Wordfence Intelligence Weekly WordPress Vulnerability Report (April 1, 2024 to April 7, 2024)


🎉 Did you know we’re running a Bug Bounty Extravaganza again?

Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure!


Last week, there were 194 vulnerabilities disclosed in 155 WordPress Plugins and 2 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 73 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.

Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface, vulnerability API, webhook integration, and Wordfence CLI Vulnerability Scanner are all completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.

Enterprises, Hosting Providers, and even Individuals can use the Wordfence CLI Vulnerability Scanner to run regular vulnerability scans across the sites they protect. Or alternatively, utilize the vulnerability Database API to receive a complete dump of our database of over 15,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.


Total Unpatched & Patched Vulnerabilities Last Week

Patch Status Number of Vulnerabilities
Patched 181
Unpatched 13


Total Vulnerabilities by CVSS Severity Last Week

Severity Rating Number of Vulnerabilities
Low Severity 1
Medium Severity 160
High Severity 18
Critical Severity 15


Total Vulnerabilities by CWE Type Last Week

Vulnerability Type by CWE Number of Vulnerabilities
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 70
Missing Authorization 33
Cross-Site Request Forgery (CSRF) 28
Exposure of Sensitive Information to an Unauthorized Actor 13
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') 9
Unrestricted Upload of File with Dangerous Type 7
Authorization Bypass Through User-Controlled Key 5
Deserialization of Untrusted Data 4
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') 4
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') 2
Incorrect Privilege Assignment 2
Server-Side Request Forgery (SSRF) 2
URL Redirection to Untrusted Site ('Open Redirect') 2
Absolute Path Traversal 1
Exposure of Private Personal Information to an Unauthorized Actor 1
External Control of Assumed-Immutable Web Parameter 1
Guessable CAPTCHA 1
Improper Access Control 1
Improper Authorization 1
Improper Control of Generation of Code ('Code Injection') 1
Improper Neutralization of Alternate XSS Syntax 1
Improper Neutralization of Formula Elements in a CSV File 1
Incorrect Authorization 1
Incorrect Behavior Order: Early Validation 1
Insertion of Sensitive Information into Log File 1
Path Traversal: '.../...//' 1


Researchers That Contributed to WordPress Security Last Week

Researcher Name Number of Vulnerabilities
14
9
9
8
8
7
7
7
7
6
6
5
4
4
4
4
4
4
4
3
3
3
3
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
1
1
1
1
1
1
1
1
1
1
1
1
Sh
1
1
1
1
1
1
1
1
1
ST
1
1
1
1
1
1
1
1
1
1
1

Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and earn a bounty on in-scope vulnerabilities through our Bug Bounty Program. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.


