Wordfence Intelligence Weekly WordPress Vulnerability Report (July 8, 2024 to July 14, 2024)
📢 Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the rest.Â
Last week, there were 262 vulnerabilities disclosed in 213 WordPress Plugins and 14 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 75 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.
Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface, vulnerability API, webhook integration, and Wordfence CLI Vulnerability Scanner are all completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.
Enterprises, Hosting Providers, and even Individuals can use the Wordfence CLI Vulnerability Scanner to run regular vulnerability scans across the sites they protect. Or alternatively, utilize the vulnerability Database API to receive a complete dump of our database of over 17,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
New Firewall Rules Deployed Last Week
The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.
The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our Premium, Care, and Response customers last week:
- BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin <= 1.1.5 – Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update and Arbitrary File Upload
- BookingPress Appointment Booking <= 1.1.5 – Authenticated (Subscriber+) Arbitrary File Read to Arbitrary File Creation
Wordfence Premium, Care, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.
Total Unpatched & Patched Vulnerabilities Last Week
| Patch Status | Number of Vulnerabilities |
|---|---|
| Patched | 183 |
| Unpatched | 79 |
Total Vulnerabilities by CVSS Severity Last Week
| Severity Rating | Number of Vulnerabilities |
|---|---|
| Low Severity | 1 |
| Medium Severity | 204 |
| High Severity | 34 |
| Critical Severity | 23 |
Total Vulnerabilities by CWE Type Last Week
| Vulnerability Type by CWE | Number of Vulnerabilities |
|---|---|
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 112 |
| Missing Authorization | 41 |
| Cross-Site Request Forgery (CSRF) | 37 |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | 14 |
| Information Exposure | 13 |
| Unrestricted Upload of File with Dangerous Type | 9 |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') | 6 |
| Server-Side Request Forgery (SSRF) | 6 |
| Information Exposure Through Log Files | 5 |
| Authentication Bypass Using an Alternate Path or Channel | 4 |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | 4 |
| Improper Privilege Management | 3 |
| Authorization Bypass Through User-Controlled Key | 2 |
| Improper Control of Generation of Code ('Code Injection') | 2 |
| Deserialization of Untrusted Data | 1 |
| File and Directory Information Exposure | 1 |
| Use of Hard-coded Credentials | 1 |
| Use of Less Trusted Source | 1 |
Researchers That Contributed to WordPress Security Last Week
| Researcher Name | Number of Vulnerabilities |
|---|---|
| 18 | |
| 15 | |
| 14 | |
| 14 | |
| 14 | |
| 13 | |
| 12 | |
| 11 | |
| 9 | |
| 7 | |
| 7 | |
| 6 | |
| 6 | |
| 6 | |
| 5 | |
| 5 | |
| 4 | |
| 4 | |
| 4 | |
| 4 | |
| 4 | |
| 4 | |
| 3 | |
| 3 | |
| 3 | |
| 3 | |
| 3 | |
| 3 | |
| 3 | |
| 3 | |
| 3 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 |
Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and earn a bounty on in-scope vulnerabilities through our Bug Bounty Program. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.
WordPress Plugins with Reported Vulnerabilities Last Week
| Software Name | Software Slug |
|---|---|
| Academy LMS – WordPress LMS Plugin for Complete eLearning Solution | academy |
| Admin Dashboard RSS Feed | admin-dashboard-rss-feed |
| AdPush | adsense-plugin |
| Advanced AJAX Page Loader | advanced-ajax-page-loader |
| Advanced File Manager Shortcodes | file-manager-advanced-shortcode |
| Advanced post slider | advanced-post-slider |
| Amazing Hover Effects | amazing-hover-effects |
| Animated Typed JS Shortcode | animated-typed-js-shortcode |
| Appmaker – Convert WooCommerce to Android & iOS Native Mobile Apps | appmaker-woocommerce-mobile-app-manager |
| Arkhe Blocks | arkhe-blocks |
| Attachment File Icons (AF Icons) | attachment-file-icons |
| Auto Featured Image (Auto Post Thumbnail) | auto-post-thumbnail |
| Backup and Staging by WP Time Capsule | wp-time-capsule |
| Barcode Scanner and Inventory manager. POS (Point of Sale) – scan barcodes & create orders with barcode reader. | barcode-scanner-lite-pos-to-manage-products-inventory-and-orders |
| BerqWP – Automated All-In-One PageSpeed Optimization Plugin for Core Web Vitals, Cache, CDN, Images, CSS, and JavaScript | searchpro |
| Blog, Posts and Category Filter for Elementor | blog-posts-and-category-for-elementor |
| Booking Ultra Pro Appointments Booking Calendar Plugin | booking-ultra-pro |
| Bradmax Player | bradmax-player |
| Branda – White Label & Branding, Custom Login Page Customizer | branda-white-labeling |
| Business Card | business-card-by-esterox-100 |
| Calendar.online / Kalender.digital – Plugin | kalender-digital |
| Caxton – Create Pro page layouts in Gutenberg | caxton |
| Chained Quiz | chained-quiz |
| Change From Email | wp-from-email |
| Cliengo – Chatbot | cliengo |
| CodePen Embedded Pens Shortcode | codepen-embedded-pen-shortcode |
| codoc | codoc |
| Coming Soon Page – Responsive Coming Soon & Maintenance Mode | responsive-coming-soon-page |
| Comment Images Reloaded | comment-images-reloaded |
| ConeBlog – Elementor Blog Widgets | coneblog-widgets |
| Contact Form 7 Summary and Print | cf7-summary-and-print |
| Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder | bit-form |
| Contact Form, Survey, Quiz & Popup Form Builder – ARForms | arforms-form-builder |
| CZ Loan Management | cz-loan-management |
| Default Thumbnail Plus | default-thumbnail-plus |
| DirectoryPress – Business Directory And Classified Ad Listing | directorypress |
| Donation Block For PayPal | donations-block |
| Download Button for Elementor | download-button-for-elementor |
| Duplicator – Migration & Backup Plugin | duplicator |
| Dynamic Word Spinner: CSS3 Animated Rotation | css3-rotating-words |
| Easy Google Adsense and Banner Ads Manager – AdsforWP | ads-for-wp |
| Easy Pixels | easy-pixels-by-jevnet |
| EazyDocs – Most Powerful Knowledge base, wiki, Documentation Builder Plugin | eazydocs |
| EleForms – All In One Form Integration including DB for Elementor | all-contact-form-integration-for-elementor |
| ElementInvader Addons for Elementor | elementinvader-addons-for-elementor |
| Email Encoder – Protect Email Addresses and Phone Numbers | email-encoder-bundle |
| EmbedPress – Embed PDF, 3D Flipbook, Social Feeds, Google Docs, Vimeo, Wistia, YouTube Videos, Audios, Google Maps in Gutenberg Block & Elementor | embedpress |
| Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates | essential-blocks |
| Event post | event-post |
| Event Tickets and Registration | event-tickets |
| EventON | eventon-lite |
| Events Calendar for Google | events-calendar-for-google |
| ExS Widgets | exs-widgets |
| Extensions for Elementor | extensions-for-elementor |
| FancyPost – Best Ultimate Post Block, Post Grid, Layouts, Carousel, Slider For Gutenberg & Elementor | post-block |
| Featured Image Generator | featured-image-generator |
| Feeds for YouTube (YouTube video, channel, and gallery plugin) | feeds-for-youtube |
| Floating Notification Bar, Sticky Menu on Scroll, Announcement Banner, and Sticky Header for Any Theme – My Sticky Bar (formerly myStickymenu) | mystickymenu |
| Form Vibes – Database Manager for Forms | form-vibes |
| FormFlow – WhatsApp Social and WP Form Builder with Lead Management | simple-form |
| FULL – Cliente | full-customer |
| Fusion Page Builder | fusion |
| GD Rating System | gd-rating-system |
| Generate PDF using Contact Form 7 | generate-pdf-using-contact-form-7 |
| Genesis Blocks | genesis-blocks |
| Get Use APIs – JSON Content Importer | json-content-importer |
| Goftino | goftino |
| Gravity Forms: Multiple Form Instances | gravity-forms-multiple-form-instances |
| Gum Elementor Addon | gum-elementor-addon |
| Gutenberg Forms – WordPress Form Builder Plugin | forms-gutenberg |
| GutSlider – All in One Block Slider | slider-blocks |
| HitPay Payment Gateway for WooCommerce | hitpay-payment-gateway |
| Houzez CRM | houzez-crm |
| Houzez Theme - Functionality | houzez-theme-functionality |
| HT Mega – Absolute Addons For Elementor | ht-mega-for-elementor |
| HTML Forms – Simple WordPress Forms Plugin | html-forms |
| Image Optimizer, Resizer and CDN – Sirv | sirv |
| Import Spreadsheets from Microsoft Excel | import-spreadsheets-from-microsoft-excel |
| Inline Related Posts | intelly-related-posts |
| InstaWP Connect – 1-click WP Staging & Migration | instawp-connect |
| Internal Link Juicer: SEO Auto Linker for WordPress | internal-links |
| iPanorama 360 – WordPress Virtual Tour Builder | ipanorama-360-virtual-tour-builder-lite |
