Wordfence Intelligence Weekly WordPress Vulnerability Report (June 3, 2024 to June 9, 2024)

Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the rest. For a limited time, all high risk issues are in-scope for all researchers! 

Last week, there were 215 vulnerabilities disclosed in 180 WordPress Plugins and 10 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 58 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.

Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface, vulnerability API, webhook integration, and Wordfence CLI Vulnerability Scanner are all completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.

Enterprises, Hosting Providers, and even Individuals can use the Wordfence CLI Vulnerability Scanner to run regular vulnerability scans across the sites they protect. Or alternatively, utilize the vulnerability Database API to receive a complete dump of our database of over 16,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.

Total Unpatched & Patched Vulnerabilities Last Week

Patch Status
Number of Vulnerabilities

Patched
150

Unpatched
65

Total Vulnerabilities by CVSS Severity Last Week

Severity Rating
Number of Vulnerabilities

Medium Severity
183

High Severity
21

Critical Severity
11

Total Vulnerabilities by CWE Type Last Week

Vulnerability Type by CWE
Number of Vulnerabilities

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
107

Missing Authorization
49

Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)
8

Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)
8

Cross-Site Request Forgery (CSRF)
7

Information Exposure
6

Improper Access Control
5

Authorization Bypass Through User-Controlled Key
3

Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’)
3

Improper Neutralization of Special Elements in Output Used by a Downstream Component (‘Injection’)
2

Insufficient Verification of Data Authenticity
2

Authentication Bypass Using an Alternate Path or Channel
1

Improper Control of Generation of Code (‘Code Injection’)
1

Improper Handling of Insufficient Permissions or Privileges
1

Improper Input Validation
1

Improper Neutralization of Alternate XSS Syntax
1

Improper Neutralization of Formula Elements in a CSV File
1

Improper Restriction of Excessive Authentication Attempts
1

Incorrect Permission Assignment for Critical Resource
1

Incorrect Privilege Assignment
1

Insecure Storage of Sensitive Information
1

Path Traversal: ‘…/…//’
1

Server-Side Request Forgery (SSRF)
1

Unrestricted Upload of File with Dangerous Type
1

Use of Insufficiently Random Values
1

Use of Less Trusted Source
1

Researchers That Contributed to WordPress Security Last Week

Researcher Name
Number of Vulnerabilities

25

16

13

12

10

10

8

7

7

6

6

6

5

5

5

4

4

3

3

3

3

3

3

3

3

3

2

2

2

2

2

2

2

2

2

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and earn a bounty on in-scope vulnerabilities through our Bug Bounty Program. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.

WordPress Plugins with Reported Vulnerabilities Last Week

Software Name
Software Slug

12 Step Meeting List

12-step-meeting-list

Active Products Tables for WooCommerce. Use constructor to create tables 

profit-products-tables-for-woocommerce

Admin Notices Manager

admin-notices-manager

Advanced Woo Labels – Product Labels for WooCommerce

advanced-woo-labels

Album and Image Gallery plus Lightbox

album-and-image-gallery-plus-lightbox

Album Gallery – WordPress Gallery

new-album-gallery

Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy)

wp-analytify

Animated AL List

animated-al-list

Authorize.net Payment Gateway For WooCommerce

authorizenet-payment-gateway-for-woocommerce

Auto Coupons for WooCommerce

woo-auto-coupons

Block for Font Awesome

block-for-font-awesome

BlockArt Blocks – Gutenberg Blocks, Page Builder Blocks ,WordPress Block Plugin, Sections & Template Library

blockart-blocks

Boostify Header Footer Builder for Elementor

boostify-header-footer-builder

Bosa Elementor Addons and Templates for WooCommerce

bosa-elementor-for-woocommerce

Brave – Create Popup, Optins, Lead Generation, Survey, Sticky Elements & Interactive Content

brave-popup-builder

Brizy – Page Builder

brizy

BuddyPress Cover

bp-cover

BuddyPress Members Only

buddypress-members-only

BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages

wc4bp

Cards for Beaver Builder

bb-bootstrap-cards

CF7 Google Sheets Connector

cf7-google-sheets-connector

Checkout Field Editor for WooCommerce (Pro)

