WordPress Vulnerability Daily Update

Prime Slider Vulnerability – Authenticated Stored Cross-Site Scripting via Rubix Widget – CVE-2024-1507 | WordPress Plugin Vulnerability Report –

March 12, 2024

Plugin Name: Prime Slider – Addons For Elementor Key Information: Software Type: Plugin Software Slug: bdthemes-prime-slider-lite Software Status: Active Software…

Elementor Header & Footer Builder Vulnerability – Authenticated Stored Cross-Site Scripting – CVE-2024-1237 | WordPress Plugin Vulnerability Report

March 11, 2024

Posted in Speed, Vulnerabilities

Plugin Name: Elementor Header & Footer Builder Key Information: Software Type: Plugin Software Slug: header-footer-elementor Software Status: Active Software Author:…

Essential Addons for Elementor Vulnerability- Authenticated Stored Cross-Site Scripting via Data Table – CVE-2024-1537 |WordPress Plugin Vulnerability Report

March 11, 2024

Posted in Vulnerabilities, Security

Plugin Name: Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders Key Information: Software Type: Plugin…

Site Reviews Vulnerability – Authenticated Stored Cross-Site Scripting via Display Name – CVE-2024-2293 | WordPress Plugin Vulnerability Report

March 11, 2024

Posted in Vulnerabilities, Security

Plugin Name: Site Reviews Key Information: Software Type: Plugin Software Slug: site-reviews Software Status: Active Software Author: geminilabs Software Downloads:…

WP Statistics Vulnerability- Unauthenticated Stored Cross-Site Scripting – CVE-2024-2194 |WordPress Plugin Vulnerability Report

March 11, 2024

Posted in Vulnerabilities, Security

Plugin Name: WP Statistics Key Information: Software Type: Plugin Software Slug: wp-statistics Software Status: Active Software Author: mostafas1990 Software Downloads:…

Colibri Page Builder Vulnerability – Missing Authorization – CVE-2024-1870 | WordPress Plugin Vulnerability Report

March 8, 2024

Posted in Vulnerabilities, Security

Plugin Name: Colibri Page Builder Key Information: Software Type: Plugin Software Slug: colibri-page-builder Software Status: Active Software Author: extendthemes Software…

Easy Accordion Vulnerability – Best Accordion FAQ Plugin for WordPress – Authenticated Stored Cross-Site Scripting – CVE-2024-1363 |WordPress Plugin Vulnerability Report

March 8, 2024

Posted in Vulnerabilities, Security

Plugin Name: Easy Accordion – Best Accordion FAQ Plugin for WordPress Key Information: Software Type: Plugin Software Slug: easy-accordion-free Software…

Ultimate Member Vulnerability – Unauthenticated Stored Cross-Site Scripting – CVE-2024-2123 |WordPress Plugin Vulnerability Report

March 8, 2024

Posted in Vulnerabilities, Security

Plugin Name: Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin Key Information: Software Type:…

Metform Elementor Contact Form Builder Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2024-1585 |WordPress Plugin Vulnerability Report

March 7, 2024

Posted in Vulnerabilities, Security

Plugin Name: Metform Elementor Contact Form Builder Key Information: Software Type: Plugin Software Slug: metform Software Status: Active Software Author:…

Orbit Fox by ThemeIsle Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Registration Form Widget – CVE-2024-2126 |WordPress Plugin Vulnerability Report

March 7, 2024

Posted in Vulnerabilities, Security

Plugin Name: Orbit Fox by ThemeIsle Key Information: Software Type: Plugin Software Slug: themeisle-companion Software Status: Active Software Author: ThemeIsle…

Page Builder: Pagelayer Vulnerability– Drag and Drop website builder – Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Attributes – CVE-2024-2127 |WordPress Plugin Vulnerability Report

March 7, 2024

Posted in Vulnerabilities, Security

Plugin Name: Page Builder: Pagelayer – Drag and Drop website builder Key Information: Software Type: Plugin Software Slug: pagelayer Software…

WP-Members Membership Plugin – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2024-1987 | WordPress Plugin Vulnerability Report

March 7, 2024

Posted in Vulnerabilities, Security

Plugin Name: WP-Members Membership Plugin Key Information: Software Type: Plugin Software Slug: wp-members Software Status: Active Software Author: cbutlerjr Software…

Prime Slider Vulnerability – Authenticated Stored Cross-Site Scripting via Rubix Widget – CVE-2024-1507 | WordPress Plugin Vulnerability Report –

Elementor Header & Footer Builder Vulnerability – Authenticated Stored Cross-Site Scripting – CVE-2024-1237 | WordPress Plugin Vulnerability Report

Essential Addons for Elementor Vulnerability- Authenticated Stored Cross-Site Scripting via Data Table – CVE-2024-1537 |WordPress Plugin Vulnerability Report

Site Reviews Vulnerability – Authenticated Stored Cross-Site Scripting via Display Name – CVE-2024-2293 | WordPress Plugin Vulnerability Report

WP Statistics Vulnerability- Unauthenticated Stored Cross-Site Scripting – CVE-2024-2194 |WordPress Plugin Vulnerability Report

Colibri Page Builder Vulnerability – Missing Authorization – CVE-2024-1870 | WordPress Plugin Vulnerability Report

Easy Accordion Vulnerability – Best Accordion FAQ Plugin for WordPress – Authenticated Stored Cross-Site Scripting – CVE-2024-1363 |WordPress Plugin Vulnerability Report

Ultimate Member Vulnerability – Unauthenticated Stored Cross-Site Scripting – CVE-2024-2123 |WordPress Plugin Vulnerability Report

Metform Elementor Contact Form Builder Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2024-1585 |WordPress Plugin Vulnerability Report

Orbit Fox by ThemeIsle Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Registration Form Widget – CVE-2024-2126 |WordPress Plugin Vulnerability Report

Page Builder: Pagelayer Vulnerability– Drag and Drop website builder – Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Attributes – CVE-2024-2127 |WordPress Plugin Vulnerability Report

WP-Members Membership Plugin – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2024-1987 | WordPress Plugin Vulnerability Report

Recent Blog Posts

WordPress 500 Internal Server Error: What It Means and How to Fix It

Yoast SEO – Advanced SEO with real-time guidance and built-in AI Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via ‘jsonText’ Block Attribute – CVE-2026-3427 | WordPress Plugin Vulnerability Report

The Events Calendar Vulnerability – Missing Authorization to Authenticated (Subscriber+) Data Migration Control – CVE-2025-15043 | WordPress Plugin Vulnerability Report

Additional Resources

About Your WP Guy