Chloe Chamberland
May 2, 2024

Wordfence Intelligence Weekly WordPress Vulnerability Report (April 22, 2024 to April 28, 2024)

🎉 Did you know we’re running a Bug Bounty Extravaganza again?

Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure!

Last week, there were 302 vulnerabilities disclosed in 231 WordPress Plugins and 23 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 65 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.

Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface, vulnerability API, webhook integration, and Wordfence CLI Vulnerability Scanner are all completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.

Enterprises, Hosting Providers, and even Individuals can use the Wordfence CLI Vulnerability Scanner to run regular vulnerability scans across the sites they protect. Or alternatively, utilize the vulnerability Database API to receive a complete dump of our database of over 15,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.

Total Unpatched & Patched Vulnerabilities Last Week

Patch Status Number of Vulnerabilities
Patched 232
Unpatched 70

Total Vulnerabilities by CVSS Severity Last Week

Severity Rating Number of Vulnerabilities
Low Severity 4
Medium Severity 246
High Severity 30
Critical Severity 22

Total Vulnerabilities by CWE Type Last Week

Vulnerability Type by CWE Number of Vulnerabilities
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 93
Missing Authorization 82
Cross-Site Request Forgery (CSRF) 31
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') 13
Information Exposure 12
Server-Side Request Forgery (SSRF) 12
Authorization Bypass Through User-Controlled Key 6
Deserialization of Untrusted Data 6
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') 6
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') 6
Information Exposure Through Log Files 6
Unrestricted Upload of File with Dangerous Type 5
Improper Privilege Management 4
Use of Less Trusted Source 4
External Control of Assumed-Immutable Web Parameter 3
Improper Control of Generation of Code ('Code Injection') 2
Improper Input Validation 2
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') 2
Authentication Bypass Using an Alternate Path or Channel 1
Guessable CAPTCHA 1
Improper Access Control 1
Improper Authorization 1
Improper Neutralization of Alternate XSS Syntax 1
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) 1
URL Redirection to Untrusted Site ('Open Redirect') 1

Researchers That Contributed to WordPress Security Last Week

Researcher Name Number of Vulnerabilities
30
23
17
17
14
13
13
12
12
10
10
7
7
7
7
7
6
6
6
5
4
4
4
4
4
3
3
2
2
2
2
2
2
2
2
2
2
1
1
1
1
1
ST
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1

Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and earn a bounty on in-scope vulnerabilities through our Bug Bounty Program. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.

WordPress Plugins with Reported Vulnerabilities Last Week

Software Name Software Slug
Academy LMS – eLearning and online course solution for WordPress academy
Accessibility Widget accessibility-widget
ActiveDEMAND activedemand
Admin and Customer Messages After Order for WooCommerce: OrderConvo admin-and-client-message-after-order-for-woocommerce
Admin Bar Editor – Hide Toolbar by User Roles admin-bar
Advanced Floating Content Lite advanced-floating-content-lite
Advanced Local Pickup for WooCommerce advanced-local-pickup-for-woocommerce
Advanced Most Recent Posts Mod advanced-most-recent-posts-mod
Advanced Post List advanced-post-list
Advanced Testimonial Carousel for Elementor advanced-testimonial-carousel-for-elementor
AGCA – Custom Dashboard & Login Page ag-custom-admin
All-in-one Like Widget all-in-one-facebook-like-widget
Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy) wp-analytify
Annual Archive anual-archive
Appointment Hour Booking – WordPress Booking Plugin appointment-hour-booking
AppPresser – Mobile App Framework apppresser
Arconix FAQ arconix-faq
Arconix Shortcodes arconix-shortcodes
ARforms arforms
ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup armember-membership
Assistant – Every Day Productivity Apps assistant
Auto Featured Image (Auto Post Thumbnail) auto-post-thumbnail
BackUpWordPress backupwordpress
Barcode Scanner and Inventory manager. POS (Point of Sale) – scan barcodes & create orders with barcode reader. barcode-scanner-lite-pos-to-manage-products-inventory-and-orders
Base64 Encoder/Decoder base64-encoderdecoder
Better Elementor Addons better-elementor-addons
Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss bp-better-messages
BizPrint – Print WooCommerce Order Receipts, Invoices, Labels & More. print-google-cloud-print-gcp-woocommerce
Blog2Social: Social Media Auto Post & Scheduler blog2social
Booking Ultra Pro Appointments Booking Calendar Plugin booking-ultra-pro
Brevo for WooCommerce woocommerce-sendinblue-newsletter-subscription
Build 5 Star Reviews on Google Reviews, Yelp, Facebook… easily and risk-free | RRatingg 5-stars-rating-funnel
Car Dealer (Dealership) and Vehicle sales cardealer
CF7 File Download – File Download for CF7 cf7-file-download
ChatBot Conversational Forms conversational-forms
Classified Listing – Classified ads & Business Directory Plugin classified-listing
ClickCease Click Fraud Protection clickcease-click-fraud-protection
Client Dash client-dash
CM Tooltip Glossary enhanced-tooltipglossary
Colibri Page Builder colibri-page-builder
Collapse-O-Matic jquery-collapse-o-matic
Comments – wpDiscuz wpdiscuz
Contact Form 7 Database Addon – CFDB7 contact-form-cfdb7
Contact Form 7 Extension For Mailchimp contact-form-7-mailchimp-extension
Contact Form, Survey & Popup Form Plugin for WordPress – ARForms Form Builder arforms-form-builder
Content Views – Post Grid & Filter, Recent Posts, Category Posts, & More (Gutenberg Blocks and Shortcode) content-views-query-and-display-post-page
Cookie Information | Free GDPR Consent Solution wp-gdpr-compliance
CookieHub – Cookie Consent Banner (DSGVO, CCPA, RGPD and GDPR compliance) cookiehub
Cornerstone cornerstone
Coupon & Discount Code Reveal Button coupon-reveal-button
Crelly Slider crelly-slider
Culqi culqi-checkout
Custom field finder custom-field-finder
Customify Site Library customify-sites
Data Tables Generator by Supsystic data-tables-generator-by-supsystic
Database for Contact Form 7, WPforms, Elementor forms contact-form-entries
Easy Accept Payments via PayPal wordpress-easy-paypal-payment-or-donation-accept-plugin
Easy Property Listings easy-property-listings
Easy Set Favicon easy-set-favicon
Element Pack Pro - Addon for Elementor Page Builder WordPress Plugin bdthemes-element-pack
ElementsKit Elementor addons and Templates Library elementskit-lite
ElementsKit Pro elementskit
Elespare – Blog, Magazine and Newspaper Addons for Elementor with Templates, Widgets, Kits, and Header/Footer Builder. One Click Import: No Coding Required! elespare
Email Customizer for WooCommerce | Drag and Drop Email Templates Builder email-customizer-for-woocommerce
Embed Google Photos album embed-google-photos-album-easily
ENL Newsletter enl-newsletter
EPROLO Dropshipping eprolo-dropshipping
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders essential-addons-for-elementor-lite
Evergreen Content Poster – Auto Post and Schedule Your Best Content to Social Media evergreen-content-poster
Exclusive Addons for Elementor exclusive-addons-for-elementor
Export and Import Users and Customers users-customers-import-export-for-wp-woocommerce
FameTheme Demo Importer famethemes-demo-importer
Fan Page Widget by ThemeNcode facebook-fan-page-widget
Fancy Product Designer fancy-product-designer
FG Joomla to WordPress fg-joomla-to-wordpress
FileOrganizer – Manage WordPress and Website Files fileorganizer
Filterable Portfolio jungbillig-portfolio-gallery
Five Star Restaurant Reservations – WordPress Booking Plugin restaurant-reservations
Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder form-maker
FOX – Currency Switcher Professional for WooCommerce woocommerce-currency-switcher
Frontend Dashboard frontend-dashboard
FV Flowplayer Video Player fv-wordpress-flowplayer
GeoDirectory – WordPress Business Directory Plugin, or Classified Directory geodirectory
Getwid – Gutenberg Blocks getwid
Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers rafflepress
GiveWP – Donation Plugin and Fundraising Platform give
Happy Addons for Elementor happy-elementor-addons
Header Footer Code Manager Pro 99robots-header-footer-code-manager-pro
Headline Analyzer headline-analyzer
Hide Dashboard Notifications wp-hide-backed-notices
HL Twitter hl-twitter
HT Mega – Absolute Addons For Elementor ht-mega-for-elementor
Hummingbird – Cache & Page Speed Optimization for Core Web Vitals | Critical CSS | Minify CSS | Defer CSS Javascript hummingbird-performance
Image Optimizer, Resizer and CDN – Sirv sirv
Image Slider image-slider-widget
Import and export users and customers import-users-from-csv-with-meta
InstaWP Connect – 1-click WP Staging & Migration instawp-connect
Integrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files into Your WordPress Site integrate-google-drive
Interactive World Maps interactive-world-maps
Jeg Elementor Kit jeg-elementor-kit
KB Support – WordPress Help Desk and Knowledge Base kb-support
Knowledge Base documentation & wiki plugin – BasePress Docs basepress
Leaky Paywall leaky-paywall
List Custom Taxonomy Widget list-custom-taxonomy-widget
Login with phone number login-with-phone-number
Maintenance Mode hkdev-maintenance-mode
MainWP Child Reports mainwp-child-reports
Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor master-addons
Max Addons Pro for Bricks max-addons-pro-bricks
MDTF – Meta Data and Taxonomies Filter wp-meta-data-filter-and-taxonomy-filter
Meks Smart Social Widget meks-smart-social-widget
Meks ThemeForest Smart Widget meks-themeforest-smart-widget
MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor metform
MF Gig Calendar mf-gig-calendar
month name translation benaceur month-name-translation-benaceur
myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin mycred
Newsletters newsletters-lite
NextGEN Gallery – Create an Amazing Photo Gallery in Seconds nextgen-gallery
Opal Widgets For Elementor opal-widgets-for-elementor
Page Builder: Live Composer live-composer-page-builder
Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction paid-member-subscriptions
Payment Gateway Based Fees and Discounts for WooCommerce checkout-fees-for-woocommerce
PDF Invoices & Packing Slips for WooCommerce woocommerce-pdf-invoices-packing-slips
Photo Gallery by 10Web – Mobile-Friendly Image Gallery photo-gallery
Photo Gallery – GT3 Image Gallery & Gutenberg Block Gallery gt3-photo-video-gallery
Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Competition Plugin for WordPress contest-gallery
Piotnet Addons For Elementor piotnet-addons-for-elementor
Piotnet Addons For Elementor Pro piotnet-addons-for-elementor-pro
Podlove Podcast Publisher podlove-podcasting-plugin-for-wordpress
Poll | Vote | Contest – Best Poll Plugin for WordPress totalpoll-lite
Popup Box – Best WordPress Popup Plugin ays-popup-box
Popup Builder by OptinMonster – WordPress Popups for Optins, Email Newsletters and Lead Generation optinmonster
PopupAlly popupally
Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) buddyforms
Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX ultimate-post
Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks post-grid
Premium Addons for Elementor premium-addons-for-elementor
Pretty Google Calendar pretty-google-calendar
Pricing Table by Supsystic pricing-table-by-supsystic
Print Invoice & Delivery Notes for WooCommerce woocommerce-delivery-notes
Product Addons & Fields for WooCommerce woocommerce-product-addon
ProfileGrid – User Profiles, Groups and Communities profilegrid-user-profiles-groups-and-communities
PropertyHive propertyhive
Qi Addons For Elementor qi-addons-for-elementor
Quick Featured Images quick-featured-images
Radio Player – Live Shoutcast, Icecast and Any Audio Stream Player for WordPress radio-player
Radio Station by netmix® – Manage and play your Show Schedule in WordPress! radio-station
Rank Math SEO with AI Best SEO Tools seo-by-rank-math
Rate My Post – Star Rating Plugin by FeedbackWP rate-my-post
Recencio Book Reviews recencio-book-reviews
Reviews Plus reviews-plus
RomethemeForm For Elementor romethemeform
RomethemeKit For Elementor rometheme-for-elementor
Royal Elementor Addons and Templates royal-elementor-addons
rtMedia for WordPress, BuddyPress and bbPress buddypress-media
Salon booking system salon-booking-system
Save as PDF Plugin by Pdfcrowd save-as-pdf-by-pdfcrowd
SchedulePress – Best Editorial Calendar, Missed Schedule & Auto Social Share wp-scheduled-posts
Schema & Structured Data for WP & AMP schema-and-structured-data-for-wp
Secure Copy Content Protection and Content Locking secure-copy-content-protection
Seers | GDPR & CCPA Cookie Consent & Compliance seers-cookie-consent-banner-privacy-policy
Send PDF for Contact Form 7 send-pdf-for-contact-form-7
Serious Slider cryout-serious-slider
SharkDropship and Affiliate for AliExpress, eBay, Amazon, Etsy woo-aliexpress-dropshipping
ShortPixel Critical CSS shortpixel-critical-css
Simple Membership simple-membership
Simply Static simply-static
Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) sina-extension-for-elementor
Slash Admin slash-admin
Smart Forms – when you need more than just a contact form smart-forms
Smart Maintenance Mode smart-maintenance-mode
Smart Recent Posts Widget smart-recent-posts-widget
Social Share Buttons, Social Sharing Icons, Click to Tweet — Social Media Plugin by Social Snap socialsnap
Social Sharing Plugin – Social Warfare social-warfare
Solid Affiliate solid-affiliate
SP Project & Document Manager sp-client-document-manager
Spectra – WordPress Gutenberg Blocks ultimate-addons-for-gutenberg
SSU – WordPress Amazon S3 & Wasabi Smart File Uploads Plugin wp-s3-smart-upload
Sticky Anything toast-stick-anything
StreamWeasels Twitch Integration streamweasels-twitch-integration
Survey Maker – Best WordPress Survey Plugin survey-maker
Table Rate Shipping Method for WooCommerce by Flexible Shipping flexible-shipping
The Pack Elementor addons (Header Footer & WooCommerce Builder, Template Library) the-pack-addon
The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce the-plus-addons-for-elementor-page-builder
The Plus Blocks for Block Editor | Gutenberg the-plus-addons-for-block-editor
Timetable and Event Schedule by MotoPress mp-timetable
Tutor LMS – eLearning and online course solution tutor
Ultimate 410 Gone Status Code ultimate-410
Ultimate Blocks – WordPress Blocks Plugin ultimate-blocks
User Meta – User Profile Builder and User management plugin user-meta
USPS Shipping for WooCommerce – Live Rates flexible-shipping-usps
Video Conferencing with Zoom video-conferencing-with-zoom-api
VikRentCar Car Rental Management System vikrentcar
Vision – Image Map Builder vision
Vitepos – Point of sale (POS) plugin for WooCommerce vitepos-lite
VK Block Patterns vk-block-patterns
VOD Infomaniak vod-infomaniak
Wallet for WooCommerce – Best WooCommerce Wallet System With Cashback Rewards, Partial Payment, Wallet Refunds woo-wallet
Widget Post Slider widget-post-slider
WooCommerce Amazon Affiliates - Wordpress Plugin woozone
WooCommerce Shipping Label shipping-labels-for-woo
WordPress Ad Widget ad-widget
WordPress Backup & Migration wp-migration-duplicator
WP ADA Compliance Check Basic – Most Comprehensive Web Accessibility Solution for WordPress wp-ada-compliance-check-basic
WP Club Manager – WordPress Sports Club Plugin wp-club-manager
WP Datepicker wp-datepicker
WP Fusion Lite – Marketing Automation and CRM Integration for WordPress wp-fusion-lite
WP GoToWebinar wp-gotowebinar
WP LinkedIn Auto Publish wp-linkedin-auto-publish
WP Masquerade wp-masquerade
WP Media Category Management wp-media-category-management
WP Migrate Pro wp-migrate-db-pro
WP Page Post Widget Clone wp-page-post-widget-clone
WP Prayer wp-prayer
WP Shortcodes Plugin — Shortcodes Ultimate shortcodes-ultimate
WP SMTP wp-smtp
WP STAGING Pro WordPress Backup Plugin wp-staging-pro
WP STAGING WordPress Backup Plugin – Migration Backup Restore wp-staging
WP Time Slots Booking Form wp-time-slots-booking-form
WP Travel Engine – Best Travel Booking WordPress Plugin, Tour Booking System wp-travel-engine
WP ULike – Most Advanced WordPress Marketing Toolkit wp-ulike
WP-Lister Lite for eBay wp-lister-for-ebay
WP-Members Membership Plugin wp-members
WP-Recall – Registration, Profile, Commerce & More wp-recall
WPC Composite Products for WooCommerce wpc-composite-products
WPCal.io – Easy Meeting Scheduler wpcal
WPPizza – A Restaurant Plugin wppizza
WPZOOM Addons for Elementor (Templates, Widgets) wpzoom-elementor-addons
XforWooCommerce xforwoocommerce
XStore Core et-core-plugin
YITH WooCommerce Compare yith-woocommerce-compare

