10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
9.7 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
41.2%
_ Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors?__Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the rest. For a limited time, all high risk issues are in-scope for all researchers! _
Last week, there were 185 vulnerabilities disclosed in 137 WordPress Plugins and 14 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 61 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.
Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface, vulnerability API, webhook integration, and Wordfence CLI Vulnerability Scanner are all completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.
Enterprises, Hosting Providers, and even Individuals can use the Wordfence CLI Vulnerability Scanner to run regular vulnerability scans across the sites they protect. Or alternatively, utilize the vulnerability Database API to receive a complete dump of our database of over 17,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.
The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our Premium, Care, and Response customers last week:
Wordfence Premium, Care, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.
Patch Status | Number of Vulnerabilities |
---|---|
Patched | 103 |
Unpatched | 82 |
Severity Rating | Number of Vulnerabilities |
---|---|
Medium Severity | 144 |
High Severity | 24 |
Critical Severity | 17 |
Vulnerability Type by CWE | Number of Vulnerabilities |
---|---|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 69 |
Cross-Site Request Forgery (CSRF) | 31 |
Missing Authorization | 29 |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | 9 |
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') | 7 |
Unrestricted Upload of File with Dangerous Type | 6 |
Information Exposure | 4 |
Deserialization of Untrusted Data | 3 |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | 3 |
Server-Side Request Forgery (SSRF) | 3 |
Authorization Bypass Through User-Controlled Key | 2 |
Improper Control of Generation of Code ('Code Injection') | 2 |
Improper Input Validation | 2 |
Information Exposure Through Log Files | 2 |
URL Redirection to Untrusted Site ('Open Redirect') | 2 |
Use of Less Trusted Source | 2 |
Authentication Bypass Using an Alternate Path or Channel | 1 |
Improper Access Control | 1 |
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') | 1 |
Improper Neutralization of Formula Elements in a CSV File | 1 |
Incorrect Authorization | 1 |
Incorrect Privilege Assignment | 1 |
Protection Mechanism Failure | 1 |
Uncontrolled Resource Consumption ('Resource Exhaustion') | 1 |
Weak Password Recovery Mechanism for Forgotten Password | 1 |
Researcher Name | Number of Vulnerabilities |
---|
| 13
| 10
| 9
| 9
| 9
| 9
| 8
| 8
| 8
| 8
| 7
| 5
| 5
| 5
| 4
| 3
| 3
| 3
| 3
| 3
JoΓ£o Pedro Soares de AlcΓ’ntara
| 3
| 3
| 2
| 2
| 2
| 2
| 2
| 2
| 2
| 2
| 2
| 2
| 2
| 1
| 1
| 1
| 1
| 1
| 1
| 1
| 1
| 1
| 1
| 1
| 1
| 1
| 1
| 1
| 1
| 1
| 1
| 1
| 1
| 1
| 1
| 1
| 1
| 1
| 1
| 1
| 1
Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and earn a bounty on in-scope vulnerabilities through our Bug Bounty Program. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.
Software Name | Software Slug |
---|---|
Academy LMS β eLearning and online course solution for WordPress | academy |
Accordion β Multiple Accordion or FAQs Builder | accordions-or-faqs |
affiliate-toolkit β WordPress Affiliate Plugin | affiliate-toolkit-starter |
AliExpress Dropshipping with AliNext Lite | ali2woo-lite |
ARMember Premium β Membership Plugin, Content Restriction, Member Levels, User Profile & User signup | armember |
Bible Text | bible-text |
Blogmentor β Blog Layouts for Elementor | blogmentor |
BlossomThemes Email Newsletter | blossomthemes-email-newsletter |
Booking for Appointments and Events Calendar β Amelia | ameliabooking |
Branda β White Label WordPress, Custom Login Page Customizer | branda-white-labeling |
Bricks Builder | bricksbuilder |
Business Directory Plugin β Easy Listing Directories for WordPress | business-directory-plugin |
CM Email Registration Blacklist and Whitelist | cm-email-blacklist |
Consulting Elementor Widgets | consulting-elementor-widgets |
ContentLock | contentlock |
ConvertKit β Email Newsletter, Email Marketing, Subscribers and Landing Pages | convertkit |
Cost Calculator Builder PRO | cost-calculator-builder-pro |
Custom Field Suite | custom-field-suite |
Custom Product List Table | custom-product-list-table |
Demo Awesome | demo-awesome |
DImage 360 | dimage-360 |
Easy Table of Contents | easy-table-of-contents |
Elegant Themes Icons | elegant-themes-icons |
Email Subscribers by Icegram Express β Email Marketing, Newsletters, Automation for WordPress & WooCommerce | email-subscribers |
Embed Peertube Playlist | embed-peertube-playlist |
EmbedSocial β Social Media Feeds, Reviews and Galleries | embedalbum-pro |
Empty Cart Button for WooCommerce | empty-cart-button-for-woocommerce |
Enhance Your Posts with the WP Post Author Box, Co-Authors, Guest Authors, and Post Rating System, including Registration Form Builder | wp-post-author |
Event Monster β Event Management, Tickets Booking, Upcoming Event | event-monster |
Export WP Page to Static HTML/CSS | export-wp-page-to-static-html |
Falang multilanguage for WordPress | falang |
FS Poster - WordPress Social media Auto Poster & Scheduler [Facebook, Instagram, Twitter, Pinterest] | fs-poster |
