Wordfence Intelligence Weekly WordPress Vulnerability Report (April 1, 2024 to April 7, 2024)

🎉 Did you know we’re running a Bug Bounty Extravaganza again?

Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure!

Last week, there were 194 vulnerabilities disclosed in 155 WordPress Plugins and 2 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 73 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.

Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface, vulnerability API, webhook integration, and Wordfence CLI Vulnerability Scanner are all completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.

Enterprises, Hosting Providers, and even Individuals can use the Wordfence CLI Vulnerability Scanner to run regular vulnerability scans across the sites they protect. Or alternatively, utilize the vulnerability Database API to receive a complete dump of our database of over 15,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.

Total Unpatched & Patched Vulnerabilities Last Week

Total Vulnerabilities by CVSS Severity Last Week

Total Vulnerabilities by CWE Type Last Week

Researchers That Contributed to WordPress Security Last Week

Researcher Name	Number of Vulnerabilities
Francesco Carlucci	14
Lucio Sá	9
Dhabaleshwar Das	9
Majed Refaea	8
Ngô Thiên An (ancorn_)	8
beluga	7
Joshua Chan	7
wesley (wcraft)	7
Dmitrii Ignatyev	7
Rafie Muhammad	6
Bob Matyas	6
Dave Jong	5
Webbernaut	4
Khalid	4
Abdi Pranata	4
stealthcopter	4
Steven Julian	4
Le Ngoc Anh	4
Krzysztof Zając	4
Colin Xu	3
Mika	3
Ananda Dhakal	3
João Pedro Soares de Alcântara	3
1337_Wannabe	2
Skalucy	2
Dikshita Trivedi (Cybersecdexter)	2
drop	2
Dau Hoang Tai	2
João G. Barbosa (4rCanJ0x!)	2
Tim Coen	2
Nikolas	2
Nicolo	2
Peng Zhou	2
movrment	2
LVT-tholv2k	2
Phuoc Pham (p3tl0v3r)	2
Akbar Kustirama	2
Thura Moe Myint (mgthuramoemyint)	2
emad	2
Erwan LR	2
Muhammad Daffa	2
Myungju Kim	1
younsoung kim	1
SeoHyeon Lee	1
SeoHee Kang	1
Dian Sun	1
thiennv	1
Martin Thirup Christensen	1
Mr Empy	1
Dipak Panchal (th3.d1p4k)	1
Peter17	1
shaman0x01	1
Brandon James Roldan (tomorrowisnew)	1
Sh	1
Peng Zhou	1
Fariq Fadillah Gusti Insani (fariqfgi)	1
Jobert Krohnen	1
Hiroho Shimada	1
Benedictus Jovan (aillesiM)	1
Ray Wilson	1
Friday	1
Abdi Prawira Negara	1
ST	1
Cronus	1
DarkT	1
Trình Vũ	1
Vincent Fourcade (vinceMatsui)	1
qilin_99	1
Kyle Sanchez	1
cyc707	1
Robert Kruczek (ProXy)	1
CatFather	1
RandomRoot	1

Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and earn a bounty on in-scope vulnerabilities through our Bug Bounty Program. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.

WordPress Plugins with Reported Vulnerabilities Last Week

WordPress Themes with Reported Vulnerabilities Last Week

Vulnerability Details

Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you’d like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.

Slideshow Gallery <= 1.7.8 - Authenticated (Contributor+) SQL Injection

9.9

CVSS Rating
Critical (9.9)

CVE-ID
CVE-2024-31355

Patch Status
Patched

Published
Apr 7, 2024

Affected Software
Slideshow Gallery LITE

Researcher

LVT-tholv2k

More Details >

WP Photo Album Plus <= 8.6.03.004 - Authenticated (Subscriber+) Arbitrary File Upload

9.9

CVSS Rating
Critical (9.9)

CVE-ID
CVE-2024-31286

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
WP Photo Album Plus

Researcher

stealthcopter

More Details >

Demo My WordPress <= 1.0.9.1 - Unauthenticated Privilege Escalation

9.8

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2024-31290

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
Demo My WordPress

Researcher

Dave Jong

More Details >

LayerSlider 7.9.11 - 7.10.0 - Unauthenticated SQL Injection

9.8

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2024-2879

Patch Status
Patched

Published
Apr 2, 2024

Affected Software
LayerSlider

Researcher

1337_Wannabe

More Details >

Masteriyo - LMS <= 1.7.2 - Unauthenticated Privilege Escalation

9.8

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2024-24882

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
Masteriyo LMS – eLearning and Online Course Builder for WordPress

Researcher

Steven Julian

More Details >

MasterStudy LMS <= 3.3.3 - Unauthenticated Local File Inclusion via template

9.8

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2024-3136

Patch Status
Patched

Published
Apr 4, 2024

Affected Software
MasterStudy LMS WordPress Plugin – for Online Courses and Education

Researcher

Hiroho Shimada

More Details >

Product Designer <= 1.0.32 - Unauthenticated PHP Object Injection

9.8

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2024-31277

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
Product Designer

Researcher

beluga

More Details >

Rehub <= 19.6.1 - Unauthenticated Local File Inclusion

9.8

CVSS Rating
Critical (9.8)

CVE-ID
CVE-2024-31231

Patch Status
Patched

Published
Apr 3, 2024

Affected Software
rehub-theme

Researcher

Rafie Muhammad

More Details >

Advanced Order Export For WooCommerce <= 3.4.4 - Authenticated (Shop Manager+) Remote Code Execution

9.1

CVSS Rating
Critical (9.1)

CVE-ID
CVE-2024-31266

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
Advanced Order Export For WooCommerce

Researcher

movrment

More Details >

Auto Poster <= 1.2 - Authenticated (Administrator+) Arbitrary File Upload

9.1

CVSS Rating
Critical (9.1)

CVE-ID
CVE-2024-31345

Patch Status
Unpatched

Published
Apr 5, 2024

Affected Software
Auto Poster

Researchers

Myungju Kim

younsoung kim

SeoHyeon Lee

SeoHee Kang

More Details >

Edwiser Bridge <= 3.0.2 - Authenticated (Administrator+) SQL Injection

9.1

CVSS Rating
Critical (9.1)

