• New Page 1

    RSSFacebookInstagramTwitterYouTubeYouTubeYouTubeYouTubeYouTubeYouTubeYouTube  

    AGÊNCIA JF | Social - Repositório

Wordfence Intelligence Weekly WordPress Vulnerability Report (November 11, 2024 to November 17, 2024)

por | |

🦸 💥 Calling all superheroes and hunters! Introducing the End of Year Holiday Extravaganza and the WordPress Superhero Challenge for the Wordfence Bug Bounty Program! Through December 9th, 2024:

  • All in-scope vulnerability types for WordPress plugins/themes with >= 1,000 active installations are in-scope for ALL researchers
  • All plugins and themes with 50-999 active installs hosted in the WordPress.org repository and updated within the last 2 years are in-scope for all researchers!
  • Minimum bounty of $5 for all valid in-scope submissions.
  • All researchers earn automatic bonuses of between 5% to 180% for valid submissions
  • Pending report limits are increased for all
  • It’s possible to earn up to $31,200 for high impact vulnerabilities!

Last week, there were 163 vulnerabilities disclosed in 148 WordPress Plugins and 4 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 49 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.

Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface, vulnerability API, webhook integration, and Wordfence CLI Vulnerability Scanner are all completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.

Enterprises, Hosting Providers, and even Individuals can use the Wordfence CLI Vulnerability Scanner to run regular vulnerability scans across the sites they protect. Or alternatively, utilize the vulnerability Database API to receive a complete dump of our database of over 20,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.

New Firewall Rules Deployed Last Week

The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.

The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our Premium, Care, and Response customers last week:

  • WordPress GDPR <= 2.0.2 – Missing Authorization to Unauthenticated Arbitrary User Deletion
  • WAF-RULE-766 – Data redacted while we work with the vendor on a patch.
  • WAF-RULE-767 – Data redacted while we work with the vendor on a patch.
  • WAF-RULE-768 – Data redacted while we work with the vendor on a patch.
  • WAF-RULE-769 – Data redacted while we work with the vendor on a patch.

Wordfence Premium, Care, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.

Total Unpatched & Patched Vulnerabilities Last Week

Patch Status Number of Vulnerabilities
Patched 74
Unpatched 89

Total Vulnerabilities by CVSS Severity Last Week

Severity Rating Number of Vulnerabilities
Low Severity 2
Medium Severity 90
High Severity 41
Critical Severity 30

Total Vulnerabilities by CWE Type Last Week

Vulnerability Type by CWE Number of Vulnerabilities
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) 52
Missing Authorization 25
Unrestricted Upload of File with Dangerous Type 24
Cross-Site Request Forgery (CSRF) 12
Deserialization of Untrusted Data 11
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) 7
Authorization Bypass Through User-Controlled Key 5
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) 5
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) 5
Authentication Bypass Using an Alternate Path or Channel 4
Improper Control of Generation of Code (‘Code Injection’) 4
Exposure of Sensitive Information to an Unauthorized Actor 2
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) 2
Dependency on Vulnerable Third-Party Component 1
Exposure of Data Element to Wrong Session 1
External Control of File Name or Path 1
Improper Neutralization of Special Elements Used in a Template Engine 1
Improper Privilege Management 1

Researchers That Contributed to WordPress Security Last Week

Researcher Name Number of Vulnerabilities

stealthcopter

22

Francesco Carlucci

17

Peter Thaleikis

14

Mika

8

Tieu Pham Trong Nhan

7

vgo0

7

incognito

6

Bonds

5

zer0gh0st

5

SOPROBRO

5

István Márton

5

Trương Hữu Phúc (truonghuuphuc)

4

Tonn

4

Hakiduck

4

João Pedro Soares de Alcântara

4

LVT-tholv2k

3

Joshua Chan

3

Le Ngoc Anh

3

Arkadiusz Hydzik

3

C_T_R_L

2

wesley (wcraft)

2

Max Boll (_b0lli)

2

Ananda Dhakal

2

Webbernaut

2

akas wisnu aji

2

kr0d

1

Sean Murphy

1

Aitor F (kr0no)

1

Lesor101

1

Akbar Kustirama

1

Fazle Mawla

1

mikemyers

1

Krugov Artyom

1

Gab

1

Asaf Mozes

1

Junsu Yeo

1

Dimas Maulana

1

Pierre Rudloff

1

casol

1

paupu

1

Jorge Diaz (ddiax)

1

Chloe Chamberland

1

theviper17y

1

Lucio Sá

1

Michael

1

Colin Xu

1

abrahack

1

shaman0x01

1

Rein Daelman (trein)

1

Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and earn a bounty on in-scope vulnerabilities through our Bug Bounty Program. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.

