WordPress Vulnerability Daily Update

Premium Addons for Elementor Vulnerability – Multiple Vulnerabilities – CVE-2024-2666, CVE-2024-2665, CVE-2024-2664, CVE-2024-0376 | WordPress Plugin Vulnerability Report

April 9, 2024

Plugin Name: Premium Addons for Elementor Key Information: Software Type: Plugin Software Slug: premium-addons-for-elementor Software Status: Active Software Author: leap13…

WP Encryption Vulnerability – One Click Free SSL Certificate & SSL / HTTPS Redirect to Force HTTPS – Sensitive Information Exposure via Insufficiently Protected Files – CVE-2023-7046 | WordPress Plugin Vulnerability Report

April 9, 2024

Posted in Vulnerabilities, Security

Plugin Name: WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to Force HTTPS, Security+ Key…

Carousel, Slider, Gallery by WP Carousel Vulnerability Vulnerability – Authenticated (Admin+) PHP Object Injection – CVE-2024-3020 | WordPress Plugin Vulnerability Report

April 9, 2024

Posted in Vulnerabilities, Security

Plugin Name: Carousel, Slider, Gallery by WP Carousel – Image Carousel & Photo Gallery, Post Carousel & Post Grid, Product…

Elementor Addons by Livemesh Vulnerability – Authenticated Stored Cross-Site Scripting Vulnerabilities – CVE-2024-2539 & CVE-2024-2655 | WordPress Plugin Vulnerability Report

April 9, 2024

Posted in Vulnerabilities, Security

Plugin Name: Elementor Addons by Livemesh Key Information: Software Type: Plugin Software Slug: addons-for-elementor Software Status: Active Software Author: livemesh…

Gutenberg Vulnerability – Unauthenticated & Authenticated (Contributor+) Stored Cross-Site Scripting via Avatar Block | WordPress Plugin Vulnerability Report

April 9, 2024

Posted in Vulnerabilities, Security

Plugin Name: Gutenberg Key Information: Software Type: Plugin Software Slug: gutenberg Software Status: Active Software Author: matveb Software Downloads: 41,476,476…

Forminator Vulnerability – Contact Form, Payment Form & Custom Form Builder – Authenticated (Contributor+) Stored Cross-Site Scripting via forminator_form Shortcode – CVE-2024-3053 | WordPress Plugin Vulnerability Report

April 8, 2024

Posted in Vulnerabilities, Security

Plugin Name: Forminator – Contact Form, Payment Form & Custom Form Builder Key Information: Software Type: Plugin Software Slug: forminator…

Ocean Extra Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-3167 | WordPress Plugin Vulnerability Report

April 8, 2024

Posted in Security, Vulnerabilities

Plugin Name: Ocean Extra Key Information: Software Type: Plugin Software Slug: ocean-extra Software Status: Active Software Author: oceanwp Software Downloads:…

RSS Aggregator by Feedzy Vulnerability – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator – Authenticated Stored Cross-Site Scripting via Shortcode Error Message – CVE-2023-6877 | WordPress Plugin Vulnerability Report

April 6, 2024

Posted in Vulnerabilities, Security

Plugin Name: RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator Key Information: Software…

Sydney Toolbox Vulnerability – Authenticated Stored Cross-Site Scripting via Filterable Gallery – CVE-2024-3208 | WordPress Plugin Vulnerability Report

April 5, 2024

Posted in Vulnerabilities, Security

Plugin Name: Sydney Toolbox Key Information: Software Type: Plugin Software Slug: sydney-toolbox Software Status: Active Software Author: athemes Software Downloads:…

WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels Vulnerability – Missing Authorization to Unauthenticated Settings Reset – CVE-2024-3216 | WordPress Plugin Vulnerability Report

April 5, 2024

Posted in Vulnerabilities, Security

Plugin Name: WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels Key Information: Software Type: Plugin Software Slug: print-invoices-packing-slip-labels-for-woocommerce…

EmbedPress Vulnerability – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-3244 & CVE-2024-3245 | WordPress Plugin Vulnerability Report

April 5, 2024

Posted in Vulnerabilities, Security

Plugin Name: EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in…

FancyBox for WordPress Vulnerability – Authenticated (Admin+) Stored Cross-Site Scripting – CVE-2024-0662 | WordPress Plugin Vulnerability Report

April 5, 2024

Posted in Vulnerabilities, Security

Plugin Name: FancyBox for WordPress Key Information: Software Type: Plugin Software Slug: fancybox-for-wordpress Software Status: Active Software Author: colorlibplugins Software…

Premium Addons for Elementor Vulnerability – Multiple Vulnerabilities – CVE-2024-2666, CVE-2024-2665, CVE-2024-2664, CVE-2024-0376 | WordPress Plugin Vulnerability Report

WP Encryption Vulnerability – One Click Free SSL Certificate & SSL / HTTPS Redirect to Force HTTPS – Sensitive Information Exposure via Insufficiently Protected Files – CVE-2023-7046 | WordPress Plugin Vulnerability Report

Carousel, Slider, Gallery by WP Carousel Vulnerability Vulnerability – Authenticated (Admin+) PHP Object Injection – CVE-2024-3020 | WordPress Plugin Vulnerability Report

Elementor Addons by Livemesh Vulnerability – Authenticated Stored Cross-Site Scripting Vulnerabilities – CVE-2024-2539 & CVE-2024-2655 | WordPress Plugin Vulnerability Report

Gutenberg Vulnerability – Unauthenticated & Authenticated (Contributor+) Stored Cross-Site Scripting via Avatar Block | WordPress Plugin Vulnerability Report

Forminator Vulnerability – Contact Form, Payment Form & Custom Form Builder – Authenticated (Contributor+) Stored Cross-Site Scripting via forminator_form Shortcode – CVE-2024-3053 | WordPress Plugin Vulnerability Report

Ocean Extra Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-3167 | WordPress Plugin Vulnerability Report

RSS Aggregator by Feedzy Vulnerability – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator – Authenticated Stored Cross-Site Scripting via Shortcode Error Message – CVE-2023-6877 | WordPress Plugin Vulnerability Report

Sydney Toolbox Vulnerability – Authenticated Stored Cross-Site Scripting via Filterable Gallery – CVE-2024-3208 | WordPress Plugin Vulnerability Report

WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels Vulnerability – Missing Authorization to Unauthenticated Settings Reset – CVE-2024-3216 | WordPress Plugin Vulnerability Report

EmbedPress Vulnerability – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-3244 & CVE-2024-3245 | WordPress Plugin Vulnerability Report

FancyBox for WordPress Vulnerability – Authenticated (Admin+) Stored Cross-Site Scripting – CVE-2024-0662 | WordPress Plugin Vulnerability Report

Recent Blog Posts

WordPress 500 Internal Server Error: What It Means and How to Fix It

Yoast SEO – Advanced SEO with real-time guidance and built-in AI Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via ‘jsonText’ Block Attribute – CVE-2026-3427 | WordPress Plugin Vulnerability Report

The Events Calendar Vulnerability – Missing Authorization to Authenticated (Subscriber+) Data Migration Control – CVE-2025-15043 | WordPress Plugin Vulnerability Report

Additional Resources

About Your WP Guy