Wordfence Intelligence Weekly WordPress Vulnerability Report (June 17, 2024 to June 23, 2024)


???? Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the rest. For a limited time, all high risk issues are in-scope for all researchers! 


Last week, there were 185 vulnerabilities disclosed in 137 WordPress Plugins and 14 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 61 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.

Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. That is why the Wordfence Intelligence user interface, vulnerability API, webhook integration, and Wordfence CLI Vulnerability Scanner are all completely free to access and utilize both personally and commercially, and why we are running this weekly vulnerability report.

Enterprises, Hosting Providers, and even Individuals can use the Wordfence CLI Vulnerability Scanner to run regular vulnerability scans across the sites they protect. Or alternatively, utilize the vulnerability Database API to receive a complete dump of our database of over 17,000 vulnerabilities and then utilize the webhook integration to stay on top of the newest vulnerabilities added in real-time, as well as any updates made to the database, all for free.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.


New Firewall Rules Deployed Last Week

The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.

The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our PremiumCare, and Response customers last week:

  • WAF-RULE-707 – data redacted while we work with the vendor on a patch.
  • WAF-RULE-708 – data redacted while we work with the vendor on a patch.

Wordfence PremiumCare, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.


Total Unpatched & Patched Vulnerabilities Last Week

Patch Status Number of Vulnerabilities
Patched 103
Unpatched 82

Total Vulnerabilities by CVSS Severity Last Week

Severity Rating Number of Vulnerabilities
Medium Severity 144
High Severity 24
Critical Severity 17

Total Vulnerabilities by CWE Type Last Week

Vulnerability Type by CWE Number of Vulnerabilities
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 69
Cross-Site Request Forgery (CSRF) 31
Missing Authorization 29
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') 9
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') 7
Unrestricted Upload of File with Dangerous Type 6
Information Exposure 4
Deserialization of Untrusted Data 3
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') 3
Server-Side Request Forgery (SSRF) 3
Authorization Bypass Through User-Controlled Key 2
Improper Control of Generation of Code ('Code Injection') 2
Improper Input Validation 2
Information Exposure Through Log Files 2
URL Redirection to Untrusted Site ('Open Redirect') 2
Use of Less Trusted Source 2
Authentication Bypass Using an Alternate Path or Channel 1
Improper Access Control 1
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') 1
Improper Neutralization of Formula Elements in a CSV File 1
Incorrect Authorization 1
Incorrect Privilege Assignment 1
Protection Mechanism Failure 1
Uncontrolled Resource Consumption ('Resource Exhaustion') 1
Weak Password Recovery Mechanism for Forgotten Password 1

Researchers That Contributed to WordPress Security Last Week

Researcher Name Number of Vulnerabilities
13
10
9
9
9
9
8
8
8
8
7
5
5
5
4
3
3
3
3
3
3
3
2
2
2
2
2
2
2
2
2
2
2
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
tom
1
1
1
1
1
1
1
1
1
1
1
1
1

Are you a security researcher who would like to be featured in our weekly vulnerability report? You can responsibly disclose your WordPress vulnerability discoveries to us and earn a bounty on in-scope vulnerabilities through our Bug Bounty Program. Responsibly disclosing your vulnerability discoveries to us will also get your name added on the Wordfence Intelligence leaderboard along with being mentioned in our weekly vulnerability report.


