Wordfence Intelligence Weekly WordPress Vulnerability Report (May 6, 2024 to May 12, 2024)
🎉 Did you know we’re running a Bug Bounty Extravaganza again?
Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure!
Last week, there were 184 vulnerabilities disclosed in 146 WordPress Plugins and 6 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 67 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.
Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface, vulnerability API, webhook integration, and Wordfence CLI Vulnerability Scanner are all completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.
Enterprises, Hosting Providers, and even Individuals can use the Wordfence CLI Vulnerability Scanner to run regular vulnerability scans across the sites they protect. Or alternatively, utilize the vulnerability Database API to receive a complete dump of our database of over 16,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
Total Unpatched & Patched Vulnerabilities Last Week
| Patch Status | Number of Vulnerabilities |
|---|---|
| Patched | 145 |
| Unpatched | 39 |
Total Vulnerabilities by CVSS Severity Last Week
| Severity Rating | Number of Vulnerabilities |
|---|---|
| Low Severity | 1 |
| Medium Severity | 146 |
| High Severity | 19 |
| Critical Severity | 18 |
Total Vulnerabilities by CWE Type Last Week
| Vulnerability Type by CWE | Number of Vulnerabilities |
|---|---|
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 88 |
| Cross-Site Request Forgery (CSRF) | 23 |
| Missing Authorization | 18 |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') | 8 |
| Unrestricted Upload of File with Dangerous Type | 8 |
| Information Exposure | 7 |
| Deserialization of Untrusted Data | 6 |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | 5 |
| Improper Control of Generation of Code ('Code Injection') | 4 |
| Server-Side Request Forgery (SSRF) | 3 |
| Authentication Bypass Using an Alternate Path or Channel | 2 |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | 2 |
| Information Exposure Through Log Files | 2 |
| Authentication Bypass by Spoofing | 1 |
| Authorization Bypass Through User-Controlled Key | 1 |
| Improper Access Control | 1 |
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | 1 |
| Improper Privilege Management | 1 |
| Incorrect Authorization | 1 |
| Insecure Storage of Sensitive Information | 1 |
| Unprotected Alternate Channel | 1 |
Researchers That Contributed to WordPress Security Last Week
| Researcher Name | Number of Vulnerabilities |
|---|---|
| 19 | |
| 16 | |
| 9 | |
| 8 | |
| 8 | |
| 7 | |
| 7 | |
| 7 | |
| 6 | |
| 6 | |
| 5 | |
| 5 | |
| 4 | |
| 4 | |
| 4 | |
| 4 | |
| 3 | |
| 3 | |
| 3 | |
| 3 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 |
Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and earn a bounty on in-scope vulnerabilities through our Bug Bounty Program. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.
WordPress Plugins with Reported Vulnerabilities Last Week
| Software Name | Software Slug |
|---|---|
| 140+ Widgets | Xpro Addons For Elementor – FREE | xpro-elementor-addons |
| 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin | real3d-flipbook-lite |
| Academy LMS – WordPress LMS Plugin for Complete eLearning Solution | academy |
| ADFO – Custom data in admin dashboard | admin-form |
| Advanced Ads – Ad Manager & AdSense | advanced-ads |
| AI Engine | ai-engine |
| Aiomatic - Automatic AI Content Writer & Editor, GPT-3 & GPT-4, ChatGPT ChatBot & AI Toolkit | aiomatic-automatic-ai-content-writer |
| All Bootstrap Blocks | all-bootstrap-blocks |
| All-in-One Addons for Elementor – WidgetKit | widgetkit-for-elementor |
| Arigato Autoresponder and Newsletter | bft-autoresponder |
| Auto Affiliate Links | wp-auto-affiliate-links |
| AWSOM News Announcement | awsom-news-announcement |
| Back In Stock Notifier for WooCommerce | WooCommerce Waitlist Pro | back-in-stock-notifier-for-woocommerce |
| Barcode Scanner and Inventory manager. POS (Point of Sale) – scan barcodes & create orders with barcode reader. | barcode-scanner-lite-pos-to-manage-products-inventory-and-orders |
| Beaver Builder – WordPress Page Builder | beaver-builder-lite-version |
| Better Elementor Addons | better-elementor-addons |
| Blocksy Companion | blocksy-companion |
| BlogLentor – Blog Designer Pack for Elementor | bloglentor-for-elementor |
| Breakdance | breakdance |
| Brizy – Page Builder | brizy |
| Brozzme Scroll Top | brozzme-scroll-top |
| Business Card | business-card-by-esterox-100 |
| canvasio3D Light | canvasio3d-light |
| Church Admin | church-admin |
| ClickCease Click Fraud Protection | clickcease-click-fraud-protection |
| Comments Evolved for WordPress | gplus-comments |
| Configure Login Timeout | configure-login-timeout |
| Contact List – Premium Staff Listing, Business Directory & Address Book with Frontend Email | contact-list |
| Content Blocks (Custom Post Widget) | custom-post-widget |
| Content Views – Post Grid & Filter, Recent Posts, Category Posts … (Shortcode, Blocks, and Elementor Widgets) | content-views-query-and-display-post-page |
| Counter Up – Animated Number Counter & Milestone Showcase | wp-counter-up |
| Custom Field Suite | custom-field-suite |
| Debug Info | debug-info |
| Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler | cf7-styler |
| Ditty – Responsive News Tickers, Sliders, and Lists | ditty-news-ticker |
| Divi Builder | divi-builder |
| DS Site Message | ds-site-message |
| Dynamics 365 Integration | integration-dynamics |
| Easy Affiliate Links | easy-affiliate-links |
| Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) | easy-digital-downloads |
| Edwiser Bridge – WordPress Moodle LMS Integration | edwiser-bridge |
| EmbedPress – Embed PDF, PDF 3D FlipBook, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor | embedpress |
| Enhance Your Posts with Author Box, Social Links, Co-Authors, Guest Authors, and Post Rating System, including User Registration Form Builder – WP Post Author | wp-post-author |
| Enter Addons – Ultimate Template Builder for Elementor | enteraddons |
| Envo's Elementor Templates & Widgets for WooCommerce | envo-elementor-for-woocommerce |
| Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders | essential-addons-for-elementor-lite |
