WordPress Vulnerability Report — June 26, 2024

In this report, 194 vulnerabilities have been publicly disclosed. Security patches for 100 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 94 plugin and themes vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

1. WordPress Core
2. WordPress Plugins — 85 Patched / 91 Unpatched

2.1
Custom Field Suite
2.2
Custom Field Suite
2.3
Custom Field Suite
2.4
Academy LMS – eLearning and online course solution for WordPress
2.5
Ultimate Custom Add To Cart Button (Ajax) For WooCommerce by Binary Carpenter
2.6
Event Monster – Event Management, Tickets Booking, Upcoming Event
2.7
My Favorites
2.8
Optinly – Exit Intent, Newsletter Popups, Gamification & Opt-in Forms
2.9
Zoho Marketing Automation
2.10
Accordions
2.11
Ali2Woo Lite
2.12
Ali2Woo Lite
2.13
Ali2Woo Lite
2.14
Ali2Woo Lite
2.15
Ali2Woo Lite
2.16
Ali2Woo Lite
2.17
Ali2Woo Lite
2.18
Bible Text
2.19
Blogmentor – Blog Layouts for Elementor
2.20
Blogmentor – Blog Layouts for Elementor
2.21
Scheduling Plugin – Online Booking for WordPress
2.22
CB (legacy)
2.23
CB (legacy)
2.24
ContentLock
2.25
ContentLock
2.26
ContentLock
2.27
CSSable Countdown
2.28
Custom Product List Table
2.29
Demo Awesome
2.30
Demo Awesome
2.31
DImage 360
2.32
DOP Shortcodes
2.33
Elegant Themes Icons
2.34
EmbedSocial
2.35
Empty Cart Button for WooCommerce
2.36
Export WP Page to Static HTML/CSS
2.37
FS Poster
2.38
Universal Slider
2.39
Kanban Boards for WordPress
2.40
Kimili Flash Embed
2.41
Laybuy Payment Extension for WooCommerce
2.42
License Manager for WooCommerce
2.43
Lifeline Donation
2.44
Page Builder: Live Composer
2.45
Page Builder: Live Composer
2.46
Page Builder: Live Composer
2.47
Master Slider
2.48
Master Slider
2.49
Master Slider
2.50
MIMO Woocommerce Order Tracking
2.51
Restaurant Reservations
2.52
WordPress Picture / Portfolio / Media Gallery
2.53
OSM Map Widget for Elementor
2.54
Page Builder Sandwich – Front-End Page Builder
2.55
Page Builder Sandwich – Front-End Page Builder
2.56
Page Builder Sandwich – Front-End Page Builder
2.57
PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode
2.58
PDF Viewer for Elementor
2.59
Photo Video Gallery Master
2.60
phpinfo() WP
2.61
Play.ht
2.62
Promolayer
2.63
Replace Image
2.64
Shortcode Addons
2.65
Sketchfab Embed
2.66
Slideshow SE
2.67
Slideshow SE
2.68
SP Project & Document Manager
2.69
Transition Slider – Responsive Image Slider and Gallery
2.70
User Rights Access Manager
2.71
Tabs
2.72
Wheel of Life
2.73
WishList Member X
2.74
WishList Member X
2.75
WishList Member X
2.76
WishList Member X
2.77
WishList Member X
2.78
WishList Member X
2.79
WishList Member X
2.80
WishList Member X
2.81
Woocommerce Customers Order History
2.82
Word Balloon
2.83
WP Blog Post Layouts
2.84
WP Hotel Booking
2.85
WP Logs Book
2.86
WP Logs Book
2.87
Pexels: Free Stock Photos
2.88
WP Scraper
2.89
Widget Bundle
2.90
Widget Bundle
2.91
Widget Bundle
2.92
Loco Translate
2.93
Smush Image Optimization – Optimize Images | Compress & Lazy Load Images | Convert WebP | Image CDN
2.94
Solid Security – Password, Two Factor Authentication, and Brute Force Protection
2.95
SiteGuard WP Plugin
2.96
SEOPress – On-site SEO
2.97
SEOPress – On-site SEO
2.98
SEOPress – On-site SEO
2.99
WooCommerce Checkout & Funnel Builder by CartFlows – Create High Converting Stores For WooCommerce
2.100
Orbit Fox by ThemeIsle
2.101
Gallery Plugin for WordPress – Envira Photo Gallery
2.102
Defender Security – Malware Scanner, Login Security & Firewall
2.103
Slider & Popup Builder by Depicter – Add Image Slider, Carousel Slider, Exit Intent Popup, Popup Modal, Coupon Popup, Post Slider Carousel
2.104
Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce
2.105
Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions
2.106
Media Library Assistant
2.107
Booking for Appointments and Events Calendar – Amelia
2.108
User Profile Picture
2.109
WP 2FA – Two-factor authentication for WordPress
2.110
ConvertKit – Email Newsletter, Email Marketing, Subscribers and Landing Pages
2.111
Photo Gallery, Images, Slider in Rbs Image Gallery
2.112
Photo Gallery, Images, Slider in Rbs Image Gallery
2.113
Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates)
2.114
Ultimate Blocks – WordPress Blocks Plugin
2.115
WP Maintenance
2.116
Popup Box – Create Countdown, Coupon, Video, Contact Form Popups
2.117
BlossomThemes Email Newsletter
2.118
Greenshift – animation and page builder blocks
2.119
Themify – WooCommerce Product Filter
2.120
Hide Dashboard Notifications
2.121
WP SVG Images
2.122
Branda – White Label WordPress, Custom Login Page Customizer
2.123
Serious Slider
2.124
Table Addons for Elementor
2.125
WPZOOM Addons for Elementor (Templates, Widgets)
2.126
Business Directory Plugin – Easy Listing Directories for WordPress
2.127
JetWidgets For Elementor
2.128
MasterStudy LMS WordPress Plugin – for Online Courses and Education
2.129
MasterStudy LMS WordPress Plugin – for Online Courses and Education
2.130
Sparkle Demo Importer
2.131
WP Child Theme Generator
2.132
Enhance Your Posts with the WP Post Author Box, Co-Authors, Guest Authors, and Post Rating System, including Registration Form Builder
2.133
Vimeography: Vimeo Video Gallery WordPress Plugin
2.134
WP Magazine Modules Lite
2.135
WPAdverts – Classifieds Plugin
2.136
Salon Booking System
2.137
Salon Booking System
2.138
WP Job Portal – A Complete Recruitment System for Company or Job Board website
2.139
WP Job Portal – A Complete Recruitment System for Company or Job Board website
2.140
InstaWP Connect – 1-click WP Staging & Migration
2.141
Tickera – WordPress Event Ticketing
2.142
MaxGalleria
2.143
Newsletters
2.144
PropertyHive
2.145
WP-Lister Lite for eBay
2.146
affiliate-toolkit – WordPress Affiliate Plugin
2.147
WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg
2.148
Online Booking & Scheduling Calendar for WordPress by vcita
2.149
Online Booking & Scheduling Calendar for WordPress by vcita
2.150
WP Secure Maintenance
2.151
Church Admin
2.152
Easy Age Verify
2.153
Falang multilanguage for WordPress
2.154
Login with phone number
2.155
Newspack Newsletters
2.156
Shariff for WordPress
2.157
Image Optimizer, Resizer and CDN – Sirv
2.158
Typing Text
2.159
WPPizza – A Restaurant Plugin
2.160
Responsive video embed
2.161
Squeeze
2.162
Bricks Builder (Premium)
2.163
Consulting Elementor Widgets
2.164
Consulting Elementor Widgets
2.165
Consulting Elementor Widgets
2.166
Consulting Elementor Widgets
2.167
Cost Calculator Builder Pro
2.168
Hercules Core
2.169
Ibtana
2.170
Ibtana
2.171
Newspack Blocks
2.172
The Plus Addons for Elementor Pro
2.173
The Plus Addons for Elementor Pro
2.174
Uber Menu
2.175
Shortcodes by United Themes
2.176
WP Job Manager – Resume Manager

3. WordPress Themes — 15 Patched / 3 Unpatched

3.1
Sinatra
3.2
Grey Opaque
3.3
Mosaic
3.4
Book Landing Page
3.5
Chic Lite
3.6
Customizr
3.7
Digital Newspaper
3.8
Education Zone
3.9
Excellent
3.10
Hueman
3.11
Interface
3.12
Materialis
3.13
Vandana Lite
3.14
Vilva
3.15
Divi
3.16
Enfold
3.17
Flatsome
3.18
Flatsome

Our WordPress Vulnerability Report covers the latest emerging WordPress plugin, theme, and core vulnerabilities. Each vulnerability will have a severity rating of Low, Medium, High, or Critical. Responsible disclosure of vulnerabilities is essential to keeping the WordPress community safe. Please share this report to help spread the word and make WordPress — and the web — more secure.

WordPress Core

WordPress 6.5.5 is now available! This release features three security fixes. Because this is a security release, it is recommended that you update your sites immediately. This minor release also includes 3 bug fixes in Core.

No new core vulnerabilities were disclosed this week.

WordPress Plugins — 85 Patched / 91 Unpatched

Plugin Slug:
custom-field-suite

Installations
50,000+

Vulnerability:
PHP Object Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
custom-field-suite

Installations
50,000+

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
custom-field-suite

Installations
50,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
academy

Installations
1,000+

Vulnerability:
Open Redirection

Patched in Version:
No Fix

Severity Score:
Low

Plugin Slug:
custom-add-to-cart-button-for-woocommerce

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
event-monster

Installations
1,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
my-favorites

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
optinly

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
zoho-marketinghub

Installations
1,000+

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Accordions

Plugin Slug:
accordions-or-faqs

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Ali2Woo Lite

Plugin Slug:
ali2woo-lite

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Ali2Woo Lite

Plugin Slug:
ali2woo-lite

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Ali2Woo Lite

Plugin Slug:
ali2woo-lite

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Ali2Woo Lite

Plugin Slug:
ali2woo-lite

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Ali2Woo Lite

Plugin Slug:
ali2woo-lite

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Ali2Woo Lite

Plugin Slug:
ali2woo-lite

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Ali2Woo Lite

Plugin Slug:
ali2woo-lite

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Bible Text

Plugin Slug:
bible-text

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Blogmentor – Blog Layouts for Elementor

Plugin Slug:
blogmentor

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Blogmentor – Blog Layouts for Elementor

Plugin Slug:
blogmentor

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Scheduling Plugin – Online Booking for WordPress

Plugin Slug:
calendar-booking

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

CB (legacy)

Plugin Slug:
commons-booking

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

CB (legacy)

Plugin Slug:
commons-booking

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

ContentLock

Plugin Slug:
contentlock

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

ContentLock

Plugin Slug:
contentlock

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

ContentLock

Plugin Slug:
contentlock

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

CSSable Countdown

Plugin Slug:
cssable-countdown

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Custom Product List Table

Plugin Slug:
custom-product-list-table

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Demo Awesome

Plugin Slug:
demo-awesome

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Demo Awesome

Plugin Slug:
demo-awesome

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

DImage 360

Plugin Slug:
dimage-360

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

DOP Shortcodes

Plugin Slug:
dop-shortcodes

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Elegant Themes Icons

Plugin Slug:
elegant-themes-icons

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

EmbedSocial

Plugin Slug:
embedalbum-pro

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Empty Cart Button for WooCommerce

Plugin Slug:
empty-cart-button-for-woocommerce

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Export WP Page to Static HTML/CSS

Plugin Slug:
export-wp-page-to-static-html

Vulnerability:
Open Redirection

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

FS Poster

Plugin Slug:
fs-poster

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Universal Slider

Plugin Slug:
fusion-slider

Vulnerability:
PHP Object Injection

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Kanban Boards for WordPress

Plugin Slug:
kanban

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Kimili Flash Embed

Plugin Slug:
kimili-flash-embed

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Laybuy Payment Extension for WooCommerce

Plugin Slug:
laybuy-gateway-for-woocommerce

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

License Manager for WooCommerce

Plugin Slug:
license-manager-for-woocommerce

Vulnerability:
Sensitive Data Exposure

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Lifeline Donation

Plugin Slug:
lifeline-donation

Vulnerability:
Broken Authentication

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

Page Builder: Live Composer

Plugin Slug:
live-composer-page-builder

Vulnerability:
PHP Object Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Page Builder: Live Composer

Plugin Slug:
live-composer-page-builder

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Page Builder: Live Composer

Plugin Slug:
live-composer-page-builder

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Master Slider

Plugin Slug:
master-slider

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Master Slider

Plugin Slug:
master-slider

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Master Slider

Plugin Slug:
master-slider

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

MIMO Woocommerce Order Tracking

Plugin Slug:
mimo-woocommerce-order-tracking

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Restaurant Reservations

Plugin Slug:
nd-restaurant-reservations

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

WordPress Picture / Portfolio / Media Gallery

Plugin Slug:
nimble-portfolio

Vulnerability:
Server Side Request Forgery (SSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

OSM Map Widget for Elementor

Plugin Slug:
osm-map-elementor

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Page Builder Sandwich – Front-End Page Builder

Plugin Slug:
page-builder-sandwich

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Page Builder Sandwich – Front-End Page Builder

Plugin Slug:
page-builder-sandwich

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Page Builder Sandwich – Front-End Page Builder

Plugin Slug:
page-builder-sandwich

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode

Plugin Slug:
paypal-pay-buy-donation-and-cart-buttons-shortcode

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

PDF Viewer for Elementor

Plugin Slug:
pdf-viewer-for-elementor

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Photo Video Gallery Master

Plugin Slug:
photo-video-gallery-master

Vulnerability:
PHP Object Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin:

phpinfo() WP

Plugin Slug:
phpinfo-wp

Vulnerability:
Sensitive Data Exposure

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Play.ht

Plugin Slug:
play-ht

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Promolayer

Plugin Slug:
promolayer-popup-builder

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Replace Image

Plugin Slug:
replace-image

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Shortcode Addons

Plugin Slug:
shortcode-addons

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Sketchfab Embed

Plugin Slug:
sketchfab-oembed

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Slideshow SE

Plugin Slug:
slideshow-se

Vulnerability:
Local File Inclusion

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Slideshow SE

Plugin Slug:
slideshow-se

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

SP Project & Document Manager

Plugin Slug:
sp-client-document-manager

Vulnerability:
Directory Traversal

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Transition Slider – Responsive Image Slider and Gallery

Plugin Slug:
transition-slider-lite

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

User Rights Access Manager

Plugin Slug:
user-rights-access-manager

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Tabs

Plugin Slug:
vc-tabs

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Wheel of Life

Plugin Slug:
wheel-of-life

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

WishList Member X

Plugin Slug:
wishlist-member-x

Vulnerability:
Sensitive Data Exposure

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

WishList Member X

Plugin Slug:
wishlist-member-x

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

WishList Member X

Plugin Slug:
wishlist-member-x

Vulnerability:
Denial of Service Attack

Patched in Version:
No Fix

Severity Score:
High

Plugin:

WishList Member X

Plugin Slug:
wishlist-member-x

Vulnerability:
Sensitive Data Exposure

Patched in Version:
No Fix

Severity Score:
High

Plugin:

WishList Member X

Plugin Slug:
wishlist-member-x

Vulnerability:
Arbitrary Code Execution

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

WishList Member X

Plugin Slug:
wishlist-member-x

Vulnerability:
Arbitrary File Deletion

Patched in Version:
No Fix

Severity Score:
High

Plugin:

WishList Member X

Plugin Slug:
wishlist-member-x

Vulnerability:
Privilege Escalation

Patched in Version:
No Fix

Severity Score:
High

Plugin:

WishList Member X

Plugin Slug:
wishlist-member-x

Vulnerability:
Settings Change

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Woocommerce Customers Order History

Plugin Slug:
woo-customers-order-history

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Word Balloon

Plugin Slug:
word-balloon

Vulnerability:
Local File Inclusion

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

WP Blog Post Layouts

Plugin Slug:
wp-blog-post-layouts

Vulnerability:
Local File Inclusion

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

WP Hotel Booking

Plugin Slug:
wp-hotel-booking

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

WP Logs Book

Plugin Slug:
wp-logs-book

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

WP Logs Book

Plugin Slug:
wp-logs-book

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Pexels: Free Stock Photos

Plugin Slug:
wp-pexels-free-stock-photos

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
High

Plugin:

WP Scraper

Plugin Slug:
wp-scraper

Vulnerability:
Server Side Request Forgery (SSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Widget Bundle

Plugin Slug:
wp-widget-bundle

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Widget Bundle

Plugin Slug:
wp-widget-bundle

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Widget Bundle

Plugin Slug:
wp-widget-bundle

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
loco-translate

Installations
1,000,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.6.10

Severity Score:
Medium

Plugin Slug:
wp-smushit

Installations
1,000,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.16.5

Severity Score:
Medium

Plugin Slug:
better-wp-security

Installations
900,000+

Vulnerability:
Denial of Service Attack

Patched in Version:
9.3.2

Severity Score:
Low

Plugin Slug:
siteguard

Installations
500,000+

Vulnerability:
Bypass Vulnerability

Patched in Version:
1.7.7

Severity Score:
Medium

Plugin Slug:
wp-seopress

Installations
300,000+

Vulnerability:
Open Redirection

Patched in Version:
7.8

Severity Score:
Medium

Plugin Slug:
wp-seopress

Installations
300,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
7.8

Severity Score:
Medium

Plugin Slug:
wp-seopress

Installations
300,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
7.9.1

Severity Score:
Medium

Plugin Slug:
cartflows

Installations
200,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.0.8

Severity Score:
Medium

Plugin Slug:
themeisle-companion

Installations
200,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.10.35

Severity Score:
Medium

Plugin Slug:
envira-gallery-lite

Installations
100,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.8.8

Severity Score:
Medium

Plugin Slug:
defender-security

Installations
90,000+

Vulnerability:
Broken Authentication

Patched in Version:
3.3.3

Severity Score:
Medium

Plugin Slug:
depicter

Installations
90,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.1.0

Severity Score:
Medium

Plugin Slug:
email-subscribers

Installations
90,000+

Vulnerability:
SQL Injection

Patched in Version:
5.7.24

Severity Score:
Critical

Plugin Slug:
paid-memberships-pro

Installations
90,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
3.0

Severity Score:
Medium

Plugin Slug:
media-library-assistant

Installations
70,000+

Vulnerability:
SQL Injection

Patched in Version:
3.17

Severity Score:
High

Plugin Slug:
ameliabooking

Installations
60,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.1.6

Severity Score:
Medium

Plugin Slug:
metronet-profile-picture

Installations
60,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.6.2

Severity Score:
Medium

Plugin Slug:
wp-2fa

Installations
60,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
2.6.4

Severity Score:
Medium

Plugin Slug:
convertkit

Installations
50,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.4.9.1

Severity Score:
Medium

Plugin Slug:
robo-gallery

Installations
50,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.2.20

Severity Score:
Medium

Plugin Slug:
robo-gallery

Installations
50,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
3.2.20

Severity Score:
Medium

Plugin Slug:
sina-extension-for-elementor

Installations
50,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.5.5

Severity Score:
Medium

Plugin Slug:
ultimate-blocks

Installations
50,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.1.1

Severity Score:
Medium

Plugin Slug:
wp-maintenance

Installations
50,000+

Vulnerability:
Bypass Vulnerability

Patched in Version:
6.1.9.3

Severity Score:
Medium

Plugin Slug:
ays-popup-box

Installations
30,000+

Vulnerability:
Broken Access Control

Patched in Version:
4.5.2

Severity Score:
Medium

Plugin Slug:
blossomthemes-email-newsletter

Installations
30,000+

Vulnerability:
Server Side Request Forgery (SSRF)

Patched in Version:
2.2.7

Severity Score:
Medium

Plugin Slug:
greenshift-animation-and-page-builder-blocks

Installations
30,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
8.9.4

Severity Score:
Medium

Plugin Slug:
themify-wc-product-filter

Installations
30,000+

Vulnerability:
SQL Injection

Patched in Version:
1.5.0

Severity Score:
Critical

Plugin Slug:
wp-hide-backed-notices

Installations
30,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.3.1

Severity Score:
Medium

Plugin Slug:
wp-svg-images

Installations
30,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.3

Severity Score:
Medium

Plugin Slug:
branda-white-labeling

Installations
20,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.4.18

Severity Score:
Medium

Plugin Slug:
cryout-serious-slider

Installations
20,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.2.5

Severity Score:
Medium

Plugin Slug:
table-addons-for-elementor

Installations
20,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.1.3

Severity Score:
Medium

Plugin Slug:
wpzoom-elementor-addons

Installations
20,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.1.39

Severity Score:
Medium

Plugin Slug:
business-directory-plugin

Installations
10,000+

Vulnerability:
CSV Injection

Patched in Version:
6.4.4

Severity Score:
Medium

Plugin Slug:
jetwidgets-for-elementor

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.0.18

Severity Score:
Medium

Plugin Slug:
masterstudy-lms-learning-management-system

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.2.13

Severity Score:
High

Plugin Slug:
masterstudy-lms-learning-management-system

Installations
10,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
3.2.2

Severity Score:
Medium

Plugin Slug:
sparkle-demo-importer

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.4.8

Severity Score:
Medium

Plugin Slug:
wp-child-theme-generator

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.1.2

Severity Score:
Medium

Plugin Slug:
wp-post-author

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.6.8

Severity Score:
Medium

Plugin Slug:
vimeography

Installations
8,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.4.2

Severity Score:
Medium

Plugin Slug:
wp-magazine-modules-lite

Installations
7,000+

Vulnerability:
Local File Inclusion

Patched in Version:
1.1.3

Severity Score:
High

Plugin Slug:
wpadverts

Installations
6,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.1.3

Severity Score:
Medium

Plugin Slug:
salon-booking-system

Installations
5,000+

Vulnerability:
Arbitrary File Deletion

Patched in Version:
10.0

Severity Score:
High

Plugin Slug:
salon-booking-system

Installations
5,000+

Vulnerability:
Arbitrary File Upload

Patched in Version:
10.3

Severity Score:
Critical

Plugin Slug:
wp-job-portal

Installations
5,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.1.4

Severity Score:
Medium

Plugin Slug:
wp-job-portal

Installations
5,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.1.4

Severity Score:
Medium

Plugin Slug:
instawp-connect

Installations
4,000+

Vulnerability:
Arbitrary File Upload

Patched in Version:
0.1.0.39

Severity Score:
Critical

Plugin Slug:
tickera-event-ticketing-system

Installations
4,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.5.2.9

Severity Score:
Medium

Plugin Slug:
maxgalleria

Installations
3,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
6.4.5

Severity Score:
Medium

Plugin Slug:
newsletters-lite

Installations
3,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
4.9.8

Severity Score:
Medium

Plugin Slug:
propertyhive

Installations
3,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.0.10

Severity Score:
Medium

Plugin Slug:
wp-lister-for-ebay

Installations
3,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
3.5.9

Severity Score:
High

Plugin Slug:
affiliate-toolkit-starter

Installations
2,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
3.4.5

Severity Score:
Medium

Plugin Slug:
groundhogg

Installations
2,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
3.4.3

Severity Score:
Medium

Plugin Slug:
meeting-scheduler-by-vcita

Installations
2,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.4.3

Severity Score:
High

Plugin Slug:
meeting-scheduler-by-vcita

Installations
2,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.4.1

Severity Score:
Medium

Plugin Slug:
wp-secure-maintainance

Installations
2,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.7

Severity Score:
Medium

Plugin Slug:
church-admin

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.4.5

Severity Score:
Medium

Plugin Slug:
easy-age-verify

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.8.3

Severity Score:
Medium

Plugin Slug:
falang

Installations
1,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.3.52

Severity Score:
Medium

Plugin Slug:
login-with-phone-number

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.7.35

Severity Score:
High

Plugin Slug:
newspack-newsletters

Installations
1,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.13.3

Severity Score:
Medium

Plugin Slug:
shariff-sharing

Installations
1,000+

Vulnerability:
Local File Inclusion

Patched in Version:
4.6.14

Severity Score:
Critical

Plugin Slug:
sirv

Installations
1,000+

Vulnerability:
Arbitrary File Upload

Patched in Version:
7.2.7

Severity Score:
Critical

Plugin Slug:
typing-text

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.2.6

Severity Score:
Medium

Plugin Slug:
wppizza

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.18.14

Severity Score:
High

Plugin Slug:
responsive-video-embed

Installations
900+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
0.5.1

Severity Score:
Medium

Plugin Slug:
squeeze

Installations
200+

Vulnerability:
Arbitrary File Upload

Patched in Version:
1.4.1

Severity Score:
Critical

Plugin:

Bricks Builder (Premium)

Plugin Slug:
bricksbuilder

Vulnerability:
Insecure Direct Object References (IDOR)

Patched in Version:
1.9.9

Severity Score:
Medium

Plugin:

Consulting Elementor Widgets

Plugin Slug:
consulting-elementor-widgets

Vulnerability:
Local File Inclusion

Patched in Version:
1.3.1

Severity Score:
High

Plugin:

Consulting Elementor Widgets

Plugin Slug:
consulting-elementor-widgets

Vulnerability:
Remote Code Execution (RCE)

Patched in Version:
1.3.1

Severity Score:
Critical

Plugin:

Consulting Elementor Widgets

Plugin Slug:
consulting-elementor-widgets

Vulnerability:
SQL Injection

Patched in Version:
1.3.1

Severity Score:
High

Plugin:

Consulting Elementor Widgets

Plugin Slug:
consulting-elementor-widgets

Vulnerability:
Local File Inclusion

Patched in Version:
1.3.1

Severity Score:
Critical

Plugin:

Cost Calculator Builder Pro

Plugin Slug:
cost-calculator-builder-pro

Vulnerability:
Content Spoofing

Patched in Version:
3.1.76

Severity Score:
Medium

Plugin:

Hercules Core

Plugin Slug:
hercules-core

Vulnerability:
Settings Change

Patched in Version:
6.7

Severity Score:
High

Plugin:

Ibtana

Plugin Slug:
ibtana-visual-editor

Vulnerability:
Broken Access Control

Patched in Version:
1.2.3.4

Severity Score:
Medium

Plugin:

Ibtana

Plugin Slug:
ibtana-visual-editor

Vulnerability:
Broken Access Control

Patched in Version:
1.2.3.4

Severity Score:
Medium

Plugin:

Newspack Blocks

Plugin Slug:
newspack-blocks

Vulnerability:
Sensitive Data Exposure

Patched in Version:
3.0.9

Severity Score:
High

Plugin:

The Plus Addons for Elementor Pro

Plugin Slug:
theplus_elementor_addon

Vulnerability:
Local File Inclusion

Patched in Version:
5.6.0

Severity Score:
High

Plugin:

The Plus Addons for Elementor Pro

Plugin Slug:
theplus_elementor_addon

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
5.6.0

Severity Score:
High

Plugin:

Uber Menu

Plugin Slug:
ubermenu

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
3.8.4

Severity Score:
Medium

Plugin:

Shortcodes by United Themes

Plugin Slug:
ut-shortcodes

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
5.0.5

Severity Score:
High

Plugin:

WP Job Manager – Resume Manager

Plugin Slug:
wp-job-manager-resumes

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.2.0

Severity Score:
Medium

WordPress Themes — 15 Patched / 3 Unpatched

Theme Slug:
sinatra

Downloads
1,639,897

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Theme:

Grey Opaque

Theme Slug:
grey-opaque

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Theme:

Mosaic

Theme Slug:
mosaic

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Theme Slug:
book-landing-page

Downloads
128,701

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.2.4

Severity Score:
Medium

Theme Slug:
chic-lite

Downloads
216,515

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.1.4

Severity Score:
Medium

Theme Slug:
customizr

Downloads
4,188,035

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
4.4.22

Severity Score:
Medium

Theme Slug:
digital-newspaper

Downloads
47,141

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.1.6

Severity Score:
Medium

Theme Slug:
education-zone

Downloads
444,963

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.3.5

Severity Score:
Medium

Theme Slug:
excellent

Downloads
116,583

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.3.0

Severity Score:
Medium

Theme Slug:
hueman

Downloads
3,005,399

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
3.7.25

Severity Score:
Medium

Theme Slug:
interface

Downloads
429,855

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.1.1

Severity Score:
Medium

Theme Slug:
materialis

Downloads
255,867

Vulnerability:
Broken Access Control

Patched in Version:
1.1.30

Severity Score:
Medium

Theme Slug:
vandana-lite

Downloads
117,403

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.2.0

Severity Score:
Medium

Theme Slug:
vilva

Downloads
441,200

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.2.3

Severity Score:
Medium

Theme:

Divi

Theme Slug:
divi

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.25.2

Severity Score:
Medium

Theme:

Enfold

Theme Slug:
enfold

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
5.6.10

Severity Score:
High

Theme:

Flatsome

Theme Slug:
flatsome

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.19.0

Severity Score:
Medium

Theme:

Flatsome

Theme Slug:
flatsome

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.19.0

Severity Score:
Medium

Solid Security is part of Solid Suite — The best foundation for WordPress websites.

Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!

Get Solid Security

Keep reading the article at Blog – SolidWP. The article was originally written by Sarah Zuercher on 2024-06-26 09:43:31.

The article was hand-picked and curated for you by the Editorial Team of WP Archives.

Disclosure: Some of the links in this post are "affiliate links." This means if you click on the link and purchase the product, We may receive an affiliate commission.

WordPress Vulnerability Report — December 4, 2024

WordPress

In this report, 200 vulnerabilities have been publicly disclosed. Security patches for 120 of these plugins are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 80 plugin vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

window[“232c5bfe_90a2_4f6a_87e9_ee56d02269a7”] = {“blockId”:”232c5bfe-90a2-4f6a-87e9-ee56d02269a7″,”type”:”warning”,”content”:”

Along with poor user account security, vulnerable plugins and themes are among the top reasons why WordPress websites get hacked. Unfortunately, cyberattacks are increasing in volume and sophistication. They’re also increasingly aimed at small to mid-sized businesses.”,”className”:””};

Along with poor user account security, vulnerable plugins and themes are among the top reasons why WordPress websites get hacked. Unfortunately, cyberattacks are increasing in volume and sophistication. They’re also increasingly aimed at small to mid-sized businesses.

window[“08164916_2ec4_438c_814b_8c9891aa5f81”] = {“blockId”:”08164916-2ec4-438c-814b-8c9891aa5f81″,”className”:””,”isOpen”:true};

Table of Contents

1. WordPress Core

2. WordPress Plugins — 156 Patched / 179 Unpatched

2.1
WP Mega Menu

2.2
WPCargo Track & Trace

2.3
Awesome Support – WordPress HelpDesk & Support Plugin

2.4
Axeptio – Cookie Banner – GDPR Consent & Compliance with a friendly touch

2.5
Radio Player – Live Shoutcast, Icecast and Any Audio Stream Player for WordPress

2.6
EazyDocs – Most Powerful Knowledge base, wiki, Documentation Builder Plugin

2.7
News Ticker for Elementor

2.8
WP Menu Image

2.9
Smaily for WP

2.10
SQL Chart Builder

2.11
Job Board Manager

2.12
SIP Calculator

2.13
LDD Directory Lite

2.14
The Permalinker

2.15
Nias course | ???? ??? ????

2.16
Role Includer

2.17
Radius Blocks – WordPress Gutenberg Blocks

2.18
WordPress HelpDesk & Support Ticket System Plugin – Octrace Support

2.19
WP Cookies Enabler

2.20
Advanced Blog Post Block

2.21
Poll, Poll Forms – WordPress Poll plugin by Poll Builder

2.22
Woocommerce Blocks – Woolook

2.23
WP-NERD Toolkit

2.24
3D Avatar User Profile

2.25
Add image to Post

2.26
Advance Menu Manager

2.27
Advanced Data Table For Elementor

2.28
Advanced Fancybox

2.29
Advanced What should we write next about

2.30
AI Post Generator | AutoWriter

2.31
Zita Site Builder

2.32
Amazon Product Price

2.33
Animated Counters

2.34
Aphorismus

2.35
AppMaps

2.36
Appsplate

2.37
Arabic Webfonts

2.38
Arena.IM – Live Blogging for real-time events

2.39
Arena.IM – Live Blogging for real-time events

2.40
Firebase OTP Authentication

2.41
Banner System

2.42
Bet sport Free

2.43
Better WP Login Page

2.44
Bootstrap Buttons

2.45
Buk

2.46
Caldera SMTP Mailer

2.47
Mollie for Contact Form 7

2.48
??????

2.49
CK and SyntaxHighlighter

2.50
Code Generator Pro

2.51
Comments On Feed

2.52
Companion Portfolio

2.53
Connatix Video Embed

2.54
CoSchool LMS

2.55
Crafthemes Demo Import

2.56
Cricket Live Score

2.57
Critical Site Intel

2.58
CRUDLab Google Plus Button

2.59
CSV to html

2.60
Custom Skins Contact Form 7

2.61
Ultimate Endpoints With Rest Api

2.62
Mimoos

2.63
Display Future Posts

2.64
Dr Affiliate

2.65
DTC Documents

2.66
Easy Site Importer

2.67
ECT Product Carousel

2.68
ECT Social Share

2.69
EELV Newsletter

2.70
Mandrill WP

2.71
eTemplates

2.72
Evernote Sync

2.73
Feedpress Generator

2.74
Flaming Forms

2.75
Flash News / Post (Responsive)

2.76
Floating Video Player

2.77
Gaxx Keywords

2.78
Geoportail Shortcode

2.79
Get Post Content Shortcode

2.80
GitSync

2.81
glomex oEmbed

2.82
Go Animate

2.83
Grid Plus

2.84
Gutensee

2.85
Opt-In Downloads

2.86
Hello In All Languages

2.87
Horizontal scroll image slideshow

2.88
HostFact bestelformulier integratie

2.89
HQ Rental Software

2.90
IDer Login

2.91
Image Mapper

2.92
Increase Sociability

2.93
Insertify

2.94
Instant Appointment

2.95
jCarousel

2.96
Jet Footer Code

2.97
KH Easy User Settings

2.98
Kredeum NFTs

2.99
kvCORE IDX

2.100
LaunchPage.app Importer

2.101
Leader

2.102
LeaderBoard Plugin

2.103
Library Management System

2.104
Like in Vk.com

2.105
Category of Posts

2.106
ListApp Mobile Manager

2.107
LionScripts: Site Maintenance & Noindex Nofollow Plugin

2.108
MDC Comment Toolbar

2.109
Metrika

2.110
Minterpress

2.111
Multiple Admin Emails

2.112
My IDX Home Search

2.113
addWeather

2.114
Nabz Image Gallery

2.115
Navayan CSV Export

2.116
Newsletter Subscriptions

2.117
Onlywire Multi Autosubmitter

2.118
Order Delivery & Pickup Location Date Time

2.119
phZoom

2.120
PixProof

2.121
Popup Surveys & Polls for WordPress (Mare.io)

2.122
Portfolio – Filterable Masonry Portfolio Gallery for Professionals

2.123
Post Carousel & Slider

2.124
Posts and Products Views for WooCommerce

2.125
Posts Date Ranges

2.126
PowerFormBuilder

2.127
Push Monkey Pro – Web Push Notifications and WooCommerce Abandoned Cart

2.128
Quietly Insights

2.129
Share Buttons – Social Media

2.130
Saksh Escrow System

2.131
Saoshyant Element

2.132
SeedProd Pro

2.133
SeedProd Pro

2.134
SeedProd Pro

2.135
Service

2.136
Sign In With Google

2.137
Simple Booking Widget

2.138
Slope Widgets

2.139
Social Media Sharing

2.140
SOPA Blackout

2.141
WP Simple Pay Lite Manager

2.142
Surbma | SalesAutopilot Shortcode

2.143
SVG Shortcode

2.144
TagGator

2.145
TCBD Popover

2.146
Tidy Up

2.147
TPG Get Posts

2.148
TSB Occasion Editor

2.149
Ui Slider Filter By Price

2.150
Utech World Time

2.151
vBSSO-lite

2.152
Visual Recent Posts

2.153
Visualmodo Elements

2.154
Website Toolbox Community

2.155
WooCommerce Cart Count Shortcode

2.156
WooCommerce Basic Ordernumbers

2.157
WordPress Filter

2.158
Wovax IDX

2.159
WP-Ban-User

2.160
WP Fiddle

2.161
WP Flipkart Importer

2.162
WP-HideThat

2.163
Wp Login with Ajax

2.164
WP Controller

2.165
Wp NssUser Register

2.166
Wp photo text slider 50

2.167
WP Service Payment Form With Authorize.net

2.168
Tithe.ly Giving Button

2.169
WP?????

2.170
WPBookit

2.171
Admin Customization

2.172
Wr Age Verification

2.173
Wr Age Verification

2.174
XML Multilanguage Sitemap Generator

2.175
XPD Reduce Image Filesize

2.176
YDS Support Ticket System

2.177
States Map US

2.178
YooBar

2.179
Youtube Video Grid

2.180
WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More

2.181
MainWP Child – Securely Connects to the MainWP Dashboard to Manage Multiple Sites

2.182
Ninja Forms – The Contact Form Builder That Grows With You

2.183
The Events Calendar

2.184
User Role Editor

2.185
Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder

2.186
Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder

2.187
SiteOrigin Widgets Bundle

2.188
Gutenberg Blocks with AI by Kadence WP – Page Builder Features

2.189
Members – Membership & User Role Editor Plugin

2.190
Popup Builder – Create highly converting, mobile friendly marketing popups.

2.191
Unlimited Elements For Elementor (Free Widgets, Addons, Templates)

2.192
Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress

2.193
Beaver Builder – WordPress Page Builder

2.194
Image Widget

2.195
LuckyWP Table of Contents

2.196
Web Stories

2.197
LearnPress – WordPress LMS Plugin

2.198
LearnPress – WordPress LMS Plugin

2.199
AI Engine

2.200
Ajax Search Lite – Live Search & Filter

2.201
Bold Page Builder

2.202
Calculated Fields Form

2.203
Easy Digital Downloads – eCommerce Payments and Subscriptions made easy

2.204
Ultimate Blocks – WordPress Blocks Plugin

2.205
Greenshift – animation and page builder blocks

2.206
?????? ????? ??????? Persian WooCommerce SMS

2.207
FULL – Cliente

2.208
NotificationX – Live Sales Notification, WooCommerce Sales Popup, FOMO, Social Proof, Announcement Banner & Floating Notification Top Bar

2.209
PPWP – Password Protect Pages

2.210
New User Approve

2.211
Rate My Post – Star Rating Plugin by FeedbackWP

2.212
Minify HTML

2.213
s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions

2.214
Simple Side Tab

2.215
Essential Real Estate

2.216
Cookie Consent, Consent Log, Cookie Scanner, Script Blocker (for GDPR, CCPA & ePrivacy) : WP Cookie Consent

2.217
MyParcel

2.218
Events Addon for Elementor

2.219
PowerPack Lite for Beaver Builder

2.220
Primary Addon for Elementor

2.221
Notibar – Notification Bar for WordPress

2.222
Notibar – Notification Bar for WordPress

2.223
Vimeography: Vimeo Video Gallery WordPress Plugin

2.224
OAuth Single Sign On – SSO (OAuth Client)

2.225
Coupon Affiliates – Affiliate Plugin for WooCommerce

2.226
WPMobile.App — Android and iOS Mobile Application

2.227
ElementsReady Addons for Elementor

2.228
EventPrime – Events Calendar, Bookings and Tickets

2.229
GEO my WP

2.230
MStore API – Create Native Android & iOS Apps On The Cloud

2.231
WP Crowdfunding

2.232
WP Crowdfunding

2.233
Hash Form – Drag & Drop Form Builder

2.234
Cognito Forms

2.235
Falcon – WordPress Optimizations & Tweaks

2.236
Online Booking & Scheduling Calendar for WordPress by vcita

2.237
Active Products Tables for WooCommerce. Use constructor to create tables

2.238
Responsive Filterable Portfolio

2.239
Restaurant & Cafe Addon for Elementor

2.240
Restrict – membership, site, content and user access restrictions for WordPress

2.241
Simple Link Directory

2.242
WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin

2.243
360 Javascript Viewer

2.244
Barcode Scanner and Inventory manager. POS (Point of Sale) – scan barcodes & create orders with barcode reader.

2.245
FormFacade – WordPress plugin for Google Forms

2.246
ForumWP – Forum & Discussion Board

2.247
ImageRecycle pdf & image compression

2.248
Memberful – Membership Plugin

2.249
Posti Shipping

2.250
Simple Restrict

2.251
RapidLoad – Optimize Web Vitals Automatically

2.252
NiceJob

2.253
Property Hive Mortgage Calculator

2.254
Property Hive Stamp Duty Calculator

2.255
WPC Order Notes for WooCommerce

2.256
Quran multilanguage Text & Audio

2.257
Waymark

2.258
WP Pipes

2.259
AR for WordPress

2.260
Car Dealer (Dealership) and Vehicle sales

2.261
Device Detector

2.262
Last Viewed Posts by WPBeginner

2.263
Out of the Block: OpenStreetMap

2.264
AIcomments – ??????????? ? ?????? ChatGPT

2.265
CM Answers – Powerful WordPress Forum Plugin

2.266
Cryptocurrency Price Widget

2.267
iChart – Easy Charts and Graphs

2.268
Mark New Posts

2.269
WP Email Log – PostBox

2.270
Spreadr Woocommerce Plugin – Amazon Importer for Dropshipping and Affiliate

2.271
Spreadr Woocommerce Plugin – Amazon Importer for Dropshipping and Affiliate

2.272
Themify Store Locator

2.273
WooCommerce Additional Fees On Checkout (Free)

2.274
Gutenberg Blocks and Page Layouts – Attire Blocks

2.275
Projectopia – WordPress Project Management

2.276
Payment Gateway Per Product for WooCommerce

2.277
Check Pincode For Woocommerce

2.278
Currency Converter Widget ? PRO

2.279
NewsmanApp

2.280
Print Science Designer

2.281
Stop Registration Spam

2.282
WP BASE Booking of Appointments, Services and Events

2.283
WP Mailster

2.284
AutoWP – AI Content Writer & Rewriter

2.285
Booking System Trafft

2.286
dejure.org Vernetzungsfunktion

2.287
Email Reminders

2.288
J&T Express Malaysia

2.289
Revi.io – Customer & Products Reviews

2.290
WordPress Post Grid Layouts with Pagination – Sogrid

2.291
WordPress Post Grid Layouts with Pagination – Sogrid

2.292
Staggs – Product Configurator Toolkit

2.293
Lifetime free Drag & Drop Contact Form Builder for WordPress VForm

2.294
Video & Photo Gallery for Ultimate Member

2.295
Gou Manage My Account Menu – User Roles

2.296
ICDSoft Reseller Store

2.297
Ksher

2.298
Media Downloader

2.299
CRM Perks – WordPress HelpDesk Integration – Zendesk, Freshdesk, HelpScout

2.300
Invoice Payment for WooCommerce

2.301
Seraphinite Bulk Discounts for WooCommerce

2.302
Hurrakify

2.303
SMS for WooCommerce

2.304
Hive Support | AI-Powered Help Desk, Live Chat & AI Chat Bot Plugin for WordPress

2.305
Hive Support | AI-Powered Help Desk, Live Chat & AI Chat Bot Plugin for WordPress

2.306
AIKCT Engine Chatbot, ChatGPT, Gemini, GPT-4o Best AI Chatbot

2.307
LabelGrid Tools

2.308
Simple Payment

2.309
CarDealerPress

2.310
CE21 Suite

2.311
EduAdmin Booking

2.312
Hack-Info

2.313
FloristPress – Customize your Woo store for your Florist

2.314
CleverNode Related Content

2.315
Connect Contact Form 7 to Constant Contact V3

2.316
Fancy Roller Scroller

2.317
I Plant A Tree

2.318
ImmoToolBox Connect

2.319
Newsletter, Email Marketing, Email Subscriber – Mail Picker

2.320
Simple Presenter

2.321
SMSify

2.322
UNIVERSAM

2.323
WP Currency Exchange Rates

2.324
WP Quick Shop

2.325
DX Dark Site

2.326
FooGallery Premium

2.327
GeoFlickr

2.328
Hello Event Widgets For Elementor

2.329
WP SuperBackup

2.330
Kundgenerator

2.331
Quran Phrases About Most People Shortcodes

2.332
Responsive Google Maps | by imbaa

2.333
Termin-Kalender

2.334
WooCommerce PDF Vouchers

2.335
WP All Import Pro

3. WordPress Themes — 8 Patched / 2 Unpatched

3.1
Olivia

3.2
Zerif Lite

3.3
Barter

3.4
Bicycleshop

3.5
Brand

3.6
hmd

3.7
Plain Post

3.8
Avada

3.9
Woffice

3.10
WoodMart

window[“38b63bb1_4213_49b4_8264_a3a5bba58f17”] = {“blockId”:”38b63bb1-4213-49b4-8264-a3a5bba58f17″,”type”:”notice”,”content”:”

Our WordPress Vulnerability Reportu00a0covers the latest emerging WordPress plugin, theme, and core vulnerabilities. Each vulnerability will have a severity rating ofu00a0Low,u00a0Medium,u00a0High, oru00a0Critical. Responsible disclosure of vulnerabilities is essential to keeping the WordPress community safe. Please share this report to help spread the word and make WordPress u2014 and the web u2014 more secure.”,”className”:””};

Our WordPress Vulnerability Report covers the latest emerging WordPress plugin, theme, and core vulnerabilities. Each vulnerability will have a severity rating of Low, Medium, High, or Critical. Responsible disclosure of vulnerabilities is essential to keeping the WordPress community safe. Please share this report to help spread the word and make WordPress — and the web — more secure.

WordPress Core

WordPress 6.7.1 is available! This minor release features 16 bug fixes throughout Core and the Block Editor.

window[“6153f4de_5184_4344_b4c2_c090976c1a23”] = {“blockId”:”6153f4de-5184-4344-b4c2-c090976c1a23″,”text”:”No new core vulnerabilities were disclosed this week.”,”className”:””};

No new core vulnerabilities were disclosed this week.

WordPress Plugins — 120 Patched / 80 Unpatched

s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions

Plugin:

s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions

Plugin Slug:
s2member

Installations
10,000+

Vulnerability:
Remote Code Execution (RCE)

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-51815

The vulnerability has not been patched. You should deactivate the plugin.

WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts

Plugin:

WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts

Plugin Slug:
wedevs-project-manager

Installations
8,000+

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-12015

The vulnerability has not been patched. You should deactivate the plugin.

Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg

Plugin:

Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg

Plugin Slug:
borderless

Installations
7,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-54211

The vulnerability has not been patched. You should deactivate the plugin.

Countdown Timer for Elementor

Plugin:

Countdown Timer for Elementor

Plugin Slug:
countdown-timer-for-elementor

Installations
6,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-53743

The vulnerability has not been patched. You should deactivate the plugin.

Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library )

Plugin:

Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library )

Plugin Slug:
magical-addons-for-elementor

Installations
5,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-54212

The vulnerability has not been patched. You should deactivate the plugin.

WordPress Portfolio Builder – Portfolio Gallery

Plugin:

WordPress Portfolio Builder – Portfolio Gallery

Plugin Slug:
uber-grid

Installations
5,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-53788

The vulnerability has not been patched. You should deactivate the plugin.

Post Carousel Slider for Elementor

Plugin:

Post Carousel Slider for Elementor

Plugin Slug:
post-carousel-slider-for-elementor

Installations
4,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-53749

The vulnerability has not been patched. You should deactivate the plugin.

Beds24 Online Booking

Plugin:

Beds24 Online Booking

Plugin Slug:
beds24-online-booking

Installations
2,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-10177

The vulnerability has not been patched. You should deactivate the plugin.

Random Banner

Plugin:

Random Banner

Plugin Slug:
random-banner

Installations
2,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-53787

The vulnerability has not been patched. You should deactivate the plugin.

Video Player for WPBakery

Plugin:

Video Player for WPBakery

Plugin Slug:
video-player-for-wpbakery

Installations
2,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-53747

The vulnerability has not been patched. You should deactivate the plugin.

WordPress Page Builder – Zion Builder

Plugin:

WordPress Page Builder – Zion Builder

Plugin Slug:
zionbuilder

Installations
2,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-54213

The vulnerability has not been patched. You should deactivate the plugin.

Elementor Button Plus

Plugin:

Elementor Button Plus

Plugin Slug:
fd-elementor-button-plus

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-53746

The vulnerability has not been patched. You should deactivate the plugin.

Simple Popup Plugin

Plugin:

Simple Popup Plugin

Plugin Slug:
simple-popup-plugin

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-53741

The vulnerability has not been patched. You should deactivate the plugin.

Elementor Image Gallery Plugin ( Masonry Gallery, Elementor Gallery Plugin With Captions, Elementor Portfolio Gallery Widget, Filterable Gallery )

Plugin:

Elementor Image Gallery Plugin ( Masonry Gallery, Elementor Gallery Plugin With Captions, Elementor Portfolio Gallery Widget, Filterable Gallery )

Plugin Slug:
skyboot-portfolio-gallery

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-53744

The vulnerability has not been patched. You should deactivate the plugin.

Smart Marketing SMS and Newsletters Forms

Plugin:

Smart Marketing SMS and Newsletters Forms

Plugin Slug:
smart-marketing-for-wp

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-53784

The vulnerability has not been patched. You should deactivate the plugin.

WP Revisions Manager

Plugin:

WP Revisions Manager

Plugin Slug:
wp-revisions-manager

Installations
800+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-53761

The vulnerability has not been patched. You should deactivate the plugin.

Ni WooCommerce Cost Of Goods

Plugin:

Ni WooCommerce Cost Of Goods

Plugin Slug:
ni-woocommerce-cost-of-goods

Installations
500+

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-53783

The vulnerability has not been patched. You should deactivate the plugin.

Softtemplates For Elementor

Plugin:

Softtemplates For Elementor

Plugin Slug:
softtemplates-for-elementor

Installations
200+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-53764

The vulnerability has not been patched. You should deactivate the plugin.

ArCa Payment Gateway

Plugin:

ArCa Payment Gateway

Plugin Slug:
arca-payment-gateway

Installations
100+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-53759

The vulnerability has not been patched. You should deactivate the plugin.

Stripe Donation

Plugin:

Stripe Donation

Plugin Slug:
bin-stripe-donation

Installations
100+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-53752

The vulnerability has not been patched. You should deactivate the plugin.

Capitalize My Title WordPress Plugin

Plugin:

Capitalize My Title WordPress Plugin

Plugin Slug:
capitalize-my-title

Installations
100+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-53760

The vulnerability has not been patched. You should deactivate the plugin.

CultBooking Hotel Booking Engine

Plugin:

CultBooking Hotel Booking Engine

Plugin Slug:
cultbooking-booking-engine

Installations
100+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-53753

The vulnerability has not been patched. You should deactivate the plugin.

FastBook – Responsive Appointment Booking and Scheduling System

Plugin:

FastBook – Responsive Appointment Booking and Scheduling System

Plugin Slug:
fastbook-responsive-appointment-booking-and-scheduling-system

Installations
100+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-53762

The vulnerability has not been patched. You should deactivate the plugin.

Load More Posts

Plugin:

Load More Posts

Plugin Slug:
load-more-posts

Installations
100+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-53780

The vulnerability has not been patched. You should deactivate the plugin.

Multilevel Referral Affiliate Plugin for WooCommerce

Plugin:

Multilevel Referral Affiliate Plugin for WooCommerce

Plugin Slug:
multilevel-referral-plugin-for-woocommerce

Installations
100+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-53742

The vulnerability has not been patched. You should deactivate the plugin.

Out Of Stock Badge

Plugin:

Out Of Stock Badge

Plugin Slug:
out-of-stock-badge

Installations
100+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-53754

The vulnerability has not been patched. You should deactivate the plugin.

SpatialMatch IDX

Plugin:

SpatialMatch IDX

Plugin Slug:
spatialmatch-free-lifestyle-search

Installations
100+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-53781

The vulnerability has not been patched. You should deactivate the plugin.

Third Party Cookie Eraser

Plugin:

Third Party Cookie Eraser

Plugin Slug:
third-party-cookie-eraser

Installations
100+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-53755

The vulnerability has not been patched. You should deactivate the plugin.

Vertical Carousel

Plugin:

Vertical Carousel

Plugin Slug:
vertical-carousel-slider

Installations
100+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-53756

The vulnerability has not been patched. You should deactivate the plugin.

WP Find Your Nearest

Plugin:

WP Find Your Nearest

Plugin Slug:
wp-find-your-nearest

Installations
80+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-53757

The vulnerability has not been patched. You should deactivate the plugin.

eDoc Easy Tables – Best WordPress Table Maker

Plugin:

eDoc Easy Tables – Best WordPress Table Maker

Plugin Slug:
edoc-easy-tables

Installations
60+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-53793

The vulnerability has not been patched. You should deactivate the plugin.

Simple Header and Footer

Plugin:

Simple Header and Footer

Plugin Slug:
simple-header-and-footer

Installations
60+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-53777

The vulnerability has not been patched. You should deactivate the plugin.

Yahoo! WebPlayer

Plugin:

Yahoo! WebPlayer

Plugin Slug:
yahoo-media-player

Installations
60+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-53779

The vulnerability has not been patched. You should deactivate the plugin.

Essential Breadcrumbs

Plugin:

Essential Breadcrumbs

Plugin Slug:
essential-breadcrumbs

Installations
50+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-53778

The vulnerability has not been patched. You should deactivate the plugin.

Z-Downloads

Plugin:

Z-Downloads

Plugin Slug:
z-downloads

Installations
50+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-54206

The vulnerability has not been patched. You should deactivate the plugin.

Custom Post Type to Map Store

Plugin:

Custom Post Type to Map Store

Plugin Slug:
cpt-to-map-store

Installations
40+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-53769

The vulnerability has not been patched. You should deactivate the plugin.

SimpleSchema Free

Plugin:

SimpleSchema Free

Plugin Slug:
simpleschema-free

Installations
40+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-53771

The vulnerability has not been patched. You should deactivate the plugin.

Mins To Read

Plugin:

Mins To Read

Plugin Slug:
mins-to-read

Installations
30+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-53765

The vulnerability has not been patched. You should deactivate the plugin.

RingCentral Communications Plugin – FREE

Plugin:

RingCentral Communications Plugin – FREE

Plugin Slug:
rccp-free

Installations
30+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-53770

The vulnerability has not been patched. You should deactivate the plugin.

Sparkle Elementor Kit

Plugin:

Sparkle Elementor Kit

Plugin Slug:
sparkle-elementor-kit

Installations
30+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-53774

The vulnerability has not been patched. You should deactivate the plugin.

Content Audit Exporter

Plugin:

Content Audit Exporter

Plugin Slug:
content-audit-exporter

Installations
20+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-53768

The vulnerability has not been patched. You should deactivate the plugin.

Devnex Addons For Elementor

Plugin:

Devnex Addons For Elementor

Plugin Slug:
devnex-addons-for-elementor

Installations
20+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-53766

The vulnerability has not been patched. You should deactivate the plugin.

Donate Me

Plugin:

Donate Me

Plugin Slug:
donate-me

Installations
20+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-53776

The vulnerability has not been patched. You should deactivate the plugin.

Newsletter, Email Marketing, Email Subscriber – Mail Picker

Plugin:

Newsletter, Email Marketing, Email Subscriber – Mail Picker

Plugin Slug:
mail-picker

Installations
20+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-53772

The vulnerability has not been patched. You should deactivate the plugin.

Znajd? Prac? z Praca.pl

Plugin:

Znajd? Prac? z Praca.pl

Plugin Slug:
znajdz-prace-z-pracapl

Installations
20+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-53773

The vulnerability has not been patched. You should deactivate the plugin.

Awesome Shortcodes

Plugin:

Awesome Shortcodes

Plugin Slug:
awesome-shortcodes

Installations
10+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-54209

The vulnerability has not been patched. You should deactivate the plugin.

YaDisk Files

Plugin:

YaDisk Files

Plugin Slug:
wp-yadisk-files

Installations
10+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-10710

The vulnerability has not been patched. You should deactivate the plugin.

YaDisk Files

Plugin:

YaDisk Files

Plugin Slug:
wp-yadisk-files

Installations
10+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-10709

The vulnerability has not been patched. You should deactivate the plugin.

adBuddy+ (AdBlocker Detection)

Plugin:

adBuddy+ (AdBlocker Detection)

Plugin Slug:
adbuddy-adblocker-detection

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-10510

The vulnerability has not been patched. You should deactivate the plugin.

Advanced What should we write next about

Plugin:

Advanced What should we write next about

Plugin Slug:
advanced-what-should-we-write-about-next

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-53789

The vulnerability has not been patched. You should deactivate the plugin.

AIO Contact

Plugin:

AIO Contact

Plugin Slug:
aio-contact

Vulnerability:
Settings Change

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-54218

The vulnerability has not been patched. You should deactivate the plugin.

AIO Contact

Plugin:

AIO Contact

Plugin Slug:
aio-contact

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-54219

The vulnerability has not been patched. You should deactivate the plugin.

ARForms

Plugin:

ARForms

Plugin Slug:
arforms

Vulnerability:
Path Traversal

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-54216

The vulnerability has not been patched. You should deactivate the plugin.

ARForms

Plugin:

ARForms

Plugin Slug:
arforms

Vulnerability:
Settings Change

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-54217

The vulnerability has not been patched. You should deactivate the plugin.

Best Addons for Elementor

Plugin:

Best Addons for Elementor

Plugin Slug:
best-addons-for-elementor

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-53763

The vulnerability has not been patched. You should deactivate the plugin.

Block Controller

Plugin:

Block Controller

Plugin Slug:
block-controller

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-54208

The vulnerability has not been patched. You should deactivate the plugin.

BP Profile Shortcodes Extra

Plugin:

BP Profile Shortcodes Extra

Plugin Slug:
bp-profile-shortcodes-extra

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-11732

The vulnerability has not been patched. You should deactivate the plugin.

Build App Online

Plugin:

Build App Online

Plugin Slug:
build-app-online

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-53751

The vulnerability has not been patched. You should deactivate the plugin.

Charity Addon for Elementor

Plugin:

Charity Addon for Elementor

Plugin Slug:
charity-addon-for-elementor

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-12062

The vulnerability has not been patched. You should deactivate the plugin.

Chatter

Plugin:

Chatter

Plugin Slug:
chatter

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-53785

The vulnerability has not been patched. You should deactivate the plugin.

?? ?? ?? By ?????

Plugin:

?? ?? ?? By ?????

Plugin Slug:
cosmosfarm-share-buttons

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-53745

The vulnerability has not been patched. You should deactivate the plugin.

Cowidgets – Elementor Addons

Plugin:

Cowidgets – Elementor Addons

Plugin Slug:
cowidgets-elementor-addons

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-53786

The vulnerability has not been patched. You should deactivate the plugin.

Advanced Element Bucket Addons for Elementor

Plugin:

Advanced Element Bucket Addons for Elementor

Plugin Slug:
cs-element-bucket

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-54210

The vulnerability has not been patched. You should deactivate the plugin.

DancePress (TRWA)

Plugin:

DancePress (TRWA)

Plugin Slug:
dancepress-trwa

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-53775

The vulnerability has not been patched. You should deactivate the plugin.

FAT Services Booking

Plugin:

FAT Services Booking

Plugin Slug:
fat-services-booking

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-54220

The vulnerability has not been patched. You should deactivate the plugin.

FAT Services Booking

Plugin:

FAT Services Booking

Plugin Slug:
fat-services-booking

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-54221

The vulnerability has not been patched. You should deactivate the plugin.

Lenxel Core

Plugin:

Lenxel Core

Plugin Slug:
lenxel-core

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-53791

The vulnerability has not been patched. You should deactivate the plugin.

Lenxel Core

Plugin:

Lenxel Core

Plugin Slug:
lenxel-core

Vulnerability:
Local File Inclusion

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-53790

The vulnerability has not been patched. You should deactivate the plugin.

PayPal Responder

Plugin:

PayPal Responder

Plugin Slug:
paypal-responder

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-53750

The vulnerability has not been patched. You should deactivate the plugin.

Photo Video Store

Plugin:

Photo Video Store

Plugin Slug:
photo-video-store

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-53782

The vulnerability has not been patched. You should deactivate the plugin.

Pixobe Cartography

Plugin:

Pixobe Cartography

Plugin Slug:
pixobe-cartography

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-53767

The vulnerability has not been patched. You should deactivate the plugin.

Paloma Widget

Plugin:

Paloma Widget

Plugin Slug:
postman-widget

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-54205

The vulnerability has not been patched. You should deactivate the plugin.

Pricing Tables For WPBakery Page Builder

Plugin:

Pricing Tables For WPBakery Page Builder

Plugin Slug:
pricing-tables-for-visual-composer

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-10175

The vulnerability has not been patched. You should deactivate the plugin.

Revy

Plugin:

Revy

Plugin Slug:
revy

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-54215

The vulnerability has not been patched. You should deactivate the plugin.

Revy

Plugin:

Revy

Plugin Slug:
revy

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-54214

The vulnerability has not been patched. You should deactivate the plugin.

WordPress Auction Plugin

Plugin:

WordPress Auction Plugin

Plugin Slug:
wp-auctions

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-51615

The vulnerability has not been patched. You should deactivate the plugin.

WordPress Auction Plugin

Plugin:

WordPress Auction Plugin

Plugin Slug:
wp-auctions

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-54207

The vulnerability has not been patched. You should deactivate the plugin.

Counter Up

Plugin:

Counter Up

Plugin Slug:
wp-counter-up

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-10895

The vulnerability has not been patched. You should deactivate the plugin.

WP MathJax

Plugin:

WP MathJax

Plugin Slug:
wp-mathjax-plus

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-53758

The vulnerability has not been patched. You should deactivate the plugin.

WP Mermaid

Plugin:

WP Mermaid

Plugin Slug:
wp-mermaid

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-53748

The vulnerability has not been patched. You should deactivate the plugin.

Elementor Website Builder – More than Just a Page Builder

Plugin:

Elementor Website Builder – More than Just a Page Builder

Plugin Slug:
elementor

Installations
10,000,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.25.8

Severity Score:
Medium

CVE:

2024-8236

The vulnerability has been patched, so you should update to version 3.25.8.

WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More

Plugin:

WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More

Plugin Slug:
wpforms-lite

Installations
6,000,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.9.1.6

Severity Score:
Medium

CVE:

2024-7056

The vulnerability has been patched, so you should update to version 1.9.1.6.

Spectra – WordPress Gutenberg Blocks

Plugin:

Spectra – WordPress Gutenberg Blocks

Plugin Slug:
ultimate-addons-for-gutenberg

Installations
1,000,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.16.3

Severity Score:
Medium

CVE:

2024-10484

The vulnerability has been patched, so you should update to version 2.16.3.

Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery

Plugin:

Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery

Plugin Slug:
nextgen-gallery

Installations
500,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.59.5

Severity Score:
Medium

CVE:

2024-6393

The vulnerability has been patched, so you should update to version 3.59.5.

Royal Elementor Addons and Templates

Plugin:

Royal Elementor Addons and Templates

Plugin Slug:
royal-elementor-addons

Installations
500,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.7.1004

Severity Score:
Medium

CVE:

2024-10798

The vulnerability has been patched, so you should update to version 1.7.1004.

Royal Elementor Addons and Templates

Plugin:

Royal Elementor Addons and Templates

Plugin Slug:
royal-elementor-addons

Installations
500,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.7.1002

Severity Score:
Medium

CVE:

2024-9682

The vulnerability has been patched, so you should update to version 1.7.1002.

FluentSMTP – WP SMTP Plugin with Amazon SES, SendGrid, MailGun, Postmark, Google and Any SMTP Provider

Plugin:

FluentSMTP – WP SMTP Plugin with Amazon SES, SendGrid, MailGun, Postmark, Google and Any SMTP Provider

Plugin Slug:
fluent-smtp

Installations
300,000+

Vulnerability:
PHP Object Injection

Patched in Version:
2.2.83

Severity Score:
Critical

CVE:

2024-9511

The vulnerability has been patched, so you should update to version 2.2.83.

Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE

Plugin:

Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE

Plugin Slug:
otter-blocks

Installations
300,000+

Vulnerability:
Path Traversal

Patched in Version:
3.0.7

Severity Score:
Medium

CVE:

2024-11219

The vulnerability has been patched, so you should update to version 3.0.7.

Spam protection, Anti-Spam, FireWall by CleanTalk

Plugin:

Spam protection, Anti-Spam, FireWall by CleanTalk

Plugin Slug:
cleantalk-spam-protect

Installations
200,000+

Vulnerability:
Broken Authentication

Patched in Version:
6.45

Severity Score:
High

CVE:

2024-10781

The vulnerability has been patched, so you should update to version 6.45.

Spam protection, Anti-Spam, FireWall by CleanTalk

Plugin:

Spam protection, Anti-Spam, FireWall by CleanTalk

Plugin Slug:
cleantalk-spam-protect

Installations
200,000+

Vulnerability:
Broken Authentication

Patched in Version:
6.44

Severity Score:
Critical

CVE:

2024-10542

The vulnerability has been patched, so you should update to version 6.44.

FileBird – WordPress Media Library Folders & File Manager

Plugin:

FileBird – WordPress Media Library Folders & File Manager

Plugin Slug:
filebird

Installations
200,000+

Vulnerability:
Broken Access Control

Patched in Version:
6.3.4

Severity Score:
Medium

CVE:

2024-53825

The vulnerability has been patched, so you should update to version 6.3.4.

Jeg Elementor Kit

Plugin:

Jeg Elementor Kit

Plugin Slug:
jeg-elementor-kit

Installations
200,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.6.10

Severity Score:
Medium

CVE:

2024-10308

The vulnerability has been patched, so you should update to version 2.6.10.

Jeg Elementor Kit

Plugin:

Jeg Elementor Kit

Plugin Slug:
jeg-elementor-kit

Installations
200,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
2.6.10

Severity Score:
Medium

CVE:

2024-8899

The vulnerability has been patched, so you should update to version 2.6.10.

Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress

Plugin:

Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress

Plugin Slug:
wp-user-avatar

Installations
200,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
4.15.19

Severity Score:
Medium

CVE:

2024-11083

The vulnerability has been patched, so you should update to version 4.15.19.

Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows)

Plugin:

Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows)

Plugin Slug:
bdthemes-element-pack-lite

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
5.10.6

Severity Score:
Medium

CVE:

2024-9058

The vulnerability has been patched, so you should update to version 5.10.6.

Beaver Builder – WordPress Page Builder

Plugin:

Beaver Builder – WordPress Page Builder

Plugin Slug:
beaver-builder-lite-version

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.8.4.4

Severity Score:
Medium

CVE:

2024-53797

The vulnerability has been patched, so you should update to version 2.8.4.4.

EmbedPress – Embed PDF, PDF 3D FlipBook, Instagram Social Feeds, Google Docs, Vimeo, Wistia, YouTube Videos, Maps & Upload PDF Documents

Plugin:

EmbedPress – Embed PDF, PDF 3D FlipBook, Instagram Social Feeds, Google Docs, Vimeo, Wistia, YouTube Videos, Maps & Upload PDF Documents

Plugin Slug:
embedpress

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.1.4

Severity Score:
Medium

CVE:

2024-11203

The vulnerability has been patched, so you should update to version 4.1.4.

Everest Forms – Build Contact Forms, Surveys, Polls, Quizzes, Newsletter & Application Forms, and Many More with Ease!

Plugin:

Everest Forms – Build Contact Forms, Surveys, Polls, Quizzes, Newsletter & Application Forms, and Many More with Ease!

Plugin Slug:
everest-forms

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.0.4.2

Severity Score:
Medium

CVE:

2024-10471

The vulnerability has been patched, so you should update to version 3.0.4.2.

Advanced File Manager

Plugin:

Advanced File Manager

Plugin Slug:
file-manager-advanced

Installations
100,000+

Vulnerability:
Arbitrary File Upload

Patched in Version:
5.2.11

Severity Score:
High

CVE:

2024-11391

The vulnerability has been patched, so you should update to version 5.2.11.

Social Sharing Plugin – Sassy Social Share

Plugin:

Social Sharing Plugin – Sassy Social Share

Plugin Slug:
sassy-social-share

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.3.70

Severity Score:
High

CVE:

2024-11252

The vulnerability has been patched, so you should update to version 3.3.70.

The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce

Plugin:

The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce

Plugin Slug:
the-plus-addons-for-elementor-page-builder

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
6.0.1

Severity Score:
Medium

CVE:

2024-53823

The vulnerability has been patched, so you should update to version 6.0.1.

Widget Options – The #1 WordPress Widget & Block Control Plugin

Plugin:

Widget Options – The #1 WordPress Widget & Block Control Plugin

Plugin Slug:
widget-options

Installations
100,000+

Vulnerability:
Remote Code Execution (RCE)

Patched in Version:
4.0.8

Severity Score:
Critical

CVE:

2024-8672

The vulnerability has been patched, so you should update to version 4.0.8.

Hustle – Email Marketing, Lead Generation, Optins, Popups

Plugin:

Hustle – Email Marketing, Lead Generation, Optins, Popups

Plugin Slug:
wordpress-popup

Installations
100,000+

Vulnerability:
Broken Access Control

Patched in Version:
7.8.6

Severity Score:
Medium

CVE:

2024-10580

The vulnerability has been patched, so you should update to version 7.8.6.

Hustle – Email Marketing, Lead Generation, Optins, Popups

Plugin:

Hustle – Email Marketing, Lead Generation, Optins, Popups

Plugin Slug:
wordpress-popup

Installations
100,000+

Vulnerability:
Broken Access Control

Patched in Version:
7.8.6

Severity Score:
Medium

CVE:

2024-10579

The vulnerability has been patched, so you should update to version 7.8.6.

Asset CleanUp: Page Speed Booster

Plugin:

Asset CleanUp: Page Speed Booster

Plugin Slug:
wp-asset-clean-up

Installations
100,000+

Vulnerability:
Server Side Request Forgery (SSRF)

Patched in Version:
1.3.9.9

Severity Score:
Medium

CVE:

2024-53738

The vulnerability has been patched, so you should update to version 1.3.9.9.

Parsi Date

Plugin:

Parsi Date

Plugin Slug:
wp-parsidate

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
5.1.2

Severity Score:
High

CVE:

2024-11032

The vulnerability has been patched, so you should update to version 5.1.2.

Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid

Plugin:

Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid

Plugin Slug:
boldgrid-backup

Installations
70,000+

Vulnerability:
Remote Code Execution (RCE)

Patched in Version:
1.16.7

Severity Score:
Critical

CVE:

2024-9461

The vulnerability has been patched, so you should update to version 1.16.7.

File Manager Pro – Filester

Plugin:

File Manager Pro – Filester

Plugin Slug:
filester

Installations
70,000+

Vulnerability:
Path Traversal

Patched in Version:
1.8.6

Severity Score:
High

CVE:

2024-9669

The vulnerability has been patched, so you should update to version 1.8.6.

File Manager Pro – Filester

Plugin:

File Manager Pro – Filester

Plugin Slug:
filester

Installations
70,000+

Vulnerability:
Arbitrary File Upload

Patched in Version:
1.8.5

Severity Score:
High

CVE:

2024-8066

The vulnerability has been patched, so you should update to version 1.8.5.

FOX – Currency Switcher Professional for WooCommerce

Plugin:

FOX – Currency Switcher Professional for WooCommerce

Plugin Slug:
woocommerce-currency-switcher

Installations
60,000+

Vulnerability:
Arbitrary Code Execution

Patched in Version:
1.4.2.3

Severity Score:
High

CVE:

2024-10640

The vulnerability has been patched, so you should update to version 1.4.2.3.

Bold Page Builder

Plugin:

Bold Page Builder

Plugin Slug:
bold-page-builder

Installations
50,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
5.2.2

Severity Score:
Medium

CVE:

2024-53801

The vulnerability has been patched, so you should update to version 5.2.2.

Themesflat Addons For Elementor

Plugin:

Themesflat Addons For Elementor

Plugin Slug:
themesflat-addons-for-elementor

Installations
40,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.2.3

Severity Score:
Medium

CVE:

2024-53796

The vulnerability has been patched, so you should update to version 2.2.3.

Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX

Plugin:

Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX

Plugin Slug:
ultimate-post

Installations
40,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.1.16

Severity Score:
Medium

CVE:

2024-53818

The vulnerability has been patched, so you should update to version 4.1.16.

Booster for WooCommerce

Plugin:

Booster for WooCommerce

Plugin Slug:
woocommerce-jetpack

Installations
40,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
7.2.4

Severity Score:
Medium

CVE:

2024-9170

The vulnerability has been patched, so you should update to version 7.2.4.

Security & Malware scan by CleanTalk

Plugin:

Security & Malware scan by CleanTalk

Plugin Slug:
security-malware-firewall

Installations
30,000+

Vulnerability:
SQL Injection

Patched in Version:
2.145.1

Severity Score:
Critical

CVE:

2024-10570

The vulnerability has been patched, so you should update to version 2.145.1.

Tutor LMS Elementor Addons

Plugin:

Tutor LMS Elementor Addons

Plugin Slug:
tutor-lms-elementor-addons

Installations
30,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.1.6

Severity Score:
Medium

CVE:

2024-53816

The vulnerability has been patched, so you should update to version 2.1.6.

Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy)

Plugin:

Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy)

Plugin Slug:
wp-analytify

Installations
30,000+

Vulnerability:
Broken Access Control

Patched in Version:
5.5.0

Severity Score:
Medium

CVE:

2024-53814

The vulnerability has been patched, so you should update to version 5.5.0.

Maspik – Advanced Spam Protection

Plugin:

Maspik – Advanced Spam Protection

Plugin Slug:
contact-forms-anti-spam

Installations
20,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.2.8

Severity Score:
Medium

CVE:

2024-53806

The vulnerability has been patched, so you should update to version 2.2.8.

Futurio Extra

Plugin:

Futurio Extra

Plugin Slug:
futurio-extra

Installations
20,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.0.15

Severity Score:
Medium

CVE:

2024-53802

The vulnerability has been patched, so you should update to version 2.0.15.

Logo Slider – Logo Carousel, Logo Showcase & Client Logo Slider Plugin

Plugin:

Logo Slider – Logo Carousel, Logo Showcase & Client Logo Slider Plugin

Plugin Slug:
logo-slider-wp

Installations
20,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.5.0

Severity Score:
Medium

CVE:

2024-10896

The vulnerability has been patched, so you should update to version 4.5.0.

Logo Slider – Logo Carousel, Logo Showcase & Client Logo Slider Plugin

Plugin:

Logo Slider – Logo Carousel, Logo Showcase & Client Logo Slider Plugin

Plugin Slug:
logo-slider-wp

Installations
20,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.5.0

Severity Score:
Medium

CVE:

2024-10473

The vulnerability has been patched, so you should update to version 4.5.0.

Wallet for WooCommerce

Plugin:

Wallet for WooCommerce

Plugin Slug:
woo-wallet

Installations
20,000+

Vulnerability:
Other Vulnerability Type

Patched in Version:
1.5.7

Severity Score:
Medium

CVE:

2024-7747

The vulnerability has been patched, so you should update to version 1.5.7.

Product Labels For Woocommerce (Sale Badges)

Plugin:

Product Labels For Woocommerce (Sale Badges)

Plugin Slug:
aco-product-labels-for-woocommerce

Installations
10,000+

Vulnerability:
SQL Injection

Patched in Version:
1.5.9

Severity Score:
High

CVE:

2024-53817

The vulnerability has been patched, so you should update to version 1.5.9.

CM Pop-Up Banners for WordPress

Plugin:

CM Pop-Up Banners for WordPress

Plugin Slug:
cm-pop-up-banners

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.7.6

Severity Score:
High

CVE:

2024-11202

The vulnerability has been patched, so you should update to version 1.7.6.

RegistrationMagic – User Registration Plugin with Custom Registration Forms

Plugin:

RegistrationMagic – User Registration Plugin with Custom Registration Forms

Plugin Slug:
custom-registration-form-builder-with-submission-manager

Installations
10,000+

Vulnerability:
Privilege Escalation

Patched in Version:
6.0.2.7

Severity Score:
Critical

CVE:

2024-10508

The vulnerability has been patched, so you should update to version 6.0.2.7.

NEX-Forms – Ultimate Form Builder – Contact forms and much more

Plugin:

NEX-Forms – Ultimate Form Builder – Contact forms and much more

Plugin Slug:
nex-forms-express-wp-form-builder

Installations
10,000+

Vulnerability:
SQL Injection

Patched in Version:
8.7.9

Severity Score:
High

CVE:

2024-53808

The vulnerability has been patched, so you should update to version 8.7.9.

Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction

Plugin:

Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction

Plugin Slug:
paid-member-subscriptions

Installations
10,000+

Vulnerability:
Arbitrary Code Execution

Patched in Version:
2.13.1

Severity Score:
High

CVE:

2024-10261

The vulnerability has been patched, so you should update to version 2.13.1.

Simple Side Tab

Plugin:

Simple Side Tab

Plugin Slug:
simple-side-tab

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.2.0

Severity Score:
Medium

CVE:

2024-10551

The vulnerability has been patched, so you should update to version 2.2.0.

Primary Addon for Elementor

Plugin:

Primary Addon for Elementor

Plugin Slug:
primary-addon-for-elementor

Installations
8,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.6.3

Severity Score:
Medium

CVE:

2024-10670

The vulnerability has been patched, so you should update to version 1.6.3.

Category Ajax Filter

Plugin:

Category Ajax Filter

Plugin Slug:
category-ajax-filter

Installations
7,000+

Vulnerability:
Local File Inclusion

Patched in Version:
2.8.3

Severity Score:
High

CVE:

2024-10871

The vulnerability has been patched, so you should update to version 2.8.3.

CM Tooltip Glossary

Plugin:

CM Tooltip Glossary

Plugin Slug:
enhanced-tooltipglossary

Installations
7,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.3.12

Severity Score:
High

CVE:

2024-11202

The vulnerability has been patched, so you should update to version 4.3.12.

WDesignKit – Elementor & Gutenberg Starter Templates, Patterns, Cloud Workspace & Widget Builder

Plugin:

WDesignKit – Elementor & Gutenberg Starter Templates, Patterns, Cloud Workspace & Widget Builder

Plugin Slug:
wdesignkit

Installations
7,000+

Vulnerability:
Arbitrary File Upload

Patched in Version:
1.1.0

Severity Score:
Medium

CVE:

2024-53811

The vulnerability has been patched, so you should update to version 1.1.0.

Product Input Fields for WooCommerce

Plugin:

Product Input Fields for WooCommerce

Plugin Slug:
product-input-fields-for-woocommerce

Installations
6,000+

Vulnerability:
Path Traversal

Patched in Version:
2.0

Severity Score:
Medium

CVE:

2024-10857

The vulnerability has been patched, so you should update to version 2.0.

WP Travel – Ultimate Travel Booking System, Tour Management Engine

Plugin:

WP Travel – Ultimate Travel Booking System, Tour Management Engine

Plugin Slug:
wp-travel

Installations
5,000+

Vulnerability:
Broken Access Control

Patched in Version:
9.7.0

Severity Score:
Medium

CVE:

2024-53813

The vulnerability has been patched, so you should update to version 9.7.0.

All Bootstrap Blocks

Plugin:

All Bootstrap Blocks

Plugin Slug:
all-bootstrap-blocks

Installations
4,000+

Vulnerability:
Local File Inclusion

Patched in Version:
1.3.20

Severity Score:
High

CVE:

2024-53824

The vulnerability has been patched, so you should update to version 1.3.20.

Arkhe Blocks

Plugin:

Arkhe Blocks

Plugin Slug:
arkhe-blocks

Installations
4,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.27.1

Severity Score:
Medium

CVE:

2024-53794

The vulnerability has been patched, so you should update to version 2.27.1.

Booking calendar, Appointment Booking System

Plugin:

Booking calendar, Appointment Booking System

Plugin Slug:
booking-calendar

Installations
4,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.2.16

Severity Score:
High

CVE:

2024-9504

The vulnerability has been patched, so you should update to version 3.2.16.

Pinpoint Booking System – #1 WordPress Booking Plugin

Plugin:

Pinpoint Booking System – #1 WordPress Booking Plugin

Plugin Slug:
booking-system

Installations
4,000+

Vulnerability:
SQL Injection

Patched in Version:
2.9.9.5.2

Severity Score:
High

CVE:

2024-53815

The vulnerability has been patched, so you should update to version 2.9.9.5.2.

CM WordPress Search And Replace Plugin

Plugin:

CM WordPress Search And Replace Plugin

Plugin Slug:
cm-on-demand-search-and-replace

Installations
4,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.4.3

Severity Score:
High

CVE:

2024-11202

The vulnerability has been patched, so you should update to version 1.4.3.

Image Alt Text

Plugin:

Image Alt Text

Plugin Slug:
image-alt-text

Installations
4,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.0.0

Severity Score:
Medium

CVE:

2024-11918

The vulnerability has been patched, so you should update to version 3.0.0.

Sp*tify Play Button for WordPress

Plugin:

Sp*tify Play Button for WordPress

Plugin Slug:
spotify-play-button-for-wordpress

Installations
4,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.12

Severity Score:
Medium

CVE:

2024-11192

The vulnerability has been patched, so you should update to version 2.12.

Watu Quiz

Plugin:

Watu Quiz

Plugin Slug:
watu

Installations
4,000+

Vulnerability:
SQL Injection

Patched in Version:
3.4.1.3

Severity Score:
High

CVE:

2024-53792

The vulnerability has been patched, so you should update to version 3.4.1.3.

Additional Order Filters for WooCommerce

Plugin:

Additional Order Filters for WooCommerce

Plugin Slug:
additional-order-filters-for-woocommerce

Installations
2,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.22

Severity Score:
High

CVE:

2024-11418

The vulnerability has been patched, so you should update to version 1.22.

Cryptocurrency Widgets For Elementor

Plugin:

Cryptocurrency Widgets For Elementor

Plugin Slug:
cryptocurrency-widgets-for-elementor

Installations
2,000+

Vulnerability:
Local File Inclusion

Patched in Version:
1.6.5

Severity Score:
High

CVE:

2024-53739

The vulnerability has been patched, so you should update to version 1.6.5.

Restaurant & Cafe Addon for Elementor

Plugin:

Restaurant & Cafe Addon for Elementor

Plugin Slug:
restaurant-cafe-addon-for-elementor

Installations
2,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.6.0

Severity Score:
Medium

CVE:

2024-10780

The vulnerability has been patched, so you should update to version 1.6.0.

Client Invoicing by Sprout Invoices – Easy Estimates and Invoices for WordPress

Plugin:

Client Invoicing by Sprout Invoices – Easy Estimates and Invoices for WordPress

Plugin Slug:
sprout-invoices

Installations
2,000+

Vulnerability:
Insecure Direct Object References (IDOR)

Patched in Version:
20.8.1

Severity Score:
Medium

CVE:

2024-53819

The vulnerability has been patched, so you should update to version 20.8.1.

Sugar Calendar – Event Calendar, Event Tickets, and Event Management Platform

Plugin:

Sugar Calendar – Event Calendar, Event Tickets, and Event Management Platform

Plugin Slug:
sugar-calendar-lite

Installations
2,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.4.0

Severity Score:
High

CVE:

2024-10878

The vulnerability has been patched, so you should update to version 3.4.0.

AppPresser – Mobile App Framework

Plugin:

AppPresser – Mobile App Framework

Plugin Slug:
apppresser

Installations
1,000+

Vulnerability:
Privilege Escalation

Patched in Version:
4.4.7

Severity Score:
Critical

CVE:

2024-11024

The vulnerability has been patched, so you should update to version 4.4.7.

Attesa Extra

Plugin:

Attesa Extra

Plugin Slug:
attesa-extra

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.4.3

Severity Score:
Medium

CVE:

2024-10688

The vulnerability has been patched, so you should update to version 1.4.3.

Internal Linking for SEO traffic & Ranking – Auto internal links (100% automatic)

Plugin:

Internal Linking for SEO traffic & Ranking – Auto internal links (100% automatic)

Plugin Slug:
automatic-internal-links-for-seo

Installations
1,000+

Vulnerability:
SQL Injection

Patched in Version:
1.2.2

Severity Score:
High

CVE:

2024-11009

The vulnerability has been patched, so you should update to version 1.2.2.

BNE Gallery Extended

Plugin:

BNE Gallery Extended

Plugin Slug:
bne-gallery-extended

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.2.2

Severity Score:
Medium

CVE:

2024-11119

The vulnerability has been patched, so you should update to version 1.2.2.

Captivate Sync

Plugin:

Captivate Sync

Plugin Slug:
captivatesync-trade

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.0.26

Severity Score:
Medium

CVE:

2024-53820

The vulnerability has been patched, so you should update to version 2.0.26.

Church Admin

Plugin:

Church Admin

Plugin Slug:
church-admin

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
5.0.9

Severity Score:
Medium

CVE:

2024-53795

The vulnerability has been patched, so you should update to version 5.0.9.

Name: CM E-Mail Registration Blacklist

Plugin:

Name: CM E-Mail Registration Blacklist

Plugin Slug:
cm-email-blacklist

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.5.4

Severity Score:
High

CVE:

2024-11202

The vulnerability has been patched, so you should update to version 1.5.4.

CM Header & Footer Script Loader – Insert Script Plugin

Plugin:

CM Header & Footer Script Loader – Insert Script Plugin

Plugin Slug:
cm-header-footer-script-loader

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.2.2

Severity Score:
High

CVE:

2024-11202

The vulnerability has been patched, so you should update to version 1.2.2.

WordPress Contact Forms by Cimatti

Plugin:

WordPress Contact Forms by Cimatti

Plugin Slug:
contact-forms

Installations
1,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.9.3

Severity Score:
Medium

CVE:

2024-10521

The vulnerability has been patched, so you should update to version 1.9.3.

Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal, Social Share Buttons

Plugin:

Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal, Social Share Buttons

Plugin Slug:
contest-gallery

Installations
1,000+

Vulnerability:
Privilege Escalation

Patched in Version:
24.0.8

Severity Score:
Critical

CVE:

2024-11103

The vulnerability has been patched, so you should update to version 24.0.8.

InPost Gallery

Plugin:

InPost Gallery

Plugin Slug:
inpost-gallery

Installations
1,000+

Vulnerability:
Arbitrary Code Execution

Patched in Version:
2.1.4.3

Severity Score:
Medium

CVE:

2024-11002

The vulnerability has been patched, so you should update to version 2.1.4.3.

Tumult Hype Animations

Plugin:

Tumult Hype Animations

Plugin Slug:
tumult-hype-animations

Installations
1,000+

Vulnerability:
Arbitrary File Upload

Patched in Version:
1.9.16

Severity Score:
Critical

CVE:

2024-11082

The vulnerability has been patched, so you should update to version 1.9.16.

WPCasa

Plugin:

WPCasa

Plugin Slug:
wpcasa

Installations
1,000+

Vulnerability:
Insecure Direct Object References (IDOR)

Patched in Version:
1.3.0

Severity Score:
Medium

CVE:

2024-53826

The vulnerability has been patched, so you should update to version 1.3.0.

Login with Vipps and MobilePay

Plugin:

Login with Vipps and MobilePay

Plugin Slug:
login-with-vipps

Installations
900+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.3.4

Severity Score:
Medium

CVE:

2024-11786

The vulnerability has been patched, so you should update to version 1.3.4.

NiceJob

Plugin:

NiceJob

Plugin Slug:
nicejob

Installations
900+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.7.2

Severity Score:
Medium

CVE:

2024-10887

The vulnerability has been patched, so you should update to version 3.7.2.

StreamWeasels YouTube Integration

Plugin:

StreamWeasels YouTube Integration

Plugin Slug:
streamweasels-youtube-integration

Installations
900+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.3.7

Severity Score:
Medium

CVE:

2024-11788

The vulnerability has been patched, so you should update to version 1.3.7.

jAlbum Bridge

Plugin:

jAlbum Bridge

Plugin Slug:
jalbum-bridge

Installations
600+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.0.16

Severity Score:
Medium

CVE:

2024-11853

The vulnerability has been patched, so you should update to version 2.0.16.

AWeber Forms by Optin Cat

Plugin:

AWeber Forms by Optin Cat

Plugin Slug:
aweber-wp

Installations
500+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.5.8

Severity Score:
High

CVE:

2024-11325

The vulnerability has been patched, so you should update to version 2.5.8.

My auctions allegro

Plugin:

My auctions allegro

Plugin Slug:
my-auctions-allegro-free-edition

Installations
500+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.6.18

Severity Score:
High

CVE:

2024-11707

The vulnerability has been patched, so you should update to version 3.6.18.

Namaste! LMS

Plugin:

Namaste! LMS

Plugin Slug:
namaste-lms

Installations
500+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.6.5

Severity Score:
Medium

CVE:

2024-53809

The vulnerability has been patched, so you should update to version 2.6.5.

WP Mailster

Plugin:

WP Mailster

Plugin Slug:
wp-mailster

Installations
400+

Vulnerability:
Broken Access Control

Patched in Version:
1.8.17.0

Severity Score:
Medium

CVE:

2024-53803

The vulnerability has been patched, so you should update to version 1.8.17.0.

WP Mailster

Plugin:

WP Mailster

Plugin Slug:
wp-mailster

Installations
400+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
1.8.17.0

Severity Score:
High

CVE:

2024-53804

The vulnerability has been patched, so you should update to version 1.8.17.0.

WP Mailster

Plugin:

WP Mailster

Plugin Slug:
wp-mailster

Installations
400+

Vulnerability:
Broken Access Control

Patched in Version:
1.8.17.0

Severity Score:
High

CVE:

2024-53805

The vulnerability has been patched, so you should update to version 1.8.17.0.

WP Mailster

Plugin:

WP Mailster

Plugin Slug:
wp-mailster

Installations
400+

Vulnerability:
SQL Injection

Patched in Version:
1.8.17.0

Severity Score:
High

CVE:

2024-53807

The vulnerability has been patched, so you should update to version 1.8.17.0.

Simple User Registration

Plugin:

Simple User Registration

Plugin Slug:
wp-registration

Installations
400+

Vulnerability:
Broken Access Control

Patched in Version:
6.0

Severity Score:
Critical

CVE:

2024-53810

The vulnerability has been patched, so you should update to version 6.0.

Campaign Monitor Forms by Optin Cat

Plugin:

Campaign Monitor Forms by Optin Cat

Plugin Slug:
campaign-monitor-wp

Installations
300+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.5.8

Severity Score:
High

CVE:

2024-11326

The vulnerability has been patched, so you should update to version 2.5.8.

LegalWeb Cloud

Plugin:

LegalWeb Cloud

Plugin Slug:
legalweb-cloud

Installations
300+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.1.3

Severity Score:
Medium

CVE:

2024-11761

The vulnerability has been patched, so you should update to version 1.1.3.

Scratch & Win – Giveaways and Contests. Boost subscribers, traffic, repeat visits, referrals, sales and more

Plugin:

Scratch & Win – Giveaways and Contests. Boost subscribers, traffic, repeat visits, referrals, sales and more

Plugin Slug:
scratch-win-giveaways-for-website-facebook

Installations
300+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.7.0

Severity Score:
Medium

CVE:

2024-11898

The vulnerability has been patched, so you should update to version 2.7.0.

Form Data Collector

Plugin:

Form Data Collector

Plugin Slug:
form-data-collector

Installations
200+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.2.4

Severity Score:
High

CVE:

2024-11461

The vulnerability has been patched, so you should update to version 2.2.4.

HLS Player

Plugin:

HLS Player

Plugin Slug:
hls-player

Installations
200+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.0.11

Severity Score:
Medium

CVE:

2024-11333

The vulnerability has been patched, so you should update to version 1.0.11.

Slotti Ajanvaraus

Plugin:

Slotti Ajanvaraus

Plugin Slug:
slotti-ajanvaraus

Installations
200+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.3.1

Severity Score:
Medium

CVE:

2024-11408

The vulnerability has been patched, so you should update to version 1.3.1.

WP GeoNames

Plugin:

WP GeoNames

Plugin Slug:
wp-geonames

Installations
200+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.9

Severity Score:
High

CVE:

2024-53812

The vulnerability has been patched, so you should update to version 1.9.

FAQ Builder AYS

Plugin:

FAQ Builder AYS

Plugin Slug:
faq-builder-ays

Installations
100+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.7.2

Severity Score:
High

CVE:

2024-11458

The vulnerability has been patched, so you should update to version 1.7.2.

Kudos Donations – Easy donations and payments with Mollie

Plugin:

Kudos Donations – Easy donations and payments with Mollie

Plugin Slug:
kudos-donations

Installations
100+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.3.0

Severity Score:
High

CVE:

2024-11684

The vulnerability has been patched, so you should update to version 3.3.0.

SEO Landing Page Generator

Plugin:

SEO Landing Page Generator

Plugin Slug:
seo-landing-page-generator

Installations
100+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.66.3

Severity Score:
High

CVE:

2024-11366

The vulnerability has been patched, so you should update to version 1.66.3.

Skt NURCaptcha

Plugin:

Skt NURCaptcha

Plugin Slug:
skt-nurcaptcha

Installations
100+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.6.0

Severity Score:
High

CVE:

2024-11342

The vulnerability has been patched, so you should update to version 3.6.0.

Ragic Shortcode

Plugin:

Ragic Shortcode

Plugin Slug:
ragic-shortcode

Installations
90+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.3

Severity Score:
Medium

CVE:

2024-11431

The vulnerability has been patched, so you should update to version 1.3.

Video Lessons Manager – WordPress LMS Plugin

Plugin:

Video Lessons Manager – WordPress LMS Plugin

Plugin Slug:
cm-video-lesson-manager

Installations
70+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.8.3

Severity Score:
High

CVE:

2024-11202

The vulnerability has been patched, so you should update to version 1.8.3.

CM Business Directory Plugin – Business Listing Directory

Plugin:

CM Business Directory Plugin – Business Listing Directory

Plugin Slug:
cm-business-directory

Installations
60+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.4.2

Severity Score:
High

CVE:

2024-11202

The vulnerability has been patched, so you should update to version 1.4.2.

BMLT Tabbed Map

Plugin:

BMLT Tabbed Map

Plugin Slug:
bmlt-tabbed-map

Installations
40+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.2.0

Severity Score:
Medium

CVE:

2024-11866

The vulnerability has been patched, so you should update to version 1.2.0.

Quick License Manager – WooCommerce Plugin

Plugin:

Quick License Manager – WooCommerce Plugin

Plugin Slug:
quick-license-manager

Installations
40+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.4.18

Severity Score:
High

CVE:

2024-11805

The vulnerability has been patched, so you should update to version 2.4.18.

Support SVG – Upload svg files in wordpress without hassle

Plugin:

Support SVG – Upload svg files in wordpress without hassle

Plugin Slug:
support-svg

Installations
30+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.1.1

Severity Score:
Medium

CVE:

2024-11091

The vulnerability has been patched, so you should update to version 1.1.1.

FloristPress – Customize your Woo store for your Florist

Plugin:

FloristPress – Customize your Woo store for your Florist

Plugin Slug:
bakkbone-florist-companion

Installations
10+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
7.4.0

Severity Score:
Medium

CVE:

2024-53799

The vulnerability has been patched, so you should update to version 7.4.0.

FloristPress – Customize your Woo store for your Florist

Plugin:

FloristPress – Customize your Woo store for your Florist

Plugin Slug:
bakkbone-florist-companion

Installations
10+

Vulnerability:
Arbitrary Content Deletion

Patched in Version:
7.4.0

Severity Score:
Medium

CVE:

2024-53798

The vulnerability has been patched, so you should update to version 7.4.0.

CMSMasters Elementor Addon

Plugin:

CMSMasters Elementor Addon

Plugin Slug:
cmsmasters-elementor-addon

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.15.0

Severity Score:
Medium

CVE:

2024-9694

The vulnerability has been patched, so you should update to version 1.15.0.

MP3 Sticky Player

Plugin:

MP3 Sticky Player

Plugin Slug:
fwdmsp

Vulnerability:
Path Traversal

Patched in Version:
8.1

Severity Score:
High

CVE:

2024-10803

The vulnerability has been patched, so you should update to version 8.1.

WPGYM

Plugin:

WPGYM

Plugin Slug:
gym-management

Vulnerability:
Broken Access Control

Patched in Version:
67.2.0

Severity Score:
Critical

CVE:

2024-9941

The vulnerability has been patched, so you should update to version 67.2.0.

Leopard – WordPress offload media

Plugin:

Leopard – WordPress offload media

Plugin Slug:
leopard-wordpress-offload-media

Vulnerability:
Broken Access Control

Patched in Version:
3.1.2

Severity Score:
High

CVE:

2024-10589

The vulnerability has been patched, so you should update to version 3.1.2.

Pie Register Premium

Plugin:

Pie Register Premium

Plugin Slug:
pie-register-premium

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.8.3.3

Severity Score:
High

CVE:

2024-53821

The vulnerability has been patched, so you should update to version 3.8.3.3.

Pie Register Premium

Plugin:

Pie Register Premium

Plugin Slug:
pie-register-premium

Vulnerability:
Arbitrary File Upload

Patched in Version:
3.8.3.3

Severity Score:
Critical

CVE:

2024-53822

The vulnerability has been patched, so you should update to version 3.8.3.3.

Booking & Appointment Plugin for WooCommerce

Plugin:

Booking & Appointment Plugin for WooCommerce

Plugin Slug:
woocommerce-booking

Vulnerability:
Broken Access Control

Patched in Version:
6.10.0

Severity Score:
High

CVE:

2024-10729

The vulnerability has been patched, so you should update to version 6.10.0.

WooCommerce Ultimate Gift Card – Create, Sell and Manage Gift Cards with Customized Email Templates

Plugin:

WooCommerce Ultimate Gift Card – Create, Sell and Manage Gift Cards with Customized Email Templates

Plugin Slug:
woocommerce-ultimate-gift-card

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.9.1

Severity Score:
High

CVE:

2024-53740

The vulnerability has been patched, so you should update to version 2.9.1.

JobSearch

Plugin:

JobSearch

Plugin Slug:
wp-jobsearch

Vulnerability:
Privilege Escalation

Patched in Version:
2.6.8

Severity Score:
Critical

CVE:

2024-11925

The vulnerability has been patched, so you should update to version 2.6.8.

WordPress Themes — 0 Patched / 0 Unpatched

window[“3f2e42f1_2b88_4367_bd2e_7c65d27edaf2”] = {“blockId”:”3f2e42f1-2b88-4367-bd2e-7c65d27edaf2″,”text”:”No new WordPress theme vulnerabilities were disclosed this week.”,”className”:””};

No new WordPress theme vulnerabilities were disclosed this week.

window[“79258f33_e6d6_4523_9bbc_9a0fd71dcb1a”] = {“blockId”:”79258f33-e6d6-4523-9bbc-9a0fd71dcb1a”,”className”:””,”heading”:”Solid Security is part of Solid Suite u2014 The best foundation for WordPress websites.”,”text”:”Every WordPress site needs security, backups, and management tools. Thatu2019s Solid Suite u2014 an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academyu2019s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!”,”buttonText”:”Get Solid Security”,”buttonLink”:”/pricing”,”buttonTarget”:”_self”,”buttonRel”:””};

Solid Security is part of Solid Suite — The best foundation for WordPress websites.

Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!

Get Solid Security

The post WordPress Vulnerability Report — December 4, 2024 appeared first on SolidWP.

Keep reading the article at Blog – SolidWP. The article was originally written by Sarah Zuercher on 2024-12-04 09:47:00.

The article was hand-picked and curated for you by the Editorial Team of WP Archives.

Disclosure: Some of the links in this post are "affiliate links." This means if you click on the link and purchase the product, We may receive an affiliate commission.

Previous Post
Next Post

Related Posts

WordPress Vulnerability Roundup: March , Part 1

WordPress

Customizing WordPress User Roles With Branda

WordPress

20 Best React Dashboard Templates For Killer Applications –

WordPress

Booknetic: WordPress Appointments & Booking –

WordPress

Quickly & Easily Build Popups with WP Popups Pro –

WordPress

How Much Does a Domain Name Really Cost

WordPress

Leave a Comment Cancel Reply
Your email address will not be published. Required fields are marked *
Type here..

Name*

Email*

Website

Save my name, email, and website in this browser for the next time I comment.

Notify me of follow-up comments by email.
Notify me of new posts by email.

Δ

WordPress Vulnerability Report — November 27, 2024
WordPress

In this report, 277 vulnerabilities have been publicly disclosed. Security patches for 156 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 121 plugin and theme vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

Along with poor user account security, vulnerable plugins and themes are among the top reasons why WordPress websites get hacked. Unfortunately, cyberattacks are increasing in volume and sophistication. They’re also increasingly aimed at small to mid-sized businesses.

Table of Contents

1. WordPress Core

2. WordPress Plugins — 153 Patched / 115 Unpatched

2.1
Dynamic “To Top” Plugin

2.2
Meteor Slides

2.3
Weather Atlas Widget

2.4
Premium Packages – Sell Digital Products Securely

2.5
Beds24 Online Booking

2.6
Announcement & Notification Banner – Bulletin

2.7
Yaad Sarig Payment Gateway For WC

2.8
Extensions for Elementor

2.9
Absolute Addons For Elementor

2.10
Generic Elements

2.11
Library Bookshelves

2.12
SuevaFree Essential Kit

2.13
Team Rosters

2.14
Buying Buddy IDX CRM

2.15
Post By Email

2.16
Shopready – Elementor addons for WooCommerce Page Builder

2.17
Subaccounts for WooCommerce

2.18
AI Responsive Gallery Album

2.19
amr shortcodes

2.20
Distance Based Shipping Calculator

2.21
Lazy load videos and sticky control

2.22
LeadBoxer

2.23
LGPD Framework By Data443

2.24
SP Blog Designer

2.25
Tailored Tools

2.26
TM Islamic Helper

2.27
Elementor Portfolio Builder

2.28
AI Quiz | Quiz Maker

2.29
Open edX LMS and WordPress integrator (LITE)

2.30
Geolocator

2.31
Infinite Slider

2.32
WooCommerce Price Alert

2.33
QRMenu Restaurant QR Menu Lite

2.34
WP e-Commerce Style Email

2.35
Office Locator

2.36
Advanced Event Manager

2.37
de:branding

2.38
Fintelligence Calculator

2.39
ITERAS

2.40
Awesome Studio

2.41
HTML5 Lyrics Karaoke Player

2.42
nBlocks – Responsive Gutenberg News Blocks

2.43
Post Ideas

2.44
Ultimate Classified Listings

2.45
Ultimate Classified Listings

2.46
AtaraPay WooCommerce Payment Gateway

2.47
Chameleoni Jobs

2.48
Explara Events

2.49
GoQMieruca

2.50
GoQSmile

2.51
Pathomation

2.52
Pricing table addon for elementor

2.53
YaDisk Files

2.54
YaDisk Files

2.55
Xpresslane Fast Checkout

2.56
Ahmeti Wp Güzel Sözler

2.57
Alphabetical List

2.58
April’s Call Posts

2.59
Banner System

2.60
Contact Form 7 Email Add on

2.61
Contact Page With Google Map

2.62
Continue Shopping From Cart

2.63
Control horas

2.64
Custom Shortcode Sidebars

2.65
Dynamic URL SEO

2.66
Easy Twitter Feed

2.67
F4 Improvements

2.68
Favicon My Blog

2.69
Fence URL

2.70
Footer Flyout Widget

2.71
Google Plus Share and +1 Button

2.72
Grey Owl Lightbox

2.73
Grid View Gallery

2.74
WordPress Brute Force Protection – Stop Brute Force Attacks

2.75
Hotlink2Watermark

2.76
IceStats

2.77
Idealien Category Enhancements

2.78
Image horizontal reel scroll slideshow

2.79
ImbaChat

2.80
iPhone Webclip Manager

2.81
Kevin’s

2.82
LeanPress

2.83
LinkLaunder SEO

2.84
Lock User Account

2.85
Multi Feed Reader

2.86
Social Login

2.87
Community by PeepSo

2.88
Product Designer

2.89
Protect Your Content

2.90
Pure CSS Circle Progress Bar

2.91
Quick Learn

2.92
Quotes llama

2.93
RealtyCandy IDX Broker Extended

2.94
RecipePress Reloaded

2.95
salavat counter

2.96
Crypto and DeFi Widgets

2.97
Shine PDF Embeder

2.98
Simple Travel Map

2.99
Slick Sitemap

2.100
Silverlight Video Player

2.101
Sticky Social Icons

2.102
LSX Tour Operator

2.103
Tribute Testimonials

2.104
Ultimate YouTube Video & Shorts Player With Vimeo

2.105
Ultimate YouTube Video & Shorts Player With Vimeo

2.106
UltraAddons Elementor Lite

2.107
UserPlus

2.108
WPBakery Visual Composer WHMCS Elements

2.109
Wc Recently viewed products

2.110
wp auto top

2.111
WP-ISPConfig 3

2.112
WPDash Notes

2.113
Youneeq Recommendations

2.114
yPHPlista

2.115
Zajax – Ajax Navigation

2.116
WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More

2.117
Rank Math SEO – AI SEO Tools to Dominate SEO Rankings

2.118
Google for WooCommerce

2.119
MailPoet – Newsletters, Email Marketing, and Automation

2.120
Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery

2.121
Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder

2.122
Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder

2.123
Gutenberg Blocks with AI by Kadence WP – Page Builder Features

2.124
Royal Elementor Addons and Templates

2.125
Activity Log – Monitor & Record User Changes

2.126
FluentSMTP – WP SMTP Plugin with Amazon SES, SendGrid, MailGun, Postmark, Google and Any SMTP Provider

2.127
Spam protection, Anti-Spam, FireWall by CleanTalk

2.128
Spam protection, Anti-Spam, FireWall by CleanTalk

2.129
Jeg Elementor Kit

2.130
Jeg Elementor Kit

2.131
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin

2.132
SEO Plugin by Squirrly SEO

2.133
The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce

2.134
HUSKY – Products Filter Professional for WooCommerce

2.135
Hustle – Email Marketing, Lead Generation, Optins, Popups

2.136
Parsi Date

2.137
Tutor LMS – eLearning and online course solution

2.138
Tutor LMS – eLearning and online course solution

2.139
Customer Reviews for WooCommerce

2.140
Clone

2.141
Increase Maximum Upload File Size | Increase Execution Time

2.142
Getwid – Gutenberg Blocks

2.143
FOX – Currency Switcher Professional for WooCommerce

2.144
Booster for WooCommerce

2.145
Booster for WooCommerce

2.146
Ditty – Responsive News Tickers, Sliders, and Lists

2.147
Simple Membership

2.148
Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX

2.149
Security & Malware scan by CleanTalk

2.150
Gallery Blocks with Lightbox. Image Gallery, (HTML5 video , YouTube, Vimeo) Video Gallery and Lightbox for native gallery

2.151
Stratum – Elementor Widgets

2.152
Branda – Branda – White Label & Branding, Custom Login Page Customizer

2.153
MailChimp Forms by MailMunch

2.154
MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar

2.155
Backup and Staging by WP Time Capsule

2.156
404 Solution

2.157
Classified Listing – Classified ads & Business Directory Plugin

2.158
CM Pop-Up Banners for WordPress

2.159
RegistrationMagic – User Registration Plugin with Custom Registration Forms

2.160
GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress

2.161
LA-Studio Element Kit for Elementor

2.162
Restaurant Menu – Food Ordering System – Table Reservation

2.163
Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction

2.164
PublishPress Revisions: Duplicate Posts, Submit, Approve and Schedule Content Changes

2.165
Simple Side Tab

2.166
WooCommerce Product Table Lite

2.167
WP Travel Engine – Tour Booking Plugin – Tour Operator Software

2.168
WP User Manager – User Profile Builder & Membership

2.169
WP User Manager – User Profile Builder & Membership

2.170
Category Ajax Filter

2.171
CM Tooltip Glossary

2.172
GD bbPress Attachments

2.173
If-So Dynamic Content Personalization

2.174
MailMunch – Grow your Email List

2.175
WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts

2.176
Easiest Funnel Builder For WordPress & WooCommerce by WPFunnels

2.177
ProfileGrid – User Profiles, Groups and Communities

2.178
Product Table for WooCommerce by CodeAstrology (wooproducttable.com)

2.179
WPB Popup for Contact Form 7 – Showing The Contact Form 7 Popup on Button Click – CF7 Popup

2.180
Product Input Fields for WooCommerce

2.181
WPAdverts – Classifieds Plugin

2.182
GEO my WP

2.183
Request a Quote for WooCommerce and Elementor – Get a Quote Button – Product Enquiry Form Popup – Product Quotation

2.184
Booking calendar, Appointment Booking System

2.185
Button Block – Get fully customizable & multi-functional buttons

2.186
CM WordPress Search And Replace Plugin

2.187
MStore API – Create Native Android & iOS Apps On The Cloud

2.188
Sp*tify Play Button for WordPress

2.189
Premium Packages – Sell Digital Products Securely

2.190
Add Chat App Button

2.191
Parallax Image

2.192
Additional Order Filters for WooCommerce

2.193
affiliate-toolkit – WP Affiliate Plugin with Amazon

2.194
Email Subscription Popup

2.195
Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blog, Video Gallery)

2.196
Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blog, Video Gallery)

2.197
Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blog, Video Gallery)

2.198
SVG Block

2.199
Theme Builder For Elementor

2.200
Checkout with Cash App on WooCommerce

2.201
What Would Seth Godin Do

2.202
Anonymous Restricted Content

2.203
AppPresser – Mobile App Framework

2.204
Attesa Extra

2.205
BNE Gallery Extended

2.206
Name: CM E-Mail Registration Blacklist

2.207
CM Header & Footer Script Loader – Insert Script Plugin

2.208
Co-marquage service-public.fr

2.209
Enter Addons – Ultimate Template Builder for Elementor

2.210
Friendly Functions for Welcart

2.211
GD Rating System

2.212
InPost Gallery

2.213
JobBoardWP – Job Board Listings and Submissions

2.214
NiceJob

2.215
????? ?? ???? – ???? ?? ????

