Chloe Chamberland
April 11, 2024

Wordfence Intelligence Weekly WordPress Vulnerability Report (April 1, 2024 to April 7, 2024)

🎉 Did you know we’re running a Bug Bounty Extravaganza again?

Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure!

Last week, there were 183 vulnerabilities disclosed in 147 WordPress Plugins and 2 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 68 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.

Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface, vulnerability API, webhook integration, and Wordfence CLI Vulnerability Scanner are all completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.

Enterprises, Hosting Providers, and even Individuals can use the Wordfence CLI Vulnerability Scanner to run regular vulnerability scans across the sites they protect. Or alternatively, utilize the vulnerability Database API to receive a complete dump of our database of over 15,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.

Total Unpatched & Patched Vulnerabilities Last Week

Patch Status Number of Vulnerabilities
Patched 168
Unpatched 15

Total Vulnerabilities by CVSS Severity Last Week

Severity Rating Number of Vulnerabilities
Low Severity 1
Medium Severity 149
High Severity 18
Critical Severity 15

Total Vulnerabilities by CWE Type Last Week

Vulnerability Type by CWE Number of Vulnerabilities
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 59
Missing Authorization 33
Cross-Site Request Forgery (CSRF) 25
Information Exposure 13
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') 9
Unrestricted Upload of File with Dangerous Type 7
Authorization Bypass Through User-Controlled Key 5
Deserialization of Untrusted Data 4
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') 4
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) 4
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') 2
Incorrect Privilege Assignment 2
URL Redirection to Untrusted Site ('Open Redirect') 2
Absolute Path Traversal 1
Exposure of Private Information ('Privacy Violation') 1
External Control of Assumed-Immutable Web Parameter 1
Guessable CAPTCHA 1
Improper Access Control 1
Improper Authorization 1
Improper Control of Generation of Code ('Code Injection') 1
Improper Neutralization of Alternate XSS Syntax 1
Improper Neutralization of Formula Elements in a CSV File 1
Incorrect Authorization 1
Incorrect Behavior Order: Early Validation 1
Information Exposure Through Log Files 1
Path Traversal: '.../...//' 1
Server-Side Request Forgery (SSRF) 1

Researchers That Contributed to WordPress Security Last Week

Researcher Name Number of Vulnerabilities
14
9
9
8
8
7
7
7
6
6
5
4
4
4
4
4
4
3
3
3
3
3
3
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
1
1
1
1
1
1
1
1
1
1
Sh
1
1
1
1
1
1
1
1
1
ST
1
1
1
1
1
1
1
1
1
1

Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and earn a bounty on in-scope vulnerabilities through our Bug Bounty Program. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.

