WordPress Vulnerability Daily Update

EmbedPress Vulnerability – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-3244 & CVE-2024-3245 | WordPress Plugin Vulnerability Report

April 5, 2024

Plugin Name: EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in…

Read about this Latest WordPress Vulnerability

FancyBox for WordPress Vulnerability – Authenticated (Admin+) Stored Cross-Site Scripting – CVE-2024-0662 | WordPress Plugin Vulnerability Report

April 5, 2024

Posted in Security, Vulnerabilities

Plugin Name: FancyBox for WordPress Key Information: Software Type: Plugin Software Slug: fancybox-for-wordpress Software Status: Active Software Author: colorlibplugins Software…

Read about this Latest WordPress Vulnerability

Image Watermark Vulnerability – Missing Authorization to Authenticated (Subscriber+) Watermark Modification – CVE-2024-1994 | WordPress Plugin Vulnerability Report

April 5, 2024

Posted in Security, Vulnerabilities

Plugin Name: Image Watermark Key Information: Software Type: Plugin Software Slug: image-watermark Software Status: Active Software Author: dfactory Software Downloads:…

Read about this Latest WordPress Vulnerability

Photo Gallery by 10Web Vulnerability – Mobile-Friendly Image Gallery – Authenticated (Admin+) Stored Cross-Site Scripting via SVG – CVE-2024-2296 | WordPress Plugin Vulnerability Report

April 5, 2024

Posted in Security, Vulnerabilities

Plugin Name: Photo Gallery by 10Web – Mobile-Friendly Image Gallery Key Information: Software Type: Plugin Software Slug: photo-gallery Software Status:…

Read about this Latest WordPress Vulnerability

Carousel, Slider, Gallery by WP Carousel Vulnerability – Authenticated Stored Cross-Site Scripting – CVE-2024-2949 | WordPress Plugin Vulnerability Report

April 5, 2024

Posted in Security, Vulnerabilities

Plugin Name: Carousel, Slider, Gallery by WP Carousel – Image Carousel & Photo Gallery, Post Carousel & Post Grid, Product…

Read about this Latest WordPress Vulnerability

Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) Vulnerability – Authenticated Stored Cross-Site Scripting – CVE-2024-1428 & CVE-2024-0837 | WordPress Plugin Vulnerability Report

April 5, 2024

Posted in Security, Vulnerabilities

Plugin Name: Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) Key Information: Software Type:…

Read about this Latest WordPress Vulnerability

Email Subscribers by Icegram Express Vulnerability – Authenticated (Administrator+) Cross-Site Scripting & Missing Authorization – CVE-2024-2656 & CVE-2024-31352 | WordPress Plugin Vulnerability Report

April 5, 2024

Posted in Security, Vulnerabilities

Plugin Name: Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce Key Information: Software Type:…

Read about this Latest WordPress Vulnerability

WordPress Gallery Plugin Vulnerability – NextGEN Gallery – Missing Authorization to Unauthenticated Information Disclosure – CVE-2024-3097 | WordPress Plugin Vulnerability Report

April 5, 2024

Posted in Security, Vulnerabilities

Plugin Name: WordPress Gallery Plugin – NextGEN Gallery Key Information: Software Type: Plugin Software Slug: nextgen-gallery Software Status: Active Software…

Read about this Latest WordPress Vulnerability

Best WordPress Gallery Plugin Vulnerability – FooGallery – Authenticated Stored Cross-Site Scripting – CVE-2024-2081 & CVE-2024-247 | WordPress Plugin Vulnerability Report

April 5, 2024

Posted in Security, Vulnerabilities

Plugin Name: Best WordPress Gallery Plugin – FooGallery Key Information: Software Type: Plugin Software Slug: foogallery Software Status: Active Software…

Read about this Latest WordPress Vulnerability

Bold Page Builder Vulnerability – Stored Cross-Site Scripting – CVE-2024-3267 & CVE-2024-3266 | WordPress Plugin Vulnerability Report

April 5, 2024

Posted in Security, Vulnerabilities

Plugin Name: Bold Page Builder Key Information: Software Type: Plugin Software Slug: bold-page-builder Software Status: Active Software Author: BoldThemes Software…

Read about this Latest WordPress Vulnerability

BoldGrid Easy SEO Vulnerability – Simple and Effective SEO – Information Exposure – CVE-2024-2950 | WordPress Plugin Vulnerability Report

April 5, 2024

Posted in Security, Vulnerabilities

Plugin Name: BoldGrid Easy SEO – Simple and Effective SEO Key Information: Software Type: Plugin Software Slug: boldgrid-easy-seo Software Status:…

Read about this Latest WordPress Vulnerability

ShopLentor Vulnerability – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) – Authenticated Stored Cross-site Scripting via QR Code Widget – CVE-2024-2946 | WordPress Plugin Vulnerability Report

April 4, 2024

Posted in Security, Vulnerabilities

Plugin Name: ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) Key…

Read about this Latest WordPress Vulnerability

EmbedPress Vulnerability – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-3244 & CVE-2024-3245 | WordPress Plugin Vulnerability Report

FancyBox for WordPress Vulnerability – Authenticated (Admin+) Stored Cross-Site Scripting – CVE-2024-0662 | WordPress Plugin Vulnerability Report

Image Watermark Vulnerability – Missing Authorization to Authenticated (Subscriber+) Watermark Modification – CVE-2024-1994 | WordPress Plugin Vulnerability Report

Photo Gallery by 10Web Vulnerability – Mobile-Friendly Image Gallery – Authenticated (Admin+) Stored Cross-Site Scripting via SVG – CVE-2024-2296 | WordPress Plugin Vulnerability Report

Carousel, Slider, Gallery by WP Carousel Vulnerability – Authenticated Stored Cross-Site Scripting – CVE-2024-2949 | WordPress Plugin Vulnerability Report

Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) Vulnerability – Authenticated Stored Cross-Site Scripting – CVE-2024-1428 & CVE-2024-0837 | WordPress Plugin Vulnerability Report

Email Subscribers by Icegram Express Vulnerability – Authenticated (Administrator+) Cross-Site Scripting & Missing Authorization – CVE-2024-2656 & CVE-2024-31352 | WordPress Plugin Vulnerability Report

WordPress Gallery Plugin Vulnerability – NextGEN Gallery – Missing Authorization to Unauthenticated Information Disclosure – CVE-2024-3097 | WordPress Plugin Vulnerability Report

Best WordPress Gallery Plugin Vulnerability – FooGallery – Authenticated Stored Cross-Site Scripting – CVE-2024-2081 & CVE-2024-247 | WordPress Plugin Vulnerability Report

Bold Page Builder Vulnerability – Stored Cross-Site Scripting – CVE-2024-3267 & CVE-2024-3266 | WordPress Plugin Vulnerability Report

BoldGrid Easy SEO Vulnerability – Simple and Effective SEO – Information Exposure – CVE-2024-2950 | WordPress Plugin Vulnerability Report

ShopLentor Vulnerability – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) – Authenticated Stored Cross-site Scripting via QR Code Widget – CVE-2024-2946 | WordPress Plugin Vulnerability Report

Recent Blog Posts

LiteSpeed Cache Vulnerability – Unauthenticated Sensitive Information Exposure via Log Files – CVE-2024-44000 | WordPress Plugin Vulnerability Report

Elementor Addon Elements Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Parameters – CVE-2024-4401, CVE-2024-7122 | WordPress Plugin Vulnerability Report

The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid Vulnerability – Authenticated (Contributor+) Information Disclosure – CVE-2024-7418 | WordPress Plugin Vulnerability Report

Additional Resources

About Your WP Guy