Wordfence Intelligence Weekly WordPress Vulnerability Report (March 11, 2024 to March 17, 2024)


🎉 Did you know we’re running a Bug Bounty Extravaganza again?

Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure!


Last week, there were 167 vulnerabilities disclosed in 129 WordPress Plugins and 1 WordPress Theme that have been added to the Wordfence Intelligence Vulnerability Database, and there were 70 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.

Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface, vulnerability API, webhook integration, and Wordfence CLI Vulnerability Scanner are all completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.

Enterprises, Hosting Providers, and even Individuals can use the Wordfence CLI Vulnerability Scanner to run regular vulnerability scans across the sites they protect. Or alternatively, utilize the vulnerability Database API to receive a complete dump of our database of over 14,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.


New Firewall Rules Deployed Last Week

The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.

The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our Premium, Care, and Response customers last week:

  • WAF-RULE-684 – Data redacted while we work with the vendor on a patch.

Wordfence Premium, Care, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.


Total Unpatched & Patched Vulnerabilities Last Week

Patch Status Number of Vulnerabilities
Patched 156
Unpatched 11


Total Vulnerabilities by CVSS Severity Last Week

Severity Rating Number of Vulnerabilities
Medium Severity 140
High Severity 20
Critical Severity 7


Total Vulnerabilities by CWE Type Last Week

Vulnerability Type by CWE Number of Vulnerabilities
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 110
Missing Authorization 18
Cross-Site Request Forgery (CSRF) 15
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') 4
Deserialization of Untrusted Data 3
Improper Control of Generation of Code ('Code Injection') 3
Exposure of Sensitive Information to an Unauthorized Actor 2
Server-Side Request Forgery (SSRF) 2
Unrestricted Upload of File with Dangerous Type 2
Authorization Bypass Through User-Controlled Key 1
Exposure of Sensitive Information Through Data Queries 1
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') 1
Improper Input Validation 1
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') 1
Incorrect Authorization 1
Insufficiently Protected Credentials 1
Missing Critical Step in Authentication 1


Researchers That Contributed to WordPress Security Last Week

Researcher Name Number of Vulnerabilities
18
12
12
8
8
7
6
5
4
4
4
3
3
3
3
3
2
2
2
2
2
2
2
2
2
2
2
2
1
1
1
1
1
1
1
1
1
1
1
1
1
1
Sh
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1

Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and earn a bounty on in-scope vulnerabilities through our Bug Bounty Program. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.


