In this report, 73 vulnerabilities have been publicly disclosed. Security patches for 48 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 25 plugin vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

Along with poor user account security, vulnerable plugins and themes are among the reasons why WordPress websites get hacked. (See our Annual Vulnerability Report for 2022.) Unfortunately, cyberattacks are increasing in volume and sophistication. They’re also increasingly aimed at small to mid-sized businesses.

Table of Contents

1. 1. WordPress Core
2. 2. WordPress Plugins — 46 Patched / 25 Unpatched
1. 2.1
   Addon Library
2. 2.2
   Admin side data storage for Contact Form 7
3. 2.3
   Admin side data storage for Contact Form 7
4. 2.4
   Admin side data storage for Contact Form 7
5. 2.5
   Admin side data storage for Contact Form 7
6. 2.6
   Adsmonetizer
7. 2.7
   BeePress
8. 2.8
   Configure SMTP
9. 2.9
   Download Media
10. 2.10
    Duitku Payment Gateway
11. 2.11
    Fontific | Google Fonts
12. 2.12
    Gestpay for WooCommerce
13. 2.13
    Marketo Forms and Tracking
14. 2.14
    Media Alt Renamer
15. 2.15
    WooCommerce Coupon Popup, SmartBar, Slide In | MyShopKit
16. 2.16
    PayU India
17. 2.17
    Play.ht
18. 2.18
    postMash – custom post order
19. 2.19
    Rolo Slider
20. 2.20
    Slivery Extender
21. 2.21
    SoundCloud Shortcode
22. 2.22
    Tabs Shortcode and Widget
23. 2.23
    Tainacan
24. 2.24
    User Shortcodes Plus
25. 2.25
    Watermark RELOADED
26. 2.26
    LiteSpeed Cache
27. 2.27
    LiteSpeed Cache
28. 2.28
    Premium Addons for Elementor
29. 2.29
    BackWPup – WordPress Backup Plugin
30. 2.30
    Page Builder: Pagelayer – Drag and Drop website builder
31. 2.31
    Page Builder: Pagelayer – Drag and Drop website builder
32. 2.32
    Orbit Fox by ThemeIsle
33. 2.33
    Orbit Fox by ThemeIsle
34. 2.34
    Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin
35. 2.35
    User Feedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds
36. 2.36
    Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress
37. 2.37
    Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress
38. 2.38
    Elementor Addon Elements
39. 2.39
    Elementor Addon Elements
40. 2.40
    Elementor Addon Elements
41. 2.41
    Colibri Page Builder
42. 2.42
    Colibri Page Builder
43. 2.43
    Brizy – Page Builder
44. 2.44
    Brizy – Page Builder
45. 2.45
    Brizy – Page Builder
46. 2.46
    Brizy – Page Builder
47. 2.47
    Event Tickets and Registration
48. 2.48
    Sydney Toolbox
49. 2.49
    Enhanced Text Widget
50. 2.50
    NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor
51. 2.51
    WP Dashboard Notes
52. 2.52
    Restrict User Access – Ultimate Membership & Content Protection
53. 2.53
    WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce
54. 2.54
    YML for Yandex Market
55. 2.55
    Smart Forms – when you need more than just a contact form
56. 2.56
    Maintenance Page
57. 2.57
    Maintenance Page
58. 2.58
    SMS Alert Order Notifications – WooCommerce
59. 2.59
    Thank You Page Customizer for WooCommerce – Increase Your Sales
60. 2.60
    Thank You Page Customizer for WooCommerce – Increase Your Sales
61. 2.61
    Spiffy Calendar
62. 2.62
    Academy LMS – eLearning and online course solution for WordPress
63. 2.63
    Archivist – Custom Archive Templates
64. 2.64
    Comments Extra Fields For Post,Pages and CPT
65. 2.65
    Comments Extra Fields For Post,Pages and CPT
66. 2.66
    KODO Qiniu
67. 2.67
    Backup
68. 2.68
    Elementor Pro
69. 2.69
    JobSearch
70. 2.70
    JobSearch
71. 2.71
    WP Social Widget
3. 3. WordPress Themes — 2 Patched /0 Unpatched
1. 3.1
   Colibri WP
2. 3.2
   Socialdriver

Our WordPress Vulnerability Report covers the latest emerging WordPress plugin, theme, and core vulnerabilities. Each vulnerability will have a severity rating of Low, Medium, High, or Critical. Responsible disclosure of vulnerabilities is essential to keeping the WordPress community safe. Please share this report to help spread the word and make WordPress — and the web — more secure.

WordPress Core

WordPress 6.4.3 was released on January 30, 2024, as a short-cycle maintenance and security release with five bug fixes in Core and 16 bug fixes for the Block Editor. It is recommended that you update your sites immediately.

The next major release will be version 6.5, planned for March 26, 2024.

No new core vulnerabilities were disclosed this week.

WordPress Plugins — 46 Patched / 25 Unpatched

Plugin:

Addon Library

Plugin Slug:
addon-library

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

Admin side data storage for Contact Form 7

Plugin Slug:
admin-side-data-storage-for-contact-form-7

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Admin side data storage for Contact Form 7

Plugin Slug:
admin-side-data-storage-for-contact-form-7

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Admin side data storage for Contact Form 7

Plugin Slug:
admin-side-data-storage-for-contact-form-7

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Admin side data storage for Contact Form 7

Plugin Slug:
admin-side-data-storage-for-contact-form-7

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Adsmonetizer

Plugin Slug:
adsensei-b30

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

BeePress

Plugin Slug:
beepress

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Configure SMTP

Plugin Slug:
configure-smtp

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Download Media

Plugin Slug:
download-media

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Duitku Payment Gateway

Plugin Slug:
duitku-social-payment-gateway

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Fontific | Google Fonts

Plugin Slug:
fontific

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Gestpay for WooCommerce

Plugin Slug:
gestpay-for-woocommerce

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Marketo Forms and Tracking

Plugin Slug:
marketo-forms-and-tracking

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Media Alt Renamer

Plugin Slug:
media-alt-renamer

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

WooCommerce Coupon Popup, SmartBar, Slide In | MyShopKit

Plugin Slug:
myshopkit-popup-smartbar-slidein

Vulnerability:
Sensitive Data Exposure

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

PayU India

Plugin Slug:
payu-india

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Play.ht

Plugin Slug:
play-ht

Vulnerability:
PHP Object Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin:

postMash – custom post order

Plugin Slug:
postmash

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Rolo Slider

Plugin Slug:
rolo-slider

Vulnerability:
Settings Change

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Slivery Extender

Plugin Slug:
slivery-extender

Vulnerability:
Remote Code Execution (RCE)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

SoundCloud Shortcode

Plugin Slug:
soundcloud-shortcode

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Tabs Shortcode and Widget

Plugin Slug:
tabs-shortcode-and-widget

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Tainacan

Plugin Slug:
tainacan

Vulnerability:
Sensitive Data Exposure

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

User Shortcodes Plus

Plugin Slug:
user-shortcodes-plus

Vulnerability:
Insecure Direct Object References (IDOR)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Watermark RELOADED

Plugin Slug:
watermark-reloaded

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
litespeed-cache

Installations
5,000,000+

Vulnerability:
Broken Access Control

Patched in Version:
5.7.0.1

Severity Score:
High

Plugin Slug:
litespeed-cache

Installations
5,000,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
5.7.0.1

Severity Score:
High

Plugin Slug:
premium-addons-for-elementor

Installations
700,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.10.19

Severity Score:
Medium

Plugin Slug:
backwpup

Installations
600,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
4.0.3

Severity Score:
Low

Plugin Slug:
pagelayer

Installations
200,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.8.1

Severity Score:
Medium

Plugin Slug:
pagelayer

Installations
200,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.8.3

Severity Score:
Medium

Plugin Slug:
themeisle-companion

Installations
200,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.10.32

Severity Score:
Medium

Plugin Slug:
themeisle-companion

Installations
200,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.10.31

Severity Score:
Medium

Plugin Slug:
ultimate-member

Installations
200,000+

Vulnerability:
SQL Injection

Patched in Version:
2.8.3

Severity Score:
Critical

Plugin Slug:
userfeedback-lite

Installations
200,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.0.14

Severity Score:
High

Plugin Slug:
wp-user-avatar

Installations
200,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.15.1

Severity Score:
Medium

Plugin Slug:
wp-user-avatar

Installations
200,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.15.1

Severity Score:
Medium

Plugin Slug:
addon-elements-for-elementor-page-builder

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.13

Severity Score:
Medium

Plugin Slug:
addon-elements-for-elementor-page-builder

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.13

Severity Score:
Medium

Plugin Slug:
addon-elements-for-elementor-page-builder

Installations
100,000+

Vulnerability:
Local File Inclusion

Patched in Version:
1.13

Severity Score:
High

Plugin Slug:
colibri-page-builder

Installations
100,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.0.260

Severity Score:
Medium

Plugin Slug:
colibri-page-builder

Installations
100,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.0.260

Severity Score:
Medium

Plugin Slug:
brizy

Installations
80,000+

Vulnerability:
Directory Traversal

Patched in Version:
2.4.41

Severity Score:
Medium

Plugin Slug:
brizy

Installations
80,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.4.41

Severity Score:
Medium

Plugin Slug:
brizy

Installations
80,000+

Vulnerability:
Arbitrary File Upload

Patched in Version:
2.4.41

Severity Score:
Critical

Plugin Slug:
brizy

Installations
80,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.4.41

Severity Score:
Medium

Plugin Slug:
event-tickets

Installations
80,000+

Vulnerability:
Broken Access Control

Patched in Version:
5.8.2

Severity Score:
Medium

Plugin Slug:
sydney-toolbox

Installations
80,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.26

Severity Score:
Medium

Plugin Slug:
enhanced-text-widget

Installations
50,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.6.6

Severity Score:
Medium

Plugin Slug:
notificationx

Installations
30,000+

Vulnerability:
SQL Injection

Patched in Version:
2.8.3

Severity Score:
Critical

Plugin Slug:
wp-dashboard-notes

Installations
30,000+

Vulnerability:
Insecure Direct Object References (IDOR)

Patched in Version:
1.0.11

Severity Score:
Medium

Plugin Slug:
restrict-user-access

Installations
20,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
2.6

Severity Score:
Medium

Plugin Slug:
wp-event-manager

Installations
20,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.1.42

Severity Score:
High

Plugin Slug:
yml-for-yandex-market

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.2.4

Severity Score:
High

Plugin Slug:
smart-forms

Installations
9,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.6.87

Severity Score:
Medium

Plugin Slug:
maintenance-page

Installations
5,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.0.9

Severity Score:
Medium

Plugin Slug:
maintenance-page

Installations
5,000+

Vulnerability:
Bypass Vulnerability

Patched in Version:
1.0.9

Severity Score:
Medium

Plugin Slug:
sms-alert

Installations
5,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
3.7.0

Severity Score:
Medium

Plugin Slug:
woo-thank-you-page-customizer

Installations
5,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.1.3

Severity Score:
Medium

Plugin Slug:
woo-thank-you-page-customizer

Installations
5,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.1.3

Severity Score:
Medium

Plugin Slug:
spiffy-calendar

Installations
3,000+

Vulnerability:
Broken Access Control

Patched in Version:
4.9.9

Severity Score:
Medium

Plugin Slug:
academy

Installations
1,000+

Vulnerability:
Privilege Escalation

Patched in Version:
1.9.20

Severity Score:
High

Plugin Slug:
archivist-custom-archive-templates

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.7.6

Severity Score:
High

Plugin Slug:
wp-comment-fields

Installations
1,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
5.1

Severity Score:
Medium

Plugin Slug:
wp-comment-fields

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
5.1

Severity Score:
Medium

Plugin Slug:
kodo-qiniu

Installations
400+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.5.1

Severity Score:
Medium

Plugin:

Backup

Plugin Slug:
backup2

Vulnerability:
Sensitive Data Exposure

Patched in Version:
2.0.9.9

Severity Score:
High

Plugin:

Elementor Pro

Plugin Slug:
elementor-pro

Vulnerability:
Sensitive Data Exposure

Patched in Version:
3.19.3

Severity Score:
Medium

Plugin:

JobSearch

Plugin Slug:
wp-jobsearch

Vulnerability:
Remote Code Execution (RCE)

Patched in Version:
2.3.4

Severity Score:
Critical

Plugin:

JobSearch

Plugin Slug:
wp-jobsearch

Vulnerability:
Broken Authentication

Patched in Version:
2.3.4

Severity Score:
Critical

Plugin:

WP Social Widget

Plugin Slug:
wp-social-widget

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.2.6

Severity Score:
Medium

WordPress Themes — 2 Patched /0 Unpatched

Theme Slug:
colibri-wp

Downloads
1,232,050

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.0.101

Severity Score:
Medium

Theme:

Socialdriver

Theme Slug:
socialdriver

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2024

Severity Score:
High

Keep reading the article at Blog – SolidWP. The article was originally written by Sarah Ulmer on 2024-02-29 10:29:51.

The article was hand-picked and curated for you by the Editorial Team of WP Archives.

In this report, 88 new vulnerabilities have been publicly disclosed. Security patches for 29 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 59 plugin vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

Along with poor user account security, vulnerable plugins and themes are among the reasons why WordPress websites get hacked. (See our Annual Vulnerability Report for 2022.) Unfortunately, cyberattacks are increasing in volume and sophistication. They’re also increasingly aimed at small to mid-sized businesses.

Table of Contents

1. 1. Free Online Training Event! TODAY! Register Now!
2. 2. WordPress Core
3. 3. WordPress Plugins — 28 Patched / 59 Unpatched
1. 3.1
   Ninja Tables – Best Data Table Plugin for WordPress
2. 3.2
   Ninja Tables – Best Data Table Plugin for WordPress
3. 3.3
   Booking for Appointments and Events Calendar – Amelia
4. 3.4
   Contact Form builder with drag & drop for WordPress – Kali Forms
5. 3.5
   PDF Viewer & 3D PDF Flipbook – DearPDF
6. 3.6
   Browser Theme Color
7. 3.7
   FreshMail For WordPress
8. 3.8
   Albo Pretorio On line
9. 3.9
   Albo Pretorio On line
10. 3.10
    CBX Map for Google Map & OpenStreetMap
11. 3.11
    Posts List Designer by Category – List Category Posts Or Recent Posts
12. 3.12
    12 Step Meeting List
13. 3.13
    WP To Do
14. 3.14
    BA Plus
15. 3.15
    Better Anchor Links
16. 3.16
    CformsII
17. 3.17
    Custom Dashboard Widgets
18. 3.18
    Delhivery Logistics Courier
19. 3.19
    enigma chart.js
20. 3.20
    enigma chart.js
21. 3.21
    Frontpage Manager
22. 3.22
    Image Tag Manager
23. 3.23
    lasTunes
24. 3.24
    Post views Stats
25. 3.25
    SimpleMap Store Locator
26. 3.26
    Splashscreen
27. 3.27
    Unlimited Addons for WPBakery Page Builder
28. 3.28
    WP Smart Editor
29. 3.29
    Advanced Custom Fields (ACF)
30. 3.30
    Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
31. 3.31
    Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
32. 3.32
    Contact Form Plugin – Fastest Contact Form Builder Plugin for WordPress by Fluent Forms
33. 3.33
    Migration, Backup, Staging – WPvivid
34. 3.34
    PDF Invoices & Packing Slips for WooCommerce
35. 3.35
    Photo Gallery by 10Web – Mobile-Friendly Image Gallery
36. 3.36
    Orbit Fox by ThemeIsle
37. 3.37
    Burst Statistics – Privacy-Friendly Analytics for WordPress
38. 3.38
    FileBird – WordPress Media Library Folders & File Manager
39. 3.39
    GiveWP – Donation Plugin and Fundraising Platform
40. 3.40
    Schema & Structured Data for WP & AMP
41. 3.41
    Product Import Export for WooCommerce
42. 3.42
    Import and export users and customers
43. 3.43
    VK Block Patterns
44. 3.44
    Advanced Woo Search
45. 3.45
    Booking for Appointments and Events Calendar – Amelia
46. 3.46
    Getwid – Gutenberg Blocks
47. 3.47
    Getwid – Gutenberg Blocks
48. 3.48
    User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor
49. 3.49
    Photo Gallery, Images, Slider in Rbs Image Gallery
50. 3.50
    Simple Membership
51. 3.51
    WP Recipe Maker
52. 3.52
    WP Recipe Maker
53. 3.53
    WP Recipe Maker
54. 3.54
    WP Recipe Maker
55. 3.55
    WP Recipe Maker
56. 3.56
    WP Recipe Maker
57. 3.57
    WP Recipe Maker
58. 3.58
    Shield Security – Smart Bot Blocking & Intrusion Prevention Security
59. 3.59
    IP2Location Country Blocker
60. 3.60
    Asgaros Forum
61. 3.61
    Cryptocurrency Widgets – Price Ticker & Coins List
62. 3.62
    Author Box, Guest Author and Co-Authors for Your Posts – Molongui
63. 3.63
    Stripe Payment Plugin for WooCommerce
64. 3.64
    Portfolio & Image Gallery for WordPress | PowerFolio
65. 3.65
    BP Profile Search
66. 3.66
    HD Quiz
67. 3.67
    WOLF – WordPress Posts Bulk Editor and Manager Professional
68. 3.68
    ChatBot with AI
69. 3.69
    Slider by Supsystic
70. 3.70
    FastDup – Fastest WordPress Migration & Duplicator
71. 3.71
    Formzu WP
72. 3.72
    WP-Lister Lite for eBay
73. 3.73
    WP Spell Check
74. 3.74
    WPZOOM Shortcodes
75. 3.75
    InstaWP Connect – 1-click WP Staging & Migration
76. 3.76
    Display custom fields in the frontend – Post and User Profile Fields
77. 3.77
    Display custom fields in the frontend – Post and User Profile Fields
78. 3.78
    Display custom fields in the frontend – Post and User Profile Fields
79. 3.79
    Stock Locations for WooCommerce
80. 3.80
    Advanced Custom Fields PRO
81. 3.81
    GeneratePress Premium
82. 3.82
    PeepSo Core: Photos
83. 3.83
    SalesKing
84. 3.84
    SalesKing
85. 3.85
    SalesKing
86. 3.86
    WooCommerce Subscriptions
87. 3.87
    WPForms Pro
4. 4. WordPress Themes — 1 Patched / 0 Unpatched
1. 4.1
   ColorMag

Our WordPress Vulnerability Report covers the latest emerging WordPress plugin, theme, and core vulnerabilities. Each vulnerability will have a severity rating of Low, Medium, High, or Critical. Responsible disclosure of vulnerabilities is essential to keeping the WordPress community safe. Please share this report to help spread the word and make WordPress — and the web — more secure.

