WordPress Vulnerability Daily Update

WP Plugin Vulnerabilities Image - Theme My Login Vulnrability - Cross-Site Request Forgery to Settings Update - CVE-2024-7422 | WordPress Plugin Vulnerability Report - Vulnerabilities

Theme My Login Vulnrability – Cross-Site Request Forgery to Settings Update – CVE-2024-7422 | WordPress Plugin Vulnerability Report

August 15, 2024

Plugin Name: Theme My Login Key Information: Software Type: Plugin Software Slug: theme-my-login Software Status: Active Software Author: jfarthing84 Software…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - ElementsKit Pro Vulnerability - Authenticated Sensitive Information Exposure & Stored Cross-Site Scripting - CVE-2024-7063, CVE-2024-7064 | WordPress Plugin Vulnerability Report - Vulnerabilities

ElementsKit Pro Vulnerability – Authenticated Sensitive Information Exposure & Stored Cross-Site Scripting – CVE-2024-7063, CVE-2024-7064 | WordPress Plugin Vulnerability Report

August 14, 2024

Posted in Vulnerabilities, Security

Plugin Name: ElementsKit Pro Key Information: Software Type: Plugin Software Slug: elementskit Software Status: Active Software Author: wpmet Software Downloads:…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Insert PHP Code Snippet Vulnerability - Cross-Site Request Forgery to Code Snippet Activate/Deactivate/Deletion - CVE-2024-7420 | WordPress Plugin Vulnerability Report - Vulnerabilities

Insert PHP Code Snippet Vulnerability – Cross-Site Request Forgery to Code Snippet Activate/Deactivate/Deletion – CVE-2024-7420 | WordPress Plugin Vulnerability Report

August 14, 2024

Posted in Vulnerabilities, Security

Plugin Name: Insert PHP Code Snippet Key Information: Software Type: Plugin Software Slug: insert-php-code-snippet Software Status: Active Software Author: f1logic…

Read about this Latest WordPress Vulnerability

Slider & Popup Builder by Depicter Vulnerability – Authenticated (Contributor+) Arbitrary File Upload – CVE-2024-4389 | WordPress Plugin Vulnerability Report

August 13, 2024

Posted in Vulnerabilities, Security

Plugin Name: Slider & Popup Builder by Depicter – Add Image Slider, Carousel Slider, Exit Intent Popup, Popup Modal, Coupon…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Media Library Assistant Vulnerability- Authenticated (Author+) Arbitrary File Upload via mla-inline-edit-upload-scripts AJAX Action - CVE-2024-6823 | WordPress Plugin Vulnerability Report - Vulnerabilities

Media Library Assistant Vulnerability- Authenticated (Author+) Arbitrary File Upload via mla-inline-edit-upload-scripts AJAX Action – CVE-2024-6823 | WordPress Plugin Vulnerability Report

August 12, 2024

Posted in Vulnerabilities, Security

Plugin Name: Media Library Assistant Key Information: Software Type: Plugin Software Slug: media-library-assistant Software Status: Active Software Author: dglingren Software…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) Vulnerability - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Gallery and Countdown Widgets - CVE-2024-7247 | WordPress Plugin Vulnerability Report - Vulnerabilities

Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Gallery and Countdown Widgets – CVE-2024-7247 | WordPress Plugin Vulnerability Report

August 12, 2024

Posted in Vulnerabilities, Security

Plugin Name: Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) Key Information: Software Type:…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Premium Addons for Elementor Vulnerability - Missing Authorization to Authenticated (Contributor+) Arbitrary Content Deletion and Arbitrary Title Update - CVE-2024-6824 | WordPress Plugin Vulnerability Report - Vulnerabilities

Premium Addons for Elementor Vulnerability – Missing Authorization to Authenticated (Contributor+) Arbitrary Content Deletion and Arbitrary Title Update – CVE-2024-6824 | WordPress Plugin Vulnerability Report

August 7, 2024

Posted in Vulnerabilities, Security

Plugin Name: Premium Addons for Elementor Key Information: Software Type: Plugin Software Slug: premium-addons-for-elementor Software Status: Active Software Author: leap13…

Read about this Latest WordPress Vulnerability

Lightbox & Modal Popup WordPress Plugin – FooBox Vulnerability – Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via HTML Data Attributes – CVE-2024-5668 | WordPress Plugin Vulnerability Report

