WordPress Vulnerability Daily Update

WP Plugin Vulnerabilities Image - Elementor Addon Elements Vulnerability - Directory Traversal to Local File Inclusion - CVE-2024-1358 | WordPress Plugin Vulnerability Report - Vulnerabilities

Elementor Addon Elements Vulnerability – Directory Traversal to Local File Inclusion – CVE-2024-1358 | WordPress Plugin Vulnerability Report

February 21, 2024

Plugin Name: Elementor Addon Elements Key Information: Software Type: Plugin Software Slug: addon-elements-for-elementor-page-builder Software Status: Active Software Author: webtechstreet Software Downloads: 2,406,134 Active Installs: 100,000 Last…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Enhanced Text Widget Vulnerability - Authenticated (Administrator+) Stored Cross-Site Scripting - CVE-2024-0559 | WordPress Plugin Vulnerability Report - Vulnerabilities

Enhanced Text Widget Vulnerability – Authenticated (Administrator+) Stored Cross-Site Scripting – CVE-2024-0559 | WordPress Plugin Vulnerability Report

February 20, 2024

Posted in Vulnerabilities, Security

Plugin Name: Enhanced Text Widget Key Information: Software Type: Plugin Software Slug: enhanced-text-widget Software Status: Active Software Author: cl272 Software Downloads: 773,012 Active Installs: 50,000 Last…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - wpDataTables Vulnerability - Reflected Cross-Site Scripting - CVE-2024-0591 | WordPress Plugin Vulnerability Report - Vulnerabilities

wpDataTables Vulnerability – Reflected Cross-Site Scripting – CVE-2024-0591 | WordPress Plugin Vulnerability Report

February 20, 2024

Posted in Vulnerabilities, Security

Plugin Name: wpDataTables Key Information: Software Type: Plugin Software Slug: wpdatatables Software Status: Active Software Author: wpdatatables Software Downloads: 1,303,680 Active Installs: 70,000 Last Updated: February 20,…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Tutor LMS Vulnerability - Missing Authorization & Authenticated HTML Injection - CVE-2024-1133 & CVE-2024-1128 | WordPress Plugin Vulnerability Report - Vulnerabilities

Tutor LMS Vulnerability – Missing Authorization & Authenticated HTML Injection – CVE-2024-1133 & CVE-2024-1128 | WordPress Plugin Vulnerability Report

February 20, 2024

Posted in Vulnerabilities, Security

Plugin Name: Tutor LMS Key Information: Software Type: Plugin Software Slug: tutor Software Status: Active Software Author: themeum Software Downloads: 1,925,315 Active Installs: 80,000 Last Updated: February…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - YARPP Vulnerability - Authenticated(Administrator+) Stored Cross-Site Scripting via settings - CVE-2024-0602 | WordPress Plugin Vulnerability Report - Vulnerabilities

YARPP Vulnerability – Authenticated(Administrator+) Stored Cross-Site Scripting via settings – CVE-2024-0602 | WordPress Plugin Vulnerability Report

February 20, 2024

Posted in Vulnerabilities, Security

Plugin Name: YARPP Key Information: Software Type: Plugin Software Slug: yet-another-related-posts-plugin Software Status: Active Software Author: jeffparker Software Downloads: 7,579,644 Active Installs: 100,000 Last Updated: February 20,…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Sassy Social Share Vulnerability - Authenticated (Contributor+) Stored Cross-Site Scripting - CVE-2024-1448 | WordPress Plugin Vulnerability Report - Vulnerabilities

Sassy Social Share Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-1448 | WordPress Plugin Vulnerability Report

February 20, 2024

Posted in Vulnerabilities, Security

Plugin Name: Sassy Social Share Key Information: Software Type: Plugin Software Slug: sassy-social-share Software Status: Active Software Author: heateor Software…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Beaver Builder Vulnerability - Authenticated (Contributor+) Stored Cross-Site Scripting - CVE-2024-0897 | WordPress Plugin Vulnerability Report - Vulnerabilities

Beaver Builder Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-0897 | WordPress Plugin Vulnerability Report

February 20, 2024

Posted in Vulnerabilities, Security

Plugin Name: Beaver Builder Key Information: Software Type: Plugin Software Slug: beaver-builder-lite-version Software Status: Active Software Author: justinbusa Software Downloads: 9,597,835 Active Installs: 100,000 Last Updated: February…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - 3D FlipBook Vulnerability - Authenticated (Contributor+) Stored Cross-Site Scripting via Bookmarks - CVE-2024-1081 | WordPress Plugin Vulnerability Report - Vulnerabilities

3D FlipBook Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Bookmarks – CVE-2024-1081 | WordPress Plugin Vulnerability Report

