WordPress Vulnerability Daily Update

BoldGrid Easy SEO Vulnerability – Authenticated(Contributor+) Stored Cross-Site Scripting via Meta Description – CVE-2024-1692 |WordPress Plugin Vulnerability Report

March 29, 2024

Plugin Name: BoldGrid Easy SEO – Simple and Effective SEO Key Information: Software Type: Plugin Software Slug: boldgrid-easy-seo Software Status:…

Read about this Latest WordPress Vulnerability

Unlimited Elements For Elementor (Free Widgets, Addons, Templates) Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Widget Link – CVE-2024-0367 | WordPress Plugin Vulnerability Report

March 29, 2024

Posted in Security, Vulnerabilities

Plugin Name: Unlimited Elements For Elementor (Free Widgets, Addons, Templates) Key Information: Software Type: Plugin Software Slug: unlimited-elements-for-elementor Software Status:…

Read about this Latest WordPress Vulnerability

WP Chat App Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Block Image Attribute – CVE-2024-2513 |WordPress Plugin Vulnerability Report

March 29, 2024

Posted in Security, Vulnerabilities

Plugin Name: WP Chat App Key Information: Software Type: Plugin Software Slug: wp-whatsapp Software Status: Active Software Author: ninjateam Software…

Read about this Latest WordPress Vulnerability

Ultimate Addons for Beaver Builder Vulnerability – Lite – Authenticated (Contributor+) Stored Cross-Site Scripting via Image Separator Widget – CVE-2024-2144 | WordPress Plugin Vulnerability Report

March 29, 2024

Posted in Security, Vulnerabilities

Plugin Name: Ultimate Addons for Beaver Builder – Lite Key Information: Software Type: Plugin Software Slug: ultimate-addons-for-beaver-builder-lite Software Status: Active…

Read about this Latest WordPress Vulnerability

Forminator Vulnerability – Unauthenticated Stored Cross-Site Scripting via File Upload – CVE-2024-1794 | WordPress Plugin Vulnerability Report

March 29, 2024

Posted in Security, Vulnerabilities

Plugin Name: Forminator Key Information: Software Type: Plugin Software Slug: forminator Software Status: Active Software Author: wpmudev Software Downloads: 6,543,744 Active Installs: 500,000 Last Updated: March 29,…

Read about this Latest WordPress Vulnerability

List category posts Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-1051 | WordPress Plugin Vulnerability Report

March 29, 2024

Posted in Security, Vulnerabilities

Plugin Name: List category posts Key Information: Software Type: Plugin Software Slug: list-category-posts Software Status: Active Software Author: fernandobt Software Downloads: 3,812,968 Active Installs: 100,000 Last…

Read about this Latest WordPress Vulnerability

PowerPack Addons for Elementor Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-2491, CVE-2024-2492 | WordPress Plugin Vulnerability Report

March 29, 2024

Posted in Security, Vulnerabilities

Plugin Name: PowerPack Addons for Elementor Key Information: Software Type: Plugin Software Slug: powerpack-lite-for-elementor Software Status: Active Software Author: ideaboxcreations Software Downloads: 2,280,809 Active Installs: 100,000…

Read about this Latest WordPress Vulnerability

HUSKY Vulnerability – Products Filter Professional for WooCommerce – Authenticated (Admin+) Local File Inclusion – CVE-2024-3061 | WordPress Plugin Vulnerability Report

March 28, 2024

Posted in Security, Vulnerabilities

Plugin Name: HUSKY – Products Filter Professional for WooCommerce Key Information: Software Type: Plugin Software Slug: woocommerce-products-filter Software Status: Active…

Read about this Latest WordPress Vulnerability

Media Library Assistant Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via mla_gallery Shortcode – CVE-2024-2475 |WordPress Plugin Vulnerability Report

March 28, 2024

Posted in Security, Vulnerabilities

Plugin Name: Media Library Assistant Key Information: Software Type: Plugin Software Slug: media-library-assistant Software Status: Active Software Author: dglingren Software…

Read about this Latest WordPress Vulnerability

Ninja Forms Contact Form Vulnerability – The Drag and Drop Form Builder for WordPress – Cross-Site Request Forgery to Publicly Accessible Form Submission Export – CVE-2024-2113 | WordPress Plugin Vulnerability Report

March 28, 2024

Posted in Security, Vulnerabilities

Plugin Name: Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress Key Information: Software Type: Plugin…

Read about this Latest WordPress Vulnerability

Otter Blocks Vulnerability – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-2841 | WordPress Plugin Vulnerability Report

March 28, 2024

Posted in Security, Vulnerabilities

Plugin Name: Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE Key Information: Software Type: Plugin Software…

Read about this Latest WordPress Vulnerability

Stackable Vulnerability – Page Builder Gutenberg Blocks – Authenticated Stored Cross-Site Scripting via Posts Block – CVE-2024-2039 |WordPress Plugin Vulnerability Report

March 28, 2024

Posted in Security, Vulnerabilities

Plugin Name: Stackable – Page Builder Gutenberg Blocks Key Information: Software Type: Plugin Software Slug: stackable-ultimate-gutenberg-blocks Software Status: Active Software…

Read about this Latest WordPress Vulnerability

BoldGrid Easy SEO Vulnerability – Authenticated(Contributor+) Stored Cross-Site Scripting via Meta Description – CVE-2024-1692 |WordPress Plugin Vulnerability Report

Unlimited Elements For Elementor (Free Widgets, Addons, Templates) Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Widget Link – CVE-2024-0367 | WordPress Plugin Vulnerability Report

WP Chat App Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Block Image Attribute – CVE-2024-2513 |WordPress Plugin Vulnerability Report

Ultimate Addons for Beaver Builder Vulnerability – Lite – Authenticated (Contributor+) Stored Cross-Site Scripting via Image Separator Widget – CVE-2024-2144 | WordPress Plugin Vulnerability Report

Forminator Vulnerability – Unauthenticated Stored Cross-Site Scripting via File Upload – CVE-2024-1794 | WordPress Plugin Vulnerability Report

PowerPack Addons for Elementor Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-2491, CVE-2024-2492 | WordPress Plugin Vulnerability Report

HUSKY Vulnerability – Products Filter Professional for WooCommerce – Authenticated (Admin+) Local File Inclusion – CVE-2024-3061 | WordPress Plugin Vulnerability Report

Media Library Assistant Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via mla_gallery Shortcode – CVE-2024-2475 |WordPress Plugin Vulnerability Report

Ninja Forms Contact Form Vulnerability – The Drag and Drop Form Builder for WordPress – Cross-Site Request Forgery to Publicly Accessible Form Submission Export – CVE-2024-2113 | WordPress Plugin Vulnerability Report

Otter Blocks Vulnerability – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-2841 | WordPress Plugin Vulnerability Report

Stackable Vulnerability – Page Builder Gutenberg Blocks – Authenticated Stored Cross-Site Scripting via Posts Block – CVE-2024-2039 |WordPress Plugin Vulnerability Report

Recent Blog Posts

LiteSpeed Cache Vulnerability – Unauthenticated Sensitive Information Exposure via Log Files – CVE-2024-44000 | WordPress Plugin Vulnerability Report

Elementor Addon Elements Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Parameters – CVE-2024-4401, CVE-2024-7122 | WordPress Plugin Vulnerability Report

The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid Vulnerability – Authenticated (Contributor+) Information Disclosure – CVE-2024-7418 | WordPress Plugin Vulnerability Report

Additional Resources

About Your WP Guy