WordPress Plugins with Reported Vulnerabilities Last Week

Software Name Software Slug
Academy LMS – eLearning and online course solution for WordPress academy
Accordion – Multiple Accordion or FAQs Builder accordions-or-faqs
affiliate-toolkit – WordPress Affiliate Plugin affiliate-toolkit-starter
AliExpress Dropshipping with AliNext Lite ali2woo-lite
ARMember Premium – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup armember
Bible Text bible-text
Blogmentor – Blog Layouts for Elementor blogmentor
BlossomThemes Email Newsletter blossomthemes-email-newsletter
Booking for Appointments and Events Calendar – Amelia ameliabooking
Branda – White Label WordPress, Custom Login Page Customizer branda-white-labeling
Bricks Builder bricksbuilder
Business Directory Plugin – Easy Listing Directories for WordPress business-directory-plugin
CM Email Registration Blacklist and Whitelist cm-email-blacklist
Consulting Elementor Widgets consulting-elementor-widgets
ContentLock contentlock
ConvertKit – Email Newsletter, Email Marketing, Subscribers and Landing Pages convertkit
Cost Calculator Builder PRO cost-calculator-builder-pro
Custom Field Suite custom-field-suite
Custom Product List Table custom-product-list-table
Demo Awesome demo-awesome
DImage 360 dimage-360
Easy Table of Contents easy-table-of-contents
Elegant Themes Icons elegant-themes-icons
Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce email-subscribers
Embed Peertube Playlist embed-peertube-playlist
EmbedSocial – Social Media Feeds, Reviews and Galleries embedalbum-pro
Empty Cart Button for WooCommerce empty-cart-button-for-woocommerce
Enhance Your Posts with the WP Post Author Box, Co-Authors, Guest Authors, and Post Rating System, including Registration Form Builder wp-post-author
Event Monster – Event Management, Tickets Booking, Upcoming Event event-monster
Export WP Page to Static HTML/CSS export-wp-page-to-static-html
Falang multilanguage for WordPress falang
FS Poster – WordPress Social media Auto Poster & Scheduler [Facebook, Instagram, Twitter, Pinterest] fs-poster
Gallery Plugin for WordPress – Envira Photo Gallery envira-gallery-lite
Greenshift – animation and page builder blocks greenshift-animation-and-page-builder-blocks
Hercules Core hercules-core
Hide Dashboard Notifications wp-hide-backed-notices
Ibtana – WordPress Website Builder ibtana-visual-editor
Image Optimizer, Resizer and CDN – Sirv sirv
Index WP MySQL For Speed index-wp-mysql-for-speed
InstaWP Connect – 1-click WP Staging & Migration instawp-connect
JetWidgets For Elementor jetwidgets-for-elementor
Kanban Boards for WordPress kanban
Kimili Flash Embed kimili-flash-embed
Laybuy Payment Extension for WooCommerce laybuy-gateway-for-woocommerce
License Manager for WooCommerce license-manager-for-woocommerce
Lifeline Donation lifeline-donation
Live Composer – Free WordPress Website Builder live-composer-page-builder
Loco Translate loco-translate
Login with phone number login-with-phone-number
Master Slider – Responsive Touch Slider master-slider
MasterStudy LMS WordPress Plugin – for Online Courses and Education masterstudy-lms-learning-management-system
MaxGalleria maxgalleria
Media Library Assistant media-library-assistant
MIMO Woocommerce Order Tracking mimo-woocommerce-order-tracking
My Favorites my-favorites
Newsletters newsletters-lite
Newspack Blocks newspack-blocks
Newspack Newsletters newspack-newsletters
Online Booking & Scheduling Calendar for WordPress by vcita meeting-scheduler-by-vcita
OpenPGP Form Encryption for WordPress openpgp-form-encryption
Optinly – Exit Intent, Newsletter Popups, Gamification & Opt-in Forms optinly
Orbit Fox by ThemeIsle themeisle-companion
OSM Map Widget for Elementor osm-map-elementor
Page Builder Sandwich – Front End WordPress Page Builder Plugin page-builder-sandwich
Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions paid-memberships-pro
