Chloe Chamberland
April 25, 2024

Wordfence Intelligence Weekly WordPress Vulnerability Report (April 15, 2024 to April 21, 2024)

🎉 Did you know we’re running a Bug Bounty Extravaganza again?

Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure!

Last week, there were 191 vulnerabilities disclosed in 156 WordPress Plugins and 2 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 54 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.

Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface, vulnerability API, webhook integration, and Wordfence CLI Vulnerability Scanner are all completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.

Enterprises, Hosting Providers, and even Individuals can use the Wordfence CLI Vulnerability Scanner to run regular vulnerability scans across the sites they protect. Or alternatively, utilize the vulnerability Database API to receive a complete dump of our database of over 15,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.

New Firewall Rules Deployed Last Week

The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.

The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our Premium, Care, and Response customers last week:

Wordfence Premium, Care, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.

Total Unpatched & Patched Vulnerabilities Last Week

Patch Status Number of Vulnerabilities
Patched 151
Unpatched 40

Total Vulnerabilities by CVSS Severity Last Week

Severity Rating Number of Vulnerabilities
Low Severity 1
Medium Severity 163
High Severity 15
Critical Severity 12

Total Vulnerabilities by CWE Type Last Week

Vulnerability Type by CWE Number of Vulnerabilities
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 98
Missing Authorization 42
Cross-Site Request Forgery (CSRF) 10
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) 8
Authorization Bypass Through User-Controlled Key 5
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') 5
Information Exposure 3
Unrestricted Upload of File with Dangerous Type 3
Deserialization of Untrusted Data 2
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') 2
Improper Control of Generation of Code ('Code Injection') 2
Information Exposure Through Log Files 2
Server-Side Request Forgery (SSRF) 2
Exposure of Sensitive Information Through Metadata 1
Guessable CAPTCHA 1
Improper Authorization 1
Improper Input Validation 1
Incorrect Privilege Assignment 1
Not Failing Securely ('Failing Open') 1
Protection Mechanism Failure 1

Researchers That Contributed to WordPress Security Last Week

Researcher Name Number of Vulnerabilities
14
12
12
11
11
10
9
9
8
8
7
6
6
5
4
4
4
3
3
3
3
3
2
2
2
2
2
2
2
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
ST
1
1
1
1
1

Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and earn a bounty on in-scope vulnerabilities through our Bug Bounty Program. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.

WordPress Plugins with Reported Vulnerabilities Last Week

Software Name Software Slug
2Checkout Payment Gateway for WooCommerce woocommerce-2checkout-payment
3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin real3d-flipbook-lite
Access Category Password access-category-password
Active Products Tables for WooCommerce. Use constructor to create tables  profit-products-tables-for-woocommerce
AI Infographic Maker infographic-and-list-builder-ilist
App Builder – Create Native Android & iOS Apps On The Flight app-builder
Attesa Extra attesa-extra
BA Book Everything ba-book-everything
Backend Designer backend-designer
Backup Migration backup-backup
Barcode Scanner and Inventory manager. POS (Point of Sale) – scan barcodes & create orders with barcode reader. barcode-scanner-lite-pos-to-manage-products-inventory-and-orders
BMI Adult & Kid Calculator bmi-adultkid-calculator
Bulk Block Converter bulk-block-converter
Canva – Design beautiful blog graphics canva
CBX Bookmark & Favorite cbxwpbookmark
Click to Chat – HoliThemes click-to-chat-for-whatsapp
Code Insert Manager (Q2W3 Inc Manager) q2w3-inc-manager
Content Control – The Ultimate Content Restriction Plugin! Restrict Content, Create Conditional Blocks & More content-control
Cornerstone cornerstone
Country State City Dropdown CF7 country-state-city-auto-dropdown
Custom Order Statuses for WooCommerce custom-order-statuses-for-woocommerce
Custom Thank You Page Customize For WooCommerce by Binary Carpenter bc-woo-custom-thank-you-pages
Customer Reviews for WooCommerce customer-reviews-woocommerce
Debug Log Manager debug-log-manager
Delete Custom Fields delete-custom-fields
DethemeKit For Elementor dethemekit-for-elementor
DirectoryPress – Business Directory And Classified Ad Listing directorypress
Ditty – Responsive News Tickers, Sliders, and Lists ditty-news-ticker
DSGVO Youtube dsgvo-youtube
EAN for WooCommerce ean-for-woocommerce
Easy CountDowner easy-countdowner
Easy Custom Auto Excerpt easy-custom-auto-excerpt
Easy Textillate easy-textillate
eCommerce Product Catalog Plugin for WordPress ecommerce-product-catalog
EleForms – All In One Form Integration including DB for Elementor all-contact-form-integration-for-elementor
Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) bdthemes-element-pack-lite
Elements Plus! elements-plus
ElementsKit Pro elementskit
Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce email-subscribers
Enhanced Media Library enhanced-media-library
Envo Extra envo-extra
EnvíaloSimple: Email Marketing y Newsletters envialosimple-email-marketing-y-newsletters-gratis
Essential Addons for Elementor Pro essential-addons-elementor
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders essential-addons-for-elementor-lite
Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates essential-blocks
Exclusive Addons for Elementor exclusive-addons-for-elementor
FileBird – WordPress Media Library Folders & File Manager filebird
Fixed HTML Toolbar fixed-html-toolbar
Flash Video Player flash-video-player
Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder form-maker
Forminator – Contact Form, Payment Form & Custom Form Builder forminator
Frontend Admin by DynamiApps acf-frontend-form-element
GG Woo Feed for WooCommerce Shopping Feed on Google Facebook and Other Channels gg-woo-feed
Happy Addons for Elementor happy-elementor-addons
hCaptcha for WordPress hcaptcha-for-forms-and-more
HelloAsso helloasso
HT Mega – Absolute Addons For Elementor ht-mega-for-elementor
HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce hurrytimer
HUSKY – Products Filter Professional for WooCommerce woocommerce-products-filter
Icon Widget icon-widget
Import Content in WordPress & WooCommerce with Excel content-excel-importer
Jobs for WordPress job-postings
Jotform Online Forms – Drag & Drop Form Builder, Securely Embed Contact Forms embed-form
Knight Lab Timeline knight-lab-timelinejs
Language Switcher for Transposh language-switcher-for-transposh
LearnPress Export Import – WordPress extension for LearnPress learnpress-import-export
LearnPress – WordPress LMS Plugin learnpress
LH Add Media From Url lh-add-media-from-url
Login with phone number login-with-phone-number
LoginPress Pro loginpress-pro
Mailster - Email Newsletter Plugin for WordPress mailster
Master Slider – Responsive Touch Slider master-slider
MaxGalleria maxgalleria
Media Library Folders media-library-plus
Mega Addons For Elementor ultimate-addons-for-elementor
Mega Elements – Addons for Elementor mega-elements-addons-for-elementor
MJ Update History mj-update-history
Mortgage Calculators WP mortgage-calculators-wp
Multi Currency For WooCommerce wc-multi-currency
MyRewards – Loyalty Points and Rewards for WooCommerce – Reward orders, referrals, product reviews and more woorewards
Navigation menu as Dropdown Widget navigation-menu-as-dropdown-widget
Netgsm netgsm
Open Close WooCommerce Store – Best Business Schedules Manager woc-open-close
Order Limit for WooCommerce wc-order-limit-lite
Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE otter-blocks
Ovic Responsive WPBakery ovic-vc-addon
Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions paid-memberships-pro
PeproDev CF7 Database pepro-cf7-database
PeproDev Ultimate Invoice pepro-ultimate-invoice
Poll Maker – Best WordPress Poll Plugin poll-maker
Popup Anything – Popup for opt-ins and Lead Generation Conversions popup-anything-on-click
Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX ultimate-post
Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) bdthemes-prime-slider-lite
Product Feed PRO for WooCommerce by AdTribes – WooCommerce Product Feeds for Google, Facebook/Meta, Bing, & More woo-product-feed-pro
ProfileGrid – User Profiles, Memberships, Groups and Communities profilegrid-user-profiles-groups-and-communities
QR Code Composer – Automatic QR code Generator qr-code-composer
Radio Player – Live Shoutcast, Icecast and Any Audio Stream Player for WordPress radio-player
Real Media Library: Media Library Folder & File Manager real-media-library-lite
Really Simple SSL really-simple-ssl
Regenerate post permalink regenerate-post-permalinks
Related Posts for WordPress microkids-related-posts
Restaurant Menu – Food Ordering System – Table Reservation menu-ordering-reservations
Royal Elementor Addons and Templates royal-elementor-addons
RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator feedzy-rss-feeds
RSS Feed Widget rss-feed-widget
Shared Files – Advanced File Sharing & Download Manager with Frontend Uploads & Lead Generation shared-files
ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) woolentor-addons
Shortcodes and extra features for Phlox theme auxin-elements
Simple Registration for WooCommerce woocommerce-simple-registration
Simple Testimonials Showcase simple-testimonials-showcase
Slider by 10Web – Responsive Image Slider slider-wd
Smart Forms – when you need more than just a contact form smart-forms
SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer smartcrawl-seo
SP Project & Document Manager sp-client-document-manager
Speed Optimizer – The All-In-One WordPress Performance-Boosting Plugin sg-cachepress
Support Genix – Support Tickets Managing System & Helpdesk Plugin for WordPress and WooCommerce support-genix-lite
Tagbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics taggbox-widget
Tagembed: Embed Twitter Feed, Google Reviews, YouTube Videos, TikTok, RSS Feed & More Social Media Feeds tagembed-widget
Tax Rate Upload tax-rate-upload
Theme My Login theme-my-login
TrackShip for WooCommerce trackship-for-woocommerce
User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin user-registration
VikBooking Hotel Booking Engine & PMS vikbooking
Void Elementor WHMCS Elements For Elementor Page Builder void-elementor-whmcs-elements
What's New Generator whats-new-genarator
WooCommerce Google Feed Manager wp-product-feed-manager
WooCommerce Multilingual & Multicurrency with WPML woocommerce-multilingual
WordPress Automatic Plugin wp-automatic
WordPress Menu Plugin — Superfly Responsive Menu superfly-menu
WordPress Simple HTML Sitemap wp-simple-html-sitemap
WP 2FA – Two-factor authentication for WordPress wp-2fa
WP 404 Auto Redirect to Similar Post wp-404-auto-redirect-to-similar-post
WP Club Manager – WordPress Sports Club Plugin wp-club-manager
WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) gdpr-cookie-consent
WP Cost Estimation & Payment Forms Builder wp-estimation-form
WP Dummy Content Generator wp-dummy-content-generator
WP Dynamic Keywords Injector wp-dynamic-keywords-injector
WP File Download Light wp-file-download-light
WP Helper Premium wp-helper-lite
WP Meta SEO wp-meta-seo
WP Poll Maker – Best WordPress Poll Plugin for Voting Contest epoll-wp-voting
WP Show Posts wp-show-posts
WP Smart Import : Import any XML File to WordPress wp-smart-import
WP Social Comments gs-facebook-comments
WP Stripe Checkout wp-stripe-checkout
WP TradingView wp-tradingview
WP Ultimate Review wp-ultimate-review
WP-Cufon wp-cufon
WP-FormAssembly formassembly-web-forms
WP-Lister Lite for eBay wp-lister-for-ebay
WP-Recall – Registration, Profile, Commerce & More wp-recall
WPC Frequently Bought Together for WooCommerce woo-bought-together
WPC Grouped Product for WooCommerce wpc-grouped-product
Yoga Schedule Momoyoga momoyoga-integration
Zero Spam for WordPress zero-spam
Zynith SEO zynith-seo

