WordPress Vulnerability Daily Update

WP Chat App Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Block Image Attribute – CVE-2024-2513 |WordPress Plugin Vulnerability Report

March 29, 2024

Plugin Name: WP Chat App Key Information: Software Type: Plugin Software Slug: wp-whatsapp Software Status: Active Software Author: ninjateam Software…

Ultimate Addons for Beaver Builder Vulnerability – Lite – Authenticated (Contributor+) Stored Cross-Site Scripting via Image Separator Widget – CVE-2024-2144 | WordPress Plugin Vulnerability Report

March 29, 2024

Posted in Vulnerabilities, Security

Plugin Name: Ultimate Addons for Beaver Builder – Lite Key Information: Software Type: Plugin Software Slug: ultimate-addons-for-beaver-builder-lite Software Status: Active…

Forminator Vulnerability – Unauthenticated Stored Cross-Site Scripting via File Upload – CVE-2024-1794 | WordPress Plugin Vulnerability Report

March 29, 2024

Posted in Vulnerabilities, Security

Plugin Name: Forminator Key Information: Software Type: Plugin Software Slug: forminator Software Status: Active Software Author: wpmudev Software Downloads: 6,543,744 Active Installs: 500,000 Last Updated: March 29,…

List category posts Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-1051 | WordPress Plugin Vulnerability Report

March 29, 2024

Posted in Vulnerabilities, Security

Plugin Name: List category posts Key Information: Software Type: Plugin Software Slug: list-category-posts Software Status: Active Software Author: fernandobt Software Downloads: 3,812,968 Active Installs: 100,000 Last…

PowerPack Addons for Elementor Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-2491, CVE-2024-2492 | WordPress Plugin Vulnerability Report

March 29, 2024

Posted in Vulnerabilities, Security

Plugin Name: PowerPack Addons for Elementor Key Information: Software Type: Plugin Software Slug: powerpack-lite-for-elementor Software Status: Active Software Author: ideaboxcreations Software Downloads: 2,280,809 Active Installs: 100,000…

HUSKY Vulnerability – Products Filter Professional for WooCommerce – Authenticated (Admin+) Local File Inclusion – CVE-2024-3061 | WordPress Plugin Vulnerability Report

March 28, 2024

Posted in Vulnerabilities, Security

Plugin Name: HUSKY – Products Filter Professional for WooCommerce Key Information: Software Type: Plugin Software Slug: woocommerce-products-filter Software Status: Active…

Media Library Assistant Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via mla_gallery Shortcode – CVE-2024-2475 |WordPress Plugin Vulnerability Report

March 28, 2024

Posted in Vulnerabilities, Security

Plugin Name: Media Library Assistant Key Information: Software Type: Plugin Software Slug: media-library-assistant Software Status: Active Software Author: dglingren Software…

Ninja Forms Contact Form Vulnerability – The Drag and Drop Form Builder for WordPress – Cross-Site Request Forgery to Publicly Accessible Form Submission Export – CVE-2024-2113 | WordPress Plugin Vulnerability Report

March 28, 2024

Posted in Vulnerabilities, Security

Plugin Name: Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress Key Information: Software Type: Plugin…

Otter Blocks Vulnerability – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-2841 | WordPress Plugin Vulnerability Report

March 28, 2024

Posted in Vulnerabilities, Security

Plugin Name: Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE Key Information: Software Type: Plugin Software…

Stackable Vulnerability – Page Builder Gutenberg Blocks – Authenticated Stored Cross-Site Scripting via Posts Block – CVE-2024-2039 |WordPress Plugin Vulnerability Report

March 28, 2024

Posted in Vulnerabilities, Security

Plugin Name: Stackable – Page Builder Gutenberg Blocks Key Information: Software Type: Plugin Software Slug: stackable-ultimate-gutenberg-blocks Software Status: Active Software…

Pods Vulnerability – Custom Content Types and Fields – Authenticated (Contributor+) SQL Injection via Shortcode – CVE-2023-6967 | WordPress Plugin Vulnerability Report

March 28, 2024

Posted in Vulnerabilities, Security

Plugin Name: Pods – Custom Content Types and Fields Key Information: Software Type: Plugin Software Slug: pods Software Status: Active…

Sydney Toolbox Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via _id – CVE-2024-2936 |WordPress Plugin Vulnerability Report

March 28, 2024

Posted in Vulnerabilities, Security

Plugin Name: Sydney Toolbox Key Information: Software Type: Plugin Software Slug: sydney-toolbox Software Status: Active Software Author: athemes Software Downloads:…

WP Chat App Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Block Image Attribute – CVE-2024-2513 |WordPress Plugin Vulnerability Report

Ultimate Addons for Beaver Builder Vulnerability – Lite – Authenticated (Contributor+) Stored Cross-Site Scripting via Image Separator Widget – CVE-2024-2144 | WordPress Plugin Vulnerability Report

Forminator Vulnerability – Unauthenticated Stored Cross-Site Scripting via File Upload – CVE-2024-1794 | WordPress Plugin Vulnerability Report

PowerPack Addons for Elementor Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-2491, CVE-2024-2492 | WordPress Plugin Vulnerability Report

HUSKY Vulnerability – Products Filter Professional for WooCommerce – Authenticated (Admin+) Local File Inclusion – CVE-2024-3061 | WordPress Plugin Vulnerability Report

Media Library Assistant Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via mla_gallery Shortcode – CVE-2024-2475 |WordPress Plugin Vulnerability Report

Ninja Forms Contact Form Vulnerability – The Drag and Drop Form Builder for WordPress – Cross-Site Request Forgery to Publicly Accessible Form Submission Export – CVE-2024-2113 | WordPress Plugin Vulnerability Report

Otter Blocks Vulnerability – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-2841 | WordPress Plugin Vulnerability Report

Stackable Vulnerability – Page Builder Gutenberg Blocks – Authenticated Stored Cross-Site Scripting via Posts Block – CVE-2024-2039 |WordPress Plugin Vulnerability Report

Pods Vulnerability – Custom Content Types and Fields – Authenticated (Contributor+) SQL Injection via Shortcode – CVE-2023-6967 | WordPress Plugin Vulnerability Report

Sydney Toolbox Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via _id – CVE-2024-2936 |WordPress Plugin Vulnerability Report

Recent Blog Posts

WordPress 500 Internal Server Error: What It Means and How to Fix It

Yoast SEO – Advanced SEO with real-time guidance and built-in AI Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via ‘jsonText’ Block Attribute – CVE-2026-3427 | WordPress Plugin Vulnerability Report

The Events Calendar Vulnerability – Missing Authorization to Authenticated (Subscriber+) Data Migration Control – CVE-2025-15043 | WordPress Plugin Vulnerability Report

Additional Resources

About Your WP Guy