WordPress Vulnerability Daily Update

Smart Slider 3 Vulnerability – Missing Authorization to Limited File Upload – CVE-2024-3027 | WordPress Plugin Vulnerability Report

April 12, 2024

Plugin Name: Smart Slider 3 Key Information: Software Type: Plugin Software Slug: smart-slider-3 Software Status: Active Software Author: nextendweb Software…

Read about this Latest WordPress Vulnerability

WPC Smart Quick View for WooCommerce Vulnerability – Authenticated (Administrator+) Stored Cross-Site Scripting – CVE-2023-6494 | WordPress Plugin Vulnerability Report

April 12, 2024

Posted in Security, Vulnerabilities

Plugin Name: WPC Smart Quick View for WooCommerce Key Information: Software Type: Plugin Software Slug: woo-smart-quick-view Software Status: Active Software…

Read about this Latest WordPress Vulnerability

WPZOOM Social Feed Widget & Block Vulnerability – Missing Authorization to Authenticated (Subscriber+) Instagram Image Deletion – CVE-2024-3662 | WordPress Plugin Vulnerability Report

April 12, 2024

Posted in Security, Vulnerabilities

Plugin Name: WPZOOM Social Feed Widget & Block Key Information: Software Type: Plugin Software Slug: instagram-widget-by-wpzoom Software Status: Active Software…

Read about this Latest WordPress Vulnerability

WPvivid Backup & Migration Plugin Vulnerability – Authenticated (Admin+) PHAR Deserialization – CVE-2024-3054 | WordPress Plugin Vulnerability Report

April 11, 2024

Posted in Security, Vulnerabilities

Plugin Name: WPvivid Backup & Migration Plugin Key Information: Software Type: Plugin Software Slug: wpvivid-backuprestore Software Status: Active Software Author:…

Read about this Latest WordPress Vulnerability

Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content Vulnerability – ProfilePress – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-2867 | WordPress Plugin Vulnerability Report

April 11, 2024

Posted in Security, Vulnerabilities

Plugin Name: Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress Key Information:…

Read about this Latest WordPress Vulnerability

Otter Blocks Vulnerability – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE – Multiple XSS Vulnerabilities – CVE-2024-3344, CVE-2024-3343 | WordPress Plugin Vulnerability Report

April 10, 2024

Posted in Security, Vulnerabilities

Plugin Name: Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE Key Information: Software Type: Plugin Software…

Read about this Latest WordPress Vulnerability

Blocksy Companion Vulnerability – Cross-Site Request Forgery – CVE-2024-31932 | WordPress Plugin Vulnerability Report

April 10, 2024

Posted in Security, Vulnerabilities

Plugin Name: Blocksy Companion Key Information: Software Type: Plugin Software Slug: blocksy-companion Software Status: Active Software Author: creativethemeshq Software Downloads:…

Read about this Latest WordPress Vulnerability

Redirection Vulnerability – Missing Authorization – CVE-2024-31435 | WordPress Plugin Vulnerability Report

April 10, 2024

Posted in Security, Vulnerabilities

Plugin Name: Redirection Key Information: Software Type: Plugin Software Slug: redirect-redirection Software Status: Active Software Author: inisev Software Downloads: 329,941…

Read about this Latest WordPress Vulnerability

Slider, Gallery, and Carousel by MetaSlider Vulnerability – Responsive WordPress Slideshows – Authenticated (Contributor+) Stored Cross-Site Scripting via metaslider Shortcode – CVE-2024-3285 | WordPress Plugin Vulnerability Report

April 10, 2024

Posted in Security, Vulnerabilities

Plugin Name: Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Slideshows Key Information: Software Type: Plugin Software Slug: ml-slider…

Read about this Latest WordPress Vulnerability

Smash Balloon Social Post Feed Vulnerability – Cross-Site Request Forgery – CVE-2024-31379 | WordPress Plugin Vulnerability Report

April 10, 2024

Posted in Security, Vulnerabilities

Plugin Name: Smash Balloon Social Post Feed Key Information: Software Type: Plugin Software Slug: custom-facebook-feed Software Status: Active Software Author:…

Read about this Latest WordPress Vulnerability

Spotlight Social Feeds [Block, Shortcode, and Widget] Vulnerability – Cross-Site Request Forgery – CVE-2024-31381 | WordPress Plugin Vulnerability Report

April 10, 2024

Posted in Security, Vulnerabilities

Plugin Name: Spotlight Social Feeds [Block, Shortcode, and Widget] Key Information: Software Type: Plugin Software Slug: spotlight-social-photo-feeds Software Status: Active…

Read about this Latest WordPress Vulnerability

The Events Calendar Vulnerability – Cross-Site Request Forgery to Notice Dismissal – CVE-2024-31433 | WordPress Plugin Vulnerability Report

April 10, 2024

Posted in Security, Vulnerabilities

Plugin Name: The Events Calendar Key Information: Software Type: Plugin Software Slug: the-events-calendar Software Status: Active Software Author: theeventscalendar Software…

Read about this Latest WordPress Vulnerability

Smart Slider 3 Vulnerability – Missing Authorization to Limited File Upload – CVE-2024-3027 | WordPress Plugin Vulnerability Report

WPC Smart Quick View for WooCommerce Vulnerability – Authenticated (Administrator+) Stored Cross-Site Scripting – CVE-2023-6494 | WordPress Plugin Vulnerability Report

WPvivid Backup & Migration Plugin Vulnerability – Authenticated (Admin+) PHAR Deserialization – CVE-2024-3054 | WordPress Plugin Vulnerability Report

Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content Vulnerability – ProfilePress – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-2867 | WordPress Plugin Vulnerability Report

Otter Blocks Vulnerability – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE – Multiple XSS Vulnerabilities – CVE-2024-3344, CVE-2024-3343 | WordPress Plugin Vulnerability Report

Blocksy Companion Vulnerability – Cross-Site Request Forgery – CVE-2024-31932 | WordPress Plugin Vulnerability Report

Redirection Vulnerability – Missing Authorization – CVE-2024-31435 | WordPress Plugin Vulnerability Report

Slider, Gallery, and Carousel by MetaSlider Vulnerability – Responsive WordPress Slideshows – Authenticated (Contributor+) Stored Cross-Site Scripting via metaslider Shortcode – CVE-2024-3285 | WordPress Plugin Vulnerability Report

The Events Calendar Vulnerability – Cross-Site Request Forgery to Notice Dismissal – CVE-2024-31433 | WordPress Plugin Vulnerability Report

Recent Blog Posts

LiteSpeed Cache Vulnerability – Unauthenticated Sensitive Information Exposure via Log Files – CVE-2024-44000 | WordPress Plugin Vulnerability Report

Elementor Addon Elements Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Parameters – CVE-2024-4401, CVE-2024-7122 | WordPress Plugin Vulnerability Report

The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid Vulnerability – Authenticated (Contributor+) Information Disclosure – CVE-2024-7418 | WordPress Plugin Vulnerability Report

Additional Resources

About Your WP Guy