WordPress Plugins with Reported Vulnerabilities Last Week

Software Name Software Slug
Advanced Local Pickup for WooCommerce advanced-local-pickup-for-woocommerce
Advanced Order Export For WooCommerce woo-order-export-lite
Advanced Search advance-search
All-in-One Video Gallery all-in-one-video-gallery
Announce from the Dashboard announce-from-the-dashboard
Announcer – Sticky Message Banner, Notification Bar – Add to Top, Bottom of your Website announcer
App Builder – Create Native Android & iOS Apps On The Flight app-builder
AppPresser – Mobile App Framework apppresser
ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup armember-membership
Auto Poster auto-poster
Bannerlid bannerlid
Beaver Builder – WordPress Page Builder beaver-builder-lite-version
Beaver Themer beaver-themer
Best WordPress Gallery Plugin – FooGallery foogallery
Bold Page Builder bold-page-builder
BoldGrid Easy SEO – Simple and Effective SEO boldgrid-easy-seo
BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin bookingpress-appointment-booking
Bricksforge bricksforge
Captcha by BestWebSoft – Spam Protection, Security Plugin for WordPress Forms captcha-bws
Carousel, Slider, Gallery by WP Carousel – Image Carousel & Photo Gallery, Post Carousel & Post Grid, Product Carousel & Product Grid for WooCommerce wp-carousel-free
CGC Maintenance Mode cgc-maintenance-mode
Church Admin church-admin
Classified Listing – Classified ads & Business Directory Plugin classified-listing
CMB2 cmb2
Colibri Page Builder colibri-page-builder
Contact Form Email contact-form-to-email
Contact Form, Survey & Popup Form Plugin for WordPress – ARForms Form Builder arforms-form-builder
ConvertKit – Email Newsletter, Email Marketing, Subscribers and Landing Pages convertkit
Creative Addons for Elementor creative-addons-for-elementor
Custom post types, Custom Fields & more custom-post-types
Demo My WordPress demo-my-wordpress
Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) easy-digital-downloads
Easy Login Styler – White Label Admin Login Page for WordPress easy-login-styler
Easy Social Share Buttons for WordPress easy-social-share-buttons3
Edwiser Bridge – WordPress Moodle LMS Integration edwiser-bridge
Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) bdthemes-element-pack-lite
Elementor Addons, Widgets and Enhancements – Stax stax-addons-for-elementor
ElementsKit Elementor addons and Templates Library elementskit-lite
ELEX WooCommerce Dynamic Pricing and Discounts elex-woocommerce-dynamic-pricing-and-discounts
Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce email-subscribers
EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor embedpress
EnvíaloSimple: Email Marketing y Newsletters envialosimple-email-marketing-y-newsletters-gratis
Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates essential-blocks
EventPrime – Events Calendar, Bookings and Tickets eventprime-event-calendar-management
FancyBox for WordPress fancybox-for-wordpress
FG Drupal to WordPress fg-drupal-to-wp
File Manager wp-file-manager
Flexible Checkout Fields for WooCommerce – WooCommerce Checkout Manager flexible-checkout-fields
Floating Chat Widget: Contact Chat Icons, WhatsApp, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button – Chaty chaty
Form to Chat App ⚡️ form-to-chat
Formsite | Embed online forms to collect orders, registrations, leads, and surveys formsite
Generate Child Theme generate-child-theme
Genesis Blocks genesis-blocks
Global Elementor Buttons global-elementor-buttons
Gradient Text Widget for Elementor gradient-text-widget-for-elementor
Gutenberg Blocks with AI by Kadence WP – Page Builder Features kadence-blocks
Happy Addons for Elementor happy-elementor-addons
Image Watermark image-watermark
Import XML and RSS Feeds import-xml-feed
Jeg Elementor Kit jeg-elementor-kit
JS Help Desk – Best Help Desk & Support Plugin js-support-ticket
LayerSlider LayerSlider
LearnPress Export Import – WordPress extension for LearnPress learnpress-import-export
LearnPress – WordPress LMS Plugin learnpress
Loan Repayment Calculator and Application Form quick-interest-slider
MailMunch – Grow your Email List mailmunch
Masteriyo LMS – eLearning and Online Course Builder for WordPress learning-management-system
MasterStudy LMS WordPress Plugin – for Online Courses and Education masterstudy-lms-learning-management-system
Media Library Folders media-library-plus
MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor metform
MM-email2image mm-email2image
Modal Popup Box – Popup Builder, Show Offers And News in Popup modal-popup-box
MP3 Audio Player for Music, Radio & Podcast by Sonaar mp3-music-player-by-sonaar
Multiple Page Generator Plugin – MPG multiple-pages-generator-by-porthas
MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution dc-woocommerce-multi-vendor
Nudgify Social Proof, Sales Popup & FOMO – Best WordPress Social Proof Plugin nudgify
Passster – Password Protect Pages and Content content-protector
Photo Gallery by 10Web – Mobile-Friendly Image Gallery photo-gallery
Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX ultimate-post
Post Views Counter post-views-counter
Powerkit – Supercharge your WordPress Site powerkit
Premium Addons for Elementor premium-addons-for-elementor
Product Designer product-designer
Product Sort and Display for WooCommerce woocommerce-product-sort-and-display
ProfileGrid – User Profiles, Memberships, Groups and Communities profilegrid-user-profiles-groups-and-communities
RapidLoad 2.2 – Speed Monster in One Plugin unusedcss
ReDi Restaurant Reservation redi-restaurant-reservation
rehub-framework rehub-framework
Relevanssi – A Better Search relevanssi
Relevanssi – A Better Search (Pro) relevanssi-premium
Responsive Lightbox & Gallery responsive-lightbox
Royal Elementor Addons and Templates royal-elementor-addons
RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator feedzy-rss-feeds
s2Member – Best Membership Plugin for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions s2member
SearchIQ – The Search Solution searchiq
SecuPress Free — WordPress Security secupress
Sharkdropship Dropshipping & Affiliate for for AliExpress wooshark-aliexpress-importer
ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) woolentor-addons
ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization shortpixel-adaptive-images
Sign-up Sheets sign-up-sheets
Slideshow Gallery LITE slideshow-gallery
Smart Online Order for Clover clover-online-orders
Social Sharing Plugin – Sassy Social Share sassy-social-share
Spectra – WordPress Gutenberg Blocks ultimate-addons-for-gutenberg
Squelch Tabs and Accordions Shortcodes squelch-tabs-and-accordions-shortcodes
Strong Testimonials strong-testimonials
Subscribe To Comments Reloaded subscribe-to-comments-reloaded
Sumo – Boost Conversion and Sales sumome
Super Testimonials super-testimonial
Sydney Toolbox sydney-toolbox
Template Kit – Import template-kit-import
Tickera – WordPress Event Ticketing tickera-event-ticketing-system
Tracking Code Manager tracking-code-manager
Transcoder transcoder
Ultimate Bootstrap Elements for Elementor ultimate-bootstrap-elements-for-elementor
Ultimate Maps by Supsystic ultimate-maps-by-supsystic
User Activity Log user-activity-log
User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor profile-builder
User Spam Remover user-spam-remover
Watu Quiz watu
Wholesale For WooCommerce woocommerce-wholesale-pricing
WooCommerce woocommerce
WooCommerce Checkout Field Editor (Checkout Manager) woo-checkout-regsiter-field-editor
WooCommerce Customers Manager woocommerce-customers-manager
WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels print-invoices-packing-slip-labels-for-woocommerce
WordPress Backup & Migration wp-migration-duplicator
WordPress Classifieds Plugin – Ad Directory & Listings by AWP Classifieds another-wordpress-classifieds-plugin
WordPress Comments Import & Export comments-import-export-woocommerce
WordPress Gallery Exporter – Export your NextGen, Envira and FooGallery galleries to your computer wp-gallery-exporter
WordPress Gallery Plugin – NextGEN Gallery nextgen-gallery
WordPress Tag, Category, and Taxonomy Manager – AI Autotagger simple-tags
WordPress Tooltips wordpress-tooltips
WordPress Webinar Plugin – WebinarPress wp-webinarsystem
WP Chat App wp-whatsapp
WP Directory Kit wpdirectorykit
WP Google Review Slider wp-google-places-review-slider
WP Import Export Lite wp-import-export-lite
WP OAuth Server (OAuth Authentication) oauth2-provider
WP Photo Album Plus wp-photo-album-plus
WP Poll Maker – Best WordPress Poll Plugin for Voting Contest epoll-wp-voting
WP Server Health Stats wp-server-stats
WP Shortcodes Plugin — Shortcodes Ultimate shortcodes-ultimate
WP Sort Order wp-sort-order
WP-Members Membership Plugin wp-members
WP-Stateless – Google Cloud Storage wp-stateless
WPFront User Role Editor wpfront-user-role-editor
WPvivid Backup for MainWP wpvivid-backup-mainwp

WordPress Themes with Reported Vulnerabilities Last Week

Software Name Software Slug
Hello Elementor hello-elementor
rehub-theme rehub-theme

Vulnerability Details

Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you’d like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.

