WordPress Vulnerability Daily Update

WP Plugin Vulnerabilities Image - Ninja Forms Contact Form Vulnerability – The Drag and Drop Form Builder for WordPress - Cross-Site Request Forgery to Publicly Accessible Form Submission Export - CVE-2024-2113 | WordPress Plugin Vulnerability Report - Vulnerabilities

Ninja Forms Contact Form Vulnerability – The Drag and Drop Form Builder for WordPress – Cross-Site Request Forgery to Publicly Accessible Form Submission Export – CVE-2024-2113 | WordPress Plugin Vulnerability Report

March 28, 2024

Plugin Name: Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress Key Information: Software Type: Plugin…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Otter Blocks Vulnerability – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE - Authenticated (Contributor+) Stored Cross-Site Scripting - CVE-2024-2841 | WordPress Plugin Vulnerability Report - Vulnerabilities

Otter Blocks Vulnerability – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-2841 | WordPress Plugin Vulnerability Report

March 28, 2024

Posted in Vulnerabilities, Security

Plugin Name: Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE Key Information: Software Type: Plugin Software…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Stackable Vulnerability – Page Builder Gutenberg Blocks - Authenticated Stored Cross-Site Scripting via Posts Block - CVE-2024-2039 |WordPress Plugin Vulnerability Report - Vulnerabilities

Stackable Vulnerability – Page Builder Gutenberg Blocks – Authenticated Stored Cross-Site Scripting via Posts Block – CVE-2024-2039 |WordPress Plugin Vulnerability Report

March 28, 2024

Posted in Vulnerabilities, Security

Plugin Name: Stackable – Page Builder Gutenberg Blocks Key Information: Software Type: Plugin Software Slug: stackable-ultimate-gutenberg-blocks Software Status: Active Software…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Pods Vulnerability – Custom Content Types and Fields - Authenticated (Contributor+) SQL Injection via Shortcode - CVE-2023-6967 | WordPress Plugin Vulnerability Report - Vulnerabilities

Pods Vulnerability – Custom Content Types and Fields – Authenticated (Contributor+) SQL Injection via Shortcode – CVE-2023-6967 | WordPress Plugin Vulnerability Report

March 28, 2024

Posted in Vulnerabilities, Security

Plugin Name: Pods – Custom Content Types and Fields Key Information: Software Type: Plugin Software Slug: pods Software Status: Active…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Sydney Toolbox Vulnerability - Authenticated (Contributor+) Stored Cross-Site Scripting via _id - CVE-2024-2936 |WordPress Plugin Vulnerability Report - Vulnerabilities

Sydney Toolbox Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via _id – CVE-2024-2936 |WordPress Plugin Vulnerability Report

March 28, 2024

Posted in Vulnerabilities, Security

Plugin Name: Sydney Toolbox Key Information: Software Type: Plugin Software Slug: sydney-toolbox Software Status: Active Software Author: athemes Software Downloads:…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - WordPress Infinite Scroll Vulnerability – Ajax Load More - Authenticated (Administrator+) Stored Cross-Site Scripting | WordPress Plugin Vulnerability Report - Vulnerabilities

WordPress Infinite Scroll Vulnerability – Ajax Load More – Authenticated (Administrator+) Stored Cross-Site Scripting | WordPress Plugin Vulnerability Report

March 28, 2024

Posted in Vulnerabilities, Security

Plugin Name: WordPress Infinite Scroll – Ajax Load More Key Information: Software Type: Plugin Software Slug: ajax-load-more Software Status: Active…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Events Manager Vulnerability – Calendar, Bookings, Tickets, and more! - Multiple Vulnerabilities - CVE-2024-2111 & CVE-2024-2110 |WordPress Plugin Vulnerability Report - Vulnerabilities

Events Manager Vulnerability – Calendar, Bookings, Tickets, and more! – Multiple Vulnerabilities – CVE-2024-2111 & CVE-2024-2110 |WordPress Plugin Vulnerability Report

March 27, 2024

Posted in Vulnerabilities, Security

Plugin Name: Events Manager – Calendar, Bookings, Tickets, and more! Key Information: Software Type: Plugin Software Slug: events-manager Software Status:…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Meta Tag Manager Vulnerability - Authenticated (Subscriber+) PHP Object Injection - CVE-2024-1770 |WordPress Plugin Vulnerability Report - Vulnerabilities

Meta Tag Manager Vulnerability – Authenticated (Subscriber+) PHP Object Injection – CVE-2024-1770 |WordPress Plugin Vulnerability Report

March 27, 2024

Posted in Vulnerabilities, Security

Plugin Name: Meta Tag Manager Key Information: Software Type: Plugin Software Slug: meta-tag-manager Software Status: Active Software Author: netweblogic Software…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Elementor Addon Elements Vulnerability - Authenticated (Contributor+) Stored Cross-Site Scripting - CVE-2024-2091 |WordPress Plugin Vulnerability Report - Vulnerabilities