2.216
Rescue Shortcodes

2.217
Save as PDF Plugin by Pdfcrowd

2.218
Image Optimizer, Resizer and CDN – Sirv

2.219
Bard Extra

2.220
Include Mastodon Feed

2.221
System Dashboard

2.222
System Dashboard

2.223
Taskbuilder – WordPress Project & Task Management plugin

2.224
Payments Plugin and Checkout Plugin for WooCommerce: Stripe, PayPal, Square, Authorize.net

2.225
StreamWeasels Online Status Bar

2.226
Theater for WordPress

2.227
Block Editor Bootstrap Blocks

2.228
Media File Rename, Find Unused File, Add Alt text, Caption, Desc For Image SEO – Media Library Tools

2.229
Memberlite Shortcodes

2.230
Wawp OTP Verification, Order Notifications, and Country Code Selector for WooCommerce

2.231
???? ???

2.232
WP Mailster

2.233
CM Table Of Contents – WordPress TOC Plugin

2.234
CM Table Of Contents – WordPress TOC Plugin

2.235
???? ?????

2.236
Custom CSS, JS & PHP

2.237
FireCask’s Twitter Follow Button

2.238
Dino Game – Embed Google Chrome Dinosaur Game in your website

2.239
Easy Liveblogs

2.240
Opal Woo Custom Product Variation

2.241
Slotti Ajanvaraus

2.242
WIP Incoming Lite

2.243
WP-Orphanage Extended

2.244
Chessgame Shizzle

2.245
Run Contests, Raffles, and Giveaways with ContestsWP

2.246
HIPAA Compliant Forms with Drag’n’Drop HIPAA Form Builder. Sign HIPAA documents

2.247
My Contador lesr

2.248
Skt NURCaptcha

2.249
Ortto

2.250
AutoListicle: Automatically Update Numbered List Articles

2.251
CM Business Directory Plugin – Business Listing Directory

2.252
Video Lessons Manager – WordPress LMS Plugin

2.253
PDF Invoices & Packing Slips Generator for WooCommerce

2.254
Page Parts

2.255
Fediverse Embeds

2.256
WordPress Bootscraper

2.257
Support SVG – Upload svg files in wordpress without hassle

2.258
???????? ??????? ????????? ??????

2.259
Document & Data Automation

2.260
MP3 Sticky Player

2.261
WPGYM

2.262
WPGYM

2.263
Leopard – WordPress offload media

2.264
School Management

2.265
Wishlist for WooCommerce Pro

2.266
Booking & Appointment Plugin for WooCommerce

2.267
WordPress GDPR & CCPA

2.268
WordPress GDPR & CCPA

3. WordPress Themes — 3 Patched / 6 Unpatched

3.1
Grip

3.2
AccessPress Staple

3.3
Jobify – Job Board WordPress Theme

3.4
Jobify – Job Board WordPress Theme

3.5
Jobify – Job Board WordPress Theme

3.6
Jobify – Job Board WordPress Theme

3.7
Ashe

3.8
Bard

3.9
ForumEngine

Our WordPress Vulnerability Report covers the latest emerging WordPress plugin, theme, and core vulnerabilities. Each vulnerability will have a severity rating of Low, Medium, High, or Critical. Responsible disclosure of vulnerabilities is essential to keeping the WordPress community safe. Please share this report to help spread the word and make WordPress — and the web — more secure.

WordPress Core

WordPress 6.7, code-named “Rollins,” is out now, paying tribute to the legendary jazz saxophonist Sonny Rollins. WordPress 6.7 debuts the modern Twenty Twenty-Five theme, offering design flexibility for blogs.

No new core vulnerabilities were disclosed this week.

WordPress Plugins — 153 Patched / 115 Unpatched

Plugin Slug:
dynamic-to-top

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
meteor-slides

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
weather-atlas

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
wpdm-premium-packages

Installations
4,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
beds24-online-booking

Installations
2,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
bulletin-announcements

Installations
2,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
yaad-sarig-payment-gateway-for-wc

Installations
2,000+

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
extensions-for-elementor

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
absolute-addons

Installations
700+

Vulnerability:
Local File Inclusion

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
generic-elements-for-elementor

Installations
600+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
library-bookshelves

Installations
600+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
suevafree-essential-kit

Installations
300+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
team-rosters

Installations
300+

Vulnerability:
PHP Object Injection

Patched in Version:
No Fix

Severity Score:
Critical

Plugin Slug:
buying-buddy-idx-crm

Installations
200+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
post-by-email

Installations
200+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
shopready-elementor-addon

Installations
200+

Vulnerability:
Local File Inclusion

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
subaccounts-for-woocommerce

Installations
200+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
ai-responsive-gallery-album

Installations
100+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
amr-shortcodes

Installations
100+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
distance-based-shipping-calculator

Installations
100+

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
lazy-load-videos-and-sticky-control

Installations
100+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
leadboxer

Installations
100+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
lgpd-framework

Installations
100+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
sp-blog-designer

Installations
100+

Vulnerability:
Local File Inclusion

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
tailored-tools

Installations
100+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
tm-islamic-helper

Installations
100+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
portfolio-builder-elementor

Installations
80+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
ai-quiz

Installations
70+

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
edunext-openedx-integrator

Installations
60+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
geolocator

Installations
50+

Vulnerability:
PHP Object Injection

Patched in Version:
No Fix

Severity Score:
Critical

Plugin Slug:
infinite-slider

Installations
50+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
price-alert-woocommerce

Installations
50+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
qrmenu-lite

Installations
50+

Vulnerability:
PHP Object Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
wp-e-commerce-style-email

Installations
50+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
office-locator

Installations
40+

Vulnerability:
Local File Inclusion

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
advanced-event-manager

Installations
30+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
debranding

Installations
30+

Vulnerability:
Privilege Escalation

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
fintelligence-calculator

Installations
30+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
iteras

Installations
30+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
awesome-studio

Installations
20+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
html5-lyrics-karaoke-player

Installations
20+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
nblocks

Installations
20+

Vulnerability:
Local File Inclusion

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
post-ideas

Installations
20+

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
ultimate-classified-listings

Installations
20+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
ultimate-classified-listings

Installations
20+

Vulnerability:
Local File Inclusion

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
atarapay-woocommerce

Installations
10+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
chameleon-jobs

Installations
10+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
explara-events

Installations
10+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
goqmieruca

Installations
10+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
goqsmile

Installations
10+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
pathomation

Installations
10+

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

Plugin Slug:
pricing-table-addon-for-elementor

Installations
10+

Vulnerability:
Local File Inclusion

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
wp-yadisk-files

Installations
10+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
wp-yadisk-files

Installations
10+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
xpresslane-integration-for-woocommerce

Installations
10+

Vulnerability:
PHP Object Injection

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

Ahmeti Wp Güzel Sözler

Plugin Slug:
ahmeti-wp-guzel-sozler

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Alphabetical List

Plugin Slug:
alphabetical-list

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

April’s Call Posts

Plugin Slug:
aprils-call-posts

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Banner System

Plugin Slug:
banner-system

Vulnerability:
Privilege Escalation

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Contact Form 7 Email Add on

Plugin Slug:
cf7-email-add-on

Vulnerability:
Local File Inclusion

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Contact Page With Google Map

Plugin Slug:
contact-page-with-google-map

Vulnerability:
Arbitrary File Deletion

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Continue Shopping From Cart

Plugin Slug:
continue-shopping-from-cart-page

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Control horas

Plugin Slug:
control-horas

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Custom Shortcode Sidebars

Plugin Slug:
custom-shortcode-sidebars

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Dynamic URL SEO

Plugin Slug:
dynamic-url-seo

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Easy Twitter Feed

Plugin Slug:
easy-twitter-feeds

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

F4 Improvements

Plugin Slug:
f4-improvements

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Favicon My Blog

Plugin Slug:
favicon-my-blog

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Fence URL

Plugin Slug:
fence-url

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Footer Flyout Widget

Plugin Slug:
footer-flyout-widget

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Google Plus Share and +1 Button

Plugin Slug:
google-plus-share-and-plusone-button

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Grey Owl Lightbox

Plugin Slug:
grey-owl-lightbox

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Grid View Gallery

Plugin Slug:
grid-view-gallery

Vulnerability:
PHP Object Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin:

WordPress Brute Force Protection – Stop Brute Force Attacks

Plugin Slug:
guardgiant

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Hotlink2Watermark

Plugin Slug:
hotlink2watermark

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

IceStats

Plugin Slug:
icestats

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Idealien Category Enhancements

Plugin Slug:
idealien-category-enhancements

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Image horizontal reel scroll slideshow

Plugin Slug:
image-horizontal-reel-scroll-slideshow

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

ImbaChat

Plugin Slug:
imbachat-widget

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

iPhone Webclip Manager

Plugin Slug:
iphone-webclip-manager

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Kevin’s

Plugin Slug:
kevins-plugin

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

LeanPress

Plugin Slug:
leanpress

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

LinkLaunder SEO

Plugin Slug:
linklaunder-seo-plugin

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Lock User Account

Plugin Slug:
lock-user-account

Vulnerability:
Broken Authentication

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Multi Feed Reader

Plugin Slug:
multi-feed-reader

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Social Login

Plugin Slug:
oa-social-login

Vulnerability:
Privilege Escalation

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

Community by PeepSo

Plugin Slug:
peepso-core

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Product Designer

Plugin Slug:
product-designer

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Protect Your Content

Plugin Slug:
protect-your-content

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Pure CSS Circle Progress Bar

Plugin Slug:
pure-css-circle-progress-bar

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
quick-learn

Vulnerability:
PHP Object Injection

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

Quotes llama

Plugin Slug:
quotes-llama

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

RealtyCandy IDX Broker Extended

Plugin Slug:
realtycandy-idx-broker-extended

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

RecipePress Reloaded

Plugin Slug:
recipepress-reloaded

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

salavat counter

Plugin Slug:
salavat-counter

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Crypto and DeFi Widgets

Plugin Slug:
security-force

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Shine PDF Embeder

Plugin Slug:
shine-pdf

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Simple Travel Map

Plugin Slug:
simple-travel-map

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Slick Sitemap

Plugin Slug:
slick-sitemap

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Silverlight Video Player

Plugin Slug:
smooth-streaming-player

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Sticky Social Icons

Plugin Slug:
sticky-social-icons

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

LSX Tour Operator

Plugin Slug:
tour-operator

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Tribute Testimonials

Plugin Slug:
tribute-testimonial-gridslider

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Ultimate YouTube Video & Shorts Player With Vimeo

Plugin Slug:
ultimate-youtube-video-player

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Ultimate YouTube Video & Shorts Player With Vimeo

Plugin Slug:
ultimate-youtube-video-player

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

UltraAddons Elementor Lite

Plugin Slug:
ultraaddons-elementor-lite

Vulnerability:
Sensitive Data Exposure

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

UserPlus

Plugin Slug:
userplus

Vulnerability:
Privilege Escalation

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

WPBakery Visual Composer WHMCS Elements

Plugin Slug:
void-visual-whmcs-element

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Wc Recently viewed products

Plugin Slug:
wc-recently-viewed-products

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

wp auto top

Plugin Slug:
wp-auto-top

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

WP-ISPConfig 3

Plugin Slug:
wp-ispconfig3

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

WPDash Notes

Plugin Slug:
wpdash-notes

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Youneeq Recommendations

Plugin Slug:
youneeq-panel

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

yPHPlista

Plugin Slug:
yphplista

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Zajax – Ajax Navigation

Plugin Slug:
zajax-ajax-navigation

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
wpforms-lite

Installations
6,000,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.9.1.6

Severity Score:
Medium

Plugin Slug:
seo-by-rank-math

Installations
3,000,000+

Vulnerability:
Remote Code Execution (RCE)

Patched in Version:
1.0.232

Severity Score:
High

Plugin Slug:
google-listings-and-ads

Installations
900,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
2.8.7

Severity Score:
Medium

Plugin Slug:
mailpoet

Installations
600,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
5.3.2

Severity Score:
Medium

Plugin Slug:
nextgen-gallery

Installations
500,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.59.5

Severity Score:
Medium

Plugin Slug:
formidable

Installations
400,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
6.16.2

Severity Score:
High

Plugin Slug:
formidable

Installations
400,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
6.14.1

Severity Score:
Medium

Plugin Slug:
kadence-blocks

Installations
400,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.3.4

Severity Score:
Medium

Plugin Slug:
royal-elementor-addons

Installations
400,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.7.1002

Severity Score:
Medium

Plugin Slug:
aryo-activity-log

Installations
300,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.11.2

Severity Score:
High

Plugin Slug:
fluent-smtp

Installations
300,000+

Vulnerability:
PHP Object Injection

Patched in Version:
2.2.83

Severity Score:
Critical

Plugin Slug:
cleantalk-spam-protect

Installations
200,000+

Vulnerability:
Broken Authentication

Patched in Version:
6.45

Severity Score:
High

Plugin Slug:
cleantalk-spam-protect

Installations
200,000+

Vulnerability:
Broken Authentication

Patched in Version:
6.44

Severity Score:
Critical

Plugin Slug:
jeg-elementor-kit

Installations
200,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.6.10

Severity Score:
Medium

Plugin Slug:
jeg-elementor-kit

Installations
200,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
2.6.10

Severity Score:
Medium

Plugin Slug:
ultimate-member

Installations
200,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.9.0

Severity Score:
Medium

Plugin Slug:
squirrly-seo

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
12.3.21

Severity Score:
Medium

Plugin Slug:
the-plus-addons-for-elementor-page-builder

Installations
100,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
6.0.4

Severity Score:
Medium

Plugin Slug:
woocommerce-products-filter

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.3.6.4

Severity Score:
High

Plugin Slug:
wordpress-popup

Installations
100,000+

Vulnerability:
Broken Access Control

Patched in Version:
7.8.6

Severity Score:
Medium

Plugin Slug:
wp-parsidate

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
5.1.2

Severity Score:
High

Plugin Slug:
tutor

Installations
90,000+

Vulnerability:
SQL Injection

Patched in Version:
2.7.7

Severity Score:
Critical

Plugin Slug:
tutor

Installations
90,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.7.7

Severity Score:
Medium

Plugin Slug:
customer-reviews-woocommerce

Installations
70,000+

Vulnerability:
Broken Access Control

Patched in Version:
5.62.0

Severity Score:
Medium

Plugin Slug:
wp-clone-by-wp-academy

Installations
70,000+

Vulnerability:
PHP Object Injection

Patched in Version:
2.4.7

Severity Score:
High

Plugin Slug:
wp-maximum-upload-file-size

Installations
70,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
1.1.4

Severity Score:
Medium

Plugin Slug:
getwid

Installations
60,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.0.13

Severity Score:
Medium

Plugin Slug:
woocommerce-currency-switcher

Installations
60,000+

Vulnerability:
Arbitrary Code Execution

Patched in Version:
1.4.2.3

Severity Score:
High

Plugin Slug:
woocommerce-jetpack

Installations
50,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
7.2.4

Severity Score:
Medium

Plugin Slug:
woocommerce-jetpack

Installations
50,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
7.2.4

Severity Score:
High

Plugin Slug:
ditty-news-ticker

Installations
40,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.1.47

Severity Score:
Medium

Plugin Slug:
simple-membership

Installations
40,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
4.5.6

Severity Score:
Medium

Plugin Slug:
ultimate-post

Installations
40,000+

Vulnerability:
Broken Access Control

Patched in Version:
4.1.17

Severity Score:
High

Plugin Slug:
security-malware-firewall

Installations
30,000+

Vulnerability:
SQL Injection

Patched in Version:
2.145.1

Severity Score:
Critical

Plugin Slug:
simply-gallery-block

Installations
30,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.2.4.3

Severity Score:
Medium

Plugin Slug:
stratum

Installations
30,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
1.4.5

Severity Score:
Medium

Plugin Slug:
branda-white-labeling

Installations
20,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.4.22

Severity Score:
High

Plugin Slug:
mailchimp-forms-by-mailmunch

Installations
20,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.2.4

Severity Score:
High

Plugin Slug:
mp3-music-player-by-sonaar

Installations
20,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
5.9

Severity Score:
Medium

Plugin Slug:
wp-time-capsule

Installations
20,000+

Vulnerability:
Arbitrary File Upload

Patched in Version:
1.22.22

Severity Score:
Critical

Plugin Slug:
404-solution

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.35.20

Severity Score:
High

Plugin Slug:
classified-listing

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.1.16

Severity Score:
High

Plugin Slug:
cm-pop-up-banners

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.7.6

Severity Score:
High

Plugin Slug:
custom-registration-form-builder-with-submission-manager

Installations
10,000+

Vulnerability:
Privilege Escalation

Patched in Version:
6.0.2.7

Severity Score:
Critical

Plugin Slug:
gamipress

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
7.1.6

Severity Score:
Medium

Plugin Slug:
lastudio-element-kit

Installations
10,000+

Vulnerability:
Local File Inclusion

Patched in Version:
1.4.3

Severity Score:
High

Plugin Slug:
menu-ordering-reservations

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.4.3

Severity Score:
High

Plugin Slug:
paid-member-subscriptions

Installations
10,000+

Vulnerability:
Arbitrary Code Execution

Patched in Version:
2.13.1

Severity Score:
High

Plugin Slug:
revisionary

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.5.16

Severity Score:
Medium

Plugin Slug:
simple-side-tab

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.2.0

Severity Score:
Medium

Plugin Slug:
wc-product-table-lite

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.8.7

Severity Score:
High

Plugin Slug:
wp-travel-engine

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
6.2.2

Severity Score:
Medium

Plugin Slug:
wp-user-manager

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.9.12

Severity Score:
Medium

Plugin Slug:
wp-user-manager

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.9.12

Severity Score:
Medium

Plugin Slug:
category-ajax-filter

Installations
8,000+

Vulnerability:
Local File Inclusion

Patched in Version:
2.8.3

Severity Score:
High

Plugin Slug:
enhanced-tooltipglossary

Installations
8,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.3.12

Severity Score:
High

Plugin Slug:
gd-bbpress-attachments

Installations
8,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.7.3

Severity Score:
High

Plugin Slug:
if-so

Installations
8,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.9.2.2

Severity Score:
Medium

Plugin Slug:
mailmunch

Installations
8,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.2.0

Severity Score:
High

Plugin Slug:
wedevs-project-manager

Installations
8,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.6.15

Severity Score:
Medium

Plugin Slug:
wpfunnels

Installations
8,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.5.6

Severity Score:
High

Plugin Slug:
profilegrid-user-profiles-groups-and-communities

Installations
7,000+

Vulnerability:
Broken Access Control

Patched in Version:
5.9.3.7

Severity Score:
Medium

Plugin Slug:
woo-product-table

Installations
7,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
3.5.2

Severity Score:
Medium

Plugin Slug:
wpb-popup-for-contact-form-7

Installations
7,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.7.6

Severity Score:
Medium

Plugin Slug:
product-input-fields-for-woocommerce

Installations
6,000+

Vulnerability:
Path Traversal

Patched in Version:
2.0

Severity Score:
Medium

Plugin Slug:
wpadverts

Installations
6,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.1.8

Severity Score:
High

Plugin Slug:
geo-my-wp

Installations
5,000+

Vulnerability:
Arbitrary File Upload

Patched in Version:
4.5

Severity Score:
Critical

Plugin Slug:
get-a-quote-button-for-woocommerce

Installations
5,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.5

Severity Score:
Medium

Plugin Slug:
booking-calendar

Installations
4,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.2.16

Severity Score:
High

Plugin Slug:
button-block

Installations
4,000+

Vulnerability:
Broken Authentication

Patched in Version:
1.1.5

Severity Score:
Medium

Plugin Slug:
cm-on-demand-search-and-replace

Installations
4,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.4.3

Severity Score:
High

Plugin Slug:
mstore-api

Installations
4,000+

Vulnerability:
SQL Injection

Patched in Version:
4.15.8

Severity Score:
High

Plugin Slug:
spotify-play-button-for-wordpress

Installations
4,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.12

Severity Score:
Medium

Plugin Slug:
wpdm-premium-packages

Installations
4,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
5.9.4

Severity Score:
High

Plugin Slug:
add-whatsapp-button

Installations
3,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.1.8

Severity Score:
Medium

Plugin Slug:
parallax-image

Installations
3,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.9.1

Severity Score:
Medium

Plugin Slug:
additional-order-filters-for-woocommerce

Installations
2,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.22

Severity Score:
High

Plugin Slug:
affiliate-toolkit-starter

Installations
2,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.6.8

Severity Score:
High

Plugin Slug:
email-subscribe

Installations
2,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.2.23

Severity Score:
Medium

Plugin Slug:
sky-elementor-addons

Installations
2,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
2.6.2

Severity Score:
Medium

Plugin Slug:
sky-elementor-addons

Installations
2,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.6.3

Severity Score:
High

Plugin Slug:
sky-elementor-addons

Installations
2,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.6.2

Severity Score:
Medium

Plugin Slug:
svg-block

Installations
2,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.1.25

Severity Score:
Medium

Plugin Slug:
theme-builder-for-elementor

Installations
2,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.2.3

Severity Score:
Medium

Plugin Slug:
wc-cashapp

Installations
2,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
6.0.3

Severity Score:
High

Plugin Slug:
what-would-seth-godin-do

Installations
2,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.1.2

Severity Score:
Medium

Plugin Slug:
anonymous-restricted-content

Installations
1,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
1.6.6

Severity Score:
Medium

Plugin Slug:
apppresser

Installations
1,000+

Vulnerability:
Privilege Escalation

Patched in Version:
4.4.7

Severity Score:
Critical

Plugin Slug:
attesa-extra

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.4.3

Severity Score:
Medium

Plugin Slug:
bne-gallery-extended

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.2.2

Severity Score:
Medium

Plugin Slug:
cm-email-blacklist

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.5.4

Severity Score:
High

Plugin Slug:
cm-header-footer-script-loader

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.2.2

Severity Score:
High

Plugin Slug:
co-marquage-service-public

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
0.5.77

Severity Score:
High

Plugin Slug:
enteraddons

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.2.0

Severity Score:
Medium

Plugin Slug:
friendly-functions-for-welcart

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.2.5

Severity Score:
High

Plugin Slug:
gd-rating-system

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.6.2

Severity Score:
Medium

Plugin Slug:
inpost-gallery

Installations
1,000+

Vulnerability:
Arbitrary Code Execution

Patched in Version:
2.1.4.3

Severity Score:
Medium

Plugin Slug:
jobboardwp

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.3.1

Severity Score:
High

Plugin Slug:
nicejob

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.7.2

Severity Score:
Medium

Plugin Slug:
pgall-for-woocommerce

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
5.2.0

Severity Score:
Medium

Plugin Slug:
rescue-shortcodes

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.0

Severity Score:
Medium

Plugin Slug:
save-as-pdf-by-pdfcrowd

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.2.2

Severity Score:
Medium

Plugin Slug:
sirv

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
7.3.1

Severity Score:
High

Plugin Slug:
bard-extra

Installations
900+

Vulnerability:
Broken Access Control

Patched in Version:
1.2.8

Severity Score:
Medium

Plugin Slug:
include-mastodon-feed

Installations
800+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.9.6

Severity Score:
Medium

Plugin Slug:
system-dashboard

Installations
800+

Vulnerability:
Path Traversal

Patched in Version:
2.8.15

Severity Score:
Medium

Plugin Slug:
system-dashboard

Installations
800+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.8.15

Severity Score:
High

Plugin Slug:
taskbuilder

Installations
800+

Vulnerability:
SQL Injection

Patched in Version:
3.0.5

Severity Score:
High

Plugin Slug:
peachpay-for-woocommerce

Installations
700+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.113.0

Severity Score:
High

Plugin Slug:
stream-status-for-twitch

Installations
700+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.1.10

Severity Score:
Medium

Plugin Slug:
theatre

Installations
700+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
0.18.7

Severity Score:
High

Plugin Slug:
block-editor-bootstrap-blocks

Installations
600+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
6.6.2

Severity Score:
High

Plugin Slug:
media-library-tools

Installations
600+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.5.0

Severity Score:
Medium

Plugin Slug:
memberlite-shortcodes

Installations
600+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.4

Severity Score:
Medium

Plugin Slug:
automation-web-platform

Installations
500+

Vulnerability:
Broken Authentication

Patched in Version:
3.0.18

Severity Score:
Critical

Plugin Slug:
mshop-naver-talktalk

Installations
500+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.2.0

Severity Score:
Medium

Plugin Slug:
wp-mailster

Installations
500+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.8.17.0

Severity Score:
Medium

Plugin Slug:
cm-table-of-content

Installations
400+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.2.4

Severity Score:
High

Plugin Slug:
cm-table-of-content

Installations
400+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.2.3

Severity Score:
Medium

Plugin Slug:
mshop-npay

Installations
400+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.4.0

Severity Score:
Medium

Plugin Slug:
custom-css

Installations
300+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.4.0

Severity Score:
High

Plugin Slug:
twitter-follow

Installations
300+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
0.3

Severity Score:
Medium

Plugin Slug:
dino-game

Installations
200+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.2.0

Severity Score:
Medium

Plugin Slug:
easy-liveblogs

Installations
200+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.3.6

Severity Score:
Medium

Plugin Slug:
opal-woo-custom-product-variation

Installations
200+

Vulnerability:
Arbitrary File Deletion

Patched in Version:
1.1.4

Severity Score:
High

Plugin Slug:
slotti-ajanvaraus

Installations
200+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.3.1

Severity Score:
Medium

Plugin Slug:
wip-incoming-lite

Installations
200+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.1.2

Severity Score:
High

Plugin Slug:
wp-orphanage-extended

Installations
200+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.3

Severity Score:
Critical

Plugin Slug:
chessgame-shizzle

Installations
100+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.3.1

Severity Score:
High

Plugin Slug:
contest-code-checker

Installations
100+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.0.4

Severity Score:
High

Plugin Slug:
hipaatizer

Installations
100+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.3.5

Severity Score:
Medium

Plugin Slug:
my-contador-wp

Installations
100+

Vulnerability:
Broken Access Control

Patched in Version:
2.1

Severity Score:
Medium

Plugin Slug:
skt-nurcaptcha

Installations
100+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.6.0

Severity Score:
High

Plugin Slug:
autopilot

Installations
90+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.0.21

Severity Score:
High

Plugin Slug:
autolisticle-automatically-update-numbered-list-articles

Installations
70+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.2.4

Severity Score:
Medium

Plugin Slug:
cm-business-directory

Installations
70+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.4.2

Severity Score:
High

Plugin Slug:
cm-video-lesson-manager

Installations
70+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.8.3

Severity Score:
High

Plugin Slug:
pdf-invoicing-for-woocommerce

Installations
70+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.2.2

Severity Score:
High

Plugin Slug:
page-parts

Installations
60+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.4.4

Severity Score:
High

Plugin Slug:
fediverse-embeds

Installations
40+

Vulnerability:
Arbitrary File Upload

Patched in Version:
1.5.4

Severity Score:
Critical

Plugin Slug:
wp-bootscraper

Installations
40+

Vulnerability:
Local File Inclusion

Patched in Version:
4.0.0

Severity Score:
High

Plugin Slug:
support-svg

Installations
30+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.1.1

Severity Score:
Medium

Plugin Slug:
express-pay

Installations
20+

Vulnerability:
SQL Injection

Patched in Version:
1.1.9

Severity Score:
Critical

Plugin:

Document & Data Automation

Plugin Slug:
document-data-automation

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.6.2

Severity Score:
High

Plugin:

MP3 Sticky Player

Plugin Slug:
fwdmsp

Vulnerability:
Path Traversal

Patched in Version:
8.1

Severity Score:
High

Plugin:

WPGYM

Plugin Slug:
gym-management

Vulnerability:
Broken Access Control

Patched in Version:
67.2.0

Severity Score:
Critical

Plugin:

WPGYM

Plugin Slug:
gym-management

Vulnerability:
Arbitrary File Upload

Patched in Version:
67.2.0

Severity Score:
Critical

Plugin:

Leopard – WordPress offload media

Plugin Slug:
leopard-wordpress-offload-media

Vulnerability:
Broken Access Control

Patched in Version:
3.1.2

Severity Score:
High

Plugin:

School Management

Plugin Slug:
school-management

Vulnerability:
Arbitrary File Upload

Patched in Version:
92.0.0

Severity Score:
Critical

Plugin:

Wishlist for WooCommerce Pro

Plugin Slug:
wish-list-for-woocommerce-pro

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.1.3

Severity Score:
High

Plugin:

Booking & Appointment Plugin for WooCommerce

Plugin Slug:
woocommerce-booking

Vulnerability:
Broken Access Control

Patched in Version:
6.10.0

Severity Score:
High

Plugin:

WordPress GDPR & CCPA

Plugin Slug:
wordpress-gdpr

Vulnerability:
Broken Access Control

Patched in Version:
2.0.3

Severity Score:
Medium

Plugin:

WordPress GDPR & CCPA

Plugin Slug:
wordpress-gdpr

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.0.3

Severity Score:
High

WordPress Themes — 3 Patched / 6 Unpatched

Theme Slug:
grip

Downloads
27,482

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

Theme:

AccessPress Staple

Theme Slug:
accesspress-staple

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

Theme:

Jobify – Job Board WordPress Theme

Theme Slug:
jobify

Vulnerability:
Arbitrary File Download

Patched in Version:
No Fix

Severity Score:
High

Theme:

Jobify – Job Board WordPress Theme

Theme Slug:
jobify

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Theme:

Jobify – Job Board WordPress Theme

Theme Slug:
jobify

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Theme:

Jobify – Job Board WordPress Theme

Theme Slug:
jobify

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Theme Slug:
ashe

Downloads
2,043,009

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.244

Severity Score:
High

Theme Slug:
bard

Downloads
939,343

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.217

Severity Score:
High

Theme:

ForumEngine

Theme Slug:
forumengine

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.9

Severity Score:
High

Solid Security is part of Solid Suite — The best foundation for WordPress websites.

Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!

Get Solid Security

Keep reading the article at Blog – SolidWP. The article was originally written by Sarah Zuercher on 2024-11-27 11:59:00.

The article was hand-picked and curated for you by the Editorial Team of WP Archives.

Disclosure: Some of the links in this post are "affiliate links." This means if you click on the link and purchase the product, We may receive an affiliate commission.

Previous Post
Next Post

Related Posts

WordPress Vulnerability Roundup: March , Part 1

WordPress

Customizing WordPress User Roles With Branda

WordPress

20 Best React Dashboard Templates For Killer Applications –

WordPress

Booknetic: WordPress Appointments & Booking –

WordPress

Quickly & Easily Build Popups with WP Popups Pro –

WordPress

How Much Does a Domain Name Really Cost

WordPress

Leave a Comment Cancel Reply
Your email address will not be published. Required fields are marked *
Type here..

Name*

Email*

Website

Save my name, email, and website in this browser for the next time I comment.

Notify me of follow-up comments by email.
Notify me of new posts by email.

Δ

WordPress Vulnerability Report — December 11, 2024
WordPress

In this report, 231 vulnerabilities have been publicly disclosed. Security patches for 134 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 97 plugin and theme vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

window[“8adaf693_ce8a_4824_b682_b4b8390f4df7”] = {“blockId”:”8adaf693-ce8a-4824-b682-b4b8390f4df7″,”type”:”warning”,”content”:”

Along with poor user account security, vulnerable plugins and themes are among the top reasons why WordPress websites get hacked. Unfortunately, cyberattacks are increasing in volume and sophistication. They’re also increasingly aimed at small to mid-sized businesses.”,”className”:””};

Along with poor user account security, vulnerable plugins and themes are among the top reasons why WordPress websites get hacked. Unfortunately, cyberattacks are increasing in volume and sophistication. They’re also increasingly aimed at small to mid-sized businesses.

window[“5ae4c661_bb98_4654_994c_911b7c959dc7”] = {“blockId”:”5ae4c661-bb98-4654-994c-911b7c959dc7″,”className”:””,”isOpen”:true};

Table of Contents

1. WordPress Core

2. WordPress Plugins — 156 Patched / 179 Unpatched

2.1
WP Mega Menu

2.2
WPCargo Track & Trace

2.3
Awesome Support – WordPress HelpDesk & Support Plugin

2.4
Axeptio – Cookie Banner – GDPR Consent & Compliance with a friendly touch

2.5
Radio Player – Live Shoutcast, Icecast and Any Audio Stream Player for WordPress

2.6
EazyDocs – Most Powerful Knowledge base, wiki, Documentation Builder Plugin

2.7
News Ticker for Elementor

2.8
WP Menu Image

2.9
Smaily for WP

2.10
SQL Chart Builder

2.11
Job Board Manager

2.12
SIP Calculator

2.13
LDD Directory Lite

2.14
The Permalinker

2.15
Nias course | ???? ??? ????

2.16
Role Includer

2.17
Radius Blocks – WordPress Gutenberg Blocks

2.18
WordPress HelpDesk & Support Ticket System Plugin – Octrace Support

2.19
WP Cookies Enabler

2.20
Advanced Blog Post Block

2.21
Poll, Poll Forms – WordPress Poll plugin by Poll Builder

2.22
Woocommerce Blocks – Woolook

2.23
WP-NERD Toolkit

2.24
3D Avatar User Profile

2.25
Add image to Post

2.26
Advance Menu Manager

2.27
Advanced Data Table For Elementor

2.28
Advanced Fancybox

2.29
Advanced What should we write next about

2.30
AI Post Generator | AutoWriter

2.31
Zita Site Builder

2.32
Amazon Product Price

2.33
Animated Counters

2.34
Aphorismus

2.35
AppMaps

2.36
Appsplate

2.37
Arabic Webfonts

2.38
Arena.IM – Live Blogging for real-time events

2.39
Arena.IM – Live Blogging for real-time events

2.40
Firebase OTP Authentication

2.41
Banner System

2.42
Bet sport Free

2.43
Better WP Login Page

2.44
Bootstrap Buttons

2.45
Buk

2.46
Caldera SMTP Mailer

2.47
Mollie for Contact Form 7

2.48
??????

2.49
CK and SyntaxHighlighter

2.50
Code Generator Pro

2.51
Comments On Feed

2.52
Companion Portfolio

2.53
Connatix Video Embed

2.54
CoSchool LMS

2.55
Crafthemes Demo Import

2.56
Cricket Live Score

2.57
Critical Site Intel

2.58
CRUDLab Google Plus Button

2.59
CSV to html

2.60
Custom Skins Contact Form 7

2.61
Ultimate Endpoints With Rest Api

2.62
Mimoos

2.63
Display Future Posts

2.64
Dr Affiliate

2.65
DTC Documents

2.66
Easy Site Importer

2.67
ECT Product Carousel

2.68
ECT Social Share

2.69
EELV Newsletter

2.70
Mandrill WP

2.71
eTemplates

2.72
Evernote Sync

2.73
Feedpress Generator

2.74
Flaming Forms

2.75
Flash News / Post (Responsive)

2.76
Floating Video Player

2.77
Gaxx Keywords

2.78
Geoportail Shortcode

2.79
Get Post Content Shortcode

2.80
GitSync

2.81
glomex oEmbed

2.82
Go Animate

2.83
Grid Plus

2.84
Gutensee

2.85
Opt-In Downloads

2.86
Hello In All Languages

2.87
Horizontal scroll image slideshow

2.88
HostFact bestelformulier integratie

2.89
HQ Rental Software

2.90
IDer Login

2.91
Image Mapper

2.92
Increase Sociability

2.93
Insertify

2.94
Instant Appointment

2.95
jCarousel

2.96
Jet Footer Code

2.97
KH Easy User Settings

2.98
Kredeum NFTs

2.99
kvCORE IDX

2.100
LaunchPage.app Importer

2.101
Leader

2.102
LeaderBoard Plugin

2.103
Library Management System

2.104
Like in Vk.com

2.105
Category of Posts

2.106
ListApp Mobile Manager

2.107
LionScripts: Site Maintenance & Noindex Nofollow Plugin

2.108
MDC Comment Toolbar

2.109
Metrika

2.110
Minterpress

2.111
Multiple Admin Emails

2.112
My IDX Home Search

2.113
addWeather

2.114
Nabz Image Gallery

2.115
Navayan CSV Export

2.116
Newsletter Subscriptions

2.117
Onlywire Multi Autosubmitter

2.118
Order Delivery & Pickup Location Date Time

2.119
phZoom

2.120
PixProof

2.121
Popup Surveys & Polls for WordPress (Mare.io)

2.122
Portfolio – Filterable Masonry Portfolio Gallery for Professionals

2.123
Post Carousel & Slider

2.124
Posts and Products Views for WooCommerce

2.125
Posts Date Ranges

2.126
PowerFormBuilder

2.127
Push Monkey Pro – Web Push Notifications and WooCommerce Abandoned Cart

2.128
Quietly Insights

2.129
Share Buttons – Social Media

2.130
Saksh Escrow System

2.131
Saoshyant Element

2.132
SeedProd Pro

2.133
SeedProd Pro

2.134
SeedProd Pro

2.135
Service

2.136
Sign In With Google

2.137
Simple Booking Widget

2.138
Slope Widgets

2.139
Social Media Sharing

2.140
SOPA Blackout

2.141
WP Simple Pay Lite Manager

2.142
Surbma | SalesAutopilot Shortcode

2.143
SVG Shortcode

2.144
TagGator

2.145
TCBD Popover

2.146
Tidy Up

2.147
TPG Get Posts

2.148
TSB Occasion Editor

2.149
Ui Slider Filter By Price

2.150
Utech World Time

2.151
vBSSO-lite

2.152
Visual Recent Posts

2.153
Visualmodo Elements

2.154
Website Toolbox Community

2.155
WooCommerce Cart Count Shortcode

2.156
WooCommerce Basic Ordernumbers

2.157
WordPress Filter

2.158
Wovax IDX

2.159
WP-Ban-User

2.160
WP Fiddle

2.161
WP Flipkart Importer

2.162
WP-HideThat

2.163
Wp Login with Ajax

2.164
WP Controller

2.165
Wp NssUser Register

2.166
Wp photo text slider 50

2.167
WP Service Payment Form With Authorize.net

2.168
Tithe.ly Giving Button

2.169
WP?????

2.170
WPBookit

2.171
Admin Customization

2.172
Wr Age Verification

2.173
Wr Age Verification

2.174
XML Multilanguage Sitemap Generator

2.175
XPD Reduce Image Filesize

2.176
YDS Support Ticket System

2.177
States Map US

2.178
YooBar

2.179
Youtube Video Grid

2.180
WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More

2.181
MainWP Child – Securely Connects to the MainWP Dashboard to Manage Multiple Sites

2.182
Ninja Forms – The Contact Form Builder That Grows With You

2.183
The Events Calendar

2.184
User Role Editor

2.185
Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder

2.186
Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder

2.187
SiteOrigin Widgets Bundle

2.188
Gutenberg Blocks with AI by Kadence WP – Page Builder Features

2.189
Members – Membership & User Role Editor Plugin

2.190
Popup Builder – Create highly converting, mobile friendly marketing popups.

2.191
Unlimited Elements For Elementor (Free Widgets, Addons, Templates)

2.192
Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress

2.193
Beaver Builder – WordPress Page Builder

2.194
Image Widget

2.195
LuckyWP Table of Contents

2.196
Web Stories

2.197
LearnPress – WordPress LMS Plugin

2.198
LearnPress – WordPress LMS Plugin

2.199
AI Engine

2.200
Ajax Search Lite – Live Search & Filter

2.201
Bold Page Builder

2.202
Calculated Fields Form

2.203
Easy Digital Downloads – eCommerce Payments and Subscriptions made easy

2.204
Ultimate Blocks – WordPress Blocks Plugin

2.205
Greenshift – animation and page builder blocks

2.206
?????? ????? ??????? Persian WooCommerce SMS

2.207
FULL – Cliente

2.208
NotificationX – Live Sales Notification, WooCommerce Sales Popup, FOMO, Social Proof, Announcement Banner & Floating Notification Top Bar

2.209
PPWP – Password Protect Pages

2.210
New User Approve

2.211
Rate My Post – Star Rating Plugin by FeedbackWP

2.212
Minify HTML

2.213
s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions

2.214
Simple Side Tab

2.215
Essential Real Estate

2.216
Cookie Consent, Consent Log, Cookie Scanner, Script Blocker (for GDPR, CCPA & ePrivacy) : WP Cookie Consent

2.217
MyParcel

2.218
Events Addon for Elementor

2.219
PowerPack Lite for Beaver Builder

2.220
Primary Addon for Elementor

2.221
Notibar – Notification Bar for WordPress

2.222
Notibar – Notification Bar for WordPress

2.223
Vimeography: Vimeo Video Gallery WordPress Plugin

2.224
OAuth Single Sign On – SSO (OAuth Client)

2.225
Coupon Affiliates – Affiliate Plugin for WooCommerce

2.226
WPMobile.App — Android and iOS Mobile Application

2.227
ElementsReady Addons for Elementor

2.228
EventPrime – Events Calendar, Bookings and Tickets

2.229
GEO my WP

2.230
MStore API – Create Native Android & iOS Apps On The Cloud

2.231
WP Crowdfunding

2.232
WP Crowdfunding

2.233
Hash Form – Drag & Drop Form Builder

2.234
Cognito Forms

2.235
Falcon – WordPress Optimizations & Tweaks

2.236
Online Booking & Scheduling Calendar for WordPress by vcita

2.237
Active Products Tables for WooCommerce. Use constructor to create tables

2.238
Responsive Filterable Portfolio

2.239
Restaurant & Cafe Addon for Elementor

2.240
Restrict – membership, site, content and user access restrictions for WordPress

2.241
Simple Link Directory

2.242
WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin

2.243
360 Javascript Viewer

2.244
Barcode Scanner and Inventory manager. POS (Point of Sale) – scan barcodes & create orders with barcode reader.

2.245
FormFacade – WordPress plugin for Google Forms

2.246
ForumWP – Forum & Discussion Board

2.247
ImageRecycle pdf & image compression

2.248
Memberful – Membership Plugin

2.249
Posti Shipping

2.250
Simple Restrict

2.251
RapidLoad – Optimize Web Vitals Automatically

2.252
NiceJob

2.253
Property Hive Mortgage Calculator

2.254
Property Hive Stamp Duty Calculator

2.255
WPC Order Notes for WooCommerce

2.256
Quran multilanguage Text & Audio

2.257
Waymark

2.258
WP Pipes

2.259
AR for WordPress

2.260
Car Dealer (Dealership) and Vehicle sales

2.261
Device Detector

2.262
Last Viewed Posts by WPBeginner

2.263
Out of the Block: OpenStreetMap

2.264
AIcomments – ??????????? ? ?????? ChatGPT

2.265
CM Answers – Powerful WordPress Forum Plugin

2.266
Cryptocurrency Price Widget

2.267
iChart – Easy Charts and Graphs

2.268
Mark New Posts

2.269
WP Email Log – PostBox

2.270
Spreadr Woocommerce Plugin – Amazon Importer for Dropshipping and Affiliate

2.271
Spreadr Woocommerce Plugin – Amazon Importer for Dropshipping and Affiliate

2.272
Themify Store Locator

2.273
WooCommerce Additional Fees On Checkout (Free)

2.274
Gutenberg Blocks and Page Layouts – Attire Blocks

2.275
Projectopia – WordPress Project Management

2.276
Payment Gateway Per Product for WooCommerce

2.277
Check Pincode For Woocommerce

2.278
Currency Converter Widget ? PRO

2.279
NewsmanApp

2.280
Print Science Designer

2.281
Stop Registration Spam

2.282
WP BASE Booking of Appointments, Services and Events

2.283
WP Mailster

2.284
AutoWP – AI Content Writer & Rewriter

2.285
Booking System Trafft

2.286
dejure.org Vernetzungsfunktion

2.287
Email Reminders

2.288
J&T Express Malaysia

2.289
Revi.io – Customer & Products Reviews

2.290
WordPress Post Grid Layouts with Pagination – Sogrid

2.291
WordPress Post Grid Layouts with Pagination – Sogrid

2.292
Staggs – Product Configurator Toolkit

2.293
Lifetime free Drag & Drop Contact Form Builder for WordPress VForm

2.294
Video & Photo Gallery for Ultimate Member

2.295
Gou Manage My Account Menu – User Roles

2.296
ICDSoft Reseller Store

2.297
Ksher

2.298
Media Downloader

2.299
CRM Perks – WordPress HelpDesk Integration – Zendesk, Freshdesk, HelpScout

2.300
Invoice Payment for WooCommerce

2.301
Seraphinite Bulk Discounts for WooCommerce

2.302
Hurrakify

2.303
SMS for WooCommerce

2.304
Hive Support | AI-Powered Help Desk, Live Chat & AI Chat Bot Plugin for WordPress

2.305
Hive Support | AI-Powered Help Desk, Live Chat & AI Chat Bot Plugin for WordPress

2.306
AIKCT Engine Chatbot, ChatGPT, Gemini, GPT-4o Best AI Chatbot

2.307
LabelGrid Tools

2.308
Simple Payment

2.309
CarDealerPress

2.310
CE21 Suite

2.311
EduAdmin Booking

2.312
Hack-Info

2.313
FloristPress – Customize your Woo store for your Florist

2.314
CleverNode Related Content

2.315
Connect Contact Form 7 to Constant Contact V3

2.316
Fancy Roller Scroller

2.317
I Plant A Tree

2.318
ImmoToolBox Connect

2.319
Newsletter, Email Marketing, Email Subscriber – Mail Picker

2.320
Simple Presenter

2.321
SMSify

2.322
UNIVERSAM

2.323
WP Currency Exchange Rates

2.324
WP Quick Shop

2.325
DX Dark Site

2.326
FooGallery Premium

2.327
GeoFlickr

2.328
Hello Event Widgets For Elementor

2.329
WP SuperBackup

2.330
Kundgenerator

2.331
Quran Phrases About Most People Shortcodes

2.332
Responsive Google Maps | by imbaa

2.333
Termin-Kalender

2.334
WooCommerce PDF Vouchers

2.335
WP All Import Pro

3. WordPress Themes — 8 Patched / 2 Unpatched

3.1
Olivia

3.2
Zerif Lite

3.3
Barter

3.4
Bicycleshop

3.5
Brand

3.6
hmd

3.7
Plain Post

3.8
Avada

3.9
Woffice

3.10
WoodMart

window[“ed3338e2_9837_4a5f_8863_6cb34907bb1b”] = {“blockId”:”ed3338e2-9837-4a5f-8863-6cb34907bb1b”,”type”:”notice”,”content”:”

Our WordPress Vulnerability Reportu00a0covers the latest emerging WordPress plugin, theme, and core vulnerabilities. Each vulnerability will have a severity rating ofu00a0Low,u00a0Medium,u00a0High, oru00a0Critical. Responsible disclosure of vulnerabilities is essential to keeping the WordPress community safe. Please share this report to help spread the word and make WordPress u2014 and the web u2014 more secure.”,”className”:””};

Our WordPress Vulnerability Report covers the latest emerging WordPress plugin, theme, and core vulnerabilities. Each vulnerability will have a severity rating of Low, Medium, High, or Critical. Responsible disclosure of vulnerabilities is essential to keeping the WordPress community safe. Please share this report to help spread the word and make WordPress — and the web — more secure.

WordPress Core

WordPress 6.7.1 is available! This minor release features 16 bug fixes throughout Core and the Block Editor.

window[“f9d8667e_1be8_4596_a96c_488ad6b6a29d”] = {“blockId”:”f9d8667e-1be8-4596-a96c-488ad6b6a29d”,”text”:”No new core vulnerabilities were disclosed this week.”,”className”:””};

No new core vulnerabilities were disclosed this week.

WordPress Plugins — 128 Patched / 94 Unpatched

140+ Widgets | Xpro Addons For Elementor – FREE

Plugin:

140+ Widgets | Xpro Addons For Elementor – FREE

Plugin Slug:
xpro-elementor-addons

Installations
20,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-54253

The vulnerability has not been patched. You should deactivate the plugin.

s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions

Plugin:

s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions

Plugin Slug:
s2member

Installations
10,000+

Vulnerability:
Remote Code Execution (RCE)

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-51815

The vulnerability has not been patched. You should deactivate the plugin.

Login Widget With Shortcode

Plugin:

Login Widget With Shortcode

Plugin Slug:
login-sidebar-widget

Installations
8,000+

Vulnerability:
Open Redirection

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-54255

The vulnerability has not been patched. You should deactivate the plugin.

WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts

Plugin:

WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts

Plugin Slug:
wedevs-project-manager

Installations
8,000+

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-12015

The vulnerability has not been patched. You should deactivate the plugin.

Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg

Plugin:

Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg

Plugin Slug:
borderless

Installations
7,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-54211

The vulnerability has not been patched. You should deactivate the plugin.

Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library )

Plugin:

Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library )

Plugin Slug:
magical-addons-for-elementor

Installations
5,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-54212

The vulnerability has not been patched. You should deactivate the plugin.

Pinpoint Booking System – #1 WordPress Booking Plugin

Plugin:

Pinpoint Booking System – #1 WordPress Booking Plugin

Plugin Slug:
booking-system

Installations
4,000+

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-54252

The vulnerability has not been patched. You should deactivate the plugin.

Minimum and Maximum Quantity for WooCommerce

Plugin:

Minimum and Maximum Quantity for WooCommerce

Plugin Slug:
min-and-max-quantity-for-woocommerce

Installations
3,000+

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-54227

The vulnerability has not been patched. You should deactivate the plugin.

Message Filter for Contact Form 7

Plugin:

Message Filter for Contact Form 7

Plugin Slug:
cf7-message-filter

Installations
2,000+

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-12027

The vulnerability has not been patched. You should deactivate the plugin.

News Kit Elementor Addons

Plugin:

News Kit Elementor Addons

Plugin Slug:
news-kit-elementor-addons

Installations
2,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-54260

The vulnerability has not been patched. You should deactivate the plugin.

WordPress Page Builder – Zion Builder

Plugin:

WordPress Page Builder – Zion Builder

Plugin Slug:
zionbuilder

Installations
2,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-54213

The vulnerability has not been patched. You should deactivate the plugin.

ForumWP – Forum & Discussion Board

Plugin:

ForumWP – Forum & Discussion Board

Plugin Slug:
forumwp

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-10879

The vulnerability has not been patched. You should deactivate the plugin.

Friends

Plugin:

Friends

Plugin Slug:
friends

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-12028

The vulnerability has not been patched. You should deactivate the plugin.

DELUCKS SEO

Plugin:

DELUCKS SEO

Plugin Slug:
delucks-seo

Installations
600+

Vulnerability:
Arbitrary File Download

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-54259

The vulnerability has not been patched. You should deactivate the plugin.

RRAddons for Elementor

Plugin:

RRAddons for Elementor

Plugin Slug:
rrdevs-for-elementor

Installations
300+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-54232

The vulnerability has not been patched. You should deactivate the plugin.

Import Export For WooCommerce

Plugin:

Import Export For WooCommerce

Plugin Slug:
import-export-for-woocommerce

Installations
200+

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-54262

The vulnerability has not been patched. You should deactivate the plugin.

Shiptimize for WooCommerce

Plugin:

Shiptimize for WooCommerce

Plugin Slug:
shiptimize-for-woocommerce

Installations
200+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-54235

The vulnerability has not been patched. You should deactivate the plugin.

Limit Login Attempts (Spam Protection)

Plugin:

Limit Login Attempts (Spam Protection)

Plugin Slug:
wp-limit-failed-login-attempts

Installations
200+

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-54234

The vulnerability has not been patched. You should deactivate the plugin.

Comfino Payment Gateway

Plugin:

Comfino Payment Gateway

Plugin Slug:
comfino-payment-gateway

Installations
100+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-11329

The vulnerability has not been patched. You should deactivate the plugin.

Designer – Addons for Elementor

Plugin:

Designer – Addons for Elementor

Plugin Slug:
designer

Installations
100+

Vulnerability:
Local File Inclusion

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-54225

The vulnerability has not been patched. You should deactivate the plugin.

Prodigy Commerce

Plugin:

Prodigy Commerce

Plugin Slug:
prodigy-commerce

Installations
100+

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-54251

The vulnerability has not been patched. You should deactivate the plugin.

Clients

Plugin:

Clients

Plugin Slug:
clients

Installations
80+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-54245

The vulnerability has not been patched. You should deactivate the plugin.

Elite Notification – Sales Popup, Social Proof, FOMO & WooCommerce Notification

Plugin:

Elite Notification – Sales Popup, Social Proof, FOMO & WooCommerce Notification

Plugin Slug:
elite-notification

Installations
70+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-54241

The vulnerability has not been patched. You should deactivate the plugin.

Simple Notification

Plugin:

Simple Notification

Plugin Slug:
simple-notification

Installations
50+

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-54242

The vulnerability has not been patched. You should deactivate the plugin.

Ni WooCommerce Order Export

Plugin:

Ni WooCommerce Order Export

Plugin Slug:
ni-woocommerce-order-export

Installations
40+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-54231

The vulnerability has not been patched. You should deactivate the plugin.

Awesome Shortcodes

Plugin:

Awesome Shortcodes

Plugin Slug:
awesome-shortcodes

Installations
10+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-54209

The vulnerability has not been patched. You should deactivate the plugin.

Blaze Online eParcel for WooCommerce

Plugin:

Blaze Online eParcel for WooCommerce

Plugin Slug:
blaze-online-eparcel-for-woocommerce

Installations
10+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-54240

The vulnerability has not been patched. You should deactivate the plugin.

Board Document Manager from CHUHPL

Plugin:

Board Document Manager from CHUHPL

Plugin Slug:
board-document-manager-from-chuhpl

Installations
10+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-54238

The vulnerability has not been patched. You should deactivate the plugin.

Easy Replace

Plugin:

Easy Replace

Plugin Slug:
easy-replace

Installations
10+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-54244

The vulnerability has not been patched. You should deactivate the plugin.

Ni CRM Lead

Plugin:

Ni CRM Lead

Plugin Slug:
ni-crm-lead

Installations
10+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-54237

The vulnerability has not been patched. You should deactivate the plugin.

Ni CRM Lead

Plugin:

Ni CRM Lead

Plugin Slug:
ni-crm-lead

Installations
10+

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-54258

The vulnerability has not been patched. You should deactivate the plugin.

Ni WooCommerce Bulk Product Editor

Plugin:

Ni WooCommerce Bulk Product Editor

Plugin Slug:
ni-woocommerce-product-editor

Installations
10+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-54236

The vulnerability has not been patched. You should deactivate the plugin.

TAX SERVICE Electronic HDM

Plugin:

TAX SERVICE Electronic HDM

Plugin Slug:
virtual-hdm-for-taxservice-am

Installations
10+

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-54261

The vulnerability has not been patched. You should deactivate the plugin.

ABCBiz Addons and Templates for Elementor

Plugin:

ABCBiz Addons and Templates for Elementor

Plugin Slug:
abcbiz-addons

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-54247

The vulnerability has not been patched. You should deactivate the plugin.

Advanced Control Manager for WordPress by ItalyStrap

Plugin:

Advanced Control Manager for WordPress by ItalyStrap

Plugin Slug:
advanced-control-manager

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-54233

The vulnerability has not been patched. You should deactivate the plugin.

Advanced Options Editor

Plugin:

Advanced Options Editor

Plugin Slug:
advanced-options-editor

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-54249

The vulnerability has not been patched. You should deactivate the plugin.

AI Quiz

Plugin:

AI Quiz

Plugin Slug:
ai-quiz

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-11323

The vulnerability has not been patched. You should deactivate the plugin.

AIO Contact

Plugin:

AIO Contact

Plugin Slug:
aio-contact

Vulnerability:
Settings Change

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-54218

The vulnerability has not been patched. You should deactivate the plugin.

AIO Contact

Plugin:

AIO Contact

Plugin Slug:
aio-contact

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-54219

The vulnerability has not been patched. You should deactivate the plugin.

Pulsating Chat Button

Plugin:

Pulsating Chat Button

Plugin Slug:
amin-chat-button

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-11813

The vulnerability has not been patched. You should deactivate the plugin.

ARForms

Plugin:

ARForms

Plugin Slug:
arforms

Vulnerability:
Path Traversal

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-54216

The vulnerability has not been patched. You should deactivate the plugin.

ARForms

Plugin:

ARForms

Plugin Slug:
arforms

Vulnerability:
Settings Change

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-54217

The vulnerability has not been patched. You should deactivate the plugin.

Authors List

Plugin:

Authors List

Plugin Slug:
authors-list

Vulnerability:
Arbitrary Code Execution

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-10952

The vulnerability has not been patched. You should deactivate the plugin.

Beautiful Taxonomy Filters

Plugin:

Beautiful Taxonomy Filters

Plugin Slug:
beautiful-taxonomy-filters

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-12270

The vulnerability has not been patched. You should deactivate the plugin.

Block Controller

Plugin:

Block Controller

Plugin Slug:
block-controller

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-54208

The vulnerability has not been patched. You should deactivate the plugin.

BP Profile Shortcodes Extra

Plugin:

BP Profile Shortcodes Extra

Plugin Slug:
bp-profile-shortcodes-extra

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-11732

The vulnerability has not been patched. You should deactivate the plugin.

Mollie for Contact Form 7

Plugin:

Mollie for Contact Form 7

Plugin Slug:
cf7-mollie

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-12165

The vulnerability has not been patched. You should deactivate the plugin.

Charity Addon for Elementor

Plugin:

Charity Addon for Elementor

Plugin Slug:
charity-addon-for-elementor

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-12062

The vulnerability has not been patched. You should deactivate the plugin.

Clickbank Storefront

Plugin:

Clickbank Storefront

Plugin Slug:
clickbank-storefront

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-11336

The vulnerability has not been patched. You should deactivate the plugin.

SMS for Lead Capture Forms

Plugin:

SMS for Lead Capture Forms

Plugin Slug:
clicksend-lead-capture-form

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-11353

The vulnerability has not been patched. You should deactivate the plugin.

CLUEVO LMS, E-Learning Platform

Plugin:

CLUEVO LMS, E-Learning Platform

Plugin Slug:
cluevo-lms

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-11444

The vulnerability has not been patched. You should deactivate the plugin.

Cookielay

Plugin:

Cookielay

Plugin Slug:
cookielay

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-10320

The vulnerability has not been patched. You should deactivate the plugin.

Country Blocker

Plugin:

Country Blocker

Plugin Slug:
country-blocker

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-54226

The vulnerability has not been patched. You should deactivate the plugin.

Advanced Element Bucket Addons for Elementor

Plugin:

Advanced Element Bucket Addons for Elementor

Plugin Slug:
cs-element-bucket

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-54210

The vulnerability has not been patched. You should deactivate the plugin.

Easy Blocks pro

Plugin:

Easy Blocks pro

Plugin Slug:
easy-blocks-pro

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-54256

The vulnerability has not been patched. You should deactivate the plugin.

Easy Code Snippets

Plugin:

Easy Code Snippets

Plugin Slug:
easy-code-snippets

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-11464

The vulnerability has not been patched. You should deactivate the plugin.

Easy Social Feed Premium

Plugin:

Easy Social Feed Premium

Plugin Slug:
easy-facebook-likebox-premium

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-5020

The vulnerability has not been patched. You should deactivate the plugin.

Echoza

Plugin:

Echoza

Plugin Slug:
echoza

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-54243

The vulnerability has not been patched. You should deactivate the plugin.

eewee admin custom

Plugin:

eewee admin custom

Plugin Slug:
eewee-admincustom

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-54248

The vulnerability has not been patched. You should deactivate the plugin.

Eleblog – Elementor Blog And Magazine Addons

Plugin:

Eleblog – Elementor Blog And Magazine Addons

Plugin Slug:
ele-blog

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-10663

The vulnerability has not been patched. You should deactivate the plugin.

FAQs

Plugin:

FAQs

Plugin Slug:
faqs

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-54246

The vulnerability has not been patched. You should deactivate the plugin.

FAT Services Booking

Plugin:

FAT Services Booking

Plugin Slug:
fat-services-booking

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-54220

The vulnerability has not been patched. You should deactivate the plugin.

FAT Services Booking

Plugin:

FAT Services Booking

Plugin Slug:
fat-services-booking

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-54221

The vulnerability has not been patched. You should deactivate the plugin.

Folder Gallery

Plugin:

Folder Gallery

Plugin Slug:
folder-gallery

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-11823

The vulnerability has not been patched. You should deactivate the plugin.

Funnelforms Free

Plugin:

Funnelforms Free

Plugin Slug:
funnelforms-free

Vulnerability:
PHP Object Injection

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-10587

The vulnerability has not been patched. You should deactivate the plugin.

Gold Addons for Elementor

Plugin:

Gold Addons for Elementor

Plugin Slug:
gold-addons-for-elementor

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-12110

The vulnerability has not been patched. You should deactivate the plugin.

Library Management System

Plugin:

Library Management System

Plugin Slug:
library-management-system

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-8679

The vulnerability has not been patched. You should deactivate the plugin.

Contact Form, Survey & Form Builder – MightyForms

Plugin:

Contact Form, Survey & Form Builder – MightyForms

Plugin Slug:
mightyforms

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-11897

The vulnerability has not been patched. You should deactivate the plugin.

Gallery

Plugin:

Gallery

Plugin Slug:
multi-gallery

Vulnerability:
PHP Object Injection

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-11501

The vulnerability has not been patched. You should deactivate the plugin.

Login With OTP

Plugin:

Login With OTP

Plugin Slug:
otp-login

Vulnerability:
Broken Authentication

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-11178

The vulnerability has not been patched. You should deactivate the plugin.

Posti Shipping

Plugin:

Posti Shipping

Plugin Slug:
posti-shipping

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-10832

The vulnerability has not been patched. You should deactivate the plugin.

Paloma Widget

Plugin:

Paloma Widget

Plugin Slug:
postman-widget

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-54205

The vulnerability has not been patched. You should deactivate the plugin.

Responsive Videos

Plugin:

Responsive Videos

Plugin Slug:
responsive-youtube-videos

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-11747

The vulnerability has not been patched. You should deactivate the plugin.

Revy

Plugin:

Revy

Plugin Slug:
revy

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-54215

The vulnerability has not been patched. You should deactivate the plugin.

Revy

Plugin:

Revy

Plugin Slug:
revy

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-54214

The vulnerability has not been patched. You should deactivate the plugin.

SG Helper

Plugin:

SG Helper

Plugin Slug:
sg-helper

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-11093

The vulnerability has not been patched. You should deactivate the plugin.

Simple Ecommerce Shopping Cart

Plugin:

Simple Ecommerce Shopping Cart

Plugin Slug:
simple-e-commerce-shopping-cart

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-12253

The vulnerability has not been patched. You should deactivate the plugin.

Simple Ecommerce Shopping Cart

Plugin:

Simple Ecommerce Shopping Cart

Plugin Slug:
simple-e-commerce-shopping-cart

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-12128

The vulnerability has not been patched. You should deactivate the plugin.

Smart PopUp Blaster

Plugin:

Smart PopUp Blaster

Plugin Slug:
smart-popup-blaster

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-11339

The vulnerability has not been patched. You should deactivate the plugin.

Smoove connector for Elementor forms

Plugin:

Smoove connector for Elementor forms

Plugin Slug:
smoove-elementor

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-11367

The vulnerability has not been patched. You should deactivate the plugin.

Splash Sync

Plugin:

Splash Sync

Plugin Slug:
splash-connector

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-11368

The vulnerability has not been patched. You should deactivate the plugin.

SV100 Companion

Plugin:

SV100 Companion

Plugin Slug:
sv100-companion

Vulnerability:
Privilege Escalation

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-54229

The vulnerability has not been patched. You should deactivate the plugin.

TWChat

Plugin:

TWChat

Plugin Slug:
twchat

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-11374

The vulnerability has not been patched. You should deactivate the plugin.

TwentyTwenty

Plugin:

TwentyTwenty

Plugin Slug:
twentytwenty

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-11352

The vulnerability has not been patched. You should deactivate the plugin.

Shortcodes Blocks Creator Ultimate

Plugin:

Shortcodes Blocks Creator Ultimate

Plugin Slug:
ultimate-shortcodes-creator

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-54264

The vulnerability has not been patched. You should deactivate the plugin.

Unlock Addons for Elementor

Plugin:

Unlock Addons for Elementor

Plugin Slug:
unlock-addons-for-elementor

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-54230

The vulnerability has not been patched. You should deactivate the plugin.

Wot Elementor Widgets

Plugin:

Wot Elementor Widgets

Plugin Slug:
wot-elementor-widgets

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-54228

The vulnerability has not been patched. You should deactivate the plugin.

WordPress Auction Plugin

Plugin:

WordPress Auction Plugin

Plugin Slug:
wp-auctions

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-51615

The vulnerability has not been patched. You should deactivate the plugin.

WordPress Auction Plugin

Plugin:

WordPress Auction Plugin

Plugin Slug:
wp-auctions

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-54207

The vulnerability has not been patched. You should deactivate the plugin.

WP Media Optimizer

Plugin:

WP Media Optimizer

Plugin Slug:
wp-media-optimizer-webp

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-12060

The vulnerability has not been patched. You should deactivate the plugin.

Mini Program API

Plugin:

Mini Program API

Plugin Slug:
wp-mini-program

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-11380

The vulnerability has not been patched. You should deactivate the plugin.

WP Private Content Plus

Plugin:

WP Private Content Plus

Plugin Slug:
wp-private-content-plus

Vulnerability:
Sensitive Data Exposure

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-11292

The vulnerability has not been patched. You should deactivate the plugin.

WP System

Plugin:

WP System

Plugin Slug:
wp-system

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-12003

The vulnerability has not been patched. You should deactivate the plugin.

Zooom

Plugin:

Zooom

Plugin Slug:
zooom

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-11451

The vulnerability has not been patched. You should deactivate the plugin.

WooCommerce

Plugin:

WooCommerce

Plugin Slug:
woocommerce

Installations
8,000,000+

Vulnerability:
Broken Access Control

Patched in Version:
9.4.3

Severity Score:
Medium

The vulnerability has been patched, so you should update to version 9.4.3.

WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More

Plugin:

WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More

Plugin Slug:
wpforms-lite

Installations
6,000,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.9.2.2

Severity Score:
High

CVE:

2024-11205

The vulnerability has been patched, so you should update to version 1.9.2.2.

Spectra – WordPress Gutenberg Blocks

Plugin:

Spectra – WordPress Gutenberg Blocks

Plugin Slug:
ultimate-addons-for-gutenberg

Installations
1,000,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.16.3

Severity Score:
Medium

CVE:

2024-10484

The vulnerability has been patched, so you should update to version 2.16.3.

Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder

Plugin:

Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder

Plugin Slug:
fluentform

Installations
500,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
5.2.1

Severity Score:
Medium

CVE:

2024-9651

The vulnerability has been patched, so you should update to version 5.2.1.

Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery

Plugin:

Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery

Plugin Slug:
nextgen-gallery

Installations
400,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.59.5

Severity Score:
Medium

CVE:

2024-5020

The vulnerability has been patched, so you should update to version 3.59.5.

Firelight Lightbox

Plugin:

Firelight Lightbox

Plugin Slug:
easy-fancybox

Installations
200,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.3.4

Severity Score:
Medium

CVE:

2024-5020

The vulnerability has been patched, so you should update to version 2.3.4.

FileBird – WordPress Media Library Folders & File Manager

Plugin:

FileBird – WordPress Media Library Folders & File Manager

Plugin Slug:
filebird

Installations
200,000+

Vulnerability:
Broken Access Control

Patched in Version:
6.3.4

Severity Score:
Medium

CVE:

2024-53825

The vulnerability has been patched, so you should update to version 6.3.4.

Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows)

Plugin:

Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows)

Plugin Slug:
bdthemes-element-pack-lite

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
5.10.6

Severity Score:
Medium

CVE:

2024-9058

The vulnerability has been patched, so you should update to version 5.10.6.

Beaver Builder – WordPress Page Builder

Plugin:

Beaver Builder – WordPress Page Builder

Plugin Slug:
beaver-builder-lite-version

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.8.4.4

Severity Score:
Medium

CVE:

2024-53797

The vulnerability has been patched, so you should update to version 2.8.4.4.

Colibri Page Builder

Plugin:

Colibri Page Builder

Plugin Slug:
colibri-page-builder

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.0.288

Severity Score:
Medium

CVE:

2024-5020

The vulnerability has been patched, so you should update to version 1.0.288.

Slider & Popup Builder by Depicter – Add Image Slider, Carousel Slider, Exit Intent Popup, Popup Modal, Coupon Popup, Post Slider Carousel

Plugin:

Slider & Popup Builder by Depicter – Add Image Slider, Carousel Slider, Exit Intent Popup, Popup Modal, Coupon Popup, Post Slider Carousel

Plugin Slug:
depicter

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.2.2

Severity Score:
Medium

CVE:

2024-4633

The vulnerability has been patched, so you should update to version 3.2.2.

Gallery Plugin for WordPress – Envira Photo Gallery

Plugin:

Gallery Plugin for WordPress – Envira Photo Gallery

Plugin Slug:
envira-gallery-lite

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.8.16

Severity Score:
Medium

CVE:

2024-5020

The vulnerability has been patched, so you should update to version 1.8.16.

Advanced File Manager

Plugin:

Advanced File Manager

Plugin Slug:
file-manager-advanced

Installations
100,000+

Vulnerability:
Arbitrary File Upload

Patched in Version:
5.2.11

Severity Score:
High

CVE:

2024-11391

The vulnerability has been patched, so you should update to version 5.2.11.

FileOrganizer – Manage WordPress and Website Files

Plugin:

FileOrganizer – Manage WordPress and Website Files

Plugin Slug:
fileorganizer

Installations
100,000+

Vulnerability:
Path Traversal

Patched in Version:
1.1.5

Severity Score:
High

CVE:

2024-11010

The vulnerability has been patched, so you should update to version 1.1.5.

Responsive Lightbox & Gallery

Plugin:

Responsive Lightbox & Gallery

Plugin Slug:
responsive-lightbox

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.4.9

Severity Score:
Medium

CVE:

2024-5020

The vulnerability has been patched, so you should update to version 2.4.9.

The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce

Plugin:

The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce

Plugin Slug:
the-plus-addons-for-elementor-page-builder

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
6.0.1

Severity Score:
Medium

CVE:

2024-53823

The vulnerability has been patched, so you should update to version 6.0.1.

TI WooCommerce Wishlist

Plugin:

TI WooCommerce Wishlist

Plugin Slug:
ti-woocommerce-wishlist

Installations
100,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.9.2

Severity Score:
High

CVE:

2024-10567

The vulnerability has been patched, so you should update to version 2.9.2.

AnyWhere Elementor

Plugin:

AnyWhere Elementor

Plugin Slug:
anywhere-elementor

Installations
90,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.2.12

Severity Score:
Medium

CVE:

2024-10777

The vulnerability has been patched, so you should update to version 1.2.12.

PowerPack Elementor Addons (Free Widgets, Extensions and Templates)

Plugin:

PowerPack Elementor Addons (Free Widgets, Extensions and Templates)

Plugin Slug:
powerpack-lite-for-elementor

Installations
90,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.8.2

Severity Score:
Medium

CVE:

2024-10692

The vulnerability has been patched, so you should update to version 2.8.2.

WPC Smart Quick View for WooCommerce

Plugin:

WPC Smart Quick View for WooCommerce

Plugin Slug:
woo-smart-quick-view

Installations
80,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.1.2

Severity Score:
Medium

CVE:

2024-5020

The vulnerability has been patched, so you should update to version 4.1.2.

WP Hide & Security Enhancer

Plugin:

WP Hide & Security Enhancer

Plugin Slug:
wp-hide-security-enhancer

Installations
70,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.5.2

Severity Score:
High

CVE:

2024-11585

The vulnerability has been patched, so you should update to version 2.5.2.

Getwid – Gutenberg Blocks

Plugin:

Getwid – Gutenberg Blocks

Plugin Slug:
getwid

Installations
60,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.0.12

Severity Score:
Medium

CVE:

2024-5020

The vulnerability has been patched, so you should update to version 2.0.12.

If Menu – Visibility control for Menus

Plugin:

If Menu – Visibility control for Menus

Plugin Slug:
if-menu

Installations
60,000+

Vulnerability:
Broken Access Control

Patched in Version:
0.19.2

Severity Score:
Medium

CVE:

2024-7894

The vulnerability has been patched, so you should update to version 0.19.2.

Visual Portfolio, Photo Gallery & Post Grid

Plugin:

Visual Portfolio, Photo Gallery & Post Grid

Plugin Slug:
visual-portfolio

Installations
60,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.3.10

Severity Score:
Medium

CVE:

2024-5020

The vulnerability has been patched, so you should update to version 3.3.10.

Carousel, Slider, Gallery by WP Carousel – Image Carousel with Lightbox & Photo Gallery, Video Slider, Post Carousel & Post Grid, Product Carousel & Product Grid

Plugin:

Carousel, Slider, Gallery by WP Carousel – Image Carousel with Lightbox & Photo Gallery, Video Slider, Post Carousel & Post Grid, Product Carousel & Product Grid

Plugin Slug:
wp-carousel-free

Installations
60,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.6.9

Severity Score:
Medium

CVE:

2024-5020

The vulnerability has been patched, so you should update to version 2.6.9.

Bold Page Builder

Plugin:

Bold Page Builder

Plugin Slug:
bold-page-builder

Installations
50,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
5.2.2

Severity Score:
Medium

CVE:

2024-53801

The vulnerability has been patched, so you should update to version 5.2.2.

Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder

Plugin:

Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder

Plugin Slug:
form-maker

Installations
50,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.15.28

Severity Score:
Medium

CVE:

2024-5020

The vulnerability has been patched, so you should update to version 1.15.28.

FancyBox for WordPress

Plugin:

FancyBox for WordPress

Plugin Slug:
fancybox-for-wordpress

Installations
40,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.3.5

Severity Score:
Medium

CVE:

2024-5020

The vulnerability has been patched, so you should update to version 3.3.5.

Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor

Plugin:

Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor

Plugin Slug:
gutentor

Installations
40,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.4.0

Severity Score:
Medium

CVE:

2024-10178

The vulnerability has been patched, so you should update to version 3.4.0.

Themesflat Addons For Elementor

Plugin:

Themesflat Addons For Elementor

Plugin Slug:
themesflat-addons-for-elementor

Installations
40,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.2.3

Severity Score:
Medium

CVE:

2024-53796

The vulnerability has been patched, so you should update to version 2.2.3.

Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX

Plugin:

Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX

Plugin Slug:
ultimate-post

Installations
40,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.1.16

Severity Score:
Medium

CVE:

2024-53818

The vulnerability has been patched, so you should update to version 4.1.16.

Tutor LMS Elementor Addons

Plugin:

Tutor LMS Elementor Addons

Plugin Slug:
tutor-lms-elementor-addons

Installations
30,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.1.6

Severity Score:
Medium

CVE:

2024-53816

The vulnerability has been patched, so you should update to version 2.1.6.

Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy)

Plugin:

Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy)

Plugin Slug:
wp-analytify

Installations
30,000+

Vulnerability:
Broken Access Control

Patched in Version:
5.5.0

Severity Score:
Medium

CVE:

2024-53814

The vulnerability has been patched, so you should update to version 5.5.0.

WP Umbrella: Update Backup Restore & Monitoring

Plugin:

WP Umbrella: Update Backup Restore & Monitoring

Plugin Slug:
wp-health

Installations
30,000+

Vulnerability:
Local File Inclusion

Patched in Version:
2.17.1

Severity Score:
Critical

CVE:

2024-12209

The vulnerability has been patched, so you should update to version 2.17.1.

Maspik – Advanced Spam Protection

Plugin:

Maspik – Advanced Spam Protection

Plugin Slug:
contact-forms-anti-spam

Installations
20,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.2.8

Severity Score:
Medium

CVE:

2024-53806

The vulnerability has been patched, so you should update to version 2.2.8.

Futurio Extra

Plugin:

Futurio Extra

Plugin Slug:
futurio-extra

Installations
20,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.0.15

Severity Score:
Medium

CVE:

2024-53802

The vulnerability has been patched, so you should update to version 2.0.15.

FV Flowplayer Video Player

Plugin:

FV Flowplayer Video Player

Plugin Slug:
fv-wordpress-flowplayer

Installations
20,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
7.5.48.7212

Severity Score:
Medium

CVE:

2024-5020

The vulnerability has been patched, so you should update to version 7.5.48.7212.

Product Labels For Woocommerce (Sale Badges)

Plugin:

Product Labels For Woocommerce (Sale Badges)

Plugin Slug:
aco-product-labels-for-woocommerce

Installations
10,000+

Vulnerability:
SQL Injection

Patched in Version:
1.5.9

Severity Score:
High

CVE:

2024-53817

The vulnerability has been patched, so you should update to version 1.5.9.

Video Gallery – YouTube Gallery and Vimeo Gallery

Plugin:

Video Gallery – YouTube Gallery and Vimeo Gallery

Plugin Slug:
gallery-videos

Installations
10,000+

Vulnerability:
SQL Injection

Patched in Version:
2.4.3

Severity Score:
High

CVE:

2024-10247

The vulnerability has been patched, so you should update to version 2.4.3.

Video Gallery – YouTube Gallery and Vimeo Gallery

Plugin:

Video Gallery – YouTube Gallery and Vimeo Gallery

Plugin Slug:
gallery-videos

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.4.2

Severity Score:
Medium

CVE:

2024-9769

The vulnerability has been patched, so you should update to version 2.4.2.

LA-Studio Element Kit for Elementor

Plugin:

LA-Studio Element Kit for Elementor

Plugin Slug:
lastudio-element-kit

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.4.5

Severity Score:
Medium

CVE:

2024-10787

The vulnerability has been patched, so you should update to version 1.4.5.

myCred – Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program.

Plugin:

myCred – Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program.

Plugin Slug:
mycred

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.7.6

Severity Score:
Medium

CVE:

2024-11201

The vulnerability has been patched, so you should update to version 2.7.6.

NEX-Forms – Ultimate Form Builder – Contact forms and much more

Plugin:

NEX-Forms – Ultimate Form Builder – Contact forms and much more

Plugin Slug:
nex-forms-express-wp-form-builder

Installations
10,000+

Vulnerability:
SQL Injection

Patched in Version:
8.7.9

Severity Score:
High

CVE:

2024-53808

The vulnerability has been patched, so you should update to version 8.7.9.

Simple Side Tab

Plugin:

Simple Side Tab

Plugin Slug:
simple-side-tab

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.2.0

Severity Score:
Medium

CVE:

2024-11183

The vulnerability has been patched, so you should update to version 2.2.0.

Swift Performance Lite

Plugin:

Swift Performance Lite

Plugin Slug:
swift-performance-lite

Installations
10,000+

Vulnerability:
Path Traversal

Patched in Version:
2.3.7.2

Severity Score:
High

CVE:

2024-10516

The vulnerability has been patched, so you should update to version 2.3.7.2.

ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup

Plugin:

ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup

Plugin Slug:
armember-membership

Installations
9,000+

Vulnerability:
Arbitrary Code Execution

Patched in Version:
4.0.52

Severity Score:
Medium

CVE:

2024-10681

The vulnerability has been patched, so you should update to version 4.0.52.

Pojo Forms

Plugin:

Pojo Forms

Plugin Slug:
pojo-forms

Installations
7,000+

Vulnerability:
Arbitrary Code Execution

Patched in Version:
1.4.8

Severity Score:
Medium

CVE:

2024-10909

The vulnerability has been patched, so you should update to version 1.4.8.

Poll Maker – Versus Polls, Anonymous Polls, Image Polls

Plugin:

Poll Maker – Versus Polls, Anonymous Polls, Image Polls

Plugin Slug:
poll-maker

Installations
7,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
5.5.5

Severity Score:
Medium

CVE:

2024-12115

The vulnerability has been patched, so you should update to version 5.5.5.

WDesignKit – Elementor & Gutenberg Starter Templates, Patterns, Cloud Workspace & Widget Builder

Plugin:

WDesignKit – Elementor & Gutenberg Starter Templates, Patterns, Cloud Workspace & Widget Builder

Plugin Slug:
wdesignkit

Installations
7,000+

Vulnerability:
Arbitrary File Upload

Patched in Version:
1.1.0

Severity Score:
Medium

CVE:

2024-53811

The vulnerability has been patched, so you should update to version 1.1.0.

Related Posts, Inline Related Posts, Contextual Related Posts, Related Content By PickPlugins

Plugin:

Related Posts, Inline Related Posts, Contextual Related Posts, Related Content By PickPlugins

Plugin Slug:
related-post

Installations
5,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
2.0.59

Severity Score:
Medium

CVE:

2024-10937

The vulnerability has been patched, so you should update to version 2.0.59.

WP Travel – Ultimate Travel Booking System, Tour Management Engine

Plugin:

WP Travel – Ultimate Travel Booking System, Tour Management Engine

Plugin Slug:
wp-travel

Installations
5,000+

Vulnerability:
Broken Access Control

Patched in Version:
9.7.0

Severity Score:
Medium

CVE:

2024-53813

The vulnerability has been patched, so you should update to version 9.7.0.

All Bootstrap Blocks

Plugin:

All Bootstrap Blocks

Plugin Slug:
all-bootstrap-blocks

Installations
4,000+

Vulnerability:
Local File Inclusion

Patched in Version:
1.3.20

Severity Score:
High

CVE:

2024-53824

The vulnerability has been patched, so you should update to version 1.3.20.

Arkhe Blocks

Plugin:

Arkhe Blocks

Plugin Slug:
arkhe-blocks

Installations
4,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.27.1

Severity Score:
Medium

CVE:

2024-53794

The vulnerability has been patched, so you should update to version 2.27.1.

Pinpoint Booking System – #1 WordPress Booking Plugin

Plugin:

Pinpoint Booking System – #1 WordPress Booking Plugin

Plugin Slug:
booking-system

Installations
4,000+

Vulnerability:
SQL Injection

Patched in Version:
2.9.9.5.2

Severity Score:
High

CVE:

2024-53815

The vulnerability has been patched, so you should update to version 2.9.9.5.2.

ElementsReady Addons for Elementor

Plugin:

ElementsReady Addons for Elementor

Plugin Slug:
element-ready-lite

Installations
4,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
6.4.8

Severity Score:
Medium

CVE:

2024-54224

The vulnerability has been patched, so you should update to version 6.4.8.

Contact Form, Survey, Quiz & Popup Form Builder – ARForms

Plugin:

Contact Form, Survey, Quiz & Popup Form Builder – ARForms

Plugin Slug:
arforms-form-builder

Installations
3,000+

Vulnerability:
Content Injection

Patched in Version:
1.7.2

Severity Score:
Medium

CVE:

2024-54223

The vulnerability has been patched, so you should update to version 1.7.2.

WP Job Manager – Company Profiles

Plugin:

WP Job Manager – Company Profiles

Plugin Slug:
wp-job-manager-companies

Installations
3,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.8

Severity Score:
High

CVE:

2023-6978

The vulnerability has been patched, so you should update to version 1.8.

Accordion Slider

Plugin:

Accordion Slider

Plugin Slug:
accordion-slider

Installations
2,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.9.13

Severity Score:
Medium

CVE:

2024-5020

The vulnerability has been patched, so you should update to version 1.9.13.

Knowledge Base documentation & wiki plugin – BasePress Docs

Plugin:

Knowledge Base documentation & wiki plugin – BasePress Docs

Plugin Slug:
basepress

Installations
2,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.16.3.4

Severity Score:
Medium

CVE:

2024-10664

The vulnerability has been patched, so you should update to version 2.16.3.4.

Message Filter for Contact Form 7

Plugin:

Message Filter for Contact Form 7

Plugin Slug:
cf7-message-filter

Installations
2,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.6.3

Severity Score:
Medium

CVE:

2024-54254

The vulnerability has been patched, so you should update to version 1.6.3.

KiviCare – Clinic & Patient Management System (EHR)

Plugin:

KiviCare – Clinic & Patient Management System (EHR)

Plugin Slug:
kivicare-clinic-management-system

Installations
2,000+

Vulnerability:
SQL Injection

Patched in Version:
3.6.5

Severity Score:
High

CVE:

2024-11730

The vulnerability has been patched, so you should update to version 3.6.5.

KiviCare – Clinic & Patient Management System (EHR)

Plugin:

KiviCare – Clinic & Patient Management System (EHR)

Plugin Slug:
kivicare-clinic-management-system

Installations
2,000+

Vulnerability:
SQL Injection

Patched in Version:
3.6.5

Severity Score:
High

CVE:

2024-11729

The vulnerability has been patched, so you should update to version 3.6.5.

KiviCare – Clinic & Patient Management System (EHR)

Plugin:

KiviCare – Clinic & Patient Management System (EHR)

Plugin Slug:
kivicare-clinic-management-system

Installations
2,000+

Vulnerability:
SQL Injection

Patched in Version:
3.6.5

Severity Score:
Critical

CVE:

2024-11728

The vulnerability has been patched, so you should update to version 3.6.5.

Online Booking & Scheduling Calendar for WordPress by vcita

Plugin:

Online Booking & Scheduling Calendar for WordPress by vcita

Plugin Slug:
meeting-scheduler-by-vcita

Installations
2,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.5.2

Severity Score:
Medium

CVE:

2024-9872

The vulnerability has been patched, so you should update to version 4.5.2.

Plugin Check (PCP)

Plugin:

Plugin Check (PCP)

Plugin Slug:
plugin-check

Installations
2,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.3.1

Severity Score:
Medium

The vulnerability has been patched, so you should update to version 1.3.1.

Active Products Tables for WooCommerce. Use constructor to create tables

Plugin:

Active Products Tables for WooCommerce. Use constructor to create tables

Plugin Slug:
profit-products-tables-for-woocommerce

Installations
2,000+

Vulnerability:
Arbitrary Code Execution

Patched in Version:
1.0.6.6

Severity Score:
High

CVE:

2024-10959

The vulnerability has been patched, so you should update to version 1.0.6.6.

Client Invoicing by Sprout Invoices – Easy Estimates and Invoices for WordPress

Plugin:

Client Invoicing by Sprout Invoices – Easy Estimates and Invoices for WordPress

Plugin Slug:
sprout-invoices

Installations
2,000+

Vulnerability:
Insecure Direct Object References (IDOR)

Patched in Version:
20.8.1

Severity Score:
Medium

CVE:

2024-53819

The vulnerability has been patched, so you should update to version 20.8.1.

Free Responsive Testimonials, Social Proof Reviews, and Customer Reviews – Stars Testimonials

Plugin:

Free Responsive Testimonials, Social Proof Reviews, and Customer Reviews – Stars Testimonials

Plugin Slug:
stars-testimonials-with-slider-and-masonry-grid

Installations
2,000+

Vulnerability:
Local File Inclusion

Patched in Version:
3.3.4

Severity Score:
High

CVE:

2024-11429

The vulnerability has been patched, so you should update to version 3.3.4.

WPBITS Addons For Elementor Page Builder

Plugin:

WPBITS Addons For Elementor Page Builder

Plugin Slug:
wpbits-addons-for-elementor

Installations
2,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.6

Severity Score:
Medium

CVE:

2024-8962

The vulnerability has been patched, so you should update to version 1.6.

XLTab – Accordions and Tabs for Elementor Page Builder

Plugin:

XLTab – Accordions and Tabs for Elementor Page Builder

Plugin Slug:
xl-tab

Installations
2,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.5

Severity Score:
Medium

CVE:

2024-10689

The vulnerability has been patched, so you should update to version 1.5.

Captivate Sync

Plugin:

Captivate Sync

Plugin Slug:
captivatesync-trade

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.0.26

Severity Score:
Medium

CVE:

2024-53820

The vulnerability has been patched, so you should update to version 2.0.26.

Contact Form Builder by vcita

Plugin:

Contact Form Builder by vcita

Plugin Slug:
contact-form-with-a-meeting-scheduler-by-vcita

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.10.5

Severity Score:
Medium

CVE:

2024-10056

The vulnerability has been patched, so you should update to version 4.10.5.

Event Tickets with Ticket Scanner

Plugin:

Event Tickets with Ticket Scanner

Plugin Slug:
event-tickets-with-ticket-scanner

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.4.4

Severity Score:
Medium

CVE:

2024-9866

The vulnerability has been patched, so you should update to version 2.4.4.

Listdom – Business Directory and Classified Ads Listings WordPress Plugin

Plugin:

Listdom – Business Directory and Classified Ads Listings WordPress Plugin

Plugin Slug:
listdom

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.7.1

Severity Score:
Medium

CVE:

2024-11854

The vulnerability has been patched, so you should update to version 3.7.1.

????? ?? ???? – ???? ?? ????

Plugin:

????? ?? ???? – ???? ?? ????

Plugin Slug:
pgall-for-woocommerce

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
5.2.3

Severity Score:
High

CVE:

2024-11943

The vulnerability has been patched, so you should update to version 5.2.3.

SearchIQ – The Search Solution

Plugin:

SearchIQ – The Search Solution

Plugin Slug:
searchiq

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.7

Severity Score:
Medium

CVE:

2024-10885

The vulnerability has been patched, so you should update to version 4.7.

Simple Restrict

Plugin:

Simple Restrict

Plugin Slug:
simple-restrict

Installations
1,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
1.2.8

Severity Score:
Medium

CVE:

2024-11106

The vulnerability has been patched, so you should update to version 1.2.8.

Broadcast

Plugin:

Broadcast

Plugin Slug:
threewp-broadcast

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
51.02

Severity Score:
High

CVE:

2024-11379

The vulnerability has been patched, so you should update to version 51.02.

WPCasa

Plugin:

WPCasa

Plugin Slug:
wpcasa

Installations
1,000+

Vulnerability:
Insecure Direct Object References (IDOR)

Patched in Version:
1.3.0

Severity Score:
Medium

CVE:

2024-53826

The vulnerability has been patched, so you should update to version 1.3.0.

Church Admin

Plugin:

Church Admin

Plugin Slug:
church-admin

Installations
900+

Vulnerability:
Broken Access Control

Patched in Version:
5.0.9

Severity Score:
Medium

CVE:

2024-53795

The vulnerability has been patched, so you should update to version 5.0.9.

3DPrint Lite

Plugin:

3DPrint Lite

Plugin Slug:
3dprint-lite

Installations
800+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.1

Severity Score:
Medium

CVE:

2024-10480

The vulnerability has been patched, so you should update to version 2.1.

Email Address Obfuscation

Plugin:

Email Address Obfuscation

Plugin Slug:
email-address-obfuscation

Installations
800+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.1.0

Severity Score:
Medium

CVE:

2024-11935

The vulnerability has been patched, so you should update to version 1.1.0.

Property Hive Mortgage Calculator

Plugin:

Property Hive Mortgage Calculator

Plugin Slug:
property-hive-mortgage-calculator

Installations
800+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.0.7

Severity Score:
Medium

CVE:

2024-11940

The vulnerability has been patched, so you should update to version 1.0.7.

Quran multilanguage Text & Audio

Plugin:

Quran multilanguage Text & Audio

Plugin Slug:
quran-text-multilanguage

Installations
700+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.3.22

Severity Score:
High

CVE:

2024-11973

The vulnerability has been patched, so you should update to version 2.3.22.

jAlbum Bridge

Plugin:

jAlbum Bridge

Plugin Slug:
jalbum-bridge

Installations
600+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.0.16

Severity Score:
Medium

CVE:

2024-11853

The vulnerability has been patched, so you should update to version 2.0.16.

My auctions allegro

Plugin:

My auctions allegro

Plugin Slug:
my-auctions-allegro-free-edition

Installations
600+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.6.18

Severity Score:
High

CVE:

2024-11707

The vulnerability has been patched, so you should update to version 3.6.18.

Additional Custom Order Status for WooCommerce

Plugin:

Additional Custom Order Status for WooCommerce

Plugin Slug:
order-status-for-woocommerce

Installations
600+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.6.1

Severity Score:
High

CVE:

2024-11814

The vulnerability has been patched, so you should update to version 1.6.1.

Accounting for WooCommerce

Plugin:

Accounting for WooCommerce

Plugin Slug:
accounting-for-woocommerce

Installations
500+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.6.7

Severity Score:
High

CVE:

2024-11324

The vulnerability has been patched, so you should update to version 1.6.7.

AWeber Forms by Optin Cat

Plugin:

AWeber Forms by Optin Cat

Plugin Slug:
aweber-wp

Installations
500+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.5.8

Severity Score:
High

CVE:

2024-11325

The vulnerability has been patched, so you should update to version 2.5.8.

iChart – Easy Charts and Graphs

Plugin:

iChart – Easy Charts and Graphs

Plugin Slug:
ichart

Installations
500+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.1.4

Severity Score:
Medium

CVE:

2024-11928

The vulnerability has been patched, so you should update to version 2.1.4.

???? ???

Plugin:

???? ???

Plugin Slug:
mshop-naver-talktalk

Installations
500+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.2.1

Severity Score:
Medium

CVE:

2024-11904

The vulnerability has been patched, so you should update to version 1.2.1.

Namaste! LMS

Plugin:

Namaste! LMS

Plugin Slug:
namaste-lms

Installations
500+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.6.5

Severity Score:
Medium

CVE:

2024-53809

The vulnerability has been patched, so you should update to version 2.6.5.

Flower Delivery by Florist One

Plugin:

Flower Delivery by Florist One

Plugin Slug:
flower-delivery-by-florist-one

Installations
400+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.9.1

Severity Score:
Medium

CVE:

2024-11769

The vulnerability has been patched, so you should update to version 3.9.1.

WIP WooCarousel Lite

Plugin:

WIP WooCarousel Lite

Plugin Slug:
wip-woocarousel-lite

Installations
400+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.1.7

Severity Score:
Medium

CVE:

2024-11779

The vulnerability has been patched, so you should update to version 1.1.7.

WP eCards

Plugin:

WP eCards

Plugin Slug:
wp-ecards-invites

Installations
400+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.3.905

Severity Score:
Medium

CVE:

2024-11903

The vulnerability has been patched, so you should update to version 1.3.905.

WP Mailster

Plugin:

WP Mailster

Plugin Slug:
wp-mailster

Installations
400+

Vulnerability:
Broken Access Control

Patched in Version:
1.8.17.0

Severity Score:
Medium

CVE:

2024-53803

The vulnerability has been patched, so you should update to version 1.8.17.0.

WP Mailster

Plugin:

WP Mailster

Plugin Slug:
wp-mailster

Installations
400+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
1.8.17.0

Severity Score:
High

CVE:

2024-53804

The vulnerability has been patched, so you should update to version 1.8.17.0.

WP Mailster

Plugin:

WP Mailster

Plugin Slug:
wp-mailster

Installations
400+

Vulnerability:
Broken Access Control

Patched in Version:
1.8.17.0

Severity Score:
High

CVE:

2024-53805

The vulnerability has been patched, so you should update to version 1.8.17.0.

WP Mailster

Plugin:

WP Mailster

Plugin Slug:
wp-mailster

Installations
400+

Vulnerability:
SQL Injection

Patched in Version:
1.8.17.0

Severity Score:
High

CVE:

2024-53807

The vulnerability has been patched, so you should update to version 1.8.17.0.

Simple User Registration

Plugin:

Simple User Registration

Plugin Slug:
wp-registration

Installations
400+

Vulnerability:
Broken Access Control

Patched in Version:
6.0

Severity Score:
Critical

CVE:

2024-53810

The vulnerability has been patched, so you should update to version 6.0.

Campaign Monitor Forms by Optin Cat

Plugin:

Campaign Monitor Forms by Optin Cat

Plugin Slug:
campaign-monitor-wp

Installations
300+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.5.8

Severity Score:
High

CVE:

2024-11326

The vulnerability has been patched, so you should update to version 2.5.8.

CardGate Payments for WooCommerce

Plugin:

CardGate Payments for WooCommerce

Plugin Slug:
cardgate

Installations
300+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.2.2

Severity Score:
High

CVE:

2024-12257

The vulnerability has been patched, so you should update to version 3.2.2.

Scratch & Win – Giveaways and Contests. Boost subscribers, traffic, repeat visits, referrals, sales and more

Plugin:

Scratch & Win – Giveaways and Contests. Boost subscribers, traffic, repeat visits, referrals, sales and more

Plugin Slug:
scratch-win-giveaways-for-website-facebook

Installations
300+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.7.0

Severity Score:
Medium

CVE:

2024-11898

The vulnerability has been patched, so you should update to version 2.7.0.

Simple Redirection

Plugin:

Simple Redirection

Plugin Slug:
eelv-redirection

Installations
200+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.5.1

Severity Score:
Medium

CVE:

2024-11341

The vulnerability has been patched, so you should update to version 1.5.1.

Email Reminders

Plugin:

Email Reminders

Plugin Slug:
email-reminders

Installations
200+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.0.5

Severity Score:
Medium

CVE:

2024-11945

The vulnerability has been patched, so you should update to version 2.0.5.

Form Data Collector

Plugin:

Form Data Collector

Plugin Slug:
form-data-collector

Installations
200+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.2.4

Severity Score:
High

CVE:

2024-11461

The vulnerability has been patched, so you should update to version 2.2.4.

Next-Cart Store to WooCommerce Migration

Plugin:

Next-Cart Store to WooCommerce Migration

Plugin Slug:
nextcart-woocommerce-migration

Installations
200+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.9.4

Severity Score:
High

CVE:

2024-11687

The vulnerability has been patched, so you should update to version 3.9.4.

WP GeoNames

Plugin:

WP GeoNames

Plugin Slug:
wp-geonames

Installations
200+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.9

Severity Score:
High

CVE:

2024-53812

The vulnerability has been patched, so you should update to version 1.9.

B Testimonial – Testimonial plugin for WP

Plugin:

B Testimonial – Testimonial plugin for WP

Plugin Slug:
b-testimonial

Installations
100+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.2.3

Severity Score:
Medium

CVE:

2024-11880

The vulnerability has been patched, so you should update to version 1.2.3.

ONLYOFFICE Docs

Plugin:

ONLYOFFICE Docs

Plugin Slug:
onlyoffice

Installations
100+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.2.0

Severity Score:
Medium

CVE:

2024-11450

The vulnerability has been patched, so you should update to version 2.2.0.

Drag & Drop Builder, Human Face Detector, Pre-built Templates, Spam Protection, User Email Notifications & more!

Plugin:

Drag & Drop Builder, Human Face Detector, Pre-built Templates, Spam Protection, User Email Notifications & more!

Plugin Slug:
pie-forms-for-wp

Installations
100+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.5

Severity Score:
High

CVE:

2024-11436

The vulnerability has been patched, so you should update to version 1.5.

Prodigy Commerce

Plugin:

Prodigy Commerce

Plugin Slug:
prodigy-commerce

Installations
100+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.0.9

Severity Score:
Medium

CVE:

2024-54250

The vulnerability has been patched, so you should update to version 3.0.9.

NPS computy

Plugin:

NPS computy

Plugin Slug:
nps-computy

Installations
90+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.8.1

Severity Score:
High

CVE:

2024-11807

The vulnerability has been patched, so you should update to version 2.8.1.

Verowa Connect

Plugin:

Verowa Connect

Plugin Slug:
verowa-connect

Installations
90+

Vulnerability:
SQL Injection

Patched in Version:
3.0.2

Severity Score:
Critical

CVE:

2024-11460

The vulnerability has been patched, so you should update to version 3.0.2.

Dollie Hub – Build Your Own WordPress Cloud Platform

Plugin:

Dollie Hub – Build Your Own WordPress Cloud Platform

Plugin Slug:
dollie

Installations
80+

Vulnerability:
Broken Access Control

Patched in Version:
6.2.1

Severity Score:
Medium

CVE:

2024-12099

The vulnerability has been patched, so you should update to version 6.2.1.

Z-Downloads

Plugin:

Z-Downloads

Plugin Slug:
z-downloads

Installations
50+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.11.8

Severity Score:
Medium

CVE:

2024-54206

The vulnerability has been patched, so you should update to version 1.11.8.

BMLT Tabbed Map

Plugin:

BMLT Tabbed Map

Plugin Slug:
bmlt-tabbed-map

Installations
40+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.2.0

Severity Score:
Medium

CVE:

2024-11866

The vulnerability has been patched, so you should update to version 1.2.0.

Quick License Manager – WooCommerce Plugin

Plugin:

Quick License Manager – WooCommerce Plugin

Plugin Slug:
quick-license-manager

Installations
40+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.4.18

Severity Score:
High

CVE:

2024-11805

The vulnerability has been patched, so you should update to version 2.4.18.

FloristPress – Customize your Woo store for your Florist

Plugin:

FloristPress – Customize your Woo store for your Florist

Plugin Slug:
bakkbone-florist-companion

Installations
10+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
7.4.0

Severity Score:
Medium

CVE:

2024-53799

The vulnerability has been patched, so you should update to version 7.4.0.

FloristPress – Customize your Woo store for your Florist

Plugin:

FloristPress – Customize your Woo store for your Florist

Plugin Slug:
bakkbone-florist-companion

Installations
10+

Vulnerability:
Arbitrary Content Deletion

Patched in Version:
7.4.0

Severity Score:
Medium

CVE:

2024-53798

The vulnerability has been patched, so you should update to version 7.4.0.

CMSMasters Elementor Addon

Plugin:

CMSMasters Elementor Addon

Plugin Slug:
cmsmasters-elementor-addon

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.15.0

Severity Score:
Medium

CVE:

2024-9694

The vulnerability has been patched, so you should update to version 1.15.0.

Eyewear prescription form

Plugin:

Eyewear prescription form

Plugin Slug:
eyewear-prescription-form

Vulnerability:
Privilege Escalation

Patched in Version:
4.0.19

Severity Score:
Critical

CVE:

2024-54239

The vulnerability has been patched, so you should update to version 4.0.19.

FooGallery Premium

Plugin:

FooGallery Premium

Plugin Slug:
foogallery-premium

Vulnerability:
Directory Traversal

Patched in Version:
2.4.27

Severity Score:
High

CVE:

2023-6947

The vulnerability has been patched, so you should update to version 2.4.27.

Goodlayers Core

Plugin:

Goodlayers Core

Plugin Slug:
goodlayers-core

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.0.8

Severity Score:
High

CVE:

2024-11200

The vulnerability has been patched, so you should update to version 2.0.8.

Luna Web Radio Player

Plugin:

Luna Web Radio Player

Plugin Slug:
lu-radioplayer

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
6.24.11.15

Severity Score:
Medium

CVE:

2024-10881

The vulnerability has been patched, so you should update to version 6.24.11.15.

Pie Register Premium

Plugin:

Pie Register Premium

Plugin Slug:
pie-register-premium

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.8.3.3

Severity Score:
High

CVE:

2024-53821

The vulnerability has been patched, so you should update to version 3.8.3.3.

Pie Register Premium

Plugin:

Pie Register Premium

Plugin Slug:
pie-register-premium

Vulnerability:
Arbitrary File Upload

Patched in Version:
3.8.3.3

Severity Score:
Critical

CVE:

2024-53822

The vulnerability has been patched, so you should update to version 3.8.3.3.

Pie Register (Add on) – Social Sites Login

Plugin:

Pie Register (Add on) – Social Sites Login

Plugin Slug:
pie-register-social-site

Vulnerability:
Broken Authentication

Patched in Version:
1.8

Severity Score:
High

CVE:

2024-11293

The vulnerability has been patched, so you should update to version 1.8.

WordPress Themes — 6 Patched / 3 Unpatched

Gaga Lite

Theme:

Gaga Lite

Theme Slug:
gaga-lite

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-52488

The vulnerability has not been patched. You should switch themes.

One Paze

Theme:

One Paze

Theme Slug:
one-paze

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-52488

The vulnerability has not been patched. You should switch themes.

tydskrif

Theme:

tydskrif

Theme Slug:
tydskrif

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-54257

The vulnerability has not been patched. You should switch themes.

Blocksy

Theme:

Blocksy

Theme Slug:
blocksy

Downloads
3,976,858

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.0.78

Severity Score:
Medium

CVE:

2024-11420

The vulnerability has been patched, so you should update to version 2.0.78.

Flixita

Theme:

Flixita

Theme Slug:
flixita

Downloads
110,003

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.0.83

Severity Score:
High

CVE:

2024-10836

The vulnerability has been patched, so you should update to version 1.0.83.

NewsMunch

Theme:

NewsMunch

Theme Slug:
newsmunch

Downloads
60,837

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.0.36

Severity Score:
Medium

CVE:

2024-10848

The vulnerability has been patched, so you should update to version 1.0.36.

Pubnews

Theme:

Pubnews

Theme Slug:
pubnews

Downloads
12,310

Vulnerability:
Broken Access Control

Patched in Version:
1.0.8

Severity Score:
High

CVE:

2024-10578

The vulnerability has been patched, so you should update to version 1.0.8.

Soledad

Theme:

Soledad

Theme Slug:
soledad

Vulnerability:
Local File Inclusion

Patched in Version:
8.6.0

Severity Score:
High

CVE:

2024-11289

The vulnerability has been patched, so you should update to version 8.6.0.

Sweet Date

Theme:

Sweet Date

Theme Slug:
sweetdate

Vulnerability:
Privilege Escalation

Patched in Version:
3.8.0

Severity Score:
Critical

CVE:

2024-43222

The vulnerability has been patched, so you should update to version 3.8.0.

window[“e5233563_db64_4dd4_bf41_df19623a472c”] = {“blockId”:”e5233563-db64-4dd4-bf41-df19623a472c”,”className”:””,”heading”:”Solid Security is part of Solid Suite u2014 The best foundation for WordPress websites.”,”text”:”Every WordPress site needs security, backups, and management tools. Thatu2019s Solid Suite u2014 an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academyu2019s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!”,”buttonText”:”Get Solid Security”,”buttonLink”:”/pricing”,”buttonTarget”:”_self”,”buttonRel”:””};

Solid Security is part of Solid Suite — The best foundation for WordPress websites.

Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!

Get Solid Security

The post WordPress Vulnerability Report — December 11, 2024 appeared first on SolidWP.

Keep reading the article at Blog – SolidWP. The article was originally written by Sarah Zuercher on 2024-12-11 10:48:00.

The article was hand-picked and curated for you by the Editorial Team of WP Archives.

Disclosure: Some of the links in this post are "affiliate links." This means if you click on the link and purchase the product, We may receive an affiliate commission.

Previous Post
Next Post

Related Posts

WordPress Vulnerability Roundup: March , Part 1

WordPress

Customizing WordPress User Roles With Branda

WordPress

20 Best React Dashboard Templates For Killer Applications –

WordPress

Booknetic: WordPress Appointments & Booking –

WordPress

Quickly & Easily Build Popups with WP Popups Pro –

WordPress

How Much Does a Domain Name Really Cost

WordPress

Leave a Comment Cancel Reply
Your email address will not be published. Required fields are marked *
Type here..

Name*

Email*

Website

Save my name, email, and website in this browser for the next time I comment.

Notify me of follow-up comments by email.
Notify me of new posts by email.

Δ

WordPress Vulnerability Report — November 6, 2024
WordPress

In this report, 285 vulnerabilities have been publicly disclosed. Security patches for 99 of these plugins are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 186 plugin vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

Along with poor user account security, vulnerable plugins and themes are among the top reasons why WordPress websites get hacked. Unfortunately, cyberattacks are increasing in volume and sophistication. They’re also increasingly aimed at small to mid-sized businesses.

