fbpx
(647) 243-4688

Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the rest. For a limited time, all high risk issues are in-scope for all researchers! 

Last week, there were 183 vulnerabilities disclosed in 135 WordPress Plugins and 14 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 61 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.

Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface, vulnerability API, webhook integration, and Wordfence CLI Vulnerability Scanner are all completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.

Enterprises, Hosting Providers, and even Individuals can use the Wordfence CLI Vulnerability Scanner to run regular vulnerability scans across the sites they protect. Or alternatively, utilize the vulnerability Database API to receive a complete dump of our database of over 17,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.

New Firewall Rules Deployed Last Week

The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.

The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our PremiumCare, and Response customers last week:

WAF-RULE-707 – data redacted while we work with the vendor on a patch.
WAF-RULE-708 – data redacted while we work with the vendor on a patch.

Wordfence PremiumCare, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.

Total Unpatched & Patched Vulnerabilities Last Week

Patch Status
Number of Vulnerabilities

Patched
101

Unpatched
82

Total Vulnerabilities by CVSS Severity Last Week

Severity Rating
Number of Vulnerabilities

Medium Severity
142

High Severity
24

Critical Severity
17

Total Vulnerabilities by CWE Type Last Week

Vulnerability Type by CWE
Number of Vulnerabilities

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
67

Cross-Site Request Forgery (CSRF)
31

Missing Authorization
29

Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)
9

Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’)
7

Unrestricted Upload of File with Dangerous Type
6

Information Exposure
4

Deserialization of Untrusted Data
3

Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)
3

Server-Side Request Forgery (SSRF)
3

Authorization Bypass Through User-Controlled Key
2

Improper Control of Generation of Code (‘Code Injection’)
2

Improper Input Validation
2

Information Exposure Through Log Files
2

URL Redirection to Untrusted Site (‘Open Redirect’)
2

Use of Less Trusted Source
2

Authentication Bypass Using an Alternate Path or Channel
1

Improper Access Control
1

Improper Neutralization of Directives in Dynamically Evaluated Code (‘Eval Injection’)
1

Improper Neutralization of Formula Elements in a CSV File
1

Incorrect Authorization
1

Incorrect Privilege Assignment
1

Protection Mechanism Failure
1

Uncontrolled Resource Consumption (‘Resource Exhaustion’)
1

Weak Password Recovery Mechanism for Forgotten Password
1

Researchers That Contributed to WordPress Security Last Week

Researcher Name
Number of Vulnerabilities

13

10

9

9

9

9

8

8

8

8

7

5

5

4

3

3

3

3

3

3

3

3

2

2

2

2

2

2

2

2

2

2

2

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

tom

1

1

1

1

1

1

1

1

1

1

1

1

1

Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and earn a bounty on in-scope vulnerabilities through our Bug Bounty Program. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.

WordPress Plugins with Reported Vulnerabilities Last Week

Software Name
Software Slug

Academy LMS – eLearning and online course solution for WordPress

academy

Accordion – Multiple Accordion or FAQs Builder

accordions-or-faqs

affiliate-toolkit – WordPress Affiliate Plugin

affiliate-toolkit-starter

AliExpress Dropshipping with AliNext Lite

ali2woo-lite

ARMember Premium – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup

armember

Bible Text

bible-text

Blogmentor – Blog Layouts for Elementor

blogmentor

BlossomThemes Email Newsletter

blossomthemes-email-newsletter

Booking for Appointments and Events Calendar – Amelia

ameliabooking

Branda – White Label WordPress, Custom Login Page Customizer

branda-white-labeling

Bricks Builder

bricksbuilder

Business Directory Plugin – Easy Listing Directories for WordPress

business-directory-plugin

CM Email Registration Blacklist and Whitelist

cm-email-blacklist

Consulting Elementor Widgets

consulting-elementor-widgets

ContentLock

contentlock

ConvertKit – Email Newsletter, Email Marketing, Subscribers and Landing Pages

convertkit

Cost Calculator Builder PRO

cost-calculator-builder-pro

Custom Field Suite

custom-field-suite

Custom Product List Table

custom-product-list-table

Demo Awesome

demo-awesome

DImage 360

dimage-360

Easy Table of Contents

easy-table-of-contents

Elegant Themes Icons

elegant-themes-icons

Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce

email-subscribers

Embed Peertube Playlist

embed-peertube-playlist

EmbedSocial – Social Media Feeds, Reviews and Galleries

embedalbum-pro

Empty Cart Button for WooCommerce

empty-cart-button-for-woocommerce

Enhance Your Posts with the WP Post Author Box, Co-Authors, Guest Authors, and Post Rating System, including Registration Form Builder

