Wordfence Intelligence Weekly WordPress Vulnerability Report (April 22, 2024 to April 28, 2024)


🎉 Did you know we’re running a Bug Bounty Extravaganza again?

Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure!


Last week, there were 280 vulnerabilities disclosed in 220 WordPress Plugins and 22 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 61 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.

Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface, vulnerability API, webhook integration, and Wordfence CLI Vulnerability Scanner are all completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.

Enterprises, Hosting Providers, and even Individuals can use the Wordfence CLI Vulnerability Scanner to run regular vulnerability scans across the sites they protect. Or alternatively, utilize the vulnerability Database API to receive a complete dump of our database of over 15,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.


Total Unpatched & Patched Vulnerabilities Last Week

Patch Status Number of Vulnerabilities
Patched 220
Unpatched 60

Total Vulnerabilities by CVSS Severity Last Week

Severity Rating Number of Vulnerabilities
Low Severity 4
Medium Severity 227
High Severity 28
Critical Severity 21

Total Vulnerabilities by CWE Type Last Week

Vulnerability Type by CWE Number of Vulnerabilities
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) 85
Missing Authorization 82
Cross-Site Request Forgery (CSRF) 23
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) 12
Information Exposure 12
Server-Side Request Forgery (SSRF) 12
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) 6
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) 6
Information Exposure Through Log Files 6
Unrestricted Upload of File with Dangerous Type 5
Authorization Bypass Through User-Controlled Key 4
Deserialization of Untrusted Data 4
Improper Privilege Management 4
External Control of Assumed-Immutable Web Parameter 3
Use of Less Trusted Source 3
Improper Control of Generation of Code (‘Code Injection’) 2
Improper Input Validation 2
Improper Neutralization of Special Elements in Output Used by a Downstream Component (‘Injection’) 2
Authentication Bypass Using an Alternate Path or Channel 1
Guessable CAPTCHA 1
Improper Access Control 1
Improper Authorization 1
Improper Neutralization of Alternate XSS Syntax 1
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) 1
URL Redirection to Untrusted Site (‘Open Redirect’) 1

Researchers That Contributed to WordPress Security Last Week

Researcher Name Number of Vulnerabilities
29
23
17
17
13
12
12
11
10
10
7
7
7
7
7
6
6
6
5
4
4
4
4
3
3
3
2
2
2
2
2
2
2
2
1
1
1

ST

1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1

Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and earn a bounty on in-scope vulnerabilities through our Bug Bounty Program. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.