WordPress Themes with Reported Vulnerabilities Last Week

Software Name Software Slug
GuCherry Blog gucherry-blog
Tainacan Interface tainacan-interface

Vulnerability Details

Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you’d like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.

WP Dummy Content Generator <= 3.2.1 - Unauthenticated Code Injection

10.0
CVSS Rating
Critical (10.0)
CVE-ID
CVE-2024-32599
Patch Status
Patched
Published
Apr 16, 2024
Affected Software
WP Dummy Content Generator
Researcher
More Details >

HUSKY – Products Filter for WooCommerce (formerly WOOF) <= 1.3.5.2 - Authenticated (Subscriber+) Remote Code Execution

9.9
CVSS Rating
Critical (9.9)
CVE-ID
CVE-2024-32680
Patch Status
Patched
Published
Apr 17, 2024
Affected Software
HUSKY – Products Filter Professional for WooCommerce
Researcher
More Details >

Poll Maker <= 3.4 - Authenticated (Subscriber+) Arbitrary File Upload

9.9
CVSS Rating
Critical (9.9)
CVE-ID
CVE-2024-32514
Patch Status
Unpatched
Published
Apr 15, 2024
Affected Software
WP Poll Maker – Best WordPress Poll Plugin for Voting Contest
Researcher
More Details >

SP Project & Document Manager <= 4.71 - Authenticated (Author+) SQL Injeciton

9.9
CVSS Rating
Critical (9.9)
CVE-ID
CVE-2024-32551
Patch Status
Unpatched
Published
Apr 16, 2024
Affected Software
SP Project & Document Manager
Researcher
More Details >

Forminator <= 1.28.1 - Unauthenticated Arbitrary File Upload

9.8
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-28890
Patch Status
Patched
Published
Apr 18, 2024
Affected Software
Forminator – Contact Form, Payment Form & Custom Form Builder
Researcher
More Details >

Frontend Admin by DynamiApps <= 3.19.4 - Improper Missing Encryption Exception Handling to Form Manipulation

9.8
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-3729
Patch Status
Patched
Published
Apr 18, 2024
Affected Software
Frontend Admin by DynamiApps
Researcher
More Details >

Icegram Express - Email Subscribers, Newsletters and Marketing Automation Plugin <= 5.7.14 - Unauthenticated SQL Injection

9.8
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-2876
Patch Status
Patched
Published
Apr 15, 2024
Affected Software
Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce
Researcher
More Details >

Mailster <= 4.0.6 - Unauthenticated Local File Inclusion

9.8
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-32523
Patch Status
Patched
Published
Apr 15, 2024
Affected Software
Mailster - Email Newsletter Plugin for WordPress
Researcher
More Details >

