Wordfence Intelligence Weekly WordPress Vulnerability Report (June 3, 2024 to June 9, 2024)


📢 Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the rest. For a limited time, all high risk issues are in-scope for all researchers! 


Last week, there were 215 vulnerabilities disclosed in 180 WordPress Plugins and 10 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 58 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.

Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface, vulnerability API, webhook integration, and Wordfence CLI Vulnerability Scanner are all completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.

Enterprises, Hosting Providers, and even Individuals can use the Wordfence CLI Vulnerability Scanner to run regular vulnerability scans across the sites they protect. Or alternatively, utilize the vulnerability Database API to receive a complete dump of our database of over 16,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.


Total Unpatched & Patched Vulnerabilities Last Week

Patch Status Number of Vulnerabilities
Patched 150
Unpatched 65

Total Vulnerabilities by CVSS Severity Last Week

Severity Rating Number of Vulnerabilities
Medium Severity 183
High Severity 21
Critical Severity 11

Total Vulnerabilities by CWE Type Last Week

Vulnerability Type by CWE Number of Vulnerabilities
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) 107
Missing Authorization 49
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) 8
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) 8
Cross-Site Request Forgery (CSRF) 7
Information Exposure 6
Improper Access Control 5
Authorization Bypass Through User-Controlled Key 3
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) 3
Improper Neutralization of Special Elements in Output Used by a Downstream Component (‘Injection’) 2
Insufficient Verification of Data Authenticity 2
Authentication Bypass Using an Alternate Path or Channel 1
Improper Control of Generation of Code (‘Code Injection’) 1
Improper Handling of Insufficient Permissions or Privileges 1
Improper Input Validation 1
Improper Neutralization of Alternate XSS Syntax 1
Improper Neutralization of Formula Elements in a CSV File 1
Improper Restriction of Excessive Authentication Attempts 1
Incorrect Permission Assignment for Critical Resource 1
Incorrect Privilege Assignment 1
Insecure Storage of Sensitive Information 1
Path Traversal: ‘…/…//’ 1
Server-Side Request Forgery (SSRF) 1
Unrestricted Upload of File with Dangerous Type 1
Use of Insufficiently Random Values 1
Use of Less Trusted Source 1

Researchers That Contributed to WordPress Security Last Week

Researcher Name Number of Vulnerabilities
25
16
13
12
10
10
8
7
7
6
6
6
5
5
5
4
4
3
3
3
3
3
3
3
3
3
2
2
2
2
2
2
2
2
2
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1

Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and earn a bounty on in-scope vulnerabilities through our Bug Bounty Program. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.


