Wordfence Intelligence Weekly WordPress Vulnerability Report (July 1, 2024 to July 7, 2024)
📢 Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the rest. For a limited time, all high risk issues are in-scope for all researchers!
Last week, there were 131 vulnerabilities disclosed in 101 WordPress Plugins and 18 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 46 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.
Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface, vulnerability API, webhook integration, and Wordfence CLI Vulnerability Scanner are all completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.
Enterprises, Hosting Providers, and even Individuals can use the Wordfence CLI Vulnerability Scanner to run regular vulnerability scans across the sites they protect. Or alternatively, utilize the vulnerability Database API to receive a complete dump of our database of over 17,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
New Firewall Rules Deployed Last Week
The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.
The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our Premium, Care, and Response customers last week:
- InstaWP Connect – 1-click WP Staging & Migration <= 0.1.0.44 – Authentication Bypass to Admin
- FULL <= 3.1.12 – Unauthenticated Stored Cross-Site Scripting via License Plan Parameter
- ProfileGrid – User Profiles, Groups and Communities <= 5.8.9 – Authenticated (Subscriber+) Authorization Bypass to Privilege Escalation
Wordfence Premium, Care, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.
Total Unpatched & Patched Vulnerabilities Last Week
| Patch Status | Number of Vulnerabilities |
|---|---|
| Patched | 119 |
| Unpatched | 12 |
Total Vulnerabilities by CVSS Severity Last Week
| Severity Rating | Number of Vulnerabilities |
|---|---|
| Low Severity | 2 |
| Medium Severity | 106 |
| High Severity | 19 |
| Critical Severity | 4 |
Total Vulnerabilities by CWE Type Last Week
| Vulnerability Type by CWE | Number of Vulnerabilities |
|---|---|
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 63 |
| Missing Authorization | 23 |
| Cross-Site Request Forgery (CSRF) | 17 |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') | 8 |
| Exposure of Sensitive Information to an Unauthorized Actor | 3 |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | 3 |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | 3 |
| Unrestricted Upload of File with Dangerous Type | 3 |
| Improper Privilege Management | 2 |
| Deserialization of Untrusted Data | 1 |
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) | 1 |
| Incorrect Privilege Assignment | 1 |
| Server-Side Request Forgery (SSRF) | 1 |
| Uncontrolled Resource Consumption | 1 |
| Unprotected Alternate Channel | 1 |
Researchers That Contributed to WordPress Security Last Week
| Researcher Name | Number of Vulnerabilities |
|---|---|
| 15 | |
| 14 | |
| 11 | |
| 9 | |
| 7 | |
| 4 | |
| 4 | |
| 4 | |
| 4 | |
| 4 | |
| 4 | |
| 4 | |
| 3 | |
| 3 | |
| 3 | |
| 3 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 |
Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and earn a bounty on in-scope vulnerabilities through our Bug Bounty Program. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.
WordPress Plugins with Reported Vulnerabilities Last Week
| Software Name | Software Slug |
|---|---|
| Advanced Classifieds & Directory Pro | advanced-classifieds-and-directory-pro |
| AI Power: Complete AI Pack | gpt3-ai-content-generator |
| Apollo13 Framework Extensions | apollo13-framework-extensions |
| AWSM Team – Team Showcase Plugin | awsm-team |
| bbPress Notify (No-Spam) | bbpress-notify-nospam |
| Beaver Builder Addons by WPZOOM | wpzoom-addons-for-beaver-builder |
| Beaver Builder – WordPress Page Builder | beaver-builder-lite-version |
| CC & BCC for Woocommerce Order Emails | cc-bcc-for-woocommerce-order-emails |
| Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More | charitable |
| Church Admin | church-admin |
| CM Pop-Up Banners for WordPress | cm-pop-up-banners |
| Comment Reply Email | comment-reply-email |
| Community Events | community-events |
| CopySafe Web Protection | wp-copysafe-web |
| Cost Calculator Builder | cost-calculator-builder |
| Create by Mediavine | mediavine-create |
| CRM Perks Forms – WordPress Form Builder | crm-perks-forms |
| Easy Custom Code (LESS/CSS/JS) – Live editing | easy-custom-code |
| Easy Google Maps | google-maps-easy |
| Elementor Addons by Livemesh | addons-for-elementor |
| Elementor Header & Footer Builder | header-footer-elementor |
| Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce | email-subscribers |
| Event Manager, Events Calendar, Tickets, Registrations – Eventin | wp-event-solution |
| Featured Image from URL (FIFU) | featured-image-from-url |
| FileBird Document Library | filebird-document-library |
| Floating Social Media Links | floating-social-media-links |
| Get Better Reviews for WooCommerce | more-better-reviews-for-woocommerce |
| HelloAsso | helloasso |
| Hide My WP Ghost – Security & Firewall | hide-my-wp |