WordPress Plugins with Reported Vulnerabilities Last Week

Software Name Software Slug
Academy LMS – eLearning and online course solution for WordPress academy
Accessibility Widget accessibility-widget
ActiveDEMAND activedemand
Admin and Customer Messages After Order for WooCommerce: OrderConvo admin-and-client-message-after-order-for-woocommerce
Admin Bar Editor – Hide Toolbar by User Roles admin-bar
Advanced Floating Content Lite advanced-floating-content-lite
Advanced Local Pickup for WooCommerce advanced-local-pickup-for-woocommerce
Advanced Most Recent Posts Mod advanced-most-recent-posts-mod
Advanced Post List advanced-post-list
Advanced Testimonial Carousel for Elementor advanced-testimonial-carousel-for-elementor
AGCA – Custom Dashboard & Login Page ag-custom-admin
All-in-one Like Widget all-in-one-facebook-like-widget
Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy) wp-analytify
Annual Archive anual-archive
Appointment Hour Booking – WordPress Booking Plugin appointment-hour-booking
AppPresser – Mobile App Framework apppresser
Arconix FAQ arconix-faq
Arconix Shortcodes arconix-shortcodes
ARforms arforms
ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup armember-membership
Assistant – Every Day Productivity Apps assistant
Auto Featured Image (Auto Post Thumbnail) auto-post-thumbnail
BackUpWordPress backupwordpress
Barcode Scanner and Inventory manager. POS (Point of Sale) – scan barcodes & create orders with barcode reader. barcode-scanner-lite-pos-to-manage-products-inventory-and-orders
Better Elementor Addons better-elementor-addons
Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss bp-better-messages
BizPrint – Print WooCommerce Order Receipts, Invoices, Labels & More. print-google-cloud-print-gcp-woocommerce
Blog2Social: Social Media Auto Post & Scheduler blog2social
Booking Ultra Pro Appointments Booking Calendar Plugin booking-ultra-pro
Brevo for WooCommerce woocommerce-sendinblue-newsletter-subscription
Build 5 Star Reviews on Google Reviews, Yelp, Facebook… easily and risk-free | RRatingg 5-stars-rating-funnel
Car Dealer (Dealership) and Vehicle sales cardealer
CF7 File Download – File Download for CF7 cf7-file-download
ChatBot Conversational Forms conversational-forms
Classified Listing – Classified ads & Business Directory Plugin classified-listing
ClickCease Click Fraud Protection clickcease-click-fraud-protection
Client Dash client-dash
CM Tooltip Glossary enhanced-tooltipglossary
Colibri Page Builder colibri-page-builder
Collapse-O-Matic jquery-collapse-o-matic
Comments – wpDiscuz wpdiscuz
Contact Form 7 Database Addon – CFDB7 contact-form-cfdb7
Contact Form 7 Extension For Mailchimp contact-form-7-mailchimp-extension
Contact Form, Survey & Popup Form Plugin for WordPress – ARForms Form Builder arforms-form-builder
Content Views – Post Grid & Filter, Recent Posts, Category Posts, & More (Gutenberg Blocks and Shortcode) content-views-query-and-display-post-page
Cookie Information | Free GDPR Consent Solution wp-gdpr-compliance
CookieHub – Cookie Consent Banner (DSGVO, CCPA, RGPD and GDPR compliance) cookiehub
Cornerstone cornerstone
Coupon & Discount Code Reveal Button coupon-reveal-button
Crelly Slider crelly-slider
Culqi culqi-checkout
Custom field finder custom-field-finder
Customify Site Library customify-sites
Data Tables Generator by Supsystic data-tables-generator-by-supsystic
Database for Contact Form 7, WPforms, Elementor forms contact-form-entries
Easy Accept Payments via PayPal wordpress-easy-paypal-payment-or-donation-accept-plugin
Easy Property Listings easy-property-listings
Easy Set Favicon easy-set-favicon
Element Pack Pro – Addon for Elementor Page Builder WordPress Plugin bdthemes-element-pack
ElementsKit Elementor addons and Templates Library elementskit-lite
ElementsKit Pro elementskit
Elespare – Blog, Magazine and Newspaper Addons for Elementor with Templates, Widgets, Kits, and Header/Footer Builder. One Click Import: No Coding Required! elespare
Email Customizer for WooCommerce | Drag and Drop Email Templates Builder email-customizer-for-woocommerce
Embed Google Photos album embed-google-photos-album-easily
ENL Newsletter enl-newsletter
EPROLO Dropshipping eprolo-dropshipping
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders essential-addons-for-elementor-lite
Evergreen Content Poster – Auto Post and Schedule Your Best Content to Social Media evergreen-content-poster
Exclusive Addons for Elementor exclusive-addons-for-elementor
Export and Import Users and Customers users-customers-import-export-for-wp-woocommerce
FameTheme Demo Importer famethemes-demo-importer
Fan Page Widget by ThemeNcode facebook-fan-page-widget
Fancy Product Designer fancy-product-designer
FG Joomla to WordPress fg-joomla-to-wordpress
FileOrganizer – Manage WordPress and Website Files fileorganizer
Filterable Portfolio jungbillig-portfolio-gallery
Five Star Restaurant Reservations – WordPress Booking Plugin restaurant-reservations
Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder form-maker
FOX – Currency Switcher Professional for WooCommerce woocommerce-currency-switcher
Frontend Dashboard frontend-dashboard
FV Flowplayer Video Player fv-wordpress-flowplayer
GeoDirectory – WordPress Business Directory Plugin, or Classified Directory geodirectory
Getwid – Gutenberg Blocks getwid
Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers rafflepress
Happy Addons for Elementor happy-elementor-addons
Header Footer Code Manager Pro 99robots-header-footer-code-manager-pro
Headline Analyzer headline-analyzer
Hide Dashboard Notifications wp-hide-backed-notices
HT Mega – Absolute Addons For Elementor ht-mega-for-elementor
Hummingbird – Cache & Page Speed Optimization for Core Web Vitals | Critical CSS | Minify CSS | Defer CSS Javascript hummingbird-performance
Image Optimizer, Resizer and CDN – Sirv sirv
Image Slider image-slider-widget
Import and export users and customers import-users-from-csv-with-meta
InstaWP Connect – 1-click WP Staging & Migration instawp-connect
Integrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files into Your WordPress Site integrate-google-drive
Interactive World Maps interactive-world-maps
Jeg Elementor Kit jeg-elementor-kit
KB Support – WordPress Help Desk and Knowledge Base kb-support
Knowledge Base documentation & wiki plugin – BasePress Docs basepress
Leaky Paywall leaky-paywall
List Custom Taxonomy Widget list-custom-taxonomy-widget
Login with phone number login-with-phone-number
Maintenance Mode hkdev-maintenance-mode
MainWP Child Reports mainwp-child-reports
Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor master-addons
Max Addons Pro for Bricks max-addons-pro-bricks
MDTF – Meta Data and Taxonomies Filter wp-meta-data-filter-and-taxonomy-filter
