(647) 243-4688

Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the rest. For a limited time, all high risk issues are in-scope for all researchers! 

Last week, there were 215 vulnerabilities disclosed in 180 WordPress Plugins and 10 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 58 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.

Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface, vulnerability API, webhook integration, and Wordfence CLI Vulnerability Scanner are all completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.

Enterprises, Hosting Providers, and even Individuals can use the Wordfence CLI Vulnerability Scanner to run regular vulnerability scans across the sites they protect. Or alternatively, utilize the vulnerability Database API to receive a complete dump of our database of over 16,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.

Total Unpatched & Patched Vulnerabilities Last Week

Patch Status
Number of Vulnerabilities

Patched
150

Unpatched
65

Total Vulnerabilities by CVSS Severity Last Week

Severity Rating
Number of Vulnerabilities

Medium Severity
183

High Severity
21

Critical Severity
11

Total Vulnerabilities by CWE Type Last Week

Vulnerability Type by CWE
Number of Vulnerabilities

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
107

Missing Authorization
49

Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)
8

Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)
8

Cross-Site Request Forgery (CSRF)
7

Information Exposure
6

Improper Access Control
5

Authorization Bypass Through User-Controlled Key
3

Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’)
3

Improper Neutralization of Special Elements in Output Used by a Downstream Component (‘Injection’)
2

Insufficient Verification of Data Authenticity
2

Authentication Bypass Using an Alternate Path or Channel
1

Improper Control of Generation of Code (‘Code Injection’)
1

Improper Handling of Insufficient Permissions or Privileges
1

Improper Input Validation
1

Improper Neutralization of Alternate XSS Syntax
1

Improper Neutralization of Formula Elements in a CSV File
1

Improper Restriction of Excessive Authentication Attempts
1

Incorrect Permission Assignment for Critical Resource
1

Incorrect Privilege Assignment
1

Insecure Storage of Sensitive Information
1

Path Traversal: ‘…/…//’
1

Server-Side Request Forgery (SSRF)
1

Unrestricted Upload of File with Dangerous Type
1

Use of Insufficiently Random Values
1

Use of Less Trusted Source
1

Researchers That Contributed to WordPress Security Last Week

Researcher Name
Number of Vulnerabilities

25

16

13

12

10

10

8

7

7

6

6

6

5

5

5

4

4

3

3

3

3

3

3

3

3

3

2

2

2

2

2

2

2

2

2

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and earn a bounty on in-scope vulnerabilities through our Bug Bounty Program. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.

WordPress Plugins with Reported Vulnerabilities Last Week

Software Name
Software Slug

12 Step Meeting List

12-step-meeting-list

Active Products Tables for WooCommerce. Use constructor to create tables 

profit-products-tables-for-woocommerce

Admin Notices Manager

admin-notices-manager

Advanced Woo Labels – Product Labels for WooCommerce

advanced-woo-labels

Album and Image Gallery plus Lightbox

album-and-image-gallery-plus-lightbox

Album Gallery – WordPress Gallery

new-album-gallery

Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy)

wp-analytify

Animated AL List

animated-al-list

Authorize.net Payment Gateway For WooCommerce

authorizenet-payment-gateway-for-woocommerce

Auto Coupons for WooCommerce

woo-auto-coupons

Block for Font Awesome

block-for-font-awesome

BlockArt Blocks – Gutenberg Blocks, Page Builder Blocks ,WordPress Block Plugin, Sections & Template Library

blockart-blocks

Boostify Header Footer Builder for Elementor

boostify-header-footer-builder

Bosa Elementor Addons and Templates for WooCommerce

bosa-elementor-for-woocommerce

Brave – Create Popup, Optins, Lead Generation, Survey, Sticky Elements & Interactive Content

brave-popup-builder

Brizy – Page Builder

brizy

BuddyPress Cover

bp-cover

BuddyPress Members Only

buddypress-members-only

BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages

wc4bp

Cards for Beaver Builder

bb-bootstrap-cards

CF7 Google Sheets Connector

cf7-google-sheets-connector

Checkout Field Editor for WooCommerce (Pro)

