Wordfence Intelligence Weekly WordPress Vulnerability Report (June 3, 2024 to June 9, 2024)


📢 Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the rest. For a limited time, all high risk issues are in-scope for all researchers! 


Last week, there were 240 vulnerabilities disclosed in 204 WordPress Plugins and 10 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 68 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.

Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface, vulnerability API, webhook integration, and Wordfence CLI Vulnerability Scanner are all completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.

Enterprises, Hosting Providers, and even Individuals can use the Wordfence CLI Vulnerability Scanner to run regular vulnerability scans across the sites they protect. Or alternatively, utilize the vulnerability Database API to receive a complete dump of our database of over 16,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.


Total Unpatched & Patched Vulnerabilities Last Week

Patch Status Number of Vulnerabilities
Patched 187
Unpatched 53


Total Vulnerabilities by CVSS Severity Last Week

Severity Rating Number of Vulnerabilities
Medium Severity 208
High Severity 22
Critical Severity 10


Total Vulnerabilities by CWE Type Last Week

Vulnerability Type by CWE Number of Vulnerabilities
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 124
Missing Authorization 51
Cross-Site Request Forgery (CSRF) 9
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') 8
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') 8
Exposure of Sensitive Information to an Unauthorized Actor 7
Improper Access Control 5
Authorization Bypass Through User-Controlled Key 4
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') 3
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') 2
Insufficient Verification of Data Authenticity 2
URL Redirection to Untrusted Site ('Open Redirect') 2
Authentication Bypass Using an Alternate Path or Channel 1
Improper Control of Generation of Code ('Code Injection') 1
Improper Handling of Insufficient Permissions or Privileges 1
Improper Input Validation 1
Improper Neutralization of Alternate XSS Syntax 1
Improper Neutralization of Formula Elements in a CSV File 1
Improper Restriction of Excessive Authentication Attempts 1
Incorrect Permission Assignment for Critical Resource 1
Incorrect Privilege Assignment 1
Insecure Storage of Sensitive Information 1
Path Traversal: '.../...//' 1
Server-Side Request Forgery (SSRF) 1
Unrestricted Upload of File with Dangerous Type 1
Use of Insufficiently Random Values 1
Use of Less Trusted Source 1


Researchers That Contributed to WordPress Security Last Week

Researcher Name Number of Vulnerabilities
25
16
14
12
12
10
10
8
7
7
6
6
5
5
5
5
4
4
3
3
3
3
3
3
3
3
3
3
3
2
2
2
2
2
2
2
2
2
2
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1

Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and earn a bounty on in-scope vulnerabilities through our Bug Bounty Program. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.