WordPress Plugins with Reported Vulnerabilities Last Week

Software Name Software Slug
Accordion accordions
Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More advanced-access-manager
Advanced Sermons advanced-sermons
Anti-Malware Security and Brute-Force Firewall gotmls
AntiSpam for Contact Form 7 cf7-antispam
ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup armember-membership
Auto Affiliate Links wp-auto-affiliate-links
Awesome Support – WordPress HelpDesk & Support Plugin awesome-support
Backuply – Backup, Restore, Migrate and Clone backuply
Barcode Scanner and Inventory manager. POS (Point of Sale) – scan barcodes & create orders with barcode reader. barcode-scanner-lite-pos-to-manage-products-inventory-and-orders
Beaver Builder Addons by WPZOOM wpzoom-addons-for-beaver-builder
Beaver Builder – WordPress Page Builder beaver-builder-lite-version
Builder for WooCommerce product reviews shortcodes – ReviewShort woo-product-reviews-shortcode
Bulgarisation for WooCommerce bulgarisation-for-woocommerce
Burst Statistics – Privacy-Friendly Analytics for WordPress burst-statistics
Calendarista Basic Edition – WordPress appointment booking system calendarista-basic-edition
Contact Form 7 contact-form-7
Contact Form 7 – PayPal & Stripe Add-on contact-form-7-paypal-add-on
Contact Form by BestWebSoft – Advanced Contact Us Form Builder for WordPress contact-form-plugin
Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder bit-form
Coupon Affiliates – Affiliate Plugin for WooCommerce woo-coupon-usage
Crisp – Live Chat and Chatbot crisp
Cryptocurrency Widgets – Price Ticker & Coins List cryptocurrency-price-ticker-widget
CWW Companion cww-companion
Database for Contact Form 7 cf7-database
Download Manager Pro download-manager
DSGVO All in one for WP dsgvo-all-in-one-for-wp
Easiest Funnel Builder For WordPress & WooCommerce by WPFunnels wpfunnels
Easy Social Feed – Social Photos Gallery – Post Feed – Like Box easy-facebook-likebox
ElementInvader Addons for Elementor elementinvader-addons-for-elementor
Elementor Addon Elements addon-elements-for-elementor-page-builder
Elementor Addons by Livemesh addons-for-elementor
Elements Plus! elements-plus
ElementsKit Elementor addons elementskit-lite
Email Subscription Popup email-subscribe
Essential Addons for Elementor – Popular Elementor Addon With Ready Templates, Advanced Widgets, Kits & WooCommerce Builders essential-addons-for-elementor-lite
Everest Forms – Build Contact Forms, Surveys, Polls, Quizzes, Newsletter & Application Forms, and Many More with Ease! everest-forms
Evergreen Content Poster – Auto Post and Schedule Your Best Content to Social Media evergreen-content-poster
Extensions For CF7 (Contact form 7 Database, Conditional Fields and Redirection) extensions-for-cf7
f(x) Private Site fx-private-site
Five Star Restaurant Menu and Food Ordering food-and-drink-menu
Free Downloads WooCommerce download-now-for-woocommerce
FV Flowplayer Video Player fv-wordpress-flowplayer
GiveWP – Donation Plugin and Fundraising Platform give
Gutenberg Blocks with AI by Kadence WP – Page Builder Features kadence-blocks
HT Easy GA4 – Google Analytics WordPress Plugin ht-easy-google-analytics
HT Mega – Absolute Addons For Elementor ht-mega-for-elementor
Hubbub Lite – Fast, Reliable Social Sharing Buttons social-pug
HUSKY – Products Filter Professional for WooCommerce woocommerce-products-filter
Hustle – Email Marketing, Lead Generation, Optins, Popups wordpress-popup
Inline Related Posts intelly-related-posts
JetWidgets For Elementor jetwidgets-for-elementor
Knight Lab Timeline knight-lab-timelinejs
LA-Studio Element Kit for Elementor lastudio-element-kit
LadiApp: Landing Page, PopupX, Marketing Automation, Affiliate Marketing… ladipage
Link Library link-library
Link Whisper Free link-whisper
Malware Scanner miniorange-malware-protection
MasterStudy LMS WordPress Plugin – for Online Courses and Education masterstudy-lms-learning-management-system
MJM Clinic mjm-clinic
Mollie Forms mollie-forms
Multiple Page Generator Plugin – MPG multiple-pages-generator-by-porthas
