WordPress Vulnerability Daily Update

WP Plugin Vulnerabilities Image - Essential Addons for Elementor Vulnerability – Best Elementor Templates, Widgets, Kits & WooCommerce Builders - Authenticated (Contributor+) Store Cross-Site Scripting via Widget URL Attribute - CVE-2024-3333 | WordPress Plugin Vulnerability Report - Vulnerabilities

Essential Addons for Elementor Vulnerability – Best Elementor Templates, Widgets, Kits & WooCommerce Builders – Authenticated (Contributor+) Store Cross-Site Scripting via Widget URL Attribute – CVE-2024-3333 | WordPress Plugin Vulnerability Report

April 16, 2024

Plugin Name: Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders Key Information: Software Type: Plugin…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - FileBird Vulnerability – WordPress Media Library Folders & File Manager - Authenticated Insecure Direct Object Reference - CVE-2024-2346 | WordPress Plugin Vulnerability Report - Vulnerabilities

FileBird Vulnerability – WordPress Media Library Folders & File Manager – Authenticated Insecure Direct Object Reference – CVE-2024-2346 | WordPress Plugin Vulnerability Report

April 16, 2024

Posted in Vulnerabilities, Security

Plugin Name: FileBird – WordPress Media Library Folders & File Manager Key Information: Software Type: Plugin Software Slug: filebird Software…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - HT Mega Vulnerability – Absolute Addons For Elementor - Multiple Vulnerabilities - Various CVEs |WordPress Plugin Vulnerability Report - Vulnerabilities

HT Mega Vulnerability – Absolute Addons For Elementor – Multiple Vulnerabilities – Various CVEs |WordPress Plugin Vulnerability Report

April 16, 2024

Posted in Vulnerabilities, Security

Plugin Name: HT Mega – Absolute Addons For Elementor Key Information: Software Type: Plugin Software Slug: ht-mega-for-elementor Software Status: Active…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Otter Blocks Vulnerability – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE - Authenticated Stored Cross-Site Scripting via 'titleTag' - CVE-2024-3725 | WordPress Plugin Vulnerability Report - Vulnerabilities

Otter Blocks Vulnerability – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE – Authenticated Stored Cross-Site Scripting via ‘titleTag’ – CVE-2024-3725 | WordPress Plugin Vulnerability Report

April 16, 2024

Posted in Vulnerabilities, Security

Plugin Name: Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE Key Information: Software Type: Plugin Software…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - RSS Aggregator by Feedzy Vulnerability – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator - Authenticated Blind Server-Side Request Forgery (SSRF) - CVE-2023-6805 | WordPress Plugin Vulnerability Report - Vulnerabilities

RSS Aggregator by Feedzy Vulnerability – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator – Authenticated Blind Server-Side Request Forgery (SSRF) – CVE-2023-6805 | WordPress Plugin Vulnerability Report

April 16, 2024

Posted in Vulnerabilities, Security

Plugin Name: RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator Key Information: Software…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - WP Show Posts Vulnerability - Improper Authorization to Information Exposure - CVE-2023-6731 | WordPress Plugin Vulnerability Report - Vulnerabilities

WP Show Posts Vulnerability – Improper Authorization to Information Exposure – CVE-2023-6731 | WordPress Plugin Vulnerability Report

April 15, 2024

Posted in Vulnerabilities, Security

Plugin Name: WP Show Posts Key Information: Software Type: Plugin Software Slug: wp-show-posts Software Status: Active Software Author: edge22 Software…

Read about this Latest WordPress Vulnerability

Email Subscribers by Icegram Express Vulnerability – Email Marketing, Newsletters, Automation for WordPress & WooCommerce – Unauthenticated SQL Injection – CVE-2024-2876 | WordPress Plugin Vulnerability Report

April 15, 2024

Posted in Vulnerabilities, Security

Plugin Name: Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce Key Information: Software Type:…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Enhanced Media Library Vulnerability - Authenticated (Author+) Stored Cross-Site Scripting - CVE-2024-2840 | WordPress Plugin Vulnerability Report - Vulnerabilities

Enhanced Media Library Vulnerability – Authenticated (Author+) Stored Cross-Site Scripting – CVE-2024-2840 | WordPress Plugin Vulnerability Report

April 15, 2024

Posted in Vulnerabilities, Security

Plugin Name: Enhanced Media Library Key Information: Software Type: Plugin Software Slug: enhanced-media-library Software Status: Active Software Author: webbistro Software…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Customer Reviews for WooCommerce Vulnerability - Multiple Vulnerabilities - CVE-2024-3869 & CVE-2024-3243 | WordPress Plugin Vulnerability Report - Vulnerabilities

Customer Reviews for WooCommerce Vulnerability – Multiple Vulnerabilities – CVE-2024-3869 & CVE-2024-3243 | WordPress Plugin Vulnerability Report

