CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
87.1%
_ Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors?__Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the rest. For a limited time, all high risk issues are in-scope for all researchers! _
Last week, there were 235 vulnerabilities disclosed in 197 WordPress Plugins and 10 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 67 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.
Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface, vulnerability API, webhook integration, and Wordfence CLI Vulnerability Scanner are all completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.
Enterprises, Hosting Providers, and even Individuals can use the Wordfence CLI Vulnerability Scanner to run regular vulnerability scans across the sites they protect. Or alternatively, utilize the vulnerability Database API to receive a complete dump of our database of over 16,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
Patch Status | Number of Vulnerabilities |
---|---|
Patched | 173 |
Unpatched | 62 |
Severity Rating | Number of Vulnerabilities |
---|---|
Medium Severity | 203 |
High Severity | 21 |
Critical Severity | 11 |
Vulnerability Type by CWE | Number of Vulnerabilities |
---|---|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 120 |
Missing Authorization | 51 |
Cross-Site Request Forgery (CSRF) | 8 |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | 8 |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | 8 |
Information Exposure | 7 |
Improper Access Control | 5 |
Authorization Bypass Through User-Controlled Key | 4 |
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') | 3 |
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') | 2 |
Insufficient Verification of Data Authenticity | 2 |
URL Redirection to Untrusted Site ('Open Redirect') | 2 |
Authentication Bypass Using an Alternate Path or Channel | 1 |
Improper Control of Generation of Code ('Code Injection') | 1 |
Improper Handling of Insufficient Permissions or Privileges | 1 |
Improper Input Validation | 1 |
Improper Neutralization of Alternate XSS Syntax | 1 |
Improper Neutralization of Formula Elements in a CSV File | 1 |
Improper Restriction of Excessive Authentication Attempts | 1 |
Incorrect Permission Assignment for Critical Resource | 1 |
Incorrect Privilege Assignment | 1 |
Insecure Storage of Sensitive Information | 1 |
Path Traversal: '…/…//' | 1 |
Server-Side Request Forgery (SSRF) | 1 |
Unrestricted Upload of File with Dangerous Type | 1 |
Use of Insufficiently Random Values | 1 |
Use of Less Trusted Source | 1 |
Researcher Name | Number of Vulnerabilities |
---|
| 25
| 16
| 14
| 12
| 11
| 10
| 10
| 8
| 7
| 7
| 6
| 6
| 5
| 5
| 5
| 4
| 4
| 4
| 3
| 3
| 3
| 3
| 3
| 3
| 3
| 3
| 3
| 3
| 2
| 2
| 2
| 2
| 2
| 2
| 2
| 2
| 2
| 2
| 1
| 1
| 1
| 1
| 1
| 1
| 1
| 1
| 1
| 1
| 1
| 1
| 1
| 1
| 1
| 1
| 1
| 1
| 1
| 1
| 1
| 1
Trương Hữu Phúc (truonghuuphuc)
| 1
| 1
| 1
| 1
| 1
| 1
| 1
Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and earn a bounty on in-scope vulnerabilities through our Bug Bounty Program. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.
Software Name | Software Slug |
---|---|
12 Step Meeting List | 12-step-meeting-list |
Active Products Tables for WooCommerce. Use constructor to create tables | profit-products-tables-for-woocommerce |
Admin Notices Manager | admin-notices-manager |
Advanced Woo Labels – Product Labels for WooCommerce | advanced-woo-labels |
Album and Image Gallery plus Lightbox | album-and-image-gallery-plus-lightbox |
Album Gallery – WordPress Gallery | new-album-gallery |
Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy) | wp-analytify |
Animated AL List | animated-al-list |
Authorize.net Payment Gateway For WooCommerce | authorizenet-payment-gateway-for-woocommerce |
Auto Coupons for WooCommerce | woo-auto-coupons |
Block for Font Awesome | block-for-font-awesome |
BlockArt Blocks – Gutenberg Blocks, Page Builder Blocks ,WordPress Block Plugin, Sections & Template Library | blockart-blocks |
Bookster – WordPress Appointment Booking Plugin | bookster |
Boostify Header Footer Builder for Elementor | boostify-header-footer-builder |
Bosa Elementor Addons and Templates for WooCommerce | bosa-elementor-for-woocommerce |
Brave – Create Popup, Optins, Lead Generation, Survey, Sticky Elements & Interactive Content | brave-popup-builder |
Brizy – Page Builder | brizy |
BuddyPress Cover | bp-cover |
BuddyPress Members Only | buddypress-members-only |
BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages | wc4bp |
Cards for Beaver Builder | bb-bootstrap-cards |
CF7 Google Sheets Connector | cf7-google-sheets-connector |
Checkout Field Editor for WooCommerce (Pro) | woocommerce-checkout-field-editor-pro |
Claudio Sanches – Checkout Cielo for WooCommerce | woocommerce-checkout-cielo |
Clever Addons for Elementor | cafe-lite |
Clever Fox | clever-fox |
Colibri Page Builder | colibri-page-builder |
Comments – wpDiscuz | wpdiscuz |
Contact Form 7 | contact-form-7 |
