Wordfence Intelligence Weekly WordPress Vulnerability Report (May 27, 2024 to June 2, 2024)
📢 Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the rest.Â
Last week, there were 107 vulnerabilities disclosed in 90 WordPress Plugins and no WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 49 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.
Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface, vulnerability API, webhook integration, and Wordfence CLI Vulnerability Scanner are all completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.
Enterprises, Hosting Providers, and even Individuals can use the Wordfence CLI Vulnerability Scanner to run regular vulnerability scans across the sites they protect. Or alternatively, utilize the vulnerability Database API to receive a complete dump of our database of over 16,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
New Firewall Rules Deployed Last Week
The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.
The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our Premium, Care, and Response customers last week:
- Login/Signup Popup ( Inline Form + Woocommerce ) 2.7.1 – 2.7.2 – Missing Authorization to Arbitrary Options Update
- WAF-RULE-702 – data redacted while we work with the vendor on a patch.
- WAF-RULE-703 – data redacted while we work with the vendor on a patch.
- WAF-RULE-704 – data redacted while we work with the vendor on a patch.
Wordfence Premium, Care, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.
Total Unpatched & Patched Vulnerabilities Last Week
| Patch Status | Number of Vulnerabilities |
|---|---|
| Patched | 75 |
| Unpatched | 32 |
Total Vulnerabilities by CVSS Severity Last Week
| Severity Rating | Number of Vulnerabilities |
|---|---|
| Medium Severity | 87 |
| High Severity | 12 |
| Critical Severity | 8 |
Total Vulnerabilities by CWE Type Last Week
| Vulnerability Type by CWE | Number of Vulnerabilities |
|---|---|
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 60 |
| Cross-Site Request Forgery (CSRF) | 13 |
| Missing Authorization | 11 |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') | 5 |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | 5 |
| Server-Side Request Forgery (SSRF) | 4 |
| Authentication Bypass Using an Alternate Path or Channel | 2 |
| Exposure of Sensitive Information to an Unauthorized Actor | 1 |
| Improper Access Control | 1 |
| Improper Authorization | 1 |
| Improper Check or Handling of Exceptional Conditions | 1 |
| Improper Neutralization of Alternate XSS Syntax | 1 |
| Improper Neutralization of Special Elements Used in a Template Engine | 1 |
| Unrestricted Upload of File with Dangerous Type | 1 |
Researchers That Contributed to WordPress Security Last Week
| Researcher Name | Number of Vulnerabilities |
|---|---|
| 12 | |
| 9 | |
| 9 | |
| 7 | |
| 5 | |
| 5 | |
| 4 | |
| 3 | |
| 3 | |
| 3 | |
| 3 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 |
Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and earn a bounty on in-scope vulnerabilities through our Bug Bounty Program. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.
WordPress Plugins with Reported Vulnerabilities Last Week
| Software Name | Software Slug |
|---|---|
| ActiveDEMAND | activedemand |
| Advanced Custom Fields Pro | advanced-custom-fields-pro |
| AffiEasy | affieasy |
| AppPresser – Mobile App Framework | apppresser |
| Auto Featured Image (Auto Post Thumbnail) | auto-post-thumbnail |
| Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection | stopbadbots |
| Blocksy Companion | blocksy-companion |
| CB (legacy) | commons-booking |
| Church Admin | church-admin |
| Comparison Slider | comparison-slider |
| Contact Form Manager | contact-form-manager |
| Content Blocks (Custom Post Widget) | custom-post-widget |
| CSSable Countdown | cssable-countdown |
| DethemeKit For Elementor | dethemekit-for-elementor |
| DOP Shortcodes | dop-shortcodes |
| Download Manager | download-manager |
| Download Monitor | download-monitor |
| Easy Digital Downloads – Recent Purchases | edd-recent-purchases |
| Elements For Elementor | nd-elements |
| Essential Addons for Elementor Pro | essential-addons-elementor |
| Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders | essential-addons-for-elementor-lite |
