(647) 243-4688

Did you know we’re running a Bug Bounty Extravaganza again?

Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure!

Last week, there were 202 vulnerabilities disclosed in 185 WordPress Plugins, 21 WordPress Themes, and one in WordPress Core that have been added to the Wordfence Intelligence Vulnerability Database, and there were 63 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.

Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface, vulnerability API, webhook integration, and Wordfence CLI Vulnerability Scanner are all completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.

Enterprises, Hosting Providers, and even Individuals can use the Wordfence CLI Vulnerability Scanner to run regular vulnerability scans across the sites they protect. Or alternatively, utilize the vulnerability Database API to receive a complete dump of our database of over 15,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.

New Firewall Rules Deployed Last Week

The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.

The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our PremiumCare, and Response customers last week:

Forminator – Contact Form, Payment Form & Custom Form Builder <= 1.29.2 – Authenticated (Contributor+) Stored Cross-Site Scripting
WordPress Core < 6.5.2 – Authenticated (Contributor+) Stored Cross-Site Scripting via Avatar Block
WAF-RULE-690 – Data redacted while we work with the vendor on a patch.

Wordfence PremiumCare, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.

Total Unpatched & Patched Vulnerabilities Last Week

Patch Status
Number of Vulnerabilities

Patched
160

Unpatched
42

Total Vulnerabilities by CVSS Severity Last Week

Severity Rating
Number of Vulnerabilities

Medium Severity
178

High Severity
11

Critical Severity
13

Total Vulnerabilities by CWE Type Last Week

Vulnerability Type by CWE
Number of Vulnerabilities

Cross-Site Request Forgery (CSRF)
92

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
49

Missing Authorization
24

Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)
14

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
6

Deserialization of Untrusted Data
3

Information Exposure
3

Server-Side Request Forgery (SSRF)
3

Improper Authorization
2

Improper Input Validation
2

Unrestricted Upload of File with Dangerous Type
2

URL Redirection to Untrusted Site (‘Open Redirect’)
2

Researchers That Contributed to WordPress Security Last Week

Researcher Name
Number of Vulnerabilities

51

12

11

7

6

5

5

5

5

5

4

4

4

4

4

4

4

3

3

3

3

3

2

2

2

2

2

2

2

2

2

2

2

2

2

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and earn a bounty on in-scope vulnerabilities through our Bug Bounty Program. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.

WordPress Plugins with Reported Vulnerabilities Last Week

Software Name
Software Slug

5 star review funnel for Google Reviews, Trustpilot, ProvenExpert and more | RRatingg

5-stars-rating-funnel

Account Engagement

pardot

ActiveCampaign – Forms, Site Tracking, Live Chat

activecampaign-subscription-forms

Ads.txt Admin

ads-txt-admin

Advanced Cron Manager – debug & control

advanced-cron-manager

Advanced iFrame

advanced-iframe

Advanced Page Visit Counter – Most Wanted Analytics Plugin for WordPress

advanced-page-visit-counter

Advanced Post Block – Display Posts, Pages, or Custom Posts on Your Page

advanced-post-block

AffiEasy

affieasy

AIKit – WordPress AI Automatic Writer, Chatbot, Writing Assistant & Content Repurposer / OpenAI GPT

aikit-wordpress-ai-writing-assistant-using-gpt3

All-in-One Addons for Elementor – WidgetKit

widgetkit-for-elementor

Appointment Bookings for Zoom GoogleMeet and more – Wappointment

wappointment

AppPresser – Mobile App Framework

apppresser

Asgaros Forum

asgaros-forum

Aspose.Words – Import and Export word documents

aspose-doc-exporter

BA Book Everything

ba-book-everything

BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net

woo-bulk-editor

Before And After: Lead Capture Forms For WordPress

before-and-after

Benchmark Email Lite

benchmark-email-lite

Better Chat Support – Chat Bubble and Chat Button with Gutenberg, Elementor and Shortcode