WordPress Plugins with Reported Vulnerabilities Last Week

Software Name Software Slug
404 Error Monitor 404-error-monitor
404 Solution 404-solution
Admin and Site Enhancements (ASE) admin-site-enhancements
Ads Booster by Ads Pro free-wp-booster-by-ads-pro
Advanced Order Export For WooCommerce woo-order-export-lite
Advanced Personalization personalization-by-flowcraft
AFI – The Easiest Integration Plugin advanced-form-integration
Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One ai-auto-tool
AJAX Login and Registration modal popup + inline form ajax-login-and-registration-modal-popup
AJAX Random Posts ajax-random-posts
Aqua SVG Sprite aqua-svg-sprite
B-Banner Slider b-banner-slider
Backup and Staging by WP Time Capsule wp-time-capsule
Blogger 301 Redirect blogger-301-redirect
Boat Rental Plugin for WordPress boat-rental-system
Boostify Header Footer Builder for Elementor boostify-header-footer-builder
Bounce Handler MailPoet 3 bounce-handler-mailpoet
BuddyPress Builder for Elementor – BuddyBuilder stax-buddy-builder
BulkPress bulkpress
Buy one click WooCommerce buy-one-click-woocommerce
CDI – Collect and Deliver Interface for Woocommerce collect-and-deliver-interface-for-woocommerce
CF7 Reply Manager cf7-reply-manager
Chartify – WordPress Chart Plugin chart-builder
Classified Listing – Classified ads & Business Directory Plugin classified-listing
Constant Contact Forms by MailMunch constant-contact-forms-by-mailmunch
Contact Form 7 Redirect & Thank You Page cf7-redirect-thank-you-page
Convert Docx2post convert-docx2post
ConvertCalculator for WordPress convertcalculator
Copy Anything to Clipboard copy-the-code
CSV to html csv-to-html
Customer Reviews for WooCommerce customer-reviews-woocommerce
CYAN Backup cyan-backup
Datasets Manager by Arttia Creative datasets-manager-by-arttia-creative
Devexhub Gallery devexhub-gallery
DigiPass digipass
Disable Admin Notices individually disable-admin-notices
Do That Task do-that-task
Drop Shadow Boxes drop-shadow-boxes
Drozd – Addons for Elementor drozd-addons-for-elementor
Easy CSV Importer BETA easy-csv-importer
EleForms – All In One Form Integration including DB for Elementor all-contact-form-integration-for-elementor
Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders essential-addons-for-elementor-lite
Event Tickets with Ticket Scanner event-tickets-with-ticket-scanner
Exclusive Content Password Protect exclusive-content-password-protect
Exclusive Divi – Divi Preloader, Modules for Divi & Extra Theme exclusive-divi
External Database Based Actions external-database-based-actions
Floating Buttons for WooCommerce shop-assistant-for-woocommerce-jarvis
Futurio Extra futurio-extra
Gallerio gallerio
Gallery Manager fancy-gallery
Global Gateway e4 | Payeezy Gateway | globe-gateway-e4
GPX Viewer gpx-viewer
Hacklog DownloadManager hacklog-downloadmanager
Happy Addons for Elementor happy-elementor-addons
Hash Elements hash-elements
Hebrew Dates hebrewdates
Hide Links hide-links
Hide My WP Ghost – Security & Firewall hide-my-wp
Hive Support | AI-Powered Help Desk, Live Chat & AI Chat Bot Plugin for WordPress hive-support
Instant Image Generator (One Click Image Uploads from Pixabay, Pexels and OpenAI) ai-image
JetWidgets For Elementor jetwidgets-for-elementor
KBucket: Your Curated Content in WordPress kbucket
kineticPay for WooCommerce kineticpay-for-woocommerce
Kognetiks Chatbot for WordPress chatbot-chatgpt
LearnPress Export Import – WordPress extension for LearnPress learnpress-import-export
Linear linear
Lis Video Gallery lis-video-gallery
Login using WordPress Users ( WP as SAML IDP ) miniorange-wp-as-saml-idp
LUNA RADIO PLAYER lu-radioplayer
Mapster WP Maps mapster-wp-maps
Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations master-addons
Matix Popup Builder medma-matix
Migration, Backup, Staging – WPvivid Backup & Migration wpvivid-backuprestore
MultiManager WP – Manage All Your WordPress Sites Easily multimanager-wp
Multiple Page Generator Plugin – MPG multiple-pages-generator-by-porthas
Music Player for Elementor – Audio Player & Podcast Player music-player-for-elementor
My Geo Posts Free my-geo-posts-free
NiceJob nicejob
NIX Anti-Spam Light nix-anti-spam-light
PDF Generator Addon for Elementor Page Builder pdf-generator-addon-for-elementor-page-builder
PeproDev WooCommerce Receipt Uploader pepro-bacs-receipt-upload-for-woocommerce
Picsmize picsmize
Pie Register Premium pie-register-premium
PJW Mime Config pjw-mime-config
Podlove Podcast Publisher podlove-podcasting-plugin-for-wordpress
Popularis Extra popularis-extra
Popup Box – Create Countdown, Coupon, Video, Contact Form Popups ays-popup-box
Popup by Supsystic popup-by-supsystic
Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX ultimate-post
Post SMTP – WordPress SMTP Plugin with Email Logs and Mobile App for Failure Notifications – Gmail SMTP, Office 365, Brevo, Mailgun, Amazon SES and more post-smtp
Premium Packages – Sell Digital Products Securely wpdm-premium-packages
Print PDF Generator and Publisher nopeamedia
Product Delivery Date for WooCommerce – Lite product-delivery-date-for-woocommerce-lite
Push Notifications for WordPress by PushAssist push-notification-for-wp-by-pushassist
Razorpay Payment Button Elementor Plugin razorpay-payment-button-elementor
Razorpay Payment Button Plugin razorpay-payment-button
Real3D Flipbook Lite – 3D FlipBook, PDF Viewer, PDF Embedder real3d-flipbook-lite
Really Simple Security Pro really-simple-ssl-pro
Really Simple Security Pro multisite really-simple-ssl-pro-multisite
Really Simple Security – Simple and Performant Security (formerly Really Simple SSL) really-simple-ssl
Referrer Detector referrer-detector
Relais 2FA relais-2fa
Royal Elementor Addons and Templates royal-elementor-addons
Sage AI: Chatbots, OpenAI GPT-4 Bulk Articles, Dalle-3 Image Generation ai-content-generator
Simple Local Avatars simple-local-avatars
Simple Pricing Table simple-pricing-table
Simple Side Tab simple-side-tab
SimpleForm Contact Form Submissions simpleform-contact-form-submissions
SimpleForm – Contact form made simple simpleform
SK WP Settings Backup sk-wp-settings-backup
Slickstream: Engagement and Conversions slick-engagement
Social Proof (Testimonial) Slider social-proof-testimonials-slider
Steel steel
Styler for Ninja Forms styler-for-ninja-forms-lite
SVG Case Study case-study
SVGPlus svgplus
Team Member – Multi Language Supported Team Plugin team-showcase-supreme
Themify Builder themify-builder
Tutor LMS Elementor Addons tutor-lms-elementor-addons
Twigify twigify
Uix Slideshow uix-slideshow
User Management user-management
W3SPEEDSTER w3speedster-wp
WDES Responsive Mobile Menu wdes-responsive-mobile-menu
WOLF – WordPress Posts Bulk Editor and Manager Professional bulk-editor
WooCommerce Upload Files woocommerce-upload-files
WordPress BasePress Migration Tools basepress-migration-tools
WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto tripetto
WordPress GDPR wordpress-gdpr
WordPress User Extra Fields wp-user-extra-fields
WordPress Video Robot – The Ultimate Video Importer wp-video-robot
WP Activity Log wp-security-audit-log
WP AdCenter – Ad Manager & Adsense Ads wpadcenter
WP Chat App wp-whatsapp
WP Githuber MD – WordPress Markdown Editor wp-githuber-md
WP Job Portal – A Complete Recruitment System for Company or Job Board website wp-job-portal
WP Log Viewer wp-log-viewer
WP Popup Window Maker easy-popup-lightbox-maker
WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts wedevs-project-manager
WP Quick Setup wp-quick-setup
wp-login customizer wp-login-customizer
WP-Strava wp-strava
WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More wpforms-lite
Writer Helper writer-helper
xili-tidy-tags xili-tidy-tags
Yotpo: Product & Photo Reviews for WooCommerce yotpo-social-reviews-for-woocommerce
ZIJ KART zij-kart
胖鼠采集(Fat Rat Collect) 微信知乎简书腾讯新闻列表分页采集, 还有自动采集、自动发布、自动标签、等多项功能。开源插件 fat-rat-collect

WordPress Themes with Reported Vulnerabilities Last Week

Software Name Software Slug
Airin Blog airin-blog
Gameplan – Event and Gym Fitness WordPress Theme gameplan
reconstruction reconstruction
Xin xin

Vulnerability Details

Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you’d like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.

CSV to html <= 3.06 – Authenticated (Subscriber+) Arbitrary File Upload

9.9

CVSS Rating
Critical (9.9)
CVE-ID
CVE-2024-52406
Patch Status
Unpatched
Published
Nov 13, 2024

Affected Software
CSV to html
Researcher

stealthcopter

More Details >

Ads Booster by Ads Pro <= 1.12 – Unauthenticated Local File Inclusion

9.8

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-52428
Patch Status
Unpatched
Published
Nov 15, 2024

Affected Software
Ads Booster by Ads Pro
Researcher

Dimas Maulana

More Details >

Advanced Personalization <= 1.1.2 – Unauthenticated PHP Object Injection

9.8

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-52411
Patch Status
Unpatched
Published
Nov 13, 2024

Affected Software
Advanced Personalization
Researcher

Bonds

More Details >

Airin Blog <= 1.6.1 – Unauthenticated PHP Object Injection

9.8

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-52413
Patch Status
Unpatched
Published
Nov 13, 2024

Affected Software
Airin Blog
Researcher

Mika

More Details >

AJAX Random Posts <= 0.3.3 – Unauthenticated PHP Object Injection

9.8

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-52409
Patch Status
Unpatched
Published
Nov 13, 2024