| Falang multilanguage for WordPress | falang |
| Featured Content Gallery | featured-content-gallery |
| Flo Forms – Easy Drag & Drop Form Builder | flo-forms |
| Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder | form-maker |
| Forty Four – 404 Plugin for WordPress | forty-four |
| GDPR Compliance | gdpr-compliance |
| gee Search Plus, improved WordPress search | gsearch-plus |
| Ghost | ghost |
| Gianism | gianism |
| Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers | rafflepress |
| Gold Addons for Elementor | gold-addons-for-elementor |
| Graphina – Elementor Charts and Graphs | graphina-elementor-charts-and-graphs |
| Gutenberg Blocks with AI by Kadence WP – Page Builder Features | kadence-blocks |
| Gutenify – Visual Site Builder Blocks & Site Templates. | gutenify |
| Heateor Social Login WordPress | heateor-social-login |
| Hostel | hostel |
| Hotel Booking Lite | motopress-hotel-booking-lite |
| HT Mega – Absolute Addons For Elementor | ht-mega-for-elementor |
| HTML5 Audio Player- Audio Player Plugin | html5-audio-player |
| If-So Dynamic Content Personalization | if-so |
| Image Hover Effects – Elementor Addon | image-hover-effects-addon-for-elementor |
| Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms | integration-for-contact-form-7-and-pipedrive |
| Joli FAQ SEO – WordPress FAQ Plugin | joli-faq-seo |
| KKProgressbar2 Free – advanced progress bars | kkprogressbar |
| Kognetiks Chatbot for WordPress | chatbot-chatgpt |
| LearnPress – WordPress LMS Plugin | learnpress |
| Link Library | link-library |
| Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library ) | magical-addons-for-elementor |
| Meow Gallery | meow-gallery |
| Mesmerize Companion | mesmerize-companion |
| Mihdan: Yandex Turbo Feed | mihdan-yandex-turbo-feed |
| Move Addons for Elementor | move-addons |
| Netgsm | netgsm |
| One Click Demo Import | one-click-demo-import |
| Orders Tracking for WooCommerce | woo-orders-tracking |
| Pk Favicon Manager | phpsword-favicon-manager |
| Playlist for Youtube | playlist-for-youtube |
| Pods – Custom Content Types and Fields | pods |
| Pootle Pagebuilder – WordPress Page builder | pootle-page-builder |
| Porto Theme - Functionality | porto-functionality |
| Post Grid Master – Custom Post Types, Taxonomies & Ajax Filter Everything with Infinite Scroll, Load More, Pagination & Shortcode Builder | ajax-filter-posts |
| Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) | bdthemes-prime-slider-lite |
| Propovoice: All-in-One Client Management System | propovoice |
| Pure Chat – Live Chat & More! | pure-chat |
| QuickieBar | quickiebar |
| Shared Counts – Social Media Share Buttons | shared-counts |
| Shared Files – Premium Download Manager & Secure File Sharing with Frontend File Upload | shared-files |
| Shipment Tracking, Tracking, and Order Tracking for WooCommerce – ParcelPanel (Free to install) | parcelpanel |
| ShopBuilder – Elementor WooCommerce Builder Addons | shopbuilder |
| Shopping Cart & eCommerce Store | wp-easycart |
| ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization | shortpixel-adaptive-images |
| Simple Website Banner | corona-virus-covid-19-banner |
| Site Reviews | site-reviews |
| SKT Addons for Elementor | skt-addons-for-elementor |
| Soccer Engine – Soccer Plugin for WordPress | soccer-engine-lite |
| Social Connect | social-connect |
| Social Sharing Plugin – Social Warfare | social-warfare |
| SP Project & Document Manager | sp-client-document-manager |
| Spectra Pro | spectra-pro |
| SportsPress – Sports Club & League Manager | sportspress |
| Squelch Tabs and Accordions Shortcodes | squelch-tabs-and-accordions-shortcodes |
| Starter Templates — Elementor, WordPress & Beaver Builder Templates | astra-sites |
| Startklar Elementor Addons | startklar-elmentor-forms-extwidgets |
| Sticky banner | sticky-banner |
| Sticky Social Link | sticky-social-link |
| Stockholm Core | stockholm-core |
| Swift Performance Lite | swift-performance-lite |
| Table Maker | table-maker |
| The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce | the-plus-addons-for-elementor-page-builder |
| Themify Shortcodes | themify-shortcodes |
| Thim Elementor Kit | thim-elementor-kit |
| Timber | timber-library |
| Translate Multilingual sites – TranslatePress | translatepress-multilingual |
| TT Custom Post Type Creator | tt-custom-post-type-creator |
| Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider | ultimate-store-kit |
| Unlimited Elements For Elementor (Free Widgets, Addons, Templates) | unlimited-elements-for-elementor |
| Unyson | unyson |
| Viet Affiliate Link | viet-affiliate-link |
| Viet Nam Affiliate | viet-nam-affiliate |
| Visual Footer Credit Remover | visual-footer-credit-remover |
| WC Serial Numbers – Ultimate License Manager for Selling, Licensing & Securely Delivering Digital Content with WooCommerce | wc-serial-numbers |
| weDocs – Knowledgebase, Documentation, and Wiki for WP | wedocs |
| White Label CMS | white-label-cms |
| WOLF – WordPress Posts Bulk Editor and Manager Professional | bulk-editor |
| WooCommerce Wishlist (High customization, fast setup,Free Elementor Wishlist, most features) | smart-wishlist-for-more-convert |
| WordPress Affiliates Plugin — SliceWP Affiliates | slicewp |
| WordPress Webinar Plugin – WebinarPress | wp-webinarsystem |
| WP Discourse | wp-discourse |
| WP etracker | wp-etracker |
| WP Fastest Cache | wp-fastest-cache |
| WP Favorite Posts | wp-favorite-posts |
| WP Job Manager | wp-job-manager |
| WP Latest Posts | wp-latest-posts |
| WP Photo Album Plus | wp-photo-album-plus |
| WP STAGING WordPress Backup Plugin – Migration Backup Restore | wp-staging |
| WPCS ( WordPress Custom Search ) | wpcs-wp-custom-search |
| XML Sitemap & Google News | xml-sitemap-feed |
| Yoast SEO | wordpress-seo |
| Z-Downloads | z-downloads |
| Zotpress | zotpress |
WordPress Themes with Reported Vulnerabilities Last Week
| Software Name | Software Slug |
|---|---|
| Divi | Divi |
| Divi Extra | extra |
| Himalayas | himalayas |
| Porto | porto |
| raindrops | raindrops |
| Stockholm | stockholm |
Vulnerability Details
Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you’d like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.
