WordPress Vulnerability Daily Update

WP Plugin Vulnerabilities Image - Ocean Extra Vulnerability- Authenticated (Contributor+) Stored Cross-Site Scripting - CVE-2024-1277 | WordPress Plugin Vulnerability Report - Vulnerabilities

Ocean Extra Vulnerability- Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-1277 | WordPress Plugin Vulnerability Report

February 16, 2024

Plugin Name: Ocean Extra Key Information: Software Type: Plugin Software Slug: ocean-extra Software Status: Active Software Author: oceanwp Software Downloads:…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Page scroll to id - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode - CVE-2024-1445 |WordPress Plugin Vulnerability Report - Vulnerabilities

Page scroll to id – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2024-1445 |WordPress Plugin Vulnerability Report

February 16, 2024

Posted in Vulnerabilities, Security

Plugin Name: Page scroll to id Key Information: Software Type: Plugin Software Slug: page-scroll-to-id Software Status: Active Software Author: malihu…

Read about this Latest WordPress Vulnerability

WP Maintenance Vulnerability – Information Exposure – CVE-2024-1472 | WordPress Plugin Vulnerability Report

February 16, 2024

Posted in Security, Vulnerabilities

Plugin Name: WP Maintenance Key Information: Software Type: Plugin Software Slug: wp-maintenance Software Status: Active Software Author: florent73 Software Downloads:…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Microsoft Clarity Vulnerability- Cross-Site Request Forgery to Stored Cross-Site Scripting - CVE-2024-0590 |WordPress Plugin Vulnerability Report - Vulnerabilities

Microsoft Clarity Vulnerability- Cross-Site Request Forgery to Stored Cross-Site Scripting – CVE-2024-0590 |WordPress Plugin Vulnerability Report

February 16, 2024

Posted in Vulnerabilities, Security

Plugin Name: Microsoft Clarity Key Information: Software Type: Plugin Software Slug: microsoft-clarity Software Status: Active Software Author: sammartin Software Downloads:…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - PowerPack Addons for Elementor Vulnerability- Authenticated (Contributor+) Stored Cross-Site Scripting via Twitter Buttons Widget - CVE-2024-1411 | WordPress Plugin Vulnerability Report - Vulnerabilities

PowerPack Addons for Elementor Vulnerability- Authenticated (Contributor+) Stored Cross-Site Scripting via Twitter Buttons Widget – CVE-2024-1411 | WordPress Plugin Vulnerability Report

February 15, 2024

Posted in Vulnerabilities, Security

Plugin Name:PowerPack Addons for Elementor Key Information: Software Type: Plugin Software Slug: powerpack-lite-for-elementor Software Status: Active Software Author: ideaboxcreations Software…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - EmbedPress Vulnerability– Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode - CVE-2024-1349 |WordPress Plugin Vulnerability Report - Vulnerabilities

EmbedPress Vulnerability– Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2024-1349 |WordPress Plugin Vulnerability Report

February 14, 2024

Posted in Vulnerabilities, Security

Plugin Name: EmbedPress Key Information: Software Type: Plugin Software Slug: embedpress Software Status: Active Software Author: wpdevteam Software Downloads: 2,184,657…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Simple Share Buttons Adder Vulnerability- Authenticated(Administrator+) Stored Cross-Site Scripting via CSS Settings - CVE-2024-0621 | WordPress Plugin Vulnerability Report - Vulnerabilities

Simple Share Buttons Adder Vulnerability- Authenticated(Administrator+) Stored Cross-Site Scripting via CSS Settings – CVE-2024-0621 | WordPress Plugin Vulnerability Report

February 14, 2024

Posted in Vulnerabilities, Security

Plugin Name: Simple Share Buttons Adder Key Information: Software Type: Plugin Software Slug: simple-share-buttons-adder Software Status: Active Software Author: davidoffneal…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Premium Addons for Elementor Vulnerability - Authenticated (Contributor+) Stored Cross-Site Scripting via onClick Events - CVE-2024-0326 | WordPress Plugin Vulnerability Report - Vulnerabilities

Premium Addons for Elementor Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via onClick Events – CVE-2024-0326 | WordPress Plugin Vulnerability Report

February 14, 2024

Posted in Vulnerabilities, Security

Plugin Name: Premium Addons for Elementor Key Information: Software Type: Plugin Software Slug: premium-addons-for-elementor Software Status: Active Software Author: leap13…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Best WordPress Gallery Plugin Vulnerability– FooGallery - Authenticated(Administrator+) Stored Cross-Site Scripting via Settings - CVE-2024-0604 | WordPress Plugin Vulnerability Report - Vulnerabilities