Contact Form Builder, Contact Widget | contact-forms-builder |
Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress | contact-form-to-db |
Copymatic – AI Content Writer & Generator | copymatic |
Countdown, Coming Soon, Maintenance – Countdown & Clock | countdown-builder |
Cowidgets – Elementor Addons | cowidgets-elementor-addons |
Custom Dash | custom-dash |
Dashboard To-Do List | dashboard-to-do-list |
Database Cleaner | database-cleaner |
Debug Log Manager | debug-log-manager |
Download Attachments | download-attachments |
Download Manager | download-manager |
Easy Forms for Mailchimp | yikes-inc-easy-mailchimp-extender |
Easy Social Like Box – Popup – Sidebar Widget | cardoza-facebook-like-box |
Easy Table of Contents | easy-table-of-contents |
EasyAzon – Amazon Associates Affiliate Plugin | easyazon |
ElasticPress | elasticpress |
ElementsReady Addons for Elementor | element-ready-lite |
Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce | email-subscribers |
EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor | embedpress |
Emergency Password Reset | emergency-password-reset |
Envo Extra | envo-extra |
Essential Addons for Elementor Pro | essential-addons-elementor |
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders | essential-addons-for-elementor-lite |
Essential Real Estate | essential-real-estate |
Event Tickets with Ticket Scanner | event-tickets-with-ticket-scanner |
Extra Product Options for WooCommerce | extra-product-options-for-woocommerce |
FileOrganizer – Manage WordPress and Website Files | fileorganizer |
Five Star Restaurant Menu and Food Ordering | food-and-drink-menu |
Fluid Notification Bar | fluid-notification-bar |
Frontend Checklist | frontend-checklist |
Frontend Registration – Contact Form 7 | frontend-registration-contact-form-7 |
Gallery – Image and Video Gallery with Thumbnails | gallery-album |
GamiPress – Link | gamipress-link |
GDPR CCPA Compliance & Cookie Consent Banner | ninja-gdpr-compliance |
GDPR/CCPA Cookie Consent Banner | uk-cookie-consent |
GiveWP – Donation Plugin and Fundraising Platform | give |
GP Premium | gp-premium |
Gutenberg Blocks and Page Layouts – Attire Blocks | attire-blocks |
Gutenberg Blocks, Page Builder – ComboBlocks | post-grid |
Heateor Social Login WordPress | heateor-social-login |
HT Feed | ht-instagram |
Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery | new-image-gallery |
Image Hover Effects for Elementor with Lightbox and Flipbox | image-hover-effects-with-carousel |
Insert Post Ads | insert-post-ads |
Integrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files into Your WordPress Site | integrate-google-drive |
Interactive Content – H5P | h5p |
Kadence Blocks Pro | kadence-blocks-pro |
Kenta Blocks – Responsive Blocks and block templates library | kenta-blocks |
KiviCare – Clinic & Patient Management System (EHR) | kivicare-clinic-management-system |
Kognetiks Chatbot for WordPress | chatbot-chatgpt |
LA-Studio Element Kit for Elementor | lastudio-element-kit |
LearnPress – WordPress LMS Plugin | learnpress |
Leyka | leyka |
LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes | lifterlms |
LightPress Lightbox (WP JQuery Lightbox) | wp-jquery-lightbox |
Link Library | link-library |
Login/Signup Popup ( Inline Form + Woocommerce ) | easy-login-woocommerce |
Logo Manager For Enamad | logo-manager-for-enamad |
Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library ) | magical-addons-for-elementor |
Market Exporter | market-exporter |
Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor | master-addons |
Materialis Companion | materialis-companion |
Media Slider – Photo Slider, Video Slider, Link Slider, Carousal Slideshow | media-slider |
MegaMenu | stm-megamenu |
MelaPress Login Security | melapress-login-security |
Mime Types Extended | mime-types-extended |
Minimal Coming Soon – Coming Soon Page | minimal-coming-soon-maintenance-mode |
MJ Update History | mj-update-history |
Mollie Forms | mollie-forms |
MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution | dc-woocommerce-multi-vendor |
Muslim Prayer Time BD | muslim-prayer-time-bd |
Nafeza Prayer Time | nafeza-prayer-time |
Newsletter – Send awesome emails from WordPress | newsletter |
Newsletter, SMTP, Email marketing and Subscribe forms by Brevo (formely Sendinblue) | mailin |
Newsletters | newsletters-lite |
One Page Express Companion | one-page-express-companion |
Open Graph | opengraph |
Otter Blocks PRO – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE | otter-pro |
Ovic Importer | ovic-import-demo |
Pagerank tools | pagerank-tools |
Photo Gallery by 10Web – Mobile-Friendly Image Gallery | photo-gallery |
Podlove Web Player | podlove-web-player |
Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) | buddyforms |
PowerPack Pro for Elementor | powerpack-elements |
Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) | bdthemes-prime-slider-lite |
Product Addons & Fields for WooCommerce | woocommerce-product-addon |
ProfileGrid – User Profiles, Groups and Communities | profilegrid-user-profiles-groups-and-communities |