Free Online Training Event! TODAY! Register Now!

TODAY! January 24, 2024 @ 1:00 PM – 2:00 PM (CST)

Not all WordPress threats and vulnerabilities are “created equal.” Some require more immediate attention and pose a greater risk than others. Even with preventive tools in place, such as Solid Security Pro with Patchstack, you need to understand how to assess and respond to threats and vulnerabilities.

This livestream will help you understand what needs your attention first, how to use Security tools like Solid Security Pro to view, rank, and respond to threats, and how to harden your site moving forward.

Can’t make the live event? Go ahead and register, and we’ll email you the replay. See webinar time in your time zone.

WordPress Core

WordPress 6.4.2 was released on December 6, 2023, as a short-cycle maintenance and security release with seven bug fixes and one security patch for a potential Remote Code Execution (RCE) vulnerability that is not directly exploitable in most situations. However, combined with certain vulnerabilities in third-party plugins on a multisite network, this vulnerability could be exploited and pose a high-severity risk. The 6.4.1 update will prevent PHP object injections from being chained into a potential RCE, according to details published by Patchstack.

No new core vulnerabilities were disclosed this week.

WordPress Plugins — 28 Patched / 59 Unpatched

Plugin Slug:
ninja-tables

Installations
80,000+

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
ninja-tables

Installations
80,000+

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
ameliabooking

Installations
60,000+

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
kali-forms

Installations
30,000+

Vulnerability:
Insecure Direct Object References (IDOR)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
dearpdf-lite

Installations
8,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
browser-theme-color

Installations
3,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
freshmail-integration

Installations
2,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
albo-pretorio-on-line

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
albo-pretorio-on-line

Installations
1,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
cbxgooglemap

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
post-list-designer

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
12-step-meeting-list

Installations
900+

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
wp-todo

Installations
300+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

BA Plus

Plugin Slug:
ba-plus-before-after-image-slider-free

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Better Anchor Links

Plugin Slug:
better-anchor-links

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

CformsII

Plugin Slug:
cforms2

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Custom Dashboard Widgets

Plugin Slug:
custom-dashboard-widgets

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Delhivery Logistics Courier

Plugin Slug:
delhivery-logistics-courier

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin:

enigma chart.js

Plugin Slug:
enigma-chartjs

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

enigma chart.js

Plugin Slug:
enigma-chartjs

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Frontpage Manager

Plugin Slug:
frontpage-manager

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Image Tag Manager

Plugin Slug:
image-tag-manager

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

lasTunes

Plugin Slug:
lastunes

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Post views Stats

Plugin Slug:
post-views-stats

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

SimpleMap Store Locator

Plugin Slug:
simplemap

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Splashscreen

Plugin Slug:
splashscreen

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Unlimited Addons for WPBakery Page Builder

Plugin Slug:
unlimited-addons-for-wpbakery-page-builder

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
High

Plugin:

WP Smart Editor

Plugin Slug:
wp-smart-editor

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
advanced-custom-fields

Installations
2,000,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
6.2.5

Severity Score:
Medium

Plugin Slug:
essential-addons-for-elementor-lite

Installations
2,000,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
5.9.5

Severity Score:
Medium

Plugin Slug:
essential-addons-for-elementor-lite

Installations
2,000,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
5.9.5

Severity Score:
Medium

Plugin Slug:
fluentform

Installations
400,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
5.1.7

Severity Score:
Medium

Plugin Slug:
wpvivid-backuprestore

Installations
400,000+

Vulnerability:
Broken Access Control

Patched in Version:
0.9.95

Severity Score:
Medium

Plugin Slug:
woocommerce-pdf-invoices-packing-slips

Installations
300,000+

Vulnerability:
SQL Injection

Patched in Version:
3.7.6

Severity Score:
High

Plugin Slug:
photo-gallery

Installations
200,000+

Vulnerability:
Directory Traversal

Patched in Version:
1.8.20

Severity Score:
Critical

Plugin Slug:
themeisle-companion

Installations
200,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.10.28

Severity Score:
Medium

Plugin Slug:
burst-statistics

Installations
100,000+

Vulnerability:
SQL Injection

Patched in Version:
1.5.4

Severity Score:
High

Plugin Slug:
filebird

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
5.6.1

Severity Score:
Medium

Plugin Slug:
give

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.3.0

Severity Score:
Medium

Plugin Slug:
schema-and-structured-data-for-wp

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.26

Severity Score:
Medium

Plugin Slug:
product-import-export-for-woo

Installations
90,000+

Vulnerability:
Arbitrary File Upload

Patched in Version:
2.3.8

Severity Score:
High

Plugin Slug:
import-users-from-csv-with-meta

Installations
80,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.24.7

Severity Score:
Medium

Plugin Slug:
vk-block-patterns

Installations
80,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.31.2.0

Severity Score:
Medium

Plugin Slug:
advanced-woo-search

Installations
70,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.97

Severity Score:
High

Plugin Slug:
ameliabooking

Installations
60,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.0.94

Severity Score:
Medium

Plugin Slug:
getwid

Installations
50,000+

Vulnerability:
Bypass Vulnerability

Patched in Version:
2.0.5

Severity Score:
Medium

Plugin Slug:
getwid

Installations
50,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.0.5

Severity Score:
Medium

Plugin Slug:
profile-builder

Installations
50,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.10.9

Severity Score:
High

Plugin Slug:
robo-gallery

Installations
50,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.2.18

Severity Score:
Medium

Plugin Slug:
simple-membership

Installations
50,000+

Vulnerability:
Open Redirection

Patched in Version:
4.4.2

Severity Score:
Low

Plugin Slug:
wp-recipe-maker

Installations
50,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
9.1.1

Severity Score:
Medium

Plugin Slug:
wp-recipe-maker

Installations
50,000+

Vulnerability:
Path Traversal

Patched in Version:
9.1.1

Severity Score:
Medium

Plugin Slug:
wp-recipe-maker

Installations
50,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
9.1.1

Severity Score:
Medium

Plugin Slug:
wp-recipe-maker

Installations
50,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
9.1.1

Severity Score:
High

Plugin Slug:
wp-recipe-maker

Installations
50,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
9.1.1

Severity Score:
Medium

Plugin Slug:
wp-recipe-maker

Installations
50,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
9.1.1

Severity Score:
Medium

Plugin Slug:
wp-recipe-maker

Installations
50,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
9.1.1

Severity Score:
Medium

Plugin Slug:
wp-simple-firewall

Installations
50,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
18.5.8

Severity Score:
High

Plugin Slug:
ip2location-country-blocker

Installations
20,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
2.33.4

Severity Score:
Medium

Plugin Slug:
asgaros-forum

Installations
10,000+

Vulnerability:
PHP Object Injection

Patched in Version:
2.8.0

Severity Score:
High

Plugin Slug:
cryptocurrency-price-ticker-widget

Installations
10,000+

Vulnerability:
SQL Injection

Patched in Version:
2.6.6

Severity Score:
Critical

Plugin Slug:
molongui-authorship

Installations
10,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
4.7.5

Severity Score:
Medium

Plugin Slug:
payment-gateway-stripe-and-woocommerce-integration

Installations
10,000+

Vulnerability:
SQL Injection

Patched in Version:
3.8.0

Severity Score:
Critical

Plugin Slug:
portfolio-elementor

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.1.1

Severity Score:
Medium

Plugin Slug:
bp-profile-search

Installations
9,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
5.6

Severity Score:
High

Plugin Slug:
hd-quiz

Installations
7,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.8.12

Severity Score:
Medium

Plugin Slug:
bulk-editor

Installations
5,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.0.8.1

Severity Score:
High

Plugin Slug:
chatbot

Installations
5,000+

Vulnerability:
PHP Object Injection

Patched in Version:
5.1.1

Severity Score:
High

Plugin Slug:
slider-by-supsystic

Installations
4,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.8.7

Severity Score:
Medium

Plugin Slug:
fastdup

Installations
3,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
2.2.0

Severity Score:
Critical

Plugin Slug:
formzu-wp

Installations
3,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.6.8

Severity Score:
Medium

Plugin Slug:
wp-lister-for-ebay

Installations
3,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.5.8

Severity Score:
High

Plugin Slug:
wp-spell-check

Installations
3,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
9.18

Severity Score:
Medium

Plugin Slug:
wpzoom-shortcodes

Installations
2,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.0.2

Severity Score:
High

Plugin Slug:
instawp-connect

Installations
1,000+

Vulnerability:
Privilege Escalation

Patched in Version:
0.1.0.9

Severity Score:
High

Plugin Slug:
shortcode-to-display-post-and-user-data

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.3.0

Severity Score:
Medium

Plugin Slug:
shortcode-to-display-post-and-user-data

Installations
1,000+

Vulnerability:
Insecure Direct Object References (IDOR)

Patched in Version:
1.3.0

Severity Score:
Medium

Plugin Slug:
shortcode-to-display-post-and-user-data

Installations
1,000+

Vulnerability:
Arbitrary Code Execution

Patched in Version:
1.3.0

Severity Score:
High

Plugin Slug:
stock-locations-for-woocommerce

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.6.0

Severity Score:
Medium

Plugin:

Advanced Custom Fields PRO

Plugin Slug:
advanced-custom-fields-pro

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
6.2.5

Severity Score:
Medium

Plugin:

GeneratePress Premium

Plugin Slug:
generatepress-premium

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.4.0

Severity Score:
Medium

Plugin:

PeepSo Core: Photos

Plugin Slug:
peepso-photos

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
6.3.1.0

Severity Score:
Medium

Plugin:

SalesKing

Plugin Slug:
salesking

Vulnerability:
Privilege Escalation

Patched in Version:
1.6.30

Severity Score:
Critical

Plugin:

SalesKing

Plugin Slug:
salesking

Vulnerability:
Settings Change

Patched in Version:
1.6.30

Severity Score:
Medium

Plugin:

SalesKing

Plugin Slug:
salesking

Vulnerability:
Sensitive Data Exposure

Patched in Version:
1.6.30

Severity Score:
High

Plugin:

WooCommerce Subscriptions

Plugin Slug:
woocommerce-subscriptions

Vulnerability:
Broken Access Control

Patched in Version:
5.8.0

Severity Score:
Medium

Plugin:

WPForms Pro

Plugin Slug:
wpforms

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.8.5.4

Severity Score:
High

WordPress Themes — 1 Patched / 0 Unpatched

Theme Slug:
colormag

Downloads
3,787,317

Vulnerability:
Broken Access Control

Patched in Version:
3.1.3

Severity Score:
Medium

Keep reading the article at Blog – SolidWP. The article was originally written by Sarah Ulmer on 2024-01-24 11:16:58.

The article was hand-picked and curated for you by the Editorial Team of WP Archives.

In this report, 359 vulnerabilities have been publicly disclosed. Security patches for 269 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 90 plugin and theme vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

Along with poor user account security, vulnerable plugins and themes are among the top reasons why WordPress websites get hacked. Unfortunately, cyberattacks are increasing in volume and sophistication. They’re also increasingly aimed at small to mid-sized businesses.

