WordPress Vulnerability Daily Update

WP Plugin Vulnerabilities Image - Link Whisper Free Vulnerability- Authenticated (Contributor+) PHP Object Injection - CVE-2024-2693 |WordPress Plugin Vulnerability Report - Vulnerabilities

Link Whisper Free Vulnerability- Authenticated (Contributor+) PHP Object Injection – CVE-2024-2693 |WordPress Plugin Vulnerability Report

March 26, 2024

Plugin Name: Link Whisper Free Key Information: Software Type: Plugin Software Slug: link-whisper Software Status: Active Software Author: linkwhspr Software…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - VK All in One Expansion Unit - Authenticated (Contributor+) Stored Cross-Site Scripting via className - CVE-2024-2170 |WordPress Plugin Vulnerability Report - Vulnerabilities

VK All in One Expansion Unit – Authenticated (Contributor+) Stored Cross-Site Scripting via className – CVE-2024-2170 |WordPress Plugin Vulnerability Report

March 25, 2024

Posted in Vulnerabilities, Security

Plugin Name: VK All in One Expansion Unit Key Information: Software Type: Plugin Software Slug: vk-all-in-one-expansion-unit Software Status: Active Software…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Check & Log Email Vulnerability - Unauthenticated Hook Injection - CVE-2024-0866 |WordPress Plugin Vulnerability Report - Vulnerabilities

Check & Log Email Vulnerability – Unauthenticated Hook Injection – CVE-2024-0866 |WordPress Plugin Vulnerability Report

March 25, 2024

Posted in Vulnerabilities, Security

Plugin Name: Check & Log Email Key Information: Software Type: Plugin Software Slug: check-email Software Status: Active Software Author: checkemail…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Paid Memberships Pro Vulnerability– Content Restriction, User Registration, & Paid Subscriptions - Cross-Site Request Forgery - CVE-2024-0588 |WordPress Plugin Vulnerability Report - Vulnerabilities

Paid Memberships Pro Vulnerability– Content Restriction, User Registration, & Paid Subscriptions – Cross-Site Request Forgery – CVE-2024-0588 |WordPress Plugin Vulnerability Report

March 25, 2024

Posted in Vulnerabilities, Security

Plugin Name: Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions Key Information: Software Type: Plugin Software Slug:…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - BetterDocs Vulnerability – Best Documentation, FAQ & Knowledge Base Plugin with AI Support & Instant Answer for Elementor & Gutenberg - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode - CVE-2024-2845 | WordPress Plugin Vulnerability Report - Vulnerabilities

BetterDocs Vulnerability – Best Documentation, FAQ & Knowledge Base Plugin with AI Support & Instant Answer for Elementor & Gutenberg – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2024-2845 | WordPress Plugin Vulnerability Report

March 25, 2024

Posted in Vulnerabilities, Security

Plugin Name: BetterDocs – Best Documentation, FAQ & Knowledge Base Plugin with AI Support & Instant Answer for Elementor &…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Post and Page Builder by BoldGrid Vulnerability – Visual Drag and Drop Editor - Authenticated (Contributor+) Stored Cross-Site Scripting |WordPress Plugin Vulnerability Report - Vulnerabilities

Post and Page Builder by BoldGrid Vulnerability – Visual Drag and Drop Editor – Authenticated (Contributor+) Stored Cross-Site Scripting |WordPress Plugin Vulnerability Report

March 25, 2024

Posted in Vulnerabilities, Security

Plugin Name: Post and Page Builder by BoldGrid – Visual Drag and Drop Editor Key Information: Software Type: Plugin Software…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Real Media Library: Media Library Folder & File Manager - Authenticated (Contributor+) Stored Cross-Site Scripting - CVE-2024-2027 |WordPress Plugin Vulnerability Report - Vulnerabilities

Real Media Library: Media Library Folder & File Manager – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-2027 |WordPress Plugin Vulnerability Report

March 25, 2024

Posted in Vulnerabilities, Security

Plugin Name: Real Media Library: Media Library Folder & File Manager Key Information: Software Type: Plugin Software Slug: real-media-library-lite Software…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Affiliate Links, Link Branding, Link Tracking & Marketing Plugin Vulnerability - Cross-Site Request Forgery to Plugin Settings Update - CVE-2024-2326 |WordPress Plugin Vulnerability Report - Pretty Links - Vulnerabilities

Affiliate Links, Link Branding, Link Tracking & Marketing Plugin Vulnerability – Cross-Site Request Forgery to Plugin Settings Update – CVE-2024-2326 |WordPress Plugin Vulnerability Report – Pretty Links

