(647) 243-4688

Did you know we’re running a Bug Bounty Extravaganza again?

Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure!

Last week, there were 159 vulnerabilities disclosed in 141 WordPress Plugins and 7 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 71 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.

Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface, vulnerability API, webhook integration, and Wordfence CLI Vulnerability Scanner are all completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.

Enterprises, Hosting Providers, and even Individuals can use the Wordfence CLI Vulnerability Scanner to run regular vulnerability scans across the sites they protect. Or alternatively, utilize the vulnerability Database API to receive a complete dump of our database of over 16,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.

New Firewall Rules Deployed Last Week

The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.

The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our PremiumCare, and Response customers last week:

WAF-RULE-698 – Data redacted while we work with the vendor on a patch.
WAF-RULE-696 – Data redacted while we work with the vendor on a patch.
WAF-RULE-693 – Data redacted while we work with the vendor on a patch.

Wordfence PremiumCare, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.

Total Unpatched & Patched Vulnerabilities Last Week

Patch Status
Number of Vulnerabilities

Patched
92

Unpatched
67

Total Vulnerabilities by CVSS Severity Last Week

Severity Rating
Number of Vulnerabilities

Medium Severity
142

High Severity
14

Critical Severity
3

Total Vulnerabilities by CWE Type Last Week

Vulnerability Type by CWE
Number of Vulnerabilities

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
78

Missing Authorization
38

Cross-Site Request Forgery (CSRF)
8

Deserialization of Untrusted Data
5

Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)
5

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
4

Information Exposure
3

Improper Access Control
2

Improper Control of Generation of Code (‘Code Injection’)
2

Server-Side Request Forgery (SSRF)
2

URL Redirection to Untrusted Site (‘Open Redirect’)
2

Authorization Bypass Through User-Controlled Key
1

Exposure of System Data to an Unauthorized Control Sphere
1

External Control of Assumed-Immutable Web Parameter
1

Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’)
1

Improper Input Validation
1

Information Exposure Through Log Files
1

Insecure Storage of Sensitive Information
1

Unrestricted Upload of File with Dangerous Type
1

Use of Insufficiently Random Values
1

Use of Less Trusted Source
1

Researchers That Contributed to WordPress Security Last Week

Researcher Name
Number of Vulnerabilities

16

15

11

10

8

8

8

7

7

6

5

5

4

4

3

3

2

2

2

2

2

2

2

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and earn a bounty on in-scope vulnerabilities through our Bug Bounty Program. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.

WordPress Plugins with Reported Vulnerabilities Last Week

Software Name
Software Slug

3D FlipBook – PDF Flipbook WordPress

interactive-3d-flipbook-powered-physics-engine

5280 Bootstrap Modal Contact Form

5280-bootstrap-modal-contact-form

AA Cash Calculator

aa-calculator

Academy LMS – eLearning and online course solution for WordPress

academy

ACF Front End Editor

acf-front-end-editor

ACF On-The-Go

acf-on-the-go

Admin Page Spider

admin-page-spider

AJAX Login and Registration modal popup + inline form

ajax-login-and-registration-modal-popup

All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic

all-in-one-seo-pack

All-in-One Addons for Elementor – WidgetKit

widgetkit-for-elementor

All-in-One Video Gallery

all-in-one-video-gallery

Alt Text AI – Automatically generate image alt text for SEO and accessibility

alttext-ai

Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy)

wp-analytify

AnnounceKit

announcekit

Anti-Spam: Spam Protection | Block Spam Users, Comments, Forms

stop-spammer-registrations-plugin

Archives Calendar Widget

archives-calendar-widget

ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup

armember-membership

AWeber for WooCommerce

woocommerce-aweber-newsletter-subscription

Barcode Scanner and Inventory manager. POS (Point of Sale) – scan barcodes & create orders with barcode reader.