PropertyHive | propertyhive |
Pure Chat – Live Chat & More! | pure-chat |
Qi Addons For Elementor | qi-addons-for-elementor |
Qi Blocks | qi-blocks |
Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker | quiz-master-next |
Recurring PayPal Donations | recurring-donation |
Responsive Addons – Starter Templates, Advanced Features and Customizer Settings for Responsive Theme. | responsive-add-ons |
Restrict for Elementor | restrict-for-elementor |
RestroPress – Online Food Ordering System | restropress |
Rotating Tweets (Twitter widget and shortcode) | rotatingtweets |
Royal Elementor Addons and Templates | royal-elementor-addons |
Salon Booking System | salon-booking-system |
Save as PDF Plugin by Pdfcrowd | save-as-pdf-by-pdfcrowd |
SC filechecker | wp-file-checker |
SellKit – Funnel builder and checkout optimizer for WooCommerce to sell more, faster | sellkit |
Sensei LMS – Online Courses, Quizzes, & Learning | sensei-lms |
SEOPress – On-site SEO | wp-seopress |
Shopping Cart & eCommerce Store | wp-easycart |
Simple AL Slider | simple-al-slider |
Simple COD Fees for WooCommerce | simple-cod-fee-for-woocommerce |
Simple Image Popup Shortcode | simple-image-popup-shortcode |
Simple Photoswipe | simple-photoswipe |
SKT Addons for Elementor | skt-addons-for-elementor |
Slider Responsive Slideshow – Image slider, Gallery slideshow | slider-responsive-slideshow |
Slider Revolution | revslider |
Social Link Pages: link-in-bio landing pages for your social media profiles | social-link-pages |
Social Login Lite For WooCommerce | social-login-lite-for-woocommerce |
Spotify Play Button | spotify-play-button |
Startklar Elementor Addons | startklar-elmentor-forms-extwidgets |
Stellissimo Text Box | stellissimo-text-box |
Strategery Migrations | strategery-migrations |
Strong Testimonials | strong-testimonials |
SureTriggers: All-in-One WordPress Automation Plugin | suretriggers |
TablePress – Tables in WordPress made easy | tablepress |
tagDiv Composer | td-composer |
TemplatesNext OnePager | templatesnext-onepager |
Testimonials Widget | testimonials-widget |
The Moneytizer | the-moneytizer |
The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid | the-post-grid |
Themesflat Addons For Elementor | themesflat-addons-for-elementor |
Tickera – WordPress Event Ticketing | tickera-event-ticketing-system |
Tooltip CK | tooltip-ck |
Tutor LMS – eLearning and online course solution | tutor |
Under Construction / Maintenance Mode from Acurax | coming-soon-maintenance-mode-from-acurax |
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) | unlimited-elements-for-elementor |
Upload Fields for WPForms – Drag and Drop Multiple File Upload, Image Upload, and Google Drive Upload for WPForms | upload-fields-for-wpforms |
Upunzipper | upunzipper |
Video Widget | video-widget |
Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode & Coming Soon Pages | visualcomposer |
Visualizer: Tables and Charts Manager for WordPress | visualizer |
Wbcom Designs – Custom Font Uploader | custom-font-uploader |
Weather Widget Pro | weather-in-any-city-widget |
Weaver Xtreme Theme Support | weaverx-theme-support |
WebP & SVG Support | webp-svg-support |
Widget Options - Extended | extended-widget-options |
Widget Options – The #1 WordPress Widget & Block Control Plugin | widget-options |
Widget4Call | widget4call |
WooCommerce Dropshipping Premium | woocommerce-dropshipping |
WooCommerce Tools | woo-tools |
Woody code snippets – Insert Header Footer Code, AdSense Ads | insert-php |
woothemes-sensei | woothemes-sensei |
WordPress prettyPhoto | prettyphoto |
WP Chat App | wp-whatsapp |
WP Dark Mode – WordPress Dark Mode Plugin for Improved Accessibility, Dark Theme, Night Mode, and Social Sharing | wp-dark-mode |
WP Docs | wp-docs |
WP Force SSL & HTTPS SSL Redirect | wp-force-ssl |
WP Mobile Menu – The Mobile-Friendly Responsive Menu | mobile-menu |
WP Reset – Most Advanced WordPress Reset Tool | wp-reset |
WP Shortcodes Plugin — Shortcodes Ultimate | shortcodes-ultimate |
WP Time Slots Booking Form | wp-time-slots-booking-form |
WP Translate – WordPress Translation Plugin | wp-translate |
WP Visitors Tracker | wp_visitorstracker |
WP-DB-Table-Editor | wp-db-table-editor |
WP-Recall – Registration, Profile, Commerce & More | wp-recall |
WPMobile.App — Android and iOS Mobile Application | wpappninja |
WPUpper Share Buttons | wpupper-share-buttons |
WS Form LITE – Drag & Drop Contact Form Builder for WordPress | ws-form |
WS Form Pro | ws-form-pro |
YITH Custom Login | yith-custom-login |
YITH WooCommerce Product Add-Ons | yith-woocommerce-product-add-ons |
YITH WooCommerce Tab Manager | yith-woocommerce-tab-manager |
Software Name | Software Slug |
---|---|
Blocksy | blocksy |
Bloglo | bloglo |
Eduma | eduma |
Event | event |
Formula | formula |
Idyllic | idyllic |
Pixgraphy | pixgraphy |
Radcliffe 2 | radcliffe-2 |
Responsive | responsive |
Rife Free | rife-free |
Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you'd like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.
