(647) 243-4688

Did you know we’re running a Bug Bounty Extravaganza again?

Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure!

Last week, there were 180 vulnerabilities disclosed in 142 WordPress Plugins and 6 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 62 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.

Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface, vulnerability API, webhook integration, and Wordfence CLI Vulnerability Scanner are all completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.

Enterprises, Hosting Providers, and even Individuals can use the Wordfence CLI Vulnerability Scanner to run regular vulnerability scans across the sites they protect. Or alternatively, utilize the vulnerability Database API to receive a complete dump of our database of over 16,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.

Total Unpatched & Patched Vulnerabilities Last Week

Patch Status
Number of Vulnerabilities

Patched
133

Unpatched
47

Total Vulnerabilities by CVSS Severity Last Week

Severity Rating
Number of Vulnerabilities

Low Severity
1

Medium Severity
144

High Severity
17

Critical Severity
18

Total Vulnerabilities by CWE Type Last Week

Vulnerability Type by CWE
Number of Vulnerabilities

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
82

Cross-Site Request Forgery (CSRF)
23

Missing Authorization
18

Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’)
8

Unrestricted Upload of File with Dangerous Type
8

Information Exposure
7

Deserialization of Untrusted Data
6

Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)
5

Improper Control of Generation of Code (‘Code Injection’)
4

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
4

Server-Side Request Forgery (SSRF)
3

Authentication Bypass Using an Alternate Path or Channel
2

Information Exposure Through Log Files
2

Authorization Bypass Through User-Controlled Key
1

Improper Access Control
1

Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)
1

Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)
1

Improper Privilege Management
1

Incorrect Authorization
1

Insecure Storage of Sensitive Information
1

Unprotected Alternate Channel
1

Researchers That Contributed to WordPress Security Last Week

Researcher Name
Number of Vulnerabilities

19

15

9

8

8

7

7

7

6

6

5

5

4

4

4

4

3

3

3

3

2

2

2

2

2

2

2

2

2

2

1

1

1

1

1

1

1

1

1

1

1

1

1

1

umi

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

1

ST

1

1

Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and earn a bounty on in-scope vulnerabilities through our Bug Bounty Program. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.

WordPress Plugins with Reported Vulnerabilities Last Week

Software Name
Software Slug

140+ Widgets | Best Addons For Elementor – FREE

xpro-elementor-addons

3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin

real3d-flipbook-lite

Academy LMS – eLearning and online course solution for WordPress

academy

ADFO – Custom data in admin dashboard

admin-form

Advanced Ads – Ad Manager & AdSense

advanced-ads

AI Engine

ai-engine

Aiomatic – Automatic AI Content Writer & Editor, GPT-3 & GPT-4, ChatGPT ChatBot & AI Toolkit

aiomatic-automatic-ai-content-writer

All Bootstrap Blocks

all-bootstrap-blocks

All-in-One Addons for Elementor – WidgetKit

widgetkit-for-elementor

Arigato Autoresponder and Newsletter

bft-autoresponder

Auto Affiliate Links

wp-auto-affiliate-links

AWSOM News Announcement

awsom-news-announcement

Back In Stock Notifier for WooCommerce | WooCommerce Waitlist Pro

back-in-stock-notifier-for-woocommerce

Barcode Scanner and Inventory manager. POS (Point of Sale) – scan barcodes & create orders with barcode reader.

barcode-scanner-lite-pos-to-manage-products-inventory-and-orders

Beaver Builder – WordPress Page Builder

beaver-builder-lite-version

Better Elementor Addons

better-elementor-addons

Blocksy Companion

blocksy-companion

BlogLentor – Blog Designer Pack for Elementor

bloglentor-for-elementor

Breakdance

breakdance

Brozzme Scroll Top

brozzme-scroll-top

Business Card

business-card-by-esterox-100

canvasio3D Light

canvasio3d-light

Church Admin

church-admin

ClickCease Click Fraud Protection

clickcease-click-fraud-protection

Comments Evolved for WordPress

gplus-comments

Configure Login Timeout

configure-login-timeout

Contact List – Premium Staff Listing, Business Directory & Address Book

contact-list

Content Blocks (Custom Post Widget)

custom-post-widget

Content Views – Post Grid & Filter, Recent Posts, Category Posts, & More (Gutenberg Blocks and Shortcode)