WordPress Plugins with Reported Vulnerabilities Last Week

Software Name Software Slug
Advanced Local Pickup for WooCommerce advanced-local-pickup-for-woocommerce
Advanced Order Export For WooCommerce woo-order-export-lite
Advanced Search advance-search
AGCA – Custom Dashboard & Login Page ag-custom-admin
All-in-One Video Gallery all-in-one-video-gallery
Announce from the Dashboard announce-from-the-dashboard
Announcer – Sticky Message Banner, Notification Bar – Add to Top, Bottom of your Website announcer
App Builder – Create Native Android & iOS Apps On The Flight app-builder
Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress bookingpress-appointment-booking
AppPresser – Mobile App Framework apppresser
ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup armember-membership
Auto Poster auto-poster
Bannerlid bannerlid
Beaver Builder – WordPress Page Builder beaver-builder-lite-version
Beaver Themer beaver-themer
Better Comments better-comments
Bold Page Builder bold-page-builder
BoldGrid Easy SEO – Simple and Effective SEO boldgrid-easy-seo
Bricksforge bricksforge
Call Now Button – The #1 Click to Call Button for WordPress call-now-button
Captcha by BestWebSoft – Spam Protection, Security Plugin for WordPress Forms captcha-bws
Carousel, Slider, Gallery by WP Carousel – Image Carousel with Lightbox & Photo Gallery, Video Slider, Post Carousel & Post Grid, Product Carousel & Product Grid wp-carousel-free
CGC Maintenance Mode cgc-maintenance-mode
Checkout Field Manager for WooCommerce (My Account, Register) woo-checkout-regsiter-field-editor
Church Admin church-admin
Classified Listing – Classified ads & Business Directory Plugin classified-listing
CMB2 cmb2
Colibri Page Builder colibri-page-builder
Contact Form Email contact-form-to-email
Contact Form, Survey, Quiz & Popup Form Builder – ARForms arforms-form-builder
Creative Addons for Elementor creative-addons-for-elementor
Custom post types, Custom Fields & more custom-post-types
Demo My WordPress demo-my-wordpress
Easy Digital Downloads – eCommerce Payments and Subscriptions made easy easy-digital-downloads
Easy Google Maps google-maps-easy
Easy Login Styler – White Label Admin Login Page for WordPress easy-login-styler
Easy Social Share Buttons for WordPress easy-social-share-buttons3
Edwiser Bridge – WordPress Moodle LMS Integration edwiser-bridge
Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) bdthemes-element-pack-lite
Elementor Addons, Widgets and Enhancements – Stax stax-addons-for-elementor
ElementsKit Elementor addons elementskit-lite
ELEX WooCommerce Dynamic Pricing and Discounts elex-woocommerce-dynamic-pricing-and-discounts
Email Subscribers by Icegram Express – Affordable, Powerful Email Marketing for WordPress & WooCommerce email-subscribers
EmbedPress – Embed PDF, PDF 3D FlipBook, Instagram Social Feeds, Google Docs, Vimeo, Wistia, YouTube Videos, Maps & Upload PDF Documents embedpress
ENL Newsletter enl-newsletter
EnvíaloSimple: Email Marketing y Newsletters envialosimple-email-marketing-y-newsletters-gratis
ePoll – Best WordPress Voting Plugin for Poll & Contest epoll-wp-voting
Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates essential-blocks
EventPrime – Events Calendar, Bookings and Tickets eventprime-event-calendar-management
FancyBox for WordPress fancybox-for-wordpress
FG Drupal to WordPress fg-drupal-to-wp
File Manager wp-file-manager
Flexible Checkout Fields for WooCommerce – WooCommerce Checkout Manager flexible-checkout-fields
Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button, WhatsApp – Chaty chaty
FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel foogallery
Form to Chat App ⚡️ form-to-chat
Formsite | Embed online forms to collect orders, registrations, leads, and surveys formsite
Generate Child Theme generate-child-theme
Genesis Blocks genesis-blocks
Global Elementor Buttons global-elementor-buttons
Gradient Text Widget for Elementor gradient-text-widget-for-elementor
Gutenberg Blocks with AI by Kadence WP – Page Builder Features kadence-blocks
Happy Addons for Elementor happy-elementor-addons
Image Watermark image-watermark
Import WP – Export and Import CSV and XML files to WordPress jc-importer
Import XML and RSS Feeds import-xml-feed
Jeg Elementor Kit jeg-elementor-kit
JS Help Desk – The Ultimate Help Desk & Support Plugin js-support-ticket
Kit (formerly ConvertKit) – Email Newsletter, Email Marketing, Subscribers and Landing Pages convertkit
LayerSlider LayerSlider
LearnPress Export Import – WordPress extension for LearnPress learnpress-import-export
LearnPress – WordPress LMS Plugin learnpress
Loan Repayment Calculator and Application Form quick-interest-slider
MailMunch – Grow your Email List mailmunch
Masteriyo LMS – eLearning and Online Course Builder for WordPress learning-management-system
