WordPress Vulnerability Daily Update

Social Sharing Plugin Vulnerability– Sassy Social Share – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2024-1989 | WordPress Plugin Vulnerability Report

March 5, 2024

Plugin Name: Social Sharing Plugin – Sassy Social Share Key Information: Software Type: Plugin Software Slug: sassy-social-share Software Status: Active…

SiteOrigin Widgets Bundle Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-1723 | WordPress Plugin Vulnerability Report

March 4, 2024

Posted in Vulnerabilities, Security

Plugin Name: SiteOrigin Widgets Bundle Key Information: Software Type: Plugin Software Slug: so-widgets-bundle Software Status: Active Software Author: gpriday Software…

File Manager Vulnerability- Directory Traversal – CVE-2023-6825 | WordPress Plugin Vulnerability Report

March 4, 2024

Posted in Vulnerabilities, Security

Plugin Name: File Manager Key Information: Software Type: Plugin Software Slug: wp-file-manager Software Status: Active Software Author: mndpsingh287 Software Downloads:…

Complianz Vulnerability – GDPR/CCPA Cookie Consent – Cross-Site Request Forgery to Data Request Deletion – CVE-2024-1592 | WordPress Plugin Vulnerability Report

March 1, 2024

Posted in Vulnerabilities, Security

Plugin Name: Complianz – GDPR/CCPA Cookie Consent Key Information: Software Type: Plugin Software Slug: complianz-gdpr Software Status: Active Software Author:…

Calculated Fields Form Vulnerability – Unauthenticated Stored Cross-Site Scripting – CVE-2024-2020 | WordPress Plugin Vulnerability Report

March 1, 2024

Posted in Vulnerabilities, Security

Plugin Name: Calculated Fields Form Key Information: Software Type: Plugin Software Slug: calculated-fields-form Software Status: Active Software Author: codepeople Software…

AI Engine Vulnerability – Unauthenticated Stored Cross-Site Scripting – CVE-2024-0378 | WordPress Plugin Vulnerability Report

March 1, 2024

Posted in Vulnerabilities, Security

Plugin Name: AI Engine Key Information: Software Type: Plugin Software Slug: ai-engine Software Status: Active Software Author: tigroumeow Software Downloads:…

GenerateBlocks Vulnerability – Sensitive Information Exposure – CVE-2024-1452 | WordPress Plugin Vulnerability Report

March 1, 2024

Posted in Vulnerabilities, Security

Plugin Name: GenerateBlocks Key Information: Software Type: Plugin Software Slug: generateblocks Software Status: Active Software Author: edge22 Software Downloads: 1,658,618…

WP Show Posts Vulnerability – Information Exposure – CVE-2024-1479 | WordPress Plugin Vulnerability Report

March 1, 2024

Posted in Vulnerabilities, Security

Plugin Name: WP Show Posts Key Information: Software Type: Plugin Software Slug: wp-show-posts Software Status: Active Software Author: edge22 Software…

Amelia Vulnerability – Reflected Cross-Site Scripting – CVE-2024-1484 | WordPress Plugin Vulnerability Report

February 29, 2024

Posted in Vulnerabilities, Security

Plugin Name: Booking for Appointments and Events Calendar – Amelia Key Information: Software Type: Plugin Software Slug: ameliabooking Software Status:…

Exclusive Addons for Elementor Vulnerability – Authenticated Contributor+ Stored Cross-Site Scripting – CVE-2024-1234 | WordPress Plugin Vulnerability Report

February 29, 2024

Posted in Vulnerabilities, Security

Plugin Name: Exclusive Addons for Elementor Key Information: Software Type: Plugin Software Slug: exclusive-addons-for-elementor Software Status: Active Software Author: timstrifler…

Visual Composer Vulnerability – Authenticated Contributor+ Stored Cross-Site Scripting – CVE-2023-6880 | WordPress Plugin Vulnerability Report

February 29, 2024

Posted in Vulnerabilities, Security

Plugin Name: Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode & Coming Soon Pages Key Information:…

Migration, Backup, Staging Vulnerability– WPvivid – Missing Authorization – CVE-2024-1982 | WordPress Plugin Vulnerability Report

February 28, 2024

Posted in Vulnerabilities, Security

Plugin Name: Migration, Backup, Staging – WPvivid Key Information: Software Type: Plugin Software Slug: wpvivid-backuprestore Software Status: Active Software Author:…

SiteOrigin Widgets Bundle Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-1723 | WordPress Plugin Vulnerability Report

File Manager Vulnerability- Directory Traversal – CVE-2023-6825 | WordPress Plugin Vulnerability Report

Calculated Fields Form Vulnerability – Unauthenticated Stored Cross-Site Scripting – CVE-2024-2020 | WordPress Plugin Vulnerability Report

AI Engine Vulnerability – Unauthenticated Stored Cross-Site Scripting – CVE-2024-0378 | WordPress Plugin Vulnerability Report

GenerateBlocks Vulnerability – Sensitive Information Exposure – CVE-2024-1452 | WordPress Plugin Vulnerability Report

WP Show Posts Vulnerability – Information Exposure – CVE-2024-1479 | WordPress Plugin Vulnerability Report

Amelia Vulnerability – Reflected Cross-Site Scripting – CVE-2024-1484 | WordPress Plugin Vulnerability Report

Exclusive Addons for Elementor Vulnerability – Authenticated Contributor+ Stored Cross-Site Scripting – CVE-2024-1234 | WordPress Plugin Vulnerability Report

Visual Composer Vulnerability – Authenticated Contributor+ Stored Cross-Site Scripting – CVE-2023-6880 | WordPress Plugin Vulnerability Report

Migration, Backup, Staging Vulnerability– WPvivid – Missing Authorization – CVE-2024-1982 | WordPress Plugin Vulnerability Report

Recent Blog Posts

WordPress 500 Internal Server Error: What It Means and How to Fix It

Yoast SEO – Advanced SEO with real-time guidance and built-in AI Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via ‘jsonText’ Block Attribute – CVE-2026-3427 | WordPress Plugin Vulnerability Report

The Events Calendar Vulnerability – Missing Authorization to Authenticated (Subscriber+) Data Migration Control – CVE-2025-15043 | WordPress Plugin Vulnerability Report

Additional Resources

About Your WP Guy