WordPress Vulnerability Daily Update

WP Plugin Vulnerabilities Image - RSS Aggregator by Feedzy Vulnerability – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator - Authenticated Stored Cross-Site Scripting via Shortcode Error Message - CVE-2023-6877 | WordPress Plugin Vulnerability Report - Vulnerabilities

RSS Aggregator by Feedzy Vulnerability – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator – Authenticated Stored Cross-Site Scripting via Shortcode Error Message – CVE-2023-6877 | WordPress Plugin Vulnerability Report

April 6, 2024

Plugin Name: RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator Key Information: Software…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Sydney Toolbox Vulnerability - Authenticated Stored Cross-Site Scripting via Filterable Gallery - CVE-2024-3208 | WordPress Plugin Vulnerability Report - Vulnerabilities

Sydney Toolbox Vulnerability – Authenticated Stored Cross-Site Scripting via Filterable Gallery – CVE-2024-3208 | WordPress Plugin Vulnerability Report

April 5, 2024

Posted in Vulnerabilities, Security

Plugin Name: Sydney Toolbox Key Information: Software Type: Plugin Software Slug: sydney-toolbox Software Status: Active Software Author: athemes Software Downloads:…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels Vulnerability - Missing Authorization to Unauthenticated Settings Reset - CVE-2024-3216 | WordPress Plugin Vulnerability Report - Vulnerabilities

WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels Vulnerability – Missing Authorization to Unauthenticated Settings Reset – CVE-2024-3216 | WordPress Plugin Vulnerability Report

April 5, 2024

Posted in Vulnerabilities, Security

Plugin Name: WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels Key Information: Software Type: Plugin Software Slug: print-invoices-packing-slip-labels-for-woocommerce…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - EmbedPress Vulnerability – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor - Authenticated (Contributor+) Stored Cross-Site Scripting - CVE-2024-3244 & CVE-2024-3245 | WordPress Plugin Vulnerability Report - Vulnerabilities

EmbedPress Vulnerability – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-3244 & CVE-2024-3245 | WordPress Plugin Vulnerability Report

April 5, 2024

Posted in Vulnerabilities, Security

Plugin Name: EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - FancyBox for WordPress Vulnerability - Authenticated (Admin+) Stored Cross-Site Scripting - CVE-2024-0662 | WordPress Plugin Vulnerability Report - Vulnerabilities

FancyBox for WordPress Vulnerability – Authenticated (Admin+) Stored Cross-Site Scripting – CVE-2024-0662 | WordPress Plugin Vulnerability Report

April 5, 2024

Posted in Vulnerabilities, Security

Plugin Name: FancyBox for WordPress Key Information: Software Type: Plugin Software Slug: fancybox-for-wordpress Software Status: Active Software Author: colorlibplugins Software…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Image Watermark Vulnerability - Missing Authorization to Authenticated (Subscriber+) Watermark Modification - CVE-2024-1994 | WordPress Plugin Vulnerability Report - Vulnerabilities

Image Watermark Vulnerability – Missing Authorization to Authenticated (Subscriber+) Watermark Modification – CVE-2024-1994 | WordPress Plugin Vulnerability Report

April 5, 2024

Posted in Vulnerabilities, Security

Plugin Name: Image Watermark Key Information: Software Type: Plugin Software Slug: image-watermark Software Status: Active Software Author: dfactory Software Downloads:…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Photo Gallery by 10Web Vulnerability – Mobile-Friendly Image Gallery - Authenticated (Admin+) Stored Cross-Site Scripting via SVG - CVE-2024-2296 | WordPress Plugin Vulnerability Report - Vulnerabilities

Photo Gallery by 10Web Vulnerability – Mobile-Friendly Image Gallery – Authenticated (Admin+) Stored Cross-Site Scripting via SVG – CVE-2024-2296 | WordPress Plugin Vulnerability Report

April 5, 2024

Posted in Vulnerabilities, Security

Plugin Name: Photo Gallery by 10Web – Mobile-Friendly Image Gallery Key Information: Software Type: Plugin Software Slug: photo-gallery Software Status:…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Carousel, Slider, Gallery by WP Carousel Vulnerability – Authenticated Stored Cross-Site Scripting - CVE-2024-2949 | WordPress Plugin Vulnerability Report - Vulnerabilities

Carousel, Slider, Gallery by WP Carousel Vulnerability – Authenticated Stored Cross-Site Scripting – CVE-2024-2949 | WordPress Plugin Vulnerability Report

April 5, 2024

Posted in Vulnerabilities, Security

Plugin Name: Carousel, Slider, Gallery by WP Carousel – Image Carousel & Photo Gallery, Post Carousel & Post Grid, Product…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) Vulnerability - Authenticated Stored Cross-Site Scripting - CVE-2024-1428 & CVE-2024-0837 | WordPress Plugin Vulnerability Report - Vulnerabilities

Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) Vulnerability – Authenticated Stored Cross-Site Scripting – CVE-2024-1428 & CVE-2024-0837 | WordPress Plugin Vulnerability Report