Table of Contents

1. WordPress Core

2. WordPress Plugins — 99 Patched / 186 Unpatched

2.1
Countdown, Coming Soon, Maintenance – Countdown & Clock

2.2
WP Hotel Booking

2.3
Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler

2.4
Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported)

2.5
Administrator Z

2.6
Simple Page Specific Sidebars

2.7
Training – Courses

2.8
All Post Contact Form

2.9
Easy SVG Upload

2.10
3D Presentation

2.11
5 Stars Rating Funnel

2.12
Aajoda Testimonials

2.13
Bing Search API Integration

2.14
Addressbook

2.15
Admin SMS Alert

2.16
Advanced Control Manager for WordPress by ItalyStrap

2.17
Advanced PDF Generator

2.18
Ajax Content Filter

2.19
Alley Elementor Widget

2.20
AmaDiscount

2.21
amazing neo icon font for elementor

2.22
Amazon Associate Filter

2.23
AMP Img Shortcode

2.24
Ancient World Linked Data

2.25
APK Downloader

2.26
AR For Woocommerce

2.27
Custom Author URL

2.28
Awesome Progress Bar

2.29
Awesome Shortcodes For Genesis

2.30
AwesomePress

2.31
Bigmart Elements

2.32
Blrt WP Embed

2.33
Bonway Static Block Editor

2.34
bpmn.io

2.35
Bulk Change Role

2.36
Buooy Sticky Header

2.37
Business

2.38
Clever Addons for Elementor

2.39
Classy Addons for Elementor

2.40
Clyp

2.41
Code Explorer

2.42
Content Syndication Toolkit Reader

2.43
Conversion Helper

2.44
Crypto

2.45
Crypto

2.46
Crypto

2.47
Custom Admin Menu

2.48
Daily Image

2.49
Dashing Memberships

2.50
DataMentor

2.51
Definitive Addons for Elementor

2.52
Display Terms Shortcode

2.53
Domain Sharding

2.54
Don’t Break The Code

2.55
Doofinder

2.56
(dp) AddThis

2.57
DS.DownloadList

2.58
e-shops

2.59
eewee admin custom

2.60
Elementary Addons

2.61
Emoji Shortcode

2.62
Enable Shortcodes inside Widgets,Comments and Experts

2.63
EndomondoWP

2.64
Events Manager Pro – extended

2.65
Extender All In One For Elementor

2.66
EzyOnlineBookings Online Booking System Widget

2.67
Fabrica Synced Pattern Instances

2.68
Featured Posts Scroll

2.69
Firework Shoppable Live Video

2.70
Flash Show And Hide Box

2.71
Forms: 3rd-Party Post Again

2.72
FriendStore for WooCommerce

2.73
GDReseller

2.74
Genoo

2.75
Geotagged Media

2.76
Get Quote For Woocommerce

2.77
Gmap Point List

2.78
GMO Social Connection

2.79
Golf Tracker

2.80
Satisfaction Reports from Help Scout

2.81
Header Footer Composer for Elementor

2.82
Plug your WooCommerce into the largest catalog of customized print products from Helloprint

2.83
Hoo Addons for Elementor

2.84
Hover Video Preview

2.85
HQ60 Fidelity Card

2.86
ID-SK Toolkit

2.87
Jigoshop – Store Exporter

2.88
Jigoshop – Store Toolkit

2.89
Kento Ads Rotator

2.90
LH QR Codes

2.91
Lodgix.com Vacation Rental Website Builder

2.92
Loginplus

2.93
Market 360 Viewer

2.94
Marketing Automation by AZEXO

2.95
Marquee Elementor with Posts

2.96
Master Bar

2.97
MasterBip para Elementor

2.98
MDR Webmaster Tools

2.99
Media Modal

2.100
Meta Store Elements

2.101
MG Post Contributors

2.102
ML Responsive Audio player with playlist Shortcode

2.103
Mobilize

2.104
Multi Purpose Mail Form

2.105
MyOrderDesk

2.106
Narnoo Commerce Manager

2.107
Naver Blog

2.108
NMR Strava activities

2.109
Porsline

2.110
Website price calculator

2.111
Pricer Ninja

2.112
PropertyShift

2.113
Quran Shortcode

2.114
Random Featured Post

2.115
Reftagger Shortcode

2.116
Responsive Data Table

2.117
Responsive Flickr Gallery

2.118
RSVP ME

2.119
Sales Page Addon – Elementor & Beaver Builder

2.120
Saragna

2.121
Search order by product SKU for WooCommerce

2.122
Selar.co Widget

2.123
Seo Free

2.124
SH Slideshow

2.125
Show Visitor IP Address

2.126
Sided

2.127
Simple Business Manager

2.128
Easy Gallery

2.129
Simple Goods

2.130
Simple Job Manager

2.131
Simple Modal

2.132
Simplistic SEO

2.133
SIP Reviews Shortcode for WooCommerce

2.134
SIP Reviews Shortcode for WooCommerce

2.135
Skip To

2.136
SKSDEV Toolkit

2.137
Slicko

2.138
Smart Mockups

2.139
Stacks Mobile App Builder

2.140
Stacks Mobile App Builder

2.141
Stars SMTP Mailer

2.142
Step by Step

2.143
Sticky Social Bar

2.144
Super Addons for Elementor

2.145
SVT Simple

2.146
T(-) Countdown

2.147
Team Showcase and Slider – Team Members Builder

2.148
TeleAdmin

2.149
Themedy Toolbox

2.150
ThemeFuse Maintenance Mode

2.151
ThemeShark Templates & Widgets for Elementor

2.152
TradeMe widgets

2.153
SrcSet Responsive Images for WordPress

2.154
Twitter @Anywhere Plus

2.155
Twitter real time search scrolling

2.156
???? ????? UAH

2.157
TinyMCE

2.158
UPDATE NOTIFICATIONS

2.159
User Password Reset

2.160
UW Freelancer

2.161
Webriti Custom Login

2.162
WeChat Subscribers Lite

2.163
While Loading

2.164
Widget or Sidebar Shortcode

2.165
WM Zoom

2.166
Woo Manage Fraud Orders

2.167
Woocommerce Product Design

2.168
Woocommerce Product Design

2.169
Woocommerce Quote Calculator

2.170
World Prayer Time

2.171
WP Baidu Map

2.172
WP-Basics

2.173
WP Course Manager

2.174
WP donimedia carousel

2.175
Download-Mirror-Counter

2.176
WP EASY RECIPE

2.177
WP EIS

2.178
WP Feature Box

2.179
imPress

2.180
WP MMenu Lite

2.181
WP Simple Anchors Links

2.182
Wp Slide Categorywise

2.183
WP Visual Adverts

2.184
WPGlobus Translate Options

2.185
WPHelpful

2.186
Admin Amplify

2.187
LiteSpeed Cache

2.188
All-in-One WP Migration and Backup

2.189
Loginizer

2.190
Ninja Forms – The Contact Form Builder That Grows With You

2.191
Ninja Forms – The Contact Form Builder That Grows With You

2.192
Premium Addons for Elementor

2.193
Forminator Forms – Contact Form, Payment Form & Custom Form Builder

2.194
Forminator Forms – Contact Form, Payment Form & Custom Form Builder

2.195
Gutenberg Blocks with AI by Kadence WP – Page Builder Features

2.196
Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE

2.197
Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE

2.198
Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE

2.199
Photo Gallery by 10Web – Mobile-Friendly Image Gallery

2.200
Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)

2.201
Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)

2.202
Beaver Builder – WordPress Page Builder

2.203
Download Manager

2.204
FileOrganizer – Manage WordPress and Website Files

2.205
Download Monitor

2.206
Media Library Assistant

2.207
Exclusive Addons for Elementor

2.208
Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX

2.209
Seriously Simple Podcasting

2.210
Subscribe to Comments

2.211
BetterLinks – An Advanced Plugin for Affiliate Links, Link Shortening, Link Tracking, Link Branding & Marketing

2.212
Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress

2.213
Dynamic Widgets

2.214
Wp Social Login and Register Social Counter

2.215
140+ Widgets | Xpro Addons For Elementor – FREE

2.216
Contact Form 7 + Telegram

2.217
Pricing Tables WordPress Plugin – Easy Pricing Tables

2.218
AI Power: Complete AI Pack

2.219
ReCaptcha Integration for WordPress

2.220
Bricksable for Bricks Builder

2.221
Ultimate Bootstrap Elements for Elementor

2.222
XT Floating Cart for WooCommerce

2.223
WPAdverts – Classifieds Plugin

2.224
Arconix Shortcodes

2.225
ElementsReady Addons for Elementor

2.226
JS Help Desk – The Ultimate Help Desk & Support Plugin

2.227
Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library )

2.228
SMS Alert Order Notifications – WooCommerce

2.229
Easy Accordion Gutenberg Block

2.230
Move Addons for Elementor

2.231
Multiple Page Generator Plugin – MPG

2.232
Newsletters

2.233
Paytium: Mollie payment forms & donations

2.234
Tickera – WordPress Event Ticketing

2.235
affiliate-toolkit

2.236
Beds24 Online Booking

2.237
Masteriyo LMS – eLearning and Online Course Builder for WordPress

2.238
Masteriyo LMS – eLearning and Online Course Builder for WordPress

2.239
Responsive Filterable Portfolio

2.240
Restaurant & Cafe Addon for Elementor

2.241
Zotpress

2.242
aThemes Addons for Elementor

2.243
BBP Core – Expand bbPress powered forums with useful features

2.244
Black Widgets For Elementor

2.245
Black Widgets For Elementor

2.246
Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal, Social Share Buttons

2.247
WooCommerce Report

2.248
Manage User Columns

2.249
MyCurator Content Curation

2.250
Post Status Notifier Lite

2.251
Posti Shipping

2.252
SEUR Oficial

2.253
W3SPEEDSTER

2.254
WPC Smart Messages for WooCommerce

2.255
WPC Smart Messages for WooCommerce

2.256
Group Chat & Video Chat by AtomChat

2.257
StreamWeasels YouTube Integration

2.258
WP Team – WordPress Team Member Plugin

2.259
Sastra Essential Addons for Elementor – Free Elementor Addons, Widgets and Templates

2.260
HT Builder – WordPress Theme Builder for Elementor

2.261
Kata Plus – Addons for Elementor – Widgets, Extensions and Templates

2.262
Custom post type templates for Elementor

2.263
HT Politic – For Political WordPress Themes / Website

2.264
Delisho – Recipe Widgets and Blocks

2.265
Shortcodes Blocks Creator Ultimate

2.266
Appointmind

2.267
Basticom Framework

2.268
Knowledge Base

2.269
RLM Elementor Widgets Pack

2.270
StreamWeasels Kick Integration

2.271
User Toolkit

2.272
WP Pocket URLs

2.273
Elo Rating Shortcode

2.274
W3P SEO

2.275
SmartLink Dynamic URLs

2.276
Platform.ly Official

2.277
Realty by BestWebSoft

2.278
Accordion title for Elementor

2.279
Cresta Addons for Elementor

2.280
FraudLabs Pro SMS Verification

2.281
RSVPMaker for Toastmasters

2.282
Audio Comparison Lite

2.283
Loginizer Security

2.284
Post Status Notifier Premium

2.285
WooCommerce Social Login

3. WordPress Themes — 0 Patched / 0 Unpatched

Our WordPress Vulnerability Report covers the latest emerging WordPress plugin, theme, and core vulnerabilities. Each vulnerability will have a severity rating of Low, Medium, High, or Critical. Responsible disclosure of vulnerabilities is essential to keeping the WordPress community safe. Please share this report to help spread the word and make WordPress — and the web — more secure.

WordPress Core

WordPress 6.7 Beta 3 is available and ready for testing! This beta version of the WordPress software is under development. Please do not install, run, or test this version of WordPress on production or mission-critical websites. Instead, it is recommended you evaluate Beta 3 on a test server and site.

No new core vulnerabilities were disclosed this week.

WordPress Plugins — 99 Patched / 186 Unpatched

Plugin Slug:
countdown-builder

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
wp-hotel-booking

Installations
8,000+

Vulnerability:
Local File Inclusion

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
cf7-styler

Installations
4,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
gift-voucher

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
administrator-z

Installations
400+

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
page-specific-sidebars

Installations
100+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
training

Installations
20+

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

Plugin Slug:
allpost-contactform

Installations
10+

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

Plugin Slug:
easy-svg-upload

Installations
10+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

3D Presentation

Plugin Slug:
3d-presentation

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

5 Stars Rating Funnel

Plugin Slug:
5-stars-rating-funnel

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Aajoda Testimonials

Plugin Slug:
aajoda-testimonials

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Bing Search API Integration

Plugin Slug:
abbs-bing-search

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Addressbook

Plugin Slug:
addressbook

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Admin SMS Alert

Plugin Slug:
admin-sms-alert

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Advanced Control Manager for WordPress by ItalyStrap

Plugin Slug:
advanced-control-manager

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Advanced PDF Generator

Plugin Slug:
advanced-pdf-generator

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Ajax Content Filter

Plugin Slug:
ajax-content-filter

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Alley Elementor Widget

Plugin Slug:
alley-elementor-widget

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

AmaDiscount

Plugin Slug:
amadiscount

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin:

amazing neo icon font for elementor

Plugin Slug:
amazing-neo-icon-font-for-elementor

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Amazon Associate Filter

Plugin Slug:
amazon-associate-filter

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

AMP Img Shortcode

Plugin Slug:
amp-img-shortcode

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Ancient World Linked Data

Plugin Slug:
ancient-world-linked-data-for-wordpress

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

APK Downloader

Plugin Slug:
apk-downloader

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

AR For Woocommerce

Plugin Slug:
ar-for-woocommerce

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

Custom Author URL

Plugin Slug:
author-slug

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Awesome Progress Bar

Plugin Slug:
awesome-progess-bar

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Awesome Shortcodes For Genesis

Plugin Slug:
awesome-shortcodes-for-genesis

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

AwesomePress

Plugin Slug:
awesomepress

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Bigmart Elements

Plugin Slug:
bigmart-elements

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Blrt WP Embed

Plugin Slug:
blrt-wp-embed

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Bonway Static Block Editor

Plugin Slug:
bonway-static-block-editor

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

bpmn.io

Plugin Slug:
bpmnio

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Bulk Change Role

Plugin Slug:
bulk-role-change

Vulnerability:
Privilege Escalation

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Buooy Sticky Header

Plugin Slug:
buooy-sticky-header

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Business

Plugin Slug:
business

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Clever Addons for Elementor

Plugin Slug:
cafe-lite

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Classy Addons for Elementor

Plugin Slug:
classy-addons-for-elementor

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Clyp

Plugin Slug:
clyp

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Code Explorer

Plugin Slug:
code-explorer

Vulnerability:
Directory Traversal

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Content Syndication Toolkit Reader

Plugin Slug:
content-syndication-toolkit-reader

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Conversion Helper

Plugin Slug:
conversion-helper

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Crypto

Plugin Slug:
crypto

Vulnerability:
Broken Authentication

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

Crypto

Plugin Slug:
crypto

Vulnerability:
Broken Authentication

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

Crypto

Plugin Slug:
crypto

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Custom Admin Menu

Plugin Slug:
custom-admin-menu

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Daily Image

Plugin Slug:
daily-image

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Dashing Memberships

Plugin Slug:
dashing-memberships

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

DataMentor

Plugin Slug:
datamentor

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Definitive Addons for Elementor

Plugin Slug:
definitive-addons-for-elementor

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Display Terms Shortcode

Plugin Slug:
display-terms-shortcode

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Domain Sharding

Plugin Slug:
domain-sharding

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Don’t Break The Code

Plugin Slug:
dont-break-the-code

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Doofinder

Plugin Slug:
doofinder

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

(dp) AddThis

Plugin Slug:
dp-addthis

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

DS.DownloadList

Plugin Slug:
dsdownloadlist

Vulnerability:
PHP Object Injection

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

e-shops

Plugin Slug:
e-shops-cart2

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

eewee admin custom

Plugin Slug:
eewee-admincustom

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Elementary Addons

Plugin Slug:
elementary-addons

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Emoji Shortcode

Plugin Slug:
emoji-shortcode

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Enable Shortcodes inside Widgets,Comments and Experts

Plugin Slug:
enable-shortcodes-inside-widgetscomments-and-experts

Vulnerability:
Arbitrary Code Execution

Patched in Version:
No Fix

Severity Score:
High

Plugin:

EndomondoWP

Plugin Slug:
endomondowp

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Events Manager Pro – extended

Plugin Slug:
events-manager-pro-extended

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Extender All In One For Elementor

Plugin Slug:
extender-all-in-one-for-elementor

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

EzyOnlineBookings Online Booking System Widget

Plugin Slug:
ezyonlinebookings-online-booking-system

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Fabrica Synced Pattern Instances

Plugin Slug:
fabrica-reusable-block-instances

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Featured Posts Scroll

Plugin Slug:
featured-posts-scroll

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Firework Shoppable Live Video

Plugin Slug:
firework-videos

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Flash Show And Hide Box

Plugin Slug:
flash-show-and-hide-box

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Forms: 3rd-Party Post Again

Plugin Slug:
forms-3rdparty-post-again

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

FriendStore for WooCommerce

Plugin Slug:
friendstore-for-woocommerce

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

GDReseller

Plugin Slug:
gdreseller

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Genoo

Plugin Slug:
genoo

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Geotagged Media

Plugin Slug:
geotagged-media

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Get Quote For Woocommerce

Plugin Slug:
get-a-quote-for-woocommerce

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Gmap Point List

Plugin Slug:
gmap-point-list

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

GMO Social Connection

Plugin Slug:
gmo-social-connection

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Golf Tracker

Plugin Slug:
golf-tracker

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Satisfaction Reports from Help Scout

Plugin Slug:
happiness-reports-for-help-scout

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Header Footer Composer for Elementor

Plugin Slug:
header-footer-composer

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Plug your WooCommerce into the largest catalog of customized print products from Helloprint

Plugin Slug:
helloprint

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

Hoo Addons for Elementor

Plugin Slug:
hoo-addons-for-elementor

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Hover Video Preview

Plugin Slug:
hover-video-preview

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

HQ60 Fidelity Card

Plugin Slug:
hq60-fidelity-card

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

ID-SK Toolkit

Plugin Slug:
idsk-toolkit

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Jigoshop – Store Exporter

Plugin Slug:
jigoshop-exporter

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Jigoshop – Store Toolkit

Plugin Slug:
jigoshop-store-toolkit

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Kento Ads Rotator

Plugin Slug:
kento-ads-rotator

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

LH QR Codes

Plugin Slug:
lh-qr-codes

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Lodgix.com Vacation Rental Website Builder

Plugin Slug:
lodgixcom-vacation-rental-listing-management-booking-plugin

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Loginplus

Plugin Slug:
loginplus

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Market 360 Viewer

Plugin Slug:
market-360-viewer

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Marketing Automation by AZEXO

Plugin Slug:
marketing-automation-by-azexo

Vulnerability:
Privilege Escalation

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Marquee Elementor with Posts

Plugin Slug:
marquee-elementor

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Master Bar

Plugin Slug:
master-bar

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

MasterBip para Elementor

Plugin Slug:
masterbip-for-elementor

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

MDR Webmaster Tools

Plugin Slug:
mdr-webmaster-tools

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Media Modal

Plugin Slug:
media-modal

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Meta Store Elements

Plugin Slug:
meta-store-elements

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

MG Post Contributors

Plugin Slug:
mg-post-contributors

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

ML Responsive Audio player with playlist Shortcode

Plugin Slug:
mlr-audio

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Mobilize

Plugin Slug:
mobilize

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Multi Purpose Mail Form

Plugin Slug:
multi-purpose-mail-form

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

MyOrderDesk

Plugin Slug:
myorderdesk

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Narnoo Commerce Manager

Plugin Slug:
narnoo-commerce-manager

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Naver Blog

Plugin Slug:
naver-blog-api

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

NMR Strava activities

Plugin Slug:
nmr-strava-activities

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Porsline

Plugin Slug:
porsline

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Website price calculator

Plugin Slug:
price-calculator-to-your-website

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Pricer Ninja

Plugin Slug:
pricer-ninja-pricing-tables

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

PropertyShift

Plugin Slug:
propertyshift

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Quran Shortcode

Plugin Slug:
quran-shortcode

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Random Featured Post

Plugin Slug:
random-featured-post-plugin

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Reftagger Shortcode

Plugin Slug:
reftagger-shortcode

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Responsive Data Table

Plugin Slug:
responsive-data-table

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Responsive Flickr Gallery

Plugin Slug:
responsive-flickr-gallery

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

RSVP ME

Plugin Slug:
rsvp-me

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Sales Page Addon – Elementor & Beaver Builder

Plugin Slug:
sales-page-addon

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Saragna

Plugin Slug:
saragna-social-stream

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Search order by product SKU for WooCommerce

Plugin Slug:
search-order-by-product-sku-for-woocommerce

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Selar.co Widget

Plugin Slug:
selar-co-widget

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Seo Free

Plugin Slug:
seo-free

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

SH Slideshow

Plugin Slug:
sh-slideshow

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Show Visitor IP Address

Plugin Slug:
show-visitor-ip-address

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Sided

Plugin Slug:
sided

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Simple Business Manager

Plugin Slug:
simple-business-manager

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Easy Gallery

Plugin Slug:
simple-gallery-odihost

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Simple Goods

Plugin Slug:
simple-goods

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Simple Job Manager

Plugin Slug:
simple-job-manager

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Simple Modal

Plugin Slug:
simplemodal

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Simplistic SEO

Plugin Slug:
simplistic-seo

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

SIP Reviews Shortcode for WooCommerce

Plugin Slug:
sip-reviews-shortcode-woocommerce

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

SIP Reviews Shortcode for WooCommerce

Plugin Slug:
sip-reviews-shortcode-woocommerce

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Skip To

Plugin Slug:
skip-to

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

SKSDEV Toolkit

Plugin Slug:
sksdev-toolkit

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Slicko

Plugin Slug:
slicko-for-elementor

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Smart Mockups

Plugin Slug:
smart-mockups

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Stacks Mobile App Builder

Plugin Slug:
stacks-mobile-app-builder

Vulnerability:
Sensitive Data Exposure

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Stacks Mobile App Builder

Plugin Slug:
stacks-mobile-app-builder

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

Stars SMTP Mailer

Plugin Slug:
stars-smtp-mailer

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

Step by Step

Plugin Slug:
step-by-step

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Sticky Social Bar

Plugin Slug:
sticky-social-bar

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Super Addons for Elementor

Plugin Slug:
super-addons-for-elementor

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

SVT Simple

Plugin Slug:
svt-simple

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

T(-) Countdown

Plugin Slug:
t-countdown

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Team Showcase and Slider – Team Members Builder

Plugin Slug:
team-showcase-ultimate

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

TeleAdmin

Plugin Slug:
teleadmin

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Themedy Toolbox

Plugin Slug:
themedy-toolbox

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

ThemeFuse Maintenance Mode

Plugin Slug:
themefuse-maintenance-mode

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

ThemeShark Templates & Widgets for Elementor

Plugin Slug:
themeshark-elementor

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

TradeMe widgets

Plugin Slug:
trademe-widget

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

SrcSet Responsive Images for WordPress

Plugin Slug:
truenorth-srcset

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Twitter @Anywhere Plus

Plugin Slug:
twitter-anywhere-plus

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Twitter real time search scrolling

Plugin Slug:
twitter-real-time-search-scrolling

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

???? ????? UAH

Plugin Slug:
ukrainian-currency

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

TinyMCE

Plugin Slug:
ultimate-tinymce

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

UPDATE NOTIFICATIONS

Plugin Slug:
update-notifications

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

User Password Reset

Plugin Slug:
user-password-reset

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

UW Freelancer

Plugin Slug:
uw-freelancer

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Webriti Custom Login

Plugin Slug:
webriti-custom-login-page

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

WeChat Subscribers Lite

Plugin Slug:
wechat-subscribers-lite

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

While Loading

Plugin Slug:
while-it-is-loading

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Widget or Sidebar Shortcode

Plugin Slug:
widget-or-sidebar-per-shortcode

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

WM Zoom

Plugin Slug:
wm-zoom

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Woo Manage Fraud Orders

Plugin Slug:
woo-manage-fraud-orders

Vulnerability:
Sensitive Data Exposure

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Woocommerce Product Design

Plugin Slug:
woo-product-design

Vulnerability:
Arbitrary File Deletion

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Woocommerce Product Design

Plugin Slug:
woo-product-design

Vulnerability:
Arbitrary File Download

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Woocommerce Quote Calculator

Plugin Slug:
woo-quote-calculator-order

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin:

World Prayer Time

Plugin Slug:
world-prayer-time

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

WP Baidu Map

Plugin Slug:
wp-baidu-map

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

WP-Basics

Plugin Slug:
wp-basics

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

WP Course Manager

Plugin Slug:
wp-course-manager

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

WP donimedia carousel

Plugin Slug:
wp-donimedia-carousel

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

Download-Mirror-Counter

Plugin Slug:
wp-download-mirror-counter

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin:

WP EASY RECIPE

Plugin Slug:
wp-easy-recipe

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

WP EIS

Plugin Slug:
wp-eis

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin:

WP Feature Box

Plugin Slug:
wp-feature-box

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

imPress

Plugin Slug:
wp-js-impress

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

WP MMenu Lite

Plugin Slug:
wp-mmenu-lite

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

WP Simple Anchors Links

Plugin Slug:
wp-simple-anchors-links

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Wp Slide Categorywise

Plugin Slug:
wp-slide-categorywise

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

WP Visual Adverts

Plugin Slug:
wp-visual-adverts

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

WPGlobus Translate Options

Plugin Slug:
wpglobus-translate-options

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

WPHelpful

Plugin Slug:
wphelpful

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Admin Amplify

Plugin Slug:
wpr-admin-amplify

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
litespeed-cache

Installations
6,000,000+

Vulnerability:
Privilege Escalation

Patched in Version:
6.5.2

Severity Score:
High

Plugin Slug:
all-in-one-wp-migration

Installations
5,000,000+

Vulnerability:
PHP Object Injection

Patched in Version:
7.87

Severity Score:
High

Plugin Slug:
loginizer

Installations
1,000,000+

Vulnerability:
Broken Authentication

Patched in Version:
1.9.3

Severity Score:
High

Plugin Slug:
ninja-forms

Installations
700,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.8.18

Severity Score:
Medium

Plugin Slug:
ninja-forms

Installations
700,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.8.18

Severity Score:
Medium

Plugin Slug:
premium-addons-for-elementor

Installations
700,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.10.61

Severity Score:
Medium

Plugin Slug:
forminator

Installations
500,000+

Vulnerability:
Insecure Direct Object References (IDOR)

Patched in Version:
1.36.1

Severity Score:
Medium

Plugin Slug:
forminator

Installations
500,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.36.0

Severity Score:
High

Plugin Slug:
kadence-blocks

Installations
400,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.3.2

Severity Score:
Medium

Plugin Slug:
otter-blocks

Installations
300,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.0.5

Severity Score:
Medium

Plugin Slug:
otter-blocks

Installations
300,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.0.4

Severity Score:
Low

Plugin Slug:
otter-blocks

Installations
300,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.0.5

Severity Score:
Medium

Plugin Slug:
photo-gallery

Installations
200,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.8.31

Severity Score:
Medium

Plugin Slug:
bdthemes-element-pack-lite

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
5.10.3

Severity Score:
Medium

Plugin Slug:
bdthemes-element-pack-lite

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
5.10.2

Severity Score:
Medium

Plugin Slug:
beaver-builder-lite-version

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.8.4.3

Severity Score:
Medium

Plugin Slug:
download-manager

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.3.00

Severity Score:
Medium

Plugin Slug:
fileorganizer

Installations
100,000+

Vulnerability:
Arbitrary File Upload

Patched in Version:
1.1.0

Severity Score:
High

Plugin Slug:
download-monitor

Installations
90,000+

Vulnerability:
Broken Access Control

Patched in Version:
5.0.14

Severity Score:
Medium

Plugin Slug:
media-library-assistant

Installations
70,000+

Vulnerability:
Remote Code Execution (RCE)

Patched in Version:
3.20

Severity Score:
Critical

Plugin Slug:
exclusive-addons-for-elementor

Installations
60,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
2.7.5

Severity Score:
Medium

Plugin Slug:
ultimate-post

Installations
40,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.1.16

Severity Score:
Medium

Plugin Slug:
seriously-simple-podcasting

Installations
30,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.6.0

Severity Score:
High

Plugin Slug:
subscribe-to-comments

Installations
30,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.3.1

Severity Score:
High

Plugin Slug:
betterlinks

Installations
20,000+

Vulnerability:
SQL Injection

Patched in Version:
2.1.8

Severity Score:
High

Plugin Slug:
bookingpress-appointment-booking

Installations
20,000+

Vulnerability:
SQL Injection

Patched in Version:
1.1.17

Severity Score:
High

Plugin Slug:
dynamic-widgets

Installations
20,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.6.5

Severity Score:
Medium

Plugin Slug:
wp-social

Installations
20,000+

Vulnerability:
Broken Authentication

Patched in Version:
3.0.8

Severity Score:
Critical

Plugin Slug:
xpro-elementor-addons

Installations
20,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
1.4.6.1

Severity Score:
Medium

Plugin Slug:
cf7-telegram

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
0.8.6

Severity Score:
Medium

Plugin Slug:
easy-pricing-tables

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.2.6

Severity Score:
High

Plugin Slug:
gpt3-ai-content-generator

Installations
10,000+

Vulnerability:
Arbitrary File Upload

Patched in Version:
1.8.90

Severity Score:
Critical

Plugin Slug:
wp-recaptcha-integration

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.2.6

Severity Score:
High

Plugin Slug:
bricksable

Installations
7,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.6.60

Severity Score:
Medium

Plugin Slug:
ultimate-bootstrap-elements-for-elementor

Installations
7,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
1.4.7

Severity Score:
Medium

Plugin Slug:
woo-floating-cart-lite

Installations
6,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.8.3

Severity Score:
Medium

Plugin Slug:
wpadverts

Installations
6,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.1.7

Severity Score:
High

Plugin Slug:
arconix-shortcodes

Installations
5,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.1.14

Severity Score:
Medium

Plugin Slug:
element-ready-lite

Installations
5,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
6.4.4

Severity Score:
Medium

Plugin Slug:
js-support-ticket

Installations
5,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.8.8

Severity Score:
Medium

Plugin Slug:
magical-addons-for-elementor

Installations
5,000+

Vulnerability:
Server Side Request Forgery (SSRF)

Patched in Version:
1.2.3

Severity Score:
Medium

Plugin Slug:
sms-alert

Installations
5,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.7.6

Severity Score:
Medium

Plugin Slug:
easy-accordion-block

Installations
4,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.2.5

Severity Score:
Medium

Plugin Slug:
move-addons

Installations
3,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
1.3.6

Severity Score:
Medium

Plugin Slug:
multiple-pages-generator-by-porthas

Installations
3,000+

Vulnerability:
Broken Access Control

Patched in Version:
4.0.2

Severity Score:
Medium

Plugin Slug:
newsletters-lite

Installations
3,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.9.9.5

Severity Score:
Medium

Plugin Slug:
paytium

Installations
3,000+

Vulnerability:
Broken Access Control

Patched in Version:
4.4.11

Severity Score:
Medium

Plugin Slug:
tickera-event-ticketing-system

Installations
3,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.5.4.6

Severity Score:
Medium

Plugin Slug:
affiliate-toolkit-starter

Installations
2,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.6.6

Severity Score:
Medium

Plugin Slug:
beds24-online-booking

Installations
2,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.0.26

Severity Score:
Medium

Plugin Slug:
learning-management-system

Installations
2,000+

Vulnerability:
Privilege Escalation

Patched in Version:
1.13.4

Severity Score:
High

Plugin Slug:
learning-management-system

Installations
2,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.13.4

Severity Score:
Medium

Plugin Slug:
responsive-filterable-portfolio

Installations
2,000+

Vulnerability:
Server Side Request Forgery (SSRF)

Patched in Version:
1.0.23

Severity Score:
Medium

Plugin Slug:
restaurant-cafe-addon-for-elementor

Installations
2,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.5.7

Severity Score:
Medium

Plugin Slug:
zotpress

Installations
2,000+

Vulnerability:
Broken Access Control

Patched in Version:
7.3.13

Severity Score:
Medium

Plugin Slug:
athemes-addons-for-elementor-lite

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.0.8

Severity Score:
Medium

Plugin Slug:
bbp-core

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.2.6

Severity Score:
High

Plugin Slug:
black-widgets

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.3.7

Severity Score:
Medium

Plugin Slug:
black-widgets

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.3.8

Severity Score:
Medium

Plugin Slug:
contest-gallery

Installations
1,000+

Vulnerability:
SQL Injection

Patched in Version:
24.0.4

Severity Score:
Critical

Plugin Slug:
ithemelandco-woo-report

Installations
1,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.5.2

Severity Score:
High

Plugin Slug:
manage-user-columns

Installations
1,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.0.6

Severity Score:
Medium

Plugin Slug:
mycurator

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.79

Severity Score:
Medium

Plugin Slug:
post-status-notifier-lite

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.11.7

Severity Score:
High

Plugin Slug:
posti-shipping

Installations
1,000+

Vulnerability:
Full Path Disclosure (FPD)

Patched in Version:
3.10.3

Severity Score:
Medium

Plugin Slug:
seur

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.2.12

Severity Score:
High

Plugin Slug:
w3speedster-wp

Installations
1,000+

Vulnerability:
Remote Code Execution (RCE)

Patched in Version:
7.27

Severity Score:
Critical

Plugin Slug:
wpc-smart-messages

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
4.2.2

Severity Score:
Medium

Plugin Slug:
wpc-smart-messages

Installations
1,000+

Vulnerability:
Local File Inclusion

Patched in Version:
4.2.2

Severity Score:
High

Plugin Slug:
atomchat

Installations
900+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.1.6

Severity Score:
Medium

Plugin Slug:
streamweasels-youtube-integration

Installations
900+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.3.3

Severity Score:
Medium

Plugin Slug:
ht-team-member

Installations
800+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.1.5

Severity Score:
Medium

Plugin Slug:
sastra-essential-addons-for-elementor

Installations
700+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.0.6

Severity Score:
Medium

Plugin Slug:
ht-builder

Installations
600+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.3.1

Severity Score:
Medium

Plugin Slug:
kata-plus

Installations
600+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.5.0

Severity Score:
Medium

Plugin Slug:
custom-post-type-templates-for-elementor

Installations
500+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.1.12

Severity Score:
Medium

Plugin Slug:
wp-politic

Installations
400+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.4.5

Severity Score:
Medium

Plugin Slug:
dr-widgets-blocks

Installations
300+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.0.7

Severity Score:
Medium

Plugin Slug:
ultimate-shortcodes-creator

Installations
300+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.2.0

Severity Score:
Medium

Plugin Slug:
appointmind

Installations
100+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
4.1.0

Severity Score:
High

Plugin Slug:
basticom-framework

Installations
100+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.5.1

Severity Score:
Medium

Plugin Slug:
knowledgebase

Installations
100+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.2.1

Severity Score:
Medium

Plugin Slug:
rlm-elementor-widgets-pack

Installations
100+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.4.0

Severity Score:
Medium

Plugin Slug:
streamweasels-kick-integration

Installations
100+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.1.2

Severity Score:
Medium

Plugin Slug:
user-toolkit

Installations
100+

Vulnerability:
Privilege Escalation

Patched in Version:
1.2.4

Severity Score:
Critical

Plugin Slug:
wp-pocket-urls

Installations
70+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.0.4

Severity Score:
Medium

Plugin Slug:
elo-rating-shortcode

Installations
60+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.0.4

Severity Score:
Medium

Plugin Slug:
wp-perfect-plugin

Installations
50+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.8.6

Severity Score:
High

Plugin Slug:
smartlink-dinamic-urls

Installations
40+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.1.1

Severity Score:
High

Plugin Slug:
platformly

Installations
30+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.14

Severity Score:
High

Plugin Slug:
realty

Installations
20+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.1.6

Severity Score:
Medium

Plugin Slug:
accordion-title-for-elementor

Installations
10+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.2.2

Severity Score:
Medium

Plugin Slug:
cresta-addons-for-elementor

Installations
10+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.1.0

Severity Score:
Medium

Plugin Slug:
fraudlabs-pro-sms-verification

Installations
10+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.10.2

Severity Score:
High

Plugin Slug:
rsvpmaker-for-toastmasters

Installations
10+

Vulnerability:
Arbitrary File Upload

Patched in Version:
6.2.5

Severity Score:
Critical

Plugin:

Audio Comparison Lite

Plugin Slug:
audio-comparison-lite

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.5

Severity Score:
Medium

Plugin:

Loginizer Security

Plugin Slug:
loginizer-security

Vulnerability:
Broken Authentication

Patched in Version:
1.9.3

Severity Score:
High

Plugin:

Post Status Notifier Premium

Plugin Slug:
post-status-notifier

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.11.7

Severity Score:
High

Plugin:

WooCommerce Social Login

Plugin Slug:
woo-social-login

Vulnerability:
Broken Authentication

Patched in Version:
2.7.8

Severity Score:
High

WordPress Themes — 0 Patched / 0 Unpatched

No new theme vulnerabilities were disclosed this week.

Solid Security is part of Solid Suite — The best foundation for WordPress websites.

Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!

Get Solid Security

Keep reading the article at Blog – SolidWP. The article was originally written by Sarah Zuercher on 2024-11-06 10:27:00.

The article was hand-picked and curated for you by the Editorial Team of WP Archives.

Disclosure: Some of the links in this post are "affiliate links." This means if you click on the link and purchase the product, We may receive an affiliate commission.

Previous Post
Next Post

Related Posts

WordPress Vulnerability Roundup: March , Part 1

WordPress

Customizing WordPress User Roles With Branda

WordPress

20 Best React Dashboard Templates For Killer Applications –

WordPress

Booknetic: WordPress Appointments & Booking –

WordPress

Quickly & Easily Build Popups with WP Popups Pro –

WordPress

How Much Does a Domain Name Really Cost

WordPress

Leave a Comment Cancel Reply
Your email address will not be published. Required fields are marked *
Type here..

Name*

Email*

Website

Save my name, email, and website in this browser for the next time I comment.

Notify me of follow-up comments by email.
Notify me of new posts by email.

Δ

WordPress Vulnerability Report — November 13, 2024
WordPress

In this report, 323 vulnerabilities have been publicly disclosed. Security patches for 95 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 228 plugin and theme vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

Along with poor user account security, vulnerable plugins and themes are among the top reasons why WordPress websites get hacked. Unfortunately, cyberattacks are increasing in volume and sophistication. They’re also increasingly aimed at small to mid-sized businesses.

Table of Contents

1. WordPress Core

2. WordPress Plugins — 92 Patched / 226 Unpatched

2.1
Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations

2.2
Classified Listing – Classified ads & Business Directory Plugin

2.3
Team Member – Multi Language Supported Team Plugin

2.4
Post From Frontend

2.5
AA Audio Player

2.6
Bing Search API Integration

2.7
AchillesTheme-shortcodes

2.8
Add Ribbon Shortcode

2.9
Advanced Video Player with Analytics

2.10
Adventure Bucket List

2.11
AgendaPress – Easily Publish Meeting Agendas and Programs on WordPress

2.12
Sage AI: Chatbots, OpenAI GPT-4 Bulk Articles, Dalle-3 Image Generation

2.13
Instant Image Generator

2.14
Ajax Content Filter

2.15
Alert Me!

2.16
EleForms

2.17
Assist24 Help Desk

2.18
Audio Record

2.19
audioCase

2.20
Awesome Fitness Testimonials

2.21
Awesome Tool Tip

2.22
AzonBox

2.23
Bamboo Enquiries

2.24
Banner System

2.25
Be Shortcodes

2.26
Beacon For Help Scout

2.27
BeBetter Social Icons

2.28
best bootstrap widgets for elementor

2.29
Bg Patriarchia BU

2.30
Bitcoin Payments

2.31
Blocks Post Grid

2.32
Boat Rental Plugin for WordPress

2.33
Boombox Shortcode

2.34
Brand my Footer

2.35
Bread & Butter

2.36
Browsing History

2.37
BU Slideshow

2.38
Buooy Sticky Header

2.39
CE21 Suite

2.40
CE21 Suite

2.41
CF7 WOW Styler

2.42
Charity Addon for Elementor

2.43
codeSnips

2.44
Smooth Maps

2.45
Combo WP Rewrite Slugs

2.46
Community Yard Sale

2.47
Computer Repair Shop

2.48
WP Virtual Room Configurator

2.49
Content Syndication Toolkit Reader

2.50
Conversion Helper

2.51
Cowidgets – Elementor Addons

2.52
Cowidgets – Elementor Addons

2.53
Custom Dashboard Widget

2.54
Creative Blocks

2.55
CRM 2go

2.56
Custom URL Shortener

2.57
Daily Image

2.58
Dashing Memberships

2.59
Datasets Manager by Arttia Creative

2.60
Debug Tool

2.61
Devexhub Gallery

2.62
DigiPass

2.63
Do That Task

2.64
Don’t Break The Code

2.65
Doofinder

2.66
drop in image slideshow gallery

2.67
DuoGeek Blocks

2.68
Easy CSV Importer BETA

2.69
Easy Social Sharebar

2.70
eewee admin custom

2.71
Ekiline Block Collection

2.72
Embed documents shortcode

2.73
ESB Testimonials

2.74
Fabrica Synced Pattern Instances

2.75
Faltu Testimonial Rotator

2.76
Fancy User List

2.77
Fast Video and Image Display

2.78
Featured product by category name

2.79
File Select Control For Elementor

2.80
Firework Shoppable Live Video

2.81
Forms: 3rd-Party Post Again

2.82
FriendStore for WooCommerce

2.83
Horsemanager

2.84
Gboy Custom Google Map

2.85
Geoportail Shortcode

2.86
Geotagged Media

2.87
Global Gateway e4 | Payeezy Gateway |

2.88
Google Visualization Charts

2.89
GreenCon

2.90
WoW Guild Armory Roster

2.91
Gutenium Blocks

2.92
Satisfaction Reports from Help Scout

2.93
HB AUDIO GALLERY

2.94
Hola Free Video Player

2.95
HQ60 Fidelity Card

2.96
I Plant A Tree

2.97
IA Map Analytics Basic

2.98
Icon Widget

2.99
Image Carousel Shortcode

2.100
Image Classify

2.101
Inline Click To Tweet

2.102
IntelliWidget Elements

2.103
Jigoshop – Store Toolkit

2.104
KBucket

2.105
Keymaster Chord Notation Free

2.106
Kings Tab Slider

2.107
L Squared Hub WP

2.108
Lenxel Core for Lenxel(LNX) LMS

2.109
Location Click Map

2.110
Loginplus

2.111
Luzuk Slider

2.112
Luzuk Team

2.113
Luzuk Testimonials

2.114
Mage Front End Forms

2.115
Magic Slider

2.116
Map Store Locator

2.117
Mapme

2.118
Master Bar

2.119
MDC YouTube Downloader

2.120
Matix Popup Builder

2.121
mFolio Lite

2.122
MG Post Contributors

2.123
Minical Hotel Booking Plugin

2.124
Mobile Kiosk

2.125
Moka Get Posts Shortcode

2.126
Moose Elementor Kit

2.127
Multi-day Booking Calendar

2.128
Multifox Plus

2.129
Multiple Votes in one page

2.130
My Restaurant Menu

2.131
WP Responsive Video

2.132
Narnoo Commerce Manager

2.133
News Articles

2.134
News Ticker

2.135
The Novel Design Store Directory

2.136
NV Slider

2.137
Official SalesWizard CRM Plugin

2.138
Olympus Shortcodes

2.139
OpenCart Product Display

2.140
OS BXSlider

2.141
OS Our Team

2.142
OS Pricing Tables

2.143
Parallaxer

2.144
ParOne Feeds

2.145
Pay With Stripe

2.146
Pdf Embedder Fay

2.147
Persian Nested Show/Hide Text

2.148
PF Timer

2.149
Photographer Connections

2.150
Picsmize

2.151
Plenigo

2.152
Popup Image

2.153
Postcasa Shortcode

2.154
Postify: Post Layout For Elementor

2.155
Posts Filter

2.156
Posts Search

2.157
PropertyShift

2.158
Provide Forex Signals

2.159
Pull This

2.160
ra_qrcode

2.161
Relais 2FA

2.162
Responsive Data Table

2.163
Share Buttons – Social Media

2.164
Rig Elements For Elementor

2.165
RSV 360 View

2.166
RSV PDF Preview

2.167
Saragna

2.168
scrollup

2.169
Search order by product SKU for WooCommerce

2.170
Sell Media File with Stripe

2.171
Semantic Shortcode

2.172
Lewe Bootstrap Visuals

2.173
Shortcode Collection

2.174
Redirecter

2.175
Simple Pricing Table

2.176
Simple Social Share Block

2.177
SimpleGMaps

2.178
Simple Modal

2.179
Simplistic SEO

2.180
Simpul Events by Esotech

2.181
Social button

2.182
Social Locker

2.183
Stylish Internal Links

2.184
Surbma | Font Awesome

2.185
SV Forms

2.186
SVT Simple

2.187
Table of Contents Plus

2.188
Team Showcase and Slider – Team Members Builder

2.189
TeleAdmin

2.190
Testimonial Slider Shortcode

2.191
Text Advertisements

2.192
Tigris Flexplatform

2.193
TinyCode

2.194
Topbar ID for Elementor

2.195
Trendy Restaurant Menu

2.196
SrcSet Responsive Images for WordPress

2.197
Twitter real time search scrolling

2.198
Ultimate Accordion

2.199
User Meta

2.200
User Password Reset

2.201
Utech Spinning Earth

2.202
UW Freelancer

2.203
VP Sitemap

2.204
Wd-image-magnifier-xoss

2.205
WE – Client Logo Carousel

2.206
Websand Subscription Form

2.207
Wezido

2.208
WP Agenda

2.209
wp_automatic_widget

2.210
WP-Basics

2.211
WP Contest

2.212
EventPress

2.213
Wp-ImageZoom

2.214
imPress

2.215
WP Listings Pro

2.216
WP MMenu Lite

2.217
WP PagSeguro Payments

2.218
Wp Slide Categorywise

2.219
WP Visual Adverts

2.220
Website remote Install vor Gravity, WPForms, Formidable, Ninja, Caldera

2.221
WPHelpful

2.222
Admin Amplify

2.223
yPHPlista

2.224
????????

2.225
Cookie Nonsense for YT

2.226
ZIJ KART

2.227
Elementor Header & Footer Builder

2.228
Loginizer

2.229
Safe SVG

2.230
Happy Addons for Elementor

2.231
Photo Gallery by 10Web – Mobile-Friendly Image Gallery

2.232
Admin and Site Enhancements (ASE)

2.233
Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)

2.234
Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider)

2.235
Contact Form 7 – Dynamic Text Extension

2.236
Pods – Custom Content Types and Fields

2.237
WP ULike – All-in-One Engagement Toolkit

2.238
WP Booking Calendar

2.239
Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder

2.240
MapPress Maps for WordPress

2.241
Easy SVG Support

2.242
Envo Extra

2.243
Seriously Simple Podcasting

2.244
Social Share, Social Login and Social Comments Plugin – Super Socializer

2.245
Futurio Extra

2.246
Code Embed

2.247
140+ Widgets | Xpro Addons For Elementor – FREE

2.248
Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More

2.249
Contact Form 7 – PayPal & Stripe Add-on

2.250
SysBasics Customize My Account for WooCommerce

2.251
Pricing Tables WordPress Plugin – Easy Pricing Tables

2.252
JetWidgets For Elementor

2.253
myCred – Loyalty Points and Rewards plugin for WordPress and WooCommerce – Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification

2.254
OSM – OpenStreetMap

2.255
Registrations for the Events Calendar – Event Registration Plugin

2.256
WP Photo Album Plus

2.257
Algori PDF Viewer

2.258
WS Form LITE – Drag & Drop Contact Form Builder for WordPress

2.259
Contact Form 7 Redirect & Thank You Page

2.260
Poll Maker – Versus Polls, Anonymous Polls, Image Polls

2.261
Ultimate Bootstrap Elements for Elementor

2.262
XT Floating Cart for WooCommerce

2.263
WP Job Portal – A Complete Recruitment System for Company or Job Board website

2.264
WOLF – WordPress Posts Bulk Editor and Manager Professional

2.265
ElementsReady Addons for Elementor

2.266
Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library )

2.267
Podlove Podcast Publisher

2.268
Simple Shortcode for Google Maps

2.269
Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin

2.270
LIQUID BLOCKS – Slider, Carousel, Accordion

2.271
Content Slider Block

2.272
Multiple Page Generator Plugin – MPG

2.273
Tickera – WordPress Event Ticketing

2.274
Active Products Tables for WooCommerce. Use constructor to create tables

2.275
Responsive Filterable Portfolio

2.276
Slickstream: Engagement and Conversions

2.277
The Pack Elementor addons (Header Footer & WooCommerce Builder, Template Library)

2.278
Zotpress

2.279
Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal, Social Share Buttons

2.280
Countdown Timer block – Display the event’s date into a timer.

2.281
Event post

2.282
Event post

2.283
Heateor Social Login WordPress

2.284
WooCommerce Report

2.285
Landing Page Cat – Coming Soon Page, Maintenance Page & Squeeze Pages

2.286
Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates

2.287
Web Stories Widgets For Elementor

2.288
SKT Addons for Elementor

2.289
Tumult Hype Animations

2.290
Video Gallery for WooCommerce

2.291
W3SPEEDSTER

2.292
xili-tidy-tags

2.293
Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One

2.294
CYAN Backup

2.295
Shortcodes Blocks Creator Ultimate

2.296
Basticom Framework

2.297
Forms

2.298
Pro Addons For Elementor

2.299
Print PDF Generator and Publisher

2.300
Anant Addons for Elementor

2.301
Realty by BestWebSoft

2.302
Christian Science Bible Lesson Subjects

2.303
Hebrew Dates

2.304
Floating Buttons for WooCommerce

2.305
Ultimate Flipbox Addon for Elementor

2.306
Dynamic Post Grid Elementor Addon

2.307
Hive Support – WordPress Help Desk

2.308
kineticPay for WooCommerce

2.309
Loginizer Security

2.310
Pie Register Premium

2.311
Quform

2.312
WooCommerce Social Login

2.313
WooCommerce Support Ticket System

2.314
WooCommerce Support Ticket System

2.315
JobSearch

2.316
JobSearch

2.317
WP Membership

2.318
User Extra Fields

3. WordPress Themes — 3 Patched / 2 Unpatched

3.1
Storely

3.2
Anih

3.3
Th Shop Mania

3.4
Top Store

3.5
WPLMS

Our WordPress Vulnerability Report covers the latest emerging WordPress plugin, theme, and core vulnerabilities. Each vulnerability will have a severity rating of Low, Medium, High, or Critical. Responsible disclosure of vulnerabilities is essential to keeping the WordPress community safe. Please share this report to help spread the word and make WordPress — and the web — more secure.

WordPress Core

WordPress 6.7, code-named “Rollins,” is out now, paying tribute to the legendary jazz saxophonist Sonny Rollins. WordPress 6.7 debuts the modern Twenty Twenty-Five theme, offering design flexibility for blogs.

No new core vulnerabilities were disclosed this week.

WordPress Plugins — 92 Patched / 226 Unpatched

Plugin Slug:
master-addons

Installations
30,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
classified-listing

Installations
10,000+

Vulnerability:
Local File Inclusion

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
team-showcase-supreme

Installations
8,000+

Vulnerability:
Local File Inclusion

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
post-from-frontend

Installations
10+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

AA Audio Player

Plugin Slug:
aa-audio-player

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Bing Search API Integration

Plugin Slug:
abbs-bing-search

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

AchillesTheme-shortcodes

Plugin Slug:
achilles-shortcodes

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Add Ribbon Shortcode

Plugin Slug:
add-ribbon

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Advanced Video Player with Analytics

Plugin Slug:
advanced-video-player-with-analytics

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Adventure Bucket List

Plugin Slug:
adventure-bucket-list

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

AgendaPress – Easily Publish Meeting Agendas and Programs on WordPress

Plugin Slug:
agendapress

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Sage AI: Chatbots, OpenAI GPT-4 Bulk Articles, Dalle-3 Image Generation

Plugin Slug:
ai-content-generator

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

Instant Image Generator

Plugin Slug:
ai-image

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

Ajax Content Filter

Plugin Slug:
ajax-content-filter

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Alert Me!

Plugin Slug:
alert-me

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

EleForms

Plugin Slug:
all-contact-form-integration-for-elementor

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Assist24 Help Desk

Plugin Slug:
assist24it

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Audio Record

Plugin Slug:
audio-record

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

audioCase

Plugin Slug:
audiocase

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Awesome Fitness Testimonials

Plugin Slug:
awesome-fitness-testimonials

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Awesome Tool Tip

Plugin Slug:
awesome-tool-tip

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

AzonBox

Plugin Slug:
azonbox

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Bamboo Enquiries

Plugin Slug:
bamboo-enquiries

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Banner System

Plugin Slug:
banner-system

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Be Shortcodes

Plugin Slug:
be-shortcodes

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Beacon For Help Scout

Plugin Slug:
beacon-for-helpscout

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

BeBetter Social Icons

Plugin Slug:
bebetter-social-icons

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

best bootstrap widgets for elementor

Plugin Slug:
best-bootstrap-widgets-for-elementor

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Bg Patriarchia BU

Plugin Slug:
bg-patriarchia-bu

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Bitcoin Payments

Plugin Slug:
bitcoin-payments

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Blocks Post Grid

Plugin Slug:
blocks-post-grid

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Boat Rental Plugin for WordPress

Plugin Slug:
boat-rental-system

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

Boombox Shortcode

Plugin Slug:
boombox-shortcode

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Brand my Footer

Plugin Slug:
brand-my-footer

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Bread & Butter

Plugin Slug:
bread-butter

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Browsing History

Plugin Slug:
browsing-history

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

BU Slideshow

Plugin Slug:
bu-slideshow

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Buooy Sticky Header

Plugin Slug:
buooy-sticky-header

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

CE21 Suite

Plugin Slug:
ce21-suite

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

CE21 Suite

Plugin Slug:
ce21-suite

Vulnerability:
Sensitive Data Exposure

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

CF7 WOW Styler

Plugin Slug:
cf7-styler

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Charity Addon for Elementor

Plugin Slug:
charity-addon-for-elementor

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

codeSnips

Plugin Slug:
codesnips

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Smooth Maps

Plugin Slug:
colour-smooth-maps

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Combo WP Rewrite Slugs

Plugin Slug:
combo-wp-rewrite-slugs

Vulnerability:
Settings Change

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Community Yard Sale

Plugin Slug:
community-yard-sale

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Computer Repair Shop

Plugin Slug:
computer-repair-shop

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

WP Virtual Room Configurator

Plugin Slug:
configure-conference-room

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Content Syndication Toolkit Reader

Plugin Slug:
content-syndication-toolkit-reader

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Conversion Helper

Plugin Slug:
conversion-helper

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Cowidgets – Elementor Addons

Plugin Slug:
cowidgets-elementor-addons

Vulnerability:
Sensitive Data Exposure

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Cowidgets – Elementor Addons

Plugin Slug:
cowidgets-elementor-addons

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Custom Dashboard Widget

Plugin Slug:
create-custom-dashboard-widget

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Creative Blocks

Plugin Slug:
creative-blocks

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

CRM 2go

Plugin Slug:
crm2go

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Custom URL Shortener

Plugin Slug:
custom-url-shorter

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Daily Image

Plugin Slug:
daily-image

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Dashing Memberships

Plugin Slug:
dashing-memberships

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Datasets Manager by Arttia Creative

Plugin Slug:
datasets-manager-by-arttia-creative

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

Debug Tool

Plugin Slug:
debug-tool

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

Devexhub Gallery

Plugin Slug:
devexhub-gallery

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

DigiPass

Plugin Slug:
digipass

Vulnerability:
Arbitrary File Download

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Do That Task

Plugin Slug:
do-that-task

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

Don’t Break The Code

Plugin Slug:
dont-break-the-code

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Doofinder

Plugin Slug:
doofinder

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

drop in image slideshow gallery

Plugin Slug:
drop-in-image-slideshow-gallery

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

DuoGeek Blocks

Plugin Slug:
duogeek-blocks

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Easy CSV Importer BETA

Plugin Slug:
easy-csv-importer

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

Easy Social Sharebar

Plugin Slug:
easy-social-sharebar

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

eewee admin custom

Plugin Slug:
eewee-admincustom

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Ekiline Block Collection

Plugin Slug:
ekiline-block-collection

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Embed documents shortcode

Plugin Slug:
embed-documents-shortcode

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

ESB Testimonials

Plugin Slug:
esb-testimonials

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Fabrica Synced Pattern Instances

Plugin Slug:
fabrica-reusable-block-instances

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Faltu Testimonial Rotator

Plugin Slug:
faltu-testimonial-rotator

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Fancy User List

Plugin Slug:
fancy-user-listing

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Fast Video and Image Display

Plugin Slug:
fast-video-and-image-display

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Featured product by category name

Plugin Slug:
featured-product-by-category-name

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

File Select Control For Elementor

Plugin Slug:
file-select-control-for-elementor

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Firework Shoppable Live Video

Plugin Slug:
firework-videos

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Forms: 3rd-Party Post Again

Plugin Slug:
forms-3rdparty-post-again

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

FriendStore for WooCommerce

Plugin Slug:
friendstore-for-woocommerce

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Horsemanager

Plugin Slug:
fruitcake-horsemanager

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Gboy Custom Google Map

Plugin Slug:
gboy-custom-google-map

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Geoportail Shortcode

Plugin Slug:
geoportail-shortcode

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Geotagged Media

Plugin Slug:
geotagged-media

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Global Gateway e4 | Payeezy Gateway |

Plugin Slug:
globe-gateway-e4

Vulnerability:
Arbitrary File Deletion

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Google Visualization Charts

Plugin Slug:
google-visualization-charts

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

GreenCon

Plugin Slug:
greencon

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

WoW Guild Armory Roster

Plugin Slug:
guild-armory-roster

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Gutenium Blocks

Plugin Slug:
gutenium

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Satisfaction Reports from Help Scout

Plugin Slug:
happiness-reports-for-help-scout

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

HB AUDIO GALLERY

Plugin Slug:
hb-audio-gallery

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

Hola Free Video Player

Plugin Slug:
hola-free-video-player

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

HQ60 Fidelity Card

Plugin Slug:
hq60-fidelity-card

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

I Plant A Tree

Plugin Slug:
i-plant-a-tree

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

IA Map Analytics Basic

Plugin Slug:
ia-map-analytics-basic

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Icon Widget

Plugin Slug:
icon-widget-with-links

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Image Carousel Shortcode

Plugin Slug:
image-carousel-shortcode

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Image Classify

Plugin Slug:
image-classify

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

Inline Click To Tweet

Plugin Slug:
inline-click-to-tweet

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

IntelliWidget Elements

Plugin Slug:
intelliwidget-elements

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Jigoshop – Store Toolkit

Plugin Slug:
jigoshop-store-toolkit

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

KBucket

Plugin Slug:
kbucket

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

Keymaster Chord Notation Free

Plugin Slug:
keymaster-chord-notation-free

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Kings Tab Slider

Plugin Slug:
kings-tab-slider

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

L Squared Hub WP

Plugin Slug:
l-squared-hub-wp-virtual-device

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Lenxel Core for Lenxel(LNX) LMS

Plugin Slug:
lenxel-core

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Location Click Map

Plugin Slug:
location-click-map

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Loginplus

Plugin Slug:
loginplus

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Luzuk Slider

Plugin Slug:
luzuk-slider

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Luzuk Team

Plugin Slug:
luzuk-team

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Luzuk Testimonials

Plugin Slug:
luzuk-testimonials

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Mage Front End Forms

Plugin Slug:
mage-forms

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Magic Slider

Plugin Slug:
magic-slider

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Map Store Locator

Plugin Slug:
map-store-location

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Mapme

Plugin Slug:
mapme

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Master Bar

Plugin Slug:
master-bar

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

MDC YouTube Downloader

Plugin Slug:
mdc-youtube-downloader

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Matix Popup Builder

Plugin Slug:
medma-matix

Vulnerability:
Privilege Escalation

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

mFolio Lite

Plugin Slug:
mfolio-lite

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

MG Post Contributors

Plugin Slug:
mg-post-contributors

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Minical Hotel Booking Plugin

Plugin Slug:
minical

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Mobile Kiosk

Plugin Slug:
mobile-kiosk

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Moka Get Posts Shortcode

Plugin Slug:
moka-get-posts

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Moose Elementor Kit

Plugin Slug:
moose-elementor-kit

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Multi-day Booking Calendar

Plugin Slug:
multi-day-booking-calendar

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Multifox Plus

Plugin Slug:
multifox-plus

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Multiple Votes in one page

Plugin Slug:
multiple-votes-in-one-page

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

My Restaurant Menu

Plugin Slug:
my-restaurant-menu

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

WP Responsive Video

Plugin Slug:
my-wp-responsive-video

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Narnoo Commerce Manager

Plugin Slug:
narnoo-commerce-manager

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

News Articles

Plugin Slug:
news-articles

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

News Ticker

Plugin Slug:
newsticker

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

The Novel Design Store Directory

Plugin Slug:
noveldesign-store-directory

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

NV Slider

Plugin Slug:
nv-slider

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Official SalesWizard CRM Plugin

Plugin Slug:
official-saleswizard-crm

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Olympus Shortcodes

Plugin Slug:
olympus-shortcodes

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

OpenCart Product Display

Plugin Slug:
opencart-product-display

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

OS BXSlider

Plugin Slug:
os-bxslider

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

OS Our Team

Plugin Slug:
os-our-team

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

OS Pricing Tables

Plugin Slug:
os-pricing-tables

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Parallaxer

Plugin Slug:
parallaxer-lite-parallax-effects-on-images

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

ParOne Feeds

Plugin Slug:
parone

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Pay With Stripe

Plugin Slug:
payments-stripe-gateway

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Pdf Embedder Fay

Plugin Slug:
pdf-embedder-fay

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Persian Nested Show/Hide Text

Plugin Slug:
persian-nested-showhide-text

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

PF Timer

Plugin Slug:
pf-timer

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Photographer Connections

Plugin Slug:
photographer-connections

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Picsmize

Plugin Slug:
picsmize

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

Plenigo

Plugin Slug:
plenigo

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Popup Image

Plugin Slug:
popup-image

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Postcasa Shortcode

Plugin Slug:
postcasa

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Postify: Post Layout For Elementor

Plugin Slug:
postify-for-elementor

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Posts Filter

Plugin Slug:
posts-filter

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Posts Search

Plugin Slug:
posts-search

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

PropertyShift

Plugin Slug:
propertyshift

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Provide Forex Signals

Plugin Slug:
provide-forex-signals

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Pull This

Plugin Slug:
pull-this

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

ra_qrcode

Plugin Slug:
ra-qrcode

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Relais 2FA

Plugin Slug:
relais-2fa

Vulnerability:
Broken Authentication

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

Responsive Data Table

Plugin Slug:
responsive-data-table

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Share Buttons – Social Media

Plugin Slug:
rich-web-share-button

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Rig Elements For Elementor

Plugin Slug:
rig-elements

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

RSV 360 View

Plugin Slug:
rsv-360-view

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

RSV PDF Preview

Plugin Slug:
rsv-pdf-preview

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Saragna

Plugin Slug:
saragna-social-stream

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

scrollup

Plugin Slug:
scrollup

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Search order by product SKU for WooCommerce

Plugin Slug:
search-order-by-product-sku-for-woocommerce

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Sell Media File with Stripe

Plugin Slug:
sell-media-file

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Semantic Shortcode

Plugin Slug:
semantic-shortcode

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Lewe Bootstrap Visuals

Plugin Slug:
shortcode-bootstrap-visuals

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Shortcode Collection

Plugin Slug:
shortcode-collection

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Redirecter

Plugin Slug:
shortcode-for-redirection

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Simple Pricing Table

Plugin Slug:
simple-pricing-table

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Simple Social Share Block

Plugin Slug:
simple-social-share-block

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

SimpleGMaps

Plugin Slug:
simplegmaps

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Simple Modal

Plugin Slug:
simplemodal

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Simplistic SEO

Plugin Slug:
simplistic-seo

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Simpul Events by Esotech

Plugin Slug:
simpul-events-by-esotech

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Social button

Plugin Slug:
social-button

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Social Locker

Plugin Slug:
social-locker-content

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Stylish Internal Links

Plugin Slug:
stylish-internal-links

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Surbma | Font Awesome

Plugin Slug:
surbma-font-awesome

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

SV Forms

Plugin Slug:
sv-forms

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

SVT Simple

Plugin Slug:
svt-simple

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Table of Contents Plus

Plugin Slug:
table-of-contents-plus

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Team Showcase and Slider – Team Members Builder

Plugin Slug:
team-showcase-ultimate

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

TeleAdmin

Plugin Slug:
teleadmin

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Testimonial Slider Shortcode

Plugin Slug:
testimonial-slider-shortcode

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Text Advertisements

Plugin Slug:
text-advertisements

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Tigris Flexplatform

Plugin Slug:
tigris-flexplatform

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

TinyCode

Plugin Slug:
tinycode

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Topbar ID for Elementor

Plugin Slug:
topbar-id-for-elementor

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Trendy Restaurant Menu

Plugin Slug:
trendy-restaurant-menu

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

SrcSet Responsive Images for WordPress

Plugin Slug:
truenorth-srcset

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Twitter real time search scrolling

Plugin Slug:
twitter-real-time-search-scrolling

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Ultimate Accordion

Plugin Slug:
ultimate-accordion

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

User Meta

Plugin Slug:
user-meta

Vulnerability:
Sensitive Data Exposure

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

User Password Reset

Plugin Slug:
user-password-reset

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Utech Spinning Earth

Plugin Slug:
utech-spinning-earth

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

UW Freelancer

Plugin Slug:
uw-freelancer

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

VP Sitemap

Plugin Slug:
vp-sitemap

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Wd-image-magnifier-xoss

Plugin Slug:
wd-image-magnifier-xoss

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

WE – Client Logo Carousel

Plugin Slug:
we-client-logo-carousel

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Websand Subscription Form

Plugin Slug:
websand-subscription-form

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Wezido

Plugin Slug:
wezido-elementor-addon-based-on-easy-digital-downloads

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

WP Agenda

Plugin Slug:
wp-agenda

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

wp_automatic_widget

Plugin Slug:
wp-automatic-widget

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

WP-Basics

Plugin Slug:
wp-basics

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

WP Contest

Plugin Slug:
wp-contest

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin:

EventPress

Plugin Slug:
wp-eventpress

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Wp-ImageZoom

Plugin Slug:
wp-imagezoom

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

imPress

Plugin Slug:
wp-js-impress

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

WP Listings Pro

Plugin Slug:
wp-listings-pro

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

WP MMenu Lite

Plugin Slug:
wp-mmenu-lite

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

WP PagSeguro Payments

Plugin Slug:
wp-pagseguro-payments

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Wp Slide Categorywise

Plugin Slug:
wp-slide-categorywise

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

WP Visual Adverts

Plugin Slug:
wp-visual-adverts

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Website remote Install vor Gravity, WPForms, Formidable, Ninja, Caldera

Plugin Slug:
wp-website-creator

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

WPHelpful

Plugin Slug:
wphelpful

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Admin Amplify

Plugin Slug:
wpr-admin-amplify

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

yPHPlista

Plugin Slug:
yphplista

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

????????

Plugin Slug:
yr-activity-link

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Cookie Nonsense for YT

Plugin Slug:
yt-cookie-nonsense

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

ZIJ KART

Plugin Slug:
zij-kart

Vulnerability:
Local File Inclusion

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
header-footer-elementor

Installations
2,000,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.6.46

Severity Score:
Medium

Plugin Slug:
loginizer

Installations
1,000,000+

Vulnerability:
Broken Authentication

Patched in Version:
1.9.3

Severity Score:
High

Plugin Slug:
safe-svg

Installations
1,000,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.2.6

Severity Score:
Medium

Plugin Slug:
happy-elementor-addons

Installations
400,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.12.6

Severity Score:
Medium

Plugin Slug:
photo-gallery

Installations
200,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.8.31

Severity Score:
Medium

Plugin Slug:
admin-site-enhancements

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
7.5.2

Severity Score:
Medium

Plugin Slug:
bdthemes-element-pack-lite

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
5.10.3

Severity Score:
Medium

Plugin Slug:
bdthemes-prime-slider-lite

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.15.19

Severity Score:
Medium

Plugin Slug:
contact-form-7-dynamic-text-extension

Installations
100,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
4.5.1

Severity Score:
Medium

Plugin Slug:
pods

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.2.7.1

Severity Score:
Medium

Plugin Slug:
wp-ulike

Installations
80,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.7.5

Severity Score:
Medium

Plugin Slug:
booking

Installations
50,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
10.6.3

Severity Score:
Medium

Plugin Slug:
form-maker

Installations
50,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.15.31

Severity Score:
High

Plugin Slug:
mappress-google-maps-for-wordpress

Installations
40,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.94.2

Severity Score:
Medium

Plugin Slug:
easy-svg

Installations
30,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.8

Severity Score:
Medium

Plugin Slug:
envo-extra

Installations
30,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
1.9.4

Severity Score:
Medium

Plugin Slug:
seriously-simple-podcasting

Installations
30,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.6.0

Severity Score:
High

Plugin Slug:
super-socializer

Installations
30,000+

Vulnerability:
Broken Authentication

Patched in Version:
7.14

Severity Score:
High

Plugin Slug:
futurio-extra

Installations
20,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.0.14

Severity Score:
Medium

Plugin Slug:
simple-embed-code

Installations
20,000+

Vulnerability:
Server Side Request Forgery (SSRF)

Patched in Version:
2.5.1

Severity Score:
Medium

Plugin Slug:
xpro-elementor-addons

Installations
20,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
1.4.6.1

Severity Score:
Medium

Plugin Slug:
charitable

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.8.3.1

Severity Score:
High

Plugin Slug:
contact-form-7-paypal-add-on

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.3.2

Severity Score:
High

Plugin Slug:
customize-my-account-for-woocommerce

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.7.30

Severity Score:
High

Plugin Slug:
easy-pricing-tables

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.2.7

Severity Score:
Medium

Plugin Slug:
jetwidgets-for-elementor

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.0.19

Severity Score:
Medium

Plugin Slug:
mycred

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.7.5

Severity Score:
Medium

Plugin Slug:
osm

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
6.1.3

Severity Score:
Medium

Plugin Slug:
registrations-for-the-events-calendar

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.12.4

Severity Score:
High

Plugin Slug:
wp-photo-album-plus

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
8.9.01.001

Severity Score:
Medium

Plugin Slug:
algori-pdf-viewer

Installations
8,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.0.8

Severity Score:
Medium

Plugin Slug:
ws-form

Installations
8,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.9.245

Severity Score:
High

Plugin Slug:
cf7-redirect-thank-you-page

Installations
7,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.0.7

Severity Score:
High

Plugin Slug:
poll-maker

Installations
7,000+

Vulnerability:
SQL Injection

Patched in Version:
5.4.7

Severity Score:
High

Plugin Slug:
ultimate-bootstrap-elements-for-elementor

Installations
7,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
1.4.7

Severity Score:
Medium

Plugin Slug:
woo-floating-cart-lite

Installations
6,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.8.3

Severity Score:
Medium

Plugin Slug:
wp-job-portal

Installations
6,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.2.1

Severity Score:
Medium

Plugin Slug:
bulk-editor

Installations
5,000+

Vulnerability:
Path Traversal

Patched in Version:
1.0.8.4

Severity Score:
Medium

Plugin Slug:
element-ready-lite

Installations
5,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
6.4.4

Severity Score:
Medium

Plugin Slug:
magical-addons-for-elementor

Installations
5,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
1.2.5

Severity Score:
Medium

Plugin Slug:
podlove-podcasting-plugin-for-wordpress

Installations
5,000+

Vulnerability:
Remote Code Execution (RCE)

Patched in Version:
4.1.17

Severity Score:
Critical

Plugin Slug:
simple-google-maps-short-code

Installations
5,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.6

Severity Score:
Medium

Plugin Slug:
everest-backup

Installations
4,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
2.2.14

Severity Score:
High

Plugin Slug:
liquid-blocks

Installations
4,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.3.0

Severity Score:
Medium

Plugin Slug:
content-slider-block

Installations
3,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
3.1.6

Severity Score:
Medium

Plugin Slug:
multiple-pages-generator-by-porthas

Installations
3,000+

Vulnerability:
Path Traversal

Patched in Version:
4.0.3

Severity Score:
Low

Plugin Slug:
tickera-event-ticketing-system

Installations
3,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.5.4.6

Severity Score:
Medium

Plugin Slug:
profit-products-tables-for-woocommerce

Installations
2,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.0.6.5

Severity Score:
Medium

Plugin Slug:
responsive-filterable-portfolio

Installations
2,000+

Vulnerability:
Server Side Request Forgery (SSRF)

Patched in Version:
1.0.23

Severity Score:
Medium

Plugin Slug:
slick-engagement

Installations
2,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.0.0

Severity Score:
Medium

Plugin Slug:
the-pack-addon

Installations
2,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.1.1

Severity Score:
Medium

Plugin Slug:
zotpress

Installations
2,000+

Vulnerability:
Broken Access Control

Patched in Version:
7.3.13

Severity Score:
Medium

Plugin Slug:
contest-gallery

Installations
1,000+

Vulnerability:
SQL Injection

Patched in Version:
24.0.4

Severity Score:
Critical

Plugin Slug:
countdown-time

Installations
1,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
1.2.5

Severity Score:
Medium

Plugin Slug:
event-post

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
5.9.7

Severity Score:
Medium

Plugin Slug:
event-post

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
5.9.7

Severity Score:
Medium

Plugin Slug:
heateor-social-login

Installations
1,000+

Vulnerability:
Broken Authentication

Patched in Version:
1.1.36

Severity Score:
High

Plugin Slug:
ithemelandco-woo-report

Installations
1,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.5.2

Severity Score:
High

Plugin Slug:
landing-page-cat

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.7.7

Severity Score:
High

Plugin Slug:
responsive-addons-for-elementor

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.6.0

Severity Score:
Medium

Plugin Slug:
shortcodes-for-amp-web-stories-and-elementor-widget

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.1.1

Severity Score:
Medium

Plugin Slug:
skt-addons-for-elementor

Installations
1,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
3.4

Severity Score:
Medium

Plugin Slug:
tumult-hype-animations

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.9.15

Severity Score:
Medium

Plugin Slug:
video-wc-gallery

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.32

Severity Score:
Medium

Plugin Slug:
w3speedster-wp

Installations
1,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
7.27

Severity Score:
Medium

Plugin Slug:
xili-tidy-tags

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.12.05

Severity Score:
High

Plugin Slug:
ai-auto-tool

Installations
500+

Vulnerability:
Broken Access Control

Patched in Version:
2.1.3

Severity Score:
High

Plugin Slug:
cyan-backup

Installations
500+

Vulnerability:
Arbitrary File Download

Patched in Version:
2.5.4

Severity Score:
Medium

Plugin Slug:
ultimate-shortcodes-creator

Installations
300+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.2.0

Severity Score:
Medium

Plugin Slug:
basticom-framework

Installations
100+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.5.1

Severity Score:
Medium

Plugin Slug:
forms-by-made-it

Installations
100+

Vulnerability:
Arbitrary File Upload

Patched in Version:
2.8.1

Severity Score:
Critical

Plugin Slug:
pro-addons-for-elementor

Installations
80+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.6.0

Severity Score:
Medium

Plugin Slug:
nopeamedia

Installations
50+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.2.0

Severity Score:
Medium

Plugin Slug:
anant-addons-for-elementor

Installations
20+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.0.6

Severity Score:
Medium

Plugin Slug:
realty

Installations
20+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.1.6

Severity Score:
Medium

Plugin Slug:
christian-science-bible-lesson-subjects

Installations
10+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.1

Severity Score:
Medium

Plugin Slug:
hebrewdates

Installations
10+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.3.0

Severity Score:
High

Plugin Slug:
shop-assistant-for-woocommerce-jarvis

Installations
10+

Vulnerability:
Broken Access Control

Patched in Version:
2.9.2

Severity Score:
Medium

Plugin Slug:
ultimate-flipbox-addon-for-elementor

Installations
10+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.0.5

Severity Score:
Medium

Plugin Slug:
dynamic-post-grid-elementor-addon

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.0.7

Severity Score:
Medium

Plugin:

Hive Support – WordPress Help Desk

Plugin Slug:
hive-support

Vulnerability:
Arbitrary File Upload

Patched in Version:
1.1.2

Severity Score:
Critical

Plugin:

kineticPay for WooCommerce

Plugin Slug:
kineticpay-for-woocommerce

Vulnerability:
Arbitrary File Upload

Patched in Version:
3.0

Severity Score:
Critical

Plugin:

Loginizer Security

Plugin Slug:
loginizer-security

Vulnerability:
Broken Authentication

Patched in Version:
1.9.3

Severity Score:
High

Plugin:

Pie Register Premium

Plugin Slug:
pie-register-premium

Vulnerability:
Broken Access Control

Patched in Version:
3.8.3.3

Severity Score:
Medium

Plugin:

Quform

Plugin Slug:
quform

Vulnerability:
Sensitive Data Exposure

Patched in Version:
2.21.0

Severity Score:
Medium

Plugin:

WooCommerce Social Login

Plugin Slug:
woo-social-login

Vulnerability:
Broken Authentication

Patched in Version:
2.7.8

Severity Score:
High

Plugin:

WooCommerce Support Ticket System

Plugin Slug:
woocommerce-support-ticket-system

Vulnerability:
Arbitrary File Upload

Patched in Version:
17.8

Severity Score:
Critical

Plugin:

WooCommerce Support Ticket System

Plugin Slug:
woocommerce-support-ticket-system

Vulnerability:
Arbitrary File Deletion

Patched in Version:
17.8

Severity Score:
High

Plugin:

JobSearch

Plugin Slug:
wp-jobsearch

Vulnerability:
Arbitrary File Upload

Patched in Version:
2.6.8

Severity Score:
Critical

Plugin:

JobSearch

Plugin Slug:
wp-jobsearch

Vulnerability:
Arbitrary File Upload

Patched in Version:
2.6.8

Severity Score:
Critical

Plugin:

WP Membership

Plugin Slug:
wp-membership

Vulnerability:
Arbitrary File Upload

Patched in Version:
1.6.3

Severity Score:
Critical

Plugin:

User Extra Fields

Plugin Slug:
wp-user-extra-fields

Vulnerability:
Arbitrary File Upload

Patched in Version:
16.6

Severity Score:
Critical

WordPress Themes — 3 Patched / 2 Unpatched

Theme Slug:
storely

Downloads
435,857

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Theme:

Anih

Theme Slug:
anih

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Theme Slug:
th-shop-mania

Downloads
35,161

Vulnerability:
Arbitrary Code Execution

Patched in Version:
1.5.0

Severity Score:
Medium

Theme Slug:
top-store

Downloads
198,806

Vulnerability:
Arbitrary Code Execution

Patched in Version:
1.5.5

Severity Score:
Medium

Theme:

WPLMS

Theme Slug:
wplms

Vulnerability:
Path Traversal

Patched in Version:
4.963

Severity Score:
Critical

Solid Security is part of Solid Suite — The best foundation for WordPress websites.

Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!

Get Solid Security

Keep reading the article at Blog – SolidWP. The article was originally written by Sarah Zuercher on 2024-11-13 10:24:00.

The article was hand-picked and curated for you by the Editorial Team of WP Archives.

Disclosure: Some of the links in this post are "affiliate links." This means if you click on the link and purchase the product, We may receive an affiliate commission.

Previous Post
Next Post

Related Posts

WordPress Vulnerability Roundup: March , Part 1

WordPress

Customizing WordPress User Roles With Branda

WordPress

20 Best React Dashboard Templates For Killer Applications –

WordPress

Booknetic: WordPress Appointments & Booking –

WordPress

Quickly & Easily Build Popups with WP Popups Pro –

WordPress

How Much Does a Domain Name Really Cost

WordPress

Leave a Comment Cancel Reply
Your email address will not be published. Required fields are marked *
Type here..

Name*

Email*

Website

Save my name, email, and website in this browser for the next time I comment.

Notify me of follow-up comments by email.
Notify me of new posts by email.

Δ

WordPress Vulnerability Report — December 18, 2024
WordPress

In this report, 345 vulnerabilities have been publicly disclosed. Security patches for 164 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 181 plugin and theme vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

window[“bfaee0c7_200c_49d8_934f_54de478175cf”] = {“blockId”:”bfaee0c7-200c-49d8-934f-54de478175cf”,”type”:”warning”,”content”:”

Along with poor user account security, vulnerable plugins and themes are among the top reasons why WordPress websites get hacked. Unfortunately, cyberattacks are increasing in volume and sophistication. They’re also increasingly aimed at small to mid-sized businesses.”,”className”:””};

Along with poor user account security, vulnerable plugins and themes are among the top reasons why WordPress websites get hacked. Unfortunately, cyberattacks are increasing in volume and sophistication. They’re also increasingly aimed at small to mid-sized businesses.

window[“50c01be2_1674_45a2_adde_a8dc800635da”] = {“blockId”:”50c01be2-1674-45a2-adde-a8dc800635da”,”className”:””,”isOpen”:true};

Table of Contents

1. WordPress Core

2. WordPress Plugins — 156 Patched / 179 Unpatched

2.1
WP Mega Menu

2.2
WPCargo Track & Trace

2.3
Awesome Support – WordPress HelpDesk & Support Plugin

2.4
Axeptio – Cookie Banner – GDPR Consent & Compliance with a friendly touch

2.5
Radio Player – Live Shoutcast, Icecast and Any Audio Stream Player for WordPress

2.6
EazyDocs – Most Powerful Knowledge base, wiki, Documentation Builder Plugin

2.7
News Ticker for Elementor

2.8
WP Menu Image

2.9
Smaily for WP

2.10
SQL Chart Builder

2.11
Job Board Manager

2.12
SIP Calculator

2.13
LDD Directory Lite

2.14
The Permalinker

2.15
Nias course | ???? ??? ????

2.16
Role Includer

2.17
Radius Blocks – WordPress Gutenberg Blocks

2.18
WordPress HelpDesk & Support Ticket System Plugin – Octrace Support

2.19
WP Cookies Enabler

2.20
Advanced Blog Post Block

2.21
Poll, Poll Forms – WordPress Poll plugin by Poll Builder

2.22
Woocommerce Blocks – Woolook

2.23
WP-NERD Toolkit

2.24
3D Avatar User Profile

2.25
Add image to Post

2.26
Advance Menu Manager

2.27
Advanced Data Table For Elementor

2.28
Advanced Fancybox

2.29
Advanced What should we write next about

2.30
AI Post Generator | AutoWriter

2.31
Zita Site Builder

2.32
Amazon Product Price

2.33
Animated Counters

2.34
Aphorismus

2.35
AppMaps

2.36
Appsplate

2.37
Arabic Webfonts

2.38
Arena.IM – Live Blogging for real-time events

2.39
Arena.IM – Live Blogging for real-time events

2.40
Firebase OTP Authentication

2.41
Banner System

2.42
Bet sport Free

2.43
Better WP Login Page

2.44
Bootstrap Buttons

2.45
Buk

2.46
Caldera SMTP Mailer

2.47
Mollie for Contact Form 7

2.48
??????

2.49
CK and SyntaxHighlighter

2.50
Code Generator Pro

2.51
Comments On Feed

2.52
Companion Portfolio

2.53
Connatix Video Embed

2.54
CoSchool LMS

2.55
Crafthemes Demo Import

2.56
Cricket Live Score

2.57
Critical Site Intel

2.58
CRUDLab Google Plus Button

2.59
CSV to html

2.60
Custom Skins Contact Form 7

2.61
Ultimate Endpoints With Rest Api

2.62
Mimoos

2.63
Display Future Posts

2.64
Dr Affiliate

2.65
DTC Documents

2.66
Easy Site Importer

2.67
ECT Product Carousel

2.68
ECT Social Share

2.69
EELV Newsletter

2.70
Mandrill WP

2.71
eTemplates

2.72
Evernote Sync

2.73
Feedpress Generator

2.74
Flaming Forms

2.75
Flash News / Post (Responsive)

2.76
Floating Video Player

2.77
Gaxx Keywords

2.78
Geoportail Shortcode

2.79
Get Post Content Shortcode

2.80
GitSync

2.81
glomex oEmbed

2.82
Go Animate

2.83
Grid Plus

2.84
Gutensee

2.85
Opt-In Downloads

2.86
Hello In All Languages

2.87
Horizontal scroll image slideshow

2.88
HostFact bestelformulier integratie

2.89
HQ Rental Software

2.90
IDer Login

2.91
Image Mapper

2.92
Increase Sociability

2.93
Insertify

2.94
Instant Appointment

2.95
jCarousel

2.96
Jet Footer Code

2.97
KH Easy User Settings

2.98
Kredeum NFTs

2.99
kvCORE IDX

2.100
LaunchPage.app Importer

2.101
Leader

2.102
LeaderBoard Plugin

2.103
Library Management System

2.104
Like in Vk.com

2.105
Category of Posts

2.106
ListApp Mobile Manager

2.107
LionScripts: Site Maintenance & Noindex Nofollow Plugin

2.108
MDC Comment Toolbar

2.109
Metrika

2.110
Minterpress

2.111
Multiple Admin Emails

2.112
My IDX Home Search

2.113
addWeather

2.114
Nabz Image Gallery

2.115
Navayan CSV Export

2.116
Newsletter Subscriptions

2.117
Onlywire Multi Autosubmitter

2.118
Order Delivery & Pickup Location Date Time

2.119
phZoom

2.120
PixProof

2.121
Popup Surveys & Polls for WordPress (Mare.io)

2.122
Portfolio – Filterable Masonry Portfolio Gallery for Professionals

2.123
Post Carousel & Slider

2.124
Posts and Products Views for WooCommerce

2.125
Posts Date Ranges

2.126
PowerFormBuilder

2.127
Push Monkey Pro – Web Push Notifications and WooCommerce Abandoned Cart

2.128
Quietly Insights

2.129
Share Buttons – Social Media

2.130
Saksh Escrow System

2.131
Saoshyant Element

2.132
SeedProd Pro

2.133
SeedProd Pro

2.134
SeedProd Pro

2.135
Service

2.136
Sign In With Google

2.137
Simple Booking Widget

2.138
Slope Widgets

2.139
Social Media Sharing

2.140
SOPA Blackout

2.141
WP Simple Pay Lite Manager

2.142
Surbma | SalesAutopilot Shortcode

2.143
SVG Shortcode

2.144
TagGator

2.145
TCBD Popover

2.146
Tidy Up

2.147
TPG Get Posts

2.148
TSB Occasion Editor

2.149
Ui Slider Filter By Price

2.150
Utech World Time

2.151
vBSSO-lite

2.152
Visual Recent Posts

2.153
Visualmodo Elements

2.154
Website Toolbox Community

2.155
WooCommerce Cart Count Shortcode

2.156
WooCommerce Basic Ordernumbers

2.157
WordPress Filter

2.158
Wovax IDX

2.159
WP-Ban-User

2.160
WP Fiddle

2.161
WP Flipkart Importer

2.162
WP-HideThat

2.163
Wp Login with Ajax

2.164
WP Controller

2.165
Wp NssUser Register

2.166
Wp photo text slider 50

2.167
WP Service Payment Form With Authorize.net

2.168
Tithe.ly Giving Button

2.169
WP?????

2.170
WPBookit

2.171
Admin Customization

2.172
Wr Age Verification

2.173
Wr Age Verification

2.174
XML Multilanguage Sitemap Generator

2.175
XPD Reduce Image Filesize

2.176
YDS Support Ticket System

2.177
States Map US

2.178
YooBar

2.179
Youtube Video Grid

2.180
WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More

2.181
MainWP Child – Securely Connects to the MainWP Dashboard to Manage Multiple Sites

2.182
Ninja Forms – The Contact Form Builder That Grows With You

2.183
The Events Calendar

2.184
User Role Editor

2.185
Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder

2.186
Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder

2.187
SiteOrigin Widgets Bundle

2.188
Gutenberg Blocks with AI by Kadence WP – Page Builder Features

2.189
Members – Membership & User Role Editor Plugin

2.190
Popup Builder – Create highly converting, mobile friendly marketing popups.

2.191
Unlimited Elements For Elementor (Free Widgets, Addons, Templates)

2.192
Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress

2.193
Beaver Builder – WordPress Page Builder

2.194
Image Widget

2.195
LuckyWP Table of Contents

2.196
Web Stories

2.197
LearnPress – WordPress LMS Plugin

2.198
LearnPress – WordPress LMS Plugin

2.199
AI Engine

2.200
Ajax Search Lite – Live Search & Filter

2.201
Bold Page Builder

2.202
Calculated Fields Form

2.203
Easy Digital Downloads – eCommerce Payments and Subscriptions made easy

2.204
Ultimate Blocks – WordPress Blocks Plugin

2.205
Greenshift – animation and page builder blocks

2.206
?????? ????? ??????? Persian WooCommerce SMS

2.207
FULL – Cliente

2.208
NotificationX – Live Sales Notification, WooCommerce Sales Popup, FOMO, Social Proof, Announcement Banner & Floating Notification Top Bar

2.209
PPWP – Password Protect Pages

2.210
New User Approve

2.211
Rate My Post – Star Rating Plugin by FeedbackWP

2.212
Minify HTML

2.213
s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions

2.214
Simple Side Tab

2.215
Essential Real Estate

2.216
Cookie Consent, Consent Log, Cookie Scanner, Script Blocker (for GDPR, CCPA & ePrivacy) : WP Cookie Consent

2.217
MyParcel

2.218
Events Addon for Elementor

2.219
PowerPack Lite for Beaver Builder

2.220
Primary Addon for Elementor

2.221
Notibar – Notification Bar for WordPress

2.222
Notibar – Notification Bar for WordPress

2.223
Vimeography: Vimeo Video Gallery WordPress Plugin

2.224
OAuth Single Sign On – SSO (OAuth Client)

2.225
Coupon Affiliates – Affiliate Plugin for WooCommerce

2.226
WPMobile.App — Android and iOS Mobile Application

2.227
ElementsReady Addons for Elementor

2.228
EventPrime – Events Calendar, Bookings and Tickets

2.229
GEO my WP

2.230
MStore API – Create Native Android & iOS Apps On The Cloud

2.231
WP Crowdfunding

2.232
WP Crowdfunding

2.233
Hash Form – Drag & Drop Form Builder

2.234
Cognito Forms

2.235
Falcon – WordPress Optimizations & Tweaks

2.236
Online Booking & Scheduling Calendar for WordPress by vcita

2.237
Active Products Tables for WooCommerce. Use constructor to create tables

2.238
Responsive Filterable Portfolio

2.239
Restaurant & Cafe Addon for Elementor

2.240
Restrict – membership, site, content and user access restrictions for WordPress

2.241
Simple Link Directory

2.242
WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin

2.243
360 Javascript Viewer

2.244
Barcode Scanner and Inventory manager. POS (Point of Sale) – scan barcodes & create orders with barcode reader.

2.245
FormFacade – WordPress plugin for Google Forms

2.246
ForumWP – Forum & Discussion Board

2.247
ImageRecycle pdf & image compression

2.248
Memberful – Membership Plugin

2.249
Posti Shipping

2.250
Simple Restrict

2.251
RapidLoad – Optimize Web Vitals Automatically

2.252
NiceJob

2.253
Property Hive Mortgage Calculator

2.254
Property Hive Stamp Duty Calculator

2.255
WPC Order Notes for WooCommerce

2.256
Quran multilanguage Text & Audio

2.257
Waymark

2.258
WP Pipes

2.259
AR for WordPress

2.260
Car Dealer (Dealership) and Vehicle sales

2.261
Device Detector

2.262
Last Viewed Posts by WPBeginner

2.263
Out of the Block: OpenStreetMap

2.264
AIcomments – ??????????? ? ?????? ChatGPT

2.265
CM Answers – Powerful WordPress Forum Plugin

2.266
Cryptocurrency Price Widget

2.267
iChart – Easy Charts and Graphs

2.268
Mark New Posts

2.269
WP Email Log – PostBox

2.270
Spreadr Woocommerce Plugin – Amazon Importer for Dropshipping and Affiliate

2.271
Spreadr Woocommerce Plugin – Amazon Importer for Dropshipping and Affiliate

2.272
Themify Store Locator

2.273
WooCommerce Additional Fees On Checkout (Free)

2.274
Gutenberg Blocks and Page Layouts – Attire Blocks

2.275
Projectopia – WordPress Project Management

2.276
Payment Gateway Per Product for WooCommerce

2.277
Check Pincode For Woocommerce

2.278
Currency Converter Widget ? PRO

2.279
NewsmanApp

2.280
Print Science Designer

2.281
Stop Registration Spam

2.282
WP BASE Booking of Appointments, Services and Events

2.283
WP Mailster

2.284
AutoWP – AI Content Writer & Rewriter

2.285
Booking System Trafft

2.286
dejure.org Vernetzungsfunktion

2.287
Email Reminders

2.288
J&T Express Malaysia

2.289
Revi.io – Customer & Products Reviews

2.290
WordPress Post Grid Layouts with Pagination – Sogrid

2.291
WordPress Post Grid Layouts with Pagination – Sogrid

2.292
Staggs – Product Configurator Toolkit

2.293
Lifetime free Drag & Drop Contact Form Builder for WordPress VForm

2.294
Video & Photo Gallery for Ultimate Member

2.295
Gou Manage My Account Menu – User Roles

2.296
ICDSoft Reseller Store

2.297
Ksher

2.298
Media Downloader

2.299
CRM Perks – WordPress HelpDesk Integration – Zendesk, Freshdesk, HelpScout

2.300
Invoice Payment for WooCommerce

2.301
Seraphinite Bulk Discounts for WooCommerce

2.302
Hurrakify

2.303
SMS for WooCommerce

2.304
Hive Support | AI-Powered Help Desk, Live Chat & AI Chat Bot Plugin for WordPress

2.305
Hive Support | AI-Powered Help Desk, Live Chat & AI Chat Bot Plugin for WordPress

2.306
AIKCT Engine Chatbot, ChatGPT, Gemini, GPT-4o Best AI Chatbot

2.307
LabelGrid Tools

2.308
Simple Payment

2.309
CarDealerPress

2.310
CE21 Suite

2.311
EduAdmin Booking

2.312
Hack-Info

2.313
FloristPress – Customize your Woo store for your Florist

2.314
CleverNode Related Content

2.315
Connect Contact Form 7 to Constant Contact V3

2.316
Fancy Roller Scroller

2.317
I Plant A Tree

2.318
ImmoToolBox Connect

2.319
Newsletter, Email Marketing, Email Subscriber – Mail Picker

2.320
Simple Presenter

2.321
SMSify

2.322
UNIVERSAM

2.323
WP Currency Exchange Rates

2.324
WP Quick Shop

2.325
DX Dark Site

2.326
FooGallery Premium

2.327
GeoFlickr

2.328
Hello Event Widgets For Elementor

2.329
WP SuperBackup

2.330
Kundgenerator

2.331
Quran Phrases About Most People Shortcodes

2.332
Responsive Google Maps | by imbaa

2.333
Termin-Kalender

2.334
WooCommerce PDF Vouchers

2.335
WP All Import Pro

3. WordPress Themes — 8 Patched / 2 Unpatched

3.1
Olivia

3.2
Zerif Lite

3.3
Barter

3.4
Bicycleshop

3.5
Brand

3.6
hmd

3.7
Plain Post

3.8
Avada

3.9
Woffice

3.10
WoodMart

window[“5692f671_f1b2_412a_a76c_ceb9a9396d4e”] = {“blockId”:”5692f671-f1b2-412a-a76c-ceb9a9396d4e”,”type”:”notice”,”content”:”

Our WordPress Vulnerability Reportu00a0covers the latest emerging WordPress plugin, theme, and core vulnerabilities. Each vulnerability will have a severity rating ofu00a0Low,u00a0Medium,u00a0High, oru00a0Critical. Responsible disclosure of vulnerabilities is essential to keeping the WordPress community safe. Please share this report to help spread the word and make WordPress u2014 and the web u2014 more secure.”,”className”:””};

Our WordPress Vulnerability Report covers the latest emerging WordPress plugin, theme, and core vulnerabilities. Each vulnerability will have a severity rating of Low, Medium, High, or Critical. Responsible disclosure of vulnerabilities is essential to keeping the WordPress community safe. Please share this report to help spread the word and make WordPress — and the web — more secure.

WordPress Core

WordPress 6.7.1 is available! This minor release features 16 bug fixes throughout Core and the Block Editor.

window[“c8539d2c_4fc0_432d_8df0_94a80820d5df”] = {“blockId”:”c8539d2c-4fc0-432d-8df0-94a80820d5df”,”text”:”No new core vulnerabilities were disclosed this week.”,”className”:””};

No new core vulnerabilities were disclosed this week.

WordPress Plugins — 156 Patched / 179 Unpatched

WP Mega Menu

Plugin:

WP Mega Menu

Plugin Slug:
wp-megamenu

Installations
10,000+

Vulnerability:
PHP Object Injection

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-54282

The vulnerability has not been patched. You should deactivate the plugin.

WPCargo Track & Trace

Plugin:

WPCargo Track & Trace

Plugin Slug:
wpcargo

Installations
10,000+

Vulnerability:
Settings Change

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-54271

The vulnerability has not been patched. You should deactivate the plugin.

Awesome Support – WordPress HelpDesk & Support Plugin

Plugin:

Awesome Support – WordPress HelpDesk & Support Plugin

Plugin Slug:
awesome-support

Installations
9,000+

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-54289

The vulnerability has not been patched. You should deactivate the plugin.

Axeptio – Cookie Banner – GDPR Consent & Compliance with a friendly touch

Plugin:

Axeptio – Cookie Banner – GDPR Consent & Compliance with a friendly touch

Plugin Slug:
axeptio-sdk-integration

Installations
7,000+

Vulnerability:
Local File Inclusion

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-54270

The vulnerability has not been patched. You should deactivate the plugin.

Radio Player – Live Shoutcast, Icecast and Any Audio Stream Player for WordPress

Plugin:

Radio Player – Live Shoutcast, Icecast and Any Audio Stream Player for WordPress

Plugin Slug:
radio-player

Installations
6,000+

Vulnerability:
Server Side Request Forgery (SSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-54385

The vulnerability has not been patched. You should deactivate the plugin.

EazyDocs – Most Powerful Knowledge base, wiki, Documentation Builder Plugin

Plugin:

EazyDocs – Most Powerful Knowledge base, wiki, Documentation Builder Plugin

Plugin Slug:
eazydocs

Installations
2,000+

Vulnerability:
Local File Inclusion

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-54376

The vulnerability has not been patched. You should deactivate the plugin.

News Ticker for Elementor

Plugin:

News Ticker for Elementor

Plugin Slug:
news-ticker-for-elementor

Installations
2,000+

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-54278

The vulnerability has not been patched. You should deactivate the plugin.

WP Menu Image

Plugin:

WP Menu Image

Plugin Slug:
wp-menu-image

Installations
2,000+

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-52485

The vulnerability has not been patched. You should deactivate the plugin.

Smaily for WP

Plugin:

Smaily for WP

Plugin Slug:
smaily-for-wp

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-54286

The vulnerability has not been patched. You should deactivate the plugin.

SQL Chart Builder

Plugin:

SQL Chart Builder

Plugin Slug:
sql-chart-builder

Installations
800+

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-11430

The vulnerability has not been patched. You should deactivate the plugin.

Job Board Manager

Plugin:

Job Board Manager

Plugin Slug:
job-board-manager

Installations
500+

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-55993

The vulnerability has not been patched. You should deactivate the plugin.

SIP Calculator

Plugin:

SIP Calculator

Plugin Slug:
sip-calculator

Installations
300+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-12555

The vulnerability has not been patched. You should deactivate the plugin.

LDD Directory Lite

Plugin:

LDD Directory Lite

Plugin Slug:
ldd-directory-lite

Installations
200+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-54288

The vulnerability has not been patched. You should deactivate the plugin.

The Permalinker

Plugin:

The Permalinker

Plugin Slug:
the-permalinker

Installations
200+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-11894

The vulnerability has not been patched. You should deactivate the plugin.

Nias course | ???? ??? ????

Plugin:

Nias course | ???? ??? ????

Plugin Slug:
nias-course

Installations
100+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-54277

The vulnerability has not been patched. You should deactivate the plugin.

Role Includer

Plugin:

Role Includer

Plugin Slug:
role-includer

Installations
100+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-54290

The vulnerability has not been patched. You should deactivate the plugin.

Radius Blocks – WordPress Gutenberg Blocks

Plugin:

Radius Blocks – WordPress Gutenberg Blocks

Plugin Slug:
radius-blocks

Installations
70+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-54272

The vulnerability has not been patched. You should deactivate the plugin.

WordPress HelpDesk & Support Ticket System Plugin – Octrace Support

Plugin:

WordPress HelpDesk & Support Ticket System Plugin – Octrace Support

Plugin Slug:
octrace-support

Installations
50+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-54274

The vulnerability has not been patched. You should deactivate the plugin.

WP Cookies Enabler

Plugin:

WP Cookies Enabler

Plugin Slug:
wp-cookies-enabler

Installations
30+

Vulnerability:
Local File Inclusion

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-54380

The vulnerability has not been patched. You should deactivate the plugin.

Advanced Blog Post Block

Plugin:

Advanced Blog Post Block

Plugin Slug:
advanced-blog-post-block

Installations
10+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-54287

The vulnerability has not been patched. You should deactivate the plugin.

Poll, Poll Forms – WordPress Poll plugin by Poll Builder

Plugin:

Poll, Poll Forms – WordPress Poll plugin by Poll Builder

Plugin Slug:
poll-builder

Installations
10+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-54276

The vulnerability has not been patched. You should deactivate the plugin.

Woocommerce Blocks – Woolook

Plugin:

Woocommerce Blocks – Woolook

Plugin Slug:
woolook

Installations
10+

Vulnerability:
Local File Inclusion

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-54375

The vulnerability has not been patched. You should deactivate the plugin.

WP-NERD Toolkit

Plugin:

WP-NERD Toolkit

Plugin Slug:
wp-nerd-toolkit

Installations
10+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-54279

The vulnerability has not been patched. You should deactivate the plugin.

3D Avatar User Profile

Plugin:

3D Avatar User Profile

Plugin Slug:
3d-avatar-user-profile

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-54358

The vulnerability has not been patched. You should deactivate the plugin.

Add image to Post

Plugin:

Add image to Post

Plugin Slug:
add-image-to-post

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-54428

The vulnerability has not been patched. You should deactivate the plugin.

Advance Menu Manager

Plugin:

Advance Menu Manager

Plugin Slug:
advance-menu-manager

Vulnerability:
Settings Change

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-54381

The vulnerability has not been patched. You should deactivate the plugin.

Advanced Data Table For Elementor

Plugin:

Advanced Data Table For Elementor

Plugin Slug:
advanced-data-table-for-elementor

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-54443

The vulnerability has not been patched. You should deactivate the plugin.

Advanced Fancybox

Plugin:

Advanced Fancybox

Plugin Slug:
advanced-fancybox

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-54401

The vulnerability has not been patched. You should deactivate the plugin.

Advanced What should we write next about

Plugin:

Advanced What should we write next about

Plugin Slug:
advanced-what-should-we-write-about-next

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-55987

The vulnerability has not been patched. You should deactivate the plugin.

AI Post Generator | AutoWriter

Plugin:

AI Post Generator | AutoWriter

Plugin Slug:
ai-post-generator

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-11709

The vulnerability has not been patched. You should deactivate the plugin.

Zita Site Builder

Plugin:

Zita Site Builder

Plugin Slug:
ai-site-builder

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-54369

The vulnerability has not been patched. You should deactivate the plugin.

Amazon Product Price

Plugin:

Amazon Product Price

Plugin Slug:
amazon-product-price

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-54439

The vulnerability has not been patched. You should deactivate the plugin.

Animated Counters

Plugin:

Animated Counters

Plugin Slug:
animated-counters

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-11905

The vulnerability has not been patched. You should deactivate the plugin.

Aphorismus

Plugin:

Aphorismus

Plugin Slug:
aphorismus

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-54429

The vulnerability has not been patched. You should deactivate the plugin.

AppMaps

Plugin:

AppMaps

Plugin Slug:
appmaps

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-54400

The vulnerability has not been patched. You should deactivate the plugin.

Appsplate

Plugin:

Appsplate

Plugin Slug:
appsplate

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-54292

The vulnerability has not been patched. You should deactivate the plugin.

Arabic Webfonts

Plugin:

Arabic Webfonts

Plugin Slug:
arabic-webfonts

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-54402

The vulnerability has not been patched. You should deactivate the plugin.

Arena.IM – Live Blogging for real-time events

Plugin:

Arena.IM – Live Blogging for real-time events

Plugin Slug:
arena-liveblog-and-chat-tool

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-12526

The vulnerability has not been patched. You should deactivate the plugin.

Arena.IM – Live Blogging for real-time events

Plugin:

Arena.IM – Live Blogging for real-time events

Plugin Slug:
arena-liveblog-and-chat-tool

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-12463

The vulnerability has not been patched. You should deactivate the plugin.

Firebase OTP Authentication

Plugin:

Firebase OTP Authentication

Plugin Slug:
authentication-via-otp-using-firebase

Vulnerability:
Broken Authentication

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-54294

The vulnerability has not been patched. You should deactivate the plugin.

Banner System

Plugin:

Banner System

Plugin Slug:
banner-system

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-54359

The vulnerability has not been patched. You should deactivate the plugin.

Bet sport Free

Plugin:

Bet sport Free

Plugin Slug:
bet-sport-free

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-54396

The vulnerability has not been patched. You should deactivate the plugin.

Better WP Login Page

Plugin:

Better WP Login Page

Plugin Slug:
better-wp-login-page

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-54442

The vulnerability has not been patched. You should deactivate the plugin.

Bootstrap Buttons

Plugin:

Bootstrap Buttons

Plugin Slug:
bootstrap-buttons

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-49677

The vulnerability has not been patched. You should deactivate the plugin.

Buk

Plugin:

Buk

Plugin Slug:
buk-appointments

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-11869

The vulnerability has not been patched. You should deactivate the plugin.

Caldera SMTP Mailer

Plugin:

Caldera SMTP Mailer

Plugin Slug:
caldera-smtp-mailer

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-56003

The vulnerability has not been patched. You should deactivate the plugin.

Mollie for Contact Form 7

Plugin:

Mollie for Contact Form 7

Plugin Slug:
cf7-mollie

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-55990

The vulnerability has not been patched. You should deactivate the plugin.

??????

Plugin:

??????

Plugin Slug:
changyan

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-55994

The vulnerability has not been patched. You should deactivate the plugin.

CK and SyntaxHighlighter

Plugin:

CK and SyntaxHighlighter

Plugin Slug:
ck-and-syntaxhighlighter

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-54407

The vulnerability has not been patched. You should deactivate the plugin.

Code Generator Pro

Plugin:

Code Generator Pro

Plugin Slug:
code-generator-pro

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-55978

The vulnerability has not been patched. You should deactivate the plugin.

Comments On Feed

Plugin:

Comments On Feed

Plugin Slug:
comments-on-feed

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-54406

The vulnerability has not been patched. You should deactivate the plugin.

Companion Portfolio

Plugin:

Companion Portfolio

Plugin Slug:
companion-portfolio

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-11867

The vulnerability has not been patched. You should deactivate the plugin.

Connatix Video Embed

Plugin:

Connatix Video Embed

Plugin Slug:
connatix-video-embed

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-11883

The vulnerability has not been patched. You should deactivate the plugin.

CoSchool LMS

Plugin:

CoSchool LMS

Plugin Slug:
coschool

Vulnerability:
Broken Authentication

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-54296

The vulnerability has not been patched. You should deactivate the plugin.

Crafthemes Demo Import

Plugin:

Crafthemes Demo Import

Plugin Slug:
crafthemes-demo-import

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-9698

The vulnerability has not been patched. You should deactivate the plugin.

Cricket Live Score

Plugin:

Cricket Live Score

Plugin Slug:
cricket-score

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-11877

The vulnerability has not been patched. You should deactivate the plugin.

Critical Site Intel

Plugin:

Critical Site Intel

Plugin Slug:
critical-site-intel-stats

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-55976

The vulnerability has not been patched. You should deactivate the plugin.

CRUDLab Google Plus Button

Plugin:

CRUDLab Google Plus Button

Plugin Slug:
crudlab-google-plus

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-54399

The vulnerability has not been patched. You should deactivate the plugin.

CSV to html

Plugin:

CSV to html

Plugin Slug:
csv-to-html

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-54275

The vulnerability has not been patched. You should deactivate the plugin.

Custom Skins Contact Form 7

Plugin:

Custom Skins Contact Form 7

Plugin Slug:
custom-skins-contact-form-7

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-12341

The vulnerability has not been patched. You should deactivate the plugin.

Ultimate Endpoints With Rest Api

Plugin:

Ultimate Endpoints With Rest Api

Plugin Slug:
custom-wp-rest-api

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-12260

The vulnerability has not been patched. You should deactivate the plugin.

Mimoos

Plugin:

Mimoos

Plugin Slug:
devoluciones-packback

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-55974

The vulnerability has not been patched. You should deactivate the plugin.

Display Future Posts

Plugin:

Display Future Posts

Plugin Slug:
display-future-posts

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-54413

The vulnerability has not been patched. You should deactivate the plugin.

Dr Affiliate

Plugin:

Dr Affiliate

Plugin Slug:
dr-affiliate

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-55975

The vulnerability has not been patched. You should deactivate the plugin.

DTC Documents

Plugin:

DTC Documents

Plugin Slug:
dtc-documents

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-54418

The vulnerability has not been patched. You should deactivate the plugin.

Easy Site Importer

Plugin:

Easy Site Importer

Plugin Slug:
easy-site-importer

Vulnerability:
Settings Change

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-56004

The vulnerability has not been patched. You should deactivate the plugin.

ECT Product Carousel

Plugin:

ECT Product Carousel

Plugin Slug:
ect-product-carousel

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-54412

The vulnerability has not been patched. You should deactivate the plugin.

ECT Social Share

Plugin:

ECT Social Share

Plugin Slug:
ect-social-share

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-54405

The vulnerability has not been patched. You should deactivate the plugin.