WordPress Plugins with Reported Vulnerabilities Last Week

Software Name Software Slug
12 Step Meeting List 12-step-meeting-list
Active Products Tables for WooCommerce. Use constructor to create tables  profit-products-tables-for-woocommerce
Admin Notices Manager admin-notices-manager
Advanced Woo Labels – Product Labels for WooCommerce advanced-woo-labels
Album and Image Gallery plus Lightbox album-and-image-gallery-plus-lightbox
Album Gallery – WordPress Gallery new-album-gallery
Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy) wp-analytify
Animated AL List animated-al-list
Authorize.net Payment Gateway For WooCommerce authorizenet-payment-gateway-for-woocommerce
Auto Coupons for WooCommerce woo-auto-coupons
Block for Font Awesome block-for-font-awesome
BlockArt Blocks – Gutenberg Blocks, Page Builder Blocks ,WordPress Block Plugin, Sections & Template Library blockart-blocks
Boostify Header Footer Builder for Elementor boostify-header-footer-builder
Bosa Elementor Addons and Templates for WooCommerce bosa-elementor-for-woocommerce
Brave – Create Popup, Optins, Lead Generation, Survey, Sticky Elements & Interactive Content brave-popup-builder
Brizy – Page Builder brizy
BuddyPress Cover bp-cover
BuddyPress Members Only buddypress-members-only
BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages wc4bp
Cards for Beaver Builder bb-bootstrap-cards
CF7 Google Sheets Connector cf7-google-sheets-connector
Checkout Field Editor for WooCommerce (Pro) woocommerce-checkout-field-editor-pro
Claudio Sanches – Checkout Cielo for WooCommerce woocommerce-checkout-cielo
Clever Addons for Elementor cafe-lite
Clever Fox clever-fox
Colibri Page Builder colibri-page-builder
Comments – wpDiscuz wpdiscuz
Contact Form Builder, Contact Widget contact-forms-builder
Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress contact-form-to-db
Copymatic – AI Content Writer & Generator copymatic
Countdown, Coming Soon, Maintenance – Countdown & Clock countdown-builder
Cowidgets – Elementor Addons cowidgets-elementor-addons
Custom Dash custom-dash
Dashboard To-Do List dashboard-to-do-list
Database Cleaner: Clean, Optimize & Repair database-cleaner
Debug Log Manager debug-log-manager
Download Attachments download-attachments
Download Manager download-manager
Easy Forms for Mailchimp yikes-inc-easy-mailchimp-extender
Easy Social Like Box – Popup – Sidebar Widget cardoza-facebook-like-box
EasyAzon – Amazon Associates Affiliate Plugin easyazon
ElasticPress elasticpress
ElementsReady Addons for Elementor element-ready-lite
Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce email-subscribers
EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor embedpress
Emergency Password Reset emergency-password-reset
Envo Extra envo-extra
Essential Addons for Elementor Pro essential-addons-elementor
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders essential-addons-for-elementor-lite
Essential Real Estate essential-real-estate
Event Tickets with Ticket Scanner event-tickets-with-ticket-scanner
Extra Product Options for WooCommerce extra-product-options-for-woocommerce
FileOrganizer – Manage WordPress and Website Files fileorganizer
Five Star Restaurant Menu and Food Ordering food-and-drink-menu
Fluid Notification Bar fluid-notification-bar
Frontend Registration – Contact Form 7 frontend-registration-contact-form-7
Gallery – Image and Video Gallery with Thumbnails gallery-album
GamiPress – Link gamipress-link
GDPR CCPA Compliance & Cookie Consent Banner ninja-gdpr-compliance
GDPR/CCPA Cookie Consent Banner uk-cookie-consent
GiveWP – Donation Plugin and Fundraising Platform give
GP Premium gp-premium
Gutenberg Blocks and Page Layouts – Attire Blocks attire-blocks
Gutenberg Blocks, Page Builder – ComboBlocks post-grid
Heateor Social Login WordPress heateor-social-login
HT Feed ht-instagram
Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery new-image-gallery
Image Hover Effects for Elementor with Lightbox and Flipbox image-hover-effects-with-carousel
Insert Post Ads insert-post-ads
Integrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files into Your WordPress Site integrate-google-drive
Kenta Blocks – Responsive Blocks and block templates library kenta-blocks
KiviCare – Clinic & Patient Management System (EHR) kivicare-clinic-management-system
Kognetiks Chatbot for WordPress chatbot-chatgpt
LA-Studio Element Kit for Elementor lastudio-element-kit
LearnPress – WordPress LMS Plugin learnpress
Leyka leyka
LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes lifterlms
Link Library link-library
Login/Signup Popup ( Inline Form + Woocommerce ) easy-login-woocommerce
Logo Manager For Enamad logo-manager-for-enamad
Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library ) magical-addons-for-elementor
Market Exporter market-exporter
Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor master-addons
Materialis Companion materialis-companion
Media Slider – Photo Slider, Video Slider, Link Slider, Carousal Slideshow media-slider
MegaMenu stm-megamenu
MelaPress Login Security melapress-login-security
Mime Types Extended mime-types-extended