| HTML Forms – Simple WordPress Forms Plugin | html-forms |
| IdeaPush | ideapush |
| IMGspider – 图片采集抓取插件 | imgspider |
| JetThemeCore for Elementor | jet-theme-core |
| LA-Studio Element Kit for Elementor | lastudio-element-kit |
| Leaky Paywall | leaky-paywall |
| LearnPress – WordPress LMS Plugin | learnpress |
| Link To Bible | link-to-bible |
| Login Logo Editor | login-logo-editor-by-oizuled |
| MakeCommerce for WooCommerce | makecommerce |
| MasterStudy LMS WordPress Plugin – for Online Courses and Education | masterstudy-lms-learning-management-system |
| Media Library Assistant | media-library-assistant |
| Mega Elements – Addons for Elementor | mega-elements-addons-for-elementor |
| Meks Easy Ads Widget | meks-easy-ads-widget |
| Motors – Car Dealer, Classifieds & Listing | motors-car-dealership-classified-listings |
| Nested Pages | wp-nested-pages |
| Newspack Ads | newspack-ads |
| Newspack Campaigns | newspack-popups |
| Newspack Content Converter | newspack-content-converter |
| Newspack Newsletters | newspack-newsletters |
| NEX-Forms – Ultimate Form Builder – Contact forms and much more | nex-forms-express-wp-form-builder |
| Ninja Forms – The Contact Form Builder That Grows With You | ninja-forms |
| Ocean Extra | ocean-extra |
| One Click Order Re-Order | one-click-order-reorder |
| Online Booking & Scheduling Calendar for WordPress by vcita | meeting-scheduler-by-vcita |
| Page Builder Gutenberg Blocks – CoBlocks | coblocks |
| Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions | paid-memberships-pro |
| PayPlus Payment Gateway | payplus-payment-gateway |
| Post Meta Data Manager | post-meta-data-manager |
| Premium Addons for Elementor | premium-addons-for-elementor |
| Premium Blocks – Gutenberg Blocks for WordPress | premium-blocks-for-gutenberg |
| ProfileGrid – User Profiles, Groups and Communities | profilegrid-user-profiles-groups-and-communities |
| PZ Frontend Manager | pz-frontend-manager |
| Request a Quote | request-a-quote |
| Rife Elementor Extensions & Templates | rife-elementor-extensions |
| Save as PDF Plugin by Pdfcrowd | save-as-pdf-by-pdfcrowd |
| ShopBuilder – Elementor WooCommerce Builder Addons | shopbuilder |
| Simple Job Board | simple-job-board |
| Simple Newsletter Plugin – Noptin | newsletter-optin-box |
| Simple Social Share | simple-social-share |
| Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) | sina-extension-for-elementor |
| Snippet Shortcodes | shortcode-variables |
| Social Media Share Buttons & Social Sharing Icons | ultimate-social-media-icons |
| Spectra – WordPress Gutenberg Blocks | ultimate-addons-for-gutenberg |
| SuperSaaS – online appointment scheduling | supersaas-appointment-scheduling |
| Swift Performance Lite | swift-performance-lite |
| Tablesome – Form DB & Automation – WPForms, Contact Form 7, Elementor, Forminator, Fluent, Gravity | tablesome |
| Template Kit – Export | template-kit-export |
| Testimonials Widget | testimonials-widget |
| The Events Calendar | the-events-calendar |
| The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce | the-plus-addons-for-elementor-page-builder |
| The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid | the-post-grid |
| Ultimate Addons for Elementor | ultimate-elementor |
| Ultimate Blocks – WordPress Blocks Plugin | ultimate-blocks |
| Ultimate Bootstrap Elements for Elementor | ultimate-bootstrap-elements-for-elementor |
| Ultimate WordPress Auction Plugin | ultimate-auction |
| Void Contact Form 7 Widget For Elementor Page Builder | cf7-widget-elementor |
| Woffice Core | woffice-core |
| WooCommerce - Social Login | woo-social-login |
| WordPress Notification Bar | wordpress-notification-bar |
| WP Cookie Law Info | wp-cookie-law-info |
| WP Directory Kit | wpdirectorykit |
| WP Lightbox 2 | wp-lightbox-2 |
| WP QuickLaTeX | wp-quicklatex |
| WP To Do | wp-todo |
| WP ULike – All-in-One Engagement Toolkit | wp-ulike |
| WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce | wp-cafe |
| WPFavicon | wpfavicon |
| WS Contact Form | ws-contact-form |
| XPlainer – Product FAQs for WooCommerce & AI FAQ Generator | faq-for-woocommerce |
| Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress | youzify |
| Zephyr Project Manager | zephyr-project-manager |
WordPress Themes with Reported Vulnerabilities Last Week
| Software Name | Software Slug |
|---|---|
| Ashe | ashe |
| Bakes And Cakes | bakes-and-cakes |
| Bard | bard |
| Book Your Travel | bookyourtravel |
| Boot Store | boot-store |
| Business One Page | business-one-page |
| Construction Landing Page | construction-landing-page |
| Hestia | hestia |
| Highlight | highlight |
| Lawyer Landing Page | lawyer-landing-page |
| Metro Magazine | metro-magazine |
| Newsmatic | newsmatic |
| Posterity | posterity |
| Rara Business | rara-business |
| Rife Free | rife-free |
| Trendy News | trendy-news |
| Woffice CRM | woffice |
| zBench | zbench |
Vulnerability Details
Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you’d like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.