woocommerce-checkout-field-editor-pro

Claudio Sanches – Checkout Cielo for WooCommerce

woocommerce-checkout-cielo

Clever Addons for Elementor

cafe-lite

Clever Fox

clever-fox

Colibri Page Builder

colibri-page-builder

Comments – wpDiscuz

wpdiscuz

Contact Form Builder, Contact Widget

contact-forms-builder

Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress

contact-form-to-db

Copymatic – AI Content Writer & Generator

copymatic

Countdown, Coming Soon, Maintenance – Countdown & Clock

countdown-builder

Cowidgets – Elementor Addons

cowidgets-elementor-addons

Custom Dash

custom-dash

Dashboard To-Do List

dashboard-to-do-list

Database Cleaner: Clean, Optimize & Repair

database-cleaner

Debug Log Manager

debug-log-manager

Download Attachments

download-attachments

Download Manager

download-manager

Easy Forms for Mailchimp

yikes-inc-easy-mailchimp-extender

Easy Social Like Box – Popup – Sidebar Widget

cardoza-facebook-like-box

EasyAzon – Amazon Associates Affiliate Plugin

easyazon

ElasticPress

elasticpress

ElementsReady Addons for Elementor

element-ready-lite

Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce

email-subscribers

EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor

embedpress

Emergency Password Reset

emergency-password-reset

Envo Extra

envo-extra

Essential Addons for Elementor Pro

essential-addons-elementor

Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders

essential-addons-for-elementor-lite

Essential Real Estate

essential-real-estate

Event Tickets with Ticket Scanner

event-tickets-with-ticket-scanner

Extra Product Options for WooCommerce

extra-product-options-for-woocommerce

FileOrganizer – Manage WordPress and Website Files

fileorganizer

Five Star Restaurant Menu and Food Ordering

food-and-drink-menu

Fluid Notification Bar

fluid-notification-bar

Frontend Registration – Contact Form 7

frontend-registration-contact-form-7

Gallery – Image and Video Gallery with Thumbnails

gallery-album

GamiPress – Link

gamipress-link

GDPR CCPA Compliance & Cookie Consent Banner

ninja-gdpr-compliance

GDPR/CCPA Cookie Consent Banner

uk-cookie-consent

GiveWP – Donation Plugin and Fundraising Platform

give

GP Premium

gp-premium

Gutenberg Blocks and Page Layouts – Attire Blocks

attire-blocks

Gutenberg Blocks, Page Builder – ComboBlocks

post-grid

Heateor Social Login WordPress

heateor-social-login

HT Feed

ht-instagram

Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery

new-image-gallery

Image Hover Effects for Elementor with Lightbox and Flipbox

image-hover-effects-with-carousel

Insert Post Ads

insert-post-ads

Integrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files into Your WordPress Site

integrate-google-drive

Kenta Blocks – Responsive Blocks and block templates library

kenta-blocks

KiviCare – Clinic & Patient Management System (EHR)

kivicare-clinic-management-system

Kognetiks Chatbot for WordPress

chatbot-chatgpt

LA-Studio Element Kit for Elementor

lastudio-element-kit

LearnPress – WordPress LMS Plugin

learnpress

Leyka

leyka

LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes

lifterlms

Link Library

link-library

Login/Signup Popup ( Inline Form + Woocommerce )

easy-login-woocommerce

Logo Manager For Enamad

logo-manager-for-enamad

Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library )

magical-addons-for-elementor

Market Exporter

market-exporter

Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor

master-addons

Materialis Companion

materialis-companion

Media Slider – Photo Slider, Video Slider, Link Slider, Carousal Slideshow

media-slider

MegaMenu

stm-megamenu

MelaPress Login Security

melapress-login-security

Mime Types Extended

mime-types-extended

Minimal Coming Soon – Coming Soon Page

minimal-coming-soon-maintenance-mode

Mollie Forms

mollie-forms

MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution

dc-woocommerce-multi-vendor

Nafeza Prayer Time

nafeza-prayer-time

Newsletter – Send awesome emails from WordPress

newsletter

Newsletter, SMTP, Email marketing and Subscribe forms by Brevo (formely Sendinblue)