Elementor Addon Elements Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-2091 |WordPress Plugin Vulnerability Report

March 26, 2024

Posted in Vulnerabilities, Security

Plugin Name: Elementor Addon Elements Key Information: Software Type: Plugin Software Slug: addon-elements-for-elementor-page-builder Software Status: Active Software Author: webtechstreet Software…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - WordPress Infinite Scroll Vulnerability – Ajax Load More - Authenticated (Admin+) Directory Traversal to Arbitrary File Read - CVE-2024-1790 |WordPress Plugin Vulnerability Report - Vulnerabilities

WordPress Infinite Scroll Vulnerability – Ajax Load More – Authenticated (Admin+) Directory Traversal to Arbitrary File Read – CVE-2024-1790 |WordPress Plugin Vulnerability Report

March 26, 2024

Posted in Vulnerabilities, Security

Plugin Name: WordPress Infinite Scroll – Ajax Load More Key Information: Software Type: Plugin Software Slug: ajax-load-more Software Status: Active…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - VK All in One Expansion Unit Vulnerability - Information Exposure - CVE-2024-2093 |WordPress Plugin Vulnerability Report - Vulnerabilities

VK All in One Expansion Unit Vulnerability – Information Exposure – CVE-2024-2093 |WordPress Plugin Vulnerability Report

March 26, 2024

Posted in Vulnerabilities, Security

Plugin Name: VK All in One Expansion Unit Key Information: Software Type: Plugin Software Slug: vk-all-in-one-expansion-unit Software Status: Active Software…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Elementor Website Builder Vulnerability – More than Just a Page Builder - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Path Widget - CVE-2024-2117 |WordPress Plugin Vulnerability Report - Vulnerabilities

Elementor Website Builder Vulnerability – More than Just a Page Builder – Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Path Widget – CVE-2024-2117 |WordPress Plugin Vulnerability Report

March 26, 2024

Posted in Vulnerabilities, Security

Plugin Name: Elementor Website Builder – More than Just a Page Builder Key Information: Software Type: Plugin Software Slug: elementor…

Read about this Latest WordPress Vulnerability

Ninja Forms Contact Form Vulnerability – The Drag and Drop Form Builder for WordPress – Cross-Site Request Forgery to Publicly Accessible Form Submission Export – CVE-2024-2113 | WordPress Plugin Vulnerability Report

Otter Blocks Vulnerability – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-2841 | WordPress Plugin Vulnerability Report

Stackable Vulnerability – Page Builder Gutenberg Blocks – Authenticated Stored Cross-Site Scripting via Posts Block – CVE-2024-2039 |WordPress Plugin Vulnerability Report

Pods Vulnerability – Custom Content Types and Fields – Authenticated (Contributor+) SQL Injection via Shortcode – CVE-2023-6967 | WordPress Plugin Vulnerability Report

Sydney Toolbox Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via _id – CVE-2024-2936 |WordPress Plugin Vulnerability Report

WordPress Infinite Scroll Vulnerability – Ajax Load More – Authenticated (Administrator+) Stored Cross-Site Scripting | WordPress Plugin Vulnerability Report

Events Manager Vulnerability – Calendar, Bookings, Tickets, and more! – Multiple Vulnerabilities – CVE-2024-2111 & CVE-2024-2110 |WordPress Plugin Vulnerability Report

Meta Tag Manager Vulnerability – Authenticated (Subscriber+) PHP Object Injection – CVE-2024-1770 |WordPress Plugin Vulnerability Report

Elementor Addon Elements Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-2091 |WordPress Plugin Vulnerability Report

WordPress Infinite Scroll Vulnerability – Ajax Load More – Authenticated (Admin+) Directory Traversal to Arbitrary File Read – CVE-2024-1790 |WordPress Plugin Vulnerability Report

VK All in One Expansion Unit Vulnerability – Information Exposure – CVE-2024-2093 |WordPress Plugin Vulnerability Report

Elementor Website Builder Vulnerability – More than Just a Page Builder – Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Path Widget – CVE-2024-2117 |WordPress Plugin Vulnerability Report

Recent Blog Posts

Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App Vulnerability – Missing Authorization to Account Takeover via Unauthenticated Email Log Disclosure – CVE: NA | WordPress Plugin Vulnerability Report

SiteSEO – SEO Simplified Vulnerability – Missing Authorization to Authenticated (Author+) Plugin Settings Update – CVE-2025-12367 | WordPress Plugin Vulnerability Report

Qi Blocks Vulnerability – Missing Authorization to Authenticated (Contributor+) Plugin Settings Update – CVE-2025-12180 | WordPress Plugin Vulnerability Report

Additional Resources

About Your WP Guy