WordPress Plugins with Reported Vulnerabilities Last Week

Software Name Software Slug
12 Step Meeting List 12-step-meeting-list
Active Products Tables for WooCommerce. Use constructor to create tables  profit-products-tables-for-woocommerce
Admin Notices Manager admin-notices-manager
Advanced Woo Labels – Product Labels for WooCommerce advanced-woo-labels
Album and Image Gallery plus Lightbox album-and-image-gallery-plus-lightbox
Album Gallery – WordPress Gallery new-album-gallery
Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy) wp-analytify
Animated AL List animated-al-list
Authorize.net Payment Gateway For WooCommerce authorizenet-payment-gateway-for-woocommerce
Auto Coupons for WooCommerce woo-auto-coupons
Block for Font Awesome block-for-font-awesome
BlockArt Blocks – Gutenberg Blocks, Page Builder Blocks ,WordPress Block Plugin, Sections & Template Library blockart-blocks
Bookster – WordPress Appointment Booking Plugin bookster
Boostify Header Footer Builder for Elementor boostify-header-footer-builder
Bosa Elementor Addons and Templates for WooCommerce bosa-elementor-for-woocommerce
Brave – Create Popup, Optins, Lead Generation, Survey, Sticky Elements & Interactive Content brave-popup-builder
Brizy – Page Builder brizy
BuddyPress Cover bp-cover
BuddyPress Members Only buddypress-members-only
BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages wc4bp
Cards for Beaver Builder bb-bootstrap-cards
CF7 Google Sheets Connector cf7-google-sheets-connector
Checkout Field Editor for WooCommerce (Pro) woocommerce-checkout-field-editor-pro
Claudio Sanches – Checkout Cielo for WooCommerce woocommerce-checkout-cielo
Clever Addons for Elementor cafe-lite
Clever Fox clever-fox
Colibri Page Builder colibri-page-builder
Comments – wpDiscuz wpdiscuz
Contact Form 7 contact-form-7
Contact Form Builder, Contact Widget contact-forms-builder
Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress contact-form-to-db
Copymatic – AI Content Writer & Generator copymatic
Countdown, Coming Soon, Maintenance – Countdown & Clock countdown-builder
Cowidgets – Elementor Addons cowidgets-elementor-addons
Custom Dash custom-dash
Dashboard To-Do List dashboard-to-do-list
Database Cleaner database-cleaner
Debug Log Manager debug-log-manager
Download Attachments download-attachments
Download Manager download-manager
Easy Forms for Mailchimp yikes-inc-easy-mailchimp-extender
Easy Social Like Box – Popup – Sidebar Widget cardoza-facebook-like-box
Easy Table of Contents easy-table-of-contents
EasyAzon – Amazon Associates Affiliate Plugin easyazon
ElasticPress elasticpress
ElementsReady Addons for Elementor element-ready-lite
Email Subscribers by Icegram Express – Affordable, Powerful Email Marketing for WordPress & WooCommerce email-subscribers
EmbedPress – Embed PDF, PDF 3D FlipBook, Instagram Social Feeds, Google Docs, Vimeo, Wistia, YouTube Videos, Maps & Upload PDF Documents embedpress
Emergency Password Reset emergency-password-reset
Envo Extra envo-extra
Essential Addons for Elementor Pro essential-addons-elementor
Essential Addons for Elementor – Popular Elementor Addon With Ready Templates, Advanced Widgets, Kits & WooCommerce Builders essential-addons-for-elementor-lite
Essential Real Estate essential-real-estate
Event Tickets with Ticket Scanner event-tickets-with-ticket-scanner
Extra Product Options for WooCommerce extra-product-options-for-woocommerce
FileOrganizer – Manage WordPress and Website Files fileorganizer
Five Star Restaurant Menu and Food Ordering food-and-drink-menu
Fluid Notification Bar fluid-notification-bar
Frontend Checklist frontend-checklist
Frontend Registration – Contact Form 7 frontend-registration-contact-form-7
Gallery – Image and Video Gallery with Thumbnails gallery-album
GamiPress – Link gamipress-link
