WordPress Vulnerability Daily Update

Getwid – Gutenberg Blocks – Missing Authorization & Captcha Bypass – CVE-2023-6959 & CVE-2023-6963 | WordPress Plugin Vulnerability Report

January 17, 2024

Plugin Name: Getwid – Gutenberg Blocks Key Information: Software Type: Plugin Software Slug: getwid Software Status: Active Software Author: jetmonsters…

Read about this Latest WordPress Vulnerability

Essential Addons for Elementor Vulnerabilities- Authenticated Stored Cross-Site Scripting – CVE-2024-0586 & CVE-2024-0585 | WordPress Plugin Vulnerability Report

January 17, 2024

Posted in Security, Vulnerabilities

Plugin Name: Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders Key Information: Software Type: Plugin…

Read about this Latest WordPress Vulnerability

WP Recipe Maker Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via header_tag – CVE-2024-0382 | WordPress Plugin Vulnerability Report

January 17, 2024

Posted in Security, Vulnerabilities

Plugin Name: WP Recipe Maker Key Information: Software Type: Plugin Software Slug: wp-recipe-maker Software Status: Active Software Author: brechtvds Software…

Read about this Latest WordPress Vulnerability

Advanced Custom Fields (ACF) – Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Field – CVE-2023-6701 | WordPress Plugin Vulnerability Report

January 17, 2024

Posted in Security, Vulnerabilities

Plugin Name: Advanced Custom Fields (ACF) Key Information: Software Type: Plugin Software Slug: advanced-custom-fields Software Status: Active Software Author: wpengine…

Read about this Latest WordPress Vulnerability

Burst Statistics Vulnerability – Authenticated (Editor+) SQL Injection – CVE-2024-0405 | WordPress Plugin Vulnerability Report

January 16, 2024

Posted in Security, Vulnerabilities

Plugin Name: Burst Statistics – Privacy-Friendly Analytics for WordPress Key Information: Software Type: Plugin Software Slug: burst-statistics Software Status: Active…

Read about this Latest WordPress Vulnerability

User Profile Builder Vulnerability – Missing Authorization to Plugin Settings Change via wppb_two_factor_authentication_settings_update – CVE-2024-0324 | WordPress Plugin Vulnerability Report

January 16, 2024

Posted in Security, Vulnerabilities

Plugin Name: User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor Key Information: Software Type:…

Read about this Latest WordPress Vulnerability

Orbit Fox by ThemeIsle Vulnerability – Authenticated Stored Cross-site Scripting via Pricing Table Elementor Widget – CVE-2024-0508 | WordPress Plugin Vulnerability Report

January 15, 2024

Posted in Security, Vulnerabilities

Plugin Name: Orbit Fox by ThemeIsle Key Information: Software Type: Plugin Software Slug: themeisle-companion Software Status: Active Software Author: themeisle…

Read about this Latest WordPress Vulnerability

Advanced Woo Search Vulnerability – Reflected Cross-Site Scripting – CVE-2024-0251 | WordPress Plugin Vulnerability Report

January 12, 2024

Posted in Security, Vulnerabilities

Plugin Name: Advanced Woo Search Key Information: Software Type: Plugin Software Slug: advanced-woo-search Software Status: Active Software Author: Mihail Barinov…

Read about this Latest WordPress Vulnerability

Paid Memberships Pro Vulnerability – Information Exposure in Debug Logs | WordPress Plugin Vulnerability Report

January 12, 2024

Posted in Security, Vulnerabilities

Plugin Name: Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions Key Information: Software Type: Plugin Software Slug:…

Read about this Latest WordPress Vulnerability

Plugin for Google Reviews – Authenticated Stored Cross-Site Scripting via Shortcode – CVE-2023-6884 | WordPress Plugin Vulnerability Report

January 12, 2024

Posted in Security, Vulnerabilities

Plugin Name: Plugin for Google Reviews Key Information: Software Type: Plugin Software Slug: widget-google-reviews Software Status: Active Software Author: widgetpack…

Read about this Latest WordPress Vulnerability

PDF Invoices & Packing Slips for WooCommerce – Authenticated SQL Injection – CVE-2024-22147 | WordPress Plugin Vulnerability Report

January 12, 2024

Posted in Security, Vulnerabilities

Plugin Name: PDF Invoices & Packing Slips for WooCommerce Key Information: Software Type: Plugin Software Slug: woocommerce-pdf-invoices-packing-slips Software Status: Active…

Read about this Latest WordPress Vulnerability

Advanced Woo Search Vulnerability – Reflected Cross-Site Scripting – CVE-2024-0251 | WordPress Plugin Vulnerability Report

January 12, 2024

Posted in Security, Vulnerabilities

Plugin Name: Advanced Woo Search Key Information: Software Type: Plugin Software Slug: advanced-woo-search Software Status: Active Software Author: mihail-barinov Software…

Read about this Latest WordPress Vulnerability

Getwid – Gutenberg Blocks – Missing Authorization & Captcha Bypass – CVE-2023-6959 & CVE-2023-6963 | WordPress Plugin Vulnerability Report

Essential Addons for Elementor Vulnerabilities- Authenticated Stored Cross-Site Scripting – CVE-2024-0586 & CVE-2024-0585 | WordPress Plugin Vulnerability Report

WP Recipe Maker Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via header_tag – CVE-2024-0382 | WordPress Plugin Vulnerability Report

Advanced Custom Fields (ACF) – Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Field – CVE-2023-6701 | WordPress Plugin Vulnerability Report

Burst Statistics Vulnerability – Authenticated (Editor+) SQL Injection – CVE-2024-0405 | WordPress Plugin Vulnerability Report

User Profile Builder Vulnerability – Missing Authorization to Plugin Settings Change via wppb_two_factor_authentication_settings_update – CVE-2024-0324 | WordPress Plugin Vulnerability Report

Orbit Fox by ThemeIsle Vulnerability – Authenticated Stored Cross-site Scripting via Pricing Table Elementor Widget – CVE-2024-0508 | WordPress Plugin Vulnerability Report

Advanced Woo Search Vulnerability – Reflected Cross-Site Scripting – CVE-2024-0251 | WordPress Plugin Vulnerability Report

Paid Memberships Pro Vulnerability – Information Exposure in Debug Logs | WordPress Plugin Vulnerability Report

Plugin for Google Reviews – Authenticated Stored Cross-Site Scripting via Shortcode – CVE-2023-6884 | WordPress Plugin Vulnerability Report

PDF Invoices & Packing Slips for WooCommerce – Authenticated SQL Injection – CVE-2024-22147 | WordPress Plugin Vulnerability Report

Advanced Woo Search Vulnerability – Reflected Cross-Site Scripting – CVE-2024-0251 | WordPress Plugin Vulnerability Report

Recent Blog Posts

LiteSpeed Cache Vulnerability – Unauthenticated Sensitive Information Exposure via Log Files – CVE-2024-44000 | WordPress Plugin Vulnerability Report

Elementor Addon Elements Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Parameters – CVE-2024-4401, CVE-2024-7122 | WordPress Plugin Vulnerability Report

The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid Vulnerability – Authenticated (Contributor+) Information Disclosure – CVE-2024-7418 | WordPress Plugin Vulnerability Report

Additional Resources

About Your WP Guy