CVE-ID
CVE-2024-31260

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
Edwiser Bridge – WordPress Moodle LMS Integration

Researcher

Muhammad Daffa

More Details >

Import XML and RSS Feeds <= 2.1.5 - Authenticated (Administrator+) Arbitrary File Upload

9.1

CVSS Rating
Critical (9.1)

CVE-ID
CVE-2024-31292

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
Import XML and RSS Feeds

Researcher

stealthcopter

More Details >

LearnPress Export Import <= 4.0.3 - Authenticated (Administrator+) SQL Injection

9.1

CVSS Rating
Critical (9.1)

CVE-ID
CVE-2024-31241

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
LearnPress Export Import – WordPress extension for LearnPress

Researcher

Le Ngoc Anh

More Details >

s2Member <= 240315 - Limited Privilege Escalation

9.1

CVSS Rating
Critical (9.1)

CVE-ID
CVE-2024-31237

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions

Researcher

Ngô Thiên An (ancorn_)

More Details >

User Activity Log <= 1.9 - Authenticated (Administrator+) SQL Injection

9.1

CVSS Rating
Critical (9.1)

CVE-ID
CVE-2024-31356

Patch Status
Patched

Published
Apr 7, 2024

Affected Software
User Activity Log

Researcher

Muhammad Daffa

More Details >

Church Admin <= 4.1.5 - Authenticated (Subscriber+) Arbitrary File Upload

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2024-31280

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
Church Admin

Researcher

Peng Zhou

More Details >

Classified Listing <= 3.0.4 - Cross-Site Request Forgery to Account Takeover via rtcl_update_user_account

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2024-1315

Patch Status
Patched

Published
Apr 4, 2024

Affected Software
Classified Listing – Classified ads & Business Directory Plugin

Researcher

Francesco Carlucci

More Details >

Easy Social Share Buttons <= 9.4 - Authenticated (Subscriber+) Local File Inclusion

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2024-31300

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
Easy Social Share Buttons for WordPress

Researcher

Rafie Muhammad

More Details >

EnvíaloSimple: Email Marketing y Newsletters <= 2.3 - Cross-Site Request Forgery to Arbitrary File Upload

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2024-2125

Patch Status
Patched

Published
Apr 1, 2024

Affected Software
EnvíaloSimple: Email Marketing y Newsletters

Researcher

Francesco Carlucci

More Details >

LearnPress – WordPress LMS Plugin <= 4.0.0 - Cross-Site Request Forgery to Privilege Escalation

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2024-2115

Patch Status
Patched

Published
Apr 4, 2024

Affected Software
LearnPress – WordPress LMS Plugin

Researcher

Tim Coen

More Details >

Modal Popup Box – Popup Builder, Show Offers And News in Popup <= 1.5.2 - Authenticated (Contributor+) PHP Object Injection in awl_modal_popup_box_shortcode

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2024-2008

Patch Status
Patched

Published
Apr 3, 2024

Affected Software
Modal Popup Box – Popup Builder, Show Offers And News in Popup

Researcher

Francesco Carlucci

More Details >

Rehub <= 19.6.1 - Authenticated (Subscriber+) SQL Injection

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2024-31233

Patch Status
Patched

Published
Apr 3, 2024

Affected Software
rehub-theme

Researcher

Rafie Muhammad

More Details >

REHub Framework < 19.6.2 - Authenticated (Subscriber+) SQL Injection

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2024-31234

Patch Status
Patched

Published
Apr 3, 2024

Affected Software
rehub-framework

Researcher

Rafie Muhammad

More Details >

WP Directory Kit <= 1.3.0 - Authenticated (Subscriber+) SQL Injection

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2024-3217

Patch Status
Patched

Published
Apr 4, 2024

Affected Software
WP Directory Kit

Researcher

Lucio Sá

More Details >

WP Poll Maker <= 3.1 - Authenticated (Subscriber+) Arbitrary File Deletion

8.8

CVSS Rating
High (8.8)

CVE-ID
CVE-2024-31240

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
ePoll – Best WordPress Voting Plugin for Poll & Contest

Researcher

beluga

More Details >

CMB2 <= 2.10.1 - Authenticated (Contributor+) PHP Object Injection

7.5

CVSS Rating
High (7.5)

CVE-ID
CVE-2024-1792

Patch Status
Patched

Published
Apr 3, 2024

Affected Software
CMB2

Researcher

Francesco Carlucci

More Details >

BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin <= 1.0.87 - Authenticated (Admin+) Arbitrary File Upload

7.2

CVSS Rating
High (7.2)

CVE-ID
CVE-2024-3022

Patch Status
Patched

Published
Apr 3, 2024

Affected Software
Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress

Researcher

Dian Sun

More Details >

RapidLoad Power-Up for Autoptimize <= 2.2.11 - Unauthenticated Server-Side Request Forgery

7.2

CVSS Rating
High (7.2)

CVE-ID
CVE-2024-31288

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
RapidLoad – Optimize Web Vitals Automatically

Researcher

Majed Refaea

More Details >

Rehub <= 19.6.1 - Authenticated (Editor+) Local File Inclusion

7.2

CVSS Rating
High (7.2)

CVE-ID
CVE-2024-31232

Patch Status
Patched

Published
Apr 3, 2024

Affected Software
rehub-theme

Researcher

Rafie Muhammad

More Details >

WP Advanced Search <= 1.1.6 - Authenticated (Administrator+) SQL Injection

7.2

CVSS Rating
High (7.2)

CVE-ID
CVE-2024-3265

Patch Status
Unpatched

Published
Apr 4, 2024

Affected Software
Advanced Search

Researcher

Vincent Fourcade (vinceMatsui)

More Details >

WP Import Export Lite <= 3.9.26 - Authenticated (Administrator+) PHP Object Injection

7.2

CVSS Rating
High (7.2)

CVE-ID
CVE-2024-31308

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
WP Import Export Lite

Researcher

Trình Vũ

More Details >

WP-Members Membership Plugin <= 3.4.9.2 - Unauthenticated Stored Cross-Site Scripting

7.2

CVSS Rating
High (7.2)