Best WordPress Gallery Plugin Vulnerability– FooGallery – Authenticated(Administrator+) Stored Cross-Site Scripting via Settings – CVE-2024-0604 | WordPress Plugin Vulnerability Report

February 14, 2024

Posted in Vulnerabilities, Security

Plugin Name: Best WordPress Gallery Plugin – FooGallery Key Information: Software Type: Plugin Software Slug: foogallery Software Status: Active Software…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Email Encoder Vulnerability– Protect Email Addresses and Phone Numbers - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode - CVE-2024-1282 |WordPress Plugin Vulnerability Report - Vulnerabilities

Email Encoder Vulnerability– Protect Email Addresses and Phone Numbers – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2024-1282 |WordPress Plugin Vulnerability Report

February 13, 2024

Posted in Vulnerabilities, Security

Plugin Name: Email Encoder – Protect Email Addresses and Phone Numbers Key Information: Software Type: Plugin Software Slug: email-encoder-bundle Software…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Happy Addons for Elementor Vulnerability- Authenticated (Contributor+) Stored Cross-Site Scripting - CVE-2024-0438 |WordPress Plugin Vulnerability Report - Vulnerabilities

Happy Addons for Elementor Vulnerability- Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-0438 |WordPress Plugin Vulnerability Report

February 13, 2024

Posted in Vulnerabilities, Security

Plugin Name: Happy Addons for Elementor Key Information: Software Type: Plugin Software Slug: happy-elementor-addons Software Status: Active Software Author: thehappymonster…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - SiteOrigin Widgets Bundle Vulnerability- Authenticated (Contributor+) Stored Cross-Site Scripting - CVE-2024-1058 | WordPress Plugin Vulnerability Report - Vulnerabilities

SiteOrigin Widgets Bundle Vulnerability- Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-1058 | WordPress Plugin Vulnerability Report

February 12, 2024

Posted in Vulnerabilities, Security

Plugin Name: SiteOrigin Widgets Bundle Key Information: Software Type: Plugin Software Slug: so-widgets-bundle Software Status: Active Software Author: gpriday Software…

Read about this Latest WordPress Vulnerability

Ocean Extra Vulnerability- Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-1277 | WordPress Plugin Vulnerability Report

Page scroll to id – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2024-1445 |WordPress Plugin Vulnerability Report

WP Maintenance Vulnerability – Information Exposure – CVE-2024-1472 | WordPress Plugin Vulnerability Report

Microsoft Clarity Vulnerability- Cross-Site Request Forgery to Stored Cross-Site Scripting – CVE-2024-0590 |WordPress Plugin Vulnerability Report

PowerPack Addons for Elementor Vulnerability- Authenticated (Contributor+) Stored Cross-Site Scripting via Twitter Buttons Widget – CVE-2024-1411 | WordPress Plugin Vulnerability Report

EmbedPress Vulnerability– Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2024-1349 |WordPress Plugin Vulnerability Report

Premium Addons for Elementor Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via onClick Events – CVE-2024-0326 | WordPress Plugin Vulnerability Report

Best WordPress Gallery Plugin Vulnerability– FooGallery – Authenticated(Administrator+) Stored Cross-Site Scripting via Settings – CVE-2024-0604 | WordPress Plugin Vulnerability Report

Email Encoder Vulnerability– Protect Email Addresses and Phone Numbers – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2024-1282 |WordPress Plugin Vulnerability Report

Happy Addons for Elementor Vulnerability- Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-0438 |WordPress Plugin Vulnerability Report

SiteOrigin Widgets Bundle Vulnerability- Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-1058 | WordPress Plugin Vulnerability Report

Recent Blog Posts

Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App Vulnerability – Missing Authorization to Account Takeover via Unauthenticated Email Log Disclosure – CVE: NA | WordPress Plugin Vulnerability Report

SiteSEO – SEO Simplified Vulnerability – Missing Authorization to Authenticated (Author+) Plugin Settings Update – CVE-2025-12367 | WordPress Plugin Vulnerability Report

Qi Blocks Vulnerability – Missing Authorization to Authenticated (Contributor+) Plugin Settings Update – CVE-2025-12180 | WordPress Plugin Vulnerability Report

Additional Resources

About Your WP Guy