CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
39.7%
_ Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors?__Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the rest. _
Last week, there were 96 vulnerabilities disclosed in 76 WordPress Plugins and 3 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 40 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.
Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface, vulnerability API, webhook integration, and Wordfence CLI Vulnerability Scanner are all completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.
Enterprises, Hosting Providers, and even Individuals can use the Wordfence CLI Vulnerability Scanner to run regular vulnerability scans across the sites they protect. Or alternatively, utilize the vulnerability Database API to receive a complete dump of our database of over 17,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
Patch Status | Number of Vulnerabilities |
---|---|
Patched | 87 |
Unpatched | 9 |
Severity Rating | Number of Vulnerabilities |
---|---|
Low Severity | 1 |
Medium Severity | 76 |
High Severity | 14 |
Critical Severity | 5 |
Vulnerability Type by CWE | Number of Vulnerabilities |
---|---|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 39 |
Missing Authorization | 18 |
Cross-Site Request Forgery (CSRF) | 14 |
Information Exposure | 6 |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | 5 |
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') | 2 |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | 2 |
Unrestricted Upload of File with Dangerous Type | 2 |
Authentication Bypass by Primary Weakness | 1 |
Authentication Bypass Using an Alternate Path or Channel | 1 |
Authorization Bypass Through User-Controlled Key | 1 |
Deserialization of Untrusted Data | 1 |
External Control of File Name or Path | 1 |
Improper Encoding or Escaping of Output | 1 |
Improper Handling of Insufficient Permissions or Privileges | 1 |
Storing Passwords in a Recoverable Format | 1 |
Researcher Name | Number of Vulnerabilities |
---|
| 10
| 6
| 5
| 5
| 5
Joรฃo Pedro Soares de Alcรขntara
| 5
| 5
| 5
| 4
| 4
| 3
| 3
| 3
| 3
| 2
| 2
| 2
| 2
Vuln Seeker Cybersecurity Team
| 1
| 1
| 1
| 1
| 1
| 1
Vincent Fourcade (vinceMatsui)
| 1
| 1
| 1
| 1
| 1
| 1
| 1
| 1
| 1
| 1
| 1
| 1
| 1
| 1
| 1
| 1
Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and earn a bounty on in-scope vulnerabilities through our Bug Bounty Program. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.
Software Name | Software Slug |
---|---|
Addonify โ Quick View For WooCommerce | addonify-quick-view |
AForms โ Form Builder for Price Calculator & Cost Estimation | aforms-form-builder-for-price-calculator-cost-estimation |
AI ChatBot for WordPress โ WPBot | chatbot |
Ajax Search Lite | ajax-search-lite |
Appointment Booking Calendar Plugin and Scheduling Plugin โ BookingPress | bookingpress-appointment-booking |
Arconix FAQ | arconix-faq |
Arconix Shortcodes | arconix-shortcodes |
Backup, Restore and Migrate WordPress Sites With the XCloner Plugin | xcloner-backup-and-restore |
Booking Ultra Pro Appointments Booking Calendar Plugin | booking-ultra-pro |
Brizy โ Page Builder | brizy |
BSK PDF Manager | bsk-pdf-manager |
Category Posts Widget | category-posts |
Chatbot for WordPress by Collect.chat | collectchat |
Community Events | community-events |
Conditional Fields for Contact Form 7 | cf7-conditional-fields |
Cooked โ Recipe Management | cooked |
CopySafe Web Protection | wp-copysafe-web |
CTX Feed โ WooCommerce Product Feed Manager Plugin | webappick-product-feed-for-woocommerce |
Ditty โ Responsive News Tickers, Sliders, and Lists | ditty-news-ticker |
Duplica โ Duplicate Posts, Pages, Custom Posts or Users | duplica |
Easy Table of Contents | easy-table-of-contents |
Easy Testimonials | easy-testimonials |
Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) | bdthemes-element-pack-lite |
ElementsKit Elementor addons | elementskit-lite |
Email Subscribers by Icegram Express โ Email Marketing, Newsletters, Automation for WordPress & WooCommerce | email-subscribers |
Event Manager, Events Calendar, Tickets, Registrations โ Eventin | wp-event-solution |
FormLift for Infusionsoft Web Forms | formlift |
FV Flowplayer Video Player | fv-wordpress-flowplayer |
Getwid โ Gutenberg Blocks | getwid |
GiveWP โ Donation Plugin and Fundraising Platform | give |
Glossary | glossary-by-codeat |
Gutenberg Blocks with AI by Kadence WP โ Page Builder Features | kadence-blocks |
Gutenverse โ Blocks and Page Builder for Site Editor | gutenverse |
House Manager โ Easy Renter Management System for WordPress | house-manager |
HUSKY โ Products Filter Professional for WooCommerce | woocommerce-products-filter |
Image Hover Effects โ Elementor Addon | image-hover-effects-addon-for-elementor |
JetWidgets for Elementor and WooCommerce | jetwoo-widgets-for-elementor |
Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps) | leaflet-maps-marker |
Light Poll | light-poll |
Livemesh Addons for Beaver Builder | addons-for-beaver-builder |
Meks Video Importer | meks-video-importer |
Mercado Pago payments for WooCommerce | woocommerce-mercadopago |
Online Booking & Scheduling Calendar for WordPress by vcita | meeting-scheduler-by-vcita |
Pinpoint Booking System | UNKNOWN-CVE-2023-25062-1 |
Post and Page Builder by BoldGrid โ Visual Drag and Drop Editor | post-and-page-builder |
Premium Portfolio Features for Phlox theme | auxin-portfolio |
RegLevel | reglevel |
RSS Aggregator โ RSS Import, News Feeds, Feed to Post, and Autoblogging | wp-rss-aggregator |
SchedulePress โ Auto Post & Publish, Auto Social Share, Schedule Posts with Editorial Calendar & Missed Schedule Post Publisher | wp-scheduled-posts |
Schema & Structured Data for WP & AMP | schema-and-structured-data-for-wp |
Search & Filter Pro | search-filter-pro |
Security Optimizer โ The All-In-One Protection Plugin | sg-security |
SEO Plugin by Squirrly SEO | squirrly-seo |
Shortcodes Ultimate Pro | shortcodes-ultimate-pro |
Smartsupp โ live chat, chatbots, AI and lead generation | smartsupp-live-chat |
SVG Support | svg-support |
Telegram Bot & Channel | telegram-bot |
Terms and Category Based Posts Widget | term-and-category-based-posts-widget |
The Pack Elementor addons (Header Footer & WooCommerce Builder, Template Library) | the-pack-addon |
Timeline Event History | timeline-event-history |
UiPress lite | Effortless custom dashboards, admin themes and pages |
Ultimate Addons for WPBakery | Ultimate_VC_Addons |
VikRentCar Car Rental Management System | vikrentcar |
Visual Website Collaboration, Feedback & Project Management โ Atarim | atarim-visual-collaboration |
Web and WooCommerce Addons for WPBakery Builder | vc-addons-by-bit14 |
WooCommerce - Social Login | woo-social-login |
WordPress File Upload | wp-file-upload |
Wp EMember | wp-emember |
WP eStore | wp-cart-for-digital-products |
WP Event Manager โ Events Calendar, Registrations, Sell Tickets with WooCommerce | wp-event-manager |
WP Fast Total Search โ The Power of Indexed Search | fulltext-search |
WP GoToWebinar | wp-gotowebinar |
WP Mail SMTP by WPForms โ The Most Popular SMTP and Email Log Plugin | wp-mail-smtp |
WPForms User Registration | wpforms-user-registration |
YITH Essential Kit for WooCommerce #1 | yith-essential-kit-for-woocommerce-1 |
็ฎๆฐ้้ๅจ | keydatas |
Software Name | Software Slug |
---|---|
CoziPress | cozipress |
Himer - Social Questions and Answers WordPress Theme | himer |
Zenon Lite | zenon-lite |
Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you shouldโve already been notified if your site was affected by any of these vulnerabilities. If you'd like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.