August 7, 2024

Posted in Vulnerabilities, Security

Plugin Name: Lightbox & Modal Popup WordPress Plugin – FooBox Key Information: Software Type: Plugin Software Slug: foobox-image-lightbox Software Status:…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Forminator – Contact Form, Payment Form & Custom Form Builder Vulnerability - HubSpot Developer API Key Sensitive Information Exposure - CVE-2024-7389 | WordPress Plugin Vulnerability Report - Vulnerabilities

Forminator – Contact Form, Payment Form & Custom Form Builder Vulnerability – HubSpot Developer API Key Sensitive Information Exposure – CVE-2024-7389 | WordPress Plugin Vulnerability Report

August 1, 2024

Posted in Vulnerabilities, Security

Plugin Name: Forminator – Contact Form, Payment Form & Custom Form Builder Key Information: Software Type: Plugin Software Slug: forminator…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Essential Addons for Elementor Vulnerability - Authenticated (Contributor+) Stored Cross-Site Scripting - CVE-2024-39649 | WordPress Plugin Vulnerability Report - Vulnerabilities

Essential Addons for Elementor Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-39649 | WordPress Plugin Vulnerability Report

August 1, 2024

Posted in Vulnerabilities, Security

Plugin Name: Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders Key Information: Software Type: Plugin…

Read about this Latest WordPress Vulnerability

Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-4643 | WordPress Plugin Vulnerability Report

August 1, 2024

Posted in Vulnerabilities, Security

Plugin Name: Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) Key Information: Software Type:…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder Vulnerability - Authenticated (Subscriber+) Stored Cross-Site Scripting - CVE-2024-6725 | WordPress Plugin Vulnerability Report - Vulnerabilities

Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder Vulnerability – Authenticated (Subscriber+) Stored Cross-Site Scripting – CVE-2024-6725 | WordPress Plugin Vulnerability Report

July 30, 2024

Posted in Vulnerabilities, Security

Plugin Name: Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder Key Information: Software…

Read about this Latest WordPress Vulnerability

ElementsKit Pro Vulnerability – Authenticated Sensitive Information Exposure & Stored Cross-Site Scripting – CVE-2024-7063, CVE-2024-7064 | WordPress Plugin Vulnerability Report

Insert PHP Code Snippet Vulnerability – Cross-Site Request Forgery to Code Snippet Activate/Deactivate/Deletion – CVE-2024-7420 | WordPress Plugin Vulnerability Report

Media Library Assistant Vulnerability- Authenticated (Author+) Arbitrary File Upload via mla-inline-edit-upload-scripts AJAX Action – CVE-2024-6823 | WordPress Plugin Vulnerability Report

Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Gallery and Countdown Widgets – CVE-2024-7247 | WordPress Plugin Vulnerability Report

Premium Addons for Elementor Vulnerability – Missing Authorization to Authenticated (Contributor+) Arbitrary Content Deletion and Arbitrary Title Update – CVE-2024-6824 | WordPress Plugin Vulnerability Report

Lightbox & Modal Popup WordPress Plugin – FooBox Vulnerability – Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via HTML Data Attributes – CVE-2024-5668 | WordPress Plugin Vulnerability Report

Forminator – Contact Form, Payment Form & Custom Form Builder Vulnerability – HubSpot Developer API Key Sensitive Information Exposure – CVE-2024-7389 | WordPress Plugin Vulnerability Report

Essential Addons for Elementor Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-39649 | WordPress Plugin Vulnerability Report

Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-4643 | WordPress Plugin Vulnerability Report

Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder Vulnerability – Authenticated (Subscriber+) Stored Cross-Site Scripting – CVE-2024-6725 | WordPress Plugin Vulnerability Report

Recent Blog Posts

Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App Vulnerability – Missing Authorization to Account Takeover via Unauthenticated Email Log Disclosure – CVE: NA | WordPress Plugin Vulnerability Report

SiteSEO – SEO Simplified Vulnerability – Missing Authorization to Authenticated (Author+) Plugin Settings Update – CVE-2025-12367 | WordPress Plugin Vulnerability Report

Qi Blocks Vulnerability – Missing Authorization to Authenticated (Contributor+) Plugin Settings Update – CVE-2025-12180 | WordPress Plugin Vulnerability Report

Additional Resources

About Your WP Guy