WordPress Vulnerability Daily Update

Backuply Vulnerability– Backup, Restore, Migrate and Clone – Authenticated (Administrator+) Directory Traversal – CVE-2024-0697 |WordPress Plugin Vulnerability Report

January 26, 2024

Plugin Name: Backuply – Backup, Restore, Migrate and Clone Key Information: Software Type: Plugin Software Slug: backuply Software Status: Active…

Read about this Latest WordPress Vulnerability

Exclusive Addons for Elementor Vulnerability- Stored Cross-Site Scripting Vulnerabilities – CVE-2024-0824 & CVE-2024-0823 |WordPress Plugin Vulnerability Report

January 26, 2024

Posted in Security, Vulnerabilities

Plugin Name: Exclusive Addons for Elementor Key Information: Software Type: Plugin Software Slug: exclusive-addons-for-elementor Software Status: Active Software Author: timstrifler…

Read about this Latest WordPress Vulnerability

Form Maker by 10Web Vulnerability– Mobile-Friendly Drag & Drop Contact Form Builder – Cross-Site Request Forgery to Limited Code Execution via Execute – CVE-2024-0667 |WordPress Plugin Vulnerability Report

January 26, 2024

Posted in Security, Vulnerabilities

Plugin Name: Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder Key Information: Software Type: Plugin Software…

Read about this Latest WordPress Vulnerability

10Web AI Assistant Vulnerability – AI Content Writing Assistant – Missing Authorization to Arbitrary Plugin Installation – CVE-2023-6985 |WordPress Plugin Vulnerability Report

January 25, 2024

Posted in Security, Vulnerabilities

Plugin Name: 10Web AI Assistant – AI Content Writing Assistant Key Information: Software Type: Plugin Software Slug: ai-assistant-by-10web Software Status:…

Read about this Latest WordPress Vulnerability

Elementor Addons by Livemesh Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-0448 |WordPress Plugin Vulnerability Report

January 25, 2024

Posted in Security, Vulnerabilities

Plugin Name: Elementor Addons by Livemesh Key Information: Software Type: Plugin Software Slug: addons-for-elementor Software Status: Active Software Author: livemesh…

Read about this Latest WordPress Vulnerability

WP RSS Aggregator Vulnerability– RSS Import, News Feeds, Feed to Post, and Autoblogging – Authenticated (Admin+) Stored Cross-Site Scripting via RSS Feed Source – CVE-2024-0630 |WordPress Plugin Vulnerability Report

January 25, 2024

Posted in Security, Vulnerabilities

Plugin Name: WP RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging Key Information: Software Type: Plugin…

Read about this Latest WordPress Vulnerability

Advanced Database Cleaner Vulnerability – Authenticated(Administrator+) PHP Object Injection via process_bulk_action – CVE-2024-0668 | WordPress Plugin Vulnerability Report

January 24, 2024

Posted in Security, Vulnerabilities

Plugin Name: Advanced Database Cleaner Key Information: Software Type: Plugin Software Slug: advanced-database-cleaner Software Status: Active Software Author: symptote Software Downloads: 1,283,477 Active Installs: 100,000 Last…

Read about this Latest WordPress Vulnerability

Better Search Replace Vulnerability – Unauthenticated PHP Object Injection – CVE-2023-6933 | WordPress Plugin Vulnerability Report

January 24, 2024

Posted in Security, Vulnerabilities

Plugin Name: Better Search Replace Key Information: Software Type: Plugin Software Slug: better-search-replace Software Status: Active Software Author: wpengine Software Downloads: 12,169,696 Active Installs: 1,000,000 Last…

Read about this Latest WordPress Vulnerability

Paid Memberships Pro Vulnerability – Cross-Site Request Forgery to Level Orders Update – CVE-2024-0624 | WordPress Plugin Vulnerability Report

January 24, 2024

Posted in Security, Vulnerabilities

Plugin Name: Paid Memberships Pro Key Information: Software Type: Plugin Software Slug: paid-memberships-pro Software Status: Active Software Author: strangerstudios Software Downloads: 5,532,954 Active Installs: 90,000 Last…