woocommerce-checkout-field-editor-pro

Claudio Sanches – Checkout Cielo for WooCommerce

woocommerce-checkout-cielo

Clever Addons for Elementor

cafe-lite

Clever Fox

clever-fox

Colibri Page Builder

colibri-page-builder

Comments – wpDiscuz

wpdiscuz

Contact Form Builder, Contact Widget

contact-forms-builder

Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress

contact-form-to-db

Copymatic – AI Content Writer & Generator

copymatic

Countdown, Coming Soon, Maintenance – Countdown & Clock

countdown-builder

Cowidgets – Elementor Addons

cowidgets-elementor-addons

Custom Dash

custom-dash

Dashboard To-Do List

dashboard-to-do-list

Database Cleaner: Clean, Optimize & Repair

database-cleaner

Debug Log Manager

debug-log-manager

Download Attachments

download-attachments

Download Manager

download-manager

Easy Forms for Mailchimp

yikes-inc-easy-mailchimp-extender

Easy Social Like Box – Popup – Sidebar Widget

cardoza-facebook-like-box

EasyAzon – Amazon Associates Affiliate Plugin

easyazon

ElasticPress

elasticpress

ElementsReady Addons for Elementor

element-ready-lite

Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce

email-subscribers

EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor

embedpress

Emergency Password Reset

emergency-password-reset

Envo Extra

envo-extra

Essential Addons for Elementor Pro

essential-addons-elementor

Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders

essential-addons-for-elementor-lite

Essential Real Estate

essential-real-estate

Event Tickets with Ticket Scanner

event-tickets-with-ticket-scanner

Extra Product Options for WooCommerce

extra-product-options-for-woocommerce

FileOrganizer – Manage WordPress and Website Files

fileorganizer

Five Star Restaurant Menu and Food Ordering

food-and-drink-menu

Fluid Notification Bar

fluid-notification-bar

Frontend Registration – Contact Form 7

frontend-registration-contact-form-7

Gallery – Image and Video Gallery with Thumbnails

gallery-album

GamiPress – Link

gamipress-link

GDPR CCPA Compliance & Cookie Consent Banner

ninja-gdpr-compliance

GDPR/CCPA Cookie Consent Banner

uk-cookie-consent

GiveWP – Donation Plugin and Fundraising Platform

give

GP Premium

gp-premium

Gutenberg Blocks and Page Layouts – Attire Blocks

attire-blocks

Gutenberg Blocks, Page Builder – ComboBlocks

post-grid

Heateor Social Login WordPress

heateor-social-login

HT Feed

ht-instagram

Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery

new-image-gallery

Image Hover Effects for Elementor with Lightbox and Flipbox

image-hover-effects-with-carousel

Insert Post Ads

insert-post-ads

Integrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files into Your WordPress Site

integrate-google-drive

Kenta Blocks – Responsive Blocks and block templates library

kenta-blocks

KiviCare – Clinic & Patient Management System (EHR)

kivicare-clinic-management-system

Kognetiks Chatbot for WordPress

chatbot-chatgpt

LA-Studio Element Kit for Elementor

lastudio-element-kit

LearnPress – WordPress LMS Plugin

learnpress

Leyka

leyka

LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes

lifterlms

Link Library

link-library

Login/Signup Popup ( Inline Form + Woocommerce )

easy-login-woocommerce

Logo Manager For Enamad

logo-manager-for-enamad

Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library )

magical-addons-for-elementor

Market Exporter

market-exporter

Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor

master-addons

Materialis Companion

materialis-companion

Media Slider – Photo Slider, Video Slider, Link Slider, Carousal Slideshow

media-slider

MegaMenu

stm-megamenu

MelaPress Login Security

melapress-login-security

Mime Types Extended

mime-types-extended

Minimal Coming Soon – Coming Soon Page

minimal-coming-soon-maintenance-mode

Mollie Forms

mollie-forms

MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution

dc-woocommerce-multi-vendor

Nafeza Prayer Time

nafeza-prayer-time

Newsletter – Send awesome emails from WordPress

newsletter

Newsletter, SMTP, Email marketing and Subscribe forms by Brevo (formely Sendinblue)

mailin

Newsletters

newsletters-lite

One Page Express Companion

one-page-express-companion

Open Graph

opengraph

Otter Blocks PRO – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE

otter-pro

Ovic Importer

ovic-import-demo

Pagerank tools

pagerank-tools

Photo Gallery by 10Web – Mobile-Friendly Image Gallery

photo-gallery

Podlove Web Player

podlove-web-player

Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC)

buddyforms

PowerPack Pro for Elementor

powerpack-elements

Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider)

bdthemes-prime-slider-lite

Product Addons & Fields for WooCommerce

woocommerce-product-addon

ProfileGrid – User Profiles, Groups and Communities

profilegrid-user-profiles-groups-and-communities

PropertyHive

propertyhive

Pure Chat – Live Chat & More!

pure-chat

Qi Addons For Elementor

qi-addons-for-elementor

Qi Blocks

qi-blocks

Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker

quiz-master-next

Recurring PayPal Donations

recurring-donation

Responsive Addons – Starter Templates, Advanced Features and Customizer Settings for Responsive Theme.