10.0
CVSS Rating
Critical (10.0)
CVE-ID
CVE-2024-35746
Patch Status
Unpatched
Published
Jun 6, 2024
Affected Software
BuddyPress Cover
Researcher
9.9
CVSS Rating
Critical (9.9)
CVE-ID
CVE-2024-35678
Patch Status
Patched
Published
Jun 5, 2024
Affected Software
Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress
Researcher
9.9
CVSS Rating
Critical (9.9)
CVE-ID
CVE-2024-35750
Patch Status
Unpatched
Published
Jun 6, 2024
Affected Software
Gallery – Image and Video Gallery with Thumbnails
Researcher
9.9
CVSS Rating
Critical (9.9)
CVE-ID
CVE-2024-3592
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker
Researcher
9.9
CVSS Rating
Critical (9.9)
CVE-ID
CVE-2024-35736
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
Visualizer: Tables and Charts Manager for WordPress
Researcher
Trương Hữu Phúc (truonghuuphuc)
9.8
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-35658
Patch Status
Patched
Published
Jun 3, 2024
Affected Software
Checkout Field Editor for WooCommerce (Pro)
Researcher
9.8
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-4295
Patch Status
Patched
Published
Jun 4, 2024
Affected Software
Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce
Researcher
9.8
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-4743
Patch Status
Patched
Published
Jun 4, 2024
Affected Software
LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes
Researcher
9.8
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-35677
Patch Status
Patched
Published
Jun 5, 2024
Affected Software
MegaMenu
Researcher
9.8
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-4552
Patch Status
Unpatched
Published
Jun 3, 2024
Affected Software
Social Login Lite For WooCommerce
Researcher
9.1
CVSS Rating
Critical (9.1)
CVE-ID
CVE-2024-5153
Patch Status
Unpatched
Published
Jun 5, 2024
Affected Software
Startklar Elementor Addons
Researcher
8.8
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-5179
Patch Status
Patched
Published
Jun 5, 2024
Affected Software
Cowidgets – Elementor Addons
Researcher
8.8
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-5324
Patch Status
Patched
Published
Jun 5, 2024
Affected Software
Login/Signup Popup ( Inline Form + Woocommerce )
Researcher
8.8
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-3668
Patch Status
Patched
Published
Jun 7, 2024
Affected Software
PowerPack Pro for Elementor
Researcher
8.8
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-5329
Patch Status
Patched
Published
Jun 5, 2024
Affected Software
Unlimited Elements For Elementor (Free Widgets, Addons, Templates)
Researcher
8.1
CVSS Rating
High (8.1)
CVE-ID
CVE-2023-6968
Patch Status
Patched
Published
Jun 5, 2024
Affected Software
The Moneytizer
Researcher
8.1
CVSS Rating
High (8.1)
CVE-ID
CVE-2023-6966
Patch Status
Patched
Published
Jun 5, 2024
Affected Software
The Moneytizer
Researcher
7.5
CVSS Rating
High (7.5)
CVE-ID
CVE-2024-5599
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
FileOrganizer – Manage WordPress and Website Files
Researcher
7.5
CVSS Rating
High (7.5)
CVE-ID
CVE-2024-5637
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
Market Exporter
Researcher
7.5
CVSS Rating
High (7.5)
CVE-ID
CVE-2024-4887
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
Qi Addons For Elementor
Researcher
7.5
CVSS Rating
High (7.5)
CVE-ID
CVE-2024-35745
Patch Status
Unpatched
Published
Jun 6, 2024
Affected Software
Strategery Migrations
Researcher
7.5
CVSS Rating
High (7.5)
CVE-ID
CVE-2024-2019
Patch Status
Unpatched
Published
Jun 3, 2024
Affected Software
WP-DB-Table-Editor
Researcher
7.4
CVSS Rating
High (7.4)
CVE-ID
CVE-2024-3667
Patch Status
Patched
Published
Jun 4, 2024
Affected Software
Brizy – Page Builder
Researcher
7.4
CVSS Rating
High (7.4)
CVE-ID
CVE-2024-5091
Patch Status
Patched
Published
Jun 7, 2024
Affected Software
SKT Addons for Elementor
Researcher
7.2
CVSS Rating
High (7.2)
CVE-ID
CVE-2024-2087
Patch Status
Patched
Published
Jun 4, 2024
Affected Software
Brizy – Page Builder
Researcher
7.2
CVSS Rating
High (7.2)
CVE-ID
CVE-2024-4870
Patch Status
Unpatched
Published
Jun 3, 2024
Affected Software
Frontend Registration – Contact Form 7
Researcher
7.2
CVSS Rating
High (7.2)
CVE-ID
CVE-2024-35706
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
Heateor Social Login WordPress
Researcher
7.2
CVSS Rating
High (7.2)
CVE-ID
CVE-2024-5542
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor
Researcher
7.2
CVSS Rating
High (7.2)
CVE-ID
CVE-2024-4759
Patch Status
Unpatched
Published
Jun 4, 2024
Affected Software
Mime Types Extended
Researcher
7.2
CVSS Rating
High (7.2)
CVE-ID
CVE-2024-3555
Patch Status
Unpatched
Published
Jun 3, 2024
Affected Software
Social Link Pages: link-in-bio landing pages for your social media profiles
Researcher
7.2
CVSS Rating
High (7.2)
CVE-ID
CVE-2024-4902
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
Tutor LMS – eLearning and online course solution
Researcher
7.2
CVSS Rating
High (7.2)
CVE-ID
CVE-2024-35734
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
WP Time Slots Booking Form
Researcher
6.8
CVSS Rating
Medium (6.8)
CVE-ID
CVE-2024-5481
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
Photo Gallery by 10Web – Mobile-Friendly Image Gallery
Researcher
6.6
CVSS Rating
Medium (6.6)
CVE-ID
CVE-2024-35650
Patch Status
Patched
Published
Jun 3, 2024
Affected Software
MelaPress Login Security
Researcher
6.5
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2024-4194
Patch Status
Patched
Published
Jun 5, 2024
Affected Software
Album and Image Gallery plus Lightbox
Researcher
6.5
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2024-5149
Patch Status
Patched
Published
Jun 4, 2024
Affected Software
Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC)
Researcher
6.5
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2024-5654
Patch Status
Patched
Published
Jun 7, 2024
Affected Software
CF7 Google Sheets Connector
Researcher
6.5
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2024-5382
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor
Researcher
6.5
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2024-35754
Patch Status
Unpatched
Published
Jun 6, 2024
Affected Software
Ovic Importer
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-35675
Patch Status
Patched
Published
Jun 5, 2024
Affected Software
Advanced Woo Labels – Product Labels for WooCommerce
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-35705
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
Block for Font Awesome