PDF Viewer for Elementor pdf-viewer-for-elementor
Pexels: Free Stock Photos wp-pexels-free-stock-photos
Photo Gallery, Images, Slider in Rbs Image Gallery robo-gallery
Photo Video Gallery Master photo-video-gallery-master
phpinfo() WP phpinfo-wp
Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio play-ht
Pop ups, Exit intent popups, email popups, banners, bars, countdowns and cart savers – Promolayer promolayer-popup-builder
Popup Box – Create Countdown, Coupon, Video, Contact Form Popups ays-popup-box
PropertyHive propertyhive
Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker quiz-master-next
Replace Image replace-image
Restaurant Reservations nd-restaurant-reservations
Salon Booking System salon-booking-system
Scheduling Plugin – Online Booking for WordPress calendar-booking
SEOPress – On-site SEO wp-seopress
Shariff Wrapper shariff
Shortcode Addons- with Visual Composer, Divi, Beaver Builder and Elementor Extension shortcode-addons
Shortcodes by United Themes ut-shortcodes
Shortcodes Ultimate Pro shortcodes-ultimate-pro
Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) sina-extension-for-elementor
SiteGuard WP Plugin siteguard
Sketchfab Embed sketchfab-oembed
Slider & Popup Builder by Depicter – Add Image Slider, Carousel Slider, Exit Intent Popup, Popup Modal, Coupon Popup, Post Slider Carousel depicter
Slider by 10Web – Responsive Image Slider slider-wd
Slideshow SE slideshow-se
Smush Image Optimization – Optimize Images | Compress & Lazy Load Images | Convert WebP | Image CDN wp-smushit
Solid Security – Password, Two Factor Authentication, and Brute Force Protection better-wp-security
SP Project & Document Manager sp-client-document-manager
Sparkle Demo Importer sparkle-demo-importer
Squeeze squeeze
SULly sully
Support SVG – Upload svg files in wordpress without hassle support-svg
SVG Block svg-block
Table Addons for Elementor table-addons-for-elementor
Tabs – Responsive Tabs with WooCommerce Product Tab Extension vc-tabs
The Plus Addons for Elementor Page Builder theplus_elementor_addon
Themify – WooCommerce Product Filter themify-wc-product-filter
Tickera – WordPress Event Ticketing tickera-event-ticketing-system
Tournamatch tournamatch
Transition Slider – Responsive Image Slider and Gallery transition-slider-lite
Typing Text typing-text
UberMenu ubermenu
Ultimate Blocks – WordPress Blocks Plugin ultimate-blocks
Ultimate Custom Add To Cart Button (Ajax) For WooCommerce by Binary Carpenter custom-add-to-cart-button-for-woocommerce
Universal Slider fusion-slider
User Profile Picture metronet-profile-picture
User Rights Access Manager user-rights-access-manager
Vimeography: Vimeo Video Gallery WordPress Plugin vimeography
Wheel of Life: Coaching and Assessment Tool for Life Coach wheel-of-life
Wishlist Member wishlist-member-x
WooCommerce Checkout & Funnel Builder by CartFlows – Create High Converting Stores For WooCommerce cartflows
Woocommerce Customers Order History woo-customers-order-history
Word Balloon word-balloon
WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg groundhogg
WordPress Picture / Portfolio / Media Gallery nimble-portfolio
WP 2FA – Two-factor authentication for WordPress wp-2fa
WP Blog Post Layouts wp-blog-post-layouts
WP Child Theme Generator wp-child-theme-generator
WP Hotel Booking wp-hotel-booking
WP Job Manager – Resume Manager wp-job-manager-resumes
WP Magazine Modules Lite wp-magazine-modules-lite
WP Maintenance wp-maintenance
WP QuickLaTeX wp-quicklatex
WP Recipe Maker wp-recipe-maker
WP Scraper wp-scraper
WP Secure Maintenance wp-secure-maintainance
WP SVG Images wp-svg-images
WPAdverts – Classifieds Plugin wpadverts
WPZOOM Addons for Elementor (Templates, Widgets) wpzoom-elementor-addons
YARPP – Yet Another Related Posts Plugin yet-another-related-posts-plugin
Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress youzify
Zoho Marketing Automation zoho-marketinghub