MasterStudy LMS WordPress Plugin – for Online Courses and Education masterstudy-lms-learning-management-system
Media Library Folders media-library-plus
MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor metform
MM-email2image mm-email2image
Modal Popup Box – Popup Builder, Show Offers And News in Popup modal-popup-box
MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar mp3-music-player-by-sonaar
Multiple Page Generator Plugin – MPG multiple-pages-generator-by-porthas
MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution dc-woocommerce-multi-vendor
Nudgify Social Proof, Sales Popup & FOMO – Best WordPress Social Proof Plugin nudgify
Passster – Password Protect Pages and Content content-protector
Photo Gallery by 10Web – Mobile-Friendly Image Gallery photo-gallery
Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery nextgen-gallery
Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX ultimate-post
Post Views Counter post-views-counter
Powerkit – Supercharge your WordPress Site powerkit
Premium Addons for Elementor premium-addons-for-elementor
Product Designer product-designer
Product Sort and Display for WooCommerce woocommerce-product-sort-and-display
ProfileGrid – User Profiles, Groups and Communities profilegrid-user-profiles-groups-and-communities
RapidLoad – Optimize Web Vitals Automatically unusedcss
ReDi Restaurant Reservation redi-restaurant-reservation
rehub-framework rehub-framework
Relevanssi – A Better Search relevanssi
Relevanssi – A Better Search (Pro) relevanssi-premium
Responsive Lightbox & Gallery responsive-lightbox
Royal Elementor Addons and Templates royal-elementor-addons
RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator feedzy-rss-feeds
s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions s2member
Salon Booking System salon-booking-system
SearchIQ – The Search Solution searchiq
SecuPress Free — WordPress Security secupress
Sharkdropship Dropshipping & Affiliate for for AliExpress wooshark-aliexpress-importer
ShopLentor – WooCommerce Builder for Elementor & Gutenberg +17 Modules – All in One Solution (formerly WooLentor) woolentor-addons
ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization shortpixel-adaptive-images
Sign-up Sheets sign-up-sheets
Slideshow Gallery LITE slideshow-gallery
Smart Online Order for Clover clover-online-orders
Smart Post Show – Post Grid, Post Carousel, Post Slider, Post Timeline, Post Table, and List Category Posts, Latest Posts, Recent Posts, Popular Posts and More post-carousel
Social Sharing Plugin – Sassy Social Share sassy-social-share
Spectra – WordPress Gutenberg Blocks ultimate-addons-for-gutenberg
Squelch Tabs and Accordions Shortcodes squelch-tabs-and-accordions-shortcodes
Strong Testimonials strong-testimonials
Subscribe To Comments Reloaded subscribe-to-comments-reloaded
Super Testimonials super-testimonial
Sydney Toolbox sydney-toolbox
Template Kit – Import template-kit-import
Tickera – WordPress Event Ticketing tickera-event-ticketing-system
Tracking Code Manager tracking-code-manager
Transcoder transcoder
Ultimate Bootstrap Elements for Elementor ultimate-bootstrap-elements-for-elementor
Ultimate Maps by Supsystic ultimate-maps-by-supsystic
User Activity Log user-activity-log
User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor profile-builder
User Spam Remover user-spam-remover
Watu Quiz watu
Website Pop-up Builder by BDOW! (formerly Sumo): Pop-ups + forms for email opt-ins and lead generation sumome
WebToffee WP Backup and Migration wp-migration-duplicator
Wholesale For WooCommerce woocommerce-wholesale-pricing
WooCommerce woocommerce
WooCommerce Customers Manager woocommerce-customers-manager
WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels print-invoices-packing-slip-labels-for-woocommerce
WordPress Classifieds Plugin – Ad Directory & Listings by AWP Classifieds another-wordpress-classifieds-plugin
WordPress Comments Import & Export comments-import-export-woocommerce
WordPress Gallery Exporter – Export your NextGen, Envira and FooGallery galleries to your computer wp-gallery-exporter
WordPress Tag, Category, and Taxonomy Manager – AI Autotagger simple-tags
WordPress Tooltips wordpress-tooltips
WordPress Webinar Plugin – WebinarPress wp-webinarsystem
WP Chat App wp-whatsapp
WP Directory Kit wpdirectorykit
WP Google Review Slider wp-google-places-review-slider
WP Import Export Lite wp-import-export-lite
WP OAuth Server (OAuth Authentication) oauth2-provider
WP Photo Album Plus wp-photo-album-plus
WP Server Health Stats wp-server-stats
WP Shortcodes Plugin — Shortcodes Ultimate shortcodes-ultimate
WP Sort Order wp-sort-order
WP-Members Membership Plugin wp-members
WP-Stateless – Google Cloud Storage wp-stateless
WPFront User Role Editor wpfront-user-role-editor
WPvivid Backup for MainWP wpvivid-backup-mainwp


