WordPress Vulnerability Daily Update

WordPress Plugin Vulnerability Report – Code Snippets – Cross-Site Request Forgery via load

November 6, 2023

Plugin Name: Code Snippets Key Information: Software Type: Plugin Software Slug: code-snippets Software Status: Active Software Author: bungeshea Software Downloads: 8,867,266 Active Installs: 800,000 Last Updated: November…

Read about this Latest WordPress Vulnerability

WordPress Plugin Vulnerability Report – Top 10 – Cross-Site Request Forgery via edit_count_ajax

November 3, 2023

Posted in Vulnerabilities, Security

Plugin Name: Top 10 Key Information: Software Type: Plugin Software Slug: top-10 Software Status: Active Software Author: ajay Software Downloads:…

Read about this Latest WordPress Vulnerability

WordPress Plugin Vulnerability Report – Kadence WooCommerce Email Designer – Cross-Site Request Forgery

November 2, 2023

Posted in Vulnerabilities, Security

Plugin Name: Kadence WooCommerce Email Designer Key Information: Software Type: Plugin Software Slug: kadence-woocommerce-email-designer Software Status: Active Software Author: britner Software Downloads: 1,533,682 Active Installs: 100,000…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - WordPress Plugin Vulnerability Report - Drag and Drop Multiple File Upload– Contact Form 7 - Unauthenticated Arbitrary File Upload - CVE-2023-5822 - Vulnerabilities

WordPress Plugin Vulnerability Report – Drag and Drop Multiple File Upload– Contact Form 7 – Unauthenticated Arbitrary File Upload – CVE-2023-5822

November 1, 2023

Posted in Vulnerabilities, Security

Plugin Name: Drag and Drop Multiple File Upload- Contact Form 7 Key Information: Software Type: Plugin Software Slug: drag-and-drop-multiple-file-upload-contact-form-7 Software Status: Active Software…

Read about this Latest WordPress Vulnerability

WordPress Plugin Vulnerability Report – GiveWP – Cross-Site Request Forgery – CVE-2023-4247, CVE-2023-4248

October 31, 2023

Posted in Vulnerabilities, Security

Plugin Name: GiveWP Key Information: Software Type: Plugin Software Slug: give Software Status: Active Software Author: webdevmattcrom Software Downloads: 6,043,447 Active Installs: 100,000 Last Updated: October 31,…

Read about this Latest WordPress Vulnerability

WordPress Plugin Vulnerability Report – Solid Security – Unauthenticated Login Page Disclosure

October 31, 2023

Posted in Vulnerabilities, Security

Plugin Name: Solid Security Key Information: Software Type: Plugin Software Slug: better-wp-security Software Status: Active Software Author: ithemes Software Downloads:…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - WordPress Plugin Vulnerability Report - WP Customer Reviews - Authenticated (Subscriber+) Sensitive Information Exposure - CVE-2023-4686 - Vulnerabilities

WordPress Plugin Vulnerability Report – WP Customer Reviews – Authenticated (Subscriber+) Sensitive Information Exposure – CVE-2023-4686

October 31, 2023

Posted in Vulnerabilities, Security

Plugin Name: WP Customer Reviews Key Information: Software Type: Plugin Software Slug: wp-customer-reviews Software Status: Active Software Author: bompus Software Downloads: 1,108,443 Active Installs: 30,000 Last…

Read about this Latest WordPress Vulnerability

WordPress Plugin Vulnerability Report – 10Web Booster – Unauthenticated Arbitrary Option Deletion

October 29, 2023

Posted in Vulnerabilities, Security

Plugin Name: 10Web Booster Key Information: Software Type: Plugin Software Slug: tenweb-speed-optimizer Software Status: Active Software Author: 10web Software Downloads: 864,591 Active Installs: 80,000 Last Updated: October…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - WordPress Plugin Vulnerability Report - News & Blog Designer Pack - Unauthenticated Remote Code Execution via Local File Inclusion - CVE-2023-5815 - Vulnerabilities