mailin

Newsletters

newsletters-lite

One Page Express Companion

one-page-express-companion

Open Graph

opengraph

Otter Blocks PRO – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE

otter-pro

Ovic Importer

ovic-import-demo

Pagerank tools

pagerank-tools

Photo Gallery by 10Web – Mobile-Friendly Image Gallery

photo-gallery

Podlove Web Player

podlove-web-player

Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC)

buddyforms

PowerPack Pro for Elementor

powerpack-elements

Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider)

bdthemes-prime-slider-lite

Product Addons & Fields for WooCommerce

woocommerce-product-addon

ProfileGrid – User Profiles, Groups and Communities

profilegrid-user-profiles-groups-and-communities

PropertyHive

propertyhive

Pure Chat – Live Chat & More!

pure-chat

Qi Addons For Elementor

qi-addons-for-elementor

Qi Blocks

qi-blocks

Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker

quiz-master-next

Recurring PayPal Donations

recurring-donation

Responsive Addons – Starter Templates, Advanced Features and Customizer Settings for Responsive Theme.

responsive-add-ons

Restrict for Elementor

restrict-for-elementor

RestroPress – Online Food Ordering System

restropress

Rotating Tweets (Twitter widget and shortcode)

rotatingtweets

Royal Elementor Addons and Templates

royal-elementor-addons

Salon Booking System

salon-booking-system

Save as PDF Plugin by Pdfcrowd

save-as-pdf-by-pdfcrowd

SC filechecker

wp-file-checker

SellKit – Funnel builder and checkout optimizer for WooCommerce to sell more, faster

sellkit

Sensei LMS – Online Courses, Quizzes, & Learning

sensei-lms

Shopping Cart & eCommerce Store

wp-easycart

Simple AL Slider

simple-al-slider

Simple COD Fees for WooCommerce

simple-cod-fee-for-woocommerce

Simple Image Popup Shortcode

simple-image-popup-shortcode

SKT Addons for Elementor

skt-addons-for-elementor

Slider Responsive Slideshow – Image slider, Gallery slideshow

slider-responsive-slideshow

Slider Revolution

revslider

Social Link Pages: link-in-bio landing pages for your social media profiles

social-link-pages

Social Login Lite For WooCommerce

social-login-lite-for-woocommerce

Startklar Elementor Addons

startklar-elmentor-forms-extwidgets

Stellissimo Text Box

stellissimo-text-box

Strategery Migrations

strategery-migrations

Strong Testimonials

strong-testimonials

SureTriggers – Connect All Your Plugins, Apps, Tools & Automate Everything!

suretriggers

TablePress – Tables in WordPress made easy

tablepress

tagDiv Composer

td-composer

TemplatesNext OnePager

templatesnext-onepager

Testimonials Widget

testimonials-widget

The Moneytizer

the-moneytizer

The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid

the-post-grid

Themesflat Addons For Elementor

themesflat-addons-for-elementor

Tickera – WordPress Event Ticketing

tickera-event-ticketing-system

Tutor LMS – eLearning and online course solution

tutor

Under Construction / Maintenance Mode from Acurax

coming-soon-maintenance-mode-from-acurax

Unlimited Elements For Elementor (Free Widgets, Addons, Templates)

unlimited-elements-for-elementor

Upload Fields for WPForms – Drag and Drop Multiple File Upload, Image Upload, and Google Drive Upload for WPForms

upload-fields-for-wpforms

Upunzipper

upunzipper

Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode & Coming Soon Pages

visualcomposer

Visualizer: Tables and Charts Manager for WordPress

visualizer

Wbcom Designs – Custom Font Uploader

custom-font-uploader

Weaver Xtreme Theme Support

weaverx-theme-support

Widget Options – Extended

extended-widget-options

Widget Options – The #1 WordPress Widget & Block Control Plugin

widget-options

Widget4Call

widget4call

WooCommerce Dropshipping Premium

woocommerce-dropshipping

WooCommerce Tools

woo-tools

Woody code snippets – Insert Header Footer Code, AdSense Ads

insert-php

woothemes-sensei

woothemes-sensei

WordPress prettyPhoto

prettyphoto

WP Dark Mode – WordPress Dark Mode Plugin for Improved Accessibility, Dark Theme, Night Mode, and Social Sharing

