WordPress Vulnerability Daily Update

WP Plugin Vulnerabilities Image - Premium Addons for Elementor Vulnerability - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Animated Text Widget - CVE-2024-6495 | WordPress Plugin Vulnerability Report - Security

Premium Addons for Elementor Vulnerability – Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Animated Text Widget – CVE-2024-6495 | WordPress Plugin Vulnerability Report

July 11, 2024

Plugin Name: Premium Addons for Elementor Key Information: Software Type: Plugin Software Slug: premium-addons-for-elementor Software Status: Active Software Author: leap13…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Duplicator – Migration & Backup Plugin Vulnerability - Full Path Disclosure - CVE-2024-6210 | WordPress Plugin Vulnerability Report - Security

Duplicator – Migration & Backup Plugin Vulnerability – Full Path Disclosure – CVE-2024-6210 | WordPress Plugin Vulnerability Report

July 10, 2024

Posted in Vulnerabilities, Security

Plugin Name: Duplicator – Migration & Backup Plugin Key Information: Software Type: Plugin Software Slug: duplicator Software Status: Active Software…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - The Events Calendar Vulnerability - Cross-Site Request Forgery via action_restore_events - CVE-2024-37518 | WordPress Plugin Vulnerability Report - Security

The Events Calendar Vulnerability – Cross-Site Request Forgery via action_restore_events – CVE-2024-37518 | WordPress Plugin Vulnerability Report

July 5, 2024

Posted in Vulnerabilities, Security

Plugin Name: The Events Calendar Key Information: Software Type: Plugin Software Slug: the-events-calendar Software Status: Active Software Author: theeventscalendar Software…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Spectra – WordPress Gutenberg Blocks Vulnerability - Missing Authorization via generate_ai_content - CVE-2024-37517 | WordPress Plugin Vulnerability Report - Security

Spectra – WordPress Gutenberg Blocks Vulnerability – Missing Authorization via generate_ai_content – CVE-2024-37517 | WordPress Plugin Vulnerability Report

July 5, 2024

Posted in Vulnerabilities, Security

Plugin Name: Spectra – WordPress Gutenberg Blocks Key Information: Software Type: Plugin Software Slug: ultimate-addons-for-gutenberg Software Status: Active Software Author:…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Ocean Extra Vulnerability - Authenticated (Contributor+) Stored Cross-Site Scripting - CVE-2024-37489 | WordPress Plugin Vulnerability Report - Security

Ocean Extra Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-37489 | WordPress Plugin Vulnerability Report

July 4, 2024

Posted in Vulnerabilities, Security

Plugin Name: Ocean Extra Key Information: Software Type: Plugin Software Slug: ocean-extra Software Status: Active Software Author: oceanwp Software Downloads:…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Ninja Forms – The Contact Form Builder That Grows With You Vulnerability - Authenticated (Subscriber+) Arbitrary Shortcode Execution - CVE-2024-37934 | WordPress Plugin Vulnerability Report - Security

Ninja Forms – The Contact Form Builder That Grows With You Vulnerability – Authenticated (Subscriber+) Arbitrary Shortcode Execution – CVE-2024-37934 | WordPress Plugin Vulnerability Report

July 4, 2024

Posted in Vulnerabilities, Security

Plugin name: Ninja Forms – The Contact Form Builder That Grows With You Key Information: Software Type: Plugin Software Slug:…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Page Builder Gutenberg Blocks – CoBlocks Vulnerability - Authenticated (Contributor+) Server-Side Request Forgery - CVE-2024-4260 | WordPress Plugin Vulnerability Report - Security

Page Builder Gutenberg Blocks – CoBlocks Vulnerability – Authenticated (Contributor+) Server-Side Request Forgery – CVE-2024-4260 | WordPress Plugin Vulnerability Report

July 2, 2024

Posted in Vulnerabilities, Security

Plugin Name: Page Builder Gutenberg Blocks – CoBlocks Key Information: Software Type: Plugin Software Slug: coblocks Software Status: Active Software…

Read about this Latest WordPress Vulnerability

Page Builder Gutenberg Blocks – CoBlocks Vulnerability – Authenticated (Contributor+) Server-Side Request Forgery – CVE-2024-4260 | WordPress Plugin Vulnerability Report

July 2, 2024

Posted in Vulnerabilities, Security

Plugin Name: Page Builder Gutenberg Blocks – CoBlocks Key Information: Software Type: Plugin Software Slug: coblocks Software Status: Active Software…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Elementor Header & Footer Builder Vulnerability - Authenticated (Contributor+) Stored Cross-Site Scripting - CVE-2024-33933 | WordPress Plugin Vulnerability Report - Security

