WordPress Vulnerability Daily Update

User Registration Vulnerability – Custom Registration Form, Login Form, and User Profile WordPress Plugin – Missing Authorization to Unauthenticated Media Deletion – CVE-2024-3295 | WordPress Plugin Vulnerability Report

April 15, 2024

Plugin Name: User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin Key Information: Software Type: Plugin…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Carousel Slider Vulnerability - Authenticated (Editor+) Stored Cross-Site Scripting - CVE-2024-3703 | WordPress Plugin Vulnerability Report - Vulnerabilities

Carousel Slider Vulnerability – Authenticated (Editor+) Stored Cross-Site Scripting – CVE-2024-3703 | WordPress Plugin Vulnerability Report

April 12, 2024

Posted in Vulnerabilities, Security

Plugin Name: Carousel Slider Key Information: Software Type: Plugin Software Slug: carousel-slider Software Status: Active Software Author: sayful Software Downloads:…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - GiveWP Vulnerability – Donation Plugin and Fundraising Platform - Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode - CVE-2024-1957 | WordPress Plugin Vulnerability Report - Vulnerabilities

GiveWP Vulnerability – Donation Plugin and Fundraising Platform – Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode – CVE-2024-1957 | WordPress Plugin Vulnerability Report

April 12, 2024

Posted in Vulnerabilities, Security

Plugin Name: GiveWP – Donation Plugin and Fundraising Platform Key Information: Software Type: Plugin Software Slug: give Software Status: Active…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Smart Slider 3 Vulnerability - Missing Authorization to Limited File Upload - CVE-2024-3027 | WordPress Plugin Vulnerability Report - Vulnerabilities

Smart Slider 3 Vulnerability – Missing Authorization to Limited File Upload – CVE-2024-3027 | WordPress Plugin Vulnerability Report

April 12, 2024

Posted in Vulnerabilities, Security

Plugin Name: Smart Slider 3 Key Information: Software Type: Plugin Software Slug: smart-slider-3 Software Status: Active Software Author: nextendweb Software…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - WPC Smart Quick View for WooCommerce Vulnerability - Authenticated (Administrator+) Stored Cross-Site Scripting - CVE-2023-6494 | WordPress Plugin Vulnerability Report - Vulnerabilities

WPC Smart Quick View for WooCommerce Vulnerability – Authenticated (Administrator+) Stored Cross-Site Scripting – CVE-2023-6494 | WordPress Plugin Vulnerability Report

April 12, 2024

Posted in Vulnerabilities, Security

Plugin Name: WPC Smart Quick View for WooCommerce Key Information: Software Type: Plugin Software Slug: woo-smart-quick-view Software Status: Active Software…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - WPZOOM Social Feed Widget & Block Vulnerability - Missing Authorization to Authenticated (Subscriber+) Instagram Image Deletion - CVE-2024-3662 | WordPress Plugin Vulnerability Report - Vulnerabilities

WPZOOM Social Feed Widget & Block Vulnerability – Missing Authorization to Authenticated (Subscriber+) Instagram Image Deletion – CVE-2024-3662 | WordPress Plugin Vulnerability Report

April 12, 2024

Posted in Vulnerabilities, Security

Plugin Name: WPZOOM Social Feed Widget & Block Key Information: Software Type: Plugin Software Slug: instagram-widget-by-wpzoom Software Status: Active Software…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - WPvivid Backup & Migration Plugin Vulnerability - Authenticated (Admin+) PHAR Deserialization - CVE-2024-3054 | WordPress Plugin Vulnerability Report - Vulnerabilities

WPvivid Backup & Migration Plugin Vulnerability – Authenticated (Admin+) PHAR Deserialization – CVE-2024-3054 | WordPress Plugin Vulnerability Report

April 11, 2024

Posted in Vulnerabilities, Security

Plugin Name: WPvivid Backup & Migration Plugin Key Information: Software Type: Plugin Software Slug: wpvivid-backuprestore Software Status: Active Software Author:…

Read about this Latest WordPress Vulnerability

Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content Vulnerability – ProfilePress – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-2867 | WordPress Plugin Vulnerability Report

April 11, 2024

Posted in Vulnerabilities, Security

Plugin Name: Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress Key Information:…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Otter Blocks Vulnerability – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE - Multiple XSS Vulnerabilities - CVE-2024-3344, CVE-2024-3343 | WordPress Plugin Vulnerability Report - Vulnerabilities

