WordPress Vulnerability Daily Update

WP Plugin Vulnerabilities Image - Smash Balloon Social Post Feed Vulnerability - Cross-Site Request Forgery - CVE-2024-31379 | WordPress Plugin Vulnerability Report - Vulnerabilities

Smash Balloon Social Post Feed Vulnerability – Cross-Site Request Forgery – CVE-2024-31379 | WordPress Plugin Vulnerability Report

April 10, 2024

Plugin Name: Smash Balloon Social Post Feed Key Information: Software Type: Plugin Software Slug: custom-facebook-feed Software Status: Active Software Author:…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Spotlight Social Feeds [Block, Shortcode, and Widget] Vulnerability - Cross-Site Request Forgery - CVE-2024-31381 | WordPress Plugin Vulnerability Report - Vulnerabilities

Spotlight Social Feeds [Block, Shortcode, and Widget] Vulnerability – Cross-Site Request Forgery – CVE-2024-31381 | WordPress Plugin Vulnerability Report

April 10, 2024

Posted in Vulnerabilities, Security

Plugin Name: Spotlight Social Feeds [Block, Shortcode, and Widget] Key Information: Software Type: Plugin Software Slug: spotlight-social-photo-feeds Software Status: Active…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - The Events Calendar Vulnerability - Cross-Site Request Forgery to Notice Dismissal - CVE-2024-31433 | WordPress Plugin Vulnerability Report - Vulnerabilities

The Events Calendar Vulnerability – Cross-Site Request Forgery to Notice Dismissal – CVE-2024-31433 | WordPress Plugin Vulnerability Report

April 10, 2024

Posted in Vulnerabilities, Security

Plugin Name: The Events Calendar Key Information: Software Type: Plugin Software Slug: the-events-calendar Software Status: Active Software Author: theeventscalendar Software…

Read about this Latest WordPress Vulnerability

Ultimate Member Vulnerability – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin – Authenticated (Subscriber+) Stored Cross-Site Scripting – CVE-2024-2765 | WordPress Plugin Vulnerability Report

April 10, 2024

Posted in Vulnerabilities, Security

Plugin Name: Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin Key Information: Software Type:…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Booking for Appointments and Events Calendar Vulnerability – Amelia - Cross-Site Request Forgery - CVE-2024-31425 | WordPress Plugin Vulnerability Report - Vulnerabilities

Booking for Appointments and Events Calendar Vulnerability – Amelia – Cross-Site Request Forgery – CVE-2024-31425 | WordPress Plugin Vulnerability Report

April 10, 2024

Posted in Vulnerabilities, Security

Plugin Name: Booking for Appointments and Events Calendar – Amelia Key Information: Software Type: Plugin Software Slug: ameliabooking Software Status:…

Read about this Latest WordPress Vulnerability

Clone Vulnerability – Missing Authorization – CVE-2024-31435 | WordPress Plugin Vulnerability Report

April 10, 2024

Posted in Vulnerabilities, Security

Plugin Name: Clone Key Information: Software Type: Plugin Software Slug: wp-clone-by-wp-academy Software Status: Active Software Author: migrate Software Downloads: 3,222,101…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) Vulnerability - Sensitive Information Exposure - CVE-2024-2966 | WordPress Plugin Vulnerability Report - Vulnerabilities

Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) Vulnerability – Sensitive Information Exposure – CVE-2024-2966 | WordPress Plugin Vulnerability Report

April 10, 2024

Posted in Vulnerabilities, Security

Plugin Name: Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) Key Information: Software Type:…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Favicon by RealFaviconGenerator Vulnerability - Cross-Site Request Forgery to Notice Dismissal - CVE-2024-31422 | WordPress Plugin Vulnerability Report - Vulnerabilities

Favicon by RealFaviconGenerator Vulnerability – Cross-Site Request Forgery to Notice Dismissal – CVE-2024-31422 | WordPress Plugin Vulnerability Report

