WordPress Vulnerability Daily Update

WP Plugin Vulnerabilities Image - Hostinger Vulnerability - Missing Authorization to Maintenance Mode Activation - CVE-2023-6751 | WordPress Plugin Vulnerability Report - Vulnerabilities

Hostinger Vulnerability – Missing Authorization to Maintenance Mode Activation – CVE-2023-6751 | WordPress Plugin Vulnerability Report

January 5, 2024

Plugin Name: Hostinger Key Information: Software Type: Plugin Software Slug: hostinger Software Status: Active Software Author: hostinger Software Downloads: 1,609,570 Active Installs: 1,000,000 Last Updated: January 5,…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Orbit Fox by ThemeIsle Vulnerability - Authenticated Stored Cross-Site Scripting - CVE-2023-6781 | WordPress Plugin Vulnerability Report - Vulnerabilities

Orbit Fox by ThemeIsle Vulnerability – Authenticated Stored Cross-Site Scripting – CVE-2023-6781 | WordPress Plugin Vulnerability Report

January 5, 2024

Posted in Vulnerabilities, Security

Plugin Name: Orbit Fox by ThemeIsle Key Information: Software Type: Plugin Software Slug: themeisle-companion Software Status: Active Software Author:…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - LightStart Vulnerability – Maintenance Mode, Coming Soon and Landing Page Builder - Missing Authorization - CVE-2023-7019| WordPress Plugin Vulnerability Report - Vulnerabilities

LightStart Vulnerability – Maintenance Mode, Coming Soon and Landing Page Builder – Missing Authorization – CVE-2023-7019| WordPress Plugin Vulnerability Report

January 5, 2024

Posted in Vulnerabilities, Security

Plugin Name: LightStart – Maintenance Mode, Coming Soon and Landing Page Builder Key Information: Software Type: Plugin Software Slug: wp-maintenance-mode…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Happy Addons for Elementor Vulnerability - Reflected Cross-Site Scripting - CVE-2023-6632 | WordPress Plugin Vulnerability Report - Vulnerabilities

Happy Addons for Elementor Vulnerability – Reflected Cross-Site Scripting – CVE-2023-6632 | WordPress Plugin Vulnerability Report

January 5, 2024

Posted in Vulnerabilities, Security

Plugin Name: Happy Addons for Elementor Key Information: Software Type: Plugin Software Slug: happy-elementor-addons Software Status: Active Software Author: thehappymonster Software Downloads: 5,728,647 Active Installs: 400,000…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Depicter Slider Vulnerability - Cross-Site Request Forgery via save - CVE-2023-6493 | WordPress Plugin Vulnerability Report - Vulnerabilities

Depicter Slider Vulnerability – Cross-Site Request Forgery via save – CVE-2023-6493 | WordPress Plugin Vulnerability Report

January 4, 2024

Posted in Vulnerabilities, Security

Plugin Name: Depicter Slider Key Information: Software Type: Plugin Software Slug: depicter Software Status: Active Software Author: averta Software Downloads: 727,890 Active Installs: 80,000 Last Updated: January…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Pagelayer Vulnerability - Authenticated(Contributor+) Stored Cross-Site Scripting via meta fields - CVE-2023-6738 | WordPress Plugin Vulnerability Report - Vulnerabilities

Pagelayer Vulnerability – Authenticated(Contributor+) Stored Cross-Site Scripting via meta fields – CVE-2023-6738 | WordPress Plugin Vulnerability Report

January 3, 2024

Posted in Vulnerabilities, Security

Plugin Name: Pagelayer Key Information: Software Type: Plugin Software Slug: pagelayer Software Status: Active Software Author: softaculous Software Downloads: 5,480,305 Active Installs: 200,000 Last Updated: January 3,…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Essential Addons for Elementor Vulnerability - Authenticated (Contributor+) Stored Cross-Site Scripting - CVE-2023-7044 | WordPress Plugin Vulnerability Report - Vulnerabilities

Essential Addons for Elementor Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2023-7044 | WordPress Plugin Vulnerability Report

January 3, 2024

Posted in Vulnerabilities, Security

Plugin Name: Essential al Addons for Elementor Key Information: Software Type: Plugin Software Slug: essential-addons-for-elementor-lite Software Status: Active Software Author:…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Complianz Vulnerability - Authenticated(Administrator+) Stored Cross-site Scripting via settings - CVE-2023-6498 | WordPress Plugin Vulnerability Report - Vulnerabilities

Complianz Vulnerability – Authenticated(Administrator+) Stored Cross-site Scripting via settings – CVE-2023-6498 | WordPress Plugin Vulnerability Report

January 3, 2024

Posted in Vulnerabilities, Security

Plugin Name: Complianz Key Information: Software Type: Plugin Software Slug: complianz-gdpr Software Status: Active Software Author: rogierlankhorst Software Downloads: 13,636,569 Active Installs: 800,000 Last Updated: January 3,…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Simple Membership Vulnerability - Reflected Cross-Site Scripting Vulnerability via environment_mode - CVE-2023-6882 | WordPress Plugin Vulnerability Report - Vulnerabilities