CVE-ID
CVE-2024-1852

Patch Status
Patched

Published
Apr 1, 2024

Affected Software
WP-Members Membership Plugin

Researcher

Webbernaut

More Details >

WP-Stateless – Google Cloud Storage <= 3.4.0 - Missing Authorization to Limited Arbitrary Options Update

7.1

CVSS Rating
High (7.1)

CVE-ID
CVE-2024-1385

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
WP-Stateless – Google Cloud Storage

Researcher

Krzysztof Zając

More Details >

File Manager <= 7.2.5 - Authenticated (Administrator+) Directory Traversal

6.8

CVSS Rating
Medium (6.8)

CVE-ID
CVE-2024-2654

Patch Status
Patched

Published
Apr 3, 2024

Affected Software
File Manager

Researcher

DarkT

More Details >

Advanced Local Pickup for WooCommerce <= 1.6.2 - Missing Authorization

6.5

CVSS Rating
Medium (6.5)

CVE-ID
CVE-2024-31283

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
Advanced Local Pickup for WooCommerce

Researcher

Majed Refaea

More Details >

Beaver Themer <= 1.4.9 - Authenticated (Contributor+) Sensitive Information Exposure via shortcode

6.5

CVSS Rating
Medium (6.5)

CVE-ID
CVE-2023-6695

Patch Status
Patched

Published
Apr 3, 2024

Affected Software
Beaver Themer

Researcher

Francesco Carlucci

More Details >

Classified Listing – Classified ads & Business Directory Plugin <= 3.0.4 - Missing Authorization

6.5

CVSS Rating
Medium (6.5)

CVE-ID
CVE-2024-1352

Patch Status
Patched

Published
Apr 4, 2024

Affected Software
Classified Listing – Classified ads & Business Directory Plugin

Researcher

Francesco Carlucci

More Details >

LearnPress <= 4.2.6.3 - Insecure Direct Object Reference

6.5

CVSS Rating
Medium (6.5)

CVE-ID
CVE-2024-1289

Patch Status
Patched

Published
Apr 4, 2024

Affected Software
LearnPress – WordPress LMS Plugin

Researcher

drop

More Details >

Product Sort and Display for WooCommerce <= 2.4.1 - Missing Authorization

6.5

CVSS Rating
Medium (6.5)

CVE-ID
CVE-2024-1807

Patch Status
Patched

Published
Apr 1, 2024

Affected Software
Product Sort and Display for WooCommerce

Researcher

Lucio Sá

More Details >

Beaver Builder – WordPress Page Builder <= 2.8.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-2925

Patch Status
Patched

Published
Apr 1, 2024

Affected Software
Beaver Builder – WordPress Page Builder

Researcher

wesley (wcraft)

More Details >

Beaver Themer <= 1.4.9 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2023-6694

Patch Status
Patched

Published
Apr 6, 2024

Affected Software
Beaver Themer

Researcher

Francesco Carlucci

More Details >

Better Comments <= 1.5.5 - Authenticated (Subscriber+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-2404

Patch Status
Patched

Published
Apr 3, 2024

Affected Software
Better Comments

Researcher

Nicolo

More Details >

Bold Page Builder <= 4.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via bt_bb_price_list Shortcode

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-3267

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
Bold Page Builder

Researcher

stealthcopter

More Details >

Bold Page Builder <= 4.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widget URL Attribute

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-3266

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
Bold Page Builder

Researcher

wesley (wcraft)

More Details >

Carousel, Slider, Gallery by WP Carousel – Image Carousel & Photo Gallery, Post Carousel & Post Grid, Product Carousel & Product Grid for WooCommerce <= 2.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'sp_wp_carousel_shortcode'

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-2949

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
Carousel, Slider, Gallery by WP Carousel – Image Carousel with Lightbox & Photo Gallery, Video Slider, Post Carousel & Post Grid, Product Carousel & Product Grid

Researchers

Phuoc Pham (p3tl0v3r)

Ngô Thiên An (ancorn_)

More Details >

Colibri Page Builder <= 1.0.263 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-2839

Patch Status
Patched

Published
Apr 1, 2024

Affected Software
Colibri Page Builder

Researchers

Ngô Thiên An (ancorn_)

Dau Hoang Tai

More Details >

Creative Addons for Elementor <= 1.5.12 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-2924

Patch Status
Patched

Published
Apr 1, 2024

Affected Software
Creative Addons for Elementor

Researcher

João G. Barbosa (4rCanJ0x!)

More Details >

Custom post types, Custom Fields & more <= 5.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2023-6993

Patch Status
Patched

Published
Apr 4, 2024

Affected Software
Custom post types, Custom Fields & more

Researcher

Francesco Carlucci

More Details >

Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, Twitter Grid) <= 5.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'Custom Gallery' Widget

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-0837

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows)

Researcher

Webbernaut

More Details >

Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, Twitter Grid) <= 5.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Trailer Box Widget

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-1428

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows)

Researcher

Nikolas

More Details >

Elementor Addons, Widgets and Enhancements – Stax <= 1.4.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-3064

Patch Status
Unpatched

Published
Apr 4, 2024

Affected Software
Elementor Addons, Widgets and Enhancements – Stax

Researcher

João G. Barbosa (4rCanJ0x!)

More Details >

ElementsKit Elementor addons <= 3.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-2803

Patch Status
Patched

Published
Apr 3, 2024

Affected Software
ElementsKit Elementor addons

Researcher

Webbernaut

More Details >

EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor <= 3.9.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-3244

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
EmbedPress – Embed PDF, 3D Flipbook, Social Feeds, Google Docs, Vimeo, Wistia, YouTube Videos, Audios, Google Maps in Gutenberg Block & Elementor

Researcher

wesley (wcraft)

More Details >

EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor <= 3.9.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via Youtube Block

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-3245

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
EmbedPress – Embed PDF, 3D Flipbook, Social Feeds, Google Docs, Vimeo, Wistia, YouTube Videos, Audios, Google Maps in Gutenberg Block & Elementor

Researcher

João Pedro Soares de Alcântara

More Details >

Essential Blocks for Gutenberg <= 4.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-31306

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates

Researcher

Ngô Thiên An (ancorn_)