| Expert Invoice | expert-invoice |
| Fetch JFT | fetch-jft |
| Font Farsi | font-farsi |
| FV Flowplayer Video Player | fv-wordpress-flowplayer |
| Global Notification Bar | global-notification-bar |
| Google CSE | google-cse |
| Gum Elementor Addon | gum-elementor-addon |
| Happy Addons for Elementor | happy-elementor-addons |
| HTML5 Video Player – mp4 Video Player Plugin and Block | html5-video-player |
| HUSKY – Products Filter Professional for WooCommerce | woocommerce-products-filter |
| Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms | cf7-constant-contact |
| Just Writing Statistics | just-writing-statistics |
| Lightbox & Modal Popup WordPress Plugin – FooBox | foobox-image-lightbox |
| Lightbox & Modal Popup WordPress Plugin – FooBox Premium | foobox-image-lightbox-premium |
| List categories | list-categories |
| Login Logout Register Menu | login-logout-register-menu |
| Login with phone number | login-with-phone-number |
| Master Slider – Responsive Touch Slider | master-slider |
| Ninja Tables – Easiest Data Table Builder | ninja-tables |
| Page Builder Gutenberg Blocks – CoBlocks | coblocks |
| PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode | paypal-pay-buy-donation-and-cart-buttons-shortcode |
| Photo Gallery by 10Web – Mobile-Friendly Image Gallery | photo-gallery |
| Popup Builder | easy-notify-lite |
| Popup Builder – Create highly converting, mobile friendly marketing popups. | popup-builder |
| Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX | ultimate-post |
| PowerPack Elementor Addons (Free Widgets, Extensions and Templates) | powerpack-lite-for-elementor |
| Preferred Languages | preferred-languages |
| Premium Addons for Elementor | premium-addons-for-elementor |
| Push Notification for Post and BuddyPress | push-notification-for-post-and-buddypress |
| QQWorld Auto Save Images | qqworld-auto-save-images |
| Random Banner | random-banner |
| Remote Content Shortcode | remote-content-shortcode |
| Responsive Owl Carousel for Elementor | responsive-owl-carousel-elementor |
| Responsive video embed | responsive-video-embed |
| Royal Elementor Addons and Templates | royal-elementor-addons |
| Safety Exit | safety-exit |
| Secure Custom Fields | advanced-custom-fields |
| Shield Security – Smart Bot Blocking & Intrusion Prevention Security | wp-simple-firewall |
| Simple Like Page Plugin | simple-facebook-plugin |
| Simple Share Buttons Adder | simple-share-buttons-adder |
| Simple Spoiler | simple-spoiler |
| Site Favicon | site-favicon |
| Slider Revolution | revslider |
| Smartarget Message Bar | smartarget-message-bar |
| Supreme Modules Lite – Divi Theme, Extra Theme and Divi Builder | supreme-modules-for-divi |
| Swiss Toolkit For WP | swiss-toolkit-for-wp |
| Testimonial Carousel For Elementor | testimonials-carousel-elementor |
| The Plus Addons for Elementor Page Builder | theplus_elementor_addon |
| Unlimited Elements For Elementor (Free Widgets, Addons, Templates) | unlimited-elements-for-elementor |
| Uploadcare File Uploader and Adaptive Delivery (beta) | uploadcare |
| User Registration & Membership – Custom Registration Form, Login Form, and User Profile | user-registration |
| Visual Website Collaboration, Feedback & Project Management – Atarim | atarim-visual-collaboration |
| Widget Bundle | wp-widget-bundle |
| Woocommerce – Recent Purchases | woo-recent-purchases |
| WordPress Infinite Scroll – Ajax Load More | ajax-load-more |
| WordPress Tour & Travel Booking Plugin for WooCommerce – WpTravelly | tour-booking-manager |
| WP Back Button | wp-back-button |
| WP Flow Plus | wp-imageflow2 |
| WP Logs Book | wp-logs-book |
| WP STAGING WordPress Backup Plugin – Migration Backup Restore | wp-staging |
| WP To Do | wp-todo |
| WP TripAdvisor Review Slider | wp-tripadvisor-review-slider |
| WPB Elementor Addons | wpb-elementor-addons |
| WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce | wp-cafe |
| wpDataTables (Premium) | wpdatatables |
| wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin | wpdatatables |
| wpForo Forum | wpforo |
| YITH WooCommerce Wishlist | yith-woocommerce-wishlist |
| Yumpu E-Paper publishing | yumpu-epaper-publishing |
Vulnerability Details
Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you’d like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.