Gallery Plugin for WordPress β Envira Photo Gallery | envira-gallery-lite |
Greenshift β animation and page builder blocks | greenshift-animation-and-page-builder-blocks |
Hercules Core | hercules-core |
Hide Dashboard Notifications | wp-hide-backed-notices |
Ibtana β WordPress Website Builder | ibtana-visual-editor |
Image Optimizer, Resizer and CDN β Sirv | sirv |
Index WP MySQL For Speed | index-wp-mysql-for-speed |
InstaWP Connect β 1-click WP Staging & Migration | instawp-connect |
JetWidgets For Elementor | jetwidgets-for-elementor |
Kanban Boards for WordPress | kanban |
Kimili Flash Embed | kimili-flash-embed |
Laybuy Payment Extension for WooCommerce | laybuy-gateway-for-woocommerce |
License Manager for WooCommerce | license-manager-for-woocommerce |
Lifeline Donation | lifeline-donation |
Live Composer β Free WordPress Website Builder | live-composer-page-builder |
Loco Translate | loco-translate |
Login with phone number | login-with-phone-number |
Master Slider β Responsive Touch Slider | master-slider |
MasterStudy LMS WordPress Plugin β for Online Courses and Education | masterstudy-lms-learning-management-system |
MaxGalleria | maxgalleria |
Media Library Assistant | media-library-assistant |
MIMO Woocommerce Order Tracking | mimo-woocommerce-order-tracking |
My Favorites | my-favorites |
Newsletters | newsletters-lite |
Newspack Blocks | newspack-blocks |
Newspack Newsletters | newspack-newsletters |
Online Booking & Scheduling Calendar for WordPress by vcita | meeting-scheduler-by-vcita |
OpenPGP Form Encryption for WordPress | openpgp-form-encryption |
Optinly β Exit Intent, Newsletter Popups, Gamification & Opt-in Forms | optinly |
Orbit Fox by ThemeIsle | themeisle-companion |
OSM Map Widget for Elementor | osm-map-elementor |
Page Builder Sandwich β Front End WordPress Page Builder Plugin | page-builder-sandwich |
Paid Memberships Pro β Content Restriction, User Registration, & Paid Subscriptions | paid-memberships-pro |
PDF Viewer for Elementor | pdf-viewer-for-elementor |
Pexels: Free Stock Photos | wp-pexels-free-stock-photos |
Photo Gallery, Images, Slider in Rbs Image Gallery | robo-gallery |
Photo Video Gallery Master | photo-video-gallery-master |
phpinfo() WP | phpinfo-wp |
Play.ht β Make Your Blog Posts Accessible With Text to Speech Audio | play-ht |
Pop ups, Exit intent popups, email popups, banners, bars, countdowns and cart savers β Promolayer | promolayer-popup-builder |
Popup Box β Create Countdown, Coupon, Video, Contact Form Popups | ays-popup-box |
PropertyHive | propertyhive |
Quiz and Survey Master (QSM) β Easy Quiz and Survey Maker | quiz-master-next |
Replace Image | replace-image |
Restaurant Reservations | nd-restaurant-reservations |
Salon Booking System | salon-booking-system |
Scheduling Plugin β Online Booking for WordPress | calendar-booking |
SEOPress β On-site SEO | wp-seopress |
Shariff Wrapper | shariff |
Shortcode Addons- with Visual Composer, Divi, Beaver Builder and Elementor Extension | shortcode-addons |
Shortcodes by United Themes | ut-shortcodes |
Shortcodes Ultimate Pro | shortcodes-ultimate-pro |
Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) | sina-extension-for-elementor |
SiteGuard WP Plugin | siteguard |
Sketchfab Embed | sketchfab-oembed |
Slider & Popup Builder by Depicter β Add Image Slider, Carousel Slider, Exit Intent Popup, Popup Modal, Coupon Popup, Post Slider Carousel | depicter |
Slider by 10Web β Responsive Image Slider | slider-wd |
Slideshow SE | slideshow-se |
Smush Image Optimization β Optimize Images | Compress & Lazy Load Images |
Solid Security β Password, Two Factor Authentication, and Brute Force Protection | better-wp-security |
SP Project & Document Manager | sp-client-document-manager |
Sparkle Demo Importer | sparkle-demo-importer |
Squeeze | squeeze |
SULly | sully |
Support SVG β Upload svg files in wordpress without hassle | support-svg |
SVG Block | svg-block |
Table Addons for Elementor | table-addons-for-elementor |
Tabs β Responsive Tabs with WooCommerce Product Tab Extension | vc-tabs |
The Plus Addons for Elementor Page Builder | theplus_elementor_addon |
Themify β WooCommerce Product Filter | themify-wc-product-filter |
Tickera β WordPress Event Ticketing | tickera-event-ticketing-system |
Tournamatch | tournamatch |
Transition Slider β Responsive Image Slider and Gallery | transition-slider-lite |
Typing Text | typing-text |
UberMenu | ubermenu |
Ultimate Blocks β WordPress Blocks Plugin | ultimate-blocks |
Ultimate Custom Add To Cart Button (Ajax) For WooCommerce by Binary Carpenter | custom-add-to-cart-button-for-woocommerce |
Universal Slider | fusion-slider |
User Profile Picture | metronet-profile-picture |
User Rights Access Manager | user-rights-access-manager |
Vimeography: Vimeo Video Gallery WordPress Plugin | vimeography |
Wheel of Life: Coaching and Assessment Tool for Life Coach | wheel-of-life |
Wishlist Member | wishlist-member-x |
WooCommerce Checkout & Funnel Builder by CartFlows β Create High Converting Stores For WooCommerce | cartflows |
Woocommerce Customers Order History | woo-customers-order-history |
Word Balloon | word-balloon |
WordPress CRM, Email & Marketing Automation for WordPress | Award Winner β Groundhogg |
WordPress Picture / Portfolio / Media Gallery | nimble-portfolio |
WP 2FA β Two-factor authentication for WordPress | wp-2fa |
