WordPress Vulnerability Daily Update

Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Gallery and Countdown Widgets – CVE-2024-7247 | WordPress Plugin Vulnerability Report

August 12, 2024

Plugin Name: Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) Key Information: Software Type:…

Premium Addons for Elementor Vulnerability – Missing Authorization to Authenticated (Contributor+) Arbitrary Content Deletion and Arbitrary Title Update – CVE-2024-6824 | WordPress Plugin Vulnerability Report

August 7, 2024

Posted in Vulnerabilities, Security

Plugin Name: Premium Addons for Elementor Key Information: Software Type: Plugin Software Slug: premium-addons-for-elementor Software Status: Active Software Author: leap13…

Lightbox & Modal Popup WordPress Plugin – FooBox Vulnerability – Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via HTML Data Attributes – CVE-2024-5668 | WordPress Plugin Vulnerability Report

August 7, 2024

Posted in Vulnerabilities, Security

Plugin Name: Lightbox & Modal Popup WordPress Plugin – FooBox Key Information: Software Type: Plugin Software Slug: foobox-image-lightbox Software Status:…

Forminator – Contact Form, Payment Form & Custom Form Builder Vulnerability – HubSpot Developer API Key Sensitive Information Exposure – CVE-2024-7389 | WordPress Plugin Vulnerability Report

August 1, 2024

Posted in Vulnerabilities, Security

Plugin Name: Forminator – Contact Form, Payment Form & Custom Form Builder Key Information: Software Type: Plugin Software Slug: forminator…

Essential Addons for Elementor Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-39649 | WordPress Plugin Vulnerability Report

August 1, 2024

Posted in Vulnerabilities, Security

Plugin Name: Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders Key Information: Software Type: Plugin…

Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-4643 | WordPress Plugin Vulnerability Report

August 1, 2024

Posted in Vulnerabilities, Security

Plugin Name: Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) Key Information: Software Type:…

Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder Vulnerability – Authenticated (Subscriber+) Stored Cross-Site Scripting – CVE-2024-6725 | WordPress Plugin Vulnerability Report

July 30, 2024

Posted in Vulnerabilities, Security

Plugin Name: Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder Key Information: Software…

Download Manager Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2024-6208 | WordPress Plugin Vulnerability Report

July 30, 2024

Posted in Vulnerabilities, Security

Plugin Name: Download Manager Key Information: Software Type: Plugin Software Slug: download-manager Software Status: Active Software Author: codename065 Software Downloads:…

SiteOrigin Widgets Bundle Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting in Image Grid Widget – CVE-2024-5901 | WordPress Plugin Vulnerability Report

July 30, 2024

Posted in Vulnerabilities, Security

Plugin Name: SiteOrigin Widgets Bundle Key Information: Software Type: Plugin Software Slug: so-widgets-bundle Software Status: Active Software Author: gpriday Software…

Happy Addons for Elementor Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via PDF View Widget – CVE-2024-6627 | WordPress Plugin Vulnerability Report

July 26, 2024

Posted in Vulnerabilities, Security

Plugin Name: Happy Addons for Elementor Key Information: Software Type: Plugin Software Slug: happy-elementor-addons Software Status: Active Software Author: thehappymonster…

Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder Vulnerability – Multiple Stored Cross-Site Scripting Vulnerabilities – CVE-2024-6703, CVE-2024-6521, CVE-2024-6518, CVE-2024-6520 | WordPress Plugin Vulnerability Report

July 26, 2024

Posted in Vulnerabilities, Security

Plugin Name: Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder Key Information:…

LiteSpeed Cache Vulnerability – Cross-Site Request Forgery to Stored Cross-Site Scripting – CVE-2024-3246 | WordPress Plugin Vulnerability Report

July 23, 2024

Posted in Vulnerabilities, Security

Plugin Name: LiteSpeed Cache Key Information: Software Type: Plugin Software Slug: litespeed-cache Software Status: Active Software Author: litespeedtech Software Downloads:…

Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Gallery and Countdown Widgets – CVE-2024-7247 | WordPress Plugin Vulnerability Report

Premium Addons for Elementor Vulnerability – Missing Authorization to Authenticated (Contributor+) Arbitrary Content Deletion and Arbitrary Title Update – CVE-2024-6824 | WordPress Plugin Vulnerability Report

Lightbox & Modal Popup WordPress Plugin – FooBox Vulnerability – Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via HTML Data Attributes – CVE-2024-5668 | WordPress Plugin Vulnerability Report

Forminator – Contact Form, Payment Form & Custom Form Builder Vulnerability – HubSpot Developer API Key Sensitive Information Exposure – CVE-2024-7389 | WordPress Plugin Vulnerability Report

Essential Addons for Elementor Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-39649 | WordPress Plugin Vulnerability Report

Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-4643 | WordPress Plugin Vulnerability Report

Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder Vulnerability – Authenticated (Subscriber+) Stored Cross-Site Scripting – CVE-2024-6725 | WordPress Plugin Vulnerability Report

Download Manager Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2024-6208 | WordPress Plugin Vulnerability Report

SiteOrigin Widgets Bundle Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting in Image Grid Widget – CVE-2024-5901 | WordPress Plugin Vulnerability Report

Happy Addons for Elementor Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via PDF View Widget – CVE-2024-6627 | WordPress Plugin Vulnerability Report

Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder Vulnerability – Multiple Stored Cross-Site Scripting Vulnerabilities – CVE-2024-6703, CVE-2024-6521, CVE-2024-6518, CVE-2024-6520 | WordPress Plugin Vulnerability Report

LiteSpeed Cache Vulnerability – Cross-Site Request Forgery to Stored Cross-Site Scripting – CVE-2024-3246 | WordPress Plugin Vulnerability Report

Recent Blog Posts

WordPress 500 Internal Server Error: What It Means and How to Fix It

Yoast SEO – Advanced SEO with real-time guidance and built-in AI Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via ‘jsonText’ Block Attribute – CVE-2026-3427 | WordPress Plugin Vulnerability Report

The Events Calendar Vulnerability – Missing Authorization to Authenticated (Subscriber+) Data Migration Control – CVE-2025-15043 | WordPress Plugin Vulnerability Report

Additional Resources

About Your WP Guy