wp-dark-mode

WP Docs

wp-docs

WP Force SSL & HTTPS SSL Redirect

wp-force-ssl

WP jQuery Lightbox

wp-jquery-lightbox

WP Mobile Menu – The Mobile-Friendly Responsive Menu

mobile-menu

WP Reset – Most Advanced WordPress Reset Tool

wp-reset

WP Time Slots Booking Form

wp-time-slots-booking-form

WP Translate – WordPress Translation Plugin

wp-translate

WP Visitors Tracker

wp_visitorstracker

WP-DB-Table-Editor

wp-db-table-editor

WP-Recall – Registration, Profile, Commerce & More

wp-recall

WPMobile.App — Android and iOS Mobile Application

wpappninja

WPUpper Share Buttons

wpupper-share-buttons

WS Form LITE – Drag & Drop Contact Form Builder for WordPress

ws-form

WS Form Pro

ws-form-pro

YITH Custom Login

yith-custom-login

YITH WooCommerce Product Add-Ons

yith-woocommerce-product-add-ons

YITH WooCommerce Tab Manager

yith-woocommerce-tab-manager

WordPress Themes with Reported Vulnerabilities Last Week

Software Name
Software Slug

Blocksy

blocksy

Bloglo

bloglo

Eduma

eduma

Event

event

Formula

formula

Idyllic

idyllic

Pixgraphy

pixgraphy

Radcliffe 2

radcliffe-2

Responsive

responsive

Rife Free

rife-free

Vulnerability Details

Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you’d like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.

CVSS Rating
Critical (10.0)
CVE-ID
CVE-2024-35746
Patch Status
Unpatched
Published
Jun 6, 2024

Affected Software
BuddyPress Cover
Researcher

CVSS Rating
Critical (9.9)
CVE-ID
CVE-2024-35750
Patch Status
Unpatched
Published
Jun 6, 2024

CVSS Rating
Critical (9.9)
CVE-ID
CVE-2024-35736
Patch Status
Patched
Published
Jun 6, 2024

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-35658
Patch Status
Patched
Published
Jun 3, 2024

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-35677
Patch Status
Patched
Published
Jun 5, 2024

Affected Software
MegaMenu
Researcher

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-4552
Patch Status
Unpatched
Published
Jun 3, 2024

Researcher

CVSS Rating
Critical (9.1)
CVE-ID
CVE-2024-5153
Patch Status
Unpatched
Published
Jun 5, 2024

Affected Software
Startklar Elementor Addons
Researcher

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-5179
Patch Status
Unpatched
Published
Jun 5, 2024

Affected Software
Cowidgets – Elementor Addons
Researcher

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-3668
Patch Status
Patched
Published
Jun 7, 2024

Affected Software
PowerPack Pro for Elementor
Researcher

CVSS Rating
High (8.1)
CVE-ID
CVE-2023-6968
Patch Status
Unpatched
Published
Jun 5, 2024

Affected Software
The Moneytizer
Researcher

CVSS Rating
High (8.1)
CVE-ID
CVE-2023-6966
Patch Status
Unpatched
Published
Jun 5, 2024

Affected Software
The Moneytizer
Researcher

CVSS Rating
High (7.5)
CVE-ID
CVE-2024-5599
Patch Status
Patched
Published
Jun 6, 2024

CVSS Rating
High (7.5)
CVE-ID
CVE-2024-5637
Patch Status
Patched
Published
Jun 6, 2024

Affected Software
Market Exporter
Researcher

CVSS Rating
High (7.5)
CVE-ID
CVE-2024-4887
Patch Status
Patched
Published
Jun 6, 2024