Slideshow Gallery <= 1.7.8 - Authenticated (Contributor+) SQL Injection

9.9
CVSS Rating
Critical (9.9)
CVE-ID
CVE-2024-31355
Patch Status
Unpatched
Published
Apr 7, 2024
Affected Software
Slideshow Gallery LITE
Researcher
More Details >

WP Photo Album Plus <= 8.6.03.004 - Authenticated (Subscriber+) Arbitrary File Upload

9.9
CVSS Rating
Critical (9.9)
CVE-ID
CVE-2024-31286
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
WP Photo Album Plus
Researcher
More Details >

Demo My WordPress <= 1.0.9.1 - Unauthenticated Privilege Escalation

9.8
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-31290
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
Demo My WordPress
Researcher
More Details >

LayerSlider 7.9.11 - 7.10.0 - Unauthenticated SQL Injection

9.8
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-2879
Patch Status
Patched
Published
Apr 2, 2024
Affected Software
LayerSlider
Researcher
More Details >

Masteriyo - LMS <= 1.7.2 - Unauthenticated Privilege Escalation

9.8
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-24882
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
Masteriyo LMS – eLearning and Online Course Builder for WordPress
Researcher
More Details >

MasterStudy LMS <= 3.3.3 - Unauthenticated Local File Inclusion via template

9.8
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-3136
Patch Status
Patched
Published
Apr 4, 2024
Affected Software
MasterStudy LMS WordPress Plugin – for Online Courses and Education
Researcher
More Details >

Product Designer <= 1.0.32 - Unauthenticated PHP Object Injection

9.8
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-31277
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
Product Designer
Researcher
More Details >

Rehub <= 19.6.1 - Unauthenticated Local File Inclusion

9.8
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-31231
Patch Status
Patched
Published
Apr 3, 2024
Affected Software
rehub-theme
Researcher
More Details >

Advanced Order Export For WooCommerce <= 3.4.4 - Authenticated (Shop Manager+) Remote Code Execution

9.1
CVSS Rating
Critical (9.1)
CVE-ID
CVE-2024-31266
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
Advanced Order Export For WooCommerce
Researcher
More Details >

Auto Poster <= 1.2 - Authenticated (Administrator+) Arbitrary File Upload

9.1
CVSS Rating
Critical (9.1)
CVE-ID
CVE-2024-31345
Patch Status
Unpatched
Published
Apr 5, 2024
Affected Software
Auto Poster
Researchers
More Details >

Edwiser Bridge <= 3.0.2 - Authenticated (Administrator+) SQL Injection

9.1
CVSS Rating
Critical (9.1)
CVE-ID
CVE-2024-31260
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
Edwiser Bridge – WordPress Moodle LMS Integration
Researcher
More Details >

Import XML and RSS Feeds <= 2.1.5 - Authenticated (Administrator+) Arbitrary File Upload

9.1
CVSS Rating
Critical (9.1)
CVE-ID
CVE-2024-31292
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
Import XML and RSS Feeds
Researcher
More Details >

LearnPress Export Import <= 4.0.3 - Authenticated (Administrator+) SQL Injection

9.1
CVSS Rating
Critical (9.1)
CVE-ID
CVE-2024-31241
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
LearnPress Export Import – WordPress extension for LearnPress
Researcher
More Details >

s2Member <= 240315 - Limited Privilege Escalation

9.1
CVSS Rating
Critical (9.1)
CVE-ID
CVE-2024-31237
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
s2Member – Best Membership Plugin for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions
Researcher
More Details >

User Activity Log <= 1.9 - Authenticated (Administrator+) SQL Injection

9.1
CVSS Rating
Critical (9.1)
CVE-ID
CVE-2024-31356
Patch Status
Unpatched
Published
Apr 7, 2024
Affected Software
User Activity Log
Researcher
More Details >

Church Admin <= 4.1.5 - Authenticated (Subscriber+) Arbitrary File Upload

8.8
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-31280
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
Church Admin
Researcher
More Details >

Classified Listing <= 3.0.4 - Cross-Site Request Forgery to Account Takeover via rtcl_update_user_account

8.8
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-1315
Patch Status
Patched
Published
Apr 4, 2024
Affected Software
Classified Listing – Classified ads & Business Directory Plugin
Researcher
More Details >

Easy Social Share Buttons <= 9.4 - Authenticated (Subscriber+) Local File Inclusion

8.8
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-31300
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
Easy Social Share Buttons for WordPress
Researcher
More Details >

EnvíaloSimple: Email Marketing y Newsletters <= 2.3 - Cross-Site Request Forgery to Arbitrary File Upload

8.8
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-2125
Patch Status
Patched
Published
Apr 1, 2024
Affected Software
EnvíaloSimple: Email Marketing y Newsletters
Researcher
More Details >

LearnPress – WordPress LMS Plugin <= 4.0.0 - Cross-Site Request Forgery to Privilege Escalation

8.8
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-2115
Patch Status
Patched
Published
Apr 4, 2024
Affected Software
LearnPress – WordPress LMS Plugin
Researcher
More Details >

Modal Popup Box – Popup Builder, Show Offers And News in Popup <= 1.5.2 - Authenticated (Contributor+) PHP Object Injection in awl_modal_popup_box_shortcode

8.8
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-2008
Patch Status
Patched
Published
Apr 3, 2024
Affected Software
Modal Popup Box – Popup Builder, Show Offers And News in Popup
Researcher
More Details >

Rehub <= 19.6.1 - Authenticated (Subscriber+) SQL Injection

8.8
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-31233
Patch Status
Patched
Published
Apr 3, 2024
Affected Software
rehub-theme
Researcher
More Details >

REHub Framework < 19.6.2 - Authenticated (Subscriber+) SQL Injection

8.8
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-31234
Patch Status
Patched
Published
Apr 3, 2024
Affected Software
rehub-framework
Researcher
More Details >

WP Directory Kit <= 1.3.0 - Authenticated (Subscriber+) SQL Injection

8.8
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-3217
Patch Status
Patched
Published
Apr 4, 2024
Affected Software
WP Directory Kit
Researcher
More Details >

WP Poll Maker <= 3.1 - Authenticated (Subscriber+) Arbitrary File Deletion

8.8
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-31240
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
WP Poll Maker – Best WordPress Poll Plugin for Voting Contest
Researcher
More Details >

CMB2 <= 2.10.1 - Authenticated (Contributor+) PHP Object Injection

7.5
CVSS Rating
High (7.5)
CVE-ID
CVE-2024-1792
Patch Status
Patched
Published
Apr 3, 2024
Affected Software
CMB2
Researcher
More Details >

BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin <= 1.0.87 - Authenticated (Admin+) Arbitrary File Upload

7.2
CVSS Rating
High (7.2)
CVE-ID
CVE-2024-3022
Patch Status
Patched
Published
Apr 3, 2024
Affected Software
BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin
Researcher
More Details >

RapidLoad Power-Up for Autoptimize <= 2.2.11 - Unauthenticated Server-Side Request Forgery

7.2
CVSS Rating
High (7.2)
CVE-ID
CVE-2024-31288
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
RapidLoad 2.2 – Speed Monster in One Plugin
Researcher
More Details >

Rehub <= 19.6.1 - Authenticated (Editor+) Local File Inclusion

7.2
CVSS Rating
High (7.2)
CVE-ID
CVE-2024-31232
Patch Status
Patched
Published
Apr 3, 2024
Affected Software
rehub-theme
Researcher
More Details >

WP Advanced Search <= 1.1.6 - Authenticated (Administrator+) SQL Injection

7.2
CVSS Rating
High (7.2)
CVE-ID
CVE-2024-3265
Patch Status
Unpatched
Published
Apr 4, 2024
Affected Software
Advanced Search
Researcher
More Details >

WP Import Export Lite <= 3.9.26 - Authenticated (Administrator+) PHP Object Injection

7.2
CVSS Rating
High (7.2)
CVE-ID
CVE-2024-31308
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
WP Import Export Lite
Researcher
More Details >

WP-Members Membership Plugin <= 3.4.9.2 - Unauthenticated Stored Cross-Site Scripting

7.2
CVSS Rating
High (7.2)
CVE-ID
CVE-2024-1852
Patch Status
Patched
Published
Apr 1, 2024
Affected Software
WP-Members Membership Plugin
Researcher
More Details >

WP-Stateless – Google Cloud Storage <= 3.4.0 - Missing Authorization to Limited Arbitrary Options Update

7.1
CVSS Rating
High (7.1)
CVE-ID
CVE-2024-1385
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
WP-Stateless – Google Cloud Storage
Researcher
More Details >

File Manager <= 7.2.5 - Authenticated (Administrator+) Directory Traversal

6.8
CVSS Rating
Medium (6.8)
CVE-ID
CVE-2024-2654
Patch Status
Patched
Published
Apr 3, 2024
Affected Software
File Manager
Researcher
More Details >

Advanced Local Pickup for WooCommerce <= 1.6.2 - Missing Authorization

6.5
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2024-31283
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
Advanced Local Pickup for WooCommerce
Researcher
More Details >

Beaver Themer <= 1.4.9 - Authenticated (Contributor+) Sensitive Information Exposure via shortcode

6.5
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2023-6695
Patch Status
Patched
Published
Apr 3, 2024
Affected Software
Beaver Themer
Researcher
More Details >

Classified Listing – Classified ads & Business Directory Plugin <= 3.0.4 - Missing Authorization

6.5
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2024-1352
Patch Status
Patched
Published
Apr 4, 2024
Affected Software
Classified Listing – Classified ads & Business Directory Plugin
Researcher
More Details >

LearnPress <= 4.2.6.3 - Insecure Direct Object Reference

6.5
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2024-1289
Patch Status
Patched
Published
Apr 4, 2024
Affected Software
LearnPress – WordPress LMS Plugin
Researcher
More Details >

Product Sort and Display for WooCommerce <= 2.4.1 - Missing Authorization

6.5
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2024-1807
Patch Status
Patched
Published
Apr 1, 2024
Affected Software
Product Sort and Display for WooCommerce
Researcher
More Details >

Beaver Builder – WordPress Page Builder <= 2.8.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-2925
Patch Status
Patched
Published
Apr 1, 2024
Affected Software
Beaver Builder – WordPress Page Builder
Researcher
More Details >

Beaver Themer <= 1.4.9 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2023-6694
Patch Status
Patched
Published
Apr 6, 2024
Affected Software
Beaver Themer
Researcher
More Details >

Bold Page Builder <= 4.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via bt_bb_price_list Shortcode

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-3267
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
Bold Page Builder
Researcher
More Details >

Bold Page Builder <= 4.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widget URL Attribute

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-3266
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
Bold Page Builder
Researcher
More Details >

Carousel, Slider, Gallery by WP Carousel – Image Carousel & Photo Gallery, Post Carousel & Post Grid, Product Carousel & Product Grid for WooCommerce <= 2.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'sp_wp_carousel_shortcode'

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-2949
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
Carousel, Slider, Gallery by WP Carousel – Image Carousel & Photo Gallery, Post Carousel & Post Grid, Product Carousel & Product Grid for WooCommerce
Researchers
More Details >

Colibri Page Builder <= 1.0.263 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-2839
Patch Status
Patched
Published
Apr 1, 2024
Affected Software
Colibri Page Builder
Researchers
More Details >

Creative Addons for Elementor <= 1.5.12 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-2924
Patch Status
Patched
Published
Apr 1, 2024
Affected Software
Creative Addons for Elementor
Researcher
More Details >

Custom post types, Custom Fields & more <= 5.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2023-6993
Patch Status
Patched
Published
Apr 4, 2024
Affected Software
Custom post types, Custom Fields & more
Researcher
More Details >

Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, Twitter Grid) <= 5.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'Custom Gallery' Widget

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-0837
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)
Researcher
More Details >

Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, Twitter Grid) <= 5.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Trailer Box Widget

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-1428
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)
Researcher
More Details >

Elementor Addons, Widgets and Enhancements – Stax <= 1.4.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-3064
Patch Status
Unpatched
Published
Apr 4, 2024
Affected Software
Elementor Addons, Widgets and Enhancements – Stax
Researcher
More Details >

ElementsKit Elementor addons <= 3.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-2803
Patch Status
Patched
Published
Apr 3, 2024
Affected Software
ElementsKit Elementor addons and Templates Library
Researcher
More Details >

EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor <= 3.9.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-3244
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor
Researcher
More Details >

EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor <= 3.9.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via Youtube Block

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-3245
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor
Researcher
More Details >

Essential Blocks for Gutenberg <= 4.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-31306
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates
Researcher
More Details >