wp-post-author

Event Monster – Event Management, Tickets Booking, Upcoming Event

event-monster

Export WP Page to Static HTML/CSS

export-wp-page-to-static-html

Falang multilanguage for WordPress

falang

FS Poster – WordPress Social media Auto Poster & Scheduler [Facebook, Instagram, Twitter, Pinterest]

fs-poster

Gallery Plugin for WordPress – Envira Photo Gallery

envira-gallery-lite

Greenshift – animation and page builder blocks

greenshift-animation-and-page-builder-blocks

Hercules Core

hercules-core

Hide Dashboard Notifications

wp-hide-backed-notices

Ibtana – WordPress Website Builder

ibtana-visual-editor

Image Optimizer, Resizer and CDN – Sirv

sirv

Index WP MySQL For Speed

index-wp-mysql-for-speed

InstaWP Connect – 1-click WP Staging & Migration

instawp-connect

JetWidgets For Elementor

jetwidgets-for-elementor

Kanban Boards for WordPress

kanban

Kimili Flash Embed

kimili-flash-embed

Laybuy Payment Extension for WooCommerce

laybuy-gateway-for-woocommerce

License Manager for WooCommerce

license-manager-for-woocommerce

Lifeline Donation

lifeline-donation

Loco Translate

loco-translate

Login with phone number

login-with-phone-number

Master Slider – Responsive Touch Slider

master-slider

MasterStudy LMS WordPress Plugin – for Online Courses and Education

masterstudy-lms-learning-management-system

MaxGalleria

maxgalleria

Media Library Assistant

media-library-assistant

MIMO Woocommerce Order Tracking

mimo-woocommerce-order-tracking

My Favorites

my-favorites

Newsletters

newsletters-lite

Newspack Blocks

newspack-blocks

Newspack Newsletters

newspack-newsletters

Online Booking & Scheduling Calendar for WordPress by vcita

meeting-scheduler-by-vcita

OpenPGP Form Encryption for WordPress

openpgp-form-encryption

Optinly – Exit Intent, Newsletter Popups, Gamification & Opt-in Forms

optinly

Orbit Fox by ThemeIsle

themeisle-companion

OSM Map Widget for Elementor

osm-map-elementor

Page Builder Sandwich – Front End WordPress Page Builder Plugin

page-builder-sandwich

Page Builder: Live Composer

live-composer-page-builder

Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions

paid-memberships-pro

PDF Viewer for Elementor

pdf-viewer-for-elementor

Pexels: Free Stock Photos

wp-pexels-free-stock-photos

Photo Gallery, Images, Slider in Rbs Image Gallery

robo-gallery

Photo Video Gallery Master

photo-video-gallery-master

phpinfo() WP

phpinfo-wp

Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio

play-ht

Pop ups, Exit intent popups, email popups, banners, bars, countdowns and cart savers – Promolayer

promolayer-popup-builder

Popup Box – Create Countdown, Coupon, Video, Contact Form Popups

ays-popup-box

PropertyHive

propertyhive

Replace Image

replace-image

Restaurant Reservations

nd-restaurant-reservations

Salon Booking System

salon-booking-system

Scheduling Plugin – Online Booking for WordPress

calendar-booking

SEOPress – On-site SEO

wp-seopress

Shariff Wrapper

shariff

Shortcode Addons- with Visual Composer, Divi, Beaver Builder and Elementor Extension

shortcode-addons

Shortcodes by United Themes

ut-shortcodes

Shortcodes Ultimate Pro

shortcodes-ultimate-pro

Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates)

sina-extension-for-elementor

SiteGuard WP Plugin

siteguard

Sketchfab Embed

sketchfab-oembed

Slider & Popup Builder by Depicter – Add Image Slider, Carousel Slider, Exit Intent Popup, Popup Modal, Coupon Popup, Post Slider Carousel

