WordPress Vulnerability Daily Update

Database for Contact Form 7, WPforms, Elementor forms Vulnrability – Unauthenticated Stored Cross-Site Scripting – CVE-2024-3715 | WordPress Plugin Vulnerability Report

April 22, 2024

Plugin Name: Database for Contact Form 7, WPforms, Elementor forms Key Information: Software Type: Plugin Software Slug: contact-form-entries Software Status:…

ElementsKit Elementor addons and Templates Library Vulnerability – Authenticated Local File Inclusion via Onepage Scroll Module – CVE-2024-3499 | WordPress Plugin Vulnerability Report

April 22, 2024

Posted in Vulnerabilities, Security

Plugin Name: ElementsKit Elementor addons and Templates Library Key Information: Software Type: Plugin Software Slug: elementskit-lite Software Status: Active Software…

Exclusive Addons for Elementor Vulnerability – Multiple Stored XSS Vulnerabilities – Multiple CVEs | WordPress Plugin Vulnerability Report

April 22, 2024

Posted in Vulnerabilities, Security

Plugin Name: Exclusive Addons for Elementor Key Information: Software Type: Plugin Software Slug: exclusive-addons-for-elementor Software Status: Active Software Author: timstrifler…

Quick Featured Images Vulnerability – Missing Authorization to Authenticated (Contributor+) Arbitrary Thumbnail Deletion/Setting – CVE-2024-3664 | WordPress Plugin Vulnerability Report

April 22, 2024

Posted in Vulnerabilities, Security

Plugin Name: Quick Featured Images Key Information: Software Type: Plugin Software Slug: quick-featured-images Software Status: Active Software Author: hinjiriyo Software…

Rank Math SEO with AI Best SEO Tools Vulnerability – Authenticated Stored Cross-Site Scripting via ‘titleWrapper’ – CVE-2024-3665 | WordPress Plugin Vulnerability Report

April 22, 2024

Posted in Vulnerabilities, Security

Plugin Name: Rank Math SEO with AI Best SEO Tools Key Information: Software Type: Plugin Software Slug: seo-by-rank-math Software Status:…

Royal Elementor Addons and Templates Vulnerability – Multiple Stored XSS Issues and IP Spoofing – Various CVEs |WordPress Plugin Vulnerability Report

April 22, 2024

Posted in Vulnerabilities, Security

Plugin Name: Royal Elementor Addons and Templates Key Information: Software Type: Plugin Software Slug: royal-elementor-addons Software Status: Active Software Author:…

Schema & Structured Data for WP & AMP Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via How To and FAQ Blocks – CVE-2024-3491 | WordPress Plugin Vulnerability Report

April 22, 2024

Posted in Vulnerabilities, Security

Plugin Name: Schema & Structured Data for WP & AMP Key Information: Software Type: Plugin Software Slug: schema-and-structured-data-for-wp Software Status:…

Social Sharing Plugin Vulnerability – Social Warfare – Authenticated Stored Cross-Site Scripting via Shortcode – CVE-2024-1959 | WordPress Plugin Vulnerability Report

April 22, 2024

Posted in Vulnerabilities, Security

Plugin Name: Social Sharing Plugin – Social Warfare Key Information: Software Type: Plugin Software Slug: social-warfare Software Status: Active Software…

User Registration Vulnerability – Custom Registration Form, Login Form, and User Profile – Missing Authorization to Authenticated (Subscriber+) Privilege Escalation – CVE-2024-2417 | WordPress Plugin Vulnerability Report

April 19, 2024

Posted in Vulnerabilities, Security

Plugin Name: User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin Key Information: Software Type: Plugin…

hCaptcha for WordPress Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via cf7-hcaptcha Shortcode – CVE-2024-4014 | WordPress Plugin Vulnerability Report

April 19, 2024

Posted in Vulnerabilities, Security

Plugin Name: hCaptcha for WordPress Key Information: Software Type: Plugin Software Slug: hcaptcha-for-forms-and-more Software Status: Active Software Author: hcaptcha Software…

Prime Slider Vulnerability – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-1730 | WordPress Plugin Vulnerability Report

April 19, 2024

Posted in Vulnerabilities, Security

Plugin Name: Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) Key Information: Software Type:…

ShopLentor Vulnerability – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-1057 | WordPress Plugin Vulnerability Report

April 19, 2024

Posted in Vulnerabilities, Security

Plugin Name: ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) Key…

Database for Contact Form 7, WPforms, Elementor forms Vulnrability – Unauthenticated Stored Cross-Site Scripting – CVE-2024-3715 | WordPress Plugin Vulnerability Report

ElementsKit Elementor addons and Templates Library Vulnerability – Authenticated Local File Inclusion via Onepage Scroll Module – CVE-2024-3499 | WordPress Plugin Vulnerability Report

Exclusive Addons for Elementor Vulnerability – Multiple Stored XSS Vulnerabilities – Multiple CVEs | WordPress Plugin Vulnerability Report

Quick Featured Images Vulnerability – Missing Authorization to Authenticated (Contributor+) Arbitrary Thumbnail Deletion/Setting – CVE-2024-3664 | WordPress Plugin Vulnerability Report

Rank Math SEO with AI Best SEO Tools Vulnerability – Authenticated Stored Cross-Site Scripting via ‘titleWrapper’ – CVE-2024-3665 | WordPress Plugin Vulnerability Report

Royal Elementor Addons and Templates Vulnerability – Multiple Stored XSS Issues and IP Spoofing – Various CVEs |WordPress Plugin Vulnerability Report

Schema & Structured Data for WP & AMP Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via How To and FAQ Blocks – CVE-2024-3491 | WordPress Plugin Vulnerability Report

User Registration Vulnerability – Custom Registration Form, Login Form, and User Profile – Missing Authorization to Authenticated (Subscriber+) Privilege Escalation – CVE-2024-2417 | WordPress Plugin Vulnerability Report

hCaptcha for WordPress Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via cf7-hcaptcha Shortcode – CVE-2024-4014 | WordPress Plugin Vulnerability Report

Prime Slider Vulnerability – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-1730 | WordPress Plugin Vulnerability Report

ShopLentor Vulnerability – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-1057 | WordPress Plugin Vulnerability Report

Recent Blog Posts

WordPress 500 Internal Server Error: What It Means and How to Fix It

Yoast SEO – Advanced SEO with real-time guidance and built-in AI Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via ‘jsonText’ Block Attribute – CVE-2026-3427 | WordPress Plugin Vulnerability Report

The Events Calendar Vulnerability – Missing Authorization to Authenticated (Subscriber+) Data Migration Control – CVE-2025-15043 | WordPress Plugin Vulnerability Report

Additional Resources

About Your WP Guy