10.0
CVSS Rating
Critical (10.0)
CVE-ID
CVE-2024-38773
Patch Status
Patched
Published
Jul 19, 2024
Affected Software
FormLift for Infusionsoft Web Forms
Researcher
9.8
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-6457
Patch Status
Patched
Published
Jul 15, 2024
Affected Software
HUSKY โ Products Filter Professional for WooCommerce
Researcher
9.8
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-6636
Patch Status
Patched
Published
Jul 19, 2024
Affected Software
WooCommerce - Social Login
Researcher
9.8
CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-6220
Patch Status
Patched
Published
Jul 16, 2024
Affected Software
็ฎๆฐ้้ๅจ
Researcher
9.1
CVSS Rating
Critical (9.1)
CVE-ID
CVE-2024-38788
Patch Status
Patched
Published
Jul 19, 2024
Affected Software
UiPress lite | Effortless custom dashboards, admin themes and pages
Researcher
8.8
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-6660
Patch Status
Patched
Published
Jul 16, 2024
Affected Software
Appointment Booking Calendar Plugin and Scheduling Plugin โ BookingPress
Researcher
8.8
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-6467
Patch Status
Patched
Published
Jul 16, 2024
Affected Software
Appointment Booking Calendar Plugin and Scheduling Plugin โ BookingPress
Researcher
8.8
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-3242
Patch Status
Patched
Published
Jul 17, 2024
Affected Software
Brizy โ Page Builder
Researcher
8.8
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-6338
Patch Status
Patched
Published
Jul 18, 2024
Affected Software
FV Flowplayer Video Player
Researcher
8.8
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-38772
Patch Status
Patched
Published
Jul 19, 2024
Affected Software
JetWidgets for Elementor and WooCommerce
Researcher
Joรฃo Pedro Soares de Alcรขntara
8.8
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-6497
Patch Status
Patched
Published
Jul 19, 2024
Affected Software
SEO Plugin by Squirrly SEO
Researcher
8.8
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-38768
Patch Status
Patched
Published
Jul 16, 2024
Affected Software
The Pack Elementor addons (Header Footer & WooCommerce Builder, Template Library)
Researcher
Joรฃo Pedro Soares de Alcรขntara
8.8
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-5726
Patch Status
Unpatched
Published
Jul 17, 2024
Affected Software
Timeline Event History
Researcher
8.0
CVSS Rating
High (8.0)
CVE-ID
CVE-2023-52209
Patch Status
Patched
Published
Jul 18, 2024
Affected Software
WPForms User Registration
Researcher
7.3
CVSS Rating
High (7.3)
CVE-ID
CVE-2024-6635
Patch Status
Patched
Published
Jul 19, 2024
Affected Software
WooCommerce - Social Login
Researcher
7.3
CVSS Rating
High (7.3)
CVE-ID
CVE-2024-6637
Patch Status
Patched
Published
Jul 19, 2024
Affected Software
WooCommerce - Social Login
Researcher
7.2
CVSS Rating
High (7.2)
CVE-ID
CVE-2024-38775
Patch Status
Patched
Published
Jul 19, 2024
Affected Software
CTX Feed โ WooCommerce Product Feed Manager Plugin
Researcher
7.2
CVSS Rating
High (7.2)
CVE-ID
CVE-2024-6494
Patch Status
Patched
Published
Jul 16, 2024
Affected Software
WordPress File Upload
Researcher
7.1
CVSS Rating
High (7.1)
CVE-ID
CVE-2024-1937
Patch Status
Patched
Published
Jul 15, 2024
Affected Software
Brizy โ Page Builder
Researcher
6.5
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2024-3934
Patch Status
Patched
Published
Jul 19, 2024
Affected Software
Mercado Pago payments for WooCommerce
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-38767
Patch Status
Patched
Published
Jul 15, 2024
Affected Software
BSK PDF Manager
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-38786
Patch Status
Unpatched
Published
Jul 19, 2024
Affected Software
CoziPress
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-6710
Patch Status
Patched
Published
Jul 15, 2024
Affected Software
Ditty โ Responsive News Tickers, Sliders, and Lists
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-2337
Patch Status
Unpatched
Published
Jul 19, 2024
Affected Software
Easy Testimonials
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-5554
Patch Status
Patched
Published
Jul 17, 2024
Affected Software
Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-5555