Otter Blocks Vulnerability – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE – Multiple XSS Vulnerabilities – CVE-2024-3344, CVE-2024-3343 | WordPress Plugin Vulnerability Report

April 10, 2024

Posted in Vulnerabilities, Security

Plugin Name: Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE Key Information: Software Type: Plugin Software…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Blocksy Companion Vulnerability - Cross-Site Request Forgery - CVE-2024-31932 | WordPress Plugin Vulnerability Report - Vulnerabilities

Blocksy Companion Vulnerability – Cross-Site Request Forgery – CVE-2024-31932 | WordPress Plugin Vulnerability Report

April 10, 2024

Posted in Vulnerabilities, Security

Plugin Name: Blocksy Companion Key Information: Software Type: Plugin Software Slug: blocksy-companion Software Status: Active Software Author: creativethemeshq Software Downloads:…

Read about this Latest WordPress Vulnerability

Redirection Vulnerability – Missing Authorization – CVE-2024-31435 | WordPress Plugin Vulnerability Report

April 10, 2024

Posted in Vulnerabilities, Security

Plugin Name: Redirection Key Information: Software Type: Plugin Software Slug: redirect-redirection Software Status: Active Software Author: inisev Software Downloads: 329,941…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Slider, Gallery, and Carousel by MetaSlider Vulnerability – Responsive WordPress Slideshows - Authenticated (Contributor+) Stored Cross-Site Scripting via metaslider Shortcode - CVE-2024-3285 | WordPress Plugin Vulnerability Report - Vulnerabilities

Slider, Gallery, and Carousel by MetaSlider Vulnerability – Responsive WordPress Slideshows – Authenticated (Contributor+) Stored Cross-Site Scripting via metaslider Shortcode – CVE-2024-3285 | WordPress Plugin Vulnerability Report

April 10, 2024

Posted in Vulnerabilities, Security

Plugin Name: Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Slideshows Key Information: Software Type: Plugin Software Slug: ml-slider…

Read about this Latest WordPress Vulnerability

User Registration Vulnerability – Custom Registration Form, Login Form, and User Profile WordPress Plugin – Missing Authorization to Unauthenticated Media Deletion – CVE-2024-3295 | WordPress Plugin Vulnerability Report

Carousel Slider Vulnerability – Authenticated (Editor+) Stored Cross-Site Scripting – CVE-2024-3703 | WordPress Plugin Vulnerability Report

GiveWP Vulnerability – Donation Plugin and Fundraising Platform – Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode – CVE-2024-1957 | WordPress Plugin Vulnerability Report

Smart Slider 3 Vulnerability – Missing Authorization to Limited File Upload – CVE-2024-3027 | WordPress Plugin Vulnerability Report

WPC Smart Quick View for WooCommerce Vulnerability – Authenticated (Administrator+) Stored Cross-Site Scripting – CVE-2023-6494 | WordPress Plugin Vulnerability Report

WPvivid Backup & Migration Plugin Vulnerability – Authenticated (Admin+) PHAR Deserialization – CVE-2024-3054 | WordPress Plugin Vulnerability Report

Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content Vulnerability – ProfilePress – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-2867 | WordPress Plugin Vulnerability Report

Otter Blocks Vulnerability – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE – Multiple XSS Vulnerabilities – CVE-2024-3344, CVE-2024-3343 | WordPress Plugin Vulnerability Report

Blocksy Companion Vulnerability – Cross-Site Request Forgery – CVE-2024-31932 | WordPress Plugin Vulnerability Report

Redirection Vulnerability – Missing Authorization – CVE-2024-31435 | WordPress Plugin Vulnerability Report

Slider, Gallery, and Carousel by MetaSlider Vulnerability – Responsive WordPress Slideshows – Authenticated (Contributor+) Stored Cross-Site Scripting via metaslider Shortcode – CVE-2024-3285 | WordPress Plugin Vulnerability Report

Recent Blog Posts

Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App Vulnerability – Missing Authorization to Account Takeover via Unauthenticated Email Log Disclosure – CVE: NA | WordPress Plugin Vulnerability Report

SiteSEO – SEO Simplified Vulnerability – Missing Authorization to Authenticated (Author+) Plugin Settings Update – CVE-2025-12367 | WordPress Plugin Vulnerability Report

Qi Blocks Vulnerability – Missing Authorization to Authenticated (Contributor+) Plugin Settings Update – CVE-2025-12180 | WordPress Plugin Vulnerability Report

Additional Resources

About Your WP Guy