WordPress Plugin Vulnerability Report – News & Blog Designer Pack – Unauthenticated Remote Code Execution via Local File Inclusion – CVE-2023-5815

October 26, 2023

Posted in Vulnerabilities, Security

Plugin Name: News & Blog Designer Pack Key Information: Software Type: Plugin Software Slug: blog-designer-pack Software Status: Active Software Author: infornweb Software Downloads: 408,098 Active…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - WordPress Plugin Vulnerability Report - All-In-One Security - Protection Bypass of Renamed Login Page via URL Encoding - Vulnerabilities

WordPress Plugin Vulnerability Report – All-In-One Security – Protection Bypass of Renamed Login Page via URL Encoding

October 25, 2023

Posted in Vulnerabilities, Security

Plugin Name: All-In-One Security Key Information: Software Type: Plugin Software Slug: all-in-one-wp-security-and-firewall Software Status: Active Software Author: davidanderson Software Downloads: 24,151,775 Active Installs: 1,000,000 Last Updated: October…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - WordPress Plugin Vulnerability Report - VK Blocks - Authenticated (Contributor+) Stored Cross-Site Scripting via Block - CVE-2023-5706 - Vulnerabilities

WordPress Plugin Vulnerability Report – VK Blocks – Authenticated (Contributor+) Stored Cross-Site Scripting via Block – CVE-2023-5706

October 24, 2023

Posted in Vulnerabilities, Security

Plugin Name: VK Blocks Key Information: Software Type: Plugin Software Slug: vk-blocks Software Status: Active Software Author: vektor-inc Software Downloads: 2,017,789 Active Installs: 80,000 Last Updated:…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - WordPress Plugin Vulnerability Report - LiteSpeed Cache - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode - CVE-2023-4372 - Vulnerabilities

WordPress Plugin Vulnerability Report – LiteSpeed Cache – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2023-4372

October 23, 2023

Posted in Vulnerabilities, Security

Plugin Name: LiteSpeed Cache Key Information: Software Type: Plugin Software Slug: litespeed-Cache Software Status: Active Software Author: litespeedtech Software Downloads: 52m564,430 Active Installs: 4,000,000 Last Updated: October…

Read about this Latest WordPress Vulnerability

WordPress Plugin Vulnerability Report – Code Snippets – Cross-Site Request Forgery via load

WordPress Plugin Vulnerability Report – Kadence WooCommerce Email Designer – Cross-Site Request Forgery

WordPress Plugin Vulnerability Report – Drag and Drop Multiple File Upload– Contact Form 7 – Unauthenticated Arbitrary File Upload – CVE-2023-5822

WordPress Plugin Vulnerability Report – GiveWP – Cross-Site Request Forgery – CVE-2023-4247, CVE-2023-4248

WordPress Plugin Vulnerability Report – WP Customer Reviews – Authenticated (Subscriber+) Sensitive Information Exposure – CVE-2023-4686

WordPress Plugin Vulnerability Report – 10Web Booster – Unauthenticated Arbitrary Option Deletion

WordPress Plugin Vulnerability Report – News & Blog Designer Pack – Unauthenticated Remote Code Execution via Local File Inclusion – CVE-2023-5815

WordPress Plugin Vulnerability Report – VK Blocks – Authenticated (Contributor+) Stored Cross-Site Scripting via Block – CVE-2023-5706

WordPress Plugin Vulnerability Report – LiteSpeed Cache – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2023-4372

Recent Blog Posts

Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App Vulnerability – Missing Authorization to Account Takeover via Unauthenticated Email Log Disclosure – CVE: NA | WordPress Plugin Vulnerability Report

SiteSEO – SEO Simplified Vulnerability – Missing Authorization to Authenticated (Author+) Plugin Settings Update – CVE-2025-12367 | WordPress Plugin Vulnerability Report

Qi Blocks Vulnerability – Missing Authorization to Authenticated (Contributor+) Plugin Settings Update – CVE-2025-12180 | WordPress Plugin Vulnerability Report

Additional Resources

About Your WP Guy