WordPress Themes with Reported Vulnerabilities Last Week

Software Name Software Slug
Book Landing Page book-landing-page
Chic Lite chic-lite
Customizr customizr
Digital Newspaper digital-newspaper
Divi Divi
Education Zone education-zone
Enfold – Responsive Multi-Purpose Theme enfold
Flatsome flatsome
Grey Opaque grey-opaque
Hueman hueman
Materialis materialis
Mosaic mosaic
Sinatra sinatra
Vilva vilva

Vulnerability Details

Please note that if you run the Wordfence plugin on your WordPress site, with the scanner enabled, you should’ve already been notified if your site was affected by any of these vulnerabilities. If you’d like to receive real-time notifications whenever a vulnerability is added to the Wordfence Intelligence Vulnerability Database, check out our Slack and HTTP Webhook Integration, which is completely free to utilize.

CVSS Rating
Critical (10.0)
CVE-ID
CVE-2024-37228
Patch Status
Patched
Published
Jun 21, 2024
CVSS Rating
Critical (10.0)
CVE-ID
CVE-2024-37112
Patch Status
Unpatched
Published
Jun 20, 2024
Affected Software
Wishlist Member
Researcher

CVSS Rating
Critical (10.0)
CVE-ID
CVE-2024-3605
Patch Status
Unpatched
Published
Jun 19, 2024
Affected Software
WP Hotel Booking
Researcher

CVSS Rating
Critical (9.9)
CVE-ID
CVE-2024-37090
Patch Status
Patched
Published
Jun 20, 2024
Affected Software
Consulting Elementor Widgets
Researcher

CVSS Rating
Critical (9.9)
CVE-ID
CVE-2024-5853
Patch Status
Patched
Published
Jun 18, 2024
CVSS Rating
Critical (9.9)
CVE-ID
CVE-2024-37109
Patch Status
Unpatched
Published
Jun 20, 2024
Affected Software
Wishlist Member
Researcher

CVSS Rating
Critical (9.9)
CVE-ID
CVE-2024-37225
Patch Status
Unpatched
Published
Jun 21, 2024
Affected Software
Zoho Marketing Automation
Researcher

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-37089
Patch Status
Patched
Published
Jun 20, 2024
Affected Software
Consulting Elementor Widgets
Researcher

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-5432
Patch Status
Unpatched
Published
Jun 19, 2024
Affected Software
Lifeline Donation
Researcher

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-3229
Patch Status
Patched
Published
Jun 18, 2024
Affected Software
Salon Booking System
Researcher

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-4098
Patch Status
Patched
Published
Jun 19, 2024
Affected Software
Shariff Wrapper
Researcher

CVSS Rating
Critical (9.8)
CVE-ID
CVE-2024-6027
Patch Status
Patched
Published
Jun 20, 2024
CVSS Rating
Critical (9.6)
CVE-ID
CVE-2024-37212
Patch Status
Unpatched
Published
Jun 20, 2024
CVSS Rating
Critical (9.3)
CVE-ID
CVE-2024-5021
Patch Status
Unpatched
Published
Jun 18, 2024
CVSS Rating
Critical (9.1)
CVE-ID
CVE-2024-35767
Patch Status
Patched
Published
Jun 18, 2024
Affected Software
Squeeze
Researcher

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-2381
Patch Status
Unpatched
Published
Jun 18, 2024
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-37092
Patch Status
Patched
Published
Jun 20, 2024
Affected Software
Consulting Elementor Widgets
Researcher

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-37091
Patch Status
Patched
Published
Jun 20, 2024
Affected Software
Consulting Elementor Widgets
Researcher

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-3562
Patch Status
Unpatched
Published
Jun 19, 2024
Affected Software
Custom Field Suite
Researcher

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-3561
Patch Status
Unpatched
Published
Jun 19, 2024
Affected Software
Custom Field Suite
Researcher

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-5605
Patch Status
Patched
Published
Jun 19, 2024
Affected Software
Media Library Assistant
Researcher

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-6132
Patch Status
Unpatched
Published
Jun 18, 2024
Affected Software
Pexels: Free Stock Photos
Researcher

