WordPress Vulnerability Daily Update

WP Plugin Vulnerabilities Image - Royal Elementor Addons and Templates Vulnerability - Authenticated (Contributor+) Stored Cross-Site Scripting, Authenticated (Author+) Stored Cross-Site Scripting via SVG Uploads - CVE-2024-4488, CVE-2024-4489 | WordPress Plugin Vulnerability Report - Vulnerabilities

Royal Elementor Addons and Templates Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting, Authenticated (Author+) Stored Cross-Site Scripting via SVG Uploads – CVE-2024-4488, CVE-2024-4489 | WordPress Plugin Vulnerability Report

June 6, 2024

Plugin Name: Royal Elementor Addons and Templates Key Information: Software Type: Plugin Software Slug: royal-elementor-addons Software Status: Active Software Author:…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - FileOrganizer Vulnerability - Sensitive Information Exposure via Directory Listing - CVE-2024-5599 | WordPress Plugin Vulnerability Report - Vulnerabilities

FileOrganizer Vulnerability – Sensitive Information Exposure via Directory Listing – CVE-2024-5599 | WordPress Plugin Vulnerability Report

June 6, 2024

Posted in Vulnerabilities, Security

Plugin Name: FileOrganizer – Manage WordPress and Website Files Key Information: Software Type: Plugin Software Slug: fileorganizer Software Status: Active…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Colibri Page Builder Vulnerability - Authenticated (Contributor+) Stored Cross-Site Scripting - CVE-2024-5038, CVE-2024-4451 | WordPress Plugin Vulnerability Report - Vulnerabilities

Colibri Page Builder Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-5038, CVE-2024-4451 | WordPress Plugin Vulnerability Report

June 6, 2024

Posted in Vulnerabilities, Security

Plugin Name: Colibri Page Builder Key Information: Software Type: Plugin Software Slug: colibri-page-builder Software Status: Active Software Author: extendthemes Software…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Clever Fox Vulnerability - Authenticated (Contributor+) Stored Cross-Site Scripting - CVE-2024-1768 | WordPress Plugin Vulnerability Report - Vulnerabilities

Clever Fox Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-1768 | WordPress Plugin Vulnerability Report

June 6, 2024

Posted in Vulnerabilities, Security

Plugin Name: Clever Fox Key Information: Software Type: Plugin Software Slug: clever-fox Software Status: Active Software Author: nayrathemes Software Downloads:…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Qi Addons For Elementor Vulnerability - Authenticated (Contributor+) Local File Inclusion - CVE-2024-4887 | WordPress Plugin Vulnerability Report - Vulnerabilities

Qi Addons For Elementor Vulnerability – Authenticated (Contributor+) Local File Inclusion – CVE-2024-4887 | WordPress Plugin Vulnerability Report

June 6, 2024

Posted in Vulnerabilities, Security

Plugin Name: Qi Addons For Elementor Key Information: Software Type: Plugin Software Slug: qi-addons-for-elementor Software Status: Active Software Author: qodeinteractive…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Prime Slider – Addons For Elementor Vulnerability - Authenticated (Contributor+) Stored Cross-Site Scripting via Pacific Widget - CVE-2024-5640 | WordPress Plugin Vulnerability Report - Vulnerabilities

Prime Slider – Addons For Elementor Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Pacific Widget – CVE-2024-5640 | WordPress Plugin Vulnerability Report

June 6, 2024

Posted in Vulnerabilities, Security

Plugin Name: Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) Key Information: Software Type:…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Tutor LMS – eLearning and online course solution Vulnerability - Authenticated (Instructor+) Insecure Direct Object Reference to Arbitrary Quiz Attempt Deletion & Authenticated (Administrator+) SQL Injection - CVE-2024-5438, CVE-2024-4902 | WordPress Plugin Vulnerability Report - Vulnerabilities

Tutor LMS – eLearning and online course solution Vulnerability – Authenticated (Instructor+) Insecure Direct Object Reference to Arbitrary Quiz Attempt Deletion & Authenticated (Administrator+) SQL Injection – CVE-2024-5438, CVE-2024-4902 | WordPress Plugin Vulnerability Report

June 6, 2024

Posted in Vulnerabilities, Security

Plugin Name: Tutor LMS – eLearning and online course solution Key Information: Software Type: Plugin Software Slug: tutor Software Status:…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Photo Gallery by 10Web – Mobile-Friendly Image Gallery Vulnerability - Authenticated (Contributor+) Stored Cross-Site Scripting via Zipped SVG & Path Traversal via esc_dir Function - CVE-2024-5426, CVE-2024-5481 | WordPress Plugin Vulnerability Report - Vulnerabilities

Photo Gallery by 10Web – Mobile-Friendly Image Gallery Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Zipped SVG & Path Traversal via esc_dir Function – CVE-2024-5426, CVE-2024-5481 | WordPress Plugin Vulnerability Report

June 6, 2024

Posted in Vulnerabilities, Security

Plugin Name: Photo Gallery by 10Web – Mobile-Friendly Image Gallery Key Information: Software Type: Plugin Software Slug: photo-gallery Software Status:…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - WP Mobile Menu – The Mobile-Friendly Responsive Menu Vulnerability - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Alt - CVE-2024-3987 | WordPress Plugin Vulnerability Report - Vulnerabilities