Table of Contents

1. 1. WordPress Core
2. 2. WordPress Plugins — 248 Patched / 21 Unpatched
1. 2.1
   Auto Featured Image (Auto Post Thumbnail)
2. 2.2
   FameTheme Demo Importer
3. 2.3
   Piotnet Addons For Elementor
4. 2.4
   AGCA – Custom Dashboard & Login Page
5. 2.5
   Serious Slider
6. 2.6
   Meks Smart Social Widget
7. 2.7
   Xserver Migrator
8. 2.8
   Annual Archive
9. 2.9
   rtMedia for WordPress, BuddyPress and bbPress
10. 2.10
    ClickCease Click Fraud Protection
11. 2.11
    Democracy Poll
12. 2.12
    Login Logout Register Menu
13. 2.13
    Meks ThemeForest Smart Widget
14. 2.14
    Print-O-Matic
15. 2.15
    Smart Recent Posts Widget
16. 2.16
    CM Tooltip Glossary
17. 2.17
    Customify Site Library
18. 2.18
    WordPress Ad Widget
19. 2.19
    PopupAlly
20. 2.20
    Pretty Google Calendar
21. 2.21
    Fan Page Widget by ThemeNcode
22. 2.22
    Filterable Portfolio
23. 2.23
    Share This Image
24. 2.24
    Smart Maintenance Mode
25. 2.25
    ENL Newsletter
26. 2.26
    ENL Newsletter
27. 2.27
    ENL Newsletter
28. 2.28
    Advanced Search
29. 2.29
    Advanced Most Recent Posts Mod
30. 2.30
    Advanced Post List
31. 2.31
    AJAX Login and Registration modal popup + inline form
32. 2.32
    Element Pack Pro
33. 2.33
    CF7 File Download – File Download for CF7
34. 2.34
    Client Dash
35. 2.35
    Contact Form 7 Extension For Mailchimp
36. 2.36
    CPO Companion
37. 2.37
    Crelly Slider
38. 2.38
    Easy Set Favicon
39. 2.39
    Embed Google Fonts
40. 2.40
    XStore Core
41. 2.41
    XStore Core
42. 2.42
    XStore Core
43. 2.43
    XStore Core
44. 2.44
    XStore Core
45. 2.45
    XStore Core
46. 2.46
    XStore Core
47. 2.47
    XStore Core
48. 2.48
    Giphypress
49. 2.49
    GWP-Histats
50. 2.50
    JW Player for WordPress
51. 2.51
    MF Gig Calendar
52. 2.52
    Mini Loops
53. 2.53
    Opal Widgets For Elementor
54. 2.54
    CodeBard’s Patron Button and Widgets for Patreon
55. 2.55
    PB MailCrypt
56. 2.56
    Piotnet Addons For Elementor Pro
57. 2.57
    Piotnet Addons For Elementor Pro
58. 2.58
    Piotnet Addons For Elementor Pro
59. 2.59
    Piotnet Addons For Elementor Pro
60. 2.60
    Piotnet Addons For Elementor Pro
61. 2.61
    Progressive WordPress (PWA)
62. 2.62
    Realtyna Organic IDX plugin
63. 2.63
    Recencio Book Reviews
64. 2.64
    Regenerate post permalink
65. 2.65
    School Management Pro
66. 2.66
    Shortcode Addons
67. 2.67
    Sliding Widgets
68. 2.68
    Social Share Buttons by Supsystic
69. 2.69
    Solid Affiliate
70. 2.70
    SP Project & Document Manager
71. 2.71
    Sticky Anything
72. 2.72
    WidgetKit
73. 2.73
    WZone
74. 2.74
    WZone
75. 2.75
    WZone
76. 2.76
    WZone
77. 2.77
    WZone
78. 2.78
    WZone
79. 2.79
    WP GDPR Compliance
80. 2.80
    WP Masquerade
81. 2.81
    WP Page Post Widget Clone
82. 2.82
    WTI Like Post
83. 2.83
    XforWooCommerce
84. 2.84
    All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic
85. 2.85
    Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
86. 2.86
    Rank Math SEO with AI Best SEO Tools
87. 2.87
    ElementsKit Elementor addons and Templates Library
88. 2.88
    Popup Builder by OptinMonster – WordPress Popups for Optins, Email Newsletters and Lead Generation
89. 2.89
    Premium Addons for Elementor
90. 2.90
    Premium Addons for Elementor
91. 2.91
    Spectra – WordPress Gutenberg Blocks
92. 2.92
    Contact Form 7 Database Addon – CFDB7
93. 2.93
    WP Shortcodes Plugin — Shortcodes Ultimate
94. 2.94
    Happy Addons for Elementor
95. 2.95
    Duplicate Post
96. 2.96
    MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor
97. 2.97
    Royal Elementor Addons and Templates
98. 2.98
    Royal Elementor Addons and Templates
99. 2.99
    PDF Invoices & Packing Slips for WooCommerce
100. 2.100
     PDF Invoices & Packing Slips for WooCommerce
101. 2.101
     Call Now Button – The #1 Click to Call Button for WordPress
102. 2.102
     Floating Chat Widget: Contact Chat Icons, WhatsApp, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button – Chaty
103. 2.103
     Instant Images – One Click Image Uploads from Unsplash, Openverse, Pixabay and Pexels
104. 2.104
     Jeg Elementor Kit
105. 2.105
     Jeg Elementor Kit
106. 2.106
     Photo Gallery by 10Web – Mobile-Friendly Image Gallery
107. 2.107
     Qi Addons For Elementor
108. 2.108
     YITH WooCommerce Compare
109. 2.109
     Elementor Addon Elements
110. 2.110
     BackUpWordPress
111. 2.111
     Colibri Page Builder
112. 2.112
     Colibri Page Builder
113. 2.113
     Content Views – Post Grid & Filter, Recent Posts, Category Posts, & More (Gutenberg Blocks and Shortcode)
114. 2.114
     FileOrganizer – Manage WordPress and Website Files
115. 2.115
     Table Rate Shipping Method for WooCommerce by Flexible Shipping
116. 2.116
     HT Mega – Absolute Addons For Elementor
117. 2.117
     Hummingbird – Cache & Page Speed Optimization for Core Web Vitals | Critical CSS | Minify CSS | Defer CSS Javascript
118. 2.118
     Social Sharing Plugin – Sassy Social Share
119. 2.119
     Schema & Structured Data for WP & AMP
120. 2.120
     Strong Testimonials
121. 2.121
     Social Media Share Buttons & Social Sharing Icons
122. 2.122
     WP Chat App
123. 2.123
     Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions
124. 2.124
     Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions
125. 2.125
     VK Block Patterns
126. 2.126
     WP STAGING WordPress Backup Plugin – Migration Backup Restore
127. 2.127
     Backup Migration
128. 2.128
     Import and export users and customers
129. 2.129
     MainWP Child Reports
130. 2.130
     Tutor LMS – eLearning and online course solution
131. 2.131
     Tutor LMS – eLearning and online course solution
132. 2.132
     WP SMTP
133. 2.133
     WP ULike – Most Advanced WordPress Marketing Toolkit
134. 2.134
     WP ULike – Most Advanced WordPress Marketing Toolkit
135. 2.135
     WP ULike – Most Advanced WordPress Marketing Toolkit
136. 2.136
     Comments – wpDiscuz
137. 2.137
     Database for Contact Form 7, WPforms, Elementor forms
138. 2.138
     Media Cleaner: Clean your WordPress!
139. 2.139
     Export and Import Users and Customers
140. 2.140
     Blog2Social: Social Media Auto Post & Scheduler
141. 2.141
     Exclusive Addons for Elementor
142. 2.142
     Exclusive Addons for Elementor
143. 2.143
     Exclusive Addons for Elementor
144. 2.144
     Getwid – Gutenberg Blocks
145. 2.145
     FOX – Currency Switcher Professional for WooCommerce
146. 2.146
     WP-Members Membership Plugin
147. 2.147
     Enhanced Text Widget
148. 2.148
     Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder
149. 2.149
     Collapse-O-Matic
150. 2.150
     Quick Featured Images
151. 2.151
     Simple Membership
152. 2.152
     Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates)
153. 2.153
     Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks
154. 2.154
     Simply Static
155. 2.155
     Print Invoice & Delivery Notes for WooCommerce
156. 2.156
     Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy)
157. 2.157
     Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy)
158. 2.158
     AGCA – Custom Dashboard & Login Page
159. 2.159
     Popup Box – Best WordPress Popup Plugin
160. 2.160
     FV Flowplayer Video Player
161. 2.161
     Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor
162. 2.162
     Timetable and Event Schedule by MotoPress
163. 2.163
     Social Sharing Plugin – Social Warfare
164. 2.164
     VOD Infomaniak
165. 2.165
     WP Google Review Slider
166. 2.166
     Hide Dashboard Notifications
167. 2.167
     Appointment Hour Booking – WordPress Booking Plugin
168. 2.168
     Payment Gateway Based Fees and Discounts for WooCommerce
169. 2.169
     Data Tables Generator by Supsystic
170. 2.170
     Photo Gallery – GT3 Image Gallery & Gutenberg Block Gallery
171. 2.171
     Pricing Table by Supsystic
172. 2.172
     Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers
173. 2.173
     Rate My Post – Star Rating Plugin by FeedbackWP
174. 2.174
     Secure Copy Content Protection and Content Locking
175. 2.175
     Secure Copy Content Protection and Content Locking
176. 2.176
     Social Share Icons & Social Share Buttons
177. 2.177
     Social Share Icons & Social Share Buttons
178. 2.178
     Video Conferencing with Zoom
179. 2.179
     Product Addons & Fields for WooCommerce
180. 2.180
     Brevo for WooCommerce
181. 2.181
     WPZOOM Addons for Elementor (Templates, Widgets)
182. 2.182
     Advanced Floating Content Lite
183. 2.183
     Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss
184. 2.184
     rtMedia for WordPress, BuddyPress and bbPress
185. 2.185
     Classified Listing – Classified ads & Business Directory Plugin
186. 2.186
     Directorist – WordPress Business Directory Plugin with Classified Ads Listings
187. 2.187
     Elespare – Blog, Magazine and Newspaper Addons for Elementor with Templates, Widgets, Kits, and Header/Footer Builder. One Click Import: No Coding Required!
188. 2.188
     Email Customizer for WooCommerce | Drag and Drop Email Templates Builder
189. 2.189
     GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress
190. 2.190
     GeoDirectory – WordPress Business Directory Plugin, or Classified Directory
191. 2.191
     SSL Mixed Content Fix
192. 2.192
     List Custom Taxonomy Widget
193. 2.193
     Page Builder: Live Composer
194. 2.194
     myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin
195. 2.195
     Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction
196. 2.196
     Pop-up
197. 2.197
     Five Star Restaurant Reservations – WordPress Booking Plugin
198. 2.198
     ReviewX – Multi-criteria Rating & Reviews for WooCommerce
199. 2.199
     RomethemeKit For Elementor
200. 2.200
     RomethemeKit For Elementor
201. 2.201
     Send PDF for Contact Form 7
202. 2.202
     Social Share Buttons, Social Sharing Icons, Click to Tweet — Social Media Plugin by Social Snap
203. 2.203
     Ultimate Posts Widget
204. 2.204
     Easy Accept Payments via PayPal
205. 2.205
     WP Datepicker
206. 2.206
     SchedulePress – Best Editorial Calendar, Missed Schedule & Auto Social Share
207. 2.207
     WP Travel Engine – Best Travel Booking WordPress Plugin
208. 2.208
     Arconix FAQ
209. 2.209
     FG Joomla to WordPress
210. 2.210
     RomethemeForm For Elementor
211. 2.211
     Smart Forms – when you need more than just a contact form
212. 2.212
     Smart Forms – when you need more than just a contact form
213. 2.213
     WP LinkedIn Auto Publish
214. 2.214
     WordPress Backup & Migration
215. 2.215
     ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup
216. 2.216
     Maintenance Mode
217. 2.217
     WPC Composite Products for WooCommerce
218. 2.218
     ProfileGrid – User Profiles, Memberships, Groups and Communities
219. 2.219
     ProfileGrid – User Profiles, Memberships, Groups and Communities
220. 2.220
     ProfileGrid – User Profiles, Memberships, Groups and Communities
221. 2.221
     The Plus Blocks for Block Editor | Gutenberg
222. 2.222
     Better Elementor Addons
223. 2.223
     Easy Property Listings
224. 2.224
     Image Slider
225. 2.225
     Integrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files into Your WordPress Site
226. 2.226
     Integrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files into Your WordPress Site
227. 2.227
     Print My Blog – Print, PDF, & eBook Converter WordPress Plugin
228. 2.228
     Radio Player – Live Shoutcast, Icecast and Any Audio Stream Player for WordPress
229. 2.229
     Arconix Shortcodes
230. 2.230
     Assistant – Every Day Productivity Apps
231. 2.231
     Podlove Podcast Publisher
232. 2.232
     Podlove Podcast Publisher
233. 2.233
     Salon booking system
234. 2.234
     Salon booking system
235. 2.235
     Salon booking system
236. 2.236
     Ultimate 410 Gone Status Code
237. 2.237
     Advanced Local Pickup for WooCommerce
238. 2.238
     Embed Google Photos album
239. 2.239
     Import WP – Export and Import CSV and XML files to WordPress
240. 2.240
     Tickera – WordPress Event Ticketing
241. 2.241
     VikRentCar Car Rental Management System
242. 2.242
     WP ADA Compliance Check Basic – Most Comprehensive Web Accessibility Solution for WordPress
243. 2.243
     WP Fusion Lite – Marketing Automation and CRM Integration for WordPress
244. 2.244
     Coupon & Discount Code Reveal Button
245. 2.245
     Debug Log Manager
246. 2.246
     Newsletters
247. 2.247
     Newsletters
248. 2.248
     PropertyHive
249. 2.249
     Vision – Image Map Builder
250. 2.250
     Widget Post Slider
251. 2.251
     WP-Lister Lite for eBay
252. 2.252
     WP-Recall – Registration, Profile, Commerce & More
253. 2.253
     WP-Recall – Registration, Profile, Commerce & More
254. 2.254
     Accessibility Widget
255. 2.255
     Advanced Testimonial Carousel for Elementor
256. 2.256
     All-in-one Like Widget
257. 2.257
     Knowledge Base documentation & wiki plugin – BasePress Docs
258. 2.258
     Knowledge Base documentation & wiki plugin – BasePress Docs
259. 2.259
     CookieHub – Cookie Consent Banner (DSGVO, CCPA, RGPD and GDPR compliance)
260. 2.260
     Custom field finder
261. 2.261
     RSS Redirect & Feedburner Alternative
262. 2.262
     InstaWP Connect – 1-click WP Staging & Migration
263. 2.263
     iPages Flipbook For WordPress
264. 2.264
     The Pack Elementor addons (Header Footer & WooCommerce Builder, Template Library)
265. 2.265
     The Pack Elementor addons (Header Footer & WooCommerce Builder, Template Library)
266. 2.266
     User Meta – User Profile Builder and User management plugin
267. 2.267
     SuperFaktura WooCommerce
268. 2.268
     Academy LMS – eLearning and online course solution for WordPress
269. 2.269
     Academy LMS – eLearning and online course solution for WordPress
270. 2.270
     ActiveDEMAND
271. 2.271
     Admin Bar Editor – Hide Toolbar by User Roles
272. 2.272
     AI Post Generator | AutoWriter
273. 2.273
     AppPresser – Mobile App Framework
274. 2.274
     Booking Ultra Pro Appointments Booking Calendar Plugin
275. 2.275
     Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC)
276. 2.276
     Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Competition Plugin for WordPress
277. 2.277
     ChatBot Conversational Forms
278. 2.278
     Culqi
279. 2.279
     EPROLO Dropshipping
280. 2.280
     USPS Shipping for WooCommerce – Live Rates
281. 2.281
     Headline Analyzer
282. 2.282
     KB Support – WordPress Help Desk and Knowledge Base
283. 2.283
     Login with phone number
284. 2.284
     BizPrint – Print WooCommerce Order Receipts, Invoices, Labels & More.
285. 2.285
     Radio Station by netmix® – Manage and play your Show Schedule in WordPress!
286. 2.286
     Reviews Plus
287. 2.287
     Save as PDF Plugin by Pdfcrowd
288. 2.288
     Seers | GDPR & CCPA Cookie Consent & Compliance
289. 2.289
     Image Optimizer, Resizer and CDN – Sirv
290. 2.290
     StreamWeasels Twitch Integration
291. 2.291
     Poll | Vote | Contest – Best Poll Plugin for WordPress
292. 2.292
     Vitepos – Point of sale (POS) plugin for WooCommerce
293. 2.293
     WP Club Manager – WordPress Sports Club Plugin
294. 2.294
     WP GoToWebinar
295. 2.295
     MDTF – Meta Data and Taxonomies Filter
296. 2.296
     WP Time Slots Booking Form
297. 2.297
     WPCal.io – Easy Meeting Scheduler
298. 2.298
     WPPizza – A Restaurant Plugin
299. 2.299
     Frontend Dashboard
300. 2.300
     Leaky Paywall
301. 2.301
     Olive One Click Demo Import
302. 2.302
     SharkDropship and Affiliate for AliExpress, eBay, Amazon, Etsy
303. 2.303
     Barcode Scanner and Inventory manager. POS (Point of Sale) – scan barcodes & create orders with barcode reader.
304. 2.304
     Barcode Scanner and Inventory manager. POS (Point of Sale) – scan barcodes & create orders with barcode reader.
305. 2.305
     Slash Admin
306. 2.306
     Car Dealer (Dealership) and Vehicle sales
307. 2.307
     ShortPixel Critical CSS
308. 2.308
     Admin and Customer Messages After Order for WooCommerce: OrderConvo
309. 2.309
     SSU – WordPress Amazon S3 & Wasabi Smart File Uploads Plugin
310. 2.310
     Evergreen Content Poster – Auto Post and Schedule Your Best Content to Social Media
311. 2.311
     Build 5 Star Reviews on Google Reviews, Yelp, Facebook… easily and risk-free | RRatingg
312. 2.312
     Better Comments
313. 2.313
     Better Comments
314. 2.314
     Header Footer Code Manager Pro
315. 2.315
     ARForms
316. 2.316
     ARForms
317. 2.317
     ARForms
318. 2.318
     ARForms
319. 2.319
     ARForms
320. 2.320
     ARForms Form Builder
321. 2.321
     Digital Publications by Supsystic
322. 2.322
     ElementsKit Pro
323. 2.323
     Fancy Product Designer
324. 2.324
     Interactive World Maps
325. 2.325
     Max Addons Pro for Bricks
326. 2.326
     Max Addons Pro for Bricks
327. 2.327
     WooCommerce Shipping Label
328. 2.328
     WooCommerce Customers Manager
329. 2.329
     WooCommerce Customers Manager
330. 2.330
     WP Media Category Management
331. 2.331
     Wp Staging Pro
3. 3. WordPress Themes — 21 Patched / 7 Unpatched
1. 3.1
   UDesign
2. 3.2
   XStore
3. 3.3
   XStore
4. 3.4
   XStore
5. 3.5
   XStore
6. 3.6
   XStore
7. 3.7
   XStore
8. 3.8
   Accountra
9. 3.9
   Althea WP
10. 3.10
    Blocksy
11. 3.11
    Blocksy
12. 3.12
    Brite
13. 3.13
    Colibri WP
14. 3.14
    ColorNews
15. 3.15
    Elevate WP
16. 3.16
    Financio
17. 3.17
    Hugo WP
18. 3.18
    Intrace
19. 3.19
    Pathway
20. 3.20
    Photology
21. 3.21
    Royal Elementor Kit
22. 3.22
    Startupzy
23. 3.23
    Teluro
24. 3.24
    Travey
25. 3.25
    Vertice
26. 3.26
    Virtue
27. 3.27
    WP Portfolio
28. 3.28
    Zeever

Our WordPress Vulnerability Report covers the latest emerging WordPress plugin, theme, and core vulnerabilities. Each vulnerability will have a severity rating of Low, Medium, High, or Critical. Responsible disclosure of vulnerabilities is essential to keeping the WordPress community safe. Please share this report to help spread the word and make WordPress — and the web — more secure.

WordPress Core

WordPress 6.5.2 was released on April 9, 2024, as a short-cycle security and maintenance release. This release features 2 bug fixes on Core, 12 bug fixes for the Block editor, and 1 security fix. Because this is a security release, it is recommended that you update your sites immediately.

The next major release will be version 6.6 planned for July 16, 2024.

No new core vulnerabilities were disclosed this week.

WordPress Plugins — 248 Patched / 21 Unpatched

Plugin Slug:
auto-post-thumbnail

Installations
70,000+

Vulnerability:
Server Side Request Forgery (SSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
famethemes-demo-importer

Installations
50,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
piotnet-addons-for-elementor

Installations
40,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
ag-custom-admin

Installations
30,000+

Vulnerability:
Server Side Request Forgery (SSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
cryout-serious-slider

Installations
30,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
meks-smart-social-widget

Installations
20,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
xserver-migrator

Installations
20,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Critical

Plugin Slug:
anual-archive

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
buddypress-media

Installations
10,000+

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
clickcease-click-fraud-protection

Installations
10,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
democracy-poll

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
login-logout-register-menu

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
meks-themeforest-smart-widget

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
print-o-matic

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
smart-recent-posts-widget

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
enhanced-tooltipglossary

Installations
8,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
customify-sites

Installations
6,000+

Vulnerability:
Remote Code Execution (RCE)

Patched in Version:
No Fix

Severity Score:
Critical

Plugin Slug:
ad-widget

Installations
5,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
popupally

Installations
4,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
pretty-google-calendar

Installations
4,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
facebook-fan-page-widget

Installations
2,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
filterable-portfolio

Installations
2,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
share-this-image

Installations
2,000+

Vulnerability:
Open Redirection

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
smart-maintenance-mode

Installations
2,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
enl-newsletter

Installations
10+

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
enl-newsletter

Installations
10+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
enl-newsletter

Installations
10+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Advanced Search

Plugin Slug:
advance-search

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Advanced Most Recent Posts Mod

Plugin Slug:
advanced-most-recent-posts-mod

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Advanced Post List

Plugin Slug:
advanced-post-list

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

AJAX Login and Registration modal popup + inline form

Plugin Slug:
ajax-login-and-registration-modal-popup

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Element Pack Pro

Plugin Slug:
bdthemes-element-pack

Vulnerability:
Arbitrary File Download

Patched in Version:
No Fix

Severity Score:
High

Plugin:

CF7 File Download – File Download for CF7

Plugin Slug:
cf7-file-download

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Client Dash

Plugin Slug:
client-dash

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Contact Form 7 Extension For Mailchimp

Plugin Slug:
contact-form-7-mailchimp-extension

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

CPO Companion

Plugin Slug:
cpo-companion

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Crelly Slider

Plugin Slug:
crelly-slider

Vulnerability:
Insecure Direct Object References (IDOR)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Easy Set Favicon

Plugin Slug:
easy-set-favicon

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Embed Google Fonts

Plugin Slug:
embed-google-fonts

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

XStore Core

Plugin Slug:
et-core-plugin

Vulnerability:
Arbitrary File Download

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

XStore Core

Plugin Slug:
et-core-plugin

Vulnerability:
Local File Inclusion

Patched in Version:
No Fix

Severity Score:
High

Plugin:

XStore Core

Plugin Slug:
et-core-plugin

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
High

Plugin:

XStore Core

Plugin Slug:
et-core-plugin

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
High

Plugin:

XStore Core

Plugin Slug:
et-core-plugin

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

XStore Core

Plugin Slug:
et-core-plugin

Vulnerability:
PHP Object Injection

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

XStore Core

Plugin Slug:
et-core-plugin

Vulnerability:
Privilege Escalation

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

XStore Core

Plugin Slug:
et-core-plugin

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

Giphypress

Plugin Slug:
giphypress

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

GWP-Histats

Plugin Slug:
gwp-histats

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

JW Player for WordPress

Plugin Slug:
jw-player-7-for-wp

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

MF Gig Calendar

Plugin Slug:
mf-gig-calendar

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Mini Loops

Plugin Slug:
mini-loops

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Opal Widgets For Elementor

Plugin Slug:
opal-widgets-for-elementor

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

CodeBard’s Patron Button and Widgets for Patreon

Plugin Slug:
patron-button-and-widgets-by-codebard

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

PB MailCrypt

Plugin Slug:
pb-mailcrypt-antispam-email-encryption

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Piotnet Addons For Elementor Pro

Plugin Slug:
piotnet-addons-for-elementor-pro

Vulnerability:
Arbitrary Content Deletion

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Piotnet Addons For Elementor Pro

Plugin Slug:
piotnet-addons-for-elementor-pro

Vulnerability:
Server Side Request Forgery (SSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Piotnet Addons For Elementor Pro

Plugin Slug:
piotnet-addons-for-elementor-pro

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Piotnet Addons For Elementor Pro

Plugin Slug:
piotnet-addons-for-elementor-pro

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Piotnet Addons For Elementor Pro

Plugin Slug:
piotnet-addons-for-elementor-pro

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Progressive WordPress (PWA)

Plugin Slug:
progressive-wp

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Realtyna Organic IDX plugin

Plugin Slug:
real-estate-listing-realtyna-wpl

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Recencio Book Reviews

Plugin Slug:
recencio-book-reviews

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Regenerate post permalink

Plugin Slug:
regenerate-post-permalinks

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

School Management Pro

Plugin Slug:
school-management-pro

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Shortcode Addons

Plugin Slug:
shortcode-addons

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Sliding Widgets

Plugin Slug:
sliding-widgets

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Social Share Buttons by Supsystic

