WordPress Vulnerability Daily Update

Ultimate Member Vulnerability – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin – Authenticated (Subscriber+) Stored Cross-Site Scripting – CVE-2024-2765 | WordPress Plugin Vulnerability Report

April 10, 2024

Plugin Name: Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin Key Information: Software Type:…

Read about this Latest WordPress Vulnerability

Booking for Appointments and Events Calendar Vulnerability – Amelia – Cross-Site Request Forgery – CVE-2024-31425 | WordPress Plugin Vulnerability Report

April 10, 2024

Posted in Security, Vulnerabilities

Plugin Name: Booking for Appointments and Events Calendar – Amelia Key Information: Software Type: Plugin Software Slug: ameliabooking Software Status:…

Read about this Latest WordPress Vulnerability

Clone Vulnerability – Missing Authorization – CVE-2024-31435 | WordPress Plugin Vulnerability Report

April 10, 2024

Posted in Security, Vulnerabilities

Plugin Name: Clone Key Information: Software Type: Plugin Software Slug: wp-clone-by-wp-academy Software Status: Active Software Author: migrate Software Downloads: 3,222,101…

Read about this Latest WordPress Vulnerability

Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) Vulnerability – Sensitive Information Exposure – CVE-2024-2966 | WordPress Plugin Vulnerability Report

April 10, 2024

Posted in Security, Vulnerabilities

Plugin Name: Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) Key Information: Software Type:…

Read about this Latest WordPress Vulnerability

Favicon by RealFaviconGenerator Vulnerability – Cross-Site Request Forgery to Notice Dismissal – CVE-2024-31422 | WordPress Plugin Vulnerability Report

April 10, 2024

Posted in Security, Vulnerabilities

Plugin Name: Favicon by RealFaviconGenerator Key Information: Software Type: Plugin Software Slug: favicon-by-realfavicongenerator Software Status: Active Software Author: phbernard Software…

Read about this Latest WordPress Vulnerability

Import any XML or CSV File to WordPress Vulnerability – Cross-Site Request Forgery to Notice Dismissal – CVE-2024-31939 | WordPress Plugin Vulnerability Report

April 10, 2024

Posted in Security, Vulnerabilities

Plugin Name: Import any XML or CSV File to WordPress Key Information: Software Type: Plugin Software Slug: wp-all-import Software Status:…

Read about this Latest WordPress Vulnerability

Inline Related Posts Vulnerability – Cross-Site Request Forgery – CVE-2024-31426 | WordPress Plugin Vulnerability Report

April 10, 2024

Posted in Security, Vulnerabilities

Plugin Name: Inline Related Posts Key Information: Software Type: Plugin Software Slug: intelly-related-posts Software Status: Active Software Author: data443 Software…

Read about this Latest WordPress Vulnerability

Link Whisper Free Vulnerability – Cross-Site Request Forgery – CVE-2024-31934 | WordPress Plugin Vulnerability Report

April 10, 2024

Posted in Security, Vulnerabilities

Plugin Name: Link Whisper Free Key Information: Software Type: Plugin Software Slug: link-whisper Software Status: Active Software Author: linkwhspr Software…

Read about this Latest WordPress Vulnerability

Login With Ajax Vulnerability – Cross-Site Request Forgery to Notice Dismissal – CVE-2024-30546 | WordPress Plugin Vulnerability Report

April 10, 2024

Posted in Security, Vulnerabilities

Plugin Name: Login With Ajax – Fast Logins, 2FA, Redirects Key Information: Software Type: Plugin Software Slug: login-with-ajax Software Status:…

Read about this Latest WordPress Vulnerability

Advanced Cron Manager Vulnerability – debug & control – Authenticated (Admin+) Stored Cross-Site Scripting – CVE-2024-31926 | WordPress Plugin Vulnerability Report

April 10, 2024

Posted in Security, Vulnerabilities

Plugin Name: Advanced Cron Manager – debug & control Key Information: Software Type: Plugin Software Slug: advanced-cron-manager Software Status: Active…

Read about this Latest WordPress Vulnerability

Newsletter Vulnerability – Cross-Site Request Forgery – CVE-2024-31434 | WordPress Plugin Vulnerability Report

April 10, 2024

Posted in Security, Vulnerabilities

Plugin Name: Newsletter – Send awesome emails from WordPress Key Information: Software Type: Plugin Software Slug: newsletter Software Status: Active…

Read about this Latest WordPress Vulnerability

BEAR Vulnerability – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net – Cross-Site Request Forgery to Notice Dismissal – CVE-2024-31430 | WordPress Plugin Vulnerability Report

April 10, 2024

Posted in Security, Vulnerabilities

Plugin Name: BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net Key Information: Software Type: Plugin Software…

Read about this Latest WordPress Vulnerability

Ultimate Member Vulnerability – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin – Authenticated (Subscriber+) Stored Cross-Site Scripting – CVE-2024-2765 | WordPress Plugin Vulnerability Report

Booking for Appointments and Events Calendar Vulnerability – Amelia – Cross-Site Request Forgery – CVE-2024-31425 | WordPress Plugin Vulnerability Report

Clone Vulnerability – Missing Authorization – CVE-2024-31435 | WordPress Plugin Vulnerability Report

Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) Vulnerability – Sensitive Information Exposure – CVE-2024-2966 | WordPress Plugin Vulnerability Report

Favicon by RealFaviconGenerator Vulnerability – Cross-Site Request Forgery to Notice Dismissal – CVE-2024-31422 | WordPress Plugin Vulnerability Report

Import any XML or CSV File to WordPress Vulnerability – Cross-Site Request Forgery to Notice Dismissal – CVE-2024-31939 | WordPress Plugin Vulnerability Report

Link Whisper Free Vulnerability – Cross-Site Request Forgery – CVE-2024-31934 | WordPress Plugin Vulnerability Report

Advanced Cron Manager Vulnerability – debug & control – Authenticated (Admin+) Stored Cross-Site Scripting – CVE-2024-31926 | WordPress Plugin Vulnerability Report

BEAR Vulnerability – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net – Cross-Site Request Forgery to Notice Dismissal – CVE-2024-31430 | WordPress Plugin Vulnerability Report

Recent Blog Posts

LiteSpeed Cache Vulnerability – Unauthenticated Sensitive Information Exposure via Log Files – CVE-2024-44000 | WordPress Plugin Vulnerability Report

Elementor Addon Elements Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Parameters – CVE-2024-4401, CVE-2024-7122 | WordPress Plugin Vulnerability Report

The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid Vulnerability – Authenticated (Contributor+) Information Disclosure – CVE-2024-7418 | WordPress Plugin Vulnerability Report

Additional Resources

About Your WP Guy