chat-help

BizCalendar Web

bizcalendar-web

Blocksy Companion

blocksy-companion

Bold Page Builder

bold-page-builder

Booking for Appointments and Events Calendar – Amelia

ameliabooking

Boostify Header Footer Builder for Elementor

boostify-header-footer-builder

bunny.net – WordPress CDN Plugin

bunnycdn

BWL Advanced FAQ Manager

bwl-advanced-faq-manager

Calendarista Basic Edition – WordPress appointment booking system

calendarista-basic-edition

Carousel Slider

carousel-slider

Carousel, Slider, Gallery by WP Carousel – Image Carousel & Photo Gallery, Post Carousel & Post Grid, Product Carousel & Product Grid for WooCommerce

wp-carousel-free

CBX Bookmark & Favorite

cbxwpbookmark

Church Admin

church-admin

Church Content – Sermons, Events and More

church-theme-content

Citadela Directory

citadela-directory

Clone

wp-clone-by-wp-academy

Contact Form Plugin

contact-form-lite

Convert Post Types

convert-post-types

Crony Cronjob Manager

crony

Currency per Product for WooCommerce

currency-per-product-for-woocommerce

Customily Product Personalizer

customily-v2

Dashboard To-Do List

dashboard-to-do-list

Dashboard Welcome for Elementor

dashboard-welcome-for-elementor

Disable Comments | WPZest

disable-comments-wpz

Download Manager

downloadmanager

E2Pdf – Export To Pdf Tool for WordPress

e2pdf

Easy Logo

easylogo

eCommerce Product Catalog Plugin for WordPress

ecommerce-product-catalog

Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)

bdthemes-element-pack-lite

Elementor Addons by Livemesh

addons-for-elementor

ELEX WooCommerce Dynamic Pricing and Discounts

elex-woocommerce-dynamic-pricing-and-discounts

Email Marketing for WooCommerce by Omnisend

omnisend-connect

eRoom – Zoom Meetings & Webinars

eroom-zoom-meetings-webinar

Essential Grid Gallery WordPress Plugin

essential-grid

Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress Plugin

mage-eventpress

Exclusive Addons for Elementor

exclusive-addons-for-elementor

Extra Product Options Builder for WooCommerce

additional-product-fields-for-woocommerce

EZ Form Calculator

ez-form-calculator

F4 Improvements

f4-improvements

Favicon by RealFaviconGenerator

favicon-by-realfavicongenerator

Filter Custom Fields & Taxonomies Light

filter-custom-fields-taxonomies-light

Finale Lite – Sales Countdown Timer & Discount for WooCommerce

finale-woocommerce-sales-countdown-timer-discount

Find Duplicates

find-duplicates

Forminator – Contact Form, Payment Form & Custom Form Builder

forminator

Forms to Zapier, Integromat, IFTTT, Workato, Automate.io, elastic.io, Built.io, APIANT, Webhook

forms-to-zapier

Freshdesk (official)

freshdesk-support

FV Flowplayer Video Player

fv-wordpress-flowplayer

Gallery Box

gallery-box

GEO my WordPress

geo-my-wp

Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported)

gift-voucher

GiveWP – Donation Plugin and Fundraising Platform

give

GP Unique ID

gp-unique-id

Gutenberg

gutenberg

Gutenberg Blocks by Kadence Blocks – Page Builder Features

kadence-blocks

Import any XML or CSV File to WordPress

wp-all-import

Import Users from CSV

import-users-from-csv

Inline Related Posts

intelly-related-posts

InstaWP Connect – 1-click WP Staging & Migration

instawp-connect

Intagrate Lite

instagrate-to-wordpress

IP2Location Country Blocker

ip2location-country-blocker

Ivory Search – WordPress Search Plugin

add-search-to-menu

Jobs for WordPress

job-postings

Kimili Flash Embed

kimili-flash-embed

Language Translate Widget for WordPress – ConveyThis

conveythis-translate

Leadinfo

leadinfo

Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps)

leaflet-maps-marker

Legal Pages – Privacy Policy, Terms & Conditions, GDPR, CCPA, and Cookie Notice Generator