Patch Status
Patched
Published
Jul 17, 2024
Affected Software
Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)
Researcher
Joรฃo Pedro Soares de Alcรขntara
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-6884
Patch Status
Patched
Published
Jul 18, 2024
Affected Software
Gutenberg Blocks with AI by Kadence WP โ Page Builder Features
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-38785
Patch Status
Patched
Published
Jul 19, 2024
Affected Software
Gutenverse โ Blocks and Page Builder for Site Editor
Researcher
Joรฃo Pedro Soares de Alcรขntara
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4780
Patch Status
Patched
Published
Jul 15, 2024
Affected Software
Image Hover Effects โ Elementor Addon
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-38782
Patch Status
Patched
Published
Jul 19, 2024
Affected Software
Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps)
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-6848
Patch Status
Patched
Published
Jul 19, 2024
Affected Software
Post and Page Builder by BoldGrid โ Visual Drag and Drop Editor
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-3587
Patch Status
Patched
Published
Jul 15, 2024
Affected Software
Premium Portfolio Features for Phlox theme
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-5582
Patch Status
Patched
Published
Jul 16, 2024
Affected Software
Schema & Structured Data for WP & AMP
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-6766
Patch Status
Patched
Published
Jul 16, 2024
Affected Software
Shortcodes Ultimate Pro
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-5254
Patch Status
Patched
Published
Jul 16, 2024
Affected Software
Ultimate Addons for WPBakery
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-5253
Patch Status
Patched
Published
Jul 16, 2024
Affected Software
Ultimate Addons for WPBakery
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-5251
Patch Status
Patched
Published
Jul 16, 2024
Affected Software
Ultimate Addons for WPBakery
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-5252
Patch Status
Patched
Published
Jul 16, 2024
Affected Software
Ultimate Addons for WPBakery
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-5255
Patch Status
Patched
Published
Jul 16, 2024
Affected Software
Ultimate Addons for WPBakery
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-35761
Patch Status
Patched
Published
Jul 17, 2024
Affected Software
Online Booking & Scheduling Calendar for WordPress by vcita
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-2691
Patch Status
Patched
Published
Jul 15, 2024
Affected Software
WP Event Manager โ Events Calendar, Registrations, Sell Tickets with WooCommerce
Researcher
6.4
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-5964
Patch Status
Unpatched
Published
Jul 17, 2024
Affected Software
Zenon Lite
Researcher
6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-38781
Patch Status
Patched
Published
Jul 19, 2024
Affected Software
CopySafe Web Protection
Researcher
6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-3973
Patch Status
Unpatched
Published
Jul 16, 2024
Affected Software
House Manager โ Easy Renter Management System for WordPress
Researcher
6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-6651
Patch Status
Patched
Published
Jul 16, 2024
Affected Software
WordPress File Upload
Researcher
6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-5081
Patch Status
Patched
Published
Jul 15, 2024
Affected Software
Wp EMember
Researcher
6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-6133
Patch Status
Patched
Published
Jul 19, 2024
Affected Software
WP eStore
Researcher
6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-6134
Patch Status
Patched
Published
Jul 19, 2024
Affected Software
WP eStore
Researcher
6.1
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-38776
Patch Status
Patched
Published
Jul 19, 2024
Affected Software
WP GoToWebinar
Researcher
5.8
CVSS Rating
Medium (5.8)
CVE-ID
CVE-2024-2232
Patch Status
Patched
Published
Jul 15, 2024
Affected Software
Himer - Social Questions and Answers WordPress Theme
Researcher
5.5
CVSS Rating
Medium (5.5)
CVE-ID
CVE-2024-6669
Patch Status
Patched