GDPR CCPA Compliance & Cookie Consent Banner ninja-gdpr-compliance
GiveWP – Donation Plugin and Fundraising Platform give
GP Premium gp-premium
Gutenberg Blocks and Page Layouts – Attire Blocks attire-blocks
Heateor Social Login WordPress heateor-social-login
HT Feed ht-instagram
Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery new-image-gallery
Image Hover Effects for Elementor with Lightbox and Flipbox image-hover-effects-with-carousel
Insert Post Ads insert-post-ads
Integrate Google Drive integrate-google-drive
Interactive Content – H5P h5p
Kadence Blocks Pro kadence-blocks-pro
Kenta Blocks – Responsive Blocks and block templates library kenta-blocks
KiviCare – Clinic & Patient Management System (EHR) kivicare-clinic-management-system
Kognetiks Chatbot for WordPress chatbot-chatgpt
LA-Studio Element Kit for Elementor lastudio-element-kit
LearnPress – WordPress LMS Plugin learnpress
Leyka leyka
LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes lifterlms
LightPress Lightbox wp-jquery-lightbox
Link Library link-library
Login/Signup Popup ( Inline Form + Woocommerce ) easy-login-woocommerce
Logo Manager For Enamad logo-manager-for-enamad
Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library ) magical-addons-for-elementor
MapFig Studio mapfig-studio
Market Exporter market-exporter
Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations master-addons
Materialis Companion materialis-companion
Media Slider – Photo Slider, Video Slider, Link Slider, Carousal Slideshow media-slider
MegaMenu stm-megamenu
MelaPress Login Security melapress-login-security
Mime Types Extended mime-types-extended
Minimal Coming Soon – Coming Soon Page minimal-coming-soon-maintenance-mode
MJ Update History mj-update-history
Mollie Forms mollie-forms
MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution dc-woocommerce-multi-vendor
Muslim Prayer Time BD – Prayer Reminder for Bangladesh muslim-prayer-time-bd
Nafeza Prayer Time nafeza-prayer-time
Newsletter – Send awesome emails from WordPress newsletter
Newsletter, SMTP, Email marketing and Subscribe forms by Brevo (formely Sendinblue) mailin
Newsletters newsletters-lite
One Page Express Companion one-page-express-companion
Open Graph opengraph
OTP Login Woocommerce (Login with OTP) mobile-login-woocommerce
Otter Blocks PRO – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE otter-pro
Ovic Importer ovic-import-demo
Pagerank tools pagerank-tools
Photo Gallery by 10Web – Mobile-Friendly Image Gallery photo-gallery
Podlove Web Player podlove-web-player
Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) buddyforms
Post Grid and Gutenberg Blocks – ComboBlocks post-grid
PowerPack Pro for Elementor powerpack-elements
PPOM – Product Addons & Custom Fields for WooCommerce woocommerce-product-addon
Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Post Slider and Ecommerce Slider) bdthemes-prime-slider-lite
ProfileGrid – User Profiles, Groups and Communities profilegrid-user-profiles-groups-and-communities
ProfilePro profilepro
PropertyHive propertyhive
Pure Chat – Live Chat & More! pure-chat
PVN Auth Popup pvn-auth-popup
Qi Addons For Elementor qi-addons-for-elementor
Qi Blocks qi-blocks
Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker quiz-master-next
Recurring PayPal Donations recurring-donation
Responsive Plus – Starter Templates, Advanced Features and Customizer Settings for Responsive Theme. responsive-add-ons
Restrict for Elementor restrict-for-elementor
RestroPress – Online Food Ordering System restropress
Rotating Tweets (Twitter widget and shortcode) rotatingtweets
Royal Elementor Addons and Templates royal-elementor-addons
Salon Booking System salon-booking-system
Save as PDF Plugin by Pdfcrowd save-as-pdf-by-pdfcrowd
SC filechecker wp-file-checker