| IQ Testimonials | iq-testimonials |
| Jetpack Boost – Website Speed, Performance and Critical CSS | jetpack-boost |
| Job Board Manager | job-board-manager |
| JSON API User | json-api-user |
| Just Custom Fields | just-custom-fields |
| Laposta | laposta |
| LearnDash LMS – Reports | wisdm-reports-for-learndash |
| Light Poll | light-poll |
| Link Library | link-library |
| Login by Auth0 | auth0 |
| Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library ) | magical-addons-for-elementor |
| Magical Posts Display – Elementor Advanced Posts widgets | magical-posts-display |
| MakeStories (for Google Web Stories) | makestories-helper |
| Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor | master-addons |
| Master Popups | master-popups-lite |
| Matomo Analytics – Ethical Stats. Powerful Insights. | matomo |
| MBE eShip | mail-boxes-etc |
| Media Hygiene: Remove or Delete Unused Images and More! | media-hygiene |
| Meks Smart Author Widget | meks-smart-author-widget |
| Meks Video Importer | meks-video-importer |
| Metorik – Reports & Email Automation for WooCommerce | metorik-helper |
| Modern Events Calendar | modern-events-calendar |
| Modern Events Calendar Lite | modern-events-calendar-lite |
| Moloni | moloni |
| MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar | mp3-music-player-by-sonaar |
| MStore API – Create Native Android & iOS Apps On The Cloud | mstore-api |
| oik | oik |
| Olive One Click Demo Import | olive-one-click-demo-import |
| Openpos - WooCommerce Point Of Sale(POS) | woocommerce-openpos |
| OSM – OpenStreetMap | osm |
| Packlink PRO shipping module | packlink-pro-shipping |
| Paid Memberships Pro - Member Directory Add On | pmpro-member-directory |
| Panda Video | pandavideo |
| Payflex Payment Gateway | payflex-payment-gateway |
| PayPlus Payment Gateway | payplus-payment-gateway |
| Plugin Notes Plus | plugin-notes-plus |
| Plum: Spin Wheel & Email Pop-up | qodeblock |
| Post Layouts for Gutenberg | post-layouts |
| Power BI Embedded for WordPress | embed-power-bi |
| PowerPress Podcasting plugin by Blubrry | powerpress |
| Predictive Search for WooCommerce | woocommerce-predictive-search |
| Premium Addons for Elementor | premium-addons-for-elementor |
| Pricing Table | elfsight-pricing-table |
| Product Delivery Date for WooCommerce – Lite | product-delivery-date-for-woocommerce-lite |
| Product Designer | product-designer |
| Product Table by WBW | woo-product-tables |
| ProfileGrid – User Profiles, Groups and Communities | profilegrid-user-profiles-groups-and-communities |
| Qi Blocks | qi-blocks |
| Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker | quiz-master-next |
| Realtyna Organic IDX plugin + WPL Real Estate | real-estate-listing-realtyna-wpl |
| ReCaptcha Integration for WordPress | wp-recaptcha-integration |
| Recipe Cards For Your Food Blog from Zip Recipes | zip-recipes |
| ReDi Restaurant Reservation | redi-restaurant-reservation |
| Registration Forms – User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction | pie-register |
| Responsive Tabs | responsive-tabs |
| REVIEWS.io for WooCommerce | reviewscouk-for-woocommerce |
| ScrollTo Bottom | scrollto-bottom |
| ScrollTo Top | scrollto-top |
| SCSS Happy Compiler – Compile SCSS to CSS & Automatic Enqueue | happy-scss-compiler |
| Search & Replace | search-and-replace |
| Send email only on Reply to My Comment | send-email-only-on-reply-to-my-comment |
| Send Users Email | send-users-email |
| Seraphinite Accelerator Pro | seraphinite-accelerator-ext |
| Seraphinite Post .DOCX Source | seraphinite-post-docx-source |
| Simple Alert Boxes | simple-alert-boxes |
| Simple Popup Plugin | simple-popup-plugin |
| Simple Post Notes | simple-post-notes |
| Simple Responsive Slider | simple-responsive-slider |
| SKT Addons for Elementor | skt-addons-for-elementor |
| SKT Skill Bar | skt-skill-bar |
| Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blogs) | sky-elementor-addons |
| Slider by 10Web – Responsive Image Slider | slider-wd |
| SlingBlocks – Gutenberg Blocks by FunnelKit (Formerly WooFunnels) | slingblocks |
| SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer | smartcrawl-seo |
| Social Sharing Plugin – Kiwi | kiwi-social-share |
| SpiderContacts | spider-contacts |
| Spiffy Calendar | spiffy-calendar |
| SportsPress – Sports Club & League Manager | sportspress |
| Squelch Tabs and Accordions Shortcodes | squelch-tabs-and-accordions-shortcodes |
| Tabs For WPBakery Page Builder (formerly Visual Composer) | tabs-for-visual-composer |
| Tagbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics | taggbox-widget |
| Team Manager – WordPress Showcase Team Members | wp-team-manager |
| Team Members | team-members |
| Timeline Module for Beaver Builder | timeline-for-beaver-builder |
| Titan Anti-spam & Security | anti-spam |
| TOCHAT.BE | tochat-be |
| Tutor LMS – eLearning and online course solution | tutor |
| Typebot | Create advanced chat experiences without coding | typebot |
| Ultimate Classified Listings | ultimate-classified-listings |
| UltraAddons – Elementor Addons (Header Footer Builder, Custom Font, Custom CSS,Woo Widget, Menu Builder, Anywhere Elementor Shortcode) | ultraaddons-elementor-lite |
| Uncanny Automator Pro | uncanny-automator-pro |
| Unlimited Elements For Elementor (Free Widgets, Addons, Templates) | unlimited-elements-for-elementor |
| User Activity Log Pro | user-activity-log-pro |
| User Feedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds | userfeedback-lite |
| User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor | profile-builder |
| UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP | userswp |
| VK All in One Expansion Unit | vk-all-in-one-expansion-unit |
| Wallet for WooCommerce | woo-wallet |
| Wallet System for WooCommerce – Wallet, Digital Wallet, Cashback, Manage Recurring Payments, Partial Payments, Wallet restriction, Manage Refunds, Offer Rewards | wallet-system-for-woocommerce |
| WANotifier – Send Message Notifications Using WhatsApp API | notifier |
| WappPress – Create Mobile App for any WordPress site with our Mobile App Builder in just 1 minute | wapppress-builds-android-app-for-website |
| Web Directory Free | web-directory-free |
| Webico Slider Flatsome Addons | webico-slider-flatsome-addons |
| Wholesale Suite – WooCommerce Wholesale Prices, B2B, Catalog Mode, Order Form, Wholesale User Roles, Dynamic Pricing & More | woocommerce-wholesale-prices |
| WooCommerce Customers Manager | woocommerce-customers-manager |
| WooCommerce Report | ithemelandco-woo-report |
| WordPress Multisite Content Copier/Updater | wp-multisite-content-copier |
| WP Accessibility Helper (WAH) | wp-accessibility-helper |
| WP Affiliate Platform | wp-affiliate-platform |
| WP Ajax Contact Form | wp-ajax-contact-form |
| WP Announcement | Dynamic Announcement, Banner, & Countdown Timer for Effective Promotions | sp-announcement |
| WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting | erp |
| WP Event Aggregator: Import Eventbrite events, Meetup events, social events and any iCal Events into WordPress | wp-event-aggregator |
| WP Fast Total Search – The Power of Indexed Search | fulltext-search |
| WP GoToWebinar | wp-gotowebinar |
| WP Links Page | wp-links-page |
| WP Photo Album Plus | wp-photo-album-plus |
| WP Popups – WordPress Popup builder | wp-popups-lite |
| WP Total Branding – Complete branding solution for WordPress | wp-total-branding |
| WP Travel Engine – Tour Booking Plugin – Tour Operator Software | wp-travel-engine |
| WP User Switch | wp-user-switch |
| WP2Speed Faster – Optimize PageSpeed Insights Score 90-100 | wp2speed |
| WPBITS Addons For Elementor Page Builder | wpbits-addons-for-elementor |
| WPCS – WordPress Currency Switcher Professional | currency-switcher |
| WpStickyBar – Sticky Bar, Sticky Header | wpstickybar-sticky-bar-sticky-header |
| XPlainer – Product FAQs for WooCommerce & AI FAQ Generator | faq-for-woocommerce |
| YITH WooCommerce Ajax Product Filter | yith-woocommerce-ajax-navigation |
| Zephyr Project Manager | zephyr-project-manager |
| Zoho Campaigns | zoho-campaigns |
| Zoho CRM Lead Magnet | zoho-crm-forms |
| پلاگین پرداخت دلخواه | pardakht-delkhah |
WordPress Themes with Reported Vulnerabilities Last Week
| Software Name | Software Slug |
|---|---|
| BuddyBoss Theme | buddyboss-theme |
| Counterpoint | counterpoint |
| i-amaze | i-amaze |
| i-transform | i-transform |
| Noo JobMonster | noo-jobmonster |
| Oceanic | oceanic |
| OnePress | onepress |
| Patricia Blog | patricia-blog |
| Patricia Lite | patricia-lite |
| Point | point |
| Popularis Verse | popularis-verse |
| Responsive Mobile | responsive-mobile |
| SmartMag | smartmag-responsive-retina-wordpress-magazine |
| SociallyViral | sociallyviral |
Vulnerability Details
Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you’d like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.