More Details >

FooGallery <= 2.4.14 - Authenticated (Author+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-2081

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel

Researcher

Robert Kruczek (ProXy)

More Details >

FooGallery <= 2.4.14 - Authenticated (Author+) Stored Cross-Site Scripting via Image Attachment Fields

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-2471

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel

Researcher

Tim Coen

More Details >

Form to Chat App <= 1.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-31258

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
Form to Chat App ⚡️

Researcher

Ngô Thiên An (ancorn_)

More Details >

Formsite | Embed online forms to collect orders, registrations, leads, and surveys <= 1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-31257

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
Formsite | Embed online forms to collect orders, registrations, leads, and surveys

Researcher

Ngô Thiên An (ancorn_)

More Details >

Genesis Blocks <= 3.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Content

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-1946

Patch Status
Patched

Published
Apr 1, 2024

Affected Software
Genesis Blocks

Researcher

Ngô Thiên An (ancorn_)

More Details >

Global Elementor Buttons <= 1.1.0 - Authenticated(Contributor+) Stored Cross-Site Scripting via button link

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-2327

Patch Status
Unpatched

Published
Apr 4, 2024

Affected Software
Global Elementor Buttons

Researcher

Francesco Carlucci

More Details >

Gradient Text Widget for Elementor <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-31346

Patch Status
Unpatched

Published
Apr 5, 2024

Affected Software
Gradient Text Widget for Elementor

Researcher

Khalid

More Details >

Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.31 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via CountUp Widget

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-2919

Patch Status
Patched

Published
Apr 3, 2024

Affected Software
Gutenberg Blocks with AI by Kadence WP – Page Builder Features

Researcher

Webbernaut

More Details >

Happy Addons for Elementor <= 3.10.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Photo Stack Widget

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-1498

Patch Status
Patched

Published
Apr 4, 2024

Affected Software
Happy Addons for Elementor

Researcher

RandomRoot

More Details >

Happy Addons for Elementor <= 3.10.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Calendy

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-2789

Patch Status
Patched

Published
Apr 4, 2024

Affected Software
Happy Addons for Elementor

Researcher

ST

More Details >

Happy Addons for Elementor <= 3.10.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Page Title HTML Tag

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-2787

Patch Status
Patched

Published
Apr 4, 2024

Affected Software
Happy Addons for Elementor

Researcher

João Pedro Soares de Alcântara

More Details >

Happy Addons for Elementor <= 3.10.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Title HTML Tag

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-2788

Patch Status
Patched

Published
Apr 4, 2024

Affected Software
Happy Addons for Elementor

Researcher

João Pedro Soares de Alcântara

More Details >

Jeg Elementor Kit <= 2.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Box

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-1327

Patch Status
Patched

Published
Apr 2, 2024

Affected Software
Jeg Elementor Kit

Researcher

Nikolas

More Details >

Jeg Elementor Kit <= 2.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Testimonial

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-3162

Patch Status
Patched

Published
Apr 2, 2024

Affected Software
Jeg Elementor Kit

Researcher

wesley (wcraft)

More Details >

MailMunch – Grow your Email List <= 3.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-31349

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
MailMunch – Grow your Email List

Researcher

Ray Wilson

More Details >

Metform Elementor Contact Form Builder <= 3.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widgets

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-2791

Patch Status
Patched

Published
Apr 1, 2024

Affected Software
MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor

Researcher

Dau Hoang Tai

More Details >

MM-email2image <= 0.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-3075

Patch Status
Unpatched

Published
Apr 5, 2024

Affected Software
MM-email2image

Researcher

Bob Matyas

More Details >

Passster <= 4.2.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via content_protector Shortcode

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-2026

Patch Status
Patched

Published
Apr 4, 2024

Affected Software
Passster – Password Protect Pages and Content

Researcher

Krzysztof Zając

More Details >

Powerkit – Supercharge your WordPress Site <= 2.9.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-2458

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
Powerkit – Supercharge your WordPress Site

Researcher

Francesco Carlucci

More Details >

Royal Elementor Addons <= 1.3.93 - Authenticated (Contributor+) Stored Cross-Site Scriting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-31236

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
Royal Elementor Addons and Templates

Researcher

Khalid

More Details >

RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator <= 4.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Error Message

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2023-6877

Patch Status
Patched

Published
Apr 6, 2024

Affected Software
RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator

Researcher

Colin Xu

More Details >

Sassy Social Share <= 3.3.60 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-2159

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
Social Sharing Plugin – Sassy Social Share

Researcher

Dmitrii Ignatyev

More Details >

ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) <= 2.8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via WL Universal Product Layout

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-2868

Patch Status
Patched

Published
Apr 3, 2024

Affected Software
ShopLentor – WooCommerce Builder for Elementor & Gutenberg +16 Modules – All in One Solution (formerly WooLentor)

Researcher

wesley (wcraft)

More Details >

ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) <= 2.8.4 - Authenticated (Contributor+) Stored Cross-site Scripting via QR Code Widget

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-2946

Patch Status
Patched

Published
Apr 4, 2024

Affected Software
ShopLentor – WooCommerce Builder for Elementor & Gutenberg +16 Modules – All in One Solution (formerly WooLentor)

Researchers

Phuoc Pham (p3tl0v3r)

Ngô Thiên An (ancorn_)

More Details >

Shortcodes Ultimate <= 7.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-3188

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
WP Shortcodes Plugin — Shortcodes Ultimate

Researcher

Dmitrii Ignatyev

More Details >

Spectra – WordPress Gutenberg Blocks <= 2.10.3 - Authenticated(Contributor+) Cross-Site Scripting via Custom CSS

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2023-6486

Patch Status
Patched

Published
Apr 3, 2024

Affected Software
Spectra – WordPress Gutenberg Blocks

Researcher

Akbar Kustirama

More Details >

Squelch Tabs and Accordions Shortcodes <= 0.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via accordions Shortcode

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-2499

Patch Status
Patched

Published
Apr 4, 2024

Affected Software
Squelch Tabs and Accordions Shortcodes

Researcher

Francesco Carlucci

More Details >

Strong Testimonials <= 3.1.11 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-3261