Minimal Coming Soon – Coming Soon Page minimal-coming-soon-maintenance-mode
Mollie Forms mollie-forms
MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution dc-woocommerce-multi-vendor
Nafeza Prayer Time nafeza-prayer-time
Newsletter – Send awesome emails from WordPress newsletter
Newsletter, SMTP, Email marketing and Subscribe forms by Brevo (formely Sendinblue) mailin
Newsletters newsletters-lite
One Page Express Companion one-page-express-companion
Open Graph opengraph
Otter Blocks PRO – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE otter-pro
Ovic Importer ovic-import-demo
Pagerank tools pagerank-tools
Photo Gallery by 10Web – Mobile-Friendly Image Gallery photo-gallery
Podlove Web Player podlove-web-player
Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) buddyforms
PowerPack Pro for Elementor powerpack-elements
Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) bdthemes-prime-slider-lite
Product Addons & Fields for WooCommerce woocommerce-product-addon
ProfileGrid – User Profiles, Groups and Communities profilegrid-user-profiles-groups-and-communities
PropertyHive propertyhive
Pure Chat – Live Chat & More! pure-chat
Qi Addons For Elementor qi-addons-for-elementor
Qi Blocks qi-blocks
Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker quiz-master-next
Recurring PayPal Donations recurring-donation
Responsive Addons – Starter Templates, Advanced Features and Customizer Settings for Responsive Theme. responsive-add-ons
Restrict for Elementor restrict-for-elementor
RestroPress – Online Food Ordering System restropress
Rotating Tweets (Twitter widget and shortcode) rotatingtweets
Royal Elementor Addons and Templates royal-elementor-addons
Salon Booking System salon-booking-system
Save as PDF Plugin by Pdfcrowd save-as-pdf-by-pdfcrowd
SC filechecker wp-file-checker
SellKit – Funnel builder and checkout optimizer for WooCommerce to sell more, faster sellkit
Sensei LMS – Online Courses, Quizzes, & Learning sensei-lms
Shopping Cart & eCommerce Store wp-easycart
Simple AL Slider simple-al-slider
Simple COD Fees for WooCommerce simple-cod-fee-for-woocommerce
Simple Image Popup Shortcode simple-image-popup-shortcode
SKT Addons for Elementor skt-addons-for-elementor
Slider Responsive Slideshow – Image slider, Gallery slideshow slider-responsive-slideshow
Slider Revolution revslider
Social Link Pages: link-in-bio landing pages for your social media profiles social-link-pages
Social Login Lite For WooCommerce social-login-lite-for-woocommerce
Startklar Elementor Addons startklar-elmentor-forms-extwidgets
Stellissimo Text Box stellissimo-text-box
Strategery Migrations strategery-migrations
Strong Testimonials strong-testimonials
SureTriggers – Connect All Your Plugins, Apps, Tools & Automate Everything! suretriggers
TablePress – Tables in WordPress made easy tablepress
tagDiv Composer td-composer
TemplatesNext OnePager templatesnext-onepager
Testimonials Widget testimonials-widget
The Moneytizer the-moneytizer
The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid the-post-grid
Themesflat Addons For Elementor themesflat-addons-for-elementor
Tickera – WordPress Event Ticketing tickera-event-ticketing-system
Tutor LMS – eLearning and online course solution tutor
Under Construction / Maintenance Mode from Acurax coming-soon-maintenance-mode-from-acurax
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) unlimited-elements-for-elementor
Upload Fields for WPForms – Drag and Drop Multiple File Upload, Image Upload, and Google Drive Upload for WPForms upload-fields-for-wpforms
Upunzipper upunzipper
Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode & Coming Soon Pages visualcomposer
Visualizer: Tables and Charts Manager for WordPress visualizer
Wbcom Designs – Custom Font Uploader custom-font-uploader
Weaver Xtreme Theme Support weaverx-theme-support
Widget Options – Extended extended-widget-options
Widget Options – The #1 WordPress Widget & Block Control Plugin widget-options
Widget4Call widget4call
WooCommerce Dropshipping Premium woocommerce-dropshipping
WooCommerce Tools woo-tools
Woody code snippets – Insert Header Footer Code, AdSense Ads insert-php
woothemes-sensei woothemes-sensei
WordPress prettyPhoto prettyphoto
WP Dark Mode – WordPress Dark Mode Plugin for Improved Accessibility, Dark Theme, Night Mode, and Social Sharing wp-dark-mode
WP Docs wp-docs
WP Force SSL & HTTPS SSL Redirect wp-force-ssl
WP jQuery Lightbox wp-jquery-lightbox
WP Mobile Menu – The Mobile-Friendly Responsive Menu mobile-menu
WP Reset – Most Advanced WordPress Reset Tool wp-reset
WP Time Slots Booking Form wp-time-slots-booking-form
WP Translate – WordPress Translation Plugin wp-translate
WP Visitors Tracker wp_visitorstracker
WP-DB-Table-Editor wp-db-table-editor
WP-Recall – Registration, Profile, Commerce & More wp-recall
WPMobile.App — Android and iOS Mobile Application wpappninja
WPUpper Share Buttons wpupper-share-buttons
WS Form LITE – Drag & Drop Contact Form Builder for WordPress ws-form
WS Form Pro ws-form-pro
YITH Custom Login yith-custom-login
YITH WooCommerce Product Add-Ons yith-woocommerce-product-add-ons
YITH WooCommerce Tab Manager yith-woocommerce-tab-manager

