WordPress Vulnerability Daily Update

WP Plugin Vulnerabilities Image - WordPress Plugin Vulnerability Report - Ad Inserter - Unauthenticated Sensitive Information Exposure - CVE-2023-4668, CVE-2023-4645 - Vulnerabilities

WordPress Plugin Vulnerability Report – Ad Inserter – Unauthenticated Sensitive Information Exposure – CVE-2023-4668, CVE-2023-4645

September 22, 2023

Plugin Name: Ad Inserter Key Information: Software Type: Plugin Software Slug: ad-inserter Software Status: Active Software Author: Spacetime Software Downloads:…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - WordPress Plugin Vulnerability Report - Media Library Assistant - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode - CVE-2023-4716 - Vulnerabilities

WordPress Plugin Vulnerability Report – Media Library Assistant – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2023-4716

September 21, 2023

Posted in Vulnerabilities, Security

Plugin Name: Media Library Assistant Key Information: Software Type: Plugin Software Slug: media-library-assistant Software Status: Active Software Author: David Lingren…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - WordPress Plugin Vulnerability Report - Leaflet Map - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode - CVE-2023-5050 - Vulnerabilities

WordPress Plugin Vulnerability Report – Leaflet Map – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2023-5050

September 20, 2023

Posted in Vulnerabilities, Security

Plugin Name: Leaflet Map Key Information: Software Type: Plugin Software Slug: leaflet-map Software Status: Active Software Author: bozdoz Software Downloads:…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - WordPress Plugin Vulnerability Report - Table of Contents Plus - Authenticated (Administrator+) Stored Cross-Site Scripting - Vulnerabilities

WordPress Plugin Vulnerability Report – Table of Contents Plus – Authenticated (Administrator+) Stored Cross-Site Scripting

September 19, 2023

Posted in Vulnerabilities, Security

Plugin Name: Table of Contents Plus Key Information: Software Type: Plugin Software Slug: table-of-contents-plus Software Status: Active Software Author: conjur3r…

Read about this Latest WordPress Vulnerability

WordPress Plugin Vulnerability Report – Comments – wpDiscuz – Unauthenticated SQL Injection

September 18, 2023

Posted in Vulnerabilities, Security

Plugin Name: Comments – wpDiscuz Key Information: Software Type: Plugin Software Slug: wpdiscuz Software Status: Active Software Author: advancedcoding Software…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - WordPress Plugin Vulnerability Report - Essential Addons for Elementor - Authenticated (Contributor+) Privilege Escalation - Vulnerabilities

WordPress Plugin Vulnerability Report – Essential Addons for Elementor – Authenticated (Contributor+) Privilege Escalation

September 14, 2023

Posted in Vulnerabilities, Security

Plugin Name: Essential Addons for Elementor Key Information: Software Type: Plugin Software Slug: essential-addons-for-elementor-lite Software Status: Active Software Author: wpdevteam…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - WordPress Plugin Vulnerabilities Report - Booster for WooCommerce - Authenticated Stored Cross-Site Scripting & Information Disclosure - CVE-2023-4945, CVE-2023-4796 - Vulnerabilities

WordPress Plugin Vulnerabilities Report – Booster for WooCommerce – Authenticated Stored Cross-Site Scripting & Information Disclosure – CVE-2023-4945, CVE-2023-4796

September 13, 2023

Posted in Vulnerabilities, Security

Plugin Name: Booster for WooCommerce Key Information: Software Type: Plugin Software Slug: woocommerce-jetpack Software Status: Active Software Author: pluggabl Software…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - WordPress Plugin Vulnerability Report - Migration, Backup, Staging – WPvivid - Missing Authorization & Stored Cross-Site Scripting - Vulnerabilities

WordPress Plugin Vulnerability Report – Migration, Backup, Staging – WPvivid – Missing Authorization & Stored Cross-Site Scripting

September 12, 2023

Posted in Vulnerabilities, Security

Plugin Name: Migration, Backup, Staging – WPvivid Key Information: Software Type: Plugin Software Slug: wpvivid-backuprestore Software Status: Active Software Author:…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - WordPress Plugin Vulnerability Report: Slimstat Analytics - Authenticated (Contributor+) Blind SQL Injection via Shortcode - CVE-2023-4598 - Vulnerabilities

