(647) 243-4688

Did you know we’re running a Bug Bounty Extravaganza again?

Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure!

Last week, there were 190 vulnerabilities disclosed in 155 WordPress Plugins and 2 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 53 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.

Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface, vulnerability API, webhook integration, and Wordfence CLI Vulnerability Scanner are all completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.

Enterprises, Hosting Providers, and even Individuals can use the Wordfence CLI Vulnerability Scanner to run regular vulnerability scans across the sites they protect. Or alternatively, utilize the vulnerability Database API to receive a complete dump of our database of over 15,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.

New Firewall Rules Deployed Last Week

The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.

The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our PremiumCare, and Response customers last week:

WP Datepicker <= 2.1.0 – Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update
WAF-RULE-691 – Data redacted while we work with the vendor on a patch.

Wordfence PremiumCare, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.

Total Unpatched & Patched Vulnerabilities Last Week

Patch Status
Number of Vulnerabilities

Patched
149

Unpatched
41

Total Vulnerabilities by CVSS Severity Last Week

Severity Rating
Number of Vulnerabilities

Low Severity
1

Medium Severity
162

High Severity
15

Critical Severity
12

Total Vulnerabilities by CWE Type Last Week

Vulnerability Type by CWE
Number of Vulnerabilities

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
98

Missing Authorization
42

Cross-Site Request Forgery (CSRF)
9

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
8

Authorization Bypass Through User-Controlled Key
5

Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)
5

Information Exposure
3

Unrestricted Upload of File with Dangerous Type
3

Deserialization of Untrusted Data
2

Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’)
2

Improper Control of Generation of Code (‘Code Injection’)
2

Information Exposure Through Log Files
2

Server-Side Request Forgery (SSRF)
2

Exposure of Sensitive Information Through Metadata
1

Guessable CAPTCHA
1

Improper Authorization
1

Improper Input Validation
1

Incorrect Privilege Assignment
1

Not Failing Securely (‘Failing Open’)
1

Protection Mechanism Failure
1

Researchers That Contributed to WordPress Security Last Week

Researcher Name
Number of Vulnerabilities

14

12

12

11

11

10

9

9

8

8

7

6

6

5

4

4

4

3

3

3

3

3

2

2

2

2

2

2

2

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

ST

1

1

1

1

1

Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and earn a bounty on in-scope vulnerabilities through our Bug Bounty Program. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.

WordPress Plugins with Reported Vulnerabilities Last Week

Software Name
Software Slug

2Checkout Payment Gateway for WooCommerce

woocommerce-2checkout-payment

3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin

real3d-flipbook-lite

Access Category Password

access-category-password

Active Products Tables for WooCommerce. Use constructor to create tables 

profit-products-tables-for-woocommerce

AI Infographic Maker

infographic-and-list-builder-ilist

App Builder – Create Native Android & iOS Apps On The Flight

app-builder

Attesa Extra

attesa-extra

BA Book Everything

ba-book-everything

Backend Designer

backend-designer

Backup Migration

backup-backup

Barcode Scanner and Inventory manager. POS (Point of Sale) – scan barcodes & create orders with barcode reader.

barcode-scanner-lite-pos-to-manage-products-inventory-and-orders

BMI Adult & Kid Calculator

bmi-adultkid-calculator

Bulk Block Converter

bulk-block-converter

Canva – Design beautiful blog graphics

canva

CBX Bookmark & Favorite

cbxwpbookmark

Click to Chat – HoliThemes

click-to-chat-for-whatsapp

Code Insert Manager (Q2W3 Inc Manager)

q2w3-inc-manager

Content Control – The Ultimate Content Restriction Plugin! Restrict Content, Create Conditional Blocks & More

