WordPress Vulnerability Daily Update

Page Builder: Pagelayer Vulnerability– Drag and Drop website builder – Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Attributes – CVE-2024-2127 |WordPress Plugin Vulnerability Report

March 7, 2024

Plugin Name: Page Builder: Pagelayer – Drag and Drop website builder Key Information: Software Type: Plugin Software Slug: pagelayer Software…

Read about this Latest WordPress Vulnerability

WP-Members Membership Plugin – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2024-1987 | WordPress Plugin Vulnerability Report

March 7, 2024

Posted in Security, Vulnerabilities

Plugin Name: WP-Members Membership Plugin Key Information: Software Type: Plugin Software Slug: wp-members Software Status: Active Software Author: cbutlerjr Software…

Read about this Latest WordPress Vulnerability

EmbedPress – Embed Various Content Types – Authenticated (Contributor+) Stored Cross-Site Scripting via EmbedPress PDF Widget – CVE-2024-2128 | WordPress Plugin Vulnerability Report

March 7, 2024

Posted in Security, Vulnerabilities

Plugin Name: EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in…

Read about this Latest WordPress Vulnerability

WP Chat App Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Block Attributes – CVE-2024-1761 |WordPress Plugin Vulnerability Report

March 6, 2024

Posted in Security, Vulnerabilities

Plugin Name: WP Chat App Key Information: Software Type: Plugin Software Slug: wp-whatsapp Software Status: Active Software Author: ninjateam Software…

Read about this Latest WordPress Vulnerability

User Registration Vulnerability– Custom Registration Form, Login Form, and User Profile WordPress Plugin – Unauthenticated Stored Self-Based Cross-Site Scripting – CVE-2024-1720 | WordPress Plugin Vulnerability Report

March 6, 2024

Posted in Security, Vulnerabilities

Plugin Name: User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin Key Information: Software Type: Plugin…

Read about this Latest WordPress Vulnerability

The Plus Addons for Elementor – Authenticated (Contributor+) Stored Cross-Site Scripting Header Meta Content Widget – CVE-2024-1419 | WordPress Plugin Vulnerability Report

March 6, 2024

Posted in Security, Vulnerabilities

Plugin Name: The Plus Addons for Elementor Key Information: Software Type: Plugin Software Slug: the-plus-addons-for-elementor-page-builder Software Status: Active Software Author:…

Read about this Latest WordPress Vulnerability

Royal Elementor Addons and Templates – Authenticated (Contributor+) Stored Cross-Site Scripting via Logo Widget – CVE-2024-1500 | WordPress Plugin Vulnerability Report

March 6, 2024

Posted in Security, Vulnerabilities

Plugin Name: Royal Elementor Addons and Templates Key Information: Software Type: Plugin Software Slug: royal-elementor-addons Software Status: Active Software Author:…

Read about this Latest WordPress Vulnerability

Prime Slider Addons For Elementor Vulnerability- Authenticated (Contributor+) Stored Cross-Site Scripting via Fiestar Widget – CVE-2024-1506 |WordPress Plugin Vulnerability Report

March 6, 2024

Posted in Security, Vulnerabilities

Plugin Name: Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) Key Information: Software Type:…

Read about this Latest WordPress Vulnerability

Happy Addons for Elementor Vulnerability- Authenticated (Contributor+) Stored Cross-Site Scripting via Archive Title Widget – CVE-2024-1366 | WordPress Plugin Vulnerability Report

March 6, 2024

Posted in Security, Vulnerabilities

Plugin Name: Happy Addons for Elementor Key Information: Software Type: Plugin Software Slug: happy-elementor-addons Software Status: Active Software Author: thehappymonster…

Read about this Latest WordPress Vulnerability

Database for Contact Form 7, WPforms, Elementor forms Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2024-2030 | WordPress Plugin Vulnerability Report

March 6, 2024

Posted in Security, Vulnerabilities

Plugin Name: Database for Contact Form 7, WPforms, Elementor forms Key Information: Software Type: Plugin Software Slug: contact-form-entries Software Status:…

Read about this Latest WordPress Vulnerability

Booster for WooCommerce Vulnerability- Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2024-1534 | WordPress Plugin Vulnerability Report

March 6, 2024

Posted in Security, Vulnerabilities

Plugin Name: Booster for WooCommerce Key Information: Software Type: Plugin Software Slug: woocommerce-jetpack Software Status: Active Software Author: pluggabl Software…

Read about this Latest WordPress Vulnerability

Simple Membership Vulnerability- Unauthenticated Stored Self-Based Cross-Site Scripting – CVE-2024-1985 |WordPress Plugin Vulnerability Report

March 5, 2024

Posted in Security, Vulnerabilities

Plugin Name: Simple Membership Key Information: Software Type: Plugin Software Slug: simple-membership Software Status: Active Software Author: mra13 Software Downloads:…

Read about this Latest WordPress Vulnerability

Page Builder: Pagelayer Vulnerability– Drag and Drop website builder – Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Attributes – CVE-2024-2127 |WordPress Plugin Vulnerability Report

WP-Members Membership Plugin – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2024-1987 | WordPress Plugin Vulnerability Report

EmbedPress – Embed Various Content Types – Authenticated (Contributor+) Stored Cross-Site Scripting via EmbedPress PDF Widget – CVE-2024-2128 | WordPress Plugin Vulnerability Report

WP Chat App Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Block Attributes – CVE-2024-1761 |WordPress Plugin Vulnerability Report

User Registration Vulnerability– Custom Registration Form, Login Form, and User Profile WordPress Plugin – Unauthenticated Stored Self-Based Cross-Site Scripting – CVE-2024-1720 | WordPress Plugin Vulnerability Report

The Plus Addons for Elementor – Authenticated (Contributor+) Stored Cross-Site Scripting Header Meta Content Widget – CVE-2024-1419 | WordPress Plugin Vulnerability Report

Royal Elementor Addons and Templates – Authenticated (Contributor+) Stored Cross-Site Scripting via Logo Widget – CVE-2024-1500 | WordPress Plugin Vulnerability Report

Prime Slider Addons For Elementor Vulnerability- Authenticated (Contributor+) Stored Cross-Site Scripting via Fiestar Widget – CVE-2024-1506 |WordPress Plugin Vulnerability Report

Happy Addons for Elementor Vulnerability- Authenticated (Contributor+) Stored Cross-Site Scripting via Archive Title Widget – CVE-2024-1366 | WordPress Plugin Vulnerability Report

Database for Contact Form 7, WPforms, Elementor forms Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2024-2030 | WordPress Plugin Vulnerability Report

Booster for WooCommerce Vulnerability- Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2024-1534 | WordPress Plugin Vulnerability Report

Simple Membership Vulnerability- Unauthenticated Stored Self-Based Cross-Site Scripting – CVE-2024-1985 |WordPress Plugin Vulnerability Report

Recent Blog Posts

LiteSpeed Cache Vulnerability – Unauthenticated Sensitive Information Exposure via Log Files – CVE-2024-44000 | WordPress Plugin Vulnerability Report

Elementor Addon Elements Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Parameters – CVE-2024-4401, CVE-2024-7122 | WordPress Plugin Vulnerability Report

The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid Vulnerability – Authenticated (Contributor+) Information Disclosure – CVE-2024-7418 | WordPress Plugin Vulnerability Report

Additional Resources

About Your WP Guy