WordPress Vulnerability Daily Update

WP Plugin Vulnerabilities Image - WordPress Plugin Vulnerability Report - Booster for WooCommerce - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode - CVE-2023-5638 - Security

WordPress Plugin Vulnerability Report – Booster for WooCommerce – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2023-5638

October 18, 2023

Plugin Name: Booster for WooCommerce Key Information: Software Type: Plugin Software Slug: woocommerce-jetpack Software Status: Active Software Author: pluggabl Software…

Read about this Latest WordPress Vulnerability

WordPress Plugin Vulnerability Report – WooCommerce Stripe Payment Gateway – Cross-Site Request Forgery

October 17, 2023

Posted in Vulnerabilities, Security

Plugin Name: WooCommerce Stripe Payment Gateway Key Information: Software Type: Plugin Software Slug: woocommerce-gateway-stripe Software Status: Active Software Author: automattic…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - WordPress Plugin Vulnerability Report - Social Media Share Buttons & Social Sharing Icons - Cross-Site Request Forgery - CVE-2023-5602 - Information Exposure - CVE-2023-5070 - Security

WordPress Plugin Vulnerability Report – Social Media Share Buttons & Social Sharing Icons – Cross-Site Request Forgery – CVE-2023-5602 – Information Exposure – CVE-2023-5070

October 16, 2023

Posted in Vulnerabilities, Security

Plugin Name: Social Media Share Buttons & Social Sharing Icons Key Information: Software Type: Plugin Software Slug: ultimate-social-media-icons Software Status: Active Software Author: socialdude…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - WordPress Plugin Vulnerability Report - Embed Calendly - Authenticated Stored Cross-Site Scripting - CVE-2023-4995 - Security

WordPress Plugin Vulnerability Report – Embed Calendly – Authenticated Stored Cross-Site Scripting – CVE-2023-4995

October 13, 2023

Posted in Vulnerabilities, Security

Plugin Name: Embed Calendly Key Information: Software Type: Plugin Software Slug: embed-calendly-scheduling Software Status: Active Software Author: turn2honey Software Downloads:…

Read about this Latest WordPress Vulnerability

WordPress Plugin Vulnerability Report – Icegram Express – Email Marketing, Newsletters and Automation for WordPress & WooCommerce – Authenticated Directory Traversal – CVE-2023-5414

October 11, 2023

Posted in Vulnerabilities, Security

Plugin Name: Icegram Express – Email Marketing, Newsletters and Automation for WordPress & WooCommerce Key Information: Software Type: Plugin Software Slug: email-subscribers…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - WordPress Plugin Vulnerability Report - WPLegalPages - Authenticated (Author+) Stored Cross-Site Scripting via Shortcode - CVE-2023-4968 - Security

WordPress Plugin Vulnerability Report – WPLegalPages – Authenticated (Author+) Stored Cross-Site Scripting via Shortcode – CVE-2023-4968

October 10, 2023

Posted in Vulnerabilities, Security

Plugin Name: Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin: WPLegalPages Key Information: Software Type: Plugin Software Slug: wplegalpages…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - WordPress Plugin Vulnerability Report - WordPress Popular Posts - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode - Security

WordPress Plugin Vulnerability Report – WordPress Popular Posts – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

October 6, 2023

Posted in Vulnerabilities, Security

Plugin Name: WordPress Popular Posts Key Information: Software Type: Plugin Software Slug: wordpress-popular-posts Software Status: Active Software Author: hcabrera Software Downloads: 7,045,880 Active Installs: 200,000 Last…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - WordPress Plugin Vulnerability Report - Hotjar - Authenticated (Administrator+) Stored Cross-Site Scripting - CVE-2023-1259 - Security

WordPress Plugin Vulnerability Report – Hotjar – Authenticated (Administrator+) Stored Cross-Site Scripting – CVE-2023-1259

October 5, 2023

Posted in Vulnerabilities, Security

Plugin Name: Hotjar Key Information: Software Type: Plugin Software Slug: hotjar Software Status: Removed Software Author: hotjar Software Downloads: 868,850 Active Installs: 100,000 Last Updated: October…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - WordPress Plugin Vulnerability Report - Booster for WooCommerce - Authenticated (Subscriber+) Information Disclosure via Shortcode - Security

