Wordfence Intelligence Weekly WordPress Vulnerability Report (July 15, 2024 to July 21, 2024)
📢 Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the rest.
Last week, there were 96 vulnerabilities disclosed in 76 WordPress Plugins and 3 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 40 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.
Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface, vulnerability API, webhook integration, and Wordfence CLI Vulnerability Scanner are all completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.
Enterprises, Hosting Providers, and even Individuals can use the Wordfence CLI Vulnerability Scanner to run regular vulnerability scans across the sites they protect. Or alternatively, utilize the vulnerability Database API to receive a complete dump of our database of over 17,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
Total Unpatched & Patched Vulnerabilities Last Week
| Patch Status | Number of Vulnerabilities |
|---|---|
| Patched | 89 |
| Unpatched | 7 |
Total Vulnerabilities by CVSS Severity Last Week
| Severity Rating | Number of Vulnerabilities |
|---|---|
| Low Severity | 1 |
| Medium Severity | 76 |
| High Severity | 14 |
| Critical Severity | 5 |
Total Vulnerabilities by CWE Type Last Week
| Vulnerability Type by CWE | Number of Vulnerabilities |
|---|---|
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 39 |
| Missing Authorization | 18 |
| Cross-Site Request Forgery (CSRF) | 14 |
| Exposure of Sensitive Information to an Unauthorized Actor | 6 |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | 5 |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') | 2 |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | 2 |
| Unrestricted Upload of File with Dangerous Type | 2 |
| Authentication Bypass by Primary Weakness | 1 |
| Authentication Bypass Using an Alternate Path or Channel | 1 |
| Authorization Bypass Through User-Controlled Key | 1 |
| Deserialization of Untrusted Data | 1 |
| External Control of File Name or Path | 1 |
| Improper Encoding or Escaping of Output | 1 |
| Improper Handling of Insufficient Permissions or Privileges | 1 |
| Storing Passwords in a Recoverable Format | 1 |
Researchers That Contributed to WordPress Security Last Week
| Researcher Name | Number of Vulnerabilities |
|---|---|
| 10 | |
| 6 | |
| 5 | |
| 5 | |
| 5 | |
| 5 | |
| 5 | |
| 5 | |
| 4 | |
| 4 | |
| 3 | |
| 3 | |
| 3 | |
| 3 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 |
Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and earn a bounty on in-scope vulnerabilities through our Bug Bounty Program. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.
WordPress Plugins with Reported Vulnerabilities Last Week
| Software Name | Software Slug |
|---|---|
| Addonify – Quick View For WooCommerce | addonify-quick-view |
| AForms — Form Builder for Price Calculator & Cost Estimation | aforms-form-builder-for-price-calculator-cost-estimation |
| AI ChatBot for WordPress – WPBot | chatbot |
| Ajax Search Lite – Live Search & Filter | ajax-search-lite |
| Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress | bookingpress-appointment-booking |
| Arconix FAQ | arconix-faq |
| Arconix Shortcodes | arconix-shortcodes |
| Backup, Restore and Migrate WordPress Sites With the XCloner Plugin | xcloner-backup-and-restore |
| Booking Ultra Pro Appointments Booking Calendar Plugin | booking-ultra-pro |
| Brizy – Page Builder | brizy |
| BSK PDF Manager | bsk-pdf-manager |
| Category Posts Widget | category-posts |
| Chatbot for WordPress by Collect.chat ⚡️ | collectchat |
| Community Events | community-events |
| Conditional Fields for Contact Form 7 | cf7-conditional-fields |
| Cooked – Recipe Management | cooked |
| CopySafe Web Protection | wp-copysafe-web |
| CTX Feed – WooCommerce Product Feed Manager | webappick-product-feed-for-woocommerce |
| Ditty – Responsive News Tickers, Sliders, and Lists | ditty-news-ticker |
| Duplica – Duplicate Posts, Pages, Custom Posts or Users | duplica |
| Easy Table of Contents | easy-table-of-contents |