WordPress Themes with Reported Vulnerabilities Last Week

Software Name Software Slug
Accountra accountra
Althea WP althea-wp
Blocksy blocksy
Brite brite
Calliope calliope
Colibri WP colibri-wp
ColorNews colornews
Elevate WP elevate-wp
Financio financio
Hugo WP hugo-wp
Intrace intrace
Pathway pathway
Photology photology
Royal Elementor Kit royal-elementor-kit
Startupzy startupzy
Teluro teluro
Travey travey
uDesign - Responsive WordPress Theme u-design
Vertice vertice
Virtue virtue
WP Portfolio wp-portfolio
XStore xstore
Zeever zeever

Vulnerability Details

Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you’d like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.

ActiveDEMAND <= 0.2.41 - Unauthenticated Arbitrary File Upload

10.0
CVSS Rating
Critical (10.0)
CVE-ID
CVE-2024-32809
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
ActiveDEMAND
Researcher
More Details >

Customify Site Library <= 0.0.9 - Unauthenticated Remote Code Execution

10.0
CVSS Rating
Critical (10.0)
CVE-ID
CVE-2024-33644
Patch Status
Unpatched
Published
Apr 25, 2024
Affected Software
Customify Site Library
Researcher
More Details >

WooCommerce Amazon Affiliates - Wordpress Plugin <= 14.0.10 - Unauthenticated SQL Injection

10.0
CVSS Rating
Critical (10.0)
CVE-ID
CVE-2024-33544
Patch Status
Unpatched
Published
Apr 25, 2024
Affected Software
WooCommerce Amazon Affiliates - Wordpress Plugin
Researcher
More Details >

WP-Recall – Registration, Profile, Commerce & More <= 16.26.5 - Unauthenticated SQL Injection

10.0
CVSS Rating
Critical (10.0)
CVE-ID
CVE-2024-32709
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
WP-Recall – Registration, Profile, Commerce & More
Researcher
More Details >

XStore <= 9.3.5 - Unauthenticated SQL Injection

10.0
CVSS Rating
Critical (10.0)
CVE-ID
CVE-2024-33559
Patch Status
Unpatched
Published
Apr 25, 2024
Affected Software
XStore
Researcher
More Details >

XStore Core <= 5.3.5 - Unauthenticated SQL Injection

10.0
CVSS Rating
Critical (10.0)
CVE-ID
CVE-2024-33551
Patch Status
Unpatched
Published
Apr 25, 2024
Affected Software
XStore Core
Researcher
More Details >

Element Pack Pro <= 7.7.4 - Authenticated (Contributor+) Arbitrary File Read and PHAR Deserialization

9.9
CVSS Rating
Critical (9.9)
CVE-ID
CVE-2024-33568
Patch Status
Unpatched
Published
Apr 25, 2024
Affected Software
Element Pack Pro - Addon for Elementor Page Builder WordPress Plugin
Researcher
More Details >

Timetable and Event Schedule by MotoPress <= 2.4.11 - Authenticated (Contributor+) SQL Injection

9.9
CVSS Rating
Critical (9.9)
CVE-ID
CVE-2024-3342
Patch Status
Patched
Published
Apr 26, 2024
Affected Software
Timetable and Event Schedule by MotoPress
Researcher
More Details >

WooCommerce Amazon Affiliates - Wordpress Plugin <= 14.0.10 - Authenticated (Subscriber+) SQL Injection

9.9
CVSS Rating
Critical (9.9)
CVE-ID
CVE-2024-33546
Patch Status
Unpatched
Published
Apr 25, 2024
Affected Software
WooCommerce Amazon Affiliates - Wordpress Plugin
Researcher
More Details >

WP-Recall – Registration, Profile, Commerce & More <= 16.26.5 - Authenticated (Contributor+) SQL Injection

9.9
CVSS Rating
Critical (9.9)
CVE-ID
CVE-2024-32710
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
WP-Recall – Registration, Profile, Commerce & More
Researcher
More Details >