Meks Smart Social Widget meks-smart-social-widget
Meks ThemeForest Smart Widget meks-themeforest-smart-widget
MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor metform
MF Gig Calendar mf-gig-calendar
myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin mycred
Newsletters newsletters-lite
Opal Widgets For Elementor opal-widgets-for-elementor
Page Builder: Live Composer live-composer-page-builder
Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction paid-member-subscriptions
Payment Gateway Based Fees and Discounts for WooCommerce checkout-fees-for-woocommerce
PDF Invoices & Packing Slips for WooCommerce woocommerce-pdf-invoices-packing-slips
Photo Gallery by 10Web – Mobile-Friendly Image Gallery photo-gallery
Photo Gallery – GT3 Image Gallery & Gutenberg Block Gallery gt3-photo-video-gallery
Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Competition Plugin for WordPress contest-gallery
Piotnet Addons For Elementor piotnet-addons-for-elementor
Piotnet Addons For Elementor Pro piotnet-addons-for-elementor-pro
Podlove Podcast Publisher podlove-podcasting-plugin-for-wordpress
Poll | Vote | Contest – Best Poll Plugin for WordPress totalpoll-lite
Popup Box – Best WordPress Popup Plugin ays-popup-box
Popup Builder by OptinMonster – WordPress Popups for Optins, Email Newsletters and Lead Generation optinmonster
PopupAlly popupally
Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) buddyforms
Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX ultimate-post
Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks post-grid
Premium Addons for Elementor premium-addons-for-elementor
Pretty Google Calendar pretty-google-calendar
Pricing Table by Supsystic pricing-table-by-supsystic
Print Invoice & Delivery Notes for WooCommerce woocommerce-delivery-notes
Product Addons & Fields for WooCommerce woocommerce-product-addon
ProfileGrid – User Profiles, Memberships, Groups and Communities profilegrid-user-profiles-groups-and-communities
PropertyHive propertyhive
Qi Addons For Elementor qi-addons-for-elementor
Quick Featured Images quick-featured-images
Radio Player – Live Shoutcast, Icecast and Any Audio Stream Player for WordPress radio-player
Radio Station by netmix® – Manage and play your Show Schedule in WordPress! radio-station
Rank Math SEO with AI Best SEO Tools seo-by-rank-math
Rate My Post – Star Rating Plugin by FeedbackWP rate-my-post
Recencio Book Reviews recencio-book-reviews
Reviews Plus reviews-plus
RomethemeForm For Elementor romethemeform
RomethemeKit For Elementor rometheme-for-elementor
Royal Elementor Addons and Templates royal-elementor-addons
rtMedia for WordPress, BuddyPress and bbPress buddypress-media
Salon booking system salon-booking-system
Save as PDF Plugin by Pdfcrowd save-as-pdf-by-pdfcrowd
SchedulePress – Best Editorial Calendar, Missed Schedule & Auto Social Share wp-scheduled-posts
Schema & Structured Data for WP & AMP schema-and-structured-data-for-wp
Secure Copy Content Protection and Content Locking secure-copy-content-protection
Seers | GDPR & CCPA Cookie Consent & Compliance seers-cookie-consent-banner-privacy-policy
Send PDF for Contact Form 7 send-pdf-for-contact-form-7
Serious Slider cryout-serious-slider
SharkDropship and Affiliate for AliExpress, eBay, Amazon, Etsy woo-aliexpress-dropshipping
ShortPixel Critical CSS shortpixel-critical-css
Simple Membership simple-membership
Simply Static simply-static
Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) sina-extension-for-elementor
Slash Admin slash-admin
Smart Forms – when you need more than just a contact form smart-forms
Smart Maintenance Mode smart-maintenance-mode
Smart Recent Posts Widget smart-recent-posts-widget
Social Share Buttons, Social Sharing Icons, Click to Tweet — Social Media Plugin by Social Snap socialsnap
Social Sharing Plugin – Social Warfare social-warfare
Solid Affiliate solid-affiliate
Spectra – WordPress Gutenberg Blocks ultimate-addons-for-gutenberg
SSU – WordPress Amazon S3 & Wasabi Smart File Uploads Plugin wp-s3-smart-upload
Sticky Anything toast-stick-anything
StreamWeasels Twitch Integration streamweasels-twitch-integration
Table Rate Shipping Method for WooCommerce by Flexible Shipping flexible-shipping
The Pack Elementor addons (Header Footer & WooCommerce Builder, Template Library) the-pack-addon
The Plus Addons for Elementor the-plus-addons-for-elementor-page-builder
The Plus Blocks for Block Editor | Gutenberg the-plus-addons-for-block-editor
Timetable and Event Schedule by MotoPress mp-timetable
Tutor LMS – eLearning and online course solution tutor
Ultimate 410 Gone Status Code ultimate-410
User Meta – User Profile Builder and User management plugin user-meta
USPS Shipping for WooCommerce – Live Rates flexible-shipping-usps
Video Conferencing with Zoom video-conferencing-with-zoom-api
VikRentCar Car Rental Management System vikrentcar
Vision – Image Map Builder vision
Vitepos – Point of sale (POS) plugin for WooCommerce vitepos-lite
VK Block Patterns vk-block-patterns
VOD Infomaniak vod-infomaniak
Wallet for WooCommerce – Best WooCommerce Wallet System With Cashback Rewards, Partial Payment, Wallet Refunds woo-wallet
Widget Post Slider widget-post-slider
WooCommerce Amazon Affiliates – WordPress Plugin woozone
WooCommerce Shipping Label shipping-labels-for-woo
WordPress Ad Widget ad-widget
WordPress Backup & Migration wp-migration-duplicator
WP ADA Compliance Check Basic – Most Comprehensive Web Accessibility Solution for WordPress wp-ada-compliance-check-basic
WP Club Manager – WordPress Sports Club Plugin wp-club-manager
WP Datepicker wp-datepicker
WP Fusion Lite – Marketing Automation and CRM Integration for WordPress wp-fusion-lite
WP GoToWebinar wp-gotowebinar
WP LinkedIn Auto Publish wp-linkedin-auto-publish
WP Masquerade wp-masquerade
WP Media Category Management wp-media-category-management
WP Page Post Widget Clone wp-page-post-widget-clone
WP SMTP wp-smtp
WP STAGING Pro WordPress Backup Plugin wp-staging-pro
WP STAGING WordPress Backup Plugin – Migration Backup Restore wp-staging
WP Time Slots Booking Form wp-time-slots-booking-form
WP Travel Engine – Best Travel Booking WordPress Plugin wp-travel-engine
WP ULike – Most Advanced WordPress Marketing Toolkit wp-ulike
WP-Lister Lite for eBay wp-lister-for-ebay
WP-Members Membership Plugin wp-members
WP-Recall – Registration, Profile, Commerce & More wp-recall
WPC Composite Products for WooCommerce wpc-composite-products
WPCal.io – Easy Meeting Scheduler wpcal
WPPizza – A Restaurant Plugin wppizza
WPZOOM Addons for Elementor (Templates, Widgets) wpzoom-elementor-addons
XforWooCommerce xforwoocommerce
XStore Core et-core-plugin
YITH WooCommerce Compare yith-woocommerce-compare