depicter

Slideshow SE

slideshow-se

Smush Image Optimization – Optimize Images | Compress & Lazy Load Images | Convert WebP | Image CDN

wp-smushit

Solid Security – Password, Two Factor Authentication, and Brute Force Protection

better-wp-security

SP Project & Document Manager

sp-client-document-manager

Sparkle Demo Importer

sparkle-demo-importer

Squeeze

squeeze

SULly

sully

Support SVG – Upload svg files in wordpress without hassle

support-svg

SVG Block

svg-block

Table Addons for Elementor

table-addons-for-elementor

Tabs – Responsive Tabs with WooCommerce Product Tab Extension

vc-tabs

The Plus Addons for Elementor Page Builder

theplus_elementor_addon

Themify – WooCommerce Product Filter

themify-wc-product-filter

Tickera – WordPress Event Ticketing

tickera-event-ticketing-system

Tournamatch

tournamatch

Transition Slider – Responsive Image Slider and Gallery

transition-slider-lite

Typing Text

typing-text

UberMenu

ubermenu

Ultimate Blocks – WordPress Blocks Plugin

ultimate-blocks

Ultimate Custom Add To Cart Button (Ajax) For WooCommerce by Binary Carpenter

custom-add-to-cart-button-for-woocommerce

Universal Slider

fusion-slider

User Profile Picture

metronet-profile-picture

User Rights Access Manager

user-rights-access-manager

Vimeography: Vimeo Video Gallery WordPress Plugin

vimeography

Wheel of Life: Coaching and Assessment Tool for Life Coach

wheel-of-life

Wishlist Member

wishlist-member-x

WooCommerce Checkout & Funnel Builder by CartFlows – Create High Converting Stores For WooCommerce

cartflows

Woocommerce Customers Order History

woo-customers-order-history

Word Balloon

word-balloon

WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg

groundhogg

WordPress Picture / Portfolio / Media Gallery

nimble-portfolio

WP 2FA – Two-factor authentication for WordPress

wp-2fa

WP Blog Post Layouts

wp-blog-post-layouts

WP Child Theme Generator

wp-child-theme-generator

WP Hotel Booking

wp-hotel-booking

WP Job Manager – Resume Manager

wp-job-manager-resumes

WP Magazine Modules Lite

wp-magazine-modules-lite

WP Maintenance

wp-maintenance

WP QuickLaTeX

wp-quicklatex

WP Recipe Maker

wp-recipe-maker

WP Scraper

wp-scraper

WP Secure Maintenance

wp-secure-maintainance

WP SVG Images

wp-svg-images

WPAdverts – Classifieds Plugin

wpadverts

WPZOOM Addons for Elementor (Templates, Widgets)

wpzoom-elementor-addons

YARPP – Yet Another Related Posts Plugin

yet-another-related-posts-plugin

Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress

youzify

Zoho Marketing Automation

zoho-marketinghub

WordPress Themes with Reported Vulnerabilities Last Week

Software Name
Software Slug

Book Landing Page

book-landing-page

Chic Lite

chic-lite

Customizr

customizr

Digital Newspaper

digital-newspaper

Divi

Divi

Education Zone

education-zone

Enfold – Responsive Multi-Purpose Theme

enfold

Flatsome

flatsome

Grey Opaque

grey-opaque

Hueman

hueman

Materialis

materialis

Mosaic

mosaic

Sinatra

sinatra

Vilva

vilva

Vulnerability Details

Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you’d like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.

CVSS Rating
Critical (10.0)
CVE-ID
CVE-2024-37228
Patch Status
Patched
Published
Jun 21, 2024

CVSS Rating
Critical (10.0)
CVE-ID
CVE-2024-37112
Patch Status
Unpatched
Published
Jun 20, 2024

Affected Software
Wishlist Member
Researcher

CVSS Rating
Critical (10.0)
CVE-ID
CVE-2024-3605
Patch Status
Unpatched
Published
Jun 19, 2024

Affected Software
WP Hotel Booking
Researcher

CVSS Rating
Critical (9.9)
CVE-ID
CVE-2024-37090
Patch Status
Patched
Published
Jun 20, 2024

Affected Software
Consulting Elementor Widgets
Researcher

CVSS Rating
Critical (9.9)
CVE-ID
CVE-2024-5853
Patch Status
Patched
Published
Jun 18, 2024