Simple Membership Vulnerability – Reflected Cross-Site Scripting Vulnerability via environment_mode – CVE-2023-6882 | WordPress Plugin Vulnerability Report

December 18, 2023

Posted in Vulnerabilities, Security

Plugin Name: Simple Membership Key Information: Software Type: Plugin Software Slug: simple-membership Software Status: Active Software Author: mra13 Software Downloads: 2,315,432 Active Installs: 50,000 Last Updated: December…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - AMP for WP Vulnerability - Authenticated (Contributor+) Cross-Site Scripting via Shortcode - CVE-2023-6782 | WordPress Plugin Vulnerability Report - Vulnerabilities

AMP for WP Vulnerability – Authenticated (Contributor+) Cross-Site Scripting via Shortcode – CVE-2023-6782 | WordPress Plugin Vulnerability Report

December 18, 2023

Posted in Vulnerabilities, Security

Plugin Name: AMP for WP Key Information: Software Type: Plugin Software Slug: accelerated-mobile-pages Software Status: Active Software Author: mohammed_kaludi Software Downloads: 17,465,196 Active Installs: 100,000 Last…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Enable Media Replace Vulnerability - Reflected Cross-Site Scripting - CVE-2023-6737 | WordPress Plugin Vulnerability Report - Vulnerabilities

Enable Media Replace Vulnerability – Reflected Cross-Site Scripting – CVE-2023-6737 | WordPress Plugin Vulnerability Report

December 18, 2023

Posted in Vulnerabilities, Security

Plugin Name: Enable Media Replace Key Information: Software Type: Plugin Software Slug: enable-media-replace Software Status: Active Software Author: shortpixel Software Downloads: 10,049,054 Active Installs: 600,000 Last…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - WP Shortcodes Plugin Vulnerability - Authenticated (Contributor+) Stored Cross-Site Scripting - CVE-2023-6488 | WordPress Plugin Vulnerability Report - Vulnerabilities

WP Shortcodes Plugin Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2023-6488 | WordPress Plugin Vulnerability Report

December 18, 2023

Posted in Vulnerabilities, Security

Plugin Name: WP Shortcodes Plugin Key Information: Software Type: Plugin Software Slug: shortcodes-ultimate Software Status: Active Software Author: gn_themes Software Downloads: 18,131,157 Active Installs: 600,000 Last…

Read about this Latest WordPress Vulnerability

Hostinger Vulnerability – Missing Authorization to Maintenance Mode Activation – CVE-2023-6751 | WordPress Plugin Vulnerability Report

Orbit Fox by ThemeIsle Vulnerability – Authenticated Stored Cross-Site Scripting – CVE-2023-6781 | WordPress Plugin Vulnerability Report

LightStart Vulnerability – Maintenance Mode, Coming Soon and Landing Page Builder – Missing Authorization – CVE-2023-7019| WordPress Plugin Vulnerability Report

Happy Addons for Elementor Vulnerability – Reflected Cross-Site Scripting – CVE-2023-6632 | WordPress Plugin Vulnerability Report

Depicter Slider Vulnerability – Cross-Site Request Forgery via save – CVE-2023-6493 | WordPress Plugin Vulnerability Report

Pagelayer Vulnerability – Authenticated(Contributor+) Stored Cross-Site Scripting via meta fields – CVE-2023-6738 | WordPress Plugin Vulnerability Report

Essential Addons for Elementor Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2023-7044 | WordPress Plugin Vulnerability Report

Complianz Vulnerability – Authenticated(Administrator+) Stored Cross-site Scripting via settings – CVE-2023-6498 | WordPress Plugin Vulnerability Report

Simple Membership Vulnerability – Reflected Cross-Site Scripting Vulnerability via environment_mode – CVE-2023-6882 | WordPress Plugin Vulnerability Report

AMP for WP Vulnerability – Authenticated (Contributor+) Cross-Site Scripting via Shortcode – CVE-2023-6782 | WordPress Plugin Vulnerability Report

Enable Media Replace Vulnerability – Reflected Cross-Site Scripting – CVE-2023-6737 | WordPress Plugin Vulnerability Report

WP Shortcodes Plugin Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2023-6488 | WordPress Plugin Vulnerability Report

Recent Blog Posts

Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App Vulnerability – Missing Authorization to Account Takeover via Unauthenticated Email Log Disclosure – CVE: NA | WordPress Plugin Vulnerability Report

SiteSEO – SEO Simplified Vulnerability – Missing Authorization to Authenticated (Author+) Plugin Settings Update – CVE-2025-12367 | WordPress Plugin Vulnerability Report

Qi Blocks Vulnerability – Missing Authorization to Authenticated (Contributor+) Plugin Settings Update – CVE-2025-12180 | WordPress Plugin Vulnerability Report

Additional Resources

About Your WP Guy