CVE-ID
CVE-2024-31377
CVE-2024-31377
Patch Status
Patched
Patched
Published
May 7, 2024
May 7, 2024
Affected Software
WP Photo Album Plus
WP Photo Album Plus
Researcher
CVE-ID
CVE-2024-34411
CVE-2024-34411
Patch Status
Unpatched
Unpatched
Published
May 6, 2024
May 6, 2024
Affected Software
canvasio3D Light
canvasio3D Light
Researcher
CVE-ID
CVE-2024-34412
CVE-2024-34412
Patch Status
Patched
Patched
Published
May 6, 2024
May 6, 2024
Affected Software
Shipment Tracking, Tracking, and Order Tracking for WooCommerce – ParcelPanel (Free to install)
Shipment Tracking, Tracking, and Order Tracking for WooCommerce – ParcelPanel (Free to install)
Researcher
CVE-ID
CVE-2024-4186
CVE-2024-4186
Patch Status
Patched
Patched
Published
May 6, 2024
May 6, 2024
Affected Software
Edwiser Bridge – WordPress Moodle LMS Integration
Edwiser Bridge – WordPress Moodle LMS Integration
Researcher
CVE-ID
CVE-2024-4413
CVE-2024-4413
Patch Status
Patched
Patched
Published
May 10, 2024
May 10, 2024
Affected Software
Hotel Booking Lite
Hotel Booking Lite
Researcher
CVE-ID
CVE-2024-4560
CVE-2024-4560
Patch Status
Patched
Patched
Published
May 10, 2024
May 10, 2024
Affected Software
Kognetiks Chatbot for WordPress
Kognetiks Chatbot for WordPress
Researcher
CVE-ID
CVE-2024-4434
CVE-2024-4434
Patch Status
Patched
Patched
Published
May 9, 2024
May 9, 2024
Affected Software
LearnPress – WordPress LMS Plugin
LearnPress – WordPress LMS Plugin
Researcher
CVE-ID
CVE-2024-3806
CVE-2024-3806
Patch Status
Patched
Patched
Published
May 8, 2024
May 8, 2024
Affected Software
Porto
Porto
Researcher
CVE-ID
CVE-2024-4393
CVE-2024-4393
Patch Status
Unpatched
Unpatched
Published
May 7, 2024
May 7, 2024
Affected Software
Social Connect
Social Connect
Researcher
CVE-ID
CVE-2024-4345
CVE-2024-4345
Patch Status
Patched
Patched
Published
May 6, 2024
May 6, 2024
Affected Software
Startklar Elementor Addons
Startklar Elementor Addons
Researcher
CVE-ID
CVE-2024-34551
CVE-2024-34551
Patch Status
Patched
Patched
Published
May 7, 2024
May 7, 2024
Affected Software
Stockholm
Stockholm
Researcher
CVE-ID
CVE-2024-4606
CVE-2024-4606
Patch Status
Unpatched
Unpatched
Published
May 7, 2024
May 7, 2024
CVE-ID
CVE-2024-34440
CVE-2024-34440
Patch Status
Patched
Patched
Published
May 7, 2024
May 7, 2024
Affected Software
AI Engine
AI Engine
Researcher
CVE-ID
CVE-2024-34386
CVE-2024-34386
Patch Status
Patched
Patched
Published
May 6, 2024
May 6, 2024
Affected Software
Auto Affiliate Links
Auto Affiliate Links
Researcher
CVE-ID
CVE-2024-4533
CVE-2024-4533
Patch Status
Unpatched
Unpatched
Published
May 6, 2024
May 6, 2024
Affected Software
KKProgressbar2 Free – advanced progress bars
KKProgressbar2 Free – advanced progress bars
Researcher
CVE-ID
CVE-2024-34416
CVE-2024-34416
Patch Status
Unpatched
Unpatched
Published
May 6, 2024
May 6, 2024
Affected Software
Pk Favicon Manager
Pk Favicon Manager
Researcher
CVE-ID
CVE-2024-4346
CVE-2024-4346
Patch Status
Patched
Patched
Published
May 6, 2024
May 6, 2024
Affected Software
Startklar Elementor Addons
Startklar Elementor Addons
Researcher
CVE-ID
CVE-2024-34555
CVE-2024-34555
Patch Status
Patched
Patched
Published
May 10, 2024
May 10, 2024
Affected Software
Z-Downloads
Z-Downloads
Researchers
CVE-ID
CVE-2024-4605
CVE-2024-4605
Patch Status
Patched
Patched
Published
May 8, 2024
May 8, 2024
Affected Software
Breakdance
Breakdance
Researcher
CVE-ID
CVE-2024-3954
CVE-2024-3954
Patch Status
Patched
Patched
Published
May 7, 2024
May 7, 2024
Affected Software
Ditty – Responsive News Tickers, Sliders, and Lists
Ditty – Responsive News Tickers, Sliders, and Lists
Researcher
LearnPress – WordPress LMS Plugin <= 4.2.6.5 - Authenticated (Instructor+) Arbitrary File Upload
8.8
CVE-ID
CVE-2024-4397
CVE-2024-4397
Patch Status
Patched
Patched
Published
May 9, 2024
May 9, 2024
Affected Software
LearnPress – WordPress LMS Plugin
LearnPress – WordPress LMS Plugin
Researcher
CVE-ID
CVE-2024-3807
CVE-2024-3807
Patch Status
Patched
Patched
Published
May 8, 2024
May 8, 2024
Affected Software
Porto
Porto
Researcher
CVE-ID
CVE-2024-3809
CVE-2024-3809
Patch Status
Patched
Patched
Published
May 8, 2024
May 8, 2024
Affected Software
Porto Theme - Functionality
Porto Theme - Functionality
Researcher
CVE-ID
CVE-2024-3808
CVE-2024-3808
Patch Status
Patched
Patched
Published
May 8, 2024
May 8, 2024
Affected Software
Porto Theme - Functionality
Porto Theme - Functionality
Researcher
CVE-ID
CVE-2024-3828
CVE-2024-3828
Patch Status
Patched
Patched
Published
May 9, 2024
May 9, 2024
Affected Software
Spectra Pro
Spectra Pro
Researcher
CVE-ID
CVE-2024-34552
CVE-2024-34552
Patch Status
Patched
Patched
Published
May 7, 2024
May 7, 2024
Affected Software
Stockholm
Stockholm
Researcher
CVE-ID
CVE-2024-34554
CVE-2024-34554
Patch Status
Patched
Patched
Published
May 7, 2024
May 7, 2024
Affected Software
Stockholm Core
Stockholm Core
Researcher
CVE-ID
CVE-2024-3055
CVE-2024-3055
Patch Status
Patched
Patched
Published
May 10, 2024
May 10, 2024
Affected Software
Unlimited Elements For Elementor (Free Widgets, Addons, Templates)
Unlimited Elements For Elementor (Free Widgets, Addons, Templates)
Researcher
CVE-ID
CVE-2024-4441
CVE-2024-4441
Patch Status
Patched
Patched
Published
May 7, 2024
May 7, 2024
Affected Software
XML Sitemap & Google News
XML Sitemap & Google News
Researcher
CVE-ID
CVE-2024-2290
CVE-2024-2290
Patch Status
Patched
Patched
Published
May 7, 2024
May 7, 2024
Affected Software
Advanced Ads – Ad Manager & AdSense
Advanced Ads – Ad Manager & AdSense
Researcher
CVE-ID
CVE-2024-4534
CVE-2024-4534
Patch Status
Unpatched
Unpatched
Published
May 6, 2024
May 6, 2024
Affected Software
KKProgressbar2 Free – advanced progress bars
KKProgressbar2 Free – advanced progress bars
Researcher
CVE-ID
CVE-2024-34433
CVE-2024-34433
Patch Status
Patched
Patched
Published
May 7, 2024
May 7, 2024
Affected Software
One Click Demo Import
One Click Demo Import
Researcher
CVE-ID
CVE-2024-4747
CVE-2024-4747