responsive-add-ons

Restrict for Elementor

restrict-for-elementor

RestroPress – Online Food Ordering System

restropress

Rotating Tweets (Twitter widget and shortcode)

rotatingtweets

Royal Elementor Addons and Templates

royal-elementor-addons

Salon Booking System

salon-booking-system

Save as PDF Plugin by Pdfcrowd

save-as-pdf-by-pdfcrowd

SC filechecker

wp-file-checker

SellKit – Funnel builder and checkout optimizer for WooCommerce to sell more, faster

sellkit

Sensei LMS – Online Courses, Quizzes, & Learning

sensei-lms

Shopping Cart & eCommerce Store

wp-easycart

Simple AL Slider

simple-al-slider

Simple COD Fees for WooCommerce

simple-cod-fee-for-woocommerce

Simple Image Popup Shortcode

simple-image-popup-shortcode

SKT Addons for Elementor

skt-addons-for-elementor

Slider Responsive Slideshow – Image slider, Gallery slideshow

slider-responsive-slideshow

Slider Revolution

revslider

Social Link Pages: link-in-bio landing pages for your social media profiles

social-link-pages

Social Login Lite For WooCommerce

social-login-lite-for-woocommerce

Startklar Elementor Addons

startklar-elmentor-forms-extwidgets

Stellissimo Text Box

stellissimo-text-box

Strategery Migrations

strategery-migrations

Strong Testimonials

strong-testimonials

SureTriggers – Connect All Your Plugins, Apps, Tools & Automate Everything!

suretriggers

TablePress – Tables in WordPress made easy

tablepress

tagDiv Composer

td-composer

TemplatesNext OnePager

templatesnext-onepager

Testimonials Widget

testimonials-widget

The Moneytizer

the-moneytizer

The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid

the-post-grid

Themesflat Addons For Elementor

themesflat-addons-for-elementor

Tickera – WordPress Event Ticketing

tickera-event-ticketing-system

Tutor LMS – eLearning and online course solution

tutor

Under Construction / Maintenance Mode from Acurax

coming-soon-maintenance-mode-from-acurax

Unlimited Elements For Elementor (Free Widgets, Addons, Templates)

unlimited-elements-for-elementor

Upload Fields for WPForms – Drag and Drop Multiple File Upload, Image Upload, and Google Drive Upload for WPForms

upload-fields-for-wpforms

Upunzipper

upunzipper

Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode & Coming Soon Pages

visualcomposer

Visualizer: Tables and Charts Manager for WordPress

visualizer

Wbcom Designs – Custom Font Uploader

custom-font-uploader

Weaver Xtreme Theme Support

weaverx-theme-support

Widget Options – Extended

extended-widget-options

Widget Options – The #1 WordPress Widget & Block Control Plugin

widget-options

Widget4Call

widget4call

WooCommerce Dropshipping Premium

woocommerce-dropshipping

WooCommerce Tools

woo-tools

Woody code snippets – Insert Header Footer Code, AdSense Ads

insert-php

woothemes-sensei

woothemes-sensei

WordPress prettyPhoto

prettyphoto

WP Dark Mode – WordPress Dark Mode Plugin for Improved Accessibility, Dark Theme, Night Mode, and Social Sharing

wp-dark-mode

WP Docs

wp-docs

WP Force SSL & HTTPS SSL Redirect

wp-force-ssl

WP jQuery Lightbox

wp-jquery-lightbox

WP Mobile Menu – The Mobile-Friendly Responsive Menu

mobile-menu

WP Reset – Most Advanced WordPress Reset Tool

wp-reset

WP Time Slots Booking Form

wp-time-slots-booking-form

WP Translate – WordPress Translation Plugin

wp-translate

WP Visitors Tracker

wp_visitorstracker

WP-DB-Table-Editor

wp-db-table-editor

WP-Recall – Registration, Profile, Commerce & More

wp-recall

WPMobile.App — Android and iOS Mobile Application

wpappninja

WPUpper Share Buttons

wpupper-share-buttons

WS Form LITE – Drag & Drop Contact Form Builder for WordPress

ws-form

WS Form Pro

ws-form-pro

YITH Custom Login

yith-custom-login

YITH WooCommerce Product Add-Ons

yith-woocommerce-product-add-ons

YITH WooCommerce Tab Manager

yith-woocommerce-tab-manager

WordPress Themes with Reported Vulnerabilities Last Week

Software Name
Software Slug

Blocksy

blocksy

Bloglo

bloglo

Eduma

eduma

Event

event

Formula

formula

Idyllic

idyllic

Pixgraphy

pixgraphy

Radcliffe 2

radcliffe-2

Responsive

responsive

Rife Free

rife-free

Vulnerability Details

Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you’d like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.

As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.

This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us through our Bug Bounty Program, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.

The post Wordfence Intelligence Weekly WordPress Vulnerability Report (June 3, 2024 to June 9, 2024) appeared first on Wordfence.