Affected Software
AJAX Random Posts
Researcher

Bonds

More Details >

Backup and Staging by WP Time Capsule <= 1.22.21 – Unauthenticated Arbitrary File Upload

9.8

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-8856
Patch Status
Patched
Published
Nov 15, 2024

Affected Software
Backup and Staging by WP Time Capsule
Researcher

Rein Daelman (trein)

More Details >

Boat Rental Plugin for WordPress <= 1.0.1 – Unauthenticated Arbitrary File Upload

9.8

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-52376
Patch Status
Unpatched
Published
Nov 11, 2024

Affected Software
Boat Rental Plugin for WordPress
Researcher

stealthcopter

More Details >

Chartify – WordPress Chart Plugin <= 2.9.5 – Unauthenticated Local File Inclusion via source

9.8

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-10571
Patch Status
Patched
Published
Nov 13, 2024

Affected Software
Chartify – WordPress Chart Plugin
Researcher

abrahack

More Details >

Datasets Manager by Arttia Creative <= 1.5 – Unauthenticated Arbitrary File Upload

9.8

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-52375
Patch Status
Unpatched
Published
Nov 11, 2024

Affected Software
Datasets Manager by Arttia Creative
Researcher

stealthcopter

More Details >

Devexhub Gallery <= 2.0.1 – Unauthenticated Arbitrary File Upload

9.8

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-52373
Patch Status
Unpatched
Published
Nov 11, 2024

Affected Software
Devexhub Gallery
Researcher

stealthcopter

More Details >

Do That Task <= 1.5.5 – Unauthenticated Arbitrary File Upload

9.8

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-52374
Patch Status
Unpatched
Published
Nov 11, 2024

Affected Software
Do That Task
Researcher

stealthcopter

More Details >

Easy CSV Importer BETA <= 7.0.0 – Unauthenticated Arbitrary File Upload

9.8

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-52372
Patch Status
Unpatched
Published
Nov 11, 2024

Affected Software
Easy CSV Importer BETA
Researcher

stealthcopter

More Details >

Instant Image Generator <= 1.5.4 – Unauthenticated Arbitrary File Upload

9.8

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-52377
Patch Status
Unpatched
Published
Nov 11, 2024

Affected Software
Instant Image Generator (One Click Image Uploads from Pixabay, Pexels and OpenAI)
Researcher

stealthcopter

More Details >

kineticPay for WooCommerce <= 2.0.8 – Unauthenticated Arbitrary File Upload

9.8

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-52379
Patch Status
Patched
Published
Nov 11, 2024

Affected Software
kineticPay for WooCommerce
Researcher

stealthcopter

More Details >

Lis Video Gallery <= 0.2.1 – Unauthenticated PHP Object Injection

9.8

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-52430
Patch Status
Unpatched
Published
Nov 15, 2024

Affected Software
Lis Video Gallery
Researcher

LVT-tholv2k

More Details >

Matix Popup Builder <= 1.0.0 – Unauthenticated Arbitrary Options Update

9.8

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-52382
Patch Status
Unpatched
Published
Nov 11, 2024

Affected Software
Matix Popup Builder
Researcher

João Pedro Soares de Alcântara

More Details >

MultiManager WP – Manage All Your WordPress Sites Easily <= 1.0.5 – Authentication Bypass via User Impersonation

9.8

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-11028
Patch Status
Patched
Published
Nov 12, 2024

Affected Software
MultiManager WP – Manage All Your WordPress Sites Easily
Researcher

shaman0x01

More Details >

My Geo Posts Free <= 1.2 – Unauthenticated PHP Object Injection

9.8

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-52433
Patch Status
Unpatched
Published
Nov 15, 2024

Affected Software
My Geo Posts Free
Researcher

Mika

More Details >

NIX Anti-Spam Light <= 0.0.4 – Unauthenticated PHP Object Injection

9.8

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-52432
Patch Status
Unpatched
Published
Nov 15, 2024

Affected Software
NIX Anti-Spam Light
Researcher

LVT-tholv2k

More Details >

Picsmize <= 1.0.0 – Unauthenticated Arbitrary File Upload

9.8

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-52380
Patch Status
Unpatched
Published
Nov 11, 2024

Affected Software
Picsmize
Researcher

stealthcopter

More Details >

Really Simple Security (Free, Pro, and Pro Multisite) 9.0.0 – 9.1.1.1 – Authentication Bypass

9.8

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-10924
Patch Status
Patched
Published
Nov 14, 2024

Affected Software
Really Simple Security Pro multisite
Really Simple Security – Simple and Performant Security (formerly Really Simple SSL)
Really Simple Security Pro
Researcher

István Márton

More Details >

Referrer Detector <= 4.2.1.0 – Unauthenticated PHP Object Injection

9.8

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-52410
Patch Status
Unpatched
Published
Nov 13, 2024

Affected Software
Referrer Detector
Researcher

Bonds

More Details >

Relais 2FA <= 1.0 – Authentication Bypass

9.8

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-10245
Patch Status
Unpatched
Published
Nov 11, 2024

Affected Software
Relais 2FA
Researcher

István Márton

More Details >

WDES Responsive Mobile Menu <= 5.3.18 – Unauthenticated PHP Object Injection

9.8

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-52414
Patch Status
Unpatched
Published
Nov 13, 2024

Affected Software
WDES Responsive Mobile Menu
Researcher

Bonds

More Details >

WooCommerce Upload Files <= 84.3 – Unauthenticated Arbitrary File Upload

9.8

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-10820
Patch Status
Patched
Published
Nov 12, 2024

Affected Software
WooCommerce Upload Files
Researcher

Tonn

More Details >

WordPress User Extra Fields <= 16.6 – Unauthenticated Arbitrary File Deletion

9.8

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-11150
Patch Status
Patched
Published
Nov 12, 2024

Affected Software
WordPress User Extra Fields
Researcher

Chloe Chamberland

More Details >

Xin <= 1.0.8.1 – Unauthenticated PHP Object Injection

9.8

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-52412
Patch Status
Unpatched
Published
Nov 13, 2024

Affected Software
Xin
Researcher

Mika

More Details >

ZIJ KART <= 1.1 – Unauthenticated Local File Inclusion

9.8

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-52381
Patch Status
Unpatched
Published
Nov 11, 2024

Affected Software
ZIJ KART
Researcher

stealthcopter

More Details >

Global Gateway e4 | Payeezy Gateway | <= 2.0 – Unauthenticated Arbitrary File Deletion

9.1

CVSS Rating
Critical (9.1)
CVE-ID
CVE-2024-52371
Patch Status
Unpatched
Published
Nov 11, 2024

Affected Software
Global Gateway e4 | Payeezy Gateway |
Researcher

stealthcopter

More Details >

Popup by Supsystic <= 1.10.29 – Authenticated (Admin+) Remote Code Execution

9.1

CVSS Rating
Critical (9.1)
CVE-ID
CVE-2024-52434
Patch Status
Unpatched
Published
Nov 15, 2024

Affected Software
Popup by Supsystic
Researcher

Hakiduck

More Details >

B-Banner Slider <= 1.1 – Authenticated (Subscriber+) Arbitrary File Upload

8.8

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-52405
Patch Status
Unpatched
Published
Nov 13, 2024

Affected Software
B-Banner Slider
Researcher

stealthcopter

More Details >

BasePress Migration Tools <= 1.0.0 – Authenticated (Subscriber+) Arbitrary File Upload