WordPress Themes with Reported Vulnerabilities Last Week

Software Name Software Slug
Accountra accountra
Althea WP althea-wp
Blocksy blocksy
Brite brite
Colibri WP colibri-wp
ColorNews colornews
Elevate WP elevate-wp
Financio financio
Hugo WP hugo-wp
Intrace intrace
Pathway pathway
Photology photology
Royal Elementor Kit royal-elementor-kit
Startupzy startupzy
Teluro teluro
Travey travey
uDesign – Responsive WordPress Theme u-design
Vertice vertice
Virtue virtue
WP Portfolio wp-portfolio
XStore xstore
Zeever zeever

Vulnerability Details

Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you’d like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.

CVSS Rating
Critical (10.0)
CVE-ID
CVE-2024-32809
Patch Status
Patched
Published
Apr 22, 2024

Affected Software
ActiveDEMAND
Researcher

CVSS Rating
Critical (10.0)
CVE-ID
CVE-2024-33644
Patch Status
Unpatched
Published
Apr 25, 2024

Affected Software
Customify Site Library
Researcher

CVSS Rating
Critical (10.0)
CVE-ID
CVE-2024-33544
Patch Status
Unpatched
Published
Apr 25, 2024

CVSS Rating
Critical (10.0)
CVE-ID
CVE-2024-32709
Patch Status
Patched
Published
Apr 22, 2024

CVSS Rating
Critical (10.0)
CVE-ID
CVE-2024-33559
Patch Status
Unpatched
Published
Apr 25, 2024

Affected Software
XStore
Researcher

CVSS Rating
Critical (10.0)
CVE-ID
CVE-2024-33551
Patch Status
Unpatched
Published
Apr 25, 2024

Affected Software
XStore Core
Researcher

CVSS Rating
Critical (9.9)
CVE-ID
CVE-2024-3342
Patch Status
Patched
Published
Apr 26, 2024

CVSS Rating
Critical (9.9)
CVE-ID
CVE-2024-33546
Patch Status
Unpatched
Published
Apr 25, 2024

CVSS Rating
Critical (9.9)
CVE-ID
CVE-2024-32710
Patch Status
Patched
Published
Apr 22, 2024

CVSS Rating
Critical (9.9)
CVE-ID
CVE-2024-33556
Patch Status
Unpatched
Published
Apr 25, 2024

Affected Software
XStore Core
Researcher

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-33566
Patch Status
Patched
Published
Apr 25, 2024

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-3962
Patch Status
Patched
Published
Apr 25, 2024

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-32959
Patch Status
Patched
Published
Apr 23, 2024

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-33560
Patch Status
Unpatched
Published
Apr 25, 2024

Affected Software
XStore
Researcher

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-33553
Patch Status
Unpatched
Published
Apr 25, 2024

Affected Software
XStore Core
Researcher

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-33552
Patch Status
Unpatched
Published
Apr 25, 2024

Affected Software
XStore Core
Researcher

CVSS Rating
Critical (9.1)
CVE-ID
CVE-2024-3060
Patch Status
Unpatched
Published
Apr 26, 2024

Affected Software
ENL Newsletter
Researcher

CVSS Rating
Critical (9.1)
CVE-ID
CVE-2024-32954
Patch Status
Patched
Published
Apr 22, 2024

Affected Software
Newsletters
Researcher

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-32706
Patch Status
Patched
Published
Apr 22, 2024

Affected Software
ARforms
Researcher

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-33541
Patch Status
Patched
Published
Apr 25, 2024

Affected Software
Better Elementor Addons
Researcher

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-32960
Patch Status
Patched
Published
Apr 23, 2024

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-33641
Patch Status
Patched
Published
Apr 25, 2024

Affected Software
Custom field finder
Researcher

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-3500
Patch Status
Patched
Published
Apr 25, 2024

Affected Software
ElementsKit Pro
Researcher

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-33549
Patch Status
Unpatched
Published
Apr 25, 2024

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-3895
Patch Status
Patched
Published
Apr 23, 2024

Affected Software
WP Datepicker
Researcher

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-33550
Patch Status
Unpatched
Published
Apr 25, 2024

Affected Software
WP Masquerade
Researcher

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-33628
Patch Status
Unpatched
Published
Apr 25, 2024

Affected Software
XforWooCommerce
Researcher

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-33564
Patch Status
Unpatched
Published
Apr 25, 2024

Affected Software
XStore
Researcher

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-33557
Patch Status
Unpatched
Published
Apr 25, 2024

Affected Software
XStore Core
Researcher

CVSS Rating
High (8.1)
CVE-ID
CVE-2024-32703
Patch Status
Patched
Published
Apr 22, 2024

Affected Software
ARforms
Researcher

CVSS Rating
High (7.5)
CVE-ID
CVE-2024-32729
Patch Status
Patched
Published
Apr 22, 2024