WP Blog Post Layouts | wp-blog-post-layouts |
WP Child Theme Generator | wp-child-theme-generator |
WP Hotel Booking | wp-hotel-booking |
WP Job Manager - Resume Manager | wp-job-manager-resumes |
WP Magazine Modules Lite | wp-magazine-modules-lite |
WP Maintenance | wp-maintenance |
WP QuickLaTeX | wp-quicklatex |
WP Recipe Maker | wp-recipe-maker |
WP Scraper | wp-scraper |
WP Secure Maintenance | wp-secure-maintainance |
WP SVG Images | wp-svg-images |
WPAdverts β Classifieds Plugin | wpadverts |
WPZOOM Addons for Elementor (Templates, Widgets) | wpzoom-elementor-addons |
YARPP β Yet Another Related Posts Plugin | yet-another-related-posts-plugin |
Youzify β BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress | youzify |
Zoho Marketing Automation | zoho-marketinghub |
Software Name | Software Slug |
---|---|
Book Landing Page | book-landing-page |
Chic Lite | chic-lite |
Customizr | customizr |
Digital Newspaper | digital-newspaper |
Divi | Divi |
Education Zone | education-zone |
Enfold - Responsive Multi-Purpose Theme | enfold |
Flatsome | flatsome |
Grey Opaque | grey-opaque |
Hueman | hueman |
Materialis | materialis |
Mosaic | mosaic |
Sinatra | sinatra |
Vilva | vilva |
Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you shouldβve already been notified if your site was affected by any of these vulnerabilities. If you'd like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.
10.0
CVSS Rating
Critical (10.0)
CVE-ID
CVE-2024-37228
Patch Status
Patched
Published
Jun 21, 2024
Affected Software
InstaWP Connect β 1-click WP Staging & Migration
Researcher
10.0
CVSS Rating
Critical (10.0)
CVE-ID
CVE-2024-37112
Patch Status
Unpatched
Published
Jun 20, 2024
Affected Software
Wishlist Member
Researcher
10.0
CVSS Rating
Critical (10.0)
CVE-ID
CVE-2024-3605
Patch Status
Unpatched
Published
Jun 19, 2024
Affected Software
WP Hotel Booking
Researcher
9.9
CVSS Rating
Critical (9.9)
CVE-ID
CVE-2024-37090
Patch Status
Patched
Published
Jun 20, 2024
Affected Software
Consulting Elementor Widgets
Researcher
9.9
CVSS Rating
Critical (9.9)
CVE-ID
CVE-2024-5853
Patch Status
Patched
Published
Jun 18, 2024
Affected Software
Image Optimizer, Resizer and CDN β Sirv
Researcher
9.9
CVSS Rating
Critical (9.9)
CVE-ID
CVE-2024-37109
Patch Status
Unpatched
Published
Jun 20, 2024
Affected Software
Wishlist Member
Researcher
9.9
CVSS Rating
Critical (9.9)
CVE-ID
CVE-2024-37225
Patch Status
Unpatched
Published
Jun 21, 2024
Affected Software
Zoho Marketing Automation
Researcher
9.8
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-37089
Patch Status
Patched
Published
Jun 20, 2024
Affected Software
Consulting Elementor Widgets
Researcher
9.8
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-5756
Patch Status
Patched
Published
Jun 20, 2024
Affected Software
Email Subscribers by Icegram Express β Email Marketing, Newsletters, Automation for WordPress & WooCommerce
Researcher
9.8
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-5432
Patch Status
Unpatched
Published
Jun 19, 2024
Affected Software
Lifeline Donation
Researcher
9.8
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-3229
Patch Status
Patched
Published
Jun 18, 2024
Affected Software
Salon Booking System
Researcher
9.8
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-4098
Patch Status
Patched
Published
Jun 19, 2024
Affected Software
Shariff Wrapper
Researcher
9.8
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-6027
Patch Status
Patched
Published
Jun 20, 2024
Affected Software
Themify β WooCommerce Product Filter
Researcher
9.8
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-4742
Patch Status
Unpatched
Published
Jun 19, 2024
Affected Software
Youzify β BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress
Researcher
9.6
CVSS Rating
Critical (9.6)
CVE-ID
CVE-2024-37212
Patch Status
Unpatched
Published
Jun 20, 2024
Affected Software
AliExpress Dropshipping with AliNext Lite
Researcher
9.3
CVSS Rating
Critical (9.3)
CVE-ID
CVE-2024-5021
Patch Status
Unpatched
Published
Jun 18, 2024
Affected Software
WordPress Picture / Portfolio / Media Gallery
Researcher
9.1
CVSS Rating
Critical (9.1)
CVE-ID
CVE-2024-35767
Patch Status
Patched
Published
Jun 18, 2024
Affected Software
Squeeze
Researcher
8.8
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-2381
Patch Status
Unpatched
Published
Jun 18, 2024
Affected Software
AliExpress Dropshipping with AliNext Lite
Researcher
8.8
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-37092
Patch Status
Patched
Published
Jun 20, 2024
Affected Software
Consulting Elementor Widgets
Researcher
8.8
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-37091
Patch Status
Patched
Published
Jun 20, 2024
Affected Software
Consulting Elementor Widgets
Researcher
8.8
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-3562
Patch Status
Unpatched
Published
Jun 19, 2024
Affected Software
Custom Field Suite
Researcher
8.8
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-3561
Patch Status
Unpatched
Published
Jun 19, 2024
Affected Software
Custom Field Suite
Researcher
8.8
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-5605
Patch Status
Patched
Published
Jun 19, 2024
Affected Software
Media Library Assistant
Researcher
8.8
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-6132
Patch Status
Unpatched
Published
Jun 18, 2024
Affected Software
Pexels: Free Stock Photos
Researcher
8.8
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-5343
