WordPress Vulnerability Daily Update

ShopLentor Vulnerability – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) – Authenticated Stored Cross-site Scripting via QR Code Widget – CVE-2024-2946 | WordPress Plugin Vulnerability Report

April 4, 2024

Plugin Name: ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) Key…

Read about this Latest WordPress Vulnerability

Relevanssi Vulnerability – A Better Search – Multiple Vulnerabilities – CVE-2024-3213 & CVE-2024-3214 | WordPress Plugin Vulnerability Report

April 4, 2024

Posted in Security, Vulnerabilities

Plugin Name: Relevanssi – A Better Search Key Information: Software Type: Plugin Software Slug: relevanssi Software Status: Active Software Author:…

Read about this Latest WordPress Vulnerability

LearnPress Vulnerability – WordPress LMS Plugin – CVE-2024-1289, CVE-2024-1463, CVE-2024-2115 – WordPress Plugin Vulnerability Report

April 4, 2024

Posted in Security, Vulnerabilities

Plugin Name: LearnPress – WordPress LMS Plugin Key Information: Software Type: Plugin Software Slug: learnpress Software Status: Active Software Author:…

Read about this Latest WordPress Vulnerability

File Manager Vulnerability – Authenticated Directory Traversal – CVE-2024-2654 | WordPress Plugin Vulnerability Report

April 3, 2024

Posted in Security, Vulnerabilities

Plugin Name: File Manager Key Information: Software Type: Plugin Software Slug: wp-file-manager Software Status: Active Software Author: mndpsingh287 Software Downloads:…

Read about this Latest WordPress Vulnerability

ElementsKit Elementor addons Vulnerability – Authenticated Stored Cross-Site Scripting via Countdown Widget – CVE-2024-2803 | WordPress Plugin Vulnerability Report

April 3, 2024

Posted in Security, Vulnerabilities

Plugin Name: ElementsKit Elementor addons Key Information: Software Type: Plugin Software Slug: elementskit-lite Software Status: Active Software Author: xpeedstudio Software…

Read about this Latest WordPress Vulnerability

Easy Digital Downloads Vulnerability – Sensitive Information Exposure – CVE-2024-2302 | WordPress Plugin Vulnerability Report

April 3, 2024

Posted in Security, Vulnerabilities

Plugin Name: Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) Key Information: Software…

Read about this Latest WordPress Vulnerability

CMB2 Vulnerability – Authenticated PHP Object Injection – CVE-2024-1792 | WordPress Plugin Vulnerability Report

April 3, 2024

Posted in Security, Vulnerabilities

Plugin Name: CMB2 Key Information: Software Type: Plugin Software Slug: cmb2 Software Status: Active Software Author: jtsternberg Software Downloads: 4,198,199…

Read about this Latest WordPress Vulnerability

Gutenberg Blocks by Kadence Blocks Vulnerability – Page Builder Features – Multiple Vulnerabilities – CVE-2024-0598 & CVE-2024-2919 | WordPress Plugin Vulnerability Report

April 3, 2024

Posted in Security, Vulnerabilities

Plugin Name: Gutenberg Blocks by Kadence Blocks – Page Builder Features Key Information: Software Type: Plugin Software Slug: kadence-blocks Software…

Read about this Latest WordPress Vulnerability

Happy Addons for Elementor Vulnerability – Multiple XSS Vulnerabilities – CVE-2024-2787, CVE-2024-2789, CVE-2024-1498, CVE-2024-1387 | WordPress Plugin Vulnerability Report

April 3, 2024

Posted in Security, Vulnerabilities

Plugin Name: Happy Addons for Elementor Key Information Software Type: Plugin Software Slug: happy-elementor-addons Software Status: Active Software Author: thehappymonster…

Read about this Latest WordPress Vulnerability

WordPress Tag and Category Manager Vulnerability – AI Autotagger – Authenticated Stored Cross-Site Scripting via Shortcode – CVE-2024-2830 | WordPress Plugin Vulnerability Report

April 3, 2024

Posted in Security, Vulnerabilities

Plugin Name: WordPress Tag and Category Manager – AI Autotagger Key Information: Software Type: Plugin Software Slug: simple-tags Software Status:…

Read about this Latest WordPress Vulnerability

Spectra Vulnerability – WordPress Gutenberg Blocks – Authenticated Cross-Site Scripting via Custom CSS – CVE-2023-6486 | WordPress Plugin Vulnerability Report

April 3, 2024

Posted in Security, Vulnerabilities

Plugin Name: Spectra – WordPress Gutenberg Blocks Key Information Software Type: Plugin Software Slug: ultimate-addons-for-gutenberg Software Status: Active Software Author:…

Read about this Latest WordPress Vulnerability

ShopLentor Vulnerability – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) – Authenticated Stored Cross-Site Scripting via WL Universal Product Layout – CVE-2024-2868 | WordPress Plugin Vulnerability Report

April 3, 2024

Posted in Security, Vulnerabilities

Plugin Name: ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) Key…

Read about this Latest WordPress Vulnerability

ShopLentor Vulnerability – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) – Authenticated Stored Cross-site Scripting via QR Code Widget – CVE-2024-2946 | WordPress Plugin Vulnerability Report

Relevanssi Vulnerability – A Better Search – Multiple Vulnerabilities – CVE-2024-3213 & CVE-2024-3214 | WordPress Plugin Vulnerability Report

LearnPress Vulnerability – WordPress LMS Plugin – CVE-2024-1289, CVE-2024-1463, CVE-2024-2115 – WordPress Plugin Vulnerability Report

File Manager Vulnerability – Authenticated Directory Traversal – CVE-2024-2654 | WordPress Plugin Vulnerability Report

ElementsKit Elementor addons Vulnerability – Authenticated Stored Cross-Site Scripting via Countdown Widget – CVE-2024-2803 | WordPress Plugin Vulnerability Report

Easy Digital Downloads Vulnerability – Sensitive Information Exposure – CVE-2024-2302 | WordPress Plugin Vulnerability Report

CMB2 Vulnerability – Authenticated PHP Object Injection – CVE-2024-1792 | WordPress Plugin Vulnerability Report

Gutenberg Blocks by Kadence Blocks Vulnerability – Page Builder Features – Multiple Vulnerabilities – CVE-2024-0598 & CVE-2024-2919 | WordPress Plugin Vulnerability Report

Happy Addons for Elementor Vulnerability – Multiple XSS Vulnerabilities – CVE-2024-2787, CVE-2024-2789, CVE-2024-1498, CVE-2024-1387 | WordPress Plugin Vulnerability Report

WordPress Tag and Category Manager Vulnerability – AI Autotagger – Authenticated Stored Cross-Site Scripting via Shortcode – CVE-2024-2830 | WordPress Plugin Vulnerability Report

Spectra Vulnerability – WordPress Gutenberg Blocks – Authenticated Cross-Site Scripting via Custom CSS – CVE-2023-6486 | WordPress Plugin Vulnerability Report

ShopLentor Vulnerability – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) – Authenticated Stored Cross-Site Scripting via WL Universal Product Layout – CVE-2024-2868 | WordPress Plugin Vulnerability Report

Recent Blog Posts

LiteSpeed Cache Vulnerability – Unauthenticated Sensitive Information Exposure via Log Files – CVE-2024-44000 | WordPress Plugin Vulnerability Report

Elementor Addon Elements Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Parameters – CVE-2024-4401, CVE-2024-7122 | WordPress Plugin Vulnerability Report

The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid Vulnerability – Authenticated (Contributor+) Information Disclosure – CVE-2024-7418 | WordPress Plugin Vulnerability Report

Additional Resources

About Your WP Guy