WordPress Vulnerability Daily Update

Essential Blocks Vulnerability – Page Builder Gutenberg Blocks, Patterns & Templates – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2023-7071 | WordPress Plugin Vulnerability Report

January 9, 2024

Plugin Name: Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates Key Information: Software Type: Plugin Software Slug: essential-blocks…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Happy Addons for Elementor - Authenticated (Contributor+) Stored Cross-Site Scripting |WordPress Plugin Vulnerability Report - Vulnerabilities

Happy Addons for Elementor – Authenticated (Contributor+) Stored Cross-Site Scripting |WordPress Plugin Vulnerability Report

January 9, 2024

Posted in Vulnerabilities, Security

Plugin Name: Happy Addons for Elementor Key Information: Software Type: Plugin Software Slug: happy-elementor-addons Software Status: Active Software Author: thehappymonster…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - List Category Posts Vulnerability- Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode - CVE-2023-6994 |WordPress Plugin Vulnerability Report - Vulnerabilities

List Category Posts Vulnerability- Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2023-6994 |WordPress Plugin Vulnerability Report

January 9, 2024

Posted in Vulnerabilities, Security

Plugin Name: List Category Posts Key Information: Software Type: Plugin Software Slug: list-category-posts Software Status: Active Software Author: fernandobt Software…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - OneClick Chat to Order Vulnerability - Authenticated Stored Cross-Site Scripting via Shortcode | WordPress Plugin Vulnerability Report - Vulnerabilities

OneClick Chat to Order Vulnerability – Authenticated Stored Cross-Site Scripting via Shortcode | WordPress Plugin Vulnerability Report

January 8, 2024

Posted in Vulnerabilities, Security

Plugin Name: OneClick Chat to Order Key Information: Software Type: Plugin Software Slug: oneclick-whatsapp-order Software Status: Active Software Author: walterpinem…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - WordPress Button Plugin MaxButtons - Authenticated Stored Cross-Site Scripting - CVE-2023-6594 | WordPress Plugin Vulnerability Report - Vulnerabilities

WordPress Button Plugin MaxButtons – Authenticated Stored Cross-Site Scripting – CVE-2023-6594 | WordPress Plugin Vulnerability Report

January 8, 2024

Posted in Vulnerabilities, Security

Plugin Name: WordPress Button Plugin MaxButtons Key Information: Software Type: Plugin Software Slug: maxbuttons Software Status: Active Software Author: maxfoundry…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - ElementsKit Vulnerability - Unauthenticated Sensitive Information Exposure - CVE-2023-6582 | WordPress Plugin Vulnerability Report - Vulnerabilities

ElementsKit Vulnerability – Unauthenticated Sensitive Information Exposure – CVE-2023-6582 | WordPress Plugin Vulnerability Report

January 8, 2024

Posted in Vulnerabilities, Security

Plugin Name: ElementsKit Elementor addons Key Information: Software Type: Plugin Software Slug: elementskit-lite Software Status: Active Software Author: xpeedstudio Software…

Read about this Latest WordPress Vulnerability

Download Monitor Vulnerability – Authenticated (Admin+) SQL Injection | WordPress Plugin Vulnerability Report

January 8, 2024

Posted in Vulnerabilities, Security

Plugin Name: Download Monitor Key Information: Software Type: Plugin Software Slug: download-monitor Software Status: Active Software Author: wpchill Software Downloads:…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Formidable Forms Vulnerability – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder - Authenticated (Administrator+) Stored Cross-Site Scripting - CVE-2023-6842 | WordPress Plugin Vulnerability Report - Vulnerabilities

Formidable Forms Vulnerability – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder – Authenticated (Administrator+) Stored Cross-Site Scripting – CVE-2023-6842 | WordPress Plugin Vulnerability Report

January 8, 2024

Posted in Vulnerabilities, Security

Plugin Name: Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder Key Information: Software Type:…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Gallery Plugin for WordPress – Envira Photo Gallery - Missing Authorization to Gallery Modification via envira_gallery_insert_images - CVE-2023-6742 | WordPress Plugin Vulnerability Report - Vulnerabilities