CVE-ID
CVE-2024-5975
CVE-2024-5975
Patch Status
Unpatched
Unpatched
Published
Jul 9, 2024
Jul 9, 2024
Affected Software
CZ Loan Management
CZ Loan Management
Researcher
CVE-ID
CVE-2024-37933
CVE-2024-37933
Patch Status
Patched
Patched
Published
Jul 9, 2024
Jul 9, 2024
Affected Software
Openpos - WooCommerce Point Of Sale(POS)
Openpos - WooCommerce Point Of Sale(POS)
Researcher
CVE-ID
CVE-2024-5765
CVE-2024-5765
Patch Status
Unpatched
Unpatched
Published
Jul 9, 2024
Jul 9, 2024
Affected Software
WpStickyBar – Sticky Bar, Sticky Header
WpStickyBar – Sticky Bar, Sticky Header
Researcher
CVE-ID
CVE-2024-38755
CVE-2024-38755
Patch Status
Unpatched
Unpatched
Published
Jul 11, 2024
Jul 11, 2024
Affected Software
DirectoryPress – Business Directory And Classified Ad Listing
DirectoryPress – Business Directory And Classified Ad Listing
Researcher
CVE-ID
CVE-2024-3604
CVE-2024-3604
Patch Status
Unpatched
Unpatched
Published
Jul 8, 2024
Jul 8, 2024
Affected Software
OSM – OpenStreetMap
OSM – OpenStreetMap
Researcher
CVE-ID
CVE-2024-37564
CVE-2024-37564
Patch Status
Patched
Patched
Published
Jul 9, 2024
Jul 9, 2024
Affected Software
PayPlus Payment Gateway
PayPlus Payment Gateway
Researcher
CVE-ID
CVE-2024-38770
CVE-2024-38770
Patch Status
Patched
Patched
Published
Jul 13, 2024
Jul 13, 2024
Affected Software
Backup and Staging by WP Time Capsule
Backup and Staging by WP Time Capsule
Researcher
CVE-ID
CVE-2024-38717
CVE-2024-38717
Patch Status
Patched
Patched
Published
Jul 11, 2024
Jul 11, 2024
Affected Software
Booking Ultra Pro Appointments Booking Calendar Plugin
Booking Ultra Pro Appointments Booking Calendar Plugin
Researcher
CVE-ID
CVE-2024-38735
CVE-2024-38735
Patch Status
Patched
Patched
Published
Jul 11, 2024
Jul 11, 2024
Affected Software
Event post
Event post
Researcher
CVE-ID
CVE-2024-6313
CVE-2024-6313
Patch Status
Unpatched
Unpatched
Published
Jul 8, 2024
Jul 8, 2024
Affected Software
Gutenberg Forms – WordPress Form Builder Plugin
Gutenberg Forms – WordPress Form Builder Plugin
Researcher
CVE-ID
CVE-2024-6397
CVE-2024-6397
Patch Status
Patched
Patched
Published
Jul 10, 2024
Jul 10, 2024
Affected Software
InstaWP Connect – 1-click WP Staging & Migration
InstaWP Connect – 1-click WP Staging & Migration
Researcher
CVE-ID
CVE-2024-6314
CVE-2024-6314
Patch Status
Unpatched
Unpatched
Published
Jul 8, 2024
Jul 8, 2024
Affected Software
IQ Testimonials
IQ Testimonials
Researcher
CVE-ID
CVE-2024-37927
CVE-2024-37927
Patch Status
Unpatched
Unpatched
Published
Jul 9, 2024
Jul 9, 2024
Affected Software
Noo JobMonster
Noo JobMonster
Researcher
CVE-ID
CVE-2024-6624
CVE-2024-6624
Patch Status
Patched
Patched
Published
Jul 10, 2024
Jul 10, 2024
Affected Software
JSON API User
JSON API User
Researcher
CVE-ID
CVE-2024-6328
CVE-2024-6328
Patch Status
Patched
Patched
Published
Jul 11, 2024
Jul 11, 2024
Affected Software
MStore API – Create Native Android & iOS Apps On The Cloud
MStore API – Create Native Android & iOS Apps On The Cloud
Researcher
CVE-ID
CVE-2024-6365
CVE-2024-6365
Patch Status
Patched
Patched
Published
Jul 8, 2024
Jul 8, 2024
Affected Software
Product Table by WBW
Product Table by WBW
Researcher
CVE-ID
CVE-2024-38759
CVE-2024-38759
Patch Status
Patched
Patched
Published
Jul 11, 2024
Jul 11, 2024
Affected Software
Search & Replace
Search & Replace
Researcher
CVE-ID
CVE-2024-6695
CVE-2024-6695
Patch Status
Patched
Patched
Published
Jul 10, 2024
Jul 10, 2024
Affected Software
User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor
User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor
Researcher
Import Spreadsheets from Microsoft Excel <= 10.1.4 - Authenticated (Editor+) Arbitrary File Upload
9.1
CVE-ID
CVE-2024-38734
CVE-2024-38734
Patch Status
Unpatched
Unpatched
Published
Jul 11, 2024
Jul 11, 2024
Affected Software
Import Spreadsheets from Microsoft Excel
Import Spreadsheets from Microsoft Excel
Researcher
CVE-ID
CVE-2024-37928
CVE-2024-37928
Patch Status
Unpatched
Unpatched
Published
Jul 9, 2024
Jul 9, 2024
Affected Software
Noo JobMonster
Noo JobMonster
Researcher
CVE-ID
CVE-2024-38736
CVE-2024-38736
Patch Status
Unpatched
Unpatched
Published
Jul 11, 2024
Jul 11, 2024
Affected Software
Realtyna Organic IDX plugin + WPL Real Estate
Realtyna Organic IDX plugin + WPL Real Estate
Researcher
CVE-ID
CVE-2024-38692
CVE-2024-38692
Patch Status
Patched
Patched
Published
Jul 10, 2024
Jul 10, 2024
Affected Software
Spiffy Calendar
Spiffy Calendar
Researcher
CVE-ID
CVE-2024-37932
CVE-2024-37932
Patch Status
Patched
Patched
Published
Jul 9, 2024
Jul 9, 2024
Affected Software
Openpos - WooCommerce Point Of Sale(POS)
Openpos - WooCommerce Point Of Sale(POS)
Researcher
CVE-ID
CVE-2024-6310
CVE-2024-6310
Patch Status
Unpatched
Unpatched
Published
Jul 8, 2024
Jul 8, 2024
Affected Software
Advanced AJAX Page Loader
Advanced AJAX Page Loader
Researcher
CVE-ID
CVE-2023-7061
CVE-2023-7061
Patch Status
Patched
Patched
Published
Jul 8, 2024
Jul 8, 2024
Affected Software
Advanced File Manager Shortcodes
Advanced File Manager Shortcodes
Researcher
CVE-ID
CVE-2023-7062
CVE-2023-7062
Patch Status
Patched
Patched
Published
Jul 8, 2024
Jul 8, 2024
Affected Software
Advanced File Manager Shortcodes
Advanced File Manager Shortcodes
Researcher
CVE-ID
CVE-2024-6309
CVE-2024-6309
Patch Status
Unpatched
Unpatched
Published
Jul 8, 2024
Jul 8, 2024
Affected Software
Attachment File Icons (AF Icons)
Attachment File Icons (AF Icons)
Researcher
CVE-ID
CVE-2024-6161
CVE-2024-6161
Patch Status
Unpatched
Unpatched
Published
Jul 8, 2024
Jul 8, 2024
Affected Software
Default Thumbnail Plus
Default Thumbnail Plus
Researcher
CVE-ID
CVE-2024-38716
CVE-2024-38716
Patch Status
Unpatched
Unpatched
Published
Jul 11, 2024
Jul 11, 2024
Affected Software
Events Calendar for Google
Events Calendar for Google
Researcher
CVE-ID
CVE-2024-38715
CVE-2024-38715
Patch Status
Patched
Patched
Published
Jul 11, 2024
Jul 11, 2024
Affected Software
ExS Widgets
ExS Widgets
Researcher
CVE-ID
CVE-2024-5325
CVE-2024-5325
Patch Status
Patched
Patched
Published
Jul 11, 2024
Jul 11, 2024
Affected Software
Form Vibes – Database Manager for Forms
Form Vibes – Database Manager for Forms
Researcher
CVE-ID
CVE-2024-38709
CVE-2024-38709
Patch Status
Patched
Patched
Published
Jul 11, 2024
Jul 11, 2024
Affected Software
GD Rating System
GD Rating System
Researcher
Generate PDF using Contact Form 7 <= 4.1.2 - Cross-Site Request Forgery to Arbitrary File Deletion
8.8
CVE-ID
CVE-2024-6317
CVE-2024-6317
Patch Status
Patched
Patched
Published
Jul 8, 2024
Jul 8, 2024
Affected Software
Generate PDF using Contact Form 7
Generate PDF using Contact Form 7
Researcher
Generate PDF using Contact Form 7 <= 4.1.2 - Cross-Site Request Forgery to Arbitrary File Upload
8.8
CVE-ID
CVE-2024-6316
CVE-2024-6316
Patch Status
Patched
Patched
Published
Jul 8, 2024
Jul 8, 2024
Affected Software
Generate PDF using Contact Form 7
Generate PDF using Contact Form 7
Researcher
CVE-ID
CVE-2024-5792
CVE-2024-5792
Patch Status
Patched
Patched
Published
Jul 8, 2024
Jul 8, 2024
Affected Software
Houzez CRM
Houzez CRM
Researcher
CVE-ID
CVE-2024-5793
CVE-2024-5793
Patch Status
Patched
Patched
Published
Jul 8, 2024
Jul 8, 2024
Affected Software
Houzez Theme - Functionality
Houzez Theme - Functionality
Researcher
CVE-ID
CVE-2024-5441
CVE-2024-5441
Patch Status
Patched
Patched
Published
Jul 8, 2024
Jul 8, 2024
Researcher
CVE-ID
CVE-2024-5456
CVE-2024-5456
Patch Status
Patched
Patched
Published
Jul 8, 2024
Jul 8, 2024
Affected Software
Panda Video
Panda Video
Researcher
CVE-ID
CVE-2024-6069
CVE-2024-6069
Patch Status
Patched
Patched
Published
Jul 8, 2024
Jul 8, 2024
CVE-ID
CVE-2024-6411
CVE-2024-6411
Patch Status
Patched
Patched
Published
Jul 9, 2024
Jul 9, 2024
Affected Software
ProfileGrid – User Profiles, Groups and Communities
ProfileGrid – User Profiles, Groups and Communities
Researchers
CVE-ID
CVE-2024-6321
CVE-2024-6321
Patch Status
Unpatched
Unpatched
Published
Jul 8, 2024
Jul 8, 2024
Affected Software
ScrollTo Bottom
ScrollTo Bottom
Researcher
CVE-ID
CVE-2024-6320
CVE-2024-6320
Patch Status
Unpatched
Unpatched
Published
Jul 8, 2024
Jul 8, 2024
Affected Software
ScrollTo Top
ScrollTo Top
Researcher
CVE-ID
CVE-2024-6166
CVE-2024-6166
Patch Status
Patched
Patched
Published
Jul 8, 2024
Jul 8, 2024
Affected Software
Unlimited Elements For Elementor (Free Widgets, Addons, Templates)
Unlimited Elements For Elementor (Free Widgets, Addons, Templates)
Researcher
CVE-ID
CVE-2024-6353
CVE-2024-6353
Patch Status
Patched
Patched
Published
Jul 11, 2024
Jul 11, 2024
Affected Software
Wallet for WooCommerce
