WordPress Vulnerability Daily Update

WP Plugin Vulnerabilities Image - Advanced Cron Manager Vulnerability – debug & control - Authenticated (Admin+) Stored Cross-Site Scripting - CVE-2024-31926 | WordPress Plugin Vulnerability Report - Vulnerabilities

Advanced Cron Manager Vulnerability – debug & control – Authenticated (Admin+) Stored Cross-Site Scripting – CVE-2024-31926 | WordPress Plugin Vulnerability Report

April 10, 2024

Plugin Name: Advanced Cron Manager – debug & control Key Information: Software Type: Plugin Software Slug: advanced-cron-manager Software Status: Active…

Read about this Latest WordPress Vulnerability

Newsletter Vulnerability – Cross-Site Request Forgery – CVE-2024-31434 | WordPress Plugin Vulnerability Report

April 10, 2024

Posted in Vulnerabilities, Security

Plugin Name: Newsletter – Send awesome emails from WordPress Key Information: Software Type: Plugin Software Slug: newsletter Software Status: Active…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - BEAR Vulnerability – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net - Cross-Site Request Forgery to Notice Dismissal - CVE-2024-31430 | WordPress Plugin Vulnerability Report - Vulnerabilities

BEAR Vulnerability – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net – Cross-Site Request Forgery to Notice Dismissal – CVE-2024-31430 | WordPress Plugin Vulnerability Report

April 10, 2024

Posted in Vulnerabilities, Security

Plugin Name: BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net Key Information: Software Type: Plugin Software…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Bold Page Builder Vulnerability - Multiple Stored Cross-Site Scripting Issues - CVE-2024-2736, CVE-2024-2735, CVE-2024-2734, CVE-2024-2733 | WordPress Vulnerability Report - Vulnerabilities

Bold Page Builder Vulnerability – Multiple Stored Cross-Site Scripting Issues – CVE-2024-2736, CVE-2024-2735, CVE-2024-2734, CVE-2024-2733 | WordPress Vulnerability Report

April 9, 2024

Posted in Security, Vulnerabilities

Plugin Name: Bold Page Builder Key Information: Software Type: Plugin Software Slug: bold-page-builder Software Status: Active Software Author: boldthemes Software…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Gutenberg Blocks by Kadence Blocks Vulnerability – Page Builder Features - Authenticated(Contributor+) Server-Side Request Forgery (SSRF) - CVE-2023-6964 | WordPress Plugin Vulnerability Report - Vulnerabilities

Gutenberg Blocks by Kadence Blocks Vulnerability – Page Builder Features – Authenticated(Contributor+) Server-Side Request Forgery (SSRF) – CVE-2023-6964 | WordPress Plugin Vulnerability Report

April 9, 2024

Posted in Security, Vulnerabilities

Plugin Name: Gutenberg Blocks by Kadence Blocks – Page Builder Features Key Information: Software Type: Plugin Software Slug: kadence-blocks Software…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Premium Addons for Elementor Vulnerability - Multiple Vulnerabilities - CVE-2024-2666, CVE-2024-2665, CVE-2024-2664, CVE-2024-0376 | WordPress Plugin Vulnerability Report - Vulnerabilities

Premium Addons for Elementor Vulnerability – Multiple Vulnerabilities – CVE-2024-2666, CVE-2024-2665, CVE-2024-2664, CVE-2024-0376 | WordPress Plugin Vulnerability Report

April 9, 2024

Posted in Vulnerabilities, Security

Plugin Name: Premium Addons for Elementor Key Information: Software Type: Plugin Software Slug: premium-addons-for-elementor Software Status: Active Software Author: leap13…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - WP Encryption Vulnerability – One Click Free SSL Certificate & SSL / HTTPS Redirect to Force HTTPS - Sensitive Information Exposure via Insufficiently Protected Files - CVE-2023-7046 | WordPress Plugin Vulnerability Report - Vulnerabilities

WP Encryption Vulnerability – One Click Free SSL Certificate & SSL / HTTPS Redirect to Force HTTPS – Sensitive Information Exposure via Insufficiently Protected Files – CVE-2023-7046 | WordPress Plugin Vulnerability Report

April 9, 2024

Posted in Vulnerabilities, Security

Plugin Name: WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to Force HTTPS, Security+ Key…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Carousel, Slider, Gallery by WP Carousel Vulnerability Vulnerability – Authenticated (Admin+) PHP Object Injection - CVE-2024-3020 | WordPress Plugin Vulnerability Report - Vulnerabilities

Carousel, Slider, Gallery by WP Carousel Vulnerability Vulnerability – Authenticated (Admin+) PHP Object Injection – CVE-2024-3020 | WordPress Plugin Vulnerability Report

April 9, 2024

Posted in Vulnerabilities, Security

Plugin Name: Carousel, Slider, Gallery by WP Carousel – Image Carousel & Photo Gallery, Post Carousel & Post Grid, Product…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Elementor Addons by Livemesh Vulnerability - Authenticated Stored Cross-Site Scripting Vulnerabilities - CVE-2024-2539 & CVE-2024-2655 | WordPress Plugin Vulnerability Report - Vulnerabilities