legal-pages

Libsyn Publisher Hub

libsyn-podcasting

LifterLMS – WordPress LMS Plugin for eLearning

lifterlms

Link Whisper Free

link-whisper

Load More Anything

ajax-load-more-anything

Login With Ajax – Fast Logins, 2FA, Redirects

login-with-ajax

Login with phone number

login-with-phone-number

Login | Login Page | Login Logo | Rename Login Page | Custom Login Page | Temporary Users | Rebrand Login | Login Captcha

feather-login-page

Mail logging – WP Mail Catcher

wp-mail-catcher

MailChimp Forms by MailMunch

mailchimp-forms-by-mailmunch

Marker.io – Visual Website Feedback

marker-io

Membership Plugin – Restrict Content

restrict-content

Migration, Backup, Staging – WPvivid

wpvivid-backuprestore

MihanPanel – User Login , Registration and Dashboard

mihanpanel-lite

MultiParcels Shipping For WooCommerce

multiparcels-shipping-for-woocommerce

MWW Disclaimer Buttons

mww-disclaimer-buttons

Newsletter – Send awesome emails from WordPress

newsletter

NextMove Lite – Thank You Page for WooCommerce

woo-thank-you-page-nextmove-lite

No-Bot Registration

no-bot-registration

Novelist

novelist

Ocean Extra

ocean-extra

Order Delivery Date for WooCommerce

order-delivery-date-for-woocommerce

Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE

otter-blocks

Ovic Addon Toolkit

ovic-addon-toolkit

Page Builder: Live Composer

live-composer-page-builder

Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress

wp-user-avatar

Podlove Podcast Publisher

podlove-podcasting-plugin-for-wordpress

POEditor

poeditor

Popup by Supsystic

popup-by-supsystic

Popup Like box – Page Plugin

ays-facebook-popup-likebox

Post Type Builder

themify-ptb

Premium Addons for Elementor

premium-addons-for-elementor

Premmerce Product Filter for WooCommerce

premmerce-woocommerce-product-filter

Product Feed on WooCommerce for Google, Awin, Shareasale, Bing, and More

purple-xmls-google-product-feed-for-woocommerce

Product Input Fields for WooCommerce

product-input-fields-for-woocommerce

ProfileGrid – User Profiles, Memberships, Groups and Communities

profilegrid-user-profiles-groups-and-communities

Realtyna Organic IDX plugin + WPL Real Estate

real-estate-listing-realtyna-wpl

ReDi Restaurant Reservation

redi-restaurant-reservation

Redirection

redirect-redirection

Remove Footer Credit

remove-footer-credit

Responsive Contact Form Builder & Lead Generation Plugin

lead-form-builder

Responsive Slider – Sangar Slider

sangar-slider-lite

RestroPress – Online Food Ordering System

restropress

Save as Image Plugin by Pdfcrowd

save-as-image-by-pdfcrowd

Search Keyword Redirect

wp-search-keyword-redirect

SEO Booster

seo-booster

Shopkeeper Extender

shopkeeper-extender

Shopping Cart & eCommerce Store

wp-easycart

Short URL

shorten-url

Simple Post Notes

simple-post-notes

Siteimprove

siteimprove

Slider Revolution

revslider

Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Slideshows

ml-slider

Smart Slider 3

smart-slider-3

Smash Balloon Social Post Feed

custom-facebook-feed

Spotlight Social Feeds [Block, Shortcode, and Widget]

spotlight-social-photo-feeds

Subscribe2 – Form, Email Subscribers & Newsletters

subscribe2

Sync Post With Other Site

sync-post-with-other-site

Table Plugin for WordPress with Google Sheets Integration – Sheets to WP Table Live Sync

sheets-to-wp-table-live-sync

Tablesome – Responsive Table, Email Log, Form Automation – Contact Form 7, Elementor, WPForms, Gravity Forms, Fluent, Forminator

tablesome

TempTool [Show Current Template Info]

current-template-name

The Events Calendar

the-events-calendar

Top Bar

top-bar

TOP Table Of Contents

top-table-of-contents

TWIPLA (Visitor Analytics IO) – Privacy-First Website Stats, Session Recordings, Heatmaps, Polls and Surveys