| Easy Testimonials | easy-testimonials |
| Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) | bdthemes-element-pack-lite |
| ElementsKit Elementor addons | elementskit-lite |
| Email Subscribers by Icegram Express – Affordable, Powerful Email Marketing for WordPress & WooCommerce | email-subscribers |
| Event Manager, Events Calendar, Tickets, Registrations – Eventin | wp-event-solution |
| FormLift for Infusionsoft Web Forms | formlift |
| FV Flowplayer Video Player | fv-wordpress-flowplayer |
| Getwid – Gutenberg Blocks | getwid |
| GiveWP – Donation Plugin and Fundraising Platform | give |
| Glossary | glossary-by-codeat |
| Gutenberg Blocks with AI by Kadence WP – Page Builder Features | kadence-blocks |
| Gutenverse – Ultimate Block Addons and Page Builder for Site Editor | gutenverse |
| House Manager – Easy Renter Management System for WordPress | house-manager |
| HUSKY – Products Filter Professional for WooCommerce | woocommerce-products-filter |
| Image Hover Effects – Elementor Addon | image-hover-effects-addon-for-elementor |
| JetWidgets for Elementor and WooCommerce | jetwoo-widgets-for-elementor |
| Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps) | leaflet-maps-marker |
| Light Poll | light-poll |
| Livemesh Addons for Beaver Builder | addons-for-beaver-builder |
| Meks Video Importer | meks-video-importer |
| Mercado Pago payments for WooCommerce | woocommerce-mercadopago |
| Online Booking & Scheduling Calendar for WordPress by vcita | meeting-scheduler-by-vcita |
| Pinpoint Booking System – #1 WordPress Booking Plugin | booking-system |
| Post and Page Builder by BoldGrid – Visual Drag and Drop Editor | post-and-page-builder |
| Premium Portfolio Features for Phlox theme | auxin-portfolio |
| RegLevel | reglevel |
| RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging | wp-rss-aggregator |
| SchedulePress – Auto Post & Publish, Auto Social Share, Schedule Posts with Editorial Calendar & Missed Schedule Post Publisher | wp-scheduled-posts |
| Schema & Structured Data for WP & AMP | schema-and-structured-data-for-wp |
| Search & Filter Pro | search-filter-pro |
| Security Optimizer – The All-In-One Protection Plugin | sg-security |
| SEO Plugin by Squirrly SEO | squirrly-seo |
| Shortcodes Ultimate Pro | shortcodes-ultimate-pro |
| Smartsupp – live chat, chatbots, AI and lead generation | smartsupp-live-chat |
| SVG Support | svg-support |
| Telegram Bot & Channel | telegram-bot |
| Terms and Category Based Posts Widget | term-and-category-based-posts-widget |
| The Pack Elementor addons (Header Footer & WooCommerce Builder, Template Library) | the-pack-addon |
| Timeline Event History | timeline-event-history |
| UiPress lite | Effortless custom dashboards, admin themes and pages | uipress-lite |
| Ultimate Addons for WPBakery | Ultimate_VC_Addons |
| VikRentCar Car Rental Management System | vikrentcar |
| Visual Website Collaboration, Feedback & Project Management – Atarim | atarim-visual-collaboration |
| Web and WooCommerce Addons for WPBakery Builder | vc-addons-by-bit14 |
| WooCommerce - Social Login | woo-social-login |
| WordPress File Upload | wp-file-upload |
| Wp EMember | wp-emember |
| WP eStore | wp-cart-for-digital-products |
| WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce | wp-event-manager |
| WP Fast Total Search – The Power of Indexed Search | fulltext-search |
| WP GoToWebinar | wp-gotowebinar |
| WP Mail SMTP by WPForms – The Most Popular SMTP and Email Log Plugin | wp-mail-smtp |
| WPForms User Registration | wpforms-user-registration |
| YITH Essential Kit for WooCommerce #1 | yith-essential-kit-for-woocommerce-1 |
| 简数采集器 | keydatas |
WordPress Themes with Reported Vulnerabilities Last Week
| Software Name | Software Slug |
|---|---|
| CoziPress | cozipress |
| Himer - Social Questions and Answers WordPress Theme | himer |
| Zenon Lite | zenon-lite |
Vulnerability Details
Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you’d like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.