CVE-ID
CVE-2024-37494
CVE-2024-37494
Patch Status
Patched
Patched
Published
Jul 4, 2024
Jul 4, 2024
Affected Software
Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress
Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress
Researcher
CVE-ID
CVE-2024-6172
CVE-2024-6172
Patch Status
Patched
Patched
Published
Jul 1, 2024
Jul 1, 2024
Affected Software
Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce
Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce
Researcher
CVE-ID
CVE-2024-37502
CVE-2024-37502
Patch Status
Patched
Patched
Published
Jul 5, 2024
Jul 5, 2024
Affected Software
WooCommerce - Social Login
WooCommerce - Social Login
Researcher
CVE-ID
CVE-2024-37486
CVE-2024-37486
Patch Status
Patched
Patched
Published
Jul 4, 2024
Jul 4, 2024
Affected Software
Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions
Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions
Researcher
Advanced Classifieds & Directory Pro <= 3.1.3 - Authenticated (Contributor+) Local File Inclusion
8.8
CVE-ID
CVE-2024-37501
CVE-2024-37501
Patch Status
Patched
Patched
Published
Jul 4, 2024
Jul 4, 2024
Affected Software
Advanced Classifieds & Directory Pro
Advanced Classifieds & Directory Pro
Researcher
CVE-ID
CVE-2024-37454
CVE-2024-37454
Patch Status
Patched
Patched
Published
Jul 1, 2024
Jul 1, 2024
Affected Software
AWSM Team – Team Showcase Plugin
AWSM Team – Team Showcase Plugin
Researcher
CVE-ID
CVE-2024-37952
CVE-2024-37952
Patch Status
Patched
Patched
Published
Jul 4, 2024
Jul 4, 2024
Affected Software
Book Your Travel
Book Your Travel
Researcher
CVE-ID
CVE-2024-37418
CVE-2024-37418
Patch Status
Patched
Patched
Published
Jul 4, 2024
Jul 4, 2024
Affected Software
Church Admin
Church Admin
Researcher
CVE-ID
CVE-2024-2385
CVE-2024-2385
Patch Status
Patched
Patched
Published
Jul 3, 2024
Jul 3, 2024
Affected Software
Elementor Addons by Livemesh
Elementor Addons by Livemesh
Researcher
CVE-ID
CVE-2024-6318
CVE-2024-6318
Patch Status
Patched
Patched
Published
Jul 3, 2024
Jul 3, 2024
Affected Software
IMGspider – 图片采集抓取插件
IMGspider – 图片采集抓取插件
Researcher
CVE-ID
CVE-2024-6319
CVE-2024-6319
Patch Status
Patched
Patched
Published
Jul 3, 2024
Jul 3, 2024
Affected Software
IMGspider – 图片采集抓取插件
IMGspider – 图片采集抓取插件
Researcher
LA-Studio Element Kit for Elementor <= 1.3.8.1 - Authenticated (Contributor+) Local File Inclusion
8.8
CVE-ID
CVE-2024-5349
CVE-2024-5349
Patch Status
Patched
Patched
Published
Jul 1, 2024
Jul 1, 2024
Affected Software
LA-Studio Element Kit for Elementor
LA-Studio Element Kit for Elementor
Researcher
CVE-ID
CVE-2024-5943
CVE-2024-5943
Patch Status
Patched
Patched
Published
Jul 3, 2024
Jul 3, 2024
Affected Software
Nested Pages
Nested Pages
Researcher
CVE-ID
CVE-2024-37499
CVE-2024-37499
Patch Status
Patched
Patched
Published
Jul 4, 2024
Jul 4, 2024
Affected Software
Online Booking & Scheduling Calendar for WordPress by vcita
Online Booking & Scheduling Calendar for WordPress by vcita
Researcher
CVE-ID
CVE-2024-37520
CVE-2024-37520
Patch Status
Patched
Patched
Published
Jul 5, 2024
Jul 5, 2024
Affected Software
ShopBuilder – Elementor WooCommerce Builder Addons
ShopBuilder – Elementor WooCommerce Builder Addons
Researcher
CVE-ID
CVE-2024-37455
CVE-2024-37455
Patch Status
Patched
Patched
Published
Jul 1, 2024
Jul 1, 2024
Affected Software
Ultimate Addons for Elementor
Ultimate Addons for Elementor
Researcher
CVE-ID
CVE-2024-37462
CVE-2024-37462
Patch Status
Patched
Patched
Published
Jul 1, 2024
Jul 1, 2024
Affected Software
Ultimate Bootstrap Elements for Elementor
Ultimate Bootstrap Elements for Elementor
Researcher
CVE-ID
CVE-2024-37513
CVE-2024-37513
Patch Status
Patched
Patched
Published
Jul 5, 2024
Jul 5, 2024
Affected Software
WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce
WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce
Researcher
CVE-ID
CVE-2024-37484
CVE-2024-37484
Patch Status
Patched
Patched
Published
Jul 4, 2024
Jul 4, 2024
Affected Software
Zephyr Project Manager
Zephyr Project Manager
Researcher
CVE-ID
CVE-2024-37497
CVE-2024-37497
Patch Status
Patched
Patched
Published
Jul 4, 2024
Jul 4, 2024
Affected Software
