WordPress Vulnerability Daily Update

WP Plugin Vulnerabilities Image - The Plus Addons for Elementor Vulnerability - Authenticated (Contributor+) Local File Inclusion via Team Member Listing - CVE-2024-2210 |WordPress Plugin Vulnerability Report - Security

The Plus Addons for Elementor Vulnerability – Authenticated (Contributor+) Local File Inclusion via Team Member Listing – CVE-2024-2210 |WordPress Plugin Vulnerability Report

March 26, 2024

Plugin Name: The Plus Addons for Elementor Key Information: Software Type: Plugin Software Slug: the-plus-addons-for-elementor-page-builder Software Status: Active Software Author:…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Event Tickets and Registration Vulnerability - Improper Authorization to Information Disclosure - CVE-2024-2261 |WordPress Plugin Vulnerability Report - Security

Event Tickets and Registration Vulnerability – Improper Authorization to Information Disclosure – CVE-2024-2261 |WordPress Plugin Vulnerability Report

March 26, 2024

Posted in Vulnerabilities, Security

Plugin Name: Event Tickets and Registration Key Information: Software Type: Plugin Software Slug: event-tickets Software Status: Active Software Author: theeventscalendar…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Master Addons Vulnerability – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor - Authenticated (Contributor+) Stored Cross-Site Scripting via Pricing Table Widget - CVE-2024-2139 |WordPress Plugin Vulnerability Report - Security

Master Addons Vulnerability – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor – Authenticated (Contributor+) Stored Cross-Site Scripting via Pricing Table Widget – CVE-2024-2139 |WordPress Plugin Vulnerability Report

March 26, 2024

Posted in Vulnerabilities, Security

Plugin Name: Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor Key Information: Software Type: Plugin Software…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Link Whisper Free Vulnerability- Authenticated (Contributor+) PHP Object Injection - CVE-2024-2693 |WordPress Plugin Vulnerability Report - Security

Link Whisper Free Vulnerability- Authenticated (Contributor+) PHP Object Injection – CVE-2024-2693 |WordPress Plugin Vulnerability Report

March 26, 2024

Posted in Vulnerabilities, Security

Plugin Name: Link Whisper Free Key Information: Software Type: Plugin Software Slug: link-whisper Software Status: Active Software Author: linkwhspr Software…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - VK All in One Expansion Unit - Authenticated (Contributor+) Stored Cross-Site Scripting via className - CVE-2024-2170 |WordPress Plugin Vulnerability Report - Security

VK All in One Expansion Unit – Authenticated (Contributor+) Stored Cross-Site Scripting via className – CVE-2024-2170 |WordPress Plugin Vulnerability Report

March 25, 2024

Posted in Vulnerabilities, Security

Plugin Name: VK All in One Expansion Unit Key Information: Software Type: Plugin Software Slug: vk-all-in-one-expansion-unit Software Status: Active Software…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Check & Log Email Vulnerability - Unauthenticated Hook Injection - CVE-2024-0866 |WordPress Plugin Vulnerability Report - Security

Check & Log Email Vulnerability – Unauthenticated Hook Injection – CVE-2024-0866 |WordPress Plugin Vulnerability Report

March 25, 2024

Posted in Vulnerabilities, Security

Plugin Name: Check & Log Email Key Information: Software Type: Plugin Software Slug: check-email Software Status: Active Software Author: checkemail…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Paid Memberships Pro Vulnerability– Content Restriction, User Registration, & Paid Subscriptions - Cross-Site Request Forgery - CVE-2024-0588 |WordPress Plugin Vulnerability Report - Security

Paid Memberships Pro Vulnerability– Content Restriction, User Registration, & Paid Subscriptions – Cross-Site Request Forgery – CVE-2024-0588 |WordPress Plugin Vulnerability Report

March 25, 2024

Posted in Vulnerabilities, Security

Plugin Name: Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions Key Information: Software Type: Plugin Software Slug:…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - BetterDocs Vulnerability – Best Documentation, FAQ & Knowledge Base Plugin with AI Support & Instant Answer for Elementor & Gutenberg - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode - CVE-2024-2845 | WordPress Plugin Vulnerability Report - Security

BetterDocs Vulnerability – Best Documentation, FAQ & Knowledge Base Plugin with AI Support & Instant Answer for Elementor & Gutenberg – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2024-2845 | WordPress Plugin Vulnerability Report

March 25, 2024

Posted in Vulnerabilities, Security

Plugin Name: BetterDocs – Best Documentation, FAQ & Knowledge Base Plugin with AI Support & Instant Answer for Elementor &…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Post and Page Builder by BoldGrid Vulnerability – Visual Drag and Drop Editor - Authenticated (Contributor+) Stored Cross-Site Scripting |WordPress Plugin Vulnerability Report - Security