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-5724
Patch Status
Unpatched
Published
Jun 18, 2024
Affected Software
Photo Video Gallery Master
Researcher

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-35778
Patch Status
Unpatched
Published
Jun 19, 2024
Affected Software
Slideshow SE
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-37107
Patch Status
Unpatched
Published
Jun 20, 2024
Affected Software
Wishlist Member
Researcher

CVSS Rating
High (8.8)
CVE-ID
CVE-2024-35781
Patch Status
Unpatched
Published
Jun 19, 2024
Affected Software
Word Balloon
CVSS Rating
High (8.8)
CVE-ID
CVE-2024-5503
Patch Status
Unpatched
Published
Jun 20, 2024
Affected Software
WP Blog Post Layouts
Researcher

CVSS Rating
High (8.3)
CVE-ID
CVE-2024-37234
Patch Status
Unpatched
Published
Jun 21, 2024
CVSS Rating
High (8.1)
CVE-ID
CVE-2024-6125
Patch Status
Patched
Published
Jun 18, 2024
Affected Software
Login with phone number
Researcher

CVSS Rating
High (8.1)
CVE-ID
CVE-2024-37108
Patch Status
Unpatched
Published
Jun 20, 2024
Affected Software
Wishlist Member
Researcher

CVSS Rating
High (7.5)
CVE-ID
CVE-2024-35780
Patch Status
Unpatched
Published
Jun 19, 2024
CVSS Rating
High (7.5)
CVE-ID
CVE-2024-5574
Patch Status
Patched
Published
Jun 18, 2024
Affected Software
WP Magazine Modules Lite
Researcher

CVSS Rating
High (7.4)
CVE-ID
CVE-2023-5527
Patch Status
Patched
Published
Jun 17, 2024
CVSS Rating
High (7.2)
CVE-ID
CVE-2024-3593
Patch Status
Patched
Published
Jun 21, 2024
Affected Software
UberMenu
Researcher

CVSS Rating
High (7.2)
CVE-ID
CVE-2024-37106
Patch Status
Unpatched
Published
Jun 20, 2024
Affected Software
Wishlist Member
Researcher

CVSS Rating
High (7.1)
CVE-ID
CVE-2024-3597
Patch Status
Unpatched
Published
Jun 19, 2024
CVSS Rating
Medium (6.5)
CVE-ID
CVE-2024-1639
Patch Status
Unpatched
Published
Jun 20, 2024
Researcher

CVSS Rating
Medium (6.5)
CVE-ID
CVE-2023-3204
Patch Status
Patched
Published
Jun 19, 2024
Affected Software
Materialis
Researcher

