WordPress Vulnerability Daily Update

WP Plugin Vulnerabilities Image - Tutor LMS Vulnerability - Missing Authorization & Authenticated HTML Injection - CVE-2024-1133 & CVE-2024-1128 | WordPress Plugin Vulnerability Report - Vulnerabilities

Tutor LMS Vulnerability – Missing Authorization & Authenticated HTML Injection – CVE-2024-1133 & CVE-2024-1128 | WordPress Plugin Vulnerability Report

February 20, 2024

Plugin Name: Tutor LMS Key Information: Software Type: Plugin Software Slug: tutor Software Status: Active Software Author: themeum Software Downloads: 1,925,315 Active Installs: 80,000 Last Updated: February…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - YARPP Vulnerability - Authenticated(Administrator+) Stored Cross-Site Scripting via settings - CVE-2024-0602 | WordPress Plugin Vulnerability Report - Vulnerabilities

YARPP Vulnerability – Authenticated(Administrator+) Stored Cross-Site Scripting via settings – CVE-2024-0602 | WordPress Plugin Vulnerability Report

February 20, 2024

Posted in Vulnerabilities, Security

Plugin Name: YARPP Key Information: Software Type: Plugin Software Slug: yet-another-related-posts-plugin Software Status: Active Software Author: jeffparker Software Downloads: 7,579,644 Active Installs: 100,000 Last Updated: February 20,…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Sassy Social Share Vulnerability - Authenticated (Contributor+) Stored Cross-Site Scripting - CVE-2024-1448 | WordPress Plugin Vulnerability Report - Vulnerabilities

Sassy Social Share Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-1448 | WordPress Plugin Vulnerability Report

February 20, 2024

Posted in Vulnerabilities, Security

Plugin Name: Sassy Social Share Key Information: Software Type: Plugin Software Slug: sassy-social-share Software Status: Active Software Author: heateor Software…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Beaver Builder Vulnerability - Authenticated (Contributor+) Stored Cross-Site Scripting - CVE-2024-0897 | WordPress Plugin Vulnerability Report - Vulnerabilities

Beaver Builder Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-0897 | WordPress Plugin Vulnerability Report

February 20, 2024

Posted in Vulnerabilities, Security

Plugin Name: Beaver Builder Key Information: Software Type: Plugin Software Slug: beaver-builder-lite-version Software Status: Active Software Author: justinbusa Software Downloads: 9,597,835 Active Installs: 100,000 Last Updated: February…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - 3D FlipBook Vulnerability - Authenticated (Contributor+) Stored Cross-Site Scripting via Bookmarks - CVE-2024-1081 | WordPress Plugin Vulnerability Report - Vulnerabilities

3D FlipBook Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Bookmarks – CVE-2024-1081 | WordPress Plugin Vulnerability Report

February 20, 2024

Posted in Vulnerabilities, Security

Plugin Name: 3D FlipBook Key Information: Software Type: Plugin Software Slug: interactive-3d-flipbook-powered-physics-engine Software Status: Active Software Author: iberezansky Software Downloads: 1,524,371 Active Installs: 70,000 Last Updated: February…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Schema & Structured Data for WP & AMP Vulnerability - Missing Authorization to reCaptcha Key Modification & Authenticated (Custom) Stored Cross-Site Scripting - CVE-2024-1288 & CVE-2024-1586 | WordPress Plugin Vulnerability Report - Vulnerabilities

Schema & Structured Data for WP & AMP Vulnerability – Missing Authorization to reCaptcha Key Modification & Authenticated (Custom) Stored Cross-Site Scripting – CVE-2024-1288 & CVE-2024-1586 | WordPress Plugin Vulnerability Report

February 19, 2024

Posted in Vulnerabilities, Security

Plugin Name: Schema & Structured Data for WP & AMP Key Information: Software Type: Plugin Software Slug: schema-and-structured-data-for-wp Software Status:…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Featured Image from URL Vulnerability - Authenticated (Contributor+) Stored Cross-Site Scripting via fifu_input_url - CVE-2024-1496 | WordPress Plugin Vulnerability Report - Vulnerabilities

Featured Image from URL Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via fifu_input_url – CVE-2024-1496 | WordPress Plugin Vulnerability Report

February 19, 2024

Posted in Vulnerabilities, Security

Plugin Name: Featured Image from URL Key Information: Software Type: Plugin Software Slug: featured-image-from-url Software Status: Active Software Author: marceljm…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Password Protected Vulnerability - Authenticated (Admin+) Stored Cross-Site Scripting - CVE-2024-0656 | WordPress Plugin Vulnerability Report - Vulnerabilities