FooGallery <= 2.4.14 - Authenticated (Author+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-2081
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
Best WordPress Gallery Plugin – FooGallery
Researcher
More Details >

FooGallery <= 2.4.14 - Authenticated (Author+) Stored Cross-Site Scripting via Image Attachment Fields

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-2471
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
Best WordPress Gallery Plugin – FooGallery
Researcher
More Details >

Form to Chat App <= 1.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-31258
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
Form to Chat App ⚡️
Researcher
More Details >

Formsite | Embed online forms to collect orders, registrations, leads, and surveys <= 1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-31257
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
Formsite | Embed online forms to collect orders, registrations, leads, and surveys
Researcher
More Details >

Genesis Blocks <= 3.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Content

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-1946
Patch Status
Patched
Published
Apr 1, 2024
Affected Software
Genesis Blocks
Researcher
More Details >

Global Elementor Buttons <= 1.1.0 - Authenticated(Contributor+) Stored Cross-Site Scripting via button link

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-2327
Patch Status
Unpatched
Published
Apr 4, 2024
Affected Software
Global Elementor Buttons
Researcher
More Details >

Gradient Text Widget for Elementor <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-31346
Patch Status
Unpatched
Published
Apr 5, 2024
Affected Software
Gradient Text Widget for Elementor
Researcher
More Details >

Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.31 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via CountUp Widget

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-2919
Patch Status
Patched
Published
Apr 3, 2024
Affected Software
Gutenberg Blocks with AI by Kadence WP – Page Builder Features
Researcher
More Details >

Happy Addons for Elementor <= 3.10.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Photo Stack Widget

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-1498
Patch Status
Patched
Published
Apr 4, 2024
Affected Software
Happy Addons for Elementor
Researcher
More Details >

Happy Addons for Elementor <= 3.10.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Calendy

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-2789
Patch Status
Patched
Published
Apr 4, 2024
Affected Software
Happy Addons for Elementor
Researcher
ST
More Details >

Happy Addons for Elementor <= 3.10.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Page Title HTML Tag

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-2787
Patch Status
Patched
Published
Apr 4, 2024
Affected Software
Happy Addons for Elementor
Researcher
More Details >

Happy Addons for Elementor <= 3.10.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Title HTML Tag

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-2788
Patch Status
Patched
Published
Apr 4, 2024
Affected Software
Happy Addons for Elementor
Researcher
More Details >

Jeg Elementor Kit <= 2.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Box

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-1327
Patch Status
Patched
Published
Apr 2, 2024
Affected Software
Jeg Elementor Kit
Researcher
More Details >

Jeg Elementor Kit <= 2.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Testimonial

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-3162
Patch Status
Patched
Published
Apr 2, 2024
Affected Software
Jeg Elementor Kit
Researcher
More Details >

MailMunch – Grow your Email List <= 3.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-31349
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
MailMunch – Grow your Email List
Researcher
More Details >

Metform Elementor Contact Form Builder <= 3.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widgets

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-2791
Patch Status
Patched
Published
Apr 1, 2024
Affected Software
MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor
Researcher
More Details >

MM-email2image <= 0.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-3075
Patch Status
Unpatched
Published
Apr 5, 2024
Affected Software
MM-email2image
Researcher
More Details >

Passster <= 4.2.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via content_protector Shortcode

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-2026
Patch Status
Patched
Published
Apr 4, 2024
Affected Software
Passster – Password Protect Pages and Content
Researcher
More Details >

Powerkit – Supercharge your WordPress Site <= 2.9.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-2458
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
Powerkit – Supercharge your WordPress Site
Researcher
More Details >

Royal Elementor Addons <= 1.3.93 - Authenticated (Contributor+) Stored Cross-Site Scriting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-31236
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
Royal Elementor Addons and Templates
Researcher
More Details >

RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator <= 4.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Error Message

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2023-6877
Patch Status
Patched
Published
Apr 6, 2024
Affected Software
RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator
Researcher
More Details >

Sassy Social Share <= 3.3.60 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-2159
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
Social Sharing Plugin – Sassy Social Share
Researcher
More Details >

ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) <= 2.8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via WL Universal Product Layout

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-2868
Patch Status
Patched
Published
Apr 3, 2024
Affected Software
ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor)
Researcher
More Details >

ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) <= 2.8.4 - Authenticated (Contributor+) Stored Cross-site Scripting via QR Code Widget

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-2946
Patch Status
Patched
Published
Apr 4, 2024
Affected Software
ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor)
Researchers
More Details >

Shortcodes Ultimate <= 7.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-3188
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
WP Shortcodes Plugin — Shortcodes Ultimate
Researcher
More Details >

Spectra – WordPress Gutenberg Blocks <= 2.10.3 - Authenticated(Contributor+) Cross-Site Scripting via Custom CSS

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2023-6486
Patch Status
Patched
Published
Apr 3, 2024
Affected Software
Spectra – WordPress Gutenberg Blocks
Researcher
More Details >

Squelch Tabs and Accordions Shortcodes <= 0.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via accordions Shortcode

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-2499
Patch Status
Patched
Published
Apr 4, 2024
Affected Software
Squelch Tabs and Accordions Shortcodes
Researcher
More Details >

Strong Testimonials <= 3.1.11 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-3261
Patch Status
Patched
Published
Apr 3, 2024
Affected Software
Strong Testimonials
Researcher
More Details >

Sydney Toolbox <= 1.28 - Authenticated (Contributor+) Stored Cross-Site Scripting via Filterable Gallery

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-3208
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
Sydney Toolbox
Researcher
More Details >

Template Kit – Import <= 1.0.14 - Authenticated(Author+) Stored Cross-Site Scripting via template upload

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-2334
Patch Status
Patched
Published
Apr 1, 2024
Affected Software
Template Kit – Import
Researcher
More Details >

Testimonials <= 3.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-31348
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
Super Testimonials
Researcher
More Details >

Ultimate Bootstrap Elements for Elementor <= 1.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Widget

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-2132
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
Ultimate Bootstrap Elements for Elementor
Researcher
More Details >

Watu Quiz <= 3.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-0873
Patch Status
Patched
Published
Apr 4, 2024
Affected Software
Watu Quiz
Researcher
More Details >