8.8

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-52407
Patch Status
Unpatched
Published
Nov 13, 2024

Affected Software
WordPress BasePress Migration Tools
Researcher

stealthcopter

More Details >

CF7 Reply Manager <= 1.2.3 – Authenticated (Subscriber+) Arbitrary File Upload

8.8

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-52404
Patch Status
Unpatched
Published
Nov 13, 2024

Affected Software
CF7 Reply Manager
Researcher

stealthcopter

More Details >

Classified Listing <= 3.1.16 – Authenticated (Contributor+) Local File Inclusion

8.8

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-52386
Patch Status
Unpatched
Published
Nov 11, 2024

Affected Software
Classified Listing – Classified ads & Business Directory Plugin
Researcher

João Pedro Soares de Alcântara

More Details >

Convert Docx2post <= 1.4 – Authenticated (Author+) Arbitrary File Upload

8.8

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-52397
Patch Status
Unpatched
Published
Nov 13, 2024

Affected Software
Convert Docx2post
Researcher

C_T_R_L

More Details >

Event Tickets with Ticket Scanner <= 2.3.11 – Authenticated (Author+) Remote Code Execution

8.8

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-52427
Patch Status
Patched
Published
Nov 15, 2024

Affected Software
Event Tickets with Ticket Scanner
Researcher

Hakiduck

More Details >

Exclusive Content Password Protect <= 1.1.0 – Cross-Site Request Forgery to Arbitrary File Upload

8.8

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-52402
Patch Status
Unpatched
Published
Nov 13, 2024

Affected Software
Exclusive Content Password Protect
Researcher

Joshua Chan

More Details >

Gallerio <= 1.01 – Authenticated (Subscriber+) Arbitrary File Upload

8.8

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-52400
Patch Status
Unpatched
Published
Nov 13, 2024

Affected Software
Gallerio
Researcher

C_T_R_L

More Details >

GPX Viewer <= 2.2.9 – Authenticated (Subscriber+) Arbitrary File Creation

8.8

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-10629
Patch Status
Patched
Published
Nov 12, 2024

Affected Software
GPX Viewer
Researcher

Francesco Carlucci

More Details >

Hacklog DownloadManager <= 2.1.4 – Cross-Site Request Forgery to Arbitrary File Upload

8.8

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-52401
Patch Status
Unpatched
Published
Nov 13, 2024

Affected Software
Hacklog DownloadManager
Researcher

Joshua Chan

More Details >

Hive Support – WordPress Help Desk <= 1.1.1 – Authenticated (Subscriber+) Arbitrary File Upload

8.8

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-52370
Patch Status
Patched
Published
Nov 11, 2024

Affected Software
Hive Support | AI-Powered Help Desk, Live Chat & AI Chat Bot Plugin for WordPress
Researcher

stealthcopter

More Details >

KBucket <= 4.1.6 – Authenticated (Subscriber+) Arbitrary File Upload

8.8

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-52369
Patch Status
Unpatched
Published
Nov 11, 2024

Affected Software
KBucket: Your Curated Content in WordPress
Researcher

stealthcopter

More Details >

Migration, Backup, Staging – WPvivid <= 0.9.107 – Unauthenticated PHP Object Injection

8.8

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-10962
Patch Status
Patched
Published
Nov 13, 2024

Affected Software
Migration, Backup, Staging – WPvivid Backup & Migration
Researcher

Webbernaut

More Details >

PostX <= 4.1.16 – Missing Authorization to Arbitrary Plugin Installation/Activation

8.8

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-10728
Patch Status
Patched
Published
Nov 15, 2024

Affected Software
Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX
Researcher

Sean Murphy

More Details >

Push Notifications for WordPress by PushAssist <= 3.0.8 – Authenticated (Subscriber+) Arbitrary File Upload

8.8

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-52408
Patch Status
Unpatched
Published
Nov 13, 2024

Affected Software
Push Notifications for WordPress by PushAssist
Researcher

stealthcopter

More Details >

Real3D Flipbook Lite – 3D FlipBook, PDF Viewer, PDF Embedder <= 4.8 – Authenticated (Author+) Arbitrary File Upload

8.8

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-9849
Patch Status
Patched
Published
Nov 15, 2024

Affected Software
Real3D Flipbook Lite – 3D FlipBook, PDF Viewer, PDF Embedder
Researcher

Aitor F (kr0no)

More Details >

Sage AI: Chatbots, OpenAI GPT-4 Bulk Articles, Dalle-3 Image Generation <= 2.4.9 – Authenticated (Subscriber+) Arbitrary File Upload

8.8

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-52384
Patch Status
Unpatched
Published
Nov 11, 2024

Affected Software
Sage AI: Chatbots, OpenAI GPT-4 Bulk Articles, Dalle-3 Image Generation
Researcher

stealthcopter

More Details >

SK WP Settings Backup <= 1.0 – Cross-Site Request Forgery to PHP Object Injection

8.8

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-52415
Patch Status
Unpatched
Published
Nov 13, 2024

Affected Software
SK WP Settings Backup
Researcher

Mika

More Details >

User Management <= 1.1 – Authenticated (Subscriber+) Arbitrary File Upload

8.8

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-52403
Patch Status
Unpatched
Published
Nov 13, 2024

Affected Software
User Management
Researcher

stealthcopter

More Details >

WordPress User Extra Fields <= 16.6 – Missing Authorization to Authenticated (Subscriber+) Privilege Escalation

8.8

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-10800
Patch Status
Patched
Published
Nov 12, 2024

Affected Software
WordPress User Extra Fields
Researcher

Tonn

More Details >

WP Quick Setup <= 2.0 – Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin/Theme Installation

8.8

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-52429
Patch Status
Unpatched
Published
Nov 15, 2024

Affected Software
WP Quick Setup
Researcher

Mika

More Details >

WP Video Robot <= 1.20.0 – Authenticated (Subscriber+) Privilege Escalation via User Meta Update

8.8

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-9192
Patch Status
Unpatched
Published
Nov 15, 2024

Affected Software
WordPress Video Robot – The Ultimate Video Importer
Researcher

Tonn

More Details >

Writer Helper <= 3.1.6 – Authenticated (Subscriber+) Arbitrary File Upload

8.8

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-52399
Patch Status
Unpatched
Published
Nov 13, 2024

Affected Software
Writer Helper
Researcher

Mika

More Details >

Advanced Order Export For WooCommerce <= 3.5.5 – Unauthenticated PHP Object Injection via Order Details

8.1

CVSS Rating
High (8.1)
CVE-ID
CVE-2024-10828
Patch Status
Patched
Published
Nov 12, 2024

Affected Software
Advanced Order Export For WooCommerce
Researcher

Webbernaut

More Details >

Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders <= 6.0.9 – Authenticated (Author+) Sensitive Information Exposure to Privilege Escalation

8.0

CVSS Rating
High (8.0)
CVE-ID
CVE-2024-8979
Patch Status
Patched
Published
Nov 14, 2024

Affected Software
Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders
Researcher

wesley (wcraft)

More Details >

Blogger 301 Redirect <= 2.5.3 – Unauthenticated SQL Injection via br

7.5

CVSS Rating
High (7.5)
CVE-ID
CVE-2024-10645
Patch Status
Unpatched
Published
Nov 15, 2024

Affected Software
Blogger 301 Redirect
Researcher

kr0d

More Details >

DigiPass <= 0.3.0 – Unauthenticated Arbitrary File Download

7.5

CVSS Rating
High (7.5)
CVE-ID
CVE-2024-52378
Patch Status
Unpatched
Published
Nov 11, 2024