Affected Software
ChatBot Conversational Forms
Researcher

CVSS Rating
High (7.2)
CVE-ID
CVE-2024-3715
Patch Status
Patched
Published
Apr 22, 2024

CVSS Rating
High (7.2)
CVE-ID
CVE-2024-32835
Patch Status
Patched
Published
Apr 22, 2024

Researcher

CVSS Rating
High (7.2)
CVE-ID
CVE-2024-32817
Patch Status
Patched
Published
Apr 22, 2024

Researcher

CVSS Rating
High (7.2)
CVE-ID
CVE-2024-3047
Patch Status
Patched
Published
Apr 24, 2024

CVSS Rating
High (7.2)
CVE-ID
CVE-2024-3045
Patch Status
Patched
Published
Apr 24, 2024

CVSS Rating
High (7.2)
CVE-ID
CVE-2024-33634
Patch Status
Unpatched
Published
Apr 25, 2024

Researcher

CVSS Rating
High (7.2)
CVE-ID
CVE-2024-33592
Patch Status
Patched
Published
Apr 25, 2024

CVSS Rating
High (7.2)
CVE-ID
CVE-2024-32807
Patch Status
Patched
Published
Apr 22, 2024

Affected Software
Brevo for WooCommerce
Researcher

CVSS Rating
High (7.2)
CVE-ID
CVE-2024-33646
Patch Status
Unpatched
Published
Apr 25, 2024

Affected Software
Sticky Anything
Researcher

CVSS Rating
High (7.2)
CVE-ID
CVE-2024-1789
Patch Status
Patched
Published
Apr 25, 2024

Affected Software
WP SMTP

CVSS Rating
High (7.2)
CVE-ID
CVE-2024-32836
Patch Status
Patched
Published
Apr 22, 2024

Affected Software
WP-Lister Lite for eBay
Researcher

CVSS Rating
Medium (6.5)
CVE-ID
CVE-2024-32725
Patch Status
Patched
Published
Apr 22, 2024

CVSS Rating
Medium (6.5)
CVE-ID
CVE-2024-32814
Patch Status
Patched
Published
Apr 22, 2024

CVSS Rating
Medium (6.5)
CVE-ID
CVE-2024-2798
Patch Status
Patched
Published
Apr 22, 2024

CVSS Rating
Medium (6.5)
CVE-ID
CVE-2024-3553
Patch Status
Patched
Published
Apr 26, 2024

CVSS Rating
Medium (6.5)
CVE-ID
CVE-2024-33558
Patch Status
Unpatched
Published
Apr 25, 2024

Affected Software
XStore Core
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-32831
Patch Status
Patched
Published
Apr 22, 2024

Affected Software
Accessibility Widget
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-33643
Patch Status
Unpatched
Published
Apr 25, 2024

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-33629
Patch Status
Unpatched
Published
Apr 25, 2024

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-32961
Patch Status
Patched
Published
Apr 23, 2024

Affected Software
Blocksy
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-3747
Patch Status
Patched
Published
Apr 24, 2024

Affected Software
Blocksy

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-3337
Patch Status
Patched
Published
Apr 22, 2024

Affected Software
Colibri Page Builder
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2023-7030
Patch Status
Patched
Published
Apr 23, 2024

Affected Software
Collapse-O-Matic

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-33540
Patch Status
Patched
Published
Apr 25, 2024

Affected Software
ColorNews
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-32819
Patch Status
Patched
Published
Apr 22, 2024

Affected Software
Culqi
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-32775
Patch Status
Patched
Published
Apr 22, 2024

Affected Software
Embed Google Photos album
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-2750
Patch Status
Patched
Published
Apr 22, 2024

Affected Software
Exclusive Addons for Elementor
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-3985
Patch Status
Patched
Published
Apr 22, 2024

Affected Software
Exclusive Addons for Elementor
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-3489
Patch Status
Patched
Published
Apr 22, 2024

Affected Software
Exclusive Addons for Elementor
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-32955
Patch Status
Patched
Published
Apr 22, 2024

Affected Software
FV Flowplayer Video Player
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-3588
Patch Status
Patched
Published
Apr 26, 2024

Affected Software
Getwid – Gutenberg Blocks
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-3890
Patch Status
Patched
Published
Apr 25, 2024

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-3819
Patch Status
Patched
Published
Apr 26, 2024

Affected Software
Jeg Elementor Kit
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-33649
Patch Status
Unpatched
Published
Apr 25, 2024

Affected Software
Opal Widgets For Elementor
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-33630
Patch Status
Unpatched
Published
Apr 25, 2024

Affected Software
Piotnet Addons For Elementor
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-32791
Patch Status
Patched
Published
Apr 22, 2024

Affected Software
Premium Addons for Elementor
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-3885
Patch Status
Patched
Published
Apr 23, 2024

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-3647
Patch Status
Patched
Published
Apr 24, 2024

Affected Software
Premium Addons for Elementor
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-33640
Patch Status
Unpatched
Published
Apr 25, 2024

Affected Software
Pretty Google Calendar
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-3309
Patch Status
Patched
Published
Apr 26, 2024

Affected Software
Qi Addons For Elementor
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-29811
Patch Status
Patched
Published
Apr 25, 2024

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-3665
Patch Status
Patched
Published
Apr 22, 2024

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-33648
Patch Status
Unpatched
Published
Apr 25, 2024

