WordPress Vulnerability Daily Update

Easy Table of Contents Vulnerability- Authenticated (Editor+) Stored Cross-Site Scripting – CVE-2024-6334 |WordPress Plugin Vulnerability Report

June 18, 2024

Plugin Name: Easy Table of Contents Key Information: Software Type: Plugin Software Slug: easy-table-of-contents Software Status: Active Software Author: magazine3…

Jeg Elementor Kit Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via JKit – Tabs and JKit – Accordion Widgets – CVE-2024-4479 | WordPress Plugin Vulnerability Report

June 14, 2024

Posted in Vulnerabilities, Security

Plugin Name: Jeg Elementor Kit Key Information: Software Type: Plugin Software Slug: jeg-elementor-kit Software Status: Active Software Author: jegtheme Software…

Simple Sitemap Vulnerability – Cross-Site Request Forgery via admin_notices – CVE-2023-6492 | WordPress Plugin Vulnerability Report

June 13, 2024

Posted in Security, Vulnerabilities

Plugin Name: Simple Sitemap – Create a Responsive HTML Sitemap Key Information: Software Type: Plugin Software Slug: simple-sitemap Software Status:…

PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Link Effects Widget – CVE-2024-5787 | WordPress Plugin Vulnerability Report

June 12, 2024

Posted in Vulnerabilities, Security

Plugin Name:PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) Key Information: Software Type: Plugin Software Slug: powerpack-lite-for-elementor Software Status:…

WP Go Maps (formerly WP Google Maps) Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-5994 | WordPress Plugin Vulnerability Report

June 12, 2024

Posted in Vulnerabilities, Security

Plugin Name:WP Go Maps (formerly WP Google Maps) Key Information: Software Type: Plugin Software Slug: wp-google-maps Software Status: Active Software…

Gutenberg Blocks with AI by Kadence WP – Page Builder Features Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via titleFont Parameter – CVE-2024-4863 | WordPress Plugin Vulnerability Report

June 12, 2024

Posted in Vulnerabilities, Security

Plugin Name:Gutenberg Blocks with AI by Kadence WP – Page Builder Features Key Information: Software Type: Plugin Software Slug: kadence-blocks…

Easy WP SMTP by SendLayer – WordPress SMTP and Email Log Plugin Vulnerability – Exposure of Sensitive Information via the UI – CVE-2024-3073 | WordPress Plugin Vulnerability Report

June 12, 2024

Posted in Vulnerabilities, Security

Plugin Name:Easy WP SMTP by SendLayer – WordPress SMTP and Email Log Plugin Key Information: Software Type: Plugin Software Slug:…

EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via PDF Widget URL – CVE-2024-1565 | WordPress Plugin Vulnerability Report

June 12, 2024

Posted in Vulnerabilities, Security

Plugin Name:EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg…

Elementor Header & Footer Builder Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Site Title Widget – CVE-2024-5757 | WordPress Plugin Vulnerability Report

June 12, 2024

Posted in Vulnerabilities, Security

Plugin Name:Elementor Header & Footer Builder Key Information: Software Type: Plugin Software Slug: header-footer-elementor Software Status: Active Software Author: brainstormforce…

MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor Vulnerability – Unauthenticated Sensitive Information Exposure – CVE-2024-4266 | WordPress Plugin Vulnerability Report

June 10, 2024

Posted in Vulnerabilities, Security

Plugin Name: MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor Key Information: Software Type: Plugin Software…

SiteOrigin Widgets Bundle Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via SiteOrigin Blog Widget – CVE-2024-5090 | WordPress Plugin Vulnerability Report

June 10, 2024

Posted in Vulnerabilities, Security

Plugin Name: SiteOrigin Widgets Bundle Key Information: Software Type: Plugin Software Slug: so-widgets-bundle Software Status: Active Software Author: gpriday Software…

WooCommerce Vulnerability – Reflected Cross-Site Scripting via Order Attribution – CVE-2024-37297 | WordPress Plugin Vulnerability Report

June 10, 2024

Posted in Vulnerabilities, Security

Plugin Name: WooCommerce Key Information: Software Type: Plugin Software Slug: woocommerce Software Status: Active Software Author: woothemes Software Downloads: 317,169,418…

Easy Table of Contents Vulnerability- Authenticated (Editor+) Stored Cross-Site Scripting – CVE-2024-6334 |WordPress Plugin Vulnerability Report

Jeg Elementor Kit Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via JKit – Tabs and JKit – Accordion Widgets – CVE-2024-4479 | WordPress Plugin Vulnerability Report

Simple Sitemap Vulnerability – Cross-Site Request Forgery via admin_notices – CVE-2023-6492 | WordPress Plugin Vulnerability Report

PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Link Effects Widget – CVE-2024-5787 | WordPress Plugin Vulnerability Report

WP Go Maps (formerly WP Google Maps) Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-5994 | WordPress Plugin Vulnerability Report

Gutenberg Blocks with AI by Kadence WP – Page Builder Features Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via titleFont Parameter – CVE-2024-4863 | WordPress Plugin Vulnerability Report

Easy WP SMTP by SendLayer – WordPress SMTP and Email Log Plugin Vulnerability – Exposure of Sensitive Information via the UI – CVE-2024-3073 | WordPress Plugin Vulnerability Report

EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via PDF Widget URL – CVE-2024-1565 | WordPress Plugin Vulnerability Report

Elementor Header & Footer Builder Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Site Title Widget – CVE-2024-5757 | WordPress Plugin Vulnerability Report

MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor Vulnerability – Unauthenticated Sensitive Information Exposure – CVE-2024-4266 | WordPress Plugin Vulnerability Report

SiteOrigin Widgets Bundle Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via SiteOrigin Blog Widget – CVE-2024-5090 | WordPress Plugin Vulnerability Report

WooCommerce Vulnerability – Reflected Cross-Site Scripting via Order Attribution – CVE-2024-37297 | WordPress Plugin Vulnerability Report

Recent Blog Posts

WordPress 500 Internal Server Error: What It Means and How to Fix It

Yoast SEO – Advanced SEO with real-time guidance and built-in AI Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via ‘jsonText’ Block Attribute – CVE-2026-3427 | WordPress Plugin Vulnerability Report

The Events Calendar Vulnerability – Missing Authorization to Authenticated (Subscriber+) Data Migration Control – CVE-2025-15043 | WordPress Plugin Vulnerability Report

Additional Resources

About Your WP Guy