CVE-ID
CVE-2024-38773
CVE-2024-38773
Patch Status
Patched
Patched
Published
Jul 19, 2024
Jul 19, 2024
Affected Software
FormLift for Infusionsoft Web Forms
FormLift for Infusionsoft Web Forms
Researcher
CVE-ID
CVE-2024-6457
CVE-2024-6457
Patch Status
Patched
Patched
Published
Jul 15, 2024
Jul 15, 2024
Affected Software
HUSKY – Products Filter Professional for WooCommerce
HUSKY – Products Filter Professional for WooCommerce
Researcher
WooCommerce - Social Login <= 2.7.3 - Missing Authorization to Unauthenticated Privilege Escalation
9.8
CVE-ID
CVE-2024-6636
CVE-2024-6636
Patch Status
Patched
Patched
Published
Jul 19, 2024
Jul 19, 2024
Affected Software
WooCommerce - Social Login
WooCommerce - Social Login
Researcher
CVE-ID
CVE-2024-38788
CVE-2024-38788
Patch Status
Patched
Patched
Published
Jul 19, 2024
Jul 19, 2024
Affected Software
UiPress lite | Effortless custom dashboards, admin themes and pages
UiPress lite | Effortless custom dashboards, admin themes and pages
Researcher
CVE-ID
CVE-2024-6660
CVE-2024-6660
Patch Status
Patched
Patched
Published
Jul 16, 2024
Jul 16, 2024
Affected Software
Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress
Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress
Researcher
CVE-ID
CVE-2024-6467
CVE-2024-6467
Patch Status
Patched
Patched
Published
Jul 16, 2024
Jul 16, 2024
Affected Software
Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress
Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress
Researcher
CVE-ID
CVE-2024-3242
CVE-2024-3242
Patch Status
Patched
Patched
Published
Jul 17, 2024
Jul 17, 2024
Affected Software
Brizy – Page Builder
Brizy – Page Builder
Researcher
CVE-ID
CVE-2024-6338
CVE-2024-6338
Patch Status
Patched
Patched
Published
Jul 18, 2024
Jul 18, 2024
Affected Software
FV Flowplayer Video Player
FV Flowplayer Video Player
Researcher
CVE-ID
CVE-2024-38772
CVE-2024-38772
Patch Status
Patched
Patched
Published
Jul 19, 2024
Jul 19, 2024
Affected Software
JetWidgets for Elementor and WooCommerce
JetWidgets for Elementor and WooCommerce
Researcher
SEO Plugin by Squirrly SEO <= 12.3.19 - Authenticated (Contributor+) SQL Injection via url Parameter
8.8
CVE-ID
CVE-2024-6497
CVE-2024-6497
Patch Status
Patched
Patched
Published
Jul 19, 2024
Jul 19, 2024
Affected Software
SEO Plugin by Squirrly SEO
SEO Plugin by Squirrly SEO
Researcher
CVE-ID
CVE-2024-38768
CVE-2024-38768
Patch Status
Patched
Patched
Published
Jul 16, 2024
Jul 16, 2024
Researcher
CVE-ID
CVE-2024-5726
CVE-2024-5726
Patch Status
Patched
Patched
Published
Jul 17, 2024
Jul 17, 2024
Affected Software
Timeline Event History
Timeline Event History
Researcher
CVE-ID
CVE-2023-52209
CVE-2023-52209
Patch Status
Patched
Patched
Published
Jul 18, 2024
Jul 18, 2024
Affected Software
WPForms User Registration
WPForms User Registration
Researcher
CVE-ID
CVE-2024-6635
CVE-2024-6635
Patch Status
Patched
Patched
Published
Jul 19, 2024
Jul 19, 2024
Affected Software
WooCommerce - Social Login
WooCommerce - Social Login
Researcher
WooCommerce - Social Login <= 2.7.3 - Unauthenticated Privilege Escalation via One-Time Password
7.3
CVE-ID
CVE-2024-6637
CVE-2024-6637
Patch Status
Patched
Patched
Published
Jul 19, 2024
Jul 19, 2024
Affected Software
WooCommerce - Social Login
WooCommerce - Social Login
Researcher
CVE-ID
CVE-2024-38775
CVE-2024-38775