February 20, 2024

Posted in Vulnerabilities, Security

Plugin Name: 3D FlipBook Key Information: Software Type: Plugin Software Slug: interactive-3d-flipbook-powered-physics-engine Software Status: Active Software Author: iberezansky Software Downloads: 1,524,371 Active Installs: 70,000 Last Updated: February…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Schema & Structured Data for WP & AMP Vulnerability - Missing Authorization to reCaptcha Key Modification & Authenticated (Custom) Stored Cross-Site Scripting - CVE-2024-1288 & CVE-2024-1586 | WordPress Plugin Vulnerability Report - Vulnerabilities

Schema & Structured Data for WP & AMP Vulnerability – Missing Authorization to reCaptcha Key Modification & Authenticated (Custom) Stored Cross-Site Scripting – CVE-2024-1288 & CVE-2024-1586 | WordPress Plugin Vulnerability Report

February 19, 2024

Posted in Vulnerabilities, Security

Plugin Name: Schema & Structured Data for WP & AMP Key Information: Software Type: Plugin Software Slug: schema-and-structured-data-for-wp Software Status:…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Featured Image from URL Vulnerability - Authenticated (Contributor+) Stored Cross-Site Scripting via fifu_input_url - CVE-2024-1496 | WordPress Plugin Vulnerability Report - Vulnerabilities

Featured Image from URL Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via fifu_input_url – CVE-2024-1496 | WordPress Plugin Vulnerability Report

February 19, 2024

Posted in Vulnerabilities, Security

Plugin Name: Featured Image from URL Key Information: Software Type: Plugin Software Slug: featured-image-from-url Software Status: Active Software Author: marceljm…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Password Protected Vulnerability - Authenticated (Admin+) Stored Cross-Site Scripting - CVE-2024-0656 | WordPress Plugin Vulnerability Report - Vulnerabilities

Password Protected Vulnerability – Authenticated (Admin+) Stored Cross-Site Scripting – CVE-2024-0656 | WordPress Plugin Vulnerability Report

February 19, 2024

Posted in Vulnerabilities, Security

Plugin Name: Password Protected Key Information: Software Type: Plugin Software Slug: password-protected Software Status: Active Software Author: wpexpertsio Software Downloads: 4,493,510 Active Installs: 400,000 Last Updated: February…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Shortcodes Ultimate Vulnerability - Authenticated (Contributor+) Stored Cross-Site Scripting via su_tooltip Shortcode - CVE-2024-1510 | WordPress Plugin Vulnerability Report - Vulnerabilities

Shortcodes Ultimate Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via su_tooltip Shortcode – CVE-2024-1510 | WordPress Plugin Vulnerability Report

February 19, 2024

Posted in Vulnerabilities, Security

Plugin Name: Shortcodes Ultimate Key Information ormation: Software Type: Plugin Software Slug: shortcodes-ultimate Software Status: Active Software Author: gn_themes Software Downloads: 18,644,577 Active Installs: 600,000 Last…

Read about this Latest WordPress Vulnerability

Elementor Addon Elements Vulnerability – Directory Traversal to Local File Inclusion – CVE-2024-1358 | WordPress Plugin Vulnerability Report

Enhanced Text Widget Vulnerability – Authenticated (Administrator+) Stored Cross-Site Scripting – CVE-2024-0559 | WordPress Plugin Vulnerability Report

wpDataTables Vulnerability – Reflected Cross-Site Scripting – CVE-2024-0591 | WordPress Plugin Vulnerability Report

Tutor LMS Vulnerability – Missing Authorization & Authenticated HTML Injection – CVE-2024-1133 & CVE-2024-1128 | WordPress Plugin Vulnerability Report

Beaver Builder Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-0897 | WordPress Plugin Vulnerability Report

3D FlipBook Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Bookmarks – CVE-2024-1081 | WordPress Plugin Vulnerability Report

Schema & Structured Data for WP & AMP Vulnerability – Missing Authorization to reCaptcha Key Modification & Authenticated (Custom) Stored Cross-Site Scripting – CVE-2024-1288 & CVE-2024-1586 | WordPress Plugin Vulnerability Report

Featured Image from URL Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via fifu_input_url – CVE-2024-1496 | WordPress Plugin Vulnerability Report

Password Protected Vulnerability – Authenticated (Admin+) Stored Cross-Site Scripting – CVE-2024-0656 | WordPress Plugin Vulnerability Report

Shortcodes Ultimate Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via su_tooltip Shortcode – CVE-2024-1510 | WordPress Plugin Vulnerability Report

Recent Blog Posts

Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App Vulnerability – Missing Authorization to Account Takeover via Unauthenticated Email Log Disclosure – CVE: NA | WordPress Plugin Vulnerability Report

SiteSEO – SEO Simplified Vulnerability – Missing Authorization to Authenticated (Author+) Plugin Settings Update – CVE-2025-12367 | WordPress Plugin Vulnerability Report

Qi Blocks Vulnerability – Missing Authorization to Authenticated (Contributor+) Plugin Settings Update – CVE-2025-12180 | WordPress Plugin Vulnerability Report

Additional Resources

About Your WP Guy