WordPress Vulnerability Daily Update

Link Whisper Free Vulnerability- Authenticated (Contributor+) PHP Object Injection – CVE-2024-2693 |WordPress Plugin Vulnerability Report

March 26, 2024

Plugin Name: Link Whisper Free Key Information: Software Type: Plugin Software Slug: link-whisper Software Status: Active Software Author: linkwhspr Software…

Read about this Latest WordPress Vulnerability

VK All in One Expansion Unit – Authenticated (Contributor+) Stored Cross-Site Scripting via className – CVE-2024-2170 |WordPress Plugin Vulnerability Report

March 25, 2024

Posted in Security, Vulnerabilities

Plugin Name: VK All in One Expansion Unit Key Information: Software Type: Plugin Software Slug: vk-all-in-one-expansion-unit Software Status: Active Software…

Read about this Latest WordPress Vulnerability

Check & Log Email Vulnerability – Unauthenticated Hook Injection – CVE-2024-0866 |WordPress Plugin Vulnerability Report

March 25, 2024

Posted in Security, Vulnerabilities

Plugin Name: Check & Log Email Key Information: Software Type: Plugin Software Slug: check-email Software Status: Active Software Author: checkemail…

Read about this Latest WordPress Vulnerability

Paid Memberships Pro Vulnerability– Content Restriction, User Registration, & Paid Subscriptions – Cross-Site Request Forgery – CVE-2024-0588 |WordPress Plugin Vulnerability Report

March 25, 2024

Posted in Security, Vulnerabilities

Plugin Name: Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions Key Information: Software Type: Plugin Software Slug:…

Read about this Latest WordPress Vulnerability

BetterDocs Vulnerability – Best Documentation, FAQ & Knowledge Base Plugin with AI Support & Instant Answer for Elementor & Gutenberg – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2024-2845 | WordPress Plugin Vulnerability Report

March 25, 2024

Posted in Security, Vulnerabilities

Plugin Name: BetterDocs – Best Documentation, FAQ & Knowledge Base Plugin with AI Support & Instant Answer for Elementor &…

Read about this Latest WordPress Vulnerability

Post and Page Builder by BoldGrid Vulnerability – Visual Drag and Drop Editor – Authenticated (Contributor+) Stored Cross-Site Scripting |WordPress Plugin Vulnerability Report

March 25, 2024

Posted in Security, Vulnerabilities

Plugin Name: Post and Page Builder by BoldGrid – Visual Drag and Drop Editor Key Information: Software Type: Plugin Software…

Read about this Latest WordPress Vulnerability

Real Media Library: Media Library Folder & File Manager – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-2027 |WordPress Plugin Vulnerability Report

March 25, 2024

Posted in Security, Vulnerabilities

Plugin Name: Real Media Library: Media Library Folder & File Manager Key Information: Software Type: Plugin Software Slug: real-media-library-lite Software…

Read about this Latest WordPress Vulnerability

Affiliate Links, Link Branding, Link Tracking & Marketing Plugin Vulnerability – Cross-Site Request Forgery to Plugin Settings Update – CVE-2024-2326 |WordPress Plugin Vulnerability Report – Pretty Links

March 22, 2024

Posted in Security, Vulnerabilities

Plugin Name: Pretty Links – Affiliate Links, Link Branding, Link Tracking & Marketing Plugin Key Information: Software Type: Plugin Software…

Read about this Latest WordPress Vulnerability

Page Builder Gutenberg Blocks Vulnerability – CoBlocks – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-1049 | WordPress Plugin Vulnerability Report

March 22, 2024

Posted in Security, Vulnerabilities

Plugin Name: Page Builder Gutenberg Blocks – CoBlocks Key Information: Software Type: Plugin Software Slug: coblocks Software Status: Active Software…

Read about this Latest WordPress Vulnerability

Page Builder by SiteOrigin Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Legacy Image Widget – CVE-2024-2202 | WordPress Plugin Vulnerability Report

March 22, 2024

Posted in Security, Vulnerabilities

Plugin Name: Page Builder by SiteOrigin Key Information: Software Type: Plugin Software Slug: siteorigin-panels Software Status: Active Software Author: gpriday…

Read about this Latest WordPress Vulnerability

Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor – Authenticated (Contributor+) Stored Cross-site Scripting via ’embedpress_doc_custom_color’ – CVE-2024-2688 | WordPress Plugin Vulnerability Report – EmbedPress

March 22, 2024

Posted in Security, Vulnerabilities

Plugin Name: EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in…

Read about this Latest WordPress Vulnerability

Blocksy Companion Vulnerability- Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-2392 |WordPress Plugin Vulnerability Report

March 21, 2024

Posted in Security, Vulnerabilities

Plugin Name: Blocksy Companion Key Information: Software Type: Plugin Software Slug: blocksy-companion Software Status: Active Software Author: creativethemeshq Software Downloads:…

Read about this Latest WordPress Vulnerability

Link Whisper Free Vulnerability- Authenticated (Contributor+) PHP Object Injection – CVE-2024-2693 |WordPress Plugin Vulnerability Report

VK All in One Expansion Unit – Authenticated (Contributor+) Stored Cross-Site Scripting via className – CVE-2024-2170 |WordPress Plugin Vulnerability Report

Check & Log Email Vulnerability – Unauthenticated Hook Injection – CVE-2024-0866 |WordPress Plugin Vulnerability Report

Paid Memberships Pro Vulnerability– Content Restriction, User Registration, & Paid Subscriptions – Cross-Site Request Forgery – CVE-2024-0588 |WordPress Plugin Vulnerability Report

BetterDocs Vulnerability – Best Documentation, FAQ & Knowledge Base Plugin with AI Support & Instant Answer for Elementor & Gutenberg – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2024-2845 | WordPress Plugin Vulnerability Report

Post and Page Builder by BoldGrid Vulnerability – Visual Drag and Drop Editor – Authenticated (Contributor+) Stored Cross-Site Scripting |WordPress Plugin Vulnerability Report

Real Media Library: Media Library Folder & File Manager – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-2027 |WordPress Plugin Vulnerability Report

Affiliate Links, Link Branding, Link Tracking & Marketing Plugin Vulnerability – Cross-Site Request Forgery to Plugin Settings Update – CVE-2024-2326 |WordPress Plugin Vulnerability Report – Pretty Links

Page Builder Gutenberg Blocks Vulnerability – CoBlocks – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-1049 | WordPress Plugin Vulnerability Report

Page Builder by SiteOrigin Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Legacy Image Widget – CVE-2024-2202 | WordPress Plugin Vulnerability Report

Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor – Authenticated (Contributor+) Stored Cross-site Scripting via ’embedpress_doc_custom_color’ – CVE-2024-2688 | WordPress Plugin Vulnerability Report – EmbedPress

Blocksy Companion Vulnerability- Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-2392 |WordPress Plugin Vulnerability Report

Recent Blog Posts

LiteSpeed Cache Vulnerability – Unauthenticated Sensitive Information Exposure via Log Files – CVE-2024-44000 | WordPress Plugin Vulnerability Report

Elementor Addon Elements Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Parameters – CVE-2024-4401, CVE-2024-7122 | WordPress Plugin Vulnerability Report

The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid Vulnerability – Authenticated (Contributor+) Information Disclosure – CVE-2024-7418 | WordPress Plugin Vulnerability Report

Additional Resources

About Your WP Guy