WordPress Vulnerability Daily Update

WP Plugin Vulnerabilities Image - Social Sharing Plugin Vulnerability – Social Warfare - Authenticated Stored Cross-Site Scripting via Shortcode - CVE-2024-1959 | WordPress Plugin Vulnerability Report - Vulnerabilities

Social Sharing Plugin Vulnerability – Social Warfare – Authenticated Stored Cross-Site Scripting via Shortcode – CVE-2024-1959 | WordPress Plugin Vulnerability Report

April 22, 2024

Plugin Name: Social Sharing Plugin – Social Warfare Key Information: Software Type: Plugin Software Slug: social-warfare Software Status: Active Software…

Read about this Latest WordPress Vulnerability

User Registration Vulnerability – Custom Registration Form, Login Form, and User Profile – Missing Authorization to Authenticated (Subscriber+) Privilege Escalation – CVE-2024-2417 | WordPress Plugin Vulnerability Report

April 19, 2024

Posted in Vulnerabilities, Security

Plugin Name: User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin Key Information: Software Type: Plugin…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - hCaptcha for WordPress Vulnerability - Authenticated (Contributor+) Stored Cross-Site Scripting via cf7-hcaptcha Shortcode - CVE-2024-4014 | WordPress Plugin Vulnerability Report - Vulnerabilities

hCaptcha for WordPress Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via cf7-hcaptcha Shortcode – CVE-2024-4014 | WordPress Plugin Vulnerability Report

April 19, 2024

Posted in Vulnerabilities, Security

Plugin Name: hCaptcha for WordPress Key Information: Software Type: Plugin Software Slug: hcaptcha-for-forms-and-more Software Status: Active Software Author: hcaptcha Software…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Prime Slider Vulnerability – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) - Authenticated (Contributor+) Stored Cross-Site Scripting - CVE-2024-1730 | WordPress Plugin Vulnerability Report - Vulnerabilities

Prime Slider Vulnerability – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-1730 | WordPress Plugin Vulnerability Report

April 19, 2024

Posted in Vulnerabilities, Security

Plugin Name: Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) Key Information: Software Type:…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - ShopLentor Vulnerability – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) - Authenticated (Contributor+) Stored Cross-Site Scripting - CVE-2024-1057 | WordPress Plugin Vulnerability Report - Vulnerabilities

ShopLentor Vulnerability – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-1057 | WordPress Plugin Vulnerability Report

April 19, 2024

Posted in Vulnerabilities, Security

Plugin Name: ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) Key…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Customer Reviews for WooCommerce Vulnerability - Reflected Cross-Site Scripting via 's' - CVE-2024-3731 | WordPress Plugin Vulnerability Report - Vulnerabilities

Customer Reviews for WooCommerce Vulnerability – Reflected Cross-Site Scripting via ‘s’ – CVE-2024-3731 | WordPress Plugin Vulnerability Report

April 18, 2024

Posted in Vulnerabilities, Security

Plugin Name: Customer Reviews for WooCommerce Key Information: Software Type: Plugin Software Slug: customer-reviews-woocommerce Software Status: Active Software Author: ivole…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - LearnPress Vulnerability – WordPress LMS Plugin - Authenticated (Contributor+) Stored Cross-Site Scripting - CVE-2024-3560 | WordPress Plugin Vulnerability Report - Vulnerabilities

LearnPress Vulnerability – WordPress LMS Plugin – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-3560 | WordPress Plugin Vulnerability Report

April 18, 2024

Posted in Vulnerabilities, Security

Plugin Name: LearnPress – WordPress LMS Plugin Key Information: Software Type: Plugin Software Slug: learnpress Software Status: Active Software Author:…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Backup Migration Vulnerability - Information Exposure via Log Files - CVE-2024-32686 | WordPress Plugin Vulnerability Report - Vulnerabilities

Backup Migration Vulnerability – Information Exposure via Log Files – CVE-2024-32686 | WordPress Plugin Vulnerability Report

April 17, 2024

Posted in Vulnerabilities, Security

Plugin Name: Backup Migration Key Information: Software Type: Plugin Software Slug: backup-backup Software Status: Active Software Author: inisev Software Downloads:…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Click to Chat Vulnerability – HoliThemes - Authenticated (Contributor+) Local File Inclusion - CVE-2024-3849 |WordPress Plugin Vulnerability Report - Vulnerabilities

