WordPress Vulnerability Daily Update

Email Subscribers by Icegram Express Vulnerability – Unauthenticated SQL Injection via hash – CVE-2024-4295 | WordPress Plugin Vulnerability Report

June 4, 2024

Plugin Name: Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce Key Information: Software Type:…

Read about this Latest WordPress Vulnerability

Newsletter, SMTP, Email marketing and Subscribe forms by Brevo (formerly Sendinblue) Vulnerability – Reflected Cross-Site Scripting – CVE-2024-35668 | WordPress Plugin Vulnerability Report

June 3, 2024

Posted in Security, Vulnerabilities

Plugin Name: Newsletter, SMTP, Email marketing and Subscribe forms by Brevo (formerly Sendinblue) Key Information: Software Type: Plugin Software Slug:…

Read about this Latest WordPress Vulnerability

Shield Security – Smart Bot Blocking & Intrusion Prevention Security Vulnerability – Cross-Site Request Forgery – CVE-2024-4344 | WordPress Plugin Vulnerability Report

June 1, 2024

Posted in Security, Vulnerabilities

Plugin Name: Shield Security – Smart Bot Blocking & Intrusion Prevention Security Key Information: Software Type: Plugin Software Slug: wp-simple-firewall…

Read about this Latest WordPress Vulnerability

wpDataTables Vulnerability – Missing Authorization to DataTable Access & Modification – CVE-2024-3821 | WordPress Plugin Vulnerability Report

May 31, 2024

Posted in Security, Vulnerabilities

Plugin Name: wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin Key Information: Software Type: Plugin Software Slug:…

Read about this Latest WordPress Vulnerability

Supreme Modules Lite – Divi Theme, Extra Theme and Divi Builder Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-5501 | WordPress Plugin Vulnerability Report

May 31, 2024

Posted in Security, Vulnerabilities

Plugin Name: Supreme Modules Lite – Divi Theme, Extra Theme and Divi Builder Key Information: Software Type: Plugin Software Slug:…

Read about this Latest WordPress Vulnerability

Master Slider – Responsive Touch Slider Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2023-6382 | WordPress Plugin Vulnerability Report

May 31, 2024

Posted in Security, Vulnerabilities

Plugin Name: Master Slider – Responsive Touch Slider Key Information: Software Type: Plugin Software Slug: master-slider Software Status: Active Software…

Read about this Latest WordPress Vulnerability

Page Builder Gutenberg Blocks – CoBlocks Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Social Profiles – CVE-2024-2933 | WordPress Plugin Vulnerability Report

May 31, 2024

Posted in Security, Vulnerabilities

Plugin Name: Page Builder Gutenberg Blocks – CoBlocks Key Information: Software Type: Plugin Software Slug: coblocks Software Status: Active Software…

Read about this Latest WordPress Vulnerability

WordPress Infinite Scroll – Ajax Load More Vulnerability – Authenticated (Contributor+) Cross-Site Scripting – CVE-2024-4711 | WordPress Plugin Vulnerability Report

May 31, 2024

Posted in Security, Vulnerabilities

Plugin Name: WordPress Infinite Scroll – Ajax Load More Key Information: Software Type: Plugin Software Slug: ajax-load-more Software Status: Active…

Read about this Latest WordPress Vulnerability

Popup Builder Vulnerability – Authenticated(Contributor+) Stored Cross-Site Scripting via Custom JS – CVE-2024-2506 | WordPress Plugin Vulnerability Report

May 31, 2024

Posted in Security, Vulnerabilities

Plugin Name: Popup Builder – Create highly converting, mobile friendly marketing popups. Key Information: Software Type: Plugin Software Slug: popup-builder…

Read about this Latest WordPress Vulnerability

Blocksy Companion Vulnerability – Authenticated (Admin+) Server-Side Request Forgery – CVE-2024-35633 | WordPress Plugin Vulnerability Report

May 30, 2024

Posted in Security, Vulnerabilities

Plugin Name: Blocksy Companion Key Information: Software Type: Plugin Software Slug: blocksy-companion Software Status: Active Software Author: creativethemeshq Software Downloads:…

Read about this Latest WordPress Vulnerability

YITH WooCommerce Wishlist Vulnerability – Authenticated (Admin+) Stored Cross-Site Scripting – CVE-2024-34385 | WordPress Plugin Vulnerability Report

May 30, 2024

Posted in Security, Vulnerabilities

Plugin Name: YITH WooCommerce Wishlist Key Information: Software Type: Plugin Software Slug: yith-woocommerce-wishlist Software Status: Active Software Author: yithemes Software…

Read about this Latest WordPress Vulnerability

Happy Addons for Elementor Vulnerability – Authenticated Stored Cross-Site Scripting – CVE-2024-5041, CVE-2024-5347 | WordPress Plugin Vulnerability Report

May 30, 2024

Posted in Security, Vulnerabilities

Plugin Name: Happy Addons for Elementor Key Information: Software Type: Plugin Software Slug: happy-elementor-addons Software Status: Active Software Author: thehappymonster…

Read about this Latest WordPress Vulnerability

Email Subscribers by Icegram Express Vulnerability – Unauthenticated SQL Injection via hash – CVE-2024-4295 | WordPress Plugin Vulnerability Report

Shield Security – Smart Bot Blocking & Intrusion Prevention Security Vulnerability – Cross-Site Request Forgery – CVE-2024-4344 | WordPress Plugin Vulnerability Report

wpDataTables Vulnerability – Missing Authorization to DataTable Access & Modification – CVE-2024-3821 | WordPress Plugin Vulnerability Report

Supreme Modules Lite – Divi Theme, Extra Theme and Divi Builder Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2024-5501 | WordPress Plugin Vulnerability Report

Master Slider – Responsive Touch Slider Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting – CVE-2023-6382 | WordPress Plugin Vulnerability Report

Page Builder Gutenberg Blocks – CoBlocks Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Social Profiles – CVE-2024-2933 | WordPress Plugin Vulnerability Report

WordPress Infinite Scroll – Ajax Load More Vulnerability – Authenticated (Contributor+) Cross-Site Scripting – CVE-2024-4711 | WordPress Plugin Vulnerability Report

Blocksy Companion Vulnerability – Authenticated (Admin+) Server-Side Request Forgery – CVE-2024-35633 | WordPress Plugin Vulnerability Report

YITH WooCommerce Wishlist Vulnerability – Authenticated (Admin+) Stored Cross-Site Scripting – CVE-2024-34385 | WordPress Plugin Vulnerability Report

Happy Addons for Elementor Vulnerability – Authenticated Stored Cross-Site Scripting – CVE-2024-5041, CVE-2024-5347 | WordPress Plugin Vulnerability Report

Recent Blog Posts

LiteSpeed Cache Vulnerability – Unauthenticated Sensitive Information Exposure via Log Files – CVE-2024-44000 | WordPress Plugin Vulnerability Report

Elementor Addon Elements Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Parameters – CVE-2024-4401, CVE-2024-7122 | WordPress Plugin Vulnerability Report

The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid Vulnerability – Authenticated (Contributor+) Information Disclosure – CVE-2024-7418 | WordPress Plugin Vulnerability Report

Additional Resources

About Your WP Guy