Wallet for WooCommerce
Researcher
CVE-ID
CVE-2024-38704
CVE-2024-38704
Patch Status
Patched
Patched
Published
Jul 11, 2024
Jul 11, 2024
Affected Software
Team Manager – WordPress Showcase Team Members
Team Manager – WordPress Showcase Team Members
Researcher
CVE-ID
CVE-2024-6666
CVE-2024-6666
Patch Status
Patched
Patched
Published
Jul 10, 2024
Jul 10, 2024
Affected Software
WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting
WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting
Researcher
CVE-ID
CVE-2024-37560
CVE-2024-37560
Patch Status
Unpatched
Unpatched
Published
Jul 9, 2024
Jul 9, 2024
Affected Software
WP User Switch
WP User Switch
Researcher
Barcode Scanner with Inventory & Order Manager <= 1.6.1 - Authenticated (Subscriber+) SQL Injection
8.5
CVE-ID
CVE-2024-38708
CVE-2024-38708
Patch Status
Patched
Patched
Published
Jul 11, 2024
Jul 11, 2024
CVE-ID
CVE-2024-37942
CVE-2024-37942
Patch Status
Patched
Patched
Published
Jul 10, 2024
Jul 10, 2024
CVE-ID
CVE-2024-6123
CVE-2024-6123
Patch Status
Patched
Patched
Published
Jul 8, 2024
Jul 8, 2024
CVE-ID
CVE-2024-5807
CVE-2024-5807
Patch Status
Unpatched
Unpatched
Published
Jul 9, 2024
Jul 9, 2024
Affected Software
Business Card
Business Card
Researcher
CVE-ID
CVE-2024-6021
CVE-2024-6021
Patch Status
Patched
Patched
Published
Jul 9, 2024
Jul 9, 2024
Affected Software
Donation Block For PayPal
Donation Block For PayPal
Researcher
CVE-ID
CVE-2024-5479
CVE-2024-5479
Patch Status
Unpatched
Unpatched
Published
Jul 8, 2024
Jul 8, 2024
Affected Software
Easy Pixels
Easy Pixels
Researcher
CVE-ID
CVE-2024-6447
CVE-2024-6447
Patch Status
Patched
Patched
Published
Jul 10, 2024
Jul 10, 2024
Affected Software
FULL – Cliente
FULL – Cliente
Researcher
CVE-ID
CVE-2024-37563
CVE-2024-37563
Patch Status
Patched
Patched
Published
Jul 9, 2024
Jul 9, 2024
Affected Software
TOCHAT.BE
TOCHAT.BE
Researcher
CVE-ID
CVE-2024-5902
CVE-2024-5902
Patch Status
Patched
Patched
Published
Jul 12, 2024
Jul 12, 2024
Affected Software
User Feedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds
User Feedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds
Researcher
CVE-ID
CVE-2024-5992
CVE-2024-5992
Patch Status
Patched
Patched
Published
Jul 8, 2024
Jul 8, 2024
Affected Software
Cliengo – Chatbot
Cliengo – Chatbot
Researcher
Premium Addons for Elementor <= 4.10.34 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.5
CVE-ID
CVE-2024-37922
CVE-2024-37922
Patch Status
Patched
Patched
Published
Jul 9, 2024
Jul 9, 2024
Affected Software
Premium Addons for Elementor
Premium Addons for Elementor
Researcher
CVE-ID
CVE-2024-38700
CVE-2024-38700
Patch Status
Patched
Patched
Published
Jul 10, 2024
Jul 10, 2024
Affected Software
WPCS – WordPress Currency Switcher Professional
WPCS – WordPress Currency Switcher Professional
Researcher
CVE-ID
CVE-2024-38750
CVE-2024-38750
Patch Status
Unpatched
Unpatched
Published
Jul 11, 2024
Jul 11, 2024
Affected Software
Advanced post slider
Advanced post slider
Researcher
CVE-ID
CVE-2024-38741
CVE-2024-38741
Patch Status
Unpatched
Unpatched
Published
Jul 11, 2024
Jul 11, 2024
Affected Software
Amazing Hover Effects
Amazing Hover Effects
Researcher
CVE-ID
CVE-2024-38675
CVE-2024-38675
Patch Status
Patched
Patched
Published
Jul 10, 2024
Jul 10, 2024
Affected Software
Arkhe Blocks
Arkhe Blocks
Researcher
CVE-ID
CVE-2024-4667
CVE-2024-4667
Patch Status
Patched
Patched
Published
Jul 8, 2024
Jul 8, 2024
Affected Software
Blog, Posts and Category Filter for Elementor
Blog, Posts and Category Filter for Elementor
Researcher
CVE-ID
CVE-2024-38676
CVE-2024-38676
Patch Status
Patched
Patched
Published
Jul 10, 2024
Jul 10, 2024
Affected Software
Booking Ultra Pro Appointments Booking Calendar Plugin
Booking Ultra Pro Appointments Booking Calendar Plugin
Researcher
CVE-ID
CVE-2024-37957
CVE-2024-37957
Patch Status
Unpatched
Unpatched
Published
Jul 10, 2024
Jul 10, 2024
Affected Software
Bradmax Player
Bradmax Player
Researcher
CVE-ID
CVE-2024-38678
CVE-2024-38678
Patch Status
Patched
Patched
Published
Jul 10, 2024
Jul 10, 2024
Affected Software
Calendar.online / Kalender.digital – Plugin
Calendar.online / Kalender.digital – Plugin
Researcher
CVE-ID
CVE-2024-37948
CVE-2024-37948
Patch Status
Unpatched
Unpatched
Published
Jul 10, 2024
Jul 10, 2024
Affected Software
Caxton – Create Pro page layouts in Gutenberg
Caxton – Create Pro page layouts in Gutenberg
Researcher
CodePen Embedded Pens Shortcode <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-ID
CVE-2024-37960
CVE-2024-37960
Patch Status
Patched
Patched
Published
Jul 10, 2024
Jul 10, 2024
Affected Software
CodePen Embedded Pens Shortcode
CodePen Embedded Pens Shortcode
Researcher
CVE-ID
CVE-2024-37918
CVE-2024-37918
Patch Status
Patched
Patched
Published
Jul 9, 2024
Jul 9, 2024
Affected Software
ConeBlog – Elementor Blog Widgets
ConeBlog – Elementor Blog Widgets
Researcher
Download Button for Elementor <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-ID
CVE-2024-38718
CVE-2024-38718
Patch Status
Unpatched
Unpatched
Published
Jul 11, 2024
Jul 11, 2024
Affected Software
Download Button for Elementor
Download Button for Elementor
Researcher
CVE-ID
CVE-2024-38720
CVE-2024-38720
Patch Status
Patched
Patched
Published
Jul 11, 2024
Jul 11, 2024
Researcher
CVE-ID
CVE-2024-38705
CVE-2024-38705
Patch Status
Patched
Patched
Published
Jul 11, 2024
Jul 11, 2024
Affected Software
ElementInvader Addons for Elementor
ElementInvader Addons for Elementor
Researcher
CVE-ID
CVE-2024-5595
CVE-2024-5595
Patch Status
Patched
Patched
Published
Jul 12, 2024
Jul 12, 2024
Affected Software
Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates
Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates
Researcher
CVE-ID
CVE-2024-4868
CVE-2024-4868
Patch Status
Patched
Patched
Published
Jul 8, 2024
Jul 8, 2024
Affected Software
Extensions for Elementor
Extensions for Elementor
Researcher
CVE-ID
CVE-2024-38686
CVE-2024-38686
Patch Status
Patched
Patched
Published
Jul 10, 2024
Jul 10, 2024
CVE-ID
CVE-2024-6256
CVE-2024-6256
Patch Status
Patched
Patched
Published
Jul 10, 2024
Jul 10, 2024
Affected Software
Feeds for YouTube (YouTube video, channel, and gallery plugin)
Feeds for YouTube (YouTube video, channel, and gallery plugin)
Researcher
CVE-ID
CVE-2024-37962
CVE-2024-37962
Patch Status
Unpatched
Unpatched
Published
Jul 10, 2024
Jul 10, 2024
Affected Software
Fusion Page Builder
Fusion Page Builder
Researcher
CVE-ID
CVE-2024-3563
CVE-2024-3563
Patch Status
Patched
Patched
Published
Jul 8, 2024
Jul 8, 2024
Affected Software
Genesis Blocks
Genesis Blocks
Researchers
CVE-ID
CVE-2024-38697
CVE-2024-38697
Patch Status
Patched
Patched
Published
Jul 11, 2024
Jul 11, 2024
Affected Software
Goftino
Goftino
Researcher
CVE-ID
CVE-2024-37955
CVE-2024-37955
Patch Status
Patched
Patched
Published
Jul 10, 2024
Jul 10, 2024
Affected Software
GutSlider – All in One Block Slider
GutSlider – All in One Block Slider
Researcher
CVE-ID
CVE-2024-38722
CVE-2024-38722
Patch Status
Patched
Patched
Published
Jul 11, 2024
Jul 11, 2024
Affected Software
Job Board Manager
Job Board Manager
Researchers
CVE-ID
CVE-2024-38723
CVE-2024-38723
Patch Status
Patched
Patched
Published
Jul 11, 2024
Jul 11, 2024
Affected Software
Get Use APIs – JSON Content Importer
Get Use APIs – JSON Content Importer
Researcher
Magical Addons For Elementor <= 1.1.41 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-ID
CVE-2024-38681
CVE-2024-38681
Patch Status
Patched
Patched
Published
Jul 10, 2024
Jul 10, 2024
Affected Software
Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library )
Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library )
Researcher
Magical Addons For Elementor <= 1.1.41 - Authenticated (Subscriber+) Server-Side Request Forgery
6.4
CVE-ID
CVE-2024-38730
CVE-2024-38730
Patch Status
Patched
Patched
Published
Jul 11, 2024
Jul 11, 2024
Affected Software
Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library )
Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library )
Researcher
CVE-ID
CVE-2024-37951
CVE-2024-37951
Patch Status
Patched
Patched
Published
Jul 10, 2024
Jul 10, 2024
Affected Software
Magical Posts Display – Elementor Advanced Posts widgets
Magical Posts Display – Elementor Advanced Posts widgets
Researcher
CVE-ID
CVE-2024-38710
CVE-2024-38710
Patch Status
Patched
Patched
Published
Jul 11, 2024
Jul 11, 2024
Affected Software
Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor
Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor
Researcher
CVE-ID
CVE-2024-37958
CVE-2024-37958
Patch Status
Patched