Published
Jul 16, 2024
Affected Software
AI ChatBot for WordPress โ WPBot
Researcher
5.5
CVSS Rating
Medium (5.5)
CVE-ID
CVE-2024-7084
Patch Status
Patched
Published
Jul 16, 2024
Affected Software
Ajax Search Lite
Researcher
5.5
CVSS Rating
Medium (5.5)
CVE-ID
CVE-2024-6705
Patch Status
Unpatched
Published
Jul 17, 2024
Affected Software
RegLevel
Researcher
5.4
CVSS Rating
Medium (5.4)
CVE-ID
CVE-2024-6175
Patch Status
Unpatched
Published
Jul 17, 2024
Affected Software
Booking Ultra Pro Appointments Booking Calendar Plugin
Researcher
5.4
CVSS Rating
Medium (5.4)
CVE-ID
CVE-2024-39681
Patch Status
Patched
Published
Jul 17, 2024
Affected Software
Cooked โ Recipe Management
Researcher
5.4
CVSS Rating
Medium (5.4)
CVE-ID
CVE-2024-5977
Patch Status
Patched
Published
Jul 18, 2024
Affected Software
GiveWP โ Donation Plugin and Fundraising Platform
Researcher
5.4
CVSS Rating
Medium (5.4)
CVE-ID
CVE-2023-6708
Patch Status
Patched
Published
Jul 17, 2024
Affected Software
SVG Support
Researcher
5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-6560
Patch Status
Patched
Published
Jul 19, 2024
Affected Software
Addonify โ Quick View For WooCommerce
Researcher
5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-6565
Patch Status
Patched
Published
Jul 15, 2024
Affected Software
AForms โ Form Builder for Price Calculator & Cost Estimation
Researcher
5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-38783
Patch Status
Patched
Published
Jul 19, 2024
Affected Software
Arconix FAQ
Researcher
5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-38769
Patch Status
Patched
Published
Jul 19, 2024
Affected Software
Arconix Shortcodes
Researcher
5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-38771
Patch Status
Patched
Published
Jul 19, 2024
Affected Software
Visual Website Collaboration, Feedback & Project Management โ Atarim
Researcher
5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-6455
Patch Status
Patched
Published
Jul 18, 2024
Affected Software
ElementsKit Elementor addons
Researcher
5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-6489
Patch Status
Patched
Published
Jul 19, 2024
Affected Software
Getwid โ Gutenberg Blocks
Researcher
5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-6570
Patch Status
Patched
Published
Jul 15, 2024
Affected Software
Glossary
Researcher
5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-6557
Patch Status
Patched
Published
Jul 15, 2024
Affected Software
SchedulePress โ Auto Post & Publish, Auto Social Share, Schedule Posts with Editorial Calendar & Missed Schedule Post Publisher
Researcher
5.3
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-6559
Patch Status
Patched
Published
Jul 15, 2024
Affected Software
Backup, Restore and Migrate WordPress Sites With the XCloner Plugin
Researcher
5.0
CVSS Rating
Medium (5.0)
CVE-ID
CVE-2024-39682
Patch Status
Patched
Published
Jul 17, 2024
Affected Software
Cooked โ Recipe Management
Researcher
4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-6158
Patch Status
Patched
Published
Jul 19, 2024
Affected Software
Category Posts Widget
Terms and Category Based Posts Widget
Researcher
4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-6498
Patch Status
Patched
Published
Jul 15, 2024
Affected Software
Chatbot for WordPress by Collect.chat
Researcher
Vincent Fourcade (vinceMatsui)
4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-6270
Patch Status
Patched
Published
Jul 15, 2024
Affected Software
Community Events
Researcher
4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-7082
Patch Status
Patched
Published
Jul 16, 2024
Affected Software
Easy Table of Contents
Researcher
4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-38784
Patch Status
Patched
Published
Jul 19, 2024
Affected Software
Livemesh Addons for Beaver Builder
Researcher
Joรฃo Pedro Soares de Alcรขntara
4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-3636
Patch Status
Patched
Published
Jul 15, 2024
Affected Software
Pinpoint Booking System
Researcher
4.4
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-6481
Patch Status
Patched
Published
Jul 18, 2024
Affected Software
Search & Filter Pro
Researcher
4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-5804