WordPress Themes with Reported Vulnerabilities Last Week

Software Name Software Slug
Hello Elementor hello-elementor
rehub-theme rehub-theme


Vulnerability Details

Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you’d like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.

CVSS Rating
Critical (9.9)
CVE-ID
CVE-2024-31355
Patch Status
Patched
Published
Apr 7, 2024
Affected Software
Slideshow Gallery LITE
Researcher
CVSS Rating
Critical (9.9)
CVE-ID
CVE-2024-31286
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
WP Photo Album Plus
Researcher
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-31290
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
Demo My WordPress
Researcher
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-2879
Patch Status
Patched
Published
Apr 2, 2024
Affected Software
LayerSlider
Researcher
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-24882
Patch Status
Patched
Published
Apr 5, 2024
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-3136
Patch Status
Patched
Published
Apr 4, 2024
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-31277
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
Product Designer
Researcher
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-31231
Patch Status
Patched
Published
Apr 3, 2024
Affected Software
rehub-theme
Researcher
CVSS Rating
Critical (9.1)
CVE-ID
CVE-2024-31266
Patch Status
Patched
Published
Apr 5, 2024
Researcher
CVSS Rating
Critical (9.1)
CVE-ID
CVE-2024-31345
Patch Status
Unpatched
Published
Apr 5, 2024
CVSS Rating
Critical (9.1)
CVE-ID
CVE-2024-31260
Patch Status
Patched
Published
Apr 5, 2024
CVSS Rating
Critical (9.1)
CVE-ID
CVE-2024-31292
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
Import XML and RSS Feeds
Researcher
CVSS Rating
Critical (9.1)
CVE-ID
CVE-2024-31241
Patch Status
Patched
Published
Apr 5, 2024
CVSS Rating
Critical (9.1)
CVE-ID
CVE-2024-31356
Patch Status
Patched
Published
Apr 7, 2024
Affected Software
User Activity Log
Researcher
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-31280
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
Church Admin
Researcher
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-31300
Patch Status
Patched
Published
Apr 5, 2024
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-2125
Patch Status
Patched
Published
Apr 1, 2024
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-2115
Patch Status
Patched
Published
Apr 4, 2024
Researcher
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-31233
Patch Status
Patched
Published
Apr 3, 2024
Affected Software
rehub-theme
Researcher
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-31234
Patch Status
Patched
Published
Apr 3, 2024
Affected Software
rehub-framework
Researcher
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-3217
Patch Status
Patched
Published
Apr 4, 2024
Affected Software
WP Directory Kit
Researcher
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-31240
Patch Status
Patched
Published
Apr 5, 2024
CVSS Rating
High (7.5)
CVE-ID
CVE-2024-1792
Patch Status
Patched
Published
Apr 3, 2024
Affected Software
CMB2
Researcher
CVSS Rating
High (7.2)
CVE-ID
CVE-2024-31288
Patch Status
Patched
Published
Apr 5, 2024
CVSS Rating
High (7.2)
CVE-ID
CVE-2024-31232
Patch Status
Patched
Published
Apr 3, 2024
Affected Software
rehub-theme
Researcher
CVSS Rating
High (7.2)
CVE-ID
CVE-2024-3265
Patch Status
Unpatched
Published
Apr 4, 2024
Affected Software
Advanced Search
CVSS Rating
High (7.2)
CVE-ID
CVE-2024-31308
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
WP Import Export Lite
Researcher
CVSS Rating
High (7.2)
CVE-ID
CVE-2024-1852
Patch Status
Patched
Published
Apr 1, 2024
Affected Software
WP-Members Membership Plugin
Researcher
CVSS Rating
High (7.1)
CVE-ID
CVE-2024-1385
Patch Status
Patched
Published
Apr 5, 2024
CVSS Rating
Medium (6.8)
CVE-ID
CVE-2024-2654
Patch Status
Patched
Published
Apr 3, 2024
Affected Software
File Manager
Researcher
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2024-31283
Patch Status
Patched
Published
Apr 5, 2024
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2023-6695
Patch Status
Patched
Published
Apr 3, 2024
Affected Software
Beaver Themer
Researcher
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2024-1289
Patch Status
Patched
Published
Apr 4, 2024
Researcher
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2024-1807
Patch Status
Patched
Published
Apr 1, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2023-6694
Patch Status
Patched
Published
Apr 6, 2024
Affected Software
Beaver Themer
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-2404
Patch Status
Patched
Published
Apr 3, 2024
Affected Software
Better Comments
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-3267
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
Bold Page Builder
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-3266
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
Bold Page Builder
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-2839
Patch Status
Patched
Published
Apr 1, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-2924
Patch Status
Patched
Published
Apr 1, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2023-6993
Patch Status
Patched
Published
Apr 4, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-2803
Patch Status
Patched
Published
Apr 3, 2024
Affected Software
ElementsKit Elementor addons
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-31258
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
Form to Chat App ⚡️
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-1946
Patch Status
Patched
Published
Apr 1, 2024
Affected Software
Genesis Blocks
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-2327
Patch Status
Unpatched
Published
Apr 4, 2024
Affected Software
Global Elementor Buttons
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-31346
Patch Status
Unpatched
Published
Apr 5, 2024
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-1498
Patch Status
Patched
Published
Apr 4, 2024
Affected Software
Happy Addons for Elementor
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-2789
Patch Status
Patched
Published
Apr 4, 2024
Affected Software
Happy Addons for Elementor
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-1327
Patch Status