Patched
Published
Jul 10, 2024
Jul 10, 2024
Affected Software
Meks Smart Author Widget
Meks Smart Author Widget
Researcher
CVE-ID
CVE-2024-5664
CVE-2024-5664
Patch Status
Patched
Patched
Published
Jul 9, 2024
Jul 9, 2024
Affected Software
MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar
MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar
Researcher
oik <= 4.10.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via bw_button Shortcode
6.4
CVE-ID
CVE-2024-6391
CVE-2024-6391
Patch Status
Patched
Patched
Published
Jul 8, 2024
Jul 8, 2024
Affected Software
oik
oik
Researcher
CVE-ID
CVE-2024-38739
CVE-2024-38739
Patch Status
Unpatched
Unpatched
Published
Jul 11, 2024
Jul 11, 2024
Affected Software
OnePress
OnePress
Researcher
CVE-ID
CVE-2024-3603
CVE-2024-3603
Patch Status
Unpatched
Unpatched
Published
Jul 8, 2024
Jul 8, 2024
Affected Software
OSM – OpenStreetMap
OSM – OpenStreetMap
Researcher
CVE-ID
CVE-2024-5457
CVE-2024-5457
Patch Status
Patched
Patched
Published
Jul 8, 2024
Jul 8, 2024
Affected Software
Panda Video
Panda Video
Researcher
CVE-ID
CVE-2024-38682
CVE-2024-38682
Patch Status
Unpatched
Unpatched
Published
Jul 10, 2024
Jul 10, 2024
Affected Software
Post Layouts for Gutenberg
Post Layouts for Gutenberg
Researcher
Power BI Embedded for WordPress <= 1.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-ID
CVE-2024-37959
CVE-2024-37959
Patch Status
Unpatched
Unpatched
Published
Jul 10, 2024
Jul 10, 2024
Affected Software
Power BI Embedded for WordPress
Power BI Embedded for WordPress
Researcher
CVE-ID
CVE-2024-6588
CVE-2024-6588
Patch Status
Patched
Patched
Published
Jul 11, 2024
Jul 11, 2024
Affected Software
PowerPress Podcasting plugin by Blubrry
PowerPress Podcasting plugin by Blubrry
Researcher
CVE-ID
CVE-2024-6495
CVE-2024-6495
Patch Status
Patched
Patched
Published
Jul 11, 2024
Jul 11, 2024
Affected Software
Premium Addons for Elementor
Premium Addons for Elementor
Researcher
CVE-ID
CVE-2024-38712
CVE-2024-38712
Patch Status
Patched
Patched
Published
Jul 11, 2024
Jul 11, 2024
Affected Software
Qi Blocks
Qi Blocks
Researcher
CVE-ID
CVE-2024-6390
CVE-2024-6390
Patch Status
Patched
Patched
Published
Jul 13, 2024
Jul 13, 2024
Affected Software
Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker
Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker
Researcher
CVE-ID
CVE-2024-37949
CVE-2024-37949
Patch Status
Unpatched
Unpatched
Published
Jul 10, 2024
Jul 10, 2024
Affected Software
Responsive Mobile
Responsive Mobile
Researcher
CVE-ID
CVE-2024-4096
CVE-2024-4096
Patch Status
Patched
Patched
Published
Jul 9, 2024
Jul 9, 2024
Affected Software
Responsive Tabs
Responsive Tabs
Researcher
CVE-ID
CVE-2024-38677
CVE-2024-38677
Patch Status
Patched
Patched
Published
Jul 10, 2024
Jul 10, 2024
Affected Software
REVIEWS.io for WooCommerce
REVIEWS.io for WooCommerce
Researcher
Seraphinite Post .DOCX Source <= 2.16.9 - Authenticated (Subscriber+) Server-Side Request Forgery
6.4
CVE-ID
CVE-2024-38728
CVE-2024-38728
Patch Status
Patched
Patched
Published
Jul 11, 2024
Jul 11, 2024
Affected Software
Seraphinite Post .DOCX Source
Seraphinite Post .DOCX Source
Researcher
CVE-ID
CVE-2024-5937
CVE-2024-5937
Patch Status
Unpatched
Unpatched
Published
Jul 8, 2024
Jul 8, 2024
Affected Software
Simple Alert Boxes
Simple Alert Boxes
Researcher
CVE-ID
CVE-2024-38674
CVE-2024-38674
Patch Status
Unpatched
Unpatched
Published
Jul 10, 2024
Jul 10, 2024
Affected Software
SKT Addons for Elementor
SKT Addons for Elementor
Researcher
CVE-ID
CVE-2024-38698
CVE-2024-38698
Patch Status
Patched
Patched
Published
Jul 11, 2024
Jul 11, 2024
Affected Software
SKT Skill Bar
SKT Skill Bar
Researcher
CVE-ID
CVE-2024-38687
CVE-2024-38687
Patch Status
Patched
Patched
Published
Jul 10, 2024
Jul 10, 2024
CVE-ID
CVE-2024-38684
CVE-2024-38684
Patch Status
Patched
Patched
Published
Jul 10, 2024
Jul 10, 2024
Affected Software
SlingBlocks – Gutenberg Blocks by FunnelKit (Formerly WooFunnels)
SlingBlocks – Gutenberg Blocks by FunnelKit (Formerly WooFunnels)
Researcher
CVE-ID
CVE-2024-5946
CVE-2024-5946
Patch Status
Patched
Patched
Published
Jul 8, 2024
Jul 8, 2024
Affected Software
Squelch Tabs and Accordions Shortcodes
Squelch Tabs and Accordions Shortcodes
Researcher
Tabs For WPBakery Page Builder <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-ID
CVE-2024-37936
CVE-2024-37936
Patch Status
Unpatched
Unpatched
Published
Jul 9, 2024
Jul 9, 2024
Affected Software
Tabs For WPBakery Page Builder (formerly Visual Composer)
Tabs For WPBakery Page Builder (formerly Visual Composer)
Researcher
CVE-ID
CVE-2024-38670
CVE-2024-38670
Patch Status
Patched
Patched
Published
Jul 10, 2024
Jul 10, 2024
Affected Software
Team Members
Team Members
Researcher
CVE-ID
CVE-2024-38757
CVE-2024-38757
Patch Status
Unpatched
Unpatched
Published
Jul 11, 2024
Jul 11, 2024
Affected Software
Typebot | Create advanced chat experiences without coding
Typebot | Create advanced chat experiences without coding
Researcher
CVE-ID
CVE-2024-4866
CVE-2024-4866
Patch Status
Patched
Patched
Published
Jul 9, 2024
Jul 9, 2024
CVE-ID
CVE-2024-6170
CVE-2024-6170
Patch Status
Patched
Patched
Published
Jul 8, 2024
Jul 8, 2024
Affected Software
Unlimited Elements For Elementor (Free Widgets, Addons, Templates)
Unlimited Elements For Elementor (Free Widgets, Addons, Templates)
Researcher
CVE-ID
CVE-2024-6169
CVE-2024-6169
Patch Status
Patched
Patched
Published
Jul 8, 2024
Jul 8, 2024
Affected Software
Unlimited Elements For Elementor (Free Widgets, Addons, Templates)
Unlimited Elements For Elementor (Free Widgets, Addons, Templates)
Researcher
VK All in One Expansion Unit <= 9.99.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-ID
CVE-2024-37956
CVE-2024-37956
Patch Status
Patched
Patched
Published
Jul 10, 2024
Jul 10, 2024
Affected Software
VK All in One Expansion Unit
VK All in One Expansion Unit
Researcher
CVE-ID
CVE-2024-38758
CVE-2024-38758
Patch Status
Patched
Patched
Published
Jul 11, 2024
Jul 11, 2024
Affected Software
WappPress – Create Mobile App for any WordPress site with our Mobile App Builder in just 1 minute
WappPress – Create Mobile App for any WordPress site with our Mobile App Builder in just 1 minute
Researcher
CVE-ID
CVE-2024-5881
CVE-2024-5881
Patch Status
Unpatched
Unpatched
Published
Jul 8, 2024
Jul 8, 2024
Affected Software
Webico Slider Flatsome Addons
Webico Slider Flatsome Addons
Researcher
CVE-ID
CVE-2024-1747
CVE-2024-1747
Patch Status
Patched
Patched
Published
Jul 11, 2024
Jul 11, 2024
Affected Software
WooCommerce Customers Manager
WooCommerce Customers Manager
Researcher
CVE-ID
CVE-2024-38703
CVE-2024-38703
Patch Status
Patched
Patched
Published
Jul 11, 2024
Jul 11, 2024
CVE-ID
CVE-2024-38671
CVE-2024-38671
Patch Status
Patched
Patched
Published
Jul 10, 2024
Jul 10, 2024
Affected Software
WP GoToWebinar
WP GoToWebinar
Researcher
CVE-ID
CVE-2024-38713
CVE-2024-38713
Patch Status
Patched
Patched
Published
Jul 11, 2024
Jul 11, 2024
Affected Software
WP Photo Album Plus
WP Photo Album Plus
Researcher
CVE-ID
CVE-2024-37944
CVE-2024-37944
Patch Status
Patched
Patched
Published
Jul 10, 2024
Jul 10, 2024
Affected Software
WP Travel Engine – Tour Booking Plugin – Tour Operator Software
WP Travel Engine – Tour Booking Plugin – Tour Operator Software
Researcher
CVE-ID
CVE-2024-4862
CVE-2024-4862
Patch Status
Patched
Patched
Published
Jul 8, 2024
Jul 8, 2024
Affected Software
WPBITS Addons For Elementor Page Builder
WPBITS Addons For Elementor Page Builder
Researcher
CVE-ID
CVE-2024-5669
CVE-2024-5669
Patch Status
Patched
Patched
Published
Jul 8, 2024
Jul 8, 2024
Affected Software
XPlainer – Product FAQs for WooCommerce & AI FAQ Generator
XPlainer – Product FAQs for WooCommerce & AI FAQ Generator
Researcher
CVE-ID
CVE-2024-38752
CVE-2024-38752
Patch Status
Patched
Patched
Published
Jul 11, 2024
Jul 11, 2024
Affected Software
Zoho Campaigns
Zoho Campaigns
Researcher
CVE-ID
CVE-2024-38672
CVE-2024-38672
Patch Status
Unpatched
Unpatched
Published
Jul 10, 2024
Jul 10, 2024
Affected Software
AdPush
AdPush
Researcher
CVE-ID
CVE-2024-38680
CVE-2024-38680
Patch Status
Unpatched
Unpatched
Published
Jul 10, 2024
Jul 10, 2024
Affected Software
Appmaker – Convert WooCommerce to Android & iOS Native Mobile Apps
Appmaker – Convert WooCommerce to Android & iOS Native Mobile Apps
Researcher
CVE-ID
CVE-2024-37920
CVE-2024-37920
Patch Status
Patched
Patched
Published
Jul 9, 2024
Jul 9, 2024
Affected Software
Contact Form, Survey, Quiz & Popup Form Builder – ARForms
Contact Form, Survey, Quiz & Popup Form Builder – ARForms
Researcher
CVE-ID
CVE-2024-37961