CVSS Rating
Critical (9.9)
CVE-ID
CVE-2024-37109
Patch Status
Unpatched
Published
Jun 20, 2024

Affected Software
Wishlist Member
Researcher

CVSS Rating
Critical (9.9)
CVE-ID
CVE-2024-37225
Patch Status
Unpatched
Published
Jun 21, 2024

Affected Software
Zoho Marketing Automation
Researcher

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-37089
Patch Status
Patched
Published
Jun 20, 2024

Affected Software
Consulting Elementor Widgets
Researcher

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-5432
Patch Status
Unpatched
Published
Jun 19, 2024

Affected Software
Lifeline Donation
Researcher

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-3229
Patch Status
Patched
Published
Jun 18, 2024

Affected Software
Salon Booking System
Researcher

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-4098
Patch Status
Patched
Published
Jun 19, 2024

Affected Software
Shariff Wrapper
Researcher

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-6027
Patch Status
Patched
Published
Jun 20, 2024

CVSS Rating
Critical (9.6)
CVE-ID
CVE-2024-37212
Patch Status
Unpatched
Published
Jun 20, 2024

CVSS Rating
Critical (9.3)
CVE-ID
CVE-2024-5021
Patch Status
Unpatched
Published
Jun 18, 2024

CVSS Rating
Critical (9.1)
CVE-ID
CVE-2024-35767
Patch Status
Patched
Published
Jun 18, 2024

Affected Software
Squeeze
Researcher

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-2381
Patch Status
Unpatched
Published
Jun 18, 2024

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-37092
Patch Status
Patched
Published
Jun 20, 2024

Affected Software
Consulting Elementor Widgets
Researcher

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-37091
Patch Status
Patched
Published
Jun 20, 2024

Affected Software
Consulting Elementor Widgets
Researcher

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-3562
Patch Status
Unpatched
Published
Jun 19, 2024

Affected Software
Custom Field Suite
Researcher

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-3561
Patch Status
Unpatched
Published
Jun 19, 2024

Affected Software
Custom Field Suite
Researcher

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-5605
Patch Status
Patched
Published
Jun 19, 2024

Affected Software
Media Library Assistant
Researcher

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-6132
Patch Status
Unpatched
Published
Jun 18, 2024

Affected Software
Pexels: Free Stock Photos
Researcher

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-5724
Patch Status
Unpatched
Published
Jun 18, 2024

Affected Software
Photo Video Gallery Master
Researcher

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-35778
Patch Status
Unpatched
Published
Jun 19, 2024

Affected Software
Slideshow SE

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-37107
Patch Status
Unpatched
Published
Jun 20, 2024

Affected Software
Wishlist Member
Researcher

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-35781
Patch Status
Unpatched
Published
Jun 19, 2024

Affected Software
Word Balloon

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-5503
Patch Status
Unpatched
Published
Jun 20, 2024

Affected Software
WP Blog Post Layouts
Researcher

CVSS Rating
High (8.3)
CVE-ID
CVE-2024-37234
Patch Status
Unpatched
Published
Jun 21, 2024

CVSS Rating
High (8.1)
CVE-ID
CVE-2024-6125
Patch Status
Patched
Published
Jun 18, 2024

Affected Software
Login with phone number
Researcher

CVSS Rating
High (8.1)
CVE-ID
CVE-2024-37108
Patch Status
Unpatched
Published
Jun 20, 2024

Affected Software
Wishlist Member
Researcher

CVSS Rating
High (7.5)
CVE-ID
CVE-2024-35780
Patch Status
Unpatched
Published
Jun 19, 2024

Affected Software
Page Builder: Live Composer
Researcher

CVSS Rating
High (7.5)
CVE-ID
CVE-2024-5574
Patch Status
Patched
Published
Jun 18, 2024

Affected Software
WP Magazine Modules Lite
Researcher

CVSS Rating
High (7.4)
CVE-ID
CVE-2023-5527
Patch Status
Patched
Published
Jun 17, 2024

CVSS Rating
High (7.2)
CVE-ID
CVE-2024-3593
Patch Status
Patched
Published
Jun 21, 2024

Affected Software
UberMenu
Researcher

CVSS Rating
High (7.2)
CVE-ID
CVE-2024-37106
Patch Status
Unpatched
Published
Jun 20, 2024

