WordPress Vulnerability Daily Update

WP Plugin Vulnerabilities Image - Ultimate Member Vulnerability - Unauthenticated Stored Cross-Site Scripting - CVE-2024-2123 |WordPress Plugin Vulnerability Report - Vulnerabilities

Ultimate Member Vulnerability – Unauthenticated Stored Cross-Site Scripting – CVE-2024-2123 |WordPress Plugin Vulnerability Report

March 8, 2024

Plugin Name: Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin Key Information: Software Type:…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Metform Elementor Contact Form Builder Vulnerability - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode - CVE-2024-1585 |WordPress Plugin Vulnerability Report - Vulnerabilities

Metform Elementor Contact Form Builder Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2024-1585 |WordPress Plugin Vulnerability Report

March 7, 2024

Posted in Vulnerabilities, Security

Plugin Name: Metform Elementor Contact Form Builder Key Information: Software Type: Plugin Software Slug: metform Software Status: Active Software Author:…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Orbit Fox by ThemeIsle Vulnerability - Authenticated (Contributor+) Stored Cross-Site Scripting via Registration Form Widget - CVE-2024-2126 |WordPress Plugin Vulnerability Report - Vulnerabilities

Orbit Fox by ThemeIsle Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Registration Form Widget – CVE-2024-2126 |WordPress Plugin Vulnerability Report

March 7, 2024

Posted in Vulnerabilities, Security

Plugin Name: Orbit Fox by ThemeIsle Key Information: Software Type: Plugin Software Slug: themeisle-companion Software Status: Active Software Author: ThemeIsle…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Page Builder: Pagelayer Vulnerability– Drag and Drop website builder - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Attributes - CVE-2024-2127 |WordPress Plugin Vulnerability Report - Vulnerabilities

Page Builder: Pagelayer Vulnerability– Drag and Drop website builder – Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Attributes – CVE-2024-2127 |WordPress Plugin Vulnerability Report

March 7, 2024

Posted in Vulnerabilities, Security

Plugin Name: Page Builder: Pagelayer – Drag and Drop website builder Key Information: Software Type: Plugin Software Slug: pagelayer Software…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - WP-Members Membership Plugin - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode - CVE-2024-1987 | WordPress Plugin Vulnerability Report - Vulnerabilities

WP-Members Membership Plugin – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2024-1987 | WordPress Plugin Vulnerability Report

March 7, 2024

Posted in Vulnerabilities, Security

Plugin Name: WP-Members Membership Plugin Key Information: Software Type: Plugin Software Slug: wp-members Software Status: Active Software Author: cbutlerjr Software…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - EmbedPress – Embed Various Content Types - Authenticated (Contributor+) Stored Cross-Site Scripting via EmbedPress PDF Widget - CVE-2024-2128 | WordPress Plugin Vulnerability Report - Vulnerabilities

EmbedPress – Embed Various Content Types – Authenticated (Contributor+) Stored Cross-Site Scripting via EmbedPress PDF Widget – CVE-2024-2128 | WordPress Plugin Vulnerability Report

March 7, 2024

Posted in Vulnerabilities, Security

Plugin Name: EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - WP Chat App Vulnerability - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Attributes - CVE-2024-1761 |WordPress Plugin Vulnerability Report - Vulnerabilities

WP Chat App Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Block Attributes – CVE-2024-1761 |WordPress Plugin Vulnerability Report

March 6, 2024

Posted in Vulnerabilities, Security

Plugin Name: WP Chat App Key Information: Software Type: Plugin Software Slug: wp-whatsapp Software Status: Active Software Author: ninjateam Software…

Read about this Latest WordPress Vulnerability

User Registration Vulnerability– Custom Registration Form, Login Form, and User Profile WordPress Plugin – Unauthenticated Stored Self-Based Cross-Site Scripting – CVE-2024-1720 | WordPress Plugin Vulnerability Report

March 6, 2024

Posted in Vulnerabilities, Security

Plugin Name: User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin Key Information: Software Type: Plugin…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - The Plus Addons for Elementor - Authenticated (Contributor+) Stored Cross-Site Scripting Header Meta Content Widget - CVE-2024-1419 | WordPress Plugin Vulnerability Report - Vulnerabilities

The Plus Addons for Elementor – Authenticated (Contributor+) Stored Cross-Site Scripting Header Meta Content Widget – CVE-2024-1419 | WordPress Plugin Vulnerability Report