Master Slider <= 3.9.5 - Unauthenticated PHP Object Injection

9.8
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-32600
Patch Status
Patched
Published
Apr 16, 2024
Affected Software
Master Slider – Responsive Touch Slider
Researcher
More Details >

Simple Registration for WooCommerce <= 1.5.6 - Unauthenticated Privilege Escalation

9.8
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-32511
Patch Status
Unpatched
Published
Apr 15, 2024
Affected Software
Simple Registration for WooCommerce
Researcher
More Details >

Forminator <= 1.29.2 - Authenticated (Admin+) SQL Injection

9.1
CVSS Rating
Critical (9.1)
CVE-ID
CVE-2024-31077
Patch Status
Patched
Published
Apr 18, 2024
Affected Software
Forminator – Contact Form, Payment Form & Custom Form Builder
Researcher
More Details >

WooCommerce Multilingual & Multicurrency with WPML <= 5.3.3.1 - Authenticated (Shop Manager+) SQL Injection

9.1
CVSS Rating
Critical (9.1)
CVE-ID
CVE-2024-32602
Patch Status
Patched
Published
Apr 16, 2024
Affected Software
WooCommerce Multilingual & Multicurrency with WPML
Researcher
More Details >

Click to Chat – HoliThemes <= 3.35 - Authenticated (Contributor+) Local File Inclusion

8.8
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-3849
Patch Status
Patched
Published
Apr 17, 2024
Affected Software
Click to Chat – HoliThemes
Researcher
More Details >

Login with phone number <= 1.7.16 - Unauthorized Account Password Change to Privilege Escalation

8.8
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-32507
Patch Status
Patched
Published
Apr 15, 2024
Affected Software
Login with phone number
Researcher
More Details >

User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin <= 3.1.5 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation

8.8
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-2417
Patch Status
Patched
Published
Apr 19, 2024
Affected Software
User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin
Researcher
More Details >

Royal Elementor Addons and Templates <= 1.3.94 - Unauthenticated Limited File Upload

8.2
CVSS Rating
High (8.2)
CVE-ID
CVE-2024-1567
Patch Status
Patched
Published
Apr 19, 2024
Affected Software
Royal Elementor Addons and Templates
Researcher
More Details >

HT Mega – Absolute Addons For Elementor <= 2.4.6 - Sensitive Information Exposure via purchased_products

7.5
CVSS Rating
High (7.5)
CVE-ID
CVE-2023-6214
Patch Status
Patched
Published
Apr 16, 2024
Affected Software
HT Mega – Absolute Addons For Elementor
Researcher
More Details >

Shortcodes and extra features for Phlox theme <= 2.15.2 - Authenticated (Subscriber+) PHP Object Injection via auxin_template_control_importer

7.5
CVSS Rating
High (7.5)
CVE-ID
CVE-2023-7064
Patch Status
Unpatched
Published
Apr 15, 2024
Affected Software
Shortcodes and extra features for Phlox theme
Researchers
More Details >

App Builder <= 3.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

7.2
CVSS Rating
High (7.2)
CVE-ID
CVE-2024-32565
Patch Status
Patched
Published
Apr 16, 2024
Affected Software
App Builder – Create Native Android & iOS Apps On The Flight
Researcher
More Details >

Debug Log Manager <= 2.3.1 - Unauthenticated Stored Cross-Site Scripting

7.2
CVSS Rating
High (7.2)
CVE-ID
CVE-2024-32582
Patch Status
Patched
Published
Apr 16, 2024
Affected Software
Debug Log Manager
Researcher
More Details >

DirectoryPress – Business Directory And Classified Ad Listing <= 3.6.7 - Reflected Cross-Site Scripting

7.2
CVSS Rating
High (7.2)
CVE-ID
CVE-2024-32567
Patch Status
Patched
Published
Apr 16, 2024
Affected Software
DirectoryPress – Business Directory And Classified Ad Listing
Researcher
More Details >

EleForms – All In One Form Integration including DB for Elementor <= 2.9.9.7 - Unauthenticated Stored Cross-Site Scripting

7.2
CVSS Rating
High (7.2)
CVE-ID
CVE-2024-2082
Patch Status
Patched
Published
Apr 16, 2024
Affected Software
EleForms – All In One Form Integration including DB for Elementor
Researcher
More Details >

Poll Maker – Best WordPress Poll Plugin <= 5.1.8 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting

7.2
CVSS Rating
High (7.2)
CVE-ID
CVE-2024-3600
Patch Status
Patched
Published
Apr 18, 2024
Affected Software
Poll Maker – Best WordPress Poll Plugin
Researcher
More Details >

WooCommerce Google Feed Manager <= 2.4.2 - Authenticated (Admin+) SQL Injection to Reflected Cross-Site Scripting

7.2
CVSS Rating
High (7.2)
CVE-ID
CVE-2024-3067
Patch Status
Patched
Published
Apr 15, 2024
Affected Software
WooCommerce Google Feed Manager
Researcher
More Details >

WP Meta SEO <= 4.5.12 - Unauthenticated Stored Cross-Site Scripting via Referer header

7.2
CVSS Rating
High (7.2)
CVE-ID
CVE-2023-6961
Patch Status
Patched
Published
Apr 16, 2024
Affected Software
WP Meta SEO
Researcher
More Details >

WP-Cufon <= 1.6.10 - Unauthenticated Stored Cross-Site Scripting

7.2
CVSS Rating
High (7.2)
CVE-ID
CVE-2024-32541
Patch Status
Unpatched
Published
Apr 15, 2024
Affected Software
WP-Cufon
Researcher
More Details >

Zynith SEO <= 7.4.9 - Unauthenticated Stored Cross-Site Scripting

7.2
CVSS Rating
High (7.2)
CVE-ID
CVE-2024-32562
Patch Status
Unpatched
Published
Apr 16, 2024
Affected Software
Zynith SEO
Researcher
More Details >

Active Products Tables for WooCommerce <= 1.0.6.2 - Missing Authorization

6.5
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2024-32691
Patch Status
Patched
Published
Apr 19, 2024
Affected Software
Active Products Tables for WooCommerce. Use constructor to create tables 
Researcher
More Details >

User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin <= 3.1.5 - Missing Authorization to Unauthenticated Media Deletion

6.5
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2024-3295
Patch Status
Patched
Published
Apr 15, 2024
Affected Software
User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin
Researcher
More Details >

Attesa Extra <= 1.3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-32594
Patch Status
Patched
Published
Apr 16, 2024
Affected Software
Attesa Extra
Researcher
More Details >

BA Book Everything <= 1.6.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-3672
Patch Status
Patched
Published
Apr 15, 2024
Affected Software
BA Book Everything
Researcher
More Details >

Barcode Scanner with Inventory & Order Manager <= 1.5.3 - Missing Authorization

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-32589
Patch Status
Patched
Published
Apr 16, 2024
Affected Software
Barcode Scanner and Inventory manager. POS (Point of Sale) – scan barcodes & create orders with barcode reader.
Researcher
More Details >

CBX Bookmark & Favorite <= 1.7.21 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-32577
Patch Status
Patched
Published
Apr 16, 2024
Affected Software
CBX Bookmark & Favorite
Researcher
More Details >

DethemeKit For Elementor <= 2.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-32508
Patch Status
Patched
Published
Apr 15, 2024
Affected Software
DethemeKit For Elementor
Researcher
More Details >