Affected Software
Wishlist Member
Researcher

CVSS Rating
High (7.1)
CVE-ID
CVE-2024-3597
Patch Status
Unpatched
Published
Jun 19, 2024

CVSS Rating
Medium (6.5)
CVE-ID
CVE-2024-1639
Patch Status
Unpatched
Published
Jun 20, 2024

Researcher

CVSS Rating
Medium (6.5)
CVE-ID
CVE-2023-3204
Patch Status
Patched
Published
Jun 19, 2024

Affected Software
Materialis
Researcher

CVSS Rating
Medium (6.5)
CVE-ID
CVE-2024-6120
Patch Status
Patched
Published
Jun 21, 2024

Affected Software
Sparkle Demo Importer
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-37214
Patch Status
Unpatched
Published
Jun 20, 2024

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-5444
Patch Status
Unpatched
Published
Jun 20, 2024

Affected Software
Bible Text
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-3558
Patch Status
Unpatched
Published
Jun 19, 2024

Affected Software
Custom Field Suite
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-35774
Patch Status
Unpatched
Published
Jun 18, 2024

Affected Software
DImage 360

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-5533
Patch Status
Patched
Published
Jun 17, 2024

Affected Software
Divi

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-37100
Patch Status
Unpatched
Published
Jun 20, 2024

Affected Software
Elegant Themes Icons

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-37217
Patch Status
Unpatched
Published
Jun 21, 2024

Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-5156
Patch Status
Patched
Published
Jun 19, 2024

Affected Software
Flatsome
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-5346
Patch Status
Patched
Published
Jun 21, 2024

Affected Software
Flatsome
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-5966
Patch Status
Unpatched
Published
Jun 21, 2024

Affected Software
Grey Opaque
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4626
Patch Status
Patched
Published
Jun 19, 2024

Affected Software
JetWidgets For Elementor
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-37221
Patch Status
Unpatched
Published
Jun 21, 2024

Affected Software
Kimili Flash Embed
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-5970
Patch Status
Patched
Published
Jun 18, 2024

Affected Software
MaxGalleria
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-5768
Patch Status
Unpatched
Published
Jun 18, 2024

Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-5965
Patch Status
Unpatched
Published
Jun 21, 2024

Affected Software
Mosaic
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-37114
Patch Status
Unpatched
Published
Jun 20, 2024

Affected Software
My Favorites
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-2484
Patch Status
Patched
Published
Jun 21, 2024

Affected Software
Orbit Fox by ThemeIsle
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4663
Patch Status
Unpatched
Published
Jun 18, 2024

Affected Software
OSM Map Widget for Elementor
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-35768
Patch Status
Unpatched
Published
Jun 18, 2024

Affected Software
Page Builder: Live Composer

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-35779
Patch Status
Unpatched
Published
Jun 19, 2024

Affected Software
Page Builder: Live Composer
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-0845
Patch Status
Unpatched
Published
Jun 17, 2024

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-37223
Patch Status
Unpatched
Published
Jun 21, 2024

Affected Software
Restaurant Reservations
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-1168
Patch Status
Patched
Published
Jun 19, 2024

Affected Software
SEOPress – On-site SEO
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4217
Patch Status
Patched
Published
Jun 22, 2024

Affected Software
Shortcodes Ultimate Pro
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-37116
Patch Status
Unpatched
Published
Jun 20, 2024

Affected Software
Sinatra
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-37216
Patch Status
Unpatched
Published
Jun 21, 2024

Affected Software
Sketchfab Embed
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-35769
Patch Status
Unpatched
Published
Jun 18, 2024

Affected Software
Slideshow SE
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4272
Patch Status
Patched
Published
Jun 22, 2024

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4269
Patch Status
Patched
Published
Jun 22, 2024

Affected Software
SVG Block

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4313
Patch Status
Patched
Published
Jun 21, 2024

Affected Software
Table Addons for Elementor
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-5058
Patch Status
Patched
Published
Jun 19, 2024

Affected Software
Typing Text
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-5627
Patch Status
Patched
Published
Jun 22, 2024

Affected Software
Tournamatch
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-0383
Patch Status
Patched
Published
Jun 18, 2024