Affected Software
Recencio Book Reviews

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-32956
Patch Status
Patched
Published
Apr 22, 2024

Affected Software
RomethemeKit For Elementor
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-33684
Patch Status
Patched
Published
Apr 26, 2024

Affected Software
Save as PDF Plugin by Pdfcrowd
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-3199
Patch Status
Patched
Published
Apr 25, 2024

Affected Software
The Plus Addons for Elementor
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-3197
Patch Status
Patched
Published
Apr 25, 2024

Affected Software
The Plus Addons for Elementor
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-3677
Patch Status
Patched
Published
Apr 22, 2024

Affected Software
Ultimate 410 Gone Status Code
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4034
Patch Status
Patched
Published
Apr 25, 2024

Affected Software
Virtue
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-33537
Patch Status
Patched
Published
Apr 25, 2024

Affected Software
WP Portfolio
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-1572
Patch Status
Patched
Published
Apr 26, 2024

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-1759
Patch Status
Patched
Published
Apr 26, 2024

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-2838
Patch Status
Patched
Published
Apr 26, 2024

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-2477
Patch Status
Patched
Published
Apr 22, 2024

Affected Software
Comments – wpDiscuz

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-33539
Patch Status
Patched
Published
Apr 25, 2024

CVSS Rating
Medium (6.3)
CVE-ID
CVE-2024-33555
Patch Status
Unpatched
Published
Apr 25, 2024

Affected Software
XStore Core
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-32702
Patch Status
Patched
Published
Apr 22, 2024

Affected Software
ARforms
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-28002
Patch Status
Patched
Published
Apr 26, 2024

Affected Software
Cornerstone
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-33645
Patch Status
Unpatched
Published
Apr 25, 2024

Affected Software
Easy Set Favicon
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-0905
Patch Status
Patched
Published
Apr 26, 2024

Affected Software
Fancy Product Designer
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-3473
Patch Status
Patched
Published
Apr 25, 2024

Affected Software
Header Footer Code Manager Pro
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-3681
Patch Status
Patched
Published
Apr 24, 2024

Affected Software
Interactive World Maps
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-32952
Patch Status
Patched
Published
Apr 22, 2024

Affected Software
Max Addons Pro for Bricks
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-33633
Patch Status
Unpatched
Published
Apr 25, 2024

Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-32789
Patch Status
Patched
Published
Apr 22, 2024

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-32958
Patch Status
Patched
Published
Apr 23, 2024

Affected Software
Slash Admin
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-4077
Patch Status
Unpatched
Published
Apr 23, 2024

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-33584
Patch Status
Patched
Published
Apr 25, 2024

Affected Software
Video Conferencing with Zoom
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-33571
Patch Status
Unpatched
Published
Apr 25, 2024

Affected Software
VOD Infomaniak
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-33548
Patch Status
Unpatched
Published
Apr 25, 2024

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-32950
Patch Status
Patched
Published
Apr 22, 2024

Affected Software
WP Media Category Management
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-33562
Patch Status
Unpatched
Published
Apr 25, 2024

Affected Software
XStore
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-33554
Patch Status
Unpatched
Published
Apr 25, 2024

Affected Software
XStore Core
Researcher

CVSS Rating
Medium (5.5)
CVE-ID
CVE-2024-33627
Patch Status
Unpatched
Published
Apr 24, 2024

Researcher

CVSS Rating
Medium (5.4)
CVE-ID
CVE-2024-32714
Patch Status
Patched
Published
Apr 22, 2024

CVSS Rating
Medium (5.4)
CVE-ID
CVE-2024-33542
Patch Status
Unpatched
Published
Apr 25, 2024

Affected Software
Crelly Slider
Researcher

CVSS Rating
Medium (5.4)
CVE-ID
CVE-2024-3730
Patch Status
Patched
Published
Apr 24, 2024

Affected Software
Simple Membership
Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-32783
Patch Status
Patched
Published
Apr 22, 2024

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-32720
Patch Status
Patched
Published
Apr 22, 2024

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-32776
Patch Status
Patched
Published
Apr 22, 2024

Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-33538
Patch Status
Patched
Published
Apr 25, 2024

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-32777
Patch Status
Patched
Published
Apr 22, 2024

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-3678
Patch Status
Patched
Published
Apr 25, 2024

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-32802
Patch Status
Patched
Published
Apr 22, 2024

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-33652
Patch Status
Unpatched
Published
Apr 25, 2024

Affected Software
Client Dash
Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-3870
Patch Status
Patched
Published
Apr 26, 2024

Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-32784
Patch Status
Patched
Published
Apr 22, 2024

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-33591
Patch Status
Patched
Published
Apr 25, 2024

Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-32799
Patch Status
Patched
Published
Apr 22, 2024

Affected Software
Easy Property Listings
Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-32788
Patch Status
Patched
Published
Apr 22, 2024

Affected Software
FG Joomla to WordPress
Researcher(s): Unknown

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-32726
Patch Status
Patched
Published
Apr 22, 2024

Affected Software
Frontend Dashboard
Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-32792
Patch Status
Patched
Published
Apr 22, 2024

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-33594
Patch Status
Patched
Published
Apr 25, 2024

Affected Software
Leaky Paywall
Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-32832
Patch Status
Patched
Published
Apr 22, 2024

Affected Software
Login with phone number
Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-32708
Patch Status
Patched
Published
Apr 22, 2024