content-views-query-and-display-post-page

Counter Up – Animated Number Counter & Milestone Showcase

wp-counter-up

Custom Field Suite

custom-field-suite

Debug Info

debug-info

Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler

cf7-styler

Ditty – Responsive News Tickers, Sliders, and Lists

ditty-news-ticker

Divi Builder

divi-builder

DS Site Message

ds-site-message

Dynamics 365 Integration

integration-dynamics

Easy Affiliate Links

easy-affiliate-links

Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy)

easy-digital-downloads

Edwiser Bridge – WordPress Moodle LMS Integration

edwiser-bridge

EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor

embedpress

Enter Addons – Ultimate Template Builder for Elementor

enteraddons

Envo’s Elementor Templates & Widgets for WooCommerce

envo-elementor-for-woocommerce

Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders

essential-addons-for-elementor-lite

Falang multilanguage for WordPress

falang

Featured Content Gallery

featured-content-gallery

Flo Forms – Easy Drag & Drop Form Builder

flo-forms

Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder

form-maker

Forty Four – 404 Plugin for WordPress

forty-four

Gallery Block (Meow Gallery)

meow-gallery

GDPR Compliance

gdpr-compliance

gee Search Plus, improved WordPress search

gsearch-plus

Ghost

ghost

Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers

rafflepress

Gold Addons for Elementor

gold-addons-for-elementor

Graphina – Elementor Charts and Graphs

graphina-elementor-charts-and-graphs

Gutenberg Blocks with AI by Kadence WP – Page Builder Features

kadence-blocks

Gutenify – Visual Site Builder Blocks & Site Templates.

gutenify

Heateor Social Login WordPress

heateor-social-login

Hostel

hostel

Hotel Booking Lite

motopress-hotel-booking-lite

HT Mega – Absolute Addons For Elementor

ht-mega-for-elementor

HTML5 Audio Player- Best WordPress Audio Player Plugin

html5-audio-player

If-So Dynamic Content Personalization

if-so

Image Hover Effects – Elementor Addon

image-hover-effects-addon-for-elementor

Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms

integration-for-contact-form-7-and-pipedrive

Joli FAQ SEO – WordPress FAQ Plugin

joli-faq-seo

KKProgressbar2 Free – advanced progress bars

kkprogressbar

Kognetiks Chatbot for WordPress

chatbot-chatgpt

LearnPress – WordPress LMS Plugin

learnpress

Link Library

link-library

Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library )

magical-addons-for-elementor

Mesmerize Companion

mesmerize-companion

Mihdan: Yandex Turbo Feed

mihdan-yandex-turbo-feed

Move Addons for Elementor

move-addons

Netgsm

netgsm

One Click Demo Import

one-click-demo-import

Orders Tracking for WooCommerce

woo-orders-tracking

Pk Favicon Manager

phpsword-favicon-manager

Playlist for Youtube

playlist-for-youtube

Pods – Custom Content Types and Fields

pods

Pootle Pagebuilder – WordPress Page builder

pootle-page-builder

Porto Theme – Functionality

porto-functionality

Post Grid Master – Custom Post Types, Taxonomies & Ajax Filter Everything with Infinite Scroll, Load More, Pagination & Shortcode Builder

ajax-filter-posts

Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider)

bdthemes-prime-slider-lite

Propovoice CRM – Best CRM & Invoicing Plugin to Manage Leads, Clients and Billings automation

propovoice

Pure Chat – Live Chat Plugin & More!

pure-chat

QuickieBar

quickiebar

Shared Counts – Social Media Share Buttons

shared-counts

Shared Files – Advanced File Sharing & Download Manager with Frontend Uploads & Lead Generation

shared-files

Shipment Tracking, Tracking, and Order Tracking for WooCommerce – ParcelPanel (Free to install)