WordPress Themes with Reported Vulnerabilities Last Week

Software Name Software Slug
Blocksy blocksy
Bloglo bloglo
Eduma eduma
Event event
Formula formula
Idyllic idyllic
Pixgraphy pixgraphy
Radcliffe 2 radcliffe-2
Responsive responsive
Rife Free rife-free

Vulnerability Details

Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you’d like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.

CVSS Rating
Critical (10.0)
CVE-ID
CVE-2024-35746
Patch Status
Unpatched
Published
Jun 6, 2024

Affected Software
BuddyPress Cover
Researcher

CVSS Rating
Critical (9.9)
CVE-ID
CVE-2024-35750
Patch Status
Unpatched
Published
Jun 6, 2024

CVSS Rating
Critical (9.9)
CVE-ID
CVE-2024-35736
Patch Status
Patched
Published
Jun 6, 2024

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-35658
Patch Status
Patched
Published
Jun 3, 2024

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-35677
Patch Status
Patched
Published
Jun 5, 2024

Affected Software
MegaMenu
Researcher

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-4552
Patch Status
Unpatched
Published
Jun 3, 2024

Researcher

CVSS Rating
Critical (9.1)
CVE-ID
CVE-2024-5153
Patch Status
Unpatched
Published
Jun 5, 2024

Affected Software
Startklar Elementor Addons
Researcher

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-5179
Patch Status
Unpatched
Published
Jun 5, 2024

Affected Software
Cowidgets – Elementor Addons
Researcher

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-3668
Patch Status
Patched
Published
Jun 7, 2024

Affected Software
PowerPack Pro for Elementor
Researcher

CVSS Rating
High (8.1)
CVE-ID
CVE-2023-6968
Patch Status
Unpatched
Published
Jun 5, 2024

Affected Software
The Moneytizer
Researcher

CVSS Rating
High (8.1)
CVE-ID
CVE-2023-6966
Patch Status
Unpatched
Published
Jun 5, 2024

Affected Software
The Moneytizer
Researcher

CVSS Rating
High (7.5)
CVE-ID
CVE-2024-5599
Patch Status
Patched
Published
Jun 6, 2024

CVSS Rating
High (7.5)
CVE-ID
CVE-2024-5637
Patch Status
Patched
Published
Jun 6, 2024

Affected Software
Market Exporter
Researcher

CVSS Rating
High (7.5)
CVE-ID
CVE-2024-4887
Patch Status
Patched
Published
Jun 6, 2024

Affected Software
Qi Addons For Elementor
Researcher

CVSS Rating
High (7.5)
CVE-ID
CVE-2024-35745
Patch Status
Unpatched
Published
Jun 6, 2024

Affected Software
Strategery Migrations
Researcher

CVSS Rating
High (7.5)
CVE-ID
CVE-2024-2019
Patch Status
Unpatched
Published
Jun 3, 2024

Affected Software
WP-DB-Table-Editor
Researcher

CVSS Rating
High (7.4)
CVE-ID
CVE-2024-3667
Patch Status
Patched
Published
Jun 4, 2024