EELV Newsletter

Plugin:

EELV Newsletter

Plugin Slug:
eelv-newsletter

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-54430

The vulnerability has not been patched. You should deactivate the plugin.

Mandrill WP

Plugin:

Mandrill WP

Plugin Slug:
email-form-under-post

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-54394

The vulnerability has not been patched. You should deactivate the plugin.

eTemplates

Plugin:

eTemplates

Plugin Slug:
etemplates

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-55972

The vulnerability has not been patched. You should deactivate the plugin.

Evernote Sync

Plugin:

Evernote Sync

Plugin Slug:
evernote-sync

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-54422

The vulnerability has not been patched. You should deactivate the plugin.

Feedpress Generator

Plugin:

Feedpress Generator

Plugin Slug:
feedpress-generator

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-54364

The vulnerability has not been patched. You should deactivate the plugin.

Flaming Forms

Plugin:

Flaming Forms

Plugin Slug:
flaming-forms

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-54398

The vulnerability has not been patched. You should deactivate the plugin.

Flash News / Post (Responsive)

Plugin:

Flash News / Post (Responsive)

Plugin Slug:
flashnews-fading-effect-pearlbells

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-56012

The vulnerability has not been patched. You should deactivate the plugin.

Floating Video Player

Plugin:

Floating Video Player

Plugin Slug:
floating-player

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-54421

The vulnerability has not been patched. You should deactivate the plugin.

Gaxx Keywords

Plugin:

Gaxx Keywords

Plugin Slug:
gaxx-keywords

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-54438

The vulnerability has not been patched. You should deactivate the plugin.

Geoportail Shortcode

Plugin:

Geoportail Shortcode

Plugin Slug:
geoportail-shortcode

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-54414

The vulnerability has not been patched. You should deactivate the plugin.

Get Post Content Shortcode

Plugin:

Get Post Content Shortcode

Plugin Slug:
get-post-content-shortcode

Vulnerability:
Sensitive Data Exposure

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-12447

The vulnerability has not been patched. You should deactivate the plugin.

GitSync

Plugin:

GitSync

Plugin Slug:
git-sync

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-54368

The vulnerability has not been patched. You should deactivate the plugin.

glomex oEmbed

Plugin:

glomex oEmbed

Plugin Slug:
glomex-oembed

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-11873

The vulnerability has not been patched. You should deactivate the plugin.

Go Animate

Plugin:

Go Animate

Plugin Slug:
goanimate

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-54397

The vulnerability has not been patched. You should deactivate the plugin.

Grid Plus

Plugin:

Grid Plus

Plugin Slug:
grid-plus

Vulnerability:
Arbitrary Code Execution

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-10910

The vulnerability has not been patched. You should deactivate the plugin.

Gutensee

Plugin:

Gutensee

Plugin Slug:
gutensee

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-54360

The vulnerability has not been patched. You should deactivate the plugin.

Opt-In Downloads

Plugin:

Opt-In Downloads

Plugin Slug:
halfdata-optin-downloads

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-10590

The vulnerability has not been patched. You should deactivate the plugin.

Hello In All Languages

Plugin:

Hello In All Languages

Plugin Slug:
hello-in-all-languages

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-12572

The vulnerability has not been patched. You should deactivate the plugin.

Horizontal scroll image slideshow

Plugin:

Horizontal scroll image slideshow

Plugin Slug:
horizontal-scroll-image-slideshow

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-11442

The vulnerability has not been patched. You should deactivate the plugin.

HostFact bestelformulier integratie

Plugin:

HostFact bestelformulier integratie

Plugin Slug:
hostfact-bestelformulier-integratie

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-11413

The vulnerability has not been patched. You should deactivate the plugin.

HQ Rental Software

Plugin:

HQ Rental Software

Plugin Slug:
hq-rental-software

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-11689

The vulnerability has not been patched. You should deactivate the plugin.

IDer Login

Plugin:

IDer Login

Plugin Slug:
ider-login

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-11888

The vulnerability has not been patched. You should deactivate the plugin.

Image Mapper

Plugin:

Image Mapper

Plugin Slug:
image-mapper

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-56016

The vulnerability has not been patched. You should deactivate the plugin.

Increase Sociability

Plugin:

Increase Sociability

Plugin Slug:
increase-sociability

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-54395

The vulnerability has not been patched. You should deactivate the plugin.

Insertify

Plugin:

Insertify

Plugin Slug:
insertify

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-54372

The vulnerability has not been patched. You should deactivate the plugin.

Instant Appointment

Plugin:

Instant Appointment

Plugin Slug:
instant-appointment

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-54361

The vulnerability has not been patched. You should deactivate the plugin.

jCarousel

Plugin:

jCarousel

Plugin Slug:
jcarousel-for-wordpress

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-54437

The vulnerability has not been patched. You should deactivate the plugin.

Jet Footer Code

Plugin:

Jet Footer Code

Plugin Slug:
jet-footer-code

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-54436

The vulnerability has not been patched. You should deactivate the plugin.

KH Easy User Settings

Plugin:

KH Easy User Settings

Plugin Slug:
kh-easy-user-settings

Vulnerability:
Privilege Escalation

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-54365

The vulnerability has not been patched. You should deactivate the plugin.

Kredeum NFTs

Plugin:

Kredeum NFTs

Plugin Slug:
kredeum-nfts

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-11876

The vulnerability has not been patched. You should deactivate the plugin.

kvCORE IDX

Plugin:

kvCORE IDX

Plugin Slug:
kvcore-idx

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-11723

The vulnerability has not been patched. You should deactivate the plugin.

LaunchPage.app Importer

Plugin:

LaunchPage.app Importer

Plugin Slug:
launchpage-app-importer

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-55977

The vulnerability has not been patched. You should deactivate the plugin.

Leader

Plugin:

Leader

Plugin Slug:
leader

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-56007

The vulnerability has not been patched. You should deactivate the plugin.

LeaderBoard Plugin

Plugin:

LeaderBoard Plugin

Plugin Slug:
leaderboard-lite

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-54426

The vulnerability has not been patched. You should deactivate the plugin.

Library Management System

Plugin:

Library Management System

Plugin Slug:
library-management-system

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-12406

The vulnerability has not been patched. You should deactivate the plugin.

Like in Vk.com

Plugin:

Like in Vk.com

Plugin Slug:
like-on-vkontakte

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-54424

The vulnerability has not been patched. You should deactivate the plugin.

Category of Posts

Plugin:

Category of Posts

Plugin Slug:
list-one-category-of-posts

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-54427

The vulnerability has not been patched. You should deactivate the plugin.

ListApp Mobile Manager

Plugin:

ListApp Mobile Manager

Plugin Slug:
listapp-mobile-manager

Vulnerability:
Broken Authentication

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-54295

The vulnerability has not been patched. You should deactivate the plugin.

LionScripts: Site Maintenance & Noindex Nofollow Plugin

Plugin:

LionScripts: Site Maintenance & Noindex Nofollow Plugin

Plugin Slug:
maintenance-and-noindex-nofollow

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-54425

The vulnerability has not been patched. You should deactivate the plugin.

MDC Comment Toolbar

Plugin:

MDC Comment Toolbar

Plugin Slug:
mdc-comment-toolbar

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-54404

The vulnerability has not been patched. You should deactivate the plugin.

Metrika

Plugin:

Metrika

Plugin Slug:
metrika

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-54420

The vulnerability has not been patched. You should deactivate the plugin.

Minterpress

Plugin:

Minterpress

Plugin Slug:
minterpress

Vulnerability:
Privilege Escalation

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-54379

The vulnerability has not been patched. You should deactivate the plugin.

Multiple Admin Emails

Plugin:

Multiple Admin Emails

Plugin Slug:
multiple-admin-emails

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-54388

The vulnerability has not been patched. You should deactivate the plugin.

My IDX Home Search

Plugin:

My IDX Home Search

Plugin Slug:
my-idx-home-search

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-12502

The vulnerability has not been patched. You should deactivate the plugin.

addWeather

Plugin:

addWeather

Plugin Slug:
myweather

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-54389

The vulnerability has not been patched. You should deactivate the plugin.

Nabz Image Gallery

Plugin:

Nabz Image Gallery

Plugin Slug:
nabz-image-gallery

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-55981

The vulnerability has not been patched. You should deactivate the plugin.

Navayan CSV Export

Plugin:

Navayan CSV Export

Plugin Slug:
navayan-csv-export

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-55988

The vulnerability has not been patched. You should deactivate the plugin.

Newsletter Subscriptions

Plugin:

Newsletter Subscriptions

Plugin Slug:
newsletter-subscriptions

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-11683

The vulnerability has not been patched. You should deactivate the plugin.

Onlywire Multi Autosubmitter

Plugin:

Onlywire Multi Autosubmitter

Plugin Slug:
onlywire-multi-autosubmitter

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-54435

The vulnerability has not been patched. You should deactivate the plugin.

Order Delivery & Pickup Location Date Time

Plugin:

Order Delivery & Pickup Location Date Time

Plugin Slug:
order-delivery-pickup-location-date-time-free-version

Vulnerability:
Settings Change

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-55997

The vulnerability has not been patched. You should deactivate the plugin.

phZoom

Plugin:

phZoom

Plugin Slug:
phzoom

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-54434

The vulnerability has not been patched. You should deactivate the plugin.

PixProof

Plugin:

PixProof

Plugin Slug:
pixproof

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-54417

The vulnerability has not been patched. You should deactivate the plugin.

Popup Surveys & Polls for WordPress (Mare.io)

Plugin:

Popup Surveys & Polls for WordPress (Mare.io)

Plugin Slug:
popup-surveys

Vulnerability:
Settings Change

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-55998

The vulnerability has not been patched. You should deactivate the plugin.

Portfolio – Filterable Masonry Portfolio Gallery for Professionals

Plugin:

Portfolio – Filterable Masonry Portfolio Gallery for Professionals

Plugin Slug:
portfolio-pro

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-11900

The vulnerability has not been patched. You should deactivate the plugin.

Post Carousel & Slider

Plugin:

Post Carousel & Slider

Plugin Slug:
post-types-carousel-slider

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-11770

The vulnerability has not been patched. You should deactivate the plugin.

Posts and Products Views for WooCommerce

Plugin:

Posts and Products Views for WooCommerce

Plugin Slug:
posts-and-products-views

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-12448

The vulnerability has not been patched. You should deactivate the plugin.

Posts Date Ranges

Plugin:

Posts Date Ranges

Plugin Slug:
posts-date-ranges

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-54387

The vulnerability has not been patched. You should deactivate the plugin.

PowerFormBuilder

Plugin:

PowerFormBuilder

Plugin Slug:
power-forms-builder

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-55983

The vulnerability has not been patched. You should deactivate the plugin.

Push Monkey Pro – Web Push Notifications and WooCommerce Abandoned Cart

Plugin:

Push Monkey Pro – Web Push Notifications and WooCommerce Abandoned Cart

Plugin Slug:
push-monkey-desktop-push-notifications

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-54386

The vulnerability has not been patched. You should deactivate the plugin.

Quietly Insights

Plugin:

Quietly Insights

Plugin Slug:
quietly-insights

Vulnerability:
Privilege Escalation

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-54378

The vulnerability has not been patched. You should deactivate the plugin.

Share Buttons – Social Media

Plugin:

Share Buttons – Social Media

Plugin Slug:
rich-web-share-button

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-55982

The vulnerability has not been patched. You should deactivate the plugin.

Saksh Escrow System

Plugin:

Saksh Escrow System

Plugin Slug:
saksh-escrow-system

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-55984

The vulnerability has not been patched. You should deactivate the plugin.

Saoshyant Element

Plugin:

Saoshyant Element

Plugin Slug:
saoshyant-element

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51646

The vulnerability has not been patched. You should deactivate the plugin.

SeedProd Pro

Plugin:

SeedProd Pro

Plugin Slug:
seedprod-coming-soon-pro-5

Vulnerability:
Remote Code Execution (RCE)

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-54285

The vulnerability has not been patched. You should deactivate the plugin.

SeedProd Pro

Plugin:

SeedProd Pro

Plugin Slug:
seedprod-coming-soon-pro-5

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-54284

The vulnerability has not been patched. You should deactivate the plugin.

SeedProd Pro

Plugin:

SeedProd Pro

Plugin Slug:
seedprod-coming-soon-pro-5

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-54283

The vulnerability has not been patched. You should deactivate the plugin.

Service

Plugin:

Service

Plugin Slug:
service

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-55986

The vulnerability has not been patched. You should deactivate the plugin.

Sign In With Google

Plugin:

Sign In With Google

Plugin Slug:
sign-in-with-google

Vulnerability:
Broken Authentication

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-11015

The vulnerability has not been patched. You should deactivate the plugin.

Simple Booking Widget

Plugin:

Simple Booking Widget

Plugin Slug:
simple-booking-widget

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-54433

The vulnerability has not been patched. You should deactivate the plugin.

Slope Widgets

Plugin:

Slope Widgets

Plugin Slug:
slope-widgets

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-11902

The vulnerability has not been patched. You should deactivate the plugin.

Social Media Sharing

Plugin:

Social Media Sharing

Plugin Slug:
social-media-sharing

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-54423

The vulnerability has not been patched. You should deactivate the plugin.

SOPA Blackout

Plugin:

SOPA Blackout

Plugin Slug:
sopa-blackout

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-54410

The vulnerability has not been patched. You should deactivate the plugin.

WP Simple Pay Lite Manager

Plugin:

WP Simple Pay Lite Manager

Plugin Slug:
stripe-manager

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-55989

The vulnerability has not been patched. You should deactivate the plugin.

Surbma | SalesAutopilot Shortcode

Plugin:

Surbma | SalesAutopilot Shortcode

Plugin Slug:
surbma-salesautopilot-shortcode

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-11433

The vulnerability has not been patched. You should deactivate the plugin.

SVG Shortcode

Plugin:

SVG Shortcode

Plugin Slug:
svg-shortcode

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-12574

The vulnerability has not been patched. You should deactivate the plugin.

TagGator

Plugin:

TagGator

Plugin Slug:
taggator

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-54390

The vulnerability has not been patched. You should deactivate the plugin.

TCBD Popover

Plugin:

TCBD Popover

Plugin Slug:
tcbd-popover

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-11751

The vulnerability has not been patched. You should deactivate the plugin.

Tidy Up

Plugin:

Tidy Up

Plugin Slug:
tidy-up

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-56015

The vulnerability has not been patched. You should deactivate the plugin.

TPG Get Posts

Plugin:

TPG Get Posts

Plugin Slug:
tpg-get-posts

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-11906

The vulnerability has not been patched. You should deactivate the plugin.

TSB Occasion Editor

Plugin:

TSB Occasion Editor

Plugin Slug:
tsb-occasion-editor

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-55973

The vulnerability has not been patched. You should deactivate the plugin.

Ui Slider Filter By Price

Plugin:

Ui Slider Filter By Price

Plugin Slug:
ui-slider-filter-by-price

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-54419

The vulnerability has not been patched. You should deactivate the plugin.

Utech World Time

Plugin:

Utech World Time

Plugin Slug:
utech-world-time-for-wp

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-54441

The vulnerability has not been patched. You should deactivate the plugin.

vBSSO-lite

Plugin:

vBSSO-lite

Plugin Slug:
vbsso-lite

Vulnerability:
Broken Authentication

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-54297

The vulnerability has not been patched. You should deactivate the plugin.

Visual Recent Posts

Plugin:

Visual Recent Posts

Plugin Slug:
visual-recent-posts

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-54403

The vulnerability has not been patched. You should deactivate the plugin.

Visualmodo Elements

Plugin:

Visualmodo Elements

Plugin Slug:
visualmodo-elements

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-11095

The vulnerability has not been patched. You should deactivate the plugin.

Website Toolbox Community

Plugin:

Website Toolbox Community

Plugin Slug:
website-toolbox-forums

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-12338

The vulnerability has not been patched. You should deactivate the plugin.

WooCommerce Cart Count Shortcode

Plugin:

WooCommerce Cart Count Shortcode

Plugin Slug:
woo-cart-count-shortcode

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-12517

The vulnerability has not been patched. You should deactivate the plugin.

WooCommerce Basic Ordernumbers

Plugin:

WooCommerce Basic Ordernumbers

Plugin Slug:
woocommerce-basic-ordernumbers

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-55992

The vulnerability has not been patched. You should deactivate the plugin.

WordPress Filter

Plugin:

WordPress Filter

Plugin Slug:
wordpress-filter

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-54391

The vulnerability has not been patched. You should deactivate the plugin.

Wovax IDX

Plugin:

Wovax IDX

Plugin Slug:
wovax-idx

Vulnerability:
Broken Authentication

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-56013

The vulnerability has not been patched. You should deactivate the plugin.

WP-Ban-User

Plugin:

WP-Ban-User

Plugin Slug:
wp-ban-user

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-54440

The vulnerability has not been patched. You should deactivate the plugin.

WP Fiddle

Plugin:

WP Fiddle

Plugin Slug:
wp-fiddle

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-54393

The vulnerability has not been patched. You should deactivate the plugin.

WP Flipkart Importer

Plugin:

WP Flipkart Importer

Plugin Slug:
wp-flipkart-importer

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-54432

The vulnerability has not been patched. You should deactivate the plugin.

WP-HideThat

Plugin:

WP-HideThat

Plugin Slug:
wp-hide-that

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-54415

The vulnerability has not been patched. You should deactivate the plugin.

Wp Login with Ajax

Plugin:

Wp Login with Ajax

Plugin Slug:
wp-login-with-ajax

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-54416

The vulnerability has not been patched. You should deactivate the plugin.

WP Controller

Plugin:

WP Controller

Plugin Slug:
wp-management-controller

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-54411

The vulnerability has not been patched. You should deactivate the plugin.

Wp NssUser Register

Plugin:

Wp NssUser Register

Plugin Slug:
wp-nssuser-register

Vulnerability:
Privilege Escalation

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-54363

The vulnerability has not been patched. You should deactivate the plugin.

Wp photo text slider 50

Plugin:

Wp photo text slider 50

Plugin Slug:
wp-photo-text-slider-50

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-11884

The vulnerability has not been patched. You should deactivate the plugin.

WP Service Payment Form With Authorize.net

Plugin:

WP Service Payment Form With Authorize.net

Plugin Slug:
wp-service-payment-form-with-authorizenet

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-12258

The vulnerability has not been patched. You should deactivate the plugin.

Tithe.ly Giving Button

Plugin:

Tithe.ly Giving Button

Plugin Slug:
wp-tithely

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-11841

The vulnerability has not been patched. You should deactivate the plugin.

WP?????

Plugin:

WP?????

Plugin Slug:
wp-weixin-robot

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-54392

The vulnerability has not been patched. You should deactivate the plugin.

WPBookit

Plugin:

WPBookit

Plugin Slug:
wpbookit

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-54280

The vulnerability has not been patched. You should deactivate the plugin.

Admin Customization

Plugin:

Admin Customization

Plugin Slug:
wpp-customization

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-54431

The vulnerability has not been patched. You should deactivate the plugin.

Wr Age Verification

Plugin:

Wr Age Verification

Plugin Slug:
wr-age-verification

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-55979

The vulnerability has not been patched. You should deactivate the plugin.

Wr Age Verification

Plugin:

Wr Age Verification

Plugin Slug:
wr-age-verification

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-55980

The vulnerability has not been patched. You should deactivate the plugin.

XML Multilanguage Sitemap Generator

Plugin:

XML Multilanguage Sitemap Generator

Plugin Slug:
xml-multilanguage-sitemap-generator

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-55999

The vulnerability has not been patched. You should deactivate the plugin.

XPD Reduce Image Filesize

Plugin:

XPD Reduce Image Filesize

Plugin Slug:
xpd-reduce-image-filesize

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-54409

The vulnerability has not been patched. You should deactivate the plugin.

YDS Support Ticket System

Plugin:

YDS Support Ticket System

Plugin Slug:
yds-support-ticket-system

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-55985

The vulnerability has not been patched. You should deactivate the plugin.

States Map US

Plugin:

States Map US

Plugin Slug:
ymc-states-map

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-12523

The vulnerability has not been patched. You should deactivate the plugin.

YooBar

Plugin:

YooBar

Plugin Slug:
yoo-bar

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-11410

The vulnerability has not been patched. You should deactivate the plugin.

Youtube Video Grid

Plugin:

Youtube Video Grid

Plugin Slug:
youmax-channel-embeds-for-youtube-businesses

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-54408

The vulnerability has not been patched. You should deactivate the plugin.

WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More

Plugin:

WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More

Plugin Slug:
wpforms-lite

Installations
6,000,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.9.2.2

Severity Score:
High

CVE:

2024-11205

The vulnerability has been patched, so you should update to version 1.9.2.2.

MainWP Child – Securely Connects to the MainWP Dashboard to Manage Multiple Sites

Plugin:

MainWP Child – Securely Connects to the MainWP Dashboard to Manage Multiple Sites

Plugin Slug:
mainwp-child

Installations
700,000+

Vulnerability:
Privilege Escalation

Patched in Version:
5.3

Severity Score:
High

CVE:

2024-10783

The vulnerability has been patched, so you should update to version 5.3.

Ninja Forms – The Contact Form Builder That Grows With You

Plugin:

Ninja Forms – The Contact Form Builder That Grows With You

Plugin Slug:
ninja-forms

Installations
700,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.8.20

Severity Score:
High

CVE:

2024-11052

The vulnerability has been patched, so you should update to version 3.8.20.

The Events Calendar

Plugin:

The Events Calendar

Plugin Slug:
the-events-calendar

Installations
700,000+

Vulnerability:
Broken Access Control

Patched in Version:
6.8.2.1

Severity Score:
Medium

CVE:

2024-5333

The vulnerability has been patched, so you should update to version 6.8.2.1.

User Role Editor

Plugin:

User Role Editor

Plugin Slug:
user-role-editor

Installations
700,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
4.64.4

Severity Score:
Critical

CVE:

2024-12293

The vulnerability has been patched, so you should update to version 4.64.4.

Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder

Plugin:

Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder

Plugin Slug:
fluentform

Installations
500,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
5.2.7

Severity Score:
High

CVE:

2024-10646

The vulnerability has been patched, so you should update to version 5.2.7.

Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder

Plugin:

Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder

Plugin Slug:
fluentform

Installations
500,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
5.2.1

Severity Score:
Medium

CVE:

2024-9651

The vulnerability has been patched, so you should update to version 5.2.1.

SiteOrigin Widgets Bundle

Plugin:

SiteOrigin Widgets Bundle

Plugin Slug:
so-widgets-bundle

Installations
500,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.64.1

Severity Score:
Medium

CVE:

2024-54268

The vulnerability has been patched, so you should update to version 1.64.1.

Gutenberg Blocks with AI by Kadence WP – Page Builder Features

Plugin:

Gutenberg Blocks with AI by Kadence WP – Page Builder Features

Plugin Slug:
kadence-blocks

Installations
400,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.2.54

Severity Score:
Medium

CVE:

2024-10637

The vulnerability has been patched, so you should update to version 3.2.54.

Members – Membership & User Role Editor Plugin

Plugin:

Members – Membership & User Role Editor Plugin

Plugin Slug:
members

Installations
300,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
3.2.11

Severity Score:
Medium

CVE:

2024-11008

The vulnerability has been patched, so you should update to version 3.2.11.

Popup Builder – Create highly converting, mobile friendly marketing popups.

Plugin:

Popup Builder – Create highly converting, mobile friendly marketing popups.

Plugin Slug:
popup-builder

Installations
200,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.3.5

Severity Score:
Medium

CVE:

2024-9428

The vulnerability has been patched, so you should update to version 4.3.5.

Unlimited Elements For Elementor (Free Widgets, Addons, Templates)

Plugin:

Unlimited Elements For Elementor (Free Widgets, Addons, Templates)

Plugin Slug:
unlimited-elements-for-elementor

Installations
200,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.5.127

Severity Score:
Medium

CVE:

2024-10784

The vulnerability has been patched, so you should update to version 1.5.127.

Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress

Plugin:

Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress

Plugin Slug:
wp-user-avatar

Installations
200,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.15.15

Severity Score:
Medium

CVE:

2024-10517

The vulnerability has been patched, so you should update to version 4.15.15.

Beaver Builder – WordPress Page Builder

Plugin:

Beaver Builder – WordPress Page Builder

Plugin Slug:
beaver-builder-lite-version

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.8.5.3

Severity Score:
Medium

CVE:

2024-11832

The vulnerability has been patched, so you should update to version 2.8.5.3.

Image Widget

Plugin:

Image Widget

Plugin Slug:
image-widget

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.4.11

Severity Score:
Medium

CVE:

2024-10939

The vulnerability has been patched, so you should update to version 4.4.11.

LuckyWP Table of Contents

Plugin:

LuckyWP Table of Contents

Plugin Slug:
luckywp-table-of-contents

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.1.7

Severity Score:
Medium

CVE:

2024-9641

The vulnerability has been patched, so you should update to version 2.1.7.

Web Stories

Plugin:

Web Stories

Plugin Slug:
web-stories

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.38.0

Severity Score:
Medium

CVE:

2024-54317

The vulnerability has been patched, so you should update to version 1.38.0.

LearnPress – WordPress LMS Plugin

Plugin:

LearnPress – WordPress LMS Plugin

Plugin Slug:
learnpress

Installations
90,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.2.7.2

Severity Score:
Medium

CVE:

2024-10010

The vulnerability has been patched, so you should update to version 4.2.7.2.

LearnPress – WordPress LMS Plugin

Plugin:

LearnPress – WordPress LMS Plugin

Plugin Slug:
learnpress

Installations
90,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
4.2.7.4

Severity Score:
Medium

CVE:

2024-11868

The vulnerability has been patched, so you should update to version 4.2.7.4.

AI Engine

Plugin:

AI Engine

Plugin Slug:
ai-engine

Installations
80,000+

Vulnerability:
SQL Injection

Patched in Version:
2.6.5

Severity Score:
High

CVE:

2024-10499

The vulnerability has been patched, so you should update to version 2.6.5.

Ajax Search Lite – Live Search & Filter

Plugin:

Ajax Search Lite – Live Search & Filter

Plugin Slug:
ajax-search-lite

Installations
80,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.12.4

Severity Score:
Medium

CVE:

2024-10568

The vulnerability has been patched, so you should update to version 4.12.4.

Bold Page Builder

Plugin:

Bold Page Builder

Plugin Slug:
bold-page-builder

Installations
50,000+

Vulnerability:
Path Traversal

Patched in Version:
5.1.6

Severity Score:
Medium

CVE:

2024-54382

The vulnerability has been patched, so you should update to version 5.1.6.

Calculated Fields Form

Plugin:

Calculated Fields Form

Plugin Slug:
calculated-fields-form

Installations
50,000+

Vulnerability:
Denial of Service Attack

Patched in Version:
5.2.64

Severity Score:
Medium

CVE:

2024-12601

The vulnerability has been patched, so you should update to version 5.2.64.

Easy Digital Downloads – eCommerce Payments and Subscriptions made easy

Plugin:

Easy Digital Downloads – eCommerce Payments and Subscriptions made easy

Plugin Slug:
easy-digital-downloads

Installations
50,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.3.5

Severity Score:
Low

CVE:

2024-9654

The vulnerability has been patched, so you should update to version 3.3.5.

Ultimate Blocks – WordPress Blocks Plugin

Plugin:

Ultimate Blocks – WordPress Blocks Plugin

Plugin Slug:
ultimate-blocks

Installations
50,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.2.4

Severity Score:
Medium

CVE:

2024-10678

The vulnerability has been patched, so you should update to version 3.2.4.

Greenshift – animation and page builder blocks

Plugin:

Greenshift – animation and page builder blocks

Plugin Slug:
greenshift-animation-and-page-builder-blocks

Installations
40,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
9.9.9.4

Severity Score:
Medium

CVE:

2024-11181

The vulnerability has been patched, so you should update to version 9.9.9.4.

?????? ????? ??????? Persian WooCommerce SMS

Plugin:

?????? ????? ??????? Persian WooCommerce SMS

Plugin Slug:
persian-woocommerce-sms

Installations
40,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
7.0.6

Severity Score:
High

CVE:

2024-54312

The vulnerability has been patched, so you should update to version 7.0.6.

FULL – Cliente

Plugin:

FULL – Cliente

Plugin Slug:
full-customer

Installations
30,000+

Vulnerability:
Local File Inclusion

Patched in Version:
3.1.26

Severity Score:
Medium

CVE:

2024-54313

The vulnerability has been patched, so you should update to version 3.1.26.

NotificationX – Live Sales Notification, WooCommerce Sales Popup, FOMO, Social Proof, Announcement Banner & Floating Notification Top Bar

Plugin:

NotificationX – Live Sales Notification, WooCommerce Sales Popup, FOMO, Social Proof, Announcement Banner & Floating Notification Top Bar

Plugin Slug:
notificationx

Installations
30,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.9.4

Severity Score:
Medium

CVE:

2024-11727

The vulnerability has been patched, so you should update to version 2.9.4.

PPWP – Password Protect Pages

Plugin:

PPWP – Password Protect Pages

Plugin Slug:
password-protect-page

Installations
30,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
1.9.6

Severity Score:
Medium

CVE:

2024-11280

The vulnerability has been patched, so you should update to version 1.9.6.

New User Approve

Plugin:

New User Approve

Plugin Slug:
new-user-approve

Installations
20,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.6.4

Severity Score:
Medium

CVE:

2024-54323

The vulnerability has been patched, so you should update to version 2.6.4.

Rate My Post – Star Rating Plugin by FeedbackWP

Plugin:

Rate My Post – Star Rating Plugin by FeedbackWP

Plugin Slug:
rate-my-post

Installations
20,000+

Vulnerability:
Broken Access Control

Patched in Version:
4.2.5

Severity Score:
Medium

CVE:

2024-12309

The vulnerability has been patched, so you should update to version 4.2.5.

Minify HTML

Plugin:

Minify HTML

Plugin Slug:
minify-html-markup

Installations
10,000+

Vulnerability:
Denial of Service Attack

Patched in Version:
2.1.11

Severity Score:
High

CVE:

2024-12579

The vulnerability has been patched, so you should update to version 2.1.11.

s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions

Plugin:

s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions

Plugin Slug:
s2member

Installations
10,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
241216

Severity Score:
High

CVE:

2024-8326

The vulnerability has been patched, so you should update to version 241216.

Simple Side Tab

Plugin:

Simple Side Tab

Plugin Slug:
simple-side-tab

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.2.0

Severity Score:
Medium

CVE:

2024-11183

The vulnerability has been patched, so you should update to version 2.2.0.

Essential Real Estate

Plugin:

Essential Real Estate

Plugin Slug:
essential-real-estate

Installations
9,000+

Vulnerability:
Broken Access Control

Patched in Version:
5.1.7

Severity Score:
Medium

CVE:

2024-12329

The vulnerability has been patched, so you should update to version 5.1.7.

Cookie Consent, Consent Log, Cookie Scanner, Script Blocker (for GDPR, CCPA & ePrivacy) : WP Cookie Consent

Plugin:

Cookie Consent, Consent Log, Cookie Scanner, Script Blocker (for GDPR, CCPA & ePrivacy) : WP Cookie Consent

Plugin Slug:
gdpr-cookie-consent

Installations
9,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.6.6

Severity Score:
Medium

CVE:

2024-11724

The vulnerability has been patched, so you should update to version 3.6.6.

MyParcel

Plugin:

MyParcel

Plugin Slug:
woocommerce-myparcel

Installations
9,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.24.2

Severity Score:
High

CVE:

2024-9608

The vulnerability has been patched, so you should update to version 4.24.2.

Events Addon for Elementor

Plugin:

Events Addon for Elementor

Plugin Slug:
events-addon-for-elementor

Installations
8,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.2.3

Severity Score:
Medium

CVE:

2024-54315

The vulnerability has been patched, so you should update to version 2.2.3.

PowerPack Lite for Beaver Builder

Plugin:

PowerPack Lite for Beaver Builder

Plugin Slug:
powerpack-addon-for-beaver-builder

Installations
8,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.3.1

Severity Score:
High

CVE:

2024-12239

The vulnerability has been patched, so you should update to version 1.3.1.

Primary Addon for Elementor

Plugin:

Primary Addon for Elementor

Plugin Slug:
primary-addon-for-elementor

Installations
8,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.6.2

Severity Score:
Medium

CVE:

2024-54314

The vulnerability has been patched, so you should update to version 1.6.2.

Notibar – Notification Bar for WordPress

Plugin:

Notibar – Notification Bar for WordPress

Plugin Slug:
notibar

Installations
7,000+

Vulnerability:
Arbitrary Code Execution

Patched in Version:
2.1.5

Severity Score:
Medium

CVE:

2024-11012

The vulnerability has been patched, so you should update to version 2.1.5.

Notibar – Notification Bar for WordPress

Plugin:

Notibar – Notification Bar for WordPress

Plugin Slug:
notibar

Installations
7,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.1.5

Severity Score:
Medium

CVE:

2024-54269

The vulnerability has been patched, so you should update to version 2.1.5.

Vimeography: Vimeo Video Gallery WordPress Plugin

Plugin:

Vimeography: Vimeo Video Gallery WordPress Plugin

Plugin Slug:
vimeography

Installations
7,000+

Vulnerability:
Full Path Disclosure (FPD)

Patched in Version:
2.4.5

Severity Score:
Medium

CVE:

2024-54366

The vulnerability has been patched, so you should update to version 2.4.5.

OAuth Single Sign On – SSO (OAuth Client)

Plugin:

OAuth Single Sign On – SSO (OAuth Client)

Plugin Slug:
miniorange-login-with-eve-online-google-facebook

Installations
6,000+

Vulnerability:
Broken Authentication

Patched in Version:
6.26.4

Severity Score:
High

CVE:

2024-10111

The vulnerability has been patched, so you should update to version 6.26.4.

Coupon Affiliates – Affiliate Plugin for WooCommerce

Plugin:

Coupon Affiliates – Affiliate Plugin for WooCommerce

Plugin Slug:
woo-coupon-usage

Installations
5,000+

Vulnerability:
Arbitrary Code Execution

Patched in Version:
5.16.7.2

Severity Score:
Medium

CVE:

2024-12421

The vulnerability has been patched, so you should update to version 5.16.7.2.

WPMobile.App — Android and iOS Mobile Application

Plugin:

WPMobile.App — Android and iOS Mobile Application

Plugin Slug:
wpappninja

Installations
5,000+

Vulnerability:
Arbitrary Code Execution

Patched in Version:
11.53

Severity Score:
Medium

CVE:

2024-12420

The vulnerability has been patched, so you should update to version 11.53.

ElementsReady Addons for Elementor

Plugin:

ElementsReady Addons for Elementor

Plugin Slug:
element-ready-lite

Installations
4,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
6.4.9

Severity Score:
Medium

CVE:

2024-10356

The vulnerability has been patched, so you should update to version 6.4.9.

EventPrime – Events Calendar, Bookings and Tickets

Plugin:

EventPrime – Events Calendar, Bookings and Tickets

Plugin Slug:
eventprime-event-calendar-management

Installations
4,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.0.6.0

Severity Score:
High

CVE:

2024-12024

The vulnerability has been patched, so you should update to version 4.0.6.0.

GEO my WP

Plugin:

GEO my WP

Plugin Slug:
geo-my-wp

Installations
4,000+

Vulnerability:
Broken Access Control

Patched in Version:
4.5.1

Severity Score:
Medium

CVE:

2024-54326

The vulnerability has been patched, so you should update to version 4.5.1.

MStore API – Create Native Android & iOS Apps On The Cloud

Plugin:

MStore API – Create Native Android & iOS Apps On The Cloud

Plugin Slug:
mstore-api

Installations
4,000+

Vulnerability:
Arbitrary File Upload

Patched in Version:
4.16.5

Severity Score:
Medium

CVE:

2024-12042

The vulnerability has been patched, so you should update to version 4.16.5.

WP Crowdfunding

Plugin:

WP Crowdfunding

Plugin Slug:
wp-crowdfunding

Installations
4,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.1.13

Severity Score:
Medium

CVE:

2024-11910

The vulnerability has been patched, so you should update to version 2.1.13.

WP Crowdfunding

Plugin:

WP Crowdfunding

Plugin Slug:
wp-crowdfunding

Installations
4,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.1.13

Severity Score:
Medium

CVE:

2024-11911

The vulnerability has been patched, so you should update to version 2.1.13.

Hash Form – Drag & Drop Form Builder

Plugin:

Hash Form – Drag & Drop Form Builder

Plugin Slug:
hash-form

Installations
3,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.2.2

Severity Score:
Medium

CVE:

2024-12201

The vulnerability has been patched, so you should update to version 1.2.2.

Cognito Forms

Plugin:

Cognito Forms

Plugin Slug:
cognito-forms

Installations
2,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.0.8

Severity Score:
Medium

CVE:

2024-10182

The vulnerability has been patched, so you should update to version 2.0.8.

Falcon – WordPress Optimizations & Tweaks

Plugin:

Falcon – WordPress Optimizations & Tweaks

Plugin Slug:
falcon

Installations
2,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.8.4

Severity Score:
Medium

CVE:

2024-54384

The vulnerability has been patched, so you should update to version 2.8.4.

Online Booking & Scheduling Calendar for WordPress by vcita

Plugin:

Online Booking & Scheduling Calendar for WordPress by vcita

Plugin Slug:
meeting-scheduler-by-vcita

Installations
2,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
4.5.2

Severity Score:
Medium

CVE:

2024-54356

The vulnerability has been patched, so you should update to version 4.5.2.

Active Products Tables for WooCommerce. Use constructor to create tables

Plugin:

Active Products Tables for WooCommerce. Use constructor to create tables

Plugin Slug:
profit-products-tables-for-woocommerce

Installations
2,000+

Vulnerability:
Arbitrary Code Execution

Patched in Version:
1.0.6.6

Severity Score:
High

CVE:

2024-10959

The vulnerability has been patched, so you should update to version 1.0.6.6.

Responsive Filterable Portfolio

Plugin:

Responsive Filterable Portfolio

Plugin Slug:
responsive-filterable-portfolio

Installations
2,000+

Vulnerability:
SQL Injection

Patched in Version:
1.0.9

Severity Score:
Critical

CVE:

2019-25221

The vulnerability has been patched, so you should update to version 1.0.9.

Restaurant & Cafe Addon for Elementor

Plugin:

Restaurant & Cafe Addon for Elementor

Plugin Slug:
restaurant-cafe-addon-for-elementor

Installations
2,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.5.9

Severity Score:
Medium

CVE:

2024-54316

The vulnerability has been patched, so you should update to version 1.5.9.

Restrict – membership, site, content and user access restrictions for WordPress

Plugin:

Restrict – membership, site, content and user access restrictions for WordPress

Plugin Slug:
restricted-content

Installations
2,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
2.2.9

Severity Score:
Medium

CVE:

2024-11351

The vulnerability has been patched, so you should update to version 2.2.9.

Simple Link Directory

Plugin:

Simple Link Directory

Plugin Slug:
simple-link-directory

Installations
2,000+

Vulnerability:
Arbitrary Code Execution

Patched in Version:
8.4.1

Severity Score:
Medium

CVE:

2024-12417

The vulnerability has been patched, so you should update to version 8.4.1.

WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin

Plugin:

WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin

Plugin Slug:
timetics

Installations
2,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.0.28

Severity Score:
Medium

CVE:

2024-11275

The vulnerability has been patched, so you should update to version 1.0.28.

360 Javascript Viewer

Plugin:

360 Javascript Viewer

Plugin Slug:
360deg-javascript-viewer

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.7.30

Severity Score:
Medium

CVE:

2024-12271

The vulnerability has been patched, so you should update to version 1.7.30.

Barcode Scanner and Inventory manager. POS (Point of Sale) – scan barcodes & create orders with barcode reader.

Plugin:

Barcode Scanner and Inventory manager. POS (Point of Sale) – scan barcodes & create orders with barcode reader.

Plugin Slug:
barcode-scanner-lite-pos-to-manage-products-inventory-and-orders

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.6.7

Severity Score:
High

CVE:

2024-54265

The vulnerability has been patched, so you should update to version 1.6.7.

FormFacade – WordPress plugin for Google Forms

Plugin:

FormFacade – WordPress plugin for Google Forms

Plugin Slug:
formfacade

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.3.7

Severity Score:
High

CVE:

2024-54301

The vulnerability has been patched, so you should update to version 1.3.7.

ForumWP – Forum & Discussion Board

Plugin:

ForumWP – Forum & Discussion Board

Plugin Slug:
forumwp

Installations
1,000+

Vulnerability:
PHP Object Injection

Patched in Version:
2.1.1

Severity Score:
Critical

CVE:

2024-54367

The vulnerability has been patched, so you should update to version 2.1.1.

ImageRecycle pdf & image compression

Plugin:

ImageRecycle pdf & image compression

Plugin Slug:
imagerecycle-pdf-image-compression

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.1.17

Severity Score:
High

CVE:

2024-54266

The vulnerability has been patched, so you should update to version 3.1.17.

Memberful – Membership Plugin

Plugin:

Memberful – Membership Plugin

Plugin Slug:
memberful-wp

Installations
1,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
1.74.0

Severity Score:
Medium

CVE:

2024-11294

The vulnerability has been patched, so you should update to version 1.74.0.

Posti Shipping

Plugin:

Posti Shipping

Plugin Slug:
posti-shipping

Installations
1,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
3.10.4

Severity Score:
Medium

CVE:

2024-56005

The vulnerability has been patched, so you should update to version 3.10.4.

Simple Restrict

Plugin:

Simple Restrict

Plugin Slug:
simple-restrict

Installations
1,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
1.2.8

Severity Score:
Medium

CVE:

2024-11106

The vulnerability has been patched, so you should update to version 1.2.8.

RapidLoad – Optimize Web Vitals Automatically

Plugin:

RapidLoad – Optimize Web Vitals Automatically

Plugin Slug:
unusedcss

Installations
1,000+

Vulnerability:
SQL Injection

Patched in Version:
2.4.3

Severity Score:
High

CVE:

2024-11840

The vulnerability has been patched, so you should update to version 2.4.3.

NiceJob

Plugin:

NiceJob

Plugin Slug:
nicejob

Installations
900+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.7.2

Severity Score:
Medium

CVE:

2024-54318

The vulnerability has been patched, so you should update to version 3.7.2.

Property Hive Mortgage Calculator

Plugin:

Property Hive Mortgage Calculator

Plugin Slug:
property-hive-mortgage-calculator

Installations
800+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.0.7

Severity Score:
Medium

CVE:

2024-11940

The vulnerability has been patched, so you should update to version 1.0.7.

Property Hive Stamp Duty Calculator

Plugin:

Property Hive Stamp Duty Calculator

Plugin Slug:
property-hive-stamp-duty-calculator

Installations
800+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.0.23

Severity Score:
Medium

CVE:

2024-12465

The vulnerability has been patched, so you should update to version 1.0.23.

WPC Order Notes for WooCommerce

Plugin:

WPC Order Notes for WooCommerce

Plugin Slug:
woo-order-notes

Installations
800+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.5.3

Severity Score:
High

CVE:

2024-12004

The vulnerability has been patched, so you should update to version 1.5.3.

Quran multilanguage Text & Audio

Plugin:

Quran multilanguage Text & Audio

Plugin Slug:
quran-text-multilanguage

Installations
700+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.3.22

Severity Score:
High

CVE:

2024-11973

The vulnerability has been patched, so you should update to version 2.3.22.

Waymark

Plugin:

Waymark

Plugin Slug:
waymark

Installations
700+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.4.2

Severity Score:
High

CVE:

2024-12325

The vulnerability has been patched, so you should update to version 1.4.2.

WP Pipes

Plugin:

WP Pipes

Plugin Slug:
wp-pipes

Installations
700+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.4.2

Severity Score:
High

CVE:

2024-12283

The vulnerability has been patched, so you should update to version 1.4.2.

AR for WordPress

Plugin:

AR for WordPress

Plugin Slug:
ar-for-wordpress

Installations
600+

Vulnerability:
Broken Access Control

Patched in Version:
7.4

Severity Score:
Low

CVE:

2024-12300

The vulnerability has been patched, so you should update to version 7.4.

Car Dealer (Dealership) and Vehicle sales

Plugin:

Car Dealer (Dealership) and Vehicle sales

Plugin Slug:
cardealer

Installations
600+

Vulnerability:
Broken Access Control

Patched in Version:
4.48

Severity Score:
Medium

CVE:

2024-54298

The vulnerability has been patched, so you should update to version 4.48.

Device Detector

Plugin:

Device Detector

Plugin Slug:
device-detector

Installations
600+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.2.1

Severity Score:
High

CVE:

2024-56010

The vulnerability has been patched, so you should update to version 4.2.1.

Last Viewed Posts by WPBeginner

Plugin:

Last Viewed Posts by WPBeginner

Plugin Slug:
last-viewed-posts

Installations
600+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
1.0.2

Severity Score:
Medium

CVE:

2024-12294

The vulnerability has been patched, so you should update to version 1.0.2.

Out of the Block: OpenStreetMap

Plugin:

Out of the Block: OpenStreetMap

Plugin Slug:
ootb-openstreetmap

Installations
600+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.8.4

Severity Score:
Medium

CVE:

2024-11827

The vulnerability has been patched, so you should update to version 2.8.4.

AIcomments – ??????????? ? ?????? ChatGPT

Plugin:

AIcomments – ??????????? ? ?????? ChatGPT

Plugin Slug:
aicomments

Installations
500+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.4.2

Severity Score:
Medium

CVE:

2024-54307

The vulnerability has been patched, so you should update to version 1.4.2.

CM Answers – Powerful WordPress Forum Plugin

Plugin:

CM Answers – Powerful WordPress Forum Plugin

Plugin Slug:
cm-answers

Installations
500+

Vulnerability:
Broken Access Control

Patched in Version:
3.2.7

Severity Score:
Medium

CVE:

2024-54267

The vulnerability has been patched, so you should update to version 3.2.7.

Cryptocurrency Price Widget

Plugin:

Cryptocurrency Price Widget

Plugin Slug:
cryptocurrency-price-widget

Installations
500+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.2.4

Severity Score:
Medium

CVE:

2024-54308

The vulnerability has been patched, so you should update to version 1.2.4.

iChart – Easy Charts and Graphs

Plugin:

iChart – Easy Charts and Graphs

Plugin Slug:
ichart

Installations
500+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.1.4

Severity Score:
Medium

CVE:

2024-11928

The vulnerability has been patched, so you should update to version 2.1.4.

Mark New Posts

Plugin:

Mark New Posts

Plugin Slug:
mark-new-posts

Installations
500+

Vulnerability:
Broken Access Control

Patched in Version:
7.6

Severity Score:
Medium

CVE:

2024-54311

The vulnerability has been patched, so you should update to version 7.6.

WP Email Log – PostBox

Plugin:

WP Email Log – PostBox

Plugin Slug:
postbox-email-logs

Installations
500+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
1.0.5

Severity Score:
Medium

CVE:

2024-54309

The vulnerability has been patched, so you should update to version 1.0.5.

Spreadr Woocommerce Plugin – Amazon Importer for Dropshipping and Affiliate

Plugin:

Spreadr Woocommerce Plugin – Amazon Importer for Dropshipping and Affiliate

Plugin Slug:
spreadr-for-woocomerce

Installations
500+

Vulnerability:
Arbitrary Content Deletion

Patched in Version:
1.0.5

Severity Score:
High

CVE:

2024-56008

The vulnerability has been patched, so you should update to version 1.0.5.

Spreadr Woocommerce Plugin – Amazon Importer for Dropshipping and Affiliate

Plugin:

Spreadr Woocommerce Plugin – Amazon Importer for Dropshipping and Affiliate

Plugin Slug:
spreadr-for-woocomerce

Installations
500+

Vulnerability:
Broken Access Control

Patched in Version:
1.0.5

Severity Score:
Medium

CVE:

2024-56009

The vulnerability has been patched, so you should update to version 1.0.5.

Themify Store Locator

Plugin:

Themify Store Locator

Plugin Slug:
themify-store-locator

Installations
500+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.2.0

Severity Score:
Medium

CVE:

2024-12414

The vulnerability has been patched, so you should update to version 1.2.0.

WooCommerce Additional Fees On Checkout (Free)

Plugin:

WooCommerce Additional Fees On Checkout (Free)

Plugin Slug:
woo-additional-fees-on-checkout-wordpress

Installations
500+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.4.8

Severity Score:
High

CVE:

2024-12395

The vulnerability has been patched, so you should update to version 1.4.8.

Gutenberg Blocks and Page Layouts – Attire Blocks

Plugin:

Gutenberg Blocks and Page Layouts – Attire Blocks

Plugin Slug:
attire-blocks

Installations
400+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.9.6

Severity Score:
Medium

CVE:

2024-11914

The vulnerability has been patched, so you should update to version 1.9.6.

Projectopia – WordPress Project Management

Plugin:

Projectopia – WordPress Project Management

Plugin Slug:
projectopia-core

Installations
400+

Vulnerability:
Broken Authentication

Patched in Version:
5.1.8

Severity Score:
High

CVE:

2024-54336

The vulnerability has been patched, so you should update to version 5.1.8.

Payment Gateway Per Product for WooCommerce

Plugin:

Payment Gateway Per Product for WooCommerce

Plugin Slug:
woocommerce-product-payments

Installations
400+

Vulnerability:
Broken Access Control

Patched in Version:
3.5.9

Severity Score:
Medium

CVE:

2024-55996

The vulnerability has been patched, so you should update to version 3.5.9.

Check Pincode For Woocommerce

Plugin:

Check Pincode For Woocommerce

Plugin Slug:
check-pincode-for-woocommerce

Installations
300+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.2

Severity Score:
High

CVE:

2024-54333

The vulnerability has been patched, so you should update to version 1.2.

Currency Converter Widget ? PRO

Plugin:

Currency Converter Widget ? PRO

Plugin Slug:
currency-converter-widget-pro

Installations
300+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.0.7

Severity Score:
Medium

CVE:

2024-11760

The vulnerability has been patched, so you should update to version 1.0.7.

NewsmanApp

Plugin:

NewsmanApp

Plugin Slug:
newsmanapp

Installations
300+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.7.7

Severity Score:
Medium

CVE:

2024-11767

The vulnerability has been patched, so you should update to version 2.7.7.

Print Science Designer

Plugin:

Print Science Designer

Plugin Slug:
print-science-designer

Installations
300+

Vulnerability:
PHP Object Injection

Patched in Version:
1.3.153

Severity Score:
Critical

CVE:

2024-12312

The vulnerability has been patched, so you should update to version 1.3.153.

Stop Registration Spam

Plugin:

Stop Registration Spam

Plugin Slug:
stop-registration-spam

Installations
300+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.24

Severity Score:
High

CVE:

2024-56017

The vulnerability has been patched, so you should update to version 1.24.

WP BASE Booking of Appointments, Services and Events

Plugin:

WP BASE Booking of Appointments, Services and Events

Plugin Slug:
wp-base-booking-of-appointments-services-and-events

Installations
300+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.9.2

Severity Score:
High

CVE:

2024-12469

The vulnerability has been patched, so you should update to version 4.9.2.

WP Mailster

Plugin:

WP Mailster

Plugin Slug:
wp-mailster

Installations
300+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.8.18.0

Severity Score:
Medium

CVE:

2024-54355

The vulnerability has been patched, so you should update to version 1.8.18.0.

AutoWP – AI Content Writer & Rewriter

Plugin:

AutoWP – AI Content Writer & Rewriter

Plugin Slug:
autowp-ai-content-writer-rewriter

Installations
200+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.0.9

Severity Score:
Medium

CVE:

2024-54300

The vulnerability has been patched, so you should update to version 2.0.9.

Booking System Trafft

Plugin:

Booking System Trafft

Plugin Slug:
booking-system-trafft

Installations
200+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.0.7

Severity Score:
Medium

CVE:

2024-11754

The vulnerability has been patched, so you should update to version 1.0.7.

dejure.org Vernetzungsfunktion

Plugin:

dejure.org Vernetzungsfunktion

Plugin Slug:
dejureorg-vernetzungsfunktion

Installations
200+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.98.0

Severity Score:
High

CVE:

2024-11417

The vulnerability has been patched, so you should update to version 1.98.0.

Email Reminders

Plugin:

Email Reminders

Plugin Slug:
email-reminders

Installations
200+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.0.5

Severity Score:
Medium

CVE:

2024-11945

The vulnerability has been patched, so you should update to version 2.0.5.

J&T Express Malaysia

Plugin:

J&T Express Malaysia

Plugin Slug:
jt-express

Installations
200+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.0.15

Severity Score:
High

CVE:

2024-54305

The vulnerability has been patched, so you should update to version 2.0.15.

Revi.io – Customer & Products Reviews

Plugin:

Revi.io – Customer & Products Reviews

Plugin Slug:
revi-io-customer-and-product-reviews

Installations
200+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
5.8.0

Severity Score:
High

CVE:

2024-54299

The vulnerability has been patched, so you should update to version 5.8.0.

WordPress Post Grid Layouts with Pagination – Sogrid

Plugin:

WordPress Post Grid Layouts with Pagination – Sogrid

Plugin Slug:
sogrid

Installations
200+

Vulnerability:
Local File Inclusion

Patched in Version:
1.5.7

Severity Score:
High

CVE:

2024-54374

The vulnerability has been patched, so you should update to version 1.5.7.

WordPress Post Grid Layouts with Pagination – Sogrid

Plugin:

WordPress Post Grid Layouts with Pagination – Sogrid

Plugin Slug:
sogrid

Installations
200+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.5.5

Severity Score:
High

CVE:

2024-54352

The vulnerability has been patched, so you should update to version 1.5.5.

Staggs – Product Configurator Toolkit

Plugin:

Staggs – Product Configurator Toolkit

Plugin Slug:
staggs

Installations
200+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.1.0

Severity Score:
High

CVE:

2024-54342

The vulnerability has been patched, so you should update to version 2.1.0.

Lifetime free Drag & Drop Contact Form Builder for WordPress VForm

Plugin:

Lifetime free Drag & Drop Contact Form Builder for WordPress VForm

Plugin Slug:
v-form

Installations
200+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.0.1

Severity Score:
High

CVE:

2024-54302

The vulnerability has been patched, so you should update to version 3.0.1.

Video & Photo Gallery for Ultimate Member

Plugin:

Video & Photo Gallery for Ultimate Member

Plugin Slug:
gallery-for-ultimate-member

Installations
100+

Vulnerability:
Arbitrary File Upload

Patched in Version:
1.1.1

Severity Score:
Critical

CVE:

2024-54370

The vulnerability has been patched, so you should update to version 1.1.1.

Gou Manage My Account Menu – User Roles

Plugin:

Gou Manage My Account Menu – User Roles

Plugin Slug:
gou-wc-account-tabs

Installations
100+

Vulnerability:
Broken Access Control

Patched in Version:
1.0.1.9

Severity Score:
Medium

CVE:

2024-54310

The vulnerability has been patched, so you should update to version 1.0.1.9.

ICDSoft Reseller Store

Plugin:

ICDSoft Reseller Store

Plugin Slug:
icdsoft-reseller-store

Installations
100+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.5.0

Severity Score:
High

CVE:

2024-54320

The vulnerability has been patched, so you should update to version 2.5.0.

Ksher

Plugin:

Ksher

Plugin Slug:
ksher-payment

Installations
100+

Vulnerability:
Settings Change

Patched in Version:
1.1.2

Severity Score:
Medium

CVE:

2024-56001

The vulnerability has been patched, so you should update to version 1.1.2.

Media Downloader

Plugin:

Media Downloader

Plugin Slug:
media-downloader

Installations
100+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
0.4.7.5

Severity Score:
High

CVE:

2024-54322

The vulnerability has been patched, so you should update to version 0.4.7.5.

CRM Perks – WordPress HelpDesk Integration – Zendesk, Freshdesk, HelpScout

Plugin:

CRM Perks – WordPress HelpDesk Integration – Zendesk, Freshdesk, HelpScout

Plugin Slug:
support-x

Installations
100+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.1.7

Severity Score:
Medium

CVE:

2024-12443

The vulnerability has been patched, so you should update to version 1.1.7.

Invoice Payment for WooCommerce

Plugin:

Invoice Payment for WooCommerce

Plugin Slug:
invoice-payment-for-woocommerce

Installations
90+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.0.0

Severity Score:
High

CVE:

2024-54328

The vulnerability has been patched, so you should update to version 2.0.0.

Seraphinite Bulk Discounts for WooCommerce

Plugin:

Seraphinite Bulk Discounts for WooCommerce

Plugin Slug:
seraphinite-discount-for-woocommerce

Installations
90+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.4.7

Severity Score:
High

CVE:

2024-12160

The vulnerability has been patched, so you should update to version 2.4.7.

Hurrakify

Plugin:

Hurrakify

Plugin Slug:
hurrakify

Installations
80+

Vulnerability:
Server Side Request Forgery (SSRF)

Patched in Version:
8.0.1

Severity Score:
High

CVE:

2024-54330

The vulnerability has been patched, so you should update to version 8.0.1.

SMS for WooCommerce

Plugin:

SMS for WooCommerce

Plugin Slug:
wc-sms

Installations
80+

Vulnerability:
Broken Access Control

Patched in Version:
2.8.1.1

Severity Score:
High

CVE:

2024-12220

The vulnerability has been patched, so you should update to version 2.8.1.1.

Hive Support | AI-Powered Help Desk, Live Chat & AI Chat Bot Plugin for WordPress

Plugin:

Hive Support | AI-Powered Help Desk, Live Chat & AI Chat Bot Plugin for WordPress

Plugin Slug:
hive-support

Installations
70+

Vulnerability:
SQL Injection

Patched in Version:
1.1.3

Severity Score:
High

CVE:

2024-54304

The vulnerability has been patched, so you should update to version 1.1.3.

Hive Support | AI-Powered Help Desk, Live Chat & AI Chat Bot Plugin for WordPress

Plugin:

Hive Support | AI-Powered Help Desk, Live Chat & AI Chat Bot Plugin for WordPress

Plugin Slug:
hive-support

Installations
70+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.1.3

Severity Score:
Medium

CVE:

2024-54321

The vulnerability has been patched, so you should update to version 1.1.3.

AIKCT Engine Chatbot, ChatGPT, Gemini, GPT-4o Best AI Chatbot

Plugin:

AIKCT Engine Chatbot, ChatGPT, Gemini, GPT-4o Best AI Chatbot

Plugin Slug:
ai-seo-translator

Installations
60+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.6.3

Severity Score:
Medium

CVE:

2024-54306

The vulnerability has been patched, so you should update to version 1.6.3.

LabelGrid Tools

Plugin:

LabelGrid Tools

Plugin Slug:
label-grid-tools

Installations
60+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.3.59

Severity Score:
High

CVE:

2024-54341

The vulnerability has been patched, so you should update to version 1.3.59.

Simple Payment

Plugin:

Simple Payment

Plugin Slug:
simple-payment

Installations
60+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.3.8

Severity Score:
High

CVE:

2024-54303

The vulnerability has been patched, so you should update to version 2.3.8.

CarDealerPress

Plugin:

CarDealerPress

Plugin Slug:
cardealerpress

Installations
50+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
6.7.2411.00

Severity Score:
High

CVE:

2024-54325

The vulnerability has been patched, so you should update to version 6.7.2411.00.

CE21 Suite

Plugin:

CE21 Suite

Plugin Slug:
ce21-suite

Installations
30+

Vulnerability:
Privilege Escalation

Patched in Version:
2.2.1

Severity Score:
Critical

CVE:

2024-54293

The vulnerability has been patched, so you should update to version 2.2.1.

EduAdmin Booking

Plugin:

EduAdmin Booking

Plugin Slug:
eduadmin-booking

Installations
30+

Vulnerability:
Local File Inclusion

Patched in Version:
5.3.0

Severity Score:
High

CVE:

2024-54373

The vulnerability has been patched, so you should update to version 5.3.0.

Hack-Info

Plugin:

Hack-Info

Plugin Slug:
hack-info

Installations
30+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
3.18

Severity Score:
High

CVE:

2024-54353

The vulnerability has been patched, so you should update to version 3.18.

FloristPress – Customize your Woo store for your Florist

Plugin:

FloristPress – Customize your Woo store for your Florist

Plugin Slug:
bakkbone-florist-companion

Installations
10+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
7.3.0

Severity Score:
High

CVE:

2024-54347

The vulnerability has been patched, so you should update to version 7.3.0.

CleverNode Related Content

Plugin:

CleverNode Related Content

Plugin Slug:
clevernode-related-content

Installations
10+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.1.6

Severity Score:
High

CVE:

2024-54329

The vulnerability has been patched, so you should update to version 1.1.6.

Connect Contact Form 7 to Constant Contact V3

Plugin:

Connect Contact Form 7 to Constant Contact V3

Plugin Slug:
connect-contact-form-7-to-constant-contact-v3

Installations
10+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.5

Severity Score:
High

CVE:

2024-54343

The vulnerability has been patched, so you should update to version 1.5.

Fancy Roller Scroller

Plugin:

Fancy Roller Scroller

Plugin Slug:
fancy-roller-scroller

Installations
10+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.4.1

Severity Score:
High

CVE:

2024-54351

The vulnerability has been patched, so you should update to version 1.4.1.

I Plant A Tree

Plugin:

I Plant A Tree

Plugin Slug:
i-plant-a-tree

Installations
10+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.7.4

Severity Score:
High

CVE:

2024-54331

The vulnerability has been patched, so you should update to version 1.7.4.

ImmoToolBox Connect

Plugin:

ImmoToolBox Connect

Plugin Slug:
immotoolbox-connect

Installations
10+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.4.0

Severity Score:
High

CVE:

2024-54335

The vulnerability has been patched, so you should update to version 1.4.0.

Newsletter, Email Marketing, Email Subscriber – Mail Picker

Plugin:

Newsletter, Email Marketing, Email Subscriber – Mail Picker

Plugin Slug:
mail-picker

Installations
10+

Vulnerability:
PHP Object Injection

Patched in Version:
1.0.15

Severity Score:
Critical

CVE:

2024-54273

The vulnerability has been patched, so you should update to version 1.0.15.

Simple Presenter

Plugin:

Simple Presenter

Plugin Slug:
simple-presenter

Installations
10+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.5.2

Severity Score:
High

CVE:

2024-54340

The vulnerability has been patched, so you should update to version 1.5.2.

SMSify

Plugin:

SMSify

Plugin Slug:
smsify

Installations
10+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
6.1.0

Severity Score:
High

CVE:

2024-54324

The vulnerability has been patched, so you should update to version 6.1.0.

UNIVERSAM

Plugin:

UNIVERSAM

Plugin Slug:
universam-demo

Installations
10+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
8.59

Severity Score:
High

CVE:

2024-54327

The vulnerability has been patched, so you should update to version 8.59.

WP Currency Exchange Rates

Plugin:

WP Currency Exchange Rates

Plugin Slug:
wp-currency-exchange-rates

Installations
10+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.3.0

Severity Score:
High

CVE:

2024-54332

The vulnerability has been patched, so you should update to version 1.3.0.

WP Quick Shop

Plugin:

WP Quick Shop

Plugin Slug:
wp-quick-shop

Installations
10+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.3.2

Severity Score:
High

CVE:

2024-54344

The vulnerability has been patched, so you should update to version 1.3.2.

DX Dark Site

Plugin:

DX Dark Site

Plugin Slug:
devrix-dark-site

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.1.1

Severity Score:
High

CVE:

2024-54337

The vulnerability has been patched, so you should update to version 1.1.1.

FooGallery Premium

Plugin:

FooGallery Premium

Plugin Slug:
foogallery-premium

Vulnerability:
Directory Traversal

Patched in Version:
2.4.27

Severity Score:
High

CVE:

2023-6947

The vulnerability has been patched, so you should update to version 2.4.27.

GeoFlickr

Plugin:

GeoFlickr

Plugin Slug:
geoflickr

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.4

Severity Score:
High

CVE:

2024-54339

The vulnerability has been patched, so you should update to version 1.4.

Hello Event Widgets For Elementor

Plugin:

Hello Event Widgets For Elementor

Plugin Slug:
hello-event-widgets-for-elementor

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.1.0

Severity Score:
Medium

CVE:

2024-54338

The vulnerability has been patched, so you should update to version 1.1.0.

WP SuperBackup

Plugin:

WP SuperBackup

Plugin Slug:
indeed-wp-superbackup

Vulnerability:
Arbitrary File Upload

Patched in Version:
2.4

Severity Score:
Critical

CVE:

2024-9290

The vulnerability has been patched, so you should update to version 2.4.

Kundgenerator

Plugin:

Kundgenerator

Plugin Slug:
kundgenerator

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.0.7

Severity Score:
High

CVE:

2024-54319

The vulnerability has been patched, so you should update to version 1.0.7.

Quran Phrases About Most People Shortcodes

Plugin:

Quran Phrases About Most People Shortcodes

Plugin Slug:
quran-phrases-about-most-people-shortcodes

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.5

Severity Score:
Medium

CVE:

2024-54334

The vulnerability has been patched, so you should update to version 1.5.

Responsive Google Maps | by imbaa

Plugin:

Responsive Google Maps | by imbaa

Plugin Slug:
responsive-google-maps

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.2.7

Severity Score:
Medium

CVE:

2024-56011

The vulnerability has been patched, so you should update to version 1.2.7.

Termin-Kalender

Plugin:

Termin-Kalender

Plugin Slug:
termin-kalender

Vulnerability:
Broken Access Control

Patched in Version:
1.00.04

Severity Score:
Medium

CVE:

2024-54354

The vulnerability has been patched, so you should update to version 1.00.04.

WooCommerce PDF Vouchers

Plugin:

WooCommerce PDF Vouchers

Plugin Slug:
woocommerce-pdf-vouchers

Vulnerability:
Privilege Escalation

Patched in Version:
4.9.9

Severity Score:
Critical

CVE:

2024-54383

The vulnerability has been patched, so you should update to version 4.9.9.

WP All Import Pro

Plugin:

WP All Import Pro

Plugin Slug:
wp-all-import-pro

Vulnerability:
Server Side Request Forgery (SSRF)

Patched in Version:
4.9.4

Severity Score:
Medium

CVE:

2024-9624

The vulnerability has been patched, so you should update to version 4.9.4.

WordPress Themes — 8 Patched / 2 Unpatched

Olivia

Theme:

Olivia

Theme Slug:
olivia

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-56014

The vulnerability has not been patched. You should switch themes.

Zerif Lite

Theme:

Zerif Lite

Theme Slug:
zerif-lite

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

The vulnerability has not been patched. You should switch themes.

Barter

Theme:

Barter

Theme Slug:
barter

Downloads
7,610

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.7

Severity Score:
Medium

CVE:

2024-54346

The vulnerability has been patched, so you should update to version 1.7.

Bicycleshop

Theme:

Bicycleshop

Theme Slug:
bicycleshop

Downloads
9,127

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.6

Severity Score:
Medium

CVE:

2024-54345

The vulnerability has been patched, so you should update to version 1.6.

Brand

Theme:

Brand

Theme Slug:
brand

Downloads
32,921

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.1.7

Severity Score:
Medium

CVE:

2024-54348

The vulnerability has been patched, so you should update to version 1.1.7.

hmd

Theme:

hmd

Theme Slug:
hmd

Downloads
892

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.2

Severity Score:
High

CVE:

2024-54350

The vulnerability has been patched, so you should update to version 2.2.

Plain Post

Theme:

Plain Post

Theme Slug:
plain-post

Downloads
1,459

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.0.4

Severity Score:
Medium

CVE:

2024-54349

The vulnerability has been patched, so you should update to version 1.0.4.

Avada

Theme:

Avada

Theme Slug:
avada

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
7.11.11

Severity Score:
Medium

CVE:

2024-54357

The vulnerability has been patched, so you should update to version 7.11.11.

Woffice

Theme:

Woffice

Theme Slug:
woffice

Vulnerability:
Broken Authentication

Patched in Version:
5.4.15

Severity Score:
Critical

CVE:

2024-43234

The vulnerability has been patched, so you should update to version 5.4.15.

WoodMart

Theme:

WoodMart

Theme Slug:
woodmart

Vulnerability:
Arbitrary Code Execution

Patched in Version:
8.0.4

Severity Score:
Medium

CVE:

2024-12333

The vulnerability has been patched, so you should update to version 8.0.4.

window[“91949fd6_d510_43bc_8fec_16f2a437a0ed”] = {“blockId”:”91949fd6-d510-43bc-8fec-16f2a437a0ed”,”className”:””,”heading”:”Solid Security is part of Solid Suite u2014 The best foundation for WordPress websites.”,”text”:”Every WordPress site needs security, backups, and management tools. Thatu2019s Solid Suite u2014 an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academyu2019s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!”,”buttonText”:”Get Solid Security”,”buttonLink”:”/pricing”,”buttonTarget”:”_self”,”buttonRel”:””};

Solid Security is part of Solid Suite — The best foundation for WordPress websites.

Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!

Get Solid Security

The post WordPress Vulnerability Report — December 18, 2024 appeared first on SolidWP.

Keep reading the article at Blog – SolidWP. The article was originally written by Sarah Zuercher on 2024-12-18 09:30:00.

The article was hand-picked and curated for you by the Editorial Team of WP Archives.

Disclosure: Some of the links in this post are "affiliate links." This means if you click on the link and purchase the product, We may receive an affiliate commission.

Previous Post
Next Post

Related Posts

WordPress Vulnerability Roundup: March , Part 1

WordPress

Customizing WordPress User Roles With Branda

WordPress

20 Best React Dashboard Templates For Killer Applications –

WordPress

Booknetic: WordPress Appointments & Booking –

WordPress

Quickly & Easily Build Popups with WP Popups Pro –

WordPress

How Much Does a Domain Name Really Cost

WordPress

Leave a Comment Cancel Reply
Your email address will not be published. Required fields are marked *
Type here..

Name*

Email*

Website

Save my name, email, and website in this browser for the next time I comment.

Notify me of follow-up comments by email.
Notify me of new posts by email.

Δ

WordPress Vulnerability Report — October 23, 2024
WordPress

In this report, 312 vulnerabilities have been publicly disclosed. Security patches for 131 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 181 plugin and theme vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

Along with poor user account security, vulnerable plugins and themes are among the top reasons why WordPress websites get hacked. Unfortunately, cyberattacks are increasing in volume and sophistication. They’re also increasingly aimed at small to mid-sized businesses.

Table of Contents

1. WordPress Core

2. WordPress Plugins — 130 Patched / 176 Unpatched

2.1
Email Template Customizer for WooCommerce

2.2
Custom Icons for Elementor

2.3
CURCY – Multi Currency for WooCommerce – The best free currency exchange plugin – Run smoothly on WooCommerce 8.x

2.4
G Meta Keywords

2.5
Surfer – WordPress Plugin

2.6
Edwiser Bridge – WordPress Moodle LMS Integration

2.7
Edwiser Bridge – WordPress Moodle LMS Integration

2.8
Lightbox slider – Responsive Lightbox Gallery

2.9
WordPress Portfolio Builder – Portfolio Gallery

2.10
Pinpoint Booking System – #1 WordPress Booking Plugin

2.11
Custom Add to Cart Button Label and Link

2.12
Zoho CRM Lead Magnet

2.13
Hyperlink Group Block

2.14
Animator – Scroll Triggered Animations

2.15
DPD Baltic Shipping

2.16
Omnipress

2.17
UltraAddons – Elementor Addons (Header Footer Builder, Custom Font, Custom CSS,Woo Widget, Menu Builder, Anywhere Elementor Shortcode)

2.18
WP SendFox

2.19
Simple Testimonials Showcase

2.20
TAKETIN To WP Membership

2.21
Easy Addons for Elementor

2.22
UltimateAI

2.23
UltimateAI

2.24
AB Categories Search Widget

2.25
ACL Floating Cart for WooCommerce

2.26
Add Categories Post Footer

2.27
ADIF Log Search Widget

2.28
Advanced Advertising System

2.29
Affiliator

2.30
Agile Video Player Lite

2.31
Ahime Image Printer

2.32
Ahmeti Wp Timeline

2.33
AI Image Generator for Your Content & Featured Images – AI Postpix

2.34
Ajax Custom CSS/JS

2.35
ajax-extend

2.36
Ajax Rating with Custom Login

2.37
Akismet htaccess writer

2.38
All in One Slider

2.39
Analyse Uploads

2.40
Apa Banner Slider

2.41
APA Register Newsletter Form

2.42
Arkhe Blocks

2.43
Author Discussion

2.44
AVChat Video Chat

2.45
Azz Anonim Posting

2.46
Back Link Tracker

2.47
Banner Slider

2.48
Bet WC 2018 Russia

2.49
Better Author Bio

2.50
BuddyPress Better Registration

2.51
Booking.com Banner Creator

2.52
BuddyPress Greeting Message

2.53
BP Member Type Manager

2.54
Branding

2.55
Bulk images optimizer

2.56
bVerse Convert

2.57
Campus Explorer Widget

2.58
chatplusjp

2.59
CJ Change Howdy

2.60
Client Power Tools Portal

2.61
Code Generate

2.62
Cookie Scanner

2.63
Coub

2.64
Country Flags for Elementor

2.65
Crazy Call To Action Box

2.66
cSlider

2.67
CSV Product Import Export for WooCommerce

2.68
CWD 3D Image Gallery

2.69
Digital Lottery

2.70
DocumentPress

2.71
Duplicate Title Validate

2.72
Dynamic Elementor Addons

2.73
Easy Menu Manager

2.74
Easy Post Types

2.75
Easy Post Types

2.76
Easy Post Types

2.77
EKC Tournament Manager

2.78
Elemenda

2.79
Extra Privacy for Elementor

2.80
Feed Comments Number

2.81
FERMA.ru.net

2.82
Whitelist

2.83
Flat UI Button

2.84
FREE DOWNLOAD MANAGER

2.85
Free Stock Photos Foter

2.86
Gantry 4 Framework

2.87
GERRYWORKS Post by Mail

2.88
GetResponse Forms

2.89
Giveaway Boost

2.90
Google Docs RSVP

2.91
Google Map Locations

2.92
GoogleDrive folder list

2.93
TeploBot – Telegram Bot for WP

2.94
iBryl Switch User

2.95
Infinite-Scroll

2.96
INK Official

2.97
Job Board Manager for WordPress

2.98
JiangQie Free Mini Program

2.99
jLayer Parallax Slider

2.100
Kento Post View Counter

2.101
LaTeX2HTML

2.102
leenk.me

2.103
WordPress Gallery Plugin – Limb Image Gallery

2.104
WordPress Gallery Plugin – Limb Image Gallery

2.105
Linked Variation for WooCommerce

2.106
Contact Forms, Live Support, CRM, Video Messages

2.107
Maan Addons For Elementor

2.108
Local Business Addons For Elementor

2.109
El mejor Cluster

2.110
Mighty Builder

2.111
Mitm Bug Tracker

2.112
Monitor.chat

2.113
Movie Database

2.114
My Reading Library

2.115
MyTweetLinks

2.116
Nice Backgrounds

2.117
PDF-Rechnungsverwaltung

2.118
Photo Gallery Builder

2.119
photokit

2.120
Property Lot Management System

2.121
Portfolleo

2.122
Product Customizer Light

2.123
Product Website Showcase

2.124
Rate Own Post

2.125
Recently

2.126
3D Work In Progress

2.127
3D Work In Progress

2.128
WP REST API FNS

2.129
WP REST API FNS

2.130
Risk Warning Bar

2.131
RS-Members

2.132
SafetyForms

2.133
SEO Manager

2.134
SermonAudio Widgets

2.135
Shipyaari Shipping Management

2.136
Simple Code Insert Shortcode

2.137
Simple Custom Admin

2.138
Simple Load More

2.139
SiteBuilder Dynamic Components

2.140
Affiliate Platform

2.141
Social Link Groups

2.142
Social Share With Floating Bar

2.143
Sovratec Case Management

2.144
SSV Events

2.145
SSV MailChimp

2.146
Suki Sites Import

2.147
SVG Captcha

2.148
SW Contact Form

2.149
Table of Contents Plus

2.150
Tida URL Screenshot

2.151
Tito

2.152
Todo Custom Field

2.153
uCAT – Next Story

2.154
Unlimited Addon For Elementor

2.155
Adding drop down roles in registration

2.156
Verbalize WP

2.157
VKontakte Wall Post

2.158
Web Bricks Addons for Elementor

2.159
Woocommerce Custom Profile Picture

2.160
Edit WooCommerce Templates

2.161
Woo Manage Fraud Orders

2.162
Parcel Pro

2.163
WooCommerce Maintenance Mode

2.164
Woostagram Connect

2.165
WordPress Video

2.166
Category and Taxonomy Image

2.167
Category and Taxonomy Meta Fields

2.168
Category and Taxonomy Meta Fields

2.169
Category and Taxonomy Meta Fields

2.170
WP Dropbox Dropins

2.171
WordPress Image SEO

2.172
Simple User Registration

2.173
SendGrid for WordPress

2.174
WP-Spreadplugin

2.175
wpPricing Builder

2.176
Wsify Widget

2.177
Elementor Website Builder – More than Just a Page Builder

2.178
WooCommerce

2.179
All-in-One WP Migration and Backup

2.180
Jetpack – WP Security, Backup, Speed, & Growth

2.181
Secure Custom Fields

2.182
Forminator Forms – Contact Form, Payment Form & Custom Form Builder

2.183
Forminator Forms – Contact Form, Payment Form & Custom Form Builder

2.184
Royal Elementor Addons and Templates

2.185
Ad Inserter – Ad Manager & AdSense Ads

2.186
Simple Custom Post Order

2.187
Unlimited Elements For Elementor (Free Widgets, Addons, Templates)

2.188
Responsive Lightbox & Gallery

2.189
Custom Twitter Feeds – A Tweets Widget or X Feed Widget

2.190
GiveWP – Donation Plugin and Fundraising Platform

2.191
Translate WordPress – Google Language Translator

2.192
Schema & Structured Data for WP & AMP

2.193
Discount Rules for WooCommerce – Create Smart WooCommerce Coupons & Discounts, Bulk Discount, BOGO Coupons

2.194
WP Content Copy Protection & No Right Click

2.195
SlimStat Analytics

2.196
WP ULike – All-in-One Engagement Toolkit

2.197
Exclusive Addons for Elementor

2.198
WP-Members Membership Plugin

2.199
Calculated Fields Form

2.200
Qi Blocks

2.201
Photo Gallery, Images, Slider in Rbs Image Gallery

2.202
Simple Membership

2.203
Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates)

2.204
Product Filter by WBW

2.205
Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin

2.206
Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin

2.207
Themesflat Addons For Elementor

2.208
WPIDE – File Manager & Code Editor

2.209
Timetable and Event Schedule by MotoPress

2.210
?????? ????? ??????? Persian WooCommerce SMS

2.211
VOD Infomaniak

2.212
Logo Slider – Logo Carousel, Logo Showcase & Client Logo Slider WordPress Plugin

2.213
Co-Authors, Multiple Authors and Guest Authors in an Author Box with PublishPress Authors

2.214
Backup and Staging by WP Time Capsule

2.215
AffiliateX – Affiliate Blocks for WordPress, Amazon, eBay, AliExpress Affiliates

2.216
Mega Elements – Addons for Elementor

2.217
Multiline files upload for contact form 7

2.218
WooCommerce Bulk Edit Products, Orders, Coupons, Any WordPress Post Type (Advanced) – Smart Manager

2.219
WP Photo Album Plus

2.220
WP VR – 360 Panorama and Virtual Tour Builder For WordPress

2.221
WP VR – 360 Panorama and Virtual Tour Builder For WordPress

2.222
Add Widget After Content

2.223
Contact Form by Supsystic

2.224
Awesome Contact Form7 for Elementor

2.225
Events Addon for Elementor

2.226
Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress Plugin

2.227
Primary Addon for Elementor

2.228
Admin Management Xtended

2.229
Customer Email Verification for WooCommerce

2.230
WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting

2.231
ProfileGrid – User Profiles, Groups and Communities

2.232
Kama SpamBlock

2.233
WP Popup Builder – Popup Forms and Marketing Lead Generation

2.234
Arconix Shortcodes

2.235
ElementsReady Addons for Elementor

2.236
ElementInvader Addons for Elementor

2.237
ElementInvader Addons for Elementor

2.238
WPKoi Templates for Elementor

2.239
PeproDev Ultimate Invoice

2.240
Fonto – Custom Web Fonts Manager

2.241
Parallax Image

2.242
Community by PeepSo – Social Network, Membership, Registration, User Profiles, Premium – Mobile App

2.243
RSS Feed Widget

2.244
Accordion Slider

2.245
Anchor Episodes Index (Spotify for Podcasters)

2.246
Smart Online Order for Clover

2.247
Smart Online Order for Clover

2.248
Flexmls® IDX Plugin

2.249
Htaccess File Editor – Easily Edit, Backup, Restore .htaccess file

2.250
Leyka

2.251
MAS Companies For WP Job Manager

2.252
My Wp Brand – Hide menu & Hide Plugin

2.253
Smart Blocks

2.254
WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin

2.255
Advanced Category and Custom Taxonomy Image

2.256
AppPresser – Mobile App Framework

2.257
Great Restaurant Menu WP

2.258
Clio Grow Form

2.259
Encyclopedia / Glossary / Wiki

2.260
HD Quiz – Save Results Light

2.261
IdeaPush

2.262
Landing Page Cat – Coming Soon Page, Maintenance Page & Squeeze Pages

2.263
Locatoraid Store Locator

2.264
Most And Least Read Posts Widget

2.265
My Favorites

2.266
myCred Elementor

2.267
News Kit Elementor Addons

2.268
ReDi Restaurant Reservation

2.269
WordPress Social Share Buttons

2.270
StreamWeasels Twitch Integration

2.271
Sunshine Photo Cart: Free Client Photo Galleries for Photographers

2.272
Click to Chat – WP Support All-in-One Floating Widget

2.273
Click to Chat – WP Support All-in-One Floating Widget

2.274
WP Flow Plus

2.275
Photo Gallery Slideshow & Masonry Tiled Gallery

2.276
The Ultimate WordPress Toolkit – WP Extended

2.277
Zita Elementor Site Library

2.278
SendPulse Free Web Push

2.279
MAS Elementor

2.280
Time Clock – A WordPress Employee & Volunteer Time Clock Plugin

2.281
WP Sessions Time Monitoring Full Automatic

2.282
Plexx Elementor Extension

2.283
AADMY – Add Auto Date Month Year Into Posts

2.284
Rover IDX

2.285
Rover IDX

2.286
Da Reactions

2.287
Point Maker

2.288
Endless Posts Navigation

2.289
Miniorange OTP Verification with Firebase

2.290
Miniorange OTP Verification with Firebase

2.291
Miniorange OTP Verification with Firebase

2.292
WP 2FA with Telegram

2.293
WP 2FA with Telegram

2.294
WP Education – Education WordPress Plugin for Elementor

2.295
Debrandify · Remove or Replace WordPress Branding

2.296
Advanced Custom Fields PRO

2.297
Cooked Pro

2.298
Cooked Pro

2.299
Cooked Pro

2.300
EventON Pro

2.301
Nextend Social Login Pro

2.302
Social Auto Poster

2.303
Time Clock Pro

2.304
File Manager Pro

2.305
File Manager Pro

2.306
File Manager Pro

3. WordPress Themes — 1 Patched / 5 Unpatched

3.1
Digitally

3.2
disconnected

3.3
js paper

3.4
my flatonica

3.5
my wooden under construction

3.6
Mags

Our WordPress Vulnerability Report covers the latest emerging WordPress plugin, theme, and core vulnerabilities. Each vulnerability will have a severity rating of Low, Medium, High, or Critical. Responsible disclosure of vulnerabilities is essential to keeping the WordPress community safe. Please share this report to help spread the word and make WordPress — and the web — more secure.

WordPress Core

WordPress 6.7 Beta 3 is available and ready for testing! This beta version of the WordPress software is under development. Please do not install, run, or test this version of WordPress on production or mission-critical websites. Instead, it is recommended you evaluate Beta 3 on a test server and site.

No new core vulnerabilities were disclosed this week.

WordPress Plugins — 130 Patched / 176 Unpatched

Plugin Slug:
email-template-customizer-for-woo

Installations
30,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
custom-icons-for-elementor

Installations
20,000+

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
woo-multi-currency

Installations
20,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
g-meta-keywords

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
surferseo

Installations
7,000+

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
edwiser-bridge

Installations
5,000+

Vulnerability:
Server Side Request Forgery (SSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
edwiser-bridge

Installations
5,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
simple-lightbox-gallery

Installations
5,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
uber-grid

Installations
5,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
booking-system

Installations
4,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
woo-custom-cart-button

Installations
4,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
zoho-crm-forms

Installations
4,000+

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
hyperlink-group-block

Installations
3,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
scroll-triggered-animations

Installations
3,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
woo-shipping-dpd-baltic

Installations
2,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
omnipress

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
ultraaddons-elementor-lite

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
wp-sendfox

Installations
1,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
simple-testimonials-showcase

Installations
900+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
taketin-to-wp-membership

Installations
60+

Vulnerability:
PHP Object Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
easy-addons-for-elementor

Installations
10+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

UltimateAI

Plugin Slug:
Ultimate_AI

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

UltimateAI

Plugin Slug:
Ultimate_AI

Vulnerability:
Broken Authentication

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

AB Categories Search Widget

Plugin Slug:
ab-categories-search-widget

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

ACL Floating Cart for WooCommerce

Plugin Slug:
acl-floating-cart-for-woocommerce

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Add Categories Post Footer

Plugin Slug:
add-categories-post-footer

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

ADIF Log Search Widget

Plugin Slug:
adif-log-search-widget

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Advanced Advertising System

Plugin Slug:
advanced-advertising-system

Vulnerability:
PHP Object Injection

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

Affiliator

Plugin Slug:
affiliator-lite

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

Agile Video Player Lite

Plugin Slug:
agile-video-player

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Ahime Image Printer

Plugin Slug:
ahime-image-printer

Vulnerability:
Arbitrary File Download

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Ahmeti Wp Timeline

Plugin Slug:
ahmeti-wp-timeline

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

AI Image Generator for Your Content & Featured Images – AI Postpix

Plugin Slug:
ai-postpix

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

Ajax Custom CSS/JS

Plugin Slug:
ajax-awesome-css

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

ajax-extend

Plugin Slug:
ajax-extend

Vulnerability:
Remote Code Execution (RCE)

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

Ajax Rating with Custom Login

Plugin Slug:
ajax-rating-with-custom-login

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

Akismet htaccess writer

Plugin Slug:
akismet-htaccess-writer

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

All in One Slider

Plugin Slug:
all-in-one-slider

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Analyse Uploads

Plugin Slug:
analyse-uploads

Vulnerability:
Arbitrary File Deletion

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Apa Banner Slider

Plugin Slug:
apa-banner-slider

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

APA Register Newsletter Form

Plugin Slug:
apa-register-newsletter-form

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Arkhe Blocks

Plugin Slug:
arkhe-blocks

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Author Discussion

Plugin Slug:
author-discussion

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin:

AVChat Video Chat

Plugin Slug:
avchat-3

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Azz Anonim Posting

Plugin Slug:
azz-anonim-posting

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

Back Link Tracker

Plugin Slug:
back-link-tracker

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Banner Slider

Plugin Slug:
banner-slider

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Bet WC 2018 Russia

Plugin Slug:
bet-wc-2018-russia

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Better Author Bio

Plugin Slug:
better-author-bio

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

BuddyPress Better Registration

Plugin Slug:
better-bp-registration

Vulnerability:
Broken Authentication

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

Booking.com Banner Creator

Plugin Slug:
bookingcom-banner-creator

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

BuddyPress Greeting Message

Plugin Slug:
bp-greeting-message

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

BP Member Type Manager

Plugin Slug:
bp-member-type-manager

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Branding

Plugin Slug:
branding

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Bulk images optimizer

Plugin Slug:
bulk-image-resizer

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

bVerse Convert

Plugin Slug:
bverse-convert

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Campus Explorer Widget

Plugin Slug:
campus-explorer-widget

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

chatplusjp

Plugin Slug:
chatplusjp

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

CJ Change Howdy

Plugin Slug:
cj-change-howdy

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Client Power Tools Portal

Plugin Slug:
client-power-tools

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Code Generate

Plugin Slug:
code-generator

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Cookie Scanner

Plugin Slug:
cookie-scanner

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Coub

Plugin Slug:
coub

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Country Flags for Elementor

Plugin Slug:
country-flags-for-elementor

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Crazy Call To Action Box

Plugin Slug:
crazy-call-to-action-box

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

cSlider

Plugin Slug:
cslider

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

CSV Product Import Export for WooCommerce

Plugin Slug:
csv-wc-product-import-export

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin:

CWD 3D Image Gallery

Plugin Slug:
cwd-3d-image-gallery

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Digital Lottery

Plugin Slug:
digital-lottery

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

DocumentPress

Plugin Slug:
documentpress-display-any-document-on-your-site

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Duplicate Title Validate

Plugin Slug:
duplicate-title-validate

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Dynamic Elementor Addons

Plugin Slug:
dynamic-elementor-addons

Vulnerability:
Local File Inclusion

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Easy Menu Manager

Plugin Slug:
easy-menu-manager-wpzest

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Easy Post Types

Plugin Slug:
easy-post-types

Vulnerability:
PHP Object Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Easy Post Types

Plugin Slug:
easy-post-types

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Easy Post Types

Plugin Slug:
easy-post-types

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

EKC Tournament Manager

Plugin Slug:
ekc-tournament-manager

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

Elemenda

Plugin Slug:
elemenda

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Extra Privacy for Elementor

Plugin Slug:
extra-privacy-for-elementor

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Feed Comments Number

Plugin Slug:
feed-comments-number

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

FERMA.ru.net

Plugin Slug:
ferma-ru-net-checkout

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Whitelist

Plugin Slug:
fifthsegment-whitelist

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Flat UI Button

Plugin Slug:
flat-ui-button

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

FREE DOWNLOAD MANAGER

Plugin Slug:
free-download-manager

Vulnerability:
Arbitrary File Deletion

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Free Stock Photos Foter

Plugin Slug:
free-stock-photos-foter

Vulnerability:
PHP Object Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Gantry 4 Framework

Plugin Slug:
gantry

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

GERRYWORKS Post by Mail

Plugin Slug:
gerryworks-post-by-mail

Vulnerability:
Privilege Escalation

Patched in Version:
No Fix

Severity Score:
High

Plugin:

GetResponse Forms

Plugin Slug:
getresponse

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Giveaway Boost

Plugin Slug:
giveaway-boost

Vulnerability:
PHP Object Injection

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

Google Docs RSVP

Plugin Slug:
google-docs-rsvp-guestlist

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Google Map Locations

Plugin Slug:
google-map-locations

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

GoogleDrive folder list

Plugin Slug:
googledrive-folder-list

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

TeploBot – Telegram Bot for WP

Plugin Slug:
green-wp-telegram-bot-by-teplitsa

Vulnerability:
Sensitive Data Exposure

Patched in Version:
No Fix

Severity Score:
High

Plugin:

iBryl Switch User

Plugin Slug:
ibryl-switch-user

Vulnerability:
Broken Authentication

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Infinite-Scroll

Plugin Slug:
infinite-scroll

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

INK Official

Plugin Slug:
ink-official

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

Job Board Manager for WordPress

Plugin Slug:
jemployee

Vulnerability:
Privilege Escalation

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

JiangQie Free Mini Program

Plugin Slug:
jiangqie-free-mini-program

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

jLayer Parallax Slider

Plugin Slug:
jlayer-parallax-slider-wp

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Kento Post View Counter

Plugin Slug:
kento-post-view-counter

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

LaTeX2HTML

Plugin Slug:
latex2html

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

leenk.me

Plugin Slug:
leenkme

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

WordPress Gallery Plugin – Limb Image Gallery

Plugin Slug:
limb-gallery

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

WordPress Gallery Plugin – Limb Image Gallery

Plugin Slug:
limb-gallery

Vulnerability:
Arbitrary File Download

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Linked Variation for WooCommerce

Plugin Slug:
linked-variation-for-woocommerce

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Contact Forms, Live Support, CRM, Video Messages

Plugin Slug:
live-support-tickets

Vulnerability:
Sensitive Data Exposure

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Maan Addons For Elementor

Plugin Slug:
maan-elementor-addons

Vulnerability:
Local File Inclusion

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Local Business Addons For Elementor

Plugin Slug:
map-addons-for-elementor-waze-map

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

El mejor Cluster

Plugin Slug:
mejorcluster

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Mighty Builder

Plugin Slug:
mighty-builder

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Mitm Bug Tracker

Plugin Slug:
mitm-bug-tracker

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Monitor.chat

Plugin Slug:
monitor-chat

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Movie Database

Plugin Slug:
movie-database

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

My Reading Library

Plugin Slug:
my-reading-library

Vulnerability:
PHP Object Injection

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

MyTweetLinks

Plugin Slug:
mytweetlinks

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Nice Backgrounds

Plugin Slug:
nicebackgrounds

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

Plugin Slug:
pdf-rechnungsverwaltung

Vulnerability:
Local File Inclusion

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Photo Gallery Builder

Plugin Slug:
photo-gallery-builder

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

photokit

Plugin Slug:
photokit

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

Property Lot Management System

Plugin Slug:
plms

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

Portfolleo

Plugin Slug:
portfolleo

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

Product Customizer Light

Plugin Slug:
product-customizer-light

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Product Website Showcase

Plugin Slug:
product-websites-showcase

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

Rate Own Post

Plugin Slug:
rate-own-post

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Recently

Plugin Slug:
recently-viewed-most-viewed-and-sold-products-for-woocommerce

Vulnerability:
PHP Object Injection

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

3D Work In Progress

Plugin Slug:
renee-work-in-progress

Vulnerability:
Arbitrary File Deletion

Patched in Version:
No Fix

Severity Score:
High

Plugin:

3D Work In Progress

Plugin Slug:
renee-work-in-progress

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

WP REST API FNS

Plugin Slug:
rest-api-fns

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

WP REST API FNS

Plugin Slug:
rest-api-fns

Vulnerability:
Privilege Escalation

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

Risk Warning Bar

Plugin Slug:
risk-warning-bar

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

RS-Members

Plugin Slug:
rs-members

Vulnerability:
Privilege Escalation

Patched in Version:
No Fix

Severity Score:
High

Plugin:

SafetyForms

Plugin Slug:
safetymails-forms

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

SEO Manager

Plugin Slug:
seo-manager

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

SermonAudio Widgets

Plugin Slug:
sermonaudio-widgets

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Shipyaari Shipping Management

Plugin Slug:
shipyaari-shipping-managment

Vulnerability:
PHP Object Injection

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

Simple Code Insert Shortcode

Plugin Slug:
simple-code-insert-shortcode

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Simple Custom Admin

Plugin Slug:
simple-custom-admin

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Simple Load More

Plugin Slug:
simple-load-more

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

SiteBuilder Dynamic Components

Plugin Slug:
sitebuilder-dynamic-components

Vulnerability:
PHP Object Injection

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

Affiliate Platform

Plugin Slug:
smdp-affiliate-platform

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Social Link Groups

Plugin Slug:
social-link-groups

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Social Share With Floating Bar

Plugin Slug:
social-share-with-floating-bar

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Sovratec Case Management

Plugin Slug:
sovratec-case-management

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

SSV Events

Plugin Slug:
ssv-events

Vulnerability:
Local File Inclusion

Patched in Version:
No Fix

Severity Score:
Critical

Plugin Slug:
ssv-mailchimp

Vulnerability:
Local File Inclusion

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Suki Sites Import

Plugin Slug:
suki-sites-import

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

SVG Captcha

Plugin Slug:
svg-captcha

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

SW Contact Form

Plugin Slug:
sw-contact-form

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Table of Contents Plus

Plugin Slug:
table-of-contents-plus

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Tida URL Screenshot

Plugin Slug:
tida-url-screenshot

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Tito

Plugin Slug:
tito

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Todo Custom Field

Plugin Slug:
todo-custom-field

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

uCAT – Next Story

Plugin Slug:
ucat-next-story

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Unlimited Addon For Elementor

Plugin Slug:
unlimited-addon-for-elementor

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Adding drop down roles in registration

Plugin Slug:
user-drop-down-roles-in-registration

Vulnerability:
Privilege Escalation

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

Verbalize WP

Plugin Slug:
verbalize-wp

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

VKontakte Wall Post

Plugin Slug:
vkontakte-wall-post

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Web Bricks Addons for Elementor

Plugin Slug:
webbricks-addons

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Woocommerce Custom Profile Picture

Plugin Slug:
woo-custom-profile-picture

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

Edit WooCommerce Templates

Plugin Slug:
woo-edit-templates

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Woo Manage Fraud Orders

Plugin Slug:
woo-manage-fraud-orders

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Parcel Pro

Plugin Slug:
woo-parcel-pro

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

WooCommerce Maintenance Mode

Plugin Slug:
woocommerce-maintenance-mode

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Woostagram Connect

Plugin Slug:
woostagram-connect

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

WordPress Video

Plugin Slug:
wordpress-video

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Category and Taxonomy Image

Plugin Slug:
wp-custom-taxonomy-image

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Category and Taxonomy Meta Fields

Plugin Slug:
wp-custom-taxonomy-meta

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Category and Taxonomy Meta Fields

Plugin Slug:
wp-custom-taxonomy-meta

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Category and Taxonomy Meta Fields

Plugin Slug:
wp-custom-taxonomy-meta

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

WP Dropbox Dropins

Plugin Slug:
wp-dropbox-dropins

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

WordPress Image SEO

Plugin Slug:
wp-image-seo

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Simple User Registration

Plugin Slug:
wp-registration

Vulnerability:
Broken Authentication

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

SendGrid for WordPress

Plugin Slug:
wp-sendgrid-mailer

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

WP-Spreadplugin

Plugin Slug:
wp-spreadplugin

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

wpPricing Builder

Plugin Slug:
wppricing-builder-lite-responsive-pricing-table-builder

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Wsify Widget

Plugin Slug:
wsify-widget

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
elementor

Installations
10,000,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
3.24.6

Severity Score:
Medium

Plugin Slug:
woocommerce

Installations
8,000,000+

Vulnerability:
Content Injection

Patched in Version:
9.1.0

Severity Score:
Medium

Plugin Slug:
all-in-one-wp-migration

Installations
5,000,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
7.87

Severity Score:
Medium

Plugin Slug:
jetpack

Installations
4,000,000+

Vulnerability:
Broken Access Control

Patched in Version:
13.9.1

Severity Score:
Medium

Plugin Slug:
advanced-custom-fields

Installations
2,000,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
6.3.6.3

Severity Score:
Medium

Plugin Slug:
forminator

Installations
500,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.36.0

Severity Score:
Medium

Plugin Slug:
forminator

Installations
500,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.36.0

Severity Score:
Medium

Plugin Slug:
royal-elementor-addons

Installations
400,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
1.3.987

Severity Score:
Medium

Plugin Slug:
ad-inserter

Installations
300,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.7.38

Severity Score:
High

Plugin Slug:
simple-custom-post-order

Installations
300,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.5.8

Severity Score:
Medium

Plugin Slug:
unlimited-elements-for-elementor

Installations
300,000+

Vulnerability:
Remote Code Execution (RCE)

Patched in Version:
1.5.122

Severity Score:
Critical

Plugin Slug:
responsive-lightbox

Installations
200,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.4.9

Severity Score:
Medium

Plugin Slug:
custom-twitter-feeds

Installations
100,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.2.4

Severity Score:
Medium

Plugin Slug:
give

Installations
100,000+

Vulnerability:
PHP Object Injection

Patched in Version:
3.16.4

Severity Score:
Critical

Plugin Slug:
google-language-translator

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
6.0.10

Severity Score:
Medium

Plugin Slug:
schema-and-structured-data-for-wp

Installations
100,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
1.36

Severity Score:
Medium

Plugin Slug:
woo-discount-rules

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.6.6

Severity Score:
High

Plugin Slug:
wp-content-copy-protector

Installations
100,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
3.6.1

Severity Score:
Medium

Plugin Slug:
wp-slimstat

Installations
90,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
5.2.7

Severity Score:
High

Plugin Slug:
wp-ulike

Installations
80,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
4.7.5

Severity Score:
Medium

Plugin Slug:
exclusive-addons-for-elementor

Installations
60,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.7.2

Severity Score:
Medium

Plugin Slug:
wp-members

Installations
60,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.4.9.6

Severity Score:
High

Plugin Slug:
calculated-fields-form

Installations
50,000+

Vulnerability:
Content Injection

Patched in Version:
5.2.46

Severity Score:
Medium

Plugin Slug:
qi-blocks

Installations
50,000+

Vulnerability:
Local File Inclusion

Patched in Version:
1.3.3

Severity Score:
High

Plugin Slug:
robo-gallery

Installations
50,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.2.22

Severity Score:
Medium

Plugin Slug:
simple-membership

Installations
50,000+

Vulnerability:
Open Redirection

Patched in Version:
4.5.4

Severity Score:
Medium

Plugin Slug:
sina-extension-for-elementor

Installations
50,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
3.5.8

Severity Score:
Medium

Plugin Slug:
woo-product-filter

Installations
50,000+

Vulnerability:
SQL Injection

Patched in Version:
2.7.1

Severity Score:
High

Plugin Slug:
simply-schedule-appointments

Installations
40,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.6.7.55

Severity Score:
Medium

Plugin Slug:
simply-schedule-appointments

Installations
40,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.6.7.55

Severity Score:
Medium

Plugin Slug:
themesflat-addons-for-elementor

Installations
40,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.2.2

Severity Score:
Medium

Plugin Slug:
wpide

Installations
40,000+

Vulnerability:
Full Path Disclosure (FPD)

Patched in Version:
3.5.0

Severity Score:
Medium

Plugin Slug:
mp-timetable

Installations
30,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.3.9

Severity Score:
High

Plugin Slug:
persian-woocommerce-sms

Installations
30,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
7.0.3

Severity Score:
High

Plugin Slug:
vod-infomaniak

Installations
30,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.5.8

Severity Score:
Medium

Plugin Slug:
logo-slider-wp

Installations
20,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.1.0

Severity Score:
Medium

Plugin Slug:
publishpress-authors

Installations
20,000+

Vulnerability:
Privilege Escalation

Patched in Version:
4.7.2

Severity Score:
High

Plugin Slug:
wp-time-capsule

Installations
20,000+

Vulnerability:
PHP Object Injection

Patched in Version:
1.22.22

Severity Score:
High

Plugin Slug:
affiliatex

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.2.9.1

Severity Score:
Medium

Plugin Slug:
mega-elements-addons-for-elementor

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.2.7

Severity Score:
Medium

Plugin Slug:
multiline-files-for-contact-form-7

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.9

Severity Score:
Medium

Plugin Slug:
smart-manager-for-wp-e-commerce

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
8.46.0

Severity Score:
Medium

Plugin Slug:
wp-photo-album-plus

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
8.8.07.004

Severity Score:
High

Plugin Slug:
wpvr

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
8.5.6

Severity Score:
Medium

Plugin Slug:
wpvr

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
8.5.5

Severity Score:
Medium

Plugin Slug:
add-widget-after-content

Installations
9,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.5

Severity Score:
Medium

Plugin Slug:
contact-form-by-supsystic

Installations
9,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.7.29

Severity Score:
Medium

Plugin Slug:
awesome-contact-form7-for-elementor

Installations
8,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.1

Severity Score:
Medium

Plugin Slug:
events-addon-for-elementor

Installations
8,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.2.1

Severity Score:
Medium

Plugin Slug:
mage-eventpress

Installations
8,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.2.6

Severity Score:
Medium

Plugin Slug:
primary-addon-for-elementor

Installations
8,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.5.9

Severity Score:
Medium

Plugin Slug:
admin-management-xtended

Installations
7,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.4.7

Severity Score:
Medium

Plugin Slug:
emails-verification-for-woocommerce

Installations
7,000+

Vulnerability:
SQL Injection

Patched in Version:
2.9.0

Severity Score:
Critical

Plugin Slug:
erp

Installations
7,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.13.3

Severity Score:
High

Plugin Slug:
profilegrid-user-profiles-groups-and-communities

Installations
7,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
5.9.3.1

Severity Score:
Medium

Plugin Slug:
kama-spamblock

Installations
6,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.8.3

Severity Score:
High

Plugin Slug:
wp-popup-builder

Installations
6,000+

Vulnerability:
Content Injection

Patched in Version:
1.3.6

Severity Score:
High

Plugin Slug:
arconix-shortcodes

Installations
5,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.1.13

Severity Score:
Medium

Plugin Slug:
element-ready-lite

Installations
5,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
6.4.4

Severity Score:
Medium

Plugin Slug:
elementinvader-addons-for-elementor

Installations
5,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
1.3.0

Severity Score:
Medium

Plugin Slug:
elementinvader-addons-for-elementor

Installations
5,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.2.9

Severity Score:
Medium

Plugin Slug:
wpkoi-templates-for-elementor

Installations
5,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.1.1

Severity Score:
Medium

Plugin Slug:
pepro-ultimate-invoice

Installations
4,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.0.7

Severity Score:
Medium

Plugin Slug:
fonto

Installations
3,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.2.2

Severity Score:
Medium

Plugin Slug:
parallax-image

Installations
3,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.9

Severity Score:
Medium

Plugin Slug:
peepso-core

Installations
3,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
6.4.6.2

Severity Score:
Medium

Plugin Slug:
rss-feed-widget

Installations
3,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.0.0

Severity Score:
Medium

Plugin Slug:
accordion-slider

Installations
2,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.9.12

Severity Score:
Medium

Plugin Slug:
anchor-episodes-index

Installations
2,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.1.11

Severity Score:
Medium

Plugin Slug:
clover-online-orders

Installations
2,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.5.8

Severity Score:
High

Plugin Slug:
clover-online-orders

Installations
2,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.5.8

Severity Score:
Medium

Plugin Slug:
flexmls-idx

Installations
2,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.14.23

Severity Score:
High

Plugin Slug:
htaccess-file-editor

Installations
2,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.0.19

Severity Score:
Medium

Plugin Slug:
leyka

Installations
2,000+

Vulnerability:
Full Path Disclosure (FPD)

Patched in Version:
3.31.7

Severity Score:
Medium

Plugin Slug:
mas-wp-job-manager-company

Installations
2,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.0.14

Severity Score:
High

Plugin Slug:
my-wp-brand

Installations
2,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.1.3

Severity Score:
Medium

Plugin Slug:
smart-blocks

Installations
2,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.1

Severity Score:
Medium

Plugin Slug:
timetics

Installations
2,000+

Vulnerability:
Privilege Escalation

Patched in Version:
1.0.26

Severity Score:
Critical

Plugin Slug:
advanced-category-and-custom-taxonomy-image

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.1.0

Severity Score:
Medium

Plugin Slug:
apppresser

Installations
1,000+

Vulnerability:
Privilege Escalation

Patched in Version:
4.4.5

Severity Score:
High

Plugin Slug:
best-restaurant-menu-by-pricelisto

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.4.3

Severity Score:
Medium

Plugin Slug:
clio-grow-form

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.0.3

Severity Score:
High

Plugin Slug:
encyclopedia-lexicon-glossary-wiki-dictionary

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.7.61

Severity Score:
High

Plugin Slug:
hd-quiz-save-results-light

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
0.6

Severity Score:
Medium

Plugin Slug:
ideapush

Installations
1,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
8.71

Severity Score:
Medium

Plugin Slug:
landing-page-cat

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.7.5

Severity Score:
Medium

Plugin Slug:
locatoraid

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.9.48

Severity Score:
High

Plugin Slug:
most-and-least-read-posts-widget

Installations
1,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.5.19

Severity Score:
Medium

Plugin Slug:
my-favorites

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.4.3

Severity Score:
Medium

Plugin Slug:
mycred-for-elementor

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.2.7

Severity Score:
Medium

Plugin Slug:
news-kit-elementor-addons

Installations
1,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
1.2.2

Severity Score:
Medium

Plugin Slug:
redi-restaurant-reservation

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
24.1015

Severity Score:
High

Plugin Slug:
share-button

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.20

Severity Score:
High

Plugin Slug:
streamweasels-twitch-integration

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.8.7

Severity Score:
Medium

Plugin Slug:
sunshine-photo-cart

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.2.10

Severity Score:
Medium

Plugin Slug:
support-chat

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.3.4

Severity Score:
Medium

Plugin Slug:
support-chat

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.3.4

Severity Score:
Medium

Plugin Slug:
wp-imageflow2

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
5.2.4

Severity Score:
Medium

Plugin Slug:
wp-responsive-photo-gallery

Installations
1,000+

Vulnerability:
SQL Injection

Patched in Version:
1.0.4

Severity Score:
High

Plugin Slug:
wpextended

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.0.10

Severity Score:
High

Plugin Slug:
zita-site-library

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.6.4

Severity Score:
Medium

Plugin Slug:
sendpulse-web-push

Installations
900+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.3.7

Severity Score:
High

Plugin Slug:
mas-addons-for-elementor

Installations
700+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.1.7

Severity Score:
Medium

Plugin Slug:
time-clock

Installations
600+

Vulnerability:
Remote Code Execution (RCE)

Patched in Version:
1.2.3

Severity Score:
High

Plugin Slug:
activitytime

Installations
500+

Vulnerability:
SQL Injection

Patched in Version:
1.1.0

Severity Score:
Critical

Plugin Slug:
plexx-elementor-extension

Installations
400+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.3.7

Severity Score:
Medium

Plugin Slug:
auto-date-year-month

Installations
300+

Vulnerability:
Content Injection

Patched in Version:
2.0.2

Severity Score:
Medium

Plugin Slug:
rover-idx

Installations
300+

Vulnerability:
Privilege Escalation

Patched in Version:
3.0.0.2906

Severity Score:
High

Plugin Slug:
rover-idx

Installations
300+

Vulnerability:
Broken Access Control

Patched in Version:
3.0.0.2905

Severity Score:
Medium

Plugin Slug:
da-reactions

Installations
200+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
5.2.0

Severity Score:
Medium

Plugin Slug:
point-maker

Installations
200+

Vulnerability:
Local File Inclusion

Patched in Version:
0.1.5

Severity Score:
High

Plugin Slug:
endless-posts-navigation

Installations
100+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.2.8

Severity Score:
High

Plugin Slug:
miniorange-firebase-sms-otp-verification

Installations
100+

Vulnerability:
Broken Authentication

Patched in Version:
3.6.1

Severity Score:
High

Plugin Slug:
miniorange-firebase-sms-otp-verification

Installations
100+

Vulnerability:
Broken Authentication

Patched in Version:
3.6.1

Severity Score:
Critical

Plugin Slug:
miniorange-firebase-sms-otp-verification

Installations
100+

Vulnerability:
Privilege Escalation

Patched in Version:
3.6.1

Severity Score:
Critical

Plugin Slug:
two-factor-login-telegram

Installations
100+

Vulnerability:
Broken Authentication

Patched in Version:
3.1

Severity Score:
High

Plugin Slug:
two-factor-login-telegram

Installations
100+

Vulnerability:
Bypass Vulnerability

Patched in Version:
3.1

Severity Score:
Medium

Plugin Slug:
wp-education

Installations
100+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.2.9

Severity Score:
Medium

Plugin Slug:
debrandify

Installations
60+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.1.3

Severity Score:
Medium

Plugin Slug:
advanced-custom-fields-pro

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
6.3.9

Severity Score:
Medium

Plugin:

Cooked Pro

Plugin Slug:
cooked-pro

Vulnerability:
Arbitrary File Upload

Patched in Version:
1.8.0

Severity Score:
Critical

Plugin:

Cooked Pro

Plugin Slug:
cooked-pro

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.8.0

Severity Score:
Medium

Plugin:

Cooked Pro

Plugin Slug:
cooked-pro

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.8.0

Severity Score:
Medium

Plugin:

EventON Pro

Plugin Slug:
eventon-wordpress-event-calendar-plugin

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
4.7

Severity Score:
Medium

Plugin:

Nextend Social Login Pro

Plugin Slug:
nextend-social-login-pro

Vulnerability:
Broken Authentication

Patched in Version:
3.1.15

Severity Score:
Critical

Plugin:

Social Auto Poster

Plugin Slug:
social-auto-poster

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
5.3.16

Severity Score:
Medium

Plugin:

Time Clock Pro

Plugin Slug:
time-clock-pro

Vulnerability:
Remote Code Execution (RCE)

Patched in Version:
1.1.5

Severity Score:
High

Plugin:

File Manager Pro

Plugin Slug:
wp-file-manager-pro

Vulnerability:
Arbitrary File Upload

Patched in Version:
8.3.10

Severity Score:
High

Plugin:

File Manager Pro

Plugin Slug:
wp-file-manager-pro

Vulnerability:
Broken Access Control

Patched in Version:
8.3.10

Severity Score:
High

Plugin:

File Manager Pro

Plugin Slug:
wp-file-manager-pro

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
8.3.10

Severity Score:
High

WordPress Themes — 1 Patched / 5 Unpatched

Theme Slug:
digitally

Downloads
8,046

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Theme:

disconnected

Theme Slug:
disconnected

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Theme:

js paper

Theme Slug:
js-paper

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Theme:

my flatonica

Theme Slug:
my-flatonica

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Theme:

my wooden under construction

Theme Slug:
my-wooden-under-construction

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Theme Slug:
mags

Downloads
25,887

Vulnerability:
Local File Inclusion

Patched in Version:
1.1.7

Severity Score:
High

Solid Security is part of Solid Suite — The best foundation for WordPress websites.

Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!

Get Solid Security

Keep reading the article at Blog – SolidWP. The article was originally written by Sarah Zuercher on 2024-10-23 09:44:44.

The article was hand-picked and curated for you by the Editorial Team of WP Archives.

Disclosure: Some of the links in this post are "affiliate links." This means if you click on the link and purchase the product, We may receive an affiliate commission.

Previous Post
Next Post

Related Posts

WordPress Vulnerability Roundup: March , Part 1

WordPress

Customizing WordPress User Roles With Branda

WordPress

20 Best React Dashboard Templates For Killer Applications –

WordPress

Booknetic: WordPress Appointments & Booking –

WordPress

Quickly & Easily Build Popups with WP Popups Pro –

WordPress

How Much Does a Domain Name Really Cost

WordPress

Leave a Comment Cancel Reply
Your email address will not be published. Required fields are marked *
Type here..

Name*

Email*

Website

Save my name, email, and website in this browser for the next time I comment.

Notify me of follow-up comments by email.
Notify me of new posts by email.

Δ

WordPress Vulnerability Report — December 25, 2024
WordPress

In this report, 212 vulnerabilities have been publicly disclosed. Security patches for 139 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 73 plugin and theme vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

window[“e4f7257b_0146_4c38_8f60_6d64ff7ab826”] = {“blockId”:”e4f7257b-0146-4c38-8f60-6d64ff7ab826″,”type”:”warning”,”content”:”

Along with poor user account security, vulnerable plugins and themes are among the top reasons why WordPress websites get hacked. Unfortunately, cyberattacks are increasing in volume and sophistication. They’re also increasingly aimed at small to mid-sized businesses.”,”className”:””};

Along with poor user account security, vulnerable plugins and themes are among the top reasons why WordPress websites get hacked. Unfortunately, cyberattacks are increasing in volume and sophistication. They’re also increasingly aimed at small to mid-sized businesses.

window[“fb094bdf_acb4_49df_871d_55013cfd49c6”] = {“blockId”:”fb094bdf-acb4-49df-871d-55013cfd49c6″,”className”:””,”isOpen”:true};

Table of Contents

1. WordPress Core

2. WordPress Plugins — 75 Patched / 6 Unpatched

2.1
NEX-Forms – Ultimate Form Builder – Contact forms and much more

2.2
WP-SVG

2.3
Exhibit to WP Gallery

2.4
float block

2.5
GTPayment Donations

2.6
WP Publications

2.7
Elementor Website Builder – More Than Just a Page Builder

2.8
WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More

2.9
Jetpack – WP Security, Backup, Speed, & Growth

2.10
Ultimate Addons for Elementor (Formerly Elementor Header & Footer Builder)

2.11
Ninja Forms – The Contact Form Builder That Grows With You

2.12
Broken Link Checker

2.13
Advanced Google reCAPTCHA

2.14
Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows)

2.15
GiveWP – Donation Plugin and Fundraising Platform

2.16
Tracking Code Manager

2.17
Easy Digital Downloads – eCommerce Payments and Subscriptions made easy

2.18
Print Invoice & Delivery Notes for WooCommerce

2.19
Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress

2.20
Data Tables Generator by Supsystic

2.21
MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar

2.22
Post Grid Elementor Addon

2.23
AyeCode Connect

2.24
GeoDirectory – WP Business Directory Plugin and Classified Listings Directory

2.25
WordPress Simple Shopping Cart

2.26
WP Data Access – App, Table, Form and Chart Builder plugin

2.27
WP Post Author – Boost Your Blog’s Engagement with Author Box, Social Links, Co-Authors, Guest Authors, Post Rating System, and Custom User Registration Form Builder

2.28
Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WP Legal Pages

2.29
WP Datepicker

2.30
Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder

2.31
WP Travel Engine – Elementor Widgets | Create Travel Booking Website Using WordPress and Elementor

2.32
Nexter Blocks – WordPress Gutenberg Blocks & 1000+ Starter Templates

2.33
WPSSO Core – Complete and Optimized Structured Data SEO

2.34
Arconix Shortcodes

2.35
Magazine Blocks – Blog Designer, Magazine & Newspaper Website Builder, Page Builder with Posts Blocks, Post Grid

2.36
WPKoi Templates for Elementor

2.37
Booking calendar, Appointment Booking System

2.38
Custom Login Page Styler – Limit Login Attempts – Restrict Content With Login – Redirect After Login – Change Login Url

2.39
Responsive Blocks – WordPress Gutenberg Blocks

2.40
Ashe Extra

2.41
Move Addons for Elementor

2.42
WP-Appbox

2.43
Premium Blocks – Gutenberg Blocks for WordPress

2.44
Pronamic Google Maps

2.45
WC Price History for Omnibus

2.46
Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal, Social Share Buttons

2.47
DirectoryPress – Business Directory And Classified Ad Listing

2.48
ELEX WooCommerce Dynamic Pricing and Discounts

2.49
Enter Addons – Ultimate Template Builder for Elementor

2.50
MarketKing — Ultimate WooCommerce Multivendor Marketplace Solution

2.51
PlugVersions – Easily rollback to previous versions of your plugins

2.52
Themify Audio Dock

2.53
Tourfic – Ultimate Hotel Booking, Travel Booking & Car Rental WordPress Plugin | WooCommerce Booking

2.54
ConvertCalculator for WordPress

2.55
Event Espresso – Event Registration & Ticketing Sales

2.56
Hestia Nginx Cache

2.57
Just Writing Statistics

2.58
WPMasterToolKit (WPMTK) – All in one plugin

2.59
WPMasterToolKit (WPMTK) – All in one plugin

2.60
Loan Comparison

2.61
WP on AWS

2.62
Text Prompter – Unlimited chatgpt text prompts for openai tasks

2.63
Content No Cache | Serve uncached partial content even when you add it to a page that is fully cached.

2.64
ACF City Selector

2.65
Export Customers Data

2.66
Project Showcase – A WordPress Plugin to Display Projects in Various Layouts

2.67
NinjaTeam Chat for Telegram

2.68
ShMapper by Teplitsa

2.69
Bitcoin Lightning Publisher for WordPress

2.70
Database Backup and check Tables Automated With Scheduler 2024

2.71
Interactive UK Map

2.72
Optio Dentistry

2.73
DN Shipping by Weight for WooCommerce

2.74
GS Shots for Dribbble

2.75
GS Coaches

2.76
Advanced Floating Content

2.77
Coins MarketCap

2.78
Floating Action Buttons

2.79
Fusion Builder

2.80
ShopElement

2.81
WooCommerce Point of Sale

3. WordPress Themes — 0 Patched / 0 Unpatched

window[“65174323_f149_40a1_b5c5_29bfe371a742”] = {“blockId”:”65174323-f149-40a1-b5c5-29bfe371a742″,”type”:”notice”,”content”:”

Our WordPress Vulnerability Reportu00a0covers the latest emerging WordPress plugin, theme, and core vulnerabilities. Each vulnerability will have a severity rating ofu00a0Low,u00a0Medium,u00a0High, oru00a0Critical. Responsible disclosure of vulnerabilities is essential to keeping the WordPress community safe. Please share this report to help spread the word and make WordPress u2014 and the web u2014 more secure.”,”className”:””};

Our WordPress Vulnerability Report covers the latest emerging WordPress plugin, theme, and core vulnerabilities. Each vulnerability will have a severity rating of Low, Medium, High, or Critical. Responsible disclosure of vulnerabilities is essential to keeping the WordPress community safe. Please share this report to help spread the word and make WordPress — and the web — more secure.

WordPress Core

WordPress 6.7.1 is available! This minor release features 16 bug fixes throughout Core and the Block Editor.

window[“c43df1ee_6884_4ed9_981e_5eb958ff2e0f”] = {“blockId”:”c43df1ee-6884-4ed9-981e-5eb958ff2e0f”,”text”:”No new core vulnerabilities were disclosed this week.”,”className”:””};

No new core vulnerabilities were disclosed this week.

WordPress Plugins — 134 Patched / 69 Unpatched

Custom Product tabs for WooCommerce

Plugin:

Custom Product tabs for WooCommerce

Plugin Slug:
wb-custom-product-tabs-for-woocommerce

Installations
2,000+

Vulnerability:
PHP Object Injection

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-12721

The vulnerability has not been patched. You should deactivate the plugin.

WP Menu Image

Plugin:

WP Menu Image

Plugin Slug:
wp-menu-image

Installations
2,000+

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-52485

The vulnerability has not been patched. You should deactivate the plugin.

Page and Post Restriction

Plugin:

Page and Post Restriction

Plugin Slug:
page-and-post-restriction

Installations
1,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-11297

The vulnerability has not been patched. You should deactivate the plugin.

One Click Upsell Funnel for WooCommerce – Funnel Builder for WordPress, Create WooCommerce Upsell, Post-Purchase Upsell & Cross Sell Offers that Boost Sales & Increase Profits with Sales Funnel Builder

Plugin:

One Click Upsell Funnel for WooCommerce – Funnel Builder for WordPress, Create WooCommerce Upsell, Post-Purchase Upsell & Cross Sell Offers that Boost Sales & Increase Profits with Sales Funnel Builder

Plugin Slug:
woo-one-click-upsell-funnel

Installations
600+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-11938

The vulnerability has not been patched. You should deactivate the plugin.

Outdooractive Embed

Plugin:

Outdooractive Embed

Plugin Slug:
outdooractive-embed

Installations
400+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-11774

The vulnerability has not been patched. You should deactivate the plugin.

Slope Widgets

Plugin:

Slope Widgets

Plugin Slug:
slope-widgets

Installations
400+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-11902

The vulnerability has not been patched. You should deactivate the plugin.

Coupon Plugin

Plugin:

Coupon Plugin

Plugin Slug:
coupon-lite

Installations
300+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-56235

The vulnerability has not been patched. You should deactivate the plugin.

SaasPricing – Pricing Table, Price list, Comparison Table for Elementor

Plugin:

SaasPricing – Pricing Table, Price list, Comparison Table for Elementor

Plugin Slug:
saaspricing

Installations
300+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-56231

The vulnerability has not been patched. You should deactivate the plugin.

NACC WordPress Plugin

Plugin:

NACC WordPress Plugin

Plugin Slug:
nacc-wordpress-plugin

Installations
100+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-12506

The vulnerability has not been patched. You should deactivate the plugin.

Partners

Plugin:

Partners

Plugin Slug:
partners

Installations
100+

Vulnerability:
PHP Object Injection

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-56059

The vulnerability has not been patched. You should deactivate the plugin.

??????? ??????? ??????? ???? ????

Plugin:

??????? ??????? ??????? ???? ????

Plugin Slug:
isee-products-extractor

Installations
60+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-11331

The vulnerability has not been patched. You should deactivate the plugin.

VRPConnector

Plugin:

VRPConnector

Plugin Slug:
vrpconnector

Installations
60+

Vulnerability:
PHP Object Injection

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-56058

The vulnerability has not been patched. You should deactivate the plugin.

WP Nice Loader

Plugin:

WP Nice Loader

Plugin Slug:
wp-nice-loader

Installations
60+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-56232

The vulnerability has not been patched. You should deactivate the plugin.

SSL Wireless SMS Notification

Plugin:

SSL Wireless SMS Notification

Plugin Slug:
ssl-wireless-sms-notification

Installations
50+

Vulnerability:
Privilege Escalation

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-56220

The vulnerability has not been patched. You should deactivate the plugin.

10CentMail

Plugin:

10CentMail

Plugin Slug:
10centmail-subscription-management-and-analytics

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-56030

The vulnerability has not been patched. You should deactivate the plugin.

AdWork Media EZ Content Locker

Plugin:

AdWork Media EZ Content Locker

Plugin Slug:
adwork-media-ez-content-locker

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-56025

The vulnerability has not been patched. You should deactivate the plugin.

Animated Counters

Plugin:

Animated Counters

Plugin Slug:
animated-counters

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-11905

The vulnerability has not been patched. You should deactivate the plugin.

BU Section Editing

Plugin:

BU Section Editing

Plugin Slug:
bu-section-editing

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-56018

The vulnerability has not been patched. You should deactivate the plugin.

Category Post Shortcode

Plugin:

Category Post Shortcode

Plugin Slug:
category-post-shortcode

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-56021

The vulnerability has not been patched. You should deactivate the plugin.

Category Post Slider

Plugin:

Category Post Slider

Plugin Slug:
category-post-slider

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-11878

The vulnerability has not been patched. You should deactivate the plugin.

Custom Dashboard Widget

Plugin:

Custom Dashboard Widget

Plugin Slug:
create-custom-dashboard-widget

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-56024

The vulnerability has not been patched. You should deactivate the plugin.

Easy Language Switcher

Plugin:

Easy Language Switcher

Plugin Slug:
easy-language-switcher

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-56029

The vulnerability has not been patched. You should deactivate the plugin.

EditionGuard for WooCommerce – eBook Sales with DRM

Plugin:

EditionGuard for WooCommerce – eBook Sales with DRM

Plugin Slug:
editionguard-for-woocommerce-ebook-sales-with-drm

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-56207

The vulnerability has not been patched. You should deactivate the plugin.

Embed Twine

Plugin:

Embed Twine

Plugin Slug:
embed-twine

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-12509

The vulnerability has not been patched. You should deactivate the plugin.

FAQs

Plugin:

FAQs

Plugin Slug:
faqs

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-56033

The vulnerability has not been patched. You should deactivate the plugin.

Financial Calculator

Plugin:

Financial Calculator

Plugin Slug:
finance-calculator-with-application-form

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-11783

The vulnerability has not been patched. You should deactivate the plugin.

Full Screen Menu for Elementor

Plugin:

Full Screen Menu for Elementor

Plugin Slug:
full-screen-menu-for-elementor

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-10797

The vulnerability has not been patched. You should deactivate the plugin.

gap-hub-user-role

Plugin:

gap-hub-user-role

Plugin Slug:
gap-hub-user-role

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-56206

The vulnerability has not been patched. You should deactivate the plugin.

GTPayment Donations

Plugin:

GTPayment Donations

Plugin Slug:
gtpayment-donation

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-11607

The vulnerability has not been patched. You should deactivate the plugin.

G Web Pro Store Locator

Plugin:

G Web Pro Store Locator

Plugin Slug:
gwebpro-store-locator

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-11682

The vulnerability has not been patched. You should deactivate the plugin.

Image Mapper

Plugin:

Image Mapper

Plugin Slug:
image-mapper

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-56016

The vulnerability has not been patched. You should deactivate the plugin.

Inline Footnotes

Plugin:

Inline Footnotes

Plugin Slug:
inline-footnotes

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-56019

The vulnerability has not been patched. You should deactivate the plugin.

Kintpv Wooconnect

Plugin:

Kintpv Wooconnect

Plugin Slug:
kintpv-connect

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-56233

The vulnerability has not been patched. You should deactivate the plugin.

LaTeX2HTML

Plugin:

LaTeX2HTML

Plugin Slug:
latex2html

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-11688

The vulnerability has not been patched. You should deactivate the plugin.

Leads CRM

Plugin:

Leads CRM

Plugin Slug:
leads-crm

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-56027

The vulnerability has not been patched. You should deactivate the plugin.

Lemonade Social Networks Autoposter Pinterest

Plugin:

Lemonade Social Networks Autoposter Pinterest

Plugin Slug:
lemonade-sna-pinterest-edition

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-56028

The vulnerability has not been patched. You should deactivate the plugin.

Maintenance & Coming Soon Redirect Animation

Plugin:

Maintenance & Coming Soon Redirect Animation

Plugin Slug:
maintenance-coming-soon-redirect-animation

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-9503

The vulnerability has not been patched. You should deactivate the plugin.

Multi-column Tag Map

Plugin:

Multi-column Tag Map

Plugin Slug:
multi-column-tag-map

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-11196

The vulnerability has not been patched. You should deactivate the plugin.

AI Magic

Plugin:

AI Magic

Plugin Slug:
newsletter-page-redirects

Vulnerability:
Privilege Escalation

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-56205

The vulnerability has not been patched. You should deactivate the plugin.

odPhotogallery

Plugin:

odPhotogallery

Plugin Slug:
od-photogallery-plugin

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-56036

The vulnerability has not been patched. You should deactivate the plugin.

Particle Background

Plugin:

Particle Background

Plugin Slug:
particle-background

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-11775

The vulnerability has not been patched. You should deactivate the plugin.

Pingmeter Uptime Monitoring

Plugin:

Pingmeter Uptime Monitoring

Plugin Slug:
pingmeter-uptime-monitoring

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-11808

The vulnerability has not been patched. You should deactivate the plugin.

Portfolio – Filterable Masonry Portfolio Gallery for Professionals

Plugin:

Portfolio – Filterable Masonry Portfolio Gallery for Professionals

Plugin Slug:
portfolio-pro

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-11900

The vulnerability has not been patched. You should deactivate the plugin.

Preloader by WordPress Monsters

Plugin:

Preloader by WordPress Monsters

Plugin Slug:
preloader-sws

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-56022

The vulnerability has not been patched. You should deactivate the plugin.

Reactflow Visitor Recording and Heatmaps

Plugin:

Reactflow Visitor Recording and Heatmaps

Plugin Slug:
reactflow-session-replay-heatmap

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-11975

The vulnerability has not been patched. You should deactivate the plugin.

real.Kit

Plugin:

real.Kit

Plugin Slug:
real-kit

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-12697

The vulnerability has not been patched. You should deactivate the plugin.

Saoshyant Element

Plugin:

Saoshyant Element

Plugin Slug:
saoshyant-element

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51646

The vulnerability has not been patched. You should deactivate the plugin.

SendSMS

Plugin:

SendSMS

Plugin Slug:
sendsms

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-56038

The vulnerability has not been patched. You should deactivate the plugin.

Services updates for customers

Plugin:

Services updates for customers

Plugin Slug:
service-updates-for-customers

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-56034

The vulnerability has not been patched. You should deactivate the plugin.

Simple Dashboard

Plugin:

Simple Dashboard

Plugin Slug:
simple-dashboard

Vulnerability:
Privilege Escalation

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-56071

The vulnerability has not been patched. You should deactivate the plugin.

Simple Proxy

Plugin:

Simple Proxy

Plugin Slug:
simple-proxy

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-56026

The vulnerability has not been patched. You should deactivate the plugin.

Sinking Dropdowns

Plugin:

Sinking Dropdowns

Plugin Slug:
sinking-dropdowns

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-56204

The vulnerability has not been patched. You should deactivate the plugin.

Smart Shopify Product

Plugin:

Smart Shopify Product

Plugin Slug:
smart-shopify-product

Vulnerability:
Arbitrary Content Deletion

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-56031

The vulnerability has not been patched. You should deactivate the plugin.

Spoki – Chat Buttons and WooCommerce Notifications

Plugin:

Spoki – Chat Buttons and WooCommerce Notifications

Plugin Slug:
spoki

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-11893

The vulnerability has not been patched. You should deactivate the plugin.

Spotlightr

Plugin:

Spotlightr

Plugin Slug:
spotlightr

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-11411

The vulnerability has not been patched. You should deactivate the plugin.

SvegliaT Buttons

Plugin:

SvegliaT Buttons

Plugin Slug:
svegliat-buttons

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-56020

The vulnerability has not been patched. You should deactivate the plugin.

Tidy Up

Plugin:

Tidy Up

Plugin Slug:
tidy-up

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-56015

The vulnerability has not been patched. You should deactivate the plugin.

TPG Get Posts

Plugin:

TPG Get Posts

Plugin Slug:
tpg-get-posts

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-11906

The vulnerability has not been patched. You should deactivate the plugin.

Upload Scanner

Plugin:

Upload Scanner

Plugin Slug:
upload-scanner

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-56035

The vulnerability has not been patched. You should deactivate the plugin.

User Referral

Plugin:

User Referral

Plugin Slug:
user-referral-free

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-56037

The vulnerability has not been patched. You should deactivate the plugin.

Userpro

Plugin:

Userpro

Plugin Slug:
userpro

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-56210

The vulnerability has not been patched. You should deactivate the plugin.

Userpro

Plugin:

Userpro

Plugin Slug:
userpro

Vulnerability:
Local File Inclusion

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-56214

The vulnerability has not been patched. You should deactivate the plugin.

Userpro

Plugin:

Userpro

Plugin Slug:
userpro

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-56211

The vulnerability has not been patched. You should deactivate the plugin.

Userpro

Plugin:

Userpro

Plugin Slug:
userpro

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-56212

The vulnerability has not been patched. You should deactivate the plugin.

Wayne Audio Player

Plugin:

Wayne Audio Player

Plugin Slug:
wayne-audio-player

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-56203

The vulnerability has not been patched. You should deactivate the plugin.

WP eCommerce Quickpay

Plugin:

WP eCommerce Quickpay

Plugin Slug:
wp-ecommerce-quickpay

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-56023

The vulnerability has not been patched. You should deactivate the plugin.

WP SHAPES

Plugin:

WP SHAPES

Plugin Slug:
wp-shapes

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-9619

The vulnerability has not been patched. You should deactivate the plugin.

Tithe.ly Giving Button

Plugin:

Tithe.ly Giving Button

Plugin Slug:
wp-tithely

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-11841

The vulnerability has not been patched. You should deactivate the plugin.

Wtyczka SeoPilot dla WP

Plugin:

Wtyczka SeoPilot dla WP

Plugin Slug:
wtyczka-seopilot-dla-wp

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-11812

The vulnerability has not been patched. You should deactivate the plugin.

Elementor Website Builder – More Than Just a Page Builder

Plugin:

Elementor Website Builder – More Than Just a Page Builder

Plugin Slug:
elementor

Installations
10,000,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.25.10

Severity Score:
Medium

CVE:

2024-10453

The vulnerability has been patched, so you should update to version 3.25.10.

LiteSpeed Cache

Plugin:

LiteSpeed Cache

Plugin Slug:
litespeed-cache

Installations
6,000,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
6.5.3

Severity Score:
Medium

CVE:

2024-51915

The vulnerability has been patched, so you should update to version 6.5.3.

Essential Addons for Elementor – Popular Elementor Addon With Ready Templates, Advanced Widgets, Kits & WooCommerce Builders

Plugin:

Essential Addons for Elementor – Popular Elementor Addon With Ready Templates, Advanced Widgets, Kits & WooCommerce Builders

Plugin Slug:
essential-addons-for-elementor-lite

Installations
2,000,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
6.0.8

Severity Score:
Medium

CVE:

2024-56063

The vulnerability has been patched, so you should update to version 6.0.8.

Ultimate Addons for Elementor (Formerly Elementor Header & Footer Builder)

Plugin:

Ultimate Addons for Elementor (Formerly Elementor Header & Footer Builder)

Plugin Slug:
header-footer-elementor

Installations
2,000,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.6.47

Severity Score:
Medium

CVE:

2024-11230

The vulnerability has been patched, so you should update to version 1.6.47.

Premium Addons for Elementor

Plugin:

Premium Addons for Elementor

Plugin Slug:
premium-addons-for-elementor

Installations
700,000+

Vulnerability:
Broken Access Control

Patched in Version:
4.10.57

Severity Score:
Medium

CVE:

2024-56225

The vulnerability has been patched, so you should update to version 4.10.57.

The Events Calendar

Plugin:

The Events Calendar

Plugin Slug:
the-events-calendar

Installations
700,000+

Vulnerability:
Broken Access Control

Patched in Version:
6.8.2.1

Severity Score:
Medium

CVE:

2024-5333

The vulnerability has been patched, so you should update to version 6.8.2.1.

User Role Editor

Plugin:

User Role Editor

Plugin Slug:
user-role-editor

Installations
700,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
4.64.4

Severity Score:
Critical

CVE:

2024-12293

The vulnerability has been patched, so you should update to version 4.64.4.

Royal Elementor Addons and Templates

Plugin:

Royal Elementor Addons and Templates

Plugin Slug:
royal-elementor-addons

Installations
500,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.7.1002

Severity Score:
High

CVE:

2024-56226

The vulnerability has been patched, so you should update to version 1.7.1002.

Royal Elementor Addons and Templates

Plugin:

Royal Elementor Addons and Templates

Plugin Slug:
royal-elementor-addons

Installations
500,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.7.1002

Severity Score:
Medium

CVE:

2024-56227

The vulnerability has been patched, so you should update to version 1.7.1002.

Royal Elementor Addons and Templates

Plugin:

Royal Elementor Addons and Templates

Plugin Slug:
royal-elementor-addons

Installations
500,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.7.1

Severity Score:
Medium

CVE:

2024-56062

The vulnerability has been patched, so you should update to version 1.7.1.

AMP for WP – Accelerated Mobile Pages

Plugin:

AMP for WP – Accelerated Mobile Pages

Plugin Slug:
accelerated-mobile-pages

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.1.2

Severity Score:
High

CVE:

2024-11254

The vulnerability has been patched, so you should update to version 1.1.2.

Advanced Google reCAPTCHA

Plugin:

Advanced Google reCAPTCHA

Plugin Slug:
advanced-google-recaptcha

Installations
100,000+

Vulnerability:
Other Vulnerability Type

Patched in Version:
1.26

Severity Score:
Medium

CVE:

2024-12034

The vulnerability has been patched, so you should update to version 1.26.

Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows)

Plugin:

Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows)

Plugin Slug:
bdthemes-element-pack-lite

Installations
100,000+

Vulnerability:
Broken Access Control

Patched in Version:
5.10.13

Severity Score:
Medium

CVE:

2024-11852

The vulnerability has been patched, so you should update to version 5.10.13.

Contact Form 7 – Dynamic Text Extension

Plugin:

Contact Form 7 – Dynamic Text Extension

Plugin Slug:
contact-form-7-dynamic-text-extension

Installations
100,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
5.0.2

Severity Score:
Medium

CVE:

2024-56218

The vulnerability has been patched, so you should update to version 5.0.2.

Download Manager

Plugin:

Download Manager

Plugin Slug:
download-manager

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.3.03

Severity Score:
Medium

CVE:

2024-10706

The vulnerability has been patched, so you should update to version 3.3.03.

Download Manager

Plugin:

Download Manager

Plugin Slug:
download-manager

Installations
100,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.3.04

Severity Score:
Medium

CVE:

2024-56217

The vulnerability has been patched, so you should update to version 3.3.04.

Download Manager

Plugin:

Download Manager

Plugin Slug:
download-manager

Installations
100,000+

Vulnerability:
Arbitrary Code Execution

Patched in Version:
3.3.04

Severity Score:
High

CVE:

2024-11740

The vulnerability has been patched, so you should update to version 3.3.04.

Download Manager

Plugin:

Download Manager

Plugin Slug:
download-manager

Installations
100,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.3.04

Severity Score:
Medium

CVE:

2024-11768

The vulnerability has been patched, so you should update to version 3.3.04.

Tracking Code Manager

Plugin:

Tracking Code Manager

Plugin Slug:
tracking-code-manager

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.4.0

Severity Score:
Medium

CVE:

2024-8721

The vulnerability has been patched, so you should update to version 2.4.0.

Widget Options – The #1 WordPress Widget & Block Control Plugin

Plugin:

Widget Options – The #1 WordPress Widget & Block Control Plugin

Plugin Slug:
widget-options

Installations
100,000+

Vulnerability:
Broken Access Control

Patched in Version:
4.0.8

Severity Score:
Medium

CVE:

2024-56219

The vulnerability has been patched, so you should update to version 4.0.8.

kk Star Ratings – Rate Post & Collect User Feedbacks

Plugin:

kk Star Ratings – Rate Post & Collect User Feedbacks

Plugin Slug:
kk-star-ratings

Installations
90,000+

Vulnerability:
Arbitrary Code Execution

Patched in Version:
5.4.10.1

Severity Score:
High

CVE:

2024-11977

The vulnerability has been patched, so you should update to version 5.4.10.1.

WordPress Button Plugin MaxButtons

Plugin:

WordPress Button Plugin MaxButtons

Plugin Slug:
maxbuttons

Installations
90,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
9.8.1

Severity Score:
Medium

CVE:

2024-10555

The vulnerability has been patched, so you should update to version 9.8.1.

File Manager Pro – Filester

Plugin:

File Manager Pro – Filester

Plugin Slug:
filester

Installations
80,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.8.7

Severity Score:
Medium

CVE:

2024-12331

The vulnerability has been patched, so you should update to version 1.8.7.

Calculated Fields Form

Plugin:

Calculated Fields Form

Plugin Slug:
calculated-fields-form

Installations
50,000+

Vulnerability:
Denial of Service Attack

Patched in Version:
5.2.64

Severity Score:
Medium

CVE:

2024-12601

The vulnerability has been patched, so you should update to version 5.2.64.

Easy Digital Downloads – eCommerce Payments and Subscriptions made easy

Plugin:

Easy Digital Downloads – eCommerce Payments and Subscriptions made easy

Plugin Slug:
easy-digital-downloads

Installations
50,000+

Vulnerability:
Arbitrary File Download

Patched in Version:
3.3.3

Severity Score:
Medium

CVE:

2024-12875

The vulnerability has been patched, so you should update to version 3.3.3.

Easy Digital Downloads – eCommerce Payments and Subscriptions made easy

Plugin:

Easy Digital Downloads – eCommerce Payments and Subscriptions made easy

Plugin Slug:
easy-digital-downloads

Installations
50,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.3.5

Severity Score:
Low

CVE:

2024-9654

The vulnerability has been patched, so you should update to version 3.3.5.

Seraphinite Accelerator

Plugin:

Seraphinite Accelerator

Plugin Slug:
seraphinite-accelerator

Installations
40,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
2.22.16

Severity Score:
Medium

CVE:

2024-54222

The vulnerability has been patched, so you should update to version 2.22.16.

Cost Calculator Builder

Plugin:

Cost Calculator Builder

Plugin Slug:
cost-calculator-builder

Installations
30,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
3.2.43

Severity Score:
Medium

CVE:

2024-10892

The vulnerability has been patched, so you should update to version 3.2.43.

PPWP – Password Protect Pages

Plugin:

PPWP – Password Protect Pages

Plugin Slug:
password-protect-page

Installations
30,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
1.9.6

Severity Score:
Medium

CVE:

2024-11280

The vulnerability has been patched, so you should update to version 1.9.6.

Print Invoice & Delivery Notes for WooCommerce

Plugin:

Print Invoice & Delivery Notes for WooCommerce

Plugin Slug:
woocommerce-delivery-notes

Installations
30,000+

Vulnerability:
Broken Access Control

Patched in Version:
5.4.1

Severity Score:
Medium

CVE:

2024-12210

The vulnerability has been patched, so you should update to version 5.4.1.

Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress

Plugin:

Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress

Plugin Slug:
bookingpress-appointment-booking

Installations
20,000+

Vulnerability:
SQL Injection

Patched in Version:
1.1.22

Severity Score:
High

CVE:

2024-11726

The vulnerability has been patched, so you should update to version 1.1.22.

Serious Slider

Plugin:

Serious Slider

Plugin Slug:
cryout-serious-slider

Installations
20,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.2.7

Severity Score:
Medium

CVE:

2024-11108

The vulnerability has been patched, so you should update to version 1.2.7.

Embed PDF Viewer

Plugin:

Embed PDF Viewer

Plugin Slug:
embed-pdf-viewer

Installations
20,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.4.0

Severity Score:
Medium

CVE:

2024-56256

The vulnerability has been patched, so you should update to version 2.4.0.

HTML Forms – Simple WordPress Forms Plugin

Plugin:

HTML Forms – Simple WordPress Forms Plugin

Plugin Slug:
html-forms

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.4.2

Severity Score:
High

CVE:

2024-56060

The vulnerability has been patched, so you should update to version 1.4.2.

LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes

Plugin:

LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes

Plugin Slug:
lifterlms

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
7.8.6

Severity Score:
Medium

CVE:

2024-12596

The vulnerability has been patched, so you should update to version 7.8.6.

Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction

Plugin:

Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction

Plugin Slug:
paid-member-subscriptions

Installations
10,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
2.13.5

Severity Score:
Medium

CVE:

2024-11291

The vulnerability has been patched, so you should update to version 2.13.5.

s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions

Plugin:

s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions

Plugin Slug:
s2member

Installations
10,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
241216

Severity Score:
High

CVE:

2024-8326

The vulnerability has been patched, so you should update to version 241216.

WordPress Simple Shopping Cart

Plugin:

WordPress Simple Shopping Cart

Plugin Slug:
wordpress-simple-paypal-shopping-cart

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
5.0.8

Severity Score:
Medium

CVE:

2024-12622

The vulnerability has been patched, so you should update to version 5.0.8.

Event Manager, Events Calendar, Tickets, Registrations – Eventin

Plugin:

Event Manager, Events Calendar, Tickets, Registrations – Eventin

Plugin Slug:
wp-event-solution

Installations
10,000+

Vulnerability:
Local File Inclusion

Patched in Version:
4.0.9

Severity Score:
Medium

CVE:

2024-56213

The vulnerability has been patched, so you should update to version 4.0.9.

Frontend Admin by DynamiApps

Plugin:

Frontend Admin by DynamiApps

Plugin Slug:
acf-frontend-form-element

Installations
9,000+

Vulnerability:
SQL Injection

Patched in Version:
3.25.2

Severity Score:
Critical

CVE:

2024-11722

The vulnerability has been patched, so you should update to version 3.25.2.

eCommerce Product Catalog Plugin for WordPress

Plugin:

eCommerce Product Catalog Plugin for WordPress

Plugin Slug:
ecommerce-product-catalog

Installations
9,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
3.3.44

Severity Score:
Medium

CVE:

2024-12771

The vulnerability has been patched, so you should update to version 3.3.44.

Affiliate Program Suite — SliceWP Affiliates

Plugin:

Affiliate Program Suite — SliceWP Affiliates

Plugin Slug:
slicewp

Installations
9,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.1.24

Severity Score:
High

CVE:

2024-12454

The vulnerability has been patched, so you should update to version 1.1.24.

WP Datepicker

Plugin:

WP Datepicker

Plugin Slug:
wp-datepicker

Installations
9,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.1.5

Severity Score:
High

CVE:

2024-12468

The vulnerability has been patched, so you should update to version 2.1.5.

AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress

Plugin:

AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress

Plugin Slug:
automatorwp

Installations
8,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
5.1.0

Severity Score:
High

CVE:

2024-12626

The vulnerability has been patched, so you should update to version 5.1.0.

Events Addon for Elementor

Plugin:

Events Addon for Elementor

Plugin Slug:
events-addon-for-elementor

Installations
8,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.2.4

Severity Score:
Medium

CVE:

2024-12061

The vulnerability has been patched, so you should update to version 2.2.4.

PowerPack Lite for Beaver Builder

Plugin:

PowerPack Lite for Beaver Builder

Plugin Slug:
powerpack-addon-for-beaver-builder

Installations
8,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.3.1

Severity Score:
High

CVE:

2024-12239

The vulnerability has been patched, so you should update to version 1.3.1.

WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts

Plugin:

WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts

Plugin Slug:
wedevs-project-manager

Installations
8,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
2.6.16

Severity Score:
Medium

CVE:

2024-10548

The vulnerability has been patched, so you should update to version 2.6.16.

Themify Builder

Plugin:

Themify Builder

Plugin Slug:
themify-builder

Installations
6,000+

Vulnerability:
Local File Inclusion

Patched in Version:
7.6.5

Severity Score:
Medium

CVE:

2024-56216

The vulnerability has been patched, so you should update to version 7.6.5.

Animation Addons for Elementor

Plugin:

Animation Addons for Elementor

Plugin Slug:
animation-addons-for-elementor

Installations
5,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
1.1.7

Severity Score:
Medium

CVE:

2024-12340

The vulnerability has been patched, so you should update to version 1.1.7.

Collapsing Categories

Plugin:

Collapsing Categories

Plugin Slug:
collapsing-categories

Installations
5,000+

Vulnerability:
SQL Injection

Patched in Version:
3.0.9

Severity Score:
Critical

CVE:

2024-12025

The vulnerability has been patched, so you should update to version 3.0.9.

Simple Page Access Restriction

Plugin:

Simple Page Access Restriction

Plugin Slug:
simple-page-access-restriction

Installations
5,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
1.0.30

Severity Score:
Medium

CVE:

2024-11295

The vulnerability has been patched, so you should update to version 1.0.30.

Booking calendar, Appointment Booking System

Plugin:

Booking calendar, Appointment Booking System

Plugin Slug:
booking-calendar

Installations
4,000+

Vulnerability:
SQL Injection

Patched in Version:
3.2.20

Severity Score:
High

CVE:

2024-10856

The vulnerability has been patched, so you should update to version 3.2.20.

Broken Link Checker | Finder

Plugin:

Broken Link Checker | Finder

Plugin Slug:
broken-link-finder

Installations
4,000+

Vulnerability:
Server Side Request Forgery (SSRF)

Patched in Version:
2.5.1

Severity Score:
Medium

CVE:

2024-12121

The vulnerability has been patched, so you should update to version 2.5.1.

Button Block – Get fully customizable & multi-functional buttons

Plugin:

Button Block – Get fully customizable & multi-functional buttons

Plugin Slug:
button-block

Installations
4,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.1.6

Severity Score:
Medium

CVE:

2024-12560

The vulnerability has been patched, so you should update to version 1.1.6.

ElementsReady Addons for Elementor

Plugin:

ElementsReady Addons for Elementor

Plugin Slug:
element-ready-lite

Installations
4,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
6.4.9

Severity Score:
Medium

CVE:

2024-10356

The vulnerability has been patched, so you should update to version 6.4.9.

EventPrime – Events Calendar, Bookings and Tickets

Plugin:

EventPrime – Events Calendar, Bookings and Tickets

Plugin Slug:
eventprime-event-calendar-management

Installations
4,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.0.6.0

Severity Score:
High

CVE:

2024-12024

The vulnerability has been patched, so you should update to version 4.0.6.0.

Custom Login Page Styler – Limit Login Attempts – Restrict Content With Login – Redirect After Login – Change Login Url

Plugin:

Custom Login Page Styler – Limit Login Attempts – Restrict Content With Login – Redirect After Login – Change Login Url

Plugin Slug:
login-page-styler

Installations
4,000+

Vulnerability:
Privilege Escalation

Patched in Version:
7.1.2

Severity Score:
High

CVE:

2024-12594

The vulnerability has been patched, so you should update to version 7.1.2.

Responsive Blocks – WordPress Gutenberg Blocks

Plugin:

Responsive Blocks – WordPress Gutenberg Blocks

Plugin Slug:
responsive-block-editor-addons

Installations
4,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.9.8

Severity Score:
Medium

CVE:

2024-12268

The vulnerability has been patched, so you should update to version 1.9.8.

Wishlist for WooCommerce: Multi Wishlists Per Customer

Plugin:

Wishlist for WooCommerce: Multi Wishlists Per Customer

Plugin Slug:
wish-list-for-woocommerce

Installations
3,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.1.3

Severity Score:
High

CVE:

2024-56228

The vulnerability has been patched, so you should update to version 3.1.3.

WP-Appbox

Plugin:

WP-Appbox

Plugin Slug:
wp-appbox

Installations
3,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.5.4

Severity Score:
High

CVE:

2024-12710

The vulnerability has been patched, so you should update to version 4.5.4.

WC Price History for Omnibus

Plugin:

WC Price History for Omnibus

Plugin Slug:
wc-price-history

Installations
2,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.1.4

Severity Score:
Medium

CVE:

2024-12617

The vulnerability has been patched, so you should update to version 2.1.4.

DirectoryPress – Business Directory And Classified Ad Listing

Plugin:

DirectoryPress – Business Directory And Classified Ad Listing

Plugin Slug:
directorypress

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.6.17

Severity Score:
Medium

CVE:

2024-10584

The vulnerability has been patched, so you should update to version 3.6.17.

ELEX WooCommerce Dynamic Pricing and Discounts

Plugin:

ELEX WooCommerce Dynamic Pricing and Discounts

Plugin Slug:
elex-woocommerce-dynamic-pricing-and-discounts

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.1.8

Severity Score:
Medium

CVE:

2024-12266

The vulnerability has been patched, so you should update to version 2.1.8.

Memberful – Membership Plugin

Plugin:

Memberful – Membership Plugin

Plugin Slug:
memberful-wp

Installations
1,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
1.74.0

Severity Score:
Medium

CVE:

2024-11294

The vulnerability has been patched, so you should update to version 1.74.0.

PlugVersions – Easily rollback to previous versions of your plugins

Plugin:

PlugVersions – Easily rollback to previous versions of your plugins

Plugin Slug:
plugversions

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
0.0.8

Severity Score:
High

CVE:

2024-12881

The vulnerability has been patched, so you should update to version 0.0.8.

SearchIQ – The Search Solution

Plugin:

SearchIQ – The Search Solution

Plugin Slug:
searchiq

Installations
1,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
4.7

Severity Score:
Medium

CVE:

2024-56229

The vulnerability has been patched, so you should update to version 4.7.

WP Docs

Plugin:

WP Docs

Plugin Slug:
wp-docs

Installations
1,000+

Vulnerability:
SQL Injection

Patched in Version:
2.2.1

Severity Score:
High

CVE:

2024-12635

The vulnerability has been patched, so you should update to version 2.2.1.

TicketSource Ticket Shop

Plugin:

TicketSource Ticket Shop

Plugin Slug:
ticketsource-events

Installations
800+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.1.0

Severity Score:
Medium

CVE:

2024-11784

The vulnerability has been patched, so you should update to version 3.1.0.

Loan Comparison

Plugin:

Loan Comparison

Plugin Slug:
loan-comparison

Installations
500+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.0.1

Severity Score:
Medium

CVE:

2024-12814

The vulnerability has been patched, so you should update to version 2.0.1.

WooCommerce Additional Fees On Checkout (Free)

Plugin:

WooCommerce Additional Fees On Checkout (Free)

Plugin Slug:
woo-additional-fees-on-checkout-wordpress

Installations
500+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.4.8

Severity Score:
High

CVE:

2024-12395

The vulnerability has been patched, so you should update to version 1.4.8.

CRM WordPress Plugin – RepairBuddy

Plugin:

CRM WordPress Plugin – RepairBuddy

Plugin Slug:
computer-repair-shop

Installations
400+

Vulnerability:
Privilege Escalation

Patched in Version:
3.8120

Severity Score:
High

CVE:

2024-56061

The vulnerability has been patched, so you should update to version 3.8120.

CRM WordPress Plugin – RepairBuddy

Plugin:

CRM WordPress Plugin – RepairBuddy

Plugin Slug:
computer-repair-shop

Installations
400+

Vulnerability:
Broken Access Control

Patched in Version:
3.8122

Severity Score:
High

CVE:

2024-12259

The vulnerability has been patched, so you should update to version 3.8122.

MagicPost – WordPress??????????

Plugin:

MagicPost – WordPress??????????

Plugin Slug:
magicpost

Installations
400+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.2.2

Severity Score:
Medium

CVE:

2024-12591

The vulnerability has been patched, so you should update to version 1.2.2.

Member Directory and Contact Form

Plugin:

Member Directory and Contact Form

Plugin Slug:
pta-member-directory

Installations
400+

Vulnerability:
Broken Access Control

Patched in Version:
1.8.0

Severity Score:
Medium

CVE:

2024-56215

The vulnerability has been patched, so you should update to version 1.8.0.

WP on AWS

Plugin:

WP on AWS

Plugin Slug:
wp-migrate-2-aws

Installations
400+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
5.2.2

Severity Score:
High

CVE:

2024-12408

The vulnerability has been patched, so you should update to version 5.2.2.

Text Prompter – Unlimited chatgpt text prompts for openai tasks

Plugin:

Text Prompter – Unlimited chatgpt text prompts for openai tasks

Plugin Slug:
ai-content

Installations
300+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.0.8

Severity Score:
Medium

CVE:

2024-11896

The vulnerability has been patched, so you should update to version 1.0.8.

Content No Cache | Serve uncached partial content even when you add it to a page that is fully cached.

Plugin:

Content No Cache | Serve uncached partial content even when you add it to a page that is fully cached.

Plugin Slug:
content-no-cache

Installations
300+

Vulnerability:
Broken Access Control

Patched in Version:
0.1.3

Severity Score:
Medium

CVE:

2024-12103

The vulnerability has been patched, so you should update to version 0.1.3.

PCRecruiter Extensions

Plugin:

PCRecruiter Extensions

Plugin Slug:
pcrecruiter-extensions

Installations
300+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.4.23

Severity Score:
Medium

CVE:

2024-11776

The vulnerability has been patched, so you should update to version 1.4.23.

Peter’s Custom Anti-Spam

Plugin:

Peter’s Custom Anti-Spam

Plugin Slug:
peters-custom-anti-spam-image

Installations
300+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
3.2.4

Severity Score:
Medium

CVE:

2024-12554

The vulnerability has been patched, so you should update to version 3.2.4.

Stop Registration Spam

Plugin:

Stop Registration Spam

Plugin Slug:
stop-registration-spam

Installations
300+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.24

Severity Score:
High

CVE:

2024-56017

The vulnerability has been patched, so you should update to version 1.24.

WP BASE Booking of Appointments, Services and Events

Plugin:

WP BASE Booking of Appointments, Services and Events

Plugin Slug:
wp-base-booking-of-appointments-services-and-events

Installations
300+

Vulnerability:
Broken Access Control

Patched in Version:
5.0.0

Severity Score:
Medium

CVE:

2024-12558

The vulnerability has been patched, so you should update to version 5.0.0.

WP BASE Booking of Appointments, Services and Events

Plugin:

WP BASE Booking of Appointments, Services and Events

Plugin Slug:
wp-base-booking-of-appointments-services-and-events

Installations
300+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.9.2

Severity Score:
High

CVE:

2024-12469

The vulnerability has been patched, so you should update to version 4.9.2.

WPC Shop as a Customer for WooCommerce

Plugin:

WPC Shop as a Customer for WooCommerce

Plugin Slug:
wpc-shop-as-customer

Installations
300+

Vulnerability:
Broken Access Control

Patched in Version:
1.2.9

Severity Score:
High

CVE:

2024-12432

The vulnerability has been patched, so you should update to version 1.2.9.

Dynamic Product Category Grid, Slider for WooCommerce

Plugin:

Dynamic Product Category Grid, Slider for WooCommerce

Plugin Slug:
dynamic-product-categories-design

Installations
200+

Vulnerability:
Local File Inclusion

Patched in Version:
1.1.4

Severity Score:
High

CVE:

2024-56230

The vulnerability has been patched, so you should update to version 1.1.4.

Export Customers Data

Plugin:

Export Customers Data

Plugin Slug:
export-customers-data

Installations
200+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.2.4

Severity Score:
High

CVE:

2024-12405

The vulnerability has been patched, so you should update to version 1.2.4.

NinjaTeam Chat for Telegram

Plugin:

NinjaTeam Chat for Telegram

Plugin Slug:
ninjateam-telegram

Installations
200+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.1

Severity Score:
Medium

CVE:

2024-11885

The vulnerability has been patched, so you should update to version 1.1.

Feedify – Web Push Notifications

Plugin:

Feedify – Web Push Notifications

Plugin Slug:
push-notification-by-feedify

Installations
200+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.4.3

Severity Score:
High

CVE:

2024-11811

The vulnerability has been patched, so you should update to version 2.4.3.

ShMapper by Teplitsa

Plugin:

ShMapper by Teplitsa

Plugin Slug:
shmapper-by-teplitsa

Installations
200+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.5.0

Severity Score:
Medium

CVE:

2024-12518

The vulnerability has been patched, so you should update to version 1.5.0.

Accept Authorize.NET Payments Using Contact Form 7

Plugin:

Accept Authorize.NET Payments Using Contact Form 7

Plugin Slug:
accept-authorize-net-payments-using-contact-form-7

Installations
100+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
2.3

Severity Score:
Medium

CVE:

2024-12250

The vulnerability has been patched, so you should update to version 2.3.

Agency Toolkit

Plugin:

Agency Toolkit

Plugin Slug:
agency-toolkit

Installations
100+

Vulnerability:
Privilege Escalation

Patched in Version:
1.0.24

Severity Score:
Critical

CVE:

2024-56066

The vulnerability has been patched, so you should update to version 1.0.24.

Bitcoin Lightning Publisher for WordPress

Plugin:

Bitcoin Lightning Publisher for WordPress

Plugin Slug:
bitcoin-lightning-publisher

Installations
100+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.4.2

Severity Score:
High

CVE:

2024-12100

The vulnerability has been patched, so you should update to version 1.4.2.

Database Backup and check Tables Automated With Scheduler 2024

Plugin:

Database Backup and check Tables Automated With Scheduler 2024

Plugin Slug:
database-backup

Installations
100+

Vulnerability:
Path Traversal

Patched in Version:
2.33

Severity Score:
Medium

CVE:

2024-12850

The vulnerability has been patched, so you should update to version 2.33.

Gulri Slider

Plugin:

Gulri Slider

Plugin Slug:
gulri-slider

Installations
100+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.5.9

Severity Score:
High

CVE:

2024-56223

The vulnerability has been patched, so you should update to version 3.5.9.

CRM Perks – WordPress HelpDesk Integration – Zendesk, Freshdesk, HelpScout

Plugin:

CRM Perks – WordPress HelpDesk Integration – Zendesk, Freshdesk, HelpScout

Plugin Slug:
support-x

Installations
100+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.1.7

Severity Score:
Medium

CVE:

2024-12443

The vulnerability has been patched, so you should update to version 1.1.7.

Video Share VOD – Turnkey Video Site Builder Script

Plugin:

Video Share VOD – Turnkey Video Site Builder Script

Plugin Slug:
video-share-vod

Installations
100+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.6.31

Severity Score:
Medium

CVE:

2024-12449

The vulnerability has been patched, so you should update to version 2.6.31.

Contests by Rewards Fuel

Plugin:

Contests by Rewards Fuel

Plugin Slug:
contests-from-rewards-fuel

Installations
90+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.0.66

Severity Score:
Medium

CVE:

2024-12513

The vulnerability has been patched, so you should update to version 2.0.66.

Easy Waveform Player

Plugin:

Easy Waveform Player

Plugin Slug:
easy-waveform-player

Installations
90+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.2.1

Severity Score:
Medium

CVE:

2024-11881

The vulnerability has been patched, so you should update to version 1.2.1.

FV Descriptions

Plugin:

FV Descriptions

Plugin Slug:
fv-descriptions

Installations
80+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.5

Severity Score:
High

CVE:

2024-56032

The vulnerability has been patched, so you should update to version 1.5.

ScanCircle

Plugin:

ScanCircle

Plugin Slug:
scancircle

Installations
80+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.9.3

Severity Score:
Medium

CVE:

2024-11439

The vulnerability has been patched, so you should update to version 2.9.3.

Optio Dentistry

Plugin:

Optio Dentistry

Plugin Slug:
optio-dentistry

Installations
70+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.2

Severity Score:
Medium

CVE:

2024-12507

The vulnerability has been patched, so you should update to version 2.2.

Philantro – Donations and Donor Management

Plugin:

Philantro – Donations and Donor Management

Plugin Slug:
philantro

Installations
70+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
5.3

Severity Score:
Medium

CVE:

2024-12500

The vulnerability has been patched, so you should update to version 5.3.

SMS for WooCommerce

Plugin:

SMS for WooCommerce

Plugin Slug:
wc-sms

Installations
70+

Vulnerability:
Broken Access Control

Patched in Version:
2.8.1.1

Severity Score:
High

CVE:

2024-12220

The vulnerability has been patched, so you should update to version 2.8.1.1.

Taeggie Feed

Plugin:

Taeggie Feed

Plugin Slug:
taeggie-feed

Installations
60+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
0.1.10

Severity Score:
Medium

CVE:

2024-11748

The vulnerability has been patched, so you should update to version 0.1.10.

Ledenbeheer

Plugin:

Ledenbeheer

Plugin Slug:
ledenbeheer-external-connection

Installations
20+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.1.1

Severity Score:
Medium

CVE:

2024-56224

The vulnerability has been patched, so you should update to version 2.1.1.

CodeBard Help Desk

Plugin:

CodeBard Help Desk

Plugin Slug:
codebard-help-desk

Installations
10+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.1.2

Severity Score:
Medium

CVE:

2024-56222

The vulnerability has been patched, so you should update to version 1.1.2.

WPMozo Addons Lite for Elementor

Plugin:

WPMozo Addons Lite for Elementor

Plugin Slug:
wpmozo-addons-lite-for-elementor

Installations
10+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.3.0

Severity Score:
Medium

CVE:

2024-56221

The vulnerability has been patched, so you should update to version 1.3.0.

Advanced Floating Content

Plugin:

Advanced Floating Content

Plugin Slug:
advanced-floating-content

Vulnerability:
SQL Injection

Patched in Version:
3.8.3

Severity Score:
High

CVE:

2024-12031

The vulnerability has been patched, so you should update to version 3.8.3.

Biagiotti Membership

Plugin:

Biagiotti Membership

Plugin Slug:
biagiotti-membership

Vulnerability:
Privilege Escalation

Patched in Version:
1.1

Severity Score:
Critical

CVE:

2024-12287

The vulnerability has been patched, so you should update to version 1.1.

WP SuperBackup

Plugin:

WP SuperBackup

Plugin Slug:
indeed-wp-superbackup

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.4

Severity Score:
High

CVE:

2024-56069

The vulnerability has been patched, so you should update to version 2.4.

WP SuperBackup

Plugin:

WP SuperBackup

Plugin Slug:
indeed-wp-superbackup

Vulnerability:
Broken Access Control

Patched in Version:
2.4

Severity Score:
High

CVE:

2024-56070

The vulnerability has been patched, so you should update to version 2.4.

WP SuperBackup

Plugin:

WP SuperBackup

Plugin Slug:
indeed-wp-superbackup

Vulnerability:
Arbitrary File Upload

Patched in Version:
2.4

Severity Score:
Critical

CVE:

2024-56064

The vulnerability has been patched, so you should update to version 2.4.

WP SuperBackup

Plugin:

WP SuperBackup

Plugin Slug:
indeed-wp-superbackup

Vulnerability:
PHP Object Injection

Patched in Version:
2.4

Severity Score:
High

CVE:

2024-56068

The vulnerability has been patched, so you should update to version 2.4.

WP SuperBackup

Plugin:

WP SuperBackup

Plugin Slug:
indeed-wp-superbackup

Vulnerability:
Arbitrary File Download

Patched in Version:
2.4

Severity Score:
High

CVE:

2024-56067

The vulnerability has been patched, so you should update to version 2.4.

Seraphinite Accelerator (Full, premium)

Plugin:

Seraphinite Accelerator (Full, premium)

Plugin Slug:
seraphinite-accelerator-ext

Vulnerability:
Sensitive Data Exposure

Patched in Version:
2.22.16

Severity Score:
Medium

CVE:

2024-54222

The vulnerability has been patched, so you should update to version 2.22.16.

VibeBP

Plugin:

VibeBP

Plugin Slug:
vibebp

Vulnerability:
SQL Injection

Patched in Version:
1.9.9.5.1

Severity Score:
High

CVE:

2024-56041

The vulnerability has been patched, so you should update to version 1.9.9.5.1.

VibeBP

Plugin:

VibeBP

Plugin Slug:
vibebp

Vulnerability:
SQL Injection

Patched in Version:
1.9.9.7.7

Severity Score:
Critical

CVE:

2024-56039

The vulnerability has been patched, so you should update to version 1.9.9.7.7.

VibeBP

Plugin:

VibeBP

Plugin Slug:
vibebp

Vulnerability:
Privilege Escalation

Patched in Version:
1.9.9.5

Severity Score:
Critical

CVE:

2024-56040

The vulnerability has been patched, so you should update to version 1.9.9.5.

WooCommerce PDF Vouchers

Plugin:

WooCommerce PDF Vouchers

Plugin Slug:
woocommerce-pdf-vouchers

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.9.9

Severity Score:
High

CVE:

2024-56265

The vulnerability has been patched, so you should update to version 4.9.9.

WP All Import Pro

Plugin:

WP All Import Pro

Plugin Slug:
wp-all-import-pro

Vulnerability:
Server Side Request Forgery (SSRF)

Patched in Version:
4.9.4

Severity Score:
Medium

CVE:

2024-9624

The vulnerability has been patched, so you should update to version 4.9.4.

WPLMS

Plugin:

WPLMS

Plugin Slug:
wplms-plugin

Vulnerability:
Arbitrary File Deletion

Patched in Version:
1.9.9.5.2

Severity Score:
High

CVE:

2024-56055

The vulnerability has been patched, so you should update to version 1.9.9.5.2.

WPLMS

Plugin:

WPLMS

Plugin Slug:
wplms-plugin

Vulnerability:
Arbitrary File Upload

Patched in Version:
1.9.9.5.2

Severity Score:
Critical

CVE:

2024-56054

The vulnerability has been patched, so you should update to version 1.9.9.5.2.

WPLMS

Plugin:

WPLMS

Plugin Slug:
wplms-plugin

Vulnerability:
Arbitrary File Upload

Patched in Version:
1.9.9.5.2

Severity Score:
Critical

CVE:

2024-56057

The vulnerability has been patched, so you should update to version 1.9.9.5.2.

WPLMS

Plugin:

WPLMS

Plugin Slug:
wplms-plugin

Vulnerability:
SQL Injection

Patched in Version:
1.9.9.5.3

Severity Score:
High

CVE:

2024-56047

The vulnerability has been patched, so you should update to version 1.9.9.5.3.

WPLMS

Plugin:

WPLMS

Plugin Slug:
wplms-plugin

Vulnerability:
SQL Injection

Patched in Version:
1.9.9.5.3

Severity Score:
Critical

CVE:

2024-56042

The vulnerability has been patched, so you should update to version 1.9.9.5.3.

WPLMS

Plugin:

WPLMS

Plugin Slug:
wplms-plugin

Vulnerability:
Arbitrary File Deletion

Patched in Version:
1.9.9.5.2

Severity Score:
High

CVE:

2024-56049

The vulnerability has been patched, so you should update to version 1.9.9.5.2.

WPLMS

Plugin:

WPLMS

Plugin Slug:
wplms-plugin

Vulnerability:
Arbitrary File Upload

Patched in Version:
1.9.9.1

Severity Score:
Critical

CVE:

2024-56046

The vulnerability has been patched, so you should update to version 1.9.9.1.

WPLMS

Plugin:

WPLMS

Plugin Slug:
wplms-plugin

Vulnerability:
Remote Code Execution (RCE)

Patched in Version:
1.9.9.5

Severity Score:
High

CVE:

2024-56051

The vulnerability has been patched, so you should update to version 1.9.9.5.

WPLMS

Plugin:

WPLMS

Plugin Slug:
wplms-plugin

Vulnerability:
Privilege Escalation

Patched in Version:
1.9.9.1

Severity Score:
High

CVE:

2024-56048

The vulnerability has been patched, so you should update to version 1.9.9.1.

WPLMS

Plugin:

WPLMS

Plugin Slug:
wplms-plugin

Vulnerability:
Arbitrary File Deletion

Patched in Version:
1.9.9.5

Severity Score:
Critical

CVE:

2024-56045

The vulnerability has been patched, so you should update to version 1.9.9.5.

WPLMS

Plugin:

WPLMS

Plugin Slug:
wplms-plugin

Vulnerability:
Privilege Escalation

Patched in Version:
1.9.9.1

Severity Score:
Critical

CVE:

2024-56043

The vulnerability has been patched, so you should update to version 1.9.9.1.

WPLMS

Plugin:

WPLMS

Plugin Slug:
wplms-plugin

Vulnerability:
Privilege Escalation

Patched in Version:
1.9.9.1

Severity Score:
Critical

CVE:

2024-56044

The vulnerability has been patched, so you should update to version 1.9.9.1.

WPLMS

Plugin:

WPLMS

Plugin Slug:
wplms-plugin

Vulnerability:
Arbitrary File Upload

Patched in Version:
1.9.9.5.3

Severity Score:
Critical

CVE:

2024-56050

The vulnerability has been patched, so you should update to version 1.9.9.5.3.

WPLMS

Plugin:

WPLMS

Plugin Slug:
wplms-plugin

Vulnerability:
Arbitrary File Upload

Patched in Version:
1.9.9.5.2

Severity Score:
Critical

CVE:

2024-56052

The vulnerability has been patched, so you should update to version 1.9.9.5.2.

WPLMS

Plugin:

WPLMS

Plugin Slug:
wplms-plugin

Vulnerability:
SQL Injection

Patched in Version:
1.9.9.5.3

Severity Score:
High

CVE:

2024-56053

The vulnerability has been patched, so you should update to version 1.9.9.5.3.

WordPress Themes — 5 Patched / 4 Unpatched

NewsDaily

Theme:

NewsDaily

Theme Slug:
newsdaily

Downloads
44,342

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-56208

The vulnerability has not been patched. You should switch themes.

VW Automobile Lite

Theme:

VW Automobile Lite

Theme Slug:
vw-automobile-lite

Downloads
188,505

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-56234

The vulnerability has not been patched. You should switch themes.

Olivia

Theme:

Olivia

Theme Slug:
olivia

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-56014

The vulnerability has not been patched. You should switch themes.

Zerif Lite

Theme:

Zerif Lite

Theme Slug:
zerif-lite

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

The vulnerability has not been patched. You should switch themes.

NewsMash

Theme:

NewsMash

Theme Slug:
newsmash

Downloads
100,124

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.0.72

Severity Score:
Medium

CVE:

2024-56208

The vulnerability has been patched, so you should update to version 1.0.72.

AdForest

Theme:

AdForest

Theme Slug:
adforest

Vulnerability:
Broken Access Control

Patched in Version:
5.1.7

Severity Score:
Critical

CVE:

2024-11349

The vulnerability has been patched, so you should update to version 5.1.7.

Kleo

Theme:

Kleo

Theme Slug:
kleo

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
5.4.4

Severity Score:
High

CVE:

2024-56209

The vulnerability has been patched, so you should update to version 5.4.4.

Traveler

Theme:

Traveler

Theme Slug:
traveler

Vulnerability:
Broken Access Control

Patched in Version:
3.1.7

Severity Score:
Medium

CVE:

2024-11926

The vulnerability has been patched, so you should update to version 3.1.7.

Traveler

Theme:

Traveler

Theme Slug:
traveler

Vulnerability:
SQL Injection

Patched in Version:
3.1.7

Severity Score:
Critical

CVE:

2024-11912

The vulnerability has been patched, so you should update to version 3.1.7.

window[“d85636d0_d8f7_4913_a8bb_b12dbd02e728”] = {“blockId”:”d85636d0-d8f7-4913-a8bb-b12dbd02e728″,”className”:””,”heading”:”Solid Security is part of Solid Suite u2014 The best foundation for WordPress websites.”,”text”:”Every WordPress site needs security, backups, and management tools. Thatu2019s Solid Suite u2014 an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academyu2019s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!”,”buttonText”:”Get Solid Security”,”buttonLink”:”/pricing”,”buttonTarget”:”_self”,”buttonRel”:””};

Solid Security is part of Solid Suite — The best foundation for WordPress websites.

Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!

Get Solid Security

The post WordPress Vulnerability Report — December 25, 2024 appeared first on SolidWP.

Keep reading the article at Blog – SolidWP. The article was originally written by Sarah Zuercher on 2024-12-25 11:27:00.

The article was hand-picked and curated for you by the Editorial Team of WP Archives.

Disclosure: Some of the links in this post are "affiliate links." This means if you click on the link and purchase the product, We may receive an affiliate commission.

Previous Post
Next Post

Related Posts

WordPress Vulnerability Roundup: March , Part 1

WordPress

Customizing WordPress User Roles With Branda

WordPress

20 Best React Dashboard Templates For Killer Applications –

WordPress

Booknetic: WordPress Appointments & Booking –

WordPress

Quickly & Easily Build Popups with WP Popups Pro –

WordPress

How Much Does a Domain Name Really Cost

WordPress

Leave a Comment Cancel Reply
Your email address will not be published. Required fields are marked *
Type here..

Name*

Email*

Website

Save my name, email, and website in this browser for the next time I comment.

Notify me of follow-up comments by email.
Notify me of new posts by email.

Δ

WordPress Vulnerability Report — October 30, 2024
WordPress

In this report, 251 vulnerabilities have been publicly disclosed. Security patches for 141 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 110 plugin and theme vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

Along with poor user account security, vulnerable plugins and themes are among the top reasons why WordPress websites get hacked. Unfortunately, cyberattacks are increasing in volume and sophistication. They’re also increasingly aimed at small to mid-sized businesses.

Table of Contents

1. WordPress Core

2. WordPress Plugins — 136 Patched / 109 Unpatched

2.1
Countdown, Coming Soon, Maintenance – Countdown & Clock

2.2
DarkMySite – Advanced Dark Mode Plugin for WordPress

2.3
ACL Floating Cart for WooCommerce

2.4
Acnoo Flutter API

2.5
Advanced Online Ordering and Delivery Platform

2.6
Agile Video Player Lite

2.7
AI Image Generator for Your Content & Featured Images – AI Postpix

2.8
Ajar in5 Embed

2.9
Amilia Store

2.10
AR For Woocommerce

2.11
AR For WordPress

2.12
Automatic Translation

2.13
Bamazoo Button Generator

2.14
Banner Slider

2.15
Beek Widget Extention

2.16
Bet WC 2018 Russia

2.17
BuddyPress Greeting Message

2.18
BP Member Type Manager

2.19
Bstone Demo Importer

2.20
Bulk Change Role

2.21
Clever Addons for Elementor

2.22
Campus Explorer Widget

2.23
chatplusjp

2.24
Code Generate

2.25
Coub

2.26
CWD 3D Image Gallery

2.27
DocumentPress

2.28
DS.DownloadList

2.29
Editor Custom Color Palette

2.30
EKC Tournament Manager

2.31
Exam Matrix

2.32
Extra Privacy for Elementor

2.33
Whitelist

2.34
Google Docs RSVP

2.35
TeploBot – Telegram Bot for WP

2.36
iBryl Switch User

2.37
ID-SK Toolkit

2.38
INK Official

2.39
Kodex Posts likes

2.40
League of Legends Shortcodes

2.41
League of Legends Shortcodes

2.42
leenk.me

2.43
MaanStore API

2.44
Forms for Mailchimp by Optin Cat

2.45
Local Business Addons For Elementor

2.46
Marketing Automation by AZEXO

2.47
Marketing Automation by AZEXO

2.48
Meetup

2.49
Monitor.chat

2.50
Monkee-Boy Essentials

2.51
Multi Purpose Mail Form

2.52
Order Notification for Telegram

2.53
PegaPoll

2.54
Portfolleo

2.55
PriPre

2.56
Realty Workstation

2.57
3D Work In Progress

2.58
3D Work In Progress

2.59
Risk Warning Bar

2.60
RSVP ME

2.61
Extensions by HocWP Team

2.62
ScottCart

2.63
Scrollbar by webxapp – Best vertical/horizontal scrollbars plugin

2.64
Shoutcast Icecast HTML5 Radio Player

2.65
Signup Page

2.66
Simple Custom Admin

2.67
Simple Load More

2.68
Simple News

2.69
Affiliate Platform

2.70
GRÜN spendino Spendenformular

2.71
Stacks Mobile App Builder

2.72
SVG Captcha

2.73
1-Click Login: Passwordless Authentication

2.74
Textboxes

2.75
Themes4WP YouTube External Subtitles

2.76
Tida URL Screenshot

2.77
Todo Custom Field

2.78
Token Login

2.79
Trip Plan

2.80
uCAT – Next Story

2.81
Uix Shortcodes

2.82
Verbalize WP

2.83
WatchTowerHQ

2.84
Sudan Payment Gateway for WooCommerce

2.85
10Web Social Post Feed

2.86
Web Bricks Addons for Elementor

2.87
Woocommerce Custom Profile Picture

2.88
Woocommerce Product Design

2.89
Woocommerce Product Design

2.90
Woocommerce Product Design

2.91
Woocommerce Quote Calculator

2.92
WooCommerce Maintenance Mode

2.93
Awesome Buttons

2.94
WP Awesome Login

2.95
Category and Taxonomy Image

2.96
Category and Taxonomy Meta Fields

2.97
Category and Taxonomy Meta Fields

2.98
Category and Taxonomy Meta Fields

2.99
WP donimedia carousel

2.100
Plugin Propagator

2.101
WP Query Console

2.102
Raptor Editor

2.103
WP show more

2.104
WPS Telegram Chat

2.105
WPS Telegram Chat

2.106
WPSchoolPress

2.107
Wux Blog Editor

2.108
Wux Blog Editor

2.109
Editorial Assistant by Sovrn

2.110
All-in-One WP Migration and Backup

2.111
All-in-One WP Migration and Backup

2.112
Elementor Header & Footer Builder

2.113
ElementsKit Elementor addons

2.114
Ninja Forms – The Contact Form Builder That Grows With You

2.115
Ninja Forms – The Contact Form Builder That Grows With You

2.116
Forminator Forms – Contact Form, Payment Form & Custom Form Builder

2.117
WP Shortcodes Plugin — Shortcodes Ultimate

2.118
Royal Elementor Addons and Templates

2.119
Breeze – WordPress Cache Plugin

2.120
Breeze – WordPress Cache Plugin

2.121
Templately – Elementor & Gutenberg Template Library: 5000+ Free & Pro Ready Templates & Cloud!

2.122
Templately – Elementor & Gutenberg Template Library: 5000+ Free & Pro Ready Templates & Cloud!

2.123
PDF Invoices & Packing Slips for WooCommerce

2.124
SEOPress – On-site SEO

2.125
SEOPress – On-site SEO

2.126
SEOPress – On-site SEO

2.127
Astra Widgets

2.128
Firelight Lightbox

2.129
Qi Addons For Elementor

2.130
Dear Flipbook – PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer

2.131
AMP for WP – Accelerated Mobile Pages

2.132
Beaver Builder – WordPress Page Builder

2.133
BuddyPress

2.134
Conditional Fields for Contact Form 7

2.135
Custom Twitter Feeds – A Tweets Widget or X Feed Widget

2.136
EmbedPress – Embed PDF, 3D Flipbook, Social Feeds, Google Docs, Vimeo, Wistia, YouTube Videos, Audios, Google Maps in Gutenberg Block & Elementor

2.137
Schema & Structured Data for WP & AMP

2.138
Download Monitor

2.139
Import and export users and customers

2.140
Comments – wpDiscuz

2.141
Call / Contact Button

2.142
Exclusive Addons for Elementor

2.143
WP-Members Membership Plugin

2.144
WP-Members Membership Plugin

2.145
Bold Page Builder

2.146
Qi Blocks

2.147
Photo Gallery, Images, Slider in Rbs Image Gallery

2.148
Product Filter by WBW

2.149
WP Recipe Maker

2.150
RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging

2.151
Post Grid and Gutenberg Blocks

2.152
Simple Membership

2.153
Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX

2.154
Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX

2.155
Compact WP Audio Player

2.156
Download Plugin

2.157
File Upload Types by WPForms

2.158
Greenshift – animation and page builder blocks

2.159
Custom Icons for Elementor

2.160
Futurio Extra

2.161
HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce

2.162
Transients Manager

2.163
Wp Social Login and Register Social Counter

2.164
Backup and Staging by WP Time Capsule

2.165
YITH WooCommerce Product Add-Ons

2.166
AffiliateX – Affiliate Blocks for WordPress, Amazon, eBay, AliExpress Affiliates

2.167
Contact Form 7 + Telegram

2.168
Envo’s Elementor Templates & Widgets for WooCommerce

2.169
GeoDirectory – WP Business Directory Plugin and Classified Listings Directory

2.170
Mega Elements – Addons for Elementor

2.171
Multi Step Form

2.172
Premium SEO Pack – WP SEO Plugin

2.173
Qode Essential Addons

2.174
Selection Lite

2.175
WooCommerce Bulk Edit Products, Orders, Coupons, Any WordPress Post Type (Advanced) – Smart Manager

2.176
WP Booking System – Booking Calendar

2.177
WP VR – 360 Panorama and Virtual Tour Builder For WordPress

2.178
WooCommerce UPS Shipping – Live Rates and Access Points

2.179
Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress Plugin

2.180
Contact Form 7 – Repeatable Fields

2.181
WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting

2.182
Poll Maker – Versus Polls, Anonymous Polls, Image Polls

2.183
Poll Maker – Versus Polls, Anonymous Polls, Image Polls

2.184
Nexter Blocks – WordPress Gutenberg Blocks & 1000+ Starter Templates

2.185
Cozy Blocks – Page Builder for Gutenberg & Site Editor, Post Blocks, WooCommerce Blocks, Magazine Blocks, WordPress Gutenberg Blocks, Patterns and Templates Library

2.186
Cozy Blocks – Page Builder for Gutenberg & Site Editor, Post Blocks, WooCommerce Blocks, Magazine Blocks, WordPress Gutenberg Blocks, Patterns and Templates Library

2.187
Survey Maker

2.188
MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution

2.189
MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution

2.190
Magazine Blocks – Blog Designer, Magazine & Newspaper Website Builder, Page Builder with Posts Blocks, Post Grid

2.191
WPKoi Templates for Elementor

2.192
EventPrime – Events Calendar, Bookings and Tickets

2.193
EventPrime – Events Calendar, Bookings and Tickets

2.194
WP Crowdfunding

2.195
Extra Product Options Builder for WooCommerce

2.196
WP Adminify – Custom WordPress Dashboard, Login and Admin Customizer

2.197
Ads.txt & App-ads.txt Manager for WordPress

2.198
Anchor Episodes Index (Spotify for Podcasters)

2.199
Masteriyo LMS – eLearning and Online Course Builder for WordPress

2.200
Masteriyo LMS – eLearning and Online Course Builder for WordPress

2.201
Mapster WP Maps

2.202
My Wp Brand – Hide menu & Hide Plugin

2.203
Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blogs)

2.204
The Pack Elementor addons (Header Footer & WooCommerce Builder, Template Library)

2.205
Advanced Sermons

2.206
App Builder – Create Native Android & iOS Apps On The Flight

2.207
Great Restaurant Menu WP

2.208
Church Admin

2.209
CodePen Embedded Pens Shortcode

2.210
HD Quiz – Save Results Light

2.211
Interactive World Map

2.212
Landing Page Cat – Coming Soon Page, Maintenance Page & Squeeze Pages

2.213
myCred Elementor

2.214
News Kit Elementor Addons

2.215
PDF Generator Addon for Elementor Page Builder

2.216
Posti Shipping

2.217
SEUR Oficial

2.218
Sunshine Photo Cart: Free Client Photo Galleries for Photographers

2.219
Sunshine Photo Cart: Free Client Photo Galleries for Photographers

2.220
Terms descriptions

2.221
WP Flow Plus

2.222
MDTF – Meta Data and Taxonomies Filter

2.223
MDTF – Meta Data and Taxonomies Filter

2.224
Accept Stripe Donation and Payments – AidWP

2.225
Kata Plus – Addons for Elementor – Widgets, Extensions and Templates

2.226
SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity

2.227
WP Sessions Time Monitoring Full Automatic

2.228
Namaste! LMS

2.229
Namaste! LMS

2.230
Namaste! LMS

2.231
Namaste! LMS

2.232
WP Abstracts

2.233
LaTeX2HTML

2.234
Rover IDX

2.235
Rover IDX

2.236
WPC Shop as a Customer for WooCommerce

2.237
WordPress Post Grid Layouts with Pagination – Sogrid

2.238
Booking Plugin for Your WordPress Appointments – Time Slot

2.239
User Toolkit

2.240
aDirectory – Directory Listing WordPress Plugin

2.241
Client Power Tools Portal

2.242
Image Map Pro

2.243
Image Map Pro

2.244
ProfilePress Pro

2.245
WooCommerce Order Proposal

3. WordPress Themes — 5 Patched / 1 Unpatched

3.1
js paper

3.2
Clean Retina

3.3
Mags

3.4
Meta News

3.5
NewsCard

3.6
Nioland

Our WordPress Vulnerability Report covers the latest emerging WordPress plugin, theme, and core vulnerabilities. Each vulnerability will have a severity rating of Low, Medium, High, or Critical. Responsible disclosure of vulnerabilities is essential to keeping the WordPress community safe. Please share this report to help spread the word and make WordPress — and the web — more secure.

WordPress Core

WordPress 6.7 Beta 3 is available and ready for testing! This beta version of the WordPress software is under development. Please do not install, run, or test this version of WordPress on production or mission-critical websites. Instead, it is recommended you evaluate Beta 3 on a test server and site.

No new core vulnerabilities were disclosed this week.

WordPress Plugins — 136 Patched / 109 Unpatched

Plugin Slug:
countdown-builder

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
darkmysite

Installations
1,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

ACL Floating Cart for WooCommerce

Plugin Slug:
acl-floating-cart-for-woocommerce

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Acnoo Flutter API

Plugin Slug:
acnoo-flutter-api

Vulnerability:
Privilege Escalation

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

Advanced Online Ordering and Delivery Platform

Plugin Slug:
advanced-online-ordering-and-delivery-platform

Vulnerability:
Local File Inclusion

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Agile Video Player Lite

Plugin Slug:
agile-video-player

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

AI Image Generator for Your Content & Featured Images – AI Postpix

Plugin Slug:
ai-postpix

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

Ajar in5 Embed

Plugin Slug:
ajar-productions-in5-embed

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

Amilia Store

Plugin Slug:
amilia-store

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

AR For Woocommerce

Plugin Slug:
ar-for-woocommerce

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

AR For WordPress

Plugin Slug:
ar-for-wordpress

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

Automatic Translation

Plugin Slug:
automatic-translation

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

Bamazoo Button Generator

Plugin Slug:
bamazoo-button-generator

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Banner Slider

Plugin Slug:
banner-slider

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Beek Widget Extention

Plugin Slug:
beek-widget-extention

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Bet WC 2018 Russia

Plugin Slug:
bet-wc-2018-russia

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

BuddyPress Greeting Message

Plugin Slug:
bp-greeting-message

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

BP Member Type Manager

Plugin Slug:
bp-member-type-manager

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Bstone Demo Importer

Plugin Slug:
bstone-demo-importer

Vulnerability:
Privilege Escalation

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Bulk Change Role

Plugin Slug:
bulk-role-change

Vulnerability:
Privilege Escalation

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Clever Addons for Elementor

Plugin Slug:
cafe-lite

Vulnerability:
Sensitive Data Exposure

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Campus Explorer Widget

Plugin Slug:
campus-explorer-widget

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

chatplusjp

Plugin Slug:
chatplusjp

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Code Generate

Plugin Slug:
code-generator

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Coub

Plugin Slug:
coub

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

CWD 3D Image Gallery

Plugin Slug:
cwd-3d-image-gallery

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

DocumentPress

Plugin Slug:
documentpress-display-any-document-on-your-site

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

DS.DownloadList

Plugin Slug:
dsdownloadlist

Vulnerability:
PHP Object Injection

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

Editor Custom Color Palette

Plugin Slug:
editor-custom-color-palette

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

EKC Tournament Manager

Plugin Slug:
ekc-tournament-manager

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

Exam Matrix

Plugin Slug:
exam-matrix

Vulnerability:
Privilege Escalation

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

Extra Privacy for Elementor

Plugin Slug:
extra-privacy-for-elementor

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Whitelist

Plugin Slug:
fifthsegment-whitelist

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Google Docs RSVP

Plugin Slug:
google-docs-rsvp-guestlist

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

TeploBot – Telegram Bot for WP

Plugin Slug:
green-wp-telegram-bot-by-teplitsa

Vulnerability:
Sensitive Data Exposure

Patched in Version:
No Fix

Severity Score:
High

Plugin:

iBryl Switch User

Plugin Slug:
ibryl-switch-user

Vulnerability:
Broken Authentication

Patched in Version:
No Fix

Severity Score:
High

Plugin:

ID-SK Toolkit

Plugin Slug:
idsk-toolkit

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

INK Official

Plugin Slug:
ink-official

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

Kodex Posts likes

Plugin Slug:
kodex-posts-likes

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

League of Legends Shortcodes

Plugin Slug:
league-of-legends-shortcodes

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin:

League of Legends Shortcodes

Plugin Slug:
league-of-legends-shortcodes

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

leenk.me

Plugin Slug:
leenkme

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

MaanStore API

Plugin Slug:
maanstore-api

Vulnerability:
Broken Authentication

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

Forms for Mailchimp by Optin Cat

Plugin Slug:
mailchimp-wp

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Local Business Addons For Elementor

Plugin Slug:
map-addons-for-elementor-waze-map

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Marketing Automation by AZEXO

Plugin Slug:
marketing-automation-by-azexo

Vulnerability:
Privilege Escalation

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Marketing Automation by AZEXO

Plugin Slug:
marketing-automation-by-azexo

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

Meetup

Plugin Slug:
meetup

Vulnerability:
Broken Authentication

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

Monitor.chat

Plugin Slug:
monitor-chat

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Monkee-Boy Essentials

Plugin Slug:
monkee-boy-wp-essentials

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Multi Purpose Mail Form

Plugin Slug:
multi-purpose-mail-form

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

Order Notification for Telegram

Plugin Slug:
order-notification-for-telegram

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

PegaPoll

Plugin Slug:
pegapoll

Vulnerability:
Privilege Escalation

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

Portfolleo

Plugin Slug:
portfolleo

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

PriPre

Plugin Slug:
pripre

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Realty Workstation

Plugin Slug:
realty-workstation

Vulnerability:
Broken Authentication

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

3D Work In Progress

Plugin Slug:
renee-work-in-progress

Vulnerability:
Arbitrary File Deletion

Patched in Version:
No Fix

Severity Score:
High

Plugin:

3D Work In Progress

Plugin Slug:
renee-work-in-progress

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

Risk Warning Bar

Plugin Slug:
risk-warning-bar

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

RSVP ME

Plugin Slug:
rsvp-me

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

Extensions by HocWP Team

Plugin Slug:
sb-core

Vulnerability:
Broken Authentication

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

ScottCart

Plugin Slug:
scottcart

Vulnerability:
Remote Code Execution (RCE)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Scrollbar by webxapp – Best vertical/horizontal scrollbars plugin

Plugin Slug:
scrollbar-by-webxapp

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Shoutcast Icecast HTML5 Radio Player

Plugin Slug:
shoutcast-icecast-html5-radio-player

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Signup Page

Plugin Slug:
signup-page

Vulnerability:
Privilege Escalation

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

Simple Custom Admin

Plugin Slug:
simple-custom-admin

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Simple Load More

Plugin Slug:
simple-load-more

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Simple News

Plugin Slug:
simple-news

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Affiliate Platform

Plugin Slug:
smdp-affiliate-platform

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

GRÜN spendino Spendenformular

Plugin Slug:
spendino

Vulnerability:
Privilege Escalation

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

Stacks Mobile App Builder

Plugin Slug:
stacks-mobile-app-builder

Vulnerability:
Broken Authentication

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

SVG Captcha

Plugin Slug:
svg-captcha

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

1-Click Login: Passwordless Authentication

Plugin Slug:
swoop-password-free-authentication

Vulnerability:
Broken Authentication

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

Textboxes

Plugin Slug:
textboxes

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Themes4WP YouTube External Subtitles

Plugin Slug:
themes4wp-youtube-external-subtitles

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Tida URL Screenshot

Plugin Slug:
tida-url-screenshot

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Todo Custom Field

Plugin Slug:
todo-custom-field

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Token Login

Plugin Slug:
token-login

Vulnerability:
Broken Authentication

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Trip Plan

Plugin Slug:
tripplan

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

uCAT – Next Story

Plugin Slug:
ucat-next-story

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Uix Shortcodes

Plugin Slug:
uix-shortcodes

Vulnerability:
Arbitrary Code Execution

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Verbalize WP

Plugin Slug:
verbalize-wp

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

WatchTowerHQ

Plugin Slug:
watchtowerhq

Vulnerability:
Broken Authentication

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

Sudan Payment Gateway for WooCommerce

Plugin Slug:
wc-sudan-payment-gateway

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

10Web Social Post Feed

Plugin Slug:
wd-facebook-feed

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Web Bricks Addons for Elementor

Plugin Slug:
webbricks-addons

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Woocommerce Custom Profile Picture

Plugin Slug:
woo-custom-profile-picture

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

Woocommerce Product Design

Plugin Slug:
woo-product-design

Vulnerability:
Arbitrary File Deletion

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Woocommerce Product Design

Plugin Slug:
woo-product-design

Vulnerability:
Arbitrary File Download

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Woocommerce Product Design

Plugin Slug:
woo-product-design

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

Woocommerce Quote Calculator

Plugin Slug:
woo-quote-calculator-order

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

WooCommerce Maintenance Mode

Plugin Slug:
woocommerce-maintenance-mode

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Awesome Buttons

Plugin Slug:
wp-awesome-buttons

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

WP Awesome Login

Plugin Slug:
wp-awesome-login

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Category and Taxonomy Image

Plugin Slug:
wp-custom-taxonomy-image

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Category and Taxonomy Meta Fields

Plugin Slug:
wp-custom-taxonomy-meta

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Category and Taxonomy Meta Fields

Plugin Slug:
wp-custom-taxonomy-meta

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Category and Taxonomy Meta Fields

Plugin Slug:
wp-custom-taxonomy-meta

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

WP donimedia carousel

Plugin Slug:
wp-donimedia-carousel

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

Plugin Propagator

Plugin Slug:
wp-propagator

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

WP Query Console

Plugin Slug:
wp-query-console

Vulnerability:
Remote Code Execution (RCE)

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

Raptor Editor

Plugin Slug:
wp-raptor

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

WP show more

Plugin Slug:
wp-show-more

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

WPS Telegram Chat

Plugin Slug:
wps-telegram-chat

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

WPS Telegram Chat

Plugin Slug:
wps-telegram-chat

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

WPSchoolPress

Plugin Slug:
wpschoolpress

Vulnerability:
Insecure Direct Object References (IDOR)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Wux Blog Editor

Plugin Slug:
wux-blog-editor

Vulnerability:
Broken Authentication

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

Wux Blog Editor

Plugin Slug:
wux-blog-editor

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

Editorial Assistant by Sovrn

Plugin Slug:
zemanta

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
all-in-one-wp-migration

Installations
5,000,000+

Vulnerability:
PHP Object Injection

Patched in Version:
7.87

Severity Score:
High

Plugin Slug:
all-in-one-wp-migration

Installations
5,000,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
7.87

Severity Score:
Medium

Plugin Slug:
header-footer-elementor

Installations
2,000,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
1.6.44

Severity Score:
Medium

Plugin Slug:
elementskit-lite

Installations
1,000,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.3.0

Severity Score:
Medium

Plugin Slug:
ninja-forms

Installations
700,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.8.18

Severity Score:
Medium

Plugin Slug:
ninja-forms

Installations
700,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.8.18

Severity Score:
Medium

Plugin Slug:
forminator

Installations
500,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.36.0

Severity Score:
High

Plugin Slug:
shortcodes-ultimate

Installations
500,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
7.3.0

Severity Score:
Medium

Plugin Slug:
royal-elementor-addons

Installations
400,000+

Vulnerability:
XML External Entity (XXE)

Patched in Version:
1.3.981

Severity Score:
Medium

Plugin Slug:
breeze

Installations
300,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.1.15

Severity Score:
Medium

Plugin Slug:
breeze

Installations
300,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.1.15

Severity Score:
Medium

Plugin Slug:
templately

Installations
300,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.1.6

Severity Score:
Medium

Plugin Slug:
templately

Installations
300,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.1.6

Severity Score:
Medium

Plugin Slug:
woocommerce-pdf-invoices-packing-slips

Installations
300,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.8.7

Severity Score:
Medium

Plugin Slug:
wp-seopress

Installations
300,000+

Vulnerability:
Broken Access Control

Patched in Version:
8.2

Severity Score:
Medium

Plugin Slug:
wp-seopress

Installations
300,000+

Vulnerability:
Broken Access Control

Patched in Version:
8.2

Severity Score:
Medium

Plugin Slug:
wp-seopress

Installations
300,000+

Vulnerability:
Broken Access Control

Patched in Version:
8.2

Severity Score:
Medium

Plugin Slug:
astra-widgets

Installations
200,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.2.15

Severity Score:
Medium

Plugin Slug:
easy-fancybox

Installations
200,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.3.4

Severity Score:
Medium

Plugin Slug:
qi-addons-for-elementor

Installations
200,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
1.8.1

Severity Score:
Medium

Plugin Slug:
3d-flipbook-dflip-lite

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.3.42

Severity Score:
High

Plugin Slug:
accelerated-mobile-pages

Installations
100,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.0.99.2

Severity Score:
High

Plugin Slug:
beaver-builder-lite-version

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.8.3.9

Severity Score:
Medium

Plugin Slug:
buddypress

Installations
100,000+

Vulnerability:
Directory Traversal

Patched in Version:
14.2.1

Severity Score:
Critical

Plugin Slug:
cf7-conditional-fields

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.5

Severity Score:
Medium

Plugin Slug:
custom-twitter-feeds

Installations
100,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.2.4

Severity Score:
Medium

Plugin Slug:
embedpress

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.1.0

Severity Score:
Medium

Plugin Slug:
schema-and-structured-data-for-wp

Installations
100,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
1.36

Severity Score:
Medium

Plugin Slug:
download-monitor

Installations
90,000+

Vulnerability:
Broken Access Control

Patched in Version:
5.0.13

Severity Score:
Medium

Plugin Slug:
import-users-from-csv-with-meta

Installations
80,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.27.6

Severity Score:
Medium

Plugin Slug:
wpdiscuz

Installations
80,000+

Vulnerability:
Broken Authentication

Patched in Version:
7.6.25

Severity Score:
Critical

Plugin Slug:
button-contact-vr

Installations
60,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.7.10

Severity Score:
Medium

Plugin Slug:
exclusive-addons-for-elementor

Installations
60,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
2.7.5

Severity Score:
Medium

Plugin Slug:
wp-members

Installations
60,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.4.9.6

Severity Score:
Medium

Plugin Slug:
wp-members

Installations
60,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.4.9.6

Severity Score:
High

Plugin Slug:
bold-page-builder

Installations
50,000+

Vulnerability:
Broken Access Control

Patched in Version:
5.1.4

Severity Score:
Medium

Plugin Slug:
qi-blocks

Installations
50,000+

Vulnerability:
Local File Inclusion

Patched in Version:
1.3.3

Severity Score:
High

Plugin Slug:
robo-gallery

Installations
50,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.2.22

Severity Score:
Medium

Plugin Slug:
woo-product-filter

Installations
50,000+

Vulnerability:
SQL Injection

Patched in Version:
2.7.1

Severity Score:
High

Plugin Slug:
wp-recipe-maker

Installations
50,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
9.7.0

Severity Score:
Medium

Plugin Slug:
wp-rss-aggregator

Installations
50,000+

Vulnerability:
Broken Access Control

Patched in Version:
4.23.13

Severity Score:
Medium

Plugin Slug:
post-grid

Installations
40,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.2.94

Severity Score:
Medium

Plugin Slug:
simple-membership

Installations
40,000+

Vulnerability:
Open Redirection

Patched in Version:
4.5.4

Severity Score:
Medium

Plugin Slug:
ultimate-post

Installations
40,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.1.16

Severity Score:
Medium

Plugin Slug:
ultimate-post

Installations
40,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.1.13

Severity Score:
Medium

Plugin Slug:
compact-wp-audio-player

Installations
30,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.9.14

Severity Score:
Medium

Plugin Slug:
download-plugin

Installations
30,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.2.1

Severity Score:
Medium

Plugin Slug:
file-upload-types

Installations
30,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.5.0

Severity Score:
Medium

Plugin Slug:
greenshift-animation-and-page-builder-blocks

Installations
30,000+

Vulnerability:
Broken Access Control

Patched in Version:
9.8

Severity Score:
Medium

Plugin Slug:
custom-icons-for-elementor

Installations
20,000+

Vulnerability:
Arbitrary File Upload

Patched in Version:
0.3.4

Severity Score:
Medium

Plugin Slug:
futurio-extra

Installations
20,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.0.12

Severity Score:
Medium

Plugin Slug:
hurrytimer

Installations
20,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.11.0

Severity Score:
Medium

Plugin Slug:
transients-manager

Installations
20,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.0.7

Severity Score:
Medium

Plugin Slug:
wp-social

Installations
20,000+

Vulnerability:
Broken Authentication

Patched in Version:
3.0.8

Severity Score:
Critical

Plugin Slug:
wp-time-capsule

Installations
20,000+

Vulnerability:
PHP Object Injection

Patched in Version:
1.22.22

Severity Score:
High

Plugin Slug:
yith-woocommerce-product-add-ons

Installations
20,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.14.2

Severity Score:
High

Plugin Slug:
affiliatex

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.2.9.1

Severity Score:
Medium

Plugin Slug:
cf7-telegram

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
0.8.6

Severity Score:
Medium

Plugin Slug:
envo-elementor-for-woocommerce

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.4.20

Severity Score:
Medium

Plugin Slug:
geodirectory

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.3.81

Severity Score:
Medium

Plugin Slug:
mega-elements-addons-for-elementor

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.2.7

Severity Score:
Medium

Plugin Slug:
multi-step-form

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.7.22

Severity Score:
Medium

Plugin Slug:
premium-seo-pack

Installations
10,000+

Vulnerability:
SQL Injection

Patched in Version:
1.6.002

Severity Score:
High

Plugin Slug:
qode-essential-addons

Installations
10,000+

Vulnerability:
Local File Inclusion

Patched in Version:
1.6.4

Severity Score:
High

Plugin Slug:
selection-lite

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.14

Severity Score:
Medium

Plugin Slug:
smart-manager-for-wp-e-commerce

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
8.46.0

Severity Score:
Medium

Plugin Slug:
wp-booking-system

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.0.19.11

Severity Score:
Medium

Plugin Slug:
wpvr

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
8.5.6

Severity Score:
Medium

Plugin Slug:
flexible-shipping-ups

Installations
9,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.0.0

Severity Score:
Medium

Plugin Slug:
mage-eventpress

Installations
8,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.2.6

Severity Score:
Medium

Plugin Slug:
cf7-repeatable-fields

Installations
7,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.0.2

Severity Score:
Medium

Plugin Slug:
erp

Installations
7,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.13.3

Severity Score:
High

Plugin Slug:
poll-maker

Installations
7,000+

Vulnerability:
SQL Injection

Patched in Version:
5.4.7

Severity Score:
High

Plugin Slug:
poll-maker

Installations
7,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
5.4.7

Severity Score:
Medium

Plugin Slug:
the-plus-addons-for-block-editor

Installations
7,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.0.0

Severity Score:
Medium

Plugin Slug:
cozy-addons

Installations
6,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.0.19

Severity Score:
Medium

Plugin Slug:
cozy-addons

Installations
6,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.0.16

Severity Score:
Medium

Plugin Slug:
survey-maker

Installations
6,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
5.0.3

Severity Score:
Medium

Plugin Slug:
dc-woocommerce-multi-vendor

Installations
5,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
4.2.5

Severity Score:
Medium

Plugin Slug:
dc-woocommerce-multi-vendor

Installations
5,000+

Vulnerability:
Broken Access Control

Patched in Version:
4.2.5

Severity Score:
Medium

Plugin Slug:
magazine-blocks

Installations
5,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.3.18

Severity Score:
Medium

Plugin Slug:
wpkoi-templates-for-elementor

Installations
5,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.1.1

Severity Score:
Medium

Plugin Slug:
eventprime-event-calendar-management

Installations
4,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.0.4.8

Severity Score:
High

Plugin Slug:
eventprime-event-calendar-management

Installations
4,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.0.4.8

Severity Score:
High

Plugin Slug:
wp-crowdfunding

Installations
4,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.1.12

Severity Score:
Medium

Plugin Slug:
additional-product-fields-for-woocommerce

Installations
3,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.2.134

Severity Score:
High

Plugin Slug:
adminify

Installations
3,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.0.1.7

Severity Score:
Medium

Plugin Slug:
app-ads-txt

Installations
3,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.1.8

Severity Score:
Medium

Plugin Slug:
anchor-episodes-index

Installations
2,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.1.11

Severity Score:
Medium

Plugin Slug:
learning-management-system

Installations
2,000+

Vulnerability:
Privilege Escalation

Patched in Version:
1.13.4

Severity Score:
High

Plugin Slug:
learning-management-system

Installations
2,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.13.4

Severity Score:
Medium

Plugin Slug:
mapster-wp-maps

Installations
2,000+

Vulnerability:
Settings Change

Patched in Version:
1.6.0

Severity Score:
High

Plugin Slug:
my-wp-brand

Installations
2,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.1.3

Severity Score:
Medium

Plugin Slug:
sky-elementor-addons

Installations
2,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.5.16

Severity Score:
Medium

Plugin Slug:
the-pack-addon

Installations
2,000+

Vulnerability:
Local File Inclusion

Patched in Version:
2.1.0

Severity Score:
High

Plugin Slug:
advanced-sermons

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.5

Severity Score:
Medium

Plugin Slug:
app-builder

Installations
1,000+

Vulnerability:
Broken Authentication

Patched in Version:
5.3.8

Severity Score:
High

Plugin Slug:
best-restaurant-menu-by-pricelisto

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.4.3

Severity Score:
Medium

Plugin Slug:
church-admin

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
5.0.0

Severity Score:
High

Plugin Slug:
codepen-embedded-pen-shortcode

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.0.3

Severity Score:
Medium

Plugin Slug:
hd-quiz-save-results-light

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
0.6

Severity Score:
Medium

Plugin Slug:
interactive-world-map

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.4.8

Severity Score:
Medium

Plugin Slug:
landing-page-cat

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.7.5

Severity Score:
Medium

Plugin Slug:
mycred-for-elementor

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.2.7

Severity Score:
Medium

Plugin Slug:
news-kit-elementor-addons

Installations
1,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
1.2.2

Severity Score:
Medium

Plugin Slug:
pdf-generator-addon-for-elementor-page-builder

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.7.5

Severity Score:
Medium

Plugin Slug:
posti-shipping

Installations
1,000+

Vulnerability:
Full Path Disclosure (FPD)

Patched in Version:
3.10.3

Severity Score:
Medium

Plugin Slug:
seur

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.2.12

Severity Score:
High

Plugin Slug:
sunshine-photo-cart

Installations
1,000+

Vulnerability:
Open Redirection

Patched in Version:
3.2.11

Severity Score:
Medium

Plugin Slug:
sunshine-photo-cart

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.2.10

Severity Score:
Medium

Plugin Slug:
terms-descriptions

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.4.7

Severity Score:
High

Plugin Slug:
wp-imageflow2

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
5.2.4

Severity Score:
Medium

Plugin Slug:
wp-meta-data-filter-and-taxonomy-filter

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.3.3.5

Severity Score:
Medium

Plugin Slug:
wp-meta-data-filter-and-taxonomy-filter

Installations
1,000+

Vulnerability:
Bypass Vulnerability

Patched in Version:
1.3.3.5

Severity Score:
High

Plugin Slug:
wp-stripe-donation

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.2.4

Severity Score:
Medium

Plugin Slug:
kata-plus

Installations
600+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.5.0

Severity Score:
Medium

Plugin Slug:
surveyjs

Installations
600+

Vulnerability:
Arbitrary File Upload

Patched in Version:
1.12.4

Severity Score:
Critical

Plugin Slug:
activitytime

Installations
500+

Vulnerability:
SQL Injection

Patched in Version:
1.1.0

Severity Score:
Critical

Plugin Slug:
namaste-lms

Installations
500+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.6.4.1

Severity Score:
Medium

Plugin Slug:
namaste-lms

Installations
500+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.6.3

Severity Score:
Medium

Plugin Slug:
namaste-lms

Installations
500+

Vulnerability:
PHP Object Injection

Patched in Version:
2.6.4

Severity Score:
High

Plugin Slug:
namaste-lms

Installations
500+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.6.3

Severity Score:
High

Plugin Slug:
wp-abstracts-manuscripts-manager

Installations
400+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.7.2

Severity Score:
Medium

Plugin Slug:
latex2html

Installations
300+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.5.5

Severity Score:
High

Plugin Slug:
rover-idx

Installations
300+

Vulnerability:
Privilege Escalation

Patched in Version:
3.0.0.2906

Severity Score:
High

Plugin Slug:
rover-idx

Installations
300+

Vulnerability:
Broken Access Control

Patched in Version:
3.0.0.2905

Severity Score:
Medium

Plugin Slug:
wpc-shop-as-customer

Installations
300+

Vulnerability:
PHP Object Injection

Patched in Version:
1.2.7

Severity Score:
High

Plugin Slug:
sogrid

Installations
200+

Vulnerability:
Local File Inclusion

Patched in Version:
1.5.7

Severity Score:
High

Plugin Slug:
timeslot

Installations
100+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.3.7

Severity Score:
Medium

Plugin Slug:
user-toolkit

Installations
100+

Vulnerability:
Privilege Escalation

Patched in Version:
1.2.4

Severity Score:
Critical

Plugin Slug:
adirectory

Installations
80+

Vulnerability:
Arbitrary File Upload

Patched in Version:
1.3.1

Severity Score:
Critical

Plugin Slug:
client-power-tools

Installations
30+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.9.1

Severity Score:
High

Plugin:

Image Map Pro

Plugin Slug:
image-map-pro

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
6.0.21

Severity Score:
Medium

Plugin:

Image Map Pro

Plugin Slug:
image-map-pro

Vulnerability:
Broken Access Control

Patched in Version:
6.0.21

Severity Score:
Medium

Plugin:

ProfilePress Pro

Plugin Slug:
profilepress-pro

Vulnerability:
Broken Authentication

Patched in Version:
4.11.2

Severity Score:
High

Plugin:

WooCommerce Order Proposal

Plugin Slug:
woocommerce-order-proposal

Vulnerability:
Broken Authentication

Patched in Version:
2.0.6

Severity Score:
High

WordPress Themes — 5 Patched / 1 Unpatched

Theme:

js paper

Theme Slug:
js-paper

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Theme Slug:
clean-retina

Downloads
272,266

Vulnerability:
Local File Inclusion

Patched in Version:
3.0.7

Severity Score:
High

Theme Slug:
mags

Downloads
25,904

Vulnerability:
Local File Inclusion

Patched in Version:
1.1.7

Severity Score:
High

Theme Slug:
meta-news

Downloads
17,650

Vulnerability:
Local File Inclusion

Patched in Version:
1.1.8

Severity Score:
High

Theme Slug:
newscard

Downloads
435,520

Vulnerability:
Local File Inclusion

Patched in Version:
1.4

Severity Score:
High

Theme:

Nioland

Theme Slug:
nioland

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.2.7

Severity Score:
High

Solid Security is part of Solid Suite — The best foundation for WordPress websites.

Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!

Get Solid Security

Keep reading the article at Blog – SolidWP. The article was originally written by Sarah Zuercher on 2024-10-30 09:45:00.

The article was hand-picked and curated for you by the Editorial Team of WP Archives.

Disclosure: Some of the links in this post are "affiliate links." This means if you click on the link and purchase the product, We may receive an affiliate commission.

Previous Post
Next Post

Related Posts

WordPress Vulnerability Roundup: March , Part 1

WordPress

Customizing WordPress User Roles With Branda

WordPress

20 Best React Dashboard Templates For Killer Applications –

WordPress

Booknetic: WordPress Appointments & Booking –

WordPress

Quickly & Easily Build Popups with WP Popups Pro –

WordPress

How Much Does a Domain Name Really Cost

WordPress

Leave a Comment Cancel Reply
Your email address will not be published. Required fields are marked *
Type here..

Name*

Email*

Website

Save my name, email, and website in this browser for the next time I comment.

Notify me of follow-up comments by email.
Notify me of new posts by email.