March 22, 2024

Posted in Vulnerabilities, Security

Plugin Name: Pretty Links – Affiliate Links, Link Branding, Link Tracking & Marketing Plugin Key Information: Software Type: Plugin Software…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Page Builder Gutenberg Blocks Vulnerability – CoBlocks - Authenticated (Contributor+) Stored Cross-Site Scripting - CVE-2024-1049 | WordPress Plugin Vulnerability Report - Vulnerabilities

Page Builder Gutenberg Blocks Vulnerability – CoBlocks – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-1049 | WordPress Plugin Vulnerability Report

March 22, 2024

Posted in Vulnerabilities, Security

Plugin Name: Page Builder Gutenberg Blocks – CoBlocks Key Information: Software Type: Plugin Software Slug: coblocks Software Status: Active Software…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Page Builder by SiteOrigin Vulnerability - Authenticated (Contributor+) Stored Cross-Site Scripting via Legacy Image Widget - CVE-2024-2202 | WordPress Plugin Vulnerability Report - Vulnerabilities

Page Builder by SiteOrigin Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Legacy Image Widget – CVE-2024-2202 | WordPress Plugin Vulnerability Report

March 22, 2024

Posted in Vulnerabilities, Security

Plugin Name: Page Builder by SiteOrigin Key Information: Software Type: Plugin Software Slug: siteorigin-panels Software Status: Active Software Author: gpriday…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor - Authenticated (Contributor+) Stored Cross-site Scripting via 'embedpress_doc_custom_color' - CVE-2024-2688 | WordPress Plugin Vulnerability Report - EmbedPress - Vulnerabilities

Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor – Authenticated (Contributor+) Stored Cross-site Scripting via ’embedpress_doc_custom_color’ – CVE-2024-2688 | WordPress Plugin Vulnerability Report – EmbedPress

March 22, 2024

Posted in Vulnerabilities, Security

Plugin Name: EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in…

Read about this Latest WordPress Vulnerability

Blocksy Companion Vulnerability- Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-2392 |WordPress Plugin Vulnerability Report

March 21, 2024

Posted in Security, Vulnerabilities

Plugin Name: Blocksy Companion Key Information: Software Type: Plugin Software Slug: blocksy-companion Software Status: Active Software Author: creativethemeshq Software Downloads:…

Read about this Latest WordPress Vulnerability

Link Whisper Free Vulnerability- Authenticated (Contributor+) PHP Object Injection – CVE-2024-2693 |WordPress Plugin Vulnerability Report

VK All in One Expansion Unit – Authenticated (Contributor+) Stored Cross-Site Scripting via className – CVE-2024-2170 |WordPress Plugin Vulnerability Report

Check & Log Email Vulnerability – Unauthenticated Hook Injection – CVE-2024-0866 |WordPress Plugin Vulnerability Report

Paid Memberships Pro Vulnerability– Content Restriction, User Registration, & Paid Subscriptions – Cross-Site Request Forgery – CVE-2024-0588 |WordPress Plugin Vulnerability Report

BetterDocs Vulnerability – Best Documentation, FAQ & Knowledge Base Plugin with AI Support & Instant Answer for Elementor & Gutenberg – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2024-2845 | WordPress Plugin Vulnerability Report

Post and Page Builder by BoldGrid Vulnerability – Visual Drag and Drop Editor – Authenticated (Contributor+) Stored Cross-Site Scripting |WordPress Plugin Vulnerability Report

Real Media Library: Media Library Folder & File Manager – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-2027 |WordPress Plugin Vulnerability Report

Affiliate Links, Link Branding, Link Tracking & Marketing Plugin Vulnerability – Cross-Site Request Forgery to Plugin Settings Update – CVE-2024-2326 |WordPress Plugin Vulnerability Report – Pretty Links

Page Builder Gutenberg Blocks Vulnerability – CoBlocks – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-1049 | WordPress Plugin Vulnerability Report

Page Builder by SiteOrigin Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Legacy Image Widget – CVE-2024-2202 | WordPress Plugin Vulnerability Report

Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor – Authenticated (Contributor+) Stored Cross-site Scripting via ’embedpress_doc_custom_color’ – CVE-2024-2688 | WordPress Plugin Vulnerability Report – EmbedPress

Blocksy Companion Vulnerability- Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-2392 |WordPress Plugin Vulnerability Report

Recent Blog Posts

LiteSpeed Cache Vulnerability – Unauthenticated Sensitive Information Exposure via Log Files – CVE-2024-44000 | WordPress Plugin Vulnerability Report

Elementor Addon Elements Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Parameters – CVE-2024-4401, CVE-2024-7122 | WordPress Plugin Vulnerability Report

The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid Vulnerability – Authenticated (Contributor+) Information Disclosure – CVE-2024-7418 | WordPress Plugin Vulnerability Report

Additional Resources

About Your WP Guy