parcelpanel

ShopBuilder – Elementor WooCommerce Builder Addons

shopbuilder

Shopping Cart & eCommerce Store

wp-easycart

ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization

shortpixel-adaptive-images

Simple Website Banner

corona-virus-covid-19-banner

SKT Addons for Elementor

skt-addons-for-elementor

Soccer Engine – Soccer Plugin for WordPress

soccer-engine-lite

Social Connect

social-connect

Social Sharing Plugin – Social Warfare

social-warfare

SP Project & Document Manager

sp-client-document-manager

Spectra Pro

spectra-pro

SportsPress – Sports Club & League Manager

sportspress

Squelch Tabs and Accordions Shortcodes

squelch-tabs-and-accordions-shortcodes

Starter Templates — Elementor, WordPress & Beaver Builder Templates

astra-sites

Startklar Elementor Addons

startklar-elmentor-forms-extwidgets

Sticky banner

sticky-banner

Sticky Social Link

sticky-social-link

Stockholm Core

stockholm-core

Swift Performance Lite

swift-performance-lite

Table Maker

table-maker

The Best WordPress Knowledgebase and Documentation Plugin – weDocs

wedocs

The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce

the-plus-addons-for-elementor-page-builder

Themify Shortcodes

themify-shortcodes

Thim Elementor Kit

thim-elementor-kit

Timber

timber-library

Translate Multilingual sites – TranslatePress

translatepress-multilingual

TT Custom Post Type Creator

tt-custom-post-type-creator

Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider

ultimate-store-kit

Unlimited Elements For Elementor (Free Widgets, Addons, Templates)

unlimited-elements-for-elementor

Unyson

unyson

Viet Affiliate Link

viet-affiliate-link

Viet Nam Affiliate

viet-nam-affiliate

Visual Footer Credit Remover

visual-footer-credit-remover

WC Serial Numbers – Ultimate License Manager for Selling, Licensing & Securely Delivering Digital Content with WooCommerce

wc-serial-numbers

White Label CMS

white-label-cms

WOLF – WordPress Posts Bulk Editor and Manager Professional

bulk-editor

WooCommerce Wishlist (High customization, fast setup,Free Elementor Wishlist, most features)

smart-wishlist-for-more-convert

WordPress Affiliates Plugin — SliceWP Affiliates

slicewp

WordPress Webinar Plugin – WebinarPress

wp-webinarsystem

WP Discourse

wp-discourse

WP etracker

wp-etracker

WP Favorite Posts

wp-favorite-posts

WP Job Manager

wp-job-manager

WP Latest Posts

wp-latest-posts

WP Photo Album Plus

wp-photo-album-plus

WP Post Author – Enhance Your Posts with the Author Bio, Co-Authors, Guest Authors, and Post Rating System, including User Registration Form Builder

wp-post-author

WP STAGING WordPress Backup Plugin – Migration Backup Restore

wp-staging

WPCS ( WordPress Custom Search )

wpcs-wp-custom-search

XML Sitemap & Google News

xml-sitemap-feed

Yoast SEO

wordpress-seo

Z-Downloads

z-downloads

Zotpress

zotpress

WordPress Themes with Reported Vulnerabilities Last Week

Software Name
Software Slug

Divi

Divi

Divi Extra

extra

Himalayas

himalayas

Porto

porto

raindrops

raindrops

Stockholm

stockholm

Vulnerability Details

Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you’d like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.

CVSS Rating
Critical (10.0)
CVE-ID
CVE-2024-31377
Patch Status
Patched
Published
May 7, 2024

Affected Software
WP Photo Album Plus
Researcher

CVSS Rating
Critical (9.9)
CVE-ID
CVE-2024-34411
Patch Status
Unpatched
Published
May 6, 2024

Affected Software
canvasio3D Light
Researcher

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-4186
Patch Status
Patched
Published
May 6, 2024

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-4413
Patch Status
Patched
Published
May 10, 2024

Affected Software
Hotel Booking Lite

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-4434
Patch Status
Patched
Published
May 9, 2024

Researcher

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-3806
Patch Status
Patched
Published
May 8, 2024

Affected Software
Porto
Researcher

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-4393
Patch Status
Unpatched
Published
May 7, 2024

Affected Software
Social Connect
Researcher

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-4345
Patch Status
Patched
Published
May 6, 2024

Affected Software
Startklar Elementor Addons
Researcher

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-34551
Patch Status
Patched
Published
May 7, 2024

Affected Software
Stockholm
Researcher

CVSS Rating
Critical (9.1)
CVE-ID
CVE-2024-34440
Patch Status
Patched
Published
May 7, 2024