XStore Core <= 5.3.5 - Authenticated (Subscriber+) Limited Arbitrary File Upload

9.9
CVSS Rating
Critical (9.9)
CVE-ID
CVE-2024-33556
Patch Status
Unpatched
Published
Apr 25, 2024
Affected Software
XStore Core
Researcher
More Details >

Barcode Scanner with Inventory & Order Manager <= 1.5.3 - Unauthenticated Privilege Escalation

9.8
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-33567
Patch Status
Patched
Published
Apr 25, 2024
Affected Software
Barcode Scanner and Inventory manager. POS (Point of Sale) – scan barcodes & create orders with barcode reader.
Researcher
More Details >

OrderConvo <= 12.4 - Missing Authorization to Arbitrary File Upload

9.8
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-33566
Patch Status
Patched
Published
Apr 25, 2024
Affected Software
Admin and Customer Messages After Order for WooCommerce: OrderConvo
Researcher
More Details >

Product Addons & Fields for WooCommerce <= 32.0.18 - Unauthenticated Arbitrary File Upload via ppom_upload_file

9.8
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-3962
Patch Status
Patched
Published
Apr 25, 2024
Affected Software
Product Addons & Fields for WooCommerce
Researcher
More Details >

Sirv <= 7.2.2 - Missing Authorization to Arbitrary Options Update

9.8
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-32959
Patch Status
Patched
Published
Apr 23, 2024
Affected Software
Image Optimizer, Resizer and CDN – Sirv
Researcher
More Details >

WP Migrate Pro <= 2.6.10 - Unauthenticated PHP Object Injection

9.8
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-30225
Patch Status
Patched
Published
Apr 26, 2024
Affected Software
WP Migrate Pro
Researcher
More Details >

XStore <= 9.3.5 - Unauthenticated Local File Inclusion

9.8
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-33560
Patch Status
Unpatched
Published
Apr 25, 2024
Affected Software
XStore
Researcher
More Details >

XStore Core <= 5.3.5 - Unauthenticated PHP Object Injection

9.8
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-33553
Patch Status
Unpatched
Published
Apr 25, 2024
Affected Software
XStore Core
Researcher
More Details >

XStore Core <= 5.3.5 - Unauthenticated Privilege Escalation

9.8
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-33552
Patch Status
Unpatched
Published
Apr 25, 2024
Affected Software
XStore Core
Researcher
More Details >

BuddyForms <= 2.8.8 - Unauthenticated Arbitrary File Read and Server-Side Request Forgery

9.3
CVSS Rating
Critical (9.3)
CVE-ID
CVE-2024-32830
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC)
Researcher
More Details >

ENL Newsletter <= 1.0.1 - Authenticated (Admin+) SQL Injection

9.1
CVSS Rating
Critical (9.1)
CVE-ID
CVE-2024-3060
Patch Status
Unpatched
Published
Apr 26, 2024
Affected Software
ENL Newsletter
Researcher
More Details >

Newsletters <= 4.9.5 - Authenticated (Admin+) Arbitrary File Upload

9.1
CVSS Rating
Critical (9.1)
CVE-ID
CVE-2024-32954
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
Newsletters
Researcher
More Details >

ARforms <= 6.4 - Authenticated (Subscriber+) SQL Injection

8.8
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-32706
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
ARforms
Researcher
More Details >

Better Elementor Addons <= 1.4.1 - Authenticated(Contributor+) Local File Inclusion

8.8
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-33541
Patch Status
Patched
Published
Apr 25, 2024
Affected Software
Better Elementor Addons
Researcher
More Details >

Booking Ultra Pro <= 1.1.12 - Authenticated (Contributor+) Privilege Escalation

8.8
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-32960
Patch Status
Patched
Published
Apr 23, 2024
Affected Software
Booking Ultra Pro Appointments Booking Calendar Plugin
Researcher
More Details >

Custom field finder <= 0.3 - Authenticated (Author+) PHP Object Injection

8.8
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-33641
Patch Status
Patched
Published
Apr 25, 2024
Affected Software
Custom field finder
Researcher
More Details >

ElementsKit Elementor addons <= 3.1.0 - Authenticated (Contributor+) Local File Inclusion via Onepage Scroll Module

8.8
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-3499
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
ElementsKit Elementor addons and Templates Library
Researcher
More Details >

ElementsKit Pro <= 3.6.0 - Authenticated (Contributor+) Local File Inclusion via Price Menu, Hotspot, and Advanced Toggle Widgets

8.8
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-3500
Patch Status
Patched
Published
Apr 25, 2024
Affected Software
ElementsKit Pro
Researcher
More Details >

GiveWP – Donation Plugin and Fundraising Platform <= 3.4.2 - Authenticated (GiveWP Manager+) PHP Object Injection

8.8
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-30229
Patch Status
Patched
Published
Apr 26, 2024
Affected Software
GiveWP – Donation Plugin and Fundraising Platform
Researcher
More Details >

rtMedia for WordPress, BuddyPress and bbPress <= 4.6.18 - Authenticated (Contributor+) SQL Injection via rtmedia_gallery Shortcode

8.8
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-3293
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
rtMedia for WordPress, BuddyPress and bbPress
Researcher
More Details >

WooCommerce Amazon Affiliates - Wordpress Plugin <= 14.0.10 - Authenticated (Subscriber+) Privilege Escalation

8.8
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-33549
Patch Status
Unpatched
Published
Apr 25, 2024
Affected Software
WooCommerce Amazon Affiliates - Wordpress Plugin
Researcher
More Details >

WP Datepicker <= 2.1.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update

8.8
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-3895
Patch Status
Patched
Published
Apr 23, 2024
Affected Software
WP Datepicker
Researcher
More Details >

WP Masquerade <= 1.1.0 - Authenticated (Subscriber+) Account Takeover

8.8
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-33550
Patch Status
Unpatched
Published
Apr 25, 2024
Affected Software
WP Masquerade
Researcher
More Details >

WP ULike – Most Advanced WordPress Marketing Toolkit <= 4.6.9 - Authenticated (Contributor+) SQL Injection via Shortcodes

8.8
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-1797
Patch Status
Patched
Published
Apr 26, 2024
Affected Software
WP ULike – Most Advanced WordPress Marketing Toolkit
Researcher
More Details >

XforWooCommerce <= 2.0.2 - Authenticated (Subscriber+) Local File Inclusion

8.8
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-33628
Patch Status
Unpatched
Published
Apr 25, 2024
Affected Software
XforWooCommerce
Researcher
More Details >

XStore <= 9.3.5 - Authenticated (Subscriber+) Arbitrary Options Update

8.8
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-33564
Patch Status
Unpatched
Published
Apr 25, 2024
Affected Software
XStore
Researcher
More Details >

XStore Core <= 5.3.5 - Authenticated (Subscriber+) Local File Inclusion

8.8
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-33557
Patch Status
Unpatched
Published
Apr 25, 2024
Affected Software
XStore Core
Researcher
More Details >

ARForms <= 6.4 - Missing Authorization to Arbitrary File Deletion

8.1
CVSS Rating
High (8.1)
CVE-ID
CVE-2024-32703
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
ARforms
Researcher
More Details >

Conversational Forms for ChatBot <= 1.1.8 - Unauthenticated Arbitrary File Download

7.5
CVSS Rating
High (7.5)
CVE-ID
CVE-2024-32729
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
ChatBot Conversational Forms
Researcher
More Details >

Database for Contact Form 7, WPforms, Elementor forms <= 1.3.8 - Unauthenticated Stored Cross-Site Scripting

7.2
CVSS Rating
High (7.2)
CVE-ID
CVE-2024-3715
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
Database for Contact Form 7, WPforms, Elementor forms
Researcher
More Details >

Export and Import Users and Customers <= 2.5.3 - Authenticated (Admin+) PHP Object Injection

7.2
CVSS Rating
High (7.2)
CVE-ID
CVE-2024-32835
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
Export and Import Users and Customers
Researcher
More Details >

Import and export users and customers <= 1.26.2 - Authenticated (Admin+) PHP Object Injection

7.2
CVSS Rating
High (7.2)
CVE-ID
CVE-2024-32817
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
Import and export users and customers
Researcher
More Details >

PDF Invoices & Packing Slips for WooCommerce <= 3.8.0 - Unauthenticated Server-Side Request Forgery

7.2
CVSS Rating
High (7.2)
CVE-ID
CVE-2024-3047
Patch Status
Patched
Published
Apr 24, 2024
Affected Software
PDF Invoices & Packing Slips for WooCommerce
Researcher
More Details >

PDF Invoices & Packing Slips for WooCommerce <= 3.8.0 - Unauthenticated Stored Cross-Site Scripting

7.2
CVSS Rating
High (7.2)
CVE-ID
CVE-2024-3045
Patch Status
Patched
Published
Apr 24, 2024
Affected Software
PDF Invoices & Packing Slips for WooCommerce
Researcher
More Details >

Piotnet Addons For Elementor Pro <= 7.1.17 - Unauthenticated Server-Side Request Forgery

7.2
CVSS Rating
High (7.2)
CVE-ID
CVE-2024-33634
Patch Status
Unpatched
Published
Apr 25, 2024
Affected Software
Piotnet Addons For Elementor Pro
Researcher
More Details >

Radio Player <= 2.0.73 - Unauthenticated Server-Side Request Forgery

7.2
CVSS Rating
High (7.2)
CVE-ID
CVE-2024-33592
Patch Status
Patched
Published
Apr 25, 2024
Affected Software
Radio Player – Live Shoutcast, Icecast and Any Audio Stream Player for WordPress
Researcher
More Details >

Sendinblue for WooCommerce <= 4.0.17 - Authenticated (Editor+) Arbitrary File Download and Deletion

7.2
CVSS Rating
High (7.2)
CVE-ID
CVE-2024-32807
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
Brevo for WooCommerce
Researcher
More Details >

Sticky Anything <= 2.1.5 - Missing Authorization

7.2
CVSS Rating
High (7.2)
CVE-ID
CVE-2024-33646
Patch Status
Unpatched
Published
Apr 25, 2024
Affected Software
Sticky Anything
Researcher
More Details >

Survey Maker – Best WordPress Survey Plugin <= 3.6.6 - Unauthenticated Stored Cross-Site Scripting

7.2
CVSS Rating
High (7.2)
CVE-ID
CVE-2023-34423
Patch Status
Patched
Published
Apr 27, 2024
Affected Software
Survey Maker – Best WordPress Survey Plugin
Researcher
More Details >