CVE-ID
CVE-2024-5522
CVE-2024-5522
Patch Status
Patched
Patched
Published
May 30, 2024
May 30, 2024
Affected Software
HTML5 Video Player – mp4 Video Player Plugin and Block
HTML5 Video Player – mp4 Video Player Plugin and Block
Researcher
CVE-ID
CVE-2024-6159
CVE-2024-6159
Patch Status
Patched
Patched
Published
May 27, 2024
May 27, 2024
Affected Software
Push Notification for Post and BuddyPress
Push Notification for Post and BuddyPress
Researcher
CVE-ID
CVE-2024-3820
CVE-2024-3820
Patch Status
Patched
Patched
Published
May 31, 2024
May 31, 2024
Affected Software
wpDataTables (Premium)
wpDataTables (Premium)
Researcher
CVE-ID
CVE-2024-3200
CVE-2024-3200
Patch Status
Patched
Patched
Published
May 31, 2024
May 31, 2024
Affected Software
wpForo Forum
wpForo Forum
Researcher
CVE-ID
CVE-2024-35629
CVE-2024-35629
Patch Status
Unpatched
Unpatched
Published
May 27, 2024
May 27, 2024
Affected Software
Easy Digital Downloads – Recent Purchases
Easy Digital Downloads – Recent Purchases
Researcher
CVE-ID
CVE-2024-5150
CVE-2024-5150
Patch Status
Patched
Patched
Published
May 28, 2024
May 28, 2024
Affected Software
Login with phone number
Login with phone number
Researcher
CVE-ID
CVE-2024-3412
CVE-2024-3412
Patch Status
Patched
Patched
Published
May 28, 2024
May 28, 2024
Affected Software
WP STAGING WordPress Backup Plugin – Migration Backup Restore
WP STAGING WordPress Backup Plugin – Migration Backup Restore
Researcher
CVE-ID
CVE-2024-35630
CVE-2024-35630
Patch Status
Patched
Patched
Published
May 27, 2024
May 27, 2024
Affected Software
WP TripAdvisor Review Slider
WP TripAdvisor Review Slider
Researcher
CVE-ID
CVE-2024-3564
CVE-2024-3564
Patch Status
Patched
Patched
Published
May 31, 2024
May 31, 2024
Affected Software
Content Blocks (Custom Post Widget)
Content Blocks (Custom Post Widget)
Researcher
CVE-ID
CVE-2024-5348
CVE-2024-5348
Patch Status
Patched
Patched
Published
May 31, 2024
May 31, 2024
Affected Software
Elements For Elementor
Elements For Elementor
Researcher
CVE-ID
CVE-2024-5326
CVE-2024-5326
Patch Status
Patched
Patched
Published
May 29, 2024
May 29, 2024
Affected Software
Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX
Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX
Researcher
CVE-ID
CVE-2024-5345
CVE-2024-5345
Patch Status
Patched
Patched
Published
May 30, 2024
May 30, 2024
Affected Software
Responsive Owl Carousel for Elementor
Responsive Owl Carousel for Elementor
Researcher
CVE-ID
CVE-2024-5204
CVE-2024-5204
Patch Status
Patched
Patched
Published
May 28, 2024
May 28, 2024
Affected Software
Swiss Toolkit For WP
Swiss Toolkit For WP
Researcher
CVE-ID
CVE-2023-6743
CVE-2023-6743
Patch Status
Patched
Patched
Published
May 28, 2024
May 28, 2024
Affected Software
Unlimited Elements For Elementor (Free Widgets, Addons, Templates)
Unlimited Elements For Elementor (Free Widgets, Addons, Templates)
Researcher
CVE-ID
CVE-2024-4611
CVE-2024-4611
Patch Status
Patched
Patched
Published
May 28, 2024
May 28, 2024
Affected Software
AppPresser – Mobile App Framework
AppPresser – Mobile App Framework
Researcher
CVE-ID
CVE-2024-3821
CVE-2024-3821
Patch Status
Patched
Patched
Published
May 31, 2024
May 31, 2024
Researcher
CVE-ID
CVE-2024-2793
CVE-2024-2793
Patch Status
Patched
Patched
Published
May 30, 2024
May 30, 2024
Affected Software
Visual Website Collaboration, Feedback & Project Management – Atarim
