WordPress Vulnerability Daily Update

WP Plugin Vulnerabilities Image - Orbit Fox by ThemeIsle Vulnerability - Cross-Site Request Forgery - CVE-2024-1162 | WordPress Plugin Vulnerability Report - Vulnerabilities

Orbit Fox by ThemeIsle Vulnerability – Cross-Site Request Forgery – CVE-2024-1162 | WordPress Plugin Vulnerability Report

February 1, 2024

Plugin Name: Orbit Fox by ThemeIsle Key Information: Software Type: Plugin Software Slug: themeisle-companion Software Status: Active Software Author: ThemeIsle…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Calculated Fields Form Vulnerability- Authenticated (Contributor+) Stored Cross-Site Scripting - CVE-2024-0963 | WordPress Plugin Vulnerability Report - Vulnerabilities

Calculated Fields Form Vulnerability- Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-0963 | WordPress Plugin Vulnerability Report

February 1, 2024

Posted in Vulnerabilities, Security

Plugin Name: Calculated Fields Form Key Information: Software Type: Plugin Software Slug: calculated-fields-form Software Status: Active Software Author: codepeople Software…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Essential Addons for Elementor Vulnerability– Best Elementor Templates, Widgets, Kits & WooCommerce Builders - Authenticated (Contributor+) Stored Cross-Site Scripting - CVE-2024-0954 | WordPress Plugin Vulnerability Report - Vulnerabilities

Essential Addons for Elementor Vulnerability– Best Elementor Templates, Widgets, Kits & WooCommerce Builders – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-0954 | WordPress Plugin Vulnerability Report

February 1, 2024

Posted in Vulnerabilities, Security

Plugin Name: Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders Key Information: Software Type: Plugin…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - SlimStat Analytics Vulnerability - Authenticated (Subscriber+) Stored Cross-Site Scripting - CVE-2024-1073 | WordPress Plugin Vulnerability Report - Vulnerabilities

SlimStat Analytics Vulnerability – Authenticated (Subscriber+) Stored Cross-Site Scripting – CVE-2024-1073 | WordPress Plugin Vulnerability Report

February 1, 2024

Posted in Vulnerabilities, Security

Plugin Name: SlimStat Analytics Key Information: Software Type: Plugin Software Slug: wp-slimstat Software Status: Active Software Author: mostafas1990 Software Downloads:…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Ninja Forms Contact Form Vulnerability– The Drag and Drop Form Builder for WordPress - Unauthenticated Second Order SQL Injection - CVE-2024-0685 | WordPress Plugin Vulnerability Report - Vulnerabilities

Ninja Forms Contact Form Vulnerability– The Drag and Drop Form Builder for WordPress – Unauthenticated Second Order SQL Injection – CVE-2024-0685 | WordPress Plugin Vulnerability Report

February 1, 2024

Posted in Vulnerabilities, Security

Plugin Name: Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress Key Information: Software Type: Plugin…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Advanced iFrame Vulnerability- Authenticated (Contributor+) Stored Cross-Site Scripting - CVE-2023-7069 | WordPress Plugin Vulnerability Report - Vulnerabilities

Advanced iFrame Vulnerability- Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2023-7069 | WordPress Plugin Vulnerability Report

January 31, 2024

Posted in Vulnerabilities, Security

Plugin Name: Advanced iFrame Key Information: Software Type: Plugin Software Slug: advanced-iframe Software Status: Active Software Author: mdempfle Software Downloads:…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Website Builder by SeedProd Vulnerability - Missing Authorization via seedprod_lite_new_lpage - CVE-2024-1072 | WordPress Plugin Vulnerability Report - Vulnerabilities

Website Builder by SeedProd Vulnerability – Missing Authorization via seedprod_lite_new_lpage – CVE-2024-1072 | WordPress Plugin Vulnerability Report

January 31, 2024

Posted in Vulnerabilities, Security

Plugin Name: Website Builder by SeedProd – Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode Key Information: Software…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Database for Contact Form 7, WPforms, Elementor forms Vulnerability - Authenticated (Administrator+) Arbitrary File Upload - CVE-2024-1069 | WordPress Plugin Vulnerability Report - Vulnerabilities

Database for Contact Form 7, WPforms, Elementor forms Vulnerability – Authenticated (Administrator+) Arbitrary File Upload – CVE-2024-1069 | WordPress Plugin Vulnerability Report

January 30, 2024

Posted in Vulnerabilities, Security

Plugin Name: Database for Contact Form 7, WPforms, Elementor forms Key Information: Software Type: Plugin Software Slug: contact-form-entries Software Status:…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Starbox Vulnerability – the Author Box for Humans - Insecure Direct Object Reference - CVE-2024-0366 | WordPress Plugin Vulnerability Report - Vulnerabilities