Elementor Addons by Livemesh Vulnerability – Authenticated Stored Cross-Site Scripting Vulnerabilities – CVE-2024-2539 & CVE-2024-2655 | WordPress Plugin Vulnerability Report

April 9, 2024

Posted in Vulnerabilities, Security

Plugin Name: Elementor Addons by Livemesh Key Information: Software Type: Plugin Software Slug: addons-for-elementor Software Status: Active Software Author: livemesh…

Read about this Latest WordPress Vulnerability

Gutenberg Vulnerability – Unauthenticated & Authenticated (Contributor+) Stored Cross-Site Scripting via Avatar Block | WordPress Plugin Vulnerability Report

April 9, 2024

Posted in Vulnerabilities, Security

Plugin Name: Gutenberg Key Information: Software Type: Plugin Software Slug: gutenberg Software Status: Active Software Author: matveb Software Downloads: 41,476,476…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Forminator Vulnerability – Contact Form, Payment Form & Custom Form Builder - Authenticated (Contributor+) Stored Cross-Site Scripting via forminator_form Shortcode - CVE-2024-3053 | WordPress Plugin Vulnerability Report - Vulnerabilities

Forminator Vulnerability – Contact Form, Payment Form & Custom Form Builder – Authenticated (Contributor+) Stored Cross-Site Scripting via forminator_form Shortcode – CVE-2024-3053 | WordPress Plugin Vulnerability Report

April 8, 2024

Posted in Vulnerabilities, Security

Plugin Name: Forminator – Contact Form, Payment Form & Custom Form Builder Key Information: Software Type: Plugin Software Slug: forminator…

Read about this Latest WordPress Vulnerability

Ocean Extra Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-3167 | WordPress Plugin Vulnerability Report

April 8, 2024

Posted in Security, Vulnerabilities

Plugin Name: Ocean Extra Key Information: Software Type: Plugin Software Slug: ocean-extra Software Status: Active Software Author: oceanwp Software Downloads:…

Read about this Latest WordPress Vulnerability

Advanced Cron Manager Vulnerability – debug & control – Authenticated (Admin+) Stored Cross-Site Scripting – CVE-2024-31926 | WordPress Plugin Vulnerability Report

BEAR Vulnerability – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net – Cross-Site Request Forgery to Notice Dismissal – CVE-2024-31430 | WordPress Plugin Vulnerability Report

Bold Page Builder Vulnerability – Multiple Stored Cross-Site Scripting Issues – CVE-2024-2736, CVE-2024-2735, CVE-2024-2734, CVE-2024-2733 | WordPress Vulnerability Report

Gutenberg Blocks by Kadence Blocks Vulnerability – Page Builder Features – Authenticated(Contributor+) Server-Side Request Forgery (SSRF) – CVE-2023-6964 | WordPress Plugin Vulnerability Report

Premium Addons for Elementor Vulnerability – Multiple Vulnerabilities – CVE-2024-2666, CVE-2024-2665, CVE-2024-2664, CVE-2024-0376 | WordPress Plugin Vulnerability Report

WP Encryption Vulnerability – One Click Free SSL Certificate & SSL / HTTPS Redirect to Force HTTPS – Sensitive Information Exposure via Insufficiently Protected Files – CVE-2023-7046 | WordPress Plugin Vulnerability Report

Carousel, Slider, Gallery by WP Carousel Vulnerability Vulnerability – Authenticated (Admin+) PHP Object Injection – CVE-2024-3020 | WordPress Plugin Vulnerability Report

Elementor Addons by Livemesh Vulnerability – Authenticated Stored Cross-Site Scripting Vulnerabilities – CVE-2024-2539 & CVE-2024-2655 | WordPress Plugin Vulnerability Report

Gutenberg Vulnerability – Unauthenticated & Authenticated (Contributor+) Stored Cross-Site Scripting via Avatar Block | WordPress Plugin Vulnerability Report

Forminator Vulnerability – Contact Form, Payment Form & Custom Form Builder – Authenticated (Contributor+) Stored Cross-Site Scripting via forminator_form Shortcode – CVE-2024-3053 | WordPress Plugin Vulnerability Report

Ocean Extra Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-3167 | WordPress Plugin Vulnerability Report

Recent Blog Posts

Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App Vulnerability – Missing Authorization to Account Takeover via Unauthenticated Email Log Disclosure – CVE: NA | WordPress Plugin Vulnerability Report

SiteSEO – SEO Simplified Vulnerability – Missing Authorization to Authenticated (Author+) Plugin Settings Update – CVE-2025-12367 | WordPress Plugin Vulnerability Report

Qi Blocks Vulnerability – Missing Authorization to Authenticated (Contributor+) Plugin Settings Update – CVE-2025-12180 | WordPress Plugin Vulnerability Report

Additional Resources

About Your WP Guy