordPress Plugin Vulnerability Report

April 22, 2024

Posted in Security, Vulnerabilities

Plugin Name: Comments – wpDiscuz Key Information: Software Type: Plugin Software Slug: wpdiscuz Software Status: Active Software Author: advancedcoding Software…

Read about this Latest WordPress Vulnerability

Database for Contact Form 7, WPforms, Elementor forms Vulnrability – Unauthenticated Stored Cross-Site Scripting – CVE-2024-3715 | WordPress Plugin Vulnerability Report

April 22, 2024

Posted in Security, Vulnerabilities

Plugin Name: Database for Contact Form 7, WPforms, Elementor forms Key Information: Software Type: Plugin Software Slug: contact-form-entries Software Status:…

Read about this Latest WordPress Vulnerability

ElementsKit Elementor addons and Templates Library Vulnerability – Authenticated Local File Inclusion via Onepage Scroll Module – CVE-2024-3499 | WordPress Plugin Vulnerability Report

April 22, 2024

Posted in Security, Vulnerabilities

Plugin Name: ElementsKit Elementor addons and Templates Library Key Information: Software Type: Plugin Software Slug: elementskit-lite Software Status: Active Software…

Read about this Latest WordPress Vulnerability

Exclusive Addons for Elementor Vulnerability – Multiple Stored XSS Vulnerabilities – Multiple CVEs | WordPress Plugin Vulnerability Report

April 22, 2024

Posted in Security, Vulnerabilities

Plugin Name: Exclusive Addons for Elementor Key Information: Software Type: Plugin Software Slug: exclusive-addons-for-elementor Software Status: Active Software Author: timstrifler…

Read about this Latest WordPress Vulnerability

Quick Featured Images Vulnerability – Missing Authorization to Authenticated (Contributor+) Arbitrary Thumbnail Deletion/Setting – CVE-2024-3664 | WordPress Plugin Vulnerability Report

April 22, 2024

Posted in Security, Vulnerabilities

Plugin Name: Quick Featured Images Key Information: Software Type: Plugin Software Slug: quick-featured-images Software Status: Active Software Author: hinjiriyo Software…

Read about this Latest WordPress Vulnerability

Rank Math SEO with AI Best SEO Tools Vulnerability – Authenticated Stored Cross-Site Scripting via ‘titleWrapper’ – CVE-2024-3665 | WordPress Plugin Vulnerability Report

April 22, 2024

Posted in Security, Vulnerabilities

Plugin Name: Rank Math SEO with AI Best SEO Tools Key Information: Software Type: Plugin Software Slug: seo-by-rank-math Software Status:…

Read about this Latest WordPress Vulnerability

Royal Elementor Addons and Templates Vulnerability – Multiple Stored XSS Issues and IP Spoofing – Various CVEs |WordPress Plugin Vulnerability Report

April 22, 2024

Posted in Security, Vulnerabilities

Plugin Name: Royal Elementor Addons and Templates Key Information: Software Type: Plugin Software Slug: royal-elementor-addons Software Status: Active Software Author:…

Read about this Latest WordPress Vulnerability

Schema & Structured Data for WP & AMP Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via How To and FAQ Blocks – CVE-2024-3491 | WordPress Plugin Vulnerability Report

April 22, 2024

Posted in Security, Vulnerabilities

Plugin Name: Schema & Structured Data for WP & AMP Key Information: Software Type: Plugin Software Slug: schema-and-structured-data-for-wp Software Status:…

Read about this Latest WordPress Vulnerability

Social Sharing Plugin Vulnerability – Social Warfare – Authenticated Stored Cross-Site Scripting via Shortcode – CVE-2024-1959 | WordPress Plugin Vulnerability Report

April 22, 2024

Posted in Security, Vulnerabilities

Plugin Name: Social Sharing Plugin – Social Warfare Key Information: Software Type: Plugin Software Slug: social-warfare Software Status: Active Software…

Read about this Latest WordPress Vulnerability

User Registration Vulnerability – Custom Registration Form, Login Form, and User Profile – Missing Authorization to Authenticated (Subscriber+) Privilege Escalation – CVE-2024-2417 | WordPress Plugin Vulnerability Report

April 19, 2024

Posted in Security, Vulnerabilities

Plugin Name: User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin Key Information: Software Type: Plugin…

Read about this Latest WordPress Vulnerability

hCaptcha for WordPress Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via cf7-hcaptcha Shortcode – CVE-2024-4014 | WordPress Plugin Vulnerability Report

April 19, 2024

Posted in Security, Vulnerabilities

Plugin Name: hCaptcha for WordPress Key Information: Software Type: Plugin Software Slug: hcaptcha-for-forms-and-more Software Status: Active Software Author: hcaptcha Software…

Read about this Latest WordPress Vulnerability

Colibri Page Builder Vulnerability – Multiple Stored XSS Vulnerabilities – CVE-2024-3340, CVE-2024-3337, CVE-2024-3338 | WordPress Plugin Vulnerability Report

Comments – wpDiscuz Vulnerability – Authenticated Stored Cross-Site Scripting via Uploaded Image Alternative Text – CVE-2024-2477 | WordPress Plugin Vulnerability Report

Database for Contact Form 7, WPforms, Elementor forms Vulnrability – Unauthenticated Stored Cross-Site Scripting – CVE-2024-3715 | WordPress Plugin Vulnerability Report

ElementsKit Elementor addons and Templates Library Vulnerability – Authenticated Local File Inclusion via Onepage Scroll Module – CVE-2024-3499 | WordPress Plugin Vulnerability Report

Exclusive Addons for Elementor Vulnerability – Multiple Stored XSS Vulnerabilities – Multiple CVEs | WordPress Plugin Vulnerability Report

Quick Featured Images Vulnerability – Missing Authorization to Authenticated (Contributor+) Arbitrary Thumbnail Deletion/Setting – CVE-2024-3664 | WordPress Plugin Vulnerability Report

Rank Math SEO with AI Best SEO Tools Vulnerability – Authenticated Stored Cross-Site Scripting via ‘titleWrapper’ – CVE-2024-3665 | WordPress Plugin Vulnerability Report

Royal Elementor Addons and Templates Vulnerability – Multiple Stored XSS Issues and IP Spoofing – Various CVEs |WordPress Plugin Vulnerability Report

Schema & Structured Data for WP & AMP Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via How To and FAQ Blocks – CVE-2024-3491 | WordPress Plugin Vulnerability Report

User Registration Vulnerability – Custom Registration Form, Login Form, and User Profile – Missing Authorization to Authenticated (Subscriber+) Privilege Escalation – CVE-2024-2417 | WordPress Plugin Vulnerability Report

hCaptcha for WordPress Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via cf7-hcaptcha Shortcode – CVE-2024-4014 | WordPress Plugin Vulnerability Report

Recent Blog Posts

LiteSpeed Cache Vulnerability – Unauthenticated Sensitive Information Exposure via Log Files – CVE-2024-44000 | WordPress Plugin Vulnerability Report

Elementor Addon Elements Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Parameters – CVE-2024-4401, CVE-2024-7122 | WordPress Plugin Vulnerability Report

The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid Vulnerability – Authenticated (Contributor+) Information Disclosure – CVE-2024-7418 | WordPress Plugin Vulnerability Report

Additional Resources

About Your WP Guy