SellKit – Funnel builder and checkout optimizer for WooCommerce to sell more, faster sellkit
Sensei LMS – Online Courses, Quizzes, & Learning sensei-lms
SEOPress – On-site SEO wp-seopress
Shopping Cart & eCommerce Store wp-easycart
Side Cart Woocommerce | Woocommerce Cart side-cart-woocommerce
Simple AL Slider simple-al-slider
Simple COD Fees for WooCommerce simple-cod-fee-for-woocommerce
Simple Image Popup Shortcode simple-image-popup-shortcode
Simple Photoswipe simple-photoswipe
SKT Addons for Elementor skt-addons-for-elementor
Slider Responsive Slideshow – Image slider, Gallery slideshow slider-responsive-slideshow
Slider Revolution revslider
Social Link Pages: link-in-bio landing pages for your social media profiles social-link-pages
Social Login Lite For WooCommerce social-login-lite-for-woocommerce
Spotify Play Button spotify-play-button
Startklar Elementor Addons startklar-elmentor-forms-extwidgets
Stellissimo Text Box stellissimo-text-box
Strategery Migrations strategery-migrations
Strong Testimonials strong-testimonials
SureTriggers: All-in-One WordPress Automation suretriggers
TablePress – Tables in WordPress made easy tablepress
tagDiv Composer td-composer
TemplatesNext OnePager templatesnext-onepager
Termly – GDPR/CCPA Cookie Consent Banner uk-cookie-consent
Testimonials Widget testimonials-widget
The Moneytizer the-moneytizer
The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid the-post-grid
Themesflat Addons For Elementor themesflat-addons-for-elementor
Tickera – WordPress Event Ticketing tickera-event-ticketing-system
Tooltip CK tooltip-ck
Tracking Code Manager tracking-code-manager
Tutor LMS – eLearning and online course solution tutor
Under Construction / Maintenance Mode from Acurax coming-soon-maintenance-mode-from-acurax
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) unlimited-elements-for-elementor
Upload Fields for WPForms – Drag and Drop Multiple File Upload, Image Upload, and Google Drive Upload for WPForms upload-fields-for-wpforms
Upunzipper upunzipper
Video Widget video-widget
Visual Composer Website Builder visualcomposer
Visualizer: Tables and Charts Manager for WordPress visualizer
Waitlist Woocommerce ( Back in stock notifier ) waitlist-woocommerce
Wbcom Designs – Custom Font Uploader custom-font-uploader
Weather Widget Pro weather-in-any-city-widget
Weaver Xtreme Theme Support weaverx-theme-support
WebP & SVG Support webp-svg-support
Widget Options - Extended extended-widget-options
Widget Options – The #1 WordPress Widget & Block Control Plugin widget-options
Widget4Call widget4call
WooCommerce Dropshipping Premium woocommerce-dropshipping
WooCommerce Tools woo-tools
Woody code snippets – Insert Header Footer Code, AdSense Ads insert-php
woothemes-sensei woothemes-sensei
WordPress prettyPhoto prettyphoto
WP Chat App wp-whatsapp
WP Dark Mode – WordPress Dark Mode Plugin for Improved Accessibility, Dark Theme, Night Mode, and Social Sharing wp-dark-mode
WP Docs wp-docs
WP Force SSL & HTTPS SSL Redirect wp-force-ssl
WP Mobile Menu – The Mobile-Friendly Responsive Menu mobile-menu
WP Reset – Most Advanced WordPress Reset Tool wp-reset
WP Shortcodes Plugin — Shortcodes Ultimate shortcodes-ultimate
WP Time Slots Booking Form wp-time-slots-booking-form
WP Translate – WordPress Translation Plugin wp-translate
WP Visitors Tracker wp_visitorstracker
WP-DB-Table-Editor wp-db-table-editor
WP-Recall – Registration, Profile, Commerce & More wp-recall
WPMobile.App — Android and iOS Mobile Application wpappninja
WPUpper Share Buttons wpupper-share-buttons
WS Form LITE – Drag & Drop Contact Form Builder for WordPress ws-form
WS Form Pro ws-form-pro
YITH Custom Login yith-custom-login
YITH WooCommerce Product Add-Ons yith-woocommerce-product-add-ons
YITH WooCommerce Tab Manager yith-woocommerce-tab-manager