Patch Status
Patched

Published
Apr 3, 2024

Affected Software
Strong Testimonials

Researcher

Dmitrii Ignatyev

More Details >

Sydney Toolbox <= 1.28 - Authenticated (Contributor+) Stored Cross-Site Scripting via Filterable Gallery

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-3208

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
Sydney Toolbox

Researcher

wesley (wcraft)

More Details >

Template Kit – Import <= 1.0.14 - Authenticated(Author+) Stored Cross-Site Scripting via template upload

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-2334

Patch Status
Patched

Published
Apr 1, 2024

Affected Software
Template Kit – Import

Researcher

Colin Xu

More Details >

Testimonials <= 3.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-31348

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
Super Testimonials

Researcher

Khalid

More Details >

Ultimate Bootstrap Elements for Elementor <= 1.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Widget

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-2132

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
Ultimate Bootstrap Elements for Elementor

Researcher

Francesco Carlucci

More Details >

Watu Quiz <= 3.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-0873

Patch Status
Patched

Published
Apr 4, 2024

Affected Software
Watu Quiz

Researcher

Lucio Sá

More Details >

WordPress Tag and Category Manager – AI Autotagger <= 3.13.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVSS Rating
Medium (6.4)

CVE-ID
CVE-2024-2830

Patch Status
Patched

Published
Apr 3, 2024

Affected Software
WordPress Tag, Category, and Taxonomy Manager – AI Autotagger

Researcher

stealthcopter

More Details >

Bannerlid <= 1.1.0 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-3048

Patch Status
Unpatched

Published
Apr 5, 2024

Affected Software
Bannerlid

Researcher

Bob Matyas

More Details >

ELEX WooCommerce Dynamic Pricing and Discounts <= 2.1.2 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-31255

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
ELEX WooCommerce Dynamic Pricing and Discounts

Researcher

Le Ngoc Anh

More Details >

ENL Newsletter <= 1.0.1 - Cross-Site Request Forgery

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-3058

Patch Status
Unpatched

Published
Apr 5, 2024

Affected Software
ENL Newsletter

Researcher

Bob Matyas

More Details >

MM-email2image <= 0.2.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-3076

Patch Status
Unpatched

Published
Apr 5, 2024

Affected Software
MM-email2image

Researcher

Bob Matyas

More Details >

WebinarPress <= 1.33.9 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-31256

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
WordPress Webinar Plugin – WebinarPress

Researcher

Le Ngoc Anh

More Details >

WooCommerce Customers Manager <= 29.7 - Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)

CVE-ID
CVE-2024-1743

Patch Status
Patched

Published
Apr 3, 2024

Affected Software
WooCommerce Customers Manager

Researcher

Erwan LR

More Details >

Relevanssi – A Better Search <= 4.22.1 - Unauthenticated Second Order CSV Injection

5.8

CVSS Rating
Medium (5.8)

CVE-ID
CVE-2024-3214

Patch Status
Patched

Published
Apr 4, 2024

Affected Software
Relevanssi – A Better Search
Relevanssi – A Better Search (Pro)

Researcher

Thura Moe Myint (mgthuramoemyint)

More Details >

Wholesale For WooCommerce <= 2.3.0 - Unauthenticated Arbitrary Post Deletion

5.8

CVSS Rating
Medium (5.8)

CVE-ID
CVE-2024-31297

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
Wholesale For WooCommerce

Researcher

Dave Jong

More Details >

Floating Chat Widget <= 3.1.8 - Authenticated (Editor+) Stored Cross-Site Scripting

5.5

CVSS Rating
Medium (5.5)

CVE-ID
CVE-2024-2972

Patch Status
Patched

Published
Apr 3, 2024

Affected Software
Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button – Chaty

Researcher

Dmitrii Ignatyev

More Details >

Import WP – Export and Import CSV and XML files to WordPress <= 2.13.0 - Authenticated (Admin+) Server-Side Request Forgery

5.5

CVSS Rating
Medium (5.5)

CVE-ID
CVE-2023-7253

Patch Status
Patched

Published
Apr 3, 2024

Affected Software
Import WP – Export and Import CSV and XML files to WordPress

Researcher

Mr Empy

More Details >

Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.21 - Authenticated (Admin+) Stored Cross-Site Scripting via SVG

5.5

CVSS Rating
Medium (5.5)

CVE-ID
CVE-2024-2296

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
Photo Gallery by 10Web – Mobile-Friendly Image Gallery

Researcher

Jobert Krohnen

More Details >

App Builder <= 3.8.7 - Open Redirection

5.4

CVSS Rating
Medium (5.4)

CVE-ID
CVE-2024-31282

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
App Builder – Create Native Android & iOS Apps On The Flight

Researcher

beluga

More Details >

Happy Addons for Elementor <= 3.10.4 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via title_tag

5.4

CVSS Rating
Medium (5.4)

CVE-ID
CVE-2024-2786

Patch Status
Patched

Published
Apr 4, 2024

Affected Software
Happy Addons for Elementor

Researcher

wesley (wcraft)

More Details >

OAuth Server <= 4.3.3 - Open Redirect

5.4

CVSS Rating
Medium (5.4)

CVE-ID
CVE-2024-31253

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
WP OAuth Server (OAuth Authentication)

Researcher

Le Ngoc Anh

More Details >

ARMember <= 4.0.27 - Directory Traversal via X-FILENAME

5.3

CVSS Rating
Medium (5.3)

CVE-ID
Unknown

Patch Status
Patched

Published
Apr 4, 2024

Affected Software
ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup

Researcher

Lucio Sá

More Details >

BoldGrid Easy SEO – Simple and Effective SEO <= 1.6.14 - Information Exposure

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-2950

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
BoldGrid Easy SEO – Simple and Effective SEO

Researcher

Krzysztof Zając

More Details >

Bricksforge <= 2.0.17 - Missing Authorization to Unauthenticated Arbitrary Email Sending

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-31242

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
Bricksforge

Researcher

Dave Jong

More Details >

Bricksforge <= 2.0.17 - Missing Authorization to Unauthenticated WordPress Settings Deletion

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-31243

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
Bricksforge

Researcher

Dave Jong

More Details >

Bricksforge <= 2.0.17 - Missing Authorization to Unauthenticated WordPress Settings Update