Affected Software
Qi Addons For Elementor
Researcher

CVSS Rating
High (7.5)
CVE-ID
CVE-2024-35745
Patch Status
Unpatched
Published
Jun 6, 2024

Affected Software
Strategery Migrations
Researcher

CVSS Rating
High (7.5)
CVE-ID
CVE-2024-2019
Patch Status
Unpatched
Published
Jun 3, 2024

Affected Software
WP-DB-Table-Editor
Researcher

CVSS Rating
High (7.4)
CVE-ID
CVE-2024-3667
Patch Status
Patched
Published
Jun 4, 2024

Affected Software
Brizy – Page Builder
Researcher

CVSS Rating
High (7.4)
CVE-ID
CVE-2024-5091
Patch Status
Patched
Published
Jun 7, 2024

Affected Software
SKT Addons for Elementor
Researcher

CVSS Rating
High (7.2)
CVE-ID
CVE-2024-2087
Patch Status
Patched
Published
Jun 4, 2024

Affected Software
Brizy – Page Builder
Researcher

CVSS Rating
High (7.2)
CVE-ID
CVE-2024-4870
Patch Status
Unpatched
Published
Jun 3, 2024

CVSS Rating
High (7.2)
CVE-ID
CVE-2024-35706
Patch Status
Patched
Published
Jun 6, 2024

Affected Software
Heateor Social Login WordPress
Researcher

CVSS Rating
High (7.2)
CVE-ID
CVE-2024-4759
Patch Status
Unpatched
Published
Jun 4, 2024

Affected Software
Mime Types Extended
Researcher

CVSS Rating
High (7.2)
CVE-ID
CVE-2024-4902
Patch Status
Patched
Published
Jun 6, 2024

CVSS Rating
High (7.2)
CVE-ID
CVE-2024-35734
Patch Status
Patched
Published
Jun 6, 2024

Affected Software
WP Time Slots Booking Form
Researcher

CVSS Rating
Medium (6.6)
CVE-ID
CVE-2024-35650
Patch Status
Patched
Published
Jun 3, 2024

Affected Software
MelaPress Login Security
Researcher

CVSS Rating
Medium (6.5)
CVE-ID
CVE-2024-4194
Patch Status
Patched
Published
Jun 5, 2024

CVSS Rating
Medium (6.5)
CVE-ID
CVE-2024-5654
Patch Status
Patched
Published
Jun 7, 2024

Affected Software
CF7 Google Sheets Connector
Researcher

CVSS Rating
Medium (6.5)
CVE-ID
CVE-2024-35754
Patch Status
Unpatched
Published
Jun 6, 2024

Affected Software
Ovic Importer
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-35705
Patch Status
Patched
Published
Jun 6, 2024

Affected Software
Block for Font Awesome

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-5439
Patch Status
Patched
Published
Jun 4, 2024

Affected Software
Blocksy

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-35715
Patch Status
Patched
Published
Jun 6, 2024

Affected Software
Bloglo
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-1161
Patch Status
Patched
Published
Jun 4, 2024

Affected Software
Brizy – Page Builder
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-1164
Patch Status
Patched
Published
Jun 4, 2024

Affected Software
Brizy – Page Builder
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-5663
Patch Status
Patched
Published
Jun 7, 2024

Affected Software
Cards for Beaver Builder
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-2350
Patch Status
Unpatched
Published
Jun 5, 2024

Affected Software
Clever Addons for Elementor
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-1768
Patch Status
Patched
Published
Jun 6, 2024

Affected Software
Clever Fox

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4451
Patch Status
Patched
Published
Jun 6, 2024

Affected Software
Colibri Page Builder

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-5038
Patch Status
Patched
Published
Jun 5, 2024

Affected Software
Colibri Page Builder

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-35681
Patch Status
Patched
Published
Jun 6, 2024

Affected Software
Comments – wpDiscuz
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4697
Patch Status
Unpatched
Published
Jun 3, 2024

Affected Software
Cowidgets – Elementor Addons
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-3230
Patch Status
Unpatched
Published
Jun 3, 2024