CVE-2024-37961
Patch Status
Patched
Patched
Published
Jul 10, 2024
Jul 10, 2024
Affected Software
codoc
codoc
Researcher
CVE-ID
CVE-2024-38724
CVE-2024-38724
Patch Status
Unpatched
Unpatched
Published
Jul 11, 2024
Jul 11, 2024
Affected Software
Contact Form 7 Summary and Print
Contact Form 7 Summary and Print
Researcher
CVE-ID
CVE-2024-37559
CVE-2024-37559
Patch Status
Unpatched
Unpatched
Published
Jul 8, 2024
Jul 8, 2024
Affected Software
Counterpoint
Counterpoint
Researcher
CVE-ID
CVE-2024-38711
CVE-2024-38711
Patch Status
Patched
Patched
Published
Jul 11, 2024
Jul 11, 2024
Affected Software
Link Library
Link Library
Researcher
CVE-ID
CVE-2023-6813
CVE-2023-6813
Patch Status
Patched
Patched
Published
Jul 9, 2024
Jul 9, 2024
Affected Software
Login by Auth0
Login by Auth0
Researcher
CVE-ID
CVE-2024-37953
CVE-2024-37953
Patch Status
Patched
Patched
Published
Jul 10, 2024
Jul 10, 2024
Affected Software
MBE eShip
MBE eShip
Researcher
CVE-ID
CVE-2024-38673
CVE-2024-38673
Patch Status
Patched
Patched
Published
Jul 10, 2024
Jul 10, 2024
Affected Software
WordPress Multisite Content Copier/Updater
WordPress Multisite Content Copier/Updater
Researcher
CVE-ID
CVE-2024-38744
CVE-2024-38744
Patch Status
Unpatched
Unpatched
Published
Jul 11, 2024
Jul 11, 2024
Affected Software
Plum: Spin Wheel & Email Pop-up
Plum: Spin Wheel & Email Pop-up
Researcher
CVE-ID
CVE-2024-6224
CVE-2024-6224
Patch Status
Unpatched
Unpatched
Published
Jul 9, 2024
Jul 9, 2024
Affected Software
Send email only on Reply to My Comment
Send email only on Reply to My Comment
Researcher
CVE-ID
CVE-2024-6223
CVE-2024-6223
Patch Status
Unpatched
Unpatched
Published
Jul 9, 2024
Jul 9, 2024
Affected Software
Send email only on Reply to My Comment
Send email only on Reply to My Comment
Researcher
CVE-ID
CVE-2024-37954
CVE-2024-37954
Patch Status
Unpatched
Unpatched
Published
Jul 10, 2024
Jul 10, 2024
Affected Software
Simple Responsive Slider
Simple Responsive Slider
Researcher
CVE-ID
CVE-2024-6272
CVE-2024-6272
Patch Status
Unpatched
Unpatched
Published
Jul 10, 2024
Jul 10, 2024
Affected Software
SpiderContacts
SpiderContacts
Researcher
CVE-ID
CVE-2024-5883
CVE-2024-5883
Patch Status
Patched
Patched
Published
Jul 8, 2024
Jul 8, 2024
Affected Software
Ultimate Classified Listings
Ultimate Classified Listings
Researcher
CVE-ID
CVE-2024-6529
CVE-2024-6529
Patch Status
Patched
Patched
Published
Jul 11, 2024
Jul 11, 2024
Affected Software
Ultimate Classified Listings
Ultimate Classified Listings
Researcher
CVE-ID
CVE-2024-5882
CVE-2024-5882
Patch Status
Patched
Patched
Published
Jul 8, 2024
Jul 8, 2024
Affected Software
Ultimate Classified Listings
Ultimate Classified Listings
Researcher
CVE-ID
CVE-2024-37117
CVE-2024-37117
Patch Status
Patched
Patched
Published
Jul 11, 2024
Jul 11, 2024
Affected Software
Uncanny Automator Pro
Uncanny Automator Pro
Researcher
CVE-ID
CVE-2024-3669
CVE-2024-3669
Patch Status
Patched
Patched
Published
Jul 9, 2024
Jul 9, 2024
Affected Software
Web Directory Free
Web Directory Free
Researchers
CVE-ID
CVE-2024-38669
CVE-2024-38669
Patch Status
Patched
Patched
Published
Jul 10, 2024
Jul 10, 2024
Affected Software
Predictive Search for WooCommerce
Predictive Search for WooCommerce
Researcher
CVE-ID
CVE-2024-38683
CVE-2024-38683
Patch Status
Patched
Patched
Published
Jul 10, 2024
Jul 10, 2024
Affected Software
WooCommerce Report
WooCommerce Report
Researcher
CVE-ID
CVE-2024-5809
CVE-2024-5809
Patch Status
Unpatched
Unpatched
Published
Jul 9, 2024
Jul 9, 2024
Affected Software
WP Ajax Contact Form
WP Ajax Contact Form
Researcher
CVE-ID
CVE-2024-6226
CVE-2024-6226
Patch Status
Unpatched
Unpatched
Published
Jul 9, 2024
Jul 9, 2024
Affected Software
WpStickyBar – Sticky Bar, Sticky Header
WpStickyBar – Sticky Bar, Sticky Header
Researcher
CVE-ID
CVE-2024-37943
CVE-2024-37943
Patch Status
Patched
Patched
Published
Jul 10, 2024
Jul 10, 2024
Affected Software
YITH WooCommerce Ajax Product Filter
YITH WooCommerce Ajax Product Filter
Researcher
CVE-ID
CVE-2024-38696
CVE-2024-38696
Patch Status
Patched
Patched
Published
Jul 11, 2024
Jul 11, 2024
Affected Software
Zoho CRM Lead Magnet
Zoho CRM Lead Magnet
Researcher
CVE-ID
CVE-2024-6584
CVE-2024-6584
Patch Status
Patched
Patched
Published
Jul 8, 2024
Jul 8, 2024
Affected Software
Jetpack Boost – Website Speed, Performance and Critical CSS
Jetpack Boost – Website Speed, Performance and Critical CSS
Researcher
CVE-ID
CVE-2024-37947
CVE-2024-37947
Patch Status
Patched
Patched
Published
Jul 10, 2024
Jul 10, 2024
Affected Software
Tutor LMS – eLearning and online course solution
Tutor LMS – eLearning and online course solution
Researcher
CVE-ID
CVE-2024-6625
CVE-2024-6625
Patch Status
Patched
Patched
Published
Jul 11, 2024
Jul 11, 2024
Affected Software
WP Total Branding – Complete branding solution for WordPress
WP Total Branding – Complete branding solution for WordPress
Researcher
CVE-ID
CVE-2024-5993
CVE-2024-5993
Patch Status
Patched
Patched
Published
Jul 8, 2024
Jul 8, 2024
Affected Software
Cliengo – Chatbot
Cliengo – Chatbot
Researcher
CVE-ID
CVE-2024-37923
CVE-2024-37923
Patch Status
Patched
Patched
Published
Jul 9, 2024
Jul 9, 2024
Affected Software
Cliengo – Chatbot
Cliengo – Chatbot
Researcher
CVE-ID
CVE-2024-5600
CVE-2024-5600
Patch Status
Unpatched
Unpatched
Published
Jul 8, 2024
Jul 8, 2024
Affected Software
SCSS Happy Compiler – Compile SCSS to CSS & Automatic Enqueue
SCSS Happy Compiler – Compile SCSS to CSS & Automatic Enqueue
Researcher
CVE-ID
CVE-2024-6392
CVE-2024-6392
Patch Status
Patched
Patched
Published
Jul 11, 2024
Jul 11, 2024
Affected Software
Image Optimizer, Resizer and CDN – Sirv
Image Optimizer, Resizer and CDN – Sirv
Researcher
CVE-ID
CVE-2024-5648
CVE-2024-5648
Patch Status
Patched
Patched
Published
Jul 8, 2024
Jul 8, 2024
Affected Software
LearnDash LMS – Reports
LearnDash LMS – Reports
Researcher
CVE-ID
CVE-2024-4102
CVE-2024-4102
Patch Status
Unpatched
Unpatched
Published
Jul 8, 2024
Jul 8, 2024
Affected Software
Pricing Table
Pricing Table
Researcher
CVE-ID
CVE-2024-3983
CVE-2024-3983
Patch Status
Patched
Patched
Published
Jul 11, 2024
Jul 11, 2024
Affected Software
WooCommerce Customers Manager
WooCommerce Customers Manager
Researcher
WooCommerce Customers Manager < 30.1 - Cross-Site Request Forgery to Customer Deletion via 'Delete'
5.4
CVE-ID
CVE-2024-2843
CVE-2024-2843
Patch Status
Patched
Patched
Published
Jul 11, 2024
Jul 11, 2024
Affected Software
WooCommerce Customers Manager
WooCommerce Customers Manager
Researcher
CVE-ID
CVE-2024-5285
CVE-2024-5285
Patch Status
Patched
Patched
Published
Jul 8, 2024
Jul 8, 2024
Affected Software
WP Affiliate Platform
WP Affiliate Platform
Researcher
CVE-ID
CVE-2024-6554
CVE-2024-6554
Patch Status
Patched
Patched
Published
Jul 10, 2024
Jul 10, 2024
Affected Software
Branda – White Label & Branding, Custom Login Page Customizer
Branda – White Label & Branding, Custom Login Page Customizer
Researcher
CVE-ID
CVE-2024-37921
CVE-2024-37921
Patch Status
Patched
Patched
Published
Jul 9, 2024
Jul 9, 2024
Affected Software
Chained Quiz
Chained Quiz
Researcher
CVE-ID
CVE-2024-38756
CVE-2024-38756
Patch Status
Unpatched
Unpatched
Published
Jul 11, 2024
Jul 11, 2024
Affected Software
Coming Soon Page – Responsive Coming Soon & Maintenance Mode
Coming Soon Page – Responsive Coming Soon & Maintenance Mode
Researcher
CVE-ID
CVE-2024-6210
CVE-2024-6210
Patch Status
Patched
Patched
Published
Jul 10, 2024
Jul 10, 2024
Affected Software
Duplicator – Migration & Backup Plugin
Duplicator – Migration & Backup Plugin
Researcher
CVE-ID
CVE-2024-38748
CVE-2024-38748
Patch Status
Unpatched
Unpatched
Published
Jul 11, 2024
Jul 11, 2024
Affected Software
EleForms – All In One Form Integration including DB for Elementor
EleForms – All In One Form Integration including DB for Elementor
Researcher
CVE-ID
CVE-2024-38707
CVE-2024-38707
Patch Status
Patched
Patched
Published
Jul 11, 2024
Jul 11, 2024
CVE-ID
CVE-2024-6550
CVE-2024-6550
Patch Status
Patched
Patched
Published
Jul 9, 2024
Jul 9, 2024
Affected Software
Gravity Forms: Multiple Form Instances
Gravity Forms: Multiple Form Instances
Researcher
CVE-ID
CVE-2024-38747
CVE-2024-38747
Patch Status
Patched
Patched
Published
Jul 11, 2024
Jul 11, 2024
Affected Software
HitPay Payment Gateway for WooCommerce
HitPay Payment Gateway for WooCommerce
Researcher
CVE-ID
CVE-2024-38690
CVE-2024-38690
Patch Status
Patched
Patched
Published
Jul 10, 2024
Jul 10, 2024
Affected Software
iPanorama 360 – WordPress Virtual Tour Builder
iPanorama 360 – WordPress Virtual Tour Builder
Researcher