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-31244

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
Bricksforge

Researcher

Dave Jong

More Details >

Captcha by BestWebSoft <= 5.2.0 - Captcha Bypass

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-31295

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
Captcha by BestWebSoft – Spam Protection, Security Plugin for WordPress Forms

Researcher

qilin_99

More Details >

CGC Maintenance Mode <= 1.2 - Sensitive Information Exposure

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-1418

Patch Status
Unpatched

Published
Apr 3, 2024

Affected Software
CGC Maintenance Mode

Researcher

Francesco Carlucci

More Details >

Contact Form Email <= 1.3.44 - Unauthenticated Sensitive Information Exposure

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-31302

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
Contact Form Email

Researcher

Joshua Chan

More Details >

ConvertKit <= 2.4.5 - Unauthenticated Sensitive Information Exposure

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-31245

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
Kit (formerly ConvertKit) – Email Newsletter, Email Marketing, Subscribers and Landing Pages

Researcher

Joshua Chan

More Details >

Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) <= 3.2.9 - Sensitive Information Exposure

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-2302

Patch Status
Patched

Published
Apr 3, 2024

Affected Software
Easy Digital Downloads – eCommerce Payments and Subscriptions made easy

Researcher

Colin Xu

More Details >

Email Subscribers & Newsletters <= 5.7.13 - Missing Authorization

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-31352

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
Email Subscribers by Icegram Express – Affordable, Powerful Email Marketing for WordPress & WooCommerce

Researcher

Mika

More Details >

EmbedPress <= 3.9.11 - Missing Authorization

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-31274

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
EmbedPress – Embed PDF, 3D Flipbook, Social Feeds, Google Docs, Vimeo, Wistia, YouTube Videos, Audios, Google Maps in Gutenberg Block & Elementor

Researcher

Mika

More Details >

EmbedPress <= 3.9.8 - Missing Authorization via handle_calendly_data

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-31284

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
EmbedPress – Embed PDF, 3D Flipbook, Social Feeds, Google Docs, Vimeo, Wistia, YouTube Videos, Audios, Google Maps in Gutenberg Block & Elementor

Researcher

Majed Refaea

More Details >

EventPrime <= 3.3.4 - Missing Authorization to Booking Price Maniputlation

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-31275

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
EventPrime – Events Calendar, Bookings and Tickets

Researcher

Joshua Chan

More Details >

FG Drupal to WordPress <= 3.70.3 - Sensitive Information Exposure

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-31247

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
FG Drupal to WordPress

Researcher

beluga

More Details >

JS Help Desk – Best Help Desk & Support Plugin <= 2.8.3 - Missing Authorization

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-31273

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
JS Help Desk – The Ultimate Help Desk & Support Plugin

Researcher

Fariq Fadillah Gusti Insani (fariqfgi)

More Details >

MP3 Audio Player for Music, Radio & Podcast by Sonaar <= 4.10.1 - Unauthenticated Arbitrary File Download

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-31343

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar

Researcher

beluga

More Details >

Profile Builder <= 3.11.2 - Restricted Email Bypass

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-31341

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor

Researcher

Ananda Dhakal

More Details >

Relevanssi – A Better Search <= 4.22.1 - Missing Authorization to Unauthenticated Count Option Update

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-3213

Patch Status
Patched

Published
Apr 4, 2024

Affected Software
Relevanssi – A Better Search
Relevanssi – A Better Search (Pro)

Researcher

Thura Moe Myint (mgthuramoemyint)

More Details >

SearchIQ <= 4.5 - Unauthenticated Sensitive Information Exposure

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-31259

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
SearchIQ – The Search Solution

Researcher

Joshua Chan

More Details >

Sharkdropship for AliExpress Dropshipping and Affiliate <= 2.2.4 - Missing Authorization to Unauthenticated Arbitrary Post Deletion

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-1732

Patch Status
Patched

Published
Apr 1, 2024

Affected Software
Sharkdropship Dropshipping & Affiliate for for AliExpress

Researcher

Lucio Sá

More Details >

ShortPixel Adaptive Images <= 3.8.2 - Missing Authorization in activate_ai_handler and deactivate_ai_handler

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-31230

Patch Status
Patched

Published
Apr 2, 2024

Affected Software
ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization

Researcher

Mika

More Details >

Slideshow Gallery <= 1.8 - Unauthenticated Sensitive Information Exposure

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-31353

Patch Status
Patched

Published
Apr 7, 2024

Affected Software
Slideshow Gallery LITE

Researcher

Ananda Dhakal

More Details >

Subscribe To Comments Reloaded <= 220725 - Unauthenticated Sensitive Information Exposure

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-31249

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
Subscribe To Comments Reloaded

Researcher

Joshua Chan

More Details >

Tickera – WordPress Event Ticketing <= 3.5.2.4 - Insecure Direct Object Reference to Information Exposure

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2023-7252

Patch Status
Patched

Published
Apr 1, 2024

Affected Software
Tickera – WordPress Event Ticketing

Researcher

Martin Thirup Christensen

More Details >

User Spam Remover <= 1.0 - Unauthenticated Sensitive Information Exposure

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-31298

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
User Spam Remover

Researcher

Joshua Chan

More Details >

WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels <= 4.4.2 - Missing Authorization to Unauthenticated Settings Reset

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-3216

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels

Researcher

Krzysztof Zając

More Details >

WordPress Backup & Migration <= 1.4.7 - Unauthenticated Sensitive Information Exposure

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-31254

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
WebToffee WP Backup and Migration

Researcher

Joshua Chan

More Details >

WordPress Core <= 6.4.3 - Sensitive Information Exposure via redirect_guess_404_permalink

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2023-5692

Patch Status
Patched

Published
Apr 4, 2024

Affected Software
WordPress

Researcher

Francesco Carlucci

More Details >

WordPress Gallery Plugin – NextGEN Gallery <= 3.59 - Missing Authorization to Unauthenticated Information Disclosure

5.3

CVSS Rating
Medium (5.3)

CVE-ID
CVE-2024-3097

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery

Researcher

Peng Zhou

More Details >

AGCA – Custom Dashboard & Login Page <= 7.2.1 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2024-2907