WordPress Tag and Category Manager – AI Autotagger <= 3.13.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-2830
Patch Status
Patched
Published
Apr 3, 2024
Affected Software
WordPress Tag, Category, and Taxonomy Manager – AI Autotagger
Researcher
More Details >

Bannerlid <= 1.1.0 - Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-3048
Patch Status
Unpatched
Published
Apr 5, 2024
Affected Software
Bannerlid
Researcher
More Details >

ELEX WooCommerce Dynamic Pricing and Discounts <= 2.1.2 - Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-31255
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
ELEX WooCommerce Dynamic Pricing and Discounts
Researcher
More Details >

MM-email2image <= 0.2.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-3076
Patch Status
Unpatched
Published
Apr 5, 2024
Affected Software
MM-email2image
Researcher
More Details >

WebinarPress <= 1.33.9 - Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-31256
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
WordPress Webinar Plugin – WebinarPress
Researcher
More Details >

WooCommerce Customers Manager <= 29.7 - Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-1743
Patch Status
Patched
Published
Apr 3, 2024
Affected Software
WooCommerce Customers Manager
Researcher
More Details >

Relevanssi – A Better Search <= 4.22.1 - Unauthenticated Second Order CSV Injection

5.8
CVSS Rating
Medium (5.8)
CVE-ID
CVE-2024-3214
Patch Status
Patched
Published
Apr 4, 2024
Affected Software
Relevanssi – A Better Search
Relevanssi – A Better Search (Pro)
Researcher
More Details >

Wholesale For WooCommerce <= 2.3.0 - Unauthenticated Arbitrary Post Deletion

5.8
CVSS Rating
Medium (5.8)
CVE-ID
CVE-2024-31297
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
Wholesale For WooCommerce
Researcher
More Details >

Floating Chat Widget <= 3.1.8 - Authenticated (Editor+) Stored Cross-Site Scripting

5.5
CVSS Rating
Medium (5.5)
CVE-ID
CVE-2024-2972
Patch Status
Patched
Published
Apr 3, 2024
Affected Software
Floating Chat Widget: Contact Chat Icons, WhatsApp, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button – Chaty
Researcher
More Details >

Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.21 - Authenticated (Admin+) Stored Cross-Site Scripting via SVG

5.5
CVSS Rating
Medium (5.5)
CVE-ID
CVE-2024-2296
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
Photo Gallery by 10Web – Mobile-Friendly Image Gallery
Researcher
More Details >

App Builder <= 3.8.7 - Open Redirection

5.4
CVSS Rating
Medium (5.4)
CVE-ID
CVE-2024-31282
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
App Builder – Create Native Android & iOS Apps On The Flight
Researcher
More Details >

Happy Addons for Elementor <= 3.10.4 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via title_tag

5.4
CVSS Rating
Medium (5.4)
CVE-ID
CVE-2024-2786
Patch Status
Patched
Published
Apr 4, 2024
Affected Software
Happy Addons for Elementor
Researcher
More Details >

OAuth Server <= 4.3.3 - Open Redirect

5.4
CVSS Rating
Medium (5.4)
CVE-ID
CVE-2024-31253
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
WP OAuth Server (OAuth Authentication)
Researcher
More Details >

ARMember <= 4.0.27 - Directory Traversal via X-FILENAME

5.3
CVSS Rating
Medium (5.3)
CVE-ID
Unknown
Patch Status
Patched
Published
Apr 4, 2024
Affected Software
ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup
Researcher
More Details >

BoldGrid Easy SEO – Simple and Effective SEO <= 1.6.14 - Information Exposure

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-2950
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
BoldGrid Easy SEO – Simple and Effective SEO
Researcher
More Details >

Bricksforge <= 2.0.17 - Missing Authorization to Unauthenticated Arbitrary Email Sending

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-31242
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
Bricksforge
Researcher
More Details >

Bricksforge <= 2.0.17 - Missing Authorization to Unauthenticated WordPress Settings Deletion

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-31243
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
Bricksforge
Researcher
More Details >

Bricksforge <= 2.0.17 - Missing Authorization to Unauthenticated WordPress Settings Update

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-31244
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
Bricksforge
Researcher
More Details >

Captcha by BestWebSoft <= 5.2.0 - Captcha Bypass

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-31295
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
Captcha by BestWebSoft – Spam Protection, Security Plugin for WordPress Forms
Researcher
More Details >

CGC Maintenance Mode <= 1.2 - Sensitive Information Exposure

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-1418
Patch Status
Unpatched
Published
Apr 3, 2024
Affected Software
CGC Maintenance Mode
Researcher
More Details >

Contact Form Email <= 1.3.44 - Unauthenticated Sensitive Information Exposure

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-31302
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
Contact Form Email
Researcher
More Details >

ConvertKit <= 2.4.5 - Unauthenticated Sensitive Information Exposure

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-31245
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
ConvertKit – Email Newsletter, Email Marketing, Subscribers and Landing Pages
Researcher
More Details >

Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) <= 3.2.9 - Sensitive Information Exposure

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-2302
Patch Status
Patched
Published
Apr 3, 2024
Affected Software
Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy)
Researcher
More Details >

Email Subscribers & Newsletters <= 5.7.13 - Missing Authorization

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-31352
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce
Researcher
More Details >

EmbedPress <= 3.9.11 - Missing Authorization

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-31274
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor
Researcher
More Details >

EmbedPress <= 3.9.8 - Missing Authorization via handle_calendly_data

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-31284
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor
Researcher
More Details >

EventPrime <= 3.3.4 - Missing Authorization to Booking Price Maniputlation

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-31275
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
EventPrime – Events Calendar, Bookings and Tickets
Researcher
More Details >

FG Drupal to WordPress <= 3.70.3 - Sensitive Information Exposure

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-31247
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
FG Drupal to WordPress
Researcher
More Details >

JS Help Desk – Best Help Desk & Support Plugin <= 2.8.3 - Missing Authorization

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-31273
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
JS Help Desk – Best Help Desk & Support Plugin
Researcher
More Details >

MP3 Audio Player for Music, Radio & Podcast by Sonaar <= 4.10.1 - Unauthenticated Arbitrary File Download