CVSS Rating
Medium (6.5)
CVE-ID
CVE-2024-6120
Patch Status
Patched
Published
Jun 21, 2024
Affected Software
Sparkle Demo Importer
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-37214
Patch Status
Unpatched
Published
Jun 20, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-5444
Patch Status
Unpatched
Published
Jun 20, 2024
Affected Software
Bible Text
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-3558
Patch Status
Unpatched
Published
Jun 19, 2024
Affected Software
Custom Field Suite
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-35774
Patch Status
Unpatched
Published
Jun 18, 2024
Affected Software
DImage 360
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-5533
Patch Status
Patched
Published
Jun 17, 2024
Affected Software
Divi
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-37100
Patch Status
Unpatched
Published
Jun 20, 2024
Affected Software
Elegant Themes Icons
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-37217
Patch Status
Unpatched
Published
Jun 21, 2024
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-5156
Patch Status
Patched
Published
Jun 19, 2024
Affected Software
Flatsome
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-5346
Patch Status
Patched
Published
Jun 21, 2024
Affected Software
Flatsome
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-5966
Patch Status
Unpatched
Published
Jun 21, 2024
Affected Software
Grey Opaque
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4626
Patch Status
Patched
Published
Jun 19, 2024
Affected Software
JetWidgets For Elementor
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-37221
Patch Status
Unpatched
Published
Jun 21, 2024
Affected Software
Kimili Flash Embed
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-5970
Patch Status
Patched
Published
Jun 18, 2024
Affected Software
MaxGalleria
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-5768
Patch Status
Unpatched
Published
Jun 18, 2024
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-5965
Patch Status
Unpatched
Published
Jun 21, 2024
Affected Software
Mosaic
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-37114
Patch Status
Unpatched
Published
Jun 20, 2024
Affected Software
My Favorites
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-2484
Patch Status
Patched
Published
Jun 21, 2024
Affected Software
Orbit Fox by ThemeIsle
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4663
Patch Status
Unpatched
Published
Jun 18, 2024
Affected Software
OSM Map Widget for Elementor
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-35768
Patch Status
Unpatched
Published
Jun 18, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-35779
Patch Status
Unpatched
Published
Jun 19, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-0845
Patch Status
Unpatched
Published
Jun 17, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-6025
Patch Status
Patched
Published
Jun 20, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-37223
Patch Status
Unpatched
Published
Jun 21, 2024
Affected Software
Restaurant Reservations
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-1168
Patch Status
Patched
Published
Jun 19, 2024
Affected Software
SEOPress – On-site SEO
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4217
Patch Status
Patched
Published
Jun 22, 2024
Affected Software
Shortcodes Ultimate Pro
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-37116
Patch Status
Unpatched
Published
Jun 20, 2024
Affected Software
Sinatra
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-37216
Patch Status
Unpatched
Published
Jun 21, 2024
Affected Software
Sketchfab Embed
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-35769
Patch Status
Unpatched
Published
Jun 18, 2024
Affected Software
Slideshow SE
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4272
Patch Status
Patched
Published
Jun 22, 2024
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4269
Patch Status
Patched
Published
Jun 22, 2024
Affected Software
SVG Block
CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-4313
Patch Status
Patched
Published
Jun 21, 2024
Affected Software
Table Addons for Elementor
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-5058
Patch Status
Patched
Published
Jun 19, 2024
Affected Software
Typing Text
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-5627
Patch Status
Patched
Published
Jun 22, 2024
Affected Software
Tournamatch
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-0383
Patch Status
Patched
Published
Jun 18, 2024
Affected Software
WP Recipe Maker
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-37208
Patch Status
Unpatched
Published
Jun 20, 2024
Affected Software
WP Scraper
Researcher

CVSS Rating
Medium (6.4)
CVE-ID
CVE-2024-5945
Patch Status
Patched
Published
Jun 20, 2024
Affected Software
WP SVG Images
Researcher

CVSS Rating
Medium (6.3)
CVE-ID
CVE-2024-4450
Patch Status
Unpatched
Published
Jun 18, 2024
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-37213
Patch Status
Unpatched
Published
Jun 20, 2024
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-37211
Patch Status
Unpatched
Published
Jun 20, 2024
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-5859
Patch Status
Patched
Published
Jun 20, 2024
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-37206
Patch Status
Unpatched
Published
Jun 20, 2024
Affected Software
Demo Awesome
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-37199
Patch Status
Patched
Published
Jun 20, 2024
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-4977
Patch Status
Patched
Published
Jun 22, 2024
Affected Software
Index WP MySQL For Speed
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-37222
Patch Status
Unpatched
Published
Jun 20, 2024
CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-37097
Patch Status
Patched
Published
Jun 20, 2024
Affected Software
Shortcodes by United Themes
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-5032
Patch Status
Patched
Published
Jun 22, 2024
Affected Software
SULly
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-5033
Patch Status
Patched
Published
Jun 22, 2024
Affected Software
SULly
Researcher

CVSS Rating
Medium (6.1)
CVE-ID
CVE-2024-5344
Patch Status
Patched
Published
Jun 20, 2024
CVSS Rating
Medium (5.8)
CVE-ID
CVE-2024-4787
Patch Status
Patched
Published
Jun 18, 2024
Affected Software
Cost Calculator Builder PRO
Researcher