Affected Software
Brizy – Page Builder
Researcher

CVSS Rating
High (7.4)
CVE-ID
CVE-2024-5091
Patch Status
Patched
Published
Jun 7, 2024

Affected Software
SKT Addons for Elementor
Researcher

CVSS Rating
High (7.2)
CVE-ID
CVE-2024-2087
Patch Status
Patched
Published
Jun 4, 2024

Affected Software
Brizy – Page Builder
Researcher

CVSS Rating
High (7.2)
CVE-ID
CVE-2024-4870
Patch Status
Unpatched
Published
Jun 3, 2024

CVSS Rating
High (7.2)
CVE-ID
CVE-2024-35706
Patch Status
Patched
Published
Jun 6, 2024

Affected Software
Heateor Social Login WordPress
Researcher

CVSS Rating
High (7.2)
CVE-ID
CVE-2024-4759
Patch Status
Unpatched
Published
Jun 4, 2024

Affected Software
Mime Types Extended
Researcher

CVSS Rating
High (7.2)
CVE-ID
CVE-2024-4902
Patch Status
Patched
Published
Jun 6, 2024

CVSS Rating
High (7.2)
CVE-ID
CVE-2024-35734
Patch Status
Patched
Published
Jun 6, 2024

Affected Software
WP Time Slots Booking Form
Researcher

CVSS Rating
Medium (6.6)
CVE-ID
CVE-2024-35650
Patch Status
Patched
Published
Jun 3, 2024

Affected Software
MelaPress Login Security
Researcher

CVSS Rating
Medium (6.5)
CVE-ID
CVE-2024-4194
Patch Status
Patched
Published
Jun 5, 2024

CVSS Rating
Medium (6.5)
CVE-ID
CVE-2024-5654
Patch Status
Patched
Published
Jun 7, 2024

Affected Software
CF7 Google Sheets Connector
Researcher

CVSS Rating
Medium (6.5)
CVE-ID
CVE-2024-35754
Patch Status
Unpatched
Published
Jun 6, 2024

Affected Software
Ovic Importer
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-35705
Patch Status
Patched
Published
Jun 6, 2024

Affected Software
Block for Font Awesome

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-5439
Patch Status
Patched
Published
Jun 4, 2024

Affected Software
Blocksy

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-35715
Patch Status
Patched
Published
Jun 6, 2024

Affected Software
Bloglo
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-1161
Patch Status
Patched
Published
Jun 4, 2024

Affected Software
Brizy – Page Builder
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-1164
Patch Status
Patched
Published
Jun 4, 2024

Affected Software
Brizy – Page Builder
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-5663
Patch Status
Patched
Published
Jun 7, 2024

Affected Software
Cards for Beaver Builder
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-2350
Patch Status
Unpatched
Published
Jun 5, 2024

Affected Software
Clever Addons for Elementor
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-1768
Patch Status
Patched
Published
Jun 6, 2024

Affected Software
Clever Fox

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4451
Patch Status
Patched
Published
Jun 6, 2024

Affected Software
Colibri Page Builder

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-5038
Patch Status
Patched
Published
Jun 5, 2024

Affected Software
Colibri Page Builder

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-35681
Patch Status
Patched
Published
Jun 6, 2024

Affected Software
Comments – wpDiscuz
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4697
Patch Status
Unpatched
Published
Jun 3, 2024

Affected Software
Cowidgets – Elementor Addons
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-3230
Patch Status
Unpatched
Published
Jun 3, 2024

Affected Software
Download Attachments
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4001
Patch Status
Patched
Published
Jun 4, 2024

Affected Software
Download Manager
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-5152
Patch Status
Unpatched
Published
Jun 5, 2024

Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-5645
Patch Status
Patched
Published
Jun 6, 2024

Affected Software
Envo Extra
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4273
Patch Status
Unpatched
Published
Jun 3, 2024

Affected Software
Essential Real Estate
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-5536
Patch Status
Patched
Published
Jun 4, 2024