Patched
Published
Apr 2, 2024
Affected Software
Jeg Elementor Kit
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-3162
Patch Status
Patched
Published
Apr 2, 2024
Affected Software
Jeg Elementor Kit
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-31349
Patch Status
Patched
Published
Apr 5, 2024
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-3075
Patch Status
Unpatched
Published
Apr 5, 2024
Affected Software
MM-email2image
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-2026
Patch Status
Patched
Published
Apr 4, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-31236
Patch Status
Patched
Published
Apr 5, 2024
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-2159
Patch Status
Patched
Published
Apr 5, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-3188
Patch Status
Patched
Published
Apr 5, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2023-6486
Patch Status
Patched
Published
Apr 3, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-3261
Patch Status
Patched
Published
Apr 3, 2024
Affected Software
Strong Testimonials
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-3208
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
Sydney Toolbox
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-2334
Patch Status
Patched
Published
Apr 1, 2024
Affected Software
Template Kit – Import
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-31348
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
Super Testimonials
Researcher
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-0873
Patch Status
Patched
Published
Apr 4, 2024
Affected Software
Watu Quiz
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-3048
Patch Status
Unpatched
Published
Apr 5, 2024
Affected Software
Bannerlid
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-31255
Patch Status
Patched
Published
Apr 5, 2024
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-3058
Patch Status
Unpatched
Published
Apr 5, 2024
Affected Software
ENL Newsletter
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-3076
Patch Status
Unpatched
Published
Apr 5, 2024
Affected Software
MM-email2image
Researcher
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-31256
Patch Status
Patched
Published
Apr 5, 2024
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-1743
Patch Status
Patched
Published
Apr 3, 2024
Affected Software
WooCommerce Customers Manager
Researcher
CVSS Rating
Medium (5.8)
CVE-ID
CVE-2024-31297
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
Wholesale For WooCommerce
Researcher
CVSS Rating
Medium (5.4)
CVE-ID
CVE-2024-31282
Patch Status
Patched
Published
Apr 5, 2024
CVSS Rating
Medium (5.4)
CVE-ID
CVE-2024-2786
Patch Status
Patched
Published
Apr 4, 2024
Affected Software
Happy Addons for Elementor
Researcher
CVSS Rating
Medium (5.4)
CVE-ID
CVE-2024-31253
Patch Status
Patched
Published
Apr 5, 2024
CVSS Rating
Medium (5.3)
CVE-ID
Unknown
Patch Status
Patched
Published
Apr 4, 2024
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-2950
Patch Status
Patched
Published
Apr 5, 2024
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-31242
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
Bricksforge
Researcher
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-31243
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
Bricksforge
Researcher
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-31244
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
Bricksforge
Researcher
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-31295
Patch Status
Patched
Published
Apr 5, 2024
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-1418
Patch Status
Unpatched
Published
Apr 3, 2024
Affected Software
CGC Maintenance Mode
Researcher
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-31302
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
Contact Form Email
Researcher
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-31245
Patch Status
Patched
Published
Apr 5, 2024
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-31352
Patch Status
Patched
Published
Apr 5, 2024
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-31275
Patch Status
Patched
Published
Apr 5, 2024
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-31247
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
FG Drupal to WordPress
Researcher
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-31273
Patch Status
Patched
Published
Apr 5, 2024
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-31343
Patch Status
Patched
Published
Apr 5, 2024
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-31341
Patch Status
Patched
Published
Apr 5, 2024
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-31259
Patch Status
Patched
Published
Apr 5, 2024
Researcher
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-31230
Patch Status
Patched
Published
Apr 2, 2024
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-31353
Patch Status
Patched
Published
Apr 7, 2024
Affected Software
Slideshow Gallery LITE
Researcher
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-31249
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
Subscribe To Comments Reloaded
Researcher
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2023-7252
Patch Status
Patched
Published
Apr 1, 2024
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-31298
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
User Spam Remover
Researcher
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-31254
Patch Status
Patched
Published
Apr 5, 2024
Researcher
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2023-5692
Patch Status
Patched
Published
Apr 4, 2024
Affected Software
WordPress
Researcher
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-2907
Patch Status
Patched
Published
Apr 4, 2024
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-3030
Patch Status
Patched
Published
Apr 3, 2024
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-2402
Patch Status
Patched
Published
Apr 3, 2024
Affected Software
Better Comments
Researcher
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-0662
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
FancyBox for WordPress
Researcher
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-1463
Patch Status
Patched
Published
Apr 4, 2024
Researcher