Patch Status
Patched
Patched
Published
Jul 19, 2024
Jul 19, 2024
Affected Software
CTX Feed – WooCommerce Product Feed Manager
CTX Feed – WooCommerce Product Feed Manager
Researcher
CVE-ID
CVE-2024-6494
CVE-2024-6494
Patch Status
Patched
Patched
Published
Jul 16, 2024
Jul 16, 2024
Affected Software
WordPress File Upload
WordPress File Upload
Researcher
CVE-ID
CVE-2024-1937
CVE-2024-1937
Patch Status
Patched
Patched
Published
Jul 15, 2024
Jul 15, 2024
Affected Software
Brizy – Page Builder
Brizy – Page Builder
Researcher
CVE-ID
CVE-2024-3934
CVE-2024-3934
Patch Status
Patched
Patched
Published
Jul 19, 2024
Jul 19, 2024
Affected Software
Mercado Pago payments for WooCommerce
Mercado Pago payments for WooCommerce
Researcher
CVE-ID
CVE-2024-38767
CVE-2024-38767
Patch Status
Patched
Patched
Published
Jul 15, 2024
Jul 15, 2024
Affected Software
BSK PDF Manager
BSK PDF Manager
Researcher
CVE-ID
CVE-2024-38786
CVE-2024-38786
Patch Status
Unpatched
Unpatched
Published
Jul 19, 2024
Jul 19, 2024
Affected Software
CoziPress
CoziPress
Researcher
CVE-ID
CVE-2024-6710
CVE-2024-6710
Patch Status
Patched
Patched
Published
Jul 15, 2024
Jul 15, 2024
Affected Software
Ditty – Responsive News Tickers, Sliders, and Lists
Ditty – Responsive News Tickers, Sliders, and Lists
Researcher
Easy Testimonials <= 3.9.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
6.4
CVE-ID
CVE-2024-2337
CVE-2024-2337
Patch Status
Unpatched
Unpatched
Published
Jul 19, 2024
Jul 19, 2024
Affected Software
Easy Testimonials
Easy Testimonials
Researcher
CVE-ID
CVE-2024-5554
CVE-2024-5554
Patch Status
Patched
Patched
Published
Jul 17, 2024
Jul 17, 2024
Affected Software
Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows)
Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows)
Researcher
CVE-ID
CVE-2024-5555
CVE-2024-5555
Patch Status
Patched
Patched
Published
Jul 17, 2024
Jul 17, 2024
CVE-ID
CVE-2024-6884
CVE-2024-6884
Patch Status
Patched
Patched
Published
Jul 18, 2024
Jul 18, 2024
Affected Software
Gutenberg Blocks with AI by Kadence WP – Page Builder Features
Gutenberg Blocks with AI by Kadence WP – Page Builder Features
Researcher
CVE-ID
CVE-2024-38785
CVE-2024-38785
Patch Status
Patched
Patched
Published
Jul 19, 2024
Jul 19, 2024
Affected Software
Gutenverse – Ultimate Block Addons and Page Builder for Site Editor
Gutenverse – Ultimate Block Addons and Page Builder for Site Editor
Researcher
CVE-ID
CVE-2024-4780
CVE-2024-4780
Patch Status
Patched
Patched
Published
Jul 15, 2024
Jul 15, 2024
Affected Software
Image Hover Effects – Elementor Addon
Image Hover Effects – Elementor Addon
Researcher
CVE-ID
CVE-2024-38782
CVE-2024-38782
Patch Status
Patched
Patched
Published
Jul 19, 2024
Jul 19, 2024
Affected Software
Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps)
Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps)
Researcher
CVE-ID
CVE-2024-6848
CVE-2024-6848
Patch Status
Patched
Patched
Published
Jul 19, 2024
Jul 19, 2024
Affected Software
Post and Page Builder by BoldGrid – Visual Drag and Drop Editor
Post and Page Builder by BoldGrid – Visual Drag and Drop Editor
Researcher
CVE-ID
CVE-2024-3587
CVE-2024-3587
Patch Status
Patched
Patched
Published
Jul 15, 2024
Jul 15, 2024
Affected Software
Premium Portfolio Features for Phlox theme
Premium Portfolio Features for Phlox theme