Affected Software
WP Recipe Maker
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-37208
Patch Status
Unpatched
Published
Jun 20, 2024

Affected Software
WP Scraper
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-5945
Patch Status
Patched
Published
Jun 20, 2024

Affected Software
WP SVG Images
Researcher

CVSS Rating
Medium (6.3)
CVE-ID
CVE-2024-4450
Patch Status
Unpatched
Published
Jun 18, 2024

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-37213
Patch Status
Unpatched
Published
Jun 20, 2024

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-37211
Patch Status
Unpatched
Published
Jun 20, 2024

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-5859
Patch Status
Patched
Published
Jun 20, 2024

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-37206
Patch Status
Unpatched
Published
Jun 20, 2024

Affected Software
Demo Awesome
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-37199
Patch Status
Patched
Published
Jun 20, 2024

Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-4977
Patch Status
Patched
Published
Jun 22, 2024

Affected Software
Index WP MySQL For Speed
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-37222
Patch Status
Unpatched
Published
Jun 20, 2024

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-37097
Patch Status
Patched
Published
Jun 20, 2024

Affected Software
Shortcodes by United Themes
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-5032
Patch Status
Patched
Published
Jun 22, 2024

Affected Software
SULly
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-5033
Patch Status
Patched
Published
Jun 22, 2024

Affected Software
SULly
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-5344
Patch Status
Patched
Published
Jun 20, 2024

CVSS Rating
Medium (5.8)
CVE-ID
CVE-2024-4787
Patch Status
Patched
Published
Jun 18, 2024

Affected Software
Cost Calculator Builder PRO
Researcher

CVSS Rating
Medium (5.5)
CVE-ID
CVE-2024-37098
Patch Status
Unpatched
Published
Jun 20, 2024

Affected Software
BlossomThemes Email Newsletter
Researcher

CVSS Rating
Medium (5.4)
CVE-ID
CVE-2024-37232
Patch Status
Patched
Published
Jun 21, 2024

Affected Software
Hercules Core
Researcher

CVSS Rating
Medium (5.4)
CVE-ID
CVE-2024-3919
Patch Status
Patched
Published
Jun 22, 2024

Researcher

CVSS Rating
Medium (5.4)
CVE-ID
CVE-2024-5649
Patch Status
Unpatched
Published
Jun 18, 2024

Affected Software
Universal Slider
Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-37205
Patch Status
Patched
Published
Jun 20, 2024

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-3961
Patch Status
Patched
Published
Jun 20, 2024

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-5059
Patch Status
Unpatched
Published
Jun 19, 2024

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-5541
Patch Status
Patched
Published
Jun 17, 2024

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-37094
Patch Status
Patched
Published
Jun 20, 2024

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-37115
Patch Status
Patched
Published
Jun 20, 2024

Affected Software
Newspack Blocks
Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-37220
Patch Status
Unpatched
Published
Jun 21, 2024

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-35776
Patch Status
Unpatched
Published
Jun 19, 2024

Affected Software
phpinfo() WP
Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-37881
Patch Status
Patched
Published
Jun 21, 2024

Affected Software
SiteGuard WP Plugin
Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2022-44593
Patch Status
Patched
Published
Jun 20, 2024

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-37110
Patch Status
Unpatched
Published
Jun 20, 2024

Affected Software
Wishlist Member
Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-37111
Patch Status
Unpatched
Published
Jun 20, 2024

Affected Software
Wishlist Member
Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-37113
Patch Status
Unpatched
Published
Jun 20, 2024

Affected Software
Wishlist Member
Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2022-44587
Patch Status
Patched
Published
Jun 20, 2024

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-3610
Patch Status
Patched
Published
Jun 20, 2024

Affected Software
WP Child Theme Generator
Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-0789
Patch Status
Patched
Published
Jun 18, 2024

Affected Software
WP Maintenance

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-37122
Patch Status
Unpatched
Published
Jun 20, 2024

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-6225
Patch Status
Patched
Published
Jun 20, 2024

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-6334
Patch Status
Patched
Published
Jun 18, 2024

Affected Software
Easy Table of Contents
Researcher

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-4602
Patch Status
Patched
Published
Jun 22, 2024

Affected Software
Embed Peertube Playlist
Researcher

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-5151
Patch Status
Patched
Published
Jun 22, 2024

