WordPress Vulnerability Daily Update

Elementor Addon Elements Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-0834 |WordPress Plugin Vulnerability Report

February 5, 2024

Plugin Name: Elementor Addon Elements Key Information: Software Type: Plugin Software Slug: addon-elements-for-elementor-page-builder Software Status: Active Software Author: webtechstreet Software…

Meta Box Vulnerability– WordPress Custom Fields Framework – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2023-6526 |WordPress Plugin Vulnerability Report

February 5, 2024

Posted in Vulnerabilities, Security

Plugin Name: Meta Box – WordPress Custom Fields Framework Key Information: Software Type: Plugin Software Slug: meta-box Software Status: Active…

Minimal Coming Soon Vulnerability– Coming Soon Page – Unauthenticated Maintenance Mode Bypass – CVE-2024-1075 |WordPress Plugin Vulnerability Report

February 5, 2024

Posted in Vulnerabilities, Security

Plugin Name: Minimal Coming Soon – Coming Soon Page Key Information: Software Type: Plugin Software Slug: minimal-coming-soon-maintenance-mode Software Status: Active…

Shariff Wrapper Vulnerability – Authenticated (Admin+) Stored Cross-Site Scripting – CVE-2024-1106 |WordPress Plugin Vulnerability Report

February 5, 2024

Posted in Vulnerabilities, Security

Plugin Name: Shariff Wrapper Key Information: Software Type: Plugin Software Slug: shariff Software Status: Active Software Author: 3uu Software Downloads:…

BEAR Vulnerability– Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net – Missing Authorization via Several Functions – CVE-2024-24835 | WordPress Plugin Vulnerability Report

February 2, 2024

Posted in Vulnerabilities, Security

Plugin Name: BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net Key Information: Software Type: Plugin Software…

Easy Digital Downloads Vulnerability– Sell Digital Files (eCommerce Store & Payments Made Easy) – Authenticated (Shop Manager+) Stored Cross-Site Scripting – CVE-2024-0659 | WordPress Plugin Vulnerability Report

February 2, 2024

Posted in Vulnerabilities, Security

Plugin Name: Easy Digital Downloads – Sell Digital Files (eCommerce Store & Payments Made Easy) Key Information: Software Type: Plugin…

PDF Flipbook, 3D Flipbook Vulnerability– DearFlip – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-0895 | WordPress Plugin Vulnerability Report

February 2, 2024

Posted in Vulnerabilities, Security

Plugin Name: PDF Flipbook, 3D Flipbook – DearFlip Key Information: Software Type: Plugin Software Slug: 3d-flipbook-dflip-lite Software Status: Active Software…

Orbit Fox by ThemeIsle Vulnerability – Cross-Site Request Forgery – CVE-2024-1162 | WordPress Plugin Vulnerability Report

February 1, 2024

Posted in Vulnerabilities, Security

Plugin Name: Orbit Fox by ThemeIsle Key Information: Software Type: Plugin Software Slug: themeisle-companion Software Status: Active Software Author: ThemeIsle…

Calculated Fields Form Vulnerability- Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-0963 | WordPress Plugin Vulnerability Report

February 1, 2024

Posted in Vulnerabilities, Security

Plugin Name: Calculated Fields Form Key Information: Software Type: Plugin Software Slug: calculated-fields-form Software Status: Active Software Author: codepeople Software…

Essential Addons for Elementor Vulnerability– Best Elementor Templates, Widgets, Kits & WooCommerce Builders – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-0954 | WordPress Plugin Vulnerability Report

February 1, 2024

Posted in Vulnerabilities, Security

Plugin Name: Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders Key Information: Software Type: Plugin…

SlimStat Analytics Vulnerability – Authenticated (Subscriber+) Stored Cross-Site Scripting – CVE-2024-1073 | WordPress Plugin Vulnerability Report

February 1, 2024

Posted in Vulnerabilities, Security

Plugin Name: SlimStat Analytics Key Information: Software Type: Plugin Software Slug: wp-slimstat Software Status: Active Software Author: mostafas1990 Software Downloads:…

Ninja Forms Contact Form Vulnerability– The Drag and Drop Form Builder for WordPress – Unauthenticated Second Order SQL Injection – CVE-2024-0685 | WordPress Plugin Vulnerability Report

February 1, 2024

Posted in Vulnerabilities, Security

Plugin Name: Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress Key Information: Software Type: Plugin…

Elementor Addon Elements Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-0834 |WordPress Plugin Vulnerability Report

Meta Box Vulnerability– WordPress Custom Fields Framework – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2023-6526 |WordPress Plugin Vulnerability Report

Minimal Coming Soon Vulnerability– Coming Soon Page – Unauthenticated Maintenance Mode Bypass – CVE-2024-1075 |WordPress Plugin Vulnerability Report

Shariff Wrapper Vulnerability – Authenticated (Admin+) Stored Cross-Site Scripting – CVE-2024-1106 |WordPress Plugin Vulnerability Report

BEAR Vulnerability– Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net – Missing Authorization via Several Functions – CVE-2024-24835 | WordPress Plugin Vulnerability Report

Easy Digital Downloads Vulnerability– Sell Digital Files (eCommerce Store & Payments Made Easy) – Authenticated (Shop Manager+) Stored Cross-Site Scripting – CVE-2024-0659 | WordPress Plugin Vulnerability Report

PDF Flipbook, 3D Flipbook Vulnerability– DearFlip – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-0895 | WordPress Plugin Vulnerability Report

Orbit Fox by ThemeIsle Vulnerability – Cross-Site Request Forgery – CVE-2024-1162 | WordPress Plugin Vulnerability Report

Calculated Fields Form Vulnerability- Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-0963 | WordPress Plugin Vulnerability Report

Essential Addons for Elementor Vulnerability– Best Elementor Templates, Widgets, Kits & WooCommerce Builders – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-0954 | WordPress Plugin Vulnerability Report

SlimStat Analytics Vulnerability – Authenticated (Subscriber+) Stored Cross-Site Scripting – CVE-2024-1073 | WordPress Plugin Vulnerability Report

Ninja Forms Contact Form Vulnerability– The Drag and Drop Form Builder for WordPress – Unauthenticated Second Order SQL Injection – CVE-2024-0685 | WordPress Plugin Vulnerability Report

Recent Blog Posts

WordPress 500 Internal Server Error: What It Means and How to Fix It

Yoast SEO – Advanced SEO with real-time guidance and built-in AI Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via ‘jsonText’ Block Attribute – CVE-2026-3427 | WordPress Plugin Vulnerability Report

The Events Calendar Vulnerability – Missing Authorization to Authenticated (Subscriber+) Data Migration Control – CVE-2025-15043 | WordPress Plugin Vulnerability Report

Additional Resources

About Your WP Guy