Elementor Header & Footer Builder Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-33933 | WordPress Plugin Vulnerability Report

July 1, 2024

Posted in Vulnerabilities, Security

Plugin name: Elementor Header & Footer Builder Key Information: Software Type: Plugin Software Slug: header-footer-elementor Software Status: Active Software Author:…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - WooCommerce Vulnerability - Authenticated (Shop Manager+) Content Injection - CVE-2024-35777 | WordPress Plugin Vulnerability Report - Security

WooCommerce Vulnerability – Authenticated (Shop Manager+) Content Injection – CVE-2024-35777 | WordPress Plugin Vulnerability Report

June 27, 2024

Posted in Vulnerabilities, Security

Plugin Name: WooCommerce Key Information: Software Type: Plugin Software Status: Active Software Author: woocommerce Software Downloads: 322,936,863 Active Installs: 7,000,000…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - ElementsKit Elementor addons Vulnerability - Missing Authorization - CVE-2024-37255 | WordPress Plugin Vulnerability Report - Security

ElementsKit Elementor addons Vulnerability – Missing Authorization – CVE-2024-37255 | WordPress Plugin Vulnerability Report

June 27, 2024

Posted in Vulnerabilities, Security

Plugin Name: ElementsKit Elementor addons Key Information: Software Type: Plugin Software Slug: elementskit-lite Software Status: Active Software Author: xpeedstudio Software…

Read about this Latest WordPress Vulnerability

File Manager Vulnerability – Missing Authorization – CVE-2024-37254 | WordPress Plugin Vulnerability Report

June 27, 2024

Posted in Vulnerabilities, Security

Plugin Name: File Manager Key Information: Software Type: Plugin Software Slug: wp-file-manager Software Status: Active Software Author: mndpsingh287 Software Downloads:…

Read about this Latest WordPress Vulnerability

Premium Addons for Elementor Vulnerability – Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Animated Text Widget – CVE-2024-6495 | WordPress Plugin Vulnerability Report

Duplicator – Migration & Backup Plugin Vulnerability – Full Path Disclosure – CVE-2024-6210 | WordPress Plugin Vulnerability Report

The Events Calendar Vulnerability – Cross-Site Request Forgery via action_restore_events – CVE-2024-37518 | WordPress Plugin Vulnerability Report

Spectra – WordPress Gutenberg Blocks Vulnerability – Missing Authorization via generate_ai_content – CVE-2024-37517 | WordPress Plugin Vulnerability Report

Ocean Extra Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-37489 | WordPress Plugin Vulnerability Report

Ninja Forms – The Contact Form Builder That Grows With You Vulnerability – Authenticated (Subscriber+) Arbitrary Shortcode Execution – CVE-2024-37934 | WordPress Plugin Vulnerability Report

Page Builder Gutenberg Blocks – CoBlocks Vulnerability – Authenticated (Contributor+) Server-Side Request Forgery – CVE-2024-4260 | WordPress Plugin Vulnerability Report

Page Builder Gutenberg Blocks – CoBlocks Vulnerability – Authenticated (Contributor+) Server-Side Request Forgery – CVE-2024-4260 | WordPress Plugin Vulnerability Report

Elementor Header & Footer Builder Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-33933 | WordPress Plugin Vulnerability Report

WooCommerce Vulnerability – Authenticated (Shop Manager+) Content Injection – CVE-2024-35777 | WordPress Plugin Vulnerability Report

ElementsKit Elementor addons Vulnerability – Missing Authorization – CVE-2024-37255 | WordPress Plugin Vulnerability Report

File Manager Vulnerability – Missing Authorization – CVE-2024-37254 | WordPress Plugin Vulnerability Report

Recent Blog Posts

Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App Vulnerability – Missing Authorization to Account Takeover via Unauthenticated Email Log Disclosure – CVE: NA | WordPress Plugin Vulnerability Report

SiteSEO – SEO Simplified Vulnerability – Missing Authorization to Authenticated (Author+) Plugin Settings Update – CVE-2025-12367 | WordPress Plugin Vulnerability Report

Qi Blocks Vulnerability – Missing Authorization to Authenticated (Contributor+) Plugin Settings Update – CVE-2025-12180 | WordPress Plugin Vulnerability Report

Additional Resources

About Your WP Guy