DSGVO Youtube <= 1.4.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-32596
Patch Status
Patched
Published
Apr 16, 2024
Affected Software
DSGVO Youtube
Researcher
More Details >

EAN for WooCommerce <= 4.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via alg_wc_ean_product_meta Shortcode

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2023-6892
Patch Status
Patched
Published
Apr 17, 2024
Affected Software
EAN for WooCommerce
Researcher
More Details >

Easy Textillate <= 2.02 - Authenticated(Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-32526
Patch Status
Unpatched
Published
Apr 15, 2024
Affected Software
Easy Textillate
Researcher
More Details >

Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, Twitter Grid) <= 5.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Panel Slider Widget

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-1429
Patch Status
Patched
Published
Apr 17, 2024
Affected Software
Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)
Researcher
More Details >

Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, Twitter Grid) <= 5.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Price List Widget

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-1426
Patch Status
Patched
Published
Apr 17, 2024
Affected Software
Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)
Researcher
More Details >

Elements Plus! <= 2.16.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-32457
Patch Status
Patched
Published
Apr 15, 2024
Affected Software
Elements Plus!
Researcher
More Details >

ElementsKit Pro <= 3.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'ekit_btn_id'

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-3598
Patch Status
Patched
Published
Apr 18, 2024
Affected Software
ElementsKit Pro
Researcher
More Details >

Envo Extra <= 1.8.11 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-32456
Patch Status
Patched
Published
Apr 15, 2024
Affected Software
Envo Extra
Researcher
More Details >

Essential Addons for Elementor <= 5.9.14 - Authenticated (Contributor+) Store Cross-Site Scripting via Widget URL Attribute

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-3333
Patch Status
Patched
Published
Apr 16, 2024
Affected Software
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
Researcher
More Details >

Essential Addons for Elementor Pro <= 5.8.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title_html_tag'

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-3645
Patch Status
Patched
Published
Apr 19, 2024
Affected Software
Essential Addons for Elementor Pro
Researcher
More Details >

Exclusive Addons for Elementor <= 2.6.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via InfoBox

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-2751
Patch Status
Patched
Published
Apr 15, 2024
Affected Software
Exclusive Addons for Elementor
Researcher
ST
More Details >

Exclusive Addons for Elementor <= 2.6.9.2 - Authenticated(Contributor+) Stored Cross-Site Scripting via Post Grid

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-2503
Patch Status
Patched
Published
Apr 15, 2024
Affected Software
Exclusive Addons for Elementor
Researcher
More Details >

FileBird – WordPress Media Library Folders & File Manager <= 5.6.3 - Authenticated (Author+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-2345
Patch Status
Patched
Published
Apr 16, 2024
Affected Software
FileBird – WordPress Media Library Folders & File Manager
Researcher
More Details >

Happy Addons for Elementor <= 3.10.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via HTML Tags

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-3891
Patch Status
Patched
Published
Apr 19, 2024
Affected Software
Happy Addons for Elementor
Researcher
More Details >

Happy Addons for Elementor <= 3.10.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Stack Group, Photo Stack, & Horizontal Timeline

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-3724
Patch Status
Patched
Published
Apr 19, 2024
Affected Software
Happy Addons for Elementor
Researcher
More Details >

hCaptcha for WordPress <= 4.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via cf7-hcaptcha Shortcode

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4014
Patch Status
Patched
Published
Apr 19, 2024
Affected Software
hCaptcha for WordPress
Researcher
More Details >

HelloAsso <= 1.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-32697
Patch Status
Patched
Published
Apr 19, 2024
Affected Software
HelloAsso
Researcher
More Details >

HT Mega – Absolute Addons For Elementor <= 2.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'size'

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-2085
Patch Status
Patched
Published
Apr 16, 2024
Affected Software
HT Mega – Absolute Addons For Elementor
Researcher
More Details >

HT Mega – Absolute Addons For Elementor <= 2.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Lightbox Widget

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-2084
Patch Status
Patched
Published
Apr 16, 2024
Affected Software
HT Mega – Absolute Addons For Elementor
Researcher
More Details >

HT Mega – Absolute Addons For Elementor <= 2.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Accordion/FAQ

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-2790
Patch Status
Patched
Published
Apr 16, 2024
Affected Software
HT Mega – Absolute Addons For Elementor
Researchers
More Details >

HT Mega – Absolute Addons For Elementor <= 2.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-3307
Patch Status
Patched
Published
Apr 16, 2024
Affected Software
HT Mega – Absolute Addons For Elementor
Researcher
More Details >

HT Mega – Absolute Addons For Elementor <= 2.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Grid Widget

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-3308
Patch Status
Patched
Published
Apr 16, 2024
Affected Software
HT Mega – Absolute Addons For Elementor
Researcher
More Details >

HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce <= 2.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-32556
Patch Status
Patched
Published
Apr 16, 2024
Affected Software
HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce
Researcher
More Details >

Icon Widget <= 1.3.0 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-1993
Patch Status
Patched
Published
Apr 19, 2024
Affected Software
Icon Widget
Researcher
More Details >

Jotform Online Forms <= 1.3.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-2542
Patch Status
Patched
Published
Apr 18, 2024
Affected Software
Jotform Online Forms – Drag & Drop Form Builder, Securely Embed Contact Forms
Researcher
More Details >

Knight Lab Timeline <= 3.9.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-32554
Patch Status
Unpatched
Published
Apr 16, 2024
Affected Software
Knight Lab Timeline
Researcher
More Details >

LearnPress – WordPress LMS Plugin <= 4.2.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-3560
Patch Status
Patched
Published
Apr 18, 2024
Affected Software
LearnPress – WordPress LMS Plugin
Researcher
More Details >

Master Slider – Responsive Touch Slider <= 3.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-32580
Patch Status
Patched
Published
Apr 16, 2024
Affected Software
Master Slider – Responsive Touch Slider
Researcher
More Details >

Mega Elements <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-32575
Patch Status
Patched
Published
Apr 16, 2024
Affected Software
Mega Elements – Addons for Elementor
Researcher
More Details >

Mortgage Calculators WP <= 1.56 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-32581
Patch Status
Patched
Published
Apr 16, 2024
Affected Software
Mortgage Calculators WP
Researcher
More Details >

Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE <= 2.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'titleTag'

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-3725
Patch Status
Patched
Published
Apr 16, 2024
Affected Software
Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE
Researcher
More Details >

Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX <= 4.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-32564
Patch Status
Patched
Published
Apr 16, 2024
Affected Software
Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX
Researcher
More Details >

QR Code Composer – Automatic QR code Generator <= 2.0.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-32560
Patch Status
Unpatched
Published
Apr 16, 2024
Affected Software
QR Code Composer – Automatic QR code Generator
Researcher
More Details >

Real Media Library <= 4.22.11 - Authenticated (Author+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-2328
Patch Status
Patched
Published
Apr 15, 2024
Affected Software
Real Media Library: Media Library Folder & File Manager
Researcher
More Details >

Restaurant Menu – Food Ordering System – Table Reservation <= 2.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-32579
Patch Status
Patched
Published
Apr 16, 2024
Affected Software
Restaurant Menu – Food Ordering System – Table Reservation
Researcher
More Details >

RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator <= 4.4.7 - Authenticated(Contributor+) Blind Server-Side Request Forgery (SSRF)

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2023-6805
Patch Status
Patched
Published
Apr 16, 2024
Affected Software
RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator
Researcher
More Details >

ShopLentor – WooCommerce Builder for Elementor & Gutenberg +10 Modules – All in One Solution (formerly WooLentor) <= 2.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-1057
Patch Status
Patched
Published
Apr 19, 2024
Affected Software
ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor)
Researcher
More Details >

Shortcodes and extra features for Phlox theme <= 2.15.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-1533
Patch Status
Unpatched
Published
Apr 15, 2024
Affected Software
Shortcodes and extra features for Phlox theme
Researcher
More Details >

Shortcodes and extra features for Phlox theme <= 2.15.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'aux_gmaps' Shortcode

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-3341
Patch Status
Unpatched
Published
Apr 15, 2024
Affected Software
Shortcodes and extra features for Phlox theme
Researcher
More Details >

Shortcodes and extra features for Phlox theme <= 2.15.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'aux_timeline' Shortcode

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-1357
Patch Status
Unpatched
Published
Apr 15, 2024
Affected Software
Shortcodes and extra features for Phlox theme
Researcher
More Details >

Shortcodes and extra features for Phlox theme <= 2.15.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title_tag'

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-1396
Patch Status
Unpatched
Published
Apr 15, 2024
Affected Software
Shortcodes and extra features for Phlox theme
Researchers
More Details >

Shortcodes and extra features for Phlox theme <= 2.15.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Accordion Widget

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-3517
Patch Status
Unpatched
Published
Apr 15, 2024
Affected Software
Shortcodes and extra features for Phlox theme
Researcher
More Details >

Shortcodes and extra features for Phlox theme <= 2.15.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom JS

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-1348
Patch Status
Unpatched
Published
Apr 15, 2024
Affected Software
Shortcodes and extra features for Phlox theme
Researcher
More Details >

Simple Testimonials Showcase <= 1.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-32530
Patch Status
Unpatched
Published
Apr 15, 2024
Affected Software
Simple Testimonials Showcase
Researcher
More Details >

Tagbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics <= 3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-32552
Patch Status
Patched
Published
Apr 16, 2024
Affected Software
Tagbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics
Researcher
More Details >

Tagembed: Embed Twitter Feed, Google Reviews, YouTube Videos, TikTok, RSS Feed & More Social Media Feeds <= 4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-32561
Patch Status
Patched
Published
Apr 16, 2024
Affected Software
Tagembed: Embed Twitter Feed, Google Reviews, YouTube Videos, TikTok, RSS Feed & More Social Media Feeds
Researcher
More Details >

Void Elementor WHMCS Elements For Elementor Page Builder <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-32592
Patch Status
Patched
Published
Apr 16, 2024
Affected Software
Void Elementor WHMCS Elements For Elementor Page Builder
Researcher
More Details >

WordPress Menu Plugin — Superfly Responsive Menu <= 5.0.25 - Authenticated (Subscriber+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-32553
Patch Status
Unpatched
Published
Apr 16, 2024
Affected Software
WordPress Menu Plugin — Superfly Responsive Menu
Researcher
More Details >

WP Club Manager <= 2.2.11 - Authenticated (Player+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-32566
Patch Status
Patched
Published
Apr 16, 2024
Affected Software
WP Club Manager – WordPress Sports Club Plugin
Researcher
More Details >

WP Smart Import : Import any XML File to WordPress <= 1.0.7 - Authenticated (Author+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-32597
Patch Status
Patched
Published
Apr 16, 2024
Affected Software
WP Smart Import : Import any XML File to WordPress
Researcher
More Details >

WP Stripe Checkout <= 1.2.2.41 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-32571
Patch Status
Patched
Published
Apr 16, 2024
Affected Software
WP Stripe Checkout
Researcher
More Details >

WP TradingView <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-32536
Patch Status
Unpatched
Published
Apr 15, 2024
Affected Software
WP TradingView
Researcher
More Details >

WP-FormAssembly <= 2.0.10 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2023-49768
Patch Status
Patched
Published
Apr 16, 2024
Affected Software
WP-FormAssembly
Researcher
More Details >

Yoga Schedule Momoyoga <= 2.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-32529
Patch Status
Patched
Published
Apr 15, 2024
Affected Software
Yoga Schedule Momoyoga
Researcher
More Details >

3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin <= 3.62 - Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-32694
Patch Status
Patched
Published
Apr 19, 2024
Affected Software
3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin
Researcher
More Details >

Access Category Password <= 1.5.1 - Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-32535
Patch Status
Unpatched
Published
Apr 15, 2024
Affected Software
Access Category Password
Researcher
More Details >

Bulk Block Converter <= 1.0.1 - Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-32542
Patch Status
Unpatched
Published
Apr 16, 2024
Affected Software
Bulk Block Converter
Researcher
More Details >

Canva – Design beautiful blog graphics <= 1.2.4 - Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-32545
Patch Status
Unpatched
Published
Apr 15, 2024
Affected Software
Canva – Design beautiful blog graphics
Researcher
More Details >

Code Insert Manager (Q2W3 Inc Manager) <= 2.5.3 - Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-32547
Patch Status
Unpatched
Published
Apr 15, 2024
Affected Software
Code Insert Manager (Q2W3 Inc Manager)
Researcher
More Details >

Cornerstone <= 0.8.0 - Reflected Cross-Site Scripting via PHP_SELF

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-32570
Patch Status
Patched
Published
Apr 16, 2024
Affected Software
Cornerstone
Researcher
More Details >

Customer Reviews for WooCommerce <= 5.47.0 - Reflected Cross-Site Scripting via 's'

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-3731
Patch Status
Patched
Published
Apr 18, 2024
Affected Software
Customer Reviews for WooCommerce
Researcher
More Details >

Delete Custom Fields <= 0.3.1 - Cross-Site Request Forgery to Post Meta Deletion

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-0613
Patch Status
Unpatched
Published
Apr 15, 2024
Affected Software
Delete Custom Fields
Researcher
More Details >

Easy CountDowner <= 1.0.8 - Cross-Site Request Forgery

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-32538
Patch Status
Unpatched
Published
Apr 15, 2024
Affected Software
Easy CountDowner
Researcher
More Details >

eCommerce Product Catalog Plugin for WordPress <= 3.3.32 - Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-32558
Patch Status
Patched
Published
Apr 18, 2024
Affected Software
eCommerce Product Catalog Plugin for WordPress
Researcher
More Details >

EnvíaloSimple: Email Marketing y Newsletters <= 2.2 - Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-32587
Patch Status
Patched
Published
Apr 16, 2024
Affected Software
EnvíaloSimple: Email Marketing y Newsletters
Researcher
More Details >

Forminator <= 1.15.2 - Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-31857
Patch Status
Patched
Published
Apr 18, 2024
Affected Software
Forminator – Contact Form, Payment Form & Custom Form Builder
Researcher
More Details >

GuCherry Blog <= 1.1.8 - Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-32531
Patch Status
Unpatched
Published
Apr 15, 2024
Affected Software
GuCherry Blog
Researcher
More Details >

