WordPress Vulnerability Daily Update

SiteOrigin Widgets Bundle Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via SiteOrigin Blog Widget – CVE-2024-5090 | WordPress Plugin Vulnerability Report

June 10, 2024

Plugin Name: SiteOrigin Widgets Bundle Key Information: Software Type: Plugin Software Slug: so-widgets-bundle Software Status: Active Software Author: gpriday Software…

Read about this Latest WordPress Vulnerability

WooCommerce Vulnerability – Reflected Cross-Site Scripting via Order Attribution – CVE-2024-37297 | WordPress Plugin Vulnerability Report

June 10, 2024

Posted in Security, Vulnerabilities

Plugin Name: WooCommerce Key Information: Software Type: Plugin Software Slug: woocommerce Software Status: Active Software Author: woothemes Software Downloads: 317,169,418…

Read about this Latest WordPress Vulnerability

WPS Hide Login Vulnerability – Login Page Disclosure – CVE-2024-2473 | WordPress Plugin Vulnerability Report

June 10, 2024

Posted in Security, Vulnerabilities

Plugin Name: WPS Hide Login Key Information: Software Type: Plugin Software Slug: wps-hide-login Software Status: Active Software Author: tabrisrp Software…

Read about this Latest WordPress Vulnerability

Essential Addons for Elementor Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-5189 | WordPress Plugin Vulnerability Report

June 10, 2024

Posted in Security, Vulnerabilities

Plugin Name: Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders Key Information: Software Type: Plugin…

Read about this Latest WordPress Vulnerability

WP Reset – Most Advanced WordPress Reset Tool Vulnerability – Missing Authorization to License Key Modification – CVE-2024-4661 | WordPress Plugin Vulnerability Report

June 7, 2024

Posted in Security, Vulnerabilities

Plugin Name: WP Reset – Most Advanced WordPress Reset Tool Key Information: Software Type: Plugin Software Slug: wp-reset Software Status:…

Read about this Latest WordPress Vulnerability

WP Force SSL & HTTPS SSL Redirect Vulnerability – Missing Authorization to Settings Update – CVE-2024-5770 | WordPress Plugin Vulnerability Report

June 7, 2024

Posted in Security, Vulnerabilities

Plugin Name: WP Force SSL & HTTPS SSL Redirect Key Information: Software Type: Plugin Software Slug: wp-force-ssl Software Status: Active…

Read about this Latest WordPress Vulnerability

Minimal Coming Soon – Coming Soon Page Vulnerability – Missing Authorization to Limited Settings Change – CVE-2024-5087 | WordPress Plugin Vulnerability Report

June 7, 2024

Posted in Security, Vulnerabilities

Plugin Name: Minimal Coming Soon – Coming Soon Page Key Information: Software Type: Plugin Software Slug: minimal-coming-soon-maintenance-mode Software Status: Active…

Read about this Latest WordPress Vulnerability

TablePress – Tables in WordPress made easy Vulnerability – Authenticated (Author+) Server-Side Request Forgery via DNS Rebind – CVE-2024-4354 | WordPress Plugin Vulnerability Report

June 6, 2024

Posted in Security, Vulnerabilities

Plugin Name: TablePress – Tables in WordPress made easy Key Information: Software Type: Plugin Software Slug: tablepress Software Status: Active…

Read about this Latest WordPress Vulnerability

Strong Testimonials Vulnerability – Authenticated(Contributor+) Improper Authorization to Views Modification – CVE-2023-6491 | WordPress Plugin Vulnerability Report

June 6, 2024

Posted in Security, Vulnerabilities

Plugin Name: Strong Testimonials Key Information: Software Type: Plugin Software Slug: strong-testimonials Software Status: Active Software Author: wpchill Software Downloads:…

Read about this Latest WordPress Vulnerability

Royal Elementor Addons and Templates Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting, Authenticated (Author+) Stored Cross-Site Scripting via SVG Uploads – CVE-2024-4488, CVE-2024-4489 | WordPress Plugin Vulnerability Report

June 6, 2024

Posted in Security, Vulnerabilities

Plugin Name: Royal Elementor Addons and Templates Key Information: Software Type: Plugin Software Slug: royal-elementor-addons Software Status: Active Software Author:…

Read about this Latest WordPress Vulnerability

FileOrganizer Vulnerability – Sensitive Information Exposure via Directory Listing – CVE-2024-5599 | WordPress Plugin Vulnerability Report

June 6, 2024

Posted in Security, Vulnerabilities

Plugin Name: FileOrganizer – Manage WordPress and Website Files Key Information: Software Type: Plugin Software Slug: fileorganizer Software Status: Active…

Read about this Latest WordPress Vulnerability

Colibri Page Builder Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-5038, CVE-2024-4451 | WordPress Plugin Vulnerability Report

June 6, 2024

Posted in Security, Vulnerabilities

Plugin Name: Colibri Page Builder Key Information: Software Type: Plugin Software Slug: colibri-page-builder Software Status: Active Software Author: extendthemes Software…

Read about this Latest WordPress Vulnerability

SiteOrigin Widgets Bundle Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via SiteOrigin Blog Widget – CVE-2024-5090 | WordPress Plugin Vulnerability Report

WooCommerce Vulnerability – Reflected Cross-Site Scripting via Order Attribution – CVE-2024-37297 | WordPress Plugin Vulnerability Report

Essential Addons for Elementor Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-5189 | WordPress Plugin Vulnerability Report

WP Reset – Most Advanced WordPress Reset Tool Vulnerability – Missing Authorization to License Key Modification – CVE-2024-4661 | WordPress Plugin Vulnerability Report

WP Force SSL & HTTPS SSL Redirect Vulnerability – Missing Authorization to Settings Update – CVE-2024-5770 | WordPress Plugin Vulnerability Report

Minimal Coming Soon – Coming Soon Page Vulnerability – Missing Authorization to Limited Settings Change – CVE-2024-5087 | WordPress Plugin Vulnerability Report

TablePress – Tables in WordPress made easy Vulnerability – Authenticated (Author+) Server-Side Request Forgery via DNS Rebind – CVE-2024-4354 | WordPress Plugin Vulnerability Report

Strong Testimonials Vulnerability – Authenticated(Contributor+) Improper Authorization to Views Modification – CVE-2023-6491 | WordPress Plugin Vulnerability Report

Royal Elementor Addons and Templates Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting, Authenticated (Author+) Stored Cross-Site Scripting via SVG Uploads – CVE-2024-4488, CVE-2024-4489 | WordPress Plugin Vulnerability Report

FileOrganizer Vulnerability – Sensitive Information Exposure via Directory Listing – CVE-2024-5599 | WordPress Plugin Vulnerability Report

Colibri Page Builder Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-5038, CVE-2024-4451 | WordPress Plugin Vulnerability Report

Recent Blog Posts

LiteSpeed Cache Vulnerability – Unauthenticated Sensitive Information Exposure via Log Files – CVE-2024-44000 | WordPress Plugin Vulnerability Report

Elementor Addon Elements Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Parameters – CVE-2024-4401, CVE-2024-7122 | WordPress Plugin Vulnerability Report

The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid Vulnerability – Authenticated (Contributor+) Information Disclosure – CVE-2024-7418 | WordPress Plugin Vulnerability Report

Additional Resources

About Your WP Guy