CVE-ID
CVE-2024-6574
CVE-2024-6574
Patch Status
Unpatched
Unpatched
Published
Jul 12, 2024
Jul 12, 2024
Affected Software
Laposta
Laposta
Researcher
CVE-ID
CVE-2024-38742
CVE-2024-38742
Patch Status
Patched
Patched
Published
Jul 11, 2024
Jul 11, 2024
Affected Software
MBE eShip
MBE eShip
Researcher
CVE-ID
CVE-2024-38749
CVE-2024-38749
Patch Status
Unpatched
Unpatched
Published
Jul 11, 2024
Jul 11, 2024
Affected Software
Olive One Click Demo Import
Olive One Click Demo Import
Researcher
CVE-ID
CVE-2024-0619
CVE-2024-0619
Patch Status
Patched
Patched
Published
Jul 10, 2024
Jul 10, 2024
Affected Software
Payflex Payment Gateway
Payflex Payment Gateway
Researcher
CVE-ID
CVE-2024-38743
CVE-2024-38743
Patch Status
Unpatched
Unpatched
Published
Jul 11, 2024
Jul 11, 2024
Affected Software
Plum: Spin Wheel & Email Pop-up
Plum: Spin Wheel & Email Pop-up
Researcher
CVE-ID
CVE-2024-4100
CVE-2024-4100
Patch Status
Unpatched
Unpatched
Published
Jul 8, 2024
Jul 8, 2024
Affected Software
Pricing Table
Pricing Table
Researcher
CVE-ID
CVE-2024-38702
CVE-2024-38702
Patch Status
Patched
Patched
Published
Jul 11, 2024
Jul 11, 2024
Affected Software
Product Delivery Date for WooCommerce – Lite
Product Delivery Date for WooCommerce – Lite
Researcher
Product Designer <= 1.0.33 - Missing Authorization to Unauthenticated Arbitrary Attachment Deletion
5.3
CVE-ID
CVE-2024-3608
CVE-2024-3608
Patch Status
Patched
Patched
Published
Jul 8, 2024
Jul 8, 2024
Affected Software
Product Designer
Product Designer
Researcher
CVE-ID
CVE-2024-38688
CVE-2024-38688
Patch Status
Unpatched
Unpatched
Published
Jul 10, 2024
Jul 10, 2024
Affected Software
Recipe Cards For Your Food Blog from Zip Recipes
Recipe Cards For Your Food Blog from Zip Recipes
Researcher
CVE-ID
CVE-2024-38737
CVE-2024-38737
Patch Status
Patched
Patched
Published
Jul 11, 2024
Jul 11, 2024
Affected Software
ReDi Restaurant Reservation
ReDi Restaurant Reservation
Researcher
CVE-ID
CVE-2024-38760
CVE-2024-38760
Patch Status
Patched
Patched
Published
Jul 12, 2024
Jul 12, 2024
Affected Software
Send Users Email
Send Users Email
Researcher
CVE-ID
CVE-2024-6556
CVE-2024-6556
Patch Status
Patched
Patched
Published
Jul 9, 2024
Jul 9, 2024
Affected Software
SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer
SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer
Researcher
CVE-ID
CVE-2024-37930
CVE-2024-37930
Patch Status
Unpatched
Unpatched
Published
Jul 9, 2024
Jul 9, 2024
Affected Software
SmartMag
SmartMag
Researcher
CVE-ID
CVE-2024-3228
CVE-2024-3228
Patch Status
Patched
Patched
Published
Jul 8, 2024
Jul 8, 2024
Affected Software
Social Sharing Plugin – Kiwi
Social Sharing Plugin – Kiwi
Researcher
CVE-ID
CVE-2024-6171
CVE-2024-6171
Patch Status
Patched
Patched
Published
Jul 8, 2024
Jul 8, 2024
Affected Software
Unlimited Elements For Elementor (Free Widgets, Addons, Templates)
Unlimited Elements For Elementor (Free Widgets, Addons, Templates)
Researcher
CVE-ID
CVE-2024-6366
CVE-2024-6366
Patch Status
Patched
Patched
Published
Jul 8, 2024
Jul 8, 2024
Affected Software
User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor
User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor
Researcher
CVE-ID
CVE-2024-6477
CVE-2024-6477
Patch Status
Patched
Patched
Published
Jul 13, 2024
Jul 13, 2024
CVE-ID
CVE-2024-38699
CVE-2024-38699
Patch Status
Patched
Patched
Published
Jul 11, 2024
Jul 11, 2024
CVE-ID
CVE-2024-38745
CVE-2024-38745
Patch Status
Patched
Patched
Published
Jul 11, 2024
Jul 11, 2024
CVE-ID
CVE-2024-37935
CVE-2024-37935
Patch Status
Patched
Patched
Published
Jul 9, 2024
Jul 9, 2024
Affected Software
Openpos - WooCommerce Point Of Sale(POS)
Openpos - WooCommerce Point Of Sale(POS)
Researcher
CVE-ID
CVE-2024-37926
CVE-2024-37926
Patch Status
Patched
Patched
Published
Jul 9, 2024
Jul 9, 2024
Affected Software
WP Accessibility Helper (WAH)
WP Accessibility Helper (WAH)
Researcher
CVE-ID
CVE-2024-6555
CVE-2024-6555
Patch Status
Patched
Patched
Published
Jul 11, 2024
Jul 11, 2024
Affected Software
WP Popups – WordPress Popup builder
WP Popups – WordPress Popup builder
Researcher
CVE-ID
CVE-2024-5810
CVE-2024-5810
Patch Status
Unpatched
Unpatched
Published
Jul 8, 2024
Jul 8, 2024
Affected Software
WP2Speed Faster – Optimize PageSpeed Insights Score 90-100
WP2Speed Faster – Optimize PageSpeed Insights Score 90-100
Researcher
CVE-ID
CVE-2024-37924
CVE-2024-37924
Patch Status
Unpatched
Unpatched
Published
Jul 9, 2024
Jul 9, 2024
Affected Software
WP2Speed Faster – Optimize PageSpeed Insights Score 90-100
WP2Speed Faster – Optimize PageSpeed Insights Score 90-100
Researcher
CVE-ID
CVE-2024-38761
CVE-2024-38761
Patch Status
Patched
Patched
Published
Jul 12, 2024
Jul 12, 2024
Affected Software
Zephyr Project Manager
Zephyr Project Manager
Researcher
CVE-ID
CVE-2024-38725
CVE-2024-38725
Patch Status
Unpatched
Unpatched
Published
Jul 11, 2024
Jul 11, 2024
Affected Software
Admin Dashboard RSS Feed
Admin Dashboard RSS Feed
Researchers
CVE-ID
CVE-2024-38738
CVE-2024-38738
Patch Status
Unpatched
Unpatched
Published
Jul 11, 2024
Jul 11, 2024
Affected Software
Change From Email
Change From Email
Researcher
CVE-ID
CVE-2024-4483
CVE-2024-4483
Patch Status
Patched
Patched
Published
Jul 8, 2024
Jul 8, 2024
Affected Software
Email Encoder – Protect Email Addresses and Phone Numbers
Email Encoder – Protect Email Addresses and Phone Numbers
Researcher
CVE-ID
CVE-2024-3113
CVE-2024-3113
Patch Status
Patched
Patched
Published
Jul 9, 2024
Jul 9, 2024
CVE-ID
CVE-2024-37565
CVE-2024-37565
Patch Status
Patched
Patched
Published
Jul 9, 2024
Jul 9, 2024
Affected Software
Gum Elementor Addon
Gum Elementor Addon
Researcher
CVE-ID
CVE-2024-6487
CVE-2024-6487
Patch Status
Patched
Patched
Published
Jul 8, 2024
Jul 8, 2024
Affected Software
Inline Related Posts
Inline Related Posts
Researcher
CVE-ID
CVE-2024-37950
CVE-2024-37950
Patch Status
Unpatched
Unpatched
Published
Jul 10, 2024
Jul 10, 2024
Affected Software
Master Popups
Master Popups
Researcher
My Sticky Bar (formerly myStickymenu) <= 2.7.1 - Authenticated (Admin+) Stored Cross-Site Scripting
4.4
CVE-ID
CVE-2024-4090
CVE-2024-4090
Patch Status
Patched
Patched
Published
Jul 11, 2024
Jul 11, 2024
CVE-ID
CVE-2024-37561
CVE-2024-37561
Patch Status
Patched
Patched
Published
Jul 9, 2024
Jul 9, 2024
Affected Software
Plugin Notes Plus
Plugin Notes Plus
Researcher
CVE-ID
CVE-2024-37946
CVE-2024-37946
Patch Status
Unpatched
Unpatched
Published
Jul 10, 2024
Jul 10, 2024
Affected Software
ReCaptcha Integration for WordPress
ReCaptcha Integration for WordPress
Researcher
CVE-ID
CVE-2024-38689
CVE-2024-38689
Patch Status
Patched
Patched
Published
Jul 10, 2024
Jul 10, 2024
Affected Software
Simple Popup Plugin
Simple Popup Plugin
Researcher
CVE-ID
CVE-2024-37562
CVE-2024-37562
Patch Status
Patched
Patched
Published
Jul 9, 2024
Jul 9, 2024
Affected Software
Simple Post Notes
Simple Post Notes
Researcher
CVE-ID
CVE-2024-6408
CVE-2024-6408
Patch Status
Patched
Patched
Published
Jul 10, 2024
Jul 10, 2024
Affected Software
Slider by 10Web – Responsive Image Slider
Slider by 10Web – Responsive Image Slider
Researcher
CVE-ID
CVE-2024-3986
CVE-2024-3986
Patch Status
Patched
Patched
Published
Jul 9, 2024
Jul 9, 2024
Affected Software
SportsPress – Sports Club & League Manager
SportsPress – Sports Club & League Manager
Researcher
Timeline Module for Beaver Builder <= 1.1.3 - Authenticated (Editor+) Stored Cross-Site Scripting
4.4
CVE-ID
CVE-2024-37919
CVE-2024-37919
Patch Status
Patched
Patched
Published
Jul 9, 2024
Jul 9, 2024
Affected Software
Timeline Module for Beaver Builder
Timeline Module for Beaver Builder
Researcher
CVE-ID
CVE-2024-6165
CVE-2024-6165
Patch Status
Patched
Patched
Published
Jul 10, 2024
Jul 10, 2024
Affected Software
WANotifier – Send Message Notifications Using WhatsApp API
WANotifier – Send Message Notifications Using WhatsApp API
Researcher
CVE-ID
CVE-2024-38685
CVE-2024-38685
Patch Status
Patched
Patched
Published
Jul 10, 2024
Jul 10, 2024
Affected Software
WP Announcement | Dynamic Announcement, Banner, & Countdown Timer for Effective Promotions
WP Announcement | Dynamic Announcement, Banner, & Countdown Timer for Effective Promotions
Researcher
CVE-ID
CVE-2024-6536
CVE-2024-6536
Patch Status
Patched
Patched
Published
Jul 9, 2024
Jul 9, 2024
Affected Software
Zephyr Project Manager
Zephyr Project Manager
Researcher
CVE-ID
CVE-2024-38719
CVE-2024-38719
Patch Status
Unpatched
Unpatched
Published
Jul 11, 2024
Jul 11, 2024
Affected Software
Auto Featured Image (Auto Post Thumbnail)
Auto Featured Image (Auto Post Thumbnail)