Plugin Slug:
social-share-buttons-by-supsystic

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Solid Affiliate

Plugin Slug:
solid-affiliate

Vulnerability:
Sensitive Data Exposure

Patched in Version:
No Fix

Severity Score:
High

Plugin:

SP Project & Document Manager

Plugin Slug:
sp-client-document-manager

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Sticky Anything

Plugin Slug:
toast-stick-anything

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
High

Plugin:

WidgetKit

Plugin Slug:
widgetkit-for-elementor

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

WZone

Plugin Slug:
woozone

Vulnerability:
Privilege Escalation

Patched in Version:
No Fix

Severity Score:
High

Plugin:

WZone

Plugin Slug:
woozone

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

WZone

Plugin Slug:
woozone

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
High

Plugin:

WZone

Plugin Slug:
woozone

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

WZone

Plugin Slug:
woozone

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

WZone

Plugin Slug:
woozone

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

WP GDPR Compliance

Plugin Slug:
wp-gdpr-compliance

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

WP Masquerade

Plugin Slug:
wp-masquerade

Vulnerability:
Privilege Escalation

Patched in Version:
No Fix

Severity Score:
High

Plugin:

WP Page Post Widget Clone

Plugin Slug:
wp-page-post-widget-clone

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

WTI Like Post

Plugin Slug:
wti-like-post

Vulnerability:
Bypass Vulnerability

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

XforWooCommerce

Plugin Slug:
xforwoocommerce

Vulnerability:
Local File Inclusion

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
all-in-one-seo-pack

Installations
3,000,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.6.1.1

Severity Score:
Medium

Plugin Slug:
essential-addons-for-elementor-lite

Installations
2,000,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
5.9.16

Severity Score:
Medium

Plugin Slug:
seo-by-rank-math

Installations
2,000,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.0.217

Severity Score:
Medium

Plugin Slug:
elementskit-lite

Installations
1,000,000+

Vulnerability:
Local File Inclusion

Patched in Version:
3.1.1

Severity Score:
High

Plugin Slug:
optinmonster

Installations
1,000,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.16.0

Severity Score:
Medium

Plugin Slug:
premium-addons-for-elementor

Installations
700,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.10.29

Severity Score:
Medium

Plugin Slug:
premium-addons-for-elementor

Installations
700,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.10.26

Severity Score:
Medium

Plugin Slug:
ultimate-addons-for-gutenberg

Installations
700,000+

Vulnerability:
Path Traversal

Patched in Version:
2.12.7

Severity Score:
Medium

Plugin Slug:
contact-form-cfdb7

Installations
600,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
1.2.7

Severity Score:
Medium

Plugin Slug:
shortcodes-ultimate

Installations
600,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
7.1.0

Severity Score:
Medium

Plugin Slug:
happy-elementor-addons

Installations
400,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.10.7

Severity Score:
Medium

Plugin Slug:
copy-delete-posts

Installations
300,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.4.5

Severity Score:
Medium

Plugin Slug:
metform

Installations
300,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.8.4

Severity Score:
Medium

Plugin Slug:
royal-elementor-addons

Installations
300,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.3.972

Severity Score:
Medium

Plugin Slug:
royal-elementor-addons

Installations
300,000+

Vulnerability:
Bypass Vulnerability

Patched in Version:
1.3.95

Severity Score:
Medium

Plugin Slug:
woocommerce-pdf-invoices-packing-slips

Installations
300,000+

Vulnerability:
Server Side Request Forgery (SSRF)

Patched in Version:
3.8.1

Severity Score:
High

Plugin Slug:
woocommerce-pdf-invoices-packing-slips

Installations
300,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.8.1

Severity Score:
High

Plugin Slug:
call-now-button

Installations
200,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.4.7

Severity Score:
Medium

Plugin Slug:
chaty

Installations
200,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.1.9

Severity Score:
Medium

Plugin Slug:
instant-images

Installations
200,000+

Vulnerability:
Privilege Escalation

Patched in Version:
6.1.1

Severity Score:
High

Plugin Slug:
jeg-elementor-kit

Installations
200,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.6.5

Severity Score:
Medium

Plugin Slug:
jeg-elementor-kit

Installations
200,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.6.4

Severity Score:
Medium

Plugin Slug:
photo-gallery

Installations
200,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.8.21

Severity Score:
Medium

Plugin Slug:
qi-addons-for-elementor

Installations
200,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.7.1

Severity Score:
Medium

Plugin Slug:
yith-woocommerce-compare

Installations
200,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.38.0

Severity Score:
Medium

Plugin Slug:
addon-elements-for-elementor-page-builder

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.13.4

Severity Score:
Medium

Plugin Slug:
backupwordpress

Installations
100,000+

Vulnerability:
Directory Traversal

Patched in Version:
3.14

Severity Score:
Low

Plugin Slug:
colibri-page-builder

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.0.264

Severity Score:
Medium

Plugin Slug:
colibri-page-builder

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.0.274

Severity Score:
Medium

Plugin Slug:
content-views-query-and-display-post-page

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.7.1

Severity Score:
Medium

Plugin Slug:
fileorganizer

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.0.7

Severity Score:
Medium

Plugin Slug:
flexible-shipping

Installations
100,000+

Vulnerability:
Broken Access Control

Patched in Version:
4.24.16

Severity Score:
Medium

Plugin Slug:
ht-mega-for-elementor

Installations
100,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
2.4.8

Severity Score:
Medium

Plugin Slug:
hummingbird-performance

Installations
100,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.7.4

Severity Score:
Medium

Plugin Slug:
sassy-social-share

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.3.61

Severity Score:
Medium

Plugin Slug:
schema-and-structured-data-for-wp

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.30

Severity Score:
Medium

Plugin Slug:
strong-testimonials

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.1.12

Severity Score:
Medium

Plugin Slug:
ultimate-social-media-icons

Installations
100,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.8.7

Severity Score:
Medium

Plugin Slug:
wp-whatsapp

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.6.4

Severity Score:
Medium

Plugin Slug:
paid-memberships-pro

Installations
90,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
3.0

Severity Score:
Medium

Plugin Slug:
paid-memberships-pro

Installations
90,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
3.0

Severity Score:
Medium

Plugin Slug:
vk-block-patterns

Installations
90,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.31.1.1

Severity Score:
Medium

Plugin Slug:
wp-staging

Installations
90,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
3.5.0

Severity Score:
Medium

Plugin Slug:
backup-backup

Installations
80,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.4.2

Severity Score:
Medium

Plugin Slug:
import-users-from-csv-with-meta

Installations
80,000+

Vulnerability:
PHP Object Injection

Patched in Version:
1.26.3

Severity Score:
Medium

Plugin Slug:
mainwp-child-reports

Installations
80,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.2

Severity Score:
Medium

Plugin Slug:
tutor

Installations
80,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.7.0

Severity Score:
Medium

Plugin Slug:
tutor

Installations
80,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.7.0

Severity Score:
Medium

Plugin Slug:
wp-smtp

Installations
80,000+

Vulnerability:
SQL Injection

Patched in Version:
1.2.7

Severity Score:
High

Plugin Slug:
wp-ulike

Installations
80,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.7.0

Severity Score:
Medium

Plugin Slug:
wp-ulike

Installations
80,000+

Vulnerability:
SQL Injection

Patched in Version:
4.7.0

Severity Score:
High

Plugin Slug:
wp-ulike

Installations
80,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.7.0

Severity Score:
Medium

Plugin Slug:
wpdiscuz

Installations
80,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
7.6.16

Severity Score:
Medium

Plugin Slug:
contact-form-entries

Installations
70,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.3.9

Severity Score:
High

Plugin Slug:
media-cleaner

Installations
70,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
6.7.3

Severity Score:
Medium

Plugin Slug:
users-customers-import-export-for-wp-woocommerce

Installations
70,000+

Vulnerability:
Deserialization of untrusted data

Patched in Version:
2.5.4

Severity Score:
Medium

Plugin Slug:
blog2social

Installations
60,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
7.5.0

Severity Score:
Medium

Plugin Slug:
exclusive-addons-for-elementor

Installations
60,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.6.9.2

Severity Score:
Medium

Plugin Slug:
exclusive-addons-for-elementor

Installations
60,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.6.9.4

Severity Score:
Medium

Plugin Slug:
exclusive-addons-for-elementor

Installations
60,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.6.9.5

Severity Score:
Medium

Plugin Slug:
getwid

Installations
60,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.0.8

Severity Score:
Medium

Plugin Slug:
woocommerce-currency-switcher

Installations
60,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.4.1.9

Severity Score:
Medium

Plugin Slug:
wp-members

Installations
60,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
3.4.9.4

Severity Score:
Medium

Plugin Slug:
enhanced-text-widget

Installations
50,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.6.5

Severity Score:
Medium

Plugin Slug:
form-maker

Installations
50,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.15.25

Severity Score:
Medium

Plugin Slug:
jquery-collapse-o-matic

Installations
50,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.8.5.6

Severity Score:
Medium

Plugin Slug:
quick-featured-images

Installations
50,000+

Vulnerability:
Broken Access Control

Patched in Version:
13.7.1

Severity Score:
Medium

Plugin Slug:
simple-membership

Installations
50,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.4.4

Severity Score:
Medium

Plugin Slug:
sina-extension-for-elementor

Installations
50,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.5.3

Severity Score:
Medium

Plugin Slug:
post-grid

Installations
40,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
2.2.79

Severity Score:
High

Plugin Slug:
simply-static

Installations
40,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
3.1.4

Severity Score:
High

Plugin Slug:
woocommerce-delivery-notes

Installations
40,000+

Vulnerability:
Broken Access Control

Patched in Version:
4.9.0

Severity Score:
Medium

Plugin Slug:
wp-analytify

Installations
40,000+

Vulnerability:
Broken Access Control

Patched in Version:
5.2.4

Severity Score:
Medium

Plugin Slug:
wp-analytify

Installations
40,000+

Vulnerability:
Broken Access Control

Patched in Version:
5.2.4

Severity Score:
Medium

Plugin Slug:
ag-custom-admin

Installations
30,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
7.2.2

Severity Score:
Medium

Plugin Slug:
ays-popup-box

Installations
30,000+

Vulnerability:
Broken Access Control

Patched in Version:
4.3.7

Severity Score:
Medium

Plugin Slug:
fv-wordpress-flowplayer

Installations
30,000+

Vulnerability:
Server Side Request Forgery (SSRF)

Patched in Version:
7.5.45.7212

Severity Score:
Medium

Plugin Slug:
master-addons

Installations
30,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.0.5.6

Severity Score:
Medium

Plugin Slug:
mp-timetable

Installations
30,000+

Vulnerability:
SQL Injection

Patched in Version:
2.4.12

Severity Score:
High

Plugin Slug:
social-warfare

Installations
30,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.4.6.2

Severity Score:
Medium

Plugin Slug:
vod-infomaniak

Installations
30,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.5.7

Severity Score:
High

Plugin Slug:
wp-google-places-review-slider

Installations
30,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
13.6

Severity Score:
Medium

Plugin Slug:
wp-hide-backed-notices

Installations
30,000+

Vulnerability:
Bypass Vulnerability

Patched in Version:
1.3

Severity Score:
Medium

Plugin Slug:
appointment-hour-booking

Installations
20,000+

Vulnerability:
Other Vulnerability Type

Patched in Version:
1.4.57

Severity Score:
Medium

Plugin Slug:
checkout-fees-for-woocommerce

Installations
20,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.12.2

Severity Score:
Medium

Plugin Slug:
data-tables-generator-by-supsystic

Installations
20,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.10.32

Severity Score:
Medium

Plugin Slug:
gt3-photo-video-gallery

Installations
20,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.7.7.22

Severity Score:
Medium

Plugin Slug:
pricing-table-by-supsystic

Installations
20,000+

Vulnerability:
Content Injection

Patched in Version:
1.9.13

Severity Score:
Medium

Plugin Slug:
rafflepress

Installations
20,000+

Vulnerability:
Bypass Vulnerability

Patched in Version:
1.12.11

Severity Score:
Medium

Plugin Slug:
rate-my-post

Installations
20,000+

Vulnerability:
Insecure Direct Object References (IDOR)

Patched in Version:
3.4.5

Severity Score:
Medium

Plugin Slug:
secure-copy-content-protection

Installations
20,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.9.1

Severity Score:
Medium

Plugin Slug:
secure-copy-content-protection

Installations
20,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.7.2

Severity Score:
Medium

Plugin Slug:
ultimate-social-media-plus

Installations
20,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.6.2

Severity Score:
Medium

Plugin Slug:
ultimate-social-media-plus

Installations
20,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.6.3

Severity Score:
Medium

Plugin Slug:
video-conferencing-with-zoom-api

Installations
20,000+

Vulnerability:
Open Redirection

Patched in Version:
4.4.5

Severity Score:
Medium

Plugin Slug:
woocommerce-product-addon

Installations
20,000+

Vulnerability:
Arbitrary File Upload

Patched in Version:
32.0.19

Severity Score:
Critical

Plugin Slug:
woocommerce-sendinblue-newsletter-subscription

Installations
20,000+

Vulnerability:
Arbitrary File Download

Patched in Version:
4.0.18

Severity Score:
High

Plugin Slug:
wpzoom-elementor-addons

Installations
20,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.1.36

Severity Score:
Medium

Plugin Slug:
advanced-floating-content-lite

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.2.6

Severity Score:
Medium

Plugin Slug:
bp-better-messages

Installations
10,000+

Vulnerability:
Broken Authentication

Patched in Version:
2.4.33

Severity Score:
Medium

Plugin Slug:
buddypress-media

Installations
10,000+

Vulnerability:
SQL Injection

Patched in Version:
4.6.19

Severity Score:
High

Plugin Slug:
classified-listing

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.0.11

Severity Score:
Medium

Plugin Slug:
directorist

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
7.9.0

Severity Score:
Medium

Plugin Slug:
elespare

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.1.3

Severity Score:
Medium

Plugin Slug:
email-customizer-for-woocommerce

Installations
10,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
2.6.1

Severity Score:
High

Plugin Slug:
gamipress

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
6.8.9

Severity Score:
Low

Plugin Slug:
geodirectory

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.3.49

Severity Score:
Medium

Plugin Slug:
http-https-remover

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.2.7

Severity Score:
Medium

Plugin Slug:
list-custom-taxonomy-widget

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.2

Severity Score:
Medium

Plugin Slug:
live-composer-page-builder

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.5.39

Severity Score:
Medium

Plugin Slug:
mycred

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.6.4

Severity Score:
Medium

Plugin Slug:
paid-member-subscriptions

Installations
10,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.11.1

Severity Score:
Medium

Plugin Slug:
pop-up-pop-up

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.2.4

Severity Score:
Medium

Plugin Slug:
restaurant-reservations

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.6.17

Severity Score:
Medium

Plugin Slug:
reviewx

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.6.22

Severity Score:
Medium

Plugin Slug:
rometheme-for-elementor

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.4.2

Severity Score:
Medium

Plugin Slug:
rometheme-for-elementor

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.4.2

Severity Score:
Medium

Plugin Slug:
send-pdf-for-contact-form-7

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.0.2.4

Severity Score:
Medium

Plugin Slug:
socialsnap

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.3.6

Severity Score:
Medium

Plugin Slug:
ultimate-posts-widget

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.3.0

Severity Score:
Medium

Plugin Slug:
wordpress-easy-paypal-payment-or-donation-accept-plugin

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
5.0

Severity Score:
High

Plugin Slug:
wp-datepicker

Installations
10,000+

Vulnerability:
Privilege Escalation

Patched in Version:
2.1.1

Severity Score:
High

Plugin Slug:
wp-scheduled-posts

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
5.0.9

Severity Score:
Medium

Plugin Slug:
wp-travel-engine

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
5.8.1

Severity Score:
High

Plugin Slug:
arconix-faq

Installations
9,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.9.4

Severity Score:
Medium

Plugin Slug:
fg-joomla-to-wordpress

Installations
9,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
4.21.0

Severity Score:
Medium

Plugin Slug:
romethemeform

Installations
9,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.1.3

Severity Score:
Medium

Plugin Slug:
smart-forms

Installations
9,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.6.96

Severity Score:
Medium

Plugin Slug:
smart-forms

Installations
9,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.6.92

Severity Score:
Medium

Plugin Slug:
wp-linkedin-auto-publish

Installations
9,000+

Vulnerability:
Broken Access Control

Patched in Version:
8.12

Severity Score:
Medium

Plugin Slug:
wp-migration-duplicator

Installations
9,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.4.9

Severity Score:
Medium

Plugin Slug:
armember-membership

Installations
8,000+

Vulnerability:
Broken Access Control

Patched in Version:
4.0.29

Severity Score:
Critical

Plugin Slug:
hkdev-maintenance-mode

Installations
8,000+

Vulnerability:
Bypass Vulnerability

Patched in Version:
3.0.2

Severity Score:
Low

Plugin Slug:
wpc-composite-products

Installations
8,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
7.2.8

Severity Score:
Medium

Plugin Slug:
profilegrid-user-profiles-groups-and-communities

Installations
7,000+

Vulnerability:
Insecure Direct Object References (IDOR)

Patched in Version:
5.8.0

Severity Score:
Medium

Plugin Slug:
profilegrid-user-profiles-groups-and-communities

Installations
7,000+

Vulnerability:
Bypass Vulnerability

Patched in Version:
5.8.3

Severity Score:
Medium

Plugin Slug:
profilegrid-user-profiles-groups-and-communities

Installations
7,000+

Vulnerability:
Insecure Direct Object References (IDOR)

Patched in Version:
5.8.0

Severity Score:
Medium

Plugin Slug:
the-plus-addons-for-block-editor

Installations
7,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.2.6

Severity Score:
Medium

Plugin Slug:
better-elementor-addons

Installations
6,000+

Vulnerability:
Local File Inclusion

Patched in Version:
1.4.2

Severity Score:
Medium

Plugin Slug:
easy-property-listings

Installations
6,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.5.4

Severity Score:
Medium

Plugin Slug:
image-slider-widget

Installations
6,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.1.127

Severity Score:
Medium

Plugin Slug:
integrate-google-drive

Installations
6,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.3.91

Severity Score:
High

Plugin Slug:
integrate-google-drive

Installations
6,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.3.91

Severity Score:
Medium

Plugin Slug:
print-my-blog

Installations
6,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.26.3

Severity Score:
Medium

Plugin Slug:
radio-player

Installations
6,000+

Vulnerability:
Server Side Request Forgery (SSRF)