Affected Software
GamiPress – Link
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-35707
Patch Status
Patched
Published
Jun 6, 2024

Affected Software
Heateor Social Login WordPress
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-35699
Patch Status
Patched
Published
Jun 6, 2024

Affected Software
HT Feed
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-35714
Patch Status
Patched
Published
Jun 6, 2024

Affected Software
Idyllic
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-35738
Patch Status
Patched
Published
Jun 6, 2024

Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4707
Patch Status
Patched
Published
Jun 5, 2024

Affected Software
Materialis Companion
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-5317
Patch Status
Patched
Published
Jun 4, 2024

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-35740
Patch Status
Patched
Published
Jun 6, 2024

Affected Software
Pixgraphy
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-35701
Patch Status
Patched
Published
Jun 6, 2024

Affected Software
PropertyHive
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4364
Patch Status
Patched
Published
Jun 5, 2024

Affected Software
Qi Addons For Elementor
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-5221
Patch Status
Patched
Published
Jun 5, 2024

Affected Software
Qi Blocks
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-35676
Patch Status
Patched
Published
Jun 5, 2024

Affected Software
Recurring PayPal Donations
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-35654
Patch Status
Patched
Published
Jun 3, 2024

Affected Software
Responsive
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-35719
Patch Status
Patched
Published
Jun 6, 2024

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-35708
Patch Status
Patched
Published
Jun 6, 2024

Affected Software
Rife Free
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4489
Patch Status
Patched
Published
Jun 6, 2024

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4488
Patch Status
Patched
Published
Jun 6, 2024

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-35649
Patch Status
Patched
Published
Jun 3, 2024

Affected Software
Save as PDF Plugin by Pdfcrowd
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-34765
Patch Status
Patched
Published
Jun 6, 2024

Affected Software
woothemes-sensei
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-5342
Patch Status
Unpatched
Published
Jun 5, 2024

Affected Software
Simple Image Popup Shortcode
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4637
Patch Status
Patched
Published
Jun 3, 2024

Affected Software
Slider Revolution
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4581
Patch Status
Patched
Published
Jun 3, 2024

Affected Software
Slider Revolution
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-3888
Patch Status
Patched
Published
Jun 3, 2024

Affected Software
tagDiv Composer
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-35753
Patch Status
Unpatched
Published
Jun 6, 2024

Affected Software
TemplatesNext OnePager
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4705
Patch Status
Unpatched
Published
Jun 5, 2024

Affected Software
Testimonials Widget
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-35711
Patch Status
Patched
Published
Jun 6, 2024

Affected Software
Event
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4212
Patch Status
Unpatched
Published
Jun 5, 2024

Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4458
Patch Status
Unpatched
Published
Jun 5, 2024

Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-2922
Patch Status
Unpatched
Published
Jun 5, 2024

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4459
Patch Status
Unpatched
Published
Jun 5, 2024

Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4939
Patch Status
Patched
Published
Jun 4, 2024

Affected Software
Weaver Xtreme Theme Support
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-5162
Patch Status
Unpatched
Published
Jun 5, 2024

Affected Software
WordPress prettyPhoto
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-35695
Patch Status
Patched
Published
Jun 6, 2024

Affected Software
WP Docs
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-5425
Patch Status
Patched
Published
Jun 6, 2024

Affected Software
WP jQuery Lightbox
Researcher

CVSS Rating
Medium (6.3)
CVE-ID
CVE-2024-5087
Patch Status
Patched
Published
Jun 7, 2024

Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-35693
Patch Status
Patched
Published
Jun 6, 2024

Affected Software
12 Step Meeting List
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-5728
Patch Status
Unpatched
Published
Jun 7, 2024

Affected Software
Animated AL List
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-35733
Patch Status
Patched
Published
Jun 6, 2024

Affected Software
Auto Coupons for WooCommerce
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-35697
Patch Status
Patched
Published
Jun 6, 2024

Affected Software
Eduma
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-35652
Patch Status
Patched
Published
Jun 3, 2024

Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-5613
Patch Status
Patched
Published
Jun 7, 2024