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-35704
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
BlockArt Blocks – Gutenberg Blocks, Page Builder Blocks ,WordPress Block Plugin, Sections & Template Library
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-5439
Patch Status
Patched
Published
Jun 4, 2024
Affected Software
Blocksy
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-35715
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
Bloglo
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-5006
Patch Status
Unpatched
Published
Jun 4, 2024
Affected Software
Boostify Header Footer Builder for Elementor
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-1161
Patch Status
Patched
Published
Jun 4, 2024
Affected Software
Brizy – Page Builder
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-1164
Patch Status
Patched
Published
Jun 4, 2024
Affected Software
Brizy – Page Builder
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-5663
Patch Status
Patched
Published
Jun 7, 2024
Affected Software
Cards for Beaver Builder
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-2350
Patch Status
Unpatched
Published
Jun 5, 2024
Affected Software
Clever Addons for Elementor
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-1768
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
Clever Fox
Researchers
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4451
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
Colibri Page Builder
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-5038
Patch Status
Patched
Published
Jun 5, 2024
Affected Software
Colibri Page Builder
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-35681
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
Comments – wpDiscuz
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4697
Patch Status
Patched
Published
Jun 3, 2024
Affected Software
Cowidgets – Elementor Addons
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-3230
Patch Status
Patched
Published
Jun 3, 2024
Affected Software
Download Attachments
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4001
Patch Status
Patched
Published
Jun 4, 2024
Affected Software
Download Manager
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-5224
Patch Status
Unpatched
Published
Jun 5, 2024
Affected Software
Easy Social Like Box – Popup – Sidebar Widget
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-5152
Patch Status
Unpatched
Published
Jun 5, 2024
Affected Software
ElementsReady Addons for Elementor
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-5571
Patch Status
Patched
Published
Jun 4, 2024
Affected Software
EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-5645
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
Envo Extra
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-5612
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
Essential Addons for Elementor Pro
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-5188
Patch Status
Patched
Published
Jun 5, 2024
Affected Software
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4273
Patch Status
Unpatched
Published
Jun 3, 2024
Affected Software
Essential Real Estate
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-5536
Patch Status
Patched
Published
Jun 4, 2024
Affected Software
GamiPress – Link
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-3111
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
Interactive Content – H5P
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-35707
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
Heateor Social Login WordPress
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-35699
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
HT Feed
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-35714
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
Idyllic
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-5001
Patch Status
Unpatched
Published
Jun 5, 2024
Affected Software
Image Hover Effects for Elementor with Lightbox and Flipbox
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-35738
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
Kognetiks Chatbot for WordPress
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-5161
Patch Status
Patched
Published
Jun 5, 2024
Affected Software
Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library )
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4707
Patch Status
Patched
Published
Jun 5, 2024
Affected Software
Materialis Companion
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-5259
Patch Status
Patched
Published
Jun 5, 2024
Affected Software
MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-5317
Patch Status
Patched
Published
Jun 4, 2024
Affected Software
Newsletter – Send awesome emails from WordPress
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4703
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
One Page Express Companion
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-5426
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
Photo Gallery by 10Web – Mobile-Friendly Image Gallery
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-35740
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
Pixgraphy
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4042
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
Gutenberg Blocks, Page Builder – ComboBlocks
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-1988
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
Gutenberg Blocks, Page Builder – ComboBlocks
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-5640
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider)
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-35701
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
PropertyHive
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4364
Patch Status
Patched
Published
Jun 5, 2024
Affected Software
Qi Addons For Elementor
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-5221
Patch Status
Patched
Published
Jun 5, 2024
Affected Software
Qi Blocks
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-35676
Patch Status
Patched
Published
Jun 5, 2024
Affected Software
Recurring PayPal Donations
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-35654
Patch Status
Patched
Published
Jun 3, 2024
Affected Software
Responsive
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-5222
Patch Status
Patched
Published
Jun 4, 2024
Affected Software
Responsive Addons – Starter Templates, Advanced Features and Customizer Settings for Responsive Theme.
