WordPress Vulnerability Daily Update

Visual Composer Vulnerability – Authenticated Contributor+ Stored Cross-Site Scripting – CVE-2023-6880 | WordPress Plugin Vulnerability Report

February 29, 2024

Plugin Name: Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode & Coming Soon Pages Key Information:…

Read about this Latest WordPress Vulnerability

Migration, Backup, Staging Vulnerability– WPvivid – Missing Authorization – CVE-2024-1982 | WordPress Plugin Vulnerability Report

February 28, 2024

Posted in Security, Vulnerabilities

Plugin Name: Migration, Backup, Staging – WPvivid Key Information: Software Type: Plugin Software Slug: wpvivid-backuprestore Software Status: Active Software Author:…

Read about this Latest WordPress Vulnerability

Premium Addons for Elementor Vulnerability- Authenticated Stored Cross-Site Scripting – CVE-2024-1680 | WordPress Plugin Vulnerability Report

February 28, 2024

Posted in Security, Vulnerabilities

Plugin Name: Premium Addons for Elementor Key Information: Software Type: Plugin Software Slug: premium-addons-for-elementor Software Status: Active Software Author: leap13…

Read about this Latest WordPress Vulnerability

Advanced iFrame Vulnerability- Authenticated Contributor+ Stored Cross-Site Scripting – CVE-2024-1341 | WordPress Plugin Vulnerability Report

February 28, 2024

Posted in Security, Vulnerabilities

Plugin Name: Advanced iFrame Key Information: Software Type: Plugin Software Slug: advanced-iframe Software Status: Active Software Author: mdempfle Software Downloads:…

Read about this Latest WordPress Vulnerability

Beaver Builder Vulnerability– WordPress Page Builder – Authenticated Contributor+ Stored Cross-Site Scripting via Audio Widget – CVE-2024-1074 | WordPress Plugin Vulnerability Report

February 28, 2024

Posted in Security, Vulnerabilities

Plugin Name: Beaver Builder – WordPress Page Builder Key Information: Software Type: Plugin Software Slug: beaver-builder-lite-version Software Status: Active Software…

Read about this Latest WordPress Vulnerability

Custom Field Suite Vulnerability- Authenticated (Admin+) Stored Cross-Site Scripting – CVE-2024-0689 | WordPress Plugin Vulnerability Report

February 28, 2024

Posted in Security, Vulnerabilities

Plugin Name: Custom Field Suite Key Information: Software Type: Plugin Software Slug: custom-field-suite Software Status: Active Software Author: mgibbs189 Software…

Read about this Latest WordPress Vulnerability

Download Manager Vulnerability- Missing Authorization – CVE-2023-6785 | WordPress Plugin Vulnerability Report

February 28, 2024

Posted in Security, Vulnerabilities

Plugin Name: Download Manager Key Information: Software Type: Plugin Software Slug: download-manager Software Status: Active Software Author: codename065 Software Downloads:…

Read about this Latest WordPress Vulnerability

Essential Blocks Vulnerability- Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-1854 | WordPress Plugin Vulnerability Report

February 28, 2024

Posted in Security, Vulnerabilities

Plugin Name: Essential Blocks Key Information: Software Type: Plugin Software Slug: essential-blocks Software Status: Active Software Author: wpdevteam Software Downloads:…

Read about this Latest WordPress Vulnerability

Events Manager Vulnerability– Calendar, Bookings, Tickets, and more! – Authenticated (Administrator+) Stored Cross-Site Scripting – CVE-2024-0614 | WordPress Plugin Vulnerability Report

February 28, 2024

Posted in Security, Vulnerabilities

Plugin Name: Events Manager – Calendar, Bookings, Tickets, and more! Key Information: Software Type: Plugin Software Slug: events-manager Software Status:…

Read about this Latest WordPress Vulnerability

WP Shortcodes Plugin Vulnerability— Shortcodes Ultimate – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-1808 | WordPress Plugin Vulnerability Report

February 27, 2024

Posted in Security, Vulnerabilities

Plugin Name: WP Shortcodes Plugin – Shortcodes Ultimate Key Information: Software Type: Plugin Software Slug: shortcodes-ultimate Software Status: Active Software…

Read about this Latest WordPress Vulnerability

NotificationX Vulnerability- Unauthenticated SQL Injection – CVE-2024-1698 | WordPress Plugin Vulnerability Report

February 26, 2024

Posted in Security, Vulnerabilities

Plugin Name: NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor Key Information: Software…

Read about this Latest WordPress Vulnerability

Orbit Fox by ThemeIsle Vulnerability- Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-1323 | WordPress Plugin Vulnerability Report

February 26, 2024

Posted in Security, Vulnerabilities

Plugin Name: Orbit Fox by ThemeIsle Key Information: Software Type: Plugin Software Slug: themeisle-companion Software Status: Active Software Author: themeisle…

Read about this Latest WordPress Vulnerability

Visual Composer Vulnerability – Authenticated Contributor+ Stored Cross-Site Scripting – CVE-2023-6880 | WordPress Plugin Vulnerability Report

Migration, Backup, Staging Vulnerability– WPvivid – Missing Authorization – CVE-2024-1982 | WordPress Plugin Vulnerability Report

Premium Addons for Elementor Vulnerability- Authenticated Stored Cross-Site Scripting – CVE-2024-1680 | WordPress Plugin Vulnerability Report

Advanced iFrame Vulnerability- Authenticated Contributor+ Stored Cross-Site Scripting – CVE-2024-1341 | WordPress Plugin Vulnerability Report

Beaver Builder Vulnerability– WordPress Page Builder – Authenticated Contributor+ Stored Cross-Site Scripting via Audio Widget – CVE-2024-1074 | WordPress Plugin Vulnerability Report

Custom Field Suite Vulnerability- Authenticated (Admin+) Stored Cross-Site Scripting – CVE-2024-0689 | WordPress Plugin Vulnerability Report

Download Manager Vulnerability- Missing Authorization – CVE-2023-6785 | WordPress Plugin Vulnerability Report

Essential Blocks Vulnerability- Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-1854 | WordPress Plugin Vulnerability Report

Events Manager Vulnerability– Calendar, Bookings, Tickets, and more! – Authenticated (Administrator+) Stored Cross-Site Scripting – CVE-2024-0614 | WordPress Plugin Vulnerability Report

WP Shortcodes Plugin Vulnerability— Shortcodes Ultimate – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-1808 | WordPress Plugin Vulnerability Report

NotificationX Vulnerability- Unauthenticated SQL Injection – CVE-2024-1698 | WordPress Plugin Vulnerability Report

Orbit Fox by ThemeIsle Vulnerability- Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-1323 | WordPress Plugin Vulnerability Report

Recent Blog Posts

LiteSpeed Cache Vulnerability – Unauthenticated Sensitive Information Exposure via Log Files – CVE-2024-44000 | WordPress Plugin Vulnerability Report

Elementor Addon Elements Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Parameters – CVE-2024-4401, CVE-2024-7122 | WordPress Plugin Vulnerability Report

The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid Vulnerability – Authenticated (Contributor+) Information Disclosure – CVE-2024-7418 | WordPress Plugin Vulnerability Report

Additional Resources

About Your WP Guy