JetThemeCore for Elementor
JetThemeCore for Elementor
Researcher
CVE-ID
CVE-2024-5973
CVE-2024-5973
Patch Status
Patched
Patched
Published
Jul 1, 2024
Jul 1, 2024
Affected Software
MasterStudy LMS WordPress Plugin – for Online Courses and Education
MasterStudy LMS WordPress Plugin – for Online Courses and Education
Researcher
CVE-ID
CVE-2024-37464
CVE-2024-37464
Patch Status
Patched
Patched
Published
Jul 1, 2024
Jul 1, 2024
Affected Software
Beaver Builder Addons by WPZOOM
Beaver Builder Addons by WPZOOM
Researcher
CVE-ID
CVE-2024-37480
CVE-2024-37480
Patch Status
Patched
Patched
Published
Jul 4, 2024
Jul 4, 2024
Affected Software
Apollo13 Framework Extensions
Apollo13 Framework Extensions
Researcher
CVE-ID
CVE-2024-37500
CVE-2024-37500
Patch Status
Patched
Patched
Published
Jul 4, 2024
Jul 4, 2024
Affected Software
Beaver Builder – WordPress Page Builder
Beaver Builder – WordPress Page Builder
Researcher
Boot Store <= 1.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Shortcode
6.4
CVE-ID
CVE-2024-5938
CVE-2024-5938
Patch Status
Unpatched
Unpatched
Published
Jul 1, 2024
Jul 1, 2024
Affected Software
Boot Store
Boot Store
Researcher
CVE-ID
CVE-2024-5004
CVE-2024-5004
Patch Status
Patched
Patched
Published
Jul 1, 2024
Jul 1, 2024
Affected Software
CM Pop-Up Banners for WordPress
CM Pop-Up Banners for WordPress
Researcher
CVE-ID
CVE-2024-37514
CVE-2024-37514
Patch Status
Patched
Patched
Published
Jul 5, 2024
Jul 5, 2024
Affected Software
CopySafe Web Protection
CopySafe Web Protection
Researcher
CVE-ID
CVE-2024-37495
CVE-2024-37495
Patch Status
Patched
Patched
Published
Jul 4, 2024
Jul 4, 2024
Affected Software
Create by Mediavine
Create by Mediavine
Researcher
CVE-ID
CVE-2024-5219
CVE-2024-5219
Patch Status
Patched
Patched
Published
Jul 1, 2024
Jul 1, 2024
Affected Software
Easy Google Maps
Easy Google Maps
Researcher
CVE-ID
CVE-2024-33933
CVE-2024-33933
Patch Status
Patched
Patched
Published
Jul 1, 2024
Jul 1, 2024
Affected Software
Elementor Header & Footer Builder
Elementor Header & Footer Builder
Researcher
CVE-ID
CVE-2024-3639
CVE-2024-3639
Patch Status
Patched
Patched
Published
Jul 3, 2024
Jul 3, 2024
Affected Software
Elementor Addons by Livemesh
Elementor Addons by Livemesh
Researcher
CVE-ID
CVE-2024-2926
CVE-2024-2926
Patch Status
Patched
Patched
Published
Jul 3, 2024
Jul 3, 2024
Affected Software
Elementor Addons by Livemesh
Elementor Addons by Livemesh
Researcher
CVE-ID
CVE-2024-3638
CVE-2024-3638
Patch Status
Patched
Patched
Published
Jul 3, 2024
Jul 3, 2024
Affected Software
Elementor Addons by Livemesh
Elementor Addons by Livemesh
Researcher
CVE-ID
CVE-2024-37507
CVE-2024-37507
Patch Status
Patched
Patched
Published
Jul 4, 2024
Jul 4, 2024
Affected Software
Event Manager, Events Calendar, Tickets, Registrations – Eventin
Event Manager, Events Calendar, Tickets, Registrations – Eventin
Researcher
CVE-ID
CVE-2024-37465
CVE-2024-37465
Patch Status
Patched
Patched
Published
Jul 1, 2024
Jul 1, 2024
Affected Software
AI Power: Complete AI Pack
AI Power: Complete AI Pack
Researcher
CVE-ID
CVE-2024-37488
CVE-2024-37488
Patch Status
Patched
Patched
Published
Jul 4, 2024
Jul 4, 2024
Affected Software
HelloAsso
HelloAsso
Researcher
CVE-ID
CVE-2024-37466
CVE-2024-37466
Patch Status
Patched
Patched
Published
Jul 1, 2024
Jul 1, 2024
Affected Software
Mega Elements – Addons for Elementor
Mega Elements – Addons for Elementor
Researcher
CVE-ID
CVE-2024-37474
CVE-2024-37474
Patch Status
Patched
Patched
Published
Jul 1, 2024
Jul 1, 2024
Affected Software
Newspack Ads
Newspack Ads
Researcher
CVE-ID
CVE-2024-37476
CVE-2024-37476
Patch Status
Patched
Patched
Published
Jul 1, 2024
Jul 1, 2024
Affected Software
Newspack Campaigns
Newspack Campaigns
Researcher
CVE-ID
CVE-2024-37512
CVE-2024-37512
Patch Status
Patched
Patched
Published
Jul 5, 2024
Jul 5, 2024
Affected Software
NEX-Forms – Ultimate Form Builder – Contact forms and much more
NEX-Forms – Ultimate Form Builder – Contact forms and much more
Researcher
CVE-ID
CVE-2024-37489
CVE-2024-37489
Patch Status
Patched
Patched
Published
Jul 4, 2024
Jul 4, 2024
Affected Software
Ocean Extra
Ocean Extra
Researcher