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-35719
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
RestroPress – Online Food Ordering System
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-35708
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
Rife Free
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-5141
Patch Status
Unpatched
Published
Jun 5, 2024
Affected Software
Rotating Tweets (Twitter widget and shortcode)
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4489
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
Royal Elementor Addons and Templates
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4488
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
Royal Elementor Addons and Templates
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-35649
Patch Status
Patched
Published
Jun 3, 2024
Affected Software
Save as PDF Plugin by Pdfcrowd
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4608
Patch Status
Patched
Published
Jun 5, 2024
Affected Software
SellKit – Funnel builder and checkout optimizer for WooCommerce to sell more, faster
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-34765
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
woothemes-sensei
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4900
Patch Status
Patched
Published
Jun 3, 2024
Affected Software
SEOPress – On-site SEO
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4899
Patch Status
Patched
Published
Jun 3, 2024
Affected Software
SEOPress – On-site SEO
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-5342
Patch Status
Unpatched
Published
Jun 5, 2024
Affected Software
Simple Image Popup Shortcode
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4637
Patch Status
Patched
Published
Jun 3, 2024
Affected Software
Slider Revolution
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4581
Patch Status
Patched
Published
Jun 3, 2024
Affected Software
Slider Revolution
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-5199
Patch Status
Unpatched
Published
Jun 5, 2024
Affected Software
Spotify Play Button
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-5485
Patch Status
Patched
Published
Jun 3, 2024
Affected Software
SureTriggers: All-in-One WordPress Automation Plugin
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4354
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
TablePress – Tables in WordPress made easy
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-3888
Patch Status
Patched
Published
Jun 3, 2024
Affected Software
tagDiv Composer
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-35753
Patch Status
Unpatched
Published
Jun 6, 2024
Affected Software
TemplatesNext OnePager
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4705
Patch Status
Unpatched
Published
Jun 5, 2024
Affected Software
Testimonials Widget
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-35739
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-35711
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
Event
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4212
Patch Status
Patched
Published
Jun 5, 2024
Affected Software
Themesflat Addons For Elementor
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4458
Patch Status
Patched
Published
Jun 5, 2024
Affected Software
Themesflat Addons For Elementor
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-2922
Patch Status
Patched
Published
Jun 5, 2024
Affected Software
Themesflat Addons For Elementor
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4459
Patch Status
Patched
Published
Jun 5, 2024
Affected Software
Themesflat Addons For Elementor
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-35755
Patch Status
Unpatched
Published
Jun 7, 2024
Affected Software
Weather Widget Pro
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4939
Patch Status
Patched
Published
Jun 4, 2024
Affected Software
Weaver Xtreme Theme Support
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-3633
Patch Status
Unpatched
Published
Jun 5, 2024
Affected Software
WebP & SVG Support
Researchers
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-5162
Patch Status
Unpatched
Published
Jun 5, 2024
Affected Software
WordPress prettyPhoto
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-35695
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
WP Docs
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-5425
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
LightPress Lightbox (WP JQuery Lightbox)
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4821
Patch Status
Patched
Published
Jun 4, 2024
Affected Software
WP Shortcodes Plugin — Shortcodes Ultimate
Researcher
6.3
CVSS Rating
Medium (6.3)
CVE-ID
CVE-2024-5087
Patch Status
Patched
Published
Jun 7, 2024
Affected Software
Minimal Coming Soon – Coming Soon Page
Researcher
6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-35693
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
12 Step Meeting List
Researcher
6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-35730
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
Active Products Tables for WooCommerce. Use constructor to create tables
Researcher
6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-5728
Patch Status
Unpatched
Published
Jun 7, 2024
Affected Software
Animated AL List
Researcher
6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-35733
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
Auto Coupons for WooCommerce
Researcher
6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-4704
Patch Status
Patched
Published
Jun 5, 2024
Affected Software
Contact Form 7
Researcher
6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2023-6956
Patch Status
Unpatched
Published
Jun 5, 2024
Affected Software
EasyAzon – Amazon Associates Affiliate Plugin
Researcher
6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-35697
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
Eduma
Researcher
6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-35652
Patch Status
Patched
Published
Jun 3, 2024
Affected Software
Event Tickets with Ticket Scanner
Researcher
6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-5613
Patch Status
Patched
Published
Jun 7, 2024
Affected Software
Formula
Researcher
6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-5638
Patch Status
Patched
Published
Jun 7, 2024
Affected Software
Formula
Researcher
6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-35679
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
GiveWP – Donation Plugin and Fundraising Platform
Researcher
6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-3469
Patch Status
Patched
Published
Jun 4, 2024
Affected Software
GP Premium
Researchers
6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-35687
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
Link Library
Researcher
6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-4757
Patch Status
Unpatched
Published
Jun 4, 2024
Affected Software
Logo Manager For Enamad
Researcher
6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-35668
Patch Status
Patched
Published
Jun 3, 2024
Affected Software
Newsletter, SMTP, Email marketing and Subscribe forms by Brevo (formely Sendinblue)
Researcher
6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-35718
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
Newsletters
Researcher
6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-5730
Patch Status
Unpatched
Published
Jun 7, 2024
Affected Software
Pagerank tools
Researcher
6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-5729
Patch Status
Unpatched
Published
Jun 7, 2024
Affected Software
Simple AL Slider
Researcher
6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-5727
Patch Status
Unpatched
Published
Jun 7, 2024
Affected Software
Widget4Call
Researcher
6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-35696
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
WP Docs
Researcher
6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-35737
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
WP Visitors Tracker
Researcher
6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-35694
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
WPMobile.App — Android and iOS Mobile Application
Researcher
5.4
CVSS Rating
Medium (5.4)
CVE-ID
CVE-2024-35724
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
Bosa Elementor Addons and Templates for WooCommerce
Researcher
5.4
CVSS Rating
Medium (5.4)
CVE-ID
CVE-2023-6876
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
Clever Fox
Researcher
5.4
CVSS Rating
Medium (5.4)
CVE-ID
CVE-2024-2017
Patch Status
Patched
Published
Jun 5, 2024
Affected Software
Countdown, Coming Soon, Maintenance – Countdown & Clock
Researcher
5.4
CVSS Rating
Medium (5.4)
CVE-ID
CVE-2024-35669
Patch Status
Patched
Published
Jun 3, 2024
Affected Software
Debug Log Manager
Researcher
5.4
CVSS Rating
Medium (5.4)
CVE-ID
CVE-2024-5607
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
GDPR CCPA Compliance & Cookie Consent Banner
Researcher
5.4
CVSS Rating
Medium (5.4)
CVE-ID
CVE-2024-35731
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
Kenta Blocks – Responsive Blocks and block templates library
Researcher
5.4
CVSS Rating
Medium (5.4)
CVE-ID
CVE-2024-35673
Patch Status
Patched
Published
Jun 5, 2024
Affected Software
Pure Chat – Live Chat & More!