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-2439
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
Salon Booking System
Researcher
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-2603
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
Salon Booking System
Researcher
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-2837
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
WP Chat App
Researcher
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-2310
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
WP Google Review Slider
Researcher
CVSS Rating
Medium (4.4)
CVE-ID
Unknown
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
WPvivid Backup for MainWP
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31248
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
All-in-One Video Gallery
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31261
Patch Status
Patched
Published
Apr 5, 2024
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31268
Patch Status
Patched
Published
Apr 5, 2024
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31272
Patch Status
Patched
Published
Apr 5, 2024
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31270
Patch Status
Patched
Published
Apr 5, 2024
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31350
Patch Status
Patched
Published
Apr 5, 2024
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31296
Patch Status
Patched
Published
Apr 5, 2024
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31281
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
Church Admin
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31293
Patch Status
Patched
Published
Apr 5, 2024
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31269
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
Easy Google Maps
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31307
Patch Status
Patched
Published
Apr 5, 2024
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-3059
Patch Status
Unpatched
Published
Apr 5, 2024
Affected Software
ENL Newsletter
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31267
Patch Status
Patched
Published
Apr 5, 2024
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31279
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
Generate Child Theme
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-1387
Patch Status
Patched
Published
Apr 4, 2024
Affected Software
Happy Addons for Elementor
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31289
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
Hello Elementor
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-1994
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
Image Watermark
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31263
Patch Status
Patched
Published
Apr 5, 2024
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31287
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
Media Library Folders
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31301
Patch Status
Patched
Published
Apr 5, 2024
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31264
Patch Status
Patched
Published
Apr 5, 2024
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31246
Patch Status
Patched
Published
Apr 5, 2024
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31278
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
Premium Addons for Elementor
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31291
Patch Status
Patched
Published
Apr 5, 2024
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31299
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
ReDi Restaurant Reservation
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31252
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
Responsive Lightbox & Gallery
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-1504
Patch Status
Patched
Published
Apr 1, 2024
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31303
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
Sign-up Sheets
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31354
Patch Status
Patched
Published
Apr 7, 2024
Affected Software
Slideshow Gallery LITE
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31238
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
Smart Online Order for Clover
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31265
Patch Status
Patched
Published
Apr 5, 2024
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31347
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
Tracking Code Manager
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31305
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
Transcoder
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31271
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
Ultimate Maps by Supsystic
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-0872
Patch Status
Patched
Published
Apr 4, 2024
Affected Software
Watu Quiz
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31304
Patch Status
Patched
Published
Apr 5, 2024
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-22155
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
WooCommerce
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31262
Patch Status
Patched
Published
Apr 5, 2024
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-1756
Patch Status
Patched
Published
Apr 2, 2024
Affected Software
WooCommerce Customers Manager
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31235
Patch Status
Patched
Published
Apr 5, 2024
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31285
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
WordPress Tooltips
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31250
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
WP Server Health Stats
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31294
Patch Status
Patched
Published
Apr 5, 2024
Affected Software
WP Sort Order
Researcher
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-2931
Patch Status
Patched
Published
Apr 1, 2024
Affected Software
WPFront User Role Editor
Researcher


As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.

This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us through our Bug Bounty Program, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.

Did you enjoy this post? Share it!

Comments

No Comments