Affected Software
AI Engine
Researcher

CVSS Rating
Critical (9.1)
CVE-ID
CVE-2024-34386
Patch Status
Patched
Published
May 6, 2024

Affected Software
Auto Affiliate Links
Researcher

CVSS Rating
Critical (9.1)
CVE-ID
CVE-2024-4533
Patch Status
Unpatched
Published
May 6, 2024

CVSS Rating
Critical (9.1)
CVE-ID
CVE-2024-34416
Patch Status
Unpatched
Published
May 6, 2024

Affected Software
Pk Favicon Manager
Researcher

CVSS Rating
Critical (9.1)
CVE-ID
CVE-2024-4346
Patch Status
Patched
Published
May 6, 2024

Affected Software
Startklar Elementor Addons
Researcher

CVSS Rating
Critical (9.1)
CVE-ID
CVE-2024-34555
Patch Status
Patched
Published
May 10, 2024

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-4605
Patch Status
Patched
Published
May 8, 2024

Affected Software
Breakdance
Researcher

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-4397
Patch Status
Patched
Published
May 9, 2024

Researcher

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-3807
Patch Status
Patched
Published
May 8, 2024

Affected Software
Porto
Researcher

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-3809
Patch Status
Patched
Published
May 8, 2024

Affected Software
Porto Theme – Functionality
Researcher

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-3808
Patch Status
Patched
Published
May 8, 2024

Affected Software
Porto Theme – Functionality
Researcher

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-3828
Patch Status
Patched
Published
May 9, 2024

Affected Software
Spectra Pro

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-34552
Patch Status
Patched
Published
May 7, 2024

Affected Software
Stockholm
Researcher

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-34554
Patch Status
Patched
Published
May 7, 2024

Affected Software
Stockholm Core
Researcher

CVSS Rating
High (8.1)
CVE-ID
CVE-2024-4441
Patch Status
Patched
Published
May 7, 2024

Affected Software
XML Sitemap & Google News
Researcher

CVSS Rating
High (7.2)
CVE-ID
CVE-2024-2290
Patch Status
Patched
Published
May 7, 2024

Researcher

CVSS Rating
High (7.2)
CVE-ID
CVE-2024-4534
Patch Status
Unpatched
Published
May 6, 2024

CVSS Rating
High (7.2)
CVE-ID
CVE-2024-34433
Patch Status
Patched
Published
May 7, 2024

Affected Software
One Click Demo Import
Researcher

CVSS Rating
High (7.2)
CVE-ID
CVE-2024-29800
Patch Status
Patched
Published
May 7, 2024

Affected Software
Timber
Researcher

CVSS Rating
Medium (6.5)
CVE-ID
CVE-2024-4039
Patch Status
Patched
Published
May 9, 2024

Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-3952
Patch Status
Patched
Published
May 7, 2024

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-35169
Patch Status
Patched
Published
May 10, 2024

Affected Software
All Bootstrap Blocks

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-34548
Patch Status
Patched
Published
May 7, 2024

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-3923
Patch Status
Patched
Published
May 7, 2024

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4430
Patch Status
Patched
Published
May 10, 2024

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-34432
Patch Status
Patched
Published
May 7, 2024

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4487
Patch Status
Patched
Published
May 10, 2024

Affected Software
Blocksy Companion
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-34421
Patch Status
Unpatched
Published
May 6, 2024

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-34566
Patch Status
Patched
Published
May 7, 2024

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-3939
Patch Status
Patched
Published
May 6, 2024

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-34441
Patch Status
Patched
Published
May 7, 2024

Affected Software
Easy Affiliate Links
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4490
Patch Status
Patched
Published
May 9, 2024

Affected Software
Divi Builder
Divi
Divi Extra
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4386
Patch Status
Patched
Published
May 8, 2024

Affected Software
Gallery Block (Meow Gallery)
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-34563
Patch Status
Patched
Published
May 7, 2024

Affected Software
Gold Addons for Elementor
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-32674
Patch Status
Patched
Published
May 8, 2024

Affected Software
Heateor Social Login WordPress
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-34571
Patch Status
Patched
Published
May 7, 2024

Affected Software
Himalayas
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4281
Patch Status
Patched
Published
May 7, 2024

Affected Software
Link Library
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-3494
Patch Status
Patched
Published
May 7, 2024