barcode-scanner-lite-pos-to-manage-products-inventory-and-orders

Booster Extension

booster-extension

Booster for WooCommerce

woocommerce-jetpack

Breakdance

breakdance

BuddyPress

buddypress

Button contact VR

button-contact-vr

Calendar

calendar

ChatBot Conversational Forms

conversational-forms

CodeBard’s Patron Button and Widgets for Patreon

patron-button-and-widgets-by-codebard

Contact Form by WPForms – Drag & Drop Form Builder for WordPress

wpforms-lite

ConvertPlug

convertplug

Cost Calculator Builder

cost-calculator-builder-pro

CPO Companion

cpo-companion

Custom WooCommerce Checkout Fields Editor

add-fields-to-checkout-page-woocommerce

Customer Email Verification for WooCommerce

emails-verification-for-woocommerce

Debug Log Manager

debug-log-manager

Democracy Poll

democracy-poll

Different Menu in Different Pages – Control Menu Visibility (All in One)

different-menus-in-different-pages

Directorist – WordPress Business Directory Plugin with Classified Ads Listings

directorist

Drag and Drop Multiple File Upload – Contact Form 7

drag-and-drop-multiple-file-upload-contact-form-7

EAN for WooCommerce

ean-for-woocommerce

Easy Restaurant Table Booking

easy-table-booking

Eleblog – Elementor Blog And Magazine Addons

ele-blog

Elementor Addon Elements

addon-elements-for-elementor-page-builder

Elementor ImageBox

fd-elementor-imagebox

Elementor Website Builder Pro

elementor-pro

ElementsKit Elementor addons and Templates Library

elementskit-lite

ElementsReady Addons for Elementor

element-ready-lite

Embed Google Fonts

embed-google-fonts

Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders

essential-addons-for-elementor-lite

Event Monster – Event Management, Tickets Booking, Upcoming Event

event-monster

EventON

eventon-lite

Exclusive Addons for Elementor

exclusive-addons-for-elementor

Fancy Elementor Flipbox

fancy-elementor-flipbox

Flattr

flattr

Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager

folders

Follow Us Badges

wpsite-follow-us-badges

Giphypress

giphypress

Google Doc Embedder

google-document-embedder

Google Typography

google-typography

Grid Gallery – Photo Image Grid Gallery

new-grid-gallery

Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor

front-editor

Gutenberg Blocks with AI by Kadence WP – Page Builder Features

kadence-blocks

GWP-Histats

gwp-histats

Import and export users and customers

import-users-from-csv-with-meta

Inline Google Spreadsheet Viewer

inline-google-spreadsheet-viewer

iPages Flipbook For WordPress

ipages-flipbook

iPanorama 360 – WordPress Virtual Tour Builder

ipanorama-360-virtual-tour-builder-lite

Jeg Elementor Kit

jeg-elementor-kit

JW Player for WordPress

jw-player-7-for-wp

LA-Studio Element Kit for Elementor

lastudio-element-kit

Last Viewed Posts by WPBeginner

last-viewed-posts

LeadConnector

leadconnector

Login Logout Register Menu

login-logout-register-menu

Login with phone number

login-with-phone-number

MailerLite – Signup forms (official)

official-mailerlite-sign-up-forms

Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor

master-addons

Masteriyo LMS – eLearning and Online Course Builder for WordPress

learning-management-system

MasterStudy LMS WordPress Plugin – for Online Courses and Education

masterstudy-lms-learning-management-system

MDTF – Meta Data and Taxonomies Filter

wp-meta-data-filter-and-taxonomy-filter

Media Cleaner: Clean your WordPress!

media-cleaner

Mhr Post Ticker

mhr-post-ticker

Min and Max Purchase for WooCommerce

min-and-max-purchase-for-woocommerce

Mini Loops

mini-loops

Mooberry Book Manager

mooberry-book-manager

PB MailCrypt – AntiSpam Email Encryption

pb-mailcrypt-antispam-email-encryption

Perfect Pullquotes

perfect-pullquotes

Pet Manager

pet-manager

Photo Gallery – Responsive Photo Gallery, Image Gallery, Portfolio Gallery, Logo Gallery And Team Gallery

new-photo-gallery

Photo Gallery, Images, Slider in Rbs Image Gallery

robo-gallery

Popup Box – Best WordPress Popup Plugin

ays-popup-box

Post Grid Master – Custom Post Types, Taxonomies & Ajax Filter Everything with Infinite Scroll, Load More, Pagination & Shortcode Builder