Click to Chat Vulnerability – HoliThemes – Authenticated (Contributor+) Local File Inclusion – CVE-2024-3849 |WordPress Plugin Vulnerability Report

April 17, 2024

Posted in Vulnerabilities, Security

Plugin Name: Click to Chat – HoliThemes Key Information: Software Type: Plugin Software Slug: click-to-chat-for-whatsapp Software Status: Active Software Author:…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) Vulnerability - Authenticated (Contributor+) Stored Cross-Site Scripting via Price List Widget - CVE-2024-1426 | WordPress Plugin Vulnerability Report - Vulnerabilities

Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Price List Widget – CVE-2024-1426 | WordPress Plugin Vulnerability Report

April 17, 2024

Posted in Vulnerabilities, Security

Plugin Name: Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) Key Information: Software Type:…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - HUSKY Vulnerability – Products Filter Professional for WooCommerce - Authenticated (Subscriber+) Remote Code Execution - CVE-2024-32680 | WordPress Plugin Vulnerability Report - Vulnerabilities

HUSKY Vulnerability – Products Filter Professional for WooCommerce – Authenticated (Subscriber+) Remote Code Execution – CVE-2024-32680 | WordPress Plugin Vulnerability Report

April 17, 2024

Posted in Vulnerabilities, Security

Plugin Name: HUSKY – Products Filter Professional for WooCommerce Key Information: Software Type: Plugin Software Slug: woocommerce-products-filter Software Status: Active…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Content Control Vulnerability – The Ultimate Content Restriction Plugin! Restrict Content, Create Conditional Blocks & More - Missing Authorization to Sensitive Information Exposure - CVE-2024-0615 | WordPress Plugin Vulnerability Report - Vulnerabilities

Content Control Vulnerability – The Ultimate Content Restriction Plugin! Restrict Content, Create Conditional Blocks & More – Missing Authorization to Sensitive Information Exposure – CVE-2024-0615 | WordPress Plugin Vulnerability Report

April 16, 2024

Posted in Vulnerabilities, Security

Plugin Name: Content Control – The Ultimate Content Restriction Plugin! Restrict Content, Create Conditional Blocks & More Key Information: Software…

Read about this Latest WordPress Vulnerability

User Registration Vulnerability – Custom Registration Form, Login Form, and User Profile – Missing Authorization to Authenticated (Subscriber+) Privilege Escalation – CVE-2024-2417 | WordPress Plugin Vulnerability Report

hCaptcha for WordPress Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via cf7-hcaptcha Shortcode – CVE-2024-4014 | WordPress Plugin Vulnerability Report

Prime Slider Vulnerability – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-1730 | WordPress Plugin Vulnerability Report

ShopLentor Vulnerability – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-1057 | WordPress Plugin Vulnerability Report

Customer Reviews for WooCommerce Vulnerability – Reflected Cross-Site Scripting via ‘s’ – CVE-2024-3731 | WordPress Plugin Vulnerability Report

LearnPress Vulnerability – WordPress LMS Plugin – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-3560 | WordPress Plugin Vulnerability Report

Backup Migration Vulnerability – Information Exposure via Log Files – CVE-2024-32686 | WordPress Plugin Vulnerability Report

Click to Chat Vulnerability – HoliThemes – Authenticated (Contributor+) Local File Inclusion – CVE-2024-3849 |WordPress Plugin Vulnerability Report

Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Price List Widget – CVE-2024-1426 | WordPress Plugin Vulnerability Report

HUSKY Vulnerability – Products Filter Professional for WooCommerce – Authenticated (Subscriber+) Remote Code Execution – CVE-2024-32680 | WordPress Plugin Vulnerability Report

Content Control Vulnerability – The Ultimate Content Restriction Plugin! Restrict Content, Create Conditional Blocks & More – Missing Authorization to Sensitive Information Exposure – CVE-2024-0615 | WordPress Plugin Vulnerability Report

Recent Blog Posts

Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App Vulnerability – Missing Authorization to Account Takeover via Unauthenticated Email Log Disclosure – CVE: NA | WordPress Plugin Vulnerability Report

SiteSEO – SEO Simplified Vulnerability – Missing Authorization to Authenticated (Author+) Plugin Settings Update – CVE-2025-12367 | WordPress Plugin Vulnerability Report

Qi Blocks Vulnerability – Missing Authorization to Authenticated (Contributor+) Plugin Settings Update – CVE-2025-12180 | WordPress Plugin Vulnerability Report

Additional Resources

About Your WP Guy