Import Content in WordPress & WooCommerce with Excel <= 4.2 - Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-32585
Patch Status
Patched
Published
Apr 16, 2024
Affected Software
Import Content in WordPress & WooCommerce with Excel
Researcher
More Details >

Jobs for WordPress <= 2.7.5 - Reflected Cross-Site Scripting via job-search

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-2833
Patch Status
Patched
Published
Apr 17, 2024
Affected Software
Jobs for WordPress
Researcher
More Details >

Language Switcher for Transposh <= 1.5.9 - Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-32695
Patch Status
Patched
Published
Apr 19, 2024
Affected Software
Language Switcher for Transposh
Researcher
More Details >

LearnPress Export Import <= 4.0.3 - Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-32588
Patch Status
Patched
Published
Apr 16, 2024
Affected Software
LearnPress Export Import – WordPress extension for LearnPress
Researcher
More Details >

LH Add Media From Url <= 1.22 - Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-32533
Patch Status
Patched
Published
Apr 15, 2024
Affected Software
LH Add Media From Url
Researcher
More Details >

Media Library Folders <= 8.2.0 - Reflected Cross-Site Scripting via 's'

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-3615
Patch Status
Patched
Published
Apr 18, 2024
Affected Software
Media Library Folders
Researcher
More Details >

MJ Update History <= 1.0.4 - Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-32543
Patch Status
Unpatched
Published
Apr 15, 2024
Affected Software
MJ Update History
Researcher
More Details >

Netgsm <= 2.8 - Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-32544
Patch Status
Patched
Published
Apr 15, 2024
Affected Software
Netgsm
Researcher
More Details >

Slider by 10Web – Responsive Image Slider <= 1.2.54 - Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-32578
Patch Status
Patched
Published
Apr 16, 2024
Affected Software
Slider by 10Web – Responsive Image Slider
Researcher
More Details >

Tainacan Interface <= 2.7.2 - Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-3867
Patch Status
Patched
Published
Apr 15, 2024
Affected Software
Tainacan Interface
Researcher
More Details >

Tax Rate Upload <= 2.4.5 - Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-32546
Patch Status
Unpatched
Published
Apr 15, 2024
Affected Software
Tax Rate Upload
Researcher
More Details >

VikBooking Hotel Booking Engine & PMS <= 1.6.7 - Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-32563
Patch Status
Patched
Published
Apr 16, 2024
Affected Software
VikBooking Hotel Booking Engine & PMS
Researcher
More Details >

WordPress Simple HTML Sitemap <= 2.8 - Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-32574
Patch Status
Patched
Published
Apr 16, 2024
Affected Software
WordPress Simple HTML Sitemap
Researcher
More Details >

WP 2FA – Two-factor authentication for WordPress <= 2.6.2 - Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-32568
Patch Status
Patched
Published
Apr 16, 2024
Affected Software
WP 2FA – Two-factor authentication for WordPress
Researcher
More Details >

WP 404 Auto Redirect to Similar Post <= 1.0.4 - Reflected Cross-Site Scripting via Debug Mode URI

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-32559
Patch Status
Patched
Published
Apr 16, 2024
Affected Software
WP 404 Auto Redirect to Similar Post
Researcher
More Details >

WP Cost Estimation & Payment Forms Builder <= 10.1.75 - Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-32510
Patch Status
Patched
Published
Apr 15, 2024
Affected Software
WP Cost Estimation & Payment Forms Builder
Researcher
More Details >

WP Dynamic Keywords Injector <= 2.3.21 - Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-32528
Patch Status
Patched
Published
Apr 15, 2024
Affected Software
WP Dynamic Keywords Injector
Researcher
More Details >

WP Helper Premium < 4.6.0 - Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-32595
Patch Status
Patched
Published
Apr 16, 2024
Affected Software
WP Helper Premium
Researcher
More Details >

Really Simple SSL <= 7.2.3 - Authenticated (Admin+) Server-Side Request Forgery

5.5
CVSS Rating
Medium (5.5)
CVE-ID
CVE-2024-31229
Patch Status
Patched
Published
Apr 16, 2024
Affected Software
Really Simple SSL
Researcher
More Details >

AI Infographic Maker <= 4.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

5.4
CVSS Rating
Medium (5.4)
CVE-ID
CVE-2024-32696
Patch Status
Patched
Published
Apr 19, 2024
Affected Software
AI Infographic Maker
Researcher
More Details >

Ditty – Responsive News Tickers, Sliders, and Lists <= 3.1.31 - Authenticated (Author+) Stored Cross-Site Scripting

5.4
CVSS Rating
Medium (5.4)
CVE-ID
CVE-2024-32569
Patch Status
Patched
Published
Apr 16, 2024
Affected Software
Ditty – Responsive News Tickers, Sliders, and Lists
Researcher
More Details >

Enhanced Media Library <= 2.8.9 - Authenticated (Author+) Stored Cross-Site Scripting

5.4
CVSS Rating
Medium (5.4)
CVE-ID
CVE-2024-2840
Patch Status
Patched
Published
Apr 15, 2024
Affected Software
Enhanced Media Library
Researcher
More Details >

Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 4.5.9 - Authenticated (Contributor+) DOM-Based Cross-Site Scripting via "Social Icons" Block

5.4
CVSS Rating
Medium (5.4)
CVE-ID
CVE-2024-3818
Patch Status
Patched
Published
Apr 18, 2024
Affected Software
Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates
Researcher
More Details >

FileBird – WordPress Media Library Folders & File Manager <= 5.6.3 - Authenticated (Author+) Insecure Direct Object Reference

5.4
CVSS Rating
Medium (5.4)
CVE-ID
CVE-2024-2346
Patch Status
Patched
Published
Apr 16, 2024
Affected Software
FileBird – WordPress Media Library Folders & File Manager
Researcher
More Details >

MyRewards <= 5.3.0 - Missing Authorization

5.4
CVSS Rating
Medium (5.4)
CVE-ID
CVE-2024-32688
Patch Status
Patched
Published
Apr 17, 2024
Affected Software
MyRewards – Loyalty Points and Rewards for WooCommerce – Reward orders, referrals, product reviews and more
Researcher
More Details >

Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Media Slider, Drag Drop Slider, Video Slider, Product Slider, Ecommerce Slider) <= 3.14.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

5.4
CVSS Rating
Medium (5.4)
CVE-ID
CVE-2024-1730
Patch Status
Patched
Published
Apr 19, 2024
Affected Software
Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider)
Researcher
More Details >

WordPress Automatic Plugin <= 3.92.1 Cross-Site Request Forgery

5.4
CVSS Rating
Medium (5.4)
CVE-ID
CVE-2024-32693
Patch Status
Patched
Published
Apr 19, 2024
Affected Software
WordPress Automatic Plugin
Researcher
More Details >

2Checkout Payment Gateway for WooCommerce <= 6.2 - Missing Authorization via sniff_ins

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-0629
Patch Status
Unpatched
Published
Apr 15, 2024
Affected Software
2Checkout Payment Gateway for WooCommerce
Researcher
More Details >

Backup Migration <= 1.4.3 - Information Exposure via Log Files

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-32686
Patch Status
Patched
Published
Apr 17, 2024
Affected Software
Backup Migration
Researcher
More Details >

Content Control <= 2.1.0 - Missing Authorization to Sensitive Information Exposure

