WordPress Vulnerability Daily Update

Prime Slider – Addons For Elementor Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Pacific Widget – CVE-2024-5640 | WordPress Plugin Vulnerability Report

June 6, 2024

Plugin Name: Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) Key Information: Software Type:…

Tutor LMS – eLearning and online course solution Vulnerability – Authenticated (Instructor+) Insecure Direct Object Reference to Arbitrary Quiz Attempt Deletion & Authenticated (Administrator+) SQL Injection – CVE-2024-5438, CVE-2024-4902 | WordPress Plugin Vulnerability Report

June 6, 2024

Posted in Vulnerabilities, Security

Plugin Name: Tutor LMS – eLearning and online course solution Key Information: Software Type: Plugin Software Slug: tutor Software Status:…

Photo Gallery by 10Web – Mobile-Friendly Image Gallery Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Zipped SVG & Path Traversal via esc_dir Function – CVE-2024-5426, CVE-2024-5481 | WordPress Plugin Vulnerability Report

June 6, 2024

Posted in Vulnerabilities, Security

Plugin Name: Photo Gallery by 10Web – Mobile-Friendly Image Gallery Key Information: Software Type: Plugin Software Slug: photo-gallery Software Status:…

WP Mobile Menu – The Mobile-Friendly Responsive Menu Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Image Alt – CVE-2024-3987 | WordPress Plugin Vulnerability Report

June 6, 2024

Posted in Vulnerabilities, Security

Plugin Name: WP Mobile Menu – The Mobile-Friendly Responsive Menu Key Information: Software Type: Plugin Software Slug: mobile-menu Software Status:…

Unlimited Elements For Elementor (Free Widgets, Addons, Templates) Vulnerability – Authenticated (Contributor+) Information Exposure, Blind SQL Injection – CVE-2024-35674, CVE-2024-5329 | WordPress Plugin Vulnerability Report

June 5, 2024

Posted in Vulnerabilities, Security

Plugin Name: Unlimited Elements For Elementor (Free Widgets, Addons, Templates) Key Information: Software Type: Plugin Software Slug: unlimited-elements-for-elementor Software Status:…

Download Manager Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via wpdm_modal_login_form Shortcode – CVE-2024-4001 | WordPress Plugin Vulnerability Report

June 4, 2024

Posted in Vulnerabilities, Security

Plugin Name: Download Manager Key Information: Software Type: Plugin Software Slug: download-manager Software Status: Active Software Author: codename065 Software Downloads:…

LearnPress – WordPress LMS Plugin Vulnerability – Basic Information Disclosure via JSON API – CVE-2024-5483 | WordPress Plugin Vulnerability Report

June 4, 2024

Posted in Vulnerabilities, Security

Plugin Name: LearnPress – WordPress LMS Plugin Key Information: Software Type: Plugin Software Slug: learnpress Software Status: Active Software Author:…

Brizy – Page Builder Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Attributes and Widget Link To URL – CVE-2024-1161, CVE-2024-3667, CVE-2024-2087, CVE-2024-1164 | WordPress Plugin Vulnerability Report

June 4, 2024

Posted in Vulnerabilities, Security

Plugin Name: Brizy – Page Builder Key Information: Software Type: Plugin Software Slug: brizy Software Status: Active Software Author: themefusecom…

EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via EmbedPress PDF Widget – CVE-2024-5571 | WordPress Plugin Vulnerability Report

June 4, 2024

Posted in Vulnerabilities, Security

Plugin Name: EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in…

Newsletter Vulnerability – Unauthenticated Stored Cross-Site Scripting via np1 – CVE-2024-5317 | WordPress Plugin Vulnerability Report

June 4, 2024

Posted in Vulnerabilities, Security

Plugin Name: Newsletter – Send awesome emails from WordPress Key Information: Software Type: Plugin Software Slug: newsletter Software Status: Active…

Email Subscribers by Icegram Express Vulnerability – Unauthenticated SQL Injection via hash – CVE-2024-4295 | WordPress Plugin Vulnerability Report

June 4, 2024

Posted in Vulnerabilities, Security

Plugin Name: Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce Key Information: Software Type:…

Newsletter, SMTP, Email marketing and Subscribe forms by Brevo (formerly Sendinblue) Vulnerability – Reflected Cross-Site Scripting – CVE-2024-35668 | WordPress Plugin Vulnerability Report

June 3, 2024

Posted in Vulnerabilities, Security

Plugin Name: Newsletter, SMTP, Email marketing and Subscribe forms by Brevo (formerly Sendinblue) Key Information: Software Type: Plugin Software Slug:…

Prime Slider – Addons For Elementor Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Pacific Widget – CVE-2024-5640 | WordPress Plugin Vulnerability Report

Tutor LMS – eLearning and online course solution Vulnerability – Authenticated (Instructor+) Insecure Direct Object Reference to Arbitrary Quiz Attempt Deletion & Authenticated (Administrator+) SQL Injection – CVE-2024-5438, CVE-2024-4902 | WordPress Plugin Vulnerability Report

Photo Gallery by 10Web – Mobile-Friendly Image Gallery Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Zipped SVG & Path Traversal via esc_dir Function – CVE-2024-5426, CVE-2024-5481 | WordPress Plugin Vulnerability Report

WP Mobile Menu – The Mobile-Friendly Responsive Menu Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Image Alt – CVE-2024-3987 | WordPress Plugin Vulnerability Report

Unlimited Elements For Elementor (Free Widgets, Addons, Templates) Vulnerability – Authenticated (Contributor+) Information Exposure, Blind SQL Injection – CVE-2024-35674, CVE-2024-5329 | WordPress Plugin Vulnerability Report

Download Manager Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via wpdm_modal_login_form Shortcode – CVE-2024-4001 | WordPress Plugin Vulnerability Report

LearnPress – WordPress LMS Plugin Vulnerability – Basic Information Disclosure via JSON API – CVE-2024-5483 | WordPress Plugin Vulnerability Report

Brizy – Page Builder Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Attributes and Widget Link To URL – CVE-2024-1161, CVE-2024-3667, CVE-2024-2087, CVE-2024-1164 | WordPress Plugin Vulnerability Report

EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via EmbedPress PDF Widget – CVE-2024-5571 | WordPress Plugin Vulnerability Report

Email Subscribers by Icegram Express Vulnerability – Unauthenticated SQL Injection via hash – CVE-2024-4295 | WordPress Plugin Vulnerability Report

Recent Blog Posts

WordPress 500 Internal Server Error: What It Means and How to Fix It

Yoast SEO – Advanced SEO with real-time guidance and built-in AI Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via ‘jsonText’ Block Attribute – CVE-2026-3427 | WordPress Plugin Vulnerability Report

The Events Calendar Vulnerability – Missing Authorization to Authenticated (Subscriber+) Data Migration Control – CVE-2025-15043 | WordPress Plugin Vulnerability Report

Additional Resources

About Your WP Guy