Gallery Plugin for WordPress – Envira Photo Gallery – Missing Authorization to Gallery Modification via envira_gallery_insert_images – CVE-2023-6742 | WordPress Plugin Vulnerability Report

January 8, 2024

Posted in Vulnerabilities, Security

Plugin Name: Gallery Plugin for WordPress – Envira Photo Gallery Key Information: Software Type: Plugin Software Slug: envira-gallery-lite Software Status:…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Metform Elementor Contact Form Builder Vulnerability - Cross-Site Request Forgery - CVE-2023-6788 | WordPress Plugin Vulnerability Report - Vulnerabilities

Metform Elementor Contact Form Builder Vulnerability – Cross-Site Request Forgery – CVE-2023-6788 | WordPress Plugin Vulnerability Report

January 8, 2024

Posted in Vulnerabilities, Security

Plugin Name: Metform Elementor Contact Form Builder Key Information: Software Type: Plugin Software Slug: metform Software Status: Active Software Author:…

Read about this Latest WordPress Vulnerability

User Profile Builder – Insecure Direct Object Reference – CVE-2023-6504 | WordPress Plugin Vulnerability Report

January 5, 2024

Posted in Vulnerabilities, Security

Plugin Name: User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor Key Information: Software Type:…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - RSS Aggregator by Feedzy Vulnerability - Missing Authorization - CVE-2023-6798 | WordPress Plugin Vulnerability Report - Vulnerabilities

RSS Aggregator by Feedzy Vulnerability – Missing Authorization – CVE-2023-6798 | WordPress Plugin Vulnerability Report

January 5, 2024

Posted in Vulnerabilities, Security

Plugin Name: RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator Key Information: Software…

Read about this Latest WordPress Vulnerability

Essential Blocks Vulnerability – Page Builder Gutenberg Blocks, Patterns & Templates – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2023-7071 | WordPress Plugin Vulnerability Report

Happy Addons for Elementor – Authenticated (Contributor+) Stored Cross-Site Scripting |WordPress Plugin Vulnerability Report

OneClick Chat to Order Vulnerability – Authenticated Stored Cross-Site Scripting via Shortcode | WordPress Plugin Vulnerability Report

WordPress Button Plugin MaxButtons – Authenticated Stored Cross-Site Scripting – CVE-2023-6594 | WordPress Plugin Vulnerability Report

ElementsKit Vulnerability – Unauthenticated Sensitive Information Exposure – CVE-2023-6582 | WordPress Plugin Vulnerability Report

Download Monitor Vulnerability – Authenticated (Admin+) SQL Injection | WordPress Plugin Vulnerability Report

Formidable Forms Vulnerability – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder – Authenticated (Administrator+) Stored Cross-Site Scripting – CVE-2023-6842 | WordPress Plugin Vulnerability Report

Gallery Plugin for WordPress – Envira Photo Gallery – Missing Authorization to Gallery Modification via envira_gallery_insert_images – CVE-2023-6742 | WordPress Plugin Vulnerability Report

Metform Elementor Contact Form Builder Vulnerability – Cross-Site Request Forgery – CVE-2023-6788 | WordPress Plugin Vulnerability Report

User Profile Builder – Insecure Direct Object Reference – CVE-2023-6504 | WordPress Plugin Vulnerability Report

RSS Aggregator by Feedzy Vulnerability – Missing Authorization – CVE-2023-6798 | WordPress Plugin Vulnerability Report

Recent Blog Posts

Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App Vulnerability – Missing Authorization to Account Takeover via Unauthenticated Email Log Disclosure – CVE: NA | WordPress Plugin Vulnerability Report

SiteSEO – SEO Simplified Vulnerability – Missing Authorization to Authenticated (Author+) Plugin Settings Update – CVE-2025-12367 | WordPress Plugin Vulnerability Report

Qi Blocks Vulnerability – Missing Authorization to Authenticated (Contributor+) Plugin Settings Update – CVE-2025-12180 | WordPress Plugin Vulnerability Report

Additional Resources

About Your WP Guy