Patched in Version:
2.0.74

Severity Score:
Medium

Plugin Slug:
arconix-shortcodes

Installations
5,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.1.11

Severity Score:
Medium

Plugin Slug:
assistant

Installations
5,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
1.4.9.2

Severity Score:
Medium

Plugin Slug:
podlove-podcasting-plugin-for-wordpress

Installations
5,000+

Vulnerability:
Server Side Request Forgery (SSRF)

Patched in Version:
4.0.12

Severity Score:
Medium

Plugin Slug:
podlove-podcasting-plugin-for-wordpress

Installations
5,000+

Vulnerability:
Broken Access Control

Patched in Version:
4.0.15

Severity Score:
High

Plugin Slug:
salon-booking-system

Installations
5,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
9.6.6

Severity Score:
Medium

Plugin Slug:
salon-booking-system

Installations
5,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
9.6.6

Severity Score:
Medium

Plugin Slug:
salon-booking-system

Installations
5,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
9.6.6

Severity Score:
Medium

Plugin Slug:
ultimate-410

Installations
5,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.1.5

Severity Score:
Medium

Plugin Slug:
advanced-local-pickup-for-woocommerce

Installations
4,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.6.2

Severity Score:
Medium

Plugin Slug:
embed-google-photos-album-easily

Installations
4,000+

Vulnerability:
Server Side Request Forgery (SSRF)

Patched in Version:
2.2.1

Severity Score:
Medium

Plugin Slug:
jc-importer

Installations
4,000+

Vulnerability:
Server Side Request Forgery (SSRF)

Patched in Version:
2.13.1

Severity Score:
Medium

Plugin Slug:
tickera-event-ticketing-system

Installations
4,000+

Vulnerability:
Insecure Direct Object References (IDOR)

Patched in Version:
3.5.2.5

Severity Score:
Medium

Plugin Slug:
vikrentcar

Installations
4,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
1.3.3

Severity Score:
Medium

Plugin Slug:
wp-ada-compliance-check-basic

Installations
4,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
3.1.4

Severity Score:
Medium

Plugin Slug:
wp-fusion-lite

Installations
4,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
3.43.0

Severity Score:
Medium

Plugin Slug:
coupon-reveal-button

Installations
3,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.2.6

Severity Score:
Medium

Plugin Slug:
debug-log-manager

Installations
3,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.3.2

Severity Score:
Medium

Plugin Slug:
newsletters-lite

Installations
3,000+

Vulnerability:
Arbitrary File Upload

Patched in Version:
4.9.6

Severity Score:
Critical

Plugin Slug:
newsletters-lite

Installations
3,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
4.9.6

Severity Score:
High

Plugin Slug:
propertyhive

Installations
3,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.0.13

Severity Score:
Medium

Plugin Slug:
vision

Installations
3,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.7.2

Severity Score:
Medium

Plugin Slug:
widget-post-slider

Installations
3,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.3.6

Severity Score:
Medium

Plugin Slug:
wp-lister-for-ebay

Installations
3,000+

Vulnerability:
Arbitrary File Upload

Patched in Version:
3.6.0

Severity Score:
Critical

Plugin Slug:
wp-recall

Installations
3,000+

Vulnerability:
SQL Injection

Patched in Version:
16.26.6

Severity Score:
High

Plugin Slug:
wp-recall

Installations
3,000+

Vulnerability:
SQL Injection

Patched in Version:
16.26.6

Severity Score:
Critical

Plugin Slug:
accessibility-widget

Installations
2,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.2.1

Severity Score:
Medium

Plugin Slug:
advanced-testimonial-carousel-for-elementor

Installations
2,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.0.1

Severity Score:
Medium

Plugin Slug:
all-in-one-facebook-like-widget

Installations
2,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.2.8

Severity Score:
Medium

Plugin Slug:
basepress

Installations
2,000+

Vulnerability:
Server Side Request Forgery (SSRF)

Patched in Version:
2.16.2.1

Severity Score:
Medium

Plugin Slug:
basepress

Installations
2,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.16.2.1

Severity Score:
Medium

Plugin Slug:
cookiehub

Installations
2,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.1.1

Severity Score:
Medium

Plugin Slug:
custom-field-finder

Installations
2,000+

Vulnerability:
PHP Object Injection

Patched in Version:
0.4

Severity Score:
Medium

Plugin Slug:
feedburner-alternative-and-rss-redirect

Installations
2,000+

Vulnerability:
Broken Access Control

Patched in Version:
4.0

Severity Score:
Medium

Plugin Slug:
instawp-connect

Installations
2,000+

Vulnerability:
Broken Access Control

Patched in Version:
0.1.0.25

Severity Score:
Medium

Plugin Slug:
ipages-flipbook

Installations
2,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.5.2

Severity Score:
Medium

Plugin Slug:
the-pack-addon

Installations
2,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.0.8.4

Severity Score:
High

Plugin Slug:
the-pack-addon

Installations
2,000+

Vulnerability:
Server Side Request Forgery (SSRF)

Patched in Version:
2.0.8.3

Severity Score:
Medium

Plugin Slug:
user-meta

Installations
2,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
3.1

Severity Score:
Medium

Plugin Slug:
woocommerce-superfaktura

Installations
2,000+

Vulnerability:
Server Side Request Forgery (SSRF)

Patched in Version:
1.40.4

Severity Score:
Medium

Plugin Slug:
academy

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.9.17

Severity Score:
High

Plugin Slug:
academy

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.9.17

Severity Score:
Medium

Plugin Slug:
activedemand

Installations
1,000+

Vulnerability:
Arbitrary File Upload

Patched in Version:
0.2.42

Severity Score:
Critical

Plugin Slug:
admin-bar

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.0.23

Severity Score:
Medium

Plugin Slug:
ai-post-generator

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.4

Severity Score:
Medium

Plugin Slug:
apppresser

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
4.3.1

Severity Score:
Medium

Plugin Slug:
booking-ultra-pro

Installations
1,000+

Vulnerability:
Privilege Escalation

Patched in Version:
1.1.13

Severity Score:
High

Plugin Slug:
buddyforms

Installations
1,000+

Vulnerability:
Arbitrary File Download

Patched in Version:
2.8.9

Severity Score:
High

Plugin Slug:
contest-gallery

Installations
1,000+

Vulnerability:
Arbitrary File Deletion

Patched in Version:
21.3.5

Severity Score:
High

Plugin Slug:
conversational-forms

Installations
1,000+

Vulnerability:
Arbitrary File Download

Patched in Version:
1.2.0

Severity Score:
High

Plugin Slug:
culqi-checkout

Installations
1,000+

Vulnerability:
Server Side Request Forgery (SSRF)

Patched in Version:
3.0.15

Severity Score:
Medium

Plugin Slug:
eprolo-dropshipping

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.7.2

Severity Score:
Medium

Plugin Slug:
flexible-shipping-usps

Installations
1,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
1.10.0

Severity Score:
Medium

Plugin Slug:
headline-analyzer

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.3.4

Severity Score:
Medium

Plugin Slug:
kb-support

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.6.1

Severity Score:
Medium

Plugin Slug:
login-with-phone-number

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.6.94

Severity Score:
Critical

Plugin Slug:
print-google-cloud-print-gcp-woocommerce

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
4.5.4

Severity Score:
High

Plugin Slug:
radio-station

Installations
1,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.5.8

Severity Score:
Medium

Plugin Slug:
reviews-plus

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.3.5

Severity Score:
Medium

Plugin Slug:
save-as-pdf-by-pdfcrowd

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.2.1

Severity Score:
Medium

Plugin Slug:
seers-cookie-consent-banner-privacy-policy

Installations
1,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
8.1.1

Severity Score:
High

Plugin Slug:
sirv

Installations
1,000+

Vulnerability:
Privilege Escalation

Patched in Version:
7.2.3

Severity Score:
High

Plugin Slug:
streamweasels-twitch-integration

Installations
1,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
1.8.0

Severity Score:
Medium

Plugin Slug:
totalpoll-lite

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
4.10.0

Severity Score:
Medium

Plugin Slug:
vitepos-lite

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.0.2

Severity Score:
Medium

Plugin Slug:
wp-club-manager

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.2.12

Severity Score:
Medium

Plugin Slug:
wp-gotowebinar

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
15.1

Severity Score:
Medium

Plugin Slug:
wp-meta-data-filter-and-taxonomy-filter

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.3.3.1

Severity Score:
Medium

Plugin Slug:
wp-time-slots-booking-form

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.2.07

Severity Score:
High

Plugin Slug:
wpcal

Installations
1,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
0.9.5.9

Severity Score:
Medium

Plugin Slug:
wppizza

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.18.11

Severity Score:
Medium

Plugin Slug:
frontend-dashboard

Installations
900+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
2.2.4

Severity Score:
High

Plugin Slug:
leaky-paywall

Installations
900+

Vulnerability:
Broken Access Control

Patched in Version:
4.20.9

Severity Score:
High

Plugin Slug:
olive-one-click-demo-import

Installations
900+

Vulnerability:
Arbitrary File Download

Patched in Version:
1.1.2

Severity Score:
High

Plugin Slug:
woo-aliexpress-dropshipping

Installations
900+

Vulnerability:
Arbitrary Content Deletion

Patched in Version:
2.1.2

Severity Score:
High

Plugin Slug:
barcode-scanner-lite-pos-to-manage-products-inventory-and-orders

Installations
800+

Vulnerability:
Privilege Escalation

Patched in Version:
1.5.4

Severity Score:
Critical

Plugin Slug:
barcode-scanner-lite-pos-to-manage-products-inventory-and-orders

Installations
800+

Vulnerability:
Broken Access Control

Patched in Version:
1.5.4

Severity Score:
Critical

Plugin Slug:
slash-admin

Installations
800+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.8.2

Severity Score:
High

Plugin Slug:
cardealer

Installations
700+

Vulnerability:
Content Injection

Patched in Version:
4.16

Severity Score:
Low

Plugin Slug:
shortpixel-critical-css

Installations
700+

Vulnerability:
Broken Access Control

Patched in Version:
1.0.3

Severity Score:
High

Plugin Slug:
admin-and-client-message-after-order-for-woocommerce

Installations
500+

Vulnerability:
Broken Access Control

Patched in Version:
12.5

Severity Score:
Critical

Plugin Slug:
wp-s3-smart-upload

Installations
400+

Vulnerability:
Broken Access Control

Patched in Version:
1.5.1

Severity Score:
High

Plugin Slug:
evergreen-content-poster

Installations
100+

Vulnerability:
Broken Access Control

Patched in Version:
1.4.3

Severity Score:
Medium

Plugin Slug:
5-stars-rating-funnel

Installations
40+

Vulnerability:
Broken Access Control

Patched in Version:
1.3.02

Severity Score:
Medium

Plugin Slug:
better-comments

Installations
20+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.5.6

Severity Score:
Medium

Plugin Slug:
better-comments

Installations
20+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.5.6

Severity Score:
Medium

Plugin:

Header Footer Code Manager Pro

Plugin Slug:
99robots-header-footer-code-manager-pro

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.0.17

Severity Score:
High

Plugin:

ARForms

Plugin Slug:
arforms

Vulnerability:
SQL Injection

Patched in Version:
6.4.1

Severity Score:
High

Plugin:

ARForms

Plugin Slug:
arforms

Vulnerability:
Settings Change

Patched in Version:
6.4.1

Severity Score:
High

Plugin:

ARForms

Plugin Slug:
arforms

Vulnerability:
Settings Change

Patched in Version:
6.4.1

Severity Score:
High

Plugin:

ARForms

Plugin Slug:
arforms

Vulnerability:
Arbitrary File Deletion

Patched in Version:
6.4.1

Severity Score:
High

Plugin:

ARForms

Plugin Slug:
arforms

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
6.4.1

Severity Score:
High

Plugin:

ARForms Form Builder

Plugin Slug:
arforms-form-builder

Vulnerability:
Broken Access Control

Patched in Version:
1.6.5

Severity Score:
High

Plugin:

Digital Publications by Supsystic

Plugin Slug:
digital-publications-by-supsystic

Vulnerability:
Broken Access Control

Patched in Version:
1.7.8

Severity Score:
Medium

Plugin:

ElementsKit Pro

Plugin Slug:
elementskit

Vulnerability:
Local File Inclusion

Patched in Version:
3.6.1

Severity Score:
High

Plugin:

Fancy Product Designer

Plugin Slug:
fancy-product-designer

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
6.1.8

Severity Score:
High

Plugin:

Interactive World Maps

Plugin Slug:
interactive-world-maps

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.5

Severity Score:
High

Plugin:

Max Addons Pro for Bricks

Plugin Slug:
max-addons-pro-bricks

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.6.2

Severity Score:
High

Plugin:

Max Addons Pro for Bricks

Plugin Slug:
max-addons-pro-bricks

Vulnerability:
Settings Change

Patched in Version:
1.6.2

Severity Score:
Medium

Plugin:

WooCommerce Shipping Label

Plugin Slug:
shipping-labels-for-woo

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.3.9

Severity Score:
Medium

Plugin:

WooCommerce Customers Manager

Plugin Slug:
woocommerce-customers-manager

Vulnerability:
Broken Access Control

Patched in Version:
29.8

Severity Score:
Medium

Plugin:

WooCommerce Customers Manager

Plugin Slug:
woocommerce-customers-manager

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
29.8

Severity Score:
High

Plugin:

WP Media Category Management

Plugin Slug:
wp-media-category-management

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.3.0

Severity Score:
High

Plugin:

Wp Staging Pro

Plugin Slug:
wp-staging-pro

Vulnerability:
Sensitive Data Exposure

Patched in Version:
5.5.0

Severity Score:
Medium

WordPress Themes — 21 Patched / 7 Unpatched

Theme:

UDesign

Theme Slug:
u-design

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Theme:

XStore

Theme Slug:
xstore

Vulnerability:
Settings Change

Patched in Version:
No Fix

Severity Score:
High

Theme:

XStore

Theme Slug:
xstore

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
High

Theme:

XStore

Theme Slug:
xstore

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Theme:

XStore

Theme Slug:
xstore

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
High

Theme:

XStore

Theme Slug:
xstore

Vulnerability:
Local File Inclusion

Patched in Version:
No Fix

Severity Score:
Critical

Theme:

XStore

Theme Slug:
xstore

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
Critical

Theme Slug:
accountra

Downloads
20,885

Vulnerability:
Broken Access Control

Patched in Version:
1.0.4

Severity Score:
Medium

Theme Slug:
althea-wp

Downloads
52,642

Vulnerability:
Broken Access Control

Patched in Version:
1.0.16

Severity Score:
Medium

Theme Slug:
blocksy

Downloads
3,113,676

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.0.40

Severity Score:
Medium

Theme Slug:
blocksy

Downloads
3,113,676

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.0.34

Severity Score:
Medium

Theme Slug:
brite

Downloads
125,207

Vulnerability:
Broken Access Control

Patched in Version:
1.0.15

Severity Score:
Medium

Theme Slug:
colibri-wp

Downloads
1,271,195

Vulnerability:
Broken Access Control

Patched in Version:
1.0.99

Severity Score:
Medium

Theme Slug:
colornews

Downloads
266,626

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.2.7

Severity Score:
Medium

Theme Slug:
elevate-wp

Downloads
70,130

Vulnerability:
Broken Access Control

Patched in Version:
1.0.17

Severity Score:
Medium

Theme Slug:
financio

Downloads
17,197

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.1.4

Severity Score:
Medium

Theme Slug:
hugo-wp

Downloads
59,334

Vulnerability:
Broken Access Control

Patched in Version:
1.0.10

Severity Score:
Medium

Theme Slug:
intrace

Downloads
84,888

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.1.1

Severity Score:
Medium

Theme Slug:
pathway

Downloads
57,050

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.0.16

Severity Score:
Medium

Theme Slug:
photology

Downloads
17,339

Vulnerability:
Broken Access Control

Patched in Version:
1.1.4

Severity Score:
Medium

Theme Slug:
royal-elementor-kit

Downloads
461,793

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.0.117

Severity Score:
Medium

Theme Slug:
startupzy

Downloads
66,824

Vulnerability:
Broken Access Control

Patched in Version:
1.1.2

Severity Score:
Medium

Theme Slug:
teluro

Downloads
188,771

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.0.36

Severity Score:
Medium

Theme Slug:
travey

Downloads
17,666

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.0.5

Severity Score:
Medium

Theme Slug:
vertice

Downloads
47,531

Vulnerability:
Broken Access Control

Patched in Version:
1.0.11

Severity Score:
Medium

Theme Slug:
virtue

Downloads
2,473,892

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.4.9

Severity Score:
Medium

Theme Slug:
wp-portfolio

Downloads
82,208

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.5

Severity Score:
Medium

Theme Slug:
zeever

Downloads
208,788

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.1.1

Severity Score:
Medium

Solid Security is part of Solid Suite — The best foundation for WordPress websites.

Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!

Get Solid Security

Keep reading the article at Blog – SolidWP. The article was originally written by Sarah Ulmer on 2024-05-01 11:27:57.

The article was hand-picked and curated for you by the Editorial Team of WP Archives.