content-control

Cornerstone

cornerstone

Country State City Dropdown CF7

country-state-city-auto-dropdown

Custom Order Statuses for WooCommerce

custom-order-statuses-for-woocommerce

Custom Thank You Page Customize For WooCommerce by Binary Carpenter

bc-woo-custom-thank-you-pages

Customer Reviews for WooCommerce

customer-reviews-woocommerce

Debug Log Manager

debug-log-manager

Delete Custom Fields

delete-custom-fields

DethemeKit For Elementor

dethemekit-for-elementor

DirectoryPress – Business Directory And Classified Ad Listing

directorypress

Ditty – Responsive News Tickers, Sliders, and Lists

ditty-news-ticker

DSGVO Youtube

dsgvo-youtube

EAN for WooCommerce

ean-for-woocommerce

Easy CountDowner

easy-countdowner

Easy Custom Auto Excerpt

easy-custom-auto-excerpt

Easy Textillate

easy-textillate

eCommerce Product Catalog Plugin for WordPress

ecommerce-product-catalog

EleForms – All In One Form Integration including DB for Elementor

all-contact-form-integration-for-elementor

Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)

bdthemes-element-pack-lite

Elements Plus!

elements-plus

ElementsKit Pro

elementskit

Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce

email-subscribers

Enhanced Media Library

enhanced-media-library

Envo Extra

envo-extra

EnvíaloSimple: Email Marketing y Newsletters

envialosimple-email-marketing-y-newsletters-gratis

Essential Addons for Elementor Pro

essential-addons-elementor

Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders

essential-addons-for-elementor-lite

Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates

essential-blocks

Exclusive Addons for Elementor

exclusive-addons-for-elementor

FileBird – WordPress Media Library Folders & File Manager

filebird

Fixed HTML Toolbar

fixed-html-toolbar

Flash Video Player

flash-video-player

Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder

form-maker

Forminator – Contact Form, Payment Form & Custom Form Builder

forminator

Frontend Admin by DynamiApps

acf-frontend-form-element

GG Woo Feed for WooCommerce Shopping Feed on Google Facebook and Other Channels

gg-woo-feed

Happy Addons for Elementor

happy-elementor-addons

hCaptcha for WordPress

hcaptcha-for-forms-and-more

HelloAsso

helloasso

HT Mega – Absolute Addons For Elementor

ht-mega-for-elementor

HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce

hurrytimer

HUSKY – Products Filter Professional for WooCommerce

woocommerce-products-filter

Icon Widget

icon-widget

Import Content in WordPress & WooCommerce with Excel

content-excel-importer

Jobs for WordPress

job-postings

Jotform Online Forms – Drag & Drop Form Builder, Securely Embed Contact Forms

embed-form

Knight Lab Timeline

knight-lab-timelinejs

Language Switcher for Transposh

language-switcher-for-transposh

LearnPress Export Import – WordPress extension for LearnPress

learnpress-import-export

LearnPress – WordPress LMS Plugin

learnpress

LH Add Media From Url

lh-add-media-from-url

Login with phone number

login-with-phone-number

LoginPress Pro

loginpress-pro

Mailster – Email Newsletter Plugin for WordPress

mailster

Master Slider – Responsive Touch Slider

master-slider

MaxGalleria

maxgalleria

Media Library Folders

media-library-plus

Mega Addons For Elementor

ultimate-addons-for-elementor

Mega Elements – Addons for Elementor

mega-elements-addons-for-elementor

MJ Update History

mj-update-history

Mortgage Calculators WP

mortgage-calculators-wp

Multi Currency For WooCommerce

wc-multi-currency

MyRewards – Loyalty Points and Rewards for WooCommerce – Reward orders, referrals, product reviews and more

woorewards

Navigation menu as Dropdown Widget

navigation-menu-as-dropdown-widget

Netgsm

netgsm

Open Close WooCommerce Store – Best Business Schedules Manager

woc-open-close

Order Limit for WooCommerce

wc-order-limit-lite

Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE

otter-blocks

Ovic Responsive WPBakery

ovic-vc-addon

Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions

paid-memberships-pro

PeproDev CF7 Database

pepro-cf7-database

PeproDev Ultimate Invoice

pepro-ultimate-invoice

Poll Maker – Best WordPress Poll Plugin

poll-maker

Popup Anything – Popup for opt-ins and Lead Generation Conversions

popup-anything-on-click

Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX

ultimate-post

Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider)