visitor-analytics-io

Ultimate Before After Image Slider & Gallery – BEAF

beaf-before-and-after-gallery

Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin

ultimate-member

Ultimate Product Catalog

ultimate-product-catalogue

Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider

ultimate-store-kit

UNKNOWN-CVE-2014-4663

UNKNOWN-CVE-2014-4663

Unlimited Elementor Inner Sections By BoomDevs

unlimited-elementor-inner-sections-by-boomdevs

User Activity Log Pro

user-activity-log-pro

UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress

userswp

USPS Shipping for WooCommerce – Live Rates

flexible-shipping-usps

Wallet System for WooCommerce – Digital Wallet, Cashback Rewards, Recharge User Wallets, View Transaction History

wallet-system-for-woocommerce

Webinar Solution: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition

webinar-ignition

Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode

coming-soon

Welcart e-Commerce

usc-e-shop

WOLF – WordPress Posts Bulk Editor and Manager Professional

bulk-editor

WooCommerce UPS Shipping – Live Rates and Access Points

flexible-shipping-ups

WordPress Classifieds Plugin – Ad Directory & Listings by AWP Classifieds

another-wordpress-classifieds-plugin

WordPress Flipbook by Supsystic

digital-publications-by-supsystic

WordPress Hosting Benchmark tool

wpbenchmark

WordPress Tour & Travel Booking Plugin for WooCommerce – WpTravelly

tour-booking-manager

WP Accessibility Helper (WAH)

wp-accessibility-helper

WP Activity Log Premium

wp-security-audit-log-premium

WP Client Reports

wp-client-reports

WP Compress – Image Optimizer [All-In-One]

wp-compress-image-optimizer

WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to Force HTTPS, Security+

wp-letsencrypt-ssl

WP Event Aggregator: Import Eventbrite events, Meetup events, social events and any iCal Events into WordPress

wp-event-aggregator

WP Google Analytics Events – No-Code Custom Event Tracking for Google Analytics

wp-google-analytics-events

WP Login and Logout Redirect

wp-login-and-logout-redirect

WP Matterport Shortcode

shortcode-gallery-for-matterport-showcase

WP Radio – Worldwide Online Radio Stations Directory for WordPress

wp-radio

WP2LEADS | WordPress und KlickTipp einfach verbinden – WooCommerce und KlickTipp einfach verbinden

wp2leads

WPBakery Visual Composer

js_composer

WPC Smart Quick View for WooCommerce

woo-smart-quick-view

WPZOOM Social Feed Widget & Block

instagram-widget-by-wpzoom

XPlainer – WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin]

faq-for-woocommerce

Zoho Campaigns

zoho-campaigns

WordPress Themes with Reported Vulnerabilities Last Week

Software Name
Software Slug

Blocksy

blocksy

CityLogic

citylogic

Default Mag

default-mag

Emmet Lite

emmet-lite

Gridsby

gridsby

HappenStance

happenstance

i-excel

i-excel

i-max

i-max

Lightning

lightning

Namaha

namaha

NewsXpress

newsxpress

Panoramic

panoramic

PopularFX

popularfx

Sarada Lite

sarada-lite

Sensible WP

sensible-wp

Shopstar!

shopstar

Sliding Door

sliding-door

Soledad

soledad

Spa and Salon

spa-and-salon

The Conference

the-conference

X-T9

x-t9

Vulnerability Details

Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you’d like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.

CVSS Rating
Critical (10.0)
CVE-ID
CVE-2024-32128
Patch Status
Unpatched
Published
Apr 12, 2024

CVSS Rating
Critical (9.9)
CVE-ID
CVE-2024-32125
Patch Status
Patched
Published
Apr 12, 2024

Affected Software
BA Book Everything
Researcher

CVSS Rating
Critical (9.9)
CVE-ID
CVE-2024-32127
Patch Status
Unpatched
Published
Apr 12, 2024

Affected Software
Find Duplicates
Researcher

CVSS Rating
Critical (9.9)
CVE-ID
CVE-2024-32139
Patch Status
Patched
Published
Apr 12, 2024

Affected Software
Podlove Podcast Publisher
Researcher

CVSS Rating
Critical (9.9)
CVE-ID
CVE-2024-32137
Patch Status
Unpatched
Published
Apr 12, 2024