WordPress Themes with Reported Vulnerabilities Last Week

Software Name Software Slug
Blocksy blocksy
Bloglo bloglo
Eduma eduma
Event event
Formula formula
Idyllic idyllic
Pixgraphy pixgraphy
Radcliffe 2 radcliffe-2
Responsive responsive
Rife Free rife-free


Vulnerability Details

Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you’d like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.

CVSS Rating
Critical (10.0)
CVE-ID
CVE-2024-35746
Patch Status
Unpatched
Published
Jun 6, 2024
Affected Software
BuddyPress Cover
Researcher
CVSS Rating
Critical (9.9)
CVE-ID
CVE-2024-35750
Patch Status
Unpatched
Published
Jun 6, 2024
CVSS Rating
Critical (9.9)
CVE-ID
CVE-2024-35736
Patch Status
Patched
Published
Jun 6, 2024
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-35658
Patch Status
Patched
Published
Jun 3, 2024
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-35677
Patch Status
Patched
Published
Jun 5, 2024
Affected Software
MegaMenu
Researcher
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-4552
Patch Status
Unpatched
Published
Jun 3, 2024
CVSS Rating
Critical (9.1)
CVE-ID
CVE-2024-5153
Patch Status
Unpatched
Published
Jun 5, 2024
Affected Software
Startklar Elementor Addons
Researcher
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-5179
Patch Status
Patched
Published
Jun 5, 2024
Researcher
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-3668
Patch Status
Patched
Published
Jun 7, 2024
Affected Software
PowerPack Pro for Elementor
Researcher
CVSS Rating
High (8.1)
CVE-ID
CVE-2023-6968
Patch Status
Patched
Published
Jun 5, 2024
Affected Software
The Moneytizer
Researcher
CVSS Rating
High (8.1)
CVE-ID
CVE-2023-6966
Patch Status
Patched
Published
Jun 5, 2024
Affected Software
The Moneytizer
Researcher
CVSS Rating
High (7.5)
CVE-ID
CVE-2024-5599
Patch Status
Patched
Published
Jun 6, 2024
CVSS Rating
High (7.5)
CVE-ID
CVE-2024-5637
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
Market Exporter
Researcher
CVSS Rating
High (7.5)
CVE-ID
CVE-2024-4887
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
Qi Addons For Elementor
Researcher
CVSS Rating
High (7.5)
CVE-ID
CVE-2024-35745
Patch Status
Unpatched
Published
Jun 6, 2024
Affected Software
Strategery Migrations
Researcher
CVSS Rating
High (7.5)
CVE-ID
CVE-2024-2019
Patch Status
Unpatched
Published
Jun 3, 2024
Affected Software
WP-DB-Table-Editor
Researcher
CVSS Rating
High (7.4)
CVE-ID
CVE-2024-3667
Patch Status
Patched
Published
Jun 4, 2024
Affected Software
Brizy – Page Builder
Researcher
CVSS Rating
High (7.4)
CVE-ID
CVE-2024-5091
Patch Status
Patched
Published
Jun 7, 2024
Affected Software
SKT Addons for Elementor
Researcher
CVSS Rating
High (7.2)
CVE-ID
CVE-2024-2087
Patch Status
Patched
Published
Jun 4, 2024
Affected Software
Brizy – Page Builder
Researcher
CVSS Rating
High (7.2)
CVE-ID
CVE-2024-4870
Patch Status
Unpatched
Published
Jun 3, 2024
CVSS Rating
High (7.2)
CVE-ID
CVE-2024-35706
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
Heateor Social Login WordPress
Researcher
CVSS Rating
High (7.2)
CVE-ID
CVE-2024-4759
Patch Status
Unpatched
Published
Jun 4, 2024
Affected Software
Mime Types Extended
Researcher
CVSS Rating
High (7.2)
CVE-ID
CVE-2024-35734
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
WP Time Slots Booking Form
Researcher
CVSS Rating
Medium (6.6)
CVE-ID
CVE-2024-35650
Patch Status
Patched
Published
Jun 3, 2024
Affected Software
MelaPress Login Security
Researcher
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2024-4194
Patch Status
Patched
Published
Jun 5, 2024
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2024-5654
Patch Status
Patched
Published
Jun 7, 2024
Affected Software
CF7 Google Sheets Connector
Researcher
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2024-35754
Patch Status
Unpatched
Published
Jun 6, 2024
Affected Software
Ovic Importer
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-35705
Patch Status
Patched
Published
Jun 6, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-5439
Patch Status
Patched
Published
Jun 4, 2024
Affected Software
Blocksy
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-35715
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
Bloglo
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-1161
Patch Status
Patched
Published
Jun 4, 2024
Affected Software
Brizy – Page Builder
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-1164
Patch Status
Patched
Published
Jun 4, 2024
Affected Software
Brizy – Page Builder
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-5663
Patch Status
Patched
Published
Jun 7, 2024
Affected Software
Cards for Beaver Builder
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-2350
Patch Status
Patched
Published
Jun 5, 2024
Affected Software
Clever Addons for Elementor
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-1768
Patch Status
Patched
Published
Jun 6, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4451
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
Colibri Page Builder
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-5038
Patch Status
Patched
Published
Jun 5, 2024
Affected Software
Colibri Page Builder
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-35681
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
Comments – wpDiscuz
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-3230
Patch Status
Patched
Published
Jun 3, 2024
Affected Software
Download Attachments
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4001
Patch Status
Patched
Published
Jun 4, 2024
Affected Software
Download Manager
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-5152
Patch Status
Patched
Published
Jun 5, 2024
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-5645
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
Envo Extra
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4273