bdthemes-prime-slider-lite

Product Feed PRO for WooCommerce by AdTribes – WooCommerce Product Feeds for Google, Facebook/Meta, Bing, & More

woo-product-feed-pro

ProfileGrid – User Profiles, Memberships, Groups and Communities

profilegrid-user-profiles-groups-and-communities

QR Code Composer – Automatic QR code Generator

qr-code-composer

Radio Player – Live Shoutcast, Icecast and Any Audio Stream Player for WordPress

radio-player

Real Media Library: Media Library Folder & File Manager

real-media-library-lite

Really Simple SSL

really-simple-ssl

Related Posts for WordPress

microkids-related-posts

Restaurant Menu – Food Ordering System – Table Reservation

menu-ordering-reservations

Royal Elementor Addons and Templates

royal-elementor-addons

RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator

feedzy-rss-feeds

RSS Feed Widget

rss-feed-widget

Shared Files – Advanced File Sharing & Download Manager with Frontend Uploads & Lead Generation

shared-files

ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor)

woolentor-addons

Shortcodes and extra features for Phlox theme

auxin-elements

Simple Registration for WooCommerce

woocommerce-simple-registration

Simple Testimonials Showcase

simple-testimonials-showcase

Slider by 10Web – Responsive Image Slider

slider-wd

Smart Forms – when you need more than just a contact form

smart-forms

SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer

smartcrawl-seo

SP Project & Document Manager

sp-client-document-manager

Speed Optimizer – The All-In-One WordPress Performance-Boosting Plugin

sg-cachepress

Support Genix – Support Tickets Managing System & Helpdesk Plugin for WordPress and WooCommerce

support-genix-lite

Tagbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics

taggbox-widget

Tagembed: Embed Twitter Feed, Google Reviews, YouTube Videos, TikTok, RSS Feed & More Social Media Feeds

tagembed-widget

Tax Rate Upload

tax-rate-upload

Theme My Login

theme-my-login

TrackShip for WooCommerce

trackship-for-woocommerce

User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin

user-registration

VikBooking Hotel Booking Engine & PMS

vikbooking

Void Elementor WHMCS Elements For Elementor Page Builder

void-elementor-whmcs-elements

What’s New Generator

whats-new-genarator

WooCommerce Google Feed Manager

wp-product-feed-manager

WooCommerce Multilingual & Multicurrency with WPML

woocommerce-multilingual

WordPress Automatic Plugin

wp-automatic

WordPress Menu Plugin — Superfly Responsive Menu

superfly-menu

WordPress Simple HTML Sitemap

wp-simple-html-sitemap

WP 2FA – Two-factor authentication for WordPress

wp-2fa

WP 404 Auto Redirect to Similar Post

wp-404-auto-redirect-to-similar-post

WP Club Manager – WordPress Sports Club Plugin

wp-club-manager

WP Cookie Consent ( for GDPR, CCPA & ePrivacy )