In this report, 192 vulnerabilities have been publicly disclosed. Security patches for 145 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 47 plugin vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

window[“e516ebc3_cc22_4120_9024_74a02d8803fb”] = {“blockId”:”e516ebc3-cc22-4120-9024-74a02d8803fb”,”type”:”warning”,”content”:”

Along with poor user account security, vulnerable plugins and themes are among the top reasons why WordPress websites get hacked. Unfortunately, cyberattacks are increasing in volume and sophistication. They’re also increasingly aimed at small to mid-sized businesses.”,”className”:””};

Along with poor user account security, vulnerable plugins and themes are among the top reasons why WordPress websites get hacked. Unfortunately, cyberattacks are increasing in volume and sophistication. They’re also increasingly aimed at small to mid-sized businesses.

window[“255c72cf_b4e3_402c_9998_e11c0e137abc”] = {“blockId”:”255c72cf-b4e3-402c-9998-e11c0e137abc”,”className”:””,”isOpen”:true};

Table of Contents

1. 1. What Are Remote Code Execution (RCE) Attacks?
1. 1.1 RCE Attacks Explained
2. 2. Remote Code Execution Example
3. 3. What Are the Different Types of Remote Code Execution?
1. 3.1 SQL Injections
2. 3.2 Cross-Site Scripting
3. 3.3 Directory Traversal
4. 4. What Can You Do To Prevent Remote Code Execution (RCE) Attacks?
5. 5. How to Prevent Remote Code Execution (RCE) Attacks: 5 Steps
1. 5.1 1. Download and Install the Solid Security Pro Plugin
2. 5.2 2. Activate Version Management to Keep WordPress Core, Plugins and Themes Updated
3. 5.3 3. Scan Your Site For Vulnerable Plugins and Themes
4. 5.4 4. Prevent Session Hijacking
5. 5.5 5. Turn on Two-Factor Authentication for All Admin Users
6. 6. RCE Prevention: Additional Tips
1. 6.1 1. Only Use Well-Established Software Applications and Plugins
2. 6.2 2. Validate the Input of Users
3. 6.3 3. The Least Privilege Principle
4. 6.4 4. Content-Security-Policy
5. 6.5 5. Stop Script From Reading Cookies
7. 7. Wrapping UP: WordPress Remote Code Execution

window[“d4016609_9a27_4a04_8b01_4cf71ac41793”] = {“blockId”:”d4016609-9a27-4a04-8b01-4cf71ac41793″,”type”:”notice”,”content”:”

Our WordPress Vulnerability Reportu00a0covers the latest emerging WordPress plugin, theme, and core vulnerabilities. Each vulnerability will have a severity rating ofu00a0Low,u00a0Medium,u00a0High, oru00a0Critical. Responsible disclosure of vulnerabilities is essential to keeping the WordPress community safe. Please share this report to help spread the word and make WordPress u2014 and the web u2014 more secure.”,”className”:””};

Our WordPress Vulnerability Report covers the latest emerging WordPress plugin, theme, and core vulnerabilities. Each vulnerability will have a severity rating of Low, Medium, High, or Critical. Responsible disclosure of vulnerabilities is essential to keeping the WordPress community safe. Please share this report to help spread the word and make WordPress — and the web — more secure.

WordPress Core

WordPress 6.5.3 was released on May 7, 2024, as a short-cycle maintenance release. This release features 12 bug fixes on Core and 9 bug fixes for the Block editor.

The next major release will be version 6.6 planned for July 2024.

window[“3ce27c10_4561_4878_bd60_5562a4dbf81c”] = {“blockId”:”3ce27c10-4561-4878-bd60-5562a4dbf81c”,”text”:”No new core vulnerabilities were disclosed this week.”,”className”:””};

No new core vulnerabilities were disclosed this week.

WordPress Plugins — 129 Patched / 47 Unpatched

Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer

Plugin:

Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer

Plugin Slug:
clearfy

Installations
80,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-34806

The vulnerability has not been patched. You should deactivate the plugin.

Flo Forms – Easy Drag & Drop Form Builder

Plugin:

Flo Forms – Easy Drag & Drop Form Builder

Plugin Slug:
flo-forms

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-35174

The vulnerability has not been patched. You should deactivate the plugin.

WP Post Author – Enhance Your Posts with the Author Bio, Co-Authors, Guest Authors, and Post Rating System, including User Registration Form Builder

Plugin:

WP Post Author – Enhance Your Posts with the Author Bio, Co-Authors, Guest Authors, and Post Rating System, including User Registration Form Builder

Plugin Slug:
wp-post-author

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-34389

The vulnerability has not been patched. You should deactivate the plugin.

WP Post Author – Enhance Your Posts with the Author Bio, Co-Authors, Guest Authors, and Post Rating System, including User Registration Form Builder

Plugin:

WP Post Author – Enhance Your Posts with the Author Bio, Co-Authors, Guest Authors, and Post Rating System, including User Registration Form Builder

Plugin Slug:
wp-post-author

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-34387

The vulnerability has not been patched. You should deactivate the plugin.

140+ Widgets | Best Addons For Elementor – FREE

Plugin:

140+ Widgets | Best Addons For Elementor – FREE

Plugin Slug:
xpro-elementor-addons

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-34570

The vulnerability has not been patched. You should deactivate the plugin.

JCH Optimize

Plugin:

JCH Optimize

Plugin Slug:
jch-optimize

Installations
6,000+

Vulnerability:
Path Traversal

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-34808

The vulnerability has not been patched. You should deactivate the plugin.

Post Grid Master – Custom Post Types, Taxonomies & Ajax Filter Everything with Infinite Scroll, Load More, Pagination & Shortcode Builder

Plugin:

Post Grid Master – Custom Post Types, Taxonomies & Ajax Filter Everything with Infinite Scroll, Load More, Pagination & Shortcode Builder

Plugin Slug:
ajax-filter-posts

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-34390

The vulnerability has not been patched. You should deactivate the plugin.

Kognetiks Chatbot for WordPress

Plugin:

Kognetiks Chatbot for WordPress

Plugin Slug:
chatbot-chatgpt

Installations
1,000+

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-32700

The vulnerability has not been patched. You should deactivate the plugin.

Netgsm

Plugin:

Netgsm

Plugin Slug:
netgsm

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-4746

The vulnerability has not been patched. You should deactivate the plugin.

Propovoice CRM – Best CRM & Invoicing Plugin to Manage Leads, Clients and Billings automation

Plugin:

Propovoice CRM – Best CRM & Invoicing Plugin to Manage Leads, Clients and Billings automation

Plugin Slug:
propovoice

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-4747

The vulnerability has not been patched. You should deactivate the plugin.

Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider

Plugin:

Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider

Plugin Slug:
ultimate-store-kit

Installations
1,000+

Vulnerability:
PHP Object Injection

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-4606

The vulnerability has not been patched. You should deactivate the plugin.

WC Serial Numbers – Ultimate License Manager for Selling, Licensing & Securely Delivering Digital Content with WooCommerce

Plugin:

WC Serial Numbers – Ultimate License Manager for Selling, Licensing & Securely Delivering Digital Content with WooCommerce

Plugin Slug:
wc-serial-numbers

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-35173

The vulnerability has not been patched. You should deactivate the plugin.

WordPress Webinar Plugin – WebinarPress

Plugin:

WordPress Webinar Plugin – WebinarPress

Plugin Slug:
wp-webinarsystem

Installations
1,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-34818

The vulnerability has not been patched. You should deactivate the plugin.

gee Search Plus, improved WordPress search

Plugin:

gee Search Plus, improved WordPress search

Plugin Slug:
gsearch-plus

Installations
100+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-34560

The vulnerability has not been patched. You should deactivate the plugin.

Sticky Social Link

Plugin:

Sticky Social Link

Plugin Slug:
sticky-social-link

Installations
100+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-34546

The vulnerability has not been patched. You should deactivate the plugin.

DS Site Message

Plugin:

DS Site Message

Plugin Slug:
ds-site-message

Installations
10+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-34439

The vulnerability has not been patched. You should deactivate the plugin.

Viet Nam Affiliate

Plugin:

Viet Nam Affiliate

Plugin Slug:
viet-nam-affiliate

Installations
10+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-34417

The vulnerability has not been patched. You should deactivate the plugin.

AWSOM News Announcement

Plugin:

AWSOM News Announcement

Plugin Slug:
awsom-news-announcement

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-34428

The vulnerability has not been patched. You should deactivate the plugin.

BlogLentor

Plugin:

BlogLentor

Plugin Slug:
bloglentor-for-elementor

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-34421

The vulnerability has not been patched. You should deactivate the plugin.

Brozzme Scroll Top

Plugin:

Brozzme Scroll Top

Plugin Slug:
brozzme-scroll-top

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-34426

The vulnerability has not been patched. You should deactivate the plugin.

canvasio3D Light

Plugin:

canvasio3D Light

Plugin Slug:
canvasio3d-light

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-34411

The vulnerability has not been patched. You should deactivate the plugin.

Configure Login Timeout

Plugin:

Configure Login Timeout

Plugin Slug:
configure-login-timeout

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-34419

The vulnerability has not been patched. You should deactivate the plugin.

Corona Virus (COVID-19) Banner & Live Data

Plugin:

Corona Virus (COVID-19) Banner & Live Data

Plugin Slug:
corona-virus-covid-19-banner

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-34429

The vulnerability has not been patched. You should deactivate the plugin.

Crelly Slider

Plugin:

Crelly Slider

Plugin Slug:
crelly-slider

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-3752

The vulnerability has not been patched. You should deactivate the plugin.

Debug Info

Plugin:

Debug Info

Plugin Slug:
debug-info

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-34565

The vulnerability has not been patched. You should deactivate the plugin.

EasyEvent

Plugin:

EasyEvent

Plugin Slug:
easyevent

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-3628

The vulnerability has not been patched. You should deactivate the plugin.

Enter Addons

Plugin:

Enter Addons

Plugin Slug:
enteraddons

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-3831

The vulnerability has not been patched. You should deactivate the plugin.

Fancy Elementor Flipbox

Plugin:

Fancy Elementor Flipbox

Plugin Slug:
fancy-elementor-flipbox

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-34572

The vulnerability has not been patched. You should deactivate the plugin.

Fast Custom Social Share by CodeBard

Plugin:

Fast Custom Social Share by CodeBard

Plugin Slug:
fast-custom-social-share-by-codebard

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-34807

The vulnerability has not been patched. You should deactivate the plugin.

Featured Content Gallery

Plugin:

Featured Content Gallery

Plugin Slug:
featured-content-gallery

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-34424

The vulnerability has not been patched. You should deactivate the plugin.

Forty Four – 404 Plugin for WordPress

Plugin:

Forty Four – 404 Plugin for WordPress

Plugin Slug:
forty-four

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-34423

The vulnerability has not been patched. You should deactivate the plugin.

GDPR Compliance

Plugin:

GDPR Compliance

Plugin Slug:
gdpr-compliance

Vulnerability:
Sensitive Data Exposure

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-34388

The vulnerability has not been patched. You should deactivate the plugin.

Comments Evolved for WordPress

Plugin:

Comments Evolved for WordPress

Plugin Slug:
gplus-comments

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-34420

The vulnerability has not been patched. You should deactivate the plugin.

LetterPress

Plugin:

LetterPress

Plugin Slug:
letterpress

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-34568

The vulnerability has not been patched. You should deactivate the plugin.

MF Gig Calendar

Plugin:

MF Gig Calendar

Plugin Slug:
mf-gig-calendar

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-3755

The vulnerability has not been patched. You should deactivate the plugin.

Pk Favicon Manager

Plugin:

Pk Favicon Manager

Plugin Slug:
phpsword-favicon-manager

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-34416

The vulnerability has not been patched. You should deactivate the plugin.

Pootle Pagebuilder – WordPress Page builder

Plugin:

Pootle Pagebuilder – WordPress Page builder

Plugin Slug:
pootle-page-builder

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-34573

The vulnerability has not been patched. You should deactivate the plugin.

Pure Chat

Plugin:

Pure Chat

Plugin Slug:
pure-chat

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-3595

The vulnerability has not been patched. You should deactivate the plugin.

QuickieBar

Plugin:

QuickieBar

Plugin Slug:
quickiebar

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-34425

The vulnerability has not been patched. You should deactivate the plugin.

Social Connect

Plugin:

Social Connect

Plugin Slug:
social-connect

Vulnerability:
Privilege Escalation

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-4393

The vulnerability has not been patched. You should deactivate the plugin.

Swift Performance Lite

Plugin:

Swift Performance Lite

Plugin Slug:
swift-performance-lite

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-3722

The vulnerability has not been patched. You should deactivate the plugin.

Table Maker

Plugin:

Table Maker

Plugin Slug:
table-maker

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-34574

The vulnerability has not been patched. You should deactivate the plugin.

TT Custom Post Type Creator

Plugin:

TT Custom Post Type Creator

Plugin Slug:
tt-custom-post-type-creator

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-34430

The vulnerability has not been patched. You should deactivate the plugin.

Viet Affiliate Link

Plugin:

Viet Affiliate Link

Plugin Slug:
viet-affiliate-link

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-34422

The vulnerability has not been patched. You should deactivate the plugin.

WP etracker

Plugin:

WP etracker

Plugin Slug:
wp-etracker

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-34431

The vulnerability has not been patched. You should deactivate the plugin.

WP Favorite Posts

Plugin:

WP Favorite Posts

Plugin Slug:
wp-favorite-posts

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-34427

The vulnerability has not been patched. You should deactivate the plugin.

WPCS ( WordPress Custom Search )

Plugin:

WPCS ( WordPress Custom Search )

Plugin Slug:
wpcs-wp-custom-search

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-34418

The vulnerability has not been patched. You should deactivate the plugin.

Yoast SEO

Plugin:

Yoast SEO

Plugin Slug:
wordpress-seo

Installations
5,000,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
22.6

Severity Score:
High

CVE:

2024-4041

The vulnerability has been patched, so you should update to version 22.6.

Jetpack – WP Security, Backup, Speed, & Growth

Plugin:

Jetpack – WP Security, Backup, Speed, & Growth

Plugin Slug:
jetpack

Installations
4,000,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
13.4

Severity Score:
Medium

CVE:

2024-4392

The vulnerability has been patched, so you should update to version 13.4.

Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders

Plugin:

Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders

Plugin Slug:
essential-addons-for-elementor-lite

Installations
2,000,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
5.9.21

Severity Score:
Medium

CVE:

2024-4624

The vulnerability has been patched, so you should update to version 5.9.21.

Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders

Plugin:

Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders

Plugin Slug:
essential-addons-for-elementor-lite

Installations
2,000,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
5.9.20

Severity Score:
Medium

CVE:

2024-4275

The vulnerability has been patched, so you should update to version 5.9.20.

Starter Templates — Elementor, WordPress & Beaver Builder Templates

Plugin:

Starter Templates — Elementor, WordPress & Beaver Builder Templates

Plugin Slug:
astra-sites

Installations
1,000,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.2.2

Severity Score:
Medium

CVE:

2024-4630

The vulnerability has been patched, so you should update to version 4.2.2.

Starter Templates — Elementor, WordPress & Beaver Builder Templates

Plugin:

Starter Templates — Elementor, WordPress & Beaver Builder Templates

Plugin Slug:
astra-sites

Installations
1,000,000+

Vulnerability:
Server Side Request Forgery (SSRF)

Patched in Version:
4.1.7

Severity Score:
Medium

CVE:

2024-1467

The vulnerability has been patched, so you should update to version 4.1.7.

One Click Demo Import

Plugin:

One Click Demo Import

Plugin Slug:
one-click-demo-import

Installations
1,000,000+

Vulnerability:
PHP Object Injection

Patched in Version:
3.2.1

Severity Score:
Medium

CVE:

2024-34433

The vulnerability has been patched, so you should update to version 3.2.1.

Gutenberg Blocks with AI by Kadence WP – Page Builder Features

Plugin:

Gutenberg Blocks with AI by Kadence WP – Page Builder Features

Plugin Slug:
kadence-blocks

Installations
400,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.2.37

Severity Score:
Medium

CVE:

2024-4481

The vulnerability has been patched, so you should update to version 3.2.37.

Translate Multilingual sites – TranslatePress

Plugin:

Translate Multilingual sites – TranslatePress

Plugin Slug:
translatepress-multilingual

Installations
300,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.7.6

Severity Score:
Medium

CVE:

2024-34827

The vulnerability has been patched, so you should update to version 2.7.6.

Blocksy Companion

Plugin:

Blocksy Companion

Plugin Slug:
blocksy-companion

Installations
200,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.0.46

Severity Score:
Medium

CVE:

2024-4487

The vulnerability has been patched, so you should update to version 2.0.46.

FileBird – WordPress Media Library Folders & File Manager

Plugin:

FileBird – WordPress Media Library Folders & File Manager

Plugin Slug:
filebird

Installations
200,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
5.6.4

Severity Score:
Medium

CVE:

2024-35166

The vulnerability has been patched, so you should update to version 5.6.4.

Unlimited Elements For Elementor (Free Widgets, Addons, Templates)

Plugin:

Unlimited Elements For Elementor (Free Widgets, Addons, Templates)

Plugin Slug:
unlimited-elements-for-elementor

Installations
200,000+

Vulnerability:
SQL Injection

Patched in Version:
1.5.105

Severity Score:
High

CVE:

2024-3055

The vulnerability has been patched, so you should update to version 1.5.105.

Unlimited Elements For Elementor (Free Widgets, Addons, Templates)

Plugin:

Unlimited Elements For Elementor (Free Widgets, Addons, Templates)

Plugin Slug:
unlimited-elements-for-elementor

Installations
200,000+

Vulnerability:
Remote Code Execution (RCE)

Patched in Version:
1.5.103

Severity Score:
High

CVE:

2024-2662

The vulnerability has been patched, so you should update to version 1.5.103.

Unlimited Elements For Elementor (Free Widgets, Addons, Templates)

Plugin:

Unlimited Elements For Elementor (Free Widgets, Addons, Templates)

Plugin Slug:
unlimited-elements-for-elementor

Installations
200,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.5.103

Severity Score:
High

CVE:

2024-3547

The vulnerability has been patched, so you should update to version 1.5.103.

White Label CMS

Plugin:

White Label CMS

Plugin Slug:
white-label-cms

Installations
200,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.7.4

Severity Score:
Medium

CVE:

2024-4280

The vulnerability has been patched, so you should update to version 2.7.4.

Advanced Ads – Ad Manager & AdSense

Plugin:

Advanced Ads – Ad Manager & AdSense

Plugin Slug:
advanced-ads

Installations
100,000+

Vulnerability:
PHP Object Injection

Patched in Version:
1.52.2

Severity Score:
Medium

CVE:

2024-2290

The vulnerability has been patched, so you should update to version 1.52.2.

Advanced Ads – Ad Manager & AdSense

Plugin:

Advanced Ads – Ad Manager & AdSense

Plugin Slug:
advanced-ads

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.52.2

Severity Score:
Medium

CVE:

2024-3952

The vulnerability has been patched, so you should update to version 1.52.2.

Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider)

Plugin:

Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider)

Plugin Slug:
bdthemes-prime-slider-lite

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.14.4

Severity Score:
Medium

CVE:

2024-4339

The vulnerability has been patched, so you should update to version 3.14.4.

Beaver Builder – WordPress Page Builder

Plugin:

Beaver Builder – WordPress Page Builder

Plugin Slug:
beaver-builder-lite-version

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.8.1.3

Severity Score:
Medium

CVE:

2024-4430

The vulnerability has been patched, so you should update to version 2.8.1.3.