April 15, 2024

Posted in Vulnerabilities, Security

Plugin Name: Customer Reviews for WooCommerce Key Information: Software Type: Plugin Software Slug: customer-reviews-woocommerce Software Status: Active Software Author: ivole…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Exclusive Addons for Elementor Vulnerability - Authenticated (Contributor+) Stored Cross-Site Scripting via InfoBox - CVE-2024-2751 | WordPress Plugin Vulnerability Report - Vulnerabilities

Exclusive Addons for Elementor Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via InfoBox – CVE-2024-2751 | WordPress Plugin Vulnerability Report

April 15, 2024

Posted in Vulnerabilities, Security

Plugin Name: Exclusive Addons for Elementor Key Information: Software Type: Plugin Software Slug: exclusive-addons-for-elementor Software Status: Active Software Author: timstrifler…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Paid Memberships Pro Vulnerability – Content Restriction, User Registration, & Paid Subscriptions - Cross-Site Request Forgery - CVE-2024-3215 | WordPress Plugin Vulnerability Report - Vulnerabilities

Paid Memberships Pro Vulnerability – Content Restriction, User Registration, & Paid Subscriptions – Cross-Site Request Forgery – CVE-2024-3215 | WordPress Plugin Vulnerability Report

April 15, 2024

Posted in Vulnerabilities, Security

Plugin Name: Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions Key Information: Software Type: Plugin Software Slug:…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Real Media Library: Media Library Folder & File Manager Vulnerability - Authenticated (Author+) Stored Cross-Site Scripting - CVE-2024-2328 | WordPress Plugin Vulnerability Report - Vulnerabilities

Real Media Library: Media Library Folder & File Manager Vulnerability – Authenticated (Author+) Stored Cross-Site Scripting – CVE-2024-2328 | WordPress Plugin Vulnerability Report

April 15, 2024

Posted in Vulnerabilities, Security

Plugin Name: Real Media Library: Media Library Folder & File Manager Key Information: Software Type: Plugin Software Slug: real-media-library-lite Software…

Read about this Latest WordPress Vulnerability

Essential Addons for Elementor Vulnerability – Best Elementor Templates, Widgets, Kits & WooCommerce Builders – Authenticated (Contributor+) Store Cross-Site Scripting via Widget URL Attribute – CVE-2024-3333 | WordPress Plugin Vulnerability Report

FileBird Vulnerability – WordPress Media Library Folders & File Manager – Authenticated Insecure Direct Object Reference – CVE-2024-2346 | WordPress Plugin Vulnerability Report

HT Mega Vulnerability – Absolute Addons For Elementor – Multiple Vulnerabilities – Various CVEs |WordPress Plugin Vulnerability Report

Otter Blocks Vulnerability – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE – Authenticated Stored Cross-Site Scripting via ‘titleTag’ – CVE-2024-3725 | WordPress Plugin Vulnerability Report

RSS Aggregator by Feedzy Vulnerability – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator – Authenticated Blind Server-Side Request Forgery (SSRF) – CVE-2023-6805 | WordPress Plugin Vulnerability Report

WP Show Posts Vulnerability – Improper Authorization to Information Exposure – CVE-2023-6731 | WordPress Plugin Vulnerability Report

Email Subscribers by Icegram Express Vulnerability – Email Marketing, Newsletters, Automation for WordPress & WooCommerce – Unauthenticated SQL Injection – CVE-2024-2876 | WordPress Plugin Vulnerability Report

Enhanced Media Library Vulnerability – Authenticated (Author+) Stored Cross-Site Scripting – CVE-2024-2840 | WordPress Plugin Vulnerability Report

Customer Reviews for WooCommerce Vulnerability – Multiple Vulnerabilities – CVE-2024-3869 & CVE-2024-3243 | WordPress Plugin Vulnerability Report

Exclusive Addons for Elementor Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via InfoBox – CVE-2024-2751 | WordPress Plugin Vulnerability Report

Paid Memberships Pro Vulnerability – Content Restriction, User Registration, & Paid Subscriptions – Cross-Site Request Forgery – CVE-2024-3215 | WordPress Plugin Vulnerability Report

Real Media Library: Media Library Folder & File Manager Vulnerability – Authenticated (Author+) Stored Cross-Site Scripting – CVE-2024-2328 | WordPress Plugin Vulnerability Report

Recent Blog Posts

Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App Vulnerability – Missing Authorization to Account Takeover via Unauthenticated Email Log Disclosure – CVE: NA | WordPress Plugin Vulnerability Report

SiteSEO – SEO Simplified Vulnerability – Missing Authorization to Authenticated (Author+) Plugin Settings Update – CVE-2025-12367 | WordPress Plugin Vulnerability Report

Qi Blocks Vulnerability – Missing Authorization to Authenticated (Contributor+) Plugin Settings Update – CVE-2025-12180 | WordPress Plugin Vulnerability Report

Additional Resources

About Your WP Guy