WordPress Vulnerability Daily Update

Paid Memberships Pro Vulnerability – Information Exposure in Debug Logs |WordPress Plugin Vulnerability Report

January 12, 2024

Plugin Name: Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions Key Information: Software Type: Plugin Software Slug:…

Read about this Latest WordPress Vulnerability

Schema & Structured Data for WP & AMP – Authenticated Stored Cross-Site Scripting – CVE-2024-22146 | WordPress Plugin Vulnerability Report

January 12, 2024

Posted in Security, Vulnerabilities

Plugin Name: Schema & Structured Data for WP & AMP Key Information: Software Type: Plugin Software Slug: schema-and-structured-data-for-wp Software Status:…

Read about this Latest WordPress Vulnerability

WooCommerce Vulnerability – Reflected Cross-Site Scripting | WordPress Plugin Vulnerability Report

January 12, 2024

Posted in Security, Vulnerabilities

Plugin Name: WooCommerce Key Information: Software Type: Plugin Software Slug: woocommerce Software Status: Active Software Author: woothemes Software Downloads: 289,194,192…

Read about this Latest WordPress Vulnerability

The Events Calendar Vulnerability – Unauthenticated Sensitive Information Exposure – CVE-2023-6557 | WordPress Plugin Vulnerability Report

January 12, 2024

Posted in Security, Vulnerabilities

Plugin Name: The Events Calendar Key Information: Software Type: Plugin Software Slug: the-events-calendar Software Status: Active Software Author: theeventscalendar Software…

Read about this Latest WordPress Vulnerability

Contact Form 7 Vulnerability– Dynamic Text Extension – Insecure Direct Object Reference – CVE-2023-6630 | WordPress Plugin Vulnerability Report

January 10, 2024

Posted in Security, Vulnerabilities

Plugin Name: Contact Form 7 – Dynamic Text Extension Key Information: Software Type: Plugin Software Slug: contact-form-7-dynamic-text-extension Software Status: Active…

Read about this Latest WordPress Vulnerability

Newsletter Vulnerability– Send Awesome Emails from WordPress – Cross-Site Request Forgery |WordPress Plugin Vulnerability Report

January 10, 2024

Posted in Security, Vulnerabilities

Plugin Name: Newsletter – Send Awesome Emails from WordPress Key Information: Software Type: Plugin Software Slug: newsletter Software Status: Active…

Read about this Latest WordPress Vulnerability

POST SMTP Vulnerability – The #1 WordPress SMTP Plugin – Authorization Bypass via type connect-app API – CVE-2023-6875 | WordPress Plugin Vulnerability Report

January 10, 2024

Posted in Security, Vulnerabilities

Plugin Name: POST SMTP – The #1 WordPress SMTP Plugin with Advanced Email Logging and Delivery Failure Notifications Key Information:…

Read about this Latest WordPress Vulnerability

Customer Reviews for WooCommerce Vulnerability – Authenticated (Author+) Arbitrary File Upload – CVE-2023-6979 |WordPress Plugin Vulnerability Report

January 9, 2024

Posted in Security, Vulnerabilities

Plugin Name: Customer Reviews for WooCommerce Key Information: Software Type: Plugin Software Slug: customer-reviews-woocommerce Software Status: Active Software Author: ivole…

Read about this Latest WordPress Vulnerability

Email Encoder Vulnerability – Protect Email Addresses and Phone Numbers – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2023-7070 |WordPress Plugin Vulnerability Report

January 9, 2024

Posted in Security, Vulnerabilities

Plugin Name: Email Encoder – Protect Email Addresses and Phone Numbers Key Information: Software Type: Plugin Software Slug: email-encoder-bundle Software…

Read about this Latest WordPress Vulnerability

Essential Blocks Vulnerability – Page Builder Gutenberg Blocks, Patterns & Templates – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2023-7071 | WordPress Plugin Vulnerability Report

January 9, 2024

Posted in Security, Vulnerabilities

Plugin Name: Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates Key Information: Software Type: Plugin Software Slug: essential-blocks…

Read about this Latest WordPress Vulnerability

Happy Addons for Elementor – Authenticated (Contributor+) Stored Cross-Site Scripting |WordPress Plugin Vulnerability Report

January 9, 2024

Posted in Security, Vulnerabilities

Plugin Name: Happy Addons for Elementor Key Information: Software Type: Plugin Software Slug: happy-elementor-addons Software Status: Active Software Author: thehappymonster…

Read about this Latest WordPress Vulnerability

List Category Posts Vulnerability- Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2023-6994 |WordPress Plugin Vulnerability Report

January 9, 2024

Posted in Security, Vulnerabilities

Plugin Name: List Category Posts Key Information: Software Type: Plugin Software Slug: list-category-posts Software Status: Active Software Author: fernandobt Software…

Read about this Latest WordPress Vulnerability

Paid Memberships Pro Vulnerability – Information Exposure in Debug Logs |WordPress Plugin Vulnerability Report

Schema & Structured Data for WP & AMP – Authenticated Stored Cross-Site Scripting – CVE-2024-22146 | WordPress Plugin Vulnerability Report

WooCommerce Vulnerability – Reflected Cross-Site Scripting | WordPress Plugin Vulnerability Report

The Events Calendar Vulnerability – Unauthenticated Sensitive Information Exposure – CVE-2023-6557 | WordPress Plugin Vulnerability Report

Contact Form 7 Vulnerability– Dynamic Text Extension – Insecure Direct Object Reference – CVE-2023-6630 | WordPress Plugin Vulnerability Report

POST SMTP Vulnerability – The #1 WordPress SMTP Plugin – Authorization Bypass via type connect-app API – CVE-2023-6875 | WordPress Plugin Vulnerability Report

Customer Reviews for WooCommerce Vulnerability – Authenticated (Author+) Arbitrary File Upload – CVE-2023-6979 |WordPress Plugin Vulnerability Report

Email Encoder Vulnerability – Protect Email Addresses and Phone Numbers – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2023-7070 |WordPress Plugin Vulnerability Report

Essential Blocks Vulnerability – Page Builder Gutenberg Blocks, Patterns & Templates – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2023-7071 | WordPress Plugin Vulnerability Report

Happy Addons for Elementor – Authenticated (Contributor+) Stored Cross-Site Scripting |WordPress Plugin Vulnerability Report

Recent Blog Posts

LiteSpeed Cache Vulnerability – Unauthenticated Sensitive Information Exposure via Log Files – CVE-2024-44000 | WordPress Plugin Vulnerability Report

Elementor Addon Elements Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Parameters – CVE-2024-4401, CVE-2024-7122 | WordPress Plugin Vulnerability Report

The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid Vulnerability – Authenticated (Contributor+) Information Disclosure – CVE-2024-7418 | WordPress Plugin Vulnerability Report

Additional Resources

About Your WP Guy