Researcher
5.4
CVSS Rating
Medium (5.4)
CVE-ID
CVE-2024-3987
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
WP Mobile Menu – The Mobile-Friendly Responsive Menu
Researcher
5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-2382
Patch Status
Unpatched
Published
Jun 3, 2024
Affected Software
Authorize.net Payment Gateway For WooCommerce
Researcher
5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-5071
Patch Status
Unpatched
Published
Jun 5, 2024
Affected Software
Bookster – WordPress Appointment Booking Plugin
Researcher
5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-0972
Patch Status
Unpatched
Published
Jun 5, 2024
Affected Software
BuddyPress Members Only
Researcher
5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-1718
Patch Status
Unpatched
Published
Jun 3, 2024
Affected Software
Claudio Sanches – Checkout Cielo for WooCommerce
Researcher
5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-35747
Patch Status
Unpatched
Published
Jun 6, 2024
Affected Software
Contact Form Builder, Contact Widget
Researcher
5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-35742
Patch Status
Unpatched
Published
Jun 6, 2024
Affected Software
Easy Forms for Mailchimp
Researcher
5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-35692
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
GDPR/CCPA Cookie Consent Banner
Researcher
5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-35665
Patch Status
Unpatched
Published
Jun 3, 2024
Affected Software
Insert Post Ads
Researcher
5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-35670
Patch Status
Patched
Published
Jun 3, 2024
Affected Software
Integrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files into Your WordPress Site
Researcher
5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-35725
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
LA-Studio Element Kit for Elementor
Researcher
5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-5483
Patch Status
Patched
Published
Jun 4, 2024
Affected Software
LearnPress – WordPress LMS Plugin
Researcher
5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-35683
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
Leyka
Researcher
5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-35660
Patch Status
Patched
Published
Jun 3, 2024
Affected Software
Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor
Researcher
5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-5615
Patch Status
Patched
Published
Jun 4, 2024
Affected Software
Open Graph
Researcher
5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-35682
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
Otter Blocks PRO – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE
Researcher
5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-35710
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
Podlove Web Player
Researcher
5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-35728
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
Product Addons & Fields for WooCommerce
Researcher
5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-35685
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
Radcliffe 2
Researcher
5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-0910
Patch Status
Patched
Published
Jun 5, 2024
Affected Software
Restrict for Elementor
Researcher
5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-35686
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
Sensei LMS – Online Courses, Quizzes, & Learning
woothemes-sensei
Researcher
5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-35749
Patch Status
Unpatched
Published
Jun 6, 2024
Affected Software
Under Construction / Maintenance Mode from Acurax
Researcher
5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-35661
Patch Status
Unpatched
Published
Jun 3, 2024
Affected Software
Upload Fields for WPForms – Drag and Drop Multiple File Upload, Image Upload, and Google Drive Upload for WPForms
Researcher
5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-35748
Patch Status
Unpatched
Published
Jun 6, 2024
Affected Software
WooCommerce Dropshipping Premium
Researcher
5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-1689
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
WooCommerce Tools
Researcher
5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-35667
Patch Status
Patched
Published
Jun 3, 2024
Affected Software
Shopping Cart & eCommerce Store
Researcher
5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-35735
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
WP Time Slots Booking Form
Researcher
5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-35663
Patch Status
Unpatched
Published
Jun 3, 2024
Affected Software
WP Translate – WordPress Translation Plugin
Researcher
5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-1175
Patch Status
Patched
Published
Jun 5, 2024
Affected Software
WP-Recall – Registration, Profile, Commerce & More
Researcher
5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-4997
Patch Status
Unpatched
Published
Jun 3, 2024
Affected Software
WPUpper Share Buttons
Researcher
5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-35680
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
YITH WooCommerce Product Add-Ons
Researcher
4.9
CVSS Rating
Medium (4.9)
CVE-ID
CVE-2024-35712
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
Database Cleaner
Researcher
4.9
CVSS Rating
Medium (4.9)
CVE-ID
CVE-2024-35743
Patch Status
Unpatched
Published
Jun 6, 2024
Affected Software
SC filechecker
Researcher
4.9
CVSS Rating
Medium (4.9)
CVE-ID
CVE-2024-35744
Patch Status
Unpatched
Published
Jun 6, 2024
Affected Software
Upunzipper
Researcher
4.7
CVSS Rating
Medium (4.7)
CVE-ID
CVE-2023-5424
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
WS Form LITE – Drag & Drop Contact Form Builder for WordPress
WS Form Pro
Researcher
4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-35655
Patch Status
Unpatched
Published
Jun 3, 2024
Affected Software
Brave – Create Popup, Optins, Lead Generation, Survey, Sticky Elements & Interactive Content
Researcher
4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-4942
Patch Status
Unpatched
Published
Jun 5, 2024
Affected Software
Custom Dash
Researcher
4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-5573
Patch Status
Patched
Published
Jun 5, 2024
Affected Software
Easy Table of Contents
Researcher
4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-3031
Patch Status
Unpatched
Published
Jun 3, 2024
Affected Software
Fluid Notification Bar
Researcher
4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-4957
Patch Status
Unpatched
Published
Jun 5, 2024
Affected Software
Frontend Checklist
Researcher
4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-4959
Patch Status
Unpatched
Published
Jun 5, 2024
Affected Software
Frontend Checklist
Researcher
4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-4462
Patch Status
Unpatched
Published
Jun 3, 2024
Affected Software
Nafeza Prayer Time
Researcher
4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-5473
Patch Status
Unpatched
Published
Jun 5, 2024
Affected Software
Simple Photoswipe
Researcher
4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-35752
Patch Status
Unpatched
Published
Jun 6, 2024
Affected Software
Stellissimo Text Box
Researcher
4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-35756
Patch Status
Unpatched
Published
Jun 7, 2024