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-0615
Patch Status
Patched
Published
Apr 16, 2024
Affected Software
Content Control – The Ultimate Content Restriction Plugin! Restrict Content, Create Conditional Blocks & More
Researcher
More Details >

Easy Custom Auto Excerpt <= 2.4.12 - Sensitive Information Exposure

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-3312
Patch Status
Patched
Published
Apr 18, 2024
Affected Software
Easy Custom Auto Excerpt
Researcher
More Details >

EleForms – All In One Form Integration including DB for Elementor <= 2.9.9.7 - Missing Authorization to Sensitive Information Exposure

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-2043
Patch Status
Patched
Published
Apr 16, 2024
Affected Software
EleForms – All In One Form Integration including DB for Elementor
Researcher
More Details >

LoginPress Pro <= 2.5.3 - Captcha Bypass

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-32676
Patch Status
Unpatched
Published
Apr 17, 2024
Affected Software
LoginPress Pro
Researcher
More Details >

LoginPress Pro <= 2.5.3 - Missing Authorization to License Status Update

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-32677
Patch Status
Unpatched
Published
Apr 17, 2024
Affected Software
LoginPress Pro
Researcher
More Details >

Order Limit for WooCommerce <= 2.0.0 - Missing Authorization

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-32675
Patch Status
Patched
Published
Apr 17, 2024
Affected Software
Order Limit for WooCommerce
Researcher
More Details >

Paid Memberships Pro <= 3.0.1 - Cross-Site Request Forgery

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-3215
Patch Status
Patched
Published
Apr 15, 2024
Affected Software
Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions
Researcher
More Details >

PeproDev Ultimate Invoice <= 2.0.0 - Missing Authorization

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-32518
Patch Status
Patched
Published
Apr 15, 2024
Affected Software
PeproDev Ultimate Invoice
Researcher
More Details >

Poll Maker – Best WordPress Poll Plugin <= 5.1.8 - Missing Authorization to Unauthenticated Email Enumeration

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-3601
Patch Status
Patched
Published
Apr 18, 2024
Affected Software
Poll Maker – Best WordPress Poll Plugin
Researcher
More Details >

Popup Anything <= 2.8.0 - Missing Authorization

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-32601
Patch Status
Patched
Published
Apr 16, 2024
Affected Software
Popup Anything – Popup for opt-ins and Lead Generation Conversions
Researcher
More Details >

Prime Slider – Addons For Elementor <= 3.13.2 - Missing Authorization to Notice Dismissal

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-32682
Patch Status
Patched
Published
Apr 17, 2024
Affected Software
Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider)
Researcher
More Details >

Product Feed PRO for WooCommerce by AdTribes – WooCommerce Product Feeds for Google, Facebook/Meta, Bing, & More <= 13.3.1 - Sensitive Information Exposure via Log Files

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-32513
Patch Status
Patched
Published
Apr 15, 2024
Affected Software
Product Feed PRO for WooCommerce by AdTribes – WooCommerce Product Feeds for Google, Facebook/Meta, Bing, & More
Researcher
More Details >

Shared Files <= 1.7.16 - Missing Authorization to Notice Dismissal

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-32679
Patch Status
Patched
Published
Apr 17, 2024
Affected Software
Shared Files – Advanced File Sharing & Download Manager with Frontend Uploads & Lead Generation
Researcher
More Details >

SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer <= 3.10.2 - Missing Authorization

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-3287
Patch Status
Patched
Published
Apr 19, 2024
Affected Software
SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer
Researcher
More Details >

Speed Optimizer <= 7.4.6 - Missing Authorization via purge_on_other_events()

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-32532
Patch Status
Patched
Published
Apr 15, 2024
Affected Software
Speed Optimizer – The All-In-One WordPress Performance-Boosting Plugin
Researcher
More Details >

Support Genix <= 1.2.3 - Missing Authorization

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2023-49742
Patch Status
Patched
Published
Apr 16, 2024
Affected Software
Support Genix – Support Tickets Managing System & Helpdesk Plugin for WordPress and WooCommerce
Researcher
More Details >

TrackShip for WooCommerce <= 1.7.5 - Missing Authorization

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-32678
Patch Status
Patched
Published
Apr 17, 2024
Affected Software
TrackShip for WooCommerce
Researcher
More Details >

WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) <= 3.0.2 - Missing Authorization to Unauthenticated Arbitrary Post Deletion

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-3599
Patch Status
Patched
Published
Apr 16, 2024
Affected Software
WP Cookie Consent ( for GDPR, CCPA & ePrivacy )
Researcher
More Details >

WP Cost Estimation & Payment Forms Builder <= 10.1.76 - Missing Authorization

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-32509
Patch Status
Patched
Published
Apr 15, 2024
Affected Software
WP Cost Estimation & Payment Forms Builder
Researcher
More Details >

WP Meta SEO <= 4.5.12 - Information Exposure via Meta Description

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2023-6962
Patch Status
Patched
Published
Apr 16, 2024
Affected Software
WP Meta SEO
Researcher
More Details >

Wp Ultimate Review <= 2.2.5 - Missing Authorization

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-32684
Patch Status
Patched
Published
Apr 17, 2024
Affected Software
WP Ultimate Review
Researcher
More Details >

Wp Ultimate Review <= 2.2.5 - Unauthenticated Insecure Direct Object Reference

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-32683
Patch Status
Patched
Published
Apr 17, 2024
Affected Software
WP Ultimate Review
Researcher
More Details >

Wp Ultimate Review <= 2.2.5 - Unauthenticated Review Restriction Bypass

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-32685
Patch Status
Patched
Published
Apr 17, 2024
Affected Software
WP Ultimate Review
Researcher
More Details >

Zero Spam <= 5.5.6 - Spam Protection Bypass

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-32521
Patch Status
Unpatched
Published
Apr 15, 2024
Affected Software
Zero Spam for WordPress
Researcher
More Details >

BA Book Everything <= 1.6.8 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-32598
Patch Status
Patched
Published
Apr 16, 2024
Affected Software
BA Book Everything
Researcher
More Details >

Backend Designer <= 1.3 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-32591
Patch Status
Patched
Published
Apr 16, 2024
Affected Software
Backend Designer
Researcher
More Details >

Fixed HTML Toolbar <= 1.0.7 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-32540
Patch Status
Patched
Published
Apr 15, 2024
Affected Software
Fixed HTML Toolbar
Researcher
More Details >

Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder <= 1.15.23 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-32534
Patch Status
Patched
Published
Apr 15, 2024
Affected Software
Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder
Researcher
More Details >

Navigation menu as Dropdown Widget <= 1.3.4 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-32126
Patch Status
Patched
Published
Apr 16, 2024
Affected Software
Navigation menu as Dropdown Widget
Researcher
More Details >

RSS Feed Widget <= 2.9.7 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-32690
Patch Status
Patched
Published
Apr 19, 2024
Affected Software
RSS Feed Widget
Researcher
More Details >

What's New Generator <= 2.0.2 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-32548
Patch Status
Unpatched
Published
Apr 15, 2024
Affected Software
What's New Generator
Researcher
More Details >

WP File Download Light <= 1.3.3 - Authenticated (Editor+) Stored Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-32539
Patch Status
Unpatched
Published
Apr 15, 2024
Affected Software
WP File Download Light
Researcher
More Details >

