WordPress Vulnerability Daily Update

Everest Forms Vulnerability- Unauthenticated Server-Side Request Forgery via font_url – CVE-2024-1812 | WordPress Plugin Vulnerability Report

March 15, 2024

Plugin Name: Everest Forms – Build Contact Forms, Surveys, Polls, Quizzes, Newsletter & Application Forms, and Many More with Ease!…

Read about this Latest WordPress Vulnerability

HT Mega Vulnerability– Absolute Addons For Elementor – Authenticated Directory Traversal – CVE-2024-1974 |WordPress Plugin Vulnerability Report

March 14, 2024

Posted in Security, Vulnerabilities

Plugin Name: HT Mega – Absolute Addons For Elementor Key Information: Software Type: Plugin Software Slug: ht-mega-for-elementor Software Status: Active…

Read about this Latest WordPress Vulnerability

HUSKY Vulnerability– Products Filter Professional for WooCommerce – Authenticated Stored Cross-Site Scripting via Shortcode – CVE-2024-1796 | WordPress Plugin Vulnerability Report

March 14, 2024

Posted in Security, Vulnerabilities

Plugin Name: HUSKY – Products Filter Professional for WooCommerce Key Information: Software Type: Plugin Software Slug: woocommerce-products-filter Software Status: Active…

Read about this Latest WordPress Vulnerability

ShopLentor Vulnerability – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) – Authenticated Stored Cross-Site Scripting via Banner Link – CVE-2024-1960 | WordPress Plugin Vulnerability Report

March 14, 2024

Posted in Security, Vulnerabilities

Plugin Name: ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) Key…

Read about this Latest WordPress Vulnerability

Contact Form 7 Vulnerability – Reflected Cross-Site Scripting – CVE-2024-2242 | WordPress Plugin Vulnerability Report

March 13, 2024

Posted in Security, Vulnerabilities

Plugin Name: Contact Form 7 Key Information: Software Type: Plugin Software Slug: contact-form-7 Software Status: Active Software Author: takayukister Software…

Read about this Latest WordPress Vulnerability

Elementor Addons by Livemesh Vulnerability – Authenticated Stored Cross-Site Scripting via Posts Multislider Widget – CVE-2024-1466 | WordPress Plugin Vulnerability Report

March 13, 2024

Posted in Security, Vulnerabilities

Plugin Name: Elementor Addons by Livemesh Key Information: Software Type: Plugin Software Slug: addons-for-elementor Software Status: Active Software Author: livemesh…

Read about this Latest WordPress Vulnerability

Burst Statistics Vulnerability – Authenticated Stored Cross-Site Scripting via burst_total_pageviews_count – CVE-2024-1894 |WordPress Plugin Vulnerability Report

March 12, 2024

Posted in Security, Vulnerabilities

Plugin Name: Burst Statistics – Privacy-Friendly Analytics for WordPress Key Information: Software Type: Plugin Software Slug: burst-statistics Software Status: Active…

Read about this Latest WordPress Vulnerability

Burst Statistics Vulnerability – Authenticated Stored Cross-Site Scripting via burst_total_pageviews_count – CVE-2024-1894 | WordPress Plugin Vulnerability Report

March 12, 2024

Posted in Security, Vulnerabilities

Plugin Name: Burst Statistics – Privacy-Friendly Analytics for WordPress Key Information: Software Type: Plugin Software Slug: burst-statistics Software Status: Active…

Read about this Latest WordPress Vulnerability

Easy Social Feed Vulnerability – Social Photos Gallery – Post Feed – Like Box – Cross-Site Request Forgery – CVE-2024-1214 | WordPress Plugin Vulnerability Report

March 12, 2024

Posted in Security, Vulnerabilities

Plugin Name: Easy Social Feed – Social Photos Gallery – Post Feed – Like Box Key Information: Software Type: Plugin…

Read about this Latest WordPress Vulnerability

HT Mega Vulnerability – Absolute Addons For Elementor – Authenticated Stored Cross-Site Scripting via Post Carousel Widget – CVE-2024-1421 | WordPress Plugin Vulnerability Report

March 12, 2024

Posted in Security, Vulnerabilities

Plugin Name: HT Mega – Absolute Addons For Elementor Key Information: Software Type: Plugin Software Slug: ht-mega-for-elementor Software Status: Active…

Read about this Latest WordPress Vulnerability

Hustle Vulnerability – Sensitive Information Exposure via Exposed Hubspot API Keys – CVE-2024-0368 | WordPress Plugin Vulnerability Report

March 12, 2024

Posted in Security, Vulnerabilities

Plugin Name: Hustle – Email Marketing, Lead Generation, Optins, Popups Key Information: Software Type: Plugin Software Slug: wordpress-popup Software Status:…

Read about this Latest WordPress Vulnerability

ProfilePress Vulnerability- Authenticated Stored Cross-Site Scripting via Shortcode – CVE-2024-1535 | WordPress Plugin Vulnerability Report

March 12, 2024

Posted in Security, Vulnerabilities

Plugin Name: Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress Key Information:…

Read about this Latest WordPress Vulnerability

Everest Forms Vulnerability- Unauthenticated Server-Side Request Forgery via font_url – CVE-2024-1812 | WordPress Plugin Vulnerability Report

HT Mega Vulnerability– Absolute Addons For Elementor – Authenticated Directory Traversal – CVE-2024-1974 |WordPress Plugin Vulnerability Report

HUSKY Vulnerability– Products Filter Professional for WooCommerce – Authenticated Stored Cross-Site Scripting via Shortcode – CVE-2024-1796 | WordPress Plugin Vulnerability Report

ShopLentor Vulnerability – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) – Authenticated Stored Cross-Site Scripting via Banner Link – CVE-2024-1960 | WordPress Plugin Vulnerability Report

Contact Form 7 Vulnerability – Reflected Cross-Site Scripting – CVE-2024-2242 | WordPress Plugin Vulnerability Report

Elementor Addons by Livemesh Vulnerability – Authenticated Stored Cross-Site Scripting via Posts Multislider Widget – CVE-2024-1466 | WordPress Plugin Vulnerability Report

Burst Statistics Vulnerability – Authenticated Stored Cross-Site Scripting via burst_total_pageviews_count – CVE-2024-1894 |WordPress Plugin Vulnerability Report

Burst Statistics Vulnerability – Authenticated Stored Cross-Site Scripting via burst_total_pageviews_count – CVE-2024-1894 | WordPress Plugin Vulnerability Report

HT Mega Vulnerability – Absolute Addons For Elementor – Authenticated Stored Cross-Site Scripting via Post Carousel Widget – CVE-2024-1421 | WordPress Plugin Vulnerability Report

Hustle Vulnerability – Sensitive Information Exposure via Exposed Hubspot API Keys – CVE-2024-0368 | WordPress Plugin Vulnerability Report

ProfilePress Vulnerability- Authenticated Stored Cross-Site Scripting via Shortcode – CVE-2024-1535 | WordPress Plugin Vulnerability Report

Recent Blog Posts

LiteSpeed Cache Vulnerability – Unauthenticated Sensitive Information Exposure via Log Files – CVE-2024-44000 | WordPress Plugin Vulnerability Report

Elementor Addon Elements Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Parameters – CVE-2024-4401, CVE-2024-7122 | WordPress Plugin Vulnerability Report

The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid Vulnerability – Authenticated (Contributor+) Information Disclosure – CVE-2024-7418 | WordPress Plugin Vulnerability Report

Additional Resources

About Your WP Guy