News Announcement Scroll news-announcement-scroll
Newsletter2Go newsletter2go
oik oik
Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE otter-blocks
OxyExtras oxyextras
Page Builder Gutenberg Blocks – CoBlocks coblocks
Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress wp-user-avatar
Permalink Manager Lite permalink-manager
Post Grid and Gutenberg Blocks – ComboBlocks post-grid
Premium Addons for Elementor premium-addons-for-elementor
Premmerce Permalink Manager for WooCommerce woo-permalink-manager
Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Post Slider and Ecommerce Slider) bdthemes-prime-slider-lite
Property Hive propertyhive
Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker quiz-master-next
Registration Forms – User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction pie-register
RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login custom-registration-form-builder-with-submission-manager
Related Posts for WordPress related-posts-for-wp
Scrollsequence – Cinematic Scroll Image Animation Plugin scrollsequence
Sell Tickets – Event Ticketing and Event Registration – Ticket Tailor for WordPress ticket-tailor
Shariff Wrapper shariff
ShopLentor – WooCommerce Builder for Elementor & Gutenberg +17 Modules – All in One Solution (formerly WooLentor) woolentor-addons
Simple Job Board simple-job-board
Site Reviews site-reviews
Sitekit sitekit
Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blog, Video Gallery) sky-elementor-addons
Smart Online Order for Clover clover-online-orders
Social Media Share Buttons social-media-builder
Specific Content For Mobile – Customize the mobile version without redirections specific-content-for-mobile
Super Page Cache wp-cloudflare-page-cache
SupportCandy – Helpdesk & Customer Support Ticket System supportcandy
Survey Maker survey-maker
Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent tablesome
Team Circle Image Slider With Lightbox circle-image-slider-with-lightbox
The Moneytizer the-moneytizer
Themify – WooCommerce Product Filter themify-wc-product-filter
Tutor LMS – eLearning and online course solution tutor
Ultimate Addons for Elementor (Formerly Elementor Header & Footer Builder) header-footer-elementor
Ultimate Gift Cards for WooCommerce – Create WooCommerce Gift Cards, Gift Vouchers, Redeem & Manage Digital Gift Coupons. Offer Gift Certificates, Schedule Gift Cards, and Use Advance Coupons With Personalized Templates woo-gift-cards-lite
User profile user-profile
UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP userswp
Video Conferencing with Zoom video-conferencing-with-zoom-api
Visual Composer Website Builder visualcomposer
Visualizer: Tables and Charts Manager for WordPress visualizer
WC Shop Sync – Square Payment Gateway for WooCommerce, Inventory Sync Between Square and WooCommerce, Ultimate WooCommerce Square Plugin woosquare
Web Application Firewall – website security web-application-firewall
weForms – Easy Drag & Drop Contact Form Builder For WordPress weforms
WEN Responsive Columns wen-responsive-columns
WooCommerce Cart Abandonment Recovery woo-cart-abandonment-recovery
WooCommerce Google Feed Manager wp-product-feed-manager
WooCommerce License Manager fs-license-manager
WooThumbs for WooCommerce by Iconic iconic-woothumbs
Word Replacer Pro word-replacer-ultra
WordPress Automatic Plugin wp-automatic
WordPress Contact Forms by Cimatti contact-forms
WP Armour – Honeypot Anti Spam honeypot
WP Calameo wp-calameo
WP Fusion Lite – Marketing Automation and CRM Integration for WordPress wp-fusion-lite
WP Go Maps (formerly WP Google Maps) wp-google-maps
WP Popups – WordPress Popup builder wp-popups-lite
WP Recipe Maker wp-recipe-maker
WP Responsive Tabs horizontal vertical and accordion Tabs responsive-horizontal-vertical-and-accordion-tabs
WP SendFox wp-sendfox
WP Statistics – The Most Popular Privacy-Friendly Analytics Plugin wp-statistics
wp-mpdf wp-mpdf
WPBakery Page Builder Addons by Livemesh addons-for-visual-composer
YITH WooCommerce Product Add-Ons yith-woocommerce-product-add-ons
Zippy zippy