CVSS Rating
Medium (5.5)
CVE-ID
CVE-2024-37098
Patch Status
Unpatched
Published
Jun 20, 2024
Affected Software
BlossomThemes Email Newsletter
Researcher

CVSS Rating
Medium (5.5)
CVE-ID
CVE-2024-6026
Patch Status
Patched
Published
Jun 20, 2024
CVSS Rating
Medium (5.4)
CVE-ID
CVE-2024-37232
Patch Status
Patched
Published
Jun 21, 2024
Affected Software
Hercules Core
Researcher

CVSS Rating
Medium (5.4)
CVE-ID
CVE-2024-3919
Patch Status
Patched
Published
Jun 22, 2024
CVSS Rating
Medium (5.4)
CVE-ID
CVE-2024-5649
Patch Status
Unpatched
Published
Jun 18, 2024
Affected Software
Universal Slider
Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-37205
Patch Status
Patched
Published
Jun 20, 2024
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-3961
Patch Status
Patched
Published
Jun 20, 2024
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-5059
Patch Status
Unpatched
Published
Jun 19, 2024
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-5541
Patch Status
Patched
Published
Jun 17, 2024
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-37094
Patch Status
Patched
Published
Jun 20, 2024
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-37115
Patch Status
Patched
Published
Jun 20, 2024
Affected Software
Newspack Blocks
Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-37220
Patch Status
Unpatched
Published
Jun 21, 2024
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-35776
Patch Status
Unpatched
Published
Jun 19, 2024
Affected Software
phpinfo() WP
Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-37881
Patch Status
Patched
Published
Jun 21, 2024
Affected Software
SiteGuard WP Plugin
Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2022-44593
Patch Status
Patched
Published
Jun 20, 2024
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-37110
Patch Status
Unpatched
Published
Jun 20, 2024
Affected Software
Wishlist Member
Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-37111
Patch Status
Unpatched
Published
Jun 20, 2024
Affected Software
Wishlist Member
Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-37113
Patch Status
Unpatched
Published
Jun 20, 2024
Affected Software
Wishlist Member
Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2022-44587
Patch Status
Patched
Published
Jun 20, 2024
CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-3610
Patch Status
Patched
Published
Jun 20, 2024
Affected Software
WP Child Theme Generator
Researcher

CVSS Rating
Medium (5.3)
CVE-ID
CVE-2024-0789
Patch Status
Patched
Published
Jun 18, 2024
Affected Software
WP Maintenance
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-37122
Patch Status
Unpatched
Published
Jun 20, 2024
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-6225
Patch Status
Patched
Published
Jun 20, 2024
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-6334
Patch Status
Patched
Published
Jun 18, 2024
Affected Software
Easy Table of Contents
Researcher

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-4602
Patch Status
Patched
Published
Jun 22, 2024
Affected Software
Embed Peertube Playlist
Researcher

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-5151
Patch Status
Patched
Published
Jun 22, 2024
Affected Software
SULly
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-37120
Patch Status
Unpatched
Published
Jun 20, 2024
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-5644
Patch Status
Patched
Published
Jun 22, 2024
Affected Software
Tournamatch
Researcher

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-5472
Patch Status
Patched
Published
Jun 22, 2024
Affected Software
WP QuickLaTeX
Researcher