Patch Status
Patched

Published
Apr 4, 2024

Affected Software
AGCA – Custom Dashboard & Login Page

Researcher

Dikshita Trivedi (Cybersecdexter)

More Details >

Announce from the Dashboard <= 1.5.2 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2024-3030

Patch Status
Patched

Published
Apr 3, 2024

Affected Software
Announce from the Dashboard

Researcher

Benedictus Jovan (aillesiM)

More Details >

Better Comments <= 1.5.5 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2024-2402

Patch Status
Patched

Published
Apr 3, 2024

Affected Software
Better Comments

Researcher

Nicolo

More Details >

Call Now Button <= 1.4.6 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2024-2908

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
Call Now Button – The #1 Click to Call Button for WordPress

Researchers

Dikshita Trivedi (Cybersecdexter)

Dipak Panchal (th3.d1p4k)

More Details >

Easy Login Styler – White Label Admin Login Page for WordPress <= 1.0.6 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2024-31344

Patch Status
Unpatched

Published
Apr 5, 2024

Affected Software
Easy Login Styler – White Label Admin Login Page for WordPress

Researcher

Cronus

More Details >

FancyBox for WordPress 3.0.2 - 3.3.3 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2024-0662

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
FancyBox for WordPress

Researcher

Sh

More Details >

Gutenberg Blocks by Kadence Blocks <= 3.2.17 - Authenticated(Editor+) Stored Cross-Site Scripting via Contact Form Message Settings

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2024-0598

Patch Status
Patched

Published
Apr 2, 2024

Affected Software
Gutenberg Blocks with AI by Kadence WP – Page Builder Features

Researcher

Akbar Kustirama

More Details >

Icegram Express <= 5.7.14 - Authenticated (Administrator+) Cross-Site Scripting via CSV import

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2024-2656

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
Email Subscribers by Icegram Express – Affordable, Powerful Email Marketing for WordPress & WooCommerce

Researcher

Peter17

More Details >

LearnPress <= 4.2.6.3 - Authenticated(LP Instructor+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2024-1463

Patch Status
Patched

Published
Apr 4, 2024

Affected Software
LearnPress – WordPress LMS Plugin

Researcher

drop

More Details >

Post Grid, Post Carousel, & List Category Posts <= 2.4.27 - Authenticated (Editor+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2024-3996

Patch Status
Patched

Published
Apr 4, 2024

Affected Software
Smart Post Show – Post Grid, Post Carousel, Post Slider, Post Timeline, Post Table, and List Category Posts, Latest Posts, Recent Posts, Popular Posts and More

Researcher

Dmitrii Ignatyev

More Details >

Salon booking system <= 9.6.5 - Authenticated (Editor+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2024-2439

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
Salon Booking System

Researcher

cyc707

More Details >

Salon booking system <= 9.6.5 - Authenticated (Editor+) Stored Cross-Site Scripting via Email Settings

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2024-2603

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
Salon Booking System

Researcher

Bob Matyas

More Details >

WP Chat App <= 3.6.3 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2024-2837

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
WP Chat App

Researcher

Dmitrii Ignatyev

More Details >

WP Google Review Slider <= 13.5 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
CVE-2024-2310

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
WP Google Review Slider

Researcher

Dmitrii Ignatyev

More Details >

WPvivid Backup for MainWP <= 0.9.33 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)

CVE-ID
Unknown

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
WPvivid Backup for MainWP

Researcher

shaman0x01

More Details >

All-in-One Video Gallery <= 3.5.2 - Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-31248

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
All-in-One Video Gallery

Researcher

emad

More Details >

Announcer – Notification & message bars <= 6.0 - Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-31261

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
Announcer – Sticky Message Banner, Notification Bar – Add to Top, Bottom of your Website

Researcher

Abdi Pranata

More Details >

AppPresser <= 4.3.0 - Cross-Site Request Forgery via toggle_logging_callback()

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-31268

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
AppPresser – Mobile App Framework

Researcher

Dhabaleshwar Das

More Details >

ARForms Form Builder <= 1.6.1 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-31272

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
Contact Form, Survey, Quiz & Popup Form Builder – ARForms

Researcher

beluga

More Details >

ARForms Form Builder <= 1.6.1 - Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-31270

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
Contact Form, Survey, Quiz & Popup Form Builder – ARForms

Researcher

beluga

More Details >

AWP Classifieds <= 4.3.1 - Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-31350

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
WordPress Classifieds Plugin – Ad Directory & Listings by AWP Classifieds

Researcher

Abdi Pranata

More Details >

BookingPress <= 1.0.81 - Authenticated (Customer+) Insecure Direct Object Reference

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-31296

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress

Researcher

Steven Julian

More Details >

Church Admin <= 4.1.6 - Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-31281

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
Church Admin

Researcher

Peng Zhou

More Details >

Easy Digital Downloads <= 3.2.6 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-31293

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
Easy Digital Downloads – eCommerce Payments and Subscriptions made easy

Researcher

Dhabaleshwar Das

More Details >

Easy Google Maps <= 1.11.11 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-31269

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
Easy Google Maps

Researcher

Steven Julian

More Details >

Easy Social Share Buttons <= 9.4 - Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-31307

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
Easy Social Share Buttons for WordPress

Researcher

Rafie Muhammad

More Details >

ENL Newsletter <= 1.0.1 - Cross-Site Request Forgery to Campaign Deletion

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-3059

Patch Status
Unpatched

Published
Apr 5, 2024

Affected Software
ENL Newsletter

Researcher

Bob Matyas

More Details >

Flexible Checkout Fields for WooCommerce <= 4.1.2 - Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-31267

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
Flexible Checkout Fields for WooCommerce – WooCommerce Checkout Manager

Researcher

Dhabaleshwar Das

More Details >

Generate Child Theme <= 2.0 - Cross-Site Request Forgery via process_create_form()

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-31279

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
Generate Child Theme

Researcher

Abdi Pranata

More Details >

Happy Addons for Elementor <= 3.10.4 - Incorrect Authorization to Information Exposure