Affected Software
User Activity Log Pro
Researcher

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-2667
Patch Status
Patched
Published
Apr 12, 2024

CVSS Rating
Critical (9.1)
CVE-ID
CVE-2024-32098
Patch Status
Unpatched
Published
Apr 11, 2024

CVSS Rating
Critical (9.1)
CVE-ID
CVE-2024-32136
Patch Status
Patched
Published
Apr 12, 2024

Affected Software
BWL Advanced FAQ Manager

CVSS Rating
Critical (9.1)
CVE-ID
CVE-2024-32132
Patch Status
Unpatched
Published
Apr 12, 2024

Affected Software
CBX Bookmark & Favorite
Researcher

CVSS Rating
Critical (9.1)
CVE-ID
CVE-2024-32135
Patch Status
Unpatched
Published
Apr 12, 2024

Affected Software
Disable Comments | WPZest
Researcher

CVSS Rating
Critical (9.1)
CVE-ID
CVE-2024-32087
Patch Status
Unpatched
Published
Apr 11, 2024

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-3211
Patch Status
Patched
Published
Apr 11, 2024

Researcher

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-2018
Patch Status
Patched
Published
Apr 9, 2024

Affected Software
WP Activity Log Premium
Researcher

CVSS Rating
High (7.5)
CVE-ID
CVE-2024-32086
Patch Status
Unpatched
Published
Apr 11, 2024

Affected Software
Citadela Directory
Researcher

CVSS Rating
High (7.2)
CVE-ID
CVE-2024-1774
Patch Status
Unpatched
Published
Apr 9, 2024

Affected Software
Customily Product Personalizer
Researcher

CVSS Rating
High (7.2)
CVE-ID
CVE-2024-32431
Patch Status
Patched
Published
Apr 12, 2024

Affected Software
Import Users from CSV
Researcher

CVSS Rating
High (7.2)
CVE-ID
Unknown
Patch Status
Patched
Published
Apr 9, 2024

Affected Software
WordPress

CVSS Rating
High (7.2)
CVE-ID
CVE-2024-3054
Patch Status
Patched
Published
Apr 11, 2024

CVSS Rating
Medium (6.5)
CVE-ID
CVE-2024-2665
Patch Status
Patched
Published
Apr 9, 2024

Affected Software
Premium Addons for Elementor
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-32079
Patch Status
Patched
Published
Apr 11, 2024

Affected Software
Advanced iFrame
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-2735
Patch Status
Patched
Published
Apr 9, 2024

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-2734
Patch Status
Patched
Published
Apr 9, 2024

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-2736
Patch Status
Patched
Published
Apr 9, 2024

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-32147
Patch Status
Patched
Published
Apr 12, 2024

Affected Software
Contact Form Plugin
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-2655
Patch Status
Patched
Published
Apr 9, 2024

Affected Software
Elementor Addons by Livemesh
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-2539
Patch Status
Patched
Published
Apr 9, 2024

CVSS Rating
Medium (6.4)
CVE-ID
Unknown
Patch Status
Patched
Published
Apr 9, 2024

Affected Software
Gutenberg

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-32140
Patch Status
Unpatched
Published
Apr 12, 2024

Affected Software
Libsyn Publisher Hub
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-3167
Patch Status
Patched
Published
Apr 8, 2024

Affected Software
Ocean Extra
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-0376
Patch Status
Patched
Published
Apr 9, 2024

Affected Software
Premium Addons for Elementor
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-2664
Patch Status
Patched
Published
Apr 9, 2024

Affected Software
Premium Addons for Elementor
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-2306
Patch Status
Patched
Published
Apr 8, 2024

Affected Software
Slider Revolution
Researchers

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-2801
Patch Status
Unpatched
Published
Apr 11, 2024

Affected Software
Shopkeeper Extender
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-3027
Patch Status
Patched
Published
Apr 12, 2024

Affected Software
Smart Slider 3

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-1805
Patch Status
Patched
Published
Apr 11, 2024

Affected Software
WPBakery Visual Composer
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-1842
Patch Status
Patched
Published
Apr 11, 2024