Patch Status
Patched
Published
Jun 18, 2024
Affected Software
Photo Gallery, Images, Slider in Rbs Image Gallery
Researcher
8.8
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-5724
Patch Status
Unpatched
Published
Jun 18, 2024
Affected Software
Photo Video Gallery Master
Researcher
8.8
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-35778
Patch Status
Unpatched
Published
Jun 19, 2024
Affected Software
Slideshow SE
Researcher
JoΓ£o Pedro Soares de AlcΓ’ntara
8.8
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-5455
Patch Status
Patched
Published
Jun 20, 2024
Affected Software
The Plus Addons for Elementor Page Builder
Researcher
8.8
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-37107
Patch Status
Unpatched
Published
Jun 20, 2024
Affected Software
Wishlist Member
Researcher
8.8
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-35781
Patch Status
Unpatched
Published
Jun 19, 2024
Affected Software
Word Balloon
Researcher
JoΓ£o Pedro Soares de AlcΓ’ntara
8.8
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-5503
Patch Status
Unpatched
Published
Jun 20, 2024
Affected Software
WP Blog Post Layouts
Researcher
8.3
CVSS Rating
High (8.3)
CVE-ID
CVE-2024-37234
Patch Status
Unpatched
Published
Jun 21, 2024
Affected Software
Academy LMS β eLearning and online course solution for WordPress
Researcher
8.1
CVSS Rating
High (8.1)
CVE-ID
CVE-2024-6125
Patch Status
Patched
Published
Jun 18, 2024
Affected Software
Login with phone number
Researcher
8.1
CVSS Rating
High (8.1)
CVE-ID
CVE-2024-37108
Patch Status
Unpatched
Published
Jun 20, 2024
Affected Software
Wishlist Member
Researcher
7.5
CVSS Rating
High (7.5)
CVE-ID
CVE-2024-35780
Patch Status
Unpatched
Published
Jun 19, 2024
Affected Software
Live Composer β Free WordPress Website Builder
Researcher
7.5
CVSS Rating
High (7.5)
CVE-ID
CVE-2024-5574
Patch Status
Patched
Published
Jun 18, 2024
Affected Software
WP Magazine Modules Lite
Researcher
7.4
CVSS Rating
High (7.4)
CVE-ID
CVE-2023-5527
Patch Status
Patched
Published
Jun 17, 2024
Affected Software
Business Directory Plugin β Easy Listing Directories for WordPress
Researcher
7.2
CVSS Rating
High (7.2)
CVE-ID
CVE-2024-5791
Patch Status
Patched
Published
Jun 21, 2024
Affected Software
Online Booking & Scheduling Calendar for WordPress by vcita
Researcher
7.2
CVSS Rating
High (7.2)
CVE-ID
CVE-2024-3593
Patch Status
Patched
Published
Jun 21, 2024
Affected Software
UberMenu
Researcher
7.2
CVSS Rating
High (7.2)
CVE-ID
CVE-2024-37106
Patch Status
Unpatched
Published
Jun 20, 2024
Affected Software
Wishlist Member
Researcher
7.1
CVSS Rating
High (7.1)
CVE-ID
CVE-2024-3597
Patch Status
Unpatched
Published
Jun 19, 2024
Affected Software
Export WP Page to Static HTML/CSS
Researcher
6.5
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2024-4390
Patch Status
Patched
Published
Jun 19, 2024
Affected Software
Slider & Popup Builder by Depicter β Add Image Slider, Carousel Slider, Exit Intent Popup, Popup Modal, Coupon Popup, Post Slider Carousel
Researcher
6.5
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2024-1639
Patch Status
Unpatched
Published
Jun 20, 2024
Affected Software
License Manager for WooCommerce
Researcher
6.5
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2023-3204
Patch Status
Patched
Published
Jun 19, 2024
Affected Software
Materialis
Researcher
6.5
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2024-1634
Patch Status
Unpatched
Published
Jun 17, 2024
Affected Software
Scheduling Plugin β Online Booking for WordPress
Researcher
6.5
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2024-6120
Patch Status
Patched
Published
Jun 21, 2024
Affected Software
Sparkle Demo Importer
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-37214
Patch Status
Unpatched
Published
Jun 20, 2024
Affected Software
AliExpress Dropshipping with AliNext Lite
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-5444
Patch Status
Unpatched
Published
Jun 20, 2024
Affected Software
Bible Text
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4623
Patch Status
Unpatched
Published
Jun 18, 2024
Affected Software
Blogmentor β Blog Layouts for Elementor
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-5191
Patch Status
Patched
Published
Jun 20, 2024
Affected Software
Branda β White Label WordPress, Custom Login Page Customizer
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-3558
Patch Status
Unpatched
Published
Jun 19, 2024
Affected Software
Custom Field Suite
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-35774
Patch Status
Unpatched
Published
Jun 18, 2024
Affected Software
DImage 360
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-5533
Patch Status
Patched
Published
Jun 17, 2024
Affected Software
Divi
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-37100
Patch Status
Unpatched
Published
Jun 20, 2024
Affected Software
Elegant Themes Icons
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-3984
Patch Status
Unpatched
Published
Jun 18, 2024
Affected Software
EmbedSocial β Social Media Feeds, Reviews and Galleries
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-37217
Patch Status
Unpatched
Published
Jun 21, 2024
Affected Software
Empty Cart Button for WooCommerce
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-5156
Patch Status
Patched
Published
Jun 19, 2024
Affected Software
Flatsome
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-5346
Patch Status
Patched
Published