WP SMTP 1.2 - 1.2.6 - Authenticated (Admin+) SQL Injection

7.2
CVSS Rating
High (7.2)
CVE-ID
CVE-2024-1789
Patch Status
Patched
Published
Apr 25, 2024
Affected Software
WP SMTP
Researcher
More Details >

WP-Lister Lite for eBay <= 3.5.11 - Authenticated (Shop Manager+) Arbitrary File Upload

7.2
CVSS Rating
High (7.2)
CVE-ID
CVE-2024-32836
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
WP-Lister Lite for eBay
Researcher
More Details >

ARForms Form Builder <= 1.6.4 - Missing Authorization to Authenticated(Subscriber+) Arbitrary Option Deletion

7.1
CVSS Rating
High (7.1)
CVE-ID
CVE-2024-1945
Patch Status
Patched
Published
Apr 25, 2024
Affected Software
Contact Form, Survey & Popup Form Plugin for WordPress – ARForms Form Builder
Researcher
More Details >

5 Stars Rating Funnel <= 1.2.67 - Missing Authorization

6.5
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2024-32725
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
Build 5 Star Reviews on Google Reviews, Yelp, Facebook… easily and risk-free | RRatingg
Researcher
More Details >

Advanced Local Pickup for WooCommerce <= 1.6.1 - Missing Authorization to Notice Dismissal

6.5
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2024-32814
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
Advanced Local Pickup for WooCommerce
Researcher
More Details >

FOX – Currency Switcher Professional for WooCommerce <= 1.4.1.8 - Unauthenticated Arbitrary Shortcode Execution

6.5
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2024-3734
Patch Status
Patched
Published
Apr 24, 2024
Affected Software
FOX – Currency Switcher Professional for WooCommerce
Researcher
More Details >

Integrate Google Drive <= 1.3.9 - Missing Authorization

6.5
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2024-32813
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
Integrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files into Your WordPress Site
Researcher
More Details >

Royal Elementor Addons and Templates <= 1.3.971 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting

6.5
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2024-2798
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
Royal Elementor Addons and Templates
Researcher
More Details >

Tutor LMS <= 2.6.2 - Missing Authorization to Unauthenticated Limited Options Update

6.5
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2024-3553
Patch Status
Patched
Published
Apr 26, 2024
Affected Software
Tutor LMS – eLearning and online course solution
Researcher
More Details >

XStore Core <= 5.3.5 - Authenticated (Subscriber+) Limited Arbitrary File Download

6.5
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2024-33558
Patch Status
Unpatched
Published
Apr 25, 2024
Affected Software
XStore Core
Researcher
More Details >

Accessibility Widget <= 2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-32831
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
Accessibility Widget
Researcher
More Details >

Advanced Most Recent Posts Mod <= 1.6.5.2 - Authenticated (Author+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-33643
Patch Status
Unpatched
Published
Apr 25, 2024
Affected Software
Advanced Most Recent Posts Mod
Researcher
More Details >

Auto Featured Image (Auto Post Thumbnail) <= 4.0.0 - Authenticated (Author+) Server-Side Request Forgery

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-33629
Patch Status
Unpatched
Published
Apr 25, 2024
Affected Software
Auto Featured Image (Auto Post Thumbnail)
Researcher
More Details >

Blocksy <= 2.0.33 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-32961
Patch Status
Patched
Published
Apr 23, 2024
Affected Software
Blocksy
Researcher
More Details >

Blocksy <= 2.0.39 - Authenticated (Contributor+) Stored Cross-Site Scripting via About Me block

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-3747
Patch Status
Patched
Published
Apr 24, 2024
Affected Software
Blocksy
Researcher
More Details >

Colibri Page Builder <= 1.0.272 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'colibri_breadcrumb_element' Shortcode

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-3337
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
Colibri Page Builder
Researcher
More Details >

Collapse-O-Matic <= 1.8.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2023-7030
Patch Status
Patched
Published
Apr 23, 2024
Affected Software
Collapse-O-Matic
Researcher
More Details >

ColorNews <= 1.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-33540
Patch Status
Patched
Published
Apr 25, 2024
Affected Software
ColorNews
Researcher
More Details >

Content Views – Post Grid & Filter, Recent Posts, Category Posts, & More (Gutenberg Blocks and Shortcode) <= 3.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widget Post Overlay

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-3929
Patch Status
Patched
Published
Apr 24, 2024
Affected Software
Content Views – Post Grid & Filter, Recent Posts, Category Posts, & More (Gutenberg Blocks and Shortcode)
Researcher
More Details >

Culqi <= 3.0.14 - Authenticated (Subscriber+) Server-Side Request Forgery

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-32819
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
Culqi
Researcher
More Details >

Embed Google Photos album <= 2.1.9 - Authenticated (Contributor+) Server-Side Request Forgery

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-32775
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
Embed Google Photos album
Researcher
More Details >

Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.15 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4003
Patch Status
Patched
Published
Apr 24, 2024
Affected Software
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
Researcher
More Details >

Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via Filterable Gallery & Interactive Circle

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-3728
Patch Status
Patched
Published
Apr 24, 2024
Affected Software
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
Researcher
More Details >

Exclusive Addons for Elementor <= 2.6.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Widget

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-2750
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
Exclusive Addons for Elementor
Researcher
More Details >

Exclusive Addons for Elementor <= 2.6.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Call to Action

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-3985
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
Exclusive Addons for Elementor
Researcher
More Details >

Exclusive Addons for Elementor <= 2.6.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Expired Title

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-3489
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
Exclusive Addons for Elementor
Researcher
More Details >

FV Flowplayer Video Player <= 7.5.43.7212 - Authenticated (Subscriber+) Server-side Request Forgery

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-32955
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
FV Flowplayer Video Player
Researcher
More Details >

GeoDirectory – WordPress Business Directory Plugin, or Classified Directory <= 2.3.48 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'gd_single_tabs' Shortcode

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-3732
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
GeoDirectory – WordPress Business Directory Plugin, or Classified Directory
Researcher
More Details >

Getwid – Gutenberg Blocks <= 2.0.7 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via 'Countdown'

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-3588
Patch Status
Patched
Published
Apr 26, 2024
Affected Software
Getwid – Gutenberg Blocks
Researcher
More Details >

Happy Addons for Elementor <= 3.10.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Calendly Widget

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-3890
Patch Status
Patched
Published
Apr 25, 2024
Affected Software
Happy Addons for Elementor
Researcher
More Details >

Jeg Elementor Kit <= 2.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via JKit - Banner

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-3819
Patch Status
Patched
Published
Apr 26, 2024
Affected Software
Jeg Elementor Kit
Researcher
More Details >

Knowledge Base documentation & wiki plugin – BasePress <= 2.16.1 - Authenticated (Subscriber+) Server-Side Request Forgery

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-33590
Patch Status
Patched
Published
Apr 25, 2024
Affected Software
Knowledge Base documentation & wiki plugin – BasePress Docs
Researcher
More Details >

Opal Widgets For Elementor <= 1.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-33649
Patch Status
Unpatched
Published
Apr 25, 2024
Affected Software
Opal Widgets For Elementor
Researcher
More Details >

Photo Gallery - GT3 Image Gallery & Gutenberg Block Gallery <= 2.7.7.21 - Authenticated (Author+) Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4035
Patch Status
Patched
Published
Apr 24, 2024
Affected Software
Photo Gallery – GT3 Image Gallery & Gutenberg Block Gallery
Researcher
More Details >

Piotnet Addons For Elementor <= 2.4.26 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-33630
Patch Status
Unpatched
Published
Apr 25, 2024
Affected Software
Piotnet Addons For Elementor
Researcher
More Details >

Piotnet Addons For Elementor Pro <= 7.1.17 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-33631
Patch Status
Unpatched
Published
Apr 25, 2024
Affected Software
Piotnet Addons For Elementor Pro
Researcher
More Details >

Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX <= 4.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-3239
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX
Researcher
More Details >

Premium Addons for Elementor <= 4.10.25 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-32791
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
Premium Addons for Elementor
Researcher
More Details >

Premium Addons for Elementor <= 4.10.28 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-3885
Patch Status
Patched
Published
Apr 23, 2024
Affected Software
Premium Addons for Elementor
Researcher
More Details >

Premium Addons for Elementor <= 4.10.28 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'arrow_style'

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-3647
Patch Status
Patched
Published
Apr 24, 2024
Affected Software
Premium Addons for Elementor
Researcher
More Details >

Pretty Google Calendar <= 1.7.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-33640
Patch Status
Patched
Published
Apr 25, 2024
Affected Software
Pretty Google Calendar
Researcher
More Details >

ProfileGrid <= 5.7.1 - Authenticated (Contributor+) SQL Injection

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-30241
Patch Status
Patched
Published
Apr 26, 2024
Affected Software
ProfileGrid – User Profiles, Groups and Communities
Researcher
More Details >

Qi Addons For Elementor <= 1.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown widget

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-3309
Patch Status
Patched
Published
Apr 26, 2024
Affected Software
Qi Addons For Elementor
Researcher
More Details >

Radio Player <= 2.0.73 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-29811
Patch Status
Patched
Published
Apr 25, 2024
Affected Software
Radio Player – Live Shoutcast, Icecast and Any Audio Stream Player for WordPress
Researcher
More Details >

Rank Math SEO with AI SEO Tools <= 1.0.216 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'titleWrapper'

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-3665
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
Rank Math SEO with AI Best SEO Tools
Researcher
More Details >

Recencio Book Reviews <= 1.66.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-33648
Patch Status
Unpatched
Published
Apr 25, 2024
Affected Software
Recencio Book Reviews
Researcher
More Details >

RomethemeKit For Elementor <= 1.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-32956
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
RomethemeKit For Elementor
Researcher
More Details >

Royal Elementor Addons and Templates <= 1.3.971 - Authenticated (Contributor+) Stored Cross-Site Scripting via Advanced Accordion Title Tags

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-3889
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
Royal Elementor Addons and Templates
Researcher
More Details >

Royal Elementor Addons and Templates <= 1.3.971 - Authenticated (Contributor+) Stored Cross-Site Scripting via Flip Carousel, Flip Box, Post Grid, and Taxonomy List Widget Attributes

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-3675
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
Royal Elementor Addons and Templates
Researcher
More Details >

Royal Elementor Addons and Templates <= 1.3.971 - Authenticated (Contributor+) Stored Cross-Site Scripting via HTML Tags

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-2799
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
Royal Elementor Addons and Templates
Researchers
More Details >

Save as PDF plugin by Pdfcrowd <= 3.2.0 - Missing Authorization

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-33684
Patch Status
Patched
Published
Apr 26, 2024
Affected Software
Save as PDF Plugin by Pdfcrowd
Researcher
More Details >