Affected Software
Maintenance Mode

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-32951
Patch Status
Patched
Published
Apr 22, 2024

Affected Software
Max Addons Pro for Bricks
Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-32953
Patch Status
Patched
Published
Apr 22, 2024

Affected Software
Newsletters
Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-33586
Patch Status
Patched
Published
Apr 25, 2024

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-33635
Patch Status
Unpatched
Published
Apr 25, 2024

Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-3897
Patch Status
Patched
Published
Apr 24, 2024

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-32774
Patch Status
Patched
Published
Apr 22, 2024

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-32823
Patch Status
Patched
Published
Apr 22, 2024

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-32727
Patch Status
Patched
Published
Apr 22, 2024

Affected Software
RomethemeForm For Elementor
Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-32786
Patch Status
Patched
Published
Apr 22, 2024

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-33587
Patch Status
Patched
Published
Apr 25, 2024

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-3585
Patch Status
Patched
Published
Apr 23, 2024

Affected Software
Send PDF for Contact Form 7
Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-32724
Patch Status
Patched
Published
Apr 22, 2024

Researcher(s): Unknown

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-32825
Patch Status
Patched
Published
Apr 22, 2024

Affected Software
Simply Static
Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-32805
Patch Status
Patched
Published
Apr 22, 2024

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-33637
Patch Status
Unpatched
Published
Apr 25, 2024

Affected Software
Solid Affiliate
Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-33597
Patch Status
Patched
Published
Apr 25, 2024

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-32716
Patch Status
Patched
Published
Apr 22, 2024

Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-33575
Patch Status
Patched
Published
Apr 25, 2024

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-32811
Patch Status
Patched
Published
Apr 22, 2024

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-32780
Patch Status
Patched
Published
Apr 22, 2024

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-32779
Patch Status
Patched
Published
Apr 22, 2024

Affected Software
Vision – Image Map Builder
Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-32826
Patch Status
Patched
Published
Apr 22, 2024

Affected Software
VK Block Patterns
Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-33545
Patch Status
Unpatched
Published
Apr 25, 2024

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-32719
Patch Status
Patched
Published
Apr 22, 2024

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-33543
Patch Status
Patched
Published
Apr 25, 2024

Affected Software
WP Time Slots Booking Form
Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-32798
Patch Status
Patched
Published
Apr 22, 2024

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-2920
Patch Status
Patched
Published
Apr 25, 2024

Affected Software
WP-Members Membership Plugin
Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-33561
Patch Status
Unpatched
Published
Apr 25, 2024

Affected Software
XStore
Researcher

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-32723
Patch Status
Patched
Published
Apr 22, 2024

Affected Software
Advanced Floating Content Lite
Researcher

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-33642
Patch Status
Unpatched
Published
Apr 25, 2024

Affected Software
Advanced Post List
Researcher

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-32815
Patch Status
Patched
Published
Apr 22, 2024

Affected Software
All-in-one Like Widget
Researcher

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-33598
Patch Status
Unpatched
Published
Apr 25, 2024

Affected Software
Annual Archive
Researcher

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-33697
Patch Status
Unpatched
Published
Apr 26, 2024

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-3338
Patch Status
Patched
Published
Apr 22, 2024

Affected Software
Colibri Page Builder
Researcher

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-32722
Patch Status
Patched
Published
Apr 22, 2024

Researcher

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-33695
Patch Status
Unpatched
Published
Apr 26, 2024

Affected Software
Fan Page Widget by ThemeNcode
Researcher

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-2324
Patch Status
Patched
Published
Apr 23, 2024

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-4234
Patch Status
Unpatched
Published
Apr 26, 2024

Affected Software
Filterable Portfolio
Researcher

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-32707
Patch Status
Patched
Published
Apr 22, 2024

Affected Software
Image Slider
Researcher

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-32833
Patch Status
Patched
Published
Apr 22, 2024

Affected Software
List Custom Taxonomy Widget
Researcher

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-33693
Patch Status
Unpatched
Published
Apr 26, 2024

Affected Software
Meks Smart Social Widget
Researcher

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-33694
Patch Status
Unpatched
Published
Apr 26, 2024

Affected Software
Meks ThemeForest Smart Widget
Researcher

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-33639
Patch Status
Unpatched
Published
Apr 25, 2024

Affected Software
PopupAlly
Researcher

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-33692
Patch Status
Unpatched
Published
Apr 26, 2024

Affected Software
Smart Recent Posts Widget
Researcher

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-32801
Patch Status
Patched
Published
Apr 22, 2024

Affected Software
Widget Post Slider
Researcher

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-33696
Patch Status
Unpatched
Published
Apr 26, 2024

Affected Software
WordPress Ad Widget
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-1716
Patch Status
Patched
Published
Apr 26, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32704
Patch Status
Patched
Published
Apr 22, 2024

Affected Software
ARforms
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32705
Patch Status
Patched
Published
Apr 22, 2024

Affected Software
ARforms
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-33678
Patch Status
Unpatched
Published
Apr 26, 2024

Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-4086
Patch Status
Patched
Published
Apr 24, 2024

Affected Software
CM Tooltip Glossary
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-33686
Patch Status
Patched
Published
Apr 26, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-33677
Patch Status
Unpatched
Published
Apr 26, 2024

Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32829
Patch Status
Patched
Published
Apr 22, 2024

Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-33573
Patch Status
Patched
Published
Apr 25, 2024