Affected Software
DigiPass
Researcher

stealthcopter

More Details >

External Database Based Actions <= 0.1 – Authenticated (Subscriber+) Authentication Bypass

7.5

CVSS Rating
High (7.5)
CVE-ID
CVE-2024-10311
Patch Status
Unpatched
Published
Nov 14, 2024

Affected Software
External Database Based Actions
Researcher

István Márton

More Details >

LUNA RADIO PLAYER <= 6.24.01.24 – Unauthenticated Arbitrary File Read

7.5

CVSS Rating
High (7.5)
CVE-ID
CVE-2024-10816
Patch Status
Patched
Published
Nov 12, 2024

Affected Software
LUNA RADIO PLAYER
Researcher

Tonn

More Details >

PDF Generator Addon for Elementor Page Builder <= 1.7.5 – Unauthenticated Arbitrary File Download

7.5

CVSS Rating
High (7.5)
CVE-ID
CVE-2024-9935
Patch Status
Unpatched
Published
Nov 15, 2024

Affected Software
PDF Generator Addon for Elementor Page Builder
Researcher

stealthcopter

More Details >

WordPress Video Robot – The Ultimate Video Importer <= 1.20.0 – Unauthenticated SQL Injection

7.5

CVSS Rating
High (7.5)
CVE-ID
CVE-2024-52431
Patch Status
Unpatched
Published
Nov 15, 2024

Affected Software
WordPress Video Robot – The Ultimate Video Importer
Researcher

Bonds

More Details >

Twigify <= 1.1.2 – Running Vulnerable Twig Package

7.3

CVSS Rating
High (7.3)
CVE-ID
Unknown
Patch Status
Unpatched
Published
Nov 12, 2024

Affected Software
Twigify
Researcher

Pierre Rudloff

More Details >

Uix Slideshow <= 1.6.5 – Unauthenticated Arbitrary Shortcode Execution

7.3

CVSS Rating
High (7.3)
CVE-ID
CVE-2024-9839
Patch Status
Unpatched
Published
Nov 15, 2024

Affected Software
Uix Slideshow
Researcher

Francesco Carlucci

More Details >

WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts <= 2.6.13 – Insecure Direct Object Reference to Unauthenticated Authorization Bypass

7.3

CVSS Rating
High (7.3)
CVE-ID
CVE-2024-10174
Patch Status
Patched
Published
Nov 12, 2024

Affected Software
WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts
Researcher

stealthcopter

More Details >

CDI <= 5.5.3 – Authenticated (Shop Manager+) Arbitrary File Upload

7.2

CVSS Rating
High (7.2)
CVE-ID
CVE-2024-52398
Patch Status
Patched
Published
Nov 13, 2024

Affected Software
CDI – Collect and Deliver Interface for Woocommerce
Researcher

Joshua Chan

More Details >

Login using WordPress Users ( WP as SAML IDP ) <= 1.15.6 – Authenticated (Administrator+) SQL Injection

7.2

CVSS Rating
High (7.2)
CVE-ID
CVE-2024-9887
Patch Status
Patched
Published
Nov 15, 2024

Affected Software
Login using WordPress Users ( WP as SAML IDP )
Researcher

Lesor101

More Details >

Podlove Podcast Publisher <= 4.1.15 – Authenticated (Admin+) Remote Code Execution

7.2

CVSS Rating
High (7.2)
CVE-ID
CVE-2024-52393
Patch Status
Patched
Published
Nov 11, 2024

Affected Software
Podlove Podcast Publisher
Researcher

Hakiduck

More Details >

Team Member <= 7.1 – Authenticated (Editor+) Local File Inclusion

7.2

CVSS Rating
High (7.2)
CVE-ID
CVE-2024-52385
Patch Status
Unpatched
Published
Nov 11, 2024

Affected Software
Team Member – Multi Language Supported Team Plugin
Researcher

João Pedro Soares de Alcântara

More Details >

Tripetto <= 8.0.3 – Unauthentiated Stored Cross-Site Scripting via Form File Upload

7.2

CVSS Rating
High (7.2)
CVE-ID
CVE-2024-10260
Patch Status
Unpatched
Published
Nov 14, 2024

Affected Software
WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto
Researcher

Max Boll (_b0lli)

More Details >

WordPress GDPR <= 2.0.2 – Unauthenticated Stored Cross-Site Scripting

7.2

CVSS Rating
High (7.2)
CVE-ID
CVE-2024-10388
Patch Status
Patched
Published
Nov 17, 2024

Affected Software
WordPress GDPR
Researcher

István Márton

More Details >

WP Activity Log <= 5.2.1 – Unauthenticated Stored Cross-Site Scripting via User_id Parameter

7.2

CVSS Rating
High (7.2)
CVE-ID
CVE-2024-10793
Patch Status
Patched
Published
Nov 14, 2024

Affected Software
WP Activity Log
Researcher

mikemyers

More Details >

Styler for Ninja Forms <= 3.3.4 – Authenticated (Subscriber+) Arbitrary Option Deletion via deactivate_license

6.5

CVSS Rating
Medium (6.5)
CVE-ID
CVE-2024-10717
Patch Status
Unpatched
Published
Nov 12, 2024

Affected Software
Styler for Ninja Forms
Researcher

Arkadiusz Hydzik

More Details >

WordPress GDPR <= 2.0.2 – Missing Authorization to Unauthenticated Arbitrary User Deletion

6.5

CVSS Rating
Medium (6.5)
CVE-ID
CVE-2024-11069
Patch Status
Patched
Published
Nov 17, 2024

Affected Software
WordPress GDPR
Researcher

István Márton

More Details >

Aqua SVG Sprite <= 3.0.14 – Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-9426
Patch Status
Unpatched
Published
Nov 12, 2024

Affected Software
Aqua SVG Sprite
Researcher

Francesco Carlucci

More Details >

ConvertCalculator for WordPress <= 1.1.1 – Authenticated (Contributor+) Stored Cross-Site Scripting via id and type Parameter

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-10015
Patch Status
Patched
Published
Nov 15, 2024

Affected Software
ConvertCalculator for WordPress
Researcher

Peter Thaleikis

More Details >

Copy Anything to Clipboard <= 4.0.3 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-52419
Patch Status
Unpatched
Published
Nov 13, 2024

Affected Software
Copy Anything to Clipboard
Researcher

LVT-tholv2k

More Details >

Drozd – Addons for Elementor <= 1.1.1 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-52425
Patch Status
Unpatched
Published
Nov 13, 2024

Affected Software
Drozd – Addons for Elementor
Researcher

Gab

More Details >

Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders <= 6.0.7 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-8961
Patch Status
Patched
Published
Nov 14, 2024

Affected Software
Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders
Researcher

zer0gh0st

More Details >

Exclusive Divi – Divi Preloader, Modules for Divi & Extra Theme <= 1.4 – Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-9386
Patch Status
Unpatched
Published
Nov 15, 2024

Affected Software
Exclusive Divi – Divi Preloader, Modules for Divi & Extra Theme
Researcher

Francesco Carlucci

More Details >

Happy Addons for Elementor <= 3.12.5 – Authenticated (Contributor+) Stored Cross-Site Scripting via Image Comparison

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-10538
Patch Status
Patched
Published
Nov 11, 2024

Affected Software
Happy Addons for Elementor
Researcher

zer0gh0st

More Details >

JetWidgets For Elementor <= 1.0.18 – Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-10323
Patch Status
Patched
Published
Nov 11, 2024