Affected Software
Tooltip CK
Researcher
4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-5169
Patch Status
Unpatched
Published
Jun 5, 2024
Affected Software
Video Widget
Researcher
4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-35653
Patch Status
Patched
Published
Jun 3, 2024
Affected Software
Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode & Coming Soon Pages
Researcher
4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-35751
Patch Status
Unpatched
Published
Jun 6, 2024
Affected Software
Woody code snippets – Insert Header Footer Code, AdSense Ads
Researcher
4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-4664
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
WP Chat App
Researcher
4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-35698
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
YITH WooCommerce Tab Manager
Researcher
4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-1717
Patch Status
Patched
Published
Jun 3, 2024
Affected Software
Admin Notices Manager
Researcher
4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-35720
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
Album Gallery – WordPress Gallery
Researcher
4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-35689
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy)
Researcher
4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-4788
Patch Status
Unpatched
Published
Jun 5, 2024
Affected Software
Boostify Header Footer Builder for Elementor
Researcher
4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-35726
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages
Researcher
4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-35716
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
Copymatic – AI Content Writer & Generator
Researcher
4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-35723
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
Dashboard To-Do List
Researcher
4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-35684
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
ElasticPress
Researcher
4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-35648
Patch Status
Patched
Published
Jun 3, 2024
Affected Software
Emergency Password Reset
Researcher
4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-4274
Patch Status
Unpatched
Published
Jun 3, 2024
Affected Software
Essential Real Estate
Researcher
4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-35727
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
Extra Product Options for WooCommerce
Researcher
4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-4088
Patch Status
Patched
Published
Jun 4, 2024
Affected Software
Gutenberg Blocks and Page Layouts – Attire Blocks
Researcher
4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-35721
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery
Researcher
4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-1330
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
Kadence Blocks Pro
Researcher
4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-35659
Patch Status
Unpatched
Published
Jun 3, 2024
Affected Software
KiviCare – Clinic & Patient Management System (EHR)
Researcher
4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-5665
Patch Status
Patched
Published
Jun 5, 2024
Affected Software
Login/Signup Popup ( Inline Form + Woocommerce )
Researcher
4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-35717
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
Media Slider – Photo Slider, Video Slider, Link Slider, Carousal Slideshow
Researcher
4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-35671
Patch Status
Unpatched
Published
Jun 3, 2024
Affected Software
MJ Update History
Researcher
4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-2368
Patch Status
Patched
Published
Jun 4, 2024
Affected Software
Mollie Forms
Researcher
4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-4758
Patch Status
Unpatched
Published
Jun 5, 2024
Affected Software
Muslim Prayer Time BD
Researcher
4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-5453
Patch Status
Patched
Published
Jun 4, 2024
Affected Software
ProfileGrid – User Profiles, Groups and Communities
Researcher
4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-5459
Patch Status
Patched
Published
Jun 4, 2024
Affected Software
Five Star Restaurant Menu and Food Ordering
Researcher
4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-4468
Patch Status
Patched
Published
Jun 7, 2024
Affected Software
Salon Booking System
Researcher
4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-35662
Patch Status
Unpatched
Published
Jun 3, 2024
Affected Software
Simple COD Fees for WooCommerce
Researcher
4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-5570
Patch Status
Unpatched
Published
Jun 7, 2024
Affected Software
Simple Photoswipe
Researcher
4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-35722
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
Slider Responsive Slideshow – Image slider, Gallery slideshow
Researcher
4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2023-6491
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
Strong Testimonials
Researcher
4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-35729
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
Tickera – WordPress Event Ticketing
Researcher
4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-5438
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
Tutor LMS – eLearning and online course solution
Researcher
4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-35674
Patch Status
Patched
Published
Jun 5, 2024
Affected Software
Unlimited Elements For Elementor (Free Widgets, Addons, Templates)
Researcher
4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-5489
Patch Status
Patched
Published
Jun 5, 2024
Affected Software
Wbcom Designs – Custom Font Uploader
Researcher
4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-35691
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
Widget Options - Extended
Widget Options – The #1 WordPress Widget & Block Control Plugin
Researcher
4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-5449
Patch Status
Patched
Published
Jun 5, 2024
Affected Software
WP Dark Mode – WordPress Dark Mode Plugin for Improved Accessibility, Dark Theme, Night Mode, and Social Sharing
Researcher
4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-4661
Patch Status
Patched
Published
Jun 7, 2024
Affected Software
WP Reset – Most Advanced WordPress Reset Tool
Researcher
4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-35657
Patch Status
Patched
Published
Jun 3, 2024
Affected Software
WP-Recall – Registration, Profile, Commerce & More
Researcher
4.2
CVSS Rating
Medium (4.2)
CVE-ID
CVE-2024-5770
Patch Status
Patched
Published
Jun 7, 2024
Affected Software
WP Force SSL & HTTPS SSL Redirect
Researcher
4.0
CVSS Rating
Medium (4.0)
CVE-ID
CVE-2024-35732
Patch Status
Patched
Published
Jun 6, 2024
Affected Software
YITH Custom Login
Researcher
As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.
This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us through our Bug Bounty Program, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
The post Wordfence Intelligence Weekly WordPress Vulnerability Report (June 3, 2024 to June 9, 2024) appeared first on Wordfence.
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
87.1%