CVE-ID
CVE-2024-5641
CVE-2024-5641
Patch Status
Patched
Patched
Published
Jul 3, 2024
Jul 3, 2024
Affected Software
One Click Order Re-Order
One Click Order Re-Order
Researcher
CVE-ID
CVE-2024-6264
CVE-2024-6264
Patch Status
Patched
Patched
Published
Jul 1, 2024
Jul 1, 2024
Affected Software
Post Meta Data Manager
Post Meta Data Manager
Researcher
CVE-ID
CVE-2024-6340
CVE-2024-6340
Patch Status
Patched
Patched
Published
Jul 2, 2024
Jul 2, 2024
Affected Software
Premium Addons for Elementor
Premium Addons for Elementor
Researcher
CVE-ID
CVE-2024-37519
CVE-2024-37519
Patch Status
Patched
Patched
Published
Jul 5, 2024
Jul 5, 2024
Affected Software
Premium Blocks – Gutenberg Blocks for WordPress
Premium Blocks – Gutenberg Blocks for WordPress
Researcher
CVE-ID
CVE-2024-5504
CVE-2024-5504
Patch Status
Patched
Patched
Published
Jul 1, 2024
Jul 1, 2024
Affected Software
Rife Elementor Extensions & Templates
Rife Elementor Extensions & Templates
Researcher
CVE-ID
CVE-2024-5260
CVE-2024-5260
Patch Status
Patched
Patched
Published
Jul 1, 2024
Jul 1, 2024
CVE-ID
CVE-2024-37460
CVE-2024-37460
Patch Status
Patched
Patched
Published
Jul 1, 2024
Jul 1, 2024
Affected Software
SuperSaaS – online appointment scheduling
SuperSaaS – online appointment scheduling
Researcher
CVE-ID
CVE-2024-37553
CVE-2024-37553
Patch Status
Unpatched
Unpatched
Published
Jul 6, 2024
Jul 6, 2024
Affected Software
Testimonials Widget
Testimonials Widget
Researcher
CVE-ID
CVE-2024-4482
CVE-2024-4482
Patch Status
Patched
Patched
Published
Jul 2, 2024
Jul 2, 2024
Affected Software
The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce
The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce
Researcher
CVE-ID
CVE-2024-1427
CVE-2024-1427
Patch Status
Patched
Patched
Published
Jul 1, 2024
Jul 1, 2024
Researcher
CVE-ID
CVE-2024-3513
CVE-2024-3513
Patch Status
Patched
Patched
Published
Jul 1, 2024
Jul 1, 2024
Affected Software
Ultimate Blocks – WordPress Blocks Plugin
Ultimate Blocks – WordPress Blocks Plugin
Researchers
CVE-ID
CVE-2024-4268
CVE-2024-4268
Patch Status
Patched
Patched
Published
Jul 1, 2024
Jul 1, 2024
Affected Software
Ultimate Blocks – WordPress Blocks Plugin
Ultimate Blocks – WordPress Blocks Plugin
Researcher
CVE-ID
CVE-2024-5419
CVE-2024-5419
Patch Status
Patched
Patched
Published
Jul 1, 2024
Jul 1, 2024
Affected Software
Void Contact Form 7 Widget For Elementor Page Builder
Void Contact Form 7 Widget For Elementor Page Builder
Researcher
CVE-ID
CVE-2024-6263
CVE-2024-6263
Patch Status
Patched
Patched
Published
Jul 2, 2024
Jul 2, 2024
Affected Software
WP Lightbox 2
WP Lightbox 2
Researcher
CVE-ID
CVE-2024-37539
CVE-2024-37539
Patch Status
Unpatched
Unpatched
Published
Jul 6, 2024
Jul 6, 2024
Affected Software
WP To Do
WP To Do
Researchers
CVE-ID
CVE-2024-37521
CVE-2024-37521
Patch Status
Unpatched
Unpatched
Published
Jul 5, 2024
Jul 5, 2024
Affected Software
zBench
zBench
Researcher
CVE-ID
CVE-2024-37485
CVE-2024-37485
Patch Status
Patched
Patched
Published
Jul 4, 2024
Jul 4, 2024
Affected Software
bbPress Notify (No-Spam)
bbPress Notify (No-Spam)
Researcher
CVE-ID
CVE-2024-35773
CVE-2024-35773
Patch Status
Patched
Patched
Published
Jul 5, 2024
Jul 5, 2024
Affected Software
Comment Reply Email
Comment Reply Email
Researcher
CVE-ID
CVE-2024-37509
CVE-2024-37509
Patch Status
Patched
Patched
Published
Jul 4, 2024
Jul 4, 2024
Affected Software
MakeCommerce for WooCommerce
MakeCommerce for WooCommerce
Researcher
CVE-ID
CVE-2024-5544
CVE-2024-5544
Patch Status
Patched
Patched
Published
Jul 1, 2024
Jul 1, 2024
Affected Software
Media Library Assistant
Media Library Assistant
Researcher
CVE-ID
CVE-2024-37459
CVE-2024-37459
Patch Status
Patched
Patched
Published
Jul 1, 2024
Jul 1, 2024
Affected Software
PayPlus Payment Gateway
PayPlus Payment Gateway
Researcher
CVE-ID
CVE-2024-37472
CVE-2024-37472
Patch Status
Patched
Patched
Published
Jul 1, 2024
Jul 1, 2024
Affected Software
Woffice CRM
Woffice CRM
Researcher
CVE-ID
CVE-2024-37471
CVE-2024-37471
Patch Status
Patched
Patched
Published
Jul 1, 2024
Jul 1, 2024
Affected Software
Woffice Core
Woffice Core
Researcher
CVE-ID
CVE-2024-37487