ajax-filter-posts

Premium Addons for Elementor

premium-addons-for-elementor

Print Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce

a4-barcode-generator

Print My Blog – Print, PDF, & eBook Converter WordPress Plugin

print-my-blog

Print-O-Matic

print-o-matic

Progressive WordPress (PWA)

progressive-wp

PropertyHive

propertyhive

Rank Math SEO with AI Best SEO Tools

seo-by-rank-math

Realtyna Organic IDX plugin + WPL Real Estate

real-estate-listing-realtyna-wpl

RegistrationMagic – User Registration Plugin with Custom Registration Forms

custom-registration-form-builder-with-submission-manager

ReviewX – Multi-criteria Rating & Reviews for WooCommerce

reviewx

RomethemeKit For Elementor

rometheme-for-elementor

rtMedia for WordPress, BuddyPress and bbPress

buddypress-media

Sailthru Triggermail

sailthru-triggermail

SEOPress – On-site SEO

wp-seopress

Share This Image

share-this-image

ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor)

woolentor-addons

Simple Basic Contact Form

simple-basic-contact-form

Simple Image Popup

simple-image-popup

Simple Membership

simple-membership

SimpleShop

simpleshop-cz

Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates)

sina-extension-for-elementor

Slider Revolution

revslider

Sliding Widgets

sliding-widgets

Social Share Icons & Social Share Buttons

ultimate-social-media-plus

SP Project & Document Manager

sp-client-document-manager

Subway – Private Site Option

subway

Supreme Modules Lite – Divi Theme, Extra Theme and Divi Builder

supreme-modules-for-divi

SVS Pricing Tables

svs-pricing-tables

Swift Framework

swift-framework

Sydney Toolbox

sydney-toolbox

Tabellen von faustball.com

docollipics-faustball-de

Table Plugin for WordPress with Google Sheets Integration – Sheets to WP Table Live Sync

sheets-to-wp-table-live-sync

Testimonial Slider

testimonial-slider

The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid

the-post-grid

The School Management Pro

school-management-pro

TweetScroll Widget

tweetscroll-widget

Ultimate Under Construction

ultimate-under-construction

Video Gallery – Api Gallery, YouTube and Vimeo, Link Gallery

new-video-gallery

Web Push Notifications – Webpushr

webpushr-web-push-notifications

Where Did You Hear About Us Checkout Field for WooCommerce

wc-customer-source

Woo Total Sales

woo-total-sales

WordPress Flipbook by Supsystic

digital-publications-by-supsystic

WordPress Header Builder Plugin – Pearl

pearl-header-builder

WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting

erp

WP Recipe Maker

wp-recipe-maker

WP Shortcodes Plugin — Shortcodes Ultimate

shortcodes-ultimate

WP Video Lightbox

wp-video-lightbox

WPify Woo Czech

wpify-woo

WTI Like Post

wti-like-post

Xserver Migrator

xserver-migrator

ZD YouTube FLV Player

zd-youtube-flv-player

WordPress Themes with Reported Vulnerabilities Last Week

Software Name
Software Slug

Adventure Journal

adventure-journal

Blocksy

blocksy

Edge

edge

Freesia Empire

freesia-empire

Pliska

pliska

Restaurant and Cafe

restaurant-and-cafe

Unique

unique

Vulnerability Details

Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you’d like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-3070
Patch Status
Patched
Published
May 2, 2024

CVSS Rating
Critical (9.1)
CVE-ID
CVE-2024-33911
Patch Status
Unpatched
Published
Apr 29, 2024

Affected Software
The School Management Pro

CVSS Rating
Critical (9.1)
CVE-ID
CVE-2024-34434
Patch Status
Patched
Published
May 3, 2024

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-4033
Patch Status
Patched
Published
May 1, 2024

Affected Software
All-in-One Video Gallery
Researcher

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-2831
Patch Status
Unpatched
Published
Apr 29, 2024

Affected Software
Calendar
Researcher

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-3240
Patch Status
Patched
Published
May 3, 2024

Affected Software
ConvertPlug
Researcher

CVSS Rating
High (8.8)
CVE-ID
Unknown
Patch Status
Unpatched
Published
Apr 29, 2024

Researcher(s): Unknown

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-33913
Patch Status
Unpatched
Published
Apr 29, 2024