Affected Software
JetWidgets For Elementor
Researcher

Francesco Carlucci

More Details >

Linear <= 2.7.11 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-52426
Patch Status
Unpatched
Published
Nov 13, 2024

Affected Software
Linear
Researcher

theviper17y

More Details >

Mapster WP Maps <= 1.6.0 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-10592
Patch Status
Patched
Published
Nov 15, 2024

Affected Software
Mapster WP Maps
Researcher

Akbar Kustirama

More Details >

Master Addons for Elementor <= 2.0.6.6 – Authenticated (Author+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-52387
Patch Status
Unpatched
Published
Nov 11, 2024

Affected Software
Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations
Researcher

Michael

More Details >

NiceJob <= 3.6.5 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-10887
Patch Status
Unpatched
Published
Nov 12, 2024

Affected Software
NiceJob
Researcher

Peter Thaleikis

More Details >

PJW Mime Config <= 1.0 – Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-10017
Patch Status
Unpatched
Published
Nov 15, 2024

Affected Software
PJW Mime Config
Researcher

Francesco Carlucci

More Details >

Print PDF Generator and Publisher <= 1.1.6 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-52394
Patch Status
Patched
Published
Nov 11, 2024

Affected Software
Print PDF Generator and Publisher
Researcher

SOPROBRO

More Details >

Royal Elementor Addons and Template <= 1.7.1001 – Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Google Maps Widget

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-9059
Patch Status
Patched
Published
Nov 12, 2024

Affected Software
Royal Elementor Addons and Templates
Researcher

zer0gh0st

More Details >

Royal Elementor Addons and Templates <= 1.7.1001 – Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Form Builder Widget

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-9682
Patch Status
Patched
Published
Nov 12, 2024

Affected Software
Royal Elementor Addons and Templates
Researcher

zer0gh0st

More Details >

Royal Elementor Addons and Templates <= 1.7.1001 – Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-9668
Patch Status
Patched
Published
Nov 12, 2024

Affected Software
Royal Elementor Addons and Templates
Researcher

zer0gh0st

More Details >

Simple Pricing Table <= 1.0.0 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-51899
Patch Status
Unpatched
Published
Nov 14, 2024

Affected Software
Simple Pricing Table
Researcher

SOPROBRO

More Details >

Slickstream: Engagement and Conversions <= 1.4.4 – Authenticated (Contributor+) Stored Cross-Site Scripting via slick-grid Shortcode

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-10179
Patch Status
Patched
Published
Nov 11, 2024

Affected Software
Slickstream: Engagement and Conversions
Researcher

Peter Thaleikis

More Details >

Social Proof (Testimonials) Slider <= 2.2.4 – Authenticated (Contributor+) Stored Cross-Site Scripting via spslider-block Shortcode

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-8985
Patch Status
Unpatched
Published
Nov 12, 2024

Affected Software
Social Proof (Testimonial) Slider
Researcher

Peter Thaleikis

More Details >

Steel <= 1.3.0 – Authenticated (Contributor+) Stored Cross-Site Scripting via btn Shortcode

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-10147
Patch Status
Unpatched
Published
Nov 15, 2024

Affected Software
Steel
Researcher

Francesco Carlucci

More Details >

SVG Case Study <= 1.0 – Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-9850
Patch Status
Unpatched
Published
Nov 15, 2024

Affected Software
SVG Case Study
Researcher

Francesco Carlucci

More Details >

SVGPlus <= 1.1.0 – Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-11092
Patch Status
Unpatched
Published
Nov 15, 2024

Affected Software
SVGPlus
Researcher

Francesco Carlucci

More Details >

Themify Builder <= 7.6.3 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-52423
Patch Status
Unpatched
Published
Nov 13, 2024

Affected Software
Themify Builder
Researcher

João Pedro Soares de Alcântara

More Details >

WP AdCenter – Ad Manager & Adsense Ads <= 2.5.7 – Authenticated (Contributor+) Stored Cross-Site Scripting via wpadcenter_ad Shortcode

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-10113
Patch Status
Unpatched
Published
Nov 14, 2024

Affected Software
WP AdCenter – Ad Manager & Adsense Ads
Researcher

Peter Thaleikis

More Details >

WP Githuber MD <= 1.16.3 – Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-52422
Patch Status
Unpatched
Published
Nov 13, 2024

Affected Software
WP Githuber MD – WordPress Markdown Editor
Researcher

Fazle Mawla

More Details >

WP Job Portal <= 2.2.0 – Authenticated (Subscriber+) Stored Cross-Site Scripting

6.4

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-52389
Patch Status
Patched
Published
Nov 11, 2024

Affected Software
WP Job Portal – A Complete Recruitment System for Company or Job Board website
Researcher

casol

More Details >

Drop Shadow Boxes <= 1.7.14 – Authenticated (Subscriber+) Arbitrary Shortcode Execution

6.3

CVSS Rating
Medium (6.3)
CVE-ID
CVE-2024-10262
Patch Status
Unpatched
Published
Nov 15, 2024

Affected Software
Drop Shadow Boxes
Researcher

Arkadiusz Hydzik

More Details >

AFI – The Easiest Integration Plugin <= 1.92.0 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-10877
Patch Status
Patched
Published
Nov 12, 2024

Affected Software
AFI – The Easiest Integration Plugin
Researcher

Peter Thaleikis

More Details >

AJAX Login and Registration modal popup + inline form <= 2.24 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-8874
Patch Status
Unpatched
Published
Nov 12, 2024

Affected Software
AJAX Login and Registration modal popup + inline form
Researcher

vgo0

More Details >

Bounce Handler MailPoet 3 <= 1.3.21 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-9938
Patch Status
Unpatched
Published
Nov 15, 2024

Affected Software
Bounce Handler MailPoet 3
Researcher

Colin Xu

More Details >

BulkPress <= 0.3.5 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-9615
Patch Status
Unpatched
Published
Nov 15, 2024

Affected Software
BulkPress
Researcher

vgo0

More Details >

Constant Contact Forms by MailMunch <= 2.1.2 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-9614
Patch Status
Unpatched
Published
Nov 12, 2024

Affected Software
Constant Contact Forms by MailMunch
Researcher

vgo0

More Details >

Contact Form 7 Redirect & Thank You Page <= 1.0.6 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-10685
Patch Status
Patched
Published
Nov 11, 2024

Affected Software
Contact Form 7 Redirect & Thank You Page
Researcher

Le Ngoc Anh

More Details >

Fat Rat Collect <= 2.7.3 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-10577
Patch Status
Patched
Published
Nov 12, 2024

Affected Software
胖鼠采集(Fat Rat Collect) 微信知乎简书腾讯新闻列表分页采集, 还有自动采集、自动发布、自动标签、等多项功能。开源插件
Researcher

Peter Thaleikis

More Details >

Gallery Manager <= 1.6.58 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-10875
Patch Status
Unpatched
Published
Nov 15, 2024

Affected Software
Gallery Manager
Researcher

Peter Thaleikis

More Details >

Gameplan <= 1.5.10 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-52418
Patch Status
Unpatched
Published
Nov 13, 2024

Affected Software
Gameplan – Event and Gym Fitness WordPress Theme
Researcher

akas wisnu aji

More Details >

Hebrew Date <= 2.1.0 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-52388
Patch Status
Patched
Published
Nov 11, 2024