Affected Software
Mesmerize Companion
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4411
Patch Status
Patched
Published
May 6, 2024

Affected Software
Mihdan: Yandex Turbo Feed
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-34562
Patch Status
Patched
Published
May 7, 2024

Affected Software
Move Addons for Elementor
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-34573
Patch Status
Unpatched
Published
May 7, 2024

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-3595
Patch Status
Unpatched
Published
May 8, 2024

Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-34414
Patch Status
Patched
Published
May 6, 2024

Affected Software
raindrops
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-34436
Patch Status
Patched
Published
May 7, 2024

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-34445
Patch Status
Patched
Published
May 7, 2024

Affected Software
SKT Addons for Elementor
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4567
Patch Status
Patched
Published
May 8, 2024

Affected Software
Themify Shortcodes
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-34415
Patch Status
Patched
Published
May 6, 2024

Affected Software
Thim Elementor Kit

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4329
Patch Status
Patched
Published
May 10, 2024

Affected Software
Thim Elementor Kit
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-34569
Patch Status
Patched
Published
May 7, 2024

Affected Software
Zotpress
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-4104
Patch Status
Patched
Published
May 7, 2024

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-34553
Patch Status
Patched
Published
May 7, 2024

Affected Software
Stockholm Core
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-34431
Patch Status
Unpatched
Published
May 6, 2024

Affected Software
WP etracker
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-4041
Patch Status
Patched
Published
May 6, 2024

Affected Software
Yoast SEO
Researcher

CVSS Rating
Medium (5.5)
CVE-ID
CVE-2024-34560
Patch Status
Unpatched
Published
May 7, 2024

CVSS Rating
Medium (5.5)
CVE-ID
CVE-2024-3937
Patch Status
Unpatched
Published
May 8, 2024

Affected Software
Playlist for Youtube
Researcher

CVSS Rating
Medium (5.5)
CVE-ID
CVE-2024-35172
Patch Status
Patched
Published
May 10, 2024

CVSS Rating
Medium (5.4)
CVE-ID
CVE-2024-3722
Patch Status
Unpatched
Published
May 8, 2024

Affected Software
Swift Performance Lite
Researcher

CVSS Rating
Medium (5.4)
CVE-ID
CVE-2024-34574
Patch Status
Unpatched
Published
May 7, 2024

Affected Software
Table Maker
Researcher

CVSS Rating
Medium (5.4)
CVE-ID
CVE-2024-4135
Patch Status
Patched
Published
May 7, 2024

Affected Software
WP Latest Posts
Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-35171
Patch Status
Patched
Published
May 10, 2024

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-34550
Patch Status
Patched
Published
May 7, 2024

Affected Software
Dynamics 365 Integration
Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-35174
Patch Status
Unpatched
Published
May 10, 2024

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-34559
Patch Status
Patched
Published
May 7, 2024

Affected Software
Ghost
Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-35165
Patch Status
Patched
Published
May 10, 2024

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-34820
Patch Status
Patched
Published
May 9, 2024

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-4535
Patch Status
Unpatched
Published
May 6, 2024

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-4444
Patch Status
Patched
Published
May 9, 2024

Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-34819
Patch Status
Patched
Published
May 9, 2024

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-34813
Patch Status
Patched
Published
May 9, 2024

CVSS Rating
Medium (5.3)
CVE-ID
Unknown
Patch Status
Patched
Published
May 7, 2024

Researcher(s): Unknown

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-34438
Patch Status
Patched
Published
May 7, 2024

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-34812
Patch Status
Patched
Published
May 9, 2024

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-4213
Patch Status
Patched
Published
May 10, 2024

Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-34442
Patch Status
Patched
Published
May 7, 2024

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-4280
Patch Status
Patched
Published
May 9, 2024

Affected Software
White Label CMS
Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-34549
Patch Status
Patched
Published
May 7, 2024

Affected Software
WP Job Manager
Researcher

CVSS Rating
Medium (4.7)
CVE-ID
CVE-2024-4469
Patch Status
Patched
Published
May 10, 2024

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-34570
Patch Status
Patched
Published
May 7, 2024

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-34428
Patch Status
Unpatched
Published
May 6, 2024