Affected Software
Formula
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-5638
Patch Status
Patched
Published
Jun 7, 2024

Affected Software
Formula
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-35679
Patch Status
Patched
Published
Jun 6, 2024

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-3469
Patch Status
Patched
Published
Jun 4, 2024

Affected Software
GP Premium
Researchers

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-35687
Patch Status
Patched
Published
Jun 6, 2024

Affected Software
Link Library
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-4757
Patch Status
Unpatched
Published
Jun 4, 2024

Affected Software
Logo Manager For Enamad
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-35718
Patch Status
Patched
Published
Jun 6, 2024

Affected Software
Newsletters
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-5730
Patch Status
Unpatched
Published
Jun 7, 2024

Affected Software
Pagerank tools
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-5729
Patch Status
Unpatched
Published
Jun 7, 2024

Affected Software
Simple AL Slider
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-5727
Patch Status
Unpatched
Published
Jun 7, 2024

Affected Software
Widget4Call
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-35696
Patch Status
Patched
Published
Jun 6, 2024

Affected Software
WP Docs
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-35737
Patch Status
Patched
Published
Jun 6, 2024

Affected Software
WP Visitors Tracker
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-35694
Patch Status
Patched
Published
Jun 6, 2024

CVSS Rating
Medium (5.4)
CVE-ID
CVE-2024-35724
Patch Status
Patched
Published
Jun 6, 2024

CVSS Rating
Medium (5.4)
CVE-ID
CVE-2023-6876
Patch Status
Patched
Published
Jun 6, 2024

Affected Software
Clever Fox
Researcher

CVSS Rating
Medium (5.4)
CVE-ID
CVE-2024-35669
Patch Status
Patched
Published
Jun 3, 2024

Affected Software
Debug Log Manager
Researcher

CVSS Rating
Medium (5.4)
CVE-ID
CVE-2024-35673
Patch Status
Patched
Published
Jun 5, 2024

Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-0972
Patch Status
Unpatched
Published
Jun 5, 2024

Affected Software
BuddyPress Members Only
Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-35747
Patch Status
Unpatched
Published
Jun 6, 2024

Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-35742
Patch Status
Unpatched
Published
Jun 6, 2024

Affected Software
Easy Forms for Mailchimp

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-35692
Patch Status
Patched
Published
Jun 6, 2024

Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-35665
Patch Status
Unpatched
Published
Jun 3, 2024

Affected Software
Insert Post Ads
Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-35725
Patch Status
Patched
Published
Jun 6, 2024

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-5483
Patch Status
Patched
Published
Jun 4, 2024

Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-35683
Patch Status
Patched
Published
Jun 6, 2024

Affected Software
Leyka
Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-5615
Patch Status
Patched
Published
Jun 4, 2024

Affected Software
Open Graph
Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-35710
Patch Status
Patched
Published
Jun 6, 2024

Affected Software
Podlove Web Player
Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-35728
Patch Status
Patched
Published
Jun 6, 2024

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-35685
Patch Status
Patched
Published
Jun 6, 2024

Affected Software
Radcliffe 2
Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-0910
Patch Status
Unpatched
Published
Jun 5, 2024

Affected Software
Restrict for Elementor
Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-35686
Patch Status
Patched
Published
Jun 6, 2024

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-35749
Patch Status
Unpatched
Published
Jun 6, 2024

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-35748
Patch Status
Unpatched
Published
Jun 6, 2024

Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-1689
Patch Status
Patched
Published
Jun 6, 2024

Affected Software
WooCommerce Tools
Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-35667
Patch Status
Patched
Published
Jun 3, 2024

Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-35735
Patch Status
Patched
Published
Jun 6, 2024

Affected Software
WP Time Slots Booking Form
Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-35663
Patch Status
Unpatched
Published
Jun 3, 2024

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-4997
Patch Status
Unpatched
Published
Jun 3, 2024

Affected Software
WPUpper Share Buttons
Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-35680
Patch Status
Patched
Published
Jun 6, 2024

CVSS Rating
Medium (4.9)
CVE-ID
CVE-2024-35712
Patch Status
Patched
Published
Jun 6, 2024