Researcher
CVE-ID
CVE-2024-5582
CVE-2024-5582
Patch Status
Patched
Patched
Published
Jul 16, 2024
Jul 16, 2024
Affected Software
Schema & Structured Data for WP & AMP
Schema & Structured Data for WP & AMP
Researcher
CVE-ID
CVE-2024-6766
CVE-2024-6766
Patch Status
Patched
Patched
Published
Jul 16, 2024
Jul 16, 2024
Affected Software
Shortcodes Ultimate Pro
Shortcodes Ultimate Pro
Researcher
CVE-ID
CVE-2024-5254
CVE-2024-5254
Patch Status
Patched
Patched
Published
Jul 16, 2024
Jul 16, 2024
Affected Software
Ultimate Addons for WPBakery
Ultimate Addons for WPBakery
Researcher
CVE-ID
CVE-2024-5253
CVE-2024-5253
Patch Status
Patched
Patched
Published
Jul 16, 2024
Jul 16, 2024
Affected Software
Ultimate Addons for WPBakery
Ultimate Addons for WPBakery
Researcher
CVE-ID
CVE-2024-5251
CVE-2024-5251
Patch Status
Patched
Patched
Published
Jul 16, 2024
Jul 16, 2024
Affected Software
Ultimate Addons for WPBakery
Ultimate Addons for WPBakery
Researcher
CVE-ID
CVE-2024-5252
CVE-2024-5252
Patch Status
Patched
Patched
Published
Jul 16, 2024
Jul 16, 2024
Affected Software
Ultimate Addons for WPBakery
Ultimate Addons for WPBakery
Researcher
CVE-ID
CVE-2024-5255
CVE-2024-5255
Patch Status
Patched
Patched
Published
Jul 16, 2024
Jul 16, 2024
Affected Software
Ultimate Addons for WPBakery
Ultimate Addons for WPBakery
Researcher
CVE-ID
CVE-2024-35761
CVE-2024-35761
Patch Status
Patched
Patched
Published
Jul 17, 2024
Jul 17, 2024
Affected Software
Online Booking & Scheduling Calendar for WordPress by vcita
Online Booking & Scheduling Calendar for WordPress by vcita
Researcher
CVE-ID
CVE-2024-2691
CVE-2024-2691
Patch Status
Patched
Patched
Published
Jul 15, 2024
Jul 15, 2024
Researcher
Zenon Lite <= 1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Shortcode
6.4
CVE-ID
CVE-2024-5964
CVE-2024-5964
Patch Status
Unpatched
Unpatched
Published
Jul 17, 2024
Jul 17, 2024
Affected Software
Zenon Lite
Zenon Lite
Researcher
CVE-ID
CVE-2024-38781
CVE-2024-38781
Patch Status
Patched
Patched
Published
Jul 19, 2024
Jul 19, 2024
Affected Software
CopySafe Web Protection
CopySafe Web Protection
Researcher
CVE-ID
CVE-2024-3973
CVE-2024-3973
Patch Status
Unpatched
Unpatched
Published
Jul 16, 2024
Jul 16, 2024
Affected Software
House Manager – Easy Renter Management System for WordPress
House Manager – Easy Renter Management System for WordPress
Researcher
CVE-ID
CVE-2024-6651
CVE-2024-6651
Patch Status
Patched
Patched
Published
Jul 16, 2024
Jul 16, 2024
Affected Software
WordPress File Upload
WordPress File Upload
Researcher
CVE-ID
CVE-2024-5081
CVE-2024-5081
Patch Status
Patched
Patched
Published
Jul 15, 2024
Jul 15, 2024
Affected Software
Wp EMember
Wp EMember
Researcher
CVE-ID
CVE-2024-6133
CVE-2024-6133
Patch Status
Patched
Patched
Published
Jul 19, 2024
Jul 19, 2024
Affected Software
WP eStore
WP eStore
Researcher
CVE-ID
CVE-2024-6134
CVE-2024-6134
Patch Status
Patched
Patched
Published
Jul 19, 2024
Jul 19, 2024
Affected Software
WP eStore
WP eStore
Researcher
CVE-ID
CVE-2024-38776
CVE-2024-38776
Patch Status
Patched
Patched
Published
Jul 19, 2024
Jul 19, 2024
Affected Software
WP GoToWebinar
WP GoToWebinar
Researcher
Himer - Social Questions and Answers <= 2.1.2 - Cross-Site Request Forgery to Arbitrary User Invites
5.8
CVE-ID
CVE-2024-2232
CVE-2024-2232
Patch Status