Schema & Structured Data for WP & AMP <= 1.29 - Authenticated (Contributor+) Stored Cross-Site Scripting via How To and FAQ Blocks

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-3491
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
Schema & Structured Data for WP & AMP
Researcher
More Details >

Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) <= 3.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Sina Fancy Text Widget

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-3988
Patch Status
Patched
Published
Apr 24, 2024
Affected Software
Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates)
Researcher
More Details >

Social Sharing Plugin – Social Warfare <= 4.4.6.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-1959
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
Social Sharing Plugin – Social Warfare
Researcher
More Details >

The Pack Elementor addons (Header Footer & WooCommerce Builder, Template Library) <= 2.0.8.2 - Authenticated (Subscriber+) Server-Side Request Forgery

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-32718
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
The Pack Elementor addons (Header Footer & WooCommerce Builder, Template Library)
Researcher
More Details >

The Plus Addons for Elementor <= 5.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-3199
Patch Status
Patched
Published
Apr 25, 2024
Affected Software
The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce
Researcher
More Details >

The Plus Addons for Elementor <= 5.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Attributes

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-3197
Patch Status
Patched
Published
Apr 25, 2024
Affected Software
The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce
Researcher
More Details >

Ultimate 410 Gone Status Code <= 1.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-3677
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
Ultimate 410 Gone Status Code
Researcher
More Details >

Virtue <= 3.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Author

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4034
Patch Status
Patched
Published
Apr 25, 2024
Affected Software
Virtue
Researcher
More Details >

WP Portfolio <= 2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-33537
Patch Status
Patched
Published
Apr 25, 2024
Affected Software
WP Portfolio
Researcher
More Details >

WP Shortcodes Plugin — Shortcodes Ultimate <= 7.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via su_lightbox

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-3548
Patch Status
Patched
Published
Apr 24, 2024
Affected Software
WP Shortcodes Plugin — Shortcodes Ultimate
Researcher
More Details >

WP ULike <= 4.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-1572
Patch Status
Patched
Published
Apr 26, 2024
Affected Software
WP ULike – Most Advanced WordPress Marketing Toolkit
Researcher
More Details >

WP ULike <= 4.6.9 - Authenticated (Subscriber+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-1759
Patch Status
Patched
Published
Apr 26, 2024
Affected Software
WP ULike – Most Advanced WordPress Marketing Toolkit
Researcher
More Details >

WPC Composite Products for WooCommerce <= 7.2.7 - Authenticated (Subscriber+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-2838
Patch Status
Patched
Published
Apr 26, 2024
Affected Software
WPC Composite Products for WooCommerce
Researcher
More Details >

wpDiscuz <= 7.6.15 - Authenticated (Author+) Stored Cross-Site Scripting via Uploaded Image Alternative Text

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-2477
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
Comments – wpDiscuz
Researcher
More Details >

WPZOOM Addons for Elementor (Templates, Widgets) <= <=1.1.35 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-33539
Patch Status
Patched
Published
Apr 25, 2024
Affected Software
WPZOOM Addons for Elementor (Templates, Widgets)
Researcher
More Details >

XStore Core <= 5.3.5 - Missing Authorization

6.3
CVSS Rating
Medium (6.3)
CVE-ID
CVE-2024-33555
Patch Status
Unpatched
Published
Apr 25, 2024
Affected Software
XStore Core
Researcher
More Details >

ARforms <= 6.4 - Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-32702
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
ARforms
Researcher
More Details >

Base64 Encoder/Decoder <= 0.9.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-3823
Patch Status
Unpatched
Published
Apr 24, 2024
Affected Software
Base64 Encoder/Decoder
Researcher
More Details >

Base64 Encoder/Decoder <= 0.9.2 - Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-3822
Patch Status
Unpatched
Published
Apr 24, 2024
Affected Software
Base64 Encoder/Decoder
Researcher
More Details >

Cornerstone <= 0.8.0 - Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-28002
Patch Status
Patched
Published
Apr 26, 2024
Affected Software
Cornerstone
Researcher
More Details >

Easy Set Favicon <= 1.1 - Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-33645
Patch Status
Unpatched
Published
Apr 25, 2024
Affected Software
Easy Set Favicon
Researcher
More Details >

Fancy Product Designer <= 6.1.7 - Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-0905
Patch Status
Patched
Published
Apr 26, 2024
Affected Software
Fancy Product Designer
Researcher
More Details >

Header Footer Code Manager Pro <= 1.0.16 - Reflected Cross-Site Scripting via message

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-3473
Patch Status
Patched
Published
Apr 25, 2024
Affected Software
Header Footer Code Manager Pro
Researcher
More Details >

Interactive World Maps <= 2.4.14 - Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-3681
Patch Status
Patched
Published
Apr 24, 2024
Affected Software
Interactive World Maps
Researcher
More Details >

Max Addons Pro for Bricks <= 1.6.1 - Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-32952
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
Max Addons Pro for Bricks
Researcher
More Details >

Piotnet Addons For Elementor Pro <= 7.1.17 - Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-33633
Patch Status
Unpatched
Published
Apr 25, 2024
Affected Software
Piotnet Addons For Elementor Pro
Researcher
More Details >

Seers | GDPR & CCPA Cookie Consent & Compliance <= 8.1.0 - Cross-Site Request Forgery

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-32789
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
Seers | GDPR & CCPA Cookie Consent & Compliance
Researcher
More Details >

Slash Admin <= 3.8.1 - Cross-Site Request Forgery

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-32958
Patch Status
Patched
Published
Apr 23, 2024
Affected Software
Slash Admin
Researcher
More Details >

The Pack Elementor addons (Header Footer & WooCommerce Builder, Template Library) <= 2.0.8.3 - Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-32785
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
The Pack Elementor addons (Header Footer & WooCommerce Builder, Template Library)
Researcher
More Details >

UDesign <= 4.7.3 - Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-4077
Patch Status
Unpatched
Published
Apr 23, 2024
Affected Software
uDesign - Responsive WordPress Theme
Researcher
More Details >

Video Conferencing with Zoom <= 4.4.4 - Open Redirect

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-33584
Patch Status
Patched
Published
Apr 25, 2024
Affected Software
Video Conferencing with Zoom
Researcher
More Details >

VOD Infomaniak <= 1.5.6 - Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-33571
Patch Status
Unpatched
Published
Apr 25, 2024
Affected Software
VOD Infomaniak
Researcher
More Details >

WooCommerce Amazon Affiliates - Wordpress Plugin <= 14.0.10 - Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-33548
Patch Status
Unpatched
Published
Apr 25, 2024
Affected Software
WooCommerce Amazon Affiliates - Wordpress Plugin
Researcher
More Details >

WP Media Category Management <= 2.2 - Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-32950
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
WP Media Category Management
Researcher
More Details >

XStore <= 9.3.5 - Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-33562
Patch Status
Unpatched
Published
Apr 25, 2024
Affected Software
XStore
Researcher
More Details >

XStore Core <= 5.3.5 - Reflected Cross-Site Scripting

6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-33554
Patch Status
Unpatched
Published
Apr 25, 2024
Affected Software
XStore Core
Researcher
More Details >

Absolutely Glamorous Custom Admin <= 7.2.3 - Authenticated (Admin+) Server-Side Request Forgery

5.5
CVSS Rating
Medium (5.5)
CVE-ID
CVE-2024-33627
Patch Status
Patched
Published
Apr 24, 2024
Affected Software
AGCA – Custom Dashboard & Login Page
Researcher
More Details >

Academy LMS <= 1.9.16 - Missing Authorization

5.4
CVSS Rating
Medium (5.4)
CVE-ID
CVE-2024-32714
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
Academy LMS – eLearning and online course solution for WordPress
Researcher
More Details >

Colibri Page Builder <= 1.0.272 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'colibri-gallery-slideshow' Shortcode

5.4
CVSS Rating
Medium (5.4)
CVE-ID
CVE-2024-3340
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
Colibri Page Builder
Researcher
More Details >

Crelly Slider <= 1.4.5 - Authenticated (Subscriber+) Insecure Direct Object Reference

5.4
CVSS Rating
Medium (5.4)
CVE-ID
CVE-2024-33542
Patch Status
Unpatched
Published
Apr 25, 2024
Affected Software
Crelly Slider
Researcher
More Details >

myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin <= 2.6.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting

5.4
CVSS Rating
Medium (5.4)
CVE-ID
CVE-2024-32711
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin
Researcher
More Details >

Simple Membership <= 4.4.3 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode

5.4
CVSS Rating
Medium (5.4)
CVE-ID
CVE-2024-3730
Patch Status
Patched
Published
Apr 24, 2024
Affected Software
Simple Membership
Researcher
More Details >

Tutor LMS – eLearning and online course solution <= 2.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'tutor_instructor_list' Shortcode

5.4
CVSS Rating
Medium (5.4)
CVE-ID
CVE-2024-3994
Patch Status
Patched
Published
Apr 24, 2024
Affected Software
Tutor LMS – eLearning and online course solution
Researcher
More Details >

Ultimate Blocks <= 3.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Advanced Heading

5.4
CVSS Rating
Medium (5.4)
CVE-ID
CVE-2024-3241
Patch Status
Patched
Published
Apr 23, 2024
Affected Software
Ultimate Blocks – WordPress Blocks Plugin
Researchers
More Details >

Advanced Testimonial Carousel for Elementor <= 3.0.0 - Missing Authorization

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-32783
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
Advanced Testimonial Carousel for Elementor
Researcher
More Details >

Analytify <= 5.2.1 - Missing Authorization to Unauthenticated Google Analytics Tracking ID Modification

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-1584
Patch Status
Patched
Published
Apr 26, 2024
Affected Software
Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy)
Researcher
More Details >

Appointment Hour Booking <= 1.4.56 - Captcha Bypass

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-32720
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
Appointment Hour Booking – WordPress Booking Plugin
Researcher
More Details >

AppPresser <= 4.3.0 - Missing Authorization

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-32776
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
AppPresser – Mobile App Framework
Researcher
More Details >

ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup <= 4.0.28 - Missing Authorization

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-32948
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup
Researcher
More Details >

Assistant – Every Day Productivity Apps <= 1.4.9.1 - Unauthenticated Sensitive Information Exposure

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-33538
Patch Status
Patched
Published
Apr 25, 2024
Affected Software
Assistant – Every Day Productivity Apps
Researcher
More Details >