April 5, 2024

Posted in Vulnerabilities, Security

Plugin Name: Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) Key Information: Software Type:…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Email Subscribers by Icegram Express Vulnerability - Authenticated (Administrator+) Cross-Site Scripting & Missing Authorization - CVE-2024-2656 & CVE-2024-31352 | WordPress Plugin Vulnerability Report - Vulnerabilities

Email Subscribers by Icegram Express Vulnerability – Authenticated (Administrator+) Cross-Site Scripting & Missing Authorization – CVE-2024-2656 & CVE-2024-31352 | WordPress Plugin Vulnerability Report

April 5, 2024

Posted in Vulnerabilities, Security

Plugin Name: Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce Key Information: Software Type:…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - WordPress Gallery Plugin Vulnerability – NextGEN Gallery - Missing Authorization to Unauthenticated Information Disclosure - CVE-2024-3097 | WordPress Plugin Vulnerability Report - Vulnerabilities

WordPress Gallery Plugin Vulnerability – NextGEN Gallery – Missing Authorization to Unauthenticated Information Disclosure – CVE-2024-3097 | WordPress Plugin Vulnerability Report

April 5, 2024

Posted in Vulnerabilities, Security

Plugin Name: WordPress Gallery Plugin – NextGEN Gallery Key Information: Software Type: Plugin Software Slug: nextgen-gallery Software Status: Active Software…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Best WordPress Gallery Plugin Vulnerability – FooGallery - Authenticated Stored Cross-Site Scripting - CVE-2024-2081 & CVE-2024-247 | WordPress Plugin Vulnerability Report - Vulnerabilities

Best WordPress Gallery Plugin Vulnerability – FooGallery – Authenticated Stored Cross-Site Scripting – CVE-2024-2081 & CVE-2024-247 | WordPress Plugin Vulnerability Report

April 5, 2024

Posted in Vulnerabilities, Security

Plugin Name: Best WordPress Gallery Plugin – FooGallery Key Information: Software Type: Plugin Software Slug: foogallery Software Status: Active Software…

Read about this Latest WordPress Vulnerability

RSS Aggregator by Feedzy Vulnerability – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator – Authenticated Stored Cross-Site Scripting via Shortcode Error Message – CVE-2023-6877 | WordPress Plugin Vulnerability Report

Sydney Toolbox Vulnerability – Authenticated Stored Cross-Site Scripting via Filterable Gallery – CVE-2024-3208 | WordPress Plugin Vulnerability Report

WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels Vulnerability – Missing Authorization to Unauthenticated Settings Reset – CVE-2024-3216 | WordPress Plugin Vulnerability Report

EmbedPress Vulnerability – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-3244 & CVE-2024-3245 | WordPress Plugin Vulnerability Report

FancyBox for WordPress Vulnerability – Authenticated (Admin+) Stored Cross-Site Scripting – CVE-2024-0662 | WordPress Plugin Vulnerability Report

Image Watermark Vulnerability – Missing Authorization to Authenticated (Subscriber+) Watermark Modification – CVE-2024-1994 | WordPress Plugin Vulnerability Report

Photo Gallery by 10Web Vulnerability – Mobile-Friendly Image Gallery – Authenticated (Admin+) Stored Cross-Site Scripting via SVG – CVE-2024-2296 | WordPress Plugin Vulnerability Report

Carousel, Slider, Gallery by WP Carousel Vulnerability – Authenticated Stored Cross-Site Scripting – CVE-2024-2949 | WordPress Plugin Vulnerability Report

Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) Vulnerability – Authenticated Stored Cross-Site Scripting – CVE-2024-1428 & CVE-2024-0837 | WordPress Plugin Vulnerability Report

Email Subscribers by Icegram Express Vulnerability – Authenticated (Administrator+) Cross-Site Scripting & Missing Authorization – CVE-2024-2656 & CVE-2024-31352 | WordPress Plugin Vulnerability Report

WordPress Gallery Plugin Vulnerability – NextGEN Gallery – Missing Authorization to Unauthenticated Information Disclosure – CVE-2024-3097 | WordPress Plugin Vulnerability Report

Best WordPress Gallery Plugin Vulnerability – FooGallery – Authenticated Stored Cross-Site Scripting – CVE-2024-2081 & CVE-2024-247 | WordPress Plugin Vulnerability Report

Recent Blog Posts

Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App Vulnerability – Missing Authorization to Account Takeover via Unauthenticated Email Log Disclosure – CVE: NA | WordPress Plugin Vulnerability Report

SiteSEO – SEO Simplified Vulnerability – Missing Authorization to Authenticated (Author+) Plugin Settings Update – CVE-2025-12367 | WordPress Plugin Vulnerability Report

Qi Blocks Vulnerability – Missing Authorization to Authenticated (Contributor+) Plugin Settings Update – CVE-2025-12180 | WordPress Plugin Vulnerability Report

Additional Resources

About Your WP Guy