Affected Software
Hebrew Dates
Researcher

SOPROBRO

More Details >

Hide My WP Ghost – Security & Firewall <= 5.3.01 – Reflected Cross-Site Scripting via URL

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-10825
Patch Status
Patched
Published
Nov 14, 2024

Affected Software
Hide My WP Ghost – Security & Firewall
Researcher

Peter Thaleikis

More Details >

Kognetiks Chatbot for WordPress <= 2.1.7 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-10684
Patch Status
Patched
Published
Nov 12, 2024

Affected Software
Kognetiks Chatbot for WordPress
Researcher

Le Ngoc Anh

More Details >

LearnPress Export Import – WordPress extension for LearnPress <= 4.0.4 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-9609
Patch Status
Patched
Published
Nov 14, 2024

Affected Software
LearnPress Export Import – WordPress extension for LearnPress
Researcher

vgo0

More Details >

PeproDev WooCommerce Receipt Uploader <= 2.6.9 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-8873
Patch Status
Unpatched
Published
Nov 15, 2024

Affected Software
PeproDev WooCommerce Receipt Uploader
Researcher

vgo0

More Details >

Product Delivery Date for WooCommerce – Lite <= 2.8.0 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-10882
Patch Status
Patched
Published
Nov 12, 2024

Affected Software
Product Delivery Date for WooCommerce – Lite
Researcher

Peter Thaleikis

More Details >

Razorpay Payment Button <= 2.4.6 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-10851
Patch Status
Patched
Published
Nov 12, 2024

Affected Software
Razorpay Payment Button Plugin
Researcher

Peter Thaleikis

More Details >

Razorpay Payment Button for Elementor <= 1.2.5 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-10850
Patch Status
Patched
Published
Nov 12, 2024

Affected Software
Razorpay Payment Button Elementor Plugin
Researcher

Peter Thaleikis

More Details >

ReConstruction <= 1.4.7 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-52417
Patch Status
Unpatched
Published
Nov 13, 2024

Affected Software
reconstruction
Researcher

akas wisnu aji

More Details >

SimpleForm – Contact form made simple <= 2.2.0 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-10883
Patch Status
Unpatched
Published
Nov 15, 2024

Affected Software
SimpleForm – Contact form made simple
Researcher

Peter Thaleikis

More Details >

SimpleForm Contact Form Submissions <= 2.1.0 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-10884
Patch Status
Unpatched
Published
Nov 15, 2024

Affected Software
SimpleForm Contact Form Submissions
Researcher

Peter Thaleikis

More Details >

wp-login customizer <= 1.0 – Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-52424
Patch Status
Unpatched
Published
Nov 13, 2024

Affected Software
wp-login customizer
Researcher

SOPROBRO

More Details >

WP-Strava <= 2.12.1 – Authenticated (Administrator+) Stored Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-10038
Patch Status
Unpatched
Published
Nov 12, 2024

Affected Software
WP-Strava
Researcher

paupu

More Details >

xili-tidy-tags <= 1.12.04 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-9357
Patch Status
Patched
Published
Nov 11, 2024

Affected Software
xili-tidy-tags
Researcher

vgo0

More Details >

Yotpo: Product & Photo Reviews for WooCommerce <= 1.7.9 – Reflected Cross-Site Scripting

6.1

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-9356
Patch Status
Patched
Published
Nov 14, 2024

Affected Software
Yotpo: Product & Photo Reviews for WooCommerce
Researcher

vgo0

More Details >

Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders <= 6.0.9 – Authenticated (Contributor+) Sensitive Information Exposure

5.7

CVSS Rating
Medium (5.7)
CVE-ID
CVE-2024-8978
Patch Status
Patched
Published
Nov 14, 2024

Affected Software
Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders
Researcher

wesley (wcraft)

More Details >

Admin and Site Enhancements (ASE) <= 7.5.1 – Authenticated Stored Cross-Site Scripting via SVG

5.4

CVSS Rating
Medium (5.4)
CVE-ID
CVE-2024-10790
Patch Status
Patched
Published
Nov 11, 2024

Affected Software
Admin and Site Enhancements (ASE)
Researcher

Francesco Carlucci

More Details >

WP Log Viewer <= 1.2.1 – Missing Authorization

5.4

CVSS Rating
Medium (5.4)
CVE-ID
CVE-2024-11085
Patch Status
Unpatched
Published
Nov 15, 2024

Affected Software
WP Log Viewer
Researchers

Tieu Pham Trong Nhan
incognito

More Details >

404 Error Monitor <= 1.1 – Cross-Site Request Forgery to Plugin Settings Update via updatePluginSettings Function

5.3

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-11118
Patch Status
Unpatched
Published
Nov 15, 2024

Affected Software
404 Error Monitor
Researcher

Francesco Carlucci

More Details >

404 Solution <= 2.35.17 – Missing Authentication to Sensitive Information Exposure

5.3

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-11094
Patch Status
Patched
Published
Nov 15, 2024

Affected Software
404 Solution
Researcher

Max Boll (_b0lli)

More Details >

Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One <= 2.1.2 – Missing Authorization

5.3

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-52383
Patch Status
Patched
Published
Nov 11, 2024

Affected Software
Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One
Researcher

Mika

More Details >

Floating Buttons for WooCommerce <= 2.8.8 – Missing Authorization

5.3

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-52395
Patch Status
Patched
Published
Nov 11, 2024

Affected Software
Floating Buttons for WooCommerce
Researcher

Mika

More Details >

Hash Elements <= 1.4.7 – Missing Authorization to Unauthenticated Draft Post Title Exposure

5.3

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-10802
Patch Status
Patched
Published
Nov 12, 2024

Affected Software
Hash Elements
Researcher

Francesco Carlucci

More Details >

Hide Links <= 1.4.2 – Unauthenticated Shortcode Execution

5.3

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-9578
Patch Status
Unpatched
Published
Nov 12, 2024

Affected Software
Hide Links
Researcher

Francesco Carlucci

More Details >

Kognetiks Chatbot for WordPress <= 2.1.7 – Missing Authorization to Authenticated (Subscriber+) Assistant Deletion

5.3

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-10529
Patch Status
Patched
Published
Nov 12, 2024

Affected Software
Kognetiks Chatbot for WordPress
Researcher

Tieu Pham Trong Nhan

More Details >

Kognetiks Chatbot for WordPress <= 2.1.7 – Missing Authorization to Authenticated (Subscriber+) Assistant Update

5.3

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-10531
Patch Status
Patched
Published
Nov 12, 2024

Affected Software
Kognetiks Chatbot for WordPress
Researcher

Tieu Pham Trong Nhan

More Details >

Pie Register Premium < 3.8.3.3 – Missing Authorization

5.3

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-52391
Patch Status
Patched
Published
Nov 11, 2024

Affected Software
Pie Register Premium
Researcher

Ananda Dhakal

More Details >

Popup Box – Create Countdown, Coupon, Video, Contact Form Popups <= 4.9.7 – Missing Authorization to Unauthenticated Limited Options Update

5.3

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-10861
Patch Status
Patched
Published
Nov 15, 2024

Affected Software
Popup Box – Create Countdown, Coupon, Video, Contact Form Popups
Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

CYAN Backup <= 2.5.3 – Authenticated (Admin+) Arbitrary File Download

4.9

CVSS Rating
Medium (4.9)
CVE-ID
CVE-2024-52390
Patch Status
Patched
Published
Nov 11, 2024