WordPress Themes with Reported Vulnerabilities Last Week

Software Name Software Slug
Blossom Spa blossom-spa


Vulnerability Details

Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you’d like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-27954
Patch Status
Patched
Published
Mar 13, 2024
Affected Software
WordPress Automatic Plugin
Researcher
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-27956
Patch Status
Patched
Published
Mar 13, 2024
Affected Software
WordPress Automatic Plugin
Researcher
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-2172
Patch Status
Patched
Published
Mar 13, 2024
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-27971
Patch Status
Patched
Published
Mar 13, 2024
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-1813
Patch Status
Patched
Published
Mar 15, 2024
Affected Software
Simple Job Board
Researcher
CVSS Rating
Critical (9.0)
CVE-ID
CVE-2024-22144
Patch Status
Patched
Published
Mar 12, 2024
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-27955
Patch Status
Patched
Published
Mar 13, 2024
Affected Software
WordPress Automatic Plugin
Researcher
CVSS Rating
High (8.8)
CVE-ID
CVE-2023-5663
Patch Status
Patched
Published
Mar 11, 2024
Affected Software
News Announcement Scroll
Researcher
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-27985
Patch Status
Patched
Published
Mar 13, 2024
Affected Software
Property Hive
Researcher(s): Unknown
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-1685
Patch Status
Unpatched
Published
Mar 15, 2024
Affected Software
Social Media Share Buttons
Researcher
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-27972
Patch Status
Patched
Published
Mar 13, 2024
CVSS Rating
High (8.6)
CVE-ID
CVE-2024-0368
Patch Status
Patched
Published
Mar 12, 2024
CVSS Rating
High (7.5)
CVE-ID
CVE-2023-7072
Patch Status
Patched
Published
Mar 12, 2024
CVSS Rating
High (7.3)
CVE-ID
CVE-2024-2395
Patch Status
Patched
Published
Mar 12, 2024
Affected Software
Bulgarisation for WooCommerce
Researcher
CVSS Rating
High (7.3)
CVE-ID
CVE-2024-0683
Patch Status
Patched
Published
Mar 12, 2024
Affected Software
Bulgarisation for WooCommerce
Researcher
CVSS Rating
High (7.2)
CVE-ID
CVE-2024-29117
Patch Status
Patched
Published
Mar 16, 2024
Researcher
CVSS Rating
High (7.2)
CVE-ID
CVE-2024-29102
Patch Status
Patched
Published
Mar 15, 2024
CVSS Rating
High (7.2)
CVE-ID
CVE-2024-27951
Patch Status
Patched
Published
Mar 13, 2024
CVSS Rating
High (7.2)
CVE-ID
CVE-2024-0386
Patch Status
Patched
Published
Mar 12, 2024
CVSS Rating
High (7.2)
CVE-ID
CVE-2024-2194
Patch Status
Patched
Published
Mar 11, 2024
CVSS Rating
High (7.2)
CVE-ID
CVE-2024-27964
Patch Status
Patched
Published
Mar 13, 2024
Affected Software
Zippy
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-2181
Patch Status
Patched
Published
Mar 13, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-2183
Patch Status
Patched
Published
Mar 13, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-2185
Patch Status
Patched
Published
Mar 13, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-2186
Patch Status
Patched
Published
Mar 13, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-2187
Patch Status
Patched
Published
Mar 13, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-27963
Patch Status
Patched
Published
Mar 13, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-2130
Patch Status
Patched
Published
Mar 12, 2024
Affected Software
CWW Companion
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-29103
Patch Status
Patched
Published
Mar 15, 2024
Affected Software
Database for Contact Form 7
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-29114
Patch Status
Patched
Published
Mar 16, 2024
Affected Software
Download Manager Pro
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-2308
Patch Status
Patched
Published
Mar 15, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-29107
Patch Status
Patched
Published
Mar 15, 2024
Affected Software
Elementor Addon Elements
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-1458
Patch Status
Patched
Published
Mar 13, 2024
Affected Software
Elementor Addons by Livemesh
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-1465
Patch Status
Patched
Published
Mar 13, 2024
Affected Software
Elementor Addons by Livemesh
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-1466
Patch Status
Patched
Published
Mar 13, 2024
Affected Software
Elementor Addons by Livemesh
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-1464
Patch Status
Patched
Published
Mar 13, 2024
Affected Software
Elementor Addons by Livemesh
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-1461
Patch Status
Patched
Published
Mar 13, 2024
Affected Software
Elementor Addons by Livemesh
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-2335
Patch Status
Patched
Published
Mar 14, 2024
Affected Software
Elements Plus!
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-1239
Patch Status
Patched
Published
Mar 15, 2024
Affected Software
ElementsKit Elementor addons
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-2042
Patch Status
Patched
Published
Mar 15, 2024
Affected Software
ElementsKit Elementor addons
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-29089
Patch Status
Patched
Published
