WordPress Vulnerability Daily Update

WP Plugin Vulnerabilities Image - WordPress Plugin Vulnerability Report - Mollie Payments for WooCommerce - Authenticated (Shop Manager+) Arbitrary File Upload - CVE-2023-6090 - Vulnerabilities

WordPress Plugin Vulnerability Report – Mollie Payments for WooCommerce – Authenticated (Shop Manager+) Arbitrary File Upload – CVE-2023-6090

November 27, 2023

Plugin Name: Mollie Payments for WooCommerce Key Information: Software Type: Plugin Software Slug: mollie-payments-for-woocommerce Software Status: Active Software Author: mollieintegration Software Downloads: 2,934,315 Active Installs: 100,000…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - WordPress Plugin Vulnerability Report - Shortcodes Ultimate - Authenticated (Contributor+) Stored Cross-Site Scripting & Insecure Direct Object Reference to Information Disclosure - CVE-2023-6225 & CVE-2023-6226 - Vulnerabilities

WordPress Plugin Vulnerability Report – Shortcodes Ultimate – Authenticated (Contributor+) Stored Cross-Site Scripting & Insecure Direct Object Reference to Information Disclosure – CVE-2023-6225 & CVE-2023-6226

November 27, 2023

Posted in Vulnerabilities, Security

Plugin Name: Shortcodes Ultimate Key Information: Software Type: Plugin Software Slug: shortcodes-ultimate Software Status: Active Software Author: gn_themes Software Downloads: 17,874,399 Active Installs: 600,000 Last Updated: November…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - WordPress Plugin Vulnerability Report - SiteOrigin Widgets Bundle - Authenticated (Admin+) Local File Inclusion - CVE-2023-6295 - Vulnerabilities

WordPress Plugin Vulnerability Report – SiteOrigin Widgets Bundle – Authenticated (Admin+) Local File Inclusion – CVE-2023-6295

November 27, 2023

Posted in Vulnerabilities, Security

Plugin Name: SiteOrigin Widgets Bundle Key Information: Software Type: Plugin Software Slug: so-widgets-bundle Software Status: Active Software Author: gpriday Software Downloads: 36,509,376 Active Installs: 600,000 Last…

Read about this Latest WordPress Vulnerability

WordPress Plugin Vulnerability Report – HUSKY – Missing Authorization via woof_meta_get_keys() – CVE-2023-40334

November 23, 2023

Posted in Vulnerabilities, Security

Plugin Name: HUSKY Key Information: Software Type: Plugin Software Slug: woocommerce-products-filter Software Status: Active Software Author: realmag777 Software Downloads: 1,602,499 Active Installs: 100,000 Last Updated: November 23,…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - WordPress Plugin Vulnerability Report - BackWPup - Authenticated (Administrator+) Directory Traversal - CVE-2023-5504 - Vulnerabilities

WordPress Plugin Vulnerability Report – BackWPup – Authenticated (Administrator+) Directory Traversal – CVE-2023-5504

November 22, 2023

Posted in Vulnerabilities, Security

Plugin Name: BackWPup Key Information: Software Type: Plugin Software Slug: backwpup Software Status: Active Software Author: wp_media Software Downloads: 13,284,859 Active Installs: 600,000 Last Updated: November 22,…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - WordPress Plugin Vulnerability Report - Widgets for Google Reviews - Authenticated (Editor+) Arbitrary File Upload - CVE-2023-48275 - Vulnerabilities

WordPress Plugin Vulnerability Report – Widgets for Google Reviews – Authenticated (Editor+) Arbitrary File Upload – CVE-2023-48275

November 22, 2023

Posted in Vulnerabilities, Security

Plugin Name: Widgets for Google Reviews Key Information: Software Type: Plugin Software Slug: wp-reviews-plugin-for-google Software Status: Active Software Author: trustindex…

Read about this Latest WordPress Vulnerability

WordPress Plugin Vulnerability Report – Login Lockdown – Authenticated (Administrator+) SQL Injection

November 21, 2023

Posted in Vulnerabilities, Security

Plugin Name: Login Lockdown Key Information: Software Type: Plugin Software Slug: login-lockdown Software Status: Active Software Author: webfactory Software Downloads: 1,446,808 Active Installs: 100,000 Last Updated: November…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - WordPress Plugin Vulnerability Report - Abandoned Cart Lite for WooCommerce - Improper Authorization Vulnerabilities - Vulnerabilities

WordPress Plugin Vulnerability Report – Abandoned Cart Lite for WooCommerce – Improper Authorization Vulnerabilities