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-1387

Patch Status
Patched

Published
Apr 4, 2024

Affected Software
Happy Addons for Elementor

Researcher

Lucio Sá

More Details >

Hello Elementor <= 3.0.0 - Cross-Site Request Forgery to Notice Dismissal

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-31289

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
Hello Elementor

Researcher

Dhabaleshwar Das

More Details >

Image Watermark <= 1.7.3 - Missing Authorization to Authenticated (Subscriber+) Watermark Modification

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-1994

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
Image Watermark

Researcher

Lucio Sá

More Details >

Loan Repayment Calculator and Application Form <= 2.9.4 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-31263

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
Loan Repayment Calculator and Application Form

Researcher

Skalucy

More Details >

Media Library Folders <= 8.1.8 - Authenticated (Author+) Directory Traversal

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-31287

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
Media Library Folders

Researcher

Majed Refaea

More Details >

Multiple Page Generator Plugin – MPG <= 3.4.0 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-31301

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
Multiple Page Generator Plugin – MPG

Researcher

Majed Refaea

More Details >

Nudgify Social Proof, Sales Popup & FOMO <= 1.3.3 - Cross-Site Request Forgery via sync_orders_manually()

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-31239

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
Nudgify Social Proof, Sales Popup & FOMO – Best WordPress Social Proof Plugin

Researcher

Dhabaleshwar Das

More Details >

Post Views Counter <= 1.4.4 - Cross-Site Request Forgery via save_bulk_post_views()

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-31264

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
Post Views Counter

Researcher

Brandon James Roldan (tomorrowisnew)

More Details >

PostX – Gutenberg Blocks for Post Grid <= 3.2.3 - Incorrect Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-31246

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX

Researcher

movrment

More Details >

Premium Addons for Elementor <= 4.10.22 - Authenticated (Contributor+) Sensitive Information Exposure

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-31278

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
Premium Addons for Elementor

Researcher

Khalid

More Details >

ProfileGrid <= 5.7.6 - Authenticated (Subscriber+) Insecure Direct Object Reference

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-31291

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
ProfileGrid – User Profiles, Groups and Communities

Researcher

Kyle Sanchez

More Details >

ReDi Restaurant Reservation <= 24.0128 - Cross-Site Request Forgery via redi_restaurant_admin_options_page()

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-31299

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
ReDi Restaurant Reservation

Researcher

Majed Refaea

More Details >

Responsive Lightbox <= 2.4.6 - Missing Authorization via Information Disclosure

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-31252

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
Responsive Lightbox & Gallery

Researcher

emad

More Details >

SecuPress Free — WordPress Security <= 2.2.5.1 - Cross-Site Request Forgery to Banned IP Address

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-1504

Patch Status
Patched

Published
Apr 1, 2024

Affected Software
SecuPress Free — WordPress Security

Researcher

Lucio Sá

More Details >

Sign-up Sheets <= 2.2.11.1 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-31303

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
Sign-up Sheets

Researcher

Dhabaleshwar Das

More Details >

Slideshow Gallery <= 1.7.8 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-31354

Patch Status
Patched

Published
Apr 7, 2024

Affected Software
Slideshow Gallery LITE

Researcher

Ananda Dhakal

More Details >

Smart Online Order for Clover <= 1.5.4 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-31238

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
Smart Online Order for Clover

Researcher

thiennv

More Details >

Sumo <= 1.34 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-31265

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
Website Pop-up Builder by BDOW! (formerly Sumo): Pop-ups + forms for email opt-ins and lead generation

Researcher

Friday

More Details >

Tracking Code Manager <= 2.1.0 - Missing Authorization via change_order()

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-31347

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
Tracking Code Manager

Researcher

Abdi Pranata

More Details >

Transcoder <= 1.3.5 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-31305

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
Transcoder

Researcher

Majed Refaea

More Details >

Ultimate Maps by Supsystic <= 1.2.16 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-31271

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
Ultimate Maps by Supsystic

Researcher

Steven Julian

More Details >

Watu Quiz <= 3.4.1 - Sensitive Information Disclosure

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-0872

Patch Status
Patched

Published
Apr 4, 2024

Affected Software
Watu Quiz

Researcher

Lucio Sá

More Details >

WC Marketplace <= 4.1.3 - Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-31304

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution

Researcher

LVT-tholv2k

More Details >

WooCommerce <= 8.5.2 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-22155

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
WooCommerce

Researcher

Dhabaleshwar Das

More Details >

WooCommerce Checkout Field Editor (Checkout Manager) <= 2.1.8 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-31262

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
Checkout Field Manager for WooCommerce (My Account, Register)

Researcher

Skalucy

More Details >

WooCommerce Customers Manager <= 29.7 - Missing Authorization to Information Exposure

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-1756

Patch Status
Patched

Published
Apr 2, 2024

Affected Software
WooCommerce Customers Manager

Researcher

Erwan LR

More Details >

WordPress Comments Import & Export <= 2.3.5 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-31235

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
WordPress Comments Import & Export

Researcher

Dhabaleshwar Das

More Details >

WordPress Tooltips <= 9.4.9 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-31285

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
WordPress Tooltips

Researcher

Majed Refaea

More Details >

WP Server Health Stats <= 1.7.3 - Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-31250

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
WP Server Health Stats

Researcher

Dhabaleshwar Das

More Details >

WP Sort Order <= 1.3.1 - Missing Authorization

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-31294

Patch Status
Patched

Published
Apr 5, 2024

Affected Software
WP Sort Order

Researcher

CatFather

More Details >

WPFront User Role Editor <= 3.2.1.11184 - Limited Information Exposure

4.3

CVSS Rating
Medium (4.3)

CVE-ID
CVE-2024-2931

Patch Status
Patched

Published
Apr 1, 2024

Affected Software
WPFront User Role Editor

Researcher

1337_Wannabe

More Details >

WordPress Gallery Exporter <= 1.3 - Authenticated (Administrator+) Arbitrary File Download

2.7

CVSS Rating
Low (2.7)

CVE-ID
CVE-2024-31342

Patch Status
Unpatched

Published
Apr 5, 2024

Affected Software
WordPress Gallery Exporter – Export your NextGen, Envira and FooGallery galleries to your computer

Researcher

Abdi Prawira Negara

More Details >