WordPress Vulnerability Daily Update

WooCommerce PDF Invoices, Packing Slips, Delivery Notes, and Shipping Labels – Unauthenticated Stored Cross-Site Scripting – CVE-2024-0957| WordPress Plugin Vulnerability Report

March 21, 2024

Plugin Name: WooCommerce PDF Invoices, Packing Slips, Delivery Notes, and Shipping Labels Key Information: Software Type: Plugin Software Slug: print-invoices-packing-slip-labels-for-woocommerce…

Read about this Latest WordPress Vulnerability

Advanced Access Manager Vulnerability– Restricted Content, Users & Roles, Enhanced Security and More – Reflected Cross-Site Scripting – CVE-2024-29127 | WordPress Plugin Vulnerability Report

March 20, 2024

Posted in Security, Vulnerabilities

Plugin Name: Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More Key Information: Software Type: Plugin…

Read about this Latest WordPress Vulnerability

Appointment Booking Calendar Vulnerability— Simply Schedule Appointments Booking Plugin – Authenticated (Subscriber+) SQL Injection – CVE-2024-2341 |WordPress Plugin Vulnerability Report

March 20, 2024

Posted in Security, Vulnerabilities

Plugin Name: Appointment Booking Calendar – Simply Schedule Appointments Booking Plugin Key Information: Software Type: Plugin Software Slug: simply-schedule-appointments Software…

Read about this Latest WordPress Vulnerability

Permalink Manager Pro Vulnerability- Missing Authorization via get_uri_editor – CVE-2024-2543 |WordPress Plugin Vulnerability Report

March 20, 2024

Posted in Security, Vulnerabilities

Plugin Name: Permalink Manager Pro Key Information: Software Type: Plugin Software Slug: permalink-manager Software Status: Active Software Author: mbis Software…

Read about this Latest WordPress Vulnerability

Essential Blocks Vulnerability – Page Builder Gutenberg Blocks, Patterns & Templates – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-2255 |WordPress Plugin Vulnerability Report

March 19, 2024

Posted in Security, Vulnerabilities

Plugin Name: Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates Key Information: Software Type: Plugin Software Slug: essential-blocks…

Read about this Latest WordPress Vulnerability

GiveWP Vulnerability– Donation Plugin and Fundraising Platform – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-1424 | WordPress Plugin Vulnerability Report

March 19, 2024

Posted in Security, Vulnerabilities

Plugin Name: GiveWP – Donation Plugin and Fundraising Platform Key Information: Software Type: Plugin Software Slug: give Software Status: Active…

Read about this Latest WordPress Vulnerability

Smart Custom Fields Vulnerability – Missing Authorization to Authenticated (Subscriber+) Post Content Disclosure – CVE-2024-1995 | WordPress Plugin Vulnerability Report

March 19, 2024

Posted in Security, Vulnerabilities

Plugin Name: Smart Custom Fields Key Information: Software Type: Plugin Software Slug: smart-custom-fields Software Status: Active Software Author: inc2734 Software…

Read about this Latest WordPress Vulnerability

Translate WordPress and go Multilingual Vulnerability– Weglot – Authenticated (Contributor+) Stored Cross-Site Scripting via Block Attributes – CVE-2024-2124 | WordPress Plugin Vulnerability Report

March 18, 2024

Posted in Security, Vulnerabilities

Plugin Name: Translate WordPress and go Multilingual – Weglot Key Information: Software Type: Plugin Software Slug: weglot Software Status: Active…

Read about this Latest WordPress Vulnerability

Permalink Manager Pro Vulnerability – Missing Authorization to Authenticated (Author+) Arbitrary Post Slug Modification – CVE-2024-2538 | WordPress Plugin Vulnerability Report

March 18, 2024

Posted in Security, Vulnerabilities

Plugin Name: Permalink Manager Pro Key Information: Software Type: Plugin Software Slug: permalink-manager Software Status: Active Software Author: mbis Software…

Read about this Latest WordPress Vulnerability

Qi Addons For Elementor Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-0826 | WordPress Plugin Vulnerability Report

March 15, 2024

Posted in Security, Vulnerabilities

Plugin Name: Qi Addons For Elementor Key Information: Software Type: Plugin Software Slug: qi-addons-for-elementor Software Status: Active Software Author: qodeinteractive…

Read about this Latest WordPress Vulnerability

Backuply Vulnerability– Backup, Restore, Migrate and Clone – Authenticated (Admin+) Directory Traversal – CVE-2024-2294 | WordPress Plugin Vulnerability Report

March 15, 2024

Posted in Security, Vulnerabilities

Plugin Name: Backuply – Backup, Restore, Migrate and Clone Key Information: Software Type: Plugin Software Slug: backuply Software Status: Active…

Read about this Latest WordPress Vulnerability

ElementsKit Elementor addons Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-1239 | WordPress Plugin Vulnerability Report

March 15, 2024

Posted in Security, Vulnerabilities

Plugin Name: ElementsKit Elementor addons Key Information: Software Type: Plugin Software Slug: elementskit-lite Software Status: Active Software Author: xspeedstudio Software…

Read about this Latest WordPress Vulnerability

WooCommerce PDF Invoices, Packing Slips, Delivery Notes, and Shipping Labels – Unauthenticated Stored Cross-Site Scripting – CVE-2024-0957| WordPress Plugin Vulnerability Report

Advanced Access Manager Vulnerability– Restricted Content, Users & Roles, Enhanced Security and More – Reflected Cross-Site Scripting – CVE-2024-29127 | WordPress Plugin Vulnerability Report

Appointment Booking Calendar Vulnerability— Simply Schedule Appointments Booking Plugin – Authenticated (Subscriber+) SQL Injection – CVE-2024-2341 |WordPress Plugin Vulnerability Report

Permalink Manager Pro Vulnerability- Missing Authorization via get_uri_editor – CVE-2024-2543 |WordPress Plugin Vulnerability Report

Essential Blocks Vulnerability – Page Builder Gutenberg Blocks, Patterns & Templates – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-2255 |WordPress Plugin Vulnerability Report

GiveWP Vulnerability– Donation Plugin and Fundraising Platform – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-1424 | WordPress Plugin Vulnerability Report

Smart Custom Fields Vulnerability – Missing Authorization to Authenticated (Subscriber+) Post Content Disclosure – CVE-2024-1995 | WordPress Plugin Vulnerability Report

Translate WordPress and go Multilingual Vulnerability– Weglot – Authenticated (Contributor+) Stored Cross-Site Scripting via Block Attributes – CVE-2024-2124 | WordPress Plugin Vulnerability Report

Permalink Manager Pro Vulnerability – Missing Authorization to Authenticated (Author+) Arbitrary Post Slug Modification – CVE-2024-2538 | WordPress Plugin Vulnerability Report

Qi Addons For Elementor Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-0826 | WordPress Plugin Vulnerability Report

Backuply Vulnerability– Backup, Restore, Migrate and Clone – Authenticated (Admin+) Directory Traversal – CVE-2024-2294 | WordPress Plugin Vulnerability Report

ElementsKit Elementor addons Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-1239 | WordPress Plugin Vulnerability Report

Recent Blog Posts

LiteSpeed Cache Vulnerability – Unauthenticated Sensitive Information Exposure via Log Files – CVE-2024-44000 | WordPress Plugin Vulnerability Report

Elementor Addon Elements Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Parameters – CVE-2024-4401, CVE-2024-7122 | WordPress Plugin Vulnerability Report

The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid Vulnerability – Authenticated (Contributor+) Information Disclosure – CVE-2024-7418 | WordPress Plugin Vulnerability Report

Additional Resources

About Your WP Guy