March 6, 2024

Posted in Vulnerabilities, Security

Plugin Name: The Plus Addons for Elementor Key Information: Software Type: Plugin Software Slug: the-plus-addons-for-elementor-page-builder Software Status: Active Software Author:…

Read about this Latest WordPress Vulnerability

Royal Elementor Addons and Templates – Authenticated (Contributor+) Stored Cross-Site Scripting via Logo Widget – CVE-2024-1500 | WordPress Plugin Vulnerability Report

March 6, 2024

Posted in Vulnerabilities, Security

Plugin Name: Royal Elementor Addons and Templates Key Information: Software Type: Plugin Software Slug: royal-elementor-addons Software Status: Active Software Author:…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Prime Slider Addons For Elementor Vulnerability- Authenticated (Contributor+) Stored Cross-Site Scripting via Fiestar Widget - CVE-2024-1506 |WordPress Plugin Vulnerability Report - Vulnerabilities

Prime Slider Addons For Elementor Vulnerability- Authenticated (Contributor+) Stored Cross-Site Scripting via Fiestar Widget – CVE-2024-1506 |WordPress Plugin Vulnerability Report

March 6, 2024

Posted in Vulnerabilities, Security

Plugin Name: Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) Key Information: Software Type:…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Happy Addons for Elementor Vulnerability- Authenticated (Contributor+) Stored Cross-Site Scripting via Archive Title Widget - CVE-2024-1366 | WordPress Plugin Vulnerability Report - Vulnerabilities

Happy Addons for Elementor Vulnerability- Authenticated (Contributor+) Stored Cross-Site Scripting via Archive Title Widget – CVE-2024-1366 | WordPress Plugin Vulnerability Report

March 6, 2024

Posted in Vulnerabilities, Security

Plugin Name: Happy Addons for Elementor Key Information: Software Type: Plugin Software Slug: happy-elementor-addons Software Status: Active Software Author: thehappymonster…

Read about this Latest WordPress Vulnerability

Ultimate Member Vulnerability – Unauthenticated Stored Cross-Site Scripting – CVE-2024-2123 |WordPress Plugin Vulnerability Report

Metform Elementor Contact Form Builder Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2024-1585 |WordPress Plugin Vulnerability Report

Orbit Fox by ThemeIsle Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Registration Form Widget – CVE-2024-2126 |WordPress Plugin Vulnerability Report

Page Builder: Pagelayer Vulnerability– Drag and Drop website builder – Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Attributes – CVE-2024-2127 |WordPress Plugin Vulnerability Report

WP-Members Membership Plugin – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2024-1987 | WordPress Plugin Vulnerability Report

EmbedPress – Embed Various Content Types – Authenticated (Contributor+) Stored Cross-Site Scripting via EmbedPress PDF Widget – CVE-2024-2128 | WordPress Plugin Vulnerability Report

WP Chat App Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Block Attributes – CVE-2024-1761 |WordPress Plugin Vulnerability Report

User Registration Vulnerability– Custom Registration Form, Login Form, and User Profile WordPress Plugin – Unauthenticated Stored Self-Based Cross-Site Scripting – CVE-2024-1720 | WordPress Plugin Vulnerability Report

The Plus Addons for Elementor – Authenticated (Contributor+) Stored Cross-Site Scripting Header Meta Content Widget – CVE-2024-1419 | WordPress Plugin Vulnerability Report

Royal Elementor Addons and Templates – Authenticated (Contributor+) Stored Cross-Site Scripting via Logo Widget – CVE-2024-1500 | WordPress Plugin Vulnerability Report

Prime Slider Addons For Elementor Vulnerability- Authenticated (Contributor+) Stored Cross-Site Scripting via Fiestar Widget – CVE-2024-1506 |WordPress Plugin Vulnerability Report

Happy Addons for Elementor Vulnerability- Authenticated (Contributor+) Stored Cross-Site Scripting via Archive Title Widget – CVE-2024-1366 | WordPress Plugin Vulnerability Report

Recent Blog Posts

Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App Vulnerability – Missing Authorization to Account Takeover via Unauthenticated Email Log Disclosure – CVE: NA | WordPress Plugin Vulnerability Report

SiteSEO – SEO Simplified Vulnerability – Missing Authorization to Authenticated (Author+) Plugin Settings Update – CVE-2025-12367 | WordPress Plugin Vulnerability Report

Qi Blocks Vulnerability – Missing Authorization to Authenticated (Contributor+) Plugin Settings Update – CVE-2025-12180 | WordPress Plugin Vulnerability Report

Additional Resources

About Your WP Guy