Read about this Latest WordPress Vulnerability

WebSub Vulnerability – Authenticated (Admin+) Stored Cross-Site Scripting – CVE-2024-0688 | WordPress Plugin Vulnerability Report

January 24, 2024

Posted in Security, Vulnerabilities

Plugin Name: WebSub Key Information: Software Type: Plugin Software Slug: pubsubhubbub Software Status: Active Software Author: joshfraz Software Downloads: 1,744,325…

Read about this Latest WordPress Vulnerability

WPFront Notification Bar Vulnerability – Authenticated (Admin+) Stored Cross-Site Scripting via wpfront-notification-bar-options[custom_class] – CVE-2024-0625 | WordPress Plugin Vulnerability Report

January 24, 2024

Posted in Security, Vulnerabilities

Plugin Name: WPFront Notification Bar Key Information: Software Type: Plugin Software Slug: wpfront-notification-bar Software Status: Active Software Author: syammohanm Software Downloads: 803,067 Active Installs: 50,000 Last…

Read about this Latest WordPress Vulnerability

WordPress Button Plugin MaxButtons Vulnerability – Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode – CVE-2023-7029 | WordPress Plugin Vulnerability Report

January 23, 2024

Posted in Security, Vulnerabilities

Plugin Name: WordPress Button Plugin MaxButtons Key Information: Software Type: Plugin Software Slug: maxbuttons Software Status: Active Software Author: maxfoundry…

Read about this Latest WordPress Vulnerability

Backuply Vulnerability– Backup, Restore, Migrate and Clone – Authenticated (Administrator+) Directory Traversal – CVE-2024-0697 |WordPress Plugin Vulnerability Report

Exclusive Addons for Elementor Vulnerability- Stored Cross-Site Scripting Vulnerabilities – CVE-2024-0824 & CVE-2024-0823 |WordPress Plugin Vulnerability Report

Form Maker by 10Web Vulnerability– Mobile-Friendly Drag & Drop Contact Form Builder – Cross-Site Request Forgery to Limited Code Execution via Execute – CVE-2024-0667 |WordPress Plugin Vulnerability Report

10Web AI Assistant Vulnerability – AI Content Writing Assistant – Missing Authorization to Arbitrary Plugin Installation – CVE-2023-6985 |WordPress Plugin Vulnerability Report

Elementor Addons by Livemesh Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-0448 |WordPress Plugin Vulnerability Report

WP RSS Aggregator Vulnerability– RSS Import, News Feeds, Feed to Post, and Autoblogging – Authenticated (Admin+) Stored Cross-Site Scripting via RSS Feed Source – CVE-2024-0630 |WordPress Plugin Vulnerability Report

Advanced Database Cleaner Vulnerability – Authenticated(Administrator+) PHP Object Injection via process_bulk_action – CVE-2024-0668 | WordPress Plugin Vulnerability Report

Better Search Replace Vulnerability – Unauthenticated PHP Object Injection – CVE-2023-6933 | WordPress Plugin Vulnerability Report

Paid Memberships Pro Vulnerability – Cross-Site Request Forgery to Level Orders Update – CVE-2024-0624 | WordPress Plugin Vulnerability Report

WebSub Vulnerability – Authenticated (Admin+) Stored Cross-Site Scripting – CVE-2024-0688 | WordPress Plugin Vulnerability Report

WPFront Notification Bar Vulnerability – Authenticated (Admin+) Stored Cross-Site Scripting via wpfront-notification-bar-options[custom_class] – CVE-2024-0625 | WordPress Plugin Vulnerability Report

WordPress Button Plugin MaxButtons Vulnerability – Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode – CVE-2023-7029 | WordPress Plugin Vulnerability Report

Recent Blog Posts

LiteSpeed Cache Vulnerability – Unauthenticated Sensitive Information Exposure via Log Files – CVE-2024-44000 | WordPress Plugin Vulnerability Report

Elementor Addon Elements Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Parameters – CVE-2024-4401, CVE-2024-7122 | WordPress Plugin Vulnerability Report

The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid Vulnerability – Authenticated (Contributor+) Information Disclosure – CVE-2024-7418 | WordPress Plugin Vulnerability Report

Additional Resources

About Your WP Guy