Affected Software
Download Attachments
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4001
Patch Status
Patched
Published
Jun 4, 2024

Affected Software
Download Manager
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-5152
Patch Status
Unpatched
Published
Jun 5, 2024

Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-5645
Patch Status
Patched
Published
Jun 6, 2024

Affected Software
Envo Extra
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4273
Patch Status
Unpatched
Published
Jun 3, 2024

Affected Software
Essential Real Estate
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-5536
Patch Status
Patched
Published
Jun 4, 2024

Affected Software
GamiPress – Link
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-35707
Patch Status
Patched
Published
Jun 6, 2024

Affected Software
Heateor Social Login WordPress
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-35699
Patch Status
Patched
Published
Jun 6, 2024

Affected Software
HT Feed
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-35714
Patch Status
Patched
Published
Jun 6, 2024

Affected Software
Idyllic
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-35738
Patch Status
Patched
Published
Jun 6, 2024

Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4707
Patch Status
Patched
Published
Jun 5, 2024

Affected Software
Materialis Companion
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-5317
Patch Status
Patched
Published
Jun 4, 2024

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-35740
Patch Status
Patched
Published
Jun 6, 2024

Affected Software
Pixgraphy
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-35701
Patch Status
Patched
Published
Jun 6, 2024

Affected Software
PropertyHive
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4364
Patch Status
Patched
Published
Jun 5, 2024

Affected Software
Qi Addons For Elementor
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-5221
Patch Status
Patched
Published
Jun 5, 2024

Affected Software
Qi Blocks
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-35676
Patch Status
Patched
Published
Jun 5, 2024

Affected Software
Recurring PayPal Donations
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-35654
Patch Status
Patched
Published
Jun 3, 2024

Affected Software
Responsive
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-35719
Patch Status
Patched
Published
Jun 6, 2024

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-35708
Patch Status
Patched
Published
Jun 6, 2024

Affected Software
Rife Free
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4489
Patch Status
Patched
Published
Jun 6, 2024

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4488
Patch Status
Patched
Published
Jun 6, 2024

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-35649
Patch Status
Patched
Published
Jun 3, 2024

Affected Software
Save as PDF Plugin by Pdfcrowd
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-34765
Patch Status
Patched
Published
Jun 6, 2024

Affected Software
woothemes-sensei
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-5342
Patch Status
Unpatched
Published
Jun 5, 2024

Affected Software
Simple Image Popup Shortcode
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4637
Patch Status
Patched
Published
Jun 3, 2024

Affected Software
Slider Revolution
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4581
Patch Status
Patched
Published
Jun 3, 2024

Affected Software
Slider Revolution
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-3888
Patch Status
Patched
Published
Jun 3, 2024

Affected Software
tagDiv Composer
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-35753
Patch Status
Unpatched
Published
Jun 6, 2024

Affected Software
TemplatesNext OnePager
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4705
Patch Status
Unpatched
Published
Jun 5, 2024

Affected Software
Testimonials Widget
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-35711
Patch Status
Patched
Published
Jun 6, 2024

Affected Software
Event
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4212
Patch Status
Unpatched
Published
Jun 5, 2024

Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4458
Patch Status
Unpatched
Published
Jun 5, 2024

Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-2922
Patch Status
Unpatched
Published
Jun 5, 2024

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4459
Patch Status
Unpatched
Published
Jun 5, 2024

Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4939
Patch Status
Patched
Published
Jun 4, 2024

Affected Software
Weaver Xtreme Theme Support
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-5162
Patch Status
Unpatched
Published
Jun 5, 2024

Affected Software
WordPress prettyPhoto
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-35695
Patch Status
Patched
Published
Jun 6, 2024

Affected Software
WP Docs
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-5425
Patch Status
Patched
Published
Jun 6, 2024

Affected Software
WP jQuery Lightbox
Researcher

CVSS Rating
Medium (6.3)
CVE-ID
CVE-2024-5087
Patch Status
Patched
Published
Jun 7, 2024

Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-35693
Patch Status
Patched
Published
Jun 6, 2024