April 10, 2024

Posted in Vulnerabilities, Security

Plugin Name: Favicon by RealFaviconGenerator Key Information: Software Type: Plugin Software Slug: favicon-by-realfavicongenerator Software Status: Active Software Author: phbernard Software…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Import any XML or CSV File to WordPress Vulnerability - Cross-Site Request Forgery to Notice Dismissal - CVE-2024-31939 | WordPress Plugin Vulnerability Report - Vulnerabilities

Import any XML or CSV File to WordPress Vulnerability – Cross-Site Request Forgery to Notice Dismissal – CVE-2024-31939 | WordPress Plugin Vulnerability Report

April 10, 2024

Posted in Vulnerabilities, Security

Plugin Name: Import any XML or CSV File to WordPress Key Information: Software Type: Plugin Software Slug: wp-all-import Software Status:…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Inline Related Posts Vulnerability - Cross-Site Request Forgery - CVE-2024-31426 | WordPress Plugin Vulnerability Report - Vulnerabilities

Inline Related Posts Vulnerability – Cross-Site Request Forgery – CVE-2024-31426 | WordPress Plugin Vulnerability Report

April 10, 2024

Posted in Vulnerabilities, Security

Plugin Name: Inline Related Posts Key Information: Software Type: Plugin Software Slug: intelly-related-posts Software Status: Active Software Author: data443 Software…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Link Whisper Free Vulnerability - Cross-Site Request Forgery - CVE-2024-31934 | WordPress Plugin Vulnerability Report - Vulnerabilities

Link Whisper Free Vulnerability – Cross-Site Request Forgery – CVE-2024-31934 | WordPress Plugin Vulnerability Report

April 10, 2024

Posted in Vulnerabilities, Security

Plugin Name: Link Whisper Free Key Information: Software Type: Plugin Software Slug: link-whisper Software Status: Active Software Author: linkwhspr Software…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Login With Ajax Vulnerability - Cross-Site Request Forgery to Notice Dismissal - CVE-2024-30546 | WordPress Plugin Vulnerability Report - Vulnerabilities

Login With Ajax Vulnerability – Cross-Site Request Forgery to Notice Dismissal – CVE-2024-30546 | WordPress Plugin Vulnerability Report

April 10, 2024

Posted in Vulnerabilities, Security

Plugin Name: Login With Ajax – Fast Logins, 2FA, Redirects Key Information: Software Type: Plugin Software Slug: login-with-ajax Software Status:…

Read about this Latest WordPress Vulnerability

The Events Calendar Vulnerability – Cross-Site Request Forgery to Notice Dismissal – CVE-2024-31433 | WordPress Plugin Vulnerability Report

Ultimate Member Vulnerability – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin – Authenticated (Subscriber+) Stored Cross-Site Scripting – CVE-2024-2765 | WordPress Plugin Vulnerability Report

Booking for Appointments and Events Calendar Vulnerability – Amelia – Cross-Site Request Forgery – CVE-2024-31425 | WordPress Plugin Vulnerability Report

Clone Vulnerability – Missing Authorization – CVE-2024-31435 | WordPress Plugin Vulnerability Report

Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) Vulnerability – Sensitive Information Exposure – CVE-2024-2966 | WordPress Plugin Vulnerability Report

Favicon by RealFaviconGenerator Vulnerability – Cross-Site Request Forgery to Notice Dismissal – CVE-2024-31422 | WordPress Plugin Vulnerability Report

Import any XML or CSV File to WordPress Vulnerability – Cross-Site Request Forgery to Notice Dismissal – CVE-2024-31939 | WordPress Plugin Vulnerability Report

Link Whisper Free Vulnerability – Cross-Site Request Forgery – CVE-2024-31934 | WordPress Plugin Vulnerability Report

Recent Blog Posts

Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App Vulnerability – Missing Authorization to Account Takeover via Unauthenticated Email Log Disclosure – CVE: NA | WordPress Plugin Vulnerability Report

SiteSEO – SEO Simplified Vulnerability – Missing Authorization to Authenticated (Author+) Plugin Settings Update – CVE-2025-12367 | WordPress Plugin Vulnerability Report

Qi Blocks Vulnerability – Missing Authorization to Authenticated (Contributor+) Plugin Settings Update – CVE-2025-12180 | WordPress Plugin Vulnerability Report

Additional Resources

About Your WP Guy