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-31343
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
MP3 Audio Player for Music, Radio & Podcast by Sonaar
Researcher
More Details >

Premium Addons for Elementor <= 4.10.22 - Authenticated (Contributor+) Sensitive Information Exposure

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-31278
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
Premium Addons for Elementor
Researcher
More Details >

Profile Builder <= 3.11.2 - Restricted Email Bypass

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-31341
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor
Researcher
More Details >

Relevanssi – A Better Search <= 4.22.1 - Missing Authorization to Unauthenticated Count Option Update

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-3213
Patch Status
Patched
Published
Apr 4, 2024
Affected Software
Relevanssi – A Better Search
Relevanssi – A Better Search (Pro)
Researcher
More Details >

SearchIQ <= 4.5 - Unauthenticated Sensitive Information Exposure

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-31259
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
SearchIQ – The Search Solution
Researcher
More Details >

Sharkdropship for AliExpress Dropshipping and Affiliate <= 2.2.4 - Missing Authorization to Unauthenticated Arbitrary Post Deletion

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-1732
Patch Status
Patched
Published
Apr 1, 2024
Affected Software
Sharkdropship Dropshipping & Affiliate for for AliExpress
Researcher
More Details >

ShortPixel Adaptive Images <= 3.8.2 - Missing Authorization in activate_ai_handler and deactivate_ai_handler

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-31230
Patch Status
Patched
Published
Apr 2, 2024
Affected Software
ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization
Researcher
More Details >

Slideshow Gallery <= 1.7.8 - Unauthenticated Sensitive Information Exposure

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-31353
Patch Status
Unpatched
Published
Apr 7, 2024
Affected Software
Slideshow Gallery LITE
Researcher
More Details >

Subscribe To Comments Reloaded <= 220725 - Unauthenticated Sensitive Information Exposure

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-31249
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
Subscribe To Comments Reloaded
Researcher
More Details >

Tickera – WordPress Event Ticketing <= 3.5.2.4 - Insecure Direct Object Reference to Information Exposure

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2023-7252
Patch Status
Patched
Published
Apr 1, 2024
Affected Software
Tickera – WordPress Event Ticketing
Researcher
More Details >

User Spam Remover <= 1.0 - Unauthenticated Sensitive Information Exposure

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-31298
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
User Spam Remover
Researcher
More Details >

WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels <= 4.4.2 - Missing Authorization to Unauthenticated Settings Reset

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-3216
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels
Researcher
More Details >

WordPress Backup & Migration <= 1.4.7 - Unauthenticated Sensitive Information Exposure

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-31254
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
WordPress Backup & Migration
Researcher
More Details >

WordPress Core <= 6.4.3 - Sensitive Information Exposure via redirect_guess_404_permalink

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2023-5692
Patch Status
Patched
Published
Apr 4, 2024
Affected Software
WordPress
Researcher
More Details >

WordPress Gallery Plugin – NextGEN Gallery <= 3.59 - Missing Authorization to Unauthenticated Information Disclosure

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-3097
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
WordPress Gallery Plugin – NextGEN Gallery
Researcher
More Details >

Announce from the Dashboard <= 1.5.2 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-3030
Patch Status
Patched
Published
Apr 3, 2024
Affected Software
Announce from the Dashboard
Researcher
More Details >

Easy Login Styler – White Label Admin Login Page for WordPress <= 1.0.6 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-31344
Patch Status
Unpatched
Published
Apr 5, 2024
Affected Software
Easy Login Styler – White Label Admin Login Page for WordPress
Researcher
More Details >

FancyBox for WordPress 3.0.2 - 3.3.3 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-0662
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
FancyBox for WordPress
Researcher
Sh
More Details >

Gutenberg Blocks by Kadence Blocks <= 3.2.17 - Authenticated(Editor+) Stored Cross-Site Scripting via Contact Form Message Settings

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-0598
Patch Status
Patched
Published
Apr 2, 2024
Affected Software
Gutenberg Blocks with AI by Kadence WP – Page Builder Features
Researcher
More Details >

Icegram Express <= 5.7.14 - Authenticated (Administrator+) Cross-Site Scripting via CSV import

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-2656
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce
Researcher
More Details >

LearnPress <= 4.2.6.3 - Authenticated(LP Instructor+) Stored Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-1463
Patch Status
Patched
Published
Apr 4, 2024
Affected Software
LearnPress – WordPress LMS Plugin
Researcher
More Details >

WP Chat App <= 3.6.3 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-2837
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
WP Chat App
Researcher
More Details >

WP Google Review Slider <= 13.5 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-2310
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
WP Google Review Slider
Researcher
More Details >

WPvivid Backup for MainWP <= 0.9.33 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
Unknown
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
WPvivid Backup for MainWP
Researcher
More Details >

All-in-One Video Gallery <= 3.5.2 - Missing Authorization

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31248
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
All-in-One Video Gallery
Researcher
More Details >

Announcer – Notification & message bars <= 6.0 - Missing Authorization

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31261
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
Announcer – Sticky Message Banner, Notification Bar – Add to Top, Bottom of your Website
Researcher
More Details >

AppPresser <= 4.3.0 - Cross-Site Request Forgery via toggle_logging_callback()

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31268
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
AppPresser – Mobile App Framework
Researcher
More Details >

ARForms Form Builder <= 1.6.1 - Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31272
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
Contact Form, Survey & Popup Form Plugin for WordPress – ARForms Form Builder
Researcher
More Details >

ARForms Form Builder <= 1.6.1 - Missing Authorization

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31270
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
Contact Form, Survey & Popup Form Plugin for WordPress – ARForms Form Builder
Researcher
More Details >

AWP Classifieds <= 4.3.1 - Missing Authorization

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31350
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
WordPress Classifieds Plugin – Ad Directory & Listings by AWP Classifieds
Researcher
More Details >

BookingPress <= 1.0.81 - Authenticated (Customer+) Insecure Direct Object Reference

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31296
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin
Researcher
More Details >

Church Admin <= 4.1.6 - Missing Authorization

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31281
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
Church Admin
Researcher
More Details >