Mar 15, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-27969
Patch Status
Patched
Published
Mar 13, 2024
Affected Software
Free Downloads WooCommerce
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-29122
Patch Status
Patched
Published
Mar 16, 2024
Affected Software
FV Flowplayer Video Player
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-1397
Patch Status
Patched
Published
Mar 12, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-2138
Patch Status
Patched
Published
Mar 13, 2024
Affected Software
JetWidgets For Elementor
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-2287
Patch Status
Patched
Published
Mar 15, 2024
Affected Software
Knight Lab Timeline
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-2249
Patch Status
Patched
Published
Mar 14, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-1328
Patch Status
Unpatched
Published
Mar 11, 2024
Affected Software
Newsletter2Go
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-2256
Patch Status
Patched
Published
Mar 14, 2024
Affected Software
oik
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-2369
Patch Status
Patched
Published
Mar 12, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-0326
Patch Status
Patched
Published
Mar 12, 2024
Affected Software
Premium Addons for Elementor
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-2399
Patch Status
Patched
Published
Mar 14, 2024
Affected Software
Premium Addons for Elementor
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-29118
Patch Status
Patched
Published
Mar 16, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-1450
Patch Status
Patched
Published
Mar 12, 2024
Affected Software
Shariff Wrapper
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-0966
Patch Status
Patched
Published
Mar 12, 2024
Affected Software
Shariff Wrapper
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2023-6500
Patch Status
Patched
Published
Mar 12, 2024
Affected Software
Shariff Wrapper
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-2293
Patch Status
Patched
Published
Mar 11, 2024
Affected Software
Site Reviews
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-29095
Patch Status
Patched
Published
Mar 15, 2024
Affected Software
Site Reviews
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-29111
Patch Status
Patched
Published
Mar 16, 2024
Affected Software
Sitekit
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-29115
Patch Status
Patched
Published
Mar 16, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-27991
Patch Status
Patched
Published
Mar 15, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-27990
Patch Status
Patched
Published
Mar 15, 2024
Affected Software
The Moneytizer
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-29097
Patch Status
Patched
Published
Mar 15, 2024
Affected Software
User profile
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-2031
Patch Status
Patched
Published
Mar 12, 2024
Affected Software
Video Conferencing with Zoom
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-27988
Patch Status
Patched
Published
Mar 15, 2024
Affected Software
WEN Responsive Columns
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-29098
Patch Status
Patched
Published
Mar 15, 2024
Affected Software
WP Calameo
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-27952
Patch Status
Patched
Published
Mar 13, 2024
Affected Software
Advanced Sermons
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-27961
Patch Status
Patched
Published
Mar 13, 2024
Affected Software
AntiSpam for Contact Form 7
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-27993
Patch Status
Patched
Published
Mar 15, 2024
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-29130
Patch Status
Patched
Published
Mar 16, 2024
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-2242
Patch Status
Patched
Published
Mar 13, 2024
Affected Software
Contact Form 7
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-29125
Patch Status
Patched
Published
Mar 16, 2024
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-27960
Patch Status
Patched
Published
Mar 13, 2024
Affected Software
Email Subscription Popup
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-29099
Patch Status
Patched
Published
Mar 15, 2024
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-27987
Patch Status
Patched
Published
Mar 15, 2024
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-29094
Patch Status
Patched
Published
Mar 15, 2024
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-29123
Patch Status
Patched
Published
Mar 16, 2024
Affected Software
Link Library
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-2325
Patch Status
Patched
Published
Mar 13, 2024
Affected Software
Link Library
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-27992
Patch Status
Patched
Published
Mar 15, 2024
Affected Software
Link Whisper Free
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-29129
Patch Status
Patched
Published
Mar 16, 2024
Affected Software
OxyExtras
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-29092
Patch Status
Patched
Published
Mar 15, 2024
Affected Software
Permalink Manager Lite
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-29113
Patch Status
Patched
Published
Mar 16, 2024
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-2278