Affected Software
12 Step Meeting List
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-5728
Patch Status
Unpatched
Published
Jun 7, 2024

Affected Software
Animated AL List
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-35733
Patch Status
Patched
Published
Jun 6, 2024

Affected Software
Auto Coupons for WooCommerce
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-35697
Patch Status
Patched
Published
Jun 6, 2024

Affected Software
Eduma
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-35652
Patch Status
Patched
Published
Jun 3, 2024

Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-5613
Patch Status
Patched
Published
Jun 7, 2024

Affected Software
Formula
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-5638
Patch Status
Patched
Published
Jun 7, 2024

Affected Software
Formula
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-35679
Patch Status
Patched
Published
Jun 6, 2024

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-3469
Patch Status
Patched
Published
Jun 4, 2024

Affected Software
GP Premium
Researchers

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-35687
Patch Status
Patched
Published
Jun 6, 2024

Affected Software
Link Library
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-4757
Patch Status
Unpatched
Published
Jun 4, 2024

Affected Software
Logo Manager For Enamad
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-35718
Patch Status
Patched
Published
Jun 6, 2024

Affected Software
Newsletters
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-5730
Patch Status
Unpatched
Published
Jun 7, 2024

Affected Software
Pagerank tools
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-5729
Patch Status
Unpatched
Published
Jun 7, 2024

Affected Software
Simple AL Slider
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-5727
Patch Status
Unpatched
Published
Jun 7, 2024

Affected Software
Widget4Call
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-35696
Patch Status
Patched
Published
Jun 6, 2024

Affected Software
WP Docs
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-35737
Patch Status
Patched
Published
Jun 6, 2024

Affected Software
WP Visitors Tracker
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-35694
Patch Status
Patched
Published
Jun 6, 2024

CVSS Rating
Medium (5.4)
CVE-ID
CVE-2024-35724
Patch Status
Patched
Published
Jun 6, 2024

CVSS Rating
Medium (5.4)
CVE-ID
CVE-2023-6876
Patch Status
Patched
Published
Jun 6, 2024

Affected Software
Clever Fox
Researcher

CVSS Rating
Medium (5.4)
CVE-ID
CVE-2024-35669
Patch Status
Patched
Published
Jun 3, 2024

Affected Software
Debug Log Manager
Researcher

CVSS Rating
Medium (5.4)
CVE-ID
CVE-2024-35673
Patch Status
Patched
Published
Jun 5, 2024

Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-0972
Patch Status
Unpatched
Published
Jun 5, 2024

Affected Software
BuddyPress Members Only
Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-35747
Patch Status
Unpatched
Published
Jun 6, 2024

Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-35742
Patch Status
Unpatched
Published
Jun 6, 2024

Affected Software
Easy Forms for Mailchimp

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-35692
Patch Status
Patched
Published
Jun 6, 2024

Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-35665
Patch Status
Unpatched
Published
Jun 3, 2024

Affected Software
Insert Post Ads
Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-35725
Patch Status
Patched
Published
Jun 6, 2024

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-5483
Patch Status
Patched
Published
Jun 4, 2024

Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-35683
Patch Status
Patched
Published
Jun 6, 2024

Affected Software
Leyka
Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-5615
Patch Status
Patched
Published
Jun 4, 2024

Affected Software
Open Graph
Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-35710
Patch Status
Patched
Published
Jun 6, 2024

Affected Software
Podlove Web Player
Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-35728
Patch Status
Patched
Published
Jun 6, 2024

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-35685
Patch Status
Patched
Published
Jun 6, 2024

Affected Software
Radcliffe 2
Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-0910
Patch Status
Unpatched
Published
Jun 5, 2024

Affected Software
Restrict for Elementor
Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-35686
Patch Status
Patched
Published
Jun 6, 2024

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-35749
Patch Status
Unpatched
Published
Jun 6, 2024

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-35748
Patch Status
Unpatched
Published
Jun 6, 2024

Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-1689
Patch Status
Patched
Published
Jun 6, 2024