WP-Lister Lite for eBay <= 3.5.11 - Authenticated (Shop Manager+) Stored Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-32573
Patch Status
Patched
Published
Apr 16, 2024
Affected Software
WP-Lister Lite for eBay
Researcher
More Details >

BMI Adult & Kid Calculator <= 1.2.1 - Cross-Site Request Forgery to Cross-Site Scripting

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32550
Patch Status
Patched
Published
Apr 15, 2024
Affected Software
BMI Adult & Kid Calculator
Researcher
More Details >

Country State City Dropdown CF7 <= 2.7.1 - Missing Authorization

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-3520
Patch Status
Patched
Published
Apr 15, 2024
Affected Software
Country State City Dropdown CF7
Researcher
More Details >

Custom Order Statuses for WooCommerce <= 1.5.2 - Missing Authorization

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32524
Patch Status
Unpatched
Published
Apr 15, 2024
Affected Software
Custom Order Statuses for WooCommerce
Researcher
More Details >

Custom Thank You Page Customize For WooCommerce by Binary Carpenter <= 1.4.13 - Missing Authorization

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32517
Patch Status
Patched
Published
Apr 15, 2024
Affected Software
Custom Thank You Page Customize For WooCommerce by Binary Carpenter
Researcher
More Details >

Customer Reviews for WooCommerce <= 5.46.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Email Sending

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-3243
Patch Status
Patched
Published
Apr 15, 2024
Affected Software
Customer Reviews for WooCommerce
Researcher
More Details >

Customer Reviews for WooCommerce <= 5.46.0 - Missing Authorization to Authenticated (Subscriber+) Coupon Search

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-3869
Patch Status
Patched
Published
Apr 15, 2024
Affected Software
Customer Reviews for WooCommerce
Researcher
More Details >

EAN for WooCommerce <= 4.9.2 - Insecure Direct Object Reference to Sensitve Information Exposure via Shortcode

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2023-6897
Patch Status
Patched
Published
Apr 17, 2024
Affected Software
EAN for WooCommerce
Researcher
More Details >

Flash Video Player <= 5.0.4 - Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32537
Patch Status
Unpatched
Published
Apr 15, 2024
Affected Software
Flash Video Player
Researcher
More Details >

GG Woo Feed for WooCommerce Shopping Feed <= 1.2.6 - Missing Authorization

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32519
Patch Status
Patched
Published
Apr 15, 2024
Affected Software
GG Woo Feed for WooCommerce Shopping Feed on Google Facebook and Other Channels
Researcher
More Details >

MaxGalleria <= 6.4.2 - Missing Authorization

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-3581
Patch Status
Patched
Published
Apr 19, 2024
Affected Software
MaxGalleria
Researcher
More Details >

Mega Addons For Elementor <= 1.8 - Missing Authorization

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32515
Patch Status
Unpatched
Published
Apr 15, 2024
Affected Software
Mega Addons For Elementor
Researcher
More Details >

Multi Currency For WooCommerce <= 1.5.5 - Missing Authorization

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32516
Patch Status
Patched
Published
Apr 15, 2024
Affected Software
Multi Currency For WooCommerce
Researcher
More Details >

Open Close WooCommerce Store <= 4.9.1 - Missing Authorization

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32522
Patch Status
Patched
Published
Apr 15, 2024
Affected Software
Open Close WooCommerce Store – Best Business Schedules Manager
Researcher
More Details >

Ovic Responsive WPBakery <= 1.3.0 - Missing Authorization

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32142
Patch Status
Unpatched
Published
Apr 16, 2024
Affected Software
Ovic Responsive WPBakery
Researcher
More Details >

PeproDev CF7 Database <= 1.8.0 - Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2023-41864
Patch Status
Unpatched
Published
Apr 16, 2024
Affected Software
PeproDev CF7 Database
Researcher
More Details >

ProfileGrid – User Profiles, Memberships, Groups and Communities <= 5.8.3 - Missing Authorization

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-3606
Patch Status
Patched
Published
Apr 16, 2024
Affected Software
ProfileGrid – User Profiles, Memberships, Groups and Communities
Researcher
More Details >

Radio Player – Live Shoutcast, Icecast and Any Audio Stream Player for WordPress <= 2.0.73 - Missing Authorization to Authenticated (Subscriber+) Information Disclosure

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32506
Patch Status
Patched
Published
Apr 15, 2024
Affected Software
Radio Player – Live Shoutcast, Icecast and Any Audio Stream Player for WordPress
Researcher
More Details >

Regenerate post permalink <= 1.0.3 - Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-33681
Patch Status
Unpatched
Published
Apr 19, 2024
Affected Software
Regenerate post permalink
Researcher
More Details >

Related Posts for WordPress <= 4.0.3 - Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32549
Patch Status
Unpatched
Published
Apr 15, 2024
Affected Software
Related Posts for WordPress
Researcher
More Details >

ShopLentor <= 2.8.1 - Improper Authorization via woolentor_template_store

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2023-7067
Patch Status
Patched
Published
Apr 18, 2024
Affected Software
ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor)
Researcher
More Details >

Smart Forms <= 2.6.93 - Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-1306
Patch Status
Patched
Published
Apr 15, 2024
Affected Software
Smart Forms – when you need more than just a contact form
Researcher
More Details >

Theme My Login <= 7.1.6 - Missing Authorization to Notice Dismissal

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32525
Patch Status
Patched
Published
Apr 15, 2024
Affected Software
Theme My Login
Researcher
More Details >

WP Show Posts <= 1.1.5 - Improper Authorization to Information Exposure

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2023-6731
Patch Status
Patched
Published
Apr 16, 2024
Affected Software
WP Show Posts
Researcher
More Details >

WP Social Comments <= 1.7.3 - Missing Authorization via wpfc_allow_comments()

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32689
Patch Status
Patched
Published
Apr 17, 2024
Affected Software
WP Social Comments
Researcher
More Details >

WP-Recall – Registration, Profile, Commerce & More <= 16.26.5 - Insecure Direct Object Reference

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32604
Patch Status
Patched
Published
Apr 16, 2024
Affected Software
WP-Recall – Registration, Profile, Commerce & More
Researcher
More Details >

WPC Frequently Bought Together for WooCommerce <= 7.0.3 - Missing Authorization

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32687
Patch Status
Patched
Published
Apr 17, 2024
Affected Software
WPC Frequently Bought Together for WooCommerce
Researcher
More Details >

WPC Grouped Product for WooCommerce <= 4.4.2 - Missing Authorization

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32520
Patch Status
Patched
Published
Apr 15, 2024
Affected Software
WPC Grouped Product for WooCommerce
Researcher
More Details >

Prime Slider – Addons For Elementor <= 3.13.2 - Missing Authorization

3.1
CVSS Rating
Low (3.1)
CVE-ID
CVE-2024-32681
Patch Status
Patched
Published
Apr 17, 2024
Affected Software
Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider)
Researcher
More Details >

As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.

This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us through our Bug Bounty Program, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.

Did you enjoy this post? Share it!

LinkedIn 

Comments

No Comments

Breaking WordPress Security Research in your inbox as it happens.

Example of a news story

This site uses cookies in accordance with our Privacy Policy.