gdpr-cookie-consent

WP Cost Estimation & Payment Forms Builder

wp-estimation-form

WP Dummy Content Generator

wp-dummy-content-generator

WP Dynamic Keywords Injector

wp-dynamic-keywords-injector

WP File Download Light

wp-file-download-light

WP Helper Premium

wp-helper-lite

WP Meta SEO

wp-meta-seo

WP Poll Maker – Best WordPress Poll Plugin for Voting Contest

epoll-wp-voting

WP Show Posts

wp-show-posts

WP Smart Import : Import any XML File to WordPress

wp-smart-import

WP Social Comments

gs-facebook-comments

WP Stripe Checkout

wp-stripe-checkout

WP TradingView

wp-tradingview

WP Ultimate Review

wp-ultimate-review

WP-Cufon

wp-cufon

WP-FormAssembly

formassembly-web-forms

WP-Lister Lite for eBay

wp-lister-for-ebay

WP-Recall – Registration, Profile, Commerce & More

wp-recall

WPC Frequently Bought Together for WooCommerce

woo-bought-together

WPC Grouped Product for WooCommerce

wpc-grouped-product

Yoga Schedule Momoyoga

momoyoga-integration

Zero Spam for WordPress

zero-spam

Zynith SEO

zynith-seo

WordPress Themes with Reported Vulnerabilities Last Week

Software Name
Software Slug

GuCherry Blog

gucherry-blog

Tainacan Interface

tainacan-interface

Vulnerability Details

Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you’d like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.

CVSS Rating
Critical (10.0)
CVE-ID
CVE-2024-32599
Patch Status
Patched
Published
Apr 16, 2024

Affected Software
WP Dummy Content Generator
Researcher

CVSS Rating
Critical (9.9)
CVE-ID
CVE-2024-32680
Patch Status
Patched
Published
Apr 17, 2024

CVSS Rating
Critical (9.9)
CVE-ID
CVE-2024-32514
Patch Status
Unpatched
Published
Apr 15, 2024

CVSS Rating
Critical (9.9)
CVE-ID
CVE-2024-32551
Patch Status
Unpatched
Published
Apr 16, 2024

Affected Software
SP Project & Document Manager
Researcher

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-28890
Patch Status
Patched
Published
Apr 18, 2024

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-3729
Patch Status
Patched
Published
Apr 18, 2024

Affected Software
Frontend Admin by DynamiApps
Researcher

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-32523
Patch Status
Patched
Published
Apr 15, 2024

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-32600
Patch Status
Patched
Published
Apr 16, 2024

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-32511
Patch Status
Unpatched
Published
Apr 15, 2024

CVSS Rating
Critical (9.1)
CVE-ID
CVE-2024-31077
Patch Status
Patched
Published
Apr 18, 2024

CVSS Rating
Critical (9.1)
CVE-ID
CVE-2024-32602
Patch Status
Patched
Published
Apr 16, 2024

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-3849
Patch Status
Patched
Published
Apr 17, 2024

Affected Software
Click to Chat – HoliThemes
Researcher

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-32507
Patch Status
Patched
Published
Apr 15, 2024

Affected Software
Login with phone number
Researcher

CVSS Rating
High (8.2)
CVE-ID
CVE-2024-1567
Patch Status
Patched
Published
Apr 19, 2024

CVSS Rating
High (7.5)
CVE-ID
CVE-2023-6214
Patch Status
Patched
Published
Apr 16, 2024

CVSS Rating
High (7.2)
CVE-ID
CVE-2024-32565
Patch Status
Patched
Published
Apr 16, 2024

CVSS Rating
High (7.2)
CVE-ID
CVE-2024-32582
Patch Status
Patched
Published
Apr 16, 2024

Affected Software
Debug Log Manager
Researcher

CVSS Rating
High (7.2)
CVE-ID
CVE-2024-32567
Patch Status
Patched
Published
Apr 16, 2024

CVSS Rating
High (7.2)
CVE-ID
CVE-2024-3067
Patch Status
Patched
Published
Apr 15, 2024

Researcher

CVSS Rating
High (7.2)
CVE-ID
CVE-2023-6961
Patch Status
Patched
Published
Apr 16, 2024

Affected Software
WP Meta SEO
Researcher

CVSS Rating
High (7.2)
CVE-ID
CVE-2024-32541
Patch Status
Unpatched
Published
Apr 15, 2024

Affected Software
WP-Cufon
Researcher

CVSS Rating
High (7.2)
CVE-ID
CVE-2024-32562
Patch Status
Unpatched
Published
Apr 16, 2024

Affected Software
Zynith SEO
Researcher

CVSS Rating
Medium (6.5)
CVE-ID
CVE-2024-32691
Patch Status
Patched
Published
Apr 19, 2024

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-32594
Patch Status
Patched
Published
Apr 16, 2024