Affected Software
WooCommerce Tools
Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-35667
Patch Status
Patched
Published
Jun 3, 2024

Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-35735
Patch Status
Patched
Published
Jun 6, 2024

Affected Software
WP Time Slots Booking Form
Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-35663
Patch Status
Unpatched
Published
Jun 3, 2024

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-4997
Patch Status
Unpatched
Published
Jun 3, 2024

Affected Software
WPUpper Share Buttons
Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-35680
Patch Status
Patched
Published
Jun 6, 2024

CVSS Rating
Medium (4.9)
CVE-ID
CVE-2024-35712
Patch Status
Patched
Published
Jun 6, 2024

CVSS Rating
Medium (4.9)
CVE-ID
CVE-2024-35743
Patch Status
Unpatched
Published
Jun 6, 2024

Affected Software
SC filechecker
Researcher

CVSS Rating
Medium (4.9)
CVE-ID
CVE-2024-35744
Patch Status
Unpatched
Published
Jun 6, 2024

Affected Software
Upunzipper
Researcher

CVSS Rating
Medium (4.7)
CVE-ID
CVE-2023-5424
Patch Status
Patched
Published
Jun 6, 2024

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-4942
Patch Status
Unpatched
Published
Jun 5, 2024

Affected Software
Custom Dash

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-3031
Patch Status
Unpatched
Published
Jun 3, 2024

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-4462
Patch Status
Unpatched
Published
Jun 3, 2024

Affected Software
Nafeza Prayer Time

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-35752
Patch Status
Unpatched
Published
Jun 6, 2024

Affected Software
Stellissimo Text Box
Researcher

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-35698
Patch Status
Patched
Published
Jun 6, 2024

Affected Software
YITH WooCommerce Tab Manager

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-1717
Patch Status
Unpatched
Published
Jun 3, 2024

Affected Software
Admin Notices Manager
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-35720
Patch Status
Patched
Published
Jun 6, 2024

Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-4788
Patch Status
Unpatched
Published
Jun 5, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-35716
Patch Status
Patched
Published
Jun 6, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-35723
Patch Status
Patched
Published
Jun 6, 2024

Affected Software
Dashboard To-Do List
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-35684
Patch Status
Patched
Published
Jun 6, 2024

Affected Software
ElasticPress
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-35648
Patch Status
Patched
Published
Jun 3, 2024

Affected Software
Emergency Password Reset

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-4274
Patch Status
Unpatched
Published
Jun 3, 2024

Affected Software
Essential Real Estate
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-35727
Patch Status
Patched
Published
Jun 6, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-4088
Patch Status
Patched
Published
Jun 4, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-35659
Patch Status
Unpatched
Published
Jun 3, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-2368
Patch Status
Patched
Published
Jun 4, 2024

Affected Software
Mollie Forms
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-5453
Patch Status
Patched
Published
Jun 4, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-5459
Patch Status
Patched
Published
Jun 4, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-4468
Patch Status
Patched
Published
Jun 7, 2024

Affected Software
Salon Booking System
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-35662
Patch Status
Unpatched
Published
Jun 3, 2024

Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-35722
Patch Status
Patched
Published
Jun 6, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2023-6491
Patch Status
Patched
Published
Jun 6, 2024

Affected Software
Strong Testimonials
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-35729
Patch Status
Patched
Published
Jun 6, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-5489
Patch Status
Patched
Published
Jun 5, 2024

Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-4661
Patch Status
Patched
Published
Jun 7, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-35657
Patch Status
Unpatched
Published
Jun 3, 2024

CVSS Rating
Medium (4.2)
CVE-ID
CVE-2024-5770
Patch Status
Patched
Published
Jun 7, 2024

Researcher

CVSS Rating
Medium (4.0)
CVE-ID
CVE-2024-35732
Patch Status
Patched
Published
Jun 6, 2024

Affected Software
YITH Custom Login
Researcher

As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.

This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us through our Bug Bounty Program, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.

The post Wordfence Intelligence Weekly WordPress Vulnerability Report (June 3, 2024 to June 9, 2024) appeared first on Wordfence.