Barcode Scanner with Inventory & Order Manager <= 1.5.3 - Missing Authorization

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-33565
Patch Status
Patched
Published
Apr 25, 2024
Affected Software
Barcode Scanner and Inventory manager. POS (Point of Sale) – scan barcodes & create orders with barcode reader.
Researcher
More Details >

BizPrint <= 4.3.39 - Missing Authorization via showTemplatePreview()

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-32777
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
BizPrint – Print WooCommerce Order Receipts, Invoices, Labels & More.
Researcher
More Details >

Blog2Social: Social Media Auto Post & Scheduler <= 7.4.2 - Information Exposure

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-3678
Patch Status
Patched
Published
Apr 25, 2024
Affected Software
Blog2Social: Social Media Auto Post & Scheduler
Researcher
More Details >

BP Better Messages <= 2.4.32 - Missing Authorization

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-32802
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss
Researcher
More Details >

Classified Listing – Classified ads & Business Directory Plugin <= 3.0.10.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Attachment Deletion

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-3893
Patch Status
Patched
Published
Apr 24, 2024
Affected Software
Classified Listing – Classified ads & Business Directory Plugin
Researcher
More Details >

Client Dash <= 2.2.1 - Missing Authorization

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-33652
Patch Status
Unpatched
Published
Apr 25, 2024
Affected Software
Client Dash
Researcher
More Details >

Contact Form 7 Database Addon – CFDB7 <= 1.2.6.8 - Unauthenticated Sensitive Information Exposure

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-3870
Patch Status
Patched
Published
Apr 26, 2024
Affected Software
Contact Form 7 Database Addon – CFDB7
Researcher
More Details >

CookieHub <= 1.1.0 - Missing Authorization

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-32784
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
CookieHub – Cookie Consent Banner (DSGVO, CCPA, RGPD and GDPR compliance)
Researcher
More Details >

Easy Accept Payments <= 4.9.10 - Missing Authorization

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-33591
Patch Status
Patched
Published
Apr 25, 2024
Affected Software
Easy Accept Payments via PayPal
Researcher
More Details >

Easy Property Listings <= 3.5.3 - Missing Authorization via epl_update_listing_coordinates()

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-32799
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
Easy Property Listings
Researcher
More Details >

Email Customizer for WooCommerce | Drag and Drop Email Templates Builder <= 2.6.0 - Information Exposure

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-32781
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
Email Customizer for WooCommerce | Drag and Drop Email Templates Builder
Researcher
More Details >

Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.15 - Information Exposure

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-3733
Patch Status
Patched
Published
Apr 24, 2024
Affected Software
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
Researcher
More Details >

FG Joomla to WordPress <= 4.20.2 - Sensitive Information Exposure

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-32788
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
FG Joomla to WordPress
Researcher(s): Unknown
More Details >

Frontend Dashboard <= 2.2.2 -

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-32726
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
Frontend Dashboard
Researcher
More Details >

Giveaways and Contests by RafflePress <= 1.12.7 - Unauthenticated IP Spoofing

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-32827
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers
Researcher
More Details >

Hummingbird <= 3.7.3 - Missing Authorization

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-32792
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
Hummingbird – Cache & Page Speed Optimization for Core Web Vitals | Critical CSS | Minify CSS | Defer CSS Javascript
Researcher
More Details >

Integrate Google Drive <= 1.3.8 - Missing Authorization

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-32949
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
Integrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files into Your WordPress Site
Researcher
More Details >

Leaky Paywall <= 4.20.8 - Missing Authorization to Price Manipulation

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-33594
Patch Status
Patched
Published
Apr 25, 2024
Affected Software
Leaky Paywall
Researcher
More Details >

Login with phone number <= 1.6.93 - Missing Authorization

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-32832
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
Login with phone number
Researcher
More Details >

Maintenance Mode by helderk <= 3.0.1 - Unauthenticated IP Spoofing

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-32708
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
Maintenance Mode
Researcher
More Details >

Max Addons Pro for Bricks <= 1.6.1 - Missing Authorization

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-32951
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
Max Addons Pro for Bricks
Researcher
More Details >

Newsletters <= 4.9.5 - Information Exposure via Log files

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-32953
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
Newsletters
Researcher
More Details >

Photo Gallery by 10Web <= 1.8.20 - Missing Authorization

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-33586
Patch Status
Patched
Published
Apr 25, 2024
Affected Software
Photo Gallery by 10Web – Mobile-Friendly Image Gallery
Researcher
More Details >

Piotnet Addons For Elementor Pro <= 7.1.17 - Missing Authorization to Arbitrary Post/Page Deletion

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-33635
Patch Status
Unpatched
Published
Apr 25, 2024
Affected Software
Piotnet Addons For Elementor Pro
Researcher
More Details >

Popup Box – Best WordPress Popup Plugin <= 4.3.6 - Missing Authorization to Information Exposure

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-3897
Patch Status
Patched
Published
Apr 24, 2024
Affected Software
Popup Box – Best WordPress Popup Plugin
Researcher
More Details >

Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks <= 2.2.78 - Unauthenticated Sensitive Information Exposure

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-32816
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks
Researcher
More Details >

ProfileGrid <= 5.8.2 - Bypass Group Members Limit

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-32774
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
ProfileGrid – User Profiles, Groups and Communities
Researcher
More Details >

Rate My Post – Star Rating Plugin by FeedbackWP <= 3.4.4 - Insecure Direct Object Reference

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-32823
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
Rate My Post – Star Rating Plugin by FeedbackWP
Researcher
More Details >

RomethemeForm For Elementor <= 1.1.2 - Missing Authorization

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-32727
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
RomethemeForm For Elementor
Researcher
More Details >

Royal Elementor Addons <= 1.3.93 - Unauthenticated IP Spoofing

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-32786
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
Royal Elementor Addons and Templates
Researcher
More Details >

Secure Copy Content Protection and Content Locking <= 3.9.0 - Missing Authorization

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-33587
Patch Status
Patched
Published
Apr 25, 2024
Affected Software
Secure Copy Content Protection and Content Locking
Researcher
More Details >

Send PDF for Contact Form 7 <= 1.0.2.3 - Missing Authorization

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-3585
Patch Status
Patched
Published
Apr 23, 2024
Affected Software
Send PDF for Contact Form 7
Researcher
More Details >

Sharkdropship dropshipping for Aliexpress, eBay, Amazon, etsy <= 2.1.1 - Unauthenticated Arbitrary Content Deletion

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-32724
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
SharkDropship and Affiliate for AliExpress, eBay, Amazon, Etsy
Researcher(s): Unknown
More Details >

Simply Static <= 3.1.3 - Unauthenticated Information Exposure

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-32825
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
Simply Static
Researcher
More Details >

Social Snap <= 1.3.5 - Missing Authorization

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-32805
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
Social Share Buttons, Social Sharing Icons, Click to Tweet — Social Media Plugin by Social Snap
Researcher
More Details >

Solid Affiliate <= 1.9.1 - Sensitive Information Exposure

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-33637
Patch Status
Unpatched
Published
Apr 25, 2024
Affected Software
Solid Affiliate
Researcher
More Details >

SSU <= 1.5.0 - Missing Authorization

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-33597
Patch Status
Patched
Published
Apr 25, 2024
Affected Software
SSU – WordPress Amazon S3 & Wasabi Smart File Uploads Plugin
Researcher
More Details >

StreamWeasels Twitch Integration <= 1.7.8 - Unauthenticated Sensitive Information Exposure

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-32716
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
StreamWeasels Twitch Integration
Researcher
More Details >

Survey Maker <= 4.0.9 - IP Address Spoofing

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2023-35764
Patch Status
Patched
Published
Apr 27, 2024
Affected Software
Survey Maker – Best WordPress Survey Plugin
Researcher
More Details >

User Meta <= 3.0 - Unauthenticated Sensitive Information Exposure

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-33575
Patch Status
Patched
Published
Apr 25, 2024
Affected Software
User Meta – User Profile Builder and User management plugin
Researcher
More Details >

USPS Shipping for WooCommerce – Live Rates <= 1.9.4 - Sensitive Information Exposure

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-32811
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
USPS Shipping for WooCommerce – Live Rates
Researcher
More Details >

VikRentCar Car Rental Management System <= 1.3.2 - Information Exposure

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-32780
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
VikRentCar Car Rental Management System
Researcher
More Details >

Vision Interactive <= 1.7.1 - Missing Authorization

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-32779
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
Vision – Image Map Builder
Researcher
More Details >

VK Block Patterns <= 1.31.0 - Missing Authorization

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-32826
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
VK Block Patterns
Researcher
More Details >

WooCommerce Amazon Affiliates - Wordpress Plugin <= 14.0.10 - Missing Authorization

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-33545
Patch Status
Unpatched
Published
Apr 25, 2024
Affected Software
WooCommerce Amazon Affiliates - Wordpress Plugin
Researcher
More Details >

WP Club Manager <= 2.2.11 - Missing Authorization

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-32719
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
WP Club Manager – WordPress Sports Club Plugin
Researcher
More Details >

WP Fusion Lite – Marketing Automation and CRM Integration for WordPress <= 3.42.10 - Information Exposure

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-32796
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
WP Fusion Lite – Marketing Automation and CRM Integration for WordPress
Researcher
More Details >

WP STAGING <= 3.4.3 and WP STAGING Pro <= 5.4.3 - Sensitive Information Exposure via Log File

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-3682
Patch Status
Patched
Published
Apr 25, 2024
Affected Software
WP STAGING WordPress Backup Plugin – Migration Backup Restore
WP STAGING Pro WordPress Backup Plugin
Researcher
More Details >

WP Time Slots Booking Form <= 1.2.06 - Unauthenticated Price Manipulation

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-33543
Patch Status
Patched
Published
Apr 25, 2024
Affected Software
WP Time Slots Booking Form
Researcher
More Details >

WP Travel Engine <= 5.8.0 - Unauthenticated Price Manipulation

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-32798
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
WP Travel Engine – Best Travel Booking WordPress Plugin, Tour Booking System
Researcher
More Details >

WP-Members Membership Plugin <= 3.4.9.3 - Unprotected Storage of Potentially Sensitive Files

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-2920
Patch Status
Patched
Published
Apr 25, 2024
Affected Software
WP-Members Membership Plugin
Researcher
More Details >

XStore <= 9.3.5 - Missing Authorization

5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-33561
Patch Status
Unpatched
Published
Apr 25, 2024
Affected Software
XStore
Researcher
More Details >

Advanced Floating Content Lite <= 1.2.5 - Authenticated (Editor+) Stored Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-32723
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
Advanced Floating Content Lite
Researcher
More Details >