Affected Software
Attesa Extra
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-3672
Patch Status
Patched
Published
Apr 15, 2024

Affected Software
BA Book Everything
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-32577
Patch Status
Patched
Published
Apr 16, 2024

Affected Software
CBX Bookmark & Favorite
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-32508
Patch Status
Patched
Published
Apr 15, 2024

Affected Software
DethemeKit For Elementor
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-32596
Patch Status
Patched
Published
Apr 16, 2024

Affected Software
DSGVO Youtube
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2023-6892
Patch Status
Patched
Published
Apr 17, 2024

Affected Software
EAN for WooCommerce
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-32526
Patch Status
Unpatched
Published
Apr 15, 2024

Affected Software
Easy Textillate

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-32457
Patch Status
Patched
Published
Apr 15, 2024

Affected Software
Elements Plus!
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-3598
Patch Status
Patched
Published
Apr 18, 2024

Affected Software
ElementsKit Pro

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-32456
Patch Status
Patched
Published
Apr 15, 2024

Affected Software
Envo Extra
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-2751
Patch Status
Patched
Published
Apr 15, 2024

Affected Software
Exclusive Addons for Elementor
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-2503
Patch Status
Patched
Published
Apr 15, 2024

Affected Software
Exclusive Addons for Elementor
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-3891
Patch Status
Patched
Published
Apr 19, 2024

Affected Software
Happy Addons for Elementor
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4014
Patch Status
Patched
Published
Apr 19, 2024

Affected Software
hCaptcha for WordPress
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-32697
Patch Status
Patched
Published
Apr 19, 2024

Affected Software
HelloAsso
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-1993
Patch Status
Patched
Published
Apr 19, 2024

Affected Software
Icon Widget
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-32554
Patch Status
Unpatched
Published
Apr 16, 2024

Affected Software
Knight Lab Timeline
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-3560
Patch Status
Patched
Published
Apr 18, 2024

Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-32580
Patch Status
Patched
Published
Apr 16, 2024

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-32575
Patch Status
Patched
Published
Apr 16, 2024

Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-32581
Patch Status
Patched
Published
Apr 16, 2024

Affected Software
Mortgage Calculators WP

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-32560
Patch Status
Unpatched
Published
Apr 16, 2024

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-2328
Patch Status
Patched
Published
Apr 15, 2024

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-32530
Patch Status
Unpatched
Published
Apr 15, 2024

Affected Software
Simple Testimonials Showcase
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-32553
Patch Status
Unpatched
Published
Apr 16, 2024

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-32566
Patch Status
Patched
Published
Apr 16, 2024

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-32597
Patch Status
Patched
Published
Apr 16, 2024

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-32571
Patch Status
Patched
Published
Apr 16, 2024

Affected Software
WP Stripe Checkout
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-32536
Patch Status
Unpatched
Published
Apr 15, 2024

Affected Software
WP TradingView
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2023-49768
Patch Status
Patched
Published
Apr 16, 2024

Affected Software
WP-FormAssembly
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-32529
Patch Status
Unpatched
Published
Apr 15, 2024

Affected Software
Yoga Schedule Momoyoga
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-32535
Patch Status
Unpatched
Published
Apr 15, 2024

Affected Software
Access Category Password
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-32542
Patch Status
Unpatched
Published
Apr 16, 2024

Affected Software
Bulk Block Converter
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-32545
Patch Status
Unpatched
Published
Apr 15, 2024

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-32547
Patch Status
Unpatched
Published
Apr 15, 2024

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-32570
Patch Status
Patched
Published
Apr 16, 2024

Affected Software
Cornerstone
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-3731
Patch Status
Patched
Published
Apr 18, 2024

Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-0613
Patch Status
Unpatched
Published
Apr 15, 2024

Affected Software
Delete Custom Fields
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-32538
Patch Status
Unpatched
Published
Apr 15, 2024

Affected Software
Easy CountDowner
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-32558
Patch Status
Patched
Published
Apr 18, 2024

