WordPress Vulnerability Daily Update

Jeg Elementor Kit Vulnerability – Multiple Stored Cross-Site Scripting Issues – CVE-2024-1327 & CVE-2024-3162 |WordPress Plugin Vulnerability Report

April 2, 2024

Plugin Name: Jeg Elementor Kit Key Information: Software Type: Plugin Software Slug: jeg-elementor-kit Software Status: Active Software Author: jegtheme Software…

Read about this Latest WordPress Vulnerability

WPFront User Role Editor Vulnerability – Limited Information Exposure – CVE-2024-2931 | WordPress Plugin Vulnerability Report

April 1, 2024

Posted in Security, Vulnerabilities

Plugin Name: WPFront User Role Editor Key Information: Software Type: Plugin Software Slug: wpfront-user-role-editor Software Status: Active Software Author: syammohanm…

Read about this Latest WordPress Vulnerability

WP-Members Membership Plugin Vulnerability – Unauthenticated Stored Cross-Site Scripting – CVE-2024-1852 | WordPress Plugin Vulnerability Report

April 1, 2024

Posted in Security, Vulnerabilities

Plugin Name: WP-Members Membership Plugin Key Information: Software Type: Plugin Software Slug: wp-members Software Status: Active Software Author: cbutlerjr Software…

Read about this Latest WordPress Vulnerability

Template Kit – Import Vulnerability – Authenticated Stored Cross-Site Scripting via Template Upload – CVE-2024-2334 | WordPress Plugin Vulnerability Report

April 1, 2024

Posted in Security, Vulnerabilities

Plugin Name: Template Kit – Import Key Information: Software Type: Plugin Software Slug: template-kit-import Software Status: Active Software Author: Envato…

Read about this Latest WordPress Vulnerability

SecuPress Free Vulnerability — WordPress Security – Cross-Site Request Forgery to Banned IP Address – CVE-2024-1504 | WordPress Plugin Vulnerability Report

April 1, 2024

Posted in Security, Vulnerabilities

Plugin Name: SecuPress Free – WordPress Security Key Information: Software Type: Plugin Software Slug: secupress Software Status: Active Software Author:…

Read about this Latest WordPress Vulnerability

MetForm Vulnerability – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor – Authenticated Stored Cross-Site Scripting via Widgets – CVE-2024-2791 | WordPress Plugin Vulnerability Report

April 1, 2024

Posted in Security, Vulnerabilities

Plugin Name: MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor Key Information: Software Type: Plugin Software…

Read about this Latest WordPress Vulnerability

Genesis Blocks – Authenticated Stored Cross-Site Scripting via Block Content – CVE-2024-1946 | WordPress Plugin Vulnerability Report

April 1, 2024

Posted in Security, Vulnerabilities

Plugin Name: Genesis Blocks Key Information: Software Type: Plugin Software Slug: genesis-blocks Software Status: Active Software Author: StudioPress Software Downloads:…

Read about this Latest WordPress Vulnerability

Colibri Page Builder Vulnerability – Authenticated Stored Cross-Site Scripting – CVE-2024-2839 | WordPress Plugin Vulnerability Report

April 1, 2024

Posted in Security, Vulnerabilities

Plugin Name: Colibri Page Builder Key Information: Software Type: Plugin Software Slug: colibri-page-builder Software Status: Active Software Author: extendthemes Software…

Read about this Latest WordPress Vulnerability

Beaver Builder Vulnerability – WordPress Page Builder – Authenticated Stored Cross-Site Scripting via Button – CVE-2024-2925 | WordPress Plugin Vulnerability Report

April 1, 2024

Posted in Security, Vulnerabilities

Plugin Name: Beaver Builder – WordPress Page Builder Key Information: Software Type: Plugin Software Slug: beaver-builder-lite-version Software Status: Active Software…