Patch Status
Patched
Patched
Published
May 10, 2024
May 10, 2024
Affected Software
Propovoice: All-in-One Client Management System
Propovoice: All-in-One Client Management System
Researcher
CVE-ID
CVE-2024-29800
CVE-2024-29800
Patch Status
Patched
Patched
Published
May 7, 2024
May 7, 2024
Affected Software
Timber
Timber
Researcher
CVE-ID
CVE-2024-2662
CVE-2024-2662
Patch Status
Patched
Patched
Published
May 9, 2024
May 9, 2024
Affected Software
Unlimited Elements For Elementor (Free Widgets, Addons, Templates)
Unlimited Elements For Elementor (Free Widgets, Addons, Templates)
Researcher
CVE-ID
CVE-2024-4347
CVE-2024-4347
Patch Status
Patched
Patched
Published
May 10, 2024
May 10, 2024
Affected Software
WP Fastest Cache
WP Fastest Cache
Researcher
CVE-ID
CVE-2024-1940
CVE-2024-1940
Patch Status
Patched
Patched
Published
May 6, 2024
May 6, 2024
Affected Software
Brizy – Page Builder
Brizy – Page Builder
Researcher
CVE-ID
CVE-2024-4038
CVE-2024-4038
Patch Status
Patched
Patched
Published
May 7, 2024
May 7, 2024
Affected Software
Back In Stock Notifier for WooCommerce | WooCommerce Waitlist Pro
Back In Stock Notifier for WooCommerce | WooCommerce Waitlist Pro
Researcher
CVE-ID
CVE-2024-4448
CVE-2024-4448
Patch Status
Patched
Patched
Published
May 9, 2024
May 9, 2024
Affected Software
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
Researcher
CVE-ID
CVE-2024-4039
CVE-2024-4039
Patch Status
Patched
Patched
Published
May 9, 2024
May 9, 2024
Affected Software
Orders Tracking for WooCommerce
Orders Tracking for WooCommerce
Researcher
CVE-ID
CVE-2024-34561
CVE-2024-34561
Patch Status
Patched
Patched
Published
May 7, 2024
May 7, 2024
Researcher
CVE-ID
CVE-2024-3952
CVE-2024-3952
Patch Status
Patched
Patched
Published
May 7, 2024
May 7, 2024
Affected Software
Advanced Ads – Ad Manager & AdSense
Advanced Ads – Ad Manager & AdSense
Researcher
CVE-ID
CVE-2024-35169
CVE-2024-35169
Patch Status
Patched
Patched
Published
May 10, 2024
May 10, 2024
Affected Software
All Bootstrap Blocks
All Bootstrap Blocks
Researcher
CVE-ID
CVE-2024-34548
CVE-2024-34548
Patch Status
Patched
Patched
Published
May 7, 2024
May 7, 2024
Affected Software
All-in-One Addons for Elementor – WidgetKit
All-in-One Addons for Elementor – WidgetKit
Researcher
CVE-ID
CVE-2024-3923
CVE-2024-3923
Patch Status
Patched
Patched
Published
May 7, 2024
May 7, 2024
Affected Software
Beaver Builder – WordPress Page Builder
Beaver Builder – WordPress Page Builder
Researcher
CVE-ID
CVE-2024-4430
CVE-2024-4430
Patch Status
Patched
Patched
Published
May 10, 2024
May 10, 2024
Affected Software
Beaver Builder – WordPress Page Builder
Beaver Builder – WordPress Page Builder
Researcher
CVE-ID
CVE-2024-34432
CVE-2024-34432
Patch Status
Patched
Patched
Published
May 7, 2024
May 7, 2024
Affected Software
Better Elementor Addons
Better Elementor Addons
Researcher
CVE-ID
CVE-2024-4487
CVE-2024-4487
Patch Status
Patched
Patched
Published
May 10, 2024
May 10, 2024
Affected Software
Blocksy Companion
Blocksy Companion
Researcher
CVE-ID
CVE-2024-34421
CVE-2024-34421
Patch Status
Unpatched
Unpatched
Published
May 6, 2024
May 6, 2024
Affected Software
BlogLentor – Blog Designer Pack for Elementor
BlogLentor – Blog Designer Pack for Elementor
Researcher
CVE-ID
CVE-2024-34566
CVE-2024-34566
Patch Status
Patched
Patched
Published
May 7, 2024
May 7, 2024
Affected Software
Content Blocks (Custom Post Widget)
Content Blocks (Custom Post Widget)
Researcher
CVE-ID
CVE-2024-4446
CVE-2024-4446
Patch Status
Patched
Patched
Published
May 6, 2024
May 6, 2024
CVE-ID
CVE-2024-34564
CVE-2024-34564
Patch Status
Patched
Patched
Published
May 7, 2024
May 7, 2024
Affected Software
Counter Up – Animated Number Counter & Milestone Showcase
Counter Up – Animated Number Counter & Milestone Showcase
Researcher
CVE-ID
CVE-2024-3939
CVE-2024-3939
Patch Status
Patched
Patched
Published
May 6, 2024
May 6, 2024
Affected Software
Ditty – Responsive News Tickers, Sliders, and Lists
Ditty – Responsive News Tickers, Sliders, and Lists
Researcher
CVE-ID
CVE-2024-34441
CVE-2024-34441
Patch Status
Patched
Patched
Published
May 7, 2024
May 7, 2024
Affected Software
Easy Affiliate Links
Easy Affiliate Links
Researcher
CVE-ID
CVE-2024-4490
CVE-2024-4490
Patch Status
Patched
Patched
Published
May 9, 2024
May 9, 2024
Researcher
CVE-ID
CVE-2024-4316
CVE-2024-4316
Patch Status
Patched
Patched
Published
May 9, 2024
May 9, 2024
CVE-ID
CVE-2024-3680
CVE-2024-3680
Patch Status
Patched
Patched
Published
May 8, 2024
May 8, 2024
Affected Software
Enter Addons – Ultimate Template Builder for Elementor
Enter Addons – Ultimate Template Builder for Elementor
Researcher
CVE-ID
CVE-2024-3831
CVE-2024-3831
Patch Status
Patched
Patched
Published
May 8, 2024
May 8, 2024
Affected Software
Enter Addons – Ultimate Template Builder for Elementor
Enter Addons – Ultimate Template Builder for Elementor
Researcher
CVE-ID
CVE-2024-35167
CVE-2024-35167
Patch Status
Patched
Patched
Published
May 10, 2024
May 10, 2024
Affected Software
Envo's Elementor Templates & Widgets for WooCommerce
Envo's Elementor Templates & Widgets for WooCommerce
Researcher
CVE-ID
CVE-2024-4449
CVE-2024-4449
Patch Status
Patched
Patched
Published
May 9, 2024
May 9, 2024
Affected Software
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
Researcher
CVE-ID
CVE-2024-4275
CVE-2024-4275
Patch Status
Patched
Patched
Published
May 9, 2024
May 9, 2024
Gallery Block (Meow Gallery) <= 5.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-ID
CVE-2024-4386
CVE-2024-4386
Patch Status
Patched
Patched
Published
May 8, 2024
May 8, 2024
Affected Software
Meow Gallery
Meow Gallery
Researcher
CVE-ID
CVE-2024-34563
CVE-2024-34563
Patch Status
Patched
Patched
Published
May 7, 2024
May 7, 2024
Affected Software
Gold Addons for Elementor
Gold Addons for Elementor
Researcher
CVE-ID
CVE-2024-4574
CVE-2024-4574
Patch Status
Patched
Patched
Published
May 10, 2024
May 10, 2024
Affected Software