Affected Software
WPBakery Visual Composer
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-1840
Patch Status
Patched
Published
Apr 11, 2024

Affected Software
WPBakery Visual Composer
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-1841
Patch Status
Patched
Published
Apr 11, 2024

Affected Software
WPBakery Visual Composer
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-1780
Patch Status
Unpatched
Published
Apr 9, 2024

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-32133
Patch Status
Unpatched
Published
Apr 12, 2024

Affected Software
EZ Form Calculator
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-32129
Patch Status
Unpatched
Published
Apr 12, 2024

Affected Software
Freshdesk (official)
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-32149
Patch Status
Patched
Published
Apr 12, 2024

Affected Software
Jobs for WordPress
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-31365
Patch Status
Unpatched
Published
Apr 9, 2024

Affected Software
Post Type Builder
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-32138
Patch Status
Unpatched
Published
Apr 12, 2024

Affected Software
Short URL
Researcher

CVSS Rating
Medium (5.8)
CVE-ID
CVE-2024-32107
Patch Status
Patched
Published
Apr 11, 2024

CVSS Rating
Medium (5.5)
CVE-ID
CVE-2024-32430
Patch Status
Patched
Published
Apr 12, 2024

CVSS Rating
Medium (5.4)
CVE-ID
CVE-2024-2733
Patch Status
Patched
Published
Apr 9, 2024

CVSS Rating
Medium (5.4)
CVE-ID
CVE-2024-32078
Patch Status
Patched
Published
Apr 11, 2024

Affected Software
FV Flowplayer Video Player
Researcher

CVSS Rating
Medium (5.4)
CVE-ID
CVE-2024-2666
Patch Status
Patched
Published
Apr 9, 2024

Affected Software
Premium Addons for Elementor
Researcher

CVSS Rating
Medium (5.4)
CVE-ID
CVE-2024-31943
Patch Status
Patched
Published
Apr 10, 2024

CVSS Rating
Medium (5.4)
CVE-ID
CVE-2024-32144
Patch Status
Patched
Published
Apr 12, 2024

Affected Software
Welcart e-Commerce
Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-31932
Patch Status
Patched
Published
Apr 10, 2024

Affected Software
Blocksy Companion

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-32131
Patch Status
Patched
Published
Apr 12, 2024

Affected Software
Download Manager
Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-32105
Patch Status
Patched
Published
Apr 11, 2024

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-3235
Patch Status
Patched
Published
Apr 9, 2024

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-0710
Patch Status
Patched
Published
Apr 10, 2024

Affected Software
GP Unique ID
Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-32112
Patch Status
Unpatched
Published
Apr 11, 2024

Affected Software
Leadinfo
Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-31359
Patch Status
Patched
Published
Apr 8, 2024

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-31432
Patch Status
Patched
Published
Apr 10, 2024

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-31368
Patch Status
Patched
Published
Apr 9, 2024

Affected Software
Soledad
Researcher

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-31926
Patch Status
Patched
Published
Apr 10, 2024

Researcher

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-31361
Patch Status
Patched
Published
Apr 8, 2024

Researcher

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-3703
Patch Status
Patched
Published
Apr 12, 2024

Affected Software
Carousel Slider
Researcher

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-32083
Patch Status
Unpatched
Published
Apr 11, 2024

Affected Software
Easy Logo
Researcher

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-31925
Patch Status
Patched
Published
Apr 10, 2024

Affected Software
F4 Improvements
Researcher

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-31929
Patch Status
Patched
Published
Apr 10, 2024

Affected Software
Intagrate Lite
Researcher

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-32428
Patch Status
Patched
Published
Apr 12, 2024

Affected Software
MWW Disclaimer Buttons
Researcher

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-32453
Patch Status
Patched
Published
Apr 12, 2024

Affected Software
POEditor
Researcher

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-31387
Patch Status
Patched
Published
Apr 10, 2024

Affected Software
Popup Like box – Page Plugin
Researcher

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-32429
Patch Status
Patched
Published
Apr 12, 2024

Affected Software
Remove Footer Credit

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-31931
Patch Status
Patched
Published
Apr 10, 2024