CVSS Rating
Medium (4.9)
CVE-ID
CVE-2024-35743
Patch Status
Unpatched
Published
Jun 6, 2024

Affected Software
SC filechecker
Researcher

CVSS Rating
Medium (4.9)
CVE-ID
CVE-2024-35744
Patch Status
Unpatched
Published
Jun 6, 2024

Affected Software
Upunzipper
Researcher

CVSS Rating
Medium (4.7)
CVE-ID
CVE-2023-5424
Patch Status
Patched
Published
Jun 6, 2024

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-4942
Patch Status
Unpatched
Published
Jun 5, 2024

Affected Software
Custom Dash

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-3031
Patch Status
Unpatched
Published
Jun 3, 2024

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-4462
Patch Status
Unpatched
Published
Jun 3, 2024

Affected Software
Nafeza Prayer Time

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-35752
Patch Status
Unpatched
Published
Jun 6, 2024

Affected Software
Stellissimo Text Box
Researcher

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-35698
Patch Status
Patched
Published
Jun 6, 2024

Affected Software
YITH WooCommerce Tab Manager

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-1717
Patch Status
Unpatched
Published
Jun 3, 2024

Affected Software
Admin Notices Manager
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-35720
Patch Status
Patched
Published
Jun 6, 2024

Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-4788
Patch Status
Unpatched
Published
Jun 5, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-35716
Patch Status
Patched
Published
Jun 6, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-35723
Patch Status
Patched
Published
Jun 6, 2024

Affected Software
Dashboard To-Do List
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-35684
Patch Status
Patched
Published
Jun 6, 2024

Affected Software
ElasticPress
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-35648
Patch Status
Patched
Published
Jun 3, 2024

Affected Software
Emergency Password Reset

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-4274
Patch Status
Unpatched
Published
Jun 3, 2024

Affected Software
Essential Real Estate
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-35727
Patch Status
Patched
Published
Jun 6, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-4088
Patch Status
Patched
Published
Jun 4, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-35659
Patch Status
Unpatched
Published
Jun 3, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-2368
Patch Status
Patched
Published
Jun 4, 2024

Affected Software
Mollie Forms
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-5453
Patch Status
Patched
Published
Jun 4, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-5459
Patch Status
Patched
Published
Jun 4, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-4468
Patch Status
Patched
Published
Jun 7, 2024

Affected Software
Salon Booking System
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-35662
Patch Status
Unpatched
Published
Jun 3, 2024

Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-35722
Patch Status
Patched
Published
Jun 6, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2023-6491
Patch Status
Patched
Published
Jun 6, 2024

Affected Software
Strong Testimonials
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-35729
Patch Status
Patched
Published
Jun 6, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-5489
Patch Status
Patched
Published
Jun 5, 2024

Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-4661
Patch Status
Patched
Published
Jun 7, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-35657
Patch Status
Unpatched
Published
Jun 3, 2024

CVSS Rating
Medium (4.2)
CVE-ID
CVE-2024-5770
Patch Status
Patched
Published
Jun 7, 2024

Researcher

CVSS Rating
Medium (4.0)
CVE-ID
CVE-2024-35732
Patch Status
Patched
Published
Jun 6, 2024

Affected Software
YITH Custom Login
Researcher


As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.

This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us through our Bug Bounty Program, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.

The post Wordfence Intelligence Weekly WordPress Vulnerability Report (June 3, 2024 to June 9, 2024) appeared first on Wordfence.

More great articles

Wordfence Intelligence Weekly WordPress Vulnerability Report (June 17, 2024 to June 23, 2024)

Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors?…

Read Story

WordPress Core 6.0.2 Security & Maintenance Release – What You Need to Know

On August 30, 2022, the WordPress core team released WordPress version 6.0.2, which contains patches for 3 vulnerabilities, including a…

Read Story

Holiday Attack Spikes Target Ancient Vulnerabilities and Hidden Webshells

Winter brings a number of holidays in a short period of time, and many organizations shut down or run a…

Read Story

Emergency WordPress Help

One of our techs will get back to you within minutes.