Graphina – Elementor Charts and Graphs
Graphina – Elementor Charts and Graphs
Researcher
CVE-ID
CVE-2024-4209
CVE-2024-4209
Patch Status
Patched
Patched
Published
May 10, 2024
May 10, 2024
Affected Software
Gutenberg Blocks with AI by Kadence WP – Page Builder Features
Gutenberg Blocks with AI by Kadence WP – Page Builder Features
Researcher
CVE-ID
CVE-2024-4481
CVE-2024-4481
Patch Status
Patched
Patched
Published
May 9, 2024
May 9, 2024
Affected Software
Gutenberg Blocks with AI by Kadence WP – Page Builder Features
Gutenberg Blocks with AI by Kadence WP – Page Builder Features
Researcher
Heateor Social Login WordPress <= 1.1.31 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-ID
CVE-2024-32674
CVE-2024-32674
Patch Status
Patched
Patched
Published
May 8, 2024
May 8, 2024
Affected Software
Heateor Social Login WordPress
Heateor Social Login WordPress
Researcher
CVE-ID
CVE-2024-34571
CVE-2024-34571
Patch Status
Patched
Patched
Published
May 7, 2024
May 7, 2024
Affected Software
Himalayas
Himalayas
Researcher
CVE-ID
CVE-2024-3989
CVE-2024-3989
Patch Status
Patched
Patched
Published
May 7, 2024
May 7, 2024
Affected Software
HT Mega – Absolute Addons For Elementor
HT Mega – Absolute Addons For Elementor
Researcher
CVE-ID
CVE-2024-3990
CVE-2024-3990
Patch Status
Patched
Patched
Published
May 7, 2024
May 7, 2024
Affected Software
HT Mega – Absolute Addons For Elementor
HT Mega – Absolute Addons For Elementor
Researcher
CVE-ID
CVE-2024-4398
CVE-2024-4398
Patch Status
Patched
Patched
Published
May 9, 2024
May 9, 2024
Affected Software
HTML5 Audio Player- Audio Player Plugin
HTML5 Audio Player- Audio Player Plugin
Researcher
CVE-ID
CVE-2024-1166
CVE-2024-1166
Patch Status
Patched
Patched
Published
May 6, 2024
May 6, 2024
Affected Software
Image Hover Effects – Elementor Addon
Image Hover Effects – Elementor Addon
Researcher
CVE-ID
CVE-2024-4277
CVE-2024-4277
Patch Status
Patched
Patched
Published
May 9, 2024
May 9, 2024
Affected Software
LearnPress – WordPress LMS Plugin
LearnPress – WordPress LMS Plugin
Researcher
CVE-ID
CVE-2024-4281
CVE-2024-4281
Patch Status
Patched
Patched
Published
May 7, 2024
May 7, 2024
Affected Software
Link Library
Link Library
Researcher
CVE-ID
CVE-2024-2923
CVE-2024-2923
Patch Status
Patched
Patched
Published
May 6, 2024
May 6, 2024
CVE-ID
CVE-2024-3494
CVE-2024-3494
Patch Status
Patched
Patched
Published
May 7, 2024
May 7, 2024
Affected Software
Mesmerize Companion
Mesmerize Companion
Researcher
CVE-ID
CVE-2024-4411
CVE-2024-4411
Patch Status
Patched
Patched
Published
May 6, 2024
May 6, 2024
Affected Software
Mihdan: Yandex Turbo Feed
Mihdan: Yandex Turbo Feed
Researcher
CVE-ID
CVE-2024-34562
CVE-2024-34562
Patch Status
Patched
Patched
Published
May 7, 2024
May 7, 2024
Affected Software
Move Addons for Elementor
Move Addons for Elementor
Researcher
CVE-ID
CVE-2024-34573
CVE-2024-34573
Patch Status
Unpatched
Unpatched
Published
May 7, 2024
May 7, 2024
Affected Software
Pootle Pagebuilder – WordPress Page builder
Pootle Pagebuilder – WordPress Page builder
Researcher
CVE-ID
CVE-2024-4339
CVE-2024-4339
Patch Status
Patched
Patched
Published
May 7, 2024
May 7, 2024
Affected Software
Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider)
Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider)
Researcher
CVE-ID
CVE-2024-3595
CVE-2024-3595
Patch Status
Patched
Patched
Published
May 8, 2024
May 8, 2024
Affected Software
Pure Chat – Live Chat & More!
Pure Chat – Live Chat & More!
Researcher
CVE-ID
CVE-2024-34414
CVE-2024-34414
Patch Status
Patched
Patched
Published
May 6, 2024
May 6, 2024
Affected Software
raindrops
raindrops
Researcher
CVE-ID
CVE-2024-34436
CVE-2024-34436
Patch Status
Patched
Patched
Published
May 7, 2024
May 7, 2024
Affected Software
SKT Addons for Elementor
SKT Addons for Elementor
Researcher
CVE-ID
CVE-2024-34445
CVE-2024-34445
Patch Status
Patched
Patched
Published
May 7, 2024
May 7, 2024
Affected Software
SKT Addons for Elementor
SKT Addons for Elementor
Researcher
CVE-ID
CVE-2024-4630
CVE-2024-4630
Patch Status
Patched
Patched
Published
May 10, 2024
May 10, 2024
Affected Software
Starter Templates — Elementor, WordPress & Beaver Builder Templates
Starter Templates — Elementor, WordPress & Beaver Builder Templates
Researcher
The Plus Addons for Elementor <= 5.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-ID
CVE-2024-0445
CVE-2024-0445
Patch Status
Patched
Patched
Published
May 6, 2024
May 6, 2024
Affected Software
The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce
The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce
Researcher
CVE-ID
CVE-2024-2785
CVE-2024-2785
Patch Status
Patched
Patched
Published
May 6, 2024
May 6, 2024
Affected Software
The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce
The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce
Researcher
CVE-ID
CVE-2024-4567
CVE-2024-4567
Patch Status
Patched
Patched
Published
May 8, 2024
May 8, 2024
Affected Software
Themify Shortcodes
Themify Shortcodes
Researcher
CVE-ID
CVE-2024-34415
CVE-2024-34415
Patch Status
Patched
Patched
Published
May 6, 2024
May 6, 2024
Affected Software
Thim Elementor Kit
Thim Elementor Kit
Researcher
CVE-ID
CVE-2024-4329
CVE-2024-4329
Patch Status
Patched
Patched
Published
May 10, 2024
May 10, 2024
Affected Software
Thim Elementor Kit
Thim Elementor Kit
Researcher
CVE-ID
CVE-2024-34569
CVE-2024-34569
Patch Status
Patched
Patched
Published
May 7, 2024
May 7, 2024
Affected Software
Zotpress
Zotpress
Researcher
CVE-ID
CVE-2024-4104
CVE-2024-4104
Patch Status
Patched
Patched
Published
May 7, 2024
May 7, 2024
Affected Software
ADFO – Custom data in admin dashboard
ADFO – Custom data in admin dashboard
Researcher
CVE-ID
CVE-2024-34553
CVE-2024-34553
Patch Status
Patched
Patched
Published
May 7, 2024
May 7, 2024
Affected Software
Stockholm Core
Stockholm Core
Researcher
CVE-ID
CVE-2024-3547
CVE-2024-3547
Patch Status
Patched
Patched
Published
May 9, 2024
May 9, 2024
Affected Software