Jun 21, 2024
Affected Software
Flatsome
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-35765
Patch Status
Patched
Published
Jun 17, 2024
Affected Software
Greenshift β animation and page builder blocks
Researcher
JoΓ£o Pedro Soares de AlcΓ’ntara
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-5966
Patch Status
Unpatched
Published
Jun 21, 2024
Affected Software
Grey Opaque
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4626
Patch Status
Patched
Published
Jun 19, 2024
Affected Software
JetWidgets For Elementor
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-37221
Patch Status
Unpatched
Published
Jun 21, 2024
Affected Software
Kimili Flash Embed
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4375
Patch Status
Unpatched
Published
Jun 17, 2024
Affected Software
Master Slider β Responsive Touch Slider
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-5970
Patch Status
Patched
Published
Jun 18, 2024
Affected Software
MaxGalleria
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-5768
Patch Status
Unpatched
Published
Jun 18, 2024
Affected Software
MIMO Woocommerce Order Tracking
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-5965
Patch Status
Unpatched
Published
Jun 21, 2024
Affected Software
Mosaic
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-37114
Patch Status
Unpatched
Published
Jun 20, 2024
Affected Software
My Favorites
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-2484
Patch Status
Patched
Published
Jun 21, 2024
Affected Software
Orbit Fox by ThemeIsle
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4663
Patch Status
Unpatched
Published
Jun 18, 2024
Affected Software
OSM Map Widget for Elementor
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-37219
Patch Status
Unpatched
Published
Jun 21, 2024
Affected Software
Page Builder Sandwich β Front End WordPress Page Builder Plugin
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-35768
Patch Status
Unpatched
Published
Jun 18, 2024
Affected Software
Live Composer β Free WordPress Website Builder
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-35779
Patch Status
Unpatched
Published
Jun 19, 2024
Affected Software
Live Composer β Free WordPress Website Builder
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-0845
Patch Status
Unpatched
Published
Jun 17, 2024
Affected Software
PDF Viewer for Elementor
Researchers
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-3894
Patch Status
Patched
Published
Jun 18, 2024
Affected Software
Photo Gallery, Images, Slider in Rbs Image Gallery
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-6025
Patch Status
Patched
Published
Jun 20, 2024
Affected Software
Quiz and Survey Master (QSM) β Easy Quiz and Survey Maker
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-37223
Patch Status
Unpatched
Published
Jun 21, 2024
Affected Software
Restaurant Reservations
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-1168
Patch Status
Patched
Published
Jun 19, 2024
Affected Software
SEOPress β On-site SEO
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4217
Patch Status
Patched
Published
Jun 22, 2024
Affected Software
Shortcodes Ultimate Pro
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-5036
Patch Status
Patched
Published
Jun 19, 2024
Affected Software
Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates)
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-37116
Patch Status
Unpatched
Published
Jun 20, 2024
Affected Software
Sinatra
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-37216
Patch Status
Unpatched
Published
Jun 21, 2024
Affected Software
Sketchfab Embed
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-35769
Patch Status
Unpatched
Published
Jun 18, 2024
Affected Software
Slideshow SE
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4272
Patch Status
Patched
Published
Jun 22, 2024
Affected Software
Support SVG β Upload svg files in wordpress without hassle
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4269
Patch Status
Patched
Published
Jun 22, 2024
Affected Software
SVG Block
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4313
Patch Status
Patched
Published
Jun 21, 2024
Affected Software
Table Addons for Elementor
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-37215
Patch Status
Unpatched
Published
Jun 20, 2024
Affected Software
Transition Slider β Responsive Image Slider and Gallery
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-5058
Patch Status
Patched
Published
Jun 19, 2024
Affected Software
Typing Text
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2023-6692
Patch Status
Patched
Published
Jun 18, 2024
Affected Software
Ultimate Blocks β WordPress Blocks Plugin
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4632
Patch Status
Patched
Published
Jun 18, 2024
Affected Software
WooCommerce Checkout & Funnel Builder by CartFlows β Create High Converting Stores For WooCommerce
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-5627
Patch Status
Patched
Published
Jun 22, 2024
Affected Software
Tournamatch
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-37101
Patch Status
Patched
Published
Jun 20, 2024
Affected Software
Enhance Your Posts with the WP Post Author Box, Co-Authors, Guest Authors, and Post Rating System, including Registration Form Builder
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-0383
Patch Status
Patched
Published
Jun 18, 2024
Affected Software