Visual Website Collaboration, Feedback & Project Management – Atarim
Researcher
CVE-ID
CVE-2024-35634
CVE-2024-35634
Patch Status
Unpatched
Unpatched
Published
May 27, 2024
May 27, 2024
Affected Software
Woocommerce – Recent Purchases
Woocommerce – Recent Purchases
Researcher
CVE-ID
CVE-2024-4477
CVE-2024-4477
Patch Status
Unpatched
Unpatched
Published
May 31, 2024
May 31, 2024
Affected Software
WP Logs Book
WP Logs Book
Researcher
CVE-ID
CVE-2024-4958
CVE-2024-4958
Patch Status
Patched
Patched
Published
May 31, 2024
May 31, 2024
Affected Software
User Registration & Membership – Custom Registration Form, Login Form, and User Profile
User Registration & Membership – Custom Registration Form, Login Form, and User Profile
Researcher
CVE-ID
CVE-2024-4218
CVE-2024-4218
Patch Status
Patched
Patched
Published
May 29, 2024
May 29, 2024
Affected Software
AffiEasy
AffiEasy
Researcher
CVE-ID
CVE-2023-7073
CVE-2023-7073
Patch Status
Unpatched
Unpatched
Published
May 30, 2024
May 30, 2024
Affected Software
Auto Featured Image (Auto Post Thumbnail)
Auto Featured Image (Auto Post Thumbnail)
Researcher
CVE-ID
CVE-2024-4422
CVE-2024-4422
Patch Status
Unpatched
Unpatched
Published
May 29, 2024
May 29, 2024
Affected Software
Comparison Slider
Comparison Slider
Researcher
CVE-ID
CVE-2024-2295
CVE-2024-2295
Patch Status
Patched
Patched
Published
May 31, 2024
May 31, 2024
Affected Software
Contact Form Manager
Contact Form Manager
Researcher
CVE-ID
CVE-2024-3565
CVE-2024-3565
Patch Status
Patched
Patched
Published
May 31, 2024
May 31, 2024
Affected Software
Content Blocks (Custom Post Widget)
Content Blocks (Custom Post Widget)
Researcher
CVE-ID
CVE-2024-5418
CVE-2024-5418
Patch Status
Patched
Patched
Published
May 30, 2024
May 30, 2024
Affected Software
DethemeKit For Elementor
DethemeKit For Elementor
Researcher
CVE-ID
CVE-2024-4377
CVE-2024-4377
Patch Status
Unpatched
Unpatched
Published
May 31, 2024
May 31, 2024
Affected Software
DOP Shortcodes
DOP Shortcodes
Researcher
CVE-ID
CVE-2024-4160
CVE-2024-4160
Patch Status
Patched
Patched
Published
May 30, 2024
May 30, 2024
Affected Software
Download Manager
Download Manager
Researcher
CVE-ID
CVE-2024-5073
CVE-2024-5073
Patch Status
Patched
Patched
Published
May 29, 2024
May 29, 2024
Affected Software
Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders
Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders
Researcher
CVE-ID
CVE-2024-5086
CVE-2024-5086
Patch Status
Patched
Patched
Published
May 28, 2024
May 28, 2024
Affected Software
Essential Addons for Elementor Pro
Essential Addons for Elementor Pro
Researcher
CVE-ID
CVE-2024-4668
CVE-2024-4668
Patch Status
Patched
Patched
Published
May 29, 2024
May 29, 2024
Affected Software
Gum Elementor Addon
Gum Elementor Addon
Researcher
CVE-ID
CVE-2024-5041
CVE-2024-5041
Patch Status
Patched
Patched
Published
May 30, 2024
May 30, 2024
Affected Software
Happy Addons for Elementor
Happy Addons for Elementor
Researcher
CVE-ID
CVE-2024-5347
CVE-2024-5347
Patch Status
Patched
Patched
Published
May 30, 2024
May 30, 2024
Affected Software
Happy Addons for Elementor
Happy Addons for Elementor
Researcher
CVE-ID
CVE-2024-5039
CVE-2024-5039
Patch Status
Patched
Patched
Published
May 28, 2024
May 28, 2024
Affected Software
HUSKY – Products Filter Professional for WooCommerce
HUSKY – Products Filter Professional for WooCommerce
Researcher
CVE-ID
CVE-2024-4356
CVE-2024-4356
Patch Status