Δ

WordPress Vulnerability Report — May 22, 2024
WordPress

In this report, 153 vulnerabilities have been publicly disclosed. Security patches for 119 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 34 plugin and themes vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

window[“587c405a_dfaa_41a6_88a0_cfee675cbc8b”] = {“blockId”:”587c405a-dfaa-41a6-88a0-cfee675cbc8b”,”type”:”warning”,”content”:”

Along with poor user account security, vulnerable plugins and themes are among the top reasons why WordPress websites get hacked. Unfortunately, cyberattacks are increasing in volume and sophistication. They’re also increasingly aimed at small to mid-sized businesses.”,”className”:””};

Along with poor user account security, vulnerable plugins and themes are among the top reasons why WordPress websites get hacked. Unfortunately, cyberattacks are increasing in volume and sophistication. They’re also increasingly aimed at small to mid-sized businesses.

window[“11f6da05_c970_4d05_89f8_e32f555bf151”] = {“blockId”:”11f6da05-c970-4d05-89f8-e32f555bf151″,”className”:””,”isOpen”:true};

Table of Contents

1. What Are Remote Code Execution (RCE) Attacks?

1.1 RCE Attacks Explained

2. Remote Code Execution Example

3. What Are the Different Types of Remote Code Execution?

3.1 SQL Injections

3.2 Cross-Site Scripting

3.3 Directory Traversal

4. What Can You Do To Prevent Remote Code Execution (RCE) Attacks?

5. How to Prevent Remote Code Execution (RCE) Attacks: 5 Steps

5.1 1. Download and Install the Solid Security Pro Plugin

5.2 2. Activate Version Management to Keep WordPress Core, Plugins and Themes Updated

5.3 3. Scan Your Site For Vulnerable Plugins and Themes

5.4 4. Prevent Session Hijacking

5.5 5. Turn on Two-Factor Authentication for All Admin Users

6. RCE Prevention: Additional Tips

6.1 1. Only Use Well-Established Software Applications and Plugins

6.2 2. Validate the Input of Users

6.3 3. The Least Privilege Principle

6.4 4. Content-Security-Policy

6.5 5. Stop Script From Reading Cookies

7. Wrapping UP: WordPress Remote Code Execution

window[“df8d7e80_ec24_4a89_8904_30b2c3f63cb7”] = {“blockId”:”df8d7e80-ec24-4a89-8904-30b2c3f63cb7″,”type”:”notice”,”content”:”

Our WordPress Vulnerability Reportu00a0covers the latest emerging WordPress plugin, theme, and core vulnerabilities. Each vulnerability will have a severity rating ofu00a0Low,u00a0Medium,u00a0High, oru00a0Critical. Responsible disclosure of vulnerabilities is essential to keeping the WordPress community safe. Please share this report to help spread the word and make WordPress u2014 and the web u2014 more secure.”,”className”:””};

Our WordPress Vulnerability Report covers the latest emerging WordPress plugin, theme, and core vulnerabilities. Each vulnerability will have a severity rating of Low, Medium, High, or Critical. Responsible disclosure of vulnerabilities is essential to keeping the WordPress community safe. Please share this report to help spread the word and make WordPress — and the web — more secure.

WordPress Core

WordPress 6.5.3 was released on May 7, 2024, as a short-cycle maintenance release. This release features 12 bug fixes on Core and 9 bug fixes for the Block editor.

The next major release will be version 6.6 planned for July 2024.

window[“0307515b_74c4_4623_adaa_9f93addf5eb0”] = {“blockId”:”0307515b-74c4-4623-adaa-9f93addf5eb0″,”text”:”No new core vulnerabilities were disclosed this week.”,”className”:””};

No new core vulnerabilities were disclosed this week.

WordPress Plugins — 109 Patched / 33 Unpatched

Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer

Plugin:

Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer

Plugin Slug:
clearfy

Installations
80,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-34806

The vulnerability has not been patched. You should deactivate the plugin.

Tagembed: Embed Twitter Feed, Google Reviews, YouTube Videos, TikTok, RSS Feed & More Social Media Feeds

Plugin:

Tagembed: Embed Twitter Feed, Google Reviews, YouTube Videos, TikTok, RSS Feed & More Social Media Feeds

Plugin Slug:
tagembed-widget

Installations
8,000+

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-34804

The vulnerability has not been patched. You should deactivate the plugin.

Popup Maker – Responsive popup, Exit Intent Pop up, Email Optins, Autoresponder & More

Plugin:

Popup Maker – Responsive popup, Exit Intent Pop up, Email Optins, Autoresponder & More

Plugin Slug:
popup-maker-wp

Installations
7,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-34770

The vulnerability has not been patched. You should deactivate the plugin.

reCAPTCHA Jetpack

Plugin:

reCAPTCHA Jetpack

Plugin Slug:
recaptcha-jetpack

Installations
700+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-3941

The vulnerability has not been patched. You should deactivate the plugin.

reCAPTCHA Jetpack

Plugin:

reCAPTCHA Jetpack

Plugin Slug:
recaptcha-jetpack

Installations
700+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-3940

The vulnerability has not been patched. You should deactivate the plugin.

UnGallery

Plugin:

UnGallery

Plugin Slug:
ungallery

Installations
50+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-3582

The vulnerability has not been patched. You should deactivate the plugin.

Add Custom CSS and JS

Plugin:

Add Custom CSS and JS

Plugin Slug:
add-custom-css-and-js

Installations
10+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-3903

The vulnerability has not been patched. You should deactivate the plugin.

WP Stacker

Plugin:

WP Stacker

Plugin Slug:
wp-stacker

Installations
10+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-5003

The vulnerability has not been patched. You should deactivate the plugin.

AdFoxly – Ad Manager, AdSense Ads & Ads.txt

Plugin:

AdFoxly – Ad Manager, AdSense Ads & Ads.txt

Plugin Slug:
adfoxly

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-34802

The vulnerability has not been patched. You should deactivate the plugin.

Base64 Encoder/Decoder

Plugin:

Base64 Encoder/Decoder

Plugin Slug:
base64-encoderdecoder

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-3824

The vulnerability has not been patched. You should deactivate the plugin.

Base64 Encoder/Decoder

Plugin:

Base64 Encoder/Decoder

Plugin Slug:
base64-encoderdecoder

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-3823

The vulnerability has not been patched. You should deactivate the plugin.

Base64 Encoder/Decoder

Plugin:

Base64 Encoder/Decoder

Plugin Slug:
base64-encoderdecoder

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-3822

The vulnerability has not been patched. You should deactivate the plugin.

Crafthemes Demo Import

Plugin:

Crafthemes Demo Import

Plugin Slug:
crafthemes-demo-import

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-34800

The vulnerability has not been patched. You should deactivate the plugin.

Dextaz Ping

Plugin:

Dextaz Ping

Plugin Slug:
dextaz-ping

Vulnerability:
Remote Code Execution (RCE)

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-34792

The vulnerability has not been patched. You should deactivate the plugin.

Elegant Blocks

Plugin:

Elegant Blocks

Plugin Slug:
elegant-blocks

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-34769

The vulnerability has not been patched. You should deactivate the plugin.

Fast Custom Social Share by CodeBard

Plugin:

Fast Custom Social Share by CodeBard

Plugin Slug:
fast-custom-social-share-by-codebard

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-34807

The vulnerability has not been patched. You should deactivate the plugin.

HL Twitter

Plugin:

HL Twitter

Plugin Slug:
hl-twitter

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-3630

The vulnerability has not been patched. You should deactivate the plugin.

HL Twitter

Plugin:

HL Twitter

Plugin Slug:
hl-twitter

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-3629

The vulnerability has not been patched. You should deactivate the plugin.

LetterPress

Plugin:

LetterPress

Plugin Slug:
letterpress

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-3590

The vulnerability has not been patched. You should deactivate the plugin.

Newsletter Popup

Plugin:

Newsletter Popup

Plugin Slug:
newsletter-popup

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-3644

The vulnerability has not been patched. You should deactivate the plugin.

Popup4Phone

Plugin:

Popup4Phone

Plugin Slug:
popup4phone

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-3580

The vulnerability has not been patched. You should deactivate the plugin.

Popup4Phone

Plugin:

Popup4Phone

Plugin Slug:
popup4phone

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-3231

The vulnerability has not been patched. You should deactivate the plugin.

PopupAlly

Plugin:

PopupAlly

Plugin Slug:
popupally

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-34796

The vulnerability has not been patched. You should deactivate the plugin.

Praison SEO WordPress

Plugin:

Praison SEO WordPress

Plugin Slug:
seo-wordpress

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-34801

The vulnerability has not been patched. You should deactivate the plugin.

Simple Popup Manager

Plugin:

Simple Popup Manager

Plugin Slug:
simple-popup-manager

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-34797

The vulnerability has not been patched. You should deactivate the plugin.

SP Project & Document Manager

Plugin:

SP Project & Document Manager

Plugin Slug:
sp-client-document-manager

Vulnerability:
Insecure Direct Object References (IDOR)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-3748

The vulnerability has not been patched. You should deactivate the plugin.

SP Project & Document Manager

Plugin:

SP Project & Document Manager

Plugin Slug:
sp-client-document-manager

Vulnerability:
Directory Traversal

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-1693

The vulnerability has not been patched. You should deactivate the plugin.

Tainacan

Plugin:

Tainacan

Plugin Slug:
tainacan

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-34795

The vulnerability has not been patched. You should deactivate the plugin.

Tainacan

Plugin:

Tainacan

Plugin Slug:
tainacan

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-34794

The vulnerability has not been patched. You should deactivate the plugin.

WP Backpack

Plugin:

WP Backpack

Plugin Slug:
wp-backpack

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-4756

The vulnerability has not been patched. You should deactivate the plugin.

WP Next Post Navi

Plugin:

WP Next Post Navi

Plugin Slug:
wp-next-post-navi

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-34793

The vulnerability has not been patched. You should deactivate the plugin.

WP Prayer

Plugin:

WP Prayer

Plugin Slug:
wp-prayer

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-3405

The vulnerability has not been patched. You should deactivate the plugin.

WPB Elementor Addons

Plugin:

WPB Elementor Addons

Plugin Slug:
wpb-elementor-addons

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-34791

The vulnerability has not been patched. You should deactivate the plugin.

Elementor Website Builder – More than Just a Page Builder

Plugin:

Elementor Website Builder – More than Just a Page Builder

Plugin Slug:
elementor

Installations
5,000,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.21.6

Severity Score:
Medium

CVE:

2024-4619

The vulnerability has been patched, so you should update to version 3.21.6.

Yoast SEO

Plugin:

Yoast SEO

Plugin Slug:
wordpress-seo

Installations
5,000,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
22.7

Severity Score:
Medium

CVE:

2024-4984

The vulnerability has been patched, so you should update to version 22.7.

Jetpack – WP Security, Backup, Speed, & Growth

Plugin:

Jetpack – WP Security, Backup, Speed, & Growth

Plugin Slug:
jetpack

Installations
4,000,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
13.4

Severity Score:
Medium

CVE:

2024-4392

The vulnerability has been patched, so you should update to version 13.4.

Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders

Plugin:

Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders

Plugin Slug:
essential-addons-for-elementor-lite

Installations
2,000,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
5.9.16

Severity Score:
Medium

CVE:

2024-34764

The vulnerability has been patched, so you should update to version 5.9.16.

Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders

Plugin:

Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders

Plugin Slug:
essential-addons-for-elementor-lite

Installations
2,000,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
5.9.21

Severity Score:
Medium

CVE:

2024-4624

The vulnerability has been patched, so you should update to version 5.9.21.

Rank Math SEO with AI Best SEO Tools

Plugin:

Rank Math SEO with AI Best SEO Tools

Plugin Slug:
seo-by-rank-math

Installations
2,000,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.0.219-beta

Severity Score:
Medium

CVE:

2024-4617

The vulnerability has been patched, so you should update to version 1.0.219-beta.

Elementor Header & Footer Builder

Plugin:

Elementor Header & Footer Builder

Plugin Slug:
header-footer-elementor

Installations
1,000,000+

Vulnerability:
Content Injection

Patched in Version:
1.6.27

Severity Score:
Medium

CVE:

2024-2619

The vulnerability has been patched, so you should update to version 1.6.27.

Elementor Header & Footer Builder

Plugin:

Elementor Header & Footer Builder

Plugin Slug:
header-footer-elementor

Installations
1,000,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.6.29

Severity Score:
Medium

CVE:

2024-4634

The vulnerability has been patched, so you should update to version 1.6.29.

Page Builder by SiteOrigin

Plugin:

Page Builder by SiteOrigin

Plugin Slug:
siteorigin-panels

Installations
700,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.29.16

Severity Score:
Medium

CVE:

2024-4361

The vulnerability has been patched, so you should update to version 2.29.16.

The Events Calendar

Plugin:

The Events Calendar

Plugin Slug:
the-events-calendar

Installations
700,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
6.4.0.1

Severity Score:
High

CVE:

2024-4180

The vulnerability has been patched, so you should update to version 6.4.0.1.

WP Shortcodes Plugin — Shortcodes Ultimate

Plugin:

WP Shortcodes Plugin — Shortcodes Ultimate

Plugin Slug:
shortcodes-ultimate

Installations
600,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
7.1.6

Severity Score:
Medium

CVE:

2024-4553

The vulnerability has been patched, so you should update to version 7.1.6.

WP Shortcodes Plugin — Shortcodes Ultimate

Plugin:

WP Shortcodes Plugin — Shortcodes Ultimate

Plugin Slug:
shortcodes-ultimate

Installations
600,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
7.1.2

Severity Score:
Medium

CVE:

2024-3548

The vulnerability has been patched, so you should update to version 7.1.2.

NextGEN Gallery – Create an Amazing Photo Gallery in Seconds

Plugin:

NextGEN Gallery – Create an Amazing Photo Gallery in Seconds

Plugin Slug:
nextgen-gallery

Installations
500,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.59.1

Severity Score:
Medium

CVE:

2024-2744

The vulnerability has been patched, so you should update to version 3.59.1.

Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder

Plugin:

Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder

Plugin Slug:
fluentform

Installations
400,000+

Vulnerability:
Privilege Escalation

Patched in Version:
5.1.17

Severity Score:
Critical

CVE:

2024-2771

The vulnerability has been patched, so you should update to version 5.1.17.

Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder

Plugin:

Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder

Plugin Slug:
fluentform

Installations
400,000+

Vulnerability:
Broken Access Control

Patched in Version:
5.1.17

Severity Score:
High

CVE:

2024-2782

The vulnerability has been patched, so you should update to version 5.1.17.

Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder

Plugin:

Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder

Plugin Slug:
fluentform

Installations
400,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
5.1.14

Severity Score:
Medium

CVE:

2024-2772

The vulnerability has been patched, so you should update to version 5.1.14.

Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder

Plugin:

Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder

Plugin Slug:
fluentform

Installations
400,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
5.1.17

Severity Score:
Medium

CVE:

2024-4709

The vulnerability has been patched, so you should update to version 5.1.17.

Happy Addons for Elementor

Plugin:

Happy Addons for Elementor

Plugin Slug:
happy-elementor-addons

Installations
400,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.10.9

Severity Score:
Medium

CVE:

2024-4865

The vulnerability has been patched, so you should update to version 3.10.9.

Happy Addons for Elementor

Plugin:

Happy Addons for Elementor

Plugin Slug:
happy-elementor-addons

Installations
400,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.10.8

Severity Score:
Medium

CVE:

2024-4478

The vulnerability has been patched, so you should update to version 3.10.8.

Gutenberg Blocks with AI by Kadence WP – Page Builder Features

Plugin:

Gutenberg Blocks with AI by Kadence WP – Page Builder Features

Plugin Slug:
kadence-blocks

Installations
400,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.2.37

Severity Score:
Medium

CVE:

2024-4057

The vulnerability has been patched, so you should update to version 3.2.37.

Gutenberg Blocks with AI by Kadence WP – Page Builder Features

Plugin:

Gutenberg Blocks with AI by Kadence WP – Page Builder Features

Plugin Slug:
kadence-blocks

Installations
400,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.2.38

Severity Score:
Medium

CVE:

2024-3189

The vulnerability has been patched, so you should update to version 3.2.38.

Password Protected – Ultimate Plugin to Protect WordPress Site, Pages & WooCommerce Store

Plugin:

Password Protected – Ultimate Plugin to Protect WordPress Site, Pages & WooCommerce Store

Plugin Slug:
password-protected

Installations
400,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.6.7

Severity Score:
Medium

CVE:

2024-0437

The vulnerability has been patched, so you should update to version 2.6.7.

Royal Elementor Addons and Templates

Plugin:

Royal Elementor Addons and Templates

Plugin Slug:
royal-elementor-addons

Installations
300,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.3.975

Severity Score:
Medium

CVE:

2024-3887

The vulnerability has been patched, so you should update to version 1.3.975.

Menu Icons by ThemeIsle

Plugin:

Menu Icons by ThemeIsle

Plugin Slug:
menu-icons

Installations
200,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
0.13.14

Severity Score:
Medium

CVE:

2024-4635

The vulnerability has been patched, so you should update to version 0.13.14.

Image Optimization by Optimole – Lazy Load, CDN, Convert WebP & AVIF

Plugin:

Image Optimization by Optimole – Lazy Load, CDN, Convert WebP & AVIF

Plugin Slug:
optimole-wp

Installations
200,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.13.0

Severity Score:
Medium

CVE:

2024-4636

The vulnerability has been patched, so you should update to version 3.13.0.

Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates

Plugin:

Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates

Plugin Slug:
essential-blocks

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.5.13

Severity Score:
Medium

CVE:

2024-4891

The vulnerability has been patched, so you should update to version 4.5.13.

GiveWP – Donation Plugin and Fundraising Platform

Plugin:

GiveWP – Donation Plugin and Fundraising Platform

Plugin Slug:
give

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.11.0

Severity Score:
Medium

CVE:

2024-3714

The vulnerability has been patched, so you should update to version 3.11.0.

HT Mega – Absolute Addons For Elementor

Plugin:

HT Mega – Absolute Addons For Elementor

Plugin Slug:
ht-mega-for-elementor

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.5.3

Severity Score:
Medium

CVE:

2024-4876

The vulnerability has been patched, so you should update to version 2.5.3.

HT Mega – Absolute Addons For Elementor

Plugin:

HT Mega – Absolute Addons For Elementor

Plugin Slug:
ht-mega-for-elementor

Installations
100,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.5.3

Severity Score:
Medium

CVE:

2024-4875

The vulnerability has been patched, so you should update to version 2.5.3.

ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor)

Plugin:

ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor)

Plugin Slug:
woolentor-addons

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.8.9

Severity Score:
Medium

CVE:

2024-3345

The vulnerability has been patched, so you should update to version 2.8.9.

ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor)

Plugin:

ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor)

Plugin Slug:
woolentor-addons

Installations
100,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.8.9

Severity Score:
High

CVE:

2024-4566

The vulnerability has been patched, so you should update to version 2.8.9.

ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor)

Plugin:

ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor)

Plugin Slug:
woolentor-addons

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.8.8

Severity Score:
Medium

CVE:

2024-34767

The vulnerability has been patched, so you should update to version 2.8.8.

Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce

Plugin:

Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce

Plugin Slug:
email-subscribers

Installations
90,000+

Vulnerability:
Broken Access Control

Patched in Version:
5.7.20

Severity Score:
High

CVE:

2024-4010

The vulnerability has been patched, so you should update to version 5.7.20.

iframe

Plugin:

iframe

Plugin Slug:
iframe

Installations
90,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
5.1

Severity Score:
Medium

CVE:

2024-34805

The vulnerability has been patched, so you should update to version 5.1.

Master Slider – Responsive Touch Slider

Plugin:

Master Slider – Responsive Touch Slider

Plugin Slug:
master-slider

Installations
90,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.9.10

Severity Score:
Medium

CVE:

2024-4470

The vulnerability has been patched, so you should update to version 3.9.10.

Import and export users and customers

Plugin:

Import and export users and customers

Plugin Slug:
import-users-from-csv-with-meta

Installations
80,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.26.7

Severity Score:
Medium

CVE:

2024-4656

The vulnerability has been patched, so you should update to version 1.26.7.

Post and Page Builder by BoldGrid – Visual Drag and Drop Editor

Plugin:

Post and Page Builder by BoldGrid – Visual Drag and Drop Editor

Plugin Slug:
post-and-page-builder

Installations
80,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.26.5

Severity Score:
Medium

CVE:

2024-4400

The vulnerability has been patched, so you should update to version 1.26.5.

Sydney Toolbox

Plugin:

Sydney Toolbox

Plugin Slug:
sydney-toolbox

Installations
80,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.32

Severity Score:
Medium

CVE:

2024-4473

The vulnerability has been patched, so you should update to version 1.32.

Tutor LMS – eLearning and online course solution

Plugin:

Tutor LMS – eLearning and online course solution

Plugin Slug:
tutor

Installations
80,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.7.1

Severity Score:
High

CVE:

2024-4223

The vulnerability has been patched, so you should update to version 2.7.1.

Tutor LMS – eLearning and online course solution

Plugin:

Tutor LMS – eLearning and online course solution

Plugin Slug:
tutor

Installations
80,000+

Vulnerability:
Insecure Direct Object References (IDOR)

Patched in Version:
2.7.1

Severity Score:
Medium

CVE:

2024-4279

The vulnerability has been patched, so you should update to version 2.7.1.

Tutor LMS – eLearning and online course solution

Plugin:

Tutor LMS – eLearning and online course solution

Plugin Slug:
tutor

Installations
80,000+

Vulnerability:
SQL Injection

Patched in Version:
2.7.1

Severity Score:
High

CVE:

2024-4318

The vulnerability has been patched, so you should update to version 2.7.1.

Visual Portfolio, Photo Gallery & Post Grid

Plugin:

Visual Portfolio, Photo Gallery & Post Grid

Plugin Slug:
visual-portfolio

Installations
70,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.3.3

Severity Score:
Medium

CVE:

2024-4363

The vulnerability has been patched, so you should update to version 3.3.3.

Exclusive Addons for Elementor

Plugin:

Exclusive Addons for Elementor

Plugin Slug:
exclusive-addons-for-elementor

Installations
60,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.6.9.7

Severity Score:
Medium

CVE:

2024-4618

The vulnerability has been patched, so you should update to version 2.6.9.7.

WP Table Builder – WordPress Table Plugin

Plugin:

WP Table Builder – WordPress Table Plugin

Plugin Slug:
wp-table-builder

Installations
60,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.4.15

Severity Score:
Medium

CVE:

2024-4700

The vulnerability has been patched, so you should update to version 1.4.15.

Order Export & Order Import for WooCommerce

Plugin:

Order Export & Order Import for WooCommerce

Plugin Slug:
order-import-export-for-woocommerce

Installations
50,000+

Vulnerability:
PHP Object Injection

Patched in Version:
2.5.0

Severity Score:
Medium

CVE:

2024-34751

The vulnerability has been patched, so you should update to version 2.5.0.

Ultimate Blocks – WordPress Blocks Plugin

Plugin:

Ultimate Blocks – WordPress Blocks Plugin

Plugin Slug:
ultimate-blocks

Installations
50,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.1.7

Severity Score:
Medium

CVE:

2024-3241

The vulnerability has been patched, so you should update to version 3.1.7.

DethemeKit For Elementor

Plugin:

DethemeKit For Elementor

Plugin Slug:
dethemekit-for-elementor

Installations
40,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.1.4

Severity Score:
Medium

CVE:

2024-4374

The vulnerability has been patched, so you should update to version 2.1.4.

DethemeKit For Elementor

Plugin:

DethemeKit For Elementor

Plugin Slug:
dethemekit-for-elementor

Installations
40,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.1.3

Severity Score:
Medium

CVE:

2024-34575

The vulnerability has been patched, so you should update to version 2.1.3.

Piotnet Addons For Elementor

Plugin:

Piotnet Addons For Elementor

Plugin Slug:
piotnet-addons-for-elementor

Installations
40,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.4.28

Severity Score:
Medium

CVE:

2024-4432

The vulnerability has been patched, so you should update to version 2.4.28.

Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks

Plugin:

Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks

Plugin Slug:
post-grid

Installations
40,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.2.81

Severity Score:
Medium

CVE:

2024-3155

The vulnerability has been patched, so you should update to version 2.2.81.

Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor

Plugin:

Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor

Plugin Slug:
master-addons

Installations
30,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.0.6.1

Severity Score:
Medium

CVE:

2024-3134

The vulnerability has been patched, so you should update to version 2.0.6.1.

Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin

Plugin:

Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin

Plugin Slug:
simply-schedule-appointments

Installations
30,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.6.7.18

Severity Score:
Medium

CVE:

2024-4288

The vulnerability has been patched, so you should update to version 1.6.7.18.

Visualizer: Tables and Charts Manager for WordPress

Plugin:

Visualizer: Tables and Charts Manager for WordPress

Plugin Slug:
visualizer

Installations
30,000+

Vulnerability:
SQL Injection

Patched in Version:
3.11.0

Severity Score:
High

CVE:

2024-3750

The vulnerability has been patched, so you should update to version 3.11.0.

All-in-One Video Gallery

Plugin:

All-in-One Video Gallery

Plugin Slug:
all-in-one-video-gallery

Installations
20,000+

Vulnerability:
Local File Inclusion

Patched in Version:
3.7.0

Severity Score:
High

CVE:

2024-4670

The vulnerability has been patched, so you should update to version 3.7.0.

Envo Extra

Plugin:

Envo Extra

Plugin Slug:
envo-extra

Installations
20,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.8.17

Severity Score:
Medium

CVE:

2024-4385

The vulnerability has been patched, so you should update to version 1.8.17.

Logo Slider – Logo Carousel, Logo Showcase & Client Logo Slider WordPress Plugin

Plugin:

Logo Slider – Logo Carousel, Logo Showcase & Client Logo Slider WordPress Plugin

Plugin Slug:
logo-slider-wp

Installations
20,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.0.0

Severity Score:
Medium

CVE:

2024-3288

The vulnerability has been patched, so you should update to version 4.0.0.

Post Grid Elementor Addon

Plugin:

Post Grid Elementor Addon

Plugin Slug:
post-grid-elementor-addon

Installations
20,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.0.17

Severity Score:
Medium

CVE:

2024-34789

The vulnerability has been patched, so you should update to version 2.0.17.

WPZOOM Addons for Elementor (Templates, Widgets)

Plugin:

WPZOOM Addons for Elementor (Templates, Widgets)

Plugin Slug:
wpzoom-elementor-addons

Installations
20,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.1.37

Severity Score:
Medium

CVE:

2024-4370

The vulnerability has been patched, so you should update to version 1.1.37.

BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin

Plugin:

BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin

Plugin Slug:
bookingpress-appointment-booking

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.0.83

Severity Score:
Medium

CVE:

2024-34799

The vulnerability has been patched, so you should update to version 1.0.83.

Mega Elements – Addons for Elementor

Plugin:

Mega Elements – Addons for Elementor

Plugin Slug:
mega-elements-addons-for-elementor

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.2.2

Severity Score:
Medium

CVE:

2024-4702

The vulnerability has been patched, so you should update to version 1.2.2.

Landing Page Builder – Coming Soon page, Maintenance Mode, Lead Page, WordPress Landing Pages

Plugin:

Landing Page Builder – Coming Soon page, Maintenance Mode, Lead Page, WordPress Landing Pages

Plugin Slug:
page-builder-add

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.5.1.9

Severity Score:
High

CVE:

2024-34752

The vulnerability has been patched, so you should update to version 1.5.1.9.

ReviewX – Multi-criteria Rating & Reviews for WooCommerce

Plugin:

ReviewX – Multi-criteria Rating & Reviews for WooCommerce

Plugin Slug:
reviewx

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.6.28

Severity Score:
Medium

CVE:

2024-3609

The vulnerability has been patched, so you should update to version 1.6.28.

Simple Basic Contact Form

Plugin:

Simple Basic Contact Form

Plugin Slug:
simple-basic-contact-form

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
20240511

Severity Score:
Medium

CVE:

2024-4144

The vulnerability has been patched, so you should update to version 20240511.

140+ Widgets | Best Addons For Elementor – FREE

Plugin:

140+ Widgets | Best Addons For Elementor – FREE

Plugin Slug:
xpro-elementor-addons

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.4.3.1

Severity Score:
Medium

CVE:

2024-4440

The vulnerability has been patched, so you should update to version 1.4.3.1.

YITH WooCommerce Gift Cards

Plugin:

YITH WooCommerce Gift Cards

Plugin Slug:
yith-woocommerce-gift-cards

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
4.13.0

Severity Score:
Medium

CVE:

2024-0870

The vulnerability has been patched, so you should update to version 4.13.0.

Alt Text AI – Automatically generate image alt text for SEO and accessibility

Plugin:

Alt Text AI – Automatically generate image alt text for SEO and accessibility

Plugin Slug:
alttext-ai

Installations
9,000+

Vulnerability:
SQL Injection

Patched in Version:
1.5.0

Severity Score:
High

CVE:

2024-4847

The vulnerability has been patched, so you should update to version 1.5.0.

WP SMS – Messaging, SMS & MMS Notifications, 2FA & OTP for WordPress, WooCommerce, GravityForms, etc

Plugin:

WP SMS – Messaging, SMS & MMS Notifications, 2FA & OTP for WordPress, WooCommerce, GravityForms, etc

Plugin Slug:
wp-sms

Installations
9,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
6.5.2

Severity Score:
Medium

CVE:

2024-34811

The vulnerability has been patched, so you should update to version 6.5.2.

VikBooking Hotel Booking Engine & PMS

Plugin:

VikBooking Hotel Booking Engine & PMS

Plugin Slug:
vikbooking

Installations
8,000+

Vulnerability:
Insecure Direct Object References (IDOR)

Patched in Version:
1.6.8

Severity Score:
Medium

CVE:

2024-2441

The vulnerability has been patched, so you should update to version 1.6.8.

Integration for HubSpot and Contact Form 7, WPForms, Elementor, Ninja Forms

Plugin:

Integration for HubSpot and Contact Form 7, WPForms, Elementor, Ninja Forms

Plugin Slug:
cf7-hubspot

Installations
7,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.3.2

Severity Score:
Medium

CVE:

2024-34756

The vulnerability has been patched, so you should update to version 1.3.2.

WP Compress – Image Optimizer [All-In-One]

Plugin:

WP Compress – Image Optimizer [All-In-One]

Plugin Slug:
wp-compress-image-optimizer

Installations
7,000+

Vulnerability:
Broken Access Control

Patched in Version:
6.20.02

Severity Score:
Medium

CVE:

2024-4445

The vulnerability has been patched, so you should update to version 6.20.02.

WP Compress – Image Optimizer [All-In-One]

Plugin:

WP Compress – Image Optimizer [All-In-One]

Plugin Slug:
wp-compress-image-optimizer

Installations
7,000+

Vulnerability:
Open Redirection

Patched in Version:
6.20.02

Severity Score:
Medium

CVE:

2023-6812

The vulnerability has been patched, so you should update to version 6.20.02.

Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg

Plugin:

Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg

Plugin Slug:
borderless

Installations
6,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.5.4

Severity Score:
Medium

CVE:

2024-34757

The vulnerability has been patched, so you should update to version 1.5.4.

Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg

Plugin:

Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg

Plugin Slug:
borderless

Installations
6,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.5.4

Severity Score:
Medium

CVE:

2024-4666

The vulnerability has been patched, so you should update to version 1.5.4.

JCH Optimize

Plugin:

JCH Optimize

Plugin Slug:
jch-optimize

Installations
6,000+

Vulnerability:
Path Traversal

Patched in Version:
4.2.1

Severity Score:
Medium

CVE:

2024-34808

The vulnerability has been patched, so you should update to version 4.2.1.

Radio Player – Live Shoutcast, Icecast and Any Audio Stream Player for WordPress

Plugin:

Radio Player – Live Shoutcast, Icecast and Any Audio Stream Player for WordPress

Plugin Slug:
radio-player

Installations
6,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.0.74

Severity Score:
Medium

CVE:

2024-34753

The vulnerability has been patched, so you should update to version 2.0.74.

Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library )

Plugin:

Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library )

Plugin Slug:
magical-addons-for-elementor

Installations
5,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.1.38

Severity Score:
Medium

CVE:

2024-2923

The vulnerability has been patched, so you should update to version 1.1.38.

Magazine Blocks – Blog Designer, Magazine & Newspaper Website Builder, Page Builder with Posts Blocks, Post Grid

Plugin:

Magazine Blocks – Blog Designer, Magazine & Newspaper Website Builder, Page Builder with Posts Blocks, Post Grid

Plugin Slug:
magazine-blocks

Installations
4,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.3.7

Severity Score:
Medium

CVE:

2024-34760

The vulnerability has been patched, so you should update to version 1.3.7.

Move Addons for Elementor

Plugin:

Move Addons for Elementor

Plugin Slug:
move-addons

Installations
3,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.3.2

Severity Score:
Medium

CVE:

2024-4695

The vulnerability has been patched, so you should update to version 1.3.2.

YouTube Video Gallery by YouTube Showcase – Video Gallery Plugin for WordPress

Plugin:

YouTube Video Gallery by YouTube Showcase – Video Gallery Plugin for WordPress

Plugin Slug:
youtube-showcase

Installations
3,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.4.0

Severity Score:
Medium

CVE:

2024-3268

The vulnerability has been patched, so you should update to version 3.4.0.

Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms

Plugin:

Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms

Plugin Slug:
cf7-salesforce

Installations
2,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.4.0

Severity Score:
Medium

CVE:

2024-34755

The vulnerability has been patched, so you should update to version 1.4.0.

Debug Log – Manger Tool

Plugin:

Debug Log – Manger Tool

Plugin Slug:
debug-log-config-tool

Installations
2,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
1.5

Severity Score:
Medium

CVE:

2024-34798

The vulnerability has been patched, so you should update to version 1.5.

FundEngine – Donation and Crowdfunding Platform

Plugin:

FundEngine – Donation and Crowdfunding Platform

Plugin Slug:
wp-fundraising-donation

Installations
2,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.7.0

Severity Score:
Medium

CVE:

2024-34758

The vulnerability has been patched, so you should update to version 1.7.0.

Kognetiks Chatbot for WordPress

Plugin:

Kognetiks Chatbot for WordPress

Plugin Slug:
chatbot-chatgpt

Installations
1,000+

Vulnerability:
Arbitrary File Upload

Patched in Version:
2.0.1

Severity Score:
Critical

CVE:

2024-32700

The vulnerability has been patched, so you should update to version 2.0.1.

Copymatic – AI Content Writer & Generator

Plugin:

Copymatic – AI Content Writer & Generator

Plugin Slug:
copymatic

Installations
1,000+

Vulnerability:
Arbitrary File Upload

Patched in Version:
1.7

Severity Score:
Critical

CVE:

2024-31351

The vulnerability has been patched, so you should update to version 1.7.

Custom Post Type Attachment

Plugin:

Custom Post Type Attachment

Plugin Slug:
custom-post-type-pdf-attachment

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.4.6

Severity Score:
Medium

CVE:

2024-4546

The vulnerability has been patched, so you should update to version 3.4.6.

Fastly

Plugin:

Fastly

Plugin Slug:
fastly

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.2.26

Severity Score:
Medium

CVE:

2024-34803

The vulnerability has been patched, so you should update to version 1.2.26.

Fastly

Plugin:

Fastly

Plugin Slug:
fastly

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.2.26

Severity Score:
Medium

CVE:

2024-34768

The vulnerability has been patched, so you should update to version 1.2.26.

Contact Form Widget – Contact Query, Contact Page, Form Maker, Query Table

Plugin:

Contact Form Widget – Contact Query, Contact Page, Form Maker, Query Table

Plugin Slug:
new-contact-form-widget

Installations
1,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
1.4.0

Severity Score:
Medium

CVE:

2024-34754

The vulnerability has been patched, so you should update to version 1.4.0.

Save as PDF Plugin by Pdfcrowd

Plugin:

Save as PDF Plugin by Pdfcrowd

Plugin Slug:
save-as-pdf-by-pdfcrowd

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.2.0

Severity Score:
Medium

CVE:

2023-5971

The vulnerability has been patched, so you should update to version 3.2.0.

ShiftController Employee Shift Scheduling

Plugin:

ShiftController Employee Shift Scheduling

Plugin Slug:
shiftcontroller

Installations
1,000+

Vulnerability:
PHP Object Injection

Patched in Version:
4.9.58

Severity Score:
High

CVE:

2024-4733

The vulnerability has been patched, so you should update to version 4.9.58.

Popup Builder

Plugin:

Popup Builder

Plugin Slug:
easy-notify-lite

Installations
700+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.1.30

Severity Score:
Medium

CVE:

2024-34567

The vulnerability has been patched, so you should update to version 1.1.30.

Picture Gallery – Frontend Image Uploads, AJAX Photo List

Plugin:

Picture Gallery – Frontend Image Uploads, AJAX Photo List

Plugin Slug:
picture-gallery

Installations
400+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.5.12

Severity Score:
Medium

CVE:

2024-34759

The vulnerability has been patched, so you should update to version 1.5.12.

Popup – Popup More Popups

Plugin:

Popup – Popup More Popups

Plugin Slug:
popup-more

Installations
400+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.3.3

Severity Score:
Medium

CVE:

2024-32800

The vulnerability has been patched, so you should update to version 2.3.3.

Builder for WooCommerce product reviews shortcodes – ReviewShort

Plugin:

Builder for WooCommerce product reviews shortcodes – ReviewShort

Plugin Slug:
woo-product-reviews-shortcode

Installations
300+

Vulnerability:
Broken Access Control

Patched in Version:
1.01.6

Severity Score:
Medium

CVE:

2024-34763

The vulnerability has been patched, so you should update to version 1.01.6.

Bulk Posts Editing For WordPress

Plugin:

Bulk Posts Editing For WordPress

Plugin Slug:
ithemeland-bulk-posts-editing-lite

Installations
200+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
4.2.4

Severity Score:
Medium

CVE:

2024-4204

The vulnerability has been patched, so you should update to version 4.2.4.

Bulk Posts Editing For WordPress

Plugin:

Bulk Posts Editing For WordPress

Plugin Slug:
ithemeland-bulk-posts-editing-lite

Installations
200+

Vulnerability:
Broken Access Control

Patched in Version:
4.2.4

Severity Score:
Medium

CVE:

2024-4199

The vulnerability has been patched, so you should update to version 4.2.4.

month name translation benaceur

Plugin:

month name translation benaceur

Plugin Slug:
month-name-translation-benaceur

Installations
200+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.3.8

Severity Score:
Medium

CVE:

2024-3634

The vulnerability has been patched, so you should update to version 2.3.8.

Advanced Custom Fields PRO

Plugin:

Advanced Custom Fields PRO

Plugin Slug:
advanced-custom-fields-pro

Vulnerability:
Arbitrary Code Execution

Patched in Version:
6.2.10

Severity Score:
High

CVE:

2024-34761

The vulnerability has been patched, so you should update to version 6.2.10.

Advanced Custom Fields PRO

Plugin:

Advanced Custom Fields PRO

Plugin Slug:
advanced-custom-fields-pro

Vulnerability:
Local File Inclusion

Patched in Version:
6.2.10

Severity Score:
Critical

CVE:

2024-34762

The vulnerability has been patched, so you should update to version 6.2.10.

ConvertPlus

Plugin:

ConvertPlus

Plugin Slug:
convertplug

Vulnerability:
PHP Object Injection

Patched in Version:
3.5.26.1

Severity Score:
High

CVE:

2024-4838

The vulnerability has been patched, so you should update to version 3.5.26.1.

Cost Calculator Builder Pro

Plugin:

Cost Calculator Builder Pro

Plugin Slug:
cost-calculator-builder-pro

Vulnerability:
Server Side Request Forgery (SSRF)

Patched in Version:
3.1.73

Severity Score:
Medium

CVE:

2024-4789

The vulnerability has been patched, so you should update to version 3.1.73.

ElementsKit Pro

Plugin:

ElementsKit Pro

Plugin Slug:
elementskit

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.6.2

Severity Score:
Medium

CVE:

2024-4452

The vulnerability has been patched, so you should update to version 3.6.2.

Penci Soledad Data Migrator

Plugin:

Penci Soledad Data Migrator

Plugin Slug:
penci-data-migrator

Vulnerability:
Local File Inclusion

Patched in Version:
1.3.1

Severity Score:
Critical

CVE:

2024-3551

The vulnerability has been patched, so you should update to version 1.3.1.

Swift Framework Page Builder

Plugin:

Swift Framework Page Builder

Plugin Slug:
socialdriver-framework

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2024.0.0

Severity Score:
Medium

CVE:

2024-2697

The vulnerability has been patched, so you should update to version 2024.0.0.

Tutor LMS Pro

Plugin:

Tutor LMS Pro

Plugin Slug:
tutor-pro

Vulnerability:
Broken Access Control

Patched in Version:
2.7.1

Severity Score:
High

CVE:

2024-4352

The vulnerability has been patched, so you should update to version 2.7.1.

Tutor LMS Pro

Plugin:

Tutor LMS Pro

Plugin Slug:
tutor-pro

Vulnerability:
Broken Access Control

Patched in Version:
2.7.1

Severity Score:
High

CVE:

2024-4222

The vulnerability has been patched, so you should update to version 2.7.1.

Tutor LMS Pro

Plugin:

Tutor LMS Pro

Plugin Slug:
tutor-pro

Vulnerability:
Privilege Escalation

Patched in Version:
2.7.1

Severity Score:
High

CVE:

2024-4351

The vulnerability has been patched, so you should update to version 2.7.1.

Uber Menu

Plugin:

Uber Menu

Plugin Slug:
ubermenu

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.8.3

Severity Score:
Medium

CVE:

2024-4710

The vulnerability has been patched, so you should update to version 3.8.3.

Automatic

Plugin:

Automatic

Plugin Slug:
wp-automatic

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.95.0

Severity Score:
Medium

CVE:

2024-4849

The vulnerability has been patched, so you should update to version 3.95.0.

WordPress Themes — 10 Patched / 1 Unpatched

ImageMagick Sharpen Resized Images

Theme:

ImageMagick Sharpen Resized Images

Theme Slug:
imagemagick-sharpen-resized-images

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-34790

The vulnerability has not been patched. You should switch themes.

Blocksy

Theme:

Blocksy

Theme Slug:
blocksy

Downloads
3,200,500

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.0.47

Severity Score:
Medium

CVE:

2024-4943

The vulnerability has been patched, so you should update to version 2.0.47.

ChaosTheory

Theme:

ChaosTheory

Theme Slug:
chaostheory

Downloads
441,334

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.3.2

Severity Score:
Medium

CVE:

2024-34766

The vulnerability has been patched, so you should update to version 1.3.2.

Consus

Theme:

Consus

Theme Slug:
consus

Downloads
16,413

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.0.7

Severity Score:
Medium

CVE:

2024-34810

The vulnerability has been patched, so you should update to version 1.0.7.

EmpowerWP

Theme:

EmpowerWP

Theme Slug:
empowerwp

Downloads
219,617

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.0.22

Severity Score:
Medium

CVE:

2024-34809

The vulnerability has been patched, so you should update to version 1.0.22.

Ketos

Theme:

Ketos

Theme Slug:
ketos

Downloads
28,821

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.0.6

Severity Score:
Medium

CVE:

2024-34810

The vulnerability has been patched, so you should update to version 1.0.6.

Mindscape

Theme:

Mindscape

Theme Slug:
mindscape

Downloads
42,404

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.0.23

Severity Score:
Medium

CVE:

2024-34810

The vulnerability has been patched, so you should update to version 1.0.23.

Niveau

Theme:

Niveau

Theme Slug:
niveau

Downloads
16,949

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.0.9

Severity Score:
Medium

CVE:

2024-34810

The vulnerability has been patched, so you should update to version 1.0.9.

Oasis

Theme:

Oasis

Theme Slug:
oasis

Downloads
69,561

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.0.13

Severity Score:
Medium

CVE:

2024-34810

The vulnerability has been patched, so you should update to version 1.0.13.

Skyline WP

Theme:

Skyline WP

Theme Slug:
skyline-wp

Downloads
169,826

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.0.11

Severity Score:
Medium

CVE:

2024-34810

The vulnerability has been patched, so you should update to version 1.0.11.

Zeka

Theme:

Zeka

Theme Slug:
zeka

Downloads
20,361

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.0.10

Severity Score:
Medium

CVE:

2024-34810

The vulnerability has been patched, so you should update to version 1.0.10.

window[“98929d30_4e56_4573_ada9_2473c5bdf5a9”] = {“blockId”:”98929d30-4e56-4573-ada9-2473c5bdf5a9″,”className”:””,”heading”:”Solid Security is part of Solid Suite u2014 The best foundation for WordPress websites.”,”text”:”Every WordPress site needs security, backups, and management tools. Thatu2019s Solid Suite u2014 an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academyu2019s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!”,”buttonText”:”Get Solid Security”,”buttonLink”:”/pricing”,”buttonTarget”:”_self”,”buttonRel”:””};

Solid Security is part of Solid Suite — The best foundation for WordPress websites.

Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!

Get Solid Security

The post WordPress Vulnerability Report — May 22, 2024 appeared first on SolidWP.

Keep reading the article at Blog – SolidWP. The article was originally written by Sarah Ulmer on 2024-05-22 11:56:35.

The article was hand-picked and curated for you by the Editorial Team of WP Archives.

Disclosure: Some of the links in this post are "affiliate links." This means if you click on the link and purchase the product, We may receive an affiliate commission.

Previous Post
Next Post

Related Posts

WordPress Vulnerability Roundup: March , Part 1

WordPress

Customizing WordPress User Roles With Branda

WordPress

20 Best React Dashboard Templates For Killer Applications –

WordPress

Booknetic: WordPress Appointments & Booking –

WordPress

Quickly & Easily Build Popups with WP Popups Pro –

WordPress

How Much Does a Domain Name Really Cost

WordPress

Leave a Comment Cancel Reply
Your email address will not be published. Required fields are marked *
Type here..

Name*

Email*

Website

Save my name, email, and website in this browser for the next time I comment.

Notify me of follow-up comments by email.
Notify me of new posts by email.

Δ

WordPress Vulnerability Report — July 10, 2024
WordPress

In this report, 182 vulnerabilities have been publicly disclosed. Security patches for 123 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 59 plugin and theme vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

Along with poor user account security, vulnerable plugins and themes are among the top reasons why WordPress websites get hacked. Unfortunately, cyberattacks are increasing in volume and sophistication. They’re also increasingly aimed at small to mid-sized businesses.

Table of Contents

1. WordPress Core

2. WordPress Plugins — 103 Patched / 56 Unpatched

2.1
Social Media Share Buttons & Social Sharing Icons

2.2
Meks Easy Ads Widget

2.3
WPJAM Basic

2.4
Ultimate WordPress Auction Plugin

2.5
CC & BCC for Woocommerce Order Emails

2.6
nicen-localize-image

2.7
OpenStreetMap for Gutenberg and WPBakery Page Builder (formerly Visual Composer)

2.8
Tooltip for Gravity Forms

2.9
WPFavicon

2.10
Leaky Paywall

2.11
Quiz | Survey | Exam | Questionnaire | Feedback – Best Survey Plugin for WordPress

2.12
Taager

2.13
Weight Tracker

2.14
Rating Widget: Post Rating, 5 Star Rating, Reviews, Thumbs Up & Down, Reaction

2.15
Link To Bible

2.16
Amelia Shortcode Extended

2.17
WS Theme Addons

2.18
Canvas-Nest.js

2.19
Logic Hop – Dynamic Content Personalization for WordPress

2.20
Meal Tracker

2.21
Contact Form by TotalForm – Next-gen Form Builder for WordPress

2.22
WS Contact Form

2.23
Easy Speedup by PageCDN

2.24
WebSitter Pro

2.25
Magic Conversation For Gravity Forms

2.26
Field Day

2.27
Livemesh Addons for Elementor

2.28
Livemesh Addons for Elementor

2.29
ADDRESSYA

2.30
alfred24 Click & Collect

2.31
Alfred Easy Shipping

2.32
CommandBar for WP Admin

2.33
Digital River Global Commerce

2.34
Easy Custom Code (LESS/CSS/JS) – Live editing

2.35
Floating Social Buttons

2.36
Floating Social Media Links

2.37
Responsive Image Gallery, Gallery Album

2.38
Ideaplus

2.39
Image Hover Effects – Caption Hover with Carousel

2.40
Jobs.af

2.41
Login Logo Editor

2.42
Mine Video Player

2.43
Get Better Reviews for WooCommerce

2.44
Save as PDF plugin by Pdfcrowd

2.45
Simple Social Share

2.46
Simply Show Hooks

2.47
sitetweet

2.48
Elementor Addons, Widgets and Enhancements – Stax

2.49
Template Kit – Export

2.50
Testimonials Widget

2.51
UltraAddons Elementor Lite

2.52
Viva Payments

2.53
WordPress Notification Bar

2.54
wp-code-highlightjs

2.55
WP Cookie Law Info

2.56
WP To Do

2.57
Elementor Header & Footer Builder

2.58
Rank Math SEO – AI SEO Tools to Dominate SEO Rankings

2.59
Ninja Forms – The Contact Form Builder That Grows With You

2.60
Spectra – WordPress Gutenberg Blocks

2.61
Premium Addons for Elementor

2.62
Premium Addons for Elementor

2.63
The Events Calendar

2.64
Ocean Extra

2.65
Gutenberg

2.66
Beaver Builder – WordPress Page Builder

2.67
The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce

2.68
Nested Pages

2.69
Featured Image from URL (FIFU)

2.70
LearnPress – WordPress LMS Plugin

2.71
LearnPress – WordPress LMS Plugin

2.72
Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions

2.73
The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid

2.74
The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid

2.75
The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid

2.76
The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid

2.77
Booking for Appointments and Events Calendar – Amelia

2.78
Media Library Assistant

2.79
Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder

2.80
Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates)

2.81
Ultimate Blocks – WordPress Blocks Plugin

2.82
Pixel Manager for WooCommerce – Track Google Analytics, Google Ads, TikTok and more

2.83
Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker

2.84
WP Lightbox 2

2.85
Apollo13 Framework Extensions

2.86
Void Contact Form 7 Widget For Elementor Page Builder

2.87
Cost Calculator Builder

2.88
Cost Calculator Builder

2.89
Easy Google Maps

2.90
Rife Elementor Extensions & Templates

2.91
weForms – Easy Drag & Drop Contact Form Builder For WordPress

2.92
WP User Frontend – Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submission Plugin

2.93
Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress

2.94
Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress

2.95
AI Power: Complete AI Pack – Powered by GPT-4

2.96
LA-Studio Element Kit for Elementor

2.97
Mega Elements – Addons for Elementor

2.98
Simple Newsletter Plugin – Noptin

2.99
NEX-Forms – Ultimate Form Builder – Contact forms and much more

2.100
Swift Performance Lite

2.101
Product Customer List for WooCommerce

2.102
Word Balloon

2.103
Event Manager, Events Calendar, Tickets, Registrations – Eventin

2.104
Motors – Car Dealer, Classifieds & Listing

2.105
Tablesome – Responsive Table, Woocommerce Automation, Email Log, Form Automation – Contact Form 7, Elementor, WPForms, Forminator

2.106
WordPress Sentry

2.107
YITH WooCommerce Affiliates

2.108
Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress

2.109
Create by Mediavine

2.110
ProfileGrid – User Profiles, Groups and Communities

2.111
Ultimate Bootstrap Elements for Elementor

2.112
WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce

2.113
Beaver Builder Addons by WPZOOM

2.114
Snippet Shortcodes

2.115
AWSM Team – Team Showcase Plugin

2.116
bbPress Notify (No-Spam)

2.117
Popup Builder – On Page Load Popup, Exit Popup, Login Popup, On Click, Sticky Bar, Anti-AdBlock – FireBox

2.118
Advanced Classifieds & Directory Pro

2.119
FileBird Document Library

2.120
HelloAsso

2.121
IMGspider – ????????

2.122
ShopBuilder – Elementor WooCommerce Builder Addons

2.123
CRM Perks Forms – WordPress Form Builder

2.124
EazyDocs – Most Powerful Knowledge base, wiki, Documentation Builder Plugin

2.125
MakeCommerce for WooCommerce

2.126
Online Booking & Scheduling Calendar for WordPress by vcita

2.127
One Click Order Re-Order

2.128
Premium Blocks – Gutenberg Blocks for WordPress

2.129
YAHMAN Add-ons

2.130
Church Admin

2.131
IdeaPush

2.132
Newspack Newsletters

2.133
Post Meta Data Manager

2.134
SuperSaaS – online appointment scheduling

2.135
Zephyr Project Manager

2.136
Comment Reply Email

2.137
ShipAny WooCommerce: Ship, Label, Tracking

2.138
Integration for Luminate and Gravity Forms

2.139
Qualified Electronic Signatures by eID Easy

2.140
BLAZE Retail Widget

2.141
Contact Form 7 Multi-Step Addon

2.142
XPlainer – WooCommerce Product FAQ

2.143
JetThemeCore

2.144
Modern Events Calendar

2.145
Modern Events Calendar Lite

2.146
Newspack Ads

2.147
Newspack Content Converter

2.148
Newspack Campaigns

2.149
PayPlus Payment Gateway

2.150
PayPlus Payment Gateway

2.151
Social Warfare

2.152
Ultimate Addons for Elementor

2.153
Woffice Core

2.154
Woffice Core

2.155
WooCommerce Social Login

2.156
CopySafe Web Protection

2.157
WP Directory Kit

2.158
WPQA – Builder forms Addon

2.159
WPQA – Builder forms Addon

3. WordPress Themes — 20 Patched / 3 Unpatched

3.1
zBench

3.2
Boot Store

3.3
counterpoint

3.4
Ashe

3.5
Bakes And Cakes

3.6
Bard

3.7
Blocksy

3.8
Business One Page

3.9
Construction Landing Page

3.10
Hestia

3.11
Highlight

3.12
Lawyer Landing Page

3.13
Metro Magazine

3.14
Newsmatic

3.15
Posterity

3.16
Rara Business

3.17
Rife Free

3.18
Trendy News

3.19
Basil

3.20
BookYourTravel

3.21
Himer

3.22
Himer

3.23
Woffice

Our WordPress Vulnerability Report covers the latest emerging WordPress plugin, theme, and core vulnerabilities. Each vulnerability will have a severity rating of Low, Medium, High, or Critical. Responsible disclosure of vulnerabilities is essential to keeping the WordPress community safe. Please share this report to help spread the word and make WordPress — and the web — more secure.

WordPress Core

WordPress 6.5.5 is now available! This release features three security fixes. Because this is a security release, it is recommended that you update your sites immediately. This minor release also includes 3 bug fixes in Core.

WordPress 6.6 RC3 is ready for download and testing! The target release date for WordPress 6.6 is July 16, 2024. Your help testing RC versions is vital to ensuring the final release is everything it should be: stable, powerful, and intuitive.

No new core vulnerabilities were disclosed this week.

WordPress Plugins — 103 Patched / 56 Unpatched

Plugin Slug:
ultimate-social-media-icons

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
meks-easy-ads-widget

Installations
20,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
wpjam-basic

Installations
5,000+

Vulnerability:
Backdoor

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
ultimate-auction

Installations
2,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
cc-bcc-for-woocommerce-order-emails

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
nicen-localize-image

Installations
1,000+

Vulnerability:
Backdoor

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
stepbyteservice-openstreetmap

Installations
1,000+

Vulnerability:
Backdoor

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
tooltip-for-gravity-forms

Installations
1,000+

Vulnerability:
Backdoor

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
wpfavicon

Installations
1,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
leaky-paywall

Installations
800+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
totalsurvey

Installations
600+

Vulnerability:
Backdoor

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
taager

Installations
500+

Vulnerability:
Backdoor

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
weight-loss-tracker

Installations
500+

Vulnerability:
Backdoor

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
totalrating

Installations
300+

Vulnerability:
Backdoor

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
link-to-bible

Installations
200+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
theidealweb-amelia-shortcode-extended

Installations
200+

Vulnerability:
Backdoor

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
ws-theme-addons

Installations
200+

Vulnerability:
Backdoor

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
canvas-nestjs

Installations
100+

Vulnerability:
Backdoor

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
logic-hop

Installations
100+

Vulnerability:
Backdoor

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
meal-tracker

Installations
100+

Vulnerability:
Backdoor

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
totalform

Installations
70+

Vulnerability:
Backdoor

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
ws-contact-form

Installations
40+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
pagecdn

Installations
30+

Vulnerability:
Backdoor

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
triagetrak

Installations
30+

Vulnerability:
Backdoor

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
magic-conversation-for-gravity-forms

Installations
10+

Vulnerability:
Backdoor

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
activityhub

Vulnerability:
Backdoor

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Livemesh Addons for Elementor

Plugin Slug:
addons-for-elementor

Vulnerability:
Local File Inclusion

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Livemesh Addons for Elementor

Plugin Slug:
addons-for-elementor

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
addressya-for-woocommerce

Vulnerability:
Backdoor

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

alfred24 Click & Collect

Plugin Slug:
alfred-click-collect

Vulnerability:
Backdoor

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Alfred Easy Shipping

Plugin Slug:
alfred-easy-shipping

Vulnerability:
Backdoor

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

CommandBar for WP Admin

Plugin Slug:
commandbar-for-wp-admin

Vulnerability:
Backdoor

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Digital River Global Commerce

Plugin Slug:
digital-river-global-commerce

Vulnerability:
Backdoor

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Easy Custom Code (LESS/CSS/JS) – Live editing

Plugin Slug:
easy-custom-code

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Floating Social Buttons

Plugin Slug:
floating-social-buttons

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Floating Social Media Links

Plugin Slug:
floating-social-media-links

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Responsive Image Gallery, Gallery Album

Plugin Slug:
gallery-album

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
ideaplus

Vulnerability:
Backdoor

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Image Hover Effects – Caption Hover with Carousel

Plugin Slug:
image-hover-effects-with-carousel

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Jobs.af

Plugin Slug:
jobs-af

Vulnerability:
Backdoor

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Login Logo Editor

Plugin Slug:
login-logo-editor-by-oizuled

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Mine Video Player

Plugin Slug:
mine-video

Vulnerability:
Backdoor

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Get Better Reviews for WooCommerce

Plugin Slug:
more-better-reviews-for-woocommerce

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Save as PDF plugin by Pdfcrowd

Plugin Slug:
save-as-pdf-by-pdfcrowd

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Simple Social Share

Plugin Slug:
simple-social-share

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Simply Show Hooks

Plugin Slug:
simply-show-hooks

Vulnerability:
Backdoor

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
sitetweet-tweets-user-behaviors-on-your-site-on-twitter

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Elementor Addons, Widgets and Enhancements – Stax

Plugin Slug:
stax-addons-for-elementor

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Template Kit – Export

Plugin Slug:
template-kit-export

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Testimonials Widget

Plugin Slug:
testimonials-widget

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

UltraAddons Elementor Lite

Plugin Slug:
ultraaddons-elementor-lite

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Viva Payments

Plugin Slug:
viva-payments-simple-checkout

Vulnerability:
Backdoor

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

WordPress Notification Bar

Plugin Slug:
wordpress-notification-bar

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

wp-code-highlightjs

Plugin Slug:
wp-code-highlightjs

Vulnerability:
Backdoor

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

WP Cookie Law Info

Plugin Slug:
wp-cookie-law-info

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

WP To Do

Plugin Slug:
wp-todo

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
header-footer-elementor

Installations
2,000,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.6.36

Severity Score:
Medium

Plugin Slug:
seo-by-rank-math

Installations
2,000,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.0.219

Severity Score:
Medium

Plugin Slug:
ninja-forms

Installations
800,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.8.5

Severity Score:
Medium

Plugin Slug:
ultimate-addons-for-gutenberg

Installations
800,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.13.8

Severity Score:
Medium

Plugin Slug:
premium-addons-for-elementor

Installations
700,000+

Vulnerability:
Denial of Service Attack

Patched in Version:
4.10.36

Severity Score:
Low

Plugin Slug:
premium-addons-for-elementor

Installations
700,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.10.36

Severity Score:
Medium

Plugin Slug:
the-events-calendar

Installations
700,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
6.5.1.5

Severity Score:
Medium

Plugin Slug:
ocean-extra

Installations
600,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.3.0

Severity Score:
Medium

Plugin Slug:
gutenberg

Installations
300,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
18.6.1

Severity Score:
Medium

Plugin Slug:
beaver-builder-lite-version

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.8.3

Severity Score:
Medium

Plugin Slug:
the-plus-addons-for-elementor-page-builder

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
5.6.2

Severity Score:
Medium

Plugin Slug:
wp-nested-pages

Installations
100,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
3.2.8

Severity Score:
High

Plugin Slug:
featured-image-from-url

Installations
90,000+

Vulnerability:
Broken Access Control

Patched in Version:
4.8.3

Severity Score:
Medium

Plugin Slug:
learnpress

Installations
90,000+

Vulnerability:
Broken Access Control

Patched in Version:
4.2.6.8.2

Severity Score:
Medium

Plugin Slug:
learnpress

Installations
90,000+

Vulnerability:
Broken Access Control

Patched in Version:
4.2.6.8.2

Severity Score:
Medium

Plugin Slug:
paid-memberships-pro

Installations
90,000+

Vulnerability:
SQL Injection

Patched in Version:
3.0.6

Severity Score:
High

Plugin Slug:
the-post-grid

Installations
90,000+

Vulnerability:
Broken Access Control

Patched in Version:
7.7.5

Severity Score:
Medium

Plugin Slug:
the-post-grid

Installations
90,000+

Vulnerability:
Broken Access Control

Patched in Version:
7.7.5

Severity Score:
Medium

Plugin Slug:
the-post-grid

Installations
90,000+

Vulnerability:
Broken Access Control

Patched in Version:
7.7.5

Severity Score:
Medium

Plugin Slug:
the-post-grid

Installations
90,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
7.7.2

Severity Score:
Medium

Plugin Slug:
ameliabooking

Installations
70,000+

Vulnerability:
Backdoor

Patched in Version:
1.1.9

Severity Score:
Medium

Plugin Slug:
media-library-assistant

Installations
70,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.18

Severity Score:
High

Plugin Slug:
form-maker

Installations
50,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.15.26

Severity Score:
Medium

Plugin Slug:
sina-extension-for-elementor

Installations
50,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.5.6

Severity Score:
Medium

Plugin Slug:
ultimate-blocks

Installations
50,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.2.0

Severity Score:
Medium

Plugin Slug:
woocommerce-google-adwords-conversion-tracking-tag

Installations
50,000+

Vulnerability:
Backdoor

Patched in Version:
1.43.4

Severity Score:
Medium

Plugin Slug:
quiz-master-next

Installations
40,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
9.0.2

Severity Score:
Medium

Plugin Slug:
wp-lightbox-2

Installations
40,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.0.6.7

Severity Score:
Medium

Plugin Slug:
apollo13-framework-extensions

Installations
30,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.9.4

Severity Score:
Medium

Plugin Slug:
cf7-widget-elementor

Installations
30,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.4.1

Severity Score:
Medium

Plugin Slug:
cost-calculator-builder

Installations
30,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.2.13

Severity Score:
Medium

Plugin Slug:
cost-calculator-builder

Installations
30,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.2.13

Severity Score:
Medium

Plugin Slug:
google-maps-easy

Installations
30,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.11.16

Severity Score:
Medium

Plugin Slug:
rife-elementor-extensions

Installations
30,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.2.2

Severity Score:
Medium

Plugin Slug:
weforms

Installations
20,000+

Vulnerability:
Backdoor

Patched in Version:
1.6.24

Severity Score:
Medium

Plugin Slug:
wp-user-frontend

Installations
20,000+

Vulnerability:
Backdoor

Patched in Version:
4.0.8

Severity Score:
Medium

Plugin Slug:
charitable

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.8.1.8

Severity Score:
Medium

Plugin Slug:
charitable

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.8.1.8

Severity Score:
Medium

Plugin Slug:
gpt3-ai-content-generator

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.8.67

Severity Score:
Medium

Plugin Slug:
lastudio-element-kit

Installations
10,000+

Vulnerability:
Local File Inclusion

Patched in Version:
1.3.9

Severity Score:
High

Plugin Slug:
mega-elements-addons-for-elementor

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.2.3

Severity Score:
Medium

Plugin Slug:
newsletter-optin-box

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.4.3

Severity Score:
Medium

Plugin Slug:
nex-forms-express-wp-form-builder

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
8.6.1

Severity Score:
Medium

Plugin Slug:
swift-performance-lite

Installations
10,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.3.6.21

Severity Score:
Medium

Plugin Slug:
wc-product-customer-list

Installations
10,000+

Vulnerability:
Backdoor

Patched in Version:
3.1.7

Severity Score:
Medium

Plugin Slug:
word-balloon

Installations
10,000+

Vulnerability:
Backdoor

Patched in Version:
4.22.2

Severity Score:
Medium

Plugin Slug:
wp-event-solution

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.0.0

Severity Score:
Medium

Plugin Slug:
motors-car-dealership-classified-listings

Installations
9,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.4.11

Severity Score:
Medium

Plugin Slug:
tablesome

Installations
9,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
1.0.34

Severity Score:
Medium

Plugin Slug:
wp-sentry-integration

Installations
9,000+

Vulnerability:
Backdoor

Patched in Version:
7.9.0

Severity Score:
Medium

Plugin Slug:
yith-woocommerce-affiliates

Installations
8,000+

Vulnerability:
Backdoor

Patched in Version:
3.8.1

Severity Score:
Medium

Plugin Slug:
youzify

Installations
8,000+

Vulnerability:
SQL Injection

Patched in Version:
1.2.6

Severity Score:
High

Plugin Slug:
mediavine-create

Installations
7,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.9.8

Severity Score:
Medium

Plugin Slug:
profilegrid-user-profiles-groups-and-communities

Installations
7,000+

Vulnerability:
Broken Access Control

Patched in Version:
5.8.8

Severity Score:
Medium

Plugin Slug:
ultimate-bootstrap-elements-for-elementor

Installations
6,000+

Vulnerability:
Local File Inclusion

Patched in Version:
1.4.3

Severity Score:
High

Plugin Slug:
wp-cafe

Installations
6,000+

Vulnerability:
Local File Inclusion

Patched in Version:
2.2.28

Severity Score:
High

Plugin Slug:
wpzoom-addons-for-beaver-builder

Installations
6,000+

Vulnerability:
Local File Inclusion

Patched in Version:
1.3.6

Severity Score:
Medium

Plugin Slug:
shortcode-variables

Installations
5,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
4.1.5

Severity Score:
Medium

Plugin Slug:
awsm-team

Installations
4,000+

Vulnerability:
Local File Inclusion

Patched in Version:
1.3.2

Severity Score:
Medium

Plugin Slug:
bbpress-notify-nospam

Installations
4,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.18.4

Severity Score:
High

Plugin Slug:
firebox

Installations
4,000+

Vulnerability:
Backdoor

Patched in Version:
2.1.16

Severity Score:
Medium

Plugin Slug:
advanced-classifieds-and-directory-pro

Installations
3,000+

Vulnerability:
Local File Inclusion

Patched in Version:
3.2.1

Severity Score:
High

Plugin Slug:
filebird-document-library

Installations
3,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
2.0.8.1

Severity Score:
Medium

Plugin Slug:
helloasso

Installations
3,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.1.10

Severity Score:
Medium

Plugin Slug:
imgspider

Installations
3,000+

Vulnerability:
Arbitrary File Upload

Patched in Version:
2.3.11

Severity Score:
Critical

Plugin Slug:
shopbuilder

Installations
3,000+

Vulnerability:
Local File Inclusion

Patched in Version:
2.1.13

Severity Score:
Medium

Plugin Slug:
crm-perks-forms

Installations
2,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.1.6

Severity Score:
Medium

Plugin Slug:
eazydocs

Installations
2,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.5.0

Severity Score:
Medium

Plugin Slug:
makecommerce

Installations
2,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.5.2

Severity Score:
High

Plugin Slug:
meeting-scheduler-by-vcita

Installations
2,000+

Vulnerability:
Local File Inclusion

Patched in Version:
4.4.3

Severity Score:
Medium

Plugin Slug:
one-click-order-reorder

Installations
2,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.1.10

Severity Score:
Medium

Plugin Slug:
premium-blocks-for-gutenberg

Installations
2,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.1.28

Severity Score:
Medium

Plugin Slug:
yahman-add-ons

Installations
2,000+

Vulnerability:
Backdoor

Patched in Version:
0.9.29

Severity Score:
Medium

Plugin Slug:
church-admin

Installations
1,000+

Vulnerability:
Arbitrary File Upload

Patched in Version:
4.4.7

Severity Score:
Critical

Plugin Slug:
ideapush

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
8.66

Severity Score:
High

Plugin Slug:
newspack-newsletters

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.13.3

Severity Score:
Medium

Plugin Slug:
post-meta-data-manager

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.3.0

Severity Score:
Medium

Plugin Slug:
supersaas-appointment-scheduling

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.1.10

Severity Score:
Medium

Plugin Slug:
zephyr-project-manager

Installations
1,000+

Vulnerability:
Privilege Escalation

Patched in Version:
3.3.99

Severity Score:
High

Plugin Slug:
comment-reply-email

Installations
500+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.5

Severity Score:
High

Plugin Slug:
shipany

Installations
100+

Vulnerability:
Backdoor

Patched in Version:
1.1.53

Severity Score:
Medium

Plugin Slug:
integration-for-luminate-and-gravity-forms

Installations
70+

Vulnerability:
Backdoor

Patched in Version:
1.3.4

Severity Score:
Medium

Plugin Slug:
eid-easy-qualified-electonic-signature

Installations
20+

Vulnerability:
Backdoor

Patched in Version:
3.3.1

Severity Score:
Medium

Plugin:

BLAZE Retail Widget

Plugin Slug:
blaze-widget

Vulnerability:
Backdoor

Patched in Version:
2.5.4

Severity Score:
Medium

Plugin:

Contact Form 7 Multi-Step Addon

Plugin Slug:
contact-form-7-multi-step-addon

Vulnerability:
Backdoor

Patched in Version:
1.0.7

Severity Score:
Medium

Plugin:

XPlainer – WooCommerce Product FAQ

Plugin Slug:
faq-for-woocommerce

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.6.4

Severity Score:
Medium

Plugin:

JetThemeCore

Plugin Slug:
jet-theme-core

Vulnerability:
Arbitrary File Deletion

Patched in Version:
2.2.1

Severity Score:
High

Plugin:

Modern Events Calendar

Plugin Slug:
modern-events-calendar

Vulnerability:
Arbitrary File Upload

Patched in Version:
7.12.0

Severity Score:
High

Plugin:

Modern Events Calendar Lite

Plugin Slug:
modern-events-calendar-lite

Vulnerability:
Arbitrary File Upload

Patched in Version:
7.12.0

Severity Score:
High

Plugin:

Newspack Ads

Plugin Slug:
newspack-ads

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.47.2

Severity Score:
Medium

Plugin:

Newspack Content Converter

Plugin Slug:
newspack-content-converter

Vulnerability:
Broken Access Control

Patched in Version:
1.0.0

Severity Score:
Medium

Plugin:

Newspack Campaigns

Plugin Slug:
newspack-popups

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.31.2

Severity Score:
Medium

Plugin:

PayPlus Payment Gateway

Plugin Slug:
payplus-payment-gateway

Vulnerability:
SQL Injection

Patched in Version:
6.6.9

Severity Score:
Critical

Plugin:

PayPlus Payment Gateway

Plugin Slug:
payplus-payment-gateway

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
6.6.9

Severity Score:
High

Plugin:

Social Warfare

Plugin Slug:
social-warfare

Vulnerability:
Backdoor

Patched in Version:
4.4.7.3

Severity Score:
Medium

Plugin:

Ultimate Addons for Elementor

Plugin Slug:
ultimate-elementor

Vulnerability:
Privilege Escalation

Patched in Version:
1.36.32

Severity Score:
High

Plugin:

Woffice Core

Plugin Slug:
woffice-core

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
5.4.9

Severity Score:
High

Plugin:

Woffice Core

Plugin Slug:
woffice-core

Vulnerability:
Broken Access Control

Patched in Version:
5.4.9

Severity Score:
High

Plugin:

WooCommerce Social Login

Plugin Slug:
woo-social-login

Vulnerability:
PHP Object Injection

Patched in Version:
2.7.0

Severity Score:
Medium

Plugin:

CopySafe Web Protection

Plugin Slug:
wp-copysafe-web

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.15

Severity Score:
Medium

Plugin:

WP Directory Kit

Plugin Slug:
wpdirectorykit

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.3.6

Severity Score:
High

Plugin:

WPQA – Builder forms Addon

Plugin Slug:
wpqa

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
6.1.1

Severity Score:
Medium

Plugin:

WPQA – Builder forms Addon

Plugin Slug:
wpqa

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
6.1.1

Severity Score:
Medium

WordPress Themes — 20 Patched / 3 Unpatched

Theme Slug:
zbench

Downloads
588,387

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Theme:

Boot Store

Theme Slug:
boot-store

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Theme:

counterpoint

Theme Slug:
counterpoint

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Theme Slug:
ashe

Downloads
1,959,473

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.234

Severity Score:
Medium

Theme Slug:
bakes-and-cakes

Downloads
154,588

Vulnerability:
Broken Access Control

Patched in Version:
1.2.7

Severity Score:
Medium

Theme Slug:
bard

Downloads
912,192

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.211

Severity Score:
Medium

Theme Slug:
blocksy

Downloads
3,364,636

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.0.23

Severity Score:
Medium

Theme Slug:
business-one-page

Downloads
211,071

Vulnerability:
Broken Access Control

Patched in Version:
1.3.0

Severity Score:
Medium

Theme Slug:
construction-landing-page

Downloads
284,784

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.3.6

Severity Score:
Medium

Theme Slug:
hestia

Downloads
4,067,479

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
3.1.3

Severity Score:
Medium

Theme Slug:
highlight

Downloads
435,892

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.0.30

Severity Score:
Medium

Theme Slug:
lawyer-landing-page

Downloads
128,839

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.2.5

Severity Score:
Medium

Theme Slug:
metro-magazine

Downloads
260,020

Vulnerability:
Broken Access Control

Patched in Version:
1.3.8

Severity Score:
Medium

Theme Slug:
newsmatic

Downloads
217,113

Vulnerability:
Broken Access Control

Patched in Version:
1.3.3

Severity Score:
Medium

Theme Slug:
posterity

Downloads
95,124

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
3.4

Severity Score:
Medium

Theme Slug:
rara-business

Downloads
201,763

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.2.6

Severity Score:
Medium

Theme Slug:
rife-free

Downloads
696,099

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.4.19

Severity Score:
Medium

Theme Slug:
trendy-news

Downloads
24,718

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.0.16

Severity Score:
Medium

Theme:

Basil

Theme Slug:
basil

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.0.5

Severity Score:
Medium

Theme:

BookYourTravel

Theme Slug:
bookyourtravel

Vulnerability:
Privilege Escalation

Patched in Version:
8.18.19

Severity Score:
High

Theme:

Himer

Theme Slug:
himer

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.1.1

Severity Score:
Medium

Theme:

Himer

Theme Slug:
himer

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.1.1

Severity Score:
Medium

Theme:

Woffice

Theme Slug:
woffice

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
5.4.9

Severity Score:
High

Solid Security is part of Solid Suite — The best foundation for WordPress websites.

Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!

Get Solid Security

Keep reading the article at Blog – SolidWP. The article was originally written by Sarah Ulmer on 2024-07-10 10:26:10.

The article was hand-picked and curated for you by the Editorial Team of WP Archives.

Disclosure: Some of the links in this post are "affiliate links." This means if you click on the link and purchase the product, We may receive an affiliate commission.

Previous Post
Next Post

Related Posts

WordPress Vulnerability Roundup: March , Part 1

WordPress

Customizing WordPress User Roles With Branda

WordPress

20 Best React Dashboard Templates For Killer Applications –

WordPress

Booknetic: WordPress Appointments & Booking –

WordPress

Quickly & Easily Build Popups with WP Popups Pro –

WordPress

How Much Does a Domain Name Really Cost

WordPress

Leave a Comment Cancel Reply
Your email address will not be published. Required fields are marked *
Type here..

Name*

Email*

Website

Save my name, email, and website in this browser for the next time I comment.

Notify me of follow-up comments by email.
Notify me of new posts by email.

Δ

WordPress Vulnerability Report — July 3, 2024
WordPress

In this report, 223 vulnerabilities have been publicly disclosed. Security patches for 182 of these plugins, themes, and Core are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 41 plugin and theme vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

Along with poor user account security, vulnerable plugins and themes are among the top reasons why WordPress websites get hacked. Unfortunately, cyberattacks are increasing in volume and sophistication. They’re also increasingly aimed at small to mid-sized businesses.

Table of Contents

1. WordPress Core

1.1
WordPress Core

1.2
WordPress Core

1.3
WordPress Core

2. WordPress Plugins — 153 Patched / 32 Unpatched

2.1
SEO SIMPLE PACK

2.2
NextScripts: Social Networks Auto-Poster

2.3
ARI Fancy Lightbox – WordPress Popup

2.4
BSK PDF Manager

2.5
PDF Viewer

2.6
Logo Manager For Enamad

2.7
WP Directory Kit

2.8
Pagerank tools

2.9
Animated AL List

2.10
Simple AL Slider

2.11
Widget4Call

2.12
All In One Redirection

2.13
Auto Featured Image

2.14
Bible Text

2.15
Bookster

2.16
ContentLock

2.17
ContentLock

2.18
ContentLock

2.19
Floating Social Buttons

2.20
Frontend Checklist

2.21
Gallery Slideshow

2.22
jQuery T(-) Countdown Widget

2.23
Mime Types Extended

2.24
Muslim Prayer Time BD

2.25
Ninja Beaver Add-ons for Beaver Builder

2.26
PDF Viewer for Elementor

2.27
Simple Photoswipe

2.28
Simple Photoswipe

2.29
Simply Show Hooks

2.30
Spotify Play Button

2.31
Video Widget

2.32
WebP & SVG Support

2.33
Contact Form 7

2.34
Elementor Website Builder – More than Just a Page Builder

2.35
WooCommerce

2.36
Elementor Header & Footer Builder

2.37
ElementsKit Elementor addons

2.38
File Manager

2.39
Easy Table of Contents

2.40
SiteGuard WP Plugin

2.41
Happy Addons for Elementor

2.42
Gutenberg Blocks with AI by Kadence WP – Page Builder Features

2.43
Gutenberg Blocks with AI by Kadence WP – Page Builder Features

2.44
PixelYourSite – Your smart PIXEL (TAG) & API Manager

2.45
PDF Embedder

2.46
SEOPress – On-site SEO

2.47
SEOPress – On-site SEO

2.48
Elementor Addon Elements

2.49
Advanced File Manager

2.50
HT Mega – Absolute Addons For Elementor

2.51
Pods – Custom Content Types and Fields

2.52
Stackable – Page Builder Gutenberg Blocks

2.53
The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce

2.54
WP Chat App

2.55
Defender Security – Malware Scanner, Login Security & Firewall

2.56
Slider & Popup Builder by Depicter – Add Image Slider, Carousel Slider, Exit Intent Popup, Popup Modal, Coupon Popup, Post Slider Carousel

2.57
Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce

2.58
EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor

2.59
Events Manager – Calendar, Bookings, Tickets, and more!

2.60
Featured Image from URL (FIFU)

2.61
LearnPress – WordPress LMS Plugin

2.62
LearnPress – WordPress LMS Plugin

2.63
WP Mobile Menu – The Mobile-Friendly Responsive Menu

2.64
Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions

2.65
Permalink Manager Lite

2.66
The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid

2.67
Tutor LMS – eLearning and online course solution

2.68
Tutor LMS – eLearning and online course solution

2.69
WP Maps – Display Google Maps Perfectly with Ease

2.70
3D FlipBook – PDF Flipbook WordPress

2.71
Media Library Assistant

2.72
Page and Post Clone

2.73
Exclusive Addons for Elementor

2.74
Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder

2.75
Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates)

2.76
Ultimate Blocks – WordPress Blocks Plugin

2.77
DethemeKit For Elementor

2.78
Interactive Content – H5P

2.79
PowerPress Podcasting plugin by Blubrry

2.80
Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker

2.81
Void Contact Form 7 Widget For Elementor Page Builder

2.82
Cost Calculator Builder

2.83
Cost Calculator Builder

2.84
Easy Google Maps

2.85
PDF Poster – PDF Embedder Plugin

2.86
Portfolio Gallery – Image Gallery Plugin

2.87
Rife Elementor Extensions & Templates

2.88
Gallery Blocks with Lightbox. Image Gallery, (HTML5 video , YouTube, Vimeo) Video Gallery and Lightbox for native gallery

2.89
Twenty20 Image Before-After

2.90
Ad Invalid Click Protector (AICP)

2.91
Branda – White Label WordPress, Custom Login Page Customizer

2.92
Conversios – Google Analytics 4 (GA4), Google Ads, Meta Pixel & more for WooCommerce

2.93
Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One Click Upsells

2.94
PDF.js Viewer

2.95
Quiz Maker

2.96
Ultimate Post Kit Addons For Elementor – (Post Grid, Post Carousel, Post Slider, Category List, Post Tabs, Timeline, Post Ticker, Tag Cloud)

2.97
UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress

2.98
E2Pdf – Export To Pdf Tool for WordPress

2.99
E2Pdf – Export To Pdf Tool for WordPress

2.100
Easy Affiliate Links

2.101
Cookie Consent for WP – Cookie Consent, Consent Log, Cookie Scanner, Script Blocker (for GDPR, CCPA & ePrivacy)

2.102
AI Power: Complete AI Pack – Powered by GPT-4

2.103
HTML5 Audio Player- Audio Player Plugin

2.104
Mailster WordPress Newsletter Plugin

2.105
Mega Elements – Addons for Elementor

2.106
Simple Newsletter Plugin – Noptin

2.107
All-in-One Addons for Elementor – WidgetKit

2.108
Wonder PDF Embed

2.109
WP Photo Album Plus

2.110
WP Server Health Stats

2.111
Motors – Car Dealer, Classifieds & Listing

2.112
PowerPack Lite for Beaver Builder

2.113
PowerPack Lite for Beaver Builder

2.114
Create by Mediavine

2.115
ProfileGrid – User Profiles, Groups and Communities

2.116
Print My Blog – Print, PDF, & eBook Converter WordPress Plugin

2.117
Ultimate Bootstrap Elements for Elementor

2.118
WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce

2.119
Beaver Builder Addons by WPZOOM

2.120
Easy Image Collage

2.121
AWSM Team – Team Showcase Plugin

2.122
Patreon WordPress

2.123
Social Rocket – Social Sharing Plugin

2.124
Stock Ticker

2.125
Visual Website Collaboration, Feedback & Project Management – Atarim

2.126
Cards for Beaver Builder

2.127
Chained Quiz

2.128
Cowidgets – Elementor Addons

2.129
CRM Perks Forms – WordPress Form Builder

2.130
WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg

2.131
Online Booking & Scheduling Calendar for WordPress by vcita

2.132
WP Secure Maintenance

2.133
Church Admin

2.134
Enter Addons – Ultimate Template Builder for Elementor

2.135
Extensions for Elementor

2.136
Photo Gallery by Ays – Responsive Image Gallery

2.137
IdeaPush

2.138
IdeaPush

2.139
Login with phone number

2.140
Newspack Newsletters

2.141
PayPlus Payment Gateway

2.142
PayPlus Payment Gateway

2.143
Post Meta Data Manager

2.144
SuperSaaS – online appointment scheduling

2.145
Tainacan

2.146
WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin

2.147
WP-Lister Lite for Amazon

2.148
The Ultimate WordPress Toolkit – WP Extended

2.149
Zita Elementor Site Library

2.150
Zita Elementor Site Library

2.151
Progress Planner

2.152
Progress Planner

2.153
Advanced Custom Fields PRO

2.154
Advanced Custom Fields PRO

2.155
Advanced Custom Fields PRO

2.156
ARMember Premium

2.157
BLAZE Retail Widget

2.158
Bricks Builder (Premium)

2.159
Contact Form 7 Multi-Step Addon

2.160
Elementor Pro

2.161
Blocks Pro

2.162
Masterstudy Elementor Widgets

2.163
Masterstudy Elementor Widgets

2.164
Masterstudy Elementor Widgets

2.165
Newspack Ads

2.166
Newspack Blocks

2.167
Newspack Blocks

2.168
Newspack Blocks

2.169
Newspack Content Converter

2.170
Newspack Campaigns

2.171
Slider Revolution

2.172
Seo Optimized Images

2.173
Social Warfare

2.174
Uber Menu

2.175
Ultimate Addons for Elementor

2.176
Uncanny Automator Pro

2.177
Uncanny Automator Pro

2.178
Uncanny Toolkit Pro for LearnDash

2.179
Uncanny Toolkit Pro for LearnDash

2.180
Uncanny Toolkit Pro for LearnDash

2.181
TrustedLogin Vendor

2.182
Woffice Core

2.183
Woffice Core

2.184
WP Job Manager – Resume Manager

2.185
Wrapper Link Elementor

3. WordPress Themes — 26 Patched / 9 Unpatched

3.1
Anima

3.2
Infinite Photography

3.3
Boot Store

3.4
Grey Opaque

3.5
Mosaic

3.6
Schema Lite

3.7
Scylla lite

3.8
Silesia

3.9
Theron Lite

3.10
Ashe

3.11
Benevolent

3.12
Blocksy

3.13
Blossom Shop

3.14
Coachify

3.15
Elegant Pink

3.16
Esteem

3.17
Hestia

3.18
Highlight

3.19
JobScout

3.20
Mesmerize

3.21
NewsMash

3.22
Newsmatic

3.23
OnePress

3.24
Perfect Portfolio

3.25
Preschool and Kindergarten

3.26
Travel Agency

3.27
Travel Monster

3.28
Trendy News

3.29
Basil

3.30
The7

3.31
Foxiz

3.32
Goya

3.33
Striking

3.34
Striking

3.35
Woffice

Our WordPress Vulnerability Report covers the latest emerging WordPress plugin, theme, and core vulnerabilities. Each vulnerability will have a severity rating of Low, Medium, High, or Critical. Responsible disclosure of vulnerabilities is essential to keeping the WordPress community safe. Please share this report to help spread the word and make WordPress — and the web — more secure.

WordPress Core

WordPress 6.5.5 is now available! This release features three security fixes. Because this is a security release, it is recommended that you update your sites immediately. This minor release also includes 3 bug fixes in Core.

WordPress 6.6 RC2 is ready for download and testing! The target release date for WordPress 6.6 is July 16, 2024. Your help testing RC versions over the next few weeks is vital to ensuring the final release is everything it should be: stable, powerful, and intuitive.

Vulnerability:
Path Traversal

Patched in Version:
6.5.5

Severity Score:
Medium

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
6.5.5

Severity Score:
Medium

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
6.5.5

Severity Score:
Medium

WordPress Plugins — 153 Patched / 32 Unpatched

Plugin Slug:
seo-simple-pack

Installations
100,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
social-networks-auto-poster-facebook-twitter-g

Installations
50,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
ari-fancy-lightbox

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
bsk-pdf-manager

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
pdf-viewer

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
logo-manager-for-enamad

Installations
7,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
wpdirectorykit

Installations
3,000+

Vulnerability:
Content Injection

Patched in Version:
No Fix

Severity Score:
Low

Plugin Slug:
pagerank-tools

Installations
20+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
animated-al-list

Installations
10+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
simple-al-slider

Installations
10+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
widget4call

Installations
10+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

All In One Redirection

Plugin Slug:
all-in-one-redirection

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Auto Featured Image

Plugin Slug:
auto-featured-image

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

Bible Text

Plugin Slug:
bible-text

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Bookster

Plugin Slug:
bookster

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

ContentLock

Plugin Slug:
contentlock

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

ContentLock

Plugin Slug:
contentlock

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

ContentLock

Plugin Slug:
contentlock

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Floating Social Buttons

Plugin Slug:
floating-social-buttons

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Frontend Checklist

Plugin Slug:
frontend-checklist

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Gallery Slideshow

Plugin Slug:
gallery-slideshow

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

jQuery T(-) Countdown Widget

Plugin Slug:
jquery-t-countdown-widget

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Mime Types Extended

Plugin Slug:
mime-types-extended

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Muslim Prayer Time BD

Plugin Slug:
muslim-prayer-time-bd

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Ninja Beaver Add-ons for Beaver Builder

Plugin Slug:
ninja-beaver-lite-addons-for-beaver-builder

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

PDF Viewer for Elementor

Plugin Slug:
pdf-viewer-for-elementor

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Simple Photoswipe

Plugin Slug:
simple-photoswipe

Vulnerability:
Settings Change

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Simple Photoswipe

Plugin Slug:
simple-photoswipe

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Simply Show Hooks

Plugin Slug:
simply-show-hooks

Vulnerability:
Backdoor

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

Spotify Play Button

Plugin Slug:
spotify-play-button

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Video Widget

Plugin Slug:
video-widget

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

WebP & SVG Support

Plugin Slug:
webp-svg-support

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
contact-form-7

Installations
10,000,000+

Vulnerability:
Open Redirection

Patched in Version:
5.9.5

Severity Score:
Medium

Plugin Slug:
elementor

Installations
10,000,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.22.2

Severity Score:
Medium

Plugin Slug:
woocommerce

Installations
7,000,000+

Vulnerability:
Content Injection

Patched in Version:
9.0.0

Severity Score:
Low

Plugin Slug:
header-footer-elementor

Installations
2,000,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.6.36

Severity Score:
Medium

Plugin Slug:
elementskit-lite

Installations
1,000,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.2.0

Severity Score:
Medium

Plugin Slug:
wp-file-manager

Installations
1,000,000+

Vulnerability:
Broken Access Control

Patched in Version:
7.2.8

Severity Score:
Medium

Plugin Slug:
easy-table-of-contents

Installations
500,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.0.66

Severity Score:
Medium

Plugin Slug:
siteguard

Installations
500,000+

Vulnerability:
Bypass Vulnerability

Patched in Version:
1.7.7

Severity Score:
Medium

Plugin Slug:
happy-elementor-addons

Installations
400,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.11.2

Severity Score:
Medium

Plugin Slug:
kadence-blocks

Installations
400,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.2.46

Severity Score:
Medium

Plugin Slug:
kadence-blocks

Installations
400,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.2.43

Severity Score:
Medium

Plugin Slug:
pixelyoursite

Installations
400,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
9.6.2

Severity Score:
Medium

Plugin Slug:
pdf-embedder

Installations
300,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.8.0

Severity Score:
Medium

Plugin Slug:
wp-seopress

Installations
300,000+

Vulnerability:
Open Redirection

Patched in Version:
7.8

Severity Score:
Medium

Plugin Slug:
wp-seopress

Installations
300,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
7.8

Severity Score:
Medium

Plugin Slug:
addon-elements-for-elementor-page-builder

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.13.6

Severity Score:
Medium

Plugin Slug:
file-manager-advanced

Installations
100,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
5.2.5

Severity Score:
Medium

Plugin Slug:
ht-mega-for-elementor

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.5.6

Severity Score:
Medium

Plugin Slug:
pods

Installations
100,000+

Vulnerability:
Backdoor

Patched in Version:
3.2.2

Severity Score:
Critical

Plugin Slug:
stackable-ultimate-gutenberg-blocks

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.13.2

Severity Score:
Medium

Plugin Slug:
the-plus-addons-for-elementor-page-builder

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
5.6.1

Severity Score:
Medium

Plugin Slug:
wp-whatsapp

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.6.5

Severity Score:
Medium

Plugin Slug:
defender-security

Installations
90,000+

Vulnerability:
Broken Access Control

Patched in Version:
4.7.3

Severity Score:
Medium

Plugin Slug:
depicter

Installations
90,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.1.0

Severity Score:
Medium

Plugin Slug:
email-subscribers

Installations
90,000+

Vulnerability:
SQL Injection

Patched in Version:
5.7.26

Severity Score:
Critical

Plugin Slug:
embedpress

Installations
90,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.0.3

Severity Score:
Medium

Plugin Slug:
events-manager

Installations
90,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
6.4.9

Severity Score:
High

Plugin Slug:
featured-image-from-url

Installations
90,000+

Vulnerability:
Broken Access Control

Patched in Version:
4.8.2

Severity Score:
Medium

Plugin Slug:
learnpress

Installations
90,000+

Vulnerability:
Broken Access Control

Patched in Version:
4.2.6.8.2

Severity Score:
Medium

Plugin Slug:
learnpress

Installations
90,000+

Vulnerability:
Broken Access Control

Patched in Version:
4.2.6.8.2

Severity Score:
Medium

Plugin Slug:
mobile-menu

Installations
90,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.8.4.4

Severity Score:
Medium

Plugin Slug:
paid-memberships-pro

Installations
90,000+

Vulnerability:
Insecure Direct Object References (IDOR)

Patched in Version:
3.0.5

Severity Score:
High

Plugin Slug:
permalink-manager

Installations
90,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.4.3.4

Severity Score:
High

Plugin Slug:
the-post-grid

Installations
90,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
7.7.2

Severity Score:
Medium

Plugin Slug:
tutor

Installations
90,000+

Vulnerability:
Local File Inclusion

Patched in Version:
2.7.2

Severity Score:
Medium

Plugin Slug:
tutor

Installations
90,000+

Vulnerability:
SQL Injection

Patched in Version:
2.7.2

Severity Score:
High

Plugin Slug:
wp-google-map-plugin

Installations
80,000+

Vulnerability:
SQL Injection

Patched in Version:
4.6.2

Severity Score:
High

Plugin Slug:
interactive-3d-flipbook-powered-physics-engine

Installations
70,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.15.6

Severity Score:
Medium

Plugin Slug:
media-library-assistant

Installations
70,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.18

Severity Score:
High

Plugin Slug:
page-or-post-clone

Installations
70,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
6.1

Severity Score:
Low

Plugin Slug:
exclusive-addons-for-elementor

Installations
60,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.6.9.9

Severity Score:
Medium

Plugin Slug:
form-maker

Installations
50,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.15.26

Severity Score:
Medium

Plugin Slug:
sina-extension-for-elementor

Installations
50,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.5.6

Severity Score:
Medium

Plugin Slug:
ultimate-blocks

Installations
50,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.2.0

Severity Score:
Medium

Plugin Slug:
dethemekit-for-elementor

Installations
40,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.1.6

Severity Score:
Medium

Plugin Slug:
h5p

Installations
40,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.15.8

Severity Score:
Medium

Plugin Slug:
powerpress

Installations
40,000+

Vulnerability:
Backdoor

Patched in Version:
11.9.5

Severity Score:
Critical

Plugin Slug:
quiz-master-next

Installations
40,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
9.0.2

Severity Score:
Medium

Plugin Slug:
cf7-widget-elementor

Installations
30,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.4.1

Severity Score:
Medium

Plugin Slug:
cost-calculator-builder

Installations
30,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.2.13

Severity Score:
Medium

Plugin Slug:
cost-calculator-builder

Installations
30,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.2.13

Severity Score:
Medium

Plugin Slug:
google-maps-easy

Installations
30,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.11.16

Severity Score:
Medium

Plugin Slug:
pdf-poster

Installations
30,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.1.22

Severity Score:
Medium

Plugin Slug:
portfolio-filter-gallery

Installations
30,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.6.5

Severity Score:
Medium

Plugin Slug:
rife-elementor-extensions

Installations
30,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.2.2

Severity Score:
Medium

Plugin Slug:
simply-gallery-block

Installations
30,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.2.2

Severity Score:
Medium

Plugin Slug:
twenty20

Installations
30,000+

Vulnerability:
Backdoor

Patched in Version:
1.6.4

Severity Score:
Critical

Plugin Slug:
ad-invalid-click-protector

Installations
20,000+

Vulnerability:
Backdoor

Patched in Version:
1.2.10

Severity Score:
Critical

Plugin Slug:
branda-white-labeling

Installations
20,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.4.18

Severity Score:
Medium

Plugin Slug:
enhanced-e-commerce-for-woocommerce-store

Installations
20,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
7.1.1

Severity Score:
High

Plugin Slug:
funnel-builder

Installations
20,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.4.0

Severity Score:
Medium

Plugin Slug:
pdfjs-viewer-shortcode

Installations
20,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.2

Severity Score:
Medium

Plugin Slug:
quiz-maker

Installations
20,000+

Vulnerability:
SQL Injection

Patched in Version:
6.5.8.4

Severity Score:
Critical

Plugin Slug:
ultimate-post-kit

Installations
20,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.11.8

Severity Score:
Medium

Plugin Slug:
userswp

Installations
20,000+

Vulnerability:
SQL Injection

Patched in Version:
1.2.11

Severity Score:
Critical

Plugin Slug:
e2pdf

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.23.00

Severity Score:
Medium

Plugin Slug:
e2pdf

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.25.01

Severity Score:
Medium

Plugin Slug:
easy-affiliate-links

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.7.4

Severity Score:
Medium

Plugin Slug:
gdpr-cookie-consent

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.3.0

Severity Score:
High

Plugin Slug:
gpt3-ai-content-generator

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.8.67

Severity Score:
Medium

Plugin Slug:
html5-audio-player

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.2.24

Severity Score:
Medium

Plugin Slug:
mailster

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.0.10

Severity Score:
High

Plugin Slug:
mega-elements-addons-for-elementor

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.2.3

Severity Score:
Medium

Plugin Slug:
newsletter-optin-box

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.4.3

Severity Score:
Medium

Plugin Slug:
widgetkit-for-elementor

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.5.1

Severity Score:
Medium

Plugin Slug:
wonderplugin-pdf-embed

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.8

Severity Score:
Medium

Plugin Slug:
wp-photo-album-plus

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
8.8.00.003

Severity Score:
High

Plugin Slug:
wp-server-stats

Installations
10,000+

Vulnerability:
Backdoor

Patched in Version:
1.7.7

Severity Score:
Critical

Plugin Slug:
motors-car-dealership-classified-listings

Installations
9,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.4.11

Severity Score:
Medium

Plugin Slug:
powerpack-addon-for-beaver-builder

Installations
9,000+

Vulnerability:
Local File Inclusion

Patched in Version:
1.3.0.4

Severity Score:
Medium

Plugin Slug:
powerpack-addon-for-beaver-builder

Installations
9,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.3.0.5

Severity Score:
Medium

Plugin Slug:
mediavine-create

Installations
7,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.9.8

Severity Score:
Medium

Plugin Slug:
profilegrid-user-profiles-groups-and-communities

Installations
7,000+

Vulnerability:
Broken Access Control

Patched in Version:
5.8.8

Severity Score:
Medium

Plugin Slug:
print-my-blog

Installations
6,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.27.1

Severity Score:
Medium

Plugin Slug:
ultimate-bootstrap-elements-for-elementor

Installations
6,000+

Vulnerability:
Local File Inclusion

Patched in Version:
1.4.3

Severity Score:
High

Plugin Slug:
wp-cafe

Installations
6,000+

Vulnerability:
Local File Inclusion

Patched in Version:
2.2.26

Severity Score:
Medium

Plugin Slug:
wpzoom-addons-for-beaver-builder

Installations
6,000+

Vulnerability:
Local File Inclusion

Patched in Version:
1.3.6

Severity Score:
Medium

Plugin Slug:
easy-image-collage

Installations
5,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.13.6

Severity Score:
Medium

Plugin Slug:
awsm-team

Installations
4,000+

Vulnerability:
Local File Inclusion

Patched in Version:
1.3.2

Severity Score:
Medium

Plugin Slug:
patreon-connect

Installations
4,000+

Vulnerability:
Bypass Vulnerability

Patched in Version:
1.9.1

Severity Score:
Medium

Plugin Slug:
social-rocket

Installations
3,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.3.4

Severity Score:
High

Plugin Slug:
stock-ticker

Installations
3,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.24.6

Severity Score:
Medium

Plugin Slug:
atarim-visual-collaboration

Installations
2,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.32

Severity Score:
Medium

Plugin Slug:
bb-bootstrap-cards

Installations
2,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.1.5

Severity Score:
Medium

Plugin Slug:
chained-quiz

Installations
2,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.3.2.9

Severity Score:
Medium

Plugin Slug:
cowidgets-elementor-addons

Installations
2,000+

Vulnerability:
Local File Inclusion

Patched in Version:
1.2.0

Severity Score:
High

Plugin Slug:
crm-perks-forms

Installations
2,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.1.6

Severity Score:
Medium

Plugin Slug:
groundhogg

Installations
2,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.4.3

Severity Score:
High

Plugin Slug:
meeting-scheduler-by-vcita

Installations
2,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.4.3

Severity Score:
High

Plugin Slug:
wp-secure-maintainance

Installations
2,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.7

Severity Score:
Medium

Plugin Slug:
church-admin

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
4.4.5

Severity Score:
Medium

Plugin Slug:
enteraddons

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.1.7

Severity Score:
Medium

Plugin Slug:
extensions-for-elementor

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.0.31

Severity Score:
Medium

Plugin Slug:
gallery-photo-gallery

Installations
1,000+

Vulnerability:
Content Injection

Patched in Version:
5.7.1

Severity Score:
Low

Plugin Slug:
ideapush

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
8.66

Severity Score:
High

Plugin Slug:
ideapush

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
8.61

Severity Score:
Medium

Plugin Slug:
login-with-phone-number

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.7.36

Severity Score:
Medium

Plugin Slug:
newspack-newsletters

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.13.3

Severity Score:
Medium

Plugin Slug:
payplus-payment-gateway

Installations
1,000+

Vulnerability:
SQL Injection

Patched in Version:
6.6.9

Severity Score:
Critical

Plugin Slug:
payplus-payment-gateway

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
6.6.9

Severity Score:
High

Plugin Slug:
post-meta-data-manager

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.3.0

Severity Score:
Medium

Plugin Slug:
supersaas-appointment-scheduling

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.1.10

Severity Score:
Medium

Plugin Slug:
tainacan

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
0.21.6

Severity Score:
Medium

Plugin Slug:
timetics

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.0.22

Severity Score:
Medium

Plugin Slug:
wp-lister-for-amazon

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.6.17

Severity Score:
High

Plugin Slug:
wpextended

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.0.0

Severity Score:
High

Plugin Slug:
zita-site-library

Installations
1,000+

Vulnerability:
Arbitrary Code Execution

Patched in Version:
1.6.2

Severity Score:
Critical

Plugin Slug:
zita-site-library

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.6.3

Severity Score:
Medium

Plugin Slug:
progress-planner

Installations
30+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
0.9.3

Severity Score:
Medium

Plugin Slug:
progress-planner

Installations
30+

Vulnerability:
Broken Access Control

Patched in Version:
0.9.2

Severity Score:
Medium

Plugin:

Advanced Custom Fields PRO

Plugin Slug:
advanced-custom-fields-pro

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
6.3.2

Severity Score:
Medium

Plugin:

Advanced Custom Fields PRO

Plugin Slug:
advanced-custom-fields-pro

Vulnerability:
Broken Access Control

Patched in Version:
6.3.2

Severity Score:
Medium

Plugin:

Advanced Custom Fields PRO

Plugin Slug:
advanced-custom-fields-pro

Vulnerability:
Broken Access Control

Patched in Version:
6.3.2

Severity Score:
Medium

Plugin:

ARMember Premium

Plugin Slug:
armember

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
6.7.1

Severity Score:
Medium

Plugin:

BLAZE Retail Widget

Plugin Slug:
blaze-widget

Vulnerability:
Backdoor

Patched in Version:
2.5.4

Severity Score:
Critical

Plugin:

Bricks Builder (Premium)

Plugin Slug:
bricksbuilder

Vulnerability:
Insecure Direct Object References (IDOR)

Patched in Version:
1.9.9

Severity Score:
Medium

Plugin:

Contact Form 7 Multi-Step Addon

Plugin Slug:
contact-form-7-multi-step-addon

Vulnerability:
Backdoor

Patched in Version:
1.0.7

Severity Score:
Critical

Plugin:

Elementor Pro

Plugin Slug:
elementor-pro

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.21.3

Severity Score:
High

Plugin Slug:
kadence-blocks-pro

Vulnerability:
Broken Access Control

Patched in Version:
2.3.8

Severity Score:
Medium

Plugin:

Masterstudy Elementor Widgets

Plugin Slug:
masterstudy-elementor-widgets

Vulnerability:
Remote Code Execution (RCE)

Patched in Version:
1.2.3

Severity Score:
Critical

Plugin:

Masterstudy Elementor Widgets

Plugin Slug:
masterstudy-elementor-widgets

Vulnerability:
SQL Injection

Patched in Version:
1.2.3

Severity Score:
High

Plugin:

Masterstudy Elementor Widgets

Plugin Slug:
masterstudy-elementor-widgets

Vulnerability:
Broken Access Control

Patched in Version:
1.2.3

Severity Score:
Medium

Plugin:

Newspack Ads

Plugin Slug:
newspack-ads

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.47.2

Severity Score:
Medium

Plugin:

Newspack Blocks

Plugin Slug:
newspack-blocks

Vulnerability:
Broken Access Control

Patched in Version:
3.0.9

Severity Score:
Medium

Plugin:

Newspack Blocks

Plugin Slug:
newspack-blocks

Vulnerability:
Arbitrary File Upload

Patched in Version:
3.0.9

Severity Score:
Critical

Plugin:

Newspack Blocks

Plugin Slug:
newspack-blocks

Vulnerability:
Arbitrary File Deletion

Patched in Version:
3.0.9

Severity Score:
High

Plugin:

Newspack Content Converter

Plugin Slug:
newspack-content-converter

Vulnerability:
Broken Access Control

Patched in Version:
1.0.0

Severity Score:
Medium

Plugin:

Newspack Campaigns

Plugin Slug:
newspack-popups

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.31.2

Severity Score:
Medium

Plugin:

Slider Revolution

Plugin Slug:
revslider

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
6.7.14

Severity Score:
Medium

Plugin:

Seo Optimized Images

Plugin Slug:
seo-optimized-images

Vulnerability:
Backdoor

Patched in Version:
2.1.4

Severity Score:
Critical

Plugin:

Social Warfare

Plugin Slug:
social-warfare

Vulnerability:
Backdoor

Patched in Version:
4.4.7.3

Severity Score:
Critical

Plugin:

Uber Menu

Plugin Slug:
ubermenu

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
3.8.4

Severity Score:
Medium

Plugin:

Ultimate Addons for Elementor

Plugin Slug:
ultimate-elementor

Vulnerability:
Privilege Escalation

Patched in Version:
1.36.32

Severity Score:
High

Plugin:

Uncanny Automator Pro

Plugin Slug:
uncanny-automator-pro

Vulnerability:
Settings Change

Patched in Version:
5.3.0.1

Severity Score:
Medium

Plugin:

Uncanny Automator Pro

Plugin Slug:
uncanny-automator-pro

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
5.3.0.1

Severity Score:
Medium

Plugin:

Uncanny Toolkit Pro for LearnDash

Plugin Slug:
uncanny-toolkit-pro

Vulnerability:
Other Vulnerability Type

Patched in Version:
4.1.4.1

Severity Score:
Medium

Plugin:

Uncanny Toolkit Pro for LearnDash

Plugin Slug:
uncanny-toolkit-pro

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
4.1.4.1

Severity Score:
Medium

Plugin:

Uncanny Toolkit Pro for LearnDash

Plugin Slug:
uncanny-toolkit-pro

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.1.4.1

Severity Score:
High

Plugin:

TrustedLogin Vendor

Plugin Slug:
vendor

Vulnerability:
Sensitive Data Exposure

Patched in Version:
1.1.1

Severity Score:
Medium

Plugin:

Woffice Core

Plugin Slug:
woffice-core

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
5.4.9

Severity Score:
High

Plugin:

Woffice Core

Plugin Slug:
woffice-core

Vulnerability:
Broken Access Control

Patched in Version:
5.4.9

Severity Score:
High

Plugin:

WP Job Manager – Resume Manager

Plugin Slug:
wp-job-manager-resumes

Vulnerability:
Broken Access Control

Patched in Version:
2.2.0

Severity Score:
Medium

Plugin:

Wrapper Link Elementor

Plugin Slug:
wrapper-link-elementor

Vulnerability:
Backdoor

Patched in Version:
1.0.5

Severity Score:
Critical

WordPress Themes — 26 Patched / 9 Unpatched

Theme Slug:
anima

Downloads
168,999

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Theme Slug:
infinite-photography

Downloads
107,414

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Theme:

Boot Store

Theme Slug:
boot-store

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Theme:

Grey Opaque

Theme Slug:
grey-opaque

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Theme:

Mosaic

Theme Slug:
mosaic

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Theme:

Schema Lite

Theme Slug:
schema-lite

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Theme:

Scylla lite

Theme Slug:
scylla-lite

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Theme:

Silesia

Theme Slug:
silesia

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Theme:

Theron Lite

Theme Slug:
theron-lite

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Theme Slug:
ashe

Downloads
1,957,104

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.234

Severity Score:
Medium

Theme Slug:
benevolent

Downloads
160,655

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.3.5

Severity Score:
Medium

Theme Slug:
blocksy

Downloads
3,336,053

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.0.23

Severity Score:
Medium

Theme Slug:
blossom-shop

Downloads
150,907

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.1.8

Severity Score:
Medium

Theme Slug:
coachify

Downloads
28,532

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.0.8

Severity Score:
Medium

Theme Slug:
elegant-pink

Downloads
196,614

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.3.1

Severity Score:
Medium

Theme Slug:
esteem

Downloads
354,167

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.5.1

Severity Score:
Medium

Theme Slug:
hestia

Downloads
4,062,876

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
3.1.3

Severity Score:
Medium

Theme Slug:
highlight

Downloads
435,589

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.0.30

Severity Score:
Medium

Theme Slug:
jobscout

Downloads
91,924

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.1.5

Severity Score:
Medium

Theme Slug:
mesmerize

Downloads
1,557,420

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.6.124

Severity Score:
Medium

Theme Slug:
newsmash

Downloads
64,856

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.0.35

Severity Score:
Medium

Theme Slug:
newsmatic

Downloads
213,444

Vulnerability:
Broken Access Control

Patched in Version:
1.3.3

Severity Score:
Medium

Theme Slug:
onepress

Downloads
2,262,614

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.3.7

Severity Score:
Medium

Theme Slug:
perfect-portfolio

Downloads
251,932

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.2.1

Severity Score:
Medium

Theme Slug:
preschool-and-kindergarten

Downloads
120,182

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.2.2

Severity Score:
Medium

Theme Slug:
travel-agency

Downloads
289,086

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.5.0

Severity Score:
Medium

Theme Slug:
travel-monster

Downloads
28,852

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.1.3

Severity Score:
Medium

Theme Slug:
trendy-news

Downloads
24,678

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.0.16

Severity Score:
Medium

Theme:

Basil

Theme Slug:
basil

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.0.5

Severity Score:
Medium

Theme:

The7

Theme Slug:
dt-the7

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
11.14.0

Severity Score:
Medium

Theme:

Foxiz

Theme Slug:
foxiz

Vulnerability:
Server Side Request Forgery (SSRF)

Patched in Version:
2.3.6

Severity Score:
High

Theme:

Goya

Theme Slug:
goya

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.0.8.8

Severity Score:
High

Theme:

Striking

Theme Slug:
striking-r

Vulnerability:
Local File Inclusion

Patched in Version:
2.3.5

Severity Score:
High

Theme:

Striking

Theme Slug:
striking-r

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.3.5

Severity Score:
High

Theme:

Woffice

Theme Slug:
woffice

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
5.4.9

Severity Score:
High

Solid Security is part of Solid Suite — The best foundation for WordPress websites.

Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!

Get Solid Security

Keep reading the article at Blog – SolidWP. The article was originally written by Sarah Zuercher on 2024-07-03 10:01:38.

The article was hand-picked and curated for you by the Editorial Team of WP Archives.

Disclosure: Some of the links in this post are "affiliate links." This means if you click on the link and purchase the product, We may receive an affiliate commission.

Previous Post
Next Post

Related Posts

WordPress Vulnerability Roundup: March , Part 1

WordPress

Customizing WordPress User Roles With Branda

WordPress

20 Best React Dashboard Templates For Killer Applications –

WordPress

Booknetic: WordPress Appointments & Booking –

WordPress

Quickly & Easily Build Popups with WP Popups Pro –

WordPress

How Much Does a Domain Name Really Cost

WordPress

Leave a Comment Cancel Reply
Your email address will not be published. Required fields are marked *
Type here..

Name*

Email*

Website

Save my name, email, and website in this browser for the next time I comment.

Notify me of follow-up comments by email.
Notify me of new posts by email.

Δ

WordPress Vulnerability Report — January 31, 2024
WordPress

In this report, 53 vulnerabilities have been publicly disclosed. Security patches for 36 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 17 plugin vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

Along with poor user account security, vulnerable plugins and themes are among the reasons why WordPress websites get hacked. (See our Annual Vulnerability Report for 2022.) Unfortunately, cyberattacks are increasing in volume and sophistication. They’re also increasingly aimed at small to mid-sized businesses.

Table of Contents

1. WordPress Core

2. WordPress Plugins — 35 Patched / 17 Unpatched

2.1
aBitGone CommentSafe

2.2
Add SVG Support for Media Uploader | inventivo

2.3
Advanced Schedule Posts

2.4
Better Follow Button for Jetpack

2.5
enigma chart.js

2.6
enigma chart.js

2.7
(Simply) Guest Author Name

2.8
lasTunes

2.9
illi Link Party!

2.10
illi Link Party!

2.11
illi Link Party!

2.12
Mang Board WP

2.13
Splashscreen

2.14
SVG Uploads Support

2.15
Ultimate Noindex Nofollow Tool

2.16
Marketing Twitter Bot

2.17
WP-Reply Notify

2.18
Better Search Replace

2.19
File Manager

2.20
WP Go Maps (formerly WP Google Maps)

2.21
Migration, Backup, Staging – WPvivid

2.22
Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder

2.23
Backuply – Backup, Restore, Migrate and Clone

2.24
Photo Gallery by 10Web – Mobile-Friendly Image Gallery

2.25
AMP for WP – Accelerated Mobile Pages

2.26
FileBird – WordPress Media Library Folders & File Manager

2.27
Instant Images – One Click Image Uploads from Unsplash, Openverse, Pixabay and Pexels

2.28
VK Block Patterns

2.29
Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder

2.30
WP RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging

2.31
Exclusive Addons for Elementor

2.32
Exclusive Addons for Elementor

2.33
10Web AI Assistant – AI content writing assistant

2.34
WP Dashboard Notes

2.35
Meks Smart Social Widget

2.36
PDF Poster – PDF Embedder Plugin for WordPress

2.37
WordPress Simple Shopping Cart

2.38
Cryptocurrency Widgets – Price Ticker & Coins List

2.39
WP Customer Area

2.40
PDF Generator For Fluent Forms – The Contact Form Plugin

2.41
Category Discount Woocommerce

2.42
Category Discount Woocommerce

2.43
Sticky Buttons – floating buttons builder

2.44
Dragfy Addons for Elementor

2.45
InstaWP Connect – 1-click WP Staging & Migration

2.46
InstaWP Connect – 1-click WP Staging & Migration

2.47
Views for WPForms – Display & Edit WPForms Entries on your site frontend

2.48
Allow SVG

2.49
coreActivity: Activity Logging plugin for WordPress

2.50
MaxButtons

2.51
File Manager Pro

2.52
WPForms Pro

3. WordPress Themes — 1 Patched / 0 Unpatched

3.1
ColorMag

Our WordPress Vulnerability Report covers the latest emerging WordPress plugin, theme, and core vulnerabilities. Each vulnerability will have a severity rating of Low, Medium, High, or Critical. Responsible disclosure of vulnerabilities is essential to keeping the WordPress community safe. Please share this report to help spread the word and make WordPress — and the web — more secure.

WordPress Core

WordPress 6.4.3 was released on January 30, 2024, as a short-cycle maintenance and security release with five bug fixes in Core and 16 bug fixes for the Block Editor. It is recommended that you update your sites immediately.

The next major release will be version 6.5, planned for March 26, 2024.

No new core vulnerabilities were disclosed this week.

WordPress Plugins — 35 Patched / 17 Unpatched

Plugin:

aBitGone CommentSafe

Plugin Slug:
abitgone-commentsafe

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Add SVG Support for Media Uploader | inventivo

Plugin Slug:
add-svg-support-for-media-uploader-inventivo

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Advanced Schedule Posts

Plugin Slug:
advanced-schedule-posts

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Better Follow Button for Jetpack

Plugin Slug:
better-follow-button-for-jetpack

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

enigma chart.js

Plugin Slug:
enigma-chartjs

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

enigma chart.js

Plugin Slug:
enigma-chartjs

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

(Simply) Guest Author Name

Plugin Slug:
guest-author-name

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

lasTunes

Plugin Slug:
lastunes

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

illi Link Party!

Plugin Slug:
link-party

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

illi Link Party!

Plugin Slug:
link-party

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

illi Link Party!

Plugin Slug:
link-party

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Mang Board WP

Plugin Slug:
mangboard

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Splashscreen

Plugin Slug:
splashscreen

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

SVG Uploads Support

Plugin Slug:
svg-uploads-support

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Ultimate Noindex Nofollow Tool

Plugin Slug:
ultimate-noindex-nofollow-tool

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Marketing Twitter Bot

Plugin Slug:
wordpress-twitterbot

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

WP-Reply Notify

Plugin Slug:
wp-reply-notify

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
better-search-replace

Installations
1,000,000+

Vulnerability:
PHP Object Injection

Patched in Version:
1.4.5

Severity Score:
Critical

Plugin Slug:
wp-file-manager

Installations
1,000,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
7.2.2

Severity Score:
High

Plugin Slug:
wp-google-maps

Installations
400,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
9.0.29

Severity Score:
High

Plugin Slug:
wpvivid-backuprestore

Installations
400,000+

Vulnerability:
Broken Access Control

Patched in Version:
0.9.95

Severity Score:
Medium

Plugin Slug:
formidable

Installations
300,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
6.8

Severity Score:
Medium

Plugin Slug:
backuply

Installations
200,000+

Vulnerability:
Directory Traversal

Patched in Version:
1.2.4

Severity Score:
Medium

Plugin Slug:
photo-gallery

Installations
200,000+

Vulnerability:
Directory Traversal

Patched in Version:
1.8.20

Severity Score:
Critical

Plugin Slug:
accelerated-mobile-pages

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.0.93

Severity Score:
High

Plugin Slug:
filebird

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
5.6.1

Severity Score:
Medium

Plugin Slug:
instant-images

Installations
100,000+

Vulnerability:
Broken Access Control

Patched in Version:
6.1.1

Severity Score:
High

Plugin Slug:
vk-block-patterns

Installations
80,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.31.2.0

Severity Score:
Medium

Plugin Slug:
form-maker

Installations
60,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.15.22

Severity Score:
Medium

Plugin Slug:
wp-rss-aggregator

Installations
60,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.23.5

Severity Score:
Medium

Plugin Slug:
exclusive-addons-for-elementor

Installations
50,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.6.9

Severity Score:
Medium

Plugin Slug:
exclusive-addons-for-elementor

Installations
50,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.6.9

Severity Score:
Medium

Plugin Slug:
ai-assistant-by-10web

Installations
30,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.0.19

Severity Score:
Medium

Plugin Slug:
wp-dashboard-notes

Installations
30,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.0.11

Severity Score:
Medium

Plugin Slug:
meks-smart-social-widget

Installations
20,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.6.4

Severity Score:
Medium

Plugin Slug:
pdf-poster

Installations
20,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.1.18

Severity Score:
High

Plugin Slug:
wordpress-simple-paypal-shopping-cart

Installations
20,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.7.2

Severity Score:
Medium

Plugin Slug:
cryptocurrency-price-ticker-widget

Installations
10,000+

Vulnerability:
SQL Injection

Patched in Version:
2.6.6

Severity Score:
Critical

Plugin Slug:
customer-area

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
8.2.3

Severity Score:
High

Plugin Slug:
fluentforms-pdf

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.1.8

Severity Score:
Medium

Plugin Slug:
woo-product-category-discount

Installations
7,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
4.12

Severity Score:
Medium

Plugin Slug:
woo-product-category-discount

Installations
7,000+

Vulnerability:
Broken Access Control

Patched in Version:
4.13

Severity Score:
Medium

Plugin Slug:
sticky-buttons

Installations
6,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.2.3

Severity Score:
Medium

Plugin Slug:
dragfy-addons-for-elementor

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
8.3.2

Severity Score:
Medium

Plugin Slug:
instawp-connect

Installations
1,000+

Vulnerability:
SQL Injection

Patched in Version:
0.1.0.10

Severity Score:
High

Plugin Slug:
instawp-connect

Installations
1,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
0.1.0.10

Severity Score:
High

Plugin Slug:
views-for-wpforms-lite

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.2.3

Severity Score:
Medium

Plugin Slug:
allow-svg

Installations
20+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.2.0

Severity Score:
Medium

Plugin Slug:
coreactivity

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.8.1

Severity Score:
High

Plugin:

MaxButtons

Plugin Slug:
maxbutton

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
9.7.7

Severity Score:
Medium

Plugin:

File Manager Pro

Plugin Slug:
wp-file-manager-pro

Vulnerability:
Arbitrary File Upload

Patched in Version:
8.3.5

Severity Score:
High

Plugin:

WPForms Pro

Plugin Slug:
wpforms

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.8.5.4

Severity Score:
High

WordPress Themes — 1 Patched / 0 Unpatched

Theme Slug:
colormag

Downloads
3,799,423

Vulnerability:
Broken Access Control

Patched in Version:
3.1.3

Severity Score:
Medium

Solid Security is part of Solid Suite — The best foundation for WordPress websites.

Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!

Get Solid Security

Keep reading the article at Blog – SolidWP. The article was originally written by Sarah Ulmer on 2024-01-31 12:45:55.

The article was hand-picked and curated for you by the Editorial Team of WP Archives.

Disclosure: Some of the links in this post are "affiliate links." This means if you click on the link and purchase the product, We may receive an affiliate commission.

Previous Post
Next Post

Related Posts

WordPress Vulnerability Roundup: March , Part 1

WordPress

Customizing WordPress User Roles With Branda

WordPress

20 Best React Dashboard Templates For Killer Applications –

WordPress

Booknetic: WordPress Appointments & Booking –

WordPress

Quickly & Easily Build Popups with WP Popups Pro –

WordPress

How Much Does a Domain Name Really Cost

WordPress

Leave a Comment Cancel Reply
Your email address will not be published. Required fields are marked *
Type here..

Name*

Email*

Website

Save my name, email, and website in this browser for the next time I comment.

Notify me of follow-up comments by email.
Notify me of new posts by email.

Δ

WordPress Vulnerability Report — February 28, 2024
WordPress

In this report, 73 vulnerabilities have been publicly disclosed. Security patches for 48 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 25 plugin vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

Along with poor user account security, vulnerable plugins and themes are among the reasons why WordPress websites get hacked. (See our Annual Vulnerability Report for 2022.) Unfortunately, cyberattacks are increasing in volume and sophistication. They’re also increasingly aimed at small to mid-sized businesses.

Table of Contents

1. WordPress Core

2. WordPress Plugins — 46 Patched / 25 Unpatched

2.1
Addon Library

2.2
Admin side data storage for Contact Form 7

2.3
Admin side data storage for Contact Form 7

2.4
Admin side data storage for Contact Form 7

2.5
Admin side data storage for Contact Form 7

2.6
Adsmonetizer

2.7
BeePress

2.8
Configure SMTP

2.9
Download Media

2.10
Duitku Payment Gateway

2.11
Fontific | Google Fonts

2.12
Gestpay for WooCommerce

2.13
Marketo Forms and Tracking

2.14
Media Alt Renamer

2.15
WooCommerce Coupon Popup, SmartBar, Slide In | MyShopKit

2.16
PayU India

2.17
Play.ht

2.18
postMash – custom post order

2.19
Rolo Slider

2.20
Slivery Extender

2.21
SoundCloud Shortcode

2.22
Tabs Shortcode and Widget

2.23
Tainacan

2.24
User Shortcodes Plus

2.25
Watermark RELOADED

2.26
LiteSpeed Cache

2.27
LiteSpeed Cache

2.28
Premium Addons for Elementor

2.29
BackWPup – WordPress Backup Plugin

2.30
Page Builder: Pagelayer – Drag and Drop website builder

2.31
Page Builder: Pagelayer – Drag and Drop website builder

2.32
Orbit Fox by ThemeIsle

2.33
Orbit Fox by ThemeIsle

2.34
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin

2.35
User Feedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds

2.36
Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress

2.37
Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress

2.38
Elementor Addon Elements

2.39
Elementor Addon Elements

2.40
Elementor Addon Elements

2.41
Colibri Page Builder

2.42
Colibri Page Builder

2.43
Brizy – Page Builder

2.44
Brizy – Page Builder

2.45
Brizy – Page Builder

2.46
Brizy – Page Builder

2.47
Event Tickets and Registration

2.48
Sydney Toolbox

2.49
Enhanced Text Widget

2.50
NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor

2.51
WP Dashboard Notes

2.52
Restrict User Access – Ultimate Membership & Content Protection

2.53
WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce

2.54
YML for Yandex Market

2.55
Smart Forms – when you need more than just a contact form

2.56
Maintenance Page

2.57
Maintenance Page

2.58
SMS Alert Order Notifications – WooCommerce

2.59
Thank You Page Customizer for WooCommerce – Increase Your Sales

2.60
Thank You Page Customizer for WooCommerce – Increase Your Sales

2.61
Spiffy Calendar

2.62
Academy LMS – eLearning and online course solution for WordPress

2.63
Archivist – Custom Archive Templates

2.64
Comments Extra Fields For Post,Pages and CPT

2.65
Comments Extra Fields For Post,Pages and CPT

2.66
KODO Qiniu

2.67
Backup

2.68
Elementor Pro

2.69
JobSearch

2.70
JobSearch

2.71
WP Social Widget

3. WordPress Themes — 2 Patched /0 Unpatched

3.1
Colibri WP

3.2
Socialdriver

Our WordPress Vulnerability Report covers the latest emerging WordPress plugin, theme, and core vulnerabilities. Each vulnerability will have a severity rating of Low, Medium, High, or Critical. Responsible disclosure of vulnerabilities is essential to keeping the WordPress community safe. Please share this report to help spread the word and make WordPress — and the web — more secure.

WordPress Core

WordPress 6.4.3 was released on January 30, 2024, as a short-cycle maintenance and security release with five bug fixes in Core and 16 bug fixes for the Block Editor. It is recommended that you update your sites immediately.

The next major release will be version 6.5, planned for March 26, 2024.

No new core vulnerabilities were disclosed this week.

WordPress Plugins — 46 Patched / 25 Unpatched

Plugin:

Addon Library

Plugin Slug:
addon-library

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

Admin side data storage for Contact Form 7

Plugin Slug:
admin-side-data-storage-for-contact-form-7

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Admin side data storage for Contact Form 7

Plugin Slug:
admin-side-data-storage-for-contact-form-7

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Admin side data storage for Contact Form 7

Plugin Slug:
admin-side-data-storage-for-contact-form-7

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Admin side data storage for Contact Form 7

Plugin Slug:
admin-side-data-storage-for-contact-form-7

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Adsmonetizer

Plugin Slug:
adsensei-b30

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

BeePress

Plugin Slug:
beepress

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Configure SMTP

Plugin Slug:
configure-smtp

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Download Media

Plugin Slug:
download-media

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Duitku Payment Gateway

Plugin Slug:
duitku-social-payment-gateway

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Fontific | Google Fonts

Plugin Slug:
fontific

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Gestpay for WooCommerce

Plugin Slug:
gestpay-for-woocommerce

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Marketo Forms and Tracking

Plugin Slug:
marketo-forms-and-tracking

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Media Alt Renamer

Plugin Slug:
media-alt-renamer

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

WooCommerce Coupon Popup, SmartBar, Slide In | MyShopKit

Plugin Slug:
myshopkit-popup-smartbar-slidein

Vulnerability:
Sensitive Data Exposure

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

PayU India

Plugin Slug:
payu-india

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Play.ht

Plugin Slug:
play-ht

Vulnerability:
PHP Object Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin:

postMash – custom post order

Plugin Slug:
postmash

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Rolo Slider

Plugin Slug:
rolo-slider

Vulnerability:
Settings Change

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Slivery Extender

Plugin Slug:
slivery-extender

Vulnerability:
Remote Code Execution (RCE)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

SoundCloud Shortcode

Plugin Slug:
soundcloud-shortcode

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Tabs Shortcode and Widget

Plugin Slug:
tabs-shortcode-and-widget

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Tainacan

Plugin Slug:
tainacan

Vulnerability:
Sensitive Data Exposure

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

User Shortcodes Plus

Plugin Slug:
user-shortcodes-plus

Vulnerability:
Insecure Direct Object References (IDOR)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Watermark RELOADED

Plugin Slug:
watermark-reloaded

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
litespeed-cache

Installations
5,000,000+

Vulnerability:
Broken Access Control

Patched in Version:
5.7.0.1

Severity Score:
High

Plugin Slug:
litespeed-cache

Installations
5,000,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
5.7.0.1

Severity Score:
High

Plugin Slug:
premium-addons-for-elementor

Installations
700,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.10.19

Severity Score:
Medium

Plugin Slug:
backwpup

Installations
600,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
4.0.3

Severity Score:
Low

Plugin Slug:
pagelayer

Installations
200,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.8.1

Severity Score:
Medium

Plugin Slug:
pagelayer

Installations
200,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.8.3

Severity Score:
Medium

Plugin Slug:
themeisle-companion

Installations
200,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.10.32

Severity Score:
Medium

Plugin Slug:
themeisle-companion

Installations
200,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.10.31

Severity Score:
Medium

Plugin Slug:
ultimate-member

Installations
200,000+

Vulnerability:
SQL Injection

Patched in Version:
2.8.3

Severity Score:
Critical

Plugin Slug:
userfeedback-lite

Installations
200,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.0.14

Severity Score:
High

Plugin Slug:
wp-user-avatar

Installations
200,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.15.1

Severity Score:
Medium

Plugin Slug:
wp-user-avatar

Installations
200,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.15.1

Severity Score:
Medium

Plugin Slug:
addon-elements-for-elementor-page-builder

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.13

Severity Score:
Medium

Plugin Slug:
addon-elements-for-elementor-page-builder

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.13

Severity Score:
Medium

Plugin Slug:
addon-elements-for-elementor-page-builder

Installations
100,000+

Vulnerability:
Local File Inclusion

Patched in Version:
1.13

Severity Score:
High

Plugin Slug:
colibri-page-builder

Installations
100,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.0.260

Severity Score:
Medium

Plugin Slug:
colibri-page-builder

Installations
100,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.0.260

Severity Score:
Medium

Plugin Slug:
brizy

Installations
80,000+

Vulnerability:
Directory Traversal

Patched in Version:
2.4.41

Severity Score:
Medium

Plugin Slug:
brizy

Installations
80,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.4.41

Severity Score:
Medium

Plugin Slug:
brizy

Installations
80,000+

Vulnerability:
Arbitrary File Upload

Patched in Version:
2.4.41

Severity Score:
Critical

Plugin Slug:
brizy

Installations
80,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.4.41

Severity Score:
Medium

Plugin Slug:
event-tickets

Installations
80,000+

Vulnerability:
Broken Access Control

Patched in Version:
5.8.2

Severity Score:
Medium

Plugin Slug:
sydney-toolbox

Installations
80,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.26

Severity Score:
Medium

Plugin Slug:
enhanced-text-widget

Installations
50,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.6.6

Severity Score:
Medium

Plugin Slug:
notificationx

Installations
30,000+

Vulnerability:
SQL Injection

Patched in Version:
2.8.3

Severity Score:
Critical

Plugin Slug:
wp-dashboard-notes

Installations
30,000+

Vulnerability:
Insecure Direct Object References (IDOR)

Patched in Version:
1.0.11

Severity Score:
Medium

Plugin Slug:
restrict-user-access

Installations
20,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
2.6

Severity Score:
Medium

Plugin Slug:
wp-event-manager

Installations
20,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.1.42

Severity Score:
High

Plugin Slug:
yml-for-yandex-market

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.2.4

Severity Score:
High

Plugin Slug:
smart-forms

Installations
9,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.6.87

Severity Score:
Medium

Plugin Slug:
maintenance-page

Installations
5,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.0.9

Severity Score:
Medium

Plugin Slug:
maintenance-page

Installations
5,000+

Vulnerability:
Bypass Vulnerability

Patched in Version:
1.0.9

Severity Score:
Medium

Plugin Slug:
sms-alert

Installations
5,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
3.7.0

Severity Score:
Medium

Plugin Slug:
woo-thank-you-page-customizer

Installations
5,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.1.3

Severity Score:
Medium

Plugin Slug:
woo-thank-you-page-customizer

Installations
5,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.1.3

Severity Score:
Medium

Plugin Slug:
spiffy-calendar

Installations
3,000+

Vulnerability:
Broken Access Control

Patched in Version:
4.9.9

Severity Score:
Medium

Plugin Slug:
academy

Installations
1,000+

Vulnerability:
Privilege Escalation

Patched in Version:
1.9.20

Severity Score:
High

Plugin Slug:
archivist-custom-archive-templates

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.7.6

Severity Score:
High

Plugin Slug:
wp-comment-fields

Installations
1,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
5.1

Severity Score:
Medium

Plugin Slug:
wp-comment-fields

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
5.1

Severity Score:
Medium

Plugin Slug:
kodo-qiniu

Installations
400+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.5.1

Severity Score:
Medium

Plugin:

Backup

Plugin Slug:
backup2

Vulnerability:
Sensitive Data Exposure

Patched in Version:
2.0.9.9

Severity Score:
High

Plugin:

Elementor Pro

Plugin Slug:
elementor-pro

Vulnerability:
Sensitive Data Exposure

Patched in Version:
3.19.3

Severity Score:
Medium

Plugin:

JobSearch

Plugin Slug:
wp-jobsearch

Vulnerability:
Remote Code Execution (RCE)

Patched in Version:
2.3.4

Severity Score:
Critical

Plugin:

JobSearch

Plugin Slug:
wp-jobsearch

Vulnerability:
Broken Authentication

Patched in Version:
2.3.4

Severity Score:
Critical

Plugin:

WP Social Widget

Plugin Slug:
wp-social-widget

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.2.6

Severity Score:
Medium

WordPress Themes — 2 Patched /0 Unpatched

Theme Slug:
colibri-wp

Downloads
1,232,050

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.0.101

Severity Score:
Medium

Theme:

Socialdriver

Theme Slug:
socialdriver

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2024

Severity Score:
High

Keep reading the article at Blog – SolidWP. The article was originally written by Sarah Ulmer on 2024-02-29 10:29:51.

The article was hand-picked and curated for you by the Editorial Team of WP Archives.

Disclosure: Some of the links in this post are "affiliate links." This means if you click on the link and purchase the product, We may receive an affiliate commission.

Previous Post
Next Post

Related Posts

WordPress Vulnerability Roundup: March , Part 1

WordPress

Customizing WordPress User Roles With Branda

WordPress

20 Best React Dashboard Templates For Killer Applications –

WordPress

Booknetic: WordPress Appointments & Booking –

WordPress

Quickly & Easily Build Popups with WP Popups Pro –

WordPress

How Much Does a Domain Name Really Cost

WordPress

Leave a Comment Cancel Reply
Your email address will not be published. Required fields are marked *
Type here..

Name*

Email*

Website

Save my name, email, and website in this browser for the next time I comment.

Notify me of follow-up comments by email.
Notify me of new posts by email.

Δ

WordPress Vulnerability Report — January 24, 2024
WordPress

In this report, 88 new vulnerabilities have been publicly disclosed. Security patches for 29 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 59 plugin vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

Along with poor user account security, vulnerable plugins and themes are among the reasons why WordPress websites get hacked. (See our Annual Vulnerability Report for 2022.) Unfortunately, cyberattacks are increasing in volume and sophistication. They’re also increasingly aimed at small to mid-sized businesses.

Table of Contents

1. Free Online Training Event! TODAY! Register Now!

2. WordPress Core

3. WordPress Plugins — 28 Patched / 59 Unpatched

3.1
Ninja Tables – Best Data Table Plugin for WordPress

3.2
Ninja Tables – Best Data Table Plugin for WordPress

3.3
Booking for Appointments and Events Calendar – Amelia

3.4
Contact Form builder with drag & drop for WordPress – Kali Forms

3.5
PDF Viewer & 3D PDF Flipbook – DearPDF

3.6
Browser Theme Color

3.7
FreshMail For WordPress

3.8
Albo Pretorio On line

3.9
Albo Pretorio On line

3.10
CBX Map for Google Map & OpenStreetMap

3.11
Posts List Designer by Category – List Category Posts Or Recent Posts

3.12
12 Step Meeting List

3.13
WP To Do

3.14
BA Plus

3.15
Better Anchor Links

3.16
CformsII

3.17
Custom Dashboard Widgets

3.18
Delhivery Logistics Courier

3.19
enigma chart.js

3.20
enigma chart.js

3.21
Frontpage Manager

3.22
Image Tag Manager

3.23
lasTunes

3.24
Post views Stats

3.25
SimpleMap Store Locator

3.26
Splashscreen

3.27
Unlimited Addons for WPBakery Page Builder

3.28
WP Smart Editor

3.29
Advanced Custom Fields (ACF)

3.30
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders

3.31
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders

3.32
Contact Form Plugin – Fastest Contact Form Builder Plugin for WordPress by Fluent Forms

3.33
Migration, Backup, Staging – WPvivid

3.34
PDF Invoices & Packing Slips for WooCommerce

3.35
Photo Gallery by 10Web – Mobile-Friendly Image Gallery

3.36
Orbit Fox by ThemeIsle

3.37
Burst Statistics – Privacy-Friendly Analytics for WordPress

3.38
FileBird – WordPress Media Library Folders & File Manager

3.39
GiveWP – Donation Plugin and Fundraising Platform

3.40
Schema & Structured Data for WP & AMP

3.41
Product Import Export for WooCommerce

3.42
Import and export users and customers

3.43
VK Block Patterns

3.44
Advanced Woo Search

3.45
Booking for Appointments and Events Calendar – Amelia

3.46
Getwid – Gutenberg Blocks

3.47
Getwid – Gutenberg Blocks

3.48
User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor

3.49
Photo Gallery, Images, Slider in Rbs Image Gallery

3.50
Simple Membership

3.51
WP Recipe Maker

3.52
WP Recipe Maker

3.53
WP Recipe Maker

3.54
WP Recipe Maker

3.55
WP Recipe Maker

3.56
WP Recipe Maker

3.57
WP Recipe Maker

3.58
Shield Security – Smart Bot Blocking & Intrusion Prevention Security

3.59
IP2Location Country Blocker

3.60
Asgaros Forum

3.61
Cryptocurrency Widgets – Price Ticker & Coins List

3.62
Author Box, Guest Author and Co-Authors for Your Posts – Molongui

3.63
Stripe Payment Plugin for WooCommerce

3.64
Portfolio & Image Gallery for WordPress | PowerFolio

3.65
BP Profile Search

3.66
HD Quiz

3.67
WOLF – WordPress Posts Bulk Editor and Manager Professional

3.68
ChatBot with AI

3.69
Slider by Supsystic

3.70
FastDup – Fastest WordPress Migration & Duplicator

3.71
Formzu WP

3.72
WP-Lister Lite for eBay

3.73
WP Spell Check

3.74
WPZOOM Shortcodes

3.75
InstaWP Connect – 1-click WP Staging & Migration

3.76
Display custom fields in the frontend – Post and User Profile Fields

3.77
Display custom fields in the frontend – Post and User Profile Fields

3.78
Display custom fields in the frontend – Post and User Profile Fields

3.79
Stock Locations for WooCommerce

3.80
Advanced Custom Fields PRO

3.81
GeneratePress Premium

3.82
PeepSo Core: Photos

3.83
SalesKing

3.84
SalesKing

3.85
SalesKing

3.86
WooCommerce Subscriptions

3.87
WPForms Pro

4. WordPress Themes — 1 Patched / 0 Unpatched

4.1
ColorMag

Our WordPress Vulnerability Report covers the latest emerging WordPress plugin, theme, and core vulnerabilities. Each vulnerability will have a severity rating of Low, Medium, High, or Critical. Responsible disclosure of vulnerabilities is essential to keeping the WordPress community safe. Please share this report to help spread the word and make WordPress — and the web — more secure.

Free Online Training Event! TODAY! Register Now!

TODAY! January 24, 2024 @ 1:00 PM – 2:00 PM (CST)

Not all WordPress threats and vulnerabilities are “created equal.” Some require more immediate attention and pose a greater risk than others. Even with preventive tools in place, such as Solid Security Pro with Patchstack, you need to understand how to assess and respond to threats and vulnerabilities.

This livestream will help you understand what needs your attention first, how to use Security tools like Solid Security Pro to view, rank, and respond to threats, and how to harden your site moving forward.

Can’t make the live event? Go ahead and register, and we’ll email you the replay. See webinar time in your time zone.

WordPress Core

WordPress 6.4.2 was released on December 6, 2023, as a short-cycle maintenance and security release with seven bug fixes and one security patch for a potential Remote Code Execution (RCE) vulnerability that is not directly exploitable in most situations. However, combined with certain vulnerabilities in third-party plugins on a multisite network, this vulnerability could be exploited and pose a high-severity risk. The 6.4.1 update will prevent PHP object injections from being chained into a potential RCE, according to details published by Patchstack.

No new core vulnerabilities were disclosed this week.

WordPress Plugins — 28 Patched / 59 Unpatched

Plugin Slug:
ninja-tables

Installations
80,000+

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
ninja-tables

Installations
80,000+

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
ameliabooking

Installations
60,000+

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
kali-forms

Installations
30,000+

Vulnerability:
Insecure Direct Object References (IDOR)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
dearpdf-lite

Installations
8,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
browser-theme-color

Installations
3,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
freshmail-integration

Installations
2,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
albo-pretorio-on-line

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
albo-pretorio-on-line

Installations
1,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
cbxgooglemap

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
post-list-designer

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
12-step-meeting-list

Installations
900+

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
wp-todo

Installations
300+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

BA Plus

Plugin Slug:
ba-plus-before-after-image-slider-free

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Better Anchor Links

Plugin Slug:
better-anchor-links

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

CformsII

Plugin Slug:
cforms2

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Custom Dashboard Widgets

Plugin Slug:
custom-dashboard-widgets

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Delhivery Logistics Courier

Plugin Slug:
delhivery-logistics-courier

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin:

enigma chart.js

Plugin Slug:
enigma-chartjs

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

enigma chart.js

Plugin Slug:
enigma-chartjs

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Frontpage Manager

Plugin Slug:
frontpage-manager

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Image Tag Manager

Plugin Slug:
image-tag-manager

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

lasTunes

Plugin Slug:
lastunes

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Post views Stats

Plugin Slug:
post-views-stats

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

SimpleMap Store Locator

Plugin Slug:
simplemap

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Splashscreen

Plugin Slug:
splashscreen

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Unlimited Addons for WPBakery Page Builder

Plugin Slug:
unlimited-addons-for-wpbakery-page-builder

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
High

Plugin:

WP Smart Editor

Plugin Slug:
wp-smart-editor

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
advanced-custom-fields

Installations
2,000,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
6.2.5

Severity Score:
Medium

Plugin Slug:
essential-addons-for-elementor-lite

Installations
2,000,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
5.9.5

Severity Score:
Medium

Plugin Slug:
essential-addons-for-elementor-lite

Installations
2,000,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
5.9.5

Severity Score:
Medium

Plugin Slug:
fluentform

Installations
400,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
5.1.7

Severity Score:
Medium

Plugin Slug:
wpvivid-backuprestore

Installations
400,000+

Vulnerability:
Broken Access Control

Patched in Version:
0.9.95

Severity Score:
Medium

Plugin Slug:
woocommerce-pdf-invoices-packing-slips

Installations
300,000+

Vulnerability:
SQL Injection

Patched in Version:
3.7.6

Severity Score:
High

Plugin Slug:
photo-gallery

Installations
200,000+

Vulnerability:
Directory Traversal

Patched in Version:
1.8.20

Severity Score:
Critical

Plugin Slug:
themeisle-companion

Installations
200,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.10.28

Severity Score:
Medium

Plugin Slug:
burst-statistics

Installations
100,000+

Vulnerability:
SQL Injection

Patched in Version:
1.5.4

Severity Score:
High

Plugin Slug:
filebird

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
5.6.1

Severity Score:
Medium

Plugin Slug:
give

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.3.0

Severity Score:
Medium

Plugin Slug:
schema-and-structured-data-for-wp

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.26

Severity Score:
Medium

Plugin Slug:
product-import-export-for-woo

Installations
90,000+

Vulnerability:
Arbitrary File Upload

Patched in Version:
2.3.8

Severity Score:
High

Plugin Slug:
import-users-from-csv-with-meta

Installations
80,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.24.7

Severity Score:
Medium

Plugin Slug:
vk-block-patterns

Installations
80,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.31.2.0

Severity Score:
Medium

Plugin Slug:
advanced-woo-search

Installations
70,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.97

Severity Score:
High

Plugin Slug:
ameliabooking

Installations
60,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.0.94

Severity Score:
Medium

Plugin Slug:
getwid

Installations
50,000+

Vulnerability:
Bypass Vulnerability

Patched in Version:
2.0.5

Severity Score:
Medium

Plugin Slug:
getwid

Installations
50,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.0.5

Severity Score:
Medium

Plugin Slug:
profile-builder

Installations
50,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.10.9

Severity Score:
High

Plugin Slug:
robo-gallery

Installations
50,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.2.18

Severity Score:
Medium

Plugin Slug:
simple-membership

Installations
50,000+

Vulnerability:
Open Redirection

Patched in Version:
4.4.2

Severity Score:
Low

Plugin Slug:
wp-recipe-maker

Installations
50,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
9.1.1

Severity Score:
Medium

Plugin Slug:
wp-recipe-maker

Installations
50,000+

Vulnerability:
Path Traversal

Patched in Version:
9.1.1

Severity Score:
Medium

Plugin Slug:
wp-recipe-maker

Installations
50,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
9.1.1

Severity Score:
Medium

Plugin Slug:
wp-recipe-maker

Installations
50,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
9.1.1

Severity Score:
High

Plugin Slug:
wp-recipe-maker

Installations
50,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
9.1.1

Severity Score:
Medium

Plugin Slug:
wp-recipe-maker

Installations
50,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
9.1.1

Severity Score:
Medium

Plugin Slug:
wp-recipe-maker

Installations
50,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
9.1.1

Severity Score:
Medium

Plugin Slug:
wp-simple-firewall

Installations
50,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
18.5.8

Severity Score:
High

Plugin Slug:
ip2location-country-blocker

Installations
20,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
2.33.4

Severity Score:
Medium

Plugin Slug:
asgaros-forum

Installations
10,000+

Vulnerability:
PHP Object Injection

Patched in Version:
2.8.0

Severity Score:
High

Plugin Slug:
cryptocurrency-price-ticker-widget

Installations
10,000+

Vulnerability:
SQL Injection

Patched in Version:
2.6.6

Severity Score:
Critical

Plugin Slug:
molongui-authorship

Installations
10,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
4.7.5

Severity Score:
Medium

Plugin Slug:
payment-gateway-stripe-and-woocommerce-integration

Installations
10,000+

Vulnerability:
SQL Injection

Patched in Version:
3.8.0

Severity Score:
Critical

Plugin Slug:
portfolio-elementor

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.1.1

Severity Score:
Medium

Plugin Slug:
bp-profile-search

Installations
9,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
5.6

Severity Score:
High

Plugin Slug:
hd-quiz

Installations
7,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.8.12

Severity Score:
Medium

Plugin Slug:
bulk-editor

Installations
5,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.0.8.1

Severity Score:
High

Plugin Slug:
chatbot

Installations
5,000+

Vulnerability:
PHP Object Injection

Patched in Version:
5.1.1

Severity Score:
High

Plugin Slug:
slider-by-supsystic

Installations
4,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.8.7

Severity Score:
Medium

Plugin Slug:
fastdup

Installations
3,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
2.2.0

Severity Score:
Critical

Plugin Slug:
formzu-wp

Installations
3,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.6.8

Severity Score:
Medium

Plugin Slug:
wp-lister-for-ebay

Installations
3,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.5.8

Severity Score:
High

Plugin Slug:
wp-spell-check

Installations
3,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
9.18

Severity Score:
Medium

Plugin Slug:
wpzoom-shortcodes

Installations
2,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.0.2

Severity Score:
High

Plugin Slug:
instawp-connect

Installations
1,000+

Vulnerability:
Privilege Escalation

Patched in Version:
0.1.0.9

Severity Score:
High

Plugin Slug:
shortcode-to-display-post-and-user-data

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.3.0

Severity Score:
Medium

Plugin Slug:
shortcode-to-display-post-and-user-data

Installations
1,000+

Vulnerability:
Insecure Direct Object References (IDOR)

Patched in Version:
1.3.0

Severity Score:
Medium

Plugin Slug:
shortcode-to-display-post-and-user-data

Installations
1,000+

Vulnerability:
Arbitrary Code Execution

Patched in Version:
1.3.0

Severity Score:
High

Plugin Slug:
stock-locations-for-woocommerce

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.6.0

Severity Score:
Medium

Plugin:

Advanced Custom Fields PRO

Plugin Slug:
advanced-custom-fields-pro

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
6.2.5

Severity Score:
Medium

Plugin:

GeneratePress Premium

Plugin Slug:
generatepress-premium

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.4.0

Severity Score:
Medium

Plugin:

PeepSo Core: Photos

Plugin Slug:
peepso-photos

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
6.3.1.0

Severity Score:
Medium

Plugin:

SalesKing

Plugin Slug:
salesking

Vulnerability:
Privilege Escalation

Patched in Version:
1.6.30

Severity Score:
Critical

Plugin:

SalesKing

Plugin Slug:
salesking

Vulnerability:
Settings Change

Patched in Version:
1.6.30

Severity Score:
Medium

Plugin:

SalesKing

Plugin Slug:
salesking

Vulnerability:
Sensitive Data Exposure

Patched in Version:
1.6.30

Severity Score:
High

Plugin:

WooCommerce Subscriptions

Plugin Slug:
woocommerce-subscriptions

Vulnerability:
Broken Access Control

Patched in Version:
5.8.0

Severity Score:
Medium

Plugin:

WPForms Pro

Plugin Slug:
wpforms

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.8.5.4

Severity Score:
High

WordPress Themes — 1 Patched / 0 Unpatched

Theme Slug:
colormag

Downloads
3,787,317

Vulnerability:
Broken Access Control

Patched in Version:
3.1.3

Severity Score:
Medium

Keep reading the article at Blog – SolidWP. The article was originally written by Sarah Ulmer on 2024-01-24 11:16:58.

The article was hand-picked and curated for you by the Editorial Team of WP Archives.

Disclosure: Some of the links in this post are "affiliate links." This means if you click on the link and purchase the product, We may receive an affiliate commission.

Previous Post
Next Post

Related Posts

WordPress Vulnerability Roundup: March , Part 1

WordPress

Customizing WordPress User Roles With Branda

WordPress

20 Best React Dashboard Templates For Killer Applications –

WordPress

Booknetic: WordPress Appointments & Booking –

WordPress

Quickly & Easily Build Popups with WP Popups Pro –

WordPress

How Much Does a Domain Name Really Cost

WordPress

Leave a Comment Cancel Reply
Your email address will not be published. Required fields are marked *
Type here..

Name*

Email*

Website

Save my name, email, and website in this browser for the next time I comment.

Notify me of follow-up comments by email.
Notify me of new posts by email.

Δ

WordPress Vulnerability Report — May 1, 2024
WordPress

In this report, 359 vulnerabilities have been publicly disclosed. Security patches for 269 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 90 plugin and theme vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

Along with poor user account security, vulnerable plugins and themes are among the top reasons why WordPress websites get hacked. Unfortunately, cyberattacks are increasing in volume and sophistication. They’re also increasingly aimed at small to mid-sized businesses.

Table of Contents

1. WordPress Core

2. WordPress Plugins — 248 Patched / 21 Unpatched

2.1
Auto Featured Image (Auto Post Thumbnail)

2.2
FameTheme Demo Importer

2.3
Piotnet Addons For Elementor

2.4
AGCA – Custom Dashboard & Login Page

2.5
Serious Slider

2.6
Meks Smart Social Widget

2.7
Xserver Migrator

2.8
Annual Archive

2.9
rtMedia for WordPress, BuddyPress and bbPress

2.10
ClickCease Click Fraud Protection

2.11
Democracy Poll

2.12
Login Logout Register Menu

2.13
Meks ThemeForest Smart Widget

2.14
Print-O-Matic

2.15
Smart Recent Posts Widget

2.16
CM Tooltip Glossary

2.17
Customify Site Library

2.18
WordPress Ad Widget

2.19
PopupAlly

2.20
Pretty Google Calendar

2.21
Fan Page Widget by ThemeNcode

2.22
Filterable Portfolio

2.23
Share This Image

2.24
Smart Maintenance Mode

2.25
ENL Newsletter

2.26
ENL Newsletter

2.27
ENL Newsletter

2.28
Advanced Search

2.29
Advanced Most Recent Posts Mod

2.30
Advanced Post List

2.31
AJAX Login and Registration modal popup + inline form

2.32
Element Pack Pro

2.33
CF7 File Download – File Download for CF7

2.34
Client Dash

2.35
Contact Form 7 Extension For Mailchimp

2.36
CPO Companion

2.37
Crelly Slider

2.38
Easy Set Favicon

2.39
Embed Google Fonts

2.40
XStore Core

2.41
XStore Core

2.42
XStore Core

2.43
XStore Core

2.44
XStore Core

2.45
XStore Core

2.46
XStore Core

2.47
XStore Core

2.48
Giphypress

2.49
GWP-Histats

2.50
JW Player for WordPress

2.51
MF Gig Calendar

2.52
Mini Loops

2.53
Opal Widgets For Elementor

2.54
CodeBard’s Patron Button and Widgets for Patreon

2.55
PB MailCrypt

2.56
Piotnet Addons For Elementor Pro

2.57
Piotnet Addons For Elementor Pro

2.58
Piotnet Addons For Elementor Pro

2.59
Piotnet Addons For Elementor Pro

2.60
Piotnet Addons For Elementor Pro

2.61
Progressive WordPress (PWA)

2.62
Realtyna Organic IDX plugin

2.63
Recencio Book Reviews

2.64
Regenerate post permalink

2.65
School Management Pro

2.66
Shortcode Addons

2.67
Sliding Widgets

2.68
Social Share Buttons by Supsystic

2.69
Solid Affiliate

2.70
SP Project & Document Manager

2.71
Sticky Anything

2.72
WidgetKit

2.73
WZone

2.74
WZone

2.75
WZone

2.76
WZone

2.77
WZone

2.78
WZone

2.79
WP GDPR Compliance

2.80
WP Masquerade

2.81
WP Page Post Widget Clone

2.82
WTI Like Post

2.83
XforWooCommerce

2.84
All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic

2.85
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders

2.86
Rank Math SEO with AI Best SEO Tools

2.87
ElementsKit Elementor addons and Templates Library

2.88
Popup Builder by OptinMonster – WordPress Popups for Optins, Email Newsletters and Lead Generation

2.89
Premium Addons for Elementor

2.90
Premium Addons for Elementor

2.91
Spectra – WordPress Gutenberg Blocks

2.92
Contact Form 7 Database Addon – CFDB7

2.93
WP Shortcodes Plugin — Shortcodes Ultimate

2.94
Happy Addons for Elementor

2.95
Duplicate Post

2.96
MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor

2.97
Royal Elementor Addons and Templates

2.98
Royal Elementor Addons and Templates

2.99
PDF Invoices & Packing Slips for WooCommerce

2.100
PDF Invoices & Packing Slips for WooCommerce

2.101
Call Now Button – The #1 Click to Call Button for WordPress

2.102
Floating Chat Widget: Contact Chat Icons, WhatsApp, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button – Chaty

2.103
Instant Images – One Click Image Uploads from Unsplash, Openverse, Pixabay and Pexels

2.104
Jeg Elementor Kit

2.105
Jeg Elementor Kit

2.106
Photo Gallery by 10Web – Mobile-Friendly Image Gallery

2.107
Qi Addons For Elementor

2.108
YITH WooCommerce Compare

2.109
Elementor Addon Elements

2.110
BackUpWordPress

2.111
Colibri Page Builder

2.112
Colibri Page Builder

2.113
Content Views – Post Grid & Filter, Recent Posts, Category Posts, & More (Gutenberg Blocks and Shortcode)

2.114
FileOrganizer – Manage WordPress and Website Files

2.115
Table Rate Shipping Method for WooCommerce by Flexible Shipping

2.116
HT Mega – Absolute Addons For Elementor

2.117
Hummingbird – Cache & Page Speed Optimization for Core Web Vitals | Critical CSS | Minify CSS | Defer CSS Javascript

2.118
Social Sharing Plugin – Sassy Social Share

2.119
Schema & Structured Data for WP & AMP

2.120
Strong Testimonials

2.121
Social Media Share Buttons & Social Sharing Icons

2.122
WP Chat App

2.123
Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions

2.124
Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions

2.125
VK Block Patterns

2.126
WP STAGING WordPress Backup Plugin – Migration Backup Restore

2.127
Backup Migration

2.128
Import and export users and customers

2.129
MainWP Child Reports

2.130
Tutor LMS – eLearning and online course solution

2.131
Tutor LMS – eLearning and online course solution

2.132
WP SMTP

2.133
WP ULike – Most Advanced WordPress Marketing Toolkit

2.134
WP ULike – Most Advanced WordPress Marketing Toolkit

2.135
WP ULike – Most Advanced WordPress Marketing Toolkit

2.136
Comments – wpDiscuz

2.137
Database for Contact Form 7, WPforms, Elementor forms

2.138
Media Cleaner: Clean your WordPress!

2.139
Export and Import Users and Customers

2.140
Blog2Social: Social Media Auto Post & Scheduler

2.141
Exclusive Addons for Elementor

2.142
Exclusive Addons for Elementor

2.143
Exclusive Addons for Elementor

2.144
Getwid – Gutenberg Blocks

2.145
FOX – Currency Switcher Professional for WooCommerce

2.146
WP-Members Membership Plugin

2.147
Enhanced Text Widget

2.148
Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder

2.149
Collapse-O-Matic

2.150
Quick Featured Images

2.151
Simple Membership

2.152
Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates)

2.153
Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks

2.154
Simply Static

2.155
Print Invoice & Delivery Notes for WooCommerce

2.156
Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy)

2.157
Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy)

2.158
AGCA – Custom Dashboard & Login Page

2.159
Popup Box – Best WordPress Popup Plugin

2.160
FV Flowplayer Video Player

2.161
Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor

2.162
Timetable and Event Schedule by MotoPress

2.163
Social Sharing Plugin – Social Warfare

2.164
VOD Infomaniak

2.165
WP Google Review Slider

2.166
Hide Dashboard Notifications

2.167
Appointment Hour Booking – WordPress Booking Plugin

2.168
Payment Gateway Based Fees and Discounts for WooCommerce

2.169
Data Tables Generator by Supsystic

2.170
Photo Gallery – GT3 Image Gallery & Gutenberg Block Gallery

2.171
Pricing Table by Supsystic

2.172
Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers

2.173
Rate My Post – Star Rating Plugin by FeedbackWP

2.174
Secure Copy Content Protection and Content Locking

2.175
Secure Copy Content Protection and Content Locking

2.176
Social Share Icons & Social Share Buttons

2.177
Social Share Icons & Social Share Buttons

2.178
Video Conferencing with Zoom

2.179
Product Addons & Fields for WooCommerce

2.180
Brevo for WooCommerce

2.181
WPZOOM Addons for Elementor (Templates, Widgets)

2.182
Advanced Floating Content Lite

2.183
Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss

2.184
rtMedia for WordPress, BuddyPress and bbPress

2.185
Classified Listing – Classified ads & Business Directory Plugin

2.186
Directorist – WordPress Business Directory Plugin with Classified Ads Listings

2.187
Elespare – Blog, Magazine and Newspaper Addons for Elementor with Templates, Widgets, Kits, and Header/Footer Builder. One Click Import: No Coding Required!

2.188
Email Customizer for WooCommerce | Drag and Drop Email Templates Builder

2.189
GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress

2.190
GeoDirectory – WordPress Business Directory Plugin, or Classified Directory

2.191
SSL Mixed Content Fix

2.192
List Custom Taxonomy Widget

2.193
Page Builder: Live Composer

2.194
myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin

2.195
Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction

2.196
Pop-up

2.197
Five Star Restaurant Reservations – WordPress Booking Plugin

2.198
ReviewX – Multi-criteria Rating & Reviews for WooCommerce

2.199
RomethemeKit For Elementor

2.200
RomethemeKit For Elementor

2.201
Send PDF for Contact Form 7

2.202
Social Share Buttons, Social Sharing Icons, Click to Tweet — Social Media Plugin by Social Snap

2.203
Ultimate Posts Widget

2.204
Easy Accept Payments via PayPal

2.205
WP Datepicker

2.206
SchedulePress – Best Editorial Calendar, Missed Schedule & Auto Social Share

2.207
WP Travel Engine – Best Travel Booking WordPress Plugin

2.208
Arconix FAQ

2.209
FG Joomla to WordPress

2.210
RomethemeForm For Elementor

2.211
Smart Forms – when you need more than just a contact form

2.212
Smart Forms – when you need more than just a contact form

2.213
WP LinkedIn Auto Publish

2.214
WordPress Backup & Migration

2.215
ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup

2.216
Maintenance Mode

2.217
WPC Composite Products for WooCommerce

2.218
ProfileGrid – User Profiles, Memberships, Groups and Communities

2.219
ProfileGrid – User Profiles, Memberships, Groups and Communities

2.220
ProfileGrid – User Profiles, Memberships, Groups and Communities

2.221
The Plus Blocks for Block Editor | Gutenberg

2.222
Better Elementor Addons

2.223
Easy Property Listings

2.224
Image Slider

2.225
Integrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files into Your WordPress Site

2.226
Integrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files into Your WordPress Site

2.227
Print My Blog – Print, PDF, & eBook Converter WordPress Plugin

2.228
Radio Player – Live Shoutcast, Icecast and Any Audio Stream Player for WordPress

2.229
Arconix Shortcodes

2.230
Assistant – Every Day Productivity Apps

2.231
Podlove Podcast Publisher

2.232
Podlove Podcast Publisher

2.233
Salon booking system

2.234
Salon booking system

2.235
Salon booking system

2.236
Ultimate 410 Gone Status Code

2.237
Advanced Local Pickup for WooCommerce

2.238
Embed Google Photos album

2.239
Import WP – Export and Import CSV and XML files to WordPress

2.240
Tickera – WordPress Event Ticketing

2.241
VikRentCar Car Rental Management System

2.242
WP ADA Compliance Check Basic – Most Comprehensive Web Accessibility Solution for WordPress

2.243
WP Fusion Lite – Marketing Automation and CRM Integration for WordPress

2.244
Coupon & Discount Code Reveal Button

2.245
Debug Log Manager

2.246
Newsletters

2.247
Newsletters

2.248
PropertyHive

2.249
Vision – Image Map Builder

2.250
Widget Post Slider

2.251
WP-Lister Lite for eBay

2.252
WP-Recall – Registration, Profile, Commerce & More

2.253
WP-Recall – Registration, Profile, Commerce & More

2.254
Accessibility Widget

2.255
Advanced Testimonial Carousel for Elementor

2.256
All-in-one Like Widget

2.257
Knowledge Base documentation & wiki plugin – BasePress Docs

2.258
Knowledge Base documentation & wiki plugin – BasePress Docs

2.259
CookieHub – Cookie Consent Banner (DSGVO, CCPA, RGPD and GDPR compliance)

2.260
Custom field finder

2.261
RSS Redirect & Feedburner Alternative

2.262
InstaWP Connect – 1-click WP Staging & Migration

2.263
iPages Flipbook For WordPress

2.264
The Pack Elementor addons (Header Footer & WooCommerce Builder, Template Library)

2.265
The Pack Elementor addons (Header Footer & WooCommerce Builder, Template Library)

2.266
User Meta – User Profile Builder and User management plugin

2.267
SuperFaktura WooCommerce

2.268
Academy LMS – eLearning and online course solution for WordPress

2.269
Academy LMS – eLearning and online course solution for WordPress

2.270
ActiveDEMAND

2.271
Admin Bar Editor – Hide Toolbar by User Roles

2.272
AI Post Generator | AutoWriter

2.273
AppPresser – Mobile App Framework

2.274
Booking Ultra Pro Appointments Booking Calendar Plugin

2.275
Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC)

2.276
Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Competition Plugin for WordPress

2.277
ChatBot Conversational Forms

2.278
Culqi

2.279
EPROLO Dropshipping

2.280
USPS Shipping for WooCommerce – Live Rates

2.281
Headline Analyzer

2.282
KB Support – WordPress Help Desk and Knowledge Base

2.283
Login with phone number

2.284
BizPrint – Print WooCommerce Order Receipts, Invoices, Labels & More.

2.285
Radio Station by netmix® – Manage and play your Show Schedule in WordPress!

2.286
Reviews Plus

2.287
Save as PDF Plugin by Pdfcrowd

2.288
Seers | GDPR & CCPA Cookie Consent & Compliance

2.289
Image Optimizer, Resizer and CDN – Sirv

2.290
StreamWeasels Twitch Integration

2.291
Poll | Vote | Contest – Best Poll Plugin for WordPress

2.292
Vitepos – Point of sale (POS) plugin for WooCommerce

2.293
WP Club Manager – WordPress Sports Club Plugin

2.294
WP GoToWebinar

2.295
MDTF – Meta Data and Taxonomies Filter

2.296
WP Time Slots Booking Form

2.297
WPCal.io – Easy Meeting Scheduler

2.298
WPPizza – A Restaurant Plugin

2.299
Frontend Dashboard

2.300
Leaky Paywall

2.301
Olive One Click Demo Import

2.302
SharkDropship and Affiliate for AliExpress, eBay, Amazon, Etsy

2.303
Barcode Scanner and Inventory manager. POS (Point of Sale) – scan barcodes & create orders with barcode reader.

2.304
Barcode Scanner and Inventory manager. POS (Point of Sale) – scan barcodes & create orders with barcode reader.

2.305
Slash Admin

2.306
Car Dealer (Dealership) and Vehicle sales

2.307
ShortPixel Critical CSS

2.308
Admin and Customer Messages After Order for WooCommerce: OrderConvo

2.309
SSU – WordPress Amazon S3 & Wasabi Smart File Uploads Plugin

2.310
Evergreen Content Poster – Auto Post and Schedule Your Best Content to Social Media

2.311
Build 5 Star Reviews on Google Reviews, Yelp, Facebook… easily and risk-free | RRatingg

2.312
Better Comments

2.313
Better Comments

2.314
Header Footer Code Manager Pro

2.315
ARForms

2.316
ARForms

2.317
ARForms

2.318
ARForms

2.319
ARForms

2.320
ARForms Form Builder

2.321
Digital Publications by Supsystic

2.322
ElementsKit Pro

2.323
Fancy Product Designer

2.324
Interactive World Maps

2.325
Max Addons Pro for Bricks

2.326
Max Addons Pro for Bricks

2.327
WooCommerce Shipping Label

2.328
WooCommerce Customers Manager

2.329
WooCommerce Customers Manager

2.330
WP Media Category Management

2.331
Wp Staging Pro

3. WordPress Themes — 21 Patched / 7 Unpatched

3.1
UDesign

3.2
XStore

3.3
XStore

3.4
XStore

3.5
XStore

3.6
XStore

3.7
XStore

3.8
Accountra

3.9
Althea WP

3.10
Blocksy

3.11
Blocksy

3.12
Brite

3.13
Colibri WP

3.14
ColorNews

3.15
Elevate WP

3.16
Financio

3.17
Hugo WP

3.18
Intrace

3.19
Pathway

3.20
Photology

3.21
Royal Elementor Kit

3.22
Startupzy

3.23
Teluro

3.24
Travey

3.25
Vertice

3.26
Virtue

3.27
WP Portfolio

3.28
Zeever

Our WordPress Vulnerability Report covers the latest emerging WordPress plugin, theme, and core vulnerabilities. Each vulnerability will have a severity rating of Low, Medium, High, or Critical. Responsible disclosure of vulnerabilities is essential to keeping the WordPress community safe. Please share this report to help spread the word and make WordPress — and the web — more secure.

WordPress Core

WordPress 6.5.2 was released on April 9, 2024, as a short-cycle security and maintenance release. This release features 2 bug fixes on Core, 12 bug fixes for the Block editor, and 1 security fix. Because this is a security release, it is recommended that you update your sites immediately.

The next major release will be version 6.6 planned for July 16, 2024.

No new core vulnerabilities were disclosed this week.

WordPress Plugins — 248 Patched / 21 Unpatched

Plugin Slug:
auto-post-thumbnail

Installations
70,000+

Vulnerability:
Server Side Request Forgery (SSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
famethemes-demo-importer

Installations
50,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
piotnet-addons-for-elementor

Installations
40,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
ag-custom-admin

Installations
30,000+

Vulnerability:
Server Side Request Forgery (SSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
cryout-serious-slider

Installations
30,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
meks-smart-social-widget

Installations
20,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
xserver-migrator

Installations
20,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Critical

Plugin Slug:
anual-archive

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
buddypress-media

Installations
10,000+

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
clickcease-click-fraud-protection

Installations
10,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
democracy-poll

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
login-logout-register-menu

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
meks-themeforest-smart-widget

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
print-o-matic

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
smart-recent-posts-widget

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
enhanced-tooltipglossary

Installations
8,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
customify-sites

Installations
6,000+

Vulnerability:
Remote Code Execution (RCE)

Patched in Version:
No Fix

Severity Score:
Critical

Plugin Slug:
ad-widget

Installations
5,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
popupally

Installations
4,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
pretty-google-calendar

Installations
4,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
facebook-fan-page-widget

Installations
2,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
filterable-portfolio

Installations
2,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
share-this-image

Installations
2,000+

Vulnerability:
Open Redirection

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
smart-maintenance-mode

Installations
2,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
enl-newsletter

Installations
10+

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
enl-newsletter

Installations
10+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
enl-newsletter

Installations
10+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Advanced Search

Plugin Slug:
advance-search

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Advanced Most Recent Posts Mod

Plugin Slug:
advanced-most-recent-posts-mod

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Advanced Post List

Plugin Slug:
advanced-post-list

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

AJAX Login and Registration modal popup + inline form

Plugin Slug:
ajax-login-and-registration-modal-popup

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Element Pack Pro

Plugin Slug:
bdthemes-element-pack

Vulnerability:
Arbitrary File Download

Patched in Version:
No Fix

Severity Score:
High

Plugin:

CF7 File Download – File Download for CF7

Plugin Slug:
cf7-file-download

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Client Dash

Plugin Slug:
client-dash

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Contact Form 7 Extension For Mailchimp

Plugin Slug:
contact-form-7-mailchimp-extension

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

CPO Companion

Plugin Slug:
cpo-companion

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Crelly Slider

Plugin Slug:
crelly-slider

Vulnerability:
Insecure Direct Object References (IDOR)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Easy Set Favicon

Plugin Slug:
easy-set-favicon

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Embed Google Fonts

Plugin Slug:
embed-google-fonts

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

XStore Core

Plugin Slug:
et-core-plugin

Vulnerability:
Arbitrary File Download

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

XStore Core

Plugin Slug:
et-core-plugin

Vulnerability:
Local File Inclusion

Patched in Version:
No Fix

Severity Score:
High

Plugin:

XStore Core

Plugin Slug:
et-core-plugin

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
High

Plugin:

XStore Core

Plugin Slug:
et-core-plugin

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
High

Plugin:

XStore Core

Plugin Slug:
et-core-plugin

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

XStore Core

Plugin Slug:
et-core-plugin

Vulnerability:
PHP Object Injection

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

XStore Core

Plugin Slug:
et-core-plugin

Vulnerability:
Privilege Escalation

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

XStore Core

Plugin Slug:
et-core-plugin

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

Giphypress

Plugin Slug:
giphypress

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

GWP-Histats

Plugin Slug:
gwp-histats

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

JW Player for WordPress

Plugin Slug:
jw-player-7-for-wp

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

MF Gig Calendar

Plugin Slug:
mf-gig-calendar

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Mini Loops

Plugin Slug:
mini-loops

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Opal Widgets For Elementor

Plugin Slug:
opal-widgets-for-elementor

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

CodeBard’s Patron Button and Widgets for Patreon

Plugin Slug:
patron-button-and-widgets-by-codebard

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

PB MailCrypt

Plugin Slug:
pb-mailcrypt-antispam-email-encryption

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Piotnet Addons For Elementor Pro

Plugin Slug:
piotnet-addons-for-elementor-pro

Vulnerability:
Arbitrary Content Deletion

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Piotnet Addons For Elementor Pro

Plugin Slug:
piotnet-addons-for-elementor-pro

Vulnerability:
Server Side Request Forgery (SSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Piotnet Addons For Elementor Pro

Plugin Slug:
piotnet-addons-for-elementor-pro

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Piotnet Addons For Elementor Pro

Plugin Slug:
piotnet-addons-for-elementor-pro

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Piotnet Addons For Elementor Pro

Plugin Slug:
piotnet-addons-for-elementor-pro

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Progressive WordPress (PWA)

Plugin Slug:
progressive-wp

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Realtyna Organic IDX plugin

Plugin Slug:
real-estate-listing-realtyna-wpl

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Recencio Book Reviews

Plugin Slug:
recencio-book-reviews

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Regenerate post permalink

Plugin Slug:
regenerate-post-permalinks

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

School Management Pro

Plugin Slug:
school-management-pro

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Shortcode Addons

Plugin Slug:
shortcode-addons

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Sliding Widgets

Plugin Slug:
sliding-widgets

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Social Share Buttons by Supsystic

Plugin Slug:
social-share-buttons-by-supsystic

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Solid Affiliate

Plugin Slug:
solid-affiliate

Vulnerability:
Sensitive Data Exposure

Patched in Version:
No Fix

Severity Score:
High

Plugin:

SP Project & Document Manager

Plugin Slug:
sp-client-document-manager

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Sticky Anything

Plugin Slug:
toast-stick-anything

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
High

Plugin:

WidgetKit

Plugin Slug:
widgetkit-for-elementor

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

WZone

Plugin Slug:
woozone

Vulnerability:
Privilege Escalation

Patched in Version:
No Fix

Severity Score:
High

Plugin:

WZone

Plugin Slug:
woozone

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

WZone

Plugin Slug:
woozone

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
High

Plugin:

WZone

Plugin Slug:
woozone

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

WZone

Plugin Slug:
woozone

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

WZone

Plugin Slug:
woozone

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

WP GDPR Compliance

Plugin Slug:
wp-gdpr-compliance

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

WP Masquerade

Plugin Slug:
wp-masquerade

Vulnerability:
Privilege Escalation

Patched in Version:
No Fix

Severity Score:
High

Plugin:

WP Page Post Widget Clone

Plugin Slug:
wp-page-post-widget-clone

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

WTI Like Post

Plugin Slug:
wti-like-post

Vulnerability:
Bypass Vulnerability

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

XforWooCommerce

Plugin Slug:
xforwoocommerce

Vulnerability:
Local File Inclusion

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
all-in-one-seo-pack

Installations
3,000,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.6.1.1

Severity Score:
Medium

Plugin Slug:
essential-addons-for-elementor-lite

Installations
2,000,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
5.9.16

Severity Score:
Medium

Plugin Slug:
seo-by-rank-math

Installations
2,000,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.0.217

Severity Score:
Medium

Plugin Slug:
elementskit-lite

Installations
1,000,000+

Vulnerability:
Local File Inclusion

Patched in Version:
3.1.1

Severity Score:
High

Plugin Slug:
optinmonster

Installations
1,000,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.16.0

Severity Score:
Medium

Plugin Slug:
premium-addons-for-elementor

Installations
700,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.10.29

Severity Score:
Medium

Plugin Slug:
premium-addons-for-elementor

Installations
700,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.10.26

Severity Score:
Medium

Plugin Slug:
ultimate-addons-for-gutenberg

Installations
700,000+

Vulnerability:
Path Traversal

Patched in Version:
2.12.7

Severity Score:
Medium

Plugin Slug:
contact-form-cfdb7

Installations
600,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
1.2.7

Severity Score:
Medium

Plugin Slug:
shortcodes-ultimate

Installations
600,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
7.1.0

Severity Score:
Medium

Plugin Slug:
happy-elementor-addons

Installations
400,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.10.7

Severity Score:
Medium

Plugin Slug:
copy-delete-posts

Installations
300,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.4.5

Severity Score:
Medium

Plugin Slug:
metform

Installations
300,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.8.4

Severity Score:
Medium

Plugin Slug:
royal-elementor-addons

Installations
300,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.3.972

Severity Score:
Medium

Plugin Slug:
royal-elementor-addons

Installations
300,000+

Vulnerability:
Bypass Vulnerability

Patched in Version:
1.3.95

Severity Score:
Medium

Plugin Slug:
woocommerce-pdf-invoices-packing-slips

Installations
300,000+

Vulnerability:
Server Side Request Forgery (SSRF)

Patched in Version:
3.8.1

Severity Score:
High

Plugin Slug:
woocommerce-pdf-invoices-packing-slips

Installations
300,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.8.1

Severity Score:
High

Plugin Slug:
call-now-button

Installations
200,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.4.7

Severity Score:
Medium

Plugin Slug:
chaty

Installations
200,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.1.9

Severity Score:
Medium

Plugin Slug:
instant-images

Installations
200,000+

Vulnerability:
Privilege Escalation

Patched in Version:
6.1.1

Severity Score:
High

Plugin Slug:
jeg-elementor-kit

Installations
200,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.6.5

Severity Score:
Medium

Plugin Slug:
jeg-elementor-kit

Installations
200,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.6.4

Severity Score:
Medium

Plugin Slug:
photo-gallery

Installations
200,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.8.21

Severity Score:
Medium

Plugin Slug:
qi-addons-for-elementor

Installations
200,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.7.1

Severity Score:
Medium

Plugin Slug:
yith-woocommerce-compare

Installations
200,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.38.0

Severity Score:
Medium

Plugin Slug:
addon-elements-for-elementor-page-builder

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.13.4

Severity Score:
Medium

Plugin Slug:
backupwordpress

Installations
100,000+

Vulnerability:
Directory Traversal

Patched in Version:
3.14

Severity Score:
Low

Plugin Slug:
colibri-page-builder

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.0.264

Severity Score:
Medium

Plugin Slug:
colibri-page-builder

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.0.274

Severity Score:
Medium

Plugin Slug:
content-views-query-and-display-post-page

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.7.1

Severity Score:
Medium

Plugin Slug:
fileorganizer

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.0.7

Severity Score:
Medium

Plugin Slug:
flexible-shipping

Installations
100,000+

Vulnerability:
Broken Access Control

Patched in Version:
4.24.16

Severity Score:
Medium

Plugin Slug:
ht-mega-for-elementor

Installations
100,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
2.4.8

Severity Score:
Medium

Plugin Slug:
hummingbird-performance

Installations
100,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.7.4

Severity Score:
Medium

Plugin Slug:
sassy-social-share

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.3.61

Severity Score:
Medium

Plugin Slug:
schema-and-structured-data-for-wp

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.30

Severity Score:
Medium

Plugin Slug:
strong-testimonials

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.1.12

Severity Score:
Medium

Plugin Slug:
ultimate-social-media-icons

Installations
100,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.8.7

Severity Score:
Medium

Plugin Slug:
wp-whatsapp

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.6.4

Severity Score:
Medium

Plugin Slug:
paid-memberships-pro

Installations
90,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
3.0

Severity Score:
Medium

Plugin Slug:
paid-memberships-pro

Installations
90,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
3.0

Severity Score:
Medium

Plugin Slug:
vk-block-patterns

Installations
90,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.31.1.1

Severity Score:
Medium

Plugin Slug:
wp-staging

Installations
90,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
3.5.0

Severity Score:
Medium

Plugin Slug:
backup-backup

Installations
80,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.4.2

Severity Score:
Medium

Plugin Slug:
import-users-from-csv-with-meta

Installations
80,000+

Vulnerability:
PHP Object Injection

Patched in Version:
1.26.3

Severity Score:
Medium

Plugin Slug:
mainwp-child-reports

Installations
80,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.2

Severity Score:
Medium

Plugin Slug:
tutor

Installations
80,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.7.0

Severity Score:
Medium

Plugin Slug:
tutor

Installations
80,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.7.0

Severity Score:
Medium

Plugin Slug:
wp-smtp

Installations
80,000+

Vulnerability:
SQL Injection

Patched in Version:
1.2.7

Severity Score:
High

Plugin Slug:
wp-ulike

Installations
80,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.7.0

Severity Score:
Medium

Plugin Slug:
wp-ulike

Installations
80,000+

Vulnerability:
SQL Injection

Patched in Version:
4.7.0

Severity Score:
High

Plugin Slug:
wp-ulike

Installations
80,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.7.0

Severity Score:
Medium

Plugin Slug:
wpdiscuz

Installations
80,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
7.6.16

Severity Score:
Medium

Plugin Slug:
contact-form-entries

Installations
70,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.3.9

Severity Score:
High

Plugin Slug:
media-cleaner

Installations
70,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
6.7.3

Severity Score:
Medium

Plugin Slug:
users-customers-import-export-for-wp-woocommerce

Installations
70,000+

Vulnerability:
Deserialization of untrusted data

Patched in Version:
2.5.4

Severity Score:
Medium

Plugin Slug:
blog2social

Installations
60,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
7.5.0

Severity Score:
Medium

Plugin Slug:
exclusive-addons-for-elementor

Installations
60,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.6.9.2

Severity Score:
Medium

Plugin Slug:
exclusive-addons-for-elementor

Installations
60,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.6.9.4

Severity Score:
Medium

Plugin Slug:
exclusive-addons-for-elementor

Installations
60,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.6.9.5

Severity Score:
Medium

Plugin Slug:
getwid

Installations
60,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.0.8

Severity Score:
Medium

Plugin Slug:
woocommerce-currency-switcher

Installations
60,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.4.1.9

Severity Score:
Medium

Plugin Slug:
wp-members

Installations
60,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
3.4.9.4

Severity Score:
Medium

Plugin Slug:
enhanced-text-widget

Installations
50,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.6.5

Severity Score:
Medium

Plugin Slug:
form-maker

Installations
50,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.15.25

Severity Score:
Medium

Plugin Slug:
jquery-collapse-o-matic

Installations
50,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.8.5.6

Severity Score:
Medium

Plugin Slug:
quick-featured-images

Installations
50,000+

Vulnerability:
Broken Access Control

Patched in Version:
13.7.1

Severity Score:
Medium

Plugin Slug:
simple-membership

Installations
50,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.4.4

Severity Score:
Medium

Plugin Slug:
sina-extension-for-elementor

Installations
50,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.5.3

Severity Score:
Medium

Plugin Slug:
post-grid

Installations
40,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
2.2.79

Severity Score:
High

Plugin Slug:
simply-static

Installations
40,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
3.1.4

Severity Score:
High

Plugin Slug:
woocommerce-delivery-notes

Installations
40,000+

Vulnerability:
Broken Access Control

Patched in Version:
4.9.0

Severity Score:
Medium

Plugin Slug:
wp-analytify

Installations
40,000+

Vulnerability:
Broken Access Control

Patched in Version:
5.2.4

Severity Score:
Medium

Plugin Slug:
wp-analytify

Installations
40,000+

Vulnerability:
Broken Access Control

Patched in Version:
5.2.4

Severity Score:
Medium

Plugin Slug:
ag-custom-admin

Installations
30,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
7.2.2

Severity Score:
Medium

Plugin Slug:
ays-popup-box

Installations
30,000+

Vulnerability:
Broken Access Control

Patched in Version:
4.3.7

Severity Score:
Medium

Plugin Slug:
fv-wordpress-flowplayer

Installations
30,000+

Vulnerability:
Server Side Request Forgery (SSRF)

Patched in Version:
7.5.45.7212

Severity Score:
Medium

Plugin Slug:
master-addons

Installations
30,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.0.5.6

Severity Score:
Medium

Plugin Slug:
mp-timetable

Installations
30,000+

Vulnerability:
SQL Injection

Patched in Version:
2.4.12

Severity Score:
High

Plugin Slug:
social-warfare

Installations
30,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.4.6.2

Severity Score:
Medium

Plugin Slug:
vod-infomaniak

Installations
30,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.5.7

Severity Score:
High

Plugin Slug:
wp-google-places-review-slider

Installations
30,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
13.6

Severity Score:
Medium

Plugin Slug:
wp-hide-backed-notices

Installations
30,000+

Vulnerability:
Bypass Vulnerability

Patched in Version:
1.3

Severity Score:
Medium

Plugin Slug:
appointment-hour-booking

Installations
20,000+

Vulnerability:
Other Vulnerability Type

Patched in Version:
1.4.57

Severity Score:
Medium

Plugin Slug:
checkout-fees-for-woocommerce

Installations
20,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.12.2

Severity Score:
Medium

Plugin Slug:
data-tables-generator-by-supsystic

Installations
20,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.10.32

Severity Score:
Medium

Plugin Slug:
gt3-photo-video-gallery

Installations
20,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.7.7.22

Severity Score:
Medium

Plugin Slug:
pricing-table-by-supsystic

Installations
20,000+

Vulnerability:
Content Injection

Patched in Version:
1.9.13

Severity Score:
Medium

Plugin Slug:
rafflepress

Installations
20,000+

Vulnerability:
Bypass Vulnerability

Patched in Version:
1.12.11

Severity Score:
Medium

Plugin Slug:
rate-my-post

Installations
20,000+

Vulnerability:
Insecure Direct Object References (IDOR)

Patched in Version:
3.4.5

Severity Score:
Medium

Plugin Slug:
secure-copy-content-protection

Installations
20,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.9.1

Severity Score:
Medium

Plugin Slug:
secure-copy-content-protection

Installations
20,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.7.2

Severity Score:
Medium

Plugin Slug:
ultimate-social-media-plus

Installations
20,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.6.2

Severity Score:
Medium

Plugin Slug:
ultimate-social-media-plus

Installations
20,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.6.3

Severity Score:
Medium

Plugin Slug:
video-conferencing-with-zoom-api

Installations
20,000+

Vulnerability:
Open Redirection

Patched in Version:
4.4.5

Severity Score:
Medium

Plugin Slug:
woocommerce-product-addon

Installations
20,000+

Vulnerability:
Arbitrary File Upload

Patched in Version:
32.0.19

Severity Score:
Critical

Plugin Slug:
woocommerce-sendinblue-newsletter-subscription

Installations
20,000+

Vulnerability:
Arbitrary File Download

Patched in Version:
4.0.18

Severity Score:
High

Plugin Slug:
wpzoom-elementor-addons

Installations
20,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.1.36

Severity Score:
Medium

Plugin Slug:
advanced-floating-content-lite

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.2.6

Severity Score:
Medium

Plugin Slug:
bp-better-messages

Installations
10,000+

Vulnerability:
Broken Authentication

Patched in Version:
2.4.33

Severity Score:
Medium

Plugin Slug:
buddypress-media

Installations
10,000+

Vulnerability:
SQL Injection

Patched in Version:
4.6.19

Severity Score:
High

Plugin Slug:
classified-listing

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.0.11

Severity Score:
Medium

Plugin Slug:
directorist

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
7.9.0

Severity Score:
Medium

Plugin Slug:
elespare

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.1.3

Severity Score:
Medium

Plugin Slug:
email-customizer-for-woocommerce

Installations
10,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
2.6.1

Severity Score:
High

Plugin Slug:
gamipress

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
6.8.9

Severity Score:
Low

Plugin Slug:
geodirectory

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.3.49

Severity Score:
Medium

Plugin Slug:
http-https-remover

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.2.7

Severity Score:
Medium

Plugin Slug:
list-custom-taxonomy-widget

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.2

Severity Score:
Medium

Plugin Slug:
live-composer-page-builder

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.5.39

Severity Score:
Medium

Plugin Slug:
mycred

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.6.4

Severity Score:
Medium

Plugin Slug:
paid-member-subscriptions

Installations
10,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.11.1

Severity Score:
Medium

Plugin Slug:
pop-up-pop-up

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.2.4

Severity Score:
Medium

Plugin Slug:
restaurant-reservations

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.6.17

Severity Score:
Medium

Plugin Slug:
reviewx

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.6.22

Severity Score:
Medium

Plugin Slug:
rometheme-for-elementor

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.4.2

Severity Score:
Medium

Plugin Slug:
rometheme-for-elementor

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.4.2

Severity Score:
Medium

Plugin Slug:
send-pdf-for-contact-form-7

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.0.2.4

Severity Score:
Medium

Plugin Slug:
socialsnap

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.3.6

Severity Score:
Medium

Plugin Slug:
ultimate-posts-widget

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.3.0

Severity Score:
Medium

Plugin Slug:
wordpress-easy-paypal-payment-or-donation-accept-plugin

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
5.0

Severity Score:
High

Plugin Slug:
wp-datepicker

Installations
10,000+

Vulnerability:
Privilege Escalation

Patched in Version:
2.1.1

Severity Score:
High

Plugin Slug:
wp-scheduled-posts

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
5.0.9

Severity Score:
Medium

Plugin Slug:
wp-travel-engine

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
5.8.1

Severity Score:
High

Plugin Slug:
arconix-faq

Installations
9,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.9.4

Severity Score:
Medium

Plugin Slug:
fg-joomla-to-wordpress

Installations
9,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
4.21.0

Severity Score:
Medium

Plugin Slug:
romethemeform

Installations
9,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.1.3

Severity Score:
Medium

Plugin Slug:
smart-forms

Installations
9,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.6.96

Severity Score:
Medium

Plugin Slug:
smart-forms

Installations
9,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.6.92

Severity Score:
Medium

Plugin Slug:
wp-linkedin-auto-publish

Installations
9,000+

Vulnerability:
Broken Access Control

Patched in Version:
8.12

Severity Score:
Medium

Plugin Slug:
wp-migration-duplicator

Installations
9,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.4.9

Severity Score:
Medium

Plugin Slug:
armember-membership

Installations
8,000+

Vulnerability:
Broken Access Control

Patched in Version:
4.0.29

Severity Score:
Critical

Plugin Slug:
hkdev-maintenance-mode

Installations
8,000+

Vulnerability:
Bypass Vulnerability

Patched in Version:
3.0.2

Severity Score:
Low

Plugin Slug:
wpc-composite-products

Installations
8,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
7.2.8

Severity Score:
Medium

Plugin Slug:
profilegrid-user-profiles-groups-and-communities

Installations
7,000+

Vulnerability:
Insecure Direct Object References (IDOR)

Patched in Version:
5.8.0

Severity Score:
Medium

Plugin Slug:
profilegrid-user-profiles-groups-and-communities

Installations
7,000+

Vulnerability:
Bypass Vulnerability

Patched in Version:
5.8.3

Severity Score:
Medium

Plugin Slug:
profilegrid-user-profiles-groups-and-communities

Installations
7,000+

Vulnerability:
Insecure Direct Object References (IDOR)

Patched in Version:
5.8.0

Severity Score:
Medium

Plugin Slug:
the-plus-addons-for-block-editor

Installations
7,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.2.6

Severity Score:
Medium

Plugin Slug:
better-elementor-addons

Installations
6,000+

Vulnerability:
Local File Inclusion

Patched in Version:
1.4.2

Severity Score:
Medium

Plugin Slug:
easy-property-listings

Installations
6,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.5.4

Severity Score:
Medium

Plugin Slug:
image-slider-widget

Installations
6,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.1.127

Severity Score:
Medium

Plugin Slug:
integrate-google-drive

Installations
6,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.3.91

Severity Score:
High

Plugin Slug:
integrate-google-drive

Installations
6,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.3.91

Severity Score:
Medium

Plugin Slug:
print-my-blog

Installations
6,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.26.3

Severity Score:
Medium

Plugin Slug:
radio-player

Installations
6,000+

Vulnerability:
Server Side Request Forgery (SSRF)

Patched in Version:
2.0.74

Severity Score:
Medium

Plugin Slug:
arconix-shortcodes

Installations
5,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.1.11

Severity Score:
Medium

Plugin Slug:
assistant

Installations
5,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
1.4.9.2

Severity Score:
Medium

Plugin Slug:
podlove-podcasting-plugin-for-wordpress

Installations
5,000+

Vulnerability:
Server Side Request Forgery (SSRF)

Patched in Version:
4.0.12

Severity Score:
Medium

Plugin Slug:
podlove-podcasting-plugin-for-wordpress

Installations
5,000+

Vulnerability:
Broken Access Control

Patched in Version:
4.0.15

Severity Score:
High

Plugin Slug:
salon-booking-system

Installations
5,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
9.6.6

Severity Score:
Medium

Plugin Slug:
salon-booking-system

Installations
5,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
9.6.6

Severity Score:
Medium

Plugin Slug:
salon-booking-system

Installations
5,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
9.6.6

Severity Score:
Medium

Plugin Slug:
ultimate-410

Installations
5,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.1.5

Severity Score:
Medium

Plugin Slug:
advanced-local-pickup-for-woocommerce

Installations
4,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.6.2

Severity Score:
Medium

Plugin Slug:
embed-google-photos-album-easily

Installations
4,000+

Vulnerability:
Server Side Request Forgery (SSRF)

Patched in Version:
2.2.1

Severity Score:
Medium

Plugin Slug:
jc-importer

Installations
4,000+

Vulnerability:
Server Side Request Forgery (SSRF)

Patched in Version:
2.13.1

Severity Score:
Medium

Plugin Slug:
tickera-event-ticketing-system

Installations
4,000+

Vulnerability:
Insecure Direct Object References (IDOR)

Patched in Version:
3.5.2.5

Severity Score:
Medium

Plugin Slug:
vikrentcar

Installations
4,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
1.3.3

Severity Score:
Medium

Plugin Slug:
wp-ada-compliance-check-basic

Installations
4,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
3.1.4

Severity Score:
Medium

Plugin Slug:
wp-fusion-lite

Installations
4,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
3.43.0

Severity Score:
Medium

Plugin Slug:
coupon-reveal-button

Installations
3,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.2.6

Severity Score:
Medium

Plugin Slug:
debug-log-manager

Installations
3,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.3.2

Severity Score:
Medium

Plugin Slug:
newsletters-lite

Installations
3,000+

Vulnerability:
Arbitrary File Upload

Patched in Version:
4.9.6

Severity Score:
Critical

Plugin Slug:
newsletters-lite

Installations
3,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
4.9.6

Severity Score:
High

Plugin Slug:
propertyhive

Installations
3,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.0.13

Severity Score:
Medium

Plugin Slug:
vision

Installations
3,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.7.2

Severity Score:
Medium

Plugin Slug:
widget-post-slider

Installations
3,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.3.6

Severity Score:
Medium

Plugin Slug:
wp-lister-for-ebay

Installations
3,000+

Vulnerability:
Arbitrary File Upload

Patched in Version:
3.6.0

Severity Score:
Critical

Plugin Slug:
wp-recall

Installations
3,000+

Vulnerability:
SQL Injection

Patched in Version:
16.26.6

Severity Score:
High

Plugin Slug:
wp-recall

Installations
3,000+

Vulnerability:
SQL Injection

Patched in Version:
16.26.6

Severity Score:
Critical

Plugin Slug:
accessibility-widget

Installations
2,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.2.1

Severity Score:
Medium

Plugin Slug:
advanced-testimonial-carousel-for-elementor

Installations
2,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.0.1

Severity Score:
Medium

Plugin Slug:
all-in-one-facebook-like-widget

Installations
2,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.2.8

Severity Score:
Medium

Plugin Slug:
basepress

Installations
2,000+

Vulnerability:
Server Side Request Forgery (SSRF)

Patched in Version:
2.16.2.1

Severity Score:
Medium

Plugin Slug:
basepress

Installations
2,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.16.2.1

Severity Score:
Medium

Plugin Slug:
cookiehub

Installations
2,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.1.1

Severity Score:
Medium

Plugin Slug:
custom-field-finder

Installations
2,000+

Vulnerability:
PHP Object Injection

Patched in Version:
0.4

Severity Score:
Medium

Plugin Slug:
feedburner-alternative-and-rss-redirect

Installations
2,000+

Vulnerability:
Broken Access Control

Patched in Version:
4.0

Severity Score:
Medium

Plugin Slug:
instawp-connect

Installations
2,000+

Vulnerability:
Broken Access Control

Patched in Version:
0.1.0.25

Severity Score:
Medium

Plugin Slug:
ipages-flipbook

Installations
2,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.5.2

Severity Score:
Medium

Plugin Slug:
the-pack-addon

Installations
2,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.0.8.4

Severity Score:
High

Plugin Slug:
the-pack-addon

Installations
2,000+

Vulnerability:
Server Side Request Forgery (SSRF)

Patched in Version:
2.0.8.3

Severity Score:
Medium

Plugin Slug:
user-meta

Installations
2,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
3.1

Severity Score:
Medium

Plugin Slug:
woocommerce-superfaktura

Installations
2,000+

Vulnerability:
Server Side Request Forgery (SSRF)

Patched in Version:
1.40.4

Severity Score:
Medium

Plugin Slug:
academy

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.9.17

Severity Score:
High

Plugin Slug:
academy

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.9.17

Severity Score:
Medium

Plugin Slug:
activedemand

Installations
1,000+

Vulnerability:
Arbitrary File Upload

Patched in Version:
0.2.42

Severity Score:
Critical

Plugin Slug:
admin-bar

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.0.23

Severity Score:
Medium

Plugin Slug:
ai-post-generator

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.4

Severity Score:
Medium

Plugin Slug:
apppresser

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
4.3.1

Severity Score:
Medium

Plugin Slug:
booking-ultra-pro

Installations
1,000+

Vulnerability:
Privilege Escalation

Patched in Version:
1.1.13

Severity Score:
High

Plugin Slug:
buddyforms

Installations
1,000+

Vulnerability:
Arbitrary File Download

Patched in Version:
2.8.9

Severity Score:
High

Plugin Slug:
contest-gallery

Installations
1,000+

Vulnerability:
Arbitrary File Deletion

Patched in Version:
21.3.5

Severity Score:
High

Plugin Slug:
conversational-forms

Installations
1,000+

Vulnerability:
Arbitrary File Download

Patched in Version:
1.2.0

Severity Score:
High

Plugin Slug:
culqi-checkout

Installations
1,000+

Vulnerability:
Server Side Request Forgery (SSRF)

Patched in Version:
3.0.15

Severity Score:
Medium

Plugin Slug:
eprolo-dropshipping

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.7.2

Severity Score:
Medium

Plugin Slug:
flexible-shipping-usps

Installations
1,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
1.10.0

Severity Score:
Medium

Plugin Slug:
headline-analyzer

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.3.4

Severity Score:
Medium

Plugin Slug:
kb-support

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.6.1

Severity Score:
Medium

Plugin Slug:
login-with-phone-number

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.6.94

Severity Score:
Critical

Plugin Slug:
print-google-cloud-print-gcp-woocommerce

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
4.5.4

Severity Score:
High

Plugin Slug:
radio-station

Installations
1,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.5.8

Severity Score:
Medium

Plugin Slug:
reviews-plus

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.3.5

Severity Score:
Medium

Plugin Slug:
save-as-pdf-by-pdfcrowd

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.2.1

Severity Score:
Medium

Plugin Slug:
seers-cookie-consent-banner-privacy-policy

Installations
1,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
8.1.1

Severity Score:
High

Plugin Slug:
sirv

Installations
1,000+

Vulnerability:
Privilege Escalation

Patched in Version:
7.2.3

Severity Score:
High

Plugin Slug:
streamweasels-twitch-integration

Installations
1,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
1.8.0

Severity Score:
Medium

Plugin Slug:
totalpoll-lite

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
4.10.0

Severity Score:
Medium

Plugin Slug:
vitepos-lite

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.0.2

Severity Score:
Medium

Plugin Slug:
wp-club-manager

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.2.12

Severity Score:
Medium

Plugin Slug:
wp-gotowebinar

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
15.1

Severity Score:
Medium

Plugin Slug:
wp-meta-data-filter-and-taxonomy-filter

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.3.3.1

Severity Score:
Medium

Plugin Slug:
wp-time-slots-booking-form

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.2.07

Severity Score:
High

Plugin Slug:
wpcal

Installations
1,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
0.9.5.9

Severity Score:
Medium

Plugin Slug:
wppizza

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.18.11

Severity Score:
Medium

Plugin Slug:
frontend-dashboard

Installations
900+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
2.2.4

Severity Score:
High

Plugin Slug:
leaky-paywall

Installations
900+

Vulnerability:
Broken Access Control

Patched in Version:
4.20.9

Severity Score:
High

Plugin Slug:
olive-one-click-demo-import

Installations
900+

Vulnerability:
Arbitrary File Download

Patched in Version:
1.1.2

Severity Score:
High

Plugin Slug:
woo-aliexpress-dropshipping

Installations
900+

Vulnerability:
Arbitrary Content Deletion

Patched in Version:
2.1.2

Severity Score:
High

Plugin Slug:
barcode-scanner-lite-pos-to-manage-products-inventory-and-orders

Installations
800+

Vulnerability:
Privilege Escalation

Patched in Version:
1.5.4

Severity Score:
Critical

Plugin Slug:
barcode-scanner-lite-pos-to-manage-products-inventory-and-orders

Installations
800+

Vulnerability:
Broken Access Control

Patched in Version:
1.5.4

Severity Score:
Critical

Plugin Slug:
slash-admin

Installations
800+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.8.2

Severity Score:
High

Plugin Slug:
cardealer

Installations
700+

Vulnerability:
Content Injection

Patched in Version:
4.16

Severity Score:
Low

Plugin Slug:
shortpixel-critical-css

Installations
700+

Vulnerability:
Broken Access Control

Patched in Version:
1.0.3

Severity Score:
High

Plugin Slug:
admin-and-client-message-after-order-for-woocommerce

Installations
500+

Vulnerability:
Broken Access Control

Patched in Version:
12.5

Severity Score:
Critical

Plugin Slug:
wp-s3-smart-upload

Installations
400+

Vulnerability:
Broken Access Control

Patched in Version:
1.5.1

Severity Score:
High

Plugin Slug:
evergreen-content-poster

Installations
100+

Vulnerability:
Broken Access Control

Patched in Version:
1.4.3

Severity Score:
Medium

Plugin Slug:
5-stars-rating-funnel

Installations
40+

Vulnerability:
Broken Access Control

Patched in Version:
1.3.02

Severity Score:
Medium

Plugin Slug:
better-comments

Installations
20+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.5.6

Severity Score:
Medium

Plugin Slug:
better-comments

Installations
20+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.5.6

Severity Score:
Medium

Plugin:

Header Footer Code Manager Pro

Plugin Slug:
99robots-header-footer-code-manager-pro

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.0.17

Severity Score:
High

Plugin:

ARForms

Plugin Slug:
arforms

Vulnerability:
SQL Injection

Patched in Version:
6.4.1

Severity Score:
High

Plugin:

ARForms

Plugin Slug:
arforms

Vulnerability:
Settings Change

Patched in Version:
6.4.1

Severity Score:
High

Plugin:

ARForms

Plugin Slug:
arforms

Vulnerability:
Settings Change

Patched in Version:
6.4.1

Severity Score:
High

Plugin:

ARForms

Plugin Slug:
arforms

Vulnerability:
Arbitrary File Deletion

Patched in Version:
6.4.1

Severity Score:
High

Plugin:

ARForms

Plugin Slug:
arforms

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
6.4.1

Severity Score:
High

Plugin:

ARForms Form Builder

Plugin Slug:
arforms-form-builder

Vulnerability:
Broken Access Control

Patched in Version:
1.6.5

Severity Score:
High

Plugin:

Digital Publications by Supsystic

Plugin Slug:
digital-publications-by-supsystic

Vulnerability:
Broken Access Control

Patched in Version:
1.7.8

Severity Score:
Medium

Plugin:

ElementsKit Pro

Plugin Slug:
elementskit

Vulnerability:
Local File Inclusion

Patched in Version:
3.6.1

Severity Score:
High

Plugin:

Fancy Product Designer

Plugin Slug:
fancy-product-designer

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
6.1.8

Severity Score:
High

Plugin:

Interactive World Maps

Plugin Slug:
interactive-world-maps

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.5

Severity Score:
High

Plugin:

Max Addons Pro for Bricks

Plugin Slug:
max-addons-pro-bricks

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.6.2

Severity Score:
High

Plugin:

Max Addons Pro for Bricks

Plugin Slug:
max-addons-pro-bricks

Vulnerability:
Settings Change

Patched in Version:
1.6.2

Severity Score:
Medium

Plugin:

WooCommerce Shipping Label

Plugin Slug:
shipping-labels-for-woo

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.3.9

Severity Score:
Medium

Plugin:

WooCommerce Customers Manager

Plugin Slug:
woocommerce-customers-manager

Vulnerability:
Broken Access Control

Patched in Version:
29.8

Severity Score:
Medium

Plugin:

WooCommerce Customers Manager

Plugin Slug:
woocommerce-customers-manager

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
29.8

Severity Score:
High

Plugin:

WP Media Category Management

Plugin Slug:
wp-media-category-management

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.3.0

Severity Score:
High

Plugin:

Wp Staging Pro

Plugin Slug:
wp-staging-pro

Vulnerability:
Sensitive Data Exposure

Patched in Version:
5.5.0

Severity Score:
Medium

WordPress Themes — 21 Patched / 7 Unpatched

Theme:

UDesign

Theme Slug:
u-design

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Theme:

XStore

Theme Slug:
xstore

Vulnerability:
Settings Change

Patched in Version:
No Fix

Severity Score:
High

Theme:

XStore

Theme Slug:
xstore

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
High

Theme:

XStore

Theme Slug:
xstore

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Theme:

XStore

Theme Slug:
xstore

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
High

Theme:

XStore

Theme Slug:
xstore

Vulnerability:
Local File Inclusion

Patched in Version:
No Fix

Severity Score:
Critical

Theme:

XStore

Theme Slug:
xstore

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
Critical

Theme Slug:
accountra

Downloads
20,885

Vulnerability:
Broken Access Control

Patched in Version:
1.0.4

Severity Score:
Medium

Theme Slug:
althea-wp

Downloads
52,642

Vulnerability:
Broken Access Control

Patched in Version:
1.0.16

Severity Score:
Medium

Theme Slug:
blocksy

Downloads
3,113,676

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.0.40

Severity Score:
Medium

Theme Slug:
blocksy

Downloads
3,113,676

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.0.34

Severity Score:
Medium

Theme Slug:
brite

Downloads
125,207

Vulnerability:
Broken Access Control

Patched in Version:
1.0.15

Severity Score:
Medium

Theme Slug:
colibri-wp

Downloads
1,271,195

Vulnerability:
Broken Access Control

Patched in Version:
1.0.99

Severity Score:
Medium

Theme Slug:
colornews

Downloads
266,626

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.2.7

Severity Score:
Medium

Theme Slug:
elevate-wp

Downloads
70,130

Vulnerability:
Broken Access Control

Patched in Version:
1.0.17

Severity Score:
Medium

Theme Slug:
financio

Downloads
17,197

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.1.4

Severity Score:
Medium

Theme Slug:
hugo-wp

Downloads
59,334

Vulnerability:
Broken Access Control

Patched in Version:
1.0.10

Severity Score:
Medium

Theme Slug:
intrace

Downloads
84,888

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.1.1

Severity Score:
Medium

Theme Slug:
pathway

Downloads
57,050

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.0.16

Severity Score:
Medium

Theme Slug:
photology

Downloads
17,339

Vulnerability:
Broken Access Control

Patched in Version:
1.1.4

Severity Score:
Medium

Theme Slug:
royal-elementor-kit

Downloads
461,793

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.0.117

Severity Score:
Medium

Theme Slug:
startupzy

Downloads
66,824

Vulnerability:
Broken Access Control

Patched in Version:
1.1.2

Severity Score:
Medium

Theme Slug:
teluro

Downloads
188,771

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.0.36

Severity Score:
Medium

Theme Slug:
travey

Downloads
17,666

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.0.5

Severity Score:
Medium

Theme Slug:
vertice

Downloads
47,531

Vulnerability:
Broken Access Control

Patched in Version:
1.0.11

Severity Score:
Medium

Theme Slug:
virtue

Downloads
2,473,892

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.4.9

Severity Score:
Medium

Theme Slug:
wp-portfolio

Downloads
82,208

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.5

Severity Score:
Medium

Theme Slug:
zeever

Downloads
208,788

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.1.1

Severity Score:
Medium

Solid Security is part of Solid Suite — The best foundation for WordPress websites.

Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!

Get Solid Security

Keep reading the article at Blog – SolidWP. The article was originally written by Sarah Ulmer on 2024-05-01 11:27:57.

The article was hand-picked and curated for you by the Editorial Team of WP Archives.

Disclosure: Some of the links in this post are "affiliate links." This means if you click on the link and purchase the product, We may receive an affiliate commission.

Previous Post
Next Post

Related Posts

WordPress Vulnerability Roundup: March , Part 1

WordPress

Customizing WordPress User Roles With Branda

WordPress

20 Best React Dashboard Templates For Killer Applications –

WordPress

Booknetic: WordPress Appointments & Booking –

WordPress

Quickly & Easily Build Popups with WP Popups Pro –

WordPress

How Much Does a Domain Name Really Cost

WordPress

Leave a Comment Cancel Reply
Your email address will not be published. Required fields are marked *
Type here..

Name*

Email*

Website

Save my name, email, and website in this browser for the next time I comment.

Notify me of follow-up comments by email.
Notify me of new posts by email.

Δ

WordPress Vulnerability Report — May 15, 2024
WordPress

In this report, 192 vulnerabilities have been publicly disclosed. Security patches for 145 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 47 plugin vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

window[“e516ebc3_cc22_4120_9024_74a02d8803fb”] = {“blockId”:”e516ebc3-cc22-4120-9024-74a02d8803fb”,”type”:”warning”,”content”:”

Along with poor user account security, vulnerable plugins and themes are among the top reasons why WordPress websites get hacked. Unfortunately, cyberattacks are increasing in volume and sophistication. They’re also increasingly aimed at small to mid-sized businesses.”,”className”:””};

Along with poor user account security, vulnerable plugins and themes are among the top reasons why WordPress websites get hacked. Unfortunately, cyberattacks are increasing in volume and sophistication. They’re also increasingly aimed at small to mid-sized businesses.

window[“255c72cf_b4e3_402c_9998_e11c0e137abc”] = {“blockId”:”255c72cf-b4e3-402c-9998-e11c0e137abc”,”className”:””,”isOpen”:true};

Table of Contents

1. What Are Remote Code Execution (RCE) Attacks?

1.1 RCE Attacks Explained

2. Remote Code Execution Example

3. What Are the Different Types of Remote Code Execution?

3.1 SQL Injections

3.2 Cross-Site Scripting

3.3 Directory Traversal

4. What Can You Do To Prevent Remote Code Execution (RCE) Attacks?

5. How to Prevent Remote Code Execution (RCE) Attacks: 5 Steps

5.1 1. Download and Install the Solid Security Pro Plugin

5.2 2. Activate Version Management to Keep WordPress Core, Plugins and Themes Updated

5.3 3. Scan Your Site For Vulnerable Plugins and Themes

5.4 4. Prevent Session Hijacking

5.5 5. Turn on Two-Factor Authentication for All Admin Users

6. RCE Prevention: Additional Tips

6.1 1. Only Use Well-Established Software Applications and Plugins

6.2 2. Validate the Input of Users

6.3 3. The Least Privilege Principle

6.4 4. Content-Security-Policy

6.5 5. Stop Script From Reading Cookies

7. Wrapping UP: WordPress Remote Code Execution

window[“d4016609_9a27_4a04_8b01_4cf71ac41793”] = {“blockId”:”d4016609-9a27-4a04-8b01-4cf71ac41793″,”type”:”notice”,”content”:”

Our WordPress Vulnerability Reportu00a0covers the latest emerging WordPress plugin, theme, and core vulnerabilities. Each vulnerability will have a severity rating ofu00a0Low,u00a0Medium,u00a0High, oru00a0Critical. Responsible disclosure of vulnerabilities is essential to keeping the WordPress community safe. Please share this report to help spread the word and make WordPress u2014 and the web u2014 more secure.”,”className”:””};

Our WordPress Vulnerability Report covers the latest emerging WordPress plugin, theme, and core vulnerabilities. Each vulnerability will have a severity rating of Low, Medium, High, or Critical. Responsible disclosure of vulnerabilities is essential to keeping the WordPress community safe. Please share this report to help spread the word and make WordPress — and the web — more secure.

WordPress Core

WordPress 6.5.3 was released on May 7, 2024, as a short-cycle maintenance release. This release features 12 bug fixes on Core and 9 bug fixes for the Block editor.

The next major release will be version 6.6 planned for July 2024.

window[“3ce27c10_4561_4878_bd60_5562a4dbf81c”] = {“blockId”:”3ce27c10-4561-4878-bd60-5562a4dbf81c”,”text”:”No new core vulnerabilities were disclosed this week.”,”className”:””};

No new core vulnerabilities were disclosed this week.

WordPress Plugins — 129 Patched / 47 Unpatched

Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer

Plugin:

Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer

Plugin Slug:
clearfy

Installations
80,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-34806

The vulnerability has not been patched. You should deactivate the plugin.

Flo Forms – Easy Drag & Drop Form Builder

Plugin:

Flo Forms – Easy Drag & Drop Form Builder

Plugin Slug:
flo-forms

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-35174

The vulnerability has not been patched. You should deactivate the plugin.

WP Post Author – Enhance Your Posts with the Author Bio, Co-Authors, Guest Authors, and Post Rating System, including User Registration Form Builder

Plugin:

WP Post Author – Enhance Your Posts with the Author Bio, Co-Authors, Guest Authors, and Post Rating System, including User Registration Form Builder

Plugin Slug:
wp-post-author

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-34389

The vulnerability has not been patched. You should deactivate the plugin.

WP Post Author – Enhance Your Posts with the Author Bio, Co-Authors, Guest Authors, and Post Rating System, including User Registration Form Builder

Plugin:

WP Post Author – Enhance Your Posts with the Author Bio, Co-Authors, Guest Authors, and Post Rating System, including User Registration Form Builder

Plugin Slug:
wp-post-author

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-34387

The vulnerability has not been patched. You should deactivate the plugin.

140+ Widgets | Best Addons For Elementor – FREE

Plugin:

140+ Widgets | Best Addons For Elementor – FREE

Plugin Slug:
xpro-elementor-addons

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-34570

The vulnerability has not been patched. You should deactivate the plugin.

JCH Optimize

Plugin:

JCH Optimize

Plugin Slug:
jch-optimize

Installations
6,000+

Vulnerability:
Path Traversal

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-34808

The vulnerability has not been patched. You should deactivate the plugin.

Post Grid Master – Custom Post Types, Taxonomies & Ajax Filter Everything with Infinite Scroll, Load More, Pagination & Shortcode Builder

Plugin:

Post Grid Master – Custom Post Types, Taxonomies & Ajax Filter Everything with Infinite Scroll, Load More, Pagination & Shortcode Builder

Plugin Slug:
ajax-filter-posts

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-34390

The vulnerability has not been patched. You should deactivate the plugin.

Kognetiks Chatbot for WordPress

Plugin:

Kognetiks Chatbot for WordPress

Plugin Slug:
chatbot-chatgpt

Installations
1,000+

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-32700

The vulnerability has not been patched. You should deactivate the plugin.

Netgsm

Plugin:

Netgsm

Plugin Slug:
netgsm

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-4746

The vulnerability has not been patched. You should deactivate the plugin.

Propovoice CRM – Best CRM & Invoicing Plugin to Manage Leads, Clients and Billings automation

Plugin:

Propovoice CRM – Best CRM & Invoicing Plugin to Manage Leads, Clients and Billings automation

Plugin Slug:
propovoice

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-4747

The vulnerability has not been patched. You should deactivate the plugin.

Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider

Plugin:

Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider

Plugin Slug:
ultimate-store-kit

Installations
1,000+

Vulnerability:
PHP Object Injection

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-4606

The vulnerability has not been patched. You should deactivate the plugin.

WC Serial Numbers – Ultimate License Manager for Selling, Licensing & Securely Delivering Digital Content with WooCommerce

Plugin:

WC Serial Numbers – Ultimate License Manager for Selling, Licensing & Securely Delivering Digital Content with WooCommerce

Plugin Slug:
wc-serial-numbers

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-35173

The vulnerability has not been patched. You should deactivate the plugin.

WordPress Webinar Plugin – WebinarPress

Plugin:

WordPress Webinar Plugin – WebinarPress

Plugin Slug:
wp-webinarsystem

Installations
1,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-34818

The vulnerability has not been patched. You should deactivate the plugin.

gee Search Plus, improved WordPress search

Plugin:

gee Search Plus, improved WordPress search

Plugin Slug:
gsearch-plus

Installations
100+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-34560

The vulnerability has not been patched. You should deactivate the plugin.

Sticky Social Link

Plugin:

Sticky Social Link

Plugin Slug:
sticky-social-link

Installations
100+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-34546

The vulnerability has not been patched. You should deactivate the plugin.

DS Site Message

Plugin:

DS Site Message

Plugin Slug:
ds-site-message

Installations
10+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-34439

The vulnerability has not been patched. You should deactivate the plugin.

Viet Nam Affiliate

Plugin:

Viet Nam Affiliate

Plugin Slug:
viet-nam-affiliate

Installations
10+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-34417

The vulnerability has not been patched. You should deactivate the plugin.

AWSOM News Announcement

Plugin:

AWSOM News Announcement

Plugin Slug:
awsom-news-announcement

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-34428

The vulnerability has not been patched. You should deactivate the plugin.

BlogLentor

Plugin:

BlogLentor

Plugin Slug:
bloglentor-for-elementor

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-34421

The vulnerability has not been patched. You should deactivate the plugin.

Brozzme Scroll Top

Plugin:

Brozzme Scroll Top

Plugin Slug:
brozzme-scroll-top

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-34426

The vulnerability has not been patched. You should deactivate the plugin.

canvasio3D Light

Plugin:

canvasio3D Light

Plugin Slug:
canvasio3d-light

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-34411

The vulnerability has not been patched. You should deactivate the plugin.

Configure Login Timeout

Plugin:

Configure Login Timeout

Plugin Slug:
configure-login-timeout

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-34419

The vulnerability has not been patched. You should deactivate the plugin.

Corona Virus (COVID-19) Banner & Live Data

Plugin:

Corona Virus (COVID-19) Banner & Live Data

Plugin Slug:
corona-virus-covid-19-banner

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-34429

The vulnerability has not been patched. You should deactivate the plugin.

Crelly Slider

Plugin:

Crelly Slider

Plugin Slug:
crelly-slider

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-3752

The vulnerability has not been patched. You should deactivate the plugin.

Debug Info

Plugin:

Debug Info

Plugin Slug:
debug-info

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-34565

The vulnerability has not been patched. You should deactivate the plugin.

EasyEvent

Plugin:

EasyEvent

Plugin Slug:
easyevent

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-3628

The vulnerability has not been patched. You should deactivate the plugin.

Enter Addons

Plugin:

Enter Addons

Plugin Slug:
enteraddons

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-3831

The vulnerability has not been patched. You should deactivate the plugin.

Fancy Elementor Flipbox

Plugin:

Fancy Elementor Flipbox

Plugin Slug:
fancy-elementor-flipbox

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-34572

The vulnerability has not been patched. You should deactivate the plugin.