Affected Software
Xserver Migrator
Researcher

CVSS Rating
High (8.3)
CVE-ID
CVE-2024-2663
Patch Status
Unpatched
Published
Apr 29, 2024

Affected Software
ZD YouTube FLV Player
Researcher

CVSS Rating
High (7.5)
CVE-ID
CVE-2024-1895
Patch Status
Unpatched
Published
Apr 29, 2024

CVSS Rating
High (7.5)
CVE-ID
CVE-2024-1897
Patch Status
Unpatched
Published
Apr 29, 2024

CVSS Rating
High (7.2)
CVE-ID
CVE-2024-4097
Patch Status
Patched
Published
Apr 30, 2024

Affected Software
Cost Calculator Builder
Researcher

CVSS Rating
Medium (6.5)
CVE-ID
CVE-2024-3957
Patch Status
Patched
Published
May 1, 2024

Affected Software
Booster for WooCommerce
Researcher

CVSS Rating
Medium (6.5)
CVE-ID
CVE-2024-1371
Patch Status
Patched
Published
Apr 29, 2024

Affected Software
LeadConnector
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-3883
Patch Status
Patched
Published
May 1, 2024

Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-33953
Patch Status
Unpatched
Published
Apr 29, 2024

Affected Software
Adventure Journal
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4158
Patch Status
Patched
Published
May 3, 2024

Affected Software
Blocksy

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2023-6854
Patch Status
Patched
Published
May 3, 2024

Affected Software
Breakdance
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-3974
Patch Status
Patched
Published
May 3, 2024

Affected Software
BuddyPress
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-33916
Patch Status
Unpatched
Published
Apr 29, 2024

Affected Software
CPO Companion

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-34376
Patch Status
Patched
Published
May 3, 2024

Affected Software
Edge
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-33945
Patch Status
Unpatched
Published
Apr 30, 2024

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-3743
Patch Status
Patched
Published
Apr 29, 2024

Affected Software
Elementor Addon Elements
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4107
Patch Status
Patched
Published
May 2, 2024

Affected Software
Elementor Website Builder Pro
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-34374
Patch Status
Patched
Published
May 3, 2024

Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-2349
Patch Status
Unpatched
Published
Apr 29, 2024

Affected Software
Fancy Elementor Flipbox
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-3280
Patch Status
Patched
Published
May 1, 2024

Affected Software
Follow Us Badges
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-33955
Patch Status
Patched
Published
Apr 30, 2024

Affected Software
Freesia Empire
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-33927
Patch Status
Unpatched
Published
Apr 29, 2024

Affected Software
Giphypress

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-0216
Patch Status
Unpatched
Published
Apr 29, 2024

Affected Software
Google Doc Embedder
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-33926
Patch Status
Unpatched
Published
Apr 29, 2024

Affected Software
GWP-Histats

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-3674
Patch Status
Unpatched
Published
Apr 29, 2024

Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-0334
Patch Status
Patched
Published
Apr 30, 2024

Affected Software
Jeg Elementor Kit
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-3161
Patch Status
Patched
Published
Apr 30, 2024

Affected Software
Jeg Elementor Kit
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-33932
Patch Status
Unpatched
Published
Apr 29, 2024

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-33934
Patch Status
Unpatched
Published
Apr 29, 2024

Affected Software
Mini Loops

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-33935
Patch Status
Unpatched
Published
Apr 29, 2024

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-33951
Patch Status
Unpatched
Published
Apr 30, 2024

Affected Software
Perfect Pullquotes
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-33954
Patch Status
Patched
Published
Apr 30, 2024

Affected Software
Pliska
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-33936
Patch Status
Unpatched
Published
Apr 29, 2024

Affected Software
Print-O-Matic

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-34381
Patch Status
Patched
Published
May 3, 2024

Affected Software
PropertyHive
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4335
Patch Status
Patched
Published
May 3, 2024

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4383
Patch Status
Patched
Published
May 3, 2024

Affected Software
Simple Membership
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4092
Patch Status
Patched
Published
Apr 30, 2024

Affected Software
Slider Revolution
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-33938
Patch Status
Unpatched
Published
Apr 29, 2024

Affected Software
Sliding Widgets
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4036
Patch Status
Patched
Published
May 1, 2024