Patched
Patched
Published
May 29, 2024
May 29, 2024
Affected Software
List categories
List categories
Researcher
CVE-ID
CVE-2024-3726
CVE-2024-3726
Patch Status
Unpatched
Unpatched
Published
May 29, 2024
May 29, 2024
Affected Software
Login Logout Register Menu
Login Logout Register Menu
Researcher
CVE-ID
CVE-2023-6382
CVE-2023-6382
Patch Status
Patched
Patched
Published
May 31, 2024
May 31, 2024
Affected Software
Master Slider – Responsive Touch Slider
Master Slider – Responsive Touch Slider
Researcher
CVE-ID
CVE-2024-2933
CVE-2024-2933
Patch Status
Patched
Patched
Published
May 31, 2024
May 31, 2024
Affected Software
Page Builder Gutenberg Blocks – CoBlocks
Page Builder Gutenberg Blocks – CoBlocks
Researcher
CVE-ID
CVE-2024-5448
CVE-2024-5448
Patch Status
Unpatched
Unpatched
Published
May 31, 2024
May 31, 2024
Affected Software
PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode
PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode
Researcher
CVE-ID
CVE-2024-3236
CVE-2024-3236
Patch Status
Patched
Patched
Published
May 27, 2024
May 27, 2024
Affected Software
Popup Builder
Popup Builder
Researcher
CVE-ID
CVE-2024-2506
CVE-2024-2506
Patch Status
Patched
Patched
Published
May 31, 2024
May 31, 2024
Researcher
CVE-ID
CVE-2024-4305
CVE-2024-4305
Patch Status
Patched
Patched
Published
May 27, 2024
May 27, 2024
Affected Software
Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX
Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX
Researcher
CVE-ID
CVE-2024-5223
CVE-2024-5223
Patch Status
Patched
Patched
Published
May 29, 2024
May 29, 2024
Affected Software
Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX
Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX
Researcher
CVE-ID
CVE-2024-5327
CVE-2024-5327
Patch Status
Patched
Patched
Published
May 29, 2024
May 29, 2024
Affected Software
PowerPack Elementor Addons (Free Widgets, Extensions and Templates)
PowerPack Elementor Addons (Free Widgets, Extensions and Templates)
Researcher
CVE-ID
CVE-2024-4376
CVE-2024-4376
Patch Status
Patched
Patched
Published
May 30, 2024
May 30, 2024
Affected Software
Premium Addons for Elementor
Premium Addons for Elementor
Researcher
CVE-ID
CVE-2024-5475
CVE-2024-5475
Patch Status
Patched
Patched
Published
May 30, 2024
May 30, 2024
Affected Software
Responsive video embed
Responsive video embed
Researcher
CVE-ID
CVE-2024-4342
CVE-2024-4342
Patch Status
Patched
Patched
Published
May 31, 2024
May 31, 2024
Affected Software
Royal Elementor Addons and Templates
Royal Elementor Addons and Templates
Researcher
CVE-ID
CVE-2024-4087
CVE-2024-4087
Patch Status
Patched
Patched
Published
May 31, 2024
May 31, 2024
Affected Software
Royal Elementor Addons and Templates
Royal Elementor Addons and Templates
Researcher
CVE-ID
CVE-2024-3583
CVE-2024-3583
Patch Status
Patched
Patched
Published
May 29, 2024
May 29, 2024
Affected Software
Simple Like Page Plugin
Simple Like Page Plugin
Researcher
CVE-ID
CVE-2024-34444
CVE-2024-34444
Patch Status
Patched
Patched
Published
May 28, 2024
May 28, 2024
Affected Software
Slider Revolution
Slider Revolution
Researcher
CVE-ID
CVE-2024-34443
CVE-2024-34443
Patch Status
Patched
Patched
Published
May 28, 2024
May 28, 2024
Affected Software
Slider Revolution
Slider Revolution
Researcher
CVE-ID
CVE-2024-5501
CVE-2024-5501
Patch Status
Patched
Patched
Published
May 31, 2024
May 31, 2024
Affected Software