CVE-2024-37487
Patch Status
Patched
Patched
Published
Jul 4, 2024
Jul 4, 2024
Affected Software
WP Directory Kit
WP Directory Kit
Researcher
CVE-ID
CVE-2024-37515
CVE-2024-37515
Patch Status
Patched
Patched
Published
Jul 5, 2024
Jul 5, 2024
Affected Software
XPlainer – Product FAQs for WooCommerce & AI FAQ Generator
XPlainer – Product FAQs for WooCommerce & AI FAQ Generator
Researcher
CVE-ID
CVE-2024-37479
CVE-2024-37479
Patch Status
Patched
Patched
Published
Jul 2, 2024
Jul 2, 2024
Affected Software
LA-Studio Element Kit for Elementor
LA-Studio Element Kit for Elementor
Researcher
CVE-ID
CVE-2024-37453
CVE-2024-37453
Patch Status
Patched
Patched
Published
Jul 1, 2024
Jul 1, 2024
Affected Software
ProfileGrid – User Profiles, Groups and Communities
ProfileGrid – User Profiles, Groups and Communities
Researcher
CVE-ID
CVE-2024-37506
CVE-2024-37506
Patch Status
Patched
Patched
Published
Jul 4, 2024
Jul 4, 2024
Affected Software
Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More
Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More
Researcher
CVE-ID
CVE-2024-37510
CVE-2024-37510
Patch Status
Patched
Patched
Published
Jul 4, 2024
Jul 4, 2024
Affected Software
Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More
Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More
Researcher
CVE-ID
CVE-2024-37463
CVE-2024-37463
Patch Status
Patched
Patched
Published
Jul 1, 2024
Jul 1, 2024
Affected Software
CRM Perks Forms – WordPress Form Builder
CRM Perks Forms – WordPress Form Builder
Researcher
CVE-ID
CVE-2024-37504
CVE-2024-37504
Patch Status
Patched
Patched
Published
Jul 4, 2024
Jul 4, 2024
Affected Software
FileBird Document Library
FileBird Document Library
Researcher
CVE-ID
CVE-2024-6420
CVE-2024-6420
Patch Status
Patched
Patched
Published
Jul 2, 2024
Jul 2, 2024
Affected Software
Hide My WP Ghost – Security & Firewall
Hide My WP Ghost – Security & Firewall
Researcher
CVE-ID
CVE-2024-6088
CVE-2024-6088
Patch Status
Patched
Patched
Published
Jul 1, 2024
Jul 1, 2024
Affected Software
LearnPress – WordPress LMS Plugin
LearnPress – WordPress LMS Plugin
Researcher
CVE-ID
CVE-2024-6099
CVE-2024-6099
Patch Status
Patched
Patched
Published
Jul 1, 2024
Jul 1, 2024
Affected Software
LearnPress – WordPress LMS Plugin
LearnPress – WordPress LMS Plugin
Researcher
CVE-ID
CVE-2024-5545
CVE-2024-5545
Patch Status
Patched
Patched
Published
Jul 1, 2024
Jul 1, 2024
Affected Software
Motors – Car Dealer, Classifieds & Listing
Motors – Car Dealer, Classifieds & Listing
Researcher
CVE-ID
CVE-2024-37468
CVE-2024-37468
Patch Status
Patched
Patched
Published
Jul 1, 2024
Jul 1, 2024
Affected Software
Newsmatic
Newsmatic
Researcher
CVE-ID
CVE-2024-37475
CVE-2024-37475
Patch Status
Patched
Patched
Published
Jul 1, 2024
Jul 1, 2024
Affected Software
Newspack Newsletters
Newspack Newsletters
Researcher
CVE-ID
CVE-2024-37456
CVE-2024-37456
Patch Status
Patched
Patched
Published
Jul 1, 2024
Jul 1, 2024
Affected Software
Simple Newsletter Plugin – Noptin
Simple Newsletter Plugin – Noptin
Researcher
CVE-ID
CVE-2024-37498
CVE-2024-37498
Patch Status
Patched
Patched
Published
Jul 4, 2024
Jul 4, 2024
Affected Software
Tablesome – Form DB & Automation – WPForms, Contact Form 7, Elementor, Forminator, Fluent, Gravity
Tablesome – Form DB & Automation – WPForms, Contact Form 7, Elementor, Forminator, Fluent, Gravity
Researcher
CVE-ID
CVE-2024-37481
CVE-2024-37481
Patch Status
Patched
Patched
Published
Jul 4, 2024
Jul 4, 2024
Researcher
CVE-ID
CVE-2024-37470
CVE-2024-37470
Patch Status
Patched
Patched
Published
Jul 1, 2024
Jul 1, 2024
Affected Software
Woffice Core
Woffice Core
Researcher
CVE-ID
CVE-2024-37522
CVE-2024-37522
Patch Status
Unpatched
Unpatched
Published
Jul 5, 2024
Jul 5, 2024
Affected Software
CC & BCC for Woocommerce Order Emails
CC & BCC for Woocommerce Order Emails
Researcher
CVE-ID
CVE-2024-6011
CVE-2024-6011
Patch Status
Patched
Patched
Published
Jul 1, 2024
Jul 1, 2024
Affected Software
Cost Calculator Builder
Cost Calculator Builder
Researcher
CVE-ID
CVE-2024-37536
CVE-2024-37536
Patch Status
Patched
Patched
Published
Jul 5, 2024
Jul 5, 2024
Affected Software
