WordPress Vulnerability Daily Update

WP Plugin Vulnerabilities Image - Plugin for Google Reviews - Authenticated Stored Cross-Site Scripting via Shortcode - CVE-2023-6884 | WordPress Plugin Vulnerability Report - Vulnerabilities

Plugin for Google Reviews – Authenticated Stored Cross-Site Scripting via Shortcode – CVE-2023-6884 | WordPress Plugin Vulnerability Report

January 12, 2024

Plugin Name: Plugin for Google Reviews Key Information: Software Type: Plugin Software Slug: widget-google-reviews Software Status: Active Software Author: widgetpack…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - PDF Invoices & Packing Slips for WooCommerce - Authenticated SQL Injection - CVE-2024-22147 | WordPress Plugin Vulnerability Report - Vulnerabilities

PDF Invoices & Packing Slips for WooCommerce – Authenticated SQL Injection – CVE-2024-22147 | WordPress Plugin Vulnerability Report

January 12, 2024

Posted in Vulnerabilities, Security

Plugin Name: PDF Invoices & Packing Slips for WooCommerce Key Information: Software Type: Plugin Software Slug: woocommerce-pdf-invoices-packing-slips Software Status: Active…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Advanced Woo Search Vulnerability - Reflected Cross-Site Scripting - CVE-2024-0251 | WordPress Plugin Vulnerability Report - Vulnerabilities

Advanced Woo Search Vulnerability – Reflected Cross-Site Scripting – CVE-2024-0251 | WordPress Plugin Vulnerability Report

January 12, 2024

Posted in Vulnerabilities, Security

Plugin Name: Advanced Woo Search Key Information: Software Type: Plugin Software Slug: advanced-woo-search Software Status: Active Software Author: mihail-barinov Software…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Paid Memberships Pro Vulnerability - Information Exposure in Debug Logs |WordPress Plugin Vulnerability Report - Vulnerabilities

Paid Memberships Pro Vulnerability – Information Exposure in Debug Logs |WordPress Plugin Vulnerability Report

January 12, 2024

Posted in Vulnerabilities, Security

Plugin Name: Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions Key Information: Software Type: Plugin Software Slug:…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Schema & Structured Data for WP & AMP - Authenticated Stored Cross-Site Scripting - CVE-2024-22146 | WordPress Plugin Vulnerability Report - Vulnerabilities

Schema & Structured Data for WP & AMP – Authenticated Stored Cross-Site Scripting – CVE-2024-22146 | WordPress Plugin Vulnerability Report

January 12, 2024

Posted in Vulnerabilities, Security

Plugin Name: Schema & Structured Data for WP & AMP Key Information: Software Type: Plugin Software Slug: schema-and-structured-data-for-wp Software Status:…

Read about this Latest WordPress Vulnerability

WooCommerce Vulnerability – Reflected Cross-Site Scripting | WordPress Plugin Vulnerability Report

January 12, 2024

Posted in Vulnerabilities, Security

Plugin Name: WooCommerce Key Information: Software Type: Plugin Software Slug: woocommerce Software Status: Active Software Author: woothemes Software Downloads: 289,194,192…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - The Events Calendar Vulnerability - Unauthenticated Sensitive Information Exposure - CVE-2023-6557 | WordPress Plugin Vulnerability Report - Vulnerabilities

The Events Calendar Vulnerability – Unauthenticated Sensitive Information Exposure – CVE-2023-6557 | WordPress Plugin Vulnerability Report

January 12, 2024

Posted in Vulnerabilities, Security

Plugin Name: The Events Calendar Key Information: Software Type: Plugin Software Slug: the-events-calendar Software Status: Active Software Author: theeventscalendar Software…

Read about this Latest WordPress Vulnerability

Contact Form 7 Vulnerability– Dynamic Text Extension – Insecure Direct Object Reference – CVE-2023-6630 | WordPress Plugin Vulnerability Report

January 10, 2024

Posted in Vulnerabilities, Security

Plugin Name: Contact Form 7 – Dynamic Text Extension Key Information: Software Type: Plugin Software Slug: contact-form-7-dynamic-text-extension Software Status: Active…

Read about this Latest WordPress Vulnerability

Newsletter Vulnerability– Send Awesome Emails from WordPress – Cross-Site Request Forgery |WordPress Plugin Vulnerability Report