Beaver Builder – WordPress Page Builder

Plugin:

Beaver Builder – WordPress Page Builder

Plugin Slug:
beaver-builder-lite-version

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.8.1.2

Severity Score:
Medium

CVE:

2024-3923

The vulnerability has been patched, so you should update to version 2.8.1.2.

Content Views – Post Grid & Filter, Recent Posts, Category Posts, & More (Gutenberg Blocks and Shortcode)

Plugin:

Content Views – Post Grid & Filter, Recent Posts, Category Posts, & More (Gutenberg Blocks and Shortcode)

Plugin Slug:
content-views-query-and-display-post-page

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.7.2

Severity Score:
Medium

CVE:

2024-4446

The vulnerability has been patched, so you should update to version 3.7.2.

HT Mega – Absolute Addons For Elementor

Plugin:

HT Mega – Absolute Addons For Elementor

Plugin Slug:
ht-mega-for-elementor

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.5.1

Severity Score:
Medium

CVE:

2024-3990

The vulnerability has been patched, so you should update to version 2.5.1.

Pods – Custom Content Types and Fields

Plugin:

Pods – Custom Content Types and Fields

Plugin Slug:
pods

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.2.1.1

Severity Score:
Medium

CVE:

2024-3956

The vulnerability has been patched, so you should update to version 3.2.1.1.

WP Job Manager

Plugin:

WP Job Manager

Plugin Slug:
wp-job-manager

Installations
100,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
2.3.0

Severity Score:
Medium

CVE:

2024-34549

The vulnerability has been patched, so you should update to version 2.3.0.

XML Sitemap & Google News

Plugin:

XML Sitemap & Google News

Plugin Slug:
xml-sitemap-feed

Installations
100,000+

Vulnerability:
Local File Inclusion

Patched in Version:
5.4.9

Severity Score:
High

CVE:

2024-4441

The vulnerability has been patched, so you should update to version 5.4.9.

EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor

Plugin:

EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor

Plugin Slug:
embedpress

Installations
90,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.9.17

Severity Score:
Medium

CVE:

2024-4316

The vulnerability has been patched, so you should update to version 3.9.17.

LearnPress – WordPress LMS Plugin

Plugin:

LearnPress – WordPress LMS Plugin

Plugin Slug:
learnpress

Installations
90,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.2.6.6

Severity Score:
Medium

CVE:

2024-4277

The vulnerability has been patched, so you should update to version 4.2.6.6.

LearnPress – WordPress LMS Plugin

Plugin:

LearnPress – WordPress LMS Plugin

Plugin Slug:
learnpress

Installations
90,000+

Vulnerability:
Broken Access Control

Patched in Version:
4.2.6.6

Severity Score:
Medium

CVE:

2024-4444

The vulnerability has been patched, so you should update to version 4.2.6.6.

LearnPress – WordPress LMS Plugin

Plugin:

LearnPress – WordPress LMS Plugin

Plugin Slug:
learnpress

Installations
90,000+

Vulnerability:
SQL Injection

Patched in Version:
4.2.6.6

Severity Score:
Critical

CVE:

2024-4434

The vulnerability has been patched, so you should update to version 4.2.6.6.

LearnPress – WordPress LMS Plugin

Plugin:

LearnPress – WordPress LMS Plugin

Plugin Slug:
learnpress

Installations
90,000+

Vulnerability:
Arbitrary File Upload

Patched in Version:
4.2.6.6

Severity Score:
Critical

CVE:

2024-4397

The vulnerability has been patched, so you should update to version 4.2.6.6.

Import and export users and customers

Plugin:

Import and export users and customers

Plugin Slug:
import-users-from-csv-with-meta

Installations
80,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.26.6

Severity Score:
Medium

CVE:

2024-34815

The vulnerability has been patched, so you should update to version 1.26.6.

Mesmerize Companion

Plugin:

Mesmerize Companion

Plugin Slug:
mesmerize-companion

Installations
80,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.6.149

Severity Score:
Medium

CVE:

2024-3494

The vulnerability has been patched, so you should update to version 1.6.149.

Sydney Toolbox

Plugin:

Sydney Toolbox

Plugin Slug:
sydney-toolbox

Installations
80,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.32

Severity Score:
Medium

CVE:

2024-4473

The vulnerability has been patched, so you should update to version 1.32.

AI Engine

Plugin:

AI Engine

Plugin Slug:
ai-engine

Installations
70,000+

Vulnerability:
Arbitrary File Upload

Patched in Version:
2.2.70

Severity Score:
Critical

CVE:

2024-34440

The vulnerability has been patched, so you should update to version 2.2.70.

Custom Field Suite

Plugin:

Custom Field Suite

Plugin Slug:
custom-field-suite

Installations
50,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.6.6

Severity Score:
Medium

CVE:

2024-3068

The vulnerability has been patched, so you should update to version 2.6.6.

Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy)

Plugin:

Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy)

Plugin Slug:
easy-digital-downloads

Installations
50,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
3.2.12

Severity Score:
Medium

CVE:

2024-32100

The vulnerability has been patched, so you should update to version 3.2.12.

Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy)

Plugin:

Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy)

Plugin Slug:
easy-digital-downloads

Installations
50,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
3.2.12

Severity Score:
Medium

CVE:

2024-31113

The vulnerability has been patched, so you should update to version 3.2.12.

Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder

Plugin:

Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder

Plugin Slug:
form-maker

Installations
50,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.15.25

Severity Score:
Medium

CVE:

2024-34437

The vulnerability has been patched, so you should update to version 1.15.25.

Image Hover Effects – Elementor Addon

Plugin:

Image Hover Effects – Elementor Addon

Plugin Slug:
image-hover-effects-addon-for-elementor

Installations
50,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.4.2

Severity Score:
Medium

CVE:

2024-1166

The vulnerability has been patched, so you should update to version 1.4.2.

Ditty – Responsive News Tickers, Sliders, and Lists

Plugin:

Ditty – Responsive News Tickers, Sliders, and Lists

Plugin Slug:
ditty-news-ticker

Installations
40,000+

Vulnerability:
PHP Object Injection

Patched in Version:
3.1.39

Severity Score:
High

CVE:

2024-3954

The vulnerability has been patched, so you should update to version 3.1.39.

Timber

Plugin:

Timber

Plugin Slug:
timber-library

Installations
40,000+

Vulnerability:
Deserialization of untrusted data

Patched in Version:
1.23.1

Severity Score:
High

CVE:

2024-29800

The vulnerability has been patched, so you should update to version 1.23.1.

Visual Footer Credit Remover

Plugin:

Visual Footer Credit Remover

Plugin Slug:
visual-footer-credit-remover

Installations
40,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.3

Severity Score:
Medium

CVE:

2024-2846

The vulnerability has been patched, so you should update to version 1.3.

Social Sharing Plugin – Social Warfare

Plugin:

Social Sharing Plugin – Social Warfare

Plugin Slug:
social-warfare

Installations
30,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
4.4.6

Severity Score:
Medium

CVE:

2024-34825

The vulnerability has been patched, so you should update to version 4.4.6.

Back In Stock Notifier for WooCommerce | WooCommerce Waitlist Pro

Plugin:

Back In Stock Notifier for WooCommerce | WooCommerce Waitlist Pro

Plugin Slug:
back-in-stock-notifier-for-woocommerce

Installations
20,000+

Vulnerability:
Broken Access Control

Patched in Version:
5.3.2

Severity Score:
Medium

CVE:

2024-4038

The vulnerability has been patched, so you should update to version 5.3.2.

Content Blocks (Custom Post Widget)

Plugin:

Content Blocks (Custom Post Widget)

Plugin Slug:
custom-post-widget

Installations
20,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.3.1

Severity Score:
Medium

CVE:

2024-34566

The vulnerability has been patched, so you should update to version 3.3.1.

Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers

Plugin:

Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers

Plugin Slug:
rafflepress

Installations
20,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.12.5

Severity Score:
Medium

CVE:

2024-4745

The vulnerability has been patched, so you should update to version 1.12.5.

ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization

Plugin:

ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization

Plugin Slug:
shortpixel-adaptive-images

Installations
20,000+

Vulnerability:
Server Side Request Forgery (SSRF)

Patched in Version:
3.8.4

Severity Score:
Medium

CVE:

2024-35172

The vulnerability has been patched, so you should update to version 3.8.4.

ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization

Plugin:

ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization

Plugin Slug:
shortpixel-adaptive-images

Installations
20,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
3.8.4

Severity Score:
Medium

CVE:

2024-4689

The vulnerability has been patched, so you should update to version 3.8.4.

ClickCease Click Fraud Protection

Plugin:

ClickCease Click Fraud Protection

Plugin Slug:
clickcease-click-fraud-protection

Installations
10,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
3.2.5

Severity Score:
Medium

CVE:

2023-6810

The vulnerability has been patched, so you should update to version 3.2.5.

Easy Affiliate Links

Plugin:

Easy Affiliate Links

Plugin Slug:
easy-affiliate-links

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.7.3

Severity Score:
Medium

CVE:

2024-34441

The vulnerability has been patched, so you should update to version 3.7.3.

Envo’s Elementor Templates & Widgets for WooCommerce

Plugin:

Envo’s Elementor Templates & Widgets for WooCommerce

Plugin Slug:
envo-elementor-for-woocommerce

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.4.9

Severity Score:
Medium

CVE:

2024-35167

The vulnerability has been patched, so you should update to version 1.4.9.

Graphina – Elementor Charts and Graphs

Plugin:

Graphina – Elementor Charts and Graphs

Plugin Slug:
graphina-elementor-charts-and-graphs

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.8.10

Severity Score:
Medium

CVE:

2024-4574

The vulnerability has been patched, so you should update to version 1.8.10.

HTML5 Audio Player- Best WordPress Audio Player Plugin

Plugin:

HTML5 Audio Player- Best WordPress Audio Player Plugin

Plugin Slug:
html5-audio-player

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.2.22

Severity Score:
Medium

CVE:

2024-4398

The vulnerability has been patched, so you should update to version 2.2.22.

Link Library

Plugin:

Link Library

Plugin Slug:
link-library

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
7.7

Severity Score:
Medium

CVE:

2024-4281

The vulnerability has been patched, so you should update to version 7.7.

Gallery Block (Meow Gallery)

Plugin:

Gallery Block (Meow Gallery)

Plugin Slug:
meow-gallery

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
5.1.4

Severity Score:
Medium

CVE:

2024-4386

The vulnerability has been patched, so you should update to version 5.1.4.

Hotel Booking Lite

Plugin:

Hotel Booking Lite

Plugin Slug:
motopress-hotel-booking-lite

Installations
10,000+

Vulnerability:
PHP Object Injection

Patched in Version:
4.11.2

Severity Score:
Critical

CVE:

2024-4413

The vulnerability has been patched, so you should update to version 4.11.2.

Shared Counts – Social Media Share Buttons

Plugin:

Shared Counts – Social Media Share Buttons

Plugin Slug:
shared-counts

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.5.0

Severity Score:
Medium

The vulnerability has been patched, so you should update to version 1.5.0.

Simple Basic Contact Form

Plugin:

Simple Basic Contact Form

Plugin Slug:
simple-basic-contact-form

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
20240511

Severity Score:
Medium

CVE:

2024-4144

The vulnerability has been patched, so you should update to version 20240511.

SportsPress – Sports Club & League Manager

Plugin:

SportsPress – Sports Club & League Manager

Plugin Slug:
sportspress

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.7.21

Severity Score:
Medium

CVE:

2024-34824

The vulnerability has been patched, so you should update to version 2.7.21.

SSL Zen – Free Let’s Encrypt SSL Certificate & HTTPS/SSL Redirect WordPress Plugin

Plugin:

SSL Zen – Free Let’s Encrypt SSL Certificate & HTTPS/SSL Redirect WordPress Plugin

Plugin Slug:
ssl-zen

Installations
10,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
4.6.0

Severity Score:
Medium

CVE:

2024-1076

The vulnerability has been patched, so you should update to version 4.6.0.

Themify Shortcodes

Plugin:

Themify Shortcodes

Plugin Slug:
themify-shortcodes

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.1.0

Severity Score:
Medium

CVE:

2024-4567

The vulnerability has been patched, so you should update to version 2.1.0.

Thim Elementor Kit

Plugin:

Thim Elementor Kit

Plugin Slug:
thim-elementor-kit

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.1.9.1

Severity Score:
Medium

CVE:

2024-4329

The vulnerability has been patched, so you should update to version 1.1.9.1.

Thim Elementor Kit

Plugin:

Thim Elementor Kit

Plugin Slug:
thim-elementor-kit

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.1.9

Severity Score:
Medium

CVE:

2024-34415

The vulnerability has been patched, so you should update to version 1.1.9.

weMail – Email Marketing, Newsletter, Optin Forms, Subscribers WordPress Plugin

Plugin:

weMail – Email Marketing, Newsletter, Optin Forms, Subscribers WordPress Plugin

Plugin Slug:
wemail

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.14.3

Severity Score:
Medium

CVE:

2024-34822

The vulnerability has been patched, so you should update to version 1.14.3.

All-in-One Addons for Elementor – WidgetKit

Plugin:

All-in-One Addons for Elementor – WidgetKit

Plugin Slug:
widgetkit-for-elementor

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.5.0

Severity Score:
Medium

CVE:

2024-34548

The vulnerability has been patched, so you should update to version 2.5.0.

Orders Tracking for WooCommerce

Plugin:

Orders Tracking for WooCommerce

Plugin Slug:
woo-orders-tracking

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.2.11

Severity Score:
Medium

CVE:

2024-4039

The vulnerability has been patched, so you should update to version 1.2.11.

WP Latest Posts

Plugin:

WP Latest Posts

Plugin Slug:
wp-latest-posts

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
5.0.8

Severity Score:
Medium

CVE:

2024-4135

The vulnerability has been patched, so you should update to version 5.0.8.

WP Photo Album Plus

Plugin:

WP Photo Album Plus

Plugin Slug:
wp-photo-album-plus

Installations
10,000+

Vulnerability:
Arbitrary File Upload

Patched in Version:
8.7.01.002

Severity Score:
Critical

CVE:

2024-31377

The vulnerability has been patched, so you should update to version 8.7.01.002.

YITH WooCommerce Gift Cards

Plugin:

YITH WooCommerce Gift Cards

Plugin Slug:
yith-woocommerce-gift-cards

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
4.13.0

Severity Score:
Medium

CVE:

2024-0870

The vulnerability has been patched, so you should update to version 4.13.0.

WP SMS – Messaging, SMS & MMS Notifications, 2FA & OTP for WordPress, WooCommerce, GravityForms, etc

Plugin:

WP SMS – Messaging, SMS & MMS Notifications, 2FA & OTP for WordPress, WooCommerce, GravityForms, etc

Plugin Slug:
wp-sms

Installations
9,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
6.5.2

Severity Score:
Medium

CVE:

2024-34811

The vulnerability has been patched, so you should update to version 6.5.2.

Gutenify – Visual Site Builder Blocks & Site Templates.

Plugin:

Gutenify – Visual Site Builder Blocks & Site Templates.

Plugin Slug:
gutenify

Installations
8,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
1.4.1

Severity Score:
Medium

CVE:

2024-35165

The vulnerability has been patched, so you should update to version 1.4.1.

If-So Dynamic Content Personalization

Plugin:

If-So Dynamic Content Personalization

Plugin Slug:
if-so

Installations
8,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.7.1.1

Severity Score:
Medium

CVE:

2024-34820

The vulnerability has been patched, so you should update to version 1.7.1.1.

WordPress Affiliates Plugin — SliceWP Affiliates

Plugin:

WordPress Affiliates Plugin — SliceWP Affiliates

Plugin Slug:
slicewp

Installations
8,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.1.11

Severity Score:
Medium

CVE:

2024-34413

The vulnerability has been patched, so you should update to version 1.1.11.

Shipment Tracking, Tracking, and Order Tracking for WooCommerce – ParcelPanel (Free to install)

Plugin:

Shipment Tracking, Tracking, and Order Tracking for WooCommerce – ParcelPanel (Free to install)

Plugin Slug:
parcelpanel

Installations
7,000+

Vulnerability:
SQL Injection

Patched in Version:
3.9.0

Severity Score:
High

CVE:

2024-34412

The vulnerability has been patched, so you should update to version 3.9.0.

WP Compress – Image Optimizer [All-In-One]

Plugin:

WP Compress – Image Optimizer [All-In-One]

Plugin Slug:
wp-compress-image-optimizer

Installations
7,000+

Vulnerability:
Broken Access Control

Patched in Version:
6.20.02

Severity Score:
Medium

CVE:

2024-4445

The vulnerability has been patched, so you should update to version 6.20.02.

WP Compress – Image Optimizer [All-In-One]

Plugin:

WP Compress – Image Optimizer [All-In-One]

Plugin Slug:
wp-compress-image-optimizer

Installations
7,000+

Vulnerability:
Open Redirection

Patched in Version:
6.20.02

Severity Score:
Medium

CVE:

2023-6812

The vulnerability has been patched, so you should update to version 6.20.02.

Better Elementor Addons

Plugin:

Better Elementor Addons

Plugin Slug:
better-elementor-addons

Installations
6,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.4.5

Severity Score:
Medium

CVE:

2024-34432

The vulnerability has been patched, so you should update to version 1.4.5.

The Best WordPress Knowledgebase and Documentation Plugin – weDocs

Plugin:

The Best WordPress Knowledgebase and Documentation Plugin – weDocs

Plugin Slug:
wedocs

Installations
6,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.1.5

Severity Score:
Medium

CVE:

2024-34442

The vulnerability has been patched, so you should update to version 2.1.5.

WOLF – WordPress Posts Bulk Editor and Manager Professional

Plugin:

WOLF – WordPress Posts Bulk Editor and Manager Professional

Plugin Slug:
bulk-editor

Installations
5,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.0.8.3

Severity Score:
Medium

CVE:

2024-34558

The vulnerability has been patched, so you should update to version 1.0.8.3.

Edwiser Bridge – WordPress Moodle LMS Integration

Plugin:

Edwiser Bridge – WordPress Moodle LMS Integration

Plugin Slug:
edwiser-bridge

Installations
5,000+

Vulnerability:
Privilege Escalation

Patched in Version:
3.0.6

Severity Score:
Critical

CVE:

2024-4186

The vulnerability has been patched, so you should update to version 3.0.6.

Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library )

Plugin:

Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library )

Plugin Slug:
magical-addons-for-elementor

Installations
5,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.1.35

Severity Score:
Medium

CVE:

2024-34547

The vulnerability has been patched, so you should update to version 1.1.35.

Shopping Cart & eCommerce Store

Plugin:

Shopping Cart & eCommerce Store

Plugin Slug:
wp-easycart

Installations
5,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
5.6.5

Severity Score:
Medium

CVE:

2024-4213

The vulnerability has been patched, so you should update to version 5.6.5.

Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler

Plugin:

Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler

Plugin Slug:
cf7-styler

Installations
4,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.6.5

Severity Score:
Medium

CVE:

2024-34826

The vulnerability has been patched, so you should update to version 1.6.5.

3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin

Plugin:

3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin

Plugin Slug:
real3d-flipbook-lite

Installations
4,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.72

Severity Score:
Medium

CVE:

2024-34561

The vulnerability has been patched, so you should update to version 3.72.

Startklar Elementor Addons

Plugin:

Startklar Elementor Addons

Plugin Slug:
startklar-elmentor-forms-extwidgets

Installations
4,000+

Vulnerability:
Arbitrary File Deletion

Patched in Version:
1.7.14

Severity Score:
High

CVE:

2024-4346

The vulnerability has been patched, so you should update to version 1.7.14.

Startklar Elementor Addons

Plugin:

Startklar Elementor Addons

Plugin Slug:
startklar-elmentor-forms-extwidgets

Installations
4,000+

Vulnerability:
Arbitrary File Upload

Patched in Version:
1.7.14

Severity Score:
Critical

CVE:

2024-4345

The vulnerability has been patched, so you should update to version 1.7.14.

Auto Affiliate Links

Plugin:

Auto Affiliate Links

Plugin Slug:
wp-auto-affiliate-links

Installations
4,000+

Vulnerability:
SQL Injection

Patched in Version:
6.4.4

Severity Score:
High

CVE:

2024-34386

The vulnerability has been patched, so you should update to version 6.4.4.

All Bootstrap Blocks

Plugin:

All Bootstrap Blocks

Plugin Slug:
all-bootstrap-blocks

Installations
3,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.3.16

Severity Score:
Medium

CVE:

2024-35169

The vulnerability has been patched, so you should update to version 1.3.16.

Mihdan: Yandex Turbo Feed

Plugin:

Mihdan: Yandex Turbo Feed

Plugin Slug:
mihdan-yandex-turbo-feed

Installations
3,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.6.6

Severity Score:
Medium

CVE:

2024-4411

The vulnerability has been patched, so you should update to version 1.6.6.

Move Addons for Elementor

Plugin:

Move Addons for Elementor

Plugin Slug:
move-addons

Installations
3,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.3.1

Severity Score:
Medium

CVE:

2024-34562

The vulnerability has been patched, so you should update to version 1.3.1.

Shared Files – Advanced File Sharing & Download Manager with Frontend Uploads & Lead Generation

Plugin:

Shared Files – Advanced File Sharing & Download Manager with Frontend Uploads & Lead Generation

Plugin Slug:
shared-files

Installations
3,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.7.20

Severity Score:
Medium

CVE:

2024-34438

The vulnerability has been patched, so you should update to version 1.7.20.

WooCommerce Wishlist (High customization, fast setup,Free Elementor Wishlist, most features)

Plugin:

WooCommerce Wishlist (High customization, fast setup,Free Elementor Wishlist, most features)

Plugin Slug:
smart-wishlist-for-more-convert

Installations
3,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.7.9

Severity Score:
Medium

CVE:

2024-34813

The vulnerability has been patched, so you should update to version 1.7.9.

WooCommerce Wishlist (High customization, fast setup,Free Elementor Wishlist, most features)

Plugin:

WooCommerce Wishlist (High customization, fast setup,Free Elementor Wishlist, most features)

Plugin Slug:
smart-wishlist-for-more-convert

Installations
3,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.7.3

Severity Score:
Medium

CVE:

2024-34819

The vulnerability has been patched, so you should update to version 1.7.3.

iPages Flipbook For WordPress

Plugin:

iPages Flipbook For WordPress

Plugin Slug:
ipages-flipbook

Installations
2,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.5.2

Severity Score:
Medium

CVE:

2024-4744

The vulnerability has been patched, so you should update to version 1.5.2.

ShopBuilder – Elementor WooCommerce Builder Addons

Plugin:

ShopBuilder – Elementor WooCommerce Builder Addons

Plugin Slug:
shopbuilder

Installations
2,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
2.1.9

Severity Score:
Medium

CVE:

2024-34812

The vulnerability has been patched, so you should update to version 2.1.9.

Zotpress

Plugin:

Zotpress

Plugin Slug:
zotpress

Installations
2,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
7.3.10

Severity Score:
Medium

CVE:

2024-34569

The vulnerability has been patched, so you should update to version 7.3.10.

Academy LMS – eLearning and online course solution for WordPress

Plugin:

Academy LMS – eLearning and online course solution for WordPress

Plugin Slug:
academy

Installations
1,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
1.9.26

Severity Score:
Medium

CVE:

2024-35171

The vulnerability has been patched, so you should update to version 1.9.26.

Arigato Autoresponder and Newsletter

Plugin:

Arigato Autoresponder and Newsletter

Plugin Slug:
bft-autoresponder

Installations
1,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.7.2.4

Severity Score:
Medium

CVE:

2024-34823

The vulnerability has been patched, so you should update to version 2.7.2.4.

Church Admin

Plugin:

Church Admin

Plugin Slug:
church-admin

Installations
1,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
4.2.0

Severity Score:
Medium

CVE:

2024-34828

The vulnerability has been patched, so you should update to version 4.2.0.

Contact List – Premium Staff Listing, Business Directory & Address Book

Plugin:

Contact List – Premium Staff Listing, Business Directory & Address Book

Plugin Slug:
contact-list

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.9.88

Severity Score:
Medium

CVE:

2024-34821

The vulnerability has been patched, so you should update to version 2.9.88.

Falang multilanguage for WordPress

Plugin:

Falang multilanguage for WordPress

Plugin Slug:
falang

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.3.50

Severity Score:
Medium

CVE:

2024-4417

The vulnerability has been patched, so you should update to version 1.3.50.

Ghost

Plugin:

Ghost

Plugin Slug:
ghost

Installations
1,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
1.5.0

Severity Score:
High

CVE:

2024-34559

The vulnerability has been patched, so you should update to version 1.5.0.

Gold Addons for Elementor

Plugin:

Gold Addons for Elementor

Plugin Slug:
gold-addons-for-elementor

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.3.0

Severity Score:
Medium

CVE:

2024-34563

The vulnerability has been patched, so you should update to version 1.3.0.

Dynamics 365 Integration

Plugin:

Dynamics 365 Integration

Plugin Slug:
integration-dynamics

Installations
1,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
1.3.18

Severity Score:
Medium

CVE:

2024-34550

The vulnerability has been patched, so you should update to version 1.3.18.

Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms

Plugin:

Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms

Plugin Slug:
integration-for-contact-form-7-and-pipedrive

Installations
1,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.2.1

Severity Score:
Medium

CVE:

2024-34817

The vulnerability has been patched, so you should update to version 1.2.1.

SKT Addons for Elementor

Plugin:

SKT Addons for Elementor

Plugin Slug:
skt-addons-for-elementor

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.9

Severity Score:
Medium

CVE:

2024-34445

The vulnerability has been patched, so you should update to version 1.9.

SKT Addons for Elementor

Plugin:

SKT Addons for Elementor

Plugin Slug:
skt-addons-for-elementor

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.9

Severity Score:
Medium

CVE:

2024-34436

The vulnerability has been patched, so you should update to version 1.9.

Squelch Tabs and Accordions Shortcodes

Plugin:

Squelch Tabs and Accordions Shortcodes

Plugin Slug:
squelch-tabs-and-accordions-shortcodes

Installations
1,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
0.4.8

Severity Score:
Medium

CVE:

2024-4463

The vulnerability has been patched, so you should update to version 0.4.8.

Counter Up – Animated Number Counter & Milestone Showcase

Plugin:

Counter Up – Animated Number Counter & Milestone Showcase

Plugin Slug:
wp-counter-up

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.3.0

Severity Score:
Medium

CVE:

2024-34564

The vulnerability has been patched, so you should update to version 2.3.0.

WP Discourse

Plugin:

WP Discourse

Plugin Slug:
wp-discourse

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.5.2

Severity Score:
Medium

CVE:

2024-35168

The vulnerability has been patched, so you should update to version 2.5.2.

WPCal.io – Easy Meeting Scheduler

Plugin:

WPCal.io – Easy Meeting Scheduler

Plugin Slug:
wpcal

Installations
1,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
0.9.5.9

Severity Score:
Medium

CVE:

2024-34816

The vulnerability has been patched, so you should update to version 0.9.5.9.

Barcode Scanner and Inventory manager. POS (Point of Sale) – scan barcodes & create orders with barcode reader.

Plugin:

Barcode Scanner and Inventory manager. POS (Point of Sale) – scan barcodes & create orders with barcode reader.

Plugin Slug:
barcode-scanner-lite-pos-to-manage-products-inventory-and-orders

Installations
800+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.5.5

Severity Score:
Medium

CVE:

2024-34557

The vulnerability has been patched, so you should update to version 1.5.5.

Barcode Scanner and Inventory manager. POS (Point of Sale) – scan barcodes & create orders with barcode reader.

Plugin:

Barcode Scanner and Inventory manager. POS (Point of Sale) – scan barcodes & create orders with barcode reader.

Plugin Slug:
barcode-scanner-lite-pos-to-manage-products-inventory-and-orders

Installations
800+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
1.5.5

Severity Score:
Medium

CVE:

2024-34556

The vulnerability has been patched, so you should update to version 1.5.5.

Sticky banner

Plugin:

Sticky banner

Plugin Slug:
sticky-banner

Installations
600+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.3.0

Severity Score:
Medium

CVE:

2024-35170

The vulnerability has been patched, so you should update to version 1.3.0.

Joli FAQ SEO – WordPress FAQ Plugin

Plugin:

Joli FAQ SEO – WordPress FAQ Plugin

Plugin Slug:
joli-faq-seo

Installations
400+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.3.3

Severity Score:
Medium

CVE:

2024-4082

The vulnerability has been patched, so you should update to version 1.3.3.

Soccer Engine – Soccer Plugin for WordPress

Plugin:

Soccer Engine – Soccer Plugin for WordPress

Plugin Slug:
soccer-engine-lite

Installations
90+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.13

Severity Score:
Medium

CVE:

2024-4312

The vulnerability has been patched, so you should update to version 1.13.

Hostel

Plugin:

Hostel

Plugin Slug:
hostel

Installations
70+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.1.5.4

Severity Score:
Medium

CVE:

2024-4314

The vulnerability has been patched, so you should update to version 1.1.5.4.

ADFO – Custom data in admin dashboard

Plugin:

ADFO – Custom data in admin dashboard

Plugin Slug:
admin-form

Installations
60+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.9.1

Severity Score:
Medium

CVE:

2024-4103

The vulnerability has been patched, so you should update to version 1.9.1.

ADFO – Custom data in admin dashboard

Plugin:

ADFO – Custom data in admin dashboard

Plugin Slug:
admin-form

Installations
60+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.9.1

Severity Score:
High

CVE:

2024-4104

The vulnerability has been patched, so you should update to version 1.9.1.

Z-Downloads

Plugin:

Z-Downloads

Plugin Slug:
z-downloads

Installations
60+

Vulnerability:
Arbitrary File Upload

Patched in Version:
1.11.4

Severity Score:
Critical

CVE:

2024-34555

The vulnerability has been patched, so you should update to version 1.11.4.

Aiomatic

Plugin:

Aiomatic

Plugin Slug:
aiomatic-automatic-ai-content-writer

Vulnerability:
Broken Access Control

Patched in Version:
1.9.4

Severity Score:
Medium

CVE:

2024-34435

The vulnerability has been patched, so you should update to version 1.9.4.

Breakdance

Plugin:

Breakdance

Plugin Slug:
breakdance

Vulnerability:
Remote Code Execution (RCE)

Patched in Version:
1.7.2

Severity Score:
High

CVE:

2024-4605

The vulnerability has been patched, so you should update to version 1.7.2.

Divi Builder

Plugin:

Divi Builder

Plugin Slug:
divi-builder

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.25.1

Severity Score:
Medium

CVE:

2024-4490

The vulnerability has been patched, so you should update to version 4.25.1.

Fancy Product Designer

Plugin:

Fancy Product Designer

Plugin Slug:
fancy-product-designer

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
6.1.81

Severity Score:
Medium

CVE:

2024-0904

The vulnerability has been patched, so you should update to version 6.1.81.

Porto Theme – Functionality

Plugin:

Porto Theme – Functionality

Plugin Slug:
porto-functionality

Vulnerability:
Local File Inclusion

Patched in Version:
3.1.1

Severity Score:
Medium

CVE:

2024-3808

The vulnerability has been patched, so you should update to version 3.1.1.

Spectra Pro

Plugin:

Spectra Pro

Plugin Slug:
spectra-pro

Vulnerability:
Privilege Escalation

Patched in Version:
1.1.6

Severity Score:
High

CVE:

2024-3828

The vulnerability has been patched, so you should update to version 1.1.6.

Stockholm Core

Plugin:

Stockholm Core

Plugin Slug:
stockholm-core

Vulnerability:
Local File Inclusion

Patched in Version:
2.4.2

Severity Score:
High

CVE:

2024-34554

The vulnerability has been patched, so you should update to version 2.4.2.

Stockholm Core

Plugin:

Stockholm Core

Plugin Slug:
stockholm-core

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.4.2

Severity Score:
High

CVE:

2024-34553

The vulnerability has been patched, so you should update to version 2.4.2.

Unyson

Plugin:

Unyson

Plugin Slug:
unyson

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.7.31

Severity Score:
Medium

CVE:

2024-34814

The vulnerability has been patched, so you should update to version 2.7.31.

WordPress Themes — 16 Patched

Consus

Theme:

Consus

Theme Slug:
consus

Downloads
16,364

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.0.7

Severity Score:
Medium

CVE:

2024-34810

The vulnerability has been patched, so you should update to version 1.0.7.

EmpowerWP

Theme:

EmpowerWP

Theme Slug:
empowerwp

Downloads
219,376

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.0.22

Severity Score:
Medium

CVE:

2024-34809

The vulnerability has been patched, so you should update to version 1.0.22.

Himalayas

Theme:

Himalayas

Theme Slug:
himalayas

Downloads
332,940

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.3.1

Severity Score:
Medium

CVE:

2024-34571

The vulnerability has been patched, so you should update to version 1.3.1.

Ketos

Theme:

Ketos

Theme Slug:
ketos

Downloads
28,703

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.0.6

Severity Score:
Medium

CVE:

2024-34810

The vulnerability has been patched, so you should update to version 1.0.6.

Mindscape

Theme:

Mindscape

Theme Slug:
mindscape

Downloads
41,737

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.0.23

Severity Score:
Medium

CVE:

2024-34810

The vulnerability has been patched, so you should update to version 1.0.23.

Niveau

Theme:

Niveau

Theme Slug:
niveau

Downloads
16,831

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.0.9

Severity Score:
Medium

CVE:

2024-34810

The vulnerability has been patched, so you should update to version 1.0.9.

Oasis

Theme:

Oasis

Theme Slug:
oasis

Downloads
69,511

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.0.13

Severity Score:
Medium

CVE:

2024-34810

The vulnerability has been patched, so you should update to version 1.0.13.

raindrops

Theme:

raindrops

Theme Slug:
raindrops

Downloads
716,615

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.700

Severity Score:
Medium

CVE:

2024-34414

The vulnerability has been patched, so you should update to version 1.700.

Skyline WP

Theme:

Skyline WP

Theme Slug:
skyline-wp

Downloads
169,635

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.0.11

Severity Score:
Medium

CVE:

2024-34810

The vulnerability has been patched, so you should update to version 1.0.11.

Zeka

Theme:

Zeka

Theme Slug:
zeka

Downloads
20,249

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.0.10

Severity Score:
Medium

CVE:

2024-34810

The vulnerability has been patched, so you should update to version 1.0.10.

Divi

Theme:

Divi

Theme Slug:
divi

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.25.1

Severity Score:
Medium

CVE:

2024-4490

The vulnerability has been patched, so you should update to version 4.25.1.

Extra

Theme:

Extra

Theme Slug:
extra

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.25.1

Severity Score:
Medium

CVE:

2024-4490

The vulnerability has been patched, so you should update to version 4.25.1.

Porto

Theme:

Porto

Theme Slug:
porto

Vulnerability:
Local File Inclusion

Patched in Version:
7.1.1

Severity Score:
High

CVE:

2024-3806

The vulnerability has been patched, so you should update to version 7.1.1.

Porto

Theme:

Porto

Theme Slug:
porto

Vulnerability:
Local File Inclusion

Patched in Version:
7.1.1

Severity Score:
Medium

CVE:

2024-3807

The vulnerability has been patched, so you should update to version 7.1.1.

Stockholm

Theme:

Stockholm

Theme Slug:
stockholm

Vulnerability:
Local File Inclusion

Patched in Version:
9.7

Severity Score:
High

CVE:

2024-34552

The vulnerability has been patched, so you should update to version 9.7.

Stockholm

Theme:

Stockholm

Theme Slug:
stockholm

Vulnerability:
Local File Inclusion

Patched in Version:
9.7

Severity Score:
Critical

CVE:

2024-34551

The vulnerability has been patched, so you should update to version 9.7.

window[“27011011_8965_4393_8beb_65720bd4bc69”] = {“blockId”:”27011011-8965-4393-8beb-65720bd4bc69″,”className”:””,”heading”:”Solid Security is part of Solid Suite u2014 The best foundation for WordPress websites.”,”text”:”Every WordPress site needs security, backups, and management tools. Thatu2019s Solid Suite u2014 an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academyu2019s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!”,”buttonText”:”Get Solid Security”,”buttonLink”:”/pricing”,”buttonTarget”:”_self”,”buttonRel”:””};

Solid Security is part of Solid Suite — The best foundation for WordPress websites.

Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!

Get Solid Security

The post WordPress Vulnerability Report — May 15, 2024 appeared first on SolidWP.

Keep reading the article at Blog – SolidWP. The article was originally written by Sarah Ulmer on 2024-05-15 12:21:12.

The article was hand-picked and curated for you by the Editorial Team of WP Archives.