Affected Software
CYAN Backup
Researcher

Junsu Yeo

More Details >

Post SMTP <= 2.9.9 – Authenticated (Administrator+) SQL Injection

4.9

CVSS Rating
Medium (4.9)
CVE-ID
CVE-2024-52436
Patch Status
Unpatched
Published
Nov 15, 2024

Affected Software
Post SMTP – WordPress SMTP Plugin with Email Logs and Mobile App for Failure Notifications – Gmail SMTP, Office 365, Brevo, Mailgun, Amazon SES and more
Researcher

Hakiduck

More Details >

Premium Packages <= 5.9.3 – Authenticated (Administrator+) SQL Injection

4.9

CVSS Rating
Medium (4.9)
CVE-ID
CVE-2024-52435
Patch Status
Unpatched
Published
Nov 15, 2024

Affected Software
Premium Packages – Sell Digital Products Securely
Researcher

Jorge Diaz (ddiax)

More Details >

Simple Side Tab <= 2.1.14 – Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-10551
Patch Status
Patched
Published
Nov 16, 2024

Affected Software
Simple Side Tab
Researcher

Krugov Artyom

More Details >

Boostify Header Footer Builder for Elementor <= 1.3.6 – Authenticated (Contributor+) Post Disclosure

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-10794
Patch Status
Patched
Published
Nov 12, 2024

Affected Software
Boostify Header Footer Builder for Elementor
Researcher

Francesco Carlucci

More Details >

BuddyPress Builder for Elementor – BuddyBuilder <= 1.7.4 – Authenticated (Contributor+) Post Disclosure

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-10778
Patch Status
Patched
Published
Nov 12, 2024

Affected Software
BuddyPress Builder for Elementor – BuddyBuilder
Researcher

Francesco Carlucci

More Details >

Buy one click WooCommerce <= 2.2.9 – Missing Authorization to Authenticated (Subscriber+) Order Deletion

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-10853
Patch Status
Unpatched
Published
Nov 12, 2024

Affected Software
Buy one click WooCommerce
Researcher

incognito

More Details >

Buy one click WooCommerce <= 2.2.9 – Missing Authorization to Authenticated (Subscriber+) Settings Export

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-10852
Patch Status
Unpatched
Published
Nov 12, 2024

Affected Software
Buy one click WooCommerce
Researcher

incognito

More Details >

Buy one click WooCommerce <= 2.2.9 – Missing Authorization to Authenticated (Subscriber+) Settings Import

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-10854
Patch Status
Unpatched
Published
Nov 12, 2024

Affected Software
Buy one click WooCommerce
Researcher

incognito

More Details >

Customer Reviews for WooCommerce <= 5.61.0 – Missing Authorization to Authenticated (Subscriber+) Import Cancellation

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-10614
Patch Status
Patched
Published
Nov 15, 2024

Affected Software
Customer Reviews for WooCommerce
Researcher

incognito

More Details >

Disable Admin Notices individually <= 1.3.5 – Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-52420
Patch Status
Unpatched
Published
Nov 13, 2024

Affected Software
Disable Admin Notices individually
Researcher

Ananda Dhakal

More Details >

EleForms – All In One Form Integration including DB for Elementor <= 2.9.9.9 – Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-6628
Patch Status
Unpatched
Published
Nov 15, 2024

Affected Software
EleForms – All In One Form Integration including DB for Elementor
Researcher

Lucio Sá

More Details >

Futurio Extra <= 2.0.13 – Authenticated (Contributor+) Post Disclosure

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-10695
Patch Status
Patched
Published
Nov 11, 2024

Affected Software
Futurio Extra
Researcher

Francesco Carlucci

More Details >

Kognetiks Chatbot for WordPress <= 2.1.7 – Missing Authorization to Authenticated (Subscriber+) Assistant Addition

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-10530
Patch Status
Patched
Published
Nov 12, 2024

Affected Software
Kognetiks Chatbot for WordPress
Researcher

Tieu Pham Trong Nhan

More Details >

Kognetiks Chatbot for WordPress <= 2.1.8 – Cross-Site Request Forgery to Authenticated (Subscriber+) Assistant Modification

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-11143
Patch Status
Patched
Published
Nov 12, 2024

Affected Software
Kognetiks Chatbot for WordPress
Researcher

Tieu Pham Trong Nhan

More Details >

Music Player for Elementor – Audio Player & Podcast Player <= 2.4.1 – Missing Authorization to Authenticated (Subscriber+) Template Import

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-10582
Patch Status
Patched
Published
Nov 14, 2024

Affected Software
Music Player for Elementor – Audio Player & Podcast Player
Researchers

Tieu Pham Trong Nhan
incognito

More Details >

Popularis Extra <= 1.2.7 – Authenticated (Contributor+) Post Disclosure

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-10795
Patch Status
Patched
Published
Nov 15, 2024

Affected Software
Popularis Extra
Researcher

Francesco Carlucci

More Details >

Simple Local Avatars <= 2.7.11 – Missing Authorization to Authenticated (Subscriber+) User Cache Clearing

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-10786
Patch Status
Patched
Published
Nov 15, 2024

Affected Software
Simple Local Avatars
Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

Tutor LMS Elementor Addons <= 2.1.5 – Missing Authorization to Authenticated (Subscriber+) Limited Plugin Installation

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-10897
Patch Status
Patched
Published
Nov 14, 2024

Affected Software
Tutor LMS Elementor Addons
Researcher

Tieu Pham Trong Nhan

More Details >

W3SPEEDSTER <= 7.25 – Cross-Site Request Forgery

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-52392
Patch Status
Patched
Published
Nov 11, 2024

Affected Software
W3SPEEDSTER
Researcher

Le Ngoc Anh

More Details >

WP Chat App <= 3.6.8 – Missing Authorization to Authenticated (Subscriber+) Filebird Plugin Installation

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-10533
Patch Status
Patched
Published
Nov 15, 2024

Affected Software
WP Chat App
Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

WP Popup Window Maker <= 2.0 – Cross-Site Request Forgery to Stored Cross-Site Scripting

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-52421
Patch Status
Unpatched
Published
Nov 13, 2024

Affected Software
WP Popup Window Maker
Researcher

SOPROBRO

More Details >

WPForms – Easy Form Builder for WordPress <= 1.9.1.6 – Cross-Site Request Forgery (CSRF) to Plugin’s Log Deletion

4.3

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-10593
Patch Status
Patched
Published
Nov 12, 2024

Affected Software
WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More
Researcher

Asaf Mozes

More Details >

Multiple Page Generator Plugin – MPG <= 4.0.2 – Authenticated (Editor+) Directory Traversal to Limited File Deletion

2.7

CVSS Rating
Low (2.7)
CVE-ID
CVE-2024-10672
Patch Status
Patched
Published
Nov 11, 2024

Affected Software
Multiple Page Generator Plugin – MPG
Researcher

Arkadiusz Hydzik

More Details >

WOLF <= 1.0.8.3 – Authenticated (Editor+) CSV Path Traversal

2.7

CVSS Rating
Low (2.7)
CVE-ID
CVE-2024-52396
Patch Status
Patched
Published
Nov 11, 2024

Affected Software
WOLF – WordPress Posts Bulk Editor and Manager Professional
Researcher

Trương Hữu Phúc (truonghuuphuc)

More Details >

As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.

This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us through our Bug Bounty Program, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.

The post Wordfence Intelligence Weekly WordPress Vulnerability Report (November 11, 2024 to November 17, 2024) appeared first on Wordfence.

Adicionar aos favoritos o Link permanente.