Starbox Vulnerability – the Author Box for Humans – Insecure Direct Object Reference – CVE-2024-0366 | WordPress Plugin Vulnerability Report

January 30, 2024

Posted in Vulnerabilities, Security

Plugin Name: Starbox – the Author Box for Humans Key Information: Software Type: Plugin Software Slug: starbox Software Status: Active…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Instant Images Vulnerability– One Click Image Uploads from Unsplash, Openverse, Pixabay, and Pexels - Authenticated (Author+) Arbitrary Options Update - CVE-2024-0869 |WordPress Plugin Vulnerability Report - Vulnerabilities

Instant Images Vulnerability– One Click Image Uploads from Unsplash, Openverse, Pixabay, and Pexels – Authenticated (Author+) Arbitrary Options Update – CVE-2024-0869 |WordPress Plugin Vulnerability Report

January 29, 2024

Posted in Security, Vulnerabilities

Plugin Name: Instant Images – One Click Image Uploads from Unsplash, Openverse, Pixabay, and Pexels Key Information: Software Type: Plugin…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - MapPress Maps for WordPress Vulnerability- Authenticated (Contributor+) Stored Cross-Site Scripting - CVE-2023-7225 |WordPress Plugin Vulnerability Report - Vulnerabilities

MapPress Maps for WordPress Vulnerability- Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2023-7225 |WordPress Plugin Vulnerability Report

January 29, 2024

Posted in Vulnerabilities, Security

Plugin Name: MapPress Maps for WordPress Key Information: Software Type: Plugin Software Slug: mappress-google-maps-for-wordpress Software Status: Active Software Author: chrisvrichardson…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - SEO Plugin by Squirrly SEO Vulnerability- Authenticated (Administrator+) Stored Cross-Site Scripting - CVE-2024-0597 |WordPress Plugin Vulnerability Report - Vulnerabilities

SEO Plugin by Squirrly SEO Vulnerability- Authenticated (Administrator+) Stored Cross-Site Scripting – CVE-2024-0597 |WordPress Plugin Vulnerability Report

January 29, 2024

Posted in Vulnerabilities, Security

Plugin Name: SEO Plugin by Squirrly SEO Key Information: Software Type: Plugin Software Slug: squirrly-seo Software Status: Active Software Author:…

Read about this Latest WordPress Vulnerability

Orbit Fox by ThemeIsle Vulnerability – Cross-Site Request Forgery – CVE-2024-1162 | WordPress Plugin Vulnerability Report

Calculated Fields Form Vulnerability- Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-0963 | WordPress Plugin Vulnerability Report

Essential Addons for Elementor Vulnerability– Best Elementor Templates, Widgets, Kits & WooCommerce Builders – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-0954 | WordPress Plugin Vulnerability Report

SlimStat Analytics Vulnerability – Authenticated (Subscriber+) Stored Cross-Site Scripting – CVE-2024-1073 | WordPress Plugin Vulnerability Report

Ninja Forms Contact Form Vulnerability– The Drag and Drop Form Builder for WordPress – Unauthenticated Second Order SQL Injection – CVE-2024-0685 | WordPress Plugin Vulnerability Report

Advanced iFrame Vulnerability- Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2023-7069 | WordPress Plugin Vulnerability Report

Website Builder by SeedProd Vulnerability – Missing Authorization via seedprod_lite_new_lpage – CVE-2024-1072 | WordPress Plugin Vulnerability Report

Database for Contact Form 7, WPforms, Elementor forms Vulnerability – Authenticated (Administrator+) Arbitrary File Upload – CVE-2024-1069 | WordPress Plugin Vulnerability Report

Starbox Vulnerability – the Author Box for Humans – Insecure Direct Object Reference – CVE-2024-0366 | WordPress Plugin Vulnerability Report

Instant Images Vulnerability– One Click Image Uploads from Unsplash, Openverse, Pixabay, and Pexels – Authenticated (Author+) Arbitrary Options Update – CVE-2024-0869 |WordPress Plugin Vulnerability Report

MapPress Maps for WordPress Vulnerability- Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2023-7225 |WordPress Plugin Vulnerability Report

SEO Plugin by Squirrly SEO Vulnerability- Authenticated (Administrator+) Stored Cross-Site Scripting – CVE-2024-0597 |WordPress Plugin Vulnerability Report

Recent Blog Posts

Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App Vulnerability – Missing Authorization to Account Takeover via Unauthenticated Email Log Disclosure – CVE: NA | WordPress Plugin Vulnerability Report

SiteSEO – SEO Simplified Vulnerability – Missing Authorization to Authenticated (Author+) Plugin Settings Update – CVE-2025-12367 | WordPress Plugin Vulnerability Report

Qi Blocks Vulnerability – Missing Authorization to Authenticated (Contributor+) Plugin Settings Update – CVE-2025-12180 | WordPress Plugin Vulnerability Report

Additional Resources

About Your WP Guy