Patch Status
Patched
Published
Jun 3, 2024
Affected Software
Essential Real Estate
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-5536
Patch Status
Patched
Published
Jun 4, 2024
Affected Software
GamiPress – Link
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-3111
Patch Status
Patched
Published
Jun 6, 2024
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-35707
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
Heateor Social Login WordPress
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-35699
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
HT Feed
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-35714
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
Idyllic
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-35738
Patch Status
Patched
Published
Jun 6, 2024
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4707
Patch Status
Patched
Published
Jun 5, 2024
Affected Software
Materialis Companion
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-5317
Patch Status
Patched
Published
Jun 4, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-35740
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
Pixgraphy
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-6668
Patch Status
Unpatched
Published
Jun 5, 2024
Affected Software
ProfilePro
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-35701
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
PropertyHive
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-6718
Patch Status
Unpatched
Published
Jun 5, 2024
Affected Software
PVN Auth Popup
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4364
Patch Status
Patched
Published
Jun 5, 2024
Affected Software
Qi Addons For Elementor
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-5221
Patch Status
Patched
Published
Jun 5, 2024
Affected Software
Qi Blocks
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-35676
Patch Status
Patched
Published
Jun 5, 2024
Affected Software
Recurring PayPal Donations
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-35654
Patch Status
Patched
Published
Jun 3, 2024
Affected Software
Responsive
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-35719
Patch Status
Patched
Published
Jun 6, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-35708
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
Rife Free
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4489
Patch Status
Patched
Published
Jun 6, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4488
Patch Status
Patched
Published
Jun 6, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-35649
Patch Status
Patched
Published
Jun 3, 2024
Affected Software
Save as PDF Plugin by Pdfcrowd
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-34765
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
woothemes-sensei
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4900
Patch Status
Patched
Published
Jun 3, 2024
Affected Software
SEOPress – On-site SEO
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4899
Patch Status
Patched
Published
Jun 3, 2024
Affected Software
SEOPress – On-site SEO
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-5342
Patch Status
Unpatched
Published
Jun 5, 2024
Affected Software
Simple Image Popup Shortcode
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4637
Patch Status
Patched
Published
Jun 3, 2024
Affected Software
Slider Revolution
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4581
Patch Status
Patched
Published
Jun 3, 2024
Affected Software
Slider Revolution
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-5199
Patch Status
Unpatched
Published
Jun 5, 2024
Affected Software
Spotify Play Button
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-3888
Patch Status
Patched
Published
Jun 3, 2024
Affected Software
tagDiv Composer
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-35753
Patch Status
Unpatched
Published
Jun 6, 2024
Affected Software
TemplatesNext OnePager
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4705
Patch Status
Unpatched
Published
Jun 5, 2024
Affected Software
Testimonials Widget
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-35711
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
Event
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4212
Patch Status
Patched
Published
Jun 5, 2024
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4458
Patch Status
Patched
Published
Jun 5, 2024
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-2922
Patch Status
Patched
Published
Jun 5, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4459
Patch Status
Patched
Published
Jun 5, 2024
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-35755
Patch Status
Patched
Published
Jun 7, 2024
Affected Software
Weather Widget Pro
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4939
Patch Status
Patched
Published
Jun 4, 2024
Affected Software
Weaver Xtreme Theme Support
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-3633
Patch Status
Unpatched
Published
Jun 5, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-5162
Patch Status
Unpatched
Published
Jun 5, 2024
Affected Software
WordPress prettyPhoto
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-35695
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
WP Docs
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-5425
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
LightPress Lightbox
Researcher
CVSS Rating
Medium (6.3)
CVE-ID
CVE-2024-5087
Patch Status
Patched
Published
Jun 7, 2024
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-35693
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
12 Step Meeting List
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-5728
Patch Status
Unpatched
Published
Jun 7, 2024
Affected Software
Animated AL List
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-35733
