WordPress Vulnerability Daily Update

Customer Reviews for WooCommerce Vulnerability – Reflected Cross-Site Scripting via ‘s’ – CVE-2024-3731 | WordPress Plugin Vulnerability Report

April 18, 2024

Plugin Name: Customer Reviews for WooCommerce Key Information: Software Type: Plugin Software Slug: customer-reviews-woocommerce Software Status: Active Software Author: ivole…

LearnPress Vulnerability – WordPress LMS Plugin – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-3560 | WordPress Plugin Vulnerability Report

April 18, 2024

Posted in Vulnerabilities, Security

Plugin Name: LearnPress – WordPress LMS Plugin Key Information: Software Type: Plugin Software Slug: learnpress Software Status: Active Software Author:…

Backup Migration Vulnerability – Information Exposure via Log Files – CVE-2024-32686 | WordPress Plugin Vulnerability Report

April 17, 2024

Posted in Vulnerabilities, Security

Plugin Name: Backup Migration Key Information: Software Type: Plugin Software Slug: backup-backup Software Status: Active Software Author: inisev Software Downloads:…

Click to Chat Vulnerability – HoliThemes – Authenticated (Contributor+) Local File Inclusion – CVE-2024-3849 |WordPress Plugin Vulnerability Report

April 17, 2024

Posted in Vulnerabilities, Security

Plugin Name: Click to Chat – HoliThemes Key Information: Software Type: Plugin Software Slug: click-to-chat-for-whatsapp Software Status: Active Software Author:…

Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Price List Widget – CVE-2024-1426 | WordPress Plugin Vulnerability Report

April 17, 2024

Posted in Vulnerabilities, Security

Plugin Name: Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) Key Information: Software Type:…

HUSKY Vulnerability – Products Filter Professional for WooCommerce – Authenticated (Subscriber+) Remote Code Execution – CVE-2024-32680 | WordPress Plugin Vulnerability Report

April 17, 2024

Posted in Vulnerabilities, Security

Plugin Name: HUSKY – Products Filter Professional for WooCommerce Key Information: Software Type: Plugin Software Slug: woocommerce-products-filter Software Status: Active…

Content Control Vulnerability – The Ultimate Content Restriction Plugin! Restrict Content, Create Conditional Blocks & More – Missing Authorization to Sensitive Information Exposure – CVE-2024-0615 | WordPress Plugin Vulnerability Report

April 16, 2024

Posted in Vulnerabilities, Security

Plugin Name: Content Control – The Ultimate Content Restriction Plugin! Restrict Content, Create Conditional Blocks & More Key Information: Software…

Essential Addons for Elementor Vulnerability – Best Elementor Templates, Widgets, Kits & WooCommerce Builders – Authenticated (Contributor+) Store Cross-Site Scripting via Widget URL Attribute – CVE-2024-3333 | WordPress Plugin Vulnerability Report

April 16, 2024

Posted in Vulnerabilities, Security

Plugin Name: Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders Key Information: Software Type: Plugin…

FileBird Vulnerability – WordPress Media Library Folders & File Manager – Authenticated Insecure Direct Object Reference – CVE-2024-2346 | WordPress Plugin Vulnerability Report

April 16, 2024

Posted in Vulnerabilities, Security

Plugin Name: FileBird – WordPress Media Library Folders & File Manager Key Information: Software Type: Plugin Software Slug: filebird Software…

HT Mega Vulnerability – Absolute Addons For Elementor – Multiple Vulnerabilities – Various CVEs |WordPress Plugin Vulnerability Report

April 16, 2024

Posted in Vulnerabilities, Security

Plugin Name: HT Mega – Absolute Addons For Elementor Key Information: Software Type: Plugin Software Slug: ht-mega-for-elementor Software Status: Active…

Otter Blocks Vulnerability – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE – Authenticated Stored Cross-Site Scripting via ‘titleTag’ – CVE-2024-3725 | WordPress Plugin Vulnerability Report

April 16, 2024

Posted in Vulnerabilities, Security

Plugin Name: Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE Key Information: Software Type: Plugin Software…

RSS Aggregator by Feedzy Vulnerability – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator – Authenticated Blind Server-Side Request Forgery (SSRF) – CVE-2023-6805 | WordPress Plugin Vulnerability Report

April 16, 2024

Posted in Vulnerabilities, Security

Plugin Name: RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator Key Information: Software…

Customer Reviews for WooCommerce Vulnerability – Reflected Cross-Site Scripting via ‘s’ – CVE-2024-3731 | WordPress Plugin Vulnerability Report

LearnPress Vulnerability – WordPress LMS Plugin – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-3560 | WordPress Plugin Vulnerability Report

Backup Migration Vulnerability – Information Exposure via Log Files – CVE-2024-32686 | WordPress Plugin Vulnerability Report

Click to Chat Vulnerability – HoliThemes – Authenticated (Contributor+) Local File Inclusion – CVE-2024-3849 |WordPress Plugin Vulnerability Report

Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Price List Widget – CVE-2024-1426 | WordPress Plugin Vulnerability Report

HUSKY Vulnerability – Products Filter Professional for WooCommerce – Authenticated (Subscriber+) Remote Code Execution – CVE-2024-32680 | WordPress Plugin Vulnerability Report

Content Control Vulnerability – The Ultimate Content Restriction Plugin! Restrict Content, Create Conditional Blocks & More – Missing Authorization to Sensitive Information Exposure – CVE-2024-0615 | WordPress Plugin Vulnerability Report

Essential Addons for Elementor Vulnerability – Best Elementor Templates, Widgets, Kits & WooCommerce Builders – Authenticated (Contributor+) Store Cross-Site Scripting via Widget URL Attribute – CVE-2024-3333 | WordPress Plugin Vulnerability Report

FileBird Vulnerability – WordPress Media Library Folders & File Manager – Authenticated Insecure Direct Object Reference – CVE-2024-2346 | WordPress Plugin Vulnerability Report

HT Mega Vulnerability – Absolute Addons For Elementor – Multiple Vulnerabilities – Various CVEs |WordPress Plugin Vulnerability Report

Otter Blocks Vulnerability – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE – Authenticated Stored Cross-Site Scripting via ‘titleTag’ – CVE-2024-3725 | WordPress Plugin Vulnerability Report

RSS Aggregator by Feedzy Vulnerability – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator – Authenticated Blind Server-Side Request Forgery (SSRF) – CVE-2023-6805 | WordPress Plugin Vulnerability Report

Recent Blog Posts

WordPress 500 Internal Server Error: What It Means and How to Fix It

Yoast SEO – Advanced SEO with real-time guidance and built-in AI Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via ‘jsonText’ Block Attribute – CVE-2026-3427 | WordPress Plugin Vulnerability Report

The Events Calendar Vulnerability – Missing Authorization to Authenticated (Subscriber+) Data Migration Control – CVE-2025-15043 | WordPress Plugin Vulnerability Report

Additional Resources

About Your WP Guy