Supreme Modules Lite – Divi Theme, Extra Theme and Divi Builder
Supreme Modules Lite – Divi Theme, Extra Theme and Divi Builder
Researcher
CVE-ID
CVE-2024-2253
CVE-2024-2253
Patch Status
Patched
Patched
Published
May 29, 2024
May 29, 2024
Affected Software
Testimonial Carousel For Elementor
Testimonial Carousel For Elementor
Researcher
CVE-ID
CVE-2024-5341
CVE-2024-5341
Patch Status
Patched
Patched
Published
May 29, 2024
May 29, 2024
Affected Software
The Plus Addons for Elementor Page Builder
The Plus Addons for Elementor Page Builder
Researcher
CVE-ID
CVE-2024-4711
CVE-2024-4711
Patch Status
Patched
Patched
Published
May 31, 2024
May 31, 2024
Affected Software
WordPress Infinite Scroll – Ajax Load More
WordPress Infinite Scroll – Ajax Load More
Researcher
CVE-ID
CVE-2024-35651
CVE-2024-35651
Patch Status
Patched
Patched
Published
May 27, 2024
May 27, 2024
Affected Software
WP Flow Plus
WP Flow Plus
Researcher
CVE-ID
CVE-2024-3063
CVE-2024-3063
Patch Status
Patched
Patched
Published
May 29, 2024
May 29, 2024
Affected Software
WPB Elementor Addons
WPB Elementor Addons
Researchers
CVE-ID
CVE-2024-5427
CVE-2024-5427
Patch Status
Patched
Patched
Published
May 30, 2024
May 30, 2024
Affected Software
WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce
WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce
Researcher
CVE-ID
CVE-2024-35631
CVE-2024-35631
Patch Status
Patched
Patched
Published
May 27, 2024
May 27, 2024
Affected Software
FV Flowplayer Video Player
FV Flowplayer Video Player
Researcher
CVE-ID
CVE-2024-4616
CVE-2024-4616
Patch Status
Unpatched
Unpatched
Published
May 31, 2024
May 31, 2024
Affected Software
Widget Bundle
Widget Bundle
Researcher
CVE-ID
CVE-2024-35633
CVE-2024-35633
Patch Status
Patched
Patched
Published
May 30, 2024
May 30, 2024
Affected Software
Blocksy Companion
Blocksy Companion
Researcher
CVE-ID
CVE-2024-35637
CVE-2024-35637
Patch Status
Patched
Patched
Published
May 30, 2024
May 30, 2024
Affected Software
Church Admin
Church Admin
Researcher
CVE-ID
CVE-2024-35635
CVE-2024-35635
Patch Status
Patched
Patched
Published
May 30, 2024
May 30, 2024
Affected Software
Ninja Tables – Easiest Data Table Builder
Ninja Tables – Easiest Data Table Builder
Researcher
CVE-ID
CVE-2024-3269
CVE-2024-3269
Patch Status
Patched
Patched
Published
May 29, 2024
May 29, 2024
Affected Software
Download Monitor
Download Monitor
Researcher
CVE-ID
CVE-2024-4379
CVE-2024-4379
Patch Status
Patched
Patched
Published
May 30, 2024
May 30, 2024
Affected Software
Premium Addons for Elementor
Premium Addons for Elementor
Researcher
CVE-ID
CVE-2024-2089
CVE-2024-2089
Patch Status
Unpatched
Unpatched
Published
May 29, 2024
May 29, 2024
Affected Software
Remote Content Shortcode
Remote Content Shortcode
Researcher
CVE-ID
CVE-2024-3190
CVE-2024-3190
Patch Status
Patched
Patched
Published
May 29, 2024
May 29, 2024
Affected Software
Unlimited Elements For Elementor (Free Widgets, Addons, Templates)
Unlimited Elements For Elementor (Free Widgets, Addons, Templates)
Researcher
CVE-ID
CVE-2024-1324
CVE-2024-1324
Patch Status
Unpatched
Unpatched
Published
May 31, 2024
May 31, 2024
Affected Software
QQWorld Auto Save Images
QQWorld Auto Save Images
Researcher
CVE-ID
CVE-2024-0434
CVE-2024-0434
Patch Status
Patched
Patched
Published
May 28, 2024
May 28, 2024
Affected Software
WordPress Tour & Travel Booking Plugin for WooCommerce – WpTravelly
