WordPress Vulnerability Daily Update

Otter Blocks Vulnerability – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE – Authenticated Stored Cross-Site Scripting via ‘titleTag’ – CVE-2024-3725 | WordPress Plugin Vulnerability Report

April 16, 2024

Plugin Name: Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE Key Information: Software Type: Plugin Software…

Read about this Latest WordPress Vulnerability

RSS Aggregator by Feedzy Vulnerability – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator – Authenticated Blind Server-Side Request Forgery (SSRF) – CVE-2023-6805 | WordPress Plugin Vulnerability Report

April 16, 2024

Posted in Security, Vulnerabilities

Plugin Name: RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator Key Information: Software…

Read about this Latest WordPress Vulnerability

WP Show Posts Vulnerability – Improper Authorization to Information Exposure – CVE-2023-6731 | WordPress Plugin Vulnerability Report

April 15, 2024

Posted in Security, Vulnerabilities

Plugin Name: WP Show Posts Key Information: Software Type: Plugin Software Slug: wp-show-posts Software Status: Active Software Author: edge22 Software…

Read about this Latest WordPress Vulnerability

Email Subscribers by Icegram Express Vulnerability – Email Marketing, Newsletters, Automation for WordPress & WooCommerce – Unauthenticated SQL Injection – CVE-2024-2876 | WordPress Plugin Vulnerability Report

April 15, 2024

Posted in Security, Vulnerabilities

Plugin Name: Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce Key Information: Software Type:…

Read about this Latest WordPress Vulnerability

Enhanced Media Library Vulnerability – Authenticated (Author+) Stored Cross-Site Scripting – CVE-2024-2840 | WordPress Plugin Vulnerability Report

April 15, 2024

Posted in Security, Vulnerabilities

Plugin Name: Enhanced Media Library Key Information: Software Type: Plugin Software Slug: enhanced-media-library Software Status: Active Software Author: webbistro Software…

Read about this Latest WordPress Vulnerability

Customer Reviews for WooCommerce Vulnerability – Multiple Vulnerabilities – CVE-2024-3869 & CVE-2024-3243 | WordPress Plugin Vulnerability Report

April 15, 2024

Posted in Security, Vulnerabilities

Plugin Name: Customer Reviews for WooCommerce Key Information: Software Type: Plugin Software Slug: customer-reviews-woocommerce Software Status: Active Software Author: ivole…

Read about this Latest WordPress Vulnerability

Exclusive Addons for Elementor Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via InfoBox – CVE-2024-2751 | WordPress Plugin Vulnerability Report

April 15, 2024

Posted in Security, Vulnerabilities

Plugin Name: Exclusive Addons for Elementor Key Information: Software Type: Plugin Software Slug: exclusive-addons-for-elementor Software Status: Active Software Author: timstrifler…

Read about this Latest WordPress Vulnerability

Paid Memberships Pro Vulnerability – Content Restriction, User Registration, & Paid Subscriptions – Cross-Site Request Forgery – CVE-2024-3215 | WordPress Plugin Vulnerability Report

April 15, 2024

Posted in Security, Vulnerabilities

Plugin Name: Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions Key Information: Software Type: Plugin Software Slug:…

Read about this Latest WordPress Vulnerability

Real Media Library: Media Library Folder & File Manager Vulnerability – Authenticated (Author+) Stored Cross-Site Scripting – CVE-2024-2328 | WordPress Plugin Vulnerability Report

April 15, 2024

Posted in Security, Vulnerabilities

Plugin Name: Real Media Library: Media Library Folder & File Manager Key Information: Software Type: Plugin Software Slug: real-media-library-lite Software…

Read about this Latest WordPress Vulnerability

User Registration Vulnerability – Custom Registration Form, Login Form, and User Profile WordPress Plugin – Missing Authorization to Unauthenticated Media Deletion – CVE-2024-3295 | WordPress Plugin Vulnerability Report

April 15, 2024

Posted in Security, Vulnerabilities

Plugin Name: User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin Key Information: Software Type: Plugin…

Read about this Latest WordPress Vulnerability

Carousel Slider Vulnerability – Authenticated (Editor+) Stored Cross-Site Scripting – CVE-2024-3703 | WordPress Plugin Vulnerability Report

April 12, 2024

Posted in Security, Vulnerabilities

Plugin Name: Carousel Slider Key Information: Software Type: Plugin Software Slug: carousel-slider Software Status: Active Software Author: sayful Software Downloads:…

Read about this Latest WordPress Vulnerability

GiveWP Vulnerability – Donation Plugin and Fundraising Platform – Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode – CVE-2024-1957 | WordPress Plugin Vulnerability Report

April 12, 2024

Posted in Security, Vulnerabilities

Plugin Name: GiveWP – Donation Plugin and Fundraising Platform Key Information: Software Type: Plugin Software Slug: give Software Status: Active…

Read about this Latest WordPress Vulnerability

Otter Blocks Vulnerability – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE – Authenticated Stored Cross-Site Scripting via ‘titleTag’ – CVE-2024-3725 | WordPress Plugin Vulnerability Report

RSS Aggregator by Feedzy Vulnerability – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator – Authenticated Blind Server-Side Request Forgery (SSRF) – CVE-2023-6805 | WordPress Plugin Vulnerability Report

WP Show Posts Vulnerability – Improper Authorization to Information Exposure – CVE-2023-6731 | WordPress Plugin Vulnerability Report

Email Subscribers by Icegram Express Vulnerability – Email Marketing, Newsletters, Automation for WordPress & WooCommerce – Unauthenticated SQL Injection – CVE-2024-2876 | WordPress Plugin Vulnerability Report

Enhanced Media Library Vulnerability – Authenticated (Author+) Stored Cross-Site Scripting – CVE-2024-2840 | WordPress Plugin Vulnerability Report

Customer Reviews for WooCommerce Vulnerability – Multiple Vulnerabilities – CVE-2024-3869 & CVE-2024-3243 | WordPress Plugin Vulnerability Report

Exclusive Addons for Elementor Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via InfoBox – CVE-2024-2751 | WordPress Plugin Vulnerability Report

Paid Memberships Pro Vulnerability – Content Restriction, User Registration, & Paid Subscriptions – Cross-Site Request Forgery – CVE-2024-3215 | WordPress Plugin Vulnerability Report

Real Media Library: Media Library Folder & File Manager Vulnerability – Authenticated (Author+) Stored Cross-Site Scripting – CVE-2024-2328 | WordPress Plugin Vulnerability Report

User Registration Vulnerability – Custom Registration Form, Login Form, and User Profile WordPress Plugin – Missing Authorization to Unauthenticated Media Deletion – CVE-2024-3295 | WordPress Plugin Vulnerability Report

Carousel Slider Vulnerability – Authenticated (Editor+) Stored Cross-Site Scripting – CVE-2024-3703 | WordPress Plugin Vulnerability Report

GiveWP Vulnerability – Donation Plugin and Fundraising Platform – Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode – CVE-2024-1957 | WordPress Plugin Vulnerability Report

Recent Blog Posts

LiteSpeed Cache Vulnerability – Unauthenticated Sensitive Information Exposure via Log Files – CVE-2024-44000 | WordPress Plugin Vulnerability Report

Elementor Addon Elements Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Parameters – CVE-2024-4401, CVE-2024-7122 | WordPress Plugin Vulnerability Report

The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid Vulnerability – Authenticated (Contributor+) Information Disclosure – CVE-2024-7418 | WordPress Plugin Vulnerability Report

Additional Resources

About Your WP Guy