WP Mobile Menu – The Mobile-Friendly Responsive Menu Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Image Alt – CVE-2024-3987 | WordPress Plugin Vulnerability Report

June 6, 2024

Posted in Vulnerabilities, Security

Plugin Name: WP Mobile Menu – The Mobile-Friendly Responsive Menu Key Information: Software Type: Plugin Software Slug: mobile-menu Software Status:…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Unlimited Elements For Elementor (Free Widgets, Addons, Templates) Vulnerability - Authenticated (Contributor+) Information Exposure, Blind SQL Injection - CVE-2024-35674, CVE-2024-5329 | WordPress Plugin Vulnerability Report - Vulnerabilities

Unlimited Elements For Elementor (Free Widgets, Addons, Templates) Vulnerability – Authenticated (Contributor+) Information Exposure, Blind SQL Injection – CVE-2024-35674, CVE-2024-5329 | WordPress Plugin Vulnerability Report

June 5, 2024

Posted in Vulnerabilities, Security

Plugin Name: Unlimited Elements For Elementor (Free Widgets, Addons, Templates) Key Information: Software Type: Plugin Software Slug: unlimited-elements-for-elementor Software Status:…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - Download Manager Vulnerability - Authenticated (Contributor+) Stored Cross-Site Scripting via wpdm_modal_login_form Shortcode - CVE-2024-4001 | WordPress Plugin Vulnerability Report - Vulnerabilities

Download Manager Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via wpdm_modal_login_form Shortcode – CVE-2024-4001 | WordPress Plugin Vulnerability Report

June 4, 2024

Posted in Vulnerabilities, Security

Plugin Name: Download Manager Key Information: Software Type: Plugin Software Slug: download-manager Software Status: Active Software Author: codename065 Software Downloads:…

Read about this Latest WordPress Vulnerability

WP Plugin Vulnerabilities Image - LearnPress – WordPress LMS Plugin Vulnerability - Basic Information Disclosure via JSON API - CVE-2024-5483 | WordPress Plugin Vulnerability Report - Vulnerabilities

LearnPress – WordPress LMS Plugin Vulnerability – Basic Information Disclosure via JSON API – CVE-2024-5483 | WordPress Plugin Vulnerability Report

June 4, 2024

Posted in Vulnerabilities, Security

Plugin Name: LearnPress – WordPress LMS Plugin Key Information: Software Type: Plugin Software Slug: learnpress Software Status: Active Software Author:…

Read about this Latest WordPress Vulnerability

Royal Elementor Addons and Templates Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting, Authenticated (Author+) Stored Cross-Site Scripting via SVG Uploads – CVE-2024-4488, CVE-2024-4489 | WordPress Plugin Vulnerability Report

FileOrganizer Vulnerability – Sensitive Information Exposure via Directory Listing – CVE-2024-5599 | WordPress Plugin Vulnerability Report

Colibri Page Builder Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-5038, CVE-2024-4451 | WordPress Plugin Vulnerability Report

Clever Fox Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-1768 | WordPress Plugin Vulnerability Report

Qi Addons For Elementor Vulnerability – Authenticated (Contributor+) Local File Inclusion – CVE-2024-4887 | WordPress Plugin Vulnerability Report

Prime Slider – Addons For Elementor Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Pacific Widget – CVE-2024-5640 | WordPress Plugin Vulnerability Report

Tutor LMS – eLearning and online course solution Vulnerability – Authenticated (Instructor+) Insecure Direct Object Reference to Arbitrary Quiz Attempt Deletion & Authenticated (Administrator+) SQL Injection – CVE-2024-5438, CVE-2024-4902 | WordPress Plugin Vulnerability Report

Photo Gallery by 10Web – Mobile-Friendly Image Gallery Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Zipped SVG & Path Traversal via esc_dir Function – CVE-2024-5426, CVE-2024-5481 | WordPress Plugin Vulnerability Report

WP Mobile Menu – The Mobile-Friendly Responsive Menu Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Image Alt – CVE-2024-3987 | WordPress Plugin Vulnerability Report

Unlimited Elements For Elementor (Free Widgets, Addons, Templates) Vulnerability – Authenticated (Contributor+) Information Exposure, Blind SQL Injection – CVE-2024-35674, CVE-2024-5329 | WordPress Plugin Vulnerability Report

Download Manager Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via wpdm_modal_login_form Shortcode – CVE-2024-4001 | WordPress Plugin Vulnerability Report

LearnPress – WordPress LMS Plugin Vulnerability – Basic Information Disclosure via JSON API – CVE-2024-5483 | WordPress Plugin Vulnerability Report

Recent Blog Posts

Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App Vulnerability – Missing Authorization to Account Takeover via Unauthenticated Email Log Disclosure – CVE: NA | WordPress Plugin Vulnerability Report

SiteSEO – SEO Simplified Vulnerability – Missing Authorization to Authenticated (Author+) Plugin Settings Update – CVE-2025-12367 | WordPress Plugin Vulnerability Report

Qi Blocks Vulnerability – Missing Authorization to Authenticated (Contributor+) Plugin Settings Update – CVE-2025-12180 | WordPress Plugin Vulnerability Report

Additional Resources

About Your WP Guy