WordPress Plugin Vulnerability Report – Booster for WooCommerce – Authenticated (Subscriber+) Information Disclosure via Shortcode

October 4, 2023

Posted in Vulnerabilities, Security

Plugin Name: Booster for WooCommerce Key Information: Software Type: Plugin Software Slug: woocommerce-jetpack Software Status: Active Software Author: pluggabl Software Downloads: 3,383,182 Active Installs: 60,000 Last…

Read about this Latest WordPress Vulnerability

WordPress Plugin Vulnerability Report – POST SMTP Mailer – Authenticated (Administrator+) SQL Injection

October 3, 2023

Posted in Vulnerabilities, Security

Plugin Name: POST SMTP Mailer Key Information: Software Type: PluginSoftware Slug: post-smtpSoftware Status: ActiveSoftware Author: wpexpertsioSoftware Downloads: 9,128,571Active Installs: 300,000Last…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - WordPress Plugin Vulnerability Report - Modern Events Calendar Lite - Authenticated (Admin+) Stored Cross-Site Scripting - CVE-2023-4021 - Security

WordPress Plugin Vulnerability Report – Modern Events Calendar Lite – Authenticated (Admin+) Stored Cross-Site Scripting – CVE-2023-4021

September 29, 2023

Posted in Vulnerabilities, Security

Plugin Name: Modern Events Calendar Lite Key Information: Software Type: PluginSoftware Slug: modern-events-calendar-liteSoftware Status: RemovedSoftware Author: webnus/Software Downloads: 3,047,787Active Installs:…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - WordPress Plugin Vulnerability Report - iframe - Authenticated (Contributor+) Stored Cross-Site Scripting via 'iframe' Shortcode - CVE-2023-4919 - Security

WordPress Plugin Vulnerability Report – iframe – Authenticated (Contributor+) Stored Cross-Site Scripting via ‘iframe’ Shortcode – CVE-2023-4919

September 25, 2023

Posted in Vulnerabilities, Security

Plugin Name: iframe Key Information: Software Type: Plugin Software Slug: iframe Software Status: Active Software Author: webvitaly Software Downloads: 1,423,357…

Read about this Latest WordPress Vulnerability

WordPress Plugin Vulnerability Report – Booster for WooCommerce – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2023-5638

WordPress Plugin Vulnerability Report – WooCommerce Stripe Payment Gateway – Cross-Site Request Forgery

WordPress Plugin Vulnerability Report – Embed Calendly – Authenticated Stored Cross-Site Scripting – CVE-2023-4995

WordPress Plugin Vulnerability Report – Icegram Express – Email Marketing, Newsletters and Automation for WordPress & WooCommerce – Authenticated Directory Traversal – CVE-2023-5414

WordPress Plugin Vulnerability Report – WPLegalPages – Authenticated (Author+) Stored Cross-Site Scripting via Shortcode – CVE-2023-4968

WordPress Plugin Vulnerability Report – Hotjar – Authenticated (Administrator+) Stored Cross-Site Scripting – CVE-2023-1259

WordPress Plugin Vulnerability Report – POST SMTP Mailer – Authenticated (Administrator+) SQL Injection

WordPress Plugin Vulnerability Report – Modern Events Calendar Lite – Authenticated (Admin+) Stored Cross-Site Scripting – CVE-2023-4021

WordPress Plugin Vulnerability Report – iframe – Authenticated (Contributor+) Stored Cross-Site Scripting via ‘iframe’ Shortcode – CVE-2023-4919

Recent Blog Posts

Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App Vulnerability – Missing Authorization to Account Takeover via Unauthenticated Email Log Disclosure – CVE: NA | WordPress Plugin Vulnerability Report

SiteSEO – SEO Simplified Vulnerability – Missing Authorization to Authenticated (Author+) Plugin Settings Update – CVE-2025-12367 | WordPress Plugin Vulnerability Report

Qi Blocks Vulnerability – Missing Authorization to Authenticated (Contributor+) Plugin Settings Update – CVE-2025-12180 | WordPress Plugin Vulnerability Report

Additional Resources

About Your WP Guy