Easy Custom Code (LESS/CSS/JS) – Live editing
Easy Custom Code (LESS/CSS/JS) – Live editing
Researcher
Floating Social Media Links <= 1.5.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-ID
CVE-2024-37545
CVE-2024-37545
Patch Status
Unpatched
Unpatched
Published
Jul 6, 2024
Jul 6, 2024
Affected Software
Floating Social Media Links
Floating Social Media Links
Researcher
HTML Forms – Simple WordPress Forms <= 1.3.32 - Authenticated (Admin+) Stored Cross-Site Scripting
4.4
CVE-ID
CVE-2024-6243
CVE-2024-6243
Patch Status
Patched
Patched
Published
Jul 1, 2024
Jul 1, 2024
Affected Software
HTML Forms – Simple WordPress Forms Plugin
HTML Forms – Simple WordPress Forms Plugin
Researcher
CVE-ID
CVE-2024-37538
CVE-2024-37538
Patch Status
Patched
Patched
Published
Jul 6, 2024
Jul 6, 2024
Affected Software
Link To Bible
Link To Bible
Researcher
CVE-ID
CVE-2024-37523
CVE-2024-37523
Patch Status
Unpatched
Unpatched
Published
Jul 5, 2024
Jul 5, 2024
Affected Software
Login Logo Editor
Login Logo Editor
Researcher
CVE-ID
CVE-2024-37548
CVE-2024-37548
Patch Status
Patched
Patched
Published
Jul 6, 2024
Jul 6, 2024
Affected Software
Meks Easy Ads Widget
Meks Easy Ads Widget
Researcher
CVE-ID
CVE-2024-6231
CVE-2024-6231
Patch Status
Patched
Patched
Published
Jul 2, 2024
Jul 2, 2024
Affected Software
Request a Quote
Request a Quote
Researcher
Save as PDF plugin by Pdfcrowd <= 4.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-ID
CVE-2024-37549
CVE-2024-37549
Patch Status
Patched
Patched
Published
Jul 6, 2024
Jul 6, 2024
Affected Software
Save as PDF Plugin by Pdfcrowd
Save as PDF Plugin by Pdfcrowd
Researcher
CVE-ID
CVE-2024-7761
CVE-2024-7761
Patch Status
Patched
Patched
Published
Jul 4, 2024
Jul 4, 2024
Affected Software
Simple Job Board
Simple Job Board
Researcher
CVE-ID
CVE-2024-37551
CVE-2024-37551
Patch Status
Unpatched
Unpatched
Published
Jul 6, 2024
Jul 6, 2024
Affected Software
Simple Social Share
Simple Social Share
Researcher
Social Media & Share Icons <= 2.9.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-ID
CVE-2024-37552
CVE-2024-37552
Patch Status
Patched
Patched
Published
Jul 6, 2024
Jul 6, 2024
Affected Software
Social Media Share Buttons & Social Sharing Icons
Social Media Share Buttons & Social Sharing Icons
Researcher
CVE-ID
CVE-2024-37550
CVE-2024-37550
Patch Status
Patched
Patched
Published
Jul 6, 2024
Jul 6, 2024
Affected Software
Template Kit – Export
Template Kit – Export
Researcher
WordPress Notification Bar <= 1.3.10 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-ID
CVE-2024-37556
CVE-2024-37556
Patch Status
Unpatched
Unpatched
Published
Jul 6, 2024
Jul 6, 2024
Affected Software
WordPress Notification Bar
WordPress Notification Bar
Researcher
CVE-ID
CVE-2024-37557
CVE-2024-37557
Patch Status
Unpatched
Unpatched
Published
Jul 6, 2024
Jul 6, 2024
Affected Software
WP Cookie Law Info
WP Cookie Law Info
Researcher
CVE-ID
CVE-2024-5529
CVE-2024-5529
Patch Status
Patched
Patched
Published
Jul 1, 2024
Jul 1, 2024
Affected Software
WP QuickLaTeX
WP QuickLaTeX
Researcher
CVE-ID
CVE-2024-6094
CVE-2024-6094
Patch Status
Patched
Patched
Published
Jul 3, 2024
Jul 3, 2024
Affected Software
WP ULike – All-in-One Engagement Toolkit
WP ULike – All-in-One Engagement Toolkit
Researcher
CVE-ID
CVE-2024-37537
CVE-2024-37537
Patch Status
Patched
Patched
Published
Jul 5, 2024
Jul 5, 2024
Affected Software
WS Contact Form
WS Contact Form
Researchers
CVE-ID
CVE-2024-37478
CVE-2024-37478
Patch Status
Patched
Patched
Published
Jul 1, 2024
Jul 1, 2024
Affected Software
Ashe
Ashe
Researcher
CVE-ID
CVE-2024-37490
CVE-2024-37490
Patch Status
Patched
Patched
Published
Jul 4, 2024
Jul 4, 2024
Affected Software
Bard
Bard
Researcher
CVE-ID
CVE-2024-37505
CVE-2024-37505
Patch Status
Patched
Patched
Published
Jul 5, 2024
Jul 5, 2024
Affected Software
Business One Page
Business One Page
Researcher
CVE-ID
CVE-2024-6271
CVE-2024-6271
Patch Status
Patched
Patched
Published
Jul 1, 2024
Jul 1, 2024
Affected Software
Community Events
Community Events
Researcher
CVE-ID
CVE-2024-6012
CVE-2024-6012
Patch Status
Patched
Patched
Published
Jul 1, 2024
Jul 1, 2024
Affected Software