Unlimited Elements For Elementor (Free Widgets, Addons, Templates)
Unlimited Elements For Elementor (Free Widgets, Addons, Templates)
Researcher
CVE-ID
CVE-2024-34431
CVE-2024-34431
Patch Status
Unpatched
Unpatched
Published
May 6, 2024
May 6, 2024
Affected Software
WP etracker
WP etracker
Researcher
CVE-ID
CVE-2024-4041
CVE-2024-4041
Patch Status
Patched
Patched
Published
May 6, 2024
May 6, 2024
Affected Software
Yoast SEO
Yoast SEO
Researcher
CVE-ID
CVE-2024-34560
CVE-2024-34560
Patch Status
Unpatched
Unpatched
Published
May 7, 2024
May 7, 2024
Affected Software
gee Search Plus, improved WordPress search
gee Search Plus, improved WordPress search
Researcher
CVE-ID
CVE-2024-3937
CVE-2024-3937
Patch Status
Patched
Patched
Published
May 8, 2024
May 8, 2024
Affected Software
Playlist for Youtube
Playlist for Youtube
Researcher
CVE-ID
CVE-2024-35172
CVE-2024-35172
Patch Status
Patched
Patched
Published
May 10, 2024
May 10, 2024
Affected Software
ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization
ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization
Researcher
CVE-ID
CVE-2024-34826
CVE-2024-34826
Patch Status
Patched
Patched
Published
May 9, 2024
May 9, 2024
Affected Software
Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler
Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler
Researcher
CVE-ID
CVE-2024-3956
CVE-2024-3956
Patch Status
Patched
Patched
Published
May 9, 2024
May 9, 2024
Affected Software
Pods – Custom Content Types and Fields
Pods – Custom Content Types and Fields
Researcher
CVE-ID
CVE-2024-34390
CVE-2024-34390
Patch Status
Unpatched
Unpatched
Published
May 6, 2024
May 6, 2024
CVE-ID
CVE-2024-3722
CVE-2024-3722
Patch Status
Patched
Patched
Published
May 8, 2024
May 8, 2024
Affected Software
Swift Performance Lite
Swift Performance Lite
Researcher
CVE-ID
CVE-2024-34574
CVE-2024-34574
Patch Status
Unpatched
Unpatched
Published
May 7, 2024
May 7, 2024
Affected Software
Table Maker
Table Maker
Researcher
CVE-ID
CVE-2024-4135
CVE-2024-4135
Patch Status
Patched
Patched
Published
May 7, 2024
May 7, 2024
Affected Software
WP Latest Posts
WP Latest Posts
Researcher
CVE-ID
CVE-2024-35171
CVE-2024-35171
Patch Status
Patched
Patched
Published
May 10, 2024
May 10, 2024
Affected Software
Academy LMS – WordPress LMS Plugin for Complete eLearning Solution
Academy LMS – WordPress LMS Plugin for Complete eLearning Solution
Researcher
CVE-ID
CVE-2024-34556
CVE-2024-34556
Patch Status
Patched
Patched
Published
May 7, 2024
May 7, 2024
CVE-ID
CVE-2024-34821
CVE-2024-34821
Patch Status
Patched
Patched
Published
May 9, 2024
May 9, 2024
Affected Software
Contact List – Premium Staff Listing, Business Directory & Address Book with Frontend Email
Contact List – Premium Staff Listing, Business Directory & Address Book with Frontend Email
Researcher
CVE-ID
CVE-2024-34550
CVE-2024-34550
Patch Status
Patched
Patched
Published
May 7, 2024
May 7, 2024
Affected Software
Dynamics 365 Integration
Dynamics 365 Integration
Researcher
CVE-ID
CVE-2024-32100
CVE-2024-32100
Patch Status
Patched
Patched
Published
May 9, 2024
May 9, 2024
Affected Software
Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy)
Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy)
Researcher
CVE-ID
CVE-2024-35174
CVE-2024-35174
Patch Status
Unpatched
Unpatched
Published
May 10, 2024
May 10, 2024
Affected Software
Flo Forms – Easy Drag & Drop Form Builder
Flo Forms – Easy Drag & Drop Form Builder
Researcher
CVE-ID
CVE-2024-34559
CVE-2024-34559
Patch Status
Patched
Patched
Published
May 7, 2024
May 7, 2024
Affected Software
Ghost
Ghost
Researcher
CVE-ID
CVE-2024-35165
CVE-2024-35165
Patch Status
Patched
Patched
Published
May 10, 2024
May 10, 2024
Affected Software
Gutenify – Visual Site Builder Blocks & Site Templates.
Gutenify – Visual Site Builder Blocks & Site Templates.
Researcher
CVE-ID
CVE-2024-34820
CVE-2024-34820
Patch Status
Patched
Patched
Published
May 9, 2024
May 9, 2024
Affected Software
If-So Dynamic Content Personalization
If-So Dynamic Content Personalization
Researcher
CVE-ID
CVE-2024-4535
CVE-2024-4535
Patch Status
Unpatched
Unpatched
Published
May 6, 2024
May 6, 2024
Affected Software
KKProgressbar2 Free – advanced progress bars
KKProgressbar2 Free – advanced progress bars
Researcher
CVE-ID
CVE-2024-4444
CVE-2024-4444
Patch Status
Patched
Patched
Published
May 9, 2024
May 9, 2024
Affected Software
LearnPress – WordPress LMS Plugin
LearnPress – WordPress LMS Plugin
Researcher
CVE-ID
CVE-2024-34819
CVE-2024-34819
Patch Status
Patched
Patched
Published
May 9, 2024
May 9, 2024
Affected Software
WooCommerce Wishlist (High customization, fast setup,Free Elementor Wishlist, most features)
WooCommerce Wishlist (High customization, fast setup,Free Elementor Wishlist, most features)
Researcher
CVE-ID
CVE-2024-34813
CVE-2024-34813
Patch Status
Patched
Patched
Published
May 9, 2024
May 9, 2024
Affected Software
WooCommerce Wishlist (High customization, fast setup,Free Elementor Wishlist, most features)
WooCommerce Wishlist (High customization, fast setup,Free Elementor Wishlist, most features)
Researcher
CVE-ID
CVE-2024-35173
CVE-2024-35173
Patch Status
Unpatched
Unpatched
Published
May 10, 2024
May 10, 2024
CVE-ID
CVE-2024-34438
CVE-2024-34438
Patch Status
Patched
Patched
Published
May 7, 2024
May 7, 2024
Affected Software
Shared Files – Premium Download Manager & Secure File Sharing with Frontend File Upload
Shared Files – Premium Download Manager & Secure File Sharing with Frontend File Upload
Researcher
CVE-ID
CVE-2024-34812
CVE-2024-34812
Patch Status
Patched
Patched
Published
May 9, 2024
May 9, 2024
Affected Software
ShopBuilder – Elementor WooCommerce Builder Addons
ShopBuilder – Elementor WooCommerce Builder Addons
Researcher
CVE-ID
CVE-2024-4213
CVE-2024-4213
Patch Status
Patched
Patched
Published
May 10, 2024
May 10, 2024
Affected Software
Shopping Cart & eCommerce Store
Shopping Cart & eCommerce Store
Researcher
CVE-ID