Easy Digital Downloads <= 3.2.6 - Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31293
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy)
Researcher
More Details >

Easy Social Share Buttons <= 9.4 - Missing Authorization

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31307
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
Easy Social Share Buttons for WordPress
Researcher
More Details >

Flexible Checkout Fields for WooCommerce <= 4.1.2 - Missing Authorization

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31267
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
Flexible Checkout Fields for WooCommerce – WooCommerce Checkout Manager
Researcher
More Details >

Generate Child Theme <= 2.0 - Cross-Site Request Forgery via process_create_form()

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31279
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
Generate Child Theme
Researcher
More Details >

Happy Addons for Elementor <= 3.10.4 - Incorrect Authorization to Information Exposure

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-1387
Patch Status
Patched
Published
Apr 4, 2024
Affected Software
Happy Addons for Elementor
Researcher
More Details >

Hello Elementor <= 3.0.0 - Cross-Site Request Forgery to Notice Dismissal

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31289
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
Hello Elementor
Researcher
More Details >

Image Watermark <= 1.7.3 - Missing Authorization to Authenticated (Subscriber+) Watermark Modification

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-1994
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
Image Watermark
Researcher
More Details >

Loan Repayment Calculator and Application Form <= 2.9.4 - Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31263
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
Loan Repayment Calculator and Application Form
Researcher
More Details >

Media Library Folders <= 8.1.8 - Authenticated (Author+) Directory Traversal

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31287
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
Media Library Folders
Researcher
More Details >

Multiple Page Generator Plugin – MPG <= 3.4.0 - Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31301
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
Multiple Page Generator Plugin – MPG
Researcher
More Details >

Nudgify Social Proof, Sales Popup & FOMO <= 1.3.3 - Cross-Site Request Forgery via sync_orders_manually()

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31239
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
Nudgify Social Proof, Sales Popup & FOMO – Best WordPress Social Proof Plugin
Researcher
More Details >

Post Views Counter <= 1.4.4 - Cross-Site Request Forgery via save_bulk_post_views()

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31264
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
Post Views Counter
Researcher
More Details >

PostX – Gutenberg Blocks for Post Grid <= 3.2.3 - Incorrect Authorization

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31246
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX
Researcher
More Details >

ProfileGrid <= 5.7.6 - Authenticated (Subscriber+) Insecure Direct Object Reference

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31291
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
ProfileGrid – User Profiles, Memberships, Groups and Communities
Researcher
More Details >

ReDi Restaurant Reservation <= 24.0128 - Cross-Site Request Forgery via redi_restaurant_admin_options_page()

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31299
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
ReDi Restaurant Reservation
Researcher
More Details >

Responsive Lightbox <= 2.4.6 - Missing Authorization via Information Disclosure

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31252
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
Responsive Lightbox & Gallery
Researcher
More Details >

SecuPress Free — WordPress Security <= 2.2.5.1 - Cross-Site Request Forgery to Banned IP Address

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-1504
Patch Status
Patched
Published
Apr 1, 2024
Affected Software
SecuPress Free — WordPress Security
Researcher
More Details >

Sign-up Sheets <= 2.2.11.1 - Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31303
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
Sign-up Sheets
Researcher
More Details >

Slideshow Gallery <= 1.7.8 - Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31354
Patch Status
Unpatched
Published
Apr 7, 2024
Affected Software
Slideshow Gallery LITE
Researcher
More Details >

Smart Online Order for Clover <= 1.5.4 - Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31238
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
Smart Online Order for Clover
Researcher
More Details >

Sumo <= 1.34 - Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31265
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
Sumo – Boost Conversion and Sales
Researcher
More Details >

Tracking Code Manager <= 2.1.0 - Missing Authorization via change_order()

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31347
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
Tracking Code Manager
Researcher
More Details >

Transcoder <= 1.3.5 - Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31305
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
Transcoder
Researcher
More Details >

Ultimate Maps by Supsystic <= 1.2.16 - Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31271
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
Ultimate Maps by Supsystic
Researcher
More Details >

Watu Quiz <= 3.4.1 - Sensitive Information Disclosure

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-0872
Patch Status
Patched
Published
Apr 4, 2024
Affected Software
Watu Quiz
Researcher
More Details >

WC Marketplace <= 4.1.3 - Missing Authorization

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31304
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution
Researcher
More Details >

WooCommerce <= 8.5.2 - Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-22155
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
WooCommerce
Researcher
More Details >

WooCommerce Checkout Field Editor (Checkout Manager) <= 2.1.8 - Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31262
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
WooCommerce Checkout Field Editor (Checkout Manager)
Researcher
More Details >

WooCommerce Customers Manager <= 29.7 - Missing Authorization to Information Exposure

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-1756
Patch Status
Patched
Published
Apr 2, 2024
Affected Software
WooCommerce Customers Manager
Researcher
More Details >

WordPress Comments Import & Export <= 2.3.5 - Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31235
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
WordPress Comments Import & Export
Researcher
More Details >

WordPress Tooltips <= 9.4.9 - Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31285
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
WordPress Tooltips
Researcher
More Details >

WP Server Health Stats <= 1.7.3 - Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31250
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
WP Server Health Stats
Researcher
More Details >

WP Sort Order <= 1.3.1 - Missing Authorization

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31294
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
WP Sort Order
Researcher
More Details >

WPFront User Role Editor <= 3.2.1.11184 - Limited Information Exposure

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-2931
Patch Status
Patched
Published
Apr 1, 2024
Affected Software
WPFront User Role Editor
Researcher
More Details >

WordPress Gallery Exporter <= 1.3 - Authenticated (Administrator+) Arbitrary File Download

2.7
CVSS Rating
Low (2.7)
CVE-ID
CVE-2024-31342
Patch Status
Unpatched
Published
Apr 5, 2024
Affected Software
WordPress Gallery Exporter – Export your NextGen, Envira and FooGallery galleries to your computer
Researcher
More Details >

As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.

This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us through our Bug Bounty Program, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.

Did you enjoy this post? Share it!

LinkedIn 

Comments

No Comments

Breaking WordPress Security Research in your inbox as it happens.

Example of a news story

This site uses cookies in accordance with our Privacy Policy.