WP Recipe Maker
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-37208
Patch Status
Unpatched
Published
Jun 20, 2024
Affected Software
WP Scraper
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-5945
Patch Status
Patched
Published
Jun 20, 2024
Affected Software
WP SVG Images
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-5686
Patch Status
Patched
Published
Jun 19, 2024
Affected Software
WPZOOM Addons for Elementor (Templates, Widgets)
Researcher
6.3
CVSS Rating
Medium (6.3)
CVE-ID
CVE-2024-4450
Patch Status
Unpatched
Published
Jun 18, 2024
Affected Software
AliExpress Dropshipping with AliNext Lite
Researcher
6.3
CVSS Rating
Medium (6.3)
CVE-ID
CVE-2024-5596
Patch Status
Patched
Published
Jun 21, 2024
Affected Software
ARMember Premium β Membership Plugin, Content Restriction, Member Levels, User Profile & User signup
Researcher
6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-37213
Patch Status
Unpatched
Published
Jun 20, 2024
Affected Software
AliExpress Dropshipping with AliNext Lite
Researcher
6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-37211
Patch Status
Unpatched
Published
Jun 20, 2024
Affected Software
AliExpress Dropshipping with AliNext Lite
Researcher
6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-5859
Patch Status
Patched
Published
Jun 20, 2024
Affected Software
Online Booking & Scheduling Calendar for WordPress by vcita
Researcher
6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-37206
Patch Status
Unpatched
Published
Jun 20, 2024
Affected Software
Demo Awesome
Researcher
6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-37199
Patch Status
Patched
Published
Jun 20, 2024
Affected Software
Enfold - Responsive Multi-Purpose Theme
Researcher
6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-4977
Patch Status
Patched
Published
Jun 22, 2024
Affected Software
Index WP MySQL For Speed
Researcher
6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-37222
Patch Status
Unpatched
Published
Jun 20, 2024
Affected Software
Master Slider β Responsive Touch Slider
Researcher
6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-37097
Patch Status
Patched
Published
Jun 20, 2024
Affected Software
Shortcodes by United Themes
Researcher
6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-5032
Patch Status
Patched
Published
Jun 22, 2024
Affected Software
SULly
Researcher
6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-5033
Patch Status
Patched
Published
Jun 22, 2024
Affected Software
SULly
Researcher
6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-5344
Patch Status
Patched
Published
Jun 20, 2024
Affected Software
The Plus Addons for Elementor Page Builder
Researcher
5.8
CVSS Rating
Medium (5.8)
CVE-ID
CVE-2024-4787
Patch Status
Patched
Published
Jun 18, 2024
Affected Software
Cost Calculator Builder PRO
Researcher
5.5
CVSS Rating
Medium (5.5)
CVE-ID
CVE-2024-37098
Patch Status
Unpatched
Published
Jun 20, 2024
Affected Software
BlossomThemes Email Newsletter
Researcher
5.5
CVSS Rating
Medium (5.5)
CVE-ID
CVE-2024-6026
Patch Status
Patched
Published
Jun 20, 2024
Affected Software
Slider by 10Web β Responsive Image Slider
Researcher
5.4
CVSS Rating
Medium (5.4)
CVE-ID
CVE-2024-37232
Patch Status
Patched
Published
Jun 21, 2024
Affected Software
Hercules Core
Researcher
5.4
CVSS Rating
Medium (5.4)
CVE-ID
CVE-2024-3919
Patch Status
Patched
Published
Jun 22, 2024
Affected Software
OpenPGP Form Encryption for WordPress
Researcher
5.4
CVSS Rating
Medium (5.4)
CVE-ID
CVE-2024-1407
Patch Status
Patched
Published
Jun 18, 2024
Affected Software
Paid Memberships Pro β Content Restriction, User Registration, & Paid Subscriptions
Researcher
5.4
CVSS Rating
Medium (5.4)
CVE-ID
CVE-2024-5649
Patch Status
Unpatched
Published
Jun 18, 2024
Affected Software
Universal Slider
Researcher
5.4
CVSS Rating
Medium (5.4)
CVE-ID
CVE-2024-3627
Patch Status
Unpatched
Published
Jun 19, 2024
Affected Software
Wheel of Life: Coaching and Assessment Tool for Life Coach
Researcher
5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-37205
Patch Status
Patched
Published
Jun 20, 2024
Affected Software
affiliate-toolkit β WordPress Affiliate Plugin
Researcher
5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-3961
Patch Status
Patched
Published
Jun 20, 2024
Affected Software
ConvertKit β Email Newsletter, Email Marketing, Subscribers and Landing Pages
Researcher
5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-5059
Patch Status
Unpatched
Published
Jun 19, 2024
Affected Software
Event Monster β Event Management, Tickets Booking, Upcoming Event
Researcher
5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-5541
Patch Status
Patched
Published
Jun 17, 2024
Affected Software
Ibtana β WordPress Website Builder
Researcher
5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-37094
Patch Status
Patched
Published
Jun 20, 2024
Affected Software
MasterStudy LMS WordPress Plugin β for Online Courses and Education
Researcher
5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-37115
Patch Status
Patched
Published
Jun 20, 2024
Affected Software
Newspack Blocks
Researcher
5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-37220
Patch Status
Unpatched
Published
Jun 21, 2024
Affected Software
Optinly β Exit Intent, Newsletter Popups, Gamification & Opt-in Forms
Researcher
5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-35776
Patch Status
Unpatched
Published
Jun 19, 2024
Affected Software
phpinfo() WP
