WordPress Vulnerability Daily Update

ProfilePress Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via profilepress-edit-profile Shortcode – CVE-2024-1806 | WordPress Plugin Vulnerability Report

February 23, 2024

Plugin Name: Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress Key Information:…

Ultimate Member Vulnerability – Unauthenticated SQL Injection – CVE-2024-1071 | WordPress Plugin Vulnerability Report

February 23, 2024

Posted in Vulnerabilities, Security

Plugin Name: Ultimate Member Key Information: Software Type: Plugin Software Slug: ultimate-member Software Status: Active Software Author: ultimatemember Software Downloads: 9,722,132 Active Installs: 200,000 Last Updated: February…

ProfilePress Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via [reg-select-role] Shortcode – CVE-2024-1409 | WordPress Plugin Vulnerability Report

February 22, 2024

Posted in Vulnerabilities, Security

Plugin Name: ProfilePress Key Information: Software Type: Plugin Software Slug: wp-user-avatar Software Status: Active Software Author: collizo4sky Software Downloads: 12,483,598 Active Installs: 200,000 Last Updated: February 22,…

Colibri Page Builder Vulnerability – Cross-Site Request Fogery – CVE-2024-1362, CVE-2024-1361 | WordPress Plugin Vulnerability Report

February 22, 2024

Posted in Vulnerabilities, Security

Plugin Name: Colibri Page Builder Key Information: Software Type: Plugin Software Slug: colibri-page-builder Software Status: Active Software Author: extendthemes Software Downloads: 2,380,495 Active Installs: 100,000 Last…

Page Builder: Pagelayer Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Button – CVE-2024-1590 | WordPress Plugin Vulnerability Report

February 22, 2024

Posted in Vulnerabilities, Security

Plugin Name: Page Builder: Pagelayer Key Information: Software Type: Plugin Software Slug: pagelayer Software Status: Active Software Author: softaculous Software Downloads: 5,658,195 Active Installs: 200,000 Last…

User Feedback Vulnerability – Unauthenticated Stored Cross-Site Scripting – CVE-2024-0903 | WordPress Plugin Vulnerability Report

February 21, 2024

Posted in Vulnerabilities, Security

Plugin Name: User Feedback Key Information: Software Type: Plugin Software Slug: userfeedback-lite Software Status: Active Software Author: smub Software Downloads: 1,054,695 Active Installs: 200,000 Last Updated: February…

Event Tickets and Registration Vulnerability – Missing Authorization – CVE-2024-1053 | WordPress Plugin Vulnerability Report

February 21, 2024

Posted in Vulnerabilities, Security

Plugin Name: Event Tickets and Registration Key Information: Software Type: Plugin Software Slug: event-tickets Software Status: Active Software Author: theeventscalendar Software Downloads: 3,388,630 Active Installs: 80,000…

Elementor Addon Elements Vulnerability – Directory Traversal to Local File Inclusion – CVE-2024-1358 | WordPress Plugin Vulnerability Report

February 21, 2024

Posted in Vulnerabilities, Security

Plugin Name: Elementor Addon Elements Key Information: Software Type: Plugin Software Slug: addon-elements-for-elementor-page-builder Software Status: Active Software Author: webtechstreet Software Downloads: 2,406,134 Active Installs: 100,000 Last…

Enhanced Text Widget Vulnerability – Authenticated (Administrator+) Stored Cross-Site Scripting – CVE-2024-0559 | WordPress Plugin Vulnerability Report

February 20, 2024

Posted in Vulnerabilities, Security

Plugin Name: Enhanced Text Widget Key Information: Software Type: Plugin Software Slug: enhanced-text-widget Software Status: Active Software Author: cl272 Software Downloads: 773,012 Active Installs: 50,000 Last…

wpDataTables Vulnerability – Reflected Cross-Site Scripting – CVE-2024-0591 | WordPress Plugin Vulnerability Report

February 20, 2024

Posted in Vulnerabilities, Security

Plugin Name: wpDataTables Key Information: Software Type: Plugin Software Slug: wpdatatables Software Status: Active Software Author: wpdatatables Software Downloads: 1,303,680 Active Installs: 70,000 Last Updated: February 20,…

Tutor LMS Vulnerability – Missing Authorization & Authenticated HTML Injection – CVE-2024-1133 & CVE-2024-1128 | WordPress Plugin Vulnerability Report

February 20, 2024

Posted in Vulnerabilities, Security

Plugin Name: Tutor LMS Key Information: Software Type: Plugin Software Slug: tutor Software Status: Active Software Author: themeum Software Downloads: 1,925,315 Active Installs: 80,000 Last Updated: February…

YARPP Vulnerability – Authenticated(Administrator+) Stored Cross-Site Scripting via settings – CVE-2024-0602 | WordPress Plugin Vulnerability Report

February 20, 2024

Posted in Vulnerabilities, Security

Plugin Name: YARPP Key Information: Software Type: Plugin Software Slug: yet-another-related-posts-plugin Software Status: Active Software Author: jeffparker Software Downloads: 7,579,644 Active Installs: 100,000 Last Updated: February 20,…

ProfilePress Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via profilepress-edit-profile Shortcode – CVE-2024-1806 | WordPress Plugin Vulnerability Report

Ultimate Member Vulnerability – Unauthenticated SQL Injection – CVE-2024-1071 | WordPress Plugin Vulnerability Report

ProfilePress Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via [reg-select-role] Shortcode – CVE-2024-1409 | WordPress Plugin Vulnerability Report

Colibri Page Builder Vulnerability – Cross-Site Request Fogery – CVE-2024-1362, CVE-2024-1361 | WordPress Plugin Vulnerability Report

Page Builder: Pagelayer Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Button – CVE-2024-1590 | WordPress Plugin Vulnerability Report

User Feedback Vulnerability – Unauthenticated Stored Cross-Site Scripting – CVE-2024-0903 | WordPress Plugin Vulnerability Report

Event Tickets and Registration Vulnerability – Missing Authorization – CVE-2024-1053 | WordPress Plugin Vulnerability Report

Elementor Addon Elements Vulnerability – Directory Traversal to Local File Inclusion – CVE-2024-1358 | WordPress Plugin Vulnerability Report

Enhanced Text Widget Vulnerability – Authenticated (Administrator+) Stored Cross-Site Scripting – CVE-2024-0559 | WordPress Plugin Vulnerability Report

wpDataTables Vulnerability – Reflected Cross-Site Scripting – CVE-2024-0591 | WordPress Plugin Vulnerability Report

Tutor LMS Vulnerability – Missing Authorization & Authenticated HTML Injection – CVE-2024-1133 & CVE-2024-1128 | WordPress Plugin Vulnerability Report

Recent Blog Posts

WordPress 500 Internal Server Error: What It Means and How to Fix It

Yoast SEO – Advanced SEO with real-time guidance and built-in AI Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via ‘jsonText’ Block Attribute – CVE-2026-3427 | WordPress Plugin Vulnerability Report

The Events Calendar Vulnerability – Missing Authorization to Authenticated (Subscriber+) Data Migration Control – CVE-2025-15043 | WordPress Plugin Vulnerability Report

Additional Resources

About Your WP Guy