Post and Page Builder by BoldGrid Vulnerability – Visual Drag and Drop Editor – Authenticated (Contributor+) Stored Cross-Site Scripting |WordPress Plugin Vulnerability Report

March 25, 2024

Posted in Vulnerabilities, Security

Plugin Name: Post and Page Builder by BoldGrid – Visual Drag and Drop Editor Key Information: Software Type: Plugin Software…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Real Media Library: Media Library Folder & File Manager - Authenticated (Contributor+) Stored Cross-Site Scripting - CVE-2024-2027 |WordPress Plugin Vulnerability Report - Security

Real Media Library: Media Library Folder & File Manager – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-2027 |WordPress Plugin Vulnerability Report

March 25, 2024

Posted in Vulnerabilities, Security

Plugin Name: Real Media Library: Media Library Folder & File Manager Key Information: Software Type: Plugin Software Slug: real-media-library-lite Software…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Affiliate Links, Link Branding, Link Tracking & Marketing Plugin Vulnerability - Cross-Site Request Forgery to Plugin Settings Update - CVE-2024-2326 |WordPress Plugin Vulnerability Report - Pretty Links - Security

Affiliate Links, Link Branding, Link Tracking & Marketing Plugin Vulnerability – Cross-Site Request Forgery to Plugin Settings Update – CVE-2024-2326 |WordPress Plugin Vulnerability Report – Pretty Links

March 22, 2024

Posted in Vulnerabilities, Security

Plugin Name: Pretty Links – Affiliate Links, Link Branding, Link Tracking & Marketing Plugin Key Information: Software Type: Plugin Software…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Page Builder Gutenberg Blocks Vulnerability – CoBlocks - Authenticated (Contributor+) Stored Cross-Site Scripting - CVE-2024-1049 | WordPress Plugin Vulnerability Report - Security

Page Builder Gutenberg Blocks Vulnerability – CoBlocks – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-1049 | WordPress Plugin Vulnerability Report

March 22, 2024

Posted in Vulnerabilities, Security

Plugin Name: Page Builder Gutenberg Blocks – CoBlocks Key Information: Software Type: Plugin Software Slug: coblocks Software Status: Active Software…

Read about this Latest WordPress Vulnerability

The Plus Addons for Elementor Vulnerability – Authenticated (Contributor+) Local File Inclusion via Team Member Listing – CVE-2024-2210 |WordPress Plugin Vulnerability Report

Event Tickets and Registration Vulnerability – Improper Authorization to Information Disclosure – CVE-2024-2261 |WordPress Plugin Vulnerability Report

Master Addons Vulnerability – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor – Authenticated (Contributor+) Stored Cross-Site Scripting via Pricing Table Widget – CVE-2024-2139 |WordPress Plugin Vulnerability Report

Link Whisper Free Vulnerability- Authenticated (Contributor+) PHP Object Injection – CVE-2024-2693 |WordPress Plugin Vulnerability Report

VK All in One Expansion Unit – Authenticated (Contributor+) Stored Cross-Site Scripting via className – CVE-2024-2170 |WordPress Plugin Vulnerability Report

Check & Log Email Vulnerability – Unauthenticated Hook Injection – CVE-2024-0866 |WordPress Plugin Vulnerability Report

Paid Memberships Pro Vulnerability– Content Restriction, User Registration, & Paid Subscriptions – Cross-Site Request Forgery – CVE-2024-0588 |WordPress Plugin Vulnerability Report

BetterDocs Vulnerability – Best Documentation, FAQ & Knowledge Base Plugin with AI Support & Instant Answer for Elementor & Gutenberg – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2024-2845 | WordPress Plugin Vulnerability Report

Post and Page Builder by BoldGrid Vulnerability – Visual Drag and Drop Editor – Authenticated (Contributor+) Stored Cross-Site Scripting |WordPress Plugin Vulnerability Report

Real Media Library: Media Library Folder & File Manager – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-2027 |WordPress Plugin Vulnerability Report

Affiliate Links, Link Branding, Link Tracking & Marketing Plugin Vulnerability – Cross-Site Request Forgery to Plugin Settings Update – CVE-2024-2326 |WordPress Plugin Vulnerability Report – Pretty Links

Page Builder Gutenberg Blocks Vulnerability – CoBlocks – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-1049 | WordPress Plugin Vulnerability Report

Recent Blog Posts

Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App Vulnerability – Missing Authorization to Account Takeover via Unauthenticated Email Log Disclosure – CVE: NA | WordPress Plugin Vulnerability Report

SiteSEO – SEO Simplified Vulnerability – Missing Authorization to Authenticated (Author+) Plugin Settings Update – CVE-2025-12367 | WordPress Plugin Vulnerability Report

Qi Blocks Vulnerability – Missing Authorization to Authenticated (Contributor+) Plugin Settings Update – CVE-2025-12180 | WordPress Plugin Vulnerability Report

Additional Resources

About Your WP Guy