WordPress Vulnerability Daily Update

Pods Vulnerability – Custom Content Types and Fields – Authenticated (Contributor+) SQL Injection via Shortcode – CVE-2023-6967 | WordPress Plugin Vulnerability Report

March 28, 2024

Plugin Name: Pods – Custom Content Types and Fields Key Information: Software Type: Plugin Software Slug: pods Software Status: Active…

Read about this Latest WordPress Vulnerability

Sydney Toolbox Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via _id – CVE-2024-2936 |WordPress Plugin Vulnerability Report

March 28, 2024

Posted in Security, Vulnerabilities

Plugin Name: Sydney Toolbox Key Information: Software Type: Plugin Software Slug: sydney-toolbox Software Status: Active Software Author: athemes Software Downloads:…

Read about this Latest WordPress Vulnerability

WordPress Infinite Scroll Vulnerability – Ajax Load More – Authenticated (Administrator+) Stored Cross-Site Scripting | WordPress Plugin Vulnerability Report

March 28, 2024

Posted in Security, Vulnerabilities

Plugin Name: WordPress Infinite Scroll – Ajax Load More Key Information: Software Type: Plugin Software Slug: ajax-load-more Software Status: Active…

Read about this Latest WordPress Vulnerability

Events Manager Vulnerability – Calendar, Bookings, Tickets, and more! – Multiple Vulnerabilities – CVE-2024-2111 & CVE-2024-2110 |WordPress Plugin Vulnerability Report

March 27, 2024

Posted in Security, Vulnerabilities

Plugin Name: Events Manager – Calendar, Bookings, Tickets, and more! Key Information: Software Type: Plugin Software Slug: events-manager Software Status:…

Read about this Latest WordPress Vulnerability

Meta Tag Manager Vulnerability – Authenticated (Subscriber+) PHP Object Injection – CVE-2024-1770 |WordPress Plugin Vulnerability Report

March 27, 2024

Posted in Security, Vulnerabilities

Plugin Name: Meta Tag Manager Key Information: Software Type: Plugin Software Slug: meta-tag-manager Software Status: Active Software Author: netweblogic Software…

Read about this Latest WordPress Vulnerability

Elementor Addon Elements Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-2091 |WordPress Plugin Vulnerability Report

March 26, 2024

Posted in Security, Vulnerabilities

Plugin Name: Elementor Addon Elements Key Information: Software Type: Plugin Software Slug: addon-elements-for-elementor-page-builder Software Status: Active Software Author: webtechstreet Software…

Read about this Latest WordPress Vulnerability

WordPress Infinite Scroll Vulnerability – Ajax Load More – Authenticated (Admin+) Directory Traversal to Arbitrary File Read – CVE-2024-1790 |WordPress Plugin Vulnerability Report

March 26, 2024

Posted in Security, Vulnerabilities

Plugin Name: WordPress Infinite Scroll – Ajax Load More Key Information: Software Type: Plugin Software Slug: ajax-load-more Software Status: Active…

Read about this Latest WordPress Vulnerability

VK All in One Expansion Unit Vulnerability – Information Exposure – CVE-2024-2093 |WordPress Plugin Vulnerability Report

March 26, 2024

Posted in Security, Vulnerabilities

Plugin Name: VK All in One Expansion Unit Key Information: Software Type: Plugin Software Slug: vk-all-in-one-expansion-unit Software Status: Active Software…

Read about this Latest WordPress Vulnerability

Elementor Website Builder Vulnerability – More than Just a Page Builder – Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Path Widget – CVE-2024-2117 |WordPress Plugin Vulnerability Report

March 26, 2024

Posted in Security, Vulnerabilities

Plugin Name: Elementor Website Builder – More than Just a Page Builder Key Information: Software Type: Plugin Software Slug: elementor…

Read about this Latest WordPress Vulnerability

The Plus Addons for Elementor Vulnerability – Authenticated (Contributor+) Local File Inclusion via Team Member Listing – CVE-2024-2210 |WordPress Plugin Vulnerability Report

March 26, 2024

Posted in Security, Vulnerabilities

Plugin Name: The Plus Addons for Elementor Key Information: Software Type: Plugin Software Slug: the-plus-addons-for-elementor-page-builder Software Status: Active Software Author:…

Read about this Latest WordPress Vulnerability

Event Tickets and Registration Vulnerability – Improper Authorization to Information Disclosure – CVE-2024-2261 |WordPress Plugin Vulnerability Report

March 26, 2024

Posted in Security, Vulnerabilities

Plugin Name: Event Tickets and Registration Key Information: Software Type: Plugin Software Slug: event-tickets Software Status: Active Software Author: theeventscalendar…

Read about this Latest WordPress Vulnerability

Master Addons Vulnerability – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor – Authenticated (Contributor+) Stored Cross-Site Scripting via Pricing Table Widget – CVE-2024-2139 |WordPress Plugin Vulnerability Report

March 26, 2024

Posted in Security, Vulnerabilities

Plugin Name: Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor Key Information: Software Type: Plugin Software…

Read about this Latest WordPress Vulnerability

Pods Vulnerability – Custom Content Types and Fields – Authenticated (Contributor+) SQL Injection via Shortcode – CVE-2023-6967 | WordPress Plugin Vulnerability Report

Sydney Toolbox Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via _id – CVE-2024-2936 |WordPress Plugin Vulnerability Report

WordPress Infinite Scroll Vulnerability – Ajax Load More – Authenticated (Administrator+) Stored Cross-Site Scripting | WordPress Plugin Vulnerability Report

Events Manager Vulnerability – Calendar, Bookings, Tickets, and more! – Multiple Vulnerabilities – CVE-2024-2111 & CVE-2024-2110 |WordPress Plugin Vulnerability Report

Meta Tag Manager Vulnerability – Authenticated (Subscriber+) PHP Object Injection – CVE-2024-1770 |WordPress Plugin Vulnerability Report

Elementor Addon Elements Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-2091 |WordPress Plugin Vulnerability Report

WordPress Infinite Scroll Vulnerability – Ajax Load More – Authenticated (Admin+) Directory Traversal to Arbitrary File Read – CVE-2024-1790 |WordPress Plugin Vulnerability Report

VK All in One Expansion Unit Vulnerability – Information Exposure – CVE-2024-2093 |WordPress Plugin Vulnerability Report

Elementor Website Builder Vulnerability – More than Just a Page Builder – Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Path Widget – CVE-2024-2117 |WordPress Plugin Vulnerability Report

The Plus Addons for Elementor Vulnerability – Authenticated (Contributor+) Local File Inclusion via Team Member Listing – CVE-2024-2210 |WordPress Plugin Vulnerability Report

Event Tickets and Registration Vulnerability – Improper Authorization to Information Disclosure – CVE-2024-2261 |WordPress Plugin Vulnerability Report

Master Addons Vulnerability – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor – Authenticated (Contributor+) Stored Cross-Site Scripting via Pricing Table Widget – CVE-2024-2139 |WordPress Plugin Vulnerability Report

Recent Blog Posts

LiteSpeed Cache Vulnerability – Unauthenticated Sensitive Information Exposure via Log Files – CVE-2024-44000 | WordPress Plugin Vulnerability Report

Elementor Addon Elements Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Parameters – CVE-2024-4401, CVE-2024-7122 | WordPress Plugin Vulnerability Report

The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid Vulnerability – Authenticated (Contributor+) Information Disclosure – CVE-2024-7418 | WordPress Plugin Vulnerability Report

Additional Resources

About Your WP Guy