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-32080
Patch Status
Unpatched
Published
Apr 11, 2024

Affected Software
Search Keyword Redirect
Researcher

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-31928
Patch Status
Patched
Published
Apr 10, 2024

Affected Software
Top Bar
Researcher

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-31927
Patch Status
Patched
Published
Apr 10, 2024

Affected Software
WP Login and Logout Redirect
Researcher

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2023-6494
Patch Status
Patched
Published
Apr 12, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32448
Patch Status
Unpatched
Published
Apr 12, 2024

Affected Software
Ads.txt Admin
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32435
Patch Status
Patched
Published
Apr 12, 2024

Affected Software
AffiEasy
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31425
Patch Status
Patched
Published
Apr 10, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31374
Patch Status
Patched
Published
Apr 10, 2024

Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32440
Patch Status
Patched
Published
Apr 12, 2024

Affected Software
Asgaros Forum
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32146
Patch Status
Unpatched
Published
Apr 12, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32447
Patch Status
Patched
Published
Apr 12, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32433
Patch Status
Patched
Published
Apr 12, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32084
Patch Status
Unpatched
Published
Apr 11, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31360
Patch Status
Patched
Published
Apr 8, 2024

Affected Software
Benchmark Email Lite
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31382
Patch Status
Patched
Published
Apr 10, 2024

Affected Software
Blocksy
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31942
Patch Status
Patched
Published
Apr 10, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32090
Patch Status
Patched
Published
Apr 11, 2024

Affected Software
Church Admin
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32094
Patch Status
Patched
Published
Apr 11, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32085
Patch Status
Unpatched
Published
Apr 11, 2024

Affected Software
Citadela Directory
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32108
Patch Status
Unpatched
Published
Apr 11, 2024

Affected Software
Convert Post Types
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32102
Patch Status
Unpatched
Published
Apr 11, 2024

Affected Software
Crony Cronjob Manager
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31920
Patch Status
Patched
Published
Apr 10, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31376
Patch Status
Patched
Published
Apr 10, 2024

Affected Software
Dashboard To-Do List
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32089
Patch Status
Patched
Published
Apr 11, 2024

Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32443
Patch Status
Patched
Published
Apr 12, 2024

Affected Software
IP2Location Country Blocker
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31373
Patch Status
Patched
Published
Apr 10, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32437
Patch Status
Patched
Published
Apr 12, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31364
Patch Status
Patched
Published
Apr 8, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32101
Patch Status
Patched
Published
Apr 11, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-3275
Patch Status
Patched
Published
Apr 12, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31940
Patch Status
Patched
Published
Apr 10, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31422
Patch Status
Patched
Published
Apr 10, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32081
Patch Status
Unpatched
Published
Apr 11, 2024

Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32097
Patch Status
Patched
Published
Apr 11, 2024

Affected Software
GEO my WordPress
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32436
Patch Status
Patched
Published
Apr 12, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31939
Patch Status
Patched
Published
Apr 10, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31435
Patch Status
Patched
Published
Apr 10, 2024

Affected Software
Redirection
Clone
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31426
Patch Status
Patched
Published
Apr 10, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32092
Patch Status
Unpatched
Published
Apr 11, 2024

Affected Software
Kimili Flash Embed
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32451
Patch Status
Patched
Published
Apr 12, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32141
Patch Status
Unpatched
Published
Apr 12, 2024

Affected Software
Libsyn Publisher Hub
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31363
Patch Status
Patched
Published
Apr 8, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31934
Patch Status
Patched
Published
Apr 10, 2024

Affected Software
Link Whisper Free
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-30546
Patch Status
Patched
Published
Apr 10, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31424
Patch Status
Patched
Published
Apr 10, 2024

Affected Software
Login with phone number
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31378
Patch Status
Patched
Published
Apr 10, 2024

Affected Software
MailChimp Forms by MailMunch
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31427
Patch Status
Patched
Published
Apr 10, 2024

Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31389
Patch Status
Patched
Published
Apr 10, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32095
Patch Status
Patched
Published
Apr 11, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31434
Patch Status
Patched
Published
Apr 10, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31938
Patch Status
Patched
Published
Apr 10, 2024

