WordPress Vulnerability Daily Update

WordPress Plugin Vulnerability Report – Slider – Missing Authorization via AJAX action

November 16, 2023

Plugin Name: Slider – Ultimate Responsive Image Slider Key Information: Software Type: Plugin Software Slug: ultimate-responsive-image-slider Software Status: Active Software Author: farazfrank Software Downloads: 1,338,384…

Read about this Latest WordPress Vulnerability

WordPress Plugin Vulnerability Report – Elementor Addon Elements – Cross-Site Request Forgery – CVE-2023-4690

November 15, 2023

Posted in Vulnerabilities, Security

Plugin Name: Elementor Addon Elements Key Information: Software Type: Plugin Software Slug: addon-elements-for-elementor-page-builder Software Status: Active Software Author: webtechstreet Software Downloads: 2,143,312 Active Installs: 100,000 Last…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - WordPress Plugin Vulnerability Report - Forminator - Authenticated (Administrator+) Arbitrary File Upload - CVE-2023-6133 - Vulnerabilities

WordPress Plugin Vulnerability Report – Forminator – Authenticated (Administrator+) Arbitrary File Upload – CVE-2023-6133

November 14, 2023

Posted in Vulnerabilities, Security

Plugin Name: Forminator Key Information: Software Type: Plugin Software Slug: forminator Software Status: Active Software Author: wpmudev Software Downloads: 5,677,838…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - WordPress Plugin Vulnerability Report - Shareaholic - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode - CVE-2023-4889 - Vulnerabilities

WordPress Plugin Vulnerability Report – Shareaholic – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2023-4889

November 14, 2023

Posted in Vulnerabilities, Security

Plugin Name: Shareaholic Key Information: Software Type: Plugin Software Slug: shareaholic Software Status: Active Software Author: shareaholic Software Downloads: 4,734,248 Active Installs: 30,000 Last Updated: November 14,…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - WordPress Plugin Vulnerability Report - Ultimate Dashboard - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings - CVE-2023-4726 - Vulnerabilities

WordPress Plugin Vulnerability Report – Ultimate Dashboard – Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings – CVE-2023-4726

November 13, 2023

Posted in Vulnerabilities, Security

Plugin Name: Ultimate Dashboard Key Information: Software Type: Plugin Software Slug: ultimate-dashboard Software Status: Active Software Author: davidvongries Software Downloads: 539,497 Active Installs: 60,000 Last Updated: November…

Read about this Latest WordPress Vulnerability

WordPress Plugin Vulnerability Report – WP Fastest Cache – Unauthenticated SQL Injection – CVE-2023-6063

November 13, 2023

Posted in Vulnerabilities, Security

Plugin Name: WP Fastest Cache Key Information: Software Type: Plugin Software Slug: wp-fastest-cache Software Status: Active Software Author: emrevona Software…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - WordPress Plugin Vulnerability Report - Advanced iFrame - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode - CVE-2023-4775 - Vulnerabilities

WordPress Plugin Vulnerability Report – Advanced iFrame – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2023-4775

November 9, 2023

Posted in Vulnerabilities, Security

Plugin Name: Advanced iFrame Key Information: Software Type: Plugin Software Slug: advanced-iframe Software Status: Active Software Author: mdempfle Software Downloads: 1,768,520 Active Installs: 60,000 Last Updated: November…

Read about this Latest WordPress Vulnerability

WordPress Plugin Vulnerability Report – Quiz And Survey Master – Multiple Cross-Site Request Forgery

November 8, 2023

Posted in Vulnerabilities, Security

Plugin Name: Quiz And Survey Master Key Information: Software Type: Plugin Software Slug: quiz-master-next Software Status: Active Software Author: expresstech Software Downloads: 2,153,834 Active Installs: 40,000…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - WordPress Plugin Vulnerability Report - LearnPress - Reflected Cross-Site Scripting via add_internal_scripts_to_head - Vulnerabilities