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-32587
Patch Status
Patched
Published
Apr 16, 2024

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-31857
Patch Status
Patched
Published
Apr 18, 2024

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-32531
Patch Status
Unpatched
Published
Apr 15, 2024

Affected Software
GuCherry Blog
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-32585
Patch Status
Patched
Published
Apr 16, 2024

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-2833
Patch Status
Patched
Published
Apr 17, 2024

Affected Software
Jobs for WordPress
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-32695
Patch Status
Patched
Published
Apr 19, 2024

Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-32588
Patch Status
Patched
Published
Apr 16, 2024

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-32533
Patch Status
Patched
Published
Apr 15, 2024

Affected Software
LH Add Media From Url
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-3615
Patch Status
Patched
Published
Apr 18, 2024

Affected Software
Media Library Folders
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-32543
Patch Status
Unpatched
Published
Apr 15, 2024

Affected Software
MJ Update History
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-32544
Patch Status
Patched
Published
Apr 15, 2024

Affected Software
Netgsm
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-32578
Patch Status
Patched
Published
Apr 16, 2024

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-3867
Patch Status
Patched
Published
Apr 15, 2024

Affected Software
Tainacan Interface

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-32546
Patch Status
Unpatched
Published
Apr 15, 2024

Affected Software
Tax Rate Upload
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-32563
Patch Status
Patched
Published
Apr 16, 2024

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-32574
Patch Status
Patched
Published
Apr 16, 2024

Affected Software
WordPress Simple HTML Sitemap
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-32568
Patch Status
Patched
Published
Apr 16, 2024

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-32559
Patch Status
Patched
Published
Apr 16, 2024

Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-32510
Patch Status
Patched
Published
Apr 15, 2024

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-32528
Patch Status
Patched
Published
Apr 15, 2024

Affected Software
WP Dynamic Keywords Injector
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-32595
Patch Status
Patched
Published
Apr 16, 2024

Affected Software
WP Helper Premium
Researcher

CVSS Rating
Medium (5.5)
CVE-ID
CVE-2024-31229
Patch Status
Patched
Published
Apr 16, 2024

Affected Software
Really Simple SSL
Researcher

CVSS Rating
Medium (5.4)
CVE-ID
CVE-2024-32696
Patch Status
Patched
Published
Apr 19, 2024

Affected Software
AI Infographic Maker
Researcher

CVSS Rating
Medium (5.4)
CVE-ID
CVE-2024-2840
Patch Status
Patched
Published
Apr 15, 2024

Affected Software
Enhanced Media Library
Researcher

CVSS Rating
Medium (5.4)
CVE-ID
CVE-2024-32688
Patch Status
Patched
Published
Apr 17, 2024

CVSS Rating
Medium (5.4)
CVE-ID
CVE-2024-32693
Patch Status
Patched
Published
Apr 19, 2024

Affected Software
WordPress Automatic Plugin
Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-0629
Patch Status
Unpatched
Published
Apr 15, 2024

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-32686
Patch Status
Patched
Published
Apr 17, 2024

Affected Software
Backup Migration
Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-3312
Patch Status
Patched
Published
Apr 18, 2024

Affected Software
Easy Custom Auto Excerpt
Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-32676
Patch Status
Unpatched
Published
Apr 17, 2024

Affected Software
LoginPress Pro
Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-32677
Patch Status
Unpatched
Published
Apr 17, 2024

Affected Software
LoginPress Pro
Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-32675
Patch Status
Patched
Published
Apr 17, 2024

Affected Software
Order Limit for WooCommerce
Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-3215
Patch Status
Patched
Published
Apr 15, 2024

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-32518
Patch Status
Unpatched
Published
Apr 15, 2024

Affected Software
PeproDev Ultimate Invoice
Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-3601
Patch Status
Patched
Published
Apr 18, 2024

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-32601
Patch Status
Patched
Published
Apr 16, 2024

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-3287
Patch Status
Patched
Published
Apr 19, 2024