Affected Software
Sydney Toolbox
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4193
Patch Status
Patched
Published
May 3, 2024

Affected Software
Testimonial Slider
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-33948
Patch Status
Unpatched
Published
Apr 30, 2024

Affected Software
TweetScroll Widget
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-33952
Patch Status
Unpatched
Published
Apr 30, 2024

Affected Software
Unique
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-3490
Patch Status
Patched
Published
May 1, 2024

Affected Software
WP Recipe Maker
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4324
Patch Status
Patched
Published
May 1, 2024

Affected Software
WP Video Lightbox
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-0848
Patch Status
Unpatched
Published
Apr 29, 2024

Affected Software
AA Cash Calculator

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-33928
Patch Status
Unpatched
Published
Apr 29, 2024

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-3917
Patch Status
Unpatched
Published
May 2, 2024

Affected Software
Pet Manager
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-34367
Patch Status
Patched
Published
May 3, 2024

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-33924
Patch Status
Unpatched
Published
Apr 29, 2024

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-33947
Patch Status
Patched
Published
Apr 30, 2024

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-4289
Patch Status
Unpatched
Published
Apr 30, 2024

Affected Software
Sailthru Triggermail
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-4150
Patch Status
Patched
Published
May 3, 2024

Affected Software
Simple Basic Contact Form
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-34369
Patch Status
Patched
Published
May 3, 2024

Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-33946
Patch Status
Patched
Published
Apr 30, 2024

Affected Software
WPify Woo Czech
Researcher

CVSS Rating
Medium (5.4)
CVE-ID
CVE-2024-3237
Patch Status
Patched
Published
May 3, 2024

Affected Software
ConvertPlug
Researcher

CVSS Rating
Medium (5.4)
CVE-ID
CVE-2024-33914
Patch Status
Patched
Published
Apr 29, 2024

Affected Software
Exclusive Addons for Elementor
Researcher

CVSS Rating
Medium (5.4)
CVE-ID
CVE-2024-33949
Patch Status
Unpatched
Published
Apr 30, 2024

Researcher

CVSS Rating
Medium (5.4)
CVE-ID
CVE-2024-3918
Patch Status
Unpatched
Published
May 2, 2024

Affected Software
Pet Manager
Researcher

CVSS Rating
Medium (5.4)
CVE-ID
CVE-2024-4203
Patch Status
Patched
Published
Apr 29, 2024

CVSS Rating
Medium (5.4)
CVE-ID
CVE-2024-33930
Patch Status
Unpatched
Published
Apr 29, 2024

Affected Software
Share This Image
Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-2109
Patch Status
Unpatched
Published
Apr 29, 2024

Affected Software
Booster Extension
Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-33920
Patch Status
Unpatched
Published
Apr 29, 2024

Affected Software
Democracy Poll
Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-33910
Patch Status
Patched
Published
Apr 29, 2024

Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-33929
Patch Status
Patched
Published
Apr 29, 2024

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-3717
Patch Status
Patched
Published
Apr 29, 2024

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-34370
Patch Status
Patched
Published
May 3, 2024

Affected Software
EAN for WooCommerce
Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-33909
Patch Status
Patched
Published
Apr 29, 2024

Affected Software
iPages Flipbook For WordPress
Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-33941
Patch Status
Patched
Published
Apr 30, 2024

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-33931
Patch Status
Unpatched
Published
Apr 29, 2024

Affected Software
JW Player for WordPress
Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-2797
Patch Status
Patched
Published
Apr 29, 2024

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-33939
Patch Status
Patched
Published
Apr 30, 2024

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-33922
Patch Status
Patched
Published
Apr 29, 2024

Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-34368
Patch Status
Patched
Published
May 3, 2024

Affected Software
Mooberry Book Manager
Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-33907
Patch Status
Patched
Published
Apr 29, 2024

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-34382
Patch Status
Patched
Published
May 3, 2024

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-33919
Patch Status
Patched
Published
Apr 29, 2024

Affected Software
RomethemeKit For Elementor
Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-34383
Patch Status
Patched
Published
May 3, 2024

Affected Software
SEOPress – On-site SEO
Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-1229
Patch Status
Patched
Published
May 3, 2024

Affected Software
SimpleShop
Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-32820
Patch Status
Patched
Published
Apr 29, 2024

Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-1678
Patch Status
Unpatched
Published
Apr 29, 2024

Affected Software
Subway – Private Site Option
Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-3916
Patch Status
Unpatched
Published
May 3, 2024

Affected Software
Swift Framework
Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-3915
Patch Status
Unpatched
Published
May 3, 2024

Affected Software
Swift Framework
Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-34377
Patch Status
Patched
Published
May 3, 2024

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-33908
Patch Status
Unpatched
Published
Apr 29, 2024

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-1688
Patch Status
Unpatched
Published
Apr 29, 2024

Affected Software
Woo Total Sales
Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-33944
Patch Status
Patched
Published
Apr 30, 2024

Affected Software
AWeber for WooCommerce
Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-33917
Patch Status
Unpatched
Published
Apr 29, 2024

Affected Software
WTI Like Post
Researcher

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-2401
Patch Status
Unpatched
Published
Apr 29, 2024

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-3023
Patch Status
Unpatched
Published
Apr 29, 2024

Affected Software
AnnounceKit

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-33950
Patch Status
Unpatched
Published
Apr 30, 2024

Affected Software
Archives Calendar Widget
Researcher

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-2220
Patch Status
Unpatched
Published
May 2, 2024

Affected Software
Button contact VR
Researcher

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-34380
Patch Status
Patched
Published
May 3, 2024

Affected Software
ChatBot Conversational Forms
Researcher

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-33940
Patch Status
Unpatched
Published
Apr 30, 2024

Affected Software
EventON
Researcher

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-3920
Patch Status
Unpatched
Published
May 2, 2024

Affected Software
Flattr
Researcher

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-3021
Patch Status
Patched
Published
Apr 29, 2024

Affected Software
Mhr Post Ticker

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-4290
Patch Status
Unpatched
Published
Apr 30, 2024

Affected Software
Sailthru Triggermail
Researcher

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-4433
Patch Status
Unpatched
Published
May 2, 2024

Affected Software
Simple Image Popup
Researcher

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-2958
Patch Status
Unpatched
Published
Apr 29, 2024

Affected Software
SVS Pricing Tables

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-4085
Patch Status
Patched
Published
Apr 30, 2024

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-33943
Patch Status
Patched
Published
Apr 30, 2024

Affected Software
Ultimate Under Construction
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-0847
Patch Status
Unpatched
Published
Apr 29, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-33912
Patch Status
Patched
Published
Apr 29, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-3072
Patch Status
Unpatched
Published
Apr 29, 2024

Affected Software
ACF Front End Editor
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-3071
Patch Status
Unpatched
Published
Apr 29, 2024

Affected Software
ACF On-The-Go
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-33956
Patch Status
Patched
Published
Apr 30, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-33915
Patch Status
Patched
Published
Apr 29, 2024

Affected Software
Debug Log Manager
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-4083
Patch Status
Unpatched
Published
Apr 29, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-33925
Patch Status
Unpatched
Published
Apr 29, 2024

Affected Software
Embed Google Fonts
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-33942
Patch Status
Unpatched
Published
Apr 30, 2024

Affected Software
Google Typography
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-1050
Patch Status
Patched
Published
May 3, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-34371
Patch Status
Patched
Published
May 3, 2024

Affected Software
Login with phone number
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-33937
Patch Status
Unpatched
Published
Apr 29, 2024

Affected Software
Progressive WordPress (PWA)
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-34379
Patch Status
Patched
Published
May 3, 2024

Affected Software
Restaurant and Cafe
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-33921
Patch Status
Patched
Published
Apr 29, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-1230
Patch Status
Patched
Published
May 3, 2024

Affected Software
SimpleShop
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-33923
Patch Status
Unpatched
Published
Apr 29, 2024

Affected Software
SP Project & Document Manager
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-2960
Patch Status
Unpatched
Published
Apr 29, 2024

Affected Software
SVS Pricing Tables

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-2959
Patch Status
Unpatched
Published
Apr 29, 2024

Affected Software
SVS Pricing Tables

As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.

This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us through our Bug Bounty Program, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.

The post Wordfence Intelligence Weekly WordPress Vulnerability Report (April 29, 2024 to May 5, 2024) appeared first on Wordfence.