Patch Status
Patched
Published
Mar 11, 2024
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-2263
Patch Status
Patched
Published
Mar 11, 2024
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-27958
Patch Status
Patched
Published
Mar 13, 2024
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-29121
Patch Status
Patched
Published
Mar 16, 2024
Affected Software
WooCommerce License Manager
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-29116
Patch Status
Patched
Published
Mar 16, 2024
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-29091
Patch Status
Patched
Published
Mar 15, 2024
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-27962
Patch Status
Patched
Published
Mar 13, 2024
Affected Software
wp-mpdf
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-27994
Patch Status
Patched
Published
Mar 15, 2024
Researcher
CVSS Rating
Medium (5.8)
CVE-ID
CVE-2024-2107
Patch Status
Patched
Published
Mar 12, 2024
Affected Software
Blossom Spa
Researcher
CVSS Rating
Medium (5.5)
CVE-ID
CVE-2023-6525
Patch Status
Patched
Published
Mar 15, 2024
Affected Software
ElementsKit Elementor addons
Researcher
CVSS Rating
Medium (5.5)
CVE-ID
CVE-2024-29096
Patch Status
Patched
Published
Mar 15, 2024
Affected Software
MJM Clinic
Researcher
CVSS Rating
Medium (5.5)
CVE-ID
CVE-2024-29112
Patch Status
Patched
Published
Mar 16, 2024
Researcher
CVSS Rating
Medium (5.4)
CVE-ID
CVE-2024-1641
Patch Status
Patched
Published
Mar 13, 2024
Affected Software
Accordion
Researcher
CVSS Rating
Medium (5.4)
CVE-ID
CVE-2024-1213
Patch Status
Patched
Published
Mar 12, 2024
CVSS Rating
Medium (5.4)
CVE-ID
CVE-2024-0592
Patch Status
Patched
Published
Mar 13, 2024
Affected Software
Related Posts for WordPress
Researcher
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-0906
Patch Status
Unpatched
Published
Mar 11, 2024
Affected Software
f(x) Private Site
Researcher
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-1526
Patch Status
Patched
Published
Mar 11, 2024
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2015-10130
Patch Status
Patched
Published
Mar 12, 2024
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-1733
Patch Status
Unpatched
Published
Mar 15, 2024
Affected Software
Word Replacer Pro
Researcher
CVSS Rating
Medium (4.9)
CVE-ID
CVE-2024-2294
Patch Status
Patched
Published
Mar 15, 2024
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-2444
Patch Status
Patched
Published
Mar 16, 2024
Affected Software
Inline Related Posts
Researcher
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-27966
Patch Status
Patched
Published
Mar 13, 2024
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-27996
Patch Status
Patched
Published
Mar 15, 2024
Affected Software
Survey Maker
Researcher
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-27997
Patch Status
Patched
Published
Mar 15, 2024
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2023-4839
Patch Status
Patched
Published
Mar 12, 2024
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-29105
Patch Status
Patched
Published
Mar 15, 2024
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-1571
Patch Status
Patched
Published
Mar 14, 2024
Affected Software
WP Recipe Maker
Researcher
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-27965
Patch Status
Patched
Published
Mar 13, 2024
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-1843
Patch Status
Patched
Published
Mar 11, 2024
Affected Software
Auto Affiliate Links
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-27953
Patch Status
Patched
Published
Mar 13, 2024
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-27967
Patch Status
Patched
Published
Mar 13, 2024
Affected Software
DSGVO All in one for WP
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-1214
Patch Status
Patched
Published
Mar 12, 2024
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2023-4628
Patch Status
Unpatched
Published
Mar 11, 2024
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2023-4629
Patch Status
Unpatched
Published
Mar 11, 2024
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2023-4626
Patch Status
Unpatched
Published
Mar 11, 2024
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2023-4627
Patch Status
Unpatched
Published
Mar 11, 2024
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-1645
Patch Status
Patched
Published
Mar 11, 2024
Affected Software
Mollie Forms
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-1400
Patch Status
Patched
Published
Mar 11, 2024
Affected Software
Mollie Forms
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-27968
Patch Status
Patched
Published
Mar 13, 2024
Affected Software
Super Page Cache
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-2262
Patch Status
Patched
Published
Mar 11, 2024
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-2322
Patch Status
Patched
Published
Mar 13, 2024
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-27970
Patch Status
Patched
Published
Mar 13, 2024
Affected Software
WP SendFox
Researcher


As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.

This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us through our Bug Bounty Program, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.

Did you enjoy this post? Share it!

Comments

No Comments