WordPress Tour & Travel Booking Plugin for WooCommerce – WpTravelly
Researcher
CVE-ID
CVE-2024-3277
CVE-2024-3277
Patch Status
Patched
Patched
Published
May 29, 2024
May 29, 2024
Affected Software
Yumpu E-Paper publishing
Yumpu E-Paper publishing
Researcher
CVE-ID
CVE-2024-4381
CVE-2024-4381
Patch Status
Unpatched
Unpatched
Published
May 31, 2024
May 31, 2024
Affected Software
CB (legacy)
CB (legacy)
Researcher
CVE-ID
CVE-2024-4384
CVE-2024-4384
Patch Status
Unpatched
Unpatched
Published
May 31, 2024
May 31, 2024
Affected Software
CSSable Countdown
CSSable Countdown
Researcher
CVE-ID
CVE-2024-5172
CVE-2024-5172
Patch Status
Unpatched
Unpatched
Published
May 28, 2024
May 28, 2024
Affected Software
Expert Invoice
Expert Invoice
Researcher
CVE-ID
CVE-2024-4419
CVE-2024-4419
Patch Status
Patched
Patched
Published
May 28, 2024
May 28, 2024
Affected Software
Fetch JFT
Fetch JFT
Researcher
CVE-ID
CVE-2024-2657
CVE-2024-2657
Patch Status
Unpatched
Unpatched
Published
May 29, 2024
May 29, 2024
Affected Software
Font Farsi
Font Farsi
Researcher
CVE-ID
CVE-2024-35647
CVE-2024-35647
Patch Status
Unpatched
Unpatched
Published
May 30, 2024
May 30, 2024
Affected Software
Global Notification Bar
Global Notification Bar
Researcher
CVE-ID
CVE-2024-4755
CVE-2024-4755
Patch Status
Unpatched
Unpatched
Published
May 31, 2024
May 31, 2024
Affected Software
Google CSE
Google CSE
Researcher
CVE-ID
CVE-2024-35641
CVE-2024-35641
Patch Status
Patched
Patched
Published
May 30, 2024
May 30, 2024
Affected Software
Just Writing Statistics
Just Writing Statistics
Researcher
CVE-ID
CVE-2024-3276
CVE-2024-3276
Patch Status
Patched
Patched
Published
May 28, 2024
May 28, 2024
CVE-ID
CVE-2024-35644
CVE-2024-35644
Patch Status
Patched
Patched
Published
May 30, 2024
May 30, 2024
Affected Software
Preferred Languages
Preferred Languages
Researcher
CVE-ID
CVE-2024-35645
CVE-2024-35645
Patch Status
Unpatched
Unpatched
Published
May 30, 2024
May 30, 2024
Affected Software
Random Banner
Random Banner
Researcher
CVE-ID
CVE-2024-35640
CVE-2024-35640
Patch Status
Patched
Patched
Published
May 30, 2024
May 30, 2024
Affected Software
Safety Exit
Safety Exit
Researcher
Simple Share Buttons Adder <= 8.5.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-ID
CVE-2024-4094
CVE-2024-4094
Patch Status
Patched
Patched
Published
May 28, 2024
May 28, 2024
Affected Software
Simple Share Buttons Adder
Simple Share Buttons Adder
Researcher
CVE-ID
CVE-2024-35639
CVE-2024-35639
Patch Status
Patched
Patched
Published
May 30, 2024
May 30, 2024
Affected Software
Simple Spoiler
Simple Spoiler
Researcher
CVE-ID
CVE-2024-35642
CVE-2024-35642
Patch Status
Patched
Patched
Published
May 30, 2024
May 30, 2024
Affected Software
Site Favicon
Site Favicon
Researcher
CVE-ID
CVE-2024-35646
CVE-2024-35646
Patch Status
Unpatched
Unpatched
Published
May 30, 2024
May 30, 2024
Affected Software
Smartarget Message Bar
Smartarget Message Bar
Researcher
CVE-ID
CVE-2024-4970
CVE-2024-4970
Patch Status
Unpatched
Unpatched
Published
May 31, 2024
May 31, 2024
Affected Software
Widget Bundle
Widget Bundle
Researcher
CVE-ID
CVE-2024-35643
CVE-2024-35643
Patch Status
Unpatched
Unpatched
Published
May 30, 2024
May 30, 2024
Affected Software
WP Back Button
WP Back Button
Researcher
CVE-ID
CVE-2024-3946
CVE-2024-3946
Patch Status
Unpatched
Unpatched
Published
May 29, 2024
May 29, 2024
Affected Software
WP To Do
WP To Do