CVE-2024-3050
CVE-2024-3050
Patch Status
Patched
Patched
Published
May 8, 2024
May 8, 2024
Affected Software
Site Reviews
Site Reviews
Researchers
CVE-ID
CVE-2024-34442
CVE-2024-34442
Patch Status
Patched
Patched
Published
May 7, 2024
May 7, 2024
Affected Software
weDocs – Knowledgebase, Documentation, and Wiki for WP
weDocs – Knowledgebase, Documentation, and Wiki for WP
Researcher
CVE-ID
CVE-2024-4280
CVE-2024-4280
Patch Status
Patched
Patched
Published
May 9, 2024
May 9, 2024
Affected Software
White Label CMS
White Label CMS
Researcher
CVE-ID
CVE-2024-34549
CVE-2024-34549
Patch Status
Patched
Patched
Published
May 7, 2024
May 7, 2024
Affected Software
WP Job Manager
WP Job Manager
Researcher
CVE-ID
CVE-2024-4469
CVE-2024-4469
Patch Status
Patched
Patched
Published
May 10, 2024
May 10, 2024
Affected Software
WP STAGING WordPress Backup Plugin – Migration Backup Restore
WP STAGING WordPress Backup Plugin – Migration Backup Restore
Researcher
CVE-ID
CVE-2024-34570
CVE-2024-34570
Patch Status
Patched
Patched
Published
May 7, 2024
May 7, 2024
Affected Software
140+ Widgets | Xpro Addons For Elementor – FREE
140+ Widgets | Xpro Addons For Elementor – FREE
Researcher
CVE-ID
CVE-2024-34428
CVE-2024-34428
Patch Status
Unpatched
Unpatched
Published
May 6, 2024
May 6, 2024
Affected Software
AWSOM News Announcement
AWSOM News Announcement
Researcher
CVE-ID
CVE-2024-34426
CVE-2024-34426
Patch Status
Unpatched
Unpatched
Published
May 6, 2024
May 6, 2024
Affected Software
Brozzme Scroll Top
Brozzme Scroll Top
Researcher
Comments Evolved for WordPress <= 1.6.3 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-ID
CVE-2024-34420
CVE-2024-34420
Patch Status
Unpatched
Unpatched
Published
May 6, 2024
May 6, 2024
Affected Software
Comments Evolved for WordPress
Comments Evolved for WordPress
Researcher
CVE-ID
CVE-2024-34419
CVE-2024-34419
Patch Status
Unpatched
Unpatched
Published
May 6, 2024
May 6, 2024
Affected Software
Configure Login Timeout
Configure Login Timeout
Researcher
CVE-ID
CVE-2024-34429
CVE-2024-34429
Patch Status
Patched
Patched
Published
May 6, 2024
May 6, 2024
Affected Software
Simple Website Banner
Simple Website Banner
Researcher
CVE-ID
CVE-2024-3068
CVE-2024-3068
Patch Status
Patched
Patched
Published
May 7, 2024
May 7, 2024
Affected Software
Custom Field Suite
Custom Field Suite
Researcher
CVE-ID
CVE-2024-34565
CVE-2024-34565
Patch Status
Unpatched
Unpatched
Published
May 7, 2024
May 7, 2024
Affected Software
Debug Info
Debug Info
Researcher
CVE-ID
CVE-2024-4417
CVE-2024-4417
Patch Status
Patched
Patched
Published
May 10, 2024
May 10, 2024
Affected Software
Falang multilanguage for WordPress
Falang multilanguage for WordPress
Researcher
CVE-ID
CVE-2024-34424
CVE-2024-34424
Patch Status
Unpatched
Unpatched
Published
May 6, 2024
May 6, 2024
Affected Software
Featured Content Gallery
Featured Content Gallery
Researcher
CVE-ID
CVE-2024-34437
CVE-2024-34437
Patch Status
Patched
Patched
Published
May 7, 2024
May 7, 2024
Affected Software
Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder
Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder
Researcher
CVE-ID
CVE-2024-34423
CVE-2024-34423
Patch Status
Unpatched
Unpatched
Published
May 6, 2024
May 6, 2024
Affected Software
Forty Four – 404 Plugin for WordPress
Forty Four – 404 Plugin for WordPress
Researcher
CVE-ID
CVE-2024-3921
CVE-2024-3921
Patch Status
Unpatched
Unpatched
Published
May 8, 2024
May 8, 2024
Affected Software
Gianism
Gianism
Researchers
CVE-ID
CVE-2024-34425
CVE-2024-34425
Patch Status
Unpatched
Unpatched
Published
May 6, 2024
May 6, 2024
Affected Software
QuickieBar
QuickieBar
Researcher
CVE-ID
CVE-2024-35170
CVE-2024-35170
Patch Status
Patched
Patched
Published
May 10, 2024
May 10, 2024
Affected Software
Sticky banner
Sticky banner
Researcher
CVE-ID
CVE-2024-34546
CVE-2024-34546
Patch Status
Unpatched
Unpatched
Published
May 7, 2024
May 7, 2024
Affected Software
Sticky Social Link
Sticky Social Link
Researcher
CVE-ID
CVE-2024-34430
CVE-2024-34430
Patch Status
Unpatched
Unpatched
Published
May 6, 2024
May 6, 2024
Affected Software
TT Custom Post Type Creator
TT Custom Post Type Creator
Researcher
CVE-ID
CVE-2024-34422
CVE-2024-34422
Patch Status
Unpatched
Unpatched
Published
May 6, 2024
May 6, 2024
Affected Software
Viet Affiliate Link
Viet Affiliate Link
Researcher
CVE-ID
CVE-2024-34417
CVE-2024-34417
Patch Status
Unpatched
Unpatched
Published
May 6, 2024
May 6, 2024
Affected Software
Viet Nam Affiliate
Viet Nam Affiliate
Researcher
CVE-ID
CVE-2024-2846
CVE-2024-2846
Patch Status
Patched
Patched
Published
May 7, 2024
May 7, 2024
Affected Software
Visual Footer Credit Remover
Visual Footer Credit Remover
Researcher
CVE-ID
CVE-2024-34558
CVE-2024-34558
Patch Status
Patched
Patched
Published
May 7, 2024
May 7, 2024
Affected Software
WOLF – WordPress Posts Bulk Editor and Manager Professional
WOLF – WordPress Posts Bulk Editor and Manager Professional
Researcher
CVE-ID
CVE-2024-34413
CVE-2024-34413
Patch Status
Patched
Patched
Published
May 6, 2024
May 6, 2024
Affected Software
WordPress Affiliates Plugin — SliceWP Affiliates
WordPress Affiliates Plugin — SliceWP Affiliates
Researcher
WPCS ( WordPress Custom Search ) <= 1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-ID
CVE-2024-34418
CVE-2024-34418
Patch Status
Unpatched
Unpatched
Published
May 6, 2024
May 6, 2024
Affected Software
WPCS ( WordPress Custom Search )
WPCS ( WordPress Custom Search )
Researcher
CVE-ID
CVE-2024-4103
CVE-2024-4103
Patch Status
Patched
Patched
Published
May 7, 2024
May 7, 2024
Affected Software
ADFO – Custom data in admin dashboard
ADFO – Custom data in admin dashboard
Researcher
CVE-ID
CVE-2024-34435
CVE-2024-34435
Patch Status
Patched
Patched
Published
May 7, 2024
May 7, 2024
Affected Software
Aiomatic - Automatic AI Content Writer & Editor, GPT-3 & GPT-4, ChatGPT ChatBot & AI Toolkit
Aiomatic - Automatic AI Content Writer & Editor, GPT-3 & GPT-4, ChatGPT ChatBot & AI Toolkit
