WordPress Vulnerability Daily Update

WordPress Infinite Scroll Vulnerability – Ajax Load More – Authenticated (Administrator+) Stored Cross-Site Scripting | WordPress Plugin Vulnerability Report

March 28, 2024

Plugin Name: WordPress Infinite Scroll – Ajax Load More Key Information: Software Type: Plugin Software Slug: ajax-load-more Software Status: Active…

Events Manager Vulnerability – Calendar, Bookings, Tickets, and more! – Multiple Vulnerabilities – CVE-2024-2111 & CVE-2024-2110 |WordPress Plugin Vulnerability Report

March 27, 2024

Posted in Vulnerabilities, Security

Plugin Name: Events Manager – Calendar, Bookings, Tickets, and more! Key Information: Software Type: Plugin Software Slug: events-manager Software Status:…

Meta Tag Manager Vulnerability – Authenticated (Subscriber+) PHP Object Injection – CVE-2024-1770 |WordPress Plugin Vulnerability Report

March 27, 2024

Posted in Vulnerabilities, Security

Plugin Name: Meta Tag Manager Key Information: Software Type: Plugin Software Slug: meta-tag-manager Software Status: Active Software Author: netweblogic Software…

Elementor Addon Elements Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-2091 |WordPress Plugin Vulnerability Report

March 26, 2024

Posted in Vulnerabilities, Security

Plugin Name: Elementor Addon Elements Key Information: Software Type: Plugin Software Slug: addon-elements-for-elementor-page-builder Software Status: Active Software Author: webtechstreet Software…

WordPress Infinite Scroll Vulnerability – Ajax Load More – Authenticated (Admin+) Directory Traversal to Arbitrary File Read – CVE-2024-1790 |WordPress Plugin Vulnerability Report

March 26, 2024

Posted in Vulnerabilities, Security

Plugin Name: WordPress Infinite Scroll – Ajax Load More Key Information: Software Type: Plugin Software Slug: ajax-load-more Software Status: Active…

VK All in One Expansion Unit Vulnerability – Information Exposure – CVE-2024-2093 |WordPress Plugin Vulnerability Report

March 26, 2024

Posted in Vulnerabilities, Security

Plugin Name: VK All in One Expansion Unit Key Information: Software Type: Plugin Software Slug: vk-all-in-one-expansion-unit Software Status: Active Software…

Elementor Website Builder Vulnerability – More than Just a Page Builder – Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Path Widget – CVE-2024-2117 |WordPress Plugin Vulnerability Report

March 26, 2024

Posted in Vulnerabilities, Security

Plugin Name: Elementor Website Builder – More than Just a Page Builder Key Information: Software Type: Plugin Software Slug: elementor…

The Plus Addons for Elementor Vulnerability – Authenticated (Contributor+) Local File Inclusion via Team Member Listing – CVE-2024-2210 |WordPress Plugin Vulnerability Report

March 26, 2024

Posted in Security, Vulnerabilities

Plugin Name: The Plus Addons for Elementor Key Information: Software Type: Plugin Software Slug: the-plus-addons-for-elementor-page-builder Software Status: Active Software Author:…

Event Tickets and Registration Vulnerability – Improper Authorization to Information Disclosure – CVE-2024-2261 |WordPress Plugin Vulnerability Report

March 26, 2024

Posted in Vulnerabilities, Security

Plugin Name: Event Tickets and Registration Key Information: Software Type: Plugin Software Slug: event-tickets Software Status: Active Software Author: theeventscalendar…

Master Addons Vulnerability – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor – Authenticated (Contributor+) Stored Cross-Site Scripting via Pricing Table Widget – CVE-2024-2139 |WordPress Plugin Vulnerability Report

March 26, 2024

Posted in Vulnerabilities, Security

Plugin Name: Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor Key Information: Software Type: Plugin Software…

Link Whisper Free Vulnerability- Authenticated (Contributor+) PHP Object Injection – CVE-2024-2693 |WordPress Plugin Vulnerability Report

March 26, 2024

Posted in Vulnerabilities, Security

Plugin Name: Link Whisper Free Key Information: Software Type: Plugin Software Slug: link-whisper Software Status: Active Software Author: linkwhspr Software…

VK All in One Expansion Unit – Authenticated (Contributor+) Stored Cross-Site Scripting via className – CVE-2024-2170 |WordPress Plugin Vulnerability Report

March 25, 2024

Posted in Vulnerabilities, Security

Plugin Name: VK All in One Expansion Unit Key Information: Software Type: Plugin Software Slug: vk-all-in-one-expansion-unit Software Status: Active Software…

WordPress Infinite Scroll Vulnerability – Ajax Load More – Authenticated (Administrator+) Stored Cross-Site Scripting | WordPress Plugin Vulnerability Report

Events Manager Vulnerability – Calendar, Bookings, Tickets, and more! – Multiple Vulnerabilities – CVE-2024-2111 & CVE-2024-2110 |WordPress Plugin Vulnerability Report

Meta Tag Manager Vulnerability – Authenticated (Subscriber+) PHP Object Injection – CVE-2024-1770 |WordPress Plugin Vulnerability Report

Elementor Addon Elements Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-2091 |WordPress Plugin Vulnerability Report

WordPress Infinite Scroll Vulnerability – Ajax Load More – Authenticated (Admin+) Directory Traversal to Arbitrary File Read – CVE-2024-1790 |WordPress Plugin Vulnerability Report

VK All in One Expansion Unit Vulnerability – Information Exposure – CVE-2024-2093 |WordPress Plugin Vulnerability Report

Elementor Website Builder Vulnerability – More than Just a Page Builder – Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Path Widget – CVE-2024-2117 |WordPress Plugin Vulnerability Report

The Plus Addons for Elementor Vulnerability – Authenticated (Contributor+) Local File Inclusion via Team Member Listing – CVE-2024-2210 |WordPress Plugin Vulnerability Report

Event Tickets and Registration Vulnerability – Improper Authorization to Information Disclosure – CVE-2024-2261 |WordPress Plugin Vulnerability Report

Master Addons Vulnerability – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor – Authenticated (Contributor+) Stored Cross-Site Scripting via Pricing Table Widget – CVE-2024-2139 |WordPress Plugin Vulnerability Report

Link Whisper Free Vulnerability- Authenticated (Contributor+) PHP Object Injection – CVE-2024-2693 |WordPress Plugin Vulnerability Report

VK All in One Expansion Unit – Authenticated (Contributor+) Stored Cross-Site Scripting via className – CVE-2024-2170 |WordPress Plugin Vulnerability Report

Recent Blog Posts

WordPress 500 Internal Server Error: What It Means and How to Fix It

Yoast SEO – Advanced SEO with real-time guidance and built-in AI Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via ‘jsonText’ Block Attribute – CVE-2026-3427 | WordPress Plugin Vulnerability Report

The Events Calendar Vulnerability – Missing Authorization to Authenticated (Subscriber+) Data Migration Control – CVE-2025-15043 | WordPress Plugin Vulnerability Report

Additional Resources

About Your WP Guy