Affected Software
SULly
Researcher

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-37120
Patch Status
Unpatched
Published
Jun 20, 2024

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-5644
Patch Status
Patched
Published
Jun 22, 2024

Affected Software
Tournamatch
Researcher

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-5472
Patch Status
Patched
Published
Jun 22, 2024

Affected Software
WP QuickLaTeX
Researcher

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-4753
Patch Status
Patched
Published
Jun 21, 2024

Affected Software
WP Secure Maintenance
Researcher

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2023-6495
Patch Status
Patched
Published
Jun 18, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-37230
Patch Status
Patched
Published
Jun 21, 2024

Affected Software
Book Landing Page
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-4874
Patch Status
Patched
Published
Jun 21, 2024

Affected Software
Bricks Builder
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-37104
Patch Status
Patched
Published
Jun 20, 2024

Affected Software
Chic Lite
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-5167
Patch Status
Patched
Published
Jun 22, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-6023
Patch Status
Unpatched
Published
Jun 21, 2024

Affected Software
ContentLock
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-6024
Patch Status
Unpatched
Published
Jun 21, 2024

Affected Software
ContentLock
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-6022
Patch Status
Unpatched
Published
Jun 21, 2024

Affected Software
ContentLock
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-4541
Patch Status
Unpatched
Published
Jun 18, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-35771
Patch Status
Patched
Published
Jun 18, 2024

Affected Software
Customizr
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-37207
Patch Status
Unpatched
Published
Jun 20, 2024

Affected Software
Demo Awesome
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-37198
Patch Status
Patched
Published
Jun 20, 2024

Affected Software
Digital Newspaper
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-37103
Patch Status
Patched
Published
Jun 20, 2024

Affected Software
Education Zone
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-37095
Patch Status
Patched
Published
Jun 20, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-37240
Patch Status
Patched
Published
Jun 21, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-37237
Patch Status
Unpatched
Published
Jun 21, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-37235
Patch Status
Patched
Published
Jun 21, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-1955
Patch Status
Patched
Published
Jun 20, 2024

Affected Software
Hide Dashboard Notifications
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-35772
Patch Status
Patched
Published
Jun 18, 2024

Affected Software
Hueman
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-37226
Patch Status
Unpatched
Published
Jun 21, 2024

Affected Software
Kanban Boards for WordPress
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-37203
Patch Status
Unpatched
Published
Jun 20, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-37236
Patch Status
Patched
Published
Jun 21, 2024

Affected Software
Loco Translate

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-37093
Patch Status
Patched
Published
Jun 20, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-37227
Patch Status
Patched
Published
Jun 21, 2024

Affected Software
Newsletters
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-37242
Patch Status
Patched
Published
Jun 21, 2024

Affected Software
Newspack Newsletters
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-37218
Patch Status
Unpatched
Published
Jun 21, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-37233
Patch Status
Unpatched
Published
Jun 21, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-37096
Patch Status
Patched
Published
Jun 20, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-37204
Patch Status
Patched
Published
Jun 20, 2024

Affected Software
PropertyHive
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-4873
Patch Status
Unpatched
Published
Jun 18, 2024

Affected Software
Replace Image
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-37224
Patch Status
Unpatched
Published
Jun 21, 2024

Affected Software
SP Project & Document Manager
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-5034
Patch Status
Patched
Published
Jun 22, 2024

Affected Software
SULly
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-5860
Patch Status
Patched
Published
Jun 17, 2024

Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-5639
Patch Status
Patched
Published
Jun 20, 2024

Affected Software
User Profile Picture
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-37209
Patch Status
Unpatched
Published
Jun 20, 2024

Affected Software
User Rights Access Manager
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-37102
Patch Status
Patched
Published
Jun 20, 2024

Affected Software
Vilva
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-35770
Patch Status
Patched
Published
Jun 18, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-37201
Patch Status
Unpatched
Published
Jun 20, 2024

Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-37241
Patch Status
Patched
Published
Jun 21, 2024

Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-37238
Patch Status
Patched
Published
Jun 21, 2024

Researcher

As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.

This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us through our Bug Bounty Program, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.

The post Wordfence Intelligence Weekly WordPress Vulnerability Report (June 17, 2024 to June 23, 2024) appeared first on Wordfence.