Researcher
CVE-ID
CVE-2024-37925
CVE-2024-37925
Patch Status
Patched
Patched
Published
Jul 9, 2024
Jul 9, 2024
Affected Software
BuddyBoss Theme
BuddyBoss Theme
Researcher
CVE-ID
CVE-2024-5856
CVE-2024-5856
Patch Status
Unpatched
Unpatched
Published
Jul 8, 2024
Jul 8, 2024
Affected Software
Comment Images Reloaded
Comment Images Reloaded
Researcher
CVE-ID
CVE-2024-38753
CVE-2024-38753
Patch Status
Patched
Patched
Published
Jul 11, 2024
Jul 11, 2024
Affected Software
Dynamic Word Spinner: CSS3 Animated Rotation
Dynamic Word Spinner: CSS3 Animated Rotation
Researcher
CVE-ID
CVE-2024-38721
CVE-2024-38721
Patch Status
Patched
Patched
Published
Jul 11, 2024
Jul 11, 2024
Researcher
CVE-ID
CVE-2024-1375
CVE-2024-1375
Patch Status
Patched
Patched
Published
Jul 11, 2024
Jul 11, 2024
Affected Software
Event post
Event post
Researcher
CVE-ID
CVE-2024-38762
CVE-2024-38762
Patch Status
Patched
Patched
Published
Jul 12, 2024
Jul 12, 2024
Affected Software
Event Tickets and Registration
Event Tickets and Registration
Researcher
CVE-ID
CVE-2024-5677
CVE-2024-5677
Patch Status
Patched
Patched
Published
Jul 9, 2024
Jul 9, 2024
Affected Software
Featured Image Generator
Featured Image Generator
Researcher
CVE-ID
CVE-2024-38751
CVE-2024-38751
Patch Status
Patched
Patched
Published
Jul 11, 2024
Jul 11, 2024
Affected Software
Easy Google Adsense and Banner Ads Manager – AdsforWP
Easy Google Adsense and Banner Ads Manager – AdsforWP
Researcher
CVE-ID
CVE-2024-38706
CVE-2024-38706
Patch Status
Patched
Patched
Published
Jul 11, 2024
Jul 11, 2024
Affected Software
HT Mega – Absolute Addons For Elementor
HT Mega – Absolute Addons For Elementor
Researcher
CVE-ID
CVE-2024-6412
CVE-2024-6412
Patch Status
Patched
Patched
Published
Jul 10, 2024
Jul 10, 2024
Affected Software
HTML Forms – Simple WordPress Forms Plugin
HTML Forms – Simple WordPress Forms Plugin
Researcher
CVE-ID
CVE-2024-38731
CVE-2024-38731
Patch Status
Unpatched
Unpatched
Published
Jul 11, 2024
Jul 11, 2024
Affected Software
i-amaze
i-amaze
Researcher
CVE-ID
CVE-2024-38764
CVE-2024-38764
Patch Status
Unpatched
Unpatched
Published
Jul 12, 2024
Jul 12, 2024
Affected Software
i-transform
i-transform
Researcher
CVE-ID
CVE-2024-37941
CVE-2024-37941
Patch Status
Patched
Patched
Published
Jul 9, 2024
Jul 9, 2024
Affected Software
Internal Link Juicer: SEO Auto Linker for WordPress
Internal Link Juicer: SEO Auto Linker for WordPress
Researcher
CVE-ID
CVE-2024-6168
CVE-2024-6168
Patch Status
Unpatched
Unpatched
Published
Jul 8, 2024
Jul 8, 2024
Affected Software
Just Custom Fields
Just Custom Fields
Researcher
CVE-ID
CVE-2024-6167
CVE-2024-6167
Patch Status
Unpatched
Unpatched
Published
Jul 8, 2024
Jul 8, 2024
Affected Software
Just Custom Fields
Just Custom Fields
Researcher
CVE-ID
CVE-2024-6496
CVE-2024-6496
Patch Status
Unpatched
Unpatched
Published
Jul 11, 2024
Jul 11, 2024
Affected Software
Light Poll
Light Poll
Researcher
CVE-ID
CVE-2024-38746
CVE-2024-38746
Patch Status
Patched
Patched
Published
Jul 11, 2024
Jul 11, 2024
Affected Software
MakeStories (for Google Web Stories)
MakeStories (for Google Web Stories)
Researcher
CVE-ID
CVE-2024-38766
CVE-2024-38766
Patch Status
Patched
Patched
Published
Jul 12, 2024
Jul 12, 2024
Affected Software
Matomo Analytics – Ethical Stats. Powerful Insights.
Matomo Analytics – Ethical Stats. Powerful Insights.
Researcher
CVE-ID
CVE-2024-38729
CVE-2024-38729
Patch Status
Patched
Patched
Published
Jul 11, 2024
Jul 11, 2024
Affected Software
MBE eShip
MBE eShip
Researcher
CVE-ID
CVE-2024-5855
CVE-2024-5855
Patch Status
Patched
Patched
Published
Jul 8, 2024
Jul 8, 2024
Affected Software
Media Hygiene: Remove or Delete Unused Images and More!
Media Hygiene: Remove or Delete Unused Images and More!
Researcher
CVE-ID
CVE-2024-38733
CVE-2024-38733
Patch Status
Unpatched
Unpatched
Published
Jul 11, 2024
Jul 11, 2024
Affected Software
Meks Video Importer
Meks Video Importer
Researcher
CVE-ID
CVE-2024-38691
CVE-2024-38691
Patch Status
Patched
Patched
Published
Jul 10, 2024
Jul 10, 2024
Affected Software
Metorik – Reports & Email Automation for WooCommerce
Metorik – Reports & Email Automation for WooCommerce
Researcher
CVE-ID
CVE-2024-38765
CVE-2024-38765
Patch Status
Unpatched
Unpatched
Published
Jul 12, 2024
Jul 12, 2024
Affected Software
Oceanic
Oceanic
Researcher
CVE-ID
CVE-2024-38740
CVE-2024-38740
Patch Status
Patched
Patched
Published
Jul 11, 2024
Jul 11, 2024
Affected Software
Packlink PRO shipping module
Packlink PRO shipping module
Researcher
CVE-ID
CVE-2024-1287
CVE-2024-1287
Patch Status
Patched
Patched
Published
Jul 9, 2024
Jul 9, 2024
Affected Software
Paid Memberships Pro - Member Directory Add On
Paid Memberships Pro - Member Directory Add On
Researcher
CVE-ID
CVE-2024-6230
CVE-2024-6230
Patch Status
Patched
Patched
Published
Jul 9, 2024
Jul 9, 2024
Affected Software
پلاگین پرداخت دلخواه
پلاگین پرداخت دلخواه
Researcher
CVE-ID
CVE-2024-38732
CVE-2024-38732
Patch Status
Unpatched
Unpatched
Published
Jul 11, 2024
Jul 11, 2024
Affected Software
Patricia Blog
Patricia Blog
Researcher
CVE-ID
CVE-2024-37939
CVE-2024-37939
Patch Status
Unpatched
Unpatched
Published
Jul 9, 2024
Jul 9, 2024
Affected Software
Patricia Lite
Patricia Lite
Researcher
CVE-ID
CVE-2024-37931
CVE-2024-37931
Patch Status
Unpatched
Unpatched
Published
Jul 9, 2024
Jul 9, 2024
Affected Software
Point
Point
Researcher
CVE-ID
CVE-2024-38763
CVE-2024-38763
Patch Status
Unpatched
Unpatched
Published
Jul 12, 2024
Jul 12, 2024
Affected Software
Popularis Verse
Popularis Verse
Researcher
CVE-ID
CVE-2024-6410
CVE-2024-6410
Patch Status
Patched
Patched
Published
Jul 9, 2024
Jul 9, 2024
Affected Software
ProfileGrid – User Profiles, Groups and Communities
ProfileGrid – User Profiles, Groups and Communities
Researcher
Seraphinite Accelerator Premium <= 2.21.13 - Cross-Site Request Forgery to Arbitrary File Deletion
4.3
CVE-ID
CVE-2024-37940
CVE-2024-37940
Patch Status
Patched
Patched
Published
Jul 9, 2024
Jul 9, 2024
Affected Software
Seraphinite Accelerator Pro
Seraphinite Accelerator Pro
Researcher
CVE-ID
CVE-2024-38727
CVE-2024-38727
Patch Status
Patched
Patched
Published
Jul 11, 2024
Jul 11, 2024
Affected Software
Seraphinite Post .DOCX Source
Seraphinite Post .DOCX Source
Researcher
CVE-ID
CVE-2024-37938
CVE-2024-37938
Patch Status
Unpatched
Unpatched
Published
Jul 9, 2024
Jul 9, 2024
Affected Software
SociallyViral
SociallyViral
Researcher
CVE-ID
CVE-2024-38754
CVE-2024-38754
Patch Status
Unpatched
Unpatched
Published
Jul 11, 2024
Jul 11, 2024
Affected Software
Tagbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics
Tagbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics
Researcher
CVE-ID
CVE-2024-38777
CVE-2024-38777
Patch Status
Patched
Patched
Published
Jul 11, 2024
Jul 11, 2024
Affected Software
Titan Anti-spam & Security
Titan Anti-spam & Security
Researcher
CVE-ID
CVE-2024-37929
CVE-2024-37929
Patch Status
Unpatched
Unpatched
Published
Jul 9, 2024
Jul 9, 2024
Affected Software
User Activity Log Pro
User Activity Log Pro
Researcher
CVE-ID
CVE-2024-5808
CVE-2024-5808
Patch Status
Unpatched
Unpatched
Published
Jul 9, 2024
Jul 9, 2024
Affected Software
WP Ajax Contact Form
WP Ajax Contact Form
Researcher
CVE-ID
CVE-2024-38714
CVE-2024-38714
Patch Status
Patched
Patched
Published
Jul 11, 2024
Jul 11, 2024
Affected Software
WP Fast Total Search – The Power of Indexed Search
WP Fast Total Search – The Power of Indexed Search
Researcher
CVE-ID
CVE-2024-38695
CVE-2024-38695
Patch Status
Patched
Patched
Published
Jul 11, 2024
Jul 11, 2024
Affected Software
WP GoToWebinar
WP GoToWebinar
Researcher
WP Links Page <= 4.9.5 - Missing Authorization to Authenticated (Subscriber+) Limited Image Update
4.3
CVE-ID
CVE-2024-6465
CVE-2024-6465
Patch Status
Patched
Patched
Published
Jul 12, 2024
Jul 12, 2024
Affected Software
WP Links Page
WP Links Page
Researcher
CVE-ID
CVE-2024-5704
CVE-2024-5704
Patch Status
Patched
Patched
Published
Jul 8, 2024
Jul 8, 2024
Affected Software
XPlainer – Product FAQs for WooCommerce & AI FAQ Generator
XPlainer – Product FAQs for WooCommerce & AI FAQ Generator
Researcher
CVE-ID
CVE-2024-38701
CVE-2024-38701
Patch Status
Patched
Patched
Published
Jul 11, 2024
Jul 11, 2024
Affected Software
Academy LMS – WordPress LMS Plugin for Complete eLearning Solution
Academy LMS – WordPress LMS Plugin for Complete eLearning Solution
Researcher
As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.
This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us through our Bug Bounty Program, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
Comments