Researcher
CVE-ID
CVE-2024-34385
CVE-2024-34385
Patch Status
Patched
Patched
Published
May 30, 2024
May 30, 2024
Affected Software
YITH WooCommerce Wishlist
YITH WooCommerce Wishlist
Researcher
CVE-ID
CVE-2024-35638
CVE-2024-35638
Patch Status
Patched
Patched
Published
May 30, 2024
May 30, 2024
Affected Software
ActiveDEMAND
ActiveDEMAND
Researcher
CVE-ID
CVE-2024-4565
CVE-2024-4565
Patch Status
Patched
Patched
Published
May 30, 2024
May 30, 2024
Researchers
CVE-ID
CVE-2024-4355
CVE-2024-4355
Patch Status
Patched
Patched
Published
May 29, 2024
May 29, 2024
Researcher
CVE-ID
CVE-2024-4382
CVE-2024-4382
Patch Status
Unpatched
Unpatched
Published
May 31, 2024
May 31, 2024
Affected Software
CB (legacy)
CB (legacy)
Researcher
CVE-ID
CVE-2024-4426
CVE-2024-4426
Patch Status
Unpatched
Unpatched
Published
May 29, 2024
May 29, 2024
Affected Software
Comparison Slider
Comparison Slider
Researcher
CVE-ID
CVE-2024-4427
CVE-2024-4427
Patch Status
Unpatched
Unpatched
Published
May 29, 2024
May 29, 2024
Affected Software
Comparison Slider
Comparison Slider
Researcher
CVE-ID
CVE-2024-35632
CVE-2024-35632
Patch Status
Unpatched
Unpatched
Published
May 27, 2024
May 27, 2024
Affected Software
Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms
Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms
Researcher
CVE-ID
CVE-2024-35628
CVE-2024-35628
Patch Status
Patched
Patched
Published
May 27, 2024
May 27, 2024
Affected Software
Photo Gallery by 10Web – Mobile-Friendly Image Gallery
Photo Gallery by 10Web – Mobile-Friendly Image Gallery
Researcher
CVE-ID
CVE-2024-4205
CVE-2024-4205
Patch Status
Patched
Patched
Published
May 30, 2024
May 30, 2024
Affected Software
Premium Addons for Elementor
Premium Addons for Elementor
Researcher
CVE-ID
CVE-2024-4344
CVE-2024-4344
Patch Status
Patched
Patched
Published
Jun 1, 2024
Jun 1, 2024
Affected Software
Shield Security – Smart Bot Blocking & Intrusion Prevention Security
Shield Security – Smart Bot Blocking & Intrusion Prevention Security
Researcher
CVE-ID
CVE-2024-35636
CVE-2024-35636
Patch Status
Patched
Patched
Published
May 30, 2024
May 30, 2024
Affected Software
Uploadcare File Uploader and Adaptive Delivery (beta)
Uploadcare File Uploader and Adaptive Delivery (beta)
Researcher
CVE-ID
CVE-2024-4969
CVE-2024-4969
Patch Status
Unpatched
Unpatched
Published
May 31, 2024
May 31, 2024
Affected Software
Widget Bundle
Widget Bundle
Researcher
CVE-ID
CVE-2024-4475
CVE-2024-4475
Patch Status
Unpatched
Unpatched
Published
May 31, 2024
May 31, 2024
Affected Software
WP Logs Book
WP Logs Book
Researcher
CVE-ID
CVE-2024-4474
CVE-2024-4474
Patch Status
Unpatched
Unpatched
Published
May 31, 2024
May 31, 2024
Affected Software
WP Logs Book
WP Logs Book
Researcher
CVE-ID
CVE-2024-3943
CVE-2024-3943
Patch Status
Unpatched
Unpatched
Published
May 29, 2024
May 29, 2024
Affected Software
WP To Do
WP To Do
Researcher
CVE-ID
CVE-2024-3945
CVE-2024-3945
Patch Status
Unpatched
Unpatched
Published
May 29, 2024
May 29, 2024
Affected Software
WP To Do
WP To Do
Researcher
CVE-ID
CVE-2024-3947
CVE-2024-3947
Patch Status
Unpatched
Unpatched
Published
May 29, 2024
May 29, 2024
Affected Software
WP To Do
WP To Do
Researcher
As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.
This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us through our Bug Bounty Program, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
Comments