Researcher
5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-37881
Patch Status
Patched
Published
Jun 21, 2024
Affected Software
SiteGuard WP Plugin
Researcher
5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2022-44593
Patch Status
Patched
Published
Jun 20, 2024
Affected Software
Solid Security β Password, Two Factor Authentication, and Brute Force Protection
Researcher
5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-37110
Patch Status
Unpatched
Published
Jun 20, 2024
Affected Software
Wishlist Member
Researcher
5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-37111
Patch Status
Unpatched
Published
Jun 20, 2024
Affected Software
Wishlist Member
Researcher
5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-37113
Patch Status
Unpatched
Published
Jun 20, 2024
Affected Software
Wishlist Member
Researcher
5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2022-44587
Patch Status
Patched
Published
Jun 20, 2024
Affected Software
WP 2FA β Two-factor authentication for WordPress
Researcher
5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-3610
Patch Status
Patched
Published
Jun 20, 2024
Affected Software
WP Child Theme Generator
Researcher
5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-0789
Patch Status
Patched
Published
Jun 18, 2024
Affected Software
WP Maintenance
Researcher
4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-37122
Patch Status
Unpatched
Published
Jun 20, 2024
Affected Software
Accordion β Multiple Accordion or FAQs Builder
Researcher
4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-6225
Patch Status
Patched
Published
Jun 20, 2024
Affected Software
Booking for Appointments and Events Calendar β Amelia
Researcher
4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-6334
Patch Status
Patched
Published
Jun 18, 2024
Affected Software
Easy Table of Contents
Researcher
4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-4602
Patch Status
Patched
Published
Jun 22, 2024
Affected Software
Embed Peertube Playlist
Researcher
4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-37121
Patch Status
Unpatched
Published
Jun 20, 2024
Affected Software
Shortcode Addons- with Visual Composer, Divi, Beaver Builder and Elementor Extension
Researcher
4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-5151
Patch Status
Patched
Published
Jun 22, 2024
Affected Software
SULly
Researcher
4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-37120
Patch Status
Unpatched
Published
Jun 20, 2024
Affected Software
Tabs β Responsive Tabs with WooCommerce Product Tab Extension
Researcher
4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-5644
Patch Status
Patched
Published
Jun 22, 2024
Affected Software
Tournamatch
Researcher
4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-5472
Patch Status
Patched
Published
Jun 22, 2024
Affected Software
WP QuickLaTeX
Researcher
4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-4753
Patch Status
Patched
Published
Jun 21, 2024
Affected Software
WP Secure Maintenance
Researcher
4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2023-6495
Patch Status
Patched
Published
Jun 18, 2024
Affected Software
YARPP β Yet Another Related Posts Plugin
Researcher
4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-37230
Patch Status
Patched
Published
Jun 21, 2024
Affected Software
Book Landing Page
Researcher
4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-4874
Patch Status
Patched
Published
Jun 21, 2024
Affected Software
Bricks Builder
Researcher
4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-37104
Patch Status
Patched
Published
Jun 20, 2024
Affected Software
Chic Lite
Researcher
4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-5167
Patch Status
Patched
Published
Jun 22, 2024
Affected Software
CM Email Registration Blacklist and Whitelist
Researcher
4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-6023
Patch Status
Unpatched
Published
Jun 21, 2024
Affected Software
ContentLock
Researcher
4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-6024
Patch Status
Unpatched
Published
Jun 21, 2024
Affected Software
ContentLock
Researcher
4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-6022
Patch Status
Unpatched
Published
Jun 21, 2024
Affected Software
ContentLock
Researcher
4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-4541
Patch Status
Unpatched
Published
Jun 18, 2024
Affected Software
Custom Product List Table
Researcher
4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-35771
Patch Status
Patched
Published
Jun 18, 2024
Affected Software
Customizr
Researcher
4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-37207
Patch Status
Unpatched
Published
Jun 20, 2024
Affected Software
Demo Awesome
Researcher
4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-37198
Patch Status
Patched
Published
Jun 20, 2024
Affected Software
Digital Newspaper
Researcher
4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-37103
Patch Status
Patched
Published
Jun 20, 2024
Affected Software
Education Zone
Researcher
4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-37095
Patch Status
Patched
Published
Jun 20, 2024
Affected Software
Gallery Plugin for WordPress β Envira Photo Gallery
Researcher
4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-37240
Patch Status
Patched
Published
Jun 21, 2024
Affected Software
Falang multilanguage for WordPress
Researcher
4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-37237