Password Protected Vulnerability – Authenticated (Admin+) Stored Cross-Site Scripting – CVE-2024-0656 | WordPress Plugin Vulnerability Report

February 19, 2024

Posted in Vulnerabilities, Security

Plugin Name: Password Protected Key Information: Software Type: Plugin Software Slug: password-protected Software Status: Active Software Author: wpexpertsio Software Downloads: 4,493,510 Active Installs: 400,000 Last Updated: February…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Shortcodes Ultimate Vulnerability - Authenticated (Contributor+) Stored Cross-Site Scripting via su_tooltip Shortcode - CVE-2024-1510 | WordPress Plugin Vulnerability Report - Vulnerabilities

Shortcodes Ultimate Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via su_tooltip Shortcode – CVE-2024-1510 | WordPress Plugin Vulnerability Report

February 19, 2024

Posted in Vulnerabilities, Security

Plugin Name: Shortcodes Ultimate Key Information ormation: Software Type: Plugin Software Slug: shortcodes-ultimate Software Status: Active Software Author: gn_themes Software Downloads: 18,644,577 Active Installs: 600,000 Last…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Ocean Extra Vulnerability- Authenticated (Contributor+) Stored Cross-Site Scripting - CVE-2024-1277 | WordPress Plugin Vulnerability Report - Vulnerabilities

Ocean Extra Vulnerability- Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-1277 | WordPress Plugin Vulnerability Report

February 16, 2024

Posted in Vulnerabilities, Security

Plugin Name: Ocean Extra Key Information: Software Type: Plugin Software Slug: ocean-extra Software Status: Active Software Author: oceanwp Software Downloads:…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Page scroll to id - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode - CVE-2024-1445 |WordPress Plugin Vulnerability Report - Vulnerabilities

Page scroll to id – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2024-1445 |WordPress Plugin Vulnerability Report

February 16, 2024

Posted in Vulnerabilities, Security

Plugin Name: Page scroll to id Key Information: Software Type: Plugin Software Slug: page-scroll-to-id Software Status: Active Software Author: malihu…

Read about this Latest WordPress Vulnerability

WP Maintenance Vulnerability – Information Exposure – CVE-2024-1472 | WordPress Plugin Vulnerability Report

February 16, 2024

Posted in Security, Vulnerabilities

Plugin Name: WP Maintenance Key Information: Software Type: Plugin Software Slug: wp-maintenance Software Status: Active Software Author: florent73 Software Downloads:…

Read about this Latest WordPress Vulnerability

Tutor LMS Vulnerability – Missing Authorization & Authenticated HTML Injection – CVE-2024-1133 & CVE-2024-1128 | WordPress Plugin Vulnerability Report

Beaver Builder Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-0897 | WordPress Plugin Vulnerability Report

3D FlipBook Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Bookmarks – CVE-2024-1081 | WordPress Plugin Vulnerability Report

Schema & Structured Data for WP & AMP Vulnerability – Missing Authorization to reCaptcha Key Modification & Authenticated (Custom) Stored Cross-Site Scripting – CVE-2024-1288 & CVE-2024-1586 | WordPress Plugin Vulnerability Report

Featured Image from URL Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via fifu_input_url – CVE-2024-1496 | WordPress Plugin Vulnerability Report

Password Protected Vulnerability – Authenticated (Admin+) Stored Cross-Site Scripting – CVE-2024-0656 | WordPress Plugin Vulnerability Report

Shortcodes Ultimate Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via su_tooltip Shortcode – CVE-2024-1510 | WordPress Plugin Vulnerability Report

Ocean Extra Vulnerability- Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-1277 | WordPress Plugin Vulnerability Report

Page scroll to id – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2024-1445 |WordPress Plugin Vulnerability Report

WP Maintenance Vulnerability – Information Exposure – CVE-2024-1472 | WordPress Plugin Vulnerability Report

Recent Blog Posts

LiteSpeed Cache Vulnerability – Unauthenticated Sensitive Information Exposure via Log Files – CVE-2024-44000 | WordPress Plugin Vulnerability Report

Elementor Addon Elements Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Parameters – CVE-2024-4401, CVE-2024-7122 | WordPress Plugin Vulnerability Report

The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid Vulnerability – Authenticated (Contributor+) Information Disclosure – CVE-2024-7418 | WordPress Plugin Vulnerability Report

Additional Resources

About Your WP Guy