Patched
Patched
Published
Jul 15, 2024
Jul 15, 2024
Affected Software
Himer - Social Questions and Answers WordPress Theme
Himer - Social Questions and Answers WordPress Theme
Researcher
CVE-ID
CVE-2024-6669
CVE-2024-6669
Patch Status
Patched
Patched
Published
Jul 16, 2024
Jul 16, 2024
Affected Software
AI ChatBot for WordPress – WPBot
AI ChatBot for WordPress – WPBot
Researcher
CVE-ID
CVE-2024-7084
CVE-2024-7084
Patch Status
Patched
Patched
Published
Jul 16, 2024
Jul 16, 2024
Affected Software
Ajax Search Lite – Live Search & Filter
Ajax Search Lite – Live Search & Filter
Researcher
CVE-ID
CVE-2024-6705
CVE-2024-6705
Patch Status
Unpatched
Unpatched
Published
Jul 17, 2024
Jul 17, 2024
Affected Software
RegLevel
RegLevel
Researcher
CVE-ID
CVE-2024-6175
CVE-2024-6175
Patch Status
Patched
Patched
Published
Jul 17, 2024
Jul 17, 2024
Affected Software
Booking Ultra Pro Appointments Booking Calendar Plugin
Booking Ultra Pro Appointments Booking Calendar Plugin
Researcher
CVE-ID
CVE-2024-39681
CVE-2024-39681
Patch Status
Patched
Patched
Published
Jul 17, 2024
Jul 17, 2024
Affected Software
Cooked – Recipe Management
Cooked – Recipe Management
Researcher
CVE-ID
CVE-2024-5977
CVE-2024-5977
Patch Status
Patched
Patched
Published
Jul 18, 2024
Jul 18, 2024
Affected Software
GiveWP – Donation Plugin and Fundraising Platform
GiveWP – Donation Plugin and Fundraising Platform
Researcher
CVE-ID
CVE-2023-6708
CVE-2023-6708
Patch Status
Patched
Patched
Published
Jul 17, 2024
Jul 17, 2024
Affected Software
SVG Support
SVG Support
Researcher
CVE-ID
CVE-2024-6560
CVE-2024-6560
Patch Status
Patched
Patched
Published
Jul 19, 2024
Jul 19, 2024
Affected Software
Addonify – Quick View For WooCommerce
Addonify – Quick View For WooCommerce
Researcher
CVE-ID
CVE-2024-6565
CVE-2024-6565
Patch Status
Patched
Patched
Published
Jul 15, 2024
Jul 15, 2024
Affected Software
AForms — Form Builder for Price Calculator & Cost Estimation
AForms — Form Builder for Price Calculator & Cost Estimation
Researcher
CVE-ID
CVE-2024-38783
CVE-2024-38783
Patch Status
Patched
Patched
Published
Jul 19, 2024
Jul 19, 2024
Affected Software
Arconix FAQ
Arconix FAQ
Researcher
CVE-ID
CVE-2024-38769
CVE-2024-38769
Patch Status
Patched
Patched
Published
Jul 19, 2024
Jul 19, 2024
Affected Software
Arconix Shortcodes
Arconix Shortcodes
Researcher
CVE-ID
CVE-2024-38771
CVE-2024-38771
Patch Status
Patched
Patched
Published
Jul 19, 2024
Jul 19, 2024
Affected Software
Visual Website Collaboration, Feedback & Project Management – Atarim
Visual Website Collaboration, Feedback & Project Management – Atarim
Researcher
CVE-ID
CVE-2024-6455
CVE-2024-6455
Patch Status
Patched
Patched
Published
Jul 18, 2024
Jul 18, 2024
Affected Software
ElementsKit Elementor addons
ElementsKit Elementor addons
Researcher
CVE-ID
CVE-2024-6489
CVE-2024-6489
Patch Status
Patched
Patched
Published
Jul 19, 2024
Jul 19, 2024
Affected Software
Getwid – Gutenberg Blocks
Getwid – Gutenberg Blocks
Researcher
CVE-ID
CVE-2024-6570
CVE-2024-6570
Patch Status
Patched
Patched
Published
Jul 15, 2024
Jul 15, 2024
Affected Software
Glossary
Glossary
Researcher
CVE-ID
CVE-2024-6557
CVE-2024-6557
Patch Status
Patched
Patched
Published
Jul 15, 2024
Jul 15, 2024
CVE-ID
CVE-2024-6559
CVE-2024-6559
Patch Status
Patched
Patched
Published
Jul 15, 2024
Jul 15, 2024