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
Auto Coupons for WooCommerce
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-4704
Patch Status
Patched
Published
Jun 5, 2024
Affected Software
Contact Form 7
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-35697
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
Eduma
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-35652
Patch Status
Patched
Published
Jun 3, 2024
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-5613
Patch Status
Patched
Published
Jun 7, 2024
Affected Software
Formula
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-5638
Patch Status
Patched
Published
Jun 7, 2024
Affected Software
Formula
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-35679
Patch Status
Patched
Published
Jun 6, 2024
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-3469
Patch Status
Patched
Published
Jun 4, 2024
Affected Software
GP Premium
Researchers
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-35687
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
Link Library
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-4757
Patch Status
Patched
Published
Jun 4, 2024
Affected Software
Logo Manager For Enamad
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-6712
Patch Status
Unpatched
Published
Jun 5, 2024
Affected Software
MapFig Studio
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-35718
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
Newsletters
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-5730
Patch Status
Unpatched
Published
Jun 7, 2024
Affected Software
Pagerank tools
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-5729
Patch Status
Unpatched
Published
Jun 7, 2024
Affected Software
Simple AL Slider
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-5727
Patch Status
Unpatched
Published
Jun 7, 2024
Affected Software
Widget4Call
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-35696
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
WP Docs
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-35737
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
WP Visitors Tracker
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-35694
Patch Status
Patched
Published
Jun 6, 2024
CVSS Rating
Medium (5.4)
CVE-ID
CVE-2024-35724
Patch Status
Patched
Published
Jun 6, 2024
CVSS Rating
Medium (5.4)
CVE-ID
CVE-2024-35669
Patch Status
Patched
Published
Jun 3, 2024
Affected Software
Debug Log Manager
Researcher
CVSS Rating
Medium (5.4)
CVE-ID
CVE-2024-35673
Patch Status
Patched
Published
Jun 5, 2024
Researcher
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-5071
Patch Status
Patched
Published
Jun 5, 2024
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-0972
Patch Status
Patched
Published
Jun 5, 2024
Affected Software
BuddyPress Members Only
Researcher
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-35747
Patch Status
Unpatched
Published
Jun 6, 2024
Researcher
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-35742
Patch Status
Unpatched
Published
Jun 6, 2024
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-35692
Patch Status
Patched
Published
Jun 6, 2024
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-35665
Patch Status
Unpatched
Published
Jun 3, 2024
Affected Software
Insert Post Ads
Researcher
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-35670
Patch Status
Patched
Published
Jun 3, 2024
Affected Software
Integrate Google Drive
Researcher
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-35725
Patch Status
Patched
Published
Jun 6, 2024
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-5483
Patch Status
Patched
Published
Jun 4, 2024
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-35683
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
Leyka
Researcher
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-5615
Patch Status
Patched
Published
Jun 4, 2024
Affected Software
Open Graph
Researcher
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-35710
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
Podlove Web Player
Researcher
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-35728
Patch Status
Patched
Published
Jun 6, 2024
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-35685
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
Radcliffe 2
Researcher
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-0910
Patch Status
Patched
Published
Jun 5, 2024
Affected Software
Restrict for Elementor
Researcher
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-35686
Patch Status
Patched
Published
Jun 6, 2024
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-35749
Patch Status
Unpatched
Published
Jun 6, 2024
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-35748
Patch Status
Unpatched
Published
Jun 6, 2024
Researcher
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-35667
Patch Status
Patched
Published
Jun 3, 2024
Researcher
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-35735
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
WP Time Slots Booking Form
Researcher
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-35663
Patch Status
Unpatched
Published
Jun 3, 2024
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-4997
Patch Status
Patched
Published
Jun 3, 2024
Affected Software
WPUpper Share Buttons
Researcher
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-35680
Patch Status
Patched
Published
Jun 6, 2024
CVSS Rating
Medium (4.9)
CVE-ID
CVE-2024-35712
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
Database Cleaner
Researcher
CVSS Rating
Medium (4.9)
CVE-ID
CVE-2024-35743
Patch Status
Unpatched
Published
Jun 6, 2024
Affected Software
SC filechecker
Researcher
CVSS Rating
Medium (4.9)
CVE-ID
CVE-2024-35744
Patch Status
Unpatched
Published
Jun 6, 2024
Affected Software
Upunzipper
Researcher
