A huge collection of 3400+ free website templates JAR theme com WP themes and more at the biggest community-driven free web design site
Home / security-advisories / Critical Vulnerabilities affecting WordPress (CVE-2024-4544, CVE-2024-0867, CVE-2024-1974)

Critical Vulnerabilities affecting WordPress (CVE-2024-4544, CVE-2024-0867, CVE-2024-1974)

Advisory No: TZCERT/SA/2024/05/24-2

Date of First Release: 24th May 2024

Source: Wordfence

Software Affected: pie-register-social-site, email-log and ht-mega-for-elementor,


WordPress is vulnerable to three critical vulnerabilities. The attackers can leverage the vulnerabilities to take control of the affected system.


Three WordPress plugins namely pie-register-social-site, email-log and ht-mega-for-elementor as affected by the vulnerabilities tracked as CVE-2024-4544, CVE-2024-0867, and CVE-2024-1974 respectively. Reasons for the flaws include insufficient verification on the user being supplied during a social login through the plugin, and the absence of a capability check among others. The attackers can exploit the vulnerabilities to gain access to the vulnerable system and access to sensitive information.


Successful exploitation of these vulnerabilities may allow an attacker to gain access to the vulnerable system


WordPress has released security patches for these vulnerabilities. Users and administrators are encouraged to apply necessary updates.


  1. https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/pie-register-social-site/pie-register-social-sites-login-add-on-177-authentication-bypass
  2. https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/email-log/email-log-248-unauthenticated-hook-injection
  3. https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/ht-mega-for-elementor/ht-mega-absolute-addons-for-elementor-246-authenticated-contributor-directory-traversal

Check Also

High severity vulnerabilities in HPE ProLiant and HPE Edgeline Servers Using BIOS (PixieFail) (CVE-2023-45229, CVE-2023-45230, CVE-2023-45234, CVE-2023-45235, CVE-2021-38575)

Advisory No: TZCERT/SA/2024/05/31-2 Date of First Release: 31st May 2024 Source: Hewlett-Packard (HP) Software Affected: …