Affected Software
Backup, Restore and Migrate WordPress Sites With the XCloner Plugin
Backup, Restore and Migrate WordPress Sites With the XCloner Plugin
Researcher
CVE-ID
CVE-2024-39682
CVE-2024-39682
Patch Status
Patched
Patched
Published
Jul 17, 2024
Jul 17, 2024
Affected Software
Cooked – Recipe Management
Cooked – Recipe Management
Researcher
Category Posts Widget <= 4.9.16 & Pro < 4.9.13 - Authenticated (Admin+) Stored Cross-Site Scripting
4.4
CVE-ID
CVE-2024-6158
CVE-2024-6158
Patch Status
Patched
Patched
Published
Jul 19, 2024
Jul 19, 2024
Researcher
CVE-ID
CVE-2024-6498
CVE-2024-6498
Patch Status
Patched
Patched
Published
Jul 15, 2024
Jul 15, 2024
Affected Software
Chatbot for WordPress by Collect.chat ⚡️
Chatbot for WordPress by Collect.chat ⚡️
Researcher
CVE-ID
CVE-2024-6270
CVE-2024-6270
Patch Status
Patched
Patched
Published
Jul 15, 2024
Jul 15, 2024
Affected Software
Community Events
Community Events
Researcher
CVE-ID
CVE-2024-7082
CVE-2024-7082
Patch Status
Patched
Patched
Published
Jul 16, 2024
Jul 16, 2024
Affected Software
Easy Table of Contents
Easy Table of Contents
Researcher
Livemesh Addons for Beaver Builder <= 3.6.1 - Authenticated (Editor+) Stored Cross-Site Scripting
4.4
CVE-ID
CVE-2024-38784
CVE-2024-38784
Patch Status
Patched
Patched
Published
Jul 19, 2024
Jul 19, 2024
Affected Software
Livemesh Addons for Beaver Builder
Livemesh Addons for Beaver Builder
Researcher
CVE-ID
CVE-2024-3636
CVE-2024-3636
Patch Status
Patched
Patched
Published
Jul 15, 2024
Jul 15, 2024
Affected Software
Pinpoint Booking System – #1 WordPress Booking Plugin
Pinpoint Booking System – #1 WordPress Booking Plugin
Researcher
CVE-ID
CVE-2024-6481
CVE-2024-6481
Patch Status
Patched
Patched
Published
Jul 18, 2024
Jul 18, 2024
Affected Software
Search & Filter Pro
Search & Filter Pro
Researcher
Conditional Fields for Contact Form 7 <= 2.4.13 - Cross-Site Request Forgery to Plugin Setting Reset
4.3
CVE-ID
CVE-2024-5804
CVE-2024-5804
Patch Status
Patched
Patched
Published
Jul 19, 2024
Jul 19, 2024
Affected Software
Conditional Fields for Contact Form 7
Conditional Fields for Contact Form 7
Researcher
CVE-ID
CVE-2024-39680
CVE-2024-39680
Patch Status
Patched
Patched
Published
Jul 17, 2024
Jul 17, 2024
Affected Software
Cooked – Recipe Management
Cooked – Recipe Management
Researcher
CVE-ID
CVE-2024-39679
CVE-2024-39679
Patch Status
Patched
Patched
Published
Jul 17, 2024
Jul 17, 2024
Affected Software
Cooked – Recipe Management
Cooked – Recipe Management
Researcher
CVE-ID
CVE-2024-39678
CVE-2024-39678
Patch Status
Patched
Patched
Published
Jul 17, 2024
Jul 17, 2024
Affected Software
Cooked – Recipe Management
Cooked – Recipe Management
Researcher
CVE-ID
CVE-2024-5997
CVE-2024-5997
Patch Status
Patched
Patched
Published
Jul 18, 2024
Jul 18, 2024
Affected Software
Duplica – Duplicate Posts, Pages, Custom Posts or Users
Duplica – Duplicate Posts, Pages, Custom Posts or Users
Researcher
CVE-ID
CVE-2024-6033
CVE-2024-6033
Patch Status
Patched
Patched
Published
Jul 16, 2024
Jul 16, 2024
Affected Software
Event Manager, Events Calendar, Tickets, Registrations – Eventin
Event Manager, Events Calendar, Tickets, Registrations – Eventin
Researcher
CVE-ID
CVE-2024-6491
CVE-2024-6491
Patch Status
Patched
Patched
Published
Jul 19, 2024
Jul 19, 2024
Affected Software