Advanced Post List <= 0.5.6.1 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-33642
Patch Status
Unpatched
Published
Apr 25, 2024
Affected Software
Advanced Post List
Researcher
More Details >

All-in-one Like Widget <= 2.2.7 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-32815
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
All-in-one Like Widget
Researcher
More Details >

Annual Archive <= 1.6.0 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-33598
Patch Status
Unpatched
Published
Apr 25, 2024
Affected Software
Annual Archive
Researcher
More Details >

CF7 File Download – File Download for CF7 <= 2.0 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-33697
Patch Status
Unpatched
Published
Apr 26, 2024
Affected Software
CF7 File Download – File Download for CF7
Researcher
More Details >

Colibri Page Builder <= 1.0.262 - Authenticated (Author+) Stored Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-3338
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
Colibri Page Builder
Researcher
More Details >

Coupon & Discount Code Reveal Button <= 1.2.5 - Authenticated (Editor+) Stored Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-32722
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
Coupon & Discount Code Reveal Button
Researcher
More Details >

Fan Page Widget by ThemeNcode <= 2.0 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-33695
Patch Status
Patched
Published
Apr 26, 2024
Affected Software
Fan Page Widget by ThemeNcode
Researcher
More Details >

FileOrganizer and FileOrganizer Pro <= 1.0.6 - Authenticated Stored Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-2324
Patch Status
Patched
Published
Apr 23, 2024
Affected Software
FileOrganizer – Manage WordPress and Website Files
Researcher
More Details >

Filterable Portfolio <= 1.6.4 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-4234
Patch Status
Unpatched
Published
Apr 26, 2024
Affected Software
Filterable Portfolio
Researcher
More Details >

Form Maker by 10Web <= 1.15.24 - Authenticated (Subscriber+) Stored Self-Based Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-2258
Patch Status
Patched
Published
Apr 26, 2024
Affected Software
Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder
Researcher
More Details >

HL Twitter <= 2014.1.18 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-3630
Patch Status
Unpatched
Published
Apr 24, 2024
Affected Software
HL Twitter
Researcher
More Details >

Image Slider <= 1.1.125 - Authenticated (Editor+) Stored Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-32707
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
Image Slider
Researcher
More Details >

List Custom Taxonomy Widget <= 4.1 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-32833
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
List Custom Taxonomy Widget
Researcher
More Details >

Meks Smart Social Widget <= 1.6.4 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-33693
Patch Status
Unpatched
Published
Apr 26, 2024
Affected Software
Meks Smart Social Widget
Researcher
More Details >

Meks ThemeForest Smart Widget <= 1.6 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-33694
Patch Status
Unpatched
Published
Apr 26, 2024
Affected Software
Meks ThemeForest Smart Widget
Researcher
More Details >

month name translation benaceur <= 2.3.7 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-3634
Patch Status
Patched
Published
Apr 24, 2024
Affected Software
month name translation benaceur
Researcher
More Details >

Nextgen Gallery <= 3.59 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-2744
Patch Status
Patched
Published
Apr 26, 2024
Affected Software
NextGEN Gallery – Create an Amazing Photo Gallery in Seconds
Researcher
More Details >

PopupAlly <= 2.1.1 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-33639
Patch Status
Unpatched
Published
Apr 25, 2024
Affected Software
PopupAlly
Researcher
More Details >

Smart Recent Posts Widget <= 1.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-33692
Patch Status
Unpatched
Published
Apr 26, 2024
Affected Software
Smart Recent Posts Widget
Researcher
More Details >

TeraWallet – Best WooCommerce Wallet System With Cashback Rewards, Partial Payment, Wallet Refunds <= 1.5.0 - Authenticated (Shop Manager+) Stored Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-32584
Patch Status
Patched
Published
Apr 24, 2024
Affected Software
Wallet for WooCommerce – Best WooCommerce Wallet System With Cashback Rewards, Partial Payment, Wallet Refunds
Researcher
More Details >

Widget Post Slider <= 1.3.5. - Authenticated (Admin+) Stored Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-32801
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
Widget Post Slider
Researcher
More Details >

WordPress Ad Widget <= 2.20.0 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-33696
Patch Status
Unpatched
Published
Apr 26, 2024
Affected Software
WordPress Ad Widget
Researcher
More Details >

Admin Bar Remover <= 1.0.2.2 - Missing Authorization to Authenticated (Subscriber+) Settings Update

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-1716
Patch Status
Patched
Published
Apr 26, 2024
Affected Software
Admin Bar Editor – Hide Toolbar by User Roles
Researcher
More Details >

ARForms <= 6.4 - Missing Authorization to Arbitrary Option Deletion

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32704
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
ARforms
Researcher
More Details >

ARForms <= 6.4 - Missing Authorization to Arbitrary Plugin Activation/Deactivation

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32705
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
ARforms
Researcher
More Details >

Base64 Encoder/Decoder <= 0.9.2 - Cross-Site Request Forgery to Setting Reset

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-3824
Patch Status
Unpatched
Published
Apr 24, 2024
Affected Software
Base64 Encoder/Decoder
Researcher
More Details >

ClickCease Click Fraud Protection <= 3.2.5 - Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-33678
Patch Status
Unpatched
Published
Apr 26, 2024
Affected Software
ClickCease Click Fraud Protection
Researcher
More Details >

CM Tooltip Glossary – Powerful Glossary Plugin <= 4.2.11 - Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-4086
Patch Status
Patched
Published
Apr 24, 2024
Affected Software
CM Tooltip Glossary
Researcher
More Details >

ColibriWP Theme framework <= (Various Versions) - Missing Authorization

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-33686
Patch Status
Patched
Published
Apr 26, 2024
Affected Software
Colibri WP
Elevate WP
Althea WP
Hugo WP
Pathway
Brite
Vertice
Teluro
Calliope
Researcher
More Details >

Contact Form 7 Extension For Mailchimp <= 0.5.70 - Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-33677
Patch Status
Unpatched
Published
Apr 26, 2024
Affected Software
Contact Form 7 Extension For Mailchimp
Researcher
More Details >

Contest Gallery <= 21.3.4 - Authenticated (Author+) Arbitrary File Deletion

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32778
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Competition Plugin for WordPress
Researcher
More Details >

Data Tables Generator by Supsystic <= 1.10.31 - Missing Authorization

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32829
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
Data Tables Generator by Supsystic
Researcher
More Details >

Elespare – Build Your Blog, News & Magazine Websites with Expert-Designed Template Kits. One Click Import: No Coding Skills Required! <= 2.1.2 - Missing Authorization to Subscriber+ Arbitrary Post Creation

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-0900
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
Elespare – Blog, Magazine and Newspaper Addons for Elementor with Templates, Widgets, Kits, and Header/Footer Builder. One Click Import: No Coding Required!
Researcher
More Details >

EPROLO Dropshipping <= 1.7.1 - Missing Authorization

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-33573
Patch Status
Patched
Published
Apr 25, 2024
Affected Software
EPROLO Dropshipping
Researcher
More Details >

Evergreen Content Poster <= 1.4.2 - Missing Authorization

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32824
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
Evergreen Content Poster – Auto Post and Schedule Your Best Content to Social Media
Researcher
More Details >

FameTheme Demo Importer <= 1.1.5 - Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-33679
Patch Status
Unpatched
Published
Apr 26, 2024
Affected Software
FameTheme Demo Importer
Researcher
More Details >

Financio <= 1.1.3 - Cross-Site Request Forgery to Notice Dismissal

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-33690
Patch Status
Patched
Published
Apr 25, 2024
Affected Software
Financio
Researcher
More Details >

Five Star Restaurant Reservations <= 2.6.16 - Missing Authorization

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-33596
Patch Status
Patched
Published
Apr 25, 2024
Affected Software
Five Star Restaurant Reservations – WordPress Booking Plugin
Researcher
More Details >

Flexible Shipping <= 4.24.15 - Missing Authorization

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32828
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
Table Rate Shipping Method for WooCommerce by Flexible Shipping
Researcher
More Details >

Headline Analyzer <= 1.3.3 - Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32806
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
Headline Analyzer
Researcher
More Details >

Hide Dashboard Notifications <= 1.2.3 - Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-33683
Patch Status
Patched
Published
Apr 26, 2024
Affected Software
Hide Dashboard Notifications
Researcher
More Details >

HL Twitter <= 2014.1.18 - Cross-Site Request Forgery to Settings Update

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-3629
Patch Status
Unpatched
Published
Apr 24, 2024
Affected Software
HL Twitter
Researcher
More Details >

HL Twitter <= 2014.1.18 - Cross-Site Request Forgery to Twitter Account Unlink

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-3631
Patch Status
Unpatched
Published
Apr 24, 2024
Affected Software
HL Twitter
Researcher
More Details >

HT Mega – Absolute Addons For Elementor <= 2.4.7 - Missing Authorization to Information Exposure

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32782
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
HT Mega – Absolute Addons For Elementor
Researcher
More Details >

InstaWP Connect <= 0.1.0.24 - Missing Authorization

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32701
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
InstaWP Connect – 1-click WP Staging & Migration
Researcher
More Details >

KB Support <= 1.6.0 - Missing Authorization

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-33589
Patch Status
Patched
Published
Apr 25, 2024
Affected Software
KB Support – WordPress Help Desk and Knowledge Base
Researcher
More Details >

Knowledge Base documentation & wiki plugin – BasePress <= 2.16.1 - Missing Authorization

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-33588
Patch Status
Patched
Published
Apr 25, 2024
Affected Software
Knowledge Base documentation & wiki plugin – BasePress Docs
Researcher
More Details >

MainWP Child Reports <= 2.1.1 - Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-33680
Patch Status
Patched
Published
Apr 26, 2024
Affected Software
MainWP Child Reports
Researcher
More Details >

Master Addons for Elementor <= 2.0.5.4.1 - Missing Authorization on Duplicate Post

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-33595
Patch Status
Patched
Published
Apr 25, 2024
Affected Software
Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor
Researcher
More Details >

Metform Elementor Contact Form Builder <= 3.8.3 - Missing Authorization to Notice Dismissal

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-33570
Patch Status
Patched
Published
Apr 25, 2024
Affected Software
MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor
Researcher
More Details >

MF Gig Calendar <= 1.2.1 - Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-33651
Patch Status
Unpatched
Published
Apr 25, 2024
Affected Software
MF Gig Calendar
Researcher
More Details >

Multiple Plugins by tychesoftwares <= (Various Versions) - Missing Authorization to Notice Dismissal