Affected Software
AWSOM News Announcement

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-34426
Patch Status
Unpatched
Published
May 6, 2024

Affected Software
Brozzme Scroll Top
Researcher

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-34420
Patch Status
Unpatched
Published
May 6, 2024

Affected Software
Comments Evolved for WordPress
Researcher

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-34419
Patch Status
Unpatched
Published
May 6, 2024

Affected Software
Configure Login Timeout
Researcher

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-34429
Patch Status
Unpatched
Published
May 6, 2024

Affected Software
Simple Website Banner

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-3068
Patch Status
Patched
Published
May 7, 2024

Affected Software
Custom Field Suite

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-34565
Patch Status
Unpatched
Published
May 7, 2024

Affected Software
Debug Info
Researcher

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-4417
Patch Status
Patched
Published
May 10, 2024

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-34424
Patch Status
Unpatched
Published
May 6, 2024

Affected Software
Featured Content Gallery
Researcher

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-34437
Patch Status
Patched
Published
May 7, 2024

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-34423
Patch Status
Unpatched
Published
May 6, 2024

Researcher

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-34425
Patch Status
Unpatched
Published
May 6, 2024

Affected Software
QuickieBar
Researcher

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-35170
Patch Status
Patched
Published
May 10, 2024

Affected Software
Sticky banner

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-34546
Patch Status
Unpatched
Published
May 7, 2024

Affected Software
Sticky Social Link
Researcher

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-34430
Patch Status
Unpatched
Published
May 6, 2024

Affected Software
TT Custom Post Type Creator
Researcher

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-34422
Patch Status
Unpatched
Published
May 6, 2024

Affected Software
Viet Affiliate Link
Researcher

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-34417
Patch Status
Unpatched
Published
May 6, 2024

Affected Software
Viet Nam Affiliate
Researcher

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-2846
Patch Status
Patched
Published
May 7, 2024

Affected Software
Visual Footer Credit Remover
Researcher

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-34418
Patch Status
Unpatched
Published
May 6, 2024

Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-4103
Patch Status
Patched
Published
May 7, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-34435
Patch Status
Patched
Published
May 7, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-34823
Patch Status
Patched
Published
May 9, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-4532
Patch Status
Unpatched
Published
May 6, 2024

Affected Software
Business Card
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-4531
Patch Status
Unpatched
Published
May 6, 2024

Affected Software
Business Card
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-4529
Patch Status
Unpatched
Published
May 6, 2024

Affected Software
Business Card
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-4530
Patch Status
Unpatched
Published
May 6, 2024

Affected Software
Business Card
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-34828
Patch Status
Patched
Published
May 9, 2024

Affected Software
Church Admin
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2023-6810
Patch Status
Patched
Published
May 6, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-34439
Patch Status
Unpatched
Published
May 7, 2024

Affected Software
DS Site Message
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-34388
Patch Status
Unpatched
Published
May 6, 2024

Affected Software
GDPR Compliance
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-4314
Patch Status
Patched
Published
May 6, 2024

Affected Software
Hostel

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-4082
Patch Status
Patched
Published
May 7, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-4746
Patch Status
Unpatched
Published
May 10, 2024

Affected Software
Netgsm
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-4689
Patch Status
Patched
Published
May 9, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-4312
Patch Status
Patched
Published
May 7, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-34825
Patch Status
Patched
Published
May 9, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-1693
Patch Status
Unpatched
Published
May 7, 2024

Affected Software
SP Project & Document Manager
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-4463
Patch Status
Patched
Published
May 7, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-34827
Patch Status
Patched
Published
May 9, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-34814
Patch Status
Patched
Published
May 9, 2024

Affected Software
Unyson
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-34818
Patch Status
Unpatched
Published
May 9, 2024

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-35168
Patch Status
Patched
Published
May 10, 2024

Affected Software
WP Discourse
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-34427
Patch Status
Unpatched
Published
May 6, 2024

Affected Software
WP Favorite Posts
Researcher

CVSS Rating
Low (3.5)
CVE-ID
CVE-2024-34824
Patch Status
Patched
Published
May 9, 2024

As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.

This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us through our Bug Bounty Program, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.

The post Wordfence Intelligence Weekly WordPress Vulnerability Report (May 6, 2024 to May 12, 2024) appeared first on Wordfence.