Patch Status
Unpatched
Published
Jun 21, 2024
Affected Software
FS Poster - WordPress Social media Auto Poster & Scheduler [Facebook, Instagram, Twitter, Pinterest]
Researcher
4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-37235
Patch Status
Patched
Published
Jun 21, 2024
Affected Software
WordPress CRM, Email & Marketing Automation for WordPress | Award Winner β Groundhogg
Researcher
4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-1955
Patch Status
Patched
Published
Jun 20, 2024
Affected Software
Hide Dashboard Notifications
Researcher
4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-35772
Patch Status
Patched
Published
Jun 18, 2024
Affected Software
Hueman
Researcher
4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-37226
Patch Status
Unpatched
Published
Jun 21, 2024
Affected Software
Kanban Boards for WordPress
Researcher
4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-37203
Patch Status
Unpatched
Published
Jun 20, 2024
Affected Software
Laybuy Payment Extension for WooCommerce
Researcher
4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-37236
Patch Status
Patched
Published
Jun 21, 2024
Affected Software
Loco Translate
Researcher
4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-37093
Patch Status
Patched
Published
Jun 20, 2024
Affected Software
MasterStudy LMS WordPress Plugin β for Online Courses and Education
Researcher
4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-37227
Patch Status
Patched
Published
Jun 21, 2024
Affected Software
Newsletters
Researcher
4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-37242
Patch Status
Patched
Published
Jun 21, 2024
Affected Software
Newspack Newsletters
Researcher
4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-37218
Patch Status
Unpatched
Published
Jun 21, 2024
Affected Software
Page Builder Sandwich β Front End WordPress Page Builder Plugin
Researcher
4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-37233
Patch Status
Unpatched
Published
Jun 21, 2024
Affected Software
Play.ht β Make Your Blog Posts Accessible With Text to Speech Audio
Researcher
4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-3602
Patch Status
Unpatched
Published
Jun 19, 2024
Affected Software
Pop ups, Exit intent popups, email popups, banners, bars, countdowns and cart savers β Promolayer
Researcher
4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-37096
Patch Status
Patched
Published
Jun 20, 2024
Affected Software
Popup Box β Create Countdown, Coupon, Video, Contact Form Popups
Researcher
4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-37204
Patch Status
Patched
Published
Jun 20, 2024
Affected Software
PropertyHive
Researcher
4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-4873
Patch Status
Unpatched
Published
Jun 18, 2024
Affected Software
Replace Image
Researcher
4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2023-3352
Patch Status
Patched
Published
Jun 20, 2024
Affected Software
Smush Image Optimization β Optimize Images | Compress & Lazy Load Images | Convert WebP | Image CDN
Researchers
4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-37224
Patch Status
Unpatched
Published
Jun 21, 2024
Affected Software
SP Project & Document Manager
Researcher
4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-5034
Patch Status
Patched
Published
Jun 22, 2024
Affected Software
SULly
Researcher
4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-5860
Patch Status
Patched
Published
Jun 17, 2024
Affected Software
Tickera β WordPress Event Ticketing
Researcher
4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-37202
Patch Status
Unpatched
Published
Jun 20, 2024
Affected Software
Ultimate Custom Add To Cart Button (Ajax) For WooCommerce by Binary Carpenter
Researcher
4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-5639
Patch Status
Patched
Published
Jun 20, 2024
Affected Software
User Profile Picture
Researcher
4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-37209
Patch Status
Unpatched
Published
Jun 20, 2024
Affected Software
User Rights Access Manager
Researcher
4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-37102
Patch Status
Patched
Published
Jun 20, 2024
Affected Software
Vilva
Researcher
4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-35770
Patch Status
Patched
Published
Jun 18, 2024
Affected Software
Vimeography: Vimeo Video Gallery WordPress Plugin
Researcher
4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-37201
Patch Status
Unpatched
Published
Jun 20, 2024
Affected Software
Woocommerce Customers Order History
Researcher
4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-37241
Patch Status
Patched
Published
Jun 21, 2024
Affected Software
WP Job Manager - Resume Manager
Researcher
4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-37238
Patch Status
Patched
Published
Jun 21, 2024
Affected Software
WPAdverts β Classifieds Plugin
Researcher
As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.
This database is continuously updated, maintained, and populated by Wordfenceβs highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us through our Bug Bounty Program, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
The post Wordfence Intelligence Weekly WordPress Vulnerability Report (June 17, 2024 to June 23, 2024) appeared first on Wordfence.
10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
9.7 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
41.2%