Affected Software
NewsXpress
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32104
Patch Status
Patched
Published
Apr 11, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31372
Patch Status
Patched
Published
Apr 9, 2024

Affected Software
No-Bot Registration
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32093
Patch Status
Patched
Published
Apr 11, 2024

Affected Software
Novelist
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32434
Patch Status
Patched
Published
Apr 12, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32432
Patch Status
Unpatched
Published
Apr 12, 2024

Affected Software
Ovic Addon Toolkit
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31933
Patch Status
Patched
Published
Apr 10, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32148
Patch Status
Patched
Published
Apr 12, 2024

Affected Software
Account Engagement
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32143
Patch Status
Patched
Published
Apr 12, 2024

Affected Software
Podlove Podcast Publisher
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31383
Patch Status
Patched
Published
Apr 10, 2024

Affected Software
PopularFX
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31421
Patch Status
Patched
Published
Apr 10, 2024

Affected Software
Popup by Supsystic
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31366
Patch Status
Unpatched
Published
Apr 9, 2024

Affected Software
Post Type Builder
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31431
Patch Status
Patched
Published
Apr 10, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31362
Patch Status
Patched
Published
Apr 8, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31385
Patch Status
Patched
Published
Apr 10, 2024

Affected Software
ReDi Restaurant Reservation
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-1415
Patch Status
Unpatched
Published
Apr 11, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-1416
Patch Status
Unpatched
Published
Apr 11, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32449
Patch Status
Patched
Published
Apr 12, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32091
Patch Status
Unpatched
Published
Apr 11, 2024

Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31429
Patch Status
Patched
Published
Apr 10, 2024

Affected Software
Sarada Lite
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32438
Patch Status
Patched
Published
Apr 12, 2024

Affected Software
SEO Booster
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31935
Patch Status
Patched
Published
Apr 10, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32103
Patch Status
Patched
Published
Apr 11, 2024

Affected Software
Siteimprove
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31379
Patch Status
Patched
Published
Apr 10, 2024

Affected Software
Smash Balloon Social Post Feed
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31369
Patch Status
Patched
Published
Apr 9, 2024

Affected Software
Soledad
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31367
Patch Status
Patched
Published
Apr 9, 2024

Affected Software
Soledad
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31384
Patch Status
Patched
Published
Apr 10, 2024

Affected Software
Spa and Salon
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31381
Patch Status
Patched
Published
Apr 10, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32082
Patch Status
Unpatched
Published
Apr 11, 2024

Affected Software
Sync Post With Other Site
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31428
Patch Status
Patched
Published
Apr 10, 2024

Affected Software
The Conference
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31433
Patch Status
Patched
Published
Apr 10, 2024

Affected Software
The Events Calendar
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31921
Patch Status
Patched
Published
Apr 10, 2024

Affected Software
Ultimate Product Catalog
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31944
Patch Status
Patched
Published
Apr 11, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31922
Patch Status
Patched
Published
Apr 10, 2024

Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31423
Patch Status
Patched
Published
Apr 10, 2024

Affected Software
WP Accessibility Helper (WAH)
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32439
Patch Status
Patched
Published
Apr 12, 2024

Affected Software
WP Client Reports
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32106
Patch Status
Patched
Published
Apr 11, 2024

Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32452
Patch Status
Patched
Published
Apr 12, 2024

Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32099
Patch Status
Patched
Published
Apr 11, 2024

Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32109
Patch Status
Unpatched
Published
Apr 11, 2024

Affected Software
WP Matterport Shortcode
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-31375
Patch Status
Patched
Published
Apr 8, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32450
Patch Status
Patched
Published
Apr 12, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32442
Patch Status
Patched
Published
Apr 12, 2024

Affected Software
Zoho Campaigns
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32441
Patch Status
Patched
Published
Apr 12, 2024

Affected Software
Zoho Campaigns
Researcher

As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.

This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us through our Bug Bounty Program, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.

The post Wordfence Intelligence Weekly WordPress Vulnerability Report (April 8, 2024 to April 14, 2024) appeared first on Wordfence.