WordPress Vulnerability Daily Update

WP Plugin Vulnerabilities Image - Gutenberg Block Editor Toolkit Vulnerability – EditorsKit - Authenticated (Contributor+) Stored Cross-Site Scripting - CVE-2024-2794 | WordPress Plugin Vulnerability Report - Vulnerabilities

Gutenberg Block Editor Toolkit Vulnerability – EditorsKit – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-2794 | WordPress Plugin Vulnerability Report

March 29, 2024

Plugin Name: Gutenberg Block Editor Toolkit – EditorsKit Key Information: Software Type: Plugin Software Slug: block-options Software Status: Active Software…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Essential Addons for Elementor Vulnerability – Best Elementor Templates, Widgets, Kits & WooCommerce Builders - Authenticated (Author+) PHP Object Injection via error_resetpassword - CVE-2024-3018 | WordPress Plugin Vulnerability Report - Vulnerabilities

Essential Addons for Elementor Vulnerability – Best Elementor Templates, Widgets, Kits & WooCommerce Builders – Authenticated (Author+) PHP Object Injection via error_resetpassword – CVE-2024-3018 | WordPress Plugin Vulnerability Report

March 29, 2024

Posted in Vulnerabilities, Security

Plugin Name: Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders Key Information: Software Type: Plugin…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - ElementsKit Elementor addons Vulnerability - Authenticated (Contributor+) Local File Inclusion in render_raw - CVE-2024-2047 | WordPress Plugin Vulnerability Report - Vulnerabilities

ElementsKit Elementor addons Vulnerability – Authenticated (Contributor+) Local File Inclusion in render_raw – CVE-2024-2047 | WordPress Plugin Vulnerability Report

March 29, 2024

Posted in Vulnerabilities, Security

Plugin Name: ElementsKit Elementor addons Key Information: Software Type: Plugin Software Slug: elementskit-lite Software Status: Active Software Author: xpeedstudio Software…

Read about this Latest WordPress Vulnerability

BoldGrid Easy SEO Vulnerability – Authenticated(Contributor+) Stored Cross-Site Scripting via Meta Description – CVE-2024-1692 |WordPress Plugin Vulnerability Report

March 29, 2024

Posted in Security, Vulnerabilities

Plugin Name: BoldGrid Easy SEO – Simple and Effective SEO Key Information: Software Type: Plugin Software Slug: boldgrid-easy-seo Software Status:…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Unlimited Elements For Elementor (Free Widgets, Addons, Templates) Vulnerability - Authenticated (Contributor+) Stored Cross-Site Scripting via Widget Link - CVE-2024-0367 | WordPress Plugin Vulnerability Report - Vulnerabilities

Unlimited Elements For Elementor (Free Widgets, Addons, Templates) Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Widget Link – CVE-2024-0367 | WordPress Plugin Vulnerability Report

March 29, 2024

Posted in Vulnerabilities, Security

Plugin Name: Unlimited Elements For Elementor (Free Widgets, Addons, Templates) Key Information: Software Type: Plugin Software Slug: unlimited-elements-for-elementor Software Status:…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - WP Chat App Vulnerability - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Image Attribute - CVE-2024-2513 |WordPress Plugin Vulnerability Report - Vulnerabilities

WP Chat App Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Block Image Attribute – CVE-2024-2513 |WordPress Plugin Vulnerability Report

March 29, 2024

Posted in Vulnerabilities, Security

Plugin Name: WP Chat App Key Information: Software Type: Plugin Software Slug: wp-whatsapp Software Status: Active Software Author: ninjateam Software…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Ultimate Addons for Beaver Builder Vulnerability – Lite - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Separator Widget - CVE-2024-2144 | WordPress Plugin Vulnerability Report - Vulnerabilities

Ultimate Addons for Beaver Builder Vulnerability – Lite – Authenticated (Contributor+) Stored Cross-Site Scripting via Image Separator Widget – CVE-2024-2144 | WordPress Plugin Vulnerability Report

March 29, 2024

Posted in Vulnerabilities, Security

Plugin Name: Ultimate Addons for Beaver Builder – Lite Key Information: Software Type: Plugin Software Slug: ultimate-addons-for-beaver-builder-lite Software Status: Active…

Read about this Latest WordPress Vulnerability

Forminator Vulnerability – Unauthenticated Stored Cross-Site Scripting via File Upload – CVE-2024-1794 | WordPress Plugin Vulnerability Report

March 29, 2024

Posted in Vulnerabilities, Security

Plugin Name: Forminator Key Information: Software Type: Plugin Software Slug: forminator Software Status: Active Software Author: wpmudev Software Downloads: 6,543,744 Active Installs: 500,000 Last Updated: March 29,…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - List category posts Vulnerability - Authenticated (Contributor+) Stored Cross-Site Scripting - CVE-2024-1051 | WordPress Plugin Vulnerability Report - Vulnerabilities