Affected Software
EPROLO Dropshipping
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32824
Patch Status
Patched
Published
Apr 22, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-33679
Patch Status
Unpatched
Published
Apr 26, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-33690
Patch Status
Patched
Published
Apr 25, 2024

Affected Software
Financio
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-33596
Patch Status
Patched
Published
Apr 25, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32828
Patch Status
Patched
Published
Apr 22, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32806
Patch Status
Patched
Published
Apr 22, 2024

Affected Software
Headline Analyzer
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-33683
Patch Status
Patched
Published
Apr 26, 2024

Affected Software
Hide Dashboard Notifications
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32782
Patch Status
Patched
Published
Apr 22, 2024

Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32701
Patch Status
Patched
Published
Apr 22, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-33589
Patch Status
Patched
Published
Apr 25, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-33588
Patch Status
Patched
Published
Apr 25, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-33680
Patch Status
Patched
Published
Apr 26, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-33651
Patch Status
Unpatched
Published
Apr 25, 2024

Affected Software
MF Gig Calendar
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-33685
Patch Status
Patched
Published
Apr 26, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32957
Patch Status
Patched
Published
Apr 23, 2024

Affected Software
Page Builder: Live Composer

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32812
Patch Status
Patched
Published
Apr 22, 2024

Affected Software
Podlove Podcast Publisher
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32712
Patch Status
Patched
Published
Apr 22, 2024

Affected Software
Podlove Podcast Publisher
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-3607
Patch Status
Patched
Published
Apr 24, 2024

Affected Software
PropertyHive
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-3664
Patch Status
Patched
Published
Apr 22, 2024

Affected Software
Quick Featured Images
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32822
Patch Status
Patched
Published
Apr 22, 2024

Affected Software
Reviews Plus
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32773
Patch Status
Patched
Published
Apr 22, 2024

Affected Software
Royal Elementor Kit
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-2429
Patch Status
Patched
Published
Apr 26, 2024

Affected Software
Salon booking system
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32717
Patch Status
Patched
Published
Apr 22, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32787
Patch Status
Patched
Published
Apr 22, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-33650
Patch Status
Unpatched
Published
Apr 25, 2024

Affected Software
Serious Slider
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32810
Patch Status
Patched
Published
Apr 22, 2024

Affected Software
ShortPixel Critical CSS
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-33593
Patch Status
Patched
Published
Apr 25, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-33638
Patch Status
Unpatched
Published
Apr 25, 2024

Affected Software
Smart Maintenance Mode

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-3107
Patch Status
Patched
Published
Apr 26, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-33572
Patch Status
Patched
Published
Apr 25, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32821
Patch Status
Patched
Published
Apr 22, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-33574
Patch Status
Patched
Published
Apr 25, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-3546
Patch Status
Patched
Published
Apr 22, 2024

Affected Software
WordPress Backup & Migration
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32818
Patch Status
Patched
Published
Apr 22, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-33682
Patch Status
Unpatched
Published
Apr 26, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32804
Patch Status
Patched
Published
Apr 22, 2024

Affected Software
WP GoToWebinar
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32797
Patch Status
Patched
Published
Apr 22, 2024

Affected Software
WP LinkedIn Auto Publish
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-33636
Patch Status
Unpatched
Published
Apr 25, 2024

Affected Software
WP Page Post Widget Clone
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32795
Patch Status
Patched
Published
Apr 22, 2024

Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-33576
Patch Status
Patched
Published
Apr 25, 2024

Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-33547
Patch Status
Unpatched
Published
Apr 25, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-33563
Patch Status
Unpatched
Published
Apr 25, 2024

Affected Software
XStore
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32699
Patch Status
Patched
Published
Apr 22, 2024

Affected Software
YITH WooCommerce Compare

CVSS Rating
Low (3.3)
CVE-ID
CVE-2024-32834
Patch Status
Patched
Published
Apr 22, 2024

Affected Software
WooCommerce Shipping Label
Researcher

CVSS Rating
Low (2.7)
CVE-ID
CVE-2024-3034
Patch Status
Patched
Published
Apr 26, 2024

Affected Software
BackUpWordPress
Researcher

CVSS Rating
Low (2.7)
CVE-ID
CVE-2024-4214
Patch Status
Patched
Published
Apr 25, 2024

CVSS Rating
Low (2.7)
CVE-ID
CVE-2024-32790
Patch Status
Patched
Published
Apr 22, 2024

Affected Software
Pricing Table by Supsystic
Researcher


As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.

This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us through our Bug Bounty Program, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.

The post Wordfence Intelligence Weekly WordPress Vulnerability Report (April 22, 2024 to April 28, 2024) appeared first on Wordfence.

More great articles

Nested Pages Patches Post Deletion Vulnerability

On August 13, 2021, the Wordfence Threat Intelligence team responsibly disclosed two vulnerabilities in Nested Pages, a WordPress plugin installed…

Read Story

Vulnerabilities Patched in Page Builder by SiteOrigin Affects Over 1 Million Sites

On Monday, May 4, 2020, the Wordfence Threat Intelligence team discovered two vulnerabilities present in Page Builder by SiteOrigin, a…

Read Story

Multiple Reflected Cross-Site Scripting Vulnerabilities in Three WordPress Plugins Patched

The Wordfence Threat Intelligence Team recently disclosed several Reflected Cross-Site Scripting vulnerabilities that we discovered in three different plugins –…

Read Story

Emergency WordPress Help

One of our techs will get back to you within minutes.