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-4233
Patch Status
Patched
Published
Apr 26, 2024
Affected Software
Arconix Shortcodes
Arconix FAQ
Print Invoice & Delivery Notes for WooCommerce
Researcher
More Details >

Multiple Themes by jegstudio <= (Various Versions) - Missing Authorization to Notice Dismissal

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-33685
Patch Status
Patched
Published
Apr 26, 2024
Affected Software
Intrace
Travey
Startupzy
Zeever
Photology
Accountra
Researcher
More Details >

Page Builder: Live Composer <= 1.5.38 - Missing Authorization

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32957
Patch Status
Patched
Published
Apr 23, 2024
Affected Software
Page Builder: Live Composer
Researcher
More Details >

Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction <= 2.11.0 - Cross-Site Request Forgery to Notice Dismissal

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32728
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction
Researcher
More Details >

Payment Gateway Based Fees and Discounts for WooCommerce <= 2.12.1 - Cross-Site Request Forgery to Notice Dismissal

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-33585
Patch Status
Patched
Published
Apr 25, 2024
Affected Software
Payment Gateway Based Fees and Discounts for WooCommerce
Researcher
More Details >

Piotnet Addons For Elementor Pro <= 7.1.17 - Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-33632
Patch Status
Unpatched
Published
Apr 25, 2024
Affected Software
Piotnet Addons For Elementor Pro
Researcher
More Details >

Podlove Podcast Publisher <= 4.0.11 - Authenticated (Contributor+) Server-Side Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32812
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
Podlove Podcast Publisher
Researcher
More Details >

Podlove Podcast Publisher <= 4.0.14 - Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32712
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
Podlove Podcast Publisher
Researcher
More Details >

Popup Builder by OptinMonster – WordPress Popups for Optins, Email Newsletters and Lead Generation <= 2.15.3 - Cross-Site Request Forgery to Notice Dismissal

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-33691
Patch Status
Patched
Published
Apr 26, 2024
Affected Software
Popup Builder by OptinMonster – WordPress Popups for Optins, Email Newsletters and Lead Generation
Researcher
More Details >

ProfileGrid – User Profiles, Memberships, Groups and Communities <= 5.7.9 - Insecure Direct Object Reference

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32808
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
ProfileGrid – User Profiles, Groups and Communities
Researcher
More Details >

ProfileGrid – User Profiles, Memberships, Groups and Communities <= 5.7.9 - Insecure Direct Object Reference

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32772
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
ProfileGrid – User Profiles, Groups and Communities
Researcher
More Details >

PropertyHive <= 2.0.12 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-3607
Patch Status
Patched
Published
Apr 24, 2024
Affected Software
PropertyHive
Researcher
More Details >

Quick Featured Images <= 13.7.0 - Missing Authorization to Authenticated (Contributor+) Arbitrary Thumbnail Deletion/Setting

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-3664
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
Quick Featured Images
Researcher
More Details >

Radio Station by netmix® – Manage and play your Show Schedule in WordPress! <= 2.5.7 - Cross-Site Request Forgery to Notice Dismissal

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-33689
Patch Status
Patched
Published
Apr 26, 2024
Affected Software
Radio Station by netmix® – Manage and play your Show Schedule in WordPress!
Researcher
More Details >

Reviews Plus <= 1.3.4 - Missing Authorization to Notice Dismissal

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32822
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
Reviews Plus
Researcher
More Details >

Royal Elementor Kit <= 1.0.116 - Cross-Site Request Forgery to Notice Dismissal

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32773
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
Royal Elementor Kit
Researcher
More Details >

Salon booking system <= 9.6.5 - Cross-Site Request Forgery to Settings Update

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-2429
Patch Status
Patched
Published
Apr 26, 2024
Affected Software
Salon booking system
Researcher
More Details >

SchedulePress <= 5.0.8 - Missing Authorization

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32717
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
SchedulePress – Best Editorial Calendar, Missed Schedule & Auto Social Share
Researcher
More Details >

Secure Copy Content Protection and Content Locking <= 3.7.1 - Missing Authorization

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32787
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
Secure Copy Content Protection and Content Locking
Researcher
More Details >

Serious Slider <= 1.2.4 - Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-33650
Patch Status
Unpatched
Published
Apr 25, 2024
Affected Software
Serious Slider
Researcher
More Details >

ShortPixel Critical CSS <= 1.0.2 - Missing Authorization

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32810
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
ShortPixel Critical CSS
Researcher
More Details >

Smart Forms <= 2.6.91 - Missing Authorization to Notice Dismissal

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-33593
Patch Status
Patched
Published
Apr 25, 2024
Affected Software
Smart Forms – when you need more than just a contact form
Researcher
More Details >

Smart Maintenance Mode <= 1.4.4 - Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-33638
Patch Status
Unpatched
Published
Apr 25, 2024
Affected Software
Smart Maintenance Mode
Researcher
More Details >

SP Project & Document Manager <= 4.71 - Insecure Direct Object Reference

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-3748
Patch Status
Unpatched
Published
Apr 24, 2024
Affected Software
SP Project & Document Manager
Researcher
More Details >

SP Project & Document Manager <= 4.71 - Insecure Direct Object Reference to Information Exposure

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-3749
Patch Status
Unpatched
Published
Apr 24, 2024
Affected Software
SP Project & Document Manager
Researcher
More Details >

Spectra – WordPress Gutenberg Blocks <= 2.12.6 - Authenticated (Contributor+) Path Traversal

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-3107
Patch Status
Patched
Published
Apr 26, 2024
Affected Software
Spectra – WordPress Gutenberg Blocks
Researcher
More Details >

The Plus Blocks for Block Editor | Gutenberg <= 3.2.5 - Missing Authorization

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-33572
Patch Status
Patched
Published
Apr 25, 2024
Affected Software
The Plus Blocks for Block Editor | Gutenberg
Researcher
More Details >

Total Poll Lite <= 4.9.9 - Missing Authorization

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32821
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
Poll | Vote | Contest – Best Poll Plugin for WordPress
Researcher
More Details >

Vitepos <= 3.0.1 - Missing Authorization

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-33574
Patch Status
Patched
Published
Apr 25, 2024
Affected Software
Vitepos – Point of sale (POS) plugin for WooCommerce
Researcher
More Details >

WordPress Backup & Migration <= 1.4.8 - Missing Authorization to Directory Traversal

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-3546
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
WordPress Backup & Migration
Researcher
More Details >

WordPress Meta Data and Taxonomies Filter (MDTF) <= 1.3.3 - Missing Authorization

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32818
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
MDTF – Meta Data and Taxonomies Filter
Researcher
More Details >

WP ADA Compliance Check Basic – Most Comprehensive Web Accessibility Solution for WordPress <= 3.1.3 - Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32947
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
WP ADA Compliance Check Basic – Most Comprehensive Web Accessibility Solution for WordPress
Researcher
More Details >

WP GDPR Compliance <= 2.0.23 - Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-33682
Patch Status
Unpatched
Published
Apr 26, 2024
Affected Software
Cookie Information | Free GDPR Consent Solution
Researcher
More Details >

WP GoToWebinar <= 14.46 - Missing Authorization

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32804
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
WP GoToWebinar
Researcher
More Details >

WP LinkedIn Auto Publish <= 8.11 - Missing Authorization

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32797
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
WP LinkedIn Auto Publish
Researcher
More Details >

WP Page Post Widget Clone <= 1.0.1 - Missing Authorization

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-33636
Patch Status
Unpatched
Published
Apr 25, 2024
Affected Software
WP Page Post Widget Clone
Researcher
More Details >

WP Prayer <= 2.0.9 - Cross-Site Request Forgery to Arbitrary Prayer Deletion

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-3407
Patch Status
Unpatched
Published
Apr 24, 2024
Affected Software
WP Prayer
Researcher
More Details >

WP Prayer <= 2.0.9 - Cross-Site Request Forgery to Email Settings Update

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-3406
Patch Status
Unpatched
Published
Apr 24, 2024
Affected Software
WP Prayer
Researcher
More Details >

WP Prayer <= 2.0.9 - Cross-Site Request Forgery to Settings Update

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-3405
Patch Status
Unpatched
Published
Apr 24, 2024
Affected Software
WP Prayer
Researcher
More Details >

WPCal.io – Easy Meeting Scheduler <= 0.9.5.8 - Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32795
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
WPCal.io – Easy Meeting Scheduler
Researcher
More Details >

WPPizza <= 3.18.10 - Missing Authorization

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-33576
Patch Status
Patched
Published
Apr 25, 2024
Affected Software
WPPizza – A Restaurant Plugin
Researcher
More Details >

WZone <= 14.0.10 - Missing Authorization

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-33547
Patch Status
Unpatched
Published
Apr 25, 2024
Affected Software
WooCommerce Amazon Affiliates - Wordpress Plugin
Researcher
More Details >

XStore <= 9.3.5 - Missing Authorization

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-33563
Patch Status
Unpatched
Published
Apr 25, 2024
Affected Software
XStore
Researcher
More Details >

YITH WooCommerce Compare <= 2.37.0 - Cross-Site Request Forgery

4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32699
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
YITH WooCommerce Compare
Researcher
More Details >

WooCommerce Shipping Label <= 2.3.8 - Authenticated (Shop Manager+) Stored Cross-Site Scripting

3.3
CVSS Rating
Low (3.3)
CVE-ID
CVE-2024-32834
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
WooCommerce Shipping Label
Researcher
More Details >

BackUpWordPress <= 3.13 - Authenticated (Admin+) Directory Traversal

2.7
CVSS Rating
Low (2.7)
CVE-ID
CVE-2024-3034
Patch Status
Patched
Published
Apr 26, 2024
Affected Software
BackUpWordPress
Researcher
More Details >

Car Dealer <= 4.15 - Authenticated (Admin+) Content Injection

2.7
CVSS Rating
Low (2.7)
CVE-ID
CVE-2024-4214
Patch Status
Patched
Published
Apr 25, 2024
Affected Software
Car Dealer (Dealership) and Vehicle sales
Researcher
More Details >

Pricing Table by Supsystic <= 1.9.12 - Authenticated (Admin+) Content Injection

2.7
CVSS Rating
Low (2.7)
CVE-ID
CVE-2024-32790
Patch Status
Patched
Published
Apr 22, 2024
Affected Software
Pricing Table by Supsystic
Researcher
More Details >

As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.

This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us through our Bug Bounty Program, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.

Did you enjoy this post? Share it!

LinkedIn 

Comments

No Comments

Breaking WordPress Security Research in your inbox as it happens.

Example of a news story

This site uses cookies in accordance with our Privacy Policy.