Patch Status
Patched
Published
Jul 19, 2024
Affected Software
Conditional Fields for Contact Form 7
Researcher
4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-39680
Patch Status
Patched
Published
Jul 17, 2024
Affected Software
Cooked โ Recipe Management
Researcher
4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-39679
Patch Status
Patched
Published
Jul 17, 2024
Affected Software
Cooked โ Recipe Management
Researcher
4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-39678
Patch Status
Patched
Published
Jul 17, 2024
Affected Software
Cooked โ Recipe Management
Researcher
4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-5997
Patch Status
Patched
Published
Jul 18, 2024
Affected Software
Duplica โ Duplicate Posts, Pages, Custom Posts or Users
Researcher
4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-6033
Patch Status
Patched
Published
Jul 16, 2024
Affected Software
Event Manager, Events Calendar, Tickets, Registrations โ Eventin
Researcher
4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-6491
Patch Status
Patched
Published
Jul 19, 2024
Affected Software
Getwid โ Gutenberg Blocks
Researcher
4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-5703
Patch Status
Patched
Published
Jul 16, 2024
Affected Software
Email Subscribers by Icegram Express โ Email Marketing, Newsletters, Automation for WordPress & WooCommerce
Researcher
4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-6720
Patch Status
Unpatched
Published
Jul 15, 2024
Affected Software
Light Poll
Researcher
Vuln Seeker Cybersecurity Team
4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-6599
Patch Status
Patched
Published
Jul 17, 2024
Affected Software
Meks Video Importer
Researcher
4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-38774
Patch Status
Patched
Published
Jul 19, 2024
Affected Software
Security Optimizer โ The All-In-One Protection Plugin
Researcher
4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-38790
Patch Status
Patched
Published
Jul 20, 2024
Affected Software
Smartsupp โ live chat, chatbots, AI and lead generation
Researcher
4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-38789
Patch Status
Unpatched
Published
Jul 20, 2024
Affected Software
Telegram Bot & Channel
Researcher
4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-1845
Patch Status
Patched
Published
Jul 20, 2024
Affected Software
VikRentCar Car Rental Management System
Researcher
4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-6579
Patch Status
Patched
Published
Jul 15, 2024
Affected Software
Web and WooCommerce Addons for WPBakery Builder
Researcher
4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-5852
Patch Status
Patched
Published
Jul 15, 2024
Affected Software
WordPress File Upload
Researcher
4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-6136
Patch Status
Patched
Published
Jul 19, 2024
Affected Software
WP eStore
Researcher
4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-38778
Patch Status
Patched
Published
Jul 19, 2024
Affected Software
WP Fast Total Search โ The Power of Indexed Search
Researcher
4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-6621
Patch Status
Patched
Published
Jul 15, 2024
Affected Software
RSS Aggregator โ RSS Import, News Feeds, Feed to Post, and Autoblogging
Researcher
4.3
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-6799
Patch Status
Patched
Published
Jul 18, 2024
Affected Software
YITH Essential Kit for WooCommerce #1
Researcher
2.7
CVSS Rating
Low (2.7)
CVE-ID
CVE-2024-6694
Patch Status
Patched
Published
Jul 19, 2024
Affected Software
WP Mail SMTP by WPForms โ The Most Popular SMTP and Email Log Plugin
Researcher
As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.
This database is continuously updated, maintained, and populated by Wordfenceโs highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us through our Bug Bounty Program, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.
Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.
The post Wordfence Intelligence Weekly WordPress Vulnerability Report (July 15, 2024 to July 21, 2024) appeared first on Wordfence.
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
39.7%