CVSS Rating
Medium (4.7)
CVE-ID
CVE-2023-5424
Patch Status
Patched
Published
Jun 6, 2024
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-4942
Patch Status
Unpatched
Published
Jun 5, 2024
Affected Software
Custom Dash
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-5573
Patch Status
Patched
Published
Jun 5, 2024
Affected Software
Easy Table of Contents
Researcher
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-3031
Patch Status
Unpatched
Published
Jun 3, 2024
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-4957
Patch Status
Unpatched
Published
Jun 5, 2024
Affected Software
Frontend Checklist
Researcher
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-4959
Patch Status
Unpatched
Published
Jun 5, 2024
Affected Software
Frontend Checklist
Researcher
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-4462
Patch Status
Unpatched
Published
Jun 3, 2024
Affected Software
Nafeza Prayer Time
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-6713
Patch Status
Unpatched
Published
Jun 5, 2024
Affected Software
PVN Auth Popup
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-5473
Patch Status
Unpatched
Published
Jun 5, 2024
Affected Software
Simple Photoswipe
Researcher
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-35752
Patch Status
Unpatched
Published
Jun 6, 2024
Affected Software
Stellissimo Text Box
Researcher
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-35756
Patch Status
Unpatched
Published
Jun 7, 2024
Affected Software
Tooltip CK
Researcher
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-6335
Patch Status
Patched
Published
Jun 3, 2024
Affected Software
Tracking Code Manager
Researcher
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-5169
Patch Status
Unpatched
Published
Jun 5, 2024
Affected Software
Video Widget
Researcher
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-35653
Patch Status
Patched
Published
Jun 3, 2024
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-4664
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
WP Chat App
Researcher
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-35698
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
YITH WooCommerce Tab Manager
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-1717
Patch Status
Patched
Published
Jun 3, 2024
Affected Software
Admin Notices Manager
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-35720
Patch Status
Patched
Published
Jun 6, 2024
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-4788
Patch Status
Patched
Published
Jun 5, 2024
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-35716
Patch Status
Patched
Published
Jun 6, 2024
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-35723
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
Dashboard To-Do List
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-35684
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
ElasticPress
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-35648
Patch Status
Patched
Published
Jun 3, 2024
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-4274
Patch Status
Patched
Published
Jun 3, 2024
Affected Software
Essential Real Estate
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-35727
Patch Status
Patched
Published
Jun 6, 2024
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-4088
Patch Status
Patched
Published
Jun 4, 2024
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-1330
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
Kadence Blocks Pro
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-35659
Patch Status
Unpatched
Published
Jun 3, 2024
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-5665
Patch Status
Patched
Published
Jun 5, 2024
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-35671
Patch Status
Unpatched
Published
Jun 3, 2024
Affected Software
MJ Update History
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-2368
Patch Status
Patched
Published
Jun 4, 2024
Affected Software
Mollie Forms
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-4758
Patch Status
Unpatched
Published
Jun 5, 2024
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-5453
Patch Status
Patched
Published
Jun 4, 2024
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-5459
Patch Status
Patched
Published
Jun 4, 2024
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-4468
Patch Status
Patched
Published
Jun 7, 2024
Affected Software
Salon Booking System
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-35662
Patch Status
Unpatched
Published
Jun 3, 2024
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-5570
Patch Status
Unpatched
Published
Jun 7, 2024
Affected Software
Simple Photoswipe
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2023-6491
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
Strong Testimonials
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-35729
Patch Status
Patched
Published
Jun 6, 2024
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-5489
Patch Status
Patched
Published
Jun 5, 2024
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-1689
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
WooCommerce Tools
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-4661
Patch Status
Patched
Published
Jun 7, 2024
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-35657
Patch Status
Patched
Published
Jun 3, 2024
CVSS Rating
Medium (4.2)
CVE-ID
CVE-2024-5770
Patch Status
Patched
Published
Jun 7, 2024
Researcher
CVSS Rating
Medium (4.0)
CVE-ID
CVE-2024-35732
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
YITH Custom Login
Researcher


As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.

This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us through our Bug Bounty Program, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.

Did you enjoy this post? Share it!

Comments

No Comments