November 21, 2023

Posted in Vulnerabilities, Security

Plugin Name: Abandoned Cart Lite for WooCommerce Key Information: Software Type: Plugin Software Slug: woocommerce-abandoned-cart Software Status: Active Software Author:…

Read about this Latest WordPress Vulnerability

WordPress Plugin Vulnerability Report – Analytify – Cross-Site Request Forgery

November 20, 2023

Posted in Vulnerabilities, Security

Plugin Name: Analytify Key Information: Software Type: Plugin Software Slug: wp-analytify Software Status: Active Software Author: hiddenpearls Software Downloads: 1,817,063 Active Installs: 40,000 Last Updated: November 20,…

Read about this Latest WordPress Vulnerability

WordPress Plugin Vulnerability Report – EmbedPress – Draft Vulnerability

November 17, 2023

Posted in Vulnerabilities, Security

Plugin Name: EmbedPress Key Information: Software Type: Plugin Software Slug: embedpress Software Status: Active Software Author: wpdevteam Software Downloads: 1,889,041 Active Installs: 80,000 Last Updated: November 17,…

Read about this Latest WordPress Vulnerability

WordPress Plugin Vulnerability Report – wpDiscuz – Authenticated (Administrator+) Stored Cross-Site Scripting

November 17, 2023

Posted in Vulnerabilities, Security

Plugin Name: wpDiscuz Key Information: Software Type: Plugin Software Slug: wpdiscuz Software Status: Active Software Author: advancedcoding Software Downloads: 3,042,036 Active Installs: 80,000 Last Updated: November 17,…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - WordPress Plugin Vulnerability Report - Paid Memberships Pro - Authenticated (Subscriber+) Arbitrary File Upload - CVE-2023-6187 - Vulnerabilities

WordPress Plugin Vulnerability Report – Paid Memberships Pro – Authenticated (Subscriber+) Arbitrary File Upload – CVE-2023-6187

November 16, 2023

Posted in Vulnerabilities, Security

Plugin Name: Paid Memberships Pro Key Information: Software Type: Plugin Software Slug: paid-memberships-pro Software Status: Active Software Author: strangerstudios Software Downloads: 5,334,391 Active Installs: 90,000 Last…

Read about this Latest WordPress Vulnerability

WordPress Plugin Vulnerability Report – Mollie Payments for WooCommerce – Authenticated (Shop Manager+) Arbitrary File Upload – CVE-2023-6090

WordPress Plugin Vulnerability Report – Shortcodes Ultimate – Authenticated (Contributor+) Stored Cross-Site Scripting & Insecure Direct Object Reference to Information Disclosure – CVE-2023-6225 & CVE-2023-6226

WordPress Plugin Vulnerability Report – SiteOrigin Widgets Bundle – Authenticated (Admin+) Local File Inclusion – CVE-2023-6295

WordPress Plugin Vulnerability Report – HUSKY – Missing Authorization via woof_meta_get_keys() – CVE-2023-40334

WordPress Plugin Vulnerability Report – BackWPup – Authenticated (Administrator+) Directory Traversal – CVE-2023-5504

WordPress Plugin Vulnerability Report – Widgets for Google Reviews – Authenticated (Editor+) Arbitrary File Upload – CVE-2023-48275

WordPress Plugin Vulnerability Report – Abandoned Cart Lite for WooCommerce – Improper Authorization Vulnerabilities

WordPress Plugin Vulnerability Report – Analytify – Cross-Site Request Forgery

WordPress Plugin Vulnerability Report – EmbedPress – Draft Vulnerability

WordPress Plugin Vulnerability Report – wpDiscuz – Authenticated (Administrator+) Stored Cross-Site Scripting

WordPress Plugin Vulnerability Report – Paid Memberships Pro – Authenticated (Subscriber+) Arbitrary File Upload – CVE-2023-6187

Recent Blog Posts

Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App Vulnerability – Missing Authorization to Account Takeover via Unauthenticated Email Log Disclosure – CVE: NA | WordPress Plugin Vulnerability Report

SiteSEO – SEO Simplified Vulnerability – Missing Authorization to Authenticated (Author+) Plugin Settings Update – CVE-2025-12367 | WordPress Plugin Vulnerability Report

Qi Blocks Vulnerability – Missing Authorization to Authenticated (Contributor+) Plugin Settings Update – CVE-2025-12180 | WordPress Plugin Vulnerability Report

Additional Resources

About Your WP Guy