WordPress Plugin Vulnerability Report – LearnPress – Reflected Cross-Site Scripting via add_internal_scripts_to_head

November 7, 2023

Posted in Vulnerabilities, Security

Plugin Name: LearnPress Key Information: Software Type: Plugin Software Slug: learnpress Software Status: Active Software Author: thimpress Software Downloads: 3,770,912 Active Installs: 90,000 Last Updated: November 7,…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - WordPress Plugin Vulnerability Report - UpdraftPlus - Cross-Site Request Forgery to Google Drive Storage Update - CVE-2023-5982 - Vulnerabilities

WordPress Plugin Vulnerability Report – UpdraftPlus – Cross-Site Request Forgery to Google Drive Storage Update – CVE-2023-5982

November 7, 2023

Posted in Vulnerabilities, Security

Plugin Name: UpdraftPlus Key Information: Software Type: Plugin Software Slug: updraftplus Software Status: Active Software Author: davidanderson Software Downloads: 107,410,188 Active Installs: 3,000,000 Last Updated: November 7,…

Read about this Latest WordPress Vulnerability

WordPress Plugin Vulnerability Report – User Profile Builder – Cross-Site Request Forgery via pms-cross-promotion.php

November 7, 2023

Posted in Vulnerabilities, Security

Plugin Name: User Profile Builder Key Information: Software Type: Plugin Software Slug: profile-builder Software Status: Active Software Author: reflectionmedia Software Downloads: 3,998,068 Active Installs: 50,000 Last…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - WordPress Plugin Vulnerability Report - Social Warfare - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode - CVE-2023-4842 - Vulnerabilities

WordPress Plugin Vulnerability Report – Social Warfare – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2023-4842

November 6, 2023

Posted in Vulnerabilities, Security

Plugin Name: Social Warfare Key Information: Software Type: Plugin Software Slug: social-warfare Software Status: Active Software Author: warfareplugins Software Downloads: 1,609,161 Active Installs: 30,000 Last Updated: November…

Read about this Latest WordPress Vulnerability

WordPress Plugin Vulnerability Report – Slider – Missing Authorization via AJAX action

WordPress Plugin Vulnerability Report – Elementor Addon Elements – Cross-Site Request Forgery – CVE-2023-4690

WordPress Plugin Vulnerability Report – Forminator – Authenticated (Administrator+) Arbitrary File Upload – CVE-2023-6133

WordPress Plugin Vulnerability Report – Shareaholic – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2023-4889

WordPress Plugin Vulnerability Report – Ultimate Dashboard – Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings – CVE-2023-4726

WordPress Plugin Vulnerability Report – WP Fastest Cache – Unauthenticated SQL Injection – CVE-2023-6063

WordPress Plugin Vulnerability Report – Advanced iFrame – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2023-4775

WordPress Plugin Vulnerability Report – Quiz And Survey Master – Multiple Cross-Site Request Forgery

WordPress Plugin Vulnerability Report – LearnPress – Reflected Cross-Site Scripting via add_internal_scripts_to_head

WordPress Plugin Vulnerability Report – UpdraftPlus – Cross-Site Request Forgery to Google Drive Storage Update – CVE-2023-5982

WordPress Plugin Vulnerability Report – User Profile Builder – Cross-Site Request Forgery via pms-cross-promotion.php

WordPress Plugin Vulnerability Report – Social Warfare – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2023-4842

Recent Blog Posts

Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App Vulnerability – Missing Authorization to Account Takeover via Unauthenticated Email Log Disclosure – CVE: NA | WordPress Plugin Vulnerability Report

SiteSEO – SEO Simplified Vulnerability – Missing Authorization to Authenticated (Author+) Plugin Settings Update – CVE-2025-12367 | WordPress Plugin Vulnerability Report

Qi Blocks Vulnerability – Missing Authorization to Authenticated (Contributor+) Plugin Settings Update – CVE-2025-12180 | WordPress Plugin Vulnerability Report

Additional Resources

About Your WP Guy