WordPress Vulnerability Daily Update

WP Plugin Vulnerabilities Image - AI Engine Vulnerability - Authenticated(Editor+) Arbitrary File Upload via add_image_from_url - CVE-2024-0699 | WordPress Plugin Vulnerability Report - Vulnerabilities

AI Engine Vulnerability – Authenticated(Editor+) Arbitrary File Upload via add_image_from_url – CVE-2024-0699 | WordPress Plugin Vulnerability Report

January 18, 2024

Plugin Name: AI Engine Key Information: Software Type: Plugin Software Slug: ai-engine Software Status: Active Software Author: tigroumeow Software Downloads: 1,716,148 Active Installs: 50,000 Last Updated: January…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Amelia Booking Vulnerability - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode - CVE-2023-6808 | WordPress Plugin Vulnerability Report - Vulnerabilities

Amelia Booking Vulnerability – Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode – CVE-2023-6808 | WordPress Plugin Vulnerability Report

January 18, 2024

Posted in Vulnerabilities, Security

Plugin Name: Amelia Booking Key Information: Software Type: Plugin Software Slug: ameliabooking Software Status: Active Software Author: ameliabooking Software Downloads:…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Contact Form Plugin - Authenticated(Administrator+) Stored Cross-Site Scripting via imported form title - CVE-2024-0618 | WordPress Plugin Vulnerability Report - Vulnerabilities

Contact Form Plugin – Authenticated(Administrator+) Stored Cross-Site Scripting via imported form title – CVE-2024-0618 | WordPress Plugin Vulnerability Report

January 18, 2024

Posted in Vulnerabilities, Security

Plugin Name: Contact Form Plugin – Fastest Contact Form Builder Plugin for WordPress by Fluent Forms Key Information: Software Type:…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Getwid – Gutenberg Blocks - Missing Authorization & Captcha Bypass - CVE-2023-6959 & CVE-2023-6963 | WordPress Plugin Vulnerability Report - Vulnerabilities

Getwid – Gutenberg Blocks – Missing Authorization & Captcha Bypass – CVE-2023-6959 & CVE-2023-6963 | WordPress Plugin Vulnerability Report

January 17, 2024

Posted in Vulnerabilities, Security

Plugin Name: Getwid – Gutenberg Blocks Key Information: Software Type: Plugin Software Slug: getwid Software Status: Active Software Author: jetmonsters…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Essential Addons for Elementor Vulnerabilities- Authenticated Stored Cross-Site Scripting - CVE-2024-0586 & CVE-2024-0585 | WordPress Plugin Vulnerability Report - Vulnerabilities

Essential Addons for Elementor Vulnerabilities- Authenticated Stored Cross-Site Scripting – CVE-2024-0586 & CVE-2024-0585 | WordPress Plugin Vulnerability Report

January 17, 2024

Posted in Vulnerabilities, Security

Plugin Name: Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders Key Information: Software Type: Plugin…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - WP Recipe Maker Vulnerability - Authenticated (Contributor+) Stored Cross-Site Scripting via header_tag - CVE-2024-0382 | WordPress Plugin Vulnerability Report - Vulnerabilities

WP Recipe Maker Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via header_tag – CVE-2024-0382 | WordPress Plugin Vulnerability Report

January 17, 2024

Posted in Vulnerabilities, Security

Plugin Name: WP Recipe Maker Key Information: Software Type: Plugin Software Slug: wp-recipe-maker Software Status: Active Software Author: brechtvds Software…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Advanced Custom Fields (ACF) - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Field - CVE-2023-6701 | WordPress Plugin Vulnerability Report - Vulnerabilities

Advanced Custom Fields (ACF) – Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Field – CVE-2023-6701 | WordPress Plugin Vulnerability Report

January 17, 2024

Posted in Vulnerabilities, Security

Plugin Name: Advanced Custom Fields (ACF) Key Information: Software Type: Plugin Software Slug: advanced-custom-fields Software Status: Active Software Author: wpengine…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Burst Statistics Vulnerability - Authenticated (Editor+) SQL Injection - CVE-2024-0405 | WordPress Plugin Vulnerability Report - Vulnerabilities

Burst Statistics Vulnerability – Authenticated (Editor+) SQL Injection – CVE-2024-0405 | WordPress Plugin Vulnerability Report

January 16, 2024

Posted in Vulnerabilities, Security

Plugin Name: Burst Statistics – Privacy-Friendly Analytics for WordPress Key Information: Software Type: Plugin Software Slug: burst-statistics Software Status: Active…