CVSS Rating
Medium (4.4)
CVE-ID
CVE-2024-4753
Patch Status
Patched
Published
Jun 21, 2024
Affected Software
WP Secure Maintenance
CVSS Rating
Medium (4.4)
CVE-ID
CVE-2023-6495
Patch Status
Patched
Published
Jun 18, 2024
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-37230
Patch Status
Patched
Published
Jun 21, 2024
Affected Software
Book Landing Page
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-4874
Patch Status
Patched
Published
Jun 21, 2024
Affected Software
Bricks Builder
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-37104
Patch Status
Patched
Published
Jun 20, 2024
Affected Software
Chic Lite
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-5167
Patch Status
Patched
Published
Jun 22, 2024
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-6023
Patch Status
Unpatched
Published
Jun 21, 2024
Affected Software
ContentLock
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-6024
Patch Status
Unpatched
Published
Jun 21, 2024
Affected Software
ContentLock
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-6022
Patch Status
Unpatched
Published
Jun 21, 2024
Affected Software
ContentLock
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-4541
Patch Status
Unpatched
Published
Jun 18, 2024
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-35771
Patch Status
Patched
Published
Jun 18, 2024
Affected Software
Customizr
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-37207
Patch Status
Unpatched
Published
Jun 20, 2024
Affected Software
Demo Awesome
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-37198
Patch Status
Patched
Published
Jun 20, 2024
Affected Software
Digital Newspaper
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-37103
Patch Status
Patched
Published
Jun 20, 2024
Affected Software
Education Zone
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-37095
Patch Status
Patched
Published
Jun 20, 2024
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-37240
Patch Status
Patched
Published
Jun 21, 2024
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-37237
Patch Status
Unpatched
Published
Jun 21, 2024
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-37235
Patch Status
Patched
Published
Jun 21, 2024
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-1955
Patch Status
Patched
Published
Jun 20, 2024
Affected Software
Hide Dashboard Notifications
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-35772
Patch Status
Patched
Published
Jun 18, 2024
Affected Software
Hueman
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-37226
Patch Status
Unpatched
Published
Jun 21, 2024
Affected Software
Kanban Boards for WordPress
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-37203
Patch Status
Unpatched
Published
Jun 20, 2024
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-37236
Patch Status
Patched
Published
Jun 21, 2024
Affected Software
Loco Translate
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-37093
Patch Status
Patched
Published
Jun 20, 2024
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-37227
Patch Status
Patched
Published
Jun 21, 2024
Affected Software
Newsletters
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-37242
Patch Status
Patched
Published
Jun 21, 2024
Affected Software
Newspack Newsletters
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-37218
Patch Status
Unpatched
Published
Jun 21, 2024
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-37233
Patch Status
Unpatched
Published
Jun 21, 2024
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-37096
Patch Status
Patched
Published
Jun 20, 2024
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-37204
Patch Status
Patched
Published
Jun 20, 2024
Affected Software
PropertyHive
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-4873
Patch Status
Unpatched
Published
Jun 18, 2024
Affected Software
Replace Image
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-37224
Patch Status
Unpatched
Published
Jun 21, 2024
Affected Software
SP Project & Document Manager
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-5034
Patch Status
Patched
Published
Jun 22, 2024
Affected Software
SULly
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-5860
Patch Status
Patched
Published
Jun 17, 2024
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-5639
Patch Status
Patched
Published
Jun 20, 2024
Affected Software
User Profile Picture
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-37209
Patch Status
Unpatched
Published
Jun 20, 2024
Affected Software
User Rights Access Manager
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-37102
Patch Status
Patched
Published
Jun 20, 2024
Affected Software
Vilva
Researcher

CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-35770
Patch Status
Patched
Published
Jun 18, 2024
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-37201
Patch Status
Unpatched
Published
Jun 20, 2024
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-37241
Patch Status
Patched
Published
Jun 21, 2024
CVSS Rating
Medium (4.3)
CVE-ID
CVE-2024-37238
Patch Status
Patched
Published
Jun 21, 2024
Researcher


As a reminder, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence.

This database is continuously updated, maintained, and populated by Wordfence’s highly credentialed and experienced vulnerability researchers through in-house vulnerability research, vulnerability researchers submitting directly to us through our Bug Bounty Program, and by monitoring varying sources to capture all publicly available WordPress vulnerability information and adding additional context where we can.

Click here to sign-up for our mailing list to receive weekly vulnerability reports like this and important WordPress Security reports in your inbox the moment they are published.

The post Wordfence Intelligence Weekly WordPress Vulnerability Report (June 17, 2024 to June 23, 2024) appeared first on Wordfence.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

Tap To Call