Cost Calculator Builder
Cost Calculator Builder
Researcher
CVE-ID
CVE-2024-37516
CVE-2024-37516
Patch Status
Patched
Patched
Published
Jul 5, 2024
Jul 5, 2024
Affected Software
Featured Image from URL (FIFU)
Featured Image from URL (FIFU)
Researcher
CVE-ID
CVE-2024-37544
CVE-2024-37544
Patch Status
Unpatched
Unpatched
Published
Jul 6, 2024
Jul 6, 2024
Affected Software
Get Better Reviews for WooCommerce
Get Better Reviews for WooCommerce
Researcher
CVE-ID
CVE-2024-37467
CVE-2024-37467
Patch Status
Patched
Patched
Published
Jul 1, 2024
Jul 1, 2024
Affected Software
Hestia
Hestia
Researcher
CVE-ID
CVE-2024-37458
CVE-2024-37458
Patch Status
Patched
Patched
Published
Jul 1, 2024
Jul 1, 2024
Affected Software
Highlight
Highlight
Researcher
CVE-ID
CVE-2024-37503
CVE-2024-37503
Patch Status
Patched
Patched
Published
Jul 5, 2024
Jul 5, 2024
Affected Software
Lawyer Landing Page
Lawyer Landing Page
Researcher
CVE-ID
CVE-2024-37540
CVE-2024-37540
Patch Status
Patched
Patched
Published
Jul 6, 2024
Jul 6, 2024
Affected Software
Leaky Paywall
Leaky Paywall
Researcher
CVE-ID
CVE-2024-37477
CVE-2024-37477
Patch Status
Patched
Patched
Published
Jul 1, 2024
Jul 1, 2024
Affected Software
Newspack Content Converter
Newspack Content Converter
Researcher
CVE-ID
CVE-2024-37934
CVE-2024-37934
Patch Status
Patched
Patched
Published
Jul 4, 2024
Jul 4, 2024
Affected Software
Ninja Forms – The Contact Form Builder That Grows With You
Ninja Forms – The Contact Form Builder That Grows With You
Researcher
CVE-ID
CVE-2024-4260
CVE-2024-4260
Patch Status
Patched
Patched
Published
Jul 2, 2024
Jul 2, 2024
Affected Software
Page Builder Gutenberg Blocks – CoBlocks
Page Builder Gutenberg Blocks – CoBlocks
Researcher
CVE-ID
CVE-2024-37493
CVE-2024-37493
Patch Status
Patched
Patched
Published
Jul 4, 2024
Jul 4, 2024
Affected Software
Posterity
Posterity
Researcher
CVE-ID
CVE-2024-6244
CVE-2024-6244
Patch Status
Patched
Patched
Published
Jul 1, 2024
Jul 1, 2024
Affected Software
PZ Frontend Manager
PZ Frontend Manager
Researcher
CVE-ID
CVE-2024-37937
CVE-2024-37937
Patch Status
Patched
Patched
Published
Jul 4, 2024
Jul 4, 2024
Affected Software
Rara Business
Rara Business
Researcher
CVE-ID
CVE-2024-37491
CVE-2024-37491
Patch Status
Patched
Patched
Published
Jul 4, 2024
Jul 4, 2024
Affected Software
Rife Free
Rife Free
Researcher
CVE-ID
CVE-2024-4543
CVE-2024-4543
Patch Status
Patched
Patched
Published
Jul 2, 2024
Jul 2, 2024
Affected Software
Snippet Shortcodes
Snippet Shortcodes
Researcher
CVE-ID
CVE-2024-37517
CVE-2024-37517
Patch Status
Patched
Patched
Published
Jul 5, 2024
Jul 5, 2024
Affected Software
Spectra – WordPress Gutenberg Blocks
Spectra – WordPress Gutenberg Blocks
Researcher
CVE-ID
CVE-2024-37511
CVE-2024-37511
Patch Status
Patched
Patched
Published
Jul 5, 2024
Jul 5, 2024
Affected Software
Swift Performance Lite
Swift Performance Lite
Researcher
CVE-ID
CVE-2024-37518
CVE-2024-37518
Patch Status
Patched
Patched
Published
Jul 5, 2024
Jul 5, 2024
Affected Software
The Events Calendar
The Events Calendar
Researcher
CVE-ID
CVE-2024-37482
CVE-2024-37482
Patch Status
Patched
Patched
Published
Jul 4, 2024
Jul 4, 2024
Researcher
CVE-ID
CVE-2024-37483
CVE-2024-37483
Patch Status
Patched
Patched
Published
Jul 4, 2024
Jul 4, 2024
Researcher
CVE-ID
CVE-2024-37496
CVE-2024-37496
Patch Status
Patched
Patched
Published
Jul 4, 2024
Jul 4, 2024
Researcher
CVE-ID
CVE-2024-37473
CVE-2024-37473
Patch Status
Patched
Patched
Published
Jul 1, 2024
Jul 1, 2024
Affected Software
Trendy News
Trendy News
Researcher
CVE-ID
CVE-2024-37543
CVE-2024-37543
Patch Status
Patched
Patched
Published
Jul 6, 2024
Jul 6, 2024
Affected Software
Ultimate WordPress Auction Plugin
Ultimate WordPress Auction Plugin
Researcher
CVE-ID
CVE-2024-6434
CVE-2024-6434
Patch Status
Patched
Patched
Published
Jul 3, 2024
Jul 3, 2024
Affected Software
Premium Addons for Elementor
Premium Addons for Elementor
Researcher
As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.
This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us through our Bug Bounty Program, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
Comments