Read about this Latest WordPress Vulnerability

User Profile Builder Vulnerability – Missing Authorization to Plugin Settings Change via wppb_two_factor_authentication_settings_update – CVE-2024-0324 | WordPress Plugin Vulnerability Report

January 16, 2024

Posted in Security, Vulnerabilities

Plugin Name: User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor Key Information: Software Type:…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Orbit Fox by ThemeIsle Vulnerability - Authenticated Stored Cross-site Scripting via Pricing Table Elementor Widget - CVE-2024-0508 | WordPress Plugin Vulnerability Report - Vulnerabilities

Orbit Fox by ThemeIsle Vulnerability – Authenticated Stored Cross-site Scripting via Pricing Table Elementor Widget – CVE-2024-0508 | WordPress Plugin Vulnerability Report

January 15, 2024

Posted in Vulnerabilities, Security

Plugin Name: Orbit Fox by ThemeIsle Key Information: Software Type: Plugin Software Slug: themeisle-companion Software Status: Active Software Author: themeisle…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Advanced Woo Search Vulnerability - Reflected Cross-Site Scripting - CVE-2024-0251 | WordPress Plugin Vulnerability Report - Vulnerabilities

Advanced Woo Search Vulnerability – Reflected Cross-Site Scripting – CVE-2024-0251 | WordPress Plugin Vulnerability Report

January 12, 2024

Posted in Vulnerabilities, Security

Plugin Name: Advanced Woo Search Key Information: Software Type: Plugin Software Slug: advanced-woo-search Software Status: Active Software Author: Mihail Barinov…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Paid Memberships Pro Vulnerability – Information Exposure in Debug Logs | WordPress Plugin Vulnerability Report - Vulnerabilities

Paid Memberships Pro Vulnerability – Information Exposure in Debug Logs | WordPress Plugin Vulnerability Report

January 12, 2024

Posted in Vulnerabilities, Security

Plugin Name: Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions Key Information: Software Type: Plugin Software Slug:…

Read about this Latest WordPress Vulnerability

AI Engine Vulnerability – Authenticated(Editor+) Arbitrary File Upload via add_image_from_url – CVE-2024-0699 | WordPress Plugin Vulnerability Report

Amelia Booking Vulnerability – Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode – CVE-2023-6808 | WordPress Plugin Vulnerability Report

Contact Form Plugin – Authenticated(Administrator+) Stored Cross-Site Scripting via imported form title – CVE-2024-0618 | WordPress Plugin Vulnerability Report

Getwid – Gutenberg Blocks – Missing Authorization & Captcha Bypass – CVE-2023-6959 & CVE-2023-6963 | WordPress Plugin Vulnerability Report

Essential Addons for Elementor Vulnerabilities- Authenticated Stored Cross-Site Scripting – CVE-2024-0586 & CVE-2024-0585 | WordPress Plugin Vulnerability Report

WP Recipe Maker Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via header_tag – CVE-2024-0382 | WordPress Plugin Vulnerability Report

Advanced Custom Fields (ACF) – Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Field – CVE-2023-6701 | WordPress Plugin Vulnerability Report

Burst Statistics Vulnerability – Authenticated (Editor+) SQL Injection – CVE-2024-0405 | WordPress Plugin Vulnerability Report

User Profile Builder Vulnerability – Missing Authorization to Plugin Settings Change via wppb_two_factor_authentication_settings_update – CVE-2024-0324 | WordPress Plugin Vulnerability Report

Orbit Fox by ThemeIsle Vulnerability – Authenticated Stored Cross-site Scripting via Pricing Table Elementor Widget – CVE-2024-0508 | WordPress Plugin Vulnerability Report

Advanced Woo Search Vulnerability – Reflected Cross-Site Scripting – CVE-2024-0251 | WordPress Plugin Vulnerability Report

Paid Memberships Pro Vulnerability – Information Exposure in Debug Logs | WordPress Plugin Vulnerability Report

Recent Blog Posts

Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App Vulnerability – Missing Authorization to Account Takeover via Unauthenticated Email Log Disclosure – CVE: NA | WordPress Plugin Vulnerability Report

SiteSEO – SEO Simplified Vulnerability – Missing Authorization to Authenticated (Author+) Plugin Settings Update – CVE-2025-12367 | WordPress Plugin Vulnerability Report

Qi Blocks Vulnerability – Missing Authorization to Authenticated (Contributor+) Plugin Settings Update – CVE-2025-12180 | WordPress Plugin Vulnerability Report

Additional Resources

About Your WP Guy