January 10, 2024

Posted in Vulnerabilities, Security

Plugin Name: Newsletter – Send Awesome Emails from WordPress Key Information: Software Type: Plugin Software Slug: newsletter Software Status: Active…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - POST SMTP Vulnerability – The #1 WordPress SMTP Plugin - Authorization Bypass via type connect-app API - CVE-2023-6875 | WordPress Plugin Vulnerability Report - Vulnerabilities

POST SMTP Vulnerability – The #1 WordPress SMTP Plugin – Authorization Bypass via type connect-app API – CVE-2023-6875 | WordPress Plugin Vulnerability Report

January 10, 2024

Posted in Vulnerabilities, Security

Plugin Name: POST SMTP – The #1 WordPress SMTP Plugin with Advanced Email Logging and Delivery Failure Notifications Key Information:…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Customer Reviews for WooCommerce Vulnerability - Authenticated (Author+) Arbitrary File Upload - CVE-2023-6979 |WordPress Plugin Vulnerability Report - Vulnerabilities

Customer Reviews for WooCommerce Vulnerability – Authenticated (Author+) Arbitrary File Upload – CVE-2023-6979 |WordPress Plugin Vulnerability Report

January 9, 2024

Posted in Vulnerabilities, Security

Plugin Name: Customer Reviews for WooCommerce Key Information: Software Type: Plugin Software Slug: customer-reviews-woocommerce Software Status: Active Software Author: ivole…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Email Encoder Vulnerability – Protect Email Addresses and Phone Numbers - Authenticated (Contributor+) Stored Cross-Site Scripting - CVE-2023-7070 |WordPress Plugin Vulnerability Report - Vulnerabilities

Email Encoder Vulnerability – Protect Email Addresses and Phone Numbers – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2023-7070 |WordPress Plugin Vulnerability Report

January 9, 2024

Posted in Vulnerabilities, Security

Plugin Name: Email Encoder – Protect Email Addresses and Phone Numbers Key Information: Software Type: Plugin Software Slug: email-encoder-bundle Software…

Read about this Latest WordPress Vulnerability

Plugin for Google Reviews – Authenticated Stored Cross-Site Scripting via Shortcode – CVE-2023-6884 | WordPress Plugin Vulnerability Report

PDF Invoices & Packing Slips for WooCommerce – Authenticated SQL Injection – CVE-2024-22147 | WordPress Plugin Vulnerability Report

Advanced Woo Search Vulnerability – Reflected Cross-Site Scripting – CVE-2024-0251 | WordPress Plugin Vulnerability Report

Paid Memberships Pro Vulnerability – Information Exposure in Debug Logs |WordPress Plugin Vulnerability Report

Schema & Structured Data for WP & AMP – Authenticated Stored Cross-Site Scripting – CVE-2024-22146 | WordPress Plugin Vulnerability Report

WooCommerce Vulnerability – Reflected Cross-Site Scripting | WordPress Plugin Vulnerability Report

The Events Calendar Vulnerability – Unauthenticated Sensitive Information Exposure – CVE-2023-6557 | WordPress Plugin Vulnerability Report

Contact Form 7 Vulnerability– Dynamic Text Extension – Insecure Direct Object Reference – CVE-2023-6630 | WordPress Plugin Vulnerability Report

POST SMTP Vulnerability – The #1 WordPress SMTP Plugin – Authorization Bypass via type connect-app API – CVE-2023-6875 | WordPress Plugin Vulnerability Report

Customer Reviews for WooCommerce Vulnerability – Authenticated (Author+) Arbitrary File Upload – CVE-2023-6979 |WordPress Plugin Vulnerability Report

Email Encoder Vulnerability – Protect Email Addresses and Phone Numbers – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2023-7070 |WordPress Plugin Vulnerability Report

Recent Blog Posts

Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App Vulnerability – Missing Authorization to Account Takeover via Unauthenticated Email Log Disclosure – CVE: NA | WordPress Plugin Vulnerability Report

SiteSEO – SEO Simplified Vulnerability – Missing Authorization to Authenticated (Author+) Plugin Settings Update – CVE-2025-12367 | WordPress Plugin Vulnerability Report

Qi Blocks Vulnerability – Missing Authorization to Authenticated (Contributor+) Plugin Settings Update – CVE-2025-12180 | WordPress Plugin Vulnerability Report

Additional Resources

About Your WP Guy