Read about this Latest WordPress Vulnerability

Gutenberg Block Editor Toolkit Vulnerability – EditorsKit – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-2794 | WordPress Plugin Vulnerability Report

March 29, 2024

Posted in Security, Vulnerabilities

Plugin Name: Gutenberg Block Editor Toolkit – EditorsKit Key Information: Software Type: Plugin Software Slug: block-options Software Status: Active Software…

Read about this Latest WordPress Vulnerability

Essential Addons for Elementor Vulnerability – Best Elementor Templates, Widgets, Kits & WooCommerce Builders – Authenticated (Author+) PHP Object Injection via error_resetpassword – CVE-2024-3018 | WordPress Plugin Vulnerability Report

March 29, 2024

Posted in Security, Vulnerabilities

Plugin Name: Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders Key Information: Software Type: Plugin…

Read about this Latest WordPress Vulnerability

ElementsKit Elementor addons Vulnerability – Authenticated (Contributor+) Local File Inclusion in render_raw – CVE-2024-2047 | WordPress Plugin Vulnerability Report

March 29, 2024

Posted in Security, Vulnerabilities

Plugin Name: ElementsKit Elementor addons Key Information: Software Type: Plugin Software Slug: elementskit-lite Software Status: Active Software Author: xpeedstudio Software…

Read about this Latest WordPress Vulnerability

Jeg Elementor Kit Vulnerability – Multiple Stored Cross-Site Scripting Issues – CVE-2024-1327 & CVE-2024-3162 |WordPress Plugin Vulnerability Report

WPFront User Role Editor Vulnerability – Limited Information Exposure – CVE-2024-2931 | WordPress Plugin Vulnerability Report

WP-Members Membership Plugin Vulnerability – Unauthenticated Stored Cross-Site Scripting – CVE-2024-1852 | WordPress Plugin Vulnerability Report

Template Kit – Import Vulnerability – Authenticated Stored Cross-Site Scripting via Template Upload – CVE-2024-2334 | WordPress Plugin Vulnerability Report

SecuPress Free Vulnerability — WordPress Security – Cross-Site Request Forgery to Banned IP Address – CVE-2024-1504 | WordPress Plugin Vulnerability Report

MetForm Vulnerability – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor – Authenticated Stored Cross-Site Scripting via Widgets – CVE-2024-2791 | WordPress Plugin Vulnerability Report

Genesis Blocks – Authenticated Stored Cross-Site Scripting via Block Content – CVE-2024-1946 | WordPress Plugin Vulnerability Report

Colibri Page Builder Vulnerability – Authenticated Stored Cross-Site Scripting – CVE-2024-2839 | WordPress Plugin Vulnerability Report

Beaver Builder Vulnerability – WordPress Page Builder – Authenticated Stored Cross-Site Scripting via Button – CVE-2024-2925 | WordPress Plugin Vulnerability Report

Gutenberg Block Editor Toolkit Vulnerability – EditorsKit – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-2794 | WordPress Plugin Vulnerability Report

Essential Addons for Elementor Vulnerability – Best Elementor Templates, Widgets, Kits & WooCommerce Builders – Authenticated (Author+) PHP Object Injection via error_resetpassword – CVE-2024-3018 | WordPress Plugin Vulnerability Report

ElementsKit Elementor addons Vulnerability – Authenticated (Contributor+) Local File Inclusion in render_raw – CVE-2024-2047 | WordPress Plugin Vulnerability Report

Recent Blog Posts

LiteSpeed Cache Vulnerability – Unauthenticated Sensitive Information Exposure via Log Files – CVE-2024-44000 | WordPress Plugin Vulnerability Report

Elementor Addon Elements Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Parameters – CVE-2024-4401, CVE-2024-7122 | WordPress Plugin Vulnerability Report

The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid Vulnerability – Authenticated (Contributor+) Information Disclosure – CVE-2024-7418 | WordPress Plugin Vulnerability Report

Additional Resources

About Your WP Guy