WordPress Plugin Vulnerability Report: Slimstat Analytics – Authenticated (Contributor+) Blind SQL Injection via Shortcode – CVE-2023-4598

September 11, 2023

Posted in Vulnerabilities, Security

Key Information: Software Type: Plugin Software Slug: wp-slimstat Software Status: Active Software Author: mostafas1990 Software Downloads: 5,922,898 Active Installs: 100,000…

Read about this Latest WordPress Vulnerability

WordPress Plugin Vulnerability Report: EWWW Image Optimizer – Sensitive Information Exposure

September 8, 2023

Posted in Vulnerabilities, Security

Plugin Name: EWWW Image Optimizer Key Information: Software Type: Plugin Software Slug: ewww-image-optimizer Software Status: Active Software Author: nosilver4u Software…

Read about this Latest WordPress Vulnerability

WordPress Plugin Vulnerability Report: EmbedPress – Cross-Site Request Forgery

September 8, 2023

Posted in Vulnerabilities, Security

Plugin Name: EmbedPress Key Information: Software Type: Plugin Software Slug: embedpress Software Status: Active Software Author: wpdevteam Software Downloads: 1,709,151…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - WordPress Plugin Vulnerability Report: Duplicate Post Page Menu & Custom Post Type - Missing Authorization to Post Duplication - CVE-2023-4792 - Vulnerabilities

WordPress Plugin Vulnerability Report: Duplicate Post Page Menu & Custom Post Type – Missing Authorization to Post Duplication – CVE-2023-4792

September 8, 2023

Posted in Vulnerabilities, Security

Plugin Name: Duplicate Post Page Menu & Custom Post Type Key Information: Software Type: Plugin Software Slug: duplicate-post-page-menu-custom-post-type Software Status:…

Read about this Latest WordPress Vulnerability

WordPress Plugin Vulnerability Report – Ad Inserter – Unauthenticated Sensitive Information Exposure – CVE-2023-4668, CVE-2023-4645

WordPress Plugin Vulnerability Report – Media Library Assistant – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2023-4716

WordPress Plugin Vulnerability Report – Leaflet Map – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2023-5050

WordPress Plugin Vulnerability Report – Table of Contents Plus – Authenticated (Administrator+) Stored Cross-Site Scripting

WordPress Plugin Vulnerability Report – Comments – wpDiscuz – Unauthenticated SQL Injection

WordPress Plugin Vulnerability Report – Essential Addons for Elementor – Authenticated (Contributor+) Privilege Escalation

WordPress Plugin Vulnerabilities Report – Booster for WooCommerce – Authenticated Stored Cross-Site Scripting & Information Disclosure – CVE-2023-4945, CVE-2023-4796

WordPress Plugin Vulnerability Report – Migration, Backup, Staging – WPvivid – Missing Authorization & Stored Cross-Site Scripting

WordPress Plugin Vulnerability Report: Slimstat Analytics – Authenticated (Contributor+) Blind SQL Injection via Shortcode – CVE-2023-4598

WordPress Plugin Vulnerability Report: EWWW Image Optimizer – Sensitive Information Exposure

WordPress Plugin Vulnerability Report: EmbedPress – Cross-Site Request Forgery

WordPress Plugin Vulnerability Report: Duplicate Post Page Menu & Custom Post Type – Missing Authorization to Post Duplication – CVE-2023-4792

Recent Blog Posts

Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App Vulnerability – Missing Authorization to Account Takeover via Unauthenticated Email Log Disclosure – CVE: NA | WordPress Plugin Vulnerability Report

SiteSEO – SEO Simplified Vulnerability – Missing Authorization to Authenticated (Author+) Plugin Settings Update – CVE-2025-12367 | WordPress Plugin Vulnerability Report

Qi Blocks Vulnerability – Missing Authorization to Authenticated (Contributor+) Plugin Settings Update – CVE-2025-12180 | WordPress Plugin Vulnerability Report

Additional Resources

About Your WP Guy