List category posts Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-1051 | WordPress Plugin Vulnerability Report

March 29, 2024

Posted in Vulnerabilities, Security

Plugin Name: List category posts Key Information: Software Type: Plugin Software Slug: list-category-posts Software Status: Active Software Author: fernandobt Software Downloads: 3,812,968 Active Installs: 100,000 Last…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - PowerPack Addons for Elementor Vulnerability - Authenticated (Contributor+) Stored Cross-Site Scripting - CVE-2024-2491, CVE-2024-2492 | WordPress Plugin Vulnerability Report - Vulnerabilities

PowerPack Addons for Elementor Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-2491, CVE-2024-2492 | WordPress Plugin Vulnerability Report

March 29, 2024

Posted in Vulnerabilities, Security

Plugin Name: PowerPack Addons for Elementor Key Information: Software Type: Plugin Software Slug: powerpack-lite-for-elementor Software Status: Active Software Author: ideaboxcreations Software Downloads: 2,280,809 Active Installs: 100,000…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - HUSKY Vulnerability – Products Filter Professional for WooCommerce - Authenticated (Admin+) Local File Inclusion - CVE-2024-3061 | WordPress Plugin Vulnerability Report - Vulnerabilities

HUSKY Vulnerability – Products Filter Professional for WooCommerce – Authenticated (Admin+) Local File Inclusion – CVE-2024-3061 | WordPress Plugin Vulnerability Report

March 28, 2024

Posted in Vulnerabilities, Security

Plugin Name: HUSKY – Products Filter Professional for WooCommerce Key Information: Software Type: Plugin Software Slug: woocommerce-products-filter Software Status: Active…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Media Library Assistant Vulnerability - Authenticated (Contributor+) Stored Cross-Site Scripting via mla_gallery Shortcode - CVE-2024-2475 |WordPress Plugin Vulnerability Report - Vulnerabilities

Media Library Assistant Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via mla_gallery Shortcode – CVE-2024-2475 |WordPress Plugin Vulnerability Report

March 28, 2024

Posted in Vulnerabilities, Security

Plugin Name: Media Library Assistant Key Information: Software Type: Plugin Software Slug: media-library-assistant Software Status: Active Software Author: dglingren Software…

Read about this Latest WordPress Vulnerability

Gutenberg Block Editor Toolkit Vulnerability – EditorsKit – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-2794 | WordPress Plugin Vulnerability Report

Essential Addons for Elementor Vulnerability – Best Elementor Templates, Widgets, Kits & WooCommerce Builders – Authenticated (Author+) PHP Object Injection via error_resetpassword – CVE-2024-3018 | WordPress Plugin Vulnerability Report

ElementsKit Elementor addons Vulnerability – Authenticated (Contributor+) Local File Inclusion in render_raw – CVE-2024-2047 | WordPress Plugin Vulnerability Report

BoldGrid Easy SEO Vulnerability – Authenticated(Contributor+) Stored Cross-Site Scripting via Meta Description – CVE-2024-1692 |WordPress Plugin Vulnerability Report

Unlimited Elements For Elementor (Free Widgets, Addons, Templates) Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Widget Link – CVE-2024-0367 | WordPress Plugin Vulnerability Report

WP Chat App Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Block Image Attribute – CVE-2024-2513 |WordPress Plugin Vulnerability Report

Ultimate Addons for Beaver Builder Vulnerability – Lite – Authenticated (Contributor+) Stored Cross-Site Scripting via Image Separator Widget – CVE-2024-2144 | WordPress Plugin Vulnerability Report

Forminator Vulnerability – Unauthenticated Stored Cross-Site Scripting via File Upload – CVE-2024-1794 | WordPress Plugin Vulnerability Report

PowerPack Addons for Elementor Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-2491, CVE-2024-2492 | WordPress Plugin Vulnerability Report

HUSKY Vulnerability – Products Filter Professional for WooCommerce – Authenticated (Admin+) Local File Inclusion – CVE-2024-3061 | WordPress Plugin Vulnerability Report

Media Library Assistant Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via mla_gallery Shortcode – CVE-2024-2475 |WordPress Plugin Vulnerability Report

Recent Blog Posts

Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App Vulnerability – Missing Authorization to Account Takeover via Unauthenticated Email Log Disclosure – CVE: NA | WordPress Plugin Vulnerability Report

SiteSEO – SEO Simplified Vulnerability – Missing Authorization to Authenticated (Author+) Plugin Settings Update – CVE-2025-12367 | WordPress Plugin Vulnerability Report

Qi Blocks Vulnerability – Missing Authorization to Authenticated (Contributor+) Plugin Settings Update – CVE-2025-12180 | WordPress Plugin Vulnerability Report

Additional Resources

About Your WP Guy