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-32532
Patch Status
Patched
Published
Apr 15, 2024

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2023-49742
Patch Status
Patched
Published
Apr 16, 2024

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-32678
Patch Status
Patched
Published
Apr 17, 2024

Affected Software
TrackShip for WooCommerce
Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-32509
Patch Status
Patched
Published
Apr 15, 2024

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2023-6962
Patch Status
Patched
Published
Apr 16, 2024

Affected Software
WP Meta SEO
Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-32684
Patch Status
Patched
Published
Apr 17, 2024

Affected Software
WP Ultimate Review
Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-32683
Patch Status
Patched
Published
Apr 17, 2024

Affected Software
WP Ultimate Review
Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-32685
Patch Status
Patched
Published
Apr 17, 2024

Affected Software
WP Ultimate Review
Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-32521
Patch Status
Unpatched
Published
Apr 15, 2024

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-32598
Patch Status
Patched
Published
Apr 16, 2024

Affected Software
BA Book Everything
Researcher

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-32591
Patch Status
Patched
Published
Apr 16, 2024

Affected Software
Backend Designer
Researcher

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-32540
Patch Status
Patched
Published
Apr 15, 2024

Affected Software
Fixed HTML Toolbar

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-32126
Patch Status
Patched
Published
Apr 16, 2024

Researcher

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-32690
Patch Status
Patched
Published
Apr 19, 2024

Affected Software
RSS Feed Widget
Researcher

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-32548
Patch Status
Unpatched
Published
Apr 15, 2024

Affected Software
What’s New Generator
Researcher

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-32539
Patch Status
Unpatched
Published
Apr 15, 2024

Affected Software
WP File Download Light
Researcher

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-32573
Patch Status
Patched
Published
Apr 16, 2024

Affected Software
WP-Lister Lite for eBay
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32550
Patch Status
Patched
Published
Apr 15, 2024

Affected Software
BMI Adult & Kid Calculator
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-3520
Patch Status
Patched
Published
Apr 15, 2024

Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32524
Patch Status
Unpatched
Published
Apr 15, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-3869
Patch Status
Patched
Published
Apr 15, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2023-6897
Patch Status
Patched
Published
Apr 17, 2024

Affected Software
EAN for WooCommerce
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32537
Patch Status
Unpatched
Published
Apr 15, 2024

Affected Software
Flash Video Player
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32519
Patch Status
Patched
Published
Apr 15, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-3581
Patch Status
Patched
Published
Apr 19, 2024

Affected Software
MaxGalleria
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32515
Patch Status
Unpatched
Published
Apr 15, 2024

Affected Software
Mega Addons For Elementor
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32516
Patch Status
Patched
Published
Apr 15, 2024

Affected Software
Multi Currency For WooCommerce
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32522
Patch Status
Patched
Published
Apr 15, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32142
Patch Status
Unpatched
Published
Apr 16, 2024

Affected Software
Ovic Responsive WPBakery
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2023-41864
Patch Status
Unpatched
Published
Apr 16, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-3606
Patch Status
Patched
Published
Apr 16, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32549
Patch Status
Unpatched
Published
Apr 15, 2024

Affected Software
Related Posts for WordPress
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-1306
Patch Status
Patched
Published
Apr 15, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32525
Patch Status
Patched
Published
Apr 15, 2024

Affected Software
Theme My Login
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2023-6731
Patch Status
Patched
Published
Apr 16, 2024

Affected Software
WP Show Posts
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32689
Patch Status
Patched
Published
Apr 17, 2024

Affected Software
WP Social Comments
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32604
Patch Status
Patched
Published
Apr 16, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32687
Patch Status
Patched
Published
Apr 17, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-32520
Patch Status
Patched
Published
Apr 15, 2024

Researcher

As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.

This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us through our Bug Bounty Program, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.

The post Wordfence Intelligence Weekly WordPress Vulnerability Report (April 15, 2024 to April 21, 2024) appeared first on Wordfence.