Researcher
CVE-ID
CVE-2024-34823
CVE-2024-34823
Patch Status
Patched
Patched
Published
May 9, 2024
May 9, 2024
Affected Software
Arigato Autoresponder and Newsletter
Arigato Autoresponder and Newsletter
Researcher
CVE-ID
CVE-2024-34557
CVE-2024-34557
Patch Status
Patched
Patched
Published
May 7, 2024
May 7, 2024
CVE-ID
CVE-2024-4532
CVE-2024-4532
Patch Status
Unpatched
Unpatched
Published
May 6, 2024
May 6, 2024
Affected Software
Business Card
Business Card
Researcher
CVE-ID
CVE-2024-4531
CVE-2024-4531
Patch Status
Unpatched
Unpatched
Published
May 6, 2024
May 6, 2024
Affected Software
Business Card
Business Card
Researcher
CVE-ID
CVE-2024-4529
CVE-2024-4529
Patch Status
Unpatched
Unpatched
Published
May 6, 2024
May 6, 2024
Affected Software
Business Card
Business Card
Researcher
CVE-ID
CVE-2024-4530
CVE-2024-4530
Patch Status
Unpatched
Unpatched
Published
May 6, 2024
May 6, 2024
Affected Software
Business Card
Business Card
Researcher
CVE-ID
CVE-2024-34828
CVE-2024-34828
Patch Status
Patched
Patched
Published
May 9, 2024
May 9, 2024
Affected Software
Church Admin
Church Admin
Researcher
CVE-ID
CVE-2023-6810
CVE-2023-6810
Patch Status
Patched
Patched
Published
May 6, 2024
May 6, 2024
Affected Software
ClickCease Click Fraud Protection
ClickCease Click Fraud Protection
Researcher
CVE-ID
CVE-2024-34439
CVE-2024-34439
Patch Status
Unpatched
Unpatched
Published
May 7, 2024
May 7, 2024
Affected Software
DS Site Message
DS Site Message
Researcher
CVE-ID
CVE-2024-31113
CVE-2024-31113
Patch Status
Patched
Patched
Published
May 9, 2024
May 9, 2024
Affected Software
Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy)
Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy)
Researcher
CVE-ID
CVE-2024-34388
CVE-2024-34388
Patch Status
Unpatched
Unpatched
Published
May 6, 2024
May 6, 2024
Affected Software
GDPR Compliance
GDPR Compliance
Researcher
CVE-ID
CVE-2024-4745
CVE-2024-4745
Patch Status
Patched
Patched
Published
May 10, 2024
May 10, 2024
CVE-ID
CVE-2024-4314
CVE-2024-4314
Patch Status
Patched
Patched
Published
May 6, 2024
May 6, 2024
Affected Software
Hostel
Hostel
Researcher
CVE-ID
CVE-2024-34817
CVE-2024-34817
Patch Status
Patched
Patched
Published
May 9, 2024
May 9, 2024
Researcher
CVE-ID
CVE-2024-4082
CVE-2024-4082
Patch Status
Patched
Patched
Published
May 7, 2024
May 7, 2024
Affected Software
Joli FAQ SEO – WordPress FAQ Plugin
Joli FAQ SEO – WordPress FAQ Plugin
Researcher
CVE-ID
CVE-2024-34547
CVE-2024-34547
Patch Status
Patched
Patched
Published
May 7, 2024
May 7, 2024
Affected Software
Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library )
Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library )
Researcher
CVE-ID
CVE-2024-35672
CVE-2024-35672
Patch Status
Unpatched
Unpatched
Published
May 10, 2024
May 10, 2024
Affected Software
Netgsm
Netgsm
Researcher
CVE-ID
CVE-2024-4689
CVE-2024-4689
Patch Status
Patched
Patched
Published
May 9, 2024
May 9, 2024
Affected Software
ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization
ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization
Researcher
CVE-ID
CVE-2024-4312
CVE-2024-4312
Patch Status
Patched
Patched
Published
May 7, 2024
May 7, 2024
Affected Software
Soccer Engine – Soccer Plugin for WordPress
Soccer Engine – Soccer Plugin for WordPress
Researcher
CVE-ID
CVE-2024-34825
CVE-2024-34825
Patch Status
Patched
Patched
Published
May 9, 2024
May 9, 2024
Affected Software
Social Sharing Plugin – Social Warfare
Social Sharing Plugin – Social Warfare
Researcher
SP Project & Document Manager <= 4.70 - Authenticated (Subscriber+) Arbitrary Folder Name Update
4.3
CVE-ID
CVE-2024-1693
CVE-2024-1693
Patch Status
Unpatched
Unpatched
Published
May 7, 2024
May 7, 2024
Affected Software
SP Project & Document Manager
SP Project & Document Manager
Researcher
CVE-ID
CVE-2024-4463
CVE-2024-4463
Patch Status
Patched
Patched
Published
May 7, 2024
May 7, 2024
Affected Software
Squelch Tabs and Accordions Shortcodes
Squelch Tabs and Accordions Shortcodes
Researcher
CVE-ID
CVE-2024-1467
CVE-2024-1467
Patch Status
Patched
Patched
Published
May 8, 2024
May 8, 2024
Affected Software
Starter Templates — Elementor, WordPress & Beaver Builder Templates
Starter Templates — Elementor, WordPress & Beaver Builder Templates
Researcher
CVE-ID
CVE-2024-34827
CVE-2024-34827
Patch Status
Patched
Patched
Published
May 9, 2024
May 9, 2024
Affected Software
Translate Multilingual sites – TranslatePress
Translate Multilingual sites – TranslatePress
Researcher
CVE-ID
CVE-2024-34814
CVE-2024-34814
Patch Status
Patched
Patched
Published
May 9, 2024
May 9, 2024
Affected Software
Unyson
Unyson
Researcher
CVE-ID
CVE-2024-34818
CVE-2024-34818
Patch Status
Unpatched
Unpatched
Published
May 9, 2024
May 9, 2024
Affected Software
WordPress Webinar Plugin – WebinarPress
WordPress Webinar Plugin – WebinarPress
Researcher
CVE-ID
CVE-2024-35168
CVE-2024-35168
Patch Status
Patched
Patched
Published
May 10, 2024
May 10, 2024
Affected Software
WP Discourse
WP Discourse
Researcher
CVE-ID
CVE-2024-34427
CVE-2024-34427
Patch Status
Unpatched
Unpatched
Published
May 6, 2024
May 6, 2024
Affected Software
WP Favorite Posts
WP Favorite Posts
Researcher
CVE-ID
CVE-2024-34387
CVE-2024-34387
Patch Status
Patched
Patched
Published
May 6, 2024
May 6, 2024
CVE-ID
CVE-2024-34389
CVE-2024-34389
Patch Status
Patched
Patched
Published
May 6, 2024
May 6, 2024
SportsPress – Sports Club & League Manager <= 2.7.20 - Missing Authorization to Notice Dismissal
3.5
CVE-ID
CVE-2024-34824
CVE-2024-34824
Patch Status
Patched
Patched
Published
May 9, 2024
May 9, 2024
Affected Software
SportsPress – Sports Club & League Manager
SportsPress – Sports Club & League Manager
Researcher
As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.
This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us through our Bug Bounty Program, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
Comments
4:20 am
Thanks you are heroes!!