Getwid – Gutenberg Blocks
Getwid – Gutenberg Blocks
Researcher
CVE-ID
CVE-2024-5703
CVE-2024-5703
Patch Status
Patched
Patched
Published
Jul 16, 2024
Jul 16, 2024
Affected Software
Email Subscribers by Icegram Express – Affordable, Powerful Email Marketing for WordPress & WooCommerce
Email Subscribers by Icegram Express – Affordable, Powerful Email Marketing for WordPress & WooCommerce
Researcher
CVE-ID
CVE-2024-6720
CVE-2024-6720
Patch Status
Unpatched
Unpatched
Published
Jul 15, 2024
Jul 15, 2024
Affected Software
Light Poll
Light Poll
Researcher
CVE-ID
CVE-2024-6599
CVE-2024-6599
Patch Status
Patched
Patched
Published
Jul 17, 2024
Jul 17, 2024
Affected Software
Meks Video Importer
Meks Video Importer
Researcher
CVE-ID
CVE-2024-38774
CVE-2024-38774
Patch Status
Patched
Patched
Published
Jul 19, 2024
Jul 19, 2024
Affected Software
Security Optimizer – The All-In-One Protection Plugin
Security Optimizer – The All-In-One Protection Plugin
Researcher
CVE-ID
CVE-2024-38790
CVE-2024-38790
Patch Status
Patched
Patched
Published
Jul 20, 2024
Jul 20, 2024
Affected Software
Smartsupp – live chat, chatbots, AI and lead generation
Smartsupp – live chat, chatbots, AI and lead generation
Researcher
CVE-ID
CVE-2024-38789
CVE-2024-38789
Patch Status
Unpatched
Unpatched
Published
Jul 20, 2024
Jul 20, 2024
Affected Software
Telegram Bot & Channel
Telegram Bot & Channel
Researcher
CVE-ID
CVE-2024-1845
CVE-2024-1845
Patch Status
Patched
Patched
Published
Jul 20, 2024
Jul 20, 2024
Affected Software
VikRentCar Car Rental Management System
VikRentCar Car Rental Management System
Researcher
CVE-ID
CVE-2024-6579
CVE-2024-6579
Patch Status
Patched
Patched
Published
Jul 15, 2024
Jul 15, 2024
Affected Software
Web and WooCommerce Addons for WPBakery Builder
Web and WooCommerce Addons for WPBakery Builder
Researcher
CVE-ID
CVE-2024-5852
CVE-2024-5852
Patch Status
Patched
Patched
Published
Jul 15, 2024
Jul 15, 2024
Affected Software
WordPress File Upload
WordPress File Upload
Researcher
CVE-ID
CVE-2024-6136
CVE-2024-6136
Patch Status
Patched
Patched
Published
Jul 19, 2024
Jul 19, 2024
Affected Software
WP eStore
WP eStore
Researcher
CVE-ID
CVE-2024-38778
CVE-2024-38778
Patch Status
Patched
Patched
Published
Jul 19, 2024
Jul 19, 2024
Affected Software
WP Fast Total Search – The Power of Indexed Search
WP Fast Total Search – The Power of Indexed Search
Researcher
CVE-ID
CVE-2024-6621
CVE-2024-6621
Patch Status
Patched
Patched
Published
Jul 15, 2024
Jul 15, 2024
Affected Software
RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging
RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging
Researcher
CVE-ID
CVE-2024-6799
CVE-2024-6799
Patch Status
Patched
Patched
Published
Jul 18, 2024
Jul 18, 2024
Affected Software
YITH Essential Kit for WooCommerce #1
YITH Essential Kit for WooCommerce #1
Researcher
CVE-ID
CVE-2024-6694
CVE-2024-6694
Patch Status
Patched
Patched
Published
Jul 19, 2024
Jul 19, 2024
Affected Software
WP Mail SMTP by WPForms – The Most Popular SMTP and Email Log Plugin
WP Mail SMTP by WPForms – The Most Popular SMTP and Email Log Plugin
Researcher
As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.
This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us through our Bug Bounty Program, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
Comments