Fast Custom Social Share by CodeBard

Plugin:

Fast Custom Social Share by CodeBard

Plugin Slug:
fast-custom-social-share-by-codebard

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-34807

The vulnerability has not been patched. You should deactivate the plugin.

Featured Content Gallery

Plugin:

Featured Content Gallery

Plugin Slug:
featured-content-gallery

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-34424

The vulnerability has not been patched. You should deactivate the plugin.

Forty Four – 404 Plugin for WordPress

Plugin:

Forty Four – 404 Plugin for WordPress

Plugin Slug:
forty-four

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-34423

The vulnerability has not been patched. You should deactivate the plugin.

GDPR Compliance

Plugin:

GDPR Compliance

Plugin Slug:
gdpr-compliance

Vulnerability:
Sensitive Data Exposure

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-34388

The vulnerability has not been patched. You should deactivate the plugin.

Comments Evolved for WordPress

Plugin:

Comments Evolved for WordPress

Plugin Slug:
gplus-comments

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-34420

The vulnerability has not been patched. You should deactivate the plugin.

LetterPress

Plugin:

LetterPress

Plugin Slug:
letterpress

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-34568

The vulnerability has not been patched. You should deactivate the plugin.

MF Gig Calendar

Plugin:

MF Gig Calendar

Plugin Slug:
mf-gig-calendar

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-3755

The vulnerability has not been patched. You should deactivate the plugin.

Pk Favicon Manager

Plugin:

Pk Favicon Manager

Plugin Slug:
phpsword-favicon-manager

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-34416

The vulnerability has not been patched. You should deactivate the plugin.

Pootle Pagebuilder – WordPress Page builder

Plugin:

Pootle Pagebuilder – WordPress Page builder

Plugin Slug:
pootle-page-builder

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-34573

The vulnerability has not been patched. You should deactivate the plugin.

Pure Chat

Plugin:

Pure Chat

Plugin Slug:
pure-chat

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-3595

The vulnerability has not been patched. You should deactivate the plugin.

QuickieBar

Plugin:

QuickieBar

Plugin Slug:
quickiebar

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-34425

The vulnerability has not been patched. You should deactivate the plugin.

Social Connect

Plugin:

Social Connect

Plugin Slug:
social-connect

Vulnerability:
Privilege Escalation

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-4393

The vulnerability has not been patched. You should deactivate the plugin.

Swift Performance Lite

Plugin:

Swift Performance Lite

Plugin Slug:
swift-performance-lite

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-3722

The vulnerability has not been patched. You should deactivate the plugin.

Table Maker

Plugin:

Table Maker

Plugin Slug:
table-maker

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-34574

The vulnerability has not been patched. You should deactivate the plugin.

TT Custom Post Type Creator

Plugin:

TT Custom Post Type Creator

Plugin Slug:
tt-custom-post-type-creator

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-34430

The vulnerability has not been patched. You should deactivate the plugin.

Viet Affiliate Link

Plugin:

Viet Affiliate Link

Plugin Slug:
viet-affiliate-link

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-34422

The vulnerability has not been patched. You should deactivate the plugin.

WP etracker

Plugin:

WP etracker

Plugin Slug:
wp-etracker

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-34431

The vulnerability has not been patched. You should deactivate the plugin.

WP Favorite Posts

Plugin:

WP Favorite Posts

Plugin Slug:
wp-favorite-posts

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-34427

The vulnerability has not been patched. You should deactivate the plugin.

WPCS ( WordPress Custom Search )

Plugin:

WPCS ( WordPress Custom Search )

Plugin Slug:
wpcs-wp-custom-search

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-34418

The vulnerability has not been patched. You should deactivate the plugin.

Yoast SEO

Plugin:

Yoast SEO

Plugin Slug:
wordpress-seo

Installations
5,000,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
22.6

Severity Score:
High

CVE:

2024-4041

The vulnerability has been patched, so you should update to version 22.6.

Jetpack – WP Security, Backup, Speed, & Growth

Plugin:

Jetpack – WP Security, Backup, Speed, & Growth

Plugin Slug:
jetpack

Installations
4,000,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
13.4

Severity Score:
Medium

CVE:

2024-4392

The vulnerability has been patched, so you should update to version 13.4.

Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders

Plugin:

Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders

Plugin Slug:
essential-addons-for-elementor-lite

Installations
2,000,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
5.9.21

Severity Score:
Medium

CVE:

2024-4624

The vulnerability has been patched, so you should update to version 5.9.21.

Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders

Plugin:

Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders

Plugin Slug:
essential-addons-for-elementor-lite

Installations
2,000,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
5.9.20

Severity Score:
Medium

CVE:

2024-4275

The vulnerability has been patched, so you should update to version 5.9.20.

Starter Templates — Elementor, WordPress & Beaver Builder Templates

Plugin:

Starter Templates — Elementor, WordPress & Beaver Builder Templates

Plugin Slug:
astra-sites

Installations
1,000,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.2.2

Severity Score:
Medium

CVE:

2024-4630

The vulnerability has been patched, so you should update to version 4.2.2.

Starter Templates — Elementor, WordPress & Beaver Builder Templates

Plugin:

Starter Templates — Elementor, WordPress & Beaver Builder Templates

Plugin Slug:
astra-sites

Installations
1,000,000+

Vulnerability:
Server Side Request Forgery (SSRF)

Patched in Version:
4.1.7

Severity Score:
Medium

CVE:

2024-1467

The vulnerability has been patched, so you should update to version 4.1.7.

One Click Demo Import

Plugin:

One Click Demo Import

Plugin Slug:
one-click-demo-import

Installations
1,000,000+

Vulnerability:
PHP Object Injection

Patched in Version:
3.2.1

Severity Score:
Medium

CVE:

2024-34433

The vulnerability has been patched, so you should update to version 3.2.1.

Gutenberg Blocks with AI by Kadence WP – Page Builder Features

Plugin:

Gutenberg Blocks with AI by Kadence WP – Page Builder Features

Plugin Slug:
kadence-blocks

Installations
400,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.2.37

Severity Score:
Medium

CVE:

2024-4481

The vulnerability has been patched, so you should update to version 3.2.37.

Translate Multilingual sites – TranslatePress

Plugin:

Translate Multilingual sites – TranslatePress

Plugin Slug:
translatepress-multilingual

Installations
300,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.7.6

Severity Score:
Medium

CVE:

2024-34827

The vulnerability has been patched, so you should update to version 2.7.6.

Blocksy Companion

Plugin:

Blocksy Companion

Plugin Slug:
blocksy-companion

Installations
200,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.0.46

Severity Score:
Medium

CVE:

2024-4487

The vulnerability has been patched, so you should update to version 2.0.46.

FileBird – WordPress Media Library Folders & File Manager

Plugin:

FileBird – WordPress Media Library Folders & File Manager

Plugin Slug:
filebird

Installations
200,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
5.6.4

Severity Score:
Medium

CVE:

2024-35166

The vulnerability has been patched, so you should update to version 5.6.4.

Unlimited Elements For Elementor (Free Widgets, Addons, Templates)

Plugin:

Unlimited Elements For Elementor (Free Widgets, Addons, Templates)

Plugin Slug:
unlimited-elements-for-elementor

Installations
200,000+

Vulnerability:
SQL Injection

Patched in Version:
1.5.105

Severity Score:
High

CVE:

2024-3055

The vulnerability has been patched, so you should update to version 1.5.105.

Unlimited Elements For Elementor (Free Widgets, Addons, Templates)

Plugin:

Unlimited Elements For Elementor (Free Widgets, Addons, Templates)

Plugin Slug:
unlimited-elements-for-elementor

Installations
200,000+

Vulnerability:
Remote Code Execution (RCE)

Patched in Version:
1.5.103

Severity Score:
High

CVE:

2024-2662

The vulnerability has been patched, so you should update to version 1.5.103.

Unlimited Elements For Elementor (Free Widgets, Addons, Templates)

Plugin:

Unlimited Elements For Elementor (Free Widgets, Addons, Templates)

Plugin Slug:
unlimited-elements-for-elementor

Installations
200,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.5.103

Severity Score:
High

CVE:

2024-3547

The vulnerability has been patched, so you should update to version 1.5.103.

White Label CMS

Plugin:

White Label CMS

Plugin Slug:
white-label-cms

Installations
200,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.7.4

Severity Score:
Medium

CVE:

2024-4280

The vulnerability has been patched, so you should update to version 2.7.4.

Advanced Ads – Ad Manager & AdSense

Plugin:

Advanced Ads – Ad Manager & AdSense

Plugin Slug:
advanced-ads

Installations
100,000+

Vulnerability:
PHP Object Injection

Patched in Version:
1.52.2

Severity Score:
Medium

CVE:

2024-2290

The vulnerability has been patched, so you should update to version 1.52.2.

Advanced Ads – Ad Manager & AdSense

Plugin:

Advanced Ads – Ad Manager & AdSense

Plugin Slug:
advanced-ads

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.52.2

Severity Score:
Medium

CVE:

2024-3952

The vulnerability has been patched, so you should update to version 1.52.2.

Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider)

Plugin:

Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider)

Plugin Slug:
bdthemes-prime-slider-lite

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.14.4

Severity Score:
Medium

CVE:

2024-4339

The vulnerability has been patched, so you should update to version 3.14.4.

Beaver Builder – WordPress Page Builder

Plugin:

Beaver Builder – WordPress Page Builder

Plugin Slug:
beaver-builder-lite-version

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.8.1.3

Severity Score:
Medium

CVE:

2024-4430

The vulnerability has been patched, so you should update to version 2.8.1.3.

Beaver Builder – WordPress Page Builder

Plugin:

Beaver Builder – WordPress Page Builder

Plugin Slug:
beaver-builder-lite-version

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.8.1.2

Severity Score:
Medium

CVE:

2024-3923

The vulnerability has been patched, so you should update to version 2.8.1.2.

Content Views – Post Grid & Filter, Recent Posts, Category Posts, & More (Gutenberg Blocks and Shortcode)

Plugin:

Content Views – Post Grid & Filter, Recent Posts, Category Posts, & More (Gutenberg Blocks and Shortcode)

Plugin Slug:
content-views-query-and-display-post-page

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.7.2

Severity Score:
Medium

CVE:

2024-4446

The vulnerability has been patched, so you should update to version 3.7.2.

HT Mega – Absolute Addons For Elementor

Plugin:

HT Mega – Absolute Addons For Elementor

Plugin Slug:
ht-mega-for-elementor

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.5.1

Severity Score:
Medium

CVE:

2024-3990

The vulnerability has been patched, so you should update to version 2.5.1.

Pods – Custom Content Types and Fields

Plugin:

Pods – Custom Content Types and Fields

Plugin Slug:
pods

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.2.1.1

Severity Score:
Medium

CVE:

2024-3956

The vulnerability has been patched, so you should update to version 3.2.1.1.

WP Job Manager

Plugin:

WP Job Manager

Plugin Slug:
wp-job-manager

Installations
100,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
2.3.0

Severity Score:
Medium

CVE:

2024-34549

The vulnerability has been patched, so you should update to version 2.3.0.

XML Sitemap & Google News

Plugin:

XML Sitemap & Google News

Plugin Slug:
xml-sitemap-feed

Installations
100,000+

Vulnerability:
Local File Inclusion

Patched in Version:
5.4.9

Severity Score:
High

CVE:

2024-4441

The vulnerability has been patched, so you should update to version 5.4.9.

EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor

Plugin:

EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor

Plugin Slug:
embedpress

Installations
90,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.9.17

Severity Score:
Medium

CVE:

2024-4316

The vulnerability has been patched, so you should update to version 3.9.17.

LearnPress – WordPress LMS Plugin

Plugin:

LearnPress – WordPress LMS Plugin

Plugin Slug:
learnpress

Installations
90,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.2.6.6

Severity Score:
Medium

CVE:

2024-4277

The vulnerability has been patched, so you should update to version 4.2.6.6.

LearnPress – WordPress LMS Plugin

Plugin:

LearnPress – WordPress LMS Plugin

Plugin Slug:
learnpress

Installations
90,000+

Vulnerability:
Broken Access Control

Patched in Version:
4.2.6.6

Severity Score:
Medium

CVE:

2024-4444

The vulnerability has been patched, so you should update to version 4.2.6.6.

LearnPress – WordPress LMS Plugin

Plugin:

LearnPress – WordPress LMS Plugin

Plugin Slug:
learnpress

Installations
90,000+

Vulnerability:
SQL Injection

Patched in Version:
4.2.6.6

Severity Score:
Critical

CVE:

2024-4434

The vulnerability has been patched, so you should update to version 4.2.6.6.

LearnPress – WordPress LMS Plugin

Plugin:

LearnPress – WordPress LMS Plugin

Plugin Slug:
learnpress

Installations
90,000+

Vulnerability:
Arbitrary File Upload

Patched in Version:
4.2.6.6

Severity Score:
Critical

CVE:

2024-4397

The vulnerability has been patched, so you should update to version 4.2.6.6.

Import and export users and customers

Plugin:

Import and export users and customers

Plugin Slug:
import-users-from-csv-with-meta

Installations
80,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.26.6

Severity Score:
Medium

CVE:

2024-34815

The vulnerability has been patched, so you should update to version 1.26.6.

Mesmerize Companion

Plugin:

Mesmerize Companion

Plugin Slug:
mesmerize-companion

Installations
80,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.6.149

Severity Score:
Medium

CVE:

2024-3494

The vulnerability has been patched, so you should update to version 1.6.149.

Sydney Toolbox

Plugin:

Sydney Toolbox

Plugin Slug:
sydney-toolbox

Installations
80,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.32

Severity Score:
Medium

CVE:

2024-4473

The vulnerability has been patched, so you should update to version 1.32.

AI Engine

Plugin:

AI Engine

Plugin Slug:
ai-engine

Installations
70,000+

Vulnerability:
Arbitrary File Upload

Patched in Version:
2.2.70

Severity Score:
Critical

CVE:

2024-34440

The vulnerability has been patched, so you should update to version 2.2.70.

Custom Field Suite

Plugin:

Custom Field Suite

Plugin Slug:
custom-field-suite

Installations
50,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.6.6

Severity Score:
Medium

CVE:

2024-3068

The vulnerability has been patched, so you should update to version 2.6.6.

Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy)

Plugin:

Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy)

Plugin Slug:
easy-digital-downloads

Installations
50,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
3.2.12

Severity Score:
Medium

CVE:

2024-32100

The vulnerability has been patched, so you should update to version 3.2.12.

Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy)

Plugin:

Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy)

Plugin Slug:
easy-digital-downloads

Installations
50,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
3.2.12

Severity Score:
Medium

CVE:

2024-31113

The vulnerability has been patched, so you should update to version 3.2.12.

Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder

Plugin:

Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder

Plugin Slug:
form-maker

Installations
50,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.15.25

Severity Score:
Medium

CVE:

2024-34437

The vulnerability has been patched, so you should update to version 1.15.25.

Image Hover Effects – Elementor Addon

Plugin:

Image Hover Effects – Elementor Addon

Plugin Slug:
image-hover-effects-addon-for-elementor

Installations
50,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.4.2

Severity Score:
Medium

CVE:

2024-1166

The vulnerability has been patched, so you should update to version 1.4.2.

Ditty – Responsive News Tickers, Sliders, and Lists

Plugin:

Ditty – Responsive News Tickers, Sliders, and Lists

Plugin Slug:
ditty-news-ticker

Installations
40,000+

Vulnerability:
PHP Object Injection

Patched in Version:
3.1.39

Severity Score:
High

CVE:

2024-3954

The vulnerability has been patched, so you should update to version 3.1.39.

Timber

Plugin:

Timber

Plugin Slug:
timber-library

Installations
40,000+

Vulnerability:
Deserialization of untrusted data

Patched in Version:
1.23.1

Severity Score:
High

CVE:

2024-29800

The vulnerability has been patched, so you should update to version 1.23.1.

Visual Footer Credit Remover

Plugin:

Visual Footer Credit Remover

Plugin Slug:
visual-footer-credit-remover

Installations
40,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.3

Severity Score:
Medium

CVE:

2024-2846

The vulnerability has been patched, so you should update to version 1.3.

Social Sharing Plugin – Social Warfare

Plugin:

Social Sharing Plugin – Social Warfare

Plugin Slug:
social-warfare

Installations
30,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
4.4.6

Severity Score:
Medium

CVE:

2024-34825

The vulnerability has been patched, so you should update to version 4.4.6.

Back In Stock Notifier for WooCommerce | WooCommerce Waitlist Pro

Plugin:

Back In Stock Notifier for WooCommerce | WooCommerce Waitlist Pro

Plugin Slug:
back-in-stock-notifier-for-woocommerce

Installations
20,000+

Vulnerability:
Broken Access Control

Patched in Version:
5.3.2

Severity Score:
Medium

CVE:

2024-4038

The vulnerability has been patched, so you should update to version 5.3.2.

Content Blocks (Custom Post Widget)

Plugin:

Content Blocks (Custom Post Widget)

Plugin Slug:
custom-post-widget

Installations
20,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.3.1

Severity Score:
Medium

CVE:

2024-34566

The vulnerability has been patched, so you should update to version 3.3.1.

Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers

Plugin:

Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers

Plugin Slug:
rafflepress

Installations
20,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.12.5

Severity Score:
Medium

CVE:

2024-4745

The vulnerability has been patched, so you should update to version 1.12.5.

ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization

Plugin:

ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization

Plugin Slug:
shortpixel-adaptive-images

Installations
20,000+

Vulnerability:
Server Side Request Forgery (SSRF)

Patched in Version:
3.8.4

Severity Score:
Medium

CVE:

2024-35172

The vulnerability has been patched, so you should update to version 3.8.4.

ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization

Plugin:

ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization

Plugin Slug:
shortpixel-adaptive-images

Installations
20,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
3.8.4

Severity Score:
Medium

CVE:

2024-4689

The vulnerability has been patched, so you should update to version 3.8.4.

ClickCease Click Fraud Protection

Plugin:

ClickCease Click Fraud Protection

Plugin Slug:
clickcease-click-fraud-protection

Installations
10,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
3.2.5

Severity Score:
Medium

CVE:

2023-6810

The vulnerability has been patched, so you should update to version 3.2.5.

Easy Affiliate Links

Plugin:

Easy Affiliate Links

Plugin Slug:
easy-affiliate-links

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.7.3

Severity Score:
Medium

CVE:

2024-34441

The vulnerability has been patched, so you should update to version 3.7.3.

Envo’s Elementor Templates & Widgets for WooCommerce

Plugin:

Envo’s Elementor Templates & Widgets for WooCommerce

Plugin Slug:
envo-elementor-for-woocommerce

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.4.9

Severity Score:
Medium

CVE:

2024-35167

The vulnerability has been patched, so you should update to version 1.4.9.

Graphina – Elementor Charts and Graphs

Plugin:

Graphina – Elementor Charts and Graphs

Plugin Slug:
graphina-elementor-charts-and-graphs

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.8.10

Severity Score:
Medium

CVE:

2024-4574

The vulnerability has been patched, so you should update to version 1.8.10.

HTML5 Audio Player- Best WordPress Audio Player Plugin

Plugin:

HTML5 Audio Player- Best WordPress Audio Player Plugin

Plugin Slug:
html5-audio-player

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.2.22

Severity Score:
Medium

CVE:

2024-4398

The vulnerability has been patched, so you should update to version 2.2.22.

Link Library

Plugin:

Link Library

Plugin Slug:
link-library

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
7.7

Severity Score:
Medium

CVE:

2024-4281

The vulnerability has been patched, so you should update to version 7.7.

Gallery Block (Meow Gallery)

Plugin:

Gallery Block (Meow Gallery)

Plugin Slug:
meow-gallery

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
5.1.4

Severity Score:
Medium

CVE:

2024-4386

The vulnerability has been patched, so you should update to version 5.1.4.

Hotel Booking Lite

Plugin:

Hotel Booking Lite

Plugin Slug:
motopress-hotel-booking-lite

Installations
10,000+

Vulnerability:
PHP Object Injection

Patched in Version:
4.11.2

Severity Score:
Critical

CVE:

2024-4413

The vulnerability has been patched, so you should update to version 4.11.2.

Shared Counts – Social Media Share Buttons

Plugin:

Shared Counts – Social Media Share Buttons

Plugin Slug:
shared-counts

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.5.0

Severity Score:
Medium

The vulnerability has been patched, so you should update to version 1.5.0.

Simple Basic Contact Form

Plugin:

Simple Basic Contact Form

Plugin Slug:
simple-basic-contact-form

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
20240511

Severity Score:
Medium

CVE:

2024-4144

The vulnerability has been patched, so you should update to version 20240511.

SportsPress – Sports Club & League Manager

Plugin:

SportsPress – Sports Club & League Manager

Plugin Slug:
sportspress

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.7.21

Severity Score:
Medium

CVE:

2024-34824

The vulnerability has been patched, so you should update to version 2.7.21.

SSL Zen – Free Let’s Encrypt SSL Certificate & HTTPS/SSL Redirect WordPress Plugin

Plugin:

SSL Zen – Free Let’s Encrypt SSL Certificate & HTTPS/SSL Redirect WordPress Plugin

Plugin Slug:
ssl-zen

Installations
10,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
4.6.0

Severity Score:
Medium

CVE:

2024-1076

The vulnerability has been patched, so you should update to version 4.6.0.

Themify Shortcodes

Plugin:

Themify Shortcodes

Plugin Slug:
themify-shortcodes

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.1.0

Severity Score:
Medium

CVE:

2024-4567

The vulnerability has been patched, so you should update to version 2.1.0.

Thim Elementor Kit

Plugin:

Thim Elementor Kit

Plugin Slug:
thim-elementor-kit

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.1.9.1

Severity Score:
Medium

CVE:

2024-4329

The vulnerability has been patched, so you should update to version 1.1.9.1.

Thim Elementor Kit

Plugin:

Thim Elementor Kit

Plugin Slug:
thim-elementor-kit

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.1.9

Severity Score:
Medium

CVE:

2024-34415

The vulnerability has been patched, so you should update to version 1.1.9.

weMail – Email Marketing, Newsletter, Optin Forms, Subscribers WordPress Plugin

Plugin:

weMail – Email Marketing, Newsletter, Optin Forms, Subscribers WordPress Plugin

Plugin Slug:
wemail

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.14.3

Severity Score:
Medium

CVE:

2024-34822

The vulnerability has been patched, so you should update to version 1.14.3.

All-in-One Addons for Elementor – WidgetKit

Plugin:

All-in-One Addons for Elementor – WidgetKit

Plugin Slug:
widgetkit-for-elementor

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.5.0

Severity Score:
Medium

CVE:

2024-34548

The vulnerability has been patched, so you should update to version 2.5.0.

Orders Tracking for WooCommerce

Plugin:

Orders Tracking for WooCommerce

Plugin Slug:
woo-orders-tracking

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.2.11

Severity Score:
Medium

CVE:

2024-4039

The vulnerability has been patched, so you should update to version 1.2.11.

WP Latest Posts

Plugin:

WP Latest Posts

Plugin Slug:
wp-latest-posts

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
5.0.8

Severity Score:
Medium

CVE:

2024-4135

The vulnerability has been patched, so you should update to version 5.0.8.

WP Photo Album Plus

Plugin:

WP Photo Album Plus

Plugin Slug:
wp-photo-album-plus

Installations
10,000+

Vulnerability:
Arbitrary File Upload

Patched in Version:
8.7.01.002

Severity Score:
Critical

CVE:

2024-31377

The vulnerability has been patched, so you should update to version 8.7.01.002.

YITH WooCommerce Gift Cards

Plugin:

YITH WooCommerce Gift Cards

Plugin Slug:
yith-woocommerce-gift-cards

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
4.13.0

Severity Score:
Medium

CVE:

2024-0870

The vulnerability has been patched, so you should update to version 4.13.0.

WP SMS – Messaging, SMS & MMS Notifications, 2FA & OTP for WordPress, WooCommerce, GravityForms, etc

Plugin:

WP SMS – Messaging, SMS & MMS Notifications, 2FA & OTP for WordPress, WooCommerce, GravityForms, etc

Plugin Slug:
wp-sms

Installations
9,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
6.5.2

Severity Score:
Medium

CVE:

2024-34811

The vulnerability has been patched, so you should update to version 6.5.2.

Gutenify – Visual Site Builder Blocks & Site Templates.

Plugin:

Gutenify – Visual Site Builder Blocks & Site Templates.

Plugin Slug:
gutenify

Installations
8,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
1.4.1

Severity Score:
Medium

CVE:

2024-35165

The vulnerability has been patched, so you should update to version 1.4.1.

If-So Dynamic Content Personalization

Plugin:

If-So Dynamic Content Personalization

Plugin Slug:
if-so

Installations
8,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.7.1.1

Severity Score:
Medium

CVE:

2024-34820

The vulnerability has been patched, so you should update to version 1.7.1.1.

WordPress Affiliates Plugin — SliceWP Affiliates

Plugin:

WordPress Affiliates Plugin — SliceWP Affiliates

Plugin Slug:
slicewp

Installations
8,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.1.11

Severity Score:
Medium

CVE:

2024-34413

The vulnerability has been patched, so you should update to version 1.1.11.

Shipment Tracking, Tracking, and Order Tracking for WooCommerce – ParcelPanel (Free to install)

Plugin:

Shipment Tracking, Tracking, and Order Tracking for WooCommerce – ParcelPanel (Free to install)

Plugin Slug:
parcelpanel

Installations
7,000+

Vulnerability:
SQL Injection

Patched in Version:
3.9.0

Severity Score:
High

CVE:

2024-34412

The vulnerability has been patched, so you should update to version 3.9.0.

WP Compress – Image Optimizer [All-In-One]

Plugin:

WP Compress – Image Optimizer [All-In-One]

Plugin Slug:
wp-compress-image-optimizer

Installations
7,000+

Vulnerability:
Broken Access Control

Patched in Version:
6.20.02

Severity Score:
Medium

CVE:

2024-4445

The vulnerability has been patched, so you should update to version 6.20.02.

WP Compress – Image Optimizer [All-In-One]

Plugin:

WP Compress – Image Optimizer [All-In-One]

Plugin Slug:
wp-compress-image-optimizer

Installations
7,000+

Vulnerability:
Open Redirection

Patched in Version:
6.20.02

Severity Score:
Medium

CVE:

2023-6812

The vulnerability has been patched, so you should update to version 6.20.02.

Better Elementor Addons

Plugin:

Better Elementor Addons

Plugin Slug:
better-elementor-addons

Installations
6,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.4.5

Severity Score:
Medium

CVE:

2024-34432

The vulnerability has been patched, so you should update to version 1.4.5.

The Best WordPress Knowledgebase and Documentation Plugin – weDocs

Plugin:

The Best WordPress Knowledgebase and Documentation Plugin – weDocs

Plugin Slug:
wedocs

Installations
6,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.1.5

Severity Score:
Medium

CVE:

2024-34442

The vulnerability has been patched, so you should update to version 2.1.5.

WOLF – WordPress Posts Bulk Editor and Manager Professional

Plugin:

WOLF – WordPress Posts Bulk Editor and Manager Professional

Plugin Slug:
bulk-editor

Installations
5,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.0.8.3

Severity Score:
Medium

CVE:

2024-34558

The vulnerability has been patched, so you should update to version 1.0.8.3.

Edwiser Bridge – WordPress Moodle LMS Integration

Plugin:

Edwiser Bridge – WordPress Moodle LMS Integration

Plugin Slug:
edwiser-bridge

Installations
5,000+

Vulnerability:
Privilege Escalation

Patched in Version:
3.0.6

Severity Score:
Critical

CVE:

2024-4186

The vulnerability has been patched, so you should update to version 3.0.6.

Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library )

Plugin:

Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library )

Plugin Slug:
magical-addons-for-elementor

Installations
5,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.1.35

Severity Score:
Medium

CVE:

2024-34547

The vulnerability has been patched, so you should update to version 1.1.35.

Shopping Cart & eCommerce Store

Plugin:

Shopping Cart & eCommerce Store

Plugin Slug:
wp-easycart

Installations
5,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
5.6.5

Severity Score:
Medium

CVE:

2024-4213

The vulnerability has been patched, so you should update to version 5.6.5.

Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler

Plugin:

Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler

Plugin Slug:
cf7-styler

Installations
4,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.6.5

Severity Score:
Medium

CVE:

2024-34826

The vulnerability has been patched, so you should update to version 1.6.5.

3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin

Plugin:

3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin

Plugin Slug:
real3d-flipbook-lite

Installations
4,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.72

Severity Score:
Medium

CVE:

2024-34561

The vulnerability has been patched, so you should update to version 3.72.

Startklar Elementor Addons

Plugin:

Startklar Elementor Addons

Plugin Slug:
startklar-elmentor-forms-extwidgets

Installations
4,000+

Vulnerability:
Arbitrary File Deletion

Patched in Version:
1.7.14

Severity Score:
High

CVE:

2024-4346

The vulnerability has been patched, so you should update to version 1.7.14.

Startklar Elementor Addons

Plugin:

Startklar Elementor Addons

Plugin Slug:
startklar-elmentor-forms-extwidgets

Installations
4,000+

Vulnerability:
Arbitrary File Upload

Patched in Version:
1.7.14

Severity Score:
Critical

CVE:

2024-4345

The vulnerability has been patched, so you should update to version 1.7.14.

Auto Affiliate Links

Plugin:

Auto Affiliate Links

Plugin Slug:
wp-auto-affiliate-links

Installations
4,000+

Vulnerability:
SQL Injection

Patched in Version:
6.4.4

Severity Score:
High

CVE:

2024-34386

The vulnerability has been patched, so you should update to version 6.4.4.

All Bootstrap Blocks

Plugin:

All Bootstrap Blocks

Plugin Slug:
all-bootstrap-blocks

Installations
3,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.3.16

Severity Score:
Medium

CVE:

2024-35169

The vulnerability has been patched, so you should update to version 1.3.16.

Mihdan: Yandex Turbo Feed

Plugin:

Mihdan: Yandex Turbo Feed

Plugin Slug:
mihdan-yandex-turbo-feed

Installations
3,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.6.6

Severity Score:
Medium

CVE:

2024-4411

The vulnerability has been patched, so you should update to version 1.6.6.

Move Addons for Elementor

Plugin:

Move Addons for Elementor

Plugin Slug:
move-addons

Installations
3,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.3.1

Severity Score:
Medium

CVE:

2024-34562

The vulnerability has been patched, so you should update to version 1.3.1.

Shared Files – Advanced File Sharing & Download Manager with Frontend Uploads & Lead Generation

Plugin:

Shared Files – Advanced File Sharing & Download Manager with Frontend Uploads & Lead Generation

Plugin Slug:
shared-files

Installations
3,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.7.20

Severity Score:
Medium

CVE:

2024-34438

The vulnerability has been patched, so you should update to version 1.7.20.

WooCommerce Wishlist (High customization, fast setup,Free Elementor Wishlist, most features)

Plugin:

WooCommerce Wishlist (High customization, fast setup,Free Elementor Wishlist, most features)

Plugin Slug:
smart-wishlist-for-more-convert

Installations
3,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.7.9

Severity Score:
Medium

CVE:

2024-34813

The vulnerability has been patched, so you should update to version 1.7.9.

WooCommerce Wishlist (High customization, fast setup,Free Elementor Wishlist, most features)

Plugin:

WooCommerce Wishlist (High customization, fast setup,Free Elementor Wishlist, most features)

Plugin Slug:
smart-wishlist-for-more-convert

Installations
3,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.7.3

Severity Score:
Medium

CVE:

2024-34819

The vulnerability has been patched, so you should update to version 1.7.3.

iPages Flipbook For WordPress

Plugin:

iPages Flipbook For WordPress

Plugin Slug:
ipages-flipbook

Installations
2,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.5.2

Severity Score:
Medium

CVE:

2024-4744

The vulnerability has been patched, so you should update to version 1.5.2.

ShopBuilder – Elementor WooCommerce Builder Addons

Plugin:

ShopBuilder – Elementor WooCommerce Builder Addons

Plugin Slug:
shopbuilder

Installations
2,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
2.1.9

Severity Score:
Medium

CVE:

2024-34812

The vulnerability has been patched, so you should update to version 2.1.9.

Zotpress

Plugin:

Zotpress

Plugin Slug:
zotpress

Installations
2,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
7.3.10

Severity Score:
Medium

CVE:

2024-34569

The vulnerability has been patched, so you should update to version 7.3.10.

Academy LMS – eLearning and online course solution for WordPress

Plugin:

Academy LMS – eLearning and online course solution for WordPress

Plugin Slug:
academy

Installations
1,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
1.9.26

Severity Score:
Medium

CVE:

2024-35171

The vulnerability has been patched, so you should update to version 1.9.26.

Arigato Autoresponder and Newsletter

Plugin:

Arigato Autoresponder and Newsletter

Plugin Slug:
bft-autoresponder

Installations
1,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.7.2.4

Severity Score:
Medium

CVE:

2024-34823

The vulnerability has been patched, so you should update to version 2.7.2.4.

Church Admin

Plugin:

Church Admin

Plugin Slug:
church-admin

Installations
1,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
4.2.0

Severity Score:
Medium

CVE:

2024-34828

The vulnerability has been patched, so you should update to version 4.2.0.

Contact List – Premium Staff Listing, Business Directory & Address Book

Plugin:

Contact List – Premium Staff Listing, Business Directory & Address Book

Plugin Slug:
contact-list

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.9.88

Severity Score:
Medium

CVE:

2024-34821

The vulnerability has been patched, so you should update to version 2.9.88.

Falang multilanguage for WordPress

Plugin:

Falang multilanguage for WordPress

Plugin Slug:
falang

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.3.50

Severity Score:
Medium

CVE:

2024-4417

The vulnerability has been patched, so you should update to version 1.3.50.

Ghost

Plugin:

Ghost

Plugin Slug:
ghost

Installations
1,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
1.5.0

Severity Score:
High

CVE:

2024-34559

The vulnerability has been patched, so you should update to version 1.5.0.

Gold Addons for Elementor

Plugin:

Gold Addons for Elementor

Plugin Slug:
gold-addons-for-elementor

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.3.0

Severity Score:
Medium

CVE:

2024-34563

The vulnerability has been patched, so you should update to version 1.3.0.

Dynamics 365 Integration

Plugin:

Dynamics 365 Integration

Plugin Slug:
integration-dynamics

Installations
1,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
1.3.18

Severity Score:
Medium

CVE:

2024-34550

The vulnerability has been patched, so you should update to version 1.3.18.

Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms

Plugin:

Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms

Plugin Slug:
integration-for-contact-form-7-and-pipedrive

Installations
1,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.2.1

Severity Score:
Medium

CVE:

2024-34817

The vulnerability has been patched, so you should update to version 1.2.1.

SKT Addons for Elementor

Plugin:

SKT Addons for Elementor

Plugin Slug:
skt-addons-for-elementor

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.9

Severity Score:
Medium

CVE:

2024-34445

The vulnerability has been patched, so you should update to version 1.9.

SKT Addons for Elementor

Plugin:

SKT Addons for Elementor

Plugin Slug:
skt-addons-for-elementor

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.9

Severity Score:
Medium

CVE:

2024-34436

The vulnerability has been patched, so you should update to version 1.9.

Squelch Tabs and Accordions Shortcodes

Plugin:

Squelch Tabs and Accordions Shortcodes

Plugin Slug:
squelch-tabs-and-accordions-shortcodes

Installations
1,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
0.4.8

Severity Score:
Medium

CVE:

2024-4463

The vulnerability has been patched, so you should update to version 0.4.8.

Counter Up – Animated Number Counter & Milestone Showcase

Plugin:

Counter Up – Animated Number Counter & Milestone Showcase

Plugin Slug:
wp-counter-up

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.3.0

Severity Score:
Medium

CVE:

2024-34564

The vulnerability has been patched, so you should update to version 2.3.0.

WP Discourse

Plugin:

WP Discourse

Plugin Slug:
wp-discourse

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.5.2

Severity Score:
Medium

CVE:

2024-35168

The vulnerability has been patched, so you should update to version 2.5.2.

WPCal.io – Easy Meeting Scheduler

Plugin:

WPCal.io – Easy Meeting Scheduler

Plugin Slug:
wpcal

Installations
1,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
0.9.5.9

Severity Score:
Medium

CVE:

2024-34816

The vulnerability has been patched, so you should update to version 0.9.5.9.

Barcode Scanner and Inventory manager. POS (Point of Sale) – scan barcodes & create orders with barcode reader.

Plugin:

Barcode Scanner and Inventory manager. POS (Point of Sale) – scan barcodes & create orders with barcode reader.

Plugin Slug:
barcode-scanner-lite-pos-to-manage-products-inventory-and-orders

Installations
800+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.5.5

Severity Score:
Medium

CVE:

2024-34557

The vulnerability has been patched, so you should update to version 1.5.5.

Barcode Scanner and Inventory manager. POS (Point of Sale) – scan barcodes & create orders with barcode reader.

Plugin:

Barcode Scanner and Inventory manager. POS (Point of Sale) – scan barcodes & create orders with barcode reader.

Plugin Slug:
barcode-scanner-lite-pos-to-manage-products-inventory-and-orders

Installations
800+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
1.5.5

Severity Score:
Medium

CVE:

2024-34556

The vulnerability has been patched, so you should update to version 1.5.5.

Sticky banner

Plugin:

Sticky banner

Plugin Slug:
sticky-banner

Installations
600+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.3.0

Severity Score:
Medium

CVE:

2024-35170

The vulnerability has been patched, so you should update to version 1.3.0.

Joli FAQ SEO – WordPress FAQ Plugin

Plugin:

Joli FAQ SEO – WordPress FAQ Plugin

Plugin Slug:
joli-faq-seo

Installations
400+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.3.3

Severity Score:
Medium

CVE:

2024-4082

The vulnerability has been patched, so you should update to version 1.3.3.

Soccer Engine – Soccer Plugin for WordPress

Plugin:

Soccer Engine – Soccer Plugin for WordPress

Plugin Slug:
soccer-engine-lite

Installations
90+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.13

Severity Score:
Medium

CVE:

2024-4312

The vulnerability has been patched, so you should update to version 1.13.

Hostel

Plugin:

Hostel

Plugin Slug:
hostel

Installations
70+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.1.5.4

Severity Score:
Medium

CVE:

2024-4314

The vulnerability has been patched, so you should update to version 1.1.5.4.

ADFO – Custom data in admin dashboard

Plugin:

ADFO – Custom data in admin dashboard

Plugin Slug:
admin-form

Installations
60+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.9.1

Severity Score:
Medium

CVE:

2024-4103

The vulnerability has been patched, so you should update to version 1.9.1.

ADFO – Custom data in admin dashboard

Plugin:

ADFO – Custom data in admin dashboard

Plugin Slug:
admin-form

Installations
60+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.9.1

Severity Score:
High

CVE:

2024-4104

The vulnerability has been patched, so you should update to version 1.9.1.

Z-Downloads

Plugin:

Z-Downloads

Plugin Slug:
z-downloads

Installations
60+

Vulnerability:
Arbitrary File Upload

Patched in Version:
1.11.4

Severity Score:
Critical

CVE:

2024-34555

The vulnerability has been patched, so you should update to version 1.11.4.

Aiomatic

Plugin:

Aiomatic

Plugin Slug:
aiomatic-automatic-ai-content-writer

Vulnerability:
Broken Access Control

Patched in Version:
1.9.4

Severity Score:
Medium

CVE:

2024-34435

The vulnerability has been patched, so you should update to version 1.9.4.

Breakdance

Plugin:

Breakdance

Plugin Slug:
breakdance

Vulnerability:
Remote Code Execution (RCE)

Patched in Version:
1.7.2

Severity Score:
High

CVE:

2024-4605

The vulnerability has been patched, so you should update to version 1.7.2.

Divi Builder

Plugin:

Divi Builder

Plugin Slug:
divi-builder

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.25.1

Severity Score:
Medium

CVE:

2024-4490

The vulnerability has been patched, so you should update to version 4.25.1.

Fancy Product Designer

Plugin:

Fancy Product Designer

Plugin Slug:
fancy-product-designer

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
6.1.81

Severity Score:
Medium

CVE:

2024-0904

The vulnerability has been patched, so you should update to version 6.1.81.

Porto Theme – Functionality

Plugin:

Porto Theme – Functionality

Plugin Slug:
porto-functionality

Vulnerability:
Local File Inclusion

Patched in Version:
3.1.1

Severity Score:
Medium

CVE:

2024-3808

The vulnerability has been patched, so you should update to version 3.1.1.

Spectra Pro

Plugin:

Spectra Pro

Plugin Slug:
spectra-pro

Vulnerability:
Privilege Escalation

Patched in Version:
1.1.6

Severity Score:
High

CVE:

2024-3828

The vulnerability has been patched, so you should update to version 1.1.6.

Stockholm Core

Plugin:

Stockholm Core

Plugin Slug:
stockholm-core

Vulnerability:
Local File Inclusion

Patched in Version:
2.4.2

Severity Score:
High

CVE:

2024-34554

The vulnerability has been patched, so you should update to version 2.4.2.

Stockholm Core

Plugin:

Stockholm Core

Plugin Slug:
stockholm-core

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.4.2

Severity Score:
High

CVE:

2024-34553

The vulnerability has been patched, so you should update to version 2.4.2.

Unyson

Plugin:

Unyson

Plugin Slug:
unyson

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.7.31

Severity Score:
Medium

CVE:

2024-34814

The vulnerability has been patched, so you should update to version 2.7.31.

WordPress Themes — 16 Patched

Consus

Theme:

Consus

Theme Slug:
consus

Downloads
16,364

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.0.7

Severity Score:
Medium

CVE:

2024-34810

The vulnerability has been patched, so you should update to version 1.0.7.

EmpowerWP

Theme:

EmpowerWP

Theme Slug:
empowerwp

Downloads
219,376

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.0.22

Severity Score:
Medium

CVE:

2024-34809

The vulnerability has been patched, so you should update to version 1.0.22.

Himalayas

Theme:

Himalayas

Theme Slug:
himalayas

Downloads
332,940

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.3.1

Severity Score:
Medium

CVE:

2024-34571

The vulnerability has been patched, so you should update to version 1.3.1.

Ketos

Theme:

Ketos

Theme Slug:
ketos

Downloads
28,703

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.0.6

Severity Score:
Medium

CVE:

2024-34810

The vulnerability has been patched, so you should update to version 1.0.6.

Mindscape

Theme:

Mindscape

Theme Slug:
mindscape

Downloads
41,737

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.0.23

Severity Score:
Medium

CVE:

2024-34810

The vulnerability has been patched, so you should update to version 1.0.23.

Niveau

Theme:

Niveau

Theme Slug:
niveau

Downloads
16,831

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.0.9

Severity Score:
Medium

CVE:

2024-34810

The vulnerability has been patched, so you should update to version 1.0.9.

Oasis

Theme:

Oasis

Theme Slug:
oasis

Downloads
69,511

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.0.13

Severity Score:
Medium

CVE:

2024-34810

The vulnerability has been patched, so you should update to version 1.0.13.

raindrops

Theme:

raindrops

Theme Slug:
raindrops

Downloads
716,615

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.700

Severity Score:
Medium

CVE:

2024-34414

The vulnerability has been patched, so you should update to version 1.700.

Skyline WP

Theme:

Skyline WP

Theme Slug:
skyline-wp

Downloads
169,635

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.0.11

Severity Score:
Medium

CVE:

2024-34810

The vulnerability has been patched, so you should update to version 1.0.11.

Zeka

Theme:

Zeka

Theme Slug:
zeka

Downloads
20,249

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.0.10

Severity Score:
Medium

CVE:

2024-34810

The vulnerability has been patched, so you should update to version 1.0.10.

Divi

Theme:

Divi

Theme Slug:
divi

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.25.1

Severity Score:
Medium

CVE:

2024-4490

The vulnerability has been patched, so you should update to version 4.25.1.

Extra

Theme:

Extra

Theme Slug:
extra

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.25.1

Severity Score:
Medium

CVE:

2024-4490

The vulnerability has been patched, so you should update to version 4.25.1.

Porto

Theme:

Porto

Theme Slug:
porto

Vulnerability:
Local File Inclusion

Patched in Version:
7.1.1

Severity Score:
High

CVE:

2024-3806

The vulnerability has been patched, so you should update to version 7.1.1.

Porto

Theme:

Porto

Theme Slug:
porto

Vulnerability:
Local File Inclusion

Patched in Version:
7.1.1

Severity Score:
Medium

CVE:

2024-3807

The vulnerability has been patched, so you should update to version 7.1.1.

Stockholm

Theme:

Stockholm

Theme Slug:
stockholm

Vulnerability:
Local File Inclusion

Patched in Version:
9.7

Severity Score:
High

CVE:

2024-34552

The vulnerability has been patched, so you should update to version 9.7.

Stockholm

Theme:

Stockholm

Theme Slug:
stockholm

Vulnerability:
Local File Inclusion

Patched in Version:
9.7

Severity Score:
Critical

CVE:

2024-34551

The vulnerability has been patched, so you should update to version 9.7.

window[“27011011_8965_4393_8beb_65720bd4bc69”] = {“blockId”:”27011011-8965-4393-8beb-65720bd4bc69″,”className”:””,”heading”:”Solid Security is part of Solid Suite u2014 The best foundation for WordPress websites.”,”text”:”Every WordPress site needs security, backups, and management tools. Thatu2019s Solid Suite u2014 an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academyu2019s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!”,”buttonText”:”Get Solid Security”,”buttonLink”:”/pricing”,”buttonTarget”:”_self”,”buttonRel”:””};

Solid Security is part of Solid Suite — The best foundation for WordPress websites.

Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!

Get Solid Security

The post WordPress Vulnerability Report — May 15, 2024 appeared first on SolidWP.

Keep reading the article at Blog – SolidWP. The article was originally written by Sarah Ulmer on 2024-05-15 12:21:12.

The article was hand-picked and curated for you by the Editorial Team of WP Archives.

Disclosure: Some of the links in this post are "affiliate links." This means if you click on the link and purchase the product, We may receive an affiliate commission.

Previous Post
Next Post

Related Posts

WordPress Vulnerability Roundup: March , Part 1

WordPress

Customizing WordPress User Roles With Branda

WordPress

20 Best React Dashboard Templates For Killer Applications –

WordPress

Booknetic: WordPress Appointments & Booking –

WordPress

Quickly & Easily Build Popups with WP Popups Pro –

WordPress

How Much Does a Domain Name Really Cost

WordPress

Leave a Comment Cancel Reply
Your email address will not be published. Required fields are marked *
Type here..

Name*

Email*

Website

Save my name, email, and website in this browser for the next time I comment.

Notify me of follow-up comments by email.
Notify me of new posts by email.

Δ

WordPress Vulnerability Report — April 3, 2024
WordPress

In this report, 255 vulnerabilities have been publicly disclosed. Security patches for 178 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 77 plugin vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

Along with poor user account security, vulnerable plugins and themes are among the top reasons why WordPress websites get hacked. Unfortunately, cyberattacks are increasing in volume and sophistication. They’re also increasingly aimed at small to mid-sized businesses.

Table of Contents

1. WordPress Core

2. WordPress Plugins — 175 Patched / 77 Unpatched

2.1
Shortcodes and extra features for Phlox theme

2.2
Easy Social Feed – Social Photos Gallery – Post Feed – Like Box

2.3
PDF Viewer for Elementor

2.4
GetResponse for WordPress

2.5
Better Elementor Addons

2.6
Yoo Slider

2.7
Responsive flipbook

2.8
WP Twitter Mega Fan Box Widget

2.9
Sponsors

2.10
WP-Eggdrop

2.11
WP-Eggdrop

2.12
Broken Images

2.13
Popup Cart Lite for WooCommerce

2.14
Woocommerce Social Media Share Buttons

2.15
WooCommerce Bookings Calendar

2.16
Whizzy

2.17
Whizzy

2.18
Weekly Class Schedule

2.19
10Web Map Builder for Google Maps

2.20
User Rights Access Manager

2.21
Ultimate Social Comments – Email Notification & Lazy Load

2.22
Sticky Anything

2.23
Thumbs Rating

2.24
Tax Rate Upload

2.25
Spin 360 deg and 3D Model Viewer

2.26
SpiderFAQ

2.27
Special Box for Content

2.28
SP Project & Document Manager

2.29
Social Author Bio

2.30
Lightbox slider – Responsive Lightbox Gallery

2.31
Shortcode Addons

2.32
SEO Title Tag

2.33
Prenotazioni

2.34
Post-Plugin Library

2.35
Pocket News Generator

2.36
Pocket News Generator

2.37
Platinum SEO

2.38
pageMash > Page Management

2.39
Oxygen Builder

2.40
OpenID

2.41
News Wall

2.42
New Order Notification for Woocommerce

2.43
Lordicon Animated Icons

2.44
Kanban Boards for WordPress

2.45
Mighty Classic Pros And Cons

2.46
IP Blocker Lite

2.47
iFlyChat – WordPress Chat

2.48
HeartThis

2.49
Header Image Slider

2.50
Responsive Image Gallery, Gallery Album

2.51
Responsive Image Gallery, Gallery Album

2.52
Filter Custom Fields & Taxonomies Light

2.53
WP ERP

2.54
WP ERP

2.55
WP ERP

2.56
EnvíaloSimple

2.57
DX-Watermark

2.58
Hacklog Down As PDF

2.59
DD Rating

2.60
Custom Field Bulk Editor

2.61
Convert Post Types

2.62
Contact Forms by Cimatti

2.63
Contact Form 7 Newsletter

2.64
Comic Easel

2.65
Christmas Greetings

2.66
Chauffeur Taxi Booking System for WordPress

2.67
Change default login logo,url and title

2.68
CGC Maintenance Mode

2.69
Carousel Anything For WPBakery Page Builder

2.70
Button

2.71
Breakdance

2.72
Appointment Calendar

2.73
All In One Redirection

2.74
AI Twitter Feeds (Twitter widget & shortcode)

2.75
Aesop Story Engine

2.76
AdsPlace’r – Ad Manager, Inserter, AdSense Ads

2.77
Add Shortcodes Actions And Filters

2.78
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders

2.79
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders

2.80
All-In-One Security (AIOS) – Security and Firewall

2.81
ElementsKit Elementor addons

2.82
ElementsKit Elementor addons

2.83
Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress

2.84
Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress

2.85
Forminator – Contact Form, Payment Form & Custom Form Builder

2.86
Page Builder Gutenberg Blocks – CoBlocks

2.87
Gutenberg Blocks by Kadence Blocks – Page Builder Features

2.88
Gutenberg Blocks by Kadence Blocks – Page Builder Features

2.89
MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor

2.90
Newsletter – Send awesome emails from WordPress

2.91
Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE

2.92
CMP – Coming Soon & Maintenance Plugin by NiteoThemes

2.93
Jeg Elementor Kit

2.94
Unlimited Elements For Elementor (Free Widgets, Addons, Templates)

2.95
WooCommerce Cart Abandonment Recovery

2.96
Elementor Addon Elements

2.97
Elementor Addon Elements

2.98
Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)

2.99
Beaver Builder – WordPress Page Builder

2.100
Beaver Builder – WordPress Page Builder

2.101
Colibri Page Builder

2.102
Download Monitor

2.103
Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates

2.104
Genesis Blocks

2.105
List category posts

2.106
Meta Tag Manager

2.107
Page Builder: Pagelayer – Drag and Drop website builder

2.108
Pods – Custom Content Types and Fields

2.109
Pods – Custom Content Types and Fields

2.110
Pods – Custom Content Types and Fields

2.111
PowerPack Addons for Elementor (Free Widgets, Extensions and Templates)

2.112
PowerPack Addons for Elementor (Free Widgets, Extensions and Templates)

2.113
Social Icons Widget & Block by WPZOOM

2.114
Stackable – Page Builder Gutenberg Blocks

2.115
Template Kit – Import

2.116
WooCommerce Multilingual & Multicurrency with WPML

2.117
HUSKY – Products Filter Professional for WooCommerce

2.118
HUSKY – Products Filter Professional for WooCommerce

2.119
WP Chat App

2.120
Events Manager – Calendar, Bookings, Tickets, and more!

2.121
Events Manager – Calendar, Bookings, Tickets, and more!

2.122
Events Manager – Calendar, Bookings, Tickets, and more!

2.123
Events Manager – Calendar, Bookings, Tickets, and more!

2.124
Sydney Toolbox

2.125
BoldGrid Easy SEO – Simple and Effective SEO

2.126
Media Library Assistant

2.127
Export and Import Users and Customers

2.128
underConstruction

2.129
FOX – Currency Switcher Professional for WooCommerce

2.130
WP-Members Membership Plugin

2.131
WordPress Infinite Scroll – Ajax Load More

2.132
Bold Page Builder

2.133
Hubbub Lite – Fast, Reliable Social Sharing Buttons

2.134
Hubbub Lite – Fast, Reliable Social Sharing Buttons

2.135
WPFront User Role Editor

2.136
Email Newsletter, Marketing, Email Automation and CRM Plugin for WordPress by FluentCRM

2.137
Klarna Payments for WooCommerce

2.138
Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks

2.139
SecuPress Free — WordPress Security

2.140
Pz-LinkCard

2.141
Pz-LinkCard

2.142
Themify – WooCommerce Product Filter

2.143
Themify – WooCommerce Product Filter

2.144
Themify – WooCommerce Product Filter

2.145
Ultimate Addons for Beaver Builder – Lite

2.146
BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net

2.147
Brave – Create Popup, Optins, Lead Generation, Survey, Sticky Elements & Interactive Content

2.148
Easy Appointments

2.149
Easy Appointments

2.150
Ecwid Ecommerce Shopping Cart

2.151
MP3 Audio Player for Music, Radio & Podcast by Sonaar

2.152
MP3 Audio Player for Music, Radio & Podcast by Sonaar

2.153
My Calendar

2.154
ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization

2.155
weForms – Easy Drag & Drop Contact Form Builder For WordPress

2.156
WordPress File Upload

2.157
Awesome Support – WordPress HelpDesk & Support Plugin

2.158
Booking Package

2.159
Favorites

2.160
GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress

2.161
GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress

2.162
LWS Optimize

2.163
Mailster WordPress Newsletter Plugin Compatibility Tester

2.164
Mang Board WP

2.165
MasterStudy LMS WordPress Plugin – for Online Courses and Education

2.166
MasterStudy LMS WordPress Plugin – for Online Courses and Education

2.167
Author Box, Guest Author and Co-Authors for Your Posts – Molongui

2.168
Landing Page Builder – Coming Soon page, Maintenance Mode, Lead Page, WordPress Landing Pages

2.169
SellKit – Funnel builder and checkout optimizer for WooCommerce to sell more, faster

2.170
Simple Revisions Delete

2.171
VS Contact Form

2.172
WP Travel Engine – Best Travel Booking WordPress Plugin

2.173
WP Travel Engine – Best Travel Booking WordPress Plugin

2.174
140+ Widgets | Best Addons For Elementor – FREE

2.175
Media Library Folders

2.176
WP Hotel Booking

2.177
WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc

2.178
Collect.chat – Chatbot ??

2.179
Finale Lite – Sales Countdown Timer & Discount for WooCommerce

2.180
Hash Elements

2.181
ProfileGrid – User Profiles, Memberships, Groups and Communities

2.182
ProfileGrid – User Profiles, Memberships, Groups and Communities

2.183
ProfileGrid – User Profiles, Memberships, Groups and Communities

2.184
The Plus Blocks for Block Editor | Gutenberg

2.185
wp-forecast

2.186
Announce from the Dashboard

2.187
Better Elementor Addons

2.188
MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution

2.189
JCH Optimize

2.190
Nelio Content – Best Editorial Calendar & Social Media Scheduling

2.191
Salon booking system

2.192
Sliced Invoices – WordPress Invoice Plugin

2.193
Beaver Builder Addons by WPZOOM

2.194
Booking Activities

2.195
Paid Memberships Pro – Mailchimp Add On

2.196
B Slider – Slider for your block editor

2.197
Slugs Manager: Delete Old Permalinks from WordPress Database

2.198
Custom WooCommerce Checkout Fields Editor

2.199
Builderall Builder for WordPress

2.200
CubeWP – All-in-One Dynamic Content Framework

2.201
Landingi Landing Pages

2.202
Move Addons for Elementor

2.203
Spiffy Calendar

2.204
Spiffy Calendar

2.205
Themify Event Post

2.206
Product Sort and Display for WooCommerce

2.207
CRM Perks Forms – WordPress Form Builder

2.208
CRM Perks Forms – WordPress Form Builder

2.209
CRM Perks Forms – WordPress Form Builder

2.210
Layouts for Elementor

2.211
WP Responsive Tabs horizontal vertical and accordion Tabs

2.212
RT Easy Builder – Advanced addons for Elementor

2.213
WP Express Checkout (Accept PayPal Payments Easily)

2.214
WPC Badge Management for WooCommerce

2.215
WordPress Page Builder – Zion Builder

2.216
Zotpress

2.217
AI WP Writer – ?????????????? ????? ChatGPT 3.5, GPT 4 ? ????????????? ?????? ??????????

2.218
Announcement & Notification Banner – Bulletin

2.219
Geo Controller

2.220
Church Admin

2.221
Church Admin

2.222
Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Competition Plugin for WordPress

2.223
Creative Addons for Elementor

2.224
WPCS – WordPress Currency Switcher Professional

2.225
Easy Form Builder

2.226
Falang multilanguage for WordPress

2.227
FG PrestaShop to WooCommerce

2.228
A WordPress Testimonial Plugin to Showcase Testimonial Slider, Testimonial Grid and More: Solid Testimonials

2.229
Web Icons

2.230
OSS Aliyun

2.231
Paid Memberships Pro – Payfast Gateway Add On

2.232
Print Page block – Print the entire page or Section.

2.233
OpenStreetMap for Gutenberg and WPBakery Page Builder (formerly Visual Composer)

2.234
Tainacan

2.235
Tumult Hype Animations

2.236
Tumult Hype Animations

2.237
Webinar and Video Conference with Jitsi Meet – Create Branded Webinars for WordPress, Meetings & Livestreaming

2.238
WholesaleX – WooCommerce Wholesale Plugin (Wholesale Prices, Dynamic Pricing, Tiered Pricing)

2.239
Sharkdropship Dropshipping & Affiliate for for AliExpress

2.240
WordPress CRM Plugin – WP-CRM System

2.241
MDTF – Meta Data and Taxonomies Filter

2.242
DELUCKS SEO

2.243
Creative Image Slider – Responsive Slider Plugin

2.244
YITH WooCommerce Account Funds Premium

2.245
WP Cost Estimation & Payment Forms Builder

2.246
Wholesale For WooCommerce

2.247
Slider by Supsystic

2.248
REHub Framework

2.249
Limit Attempts by BestWebSoft

2.250
LayerSlider

2.251
WP ERP

2.252
Calendarista Basic Edition

3. WordPress Themes — 3 Patched / 0 Unpatched

3.1
Rehub

3.2
Rehub

3.3
Rehub

Our WordPress Vulnerability Report covers the latest emerging WordPress plugin, theme, and core vulnerabilities. Each vulnerability will have a severity rating of Low, Medium, High, or Critical. Responsible disclosure of vulnerabilities is essential to keeping the WordPress community safe. Please share this report to help spread the word and make WordPress — and the web — more secure.

WordPress Core

WordPress 6.5 “Regina” was released on April 2, 2024, as the first major release of 2024. With the new release, you can add and manage fonts across your site, get more from your revisions, play with enhanced background and shadow tools, discover new Data Views, and so much more.

Following a major release, you should not update live sites without first taking backups and testing the update in a non-production environment.

No new core vulnerabilities were disclosed this week.

WordPress Plugins — 175 Patched / 77 Unpatched

Plugin Slug:
auxin-elements

Installations
100,000+

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
easy-facebook-likebox

Installations
50,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
pdf-viewer-for-elementor

Installations
50,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
getresponse-integration

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
better-elementor-addons

Installations
6,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Yoo Slider

Plugin Slug:
yoo-slider

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Responsive flipbook

Plugin Slug:
wppdf

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

WP Twitter Mega Fan Box Widget

Plugin Slug:
wp-twitter-mega-fan-box

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Sponsors

Plugin Slug:
wp-sponsors

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

WP-Eggdrop

Plugin Slug:
wp-eggdrop

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

WP-Eggdrop

Plugin Slug:
wp-eggdrop

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Broken Images

Plugin Slug:
wp-broken-images

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Popup Cart Lite for WooCommerce

Plugin Slug:
woocommerce-woocart-popup-lite

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Woocommerce Social Media Share Buttons

Plugin Slug:
woocommerce-social-media-share-buttons

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

WooCommerce Bookings Calendar

Plugin Slug:
woo-bookings-calendar

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Whizzy

Plugin Slug:
whizzy

Vulnerability:
Insecure Direct Object References (IDOR)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Whizzy

Plugin Slug:
whizzy

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Weekly Class Schedule

Plugin Slug:
weekly-class-schedule

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

10Web Map Builder for Google Maps

Plugin Slug:
wd-google-maps

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin:

User Rights Access Manager

Plugin Slug:
user-rights-access-manager

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Ultimate Social Comments – Email Notification & Lazy Load

Plugin Slug:
ultimate-facebook-comments

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Sticky Anything

Plugin Slug:
toast-stick-anything

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Thumbs Rating

Plugin Slug:
thumbs-rating

Vulnerability:
Insecure Direct Object References (IDOR)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Tax Rate Upload

Plugin Slug:
tax-rate-upload

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Spin 360 deg and 3D Model Viewer

Plugin Slug:
spin360

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

SpiderFAQ

Plugin Slug:
spider-faq

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Special Box for Content

Plugin Slug:
special-box-for-content

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

SP Project & Document Manager

Plugin Slug:
sp-client-document-manager

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Social Author Bio

Plugin Slug:
social-autho-bio

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Lightbox slider – Responsive Lightbox Gallery

Plugin Slug:
simple-lightbox-gallery

Vulnerability:
PHP Object Injection

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Shortcode Addons

Plugin Slug:
shortcode-addons

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

SEO Title Tag

Plugin Slug:
seo-title-tag

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Prenotazioni

Plugin Slug:
prenotazioni

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Post-Plugin Library

Plugin Slug:
post-plugin-library

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Pocket News Generator

Plugin Slug:
pocket-news-generator

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Pocket News Generator

Plugin Slug:
pocket-news-generator

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Platinum SEO

Plugin Slug:
platinum-seo-pack

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

pageMash > Page Management

Plugin Slug:
pagemash

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Oxygen Builder

Plugin Slug:
oxygen

Vulnerability:
Remote Code Execution (RCE)

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

OpenID

Plugin Slug:
openid

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

News Wall

Plugin Slug:
news-wall

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

New Order Notification for Woocommerce

Plugin Slug:
new-order-notification-for-woocommerce

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Lordicon Animated Icons

Plugin Slug:
lordicon-interactive-icons

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Kanban Boards for WordPress

Plugin Slug:
kanban

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Mighty Classic Pros And Cons

Plugin Slug:
joomdev-wp-pros-cons

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

IP Blocker Lite

Plugin Slug:
ip-address-blocker

Vulnerability:
Bypass Vulnerability

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

iFlyChat – WordPress Chat

Plugin Slug:
iflychat

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

HeartThis

Plugin Slug:
heart-this

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Header Image Slider

Plugin Slug:
header-image-slider

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Responsive Image Gallery, Gallery Album

Plugin Slug:
gallery-album

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Responsive Image Gallery, Gallery Album

Plugin Slug:
gallery-album

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Filter Custom Fields & Taxonomies Light

Plugin Slug:
filter-custom-fields-taxonomies-light

Vulnerability:
PHP Object Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin:

WP ERP

Plugin Slug:
erp

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin:

WP ERP

Plugin Slug:
erp

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin:

WP ERP

Plugin Slug:
erp

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

EnvíaloSimple

Plugin Slug:
envialosimple-email-marketing-y-newsletters-gratis

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

DX-Watermark

Plugin Slug:
dx-watermark

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

Hacklog Down As PDF

Plugin Slug:
down-as-pdf

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

DD Rating

Plugin Slug:
dd-rating

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Custom Field Bulk Editor

Plugin Slug:
custom-field-bulk-editor

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Convert Post Types

Plugin Slug:
convert-post-types

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Contact Forms by Cimatti

Plugin Slug:
contact-forms

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Contact Form 7 Newsletter

Plugin Slug:
contact-form-7-newsletter

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Comic Easel

Plugin Slug:
comic-easel

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Christmas Greetings

Plugin Slug:
christmas-greetings

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Chauffeur Taxi Booking System for WordPress

Plugin Slug:
chauffeur-booking-system

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

Change default login logo,url and title

Plugin Slug:
change-default-login-logo-url-and-title

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

CGC Maintenance Mode

Plugin Slug:
cgc-maintenance-mode

Vulnerability:
Bypass Vulnerability

Patched in Version:
No Fix

Severity Score:
Low

Plugin:

Carousel Anything For WPBakery Page Builder

Plugin Slug:
carousel-anything

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Button

Plugin Slug:
button

Vulnerability:
PHP Object Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Breakdance

Plugin Slug:
breakdance

Vulnerability:
Remote Code Execution (RCE)

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

Appointment Calendar

Plugin Slug:
appointment-calendar

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

All In One Redirection

Plugin Slug:
all-in-one-redirection-404-pages-list

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

AI Twitter Feeds (Twitter widget & shortcode)

Plugin Slug:
ai-twitter-feeds

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Aesop Story Engine

Plugin Slug:
aesop-story-engine

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

AdsPlace’r – Ad Manager, Inserter, AdSense Ads

Plugin Slug:
adsplacer

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Add Shortcodes Actions And Filters

Plugin Slug:
add-actions-and-filters

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
essential-addons-for-elementor-lite

Installations
2,000,000+

Vulnerability:
PHP Object Injection

Patched in Version:
5.9.14

Severity Score:
High

Plugin Slug:
essential-addons-for-elementor-lite

Installations
2,000,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
5.9.14

Severity Score:
Medium

Plugin Slug:
all-in-one-wp-security-and-firewall

Installations
1,000,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
5.2.7

Severity Score:
Medium

Plugin Slug:
elementskit-lite

Installations
1,000,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.0.7

Severity Score:
Medium

Plugin Slug:
elementskit-lite

Installations
1,000,000+

Vulnerability:
Local File Inclusion

Patched in Version:
3.0.7

Severity Score:
High

Plugin Slug:
ninja-forms

Installations
800,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
3.8.1

Severity Score:
Medium

Plugin Slug:
ninja-forms

Installations
800,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.8.1

Severity Score:
Medium

Plugin Slug:
forminator

Installations
500,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.29.1

Severity Score:
High

Plugin Slug:
coblocks

Installations
400,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.1.7

Severity Score:
Medium

Plugin Slug:
kadence-blocks

Installations
400,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.2.18

Severity Score:
Medium

Plugin Slug:
kadence-blocks

Installations
400,000+

Vulnerability:
Server Side Request Forgery (SSRF)

Patched in Version:
3.2.26

Severity Score:
Medium

Plugin Slug:
metform

Installations
300,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.8.6

Severity Score:
Medium

Plugin Slug:
newsletter

Installations
300,000+

Vulnerability:
Bypass Vulnerability

Patched in Version:
8.2.1

Severity Score:
Medium

Plugin Slug:
otter-blocks

Installations
300,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.6.6

Severity Score:
Medium

Plugin Slug:
cmp-coming-soon-maintenance

Installations
200,000+

Vulnerability:
Server Side Request Forgery (SSRF)

Patched in Version:
4.1.11

Severity Score:
Medium

Plugin Slug:
jeg-elementor-kit

Installations
200,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.6.4

Severity Score:
Medium

Plugin Slug:
unlimited-elements-for-elementor

Installations
200,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.5.97

Severity Score:
Medium

Plugin Slug:
woo-cart-abandonment-recovery

Installations
200,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.2.27

Severity Score:
Medium

Plugin Slug:
addon-elements-for-elementor-page-builder

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.13.2

Severity Score:
Medium

Plugin Slug:
addon-elements-for-elementor-page-builder

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.13.3

Severity Score:
Medium

Plugin Slug:
bdthemes-element-pack-lite

Installations
100,000+

Vulnerability:
SQL Injection

Patched in Version:
5.5.4

Severity Score:
High

Plugin Slug:
beaver-builder-lite-version

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.8.0.7

Severity Score:
Medium

Plugin Slug:
beaver-builder-lite-version

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.7.4.5

Severity Score:
Medium

Plugin Slug:
colibri-page-builder

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.0.270

Severity Score:
Medium

Plugin Slug:
download-monitor

Installations
100,000+

Vulnerability:
SQL Injection

Patched in Version:
4.9.5

Severity Score:
High

Plugin Slug:
essential-blocks

Installations
100,000+

Vulnerability:
Broken Access Control

Patched in Version:
4.4.10

Severity Score:
Medium

Plugin Slug:
genesis-blocks

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.1.3

Severity Score:
Medium

Plugin Slug:
list-category-posts

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
0.89.7

Severity Score:
Medium

Plugin Slug:
meta-tag-manager

Installations
100,000+

Vulnerability:
PHP Object Injection

Patched in Version:
3.1

Severity Score:
High

Plugin Slug:
pagelayer

Installations
100,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.8.2

Severity Score:
Medium

Plugin Slug:
pods

Installations
100,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.0.10.2

Severity Score:
Medium

Plugin Slug:
pods

Installations
100,000+

Vulnerability:
SQL Injection

Patched in Version:
3.0.10.2

Severity Score:
High

Plugin Slug:
pods

Installations
100,000+

Vulnerability:
Remote Code Execution (RCE)

Patched in Version:
3.0.10.2

Severity Score:
Critical

Plugin Slug:
powerpack-lite-for-elementor

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.7.18

Severity Score:
Medium

Plugin Slug:
powerpack-lite-for-elementor

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.7.19

Severity Score:
Medium

Plugin Slug:
social-icons-widget-by-wpzoom

Installations
100,000+

Vulnerability:
Broken Access Control

Patched in Version:
4.2.16

Severity Score:
Medium

Plugin Slug:
stackable-ultimate-gutenberg-blocks

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.12.12

Severity Score:
Medium

Plugin Slug:
template-kit-import

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.0.15

Severity Score:
Medium

Plugin Slug:
woocommerce-multilingual

Installations
100,000+

Vulnerability:
Broken Access Control

Patched in Version:
5.3.5

Severity Score:
Medium

Plugin Slug:
woocommerce-products-filter

Installations
100,000+

Vulnerability:
Local File Inclusion

Patched in Version:
1.3.5.3

Severity Score:
Medium

Plugin Slug:
woocommerce-products-filter

Installations
100,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.3.5.2

Severity Score:
Medium

Plugin Slug:
wp-whatsapp

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.6.3

Severity Score:
Medium

Plugin Slug:
events-manager

Installations
90,000+

Vulnerability:
Broken Access Control

Patched in Version:
6.4.7

Severity Score:
Medium

Plugin Slug:
events-manager

Installations
90,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
6.4.7.2

Severity Score:
Medium

Plugin Slug:
events-manager

Installations
90,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
6.4.7.2

Severity Score:
Medium

Plugin Slug:
events-manager

Installations
90,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
6.4.7.2

Severity Score:
Medium

Plugin Slug:
sydney-toolbox

Installations
80,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.27

Severity Score:
Medium

Plugin Slug:
boldgrid-easy-seo

Installations
70,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.6.14

Severity Score:
Medium

Plugin Slug:
media-library-assistant

Installations
70,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.14

Severity Score:
Medium

Plugin Slug:
users-customers-import-export-for-wp-woocommerce

Installations
70,000+

Vulnerability:
Path Traversal

Patched in Version:
2.5.3

Severity Score:
Medium

Plugin Slug:
underconstruction

Installations
60,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.22

Severity Score:
Medium

Plugin Slug:
woocommerce-currency-switcher

Installations
60,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.4.1.8

Severity Score:
Medium

Plugin Slug:
wp-members

Installations
60,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.4.9.3

Severity Score:
High

Plugin Slug:
ajax-load-more

Installations
50,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
7.0.2

Severity Score:
Medium

Plugin Slug:
bold-page-builder

Installations
50,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.8.1

Severity Score:
Medium

Plugin Slug:
social-pug

Installations
50,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
1.33.1

Severity Score:
Medium

Plugin Slug:
social-pug

Installations
50,000+

Vulnerability:
PHP Object Injection

Patched in Version:
1.33.2

Severity Score:
High

Plugin Slug:
wpfront-user-role-editor

Installations
50,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
4.1.0

Severity Score:
Medium

Plugin Slug:
fluent-crm

Installations
40,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.8.45

Severity Score:
Medium

Plugin Slug:
klarna-payments-for-woocommerce

Installations
40,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.3.0

Severity Score:
Medium

Plugin Slug:
post-grid

Installations
40,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.2.76

Severity Score:
High

Plugin Slug:
secupress

Installations
40,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.2.5.2

Severity Score:
Medium

Plugin Slug:
pz-linkcard

Installations
30,000+

Vulnerability:
Server Side Request Forgery (SSRF)

Patched in Version:
2.5.3

Severity Score:
Medium

Plugin Slug:
pz-linkcard

Installations
30,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.5.3

Severity Score:
Medium

Plugin Slug:
themify-wc-product-filter

Installations
30,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.4.4

Severity Score:
Medium

Plugin Slug:
themify-wc-product-filter

Installations
30,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.4.4

Severity Score:
High

Plugin Slug:
themify-wc-product-filter

Installations
30,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.4.4

Severity Score:
Medium

Plugin Slug:
ultimate-addons-for-beaver-builder-lite

Installations
30,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.5.8

Severity Score:
Medium

Plugin Slug:
woo-bulk-editor

Installations
30,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.1.4.4

Severity Score:
Medium

Plugin Slug:
brave-popup-builder

Installations
20,000+

Vulnerability:
Server Side Request Forgery (SSRF)

Patched in Version:
0.6.6

Severity Score:
Medium

Plugin Slug:
easy-appointments

Installations
20,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.11.19

Severity Score:
Medium

Plugin Slug:
easy-appointments

Installations
20,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.11.19

Severity Score:
Medium

Plugin Slug:
ecwid-shopping-cart

Installations
20,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
6.12.11

Severity Score:
Medium

Plugin Slug:
mp3-music-player-by-sonaar

Installations
20,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
5.1.1

Severity Score:
Medium

Plugin Slug:
mp3-music-player-by-sonaar

Installations
20,000+

Vulnerability:
Broken Access Control

Patched in Version:
5.1.1

Severity Score:
High

Plugin Slug:
my-calendar

Installations
20,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.4.24

Severity Score:
Medium

Plugin Slug:
shortpixel-adaptive-images

Installations
20,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.8.3

Severity Score:
Medium

Plugin Slug:
weforms

Installations
20,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.6.21

Severity Score:
Low

Plugin Slug:
wp-file-upload

Installations
20,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.24.6

Severity Score:
Medium

Plugin Slug:
awesome-support

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
6.1.8

Severity Score:
Medium

Plugin Slug:
booking-package

Installations
10,000+

Vulnerability:
Other Vulnerability Type

Patched in Version:
1.6.29

Severity Score:
High

Plugin Slug:
favorites

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.3.4

Severity Score:
Medium

Plugin Slug:
gamipress

Installations
10,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
6.8.6

Severity Score:
Medium

Plugin Slug:
gamipress

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
6.9.1

Severity Score:
Medium

Plugin Slug:
lws-optimize

Installations
10,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.0

Severity Score:
Medium

Plugin Slug:
mailster

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.0.7

Severity Score:
High

Plugin Slug:
mangboard

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.8.1

Severity Score:
High

Plugin Slug:
masterstudy-lms-learning-management-system

Installations
10,000+

Vulnerability:
Privilege Escalation

Patched in Version:
3.3.2

Severity Score:
Critical

Plugin Slug:
masterstudy-lms-learning-management-system

Installations
10,000+

Vulnerability:
Local File Inclusion

Patched in Version:
3.3.1

Severity Score:
Critical

Plugin Slug:
molongui-authorship

Installations
10,000+

Vulnerability:
Insecure Direct Object References (IDOR)

Patched in Version:
4.7.8

Severity Score:
Low

Plugin Slug:
page-builder-add

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.5.1.8

Severity Score:
Medium

Plugin Slug:
sellkit

Installations
10,000+

Vulnerability:
Arbitrary File Download

Patched in Version:
1.8.3

Severity Score:
Medium

Plugin Slug:
simple-revisions-delete

Installations
10,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.5.4

Severity Score:
Medium

Plugin Slug:
very-simple-contact-form

Installations
10,000+

Vulnerability:
Bypass Vulnerability

Patched in Version:
14.8

Severity Score:
Medium

Plugin Slug:
wp-travel-engine

Installations
10,000+

Vulnerability:
SQL Injection

Patched in Version:
5.8.0

Severity Score:
High

Plugin Slug:
wp-travel-engine

Installations
10,000+

Vulnerability:
SQL Injection

Patched in Version:
5.8.0

Severity Score:
Critical

Plugin Slug:
xpro-elementor-addons

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.4.3

Severity Score:
Medium

Plugin Slug:
media-library-plus

Installations
9,000+

Vulnerability:
SQL Injection

Patched in Version:
8.1.8

Severity Score:
High

Plugin Slug:
wp-hotel-booking

Installations
9,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.0.9.3

Severity Score:
Medium

Plugin Slug:
wp-sms

Installations
9,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
6.6.3

Severity Score:
Medium

Plugin Slug:
collectchat

Installations
8,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.4.2

Severity Score:
Medium

Plugin Slug:
finale-woocommerce-sales-countdown-timer-discount

Installations
7,000+

Vulnerability:
Remote Code Execution (RCE)

Patched in Version:
2.18.1

Severity Score:
High

Plugin Slug:
hash-elements

Installations
7,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.3.4

Severity Score:
Medium

Plugin Slug:
profilegrid-user-profiles-groups-and-communities

Installations
7,000+

Vulnerability:
Insecure Direct Object References (IDOR)

Patched in Version:
5.7.3

Severity Score:
Medium

Plugin Slug:
profilegrid-user-profiles-groups-and-communities

Installations
7,000+

Vulnerability:
SQL Injection

Patched in Version:
5.7.9

Severity Score:
High

Plugin Slug:
profilegrid-user-profiles-groups-and-communities

Installations
7,000+

Vulnerability:
SQL Injection

Patched in Version:
5.7.9

Severity Score:
Critical

Plugin Slug:
the-plus-addons-for-block-editor

Installations
7,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.2.6

Severity Score:
High

Plugin Slug:
wp-forecast

Installations
7,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
9.3

Severity Score:
Medium

Plugin Slug:
announce-from-the-dashboard

Installations
6,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.5.3

Severity Score:
Medium

Plugin Slug:
better-elementor-addons

Installations
6,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.3.8

Severity Score:
Medium

Plugin Slug:
dc-woocommerce-multi-vendor

Installations
6,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.1.4

Severity Score:
Medium

Plugin Slug:
jch-optimize

Installations
6,000+

Vulnerability:
Broken Access Control

Patched in Version:
4.0.1

Severity Score:
Medium

Plugin Slug:
nelio-content

Installations
6,000+

Vulnerability:
Server Side Request Forgery (SSRF)

Patched in Version:
3.2.1

Severity Score:
Medium

Plugin Slug:
salon-booking-system

Installations
6,000+

Vulnerability:
Arbitrary File Upload

Patched in Version:
9.5.1

Severity Score:
Critical

Plugin Slug:
sliced-invoices

Installations
6,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.9.3

Severity Score:
Medium

Plugin Slug:
wpzoom-addons-for-beaver-builder

Installations
6,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.3.5

Severity Score:
Medium

Plugin Slug:
booking-activities

Installations
5,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.15.20

Severity Score:
High

Plugin Slug:
pmpro-mailchimp

Installations
5,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
2.3.5

Severity Score:
Medium

Plugin Slug:
b-slider

Installations
4,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.1.13

Severity Score:
Medium

Plugin Slug:
remove-old-slugspermalinks

Installations
4,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.7.0

Severity Score:
Medium

Plugin Slug:
add-fields-to-checkout-page-woocommerce

Installations
3,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.3.1

Severity Score:
Medium

Plugin Slug:
builderall-cheetah-for-wp

Installations
3,000+

Vulnerability:
Server Side Request Forgery (SSRF)

Patched in Version:
2.0.2

Severity Score:
Medium

Plugin Slug:
cubewp-framework

Installations
3,000+

Vulnerability:
Arbitrary File Upload

Patched in Version:
1.1.13

Severity Score:
Critical

Plugin Slug:
landingi-landing-pages

Installations
3,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
3.1.2

Severity Score:
Medium

Plugin Slug:
move-addons

Installations
3,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.3.0

Severity Score:
Medium

Plugin Slug:
spiffy-calendar

Installations
3,000+

Vulnerability:
Broken Access Control

Patched in Version:
4.9.11

Severity Score:
Medium

Plugin Slug:
spiffy-calendar

Installations
3,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.9.10

Severity Score:
Medium

Plugin Slug:
themify-event-post

Installations
3,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.2.8

Severity Score:
Medium

Plugin Slug:
woocommerce-product-sort-and-display

Installations
3,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.4.2

Severity Score:
Medium

Plugin Slug:
crm-perks-forms

Installations
2,000+

Vulnerability:
SQL Injection

Patched in Version:
1.1.5

Severity Score:
High

Plugin Slug:
crm-perks-forms

Installations
2,000+

Vulnerability:
SQL Injection

Patched in Version:
1.1.5

Severity Score:
Critical

Plugin Slug:
crm-perks-forms

Installations
2,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.1.5

Severity Score:
Medium

Plugin Slug:
layouts-for-elementor

Installations
2,000+

Vulnerability:
Arbitrary File Upload

Patched in Version:
1.8

Severity Score:
High

Plugin Slug:
responsive-horizontal-vertical-and-accordion-tabs

Installations
2,000+

Vulnerability:
SQL Injection

Patched in Version:
1.1.18

Severity Score:
High

Plugin Slug:
rt-easy-builder-advanced-addons-for-elementor

Installations
2,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.1

Severity Score:
Medium

Plugin Slug:
wp-express-checkout

Installations
2,000+

Vulnerability:
Other Vulnerability Type

Patched in Version:
2.3.8

Severity Score:
High

Plugin Slug:
wpc-badge-management

Installations
2,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.4.1

Severity Score:
Medium

Plugin Slug:
zionbuilder

Installations
2,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.6.10

Severity Score:
Medium

Plugin Slug:
zotpress

Installations
2,000+

Vulnerability:
SQL Injection

Patched in Version:
7.3.8

Severity Score:
High

Plugin Slug:
ai-wp-writer

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.6.5.6

Severity Score:
Medium

Plugin Slug:
bulletin-announcements

Installations
1,000+

Vulnerability:
SQL Injection

Patched in Version:
3.9.0

Severity Score:
High

Plugin Slug:
cf-geoplugin

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
8.6.5

Severity Score:
Medium

Plugin Slug:
church-admin

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
4.1.19

Severity Score:
Medium

Plugin Slug:
church-admin

Installations
1,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
4.1.8

Severity Score:
Medium

Plugin Slug:
contest-gallery

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
21.3.6

Severity Score:
High

Plugin Slug:
creative-addons-for-elementor

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.6.0

Severity Score:
Medium

Plugin Slug:
currency-switcher

Installations
1,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.2.0.2

Severity Score:
Medium

Plugin Slug:
easy-form-builder

Installations
1,000+

Vulnerability:
SQL Injection

Patched in Version:
3.7.5

Severity Score:
High

Plugin Slug:
falang

Installations
1,000+

Vulnerability:
SQL Injection

Patched in Version:
1.3.48

Severity Score:
High

Plugin Slug:
fg-prestashop-to-woocommerce

Installations
1,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
4.47.0

Severity Score:
Medium

Plugin Slug:
gs-testimonial

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.1.5

Severity Score:
Medium

Plugin Slug:
icon

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.0.0.11

Severity Score:
Medium

Plugin Slug:
oss-aliyun

Installations
1,000+

Vulnerability:
SQL Injection

Patched in Version:
1.4.11

Severity Score:
High

Plugin Slug:
pmpro-payfast

Installations
1,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
1.4.2

Severity Score:
Medium

Plugin Slug:
print-page

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.0.9

Severity Score:
Medium

Plugin Slug:
stepbyteservice-openstreetmap

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.1.2

Severity Score:
Medium

Plugin Slug:
tainacan

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
0.20.8

Severity Score:
Medium

Plugin Slug:
tumult-hype-animations

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.9.12

Severity Score:
High

Plugin Slug:
tumult-hype-animations

Installations
1,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.9.12

Severity Score:
Medium

Plugin Slug:
webinar-and-video-conference-with-jitsi-meet

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.6.4

Severity Score:
Medium

Plugin Slug:
wholesalex

Installations
1,000+

Vulnerability:
Privilege Escalation

Patched in Version:
1.3.3

Severity Score:
Critical

Plugin Slug:
wooshark-aliexpress-importer

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.2.5

Severity Score:
Medium

Plugin Slug:
wp-crm-system

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.2.9.1

Severity Score:
Medium

Plugin Slug:
wp-meta-data-filter-and-taxonomy-filter

Installations
1,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.3.3.2

Severity Score:
Medium

Plugin Slug:
delucks-seo

Installations
600+

Vulnerability:
Broken Access Control

Patched in Version:
2.5.5

Severity Score:
Medium

Plugin Slug:
creative-image-slider

Installations
500+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.5.0

Severity Score:
High

Plugin:

YITH WooCommerce Account Funds Premium

Plugin Slug:
yith-woocommerce-account-funds-premium

Vulnerability:
Broken Access Control

Patched in Version:
1.34.0

Severity Score:
Medium

Plugin:

WP Cost Estimation & Payment Forms Builder

Plugin Slug:
wp-estimation-form

Vulnerability:
SQL Injection

Patched in Version:
10.1.76

Severity Score:
High

Plugin:

Wholesale For WooCommerce

Plugin Slug:
woocommerce-wholesale-pricing

Vulnerability:
Sensitive Data Exposure

Patched in Version:
2.3.1

Severity Score:
Medium

Plugin:

Slider by Supsystic

Plugin Slug:
slider-by-supsystic

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.8.11

Severity Score:
Medium

Plugin:

REHub Framework

Plugin Slug:
rehub-framework

Vulnerability:
SQL Injection

Patched in Version:
19.6.2

Severity Score:
High

Plugin:

Limit Attempts by BestWebSoft

Plugin Slug:
limit-attempts

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.3.0

Severity Score:
High

Plugin:

LayerSlider

Plugin Slug:
layerslider

Vulnerability:
SQL Injection

Patched in Version:
7.10.1

Severity Score:
Critical

Plugin:

WP ERP

Plugin Slug:
erp

Vulnerability:
SQL Injection

Patched in Version:
1.30.0

Severity Score:
High

Plugin:

Calendarista Basic Edition

Plugin Slug:
calendarista-basic-edition

Vulnerability:
Broken Access Control

Patched in Version:
3.0.6

Severity Score:
Medium

WordPress Themes — 3 Patched / 0 Unpatched

Theme:

Rehub

Theme Slug:
rehub-theme

Vulnerability:
SQL Injection

Patched in Version:
19.6.2

Severity Score:
High

Theme:

Rehub

Theme Slug:
rehub-theme

Vulnerability:
Local File Inclusion

Patched in Version:
19.6.2

Severity Score:
High

Theme:

Rehub

Theme Slug:
rehub-theme

Vulnerability:
Local File Inclusion

Patched in Version:
19.6.2

Severity Score:
Critical

Solid Security is part of Solid Suite — The best foundation for WordPress websites.

Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!

Get Solid Security

Keep reading the article at Blog – SolidWP. The article was originally written by Sarah Ulmer on 2024-04-03 11:59:26.

The article was hand-picked and curated for you by the Editorial Team of WP Archives.

Disclosure: Some of the links in this post are "affiliate links." This means if you click on the link and purchase the product, We may receive an affiliate commission.

Previous Post
Next Post

Related Posts

WordPress Vulnerability Roundup: March , Part 1

WordPress

Customizing WordPress User Roles With Branda

WordPress

20 Best React Dashboard Templates For Killer Applications –

WordPress

Booknetic: WordPress Appointments & Booking –

WordPress

Quickly & Easily Build Popups with WP Popups Pro –

WordPress

How Much Does a Domain Name Really Cost

WordPress

Leave a Comment Cancel Reply
Your email address will not be published. Required fields are marked *
Type here..

Name*

Email*

Website

Save my name, email, and website in this browser for the next time I comment.

Notify me of follow-up comments by email.
Notify me of new posts by email.

Δ

WordPress Vulnerability Report — April 10, 2024
WordPress

In this report, 200 vulnerabilities have been publicly disclosed. Security patches for 182 of these plugins, themes, and Core are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 18 plugin vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

Along with poor user account security, vulnerable plugins and themes are among the top reasons why WordPress websites get hacked. Unfortunately, cyberattacks are increasing in volume and sophistication. They’re also increasingly aimed at small to mid-sized businesses.

Table of Contents

1. WordPress Core

1.1
WordPress Core

2. WordPress Plugins — 177 Patched / 18 Unpatched

2.1
User Activity Log

2.2
Slideshow Gallery LITE

2.3
Slideshow Gallery LITE

2.4
Slideshow Gallery LITE

2.5
MM-email2image

2.6
MM-email2image

2.7
Bannerlid

2.8
Auto Poster

2.9
Breakdance

2.10
CGC Maintenance Mode

2.11
Passster – Password Protection

2.12
Easy Login Styler – White Label Admin Login Page for WordPress

2.13
EnvíaloSimple

2.14
Font Farsi

2.15
Global Elementor Buttons

2.16
Gradient Text Widget for Elementor

2.17
Oxygen Builder

2.18
WordPress Gallery Exporter

2.19
WooCommerce

2.20
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders

2.21
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders

2.22
ElementsKit Elementor addons

2.23
ElementsKit Elementor addons

2.24
File Manager

2.25
Ocean Extra

2.26
Premium Addons for Elementor

2.27
BackWPup – WordPress Backup Plugin

2.28
Spectra – WordPress Gutenberg Blocks

2.29
Forminator – Contact Form, Payment Form & Custom Form Builder

2.30
Forminator – Contact Form, Payment Form & Custom Form Builder

2.31
WordPress Gallery Plugin – NextGEN Gallery

2.32
Page Builder Gutenberg Blocks – CoBlocks

2.33
Gutenberg Blocks by Kadence Blocks – Page Builder Features

2.34
Gutenberg Blocks by Kadence Blocks – Page Builder Features

2.35
Gutenberg Blocks by Kadence Blocks – Page Builder Features

2.36
CMB2

2.37
MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor

2.38
Royal Elementor Addons and Templates

2.39
Jeg Elementor Kit

2.40
Photo Gallery by 10Web – Mobile-Friendly Image Gallery

2.41
Post Views Counter

2.42
Responsive Lightbox & Gallery

2.43
WooCommerce Cart Abandonment Recovery

2.44
Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)

2.45
Beaver Builder – WordPress Page Builder

2.46
Colibri Page Builder

2.47
Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates

2.48
Best WordPress Gallery Plugin – FooGallery

2.49
Genesis Blocks

2.50
Inline Related Posts

2.51
PowerPack Addons for Elementor (Free Widgets, Extensions and Templates)

2.52
PowerPack Addons for Elementor (Free Widgets, Extensions and Templates)

2.53
Relevanssi – A Better Search

2.54
Relevanssi – A Better Search

2.55
Template Kit – Import

2.56
Tracking Code Manager

2.57
Advanced Order Export For WooCommerce

2.58
ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor)

2.59
ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor)

2.60
Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce

2.61
Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce

2.62
EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor

2.63
EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor

2.64
EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor

2.65
Flexible Checkout Fields for WooCommerce – WooCommerce Checkout Manager

2.66
LearnPress – WordPress LMS Plugin

2.67
LearnPress – WordPress LMS Plugin

2.68
LearnPress – WordPress LMS Plugin

2.69
Sydney Toolbox

2.70
BoldGrid Easy SEO – Simple and Effective SEO

2.71
WordPress Tag and Category Manager – AI Autotagger

2.72
Carousel, Slider, Gallery by WP Carousel – Image Carousel & Photo Gallery, Post Carousel & Post Grid, Product Carousel & Product Grid for WooCommerce

2.73
WP-Members Membership Plugin

2.74
Bold Page Builder

2.75
Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy)

2.76
Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy)

2.77
FancyBox for WordPress

2.78
RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator

2.79
Image Watermark

2.80
WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels

2.81
User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor

2.82
Hubbub Lite – Fast, Reliable Social Sharing Buttons

2.83
WPFront User Role Editor

2.84
ConvertKit – Email Newsletter, Email Marketing, Subscribers and Landing Pages

2.85
SecuPress Free — WordPress Security

2.86
Post Grid Gutenberg Blocks and WordPress News Plugin – PostX

2.87
WP Import Export Lite

2.88
Easy Google Maps

2.89
Sumo – Boost Conversion and Sales

2.90
Themify – WooCommerce Product Filter

2.91
Themify – WooCommerce Product Filter

2.92
Themify – WooCommerce Product Filter

2.93
Ultimate Addons for Beaver Builder – Lite

2.94
All-in-One Video Gallery

2.95
Ecwid Ecommerce Shopping Cart

2.96
MP3 Audio Player for Music, Radio & Podcast by Sonaar

2.97
My Calendar

2.98
Powerkit – Supercharge your WordPress Site

2.99
ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization

2.100
WordPress File Upload

2.101
BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin

2.102
BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin

2.103
bunny.net – WordPress CDN Plugin

2.104
Captcha by BestWebSoft – Spam Protection, Security Plugin for WordPress Forms

2.105
Classified Listing – Classified ads & Business Directory Plugin

2.106
Classified Listing – Classified ads & Business Directory Plugin

2.107
Contact Form Email

2.108
Favorites

2.109
LifterLMS – WordPress LMS Plugin for eLearning

2.110
MailMunch – Grow your Email List

2.111
MasterStudy LMS WordPress Plugin – for Online Courses and Education

2.112
s2Member – Best Membership Plugin for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions

2.113
Subscribe To Comments Reloaded

2.114
Ultimate Maps by Supsystic

2.115
WP Photo Album Plus

2.116
WP Server Health Stats

2.117
Media Library Folders

2.118
WordPress Backup & Migration

2.119
Announcer – Sticky Message Banner, Notification Bar – Add to Top, Bottom of your Website

2.120
Generate Child Theme

2.121
LearnPress Export Import – WordPress extension for LearnPress

2.122
WPvivid Backup for MainWP

2.123
ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup

2.124
ProfileGrid – User Profiles, Memberships, Groups and Communities

2.125
ProfileGrid – User Profiles, Memberships, Groups and Communities

2.126
Announce from the Dashboard

2.127
MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution

2.128
WordPress Tooltips

2.129
WP Sort Order

2.130
Edwiser Bridge – WordPress Moodle LMS Integration

2.131
JS Help Desk – Best Help Desk & Support Plugin

2.132
WP-Stateless – Google Cloud Storage

2.133
Advanced Local Pickup for WooCommerce

2.134
Custom post types, Custom Fields & more

2.135
Community by PeepSo – Social Network, Membership, Registration, User Profiles

2.136
Watu Quiz

2.137
Watu Quiz

2.138
WordPress Comments Import & Export

2.139
EventPrime – Events Calendar, Bookings and Tickets

2.140
Products, Order & Customers Export for WooCommerce

2.141
Import XML and RSS Feeds

2.142
Modal Popup Box – Popup Builder, Show Offers And News in Popup

2.143
Multiple Page Generator Plugin – MPG

2.144
WP OAuth Server (OAuth Authentication)

2.145
Premmerce Product Filter for WooCommerce

2.146
Super Testimonials

2.147
Product Sort and Display for WooCommerce

2.148
WP Directory Kit

2.149
Contact Form, Survey & Popup Form Plugin for WordPress – ARForms Form Builder

2.150
Contact Form, Survey & Popup Form Plugin for WordPress – ARForms Form Builder

2.151
Smart Online Order for Clover

2.152
Form to Chat App ??

2.153
Masteriyo LMS – eLearning and Online Course Builder for WordPress

2.154
Loan Repayment Calculator and Application Form

2.155
SearchIQ – The Search Solution

2.156
User Spam Remover

2.157
WooCommerce Checkout Field Editor (Checkout Manager)

2.158
App Builder – Create Native Android & iOS Apps On The Flight

2.159
AppPresser – Mobile App Framework

2.160
Benchmark Email Lite

2.161
Church Admin

2.162
Church Admin

2.163
Creative Addons for Elementor

2.164
ELEX WooCommerce Dynamic Pricing and Discounts

2.165
ELEX WooCommerce Dynamic Pricing and Discounts

2.166
WP Poll Maker – Best WordPress Poll Plugin for Voting Contest

2.167
FG Drupal to WordPress

2.168
Formsite | Embed online forms to collect orders, registrations, leads, and surveys

2.169
Nudgify Social Proof, Sales Popup & FOMO – Best WordPress Social Proof Plugin

2.170
Product Designer

2.171
ReDi Restaurant Reservation

2.172
Sign-up Sheets

2.173
Transcoder

2.174
Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider

2.175
RapidLoad 2.2 – Speed Monster in One Plugin

2.176
Sharkdropship Dropshipping & Affiliate for for AliExpress

2.177
WordPress Webinar Plugin – WebinarPress

2.178
WP2LEADS | WordPress und KlickTipp einfach verbinden – WooCommerce und KlickTipp einfach verbinden

2.179
5 star review funnel for Google Reviews, Trustpilot, ProvenExpert and more | RRatingg

2.180
AWP Classifieds

2.181
Beaver Themer

2.182
Bricksforge

2.183
Bricksforge

2.184
Bricksforge

2.185
Demo My WordPress

2.186
Easy Social Share Buttons

2.187
Easy Social Share Buttons

2.188
LayerSlider

2.189
REHub Framework

2.190
Relevanssi Premium

2.191
Relevanssi Premium

2.192
Slider Revolution

2.193
Wholesale For WooCommerce

2.194
WPB Show Core

2.195
WPB Show Core

3. WordPress Themes — 4 Patched / 0 Unpatched

3.1
Hello Elementor

3.2
Rehub

3.3
Rehub

3.4
Rehub

Our WordPress Vulnerability Report covers the latest emerging WordPress plugin, theme, and core vulnerabilities. Each vulnerability will have a severity rating of Low, Medium, High, or Critical. Responsible disclosure of vulnerabilities is essential to keeping the WordPress community safe. Please share this report to help spread the word and make WordPress — and the web — more secure.

WordPress Core

WordPress 6.5.2 was released on April 9, 2024, as a short-cycle security and maintenance release. This release features 2 bug fixes on Core, 12 bug fixes for the Block editor, and 1 security fix. Because this is a security release, it is recommended that you update your sites immediately.

The next major release will be version 6.6 planned for July 16, 2024.

Vulnerability:
Sensitive Data Exposure

Patched in Version:
6.5

Severity Score:
Medium

WordPress Plugins — 177 Patched / 18 Unpatched

Plugin Slug:
user-activity-log

Installations
10,000+

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
slideshow-gallery

Installations
9,000+

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
slideshow-gallery

Installations
9,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
slideshow-gallery

Installations
9,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
mm-email2image

Installations
20+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
mm-email2image

Installations
20+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
bannerlid

Installations
10+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Auto Poster

Plugin Slug:
auto-poster

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

Breakdance

Plugin Slug:
breakdance

Vulnerability:
Remote Code Execution (RCE)

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

CGC Maintenance Mode

Plugin Slug:
cgc-maintenance-mode

Vulnerability:
Sensitive Data Exposure

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Passster – Password Protection

Plugin Slug:
content-protector

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Easy Login Styler – White Label Admin Login Page for WordPress

Plugin Slug:
easy-login-styler

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

EnvíaloSimple

Plugin Slug:
envialosimple-email-marketing-y-newsletters-gratis

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

Font Farsi

Plugin Slug:
font-farsi

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Global Elementor Buttons

Plugin Slug:
global-elementor-buttons

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Gradient Text Widget for Elementor

Plugin Slug:
gradient-text-widget-for-elementor

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Oxygen Builder

Plugin Slug:
oxygen

Vulnerability:
Remote Code Execution (RCE)

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

WordPress Gallery Exporter

Plugin Slug:
wp-gallery-exporter

Vulnerability:
Arbitrary File Download

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
woocommerce

Installations
5,000,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
8.6.0

Severity Score:
Medium

Plugin Slug:
essential-addons-for-elementor-lite

Installations
2,000,000+

Vulnerability:
PHP Object Injection

Patched in Version:
5.9.14

Severity Score:
High

Plugin Slug:
essential-addons-for-elementor-lite

Installations
2,000,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
5.9.14

Severity Score:
Medium

Plugin Slug:
elementskit-lite

Installations
1,000,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.1.0

Severity Score:
Medium

Plugin Slug:
elementskit-lite

Installations
1,000,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.0.7

Severity Score:
Medium

Plugin Slug:
wp-file-manager

Installations
1,000,000+

Vulnerability:
Path Traversal

Patched in Version:
7.2.6

Severity Score:
Medium

Plugin Slug:
ocean-extra

Installations
700,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.2.7

Severity Score:
Medium

Plugin Slug:
premium-addons-for-elementor

Installations
700,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
4.10.23

Severity Score:
Medium

Plugin Slug:
backwpup

Installations
600,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
4.0.4

Severity Score:
Medium

Plugin Slug:
ultimate-addons-for-gutenberg

Installations
600,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.10.4

Severity Score:
Medium

Plugin Slug:
forminator

Installations
500,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.29.3

Severity Score:
Medium

Plugin Slug:
forminator

Installations
500,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.29.1

Severity Score:
High

Plugin Slug:
nextgen-gallery

Installations
500,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.59.1

Severity Score:
Medium

Plugin Slug:
coblocks

Installations
400,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.1.7

Severity Score:
Medium

Plugin Slug:
kadence-blocks

Installations
400,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.2.26

Severity Score:
Medium

Plugin Slug:
kadence-blocks

Installations
400,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.2.32

Severity Score:
Medium

Plugin Slug:
kadence-blocks

Installations
400,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.2.18

Severity Score:
Medium

Plugin Slug:
cmb2

Installations
300,000+

Vulnerability:
PHP Object Injection

Patched in Version:
2.11.0

Severity Score:
High

Plugin Slug:
metform

Installations
300,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.8.6

Severity Score:
Medium

Plugin Slug:
royal-elementor-addons

Installations
300,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.3.95

Severity Score:
Medium

Plugin Slug:
jeg-elementor-kit

Installations
200,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.6.4

Severity Score:
Medium

Plugin Slug:
photo-gallery

Installations
200,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.8.22

Severity Score:
Medium

Plugin Slug:
post-views-counter

Installations
200,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.4.5

Severity Score:
Medium

Plugin Slug:
responsive-lightbox

Installations
200,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.4.7

Severity Score:
Medium

Plugin Slug:
woo-cart-abandonment-recovery

Installations
200,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.2.27

Severity Score:
Medium

Plugin Slug:
bdthemes-element-pack-lite

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
5.3.3

Severity Score:
Medium

Plugin Slug:
beaver-builder-lite-version

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.8.0.7

Severity Score:
Medium

Plugin Slug:
colibri-page-builder

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.0.270

Severity Score:
Medium

Plugin Slug:
essential-blocks

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.5.4

Severity Score:
Medium

Plugin Slug:
foogallery

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.4.15

Severity Score:
Medium

Plugin Slug:
genesis-blocks

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.1.3

Severity Score:
Medium

Plugin Slug:
intelly-related-posts

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.5.0

Severity Score:
Medium

Plugin Slug:
powerpack-lite-for-elementor

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.7.18

Severity Score:
Medium

Plugin Slug:
powerpack-lite-for-elementor

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.7.19

Severity Score:
Medium

Plugin Slug:
relevanssi

Installations
100,000+

Vulnerability:
Broken Access Control

Patched in Version:
4.22.2

Severity Score:
Medium

Plugin Slug:
relevanssi

Installations
100,000+

Vulnerability:
CSV Injection

Patched in Version:
4.22.2

Severity Score:
Medium

Plugin Slug:
template-kit-import

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.0.15

Severity Score:
Medium

Plugin Slug:
tracking-code-manager

Installations
100,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.2.0

Severity Score:
Medium

Plugin Slug:
woo-order-export-lite

Installations
100,000+

Vulnerability:
Remote Code Execution (RCE)

Patched in Version:
3.4.5

Severity Score:
Critical

Plugin Slug:
woolentor-addons

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.8.5

Severity Score:
Medium

Plugin Slug:
woolentor-addons

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.8.4

Severity Score:
Medium

Plugin Slug:
email-subscribers

Installations
90,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
5.7.16

Severity Score:
Medium

Plugin Slug:
email-subscribers

Installations
90,000+

Vulnerability:
Broken Access Control

Patched in Version:
5.7.14

Severity Score:
Medium

Plugin Slug:
embedpress

Installations
90,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.9.15

Severity Score:
Medium

Plugin Slug:
embedpress

Installations
90,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.9.9

Severity Score:
Medium

Plugin Slug:
embedpress

Installations
90,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.9.12

Severity Score:
Medium

Plugin Slug:
flexible-checkout-fields

Installations
90,000+

Vulnerability:
Broken Access Control

Patched in Version:
4.1.3

Severity Score:
Medium

Plugin Slug:
learnpress

Installations
90,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
4.0.1

Severity Score:
High

Plugin Slug:
learnpress

Installations
90,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.2.6.4

Severity Score:
Medium

Plugin Slug:
learnpress

Installations
90,000+

Vulnerability:
Insecure Direct Object References (IDOR)

Patched in Version:
4.2.6.4

Severity Score:
Medium

Plugin Slug:
sydney-toolbox

Installations
80,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.29

Severity Score:
Medium

Plugin Slug:
boldgrid-easy-seo

Installations
70,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
1.6.15

Severity Score:
Medium

Plugin Slug:
simple-tags

Installations
60,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.20.0

Severity Score:
Medium

Plugin Slug:
wp-carousel-free

Installations
60,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.6.4

Severity Score:
Medium

Plugin Slug:
wp-members

Installations
60,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.4.9.3

Severity Score:
High

Plugin Slug:
bold-page-builder

Installations
50,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.8.9

Severity Score:
Medium

Plugin Slug:
easy-digital-downloads

Installations
50,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
3.2.7

Severity Score:
Medium

Plugin Slug:
easy-digital-downloads

Installations
50,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
3.2.10

Severity Score:
Medium

Plugin Slug:
fancybox-for-wordpress

Installations
50,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.3.4

Severity Score:
Medium

Plugin Slug:
feedzy-rss-feeds

Installations
50,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.3.4

Severity Score:
Medium

Plugin Slug:
image-watermark

Installations
50,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.7.4

Severity Score:
Medium

Plugin Slug:
print-invoices-packing-slip-labels-for-woocommerce

Installations
50,000+

Vulnerability:
Broken Access Control

Patched in Version:
4.4.3

Severity Score:
Medium

Plugin Slug:
profile-builder

Installations
50,000+

Vulnerability:
Bypass Vulnerability

Patched in Version:
3.11.3

Severity Score:
Medium

Plugin Slug:
social-pug

Installations
50,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
1.33.1

Severity Score:
Medium

Plugin Slug:
wpfront-user-role-editor

Installations
50,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
4.1.0

Severity Score:
Medium

Plugin Slug:
convertkit

Installations
40,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
2.4.6

Severity Score:
Medium

Plugin Slug:
secupress

Installations
40,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.2.5.2

Severity Score:
Medium

Plugin Slug:
ultimate-post

Installations
40,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.2.4

Severity Score:
Medium

Plugin Slug:
wp-import-export-lite

Installations
40,000+

Vulnerability:
PHP Object Injection

Patched in Version:
3.9.27

Severity Score:
Medium

Plugin Slug:
google-maps-easy

Installations
30,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.11.12

Severity Score:
Medium

Plugin Slug:
sumome

Installations
30,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.35

Severity Score:
Low

Plugin Slug:
themify-wc-product-filter

Installations
30,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.4.4

Severity Score:
Medium

Plugin Slug:
themify-wc-product-filter

Installations
30,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.4.4

Severity Score:
High

Plugin Slug:
themify-wc-product-filter

Installations
30,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.4.4

Severity Score:
Medium

Plugin Slug:
ultimate-addons-for-beaver-builder-lite

Installations
30,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.5.8

Severity Score:
Medium

Plugin Slug:
all-in-one-video-gallery

Installations
20,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.6.0

Severity Score:
Medium

Plugin Slug:
ecwid-shopping-cart

Installations
20,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
6.12.11

Severity Score:
Medium

Plugin Slug:
mp3-music-player-by-sonaar

Installations
20,000+

Vulnerability:
Arbitrary File Download

Patched in Version:
5.0

Severity Score:
High

Plugin Slug:
my-calendar

Installations
20,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.4.24

Severity Score:
Medium

Plugin Slug:
powerkit

Installations
20,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.9.2

Severity Score:
Medium

Plugin Slug:
shortpixel-adaptive-images

Installations
20,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.8.3

Severity Score:
Medium

Plugin Slug:
wp-file-upload

Installations
20,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.24.6

Severity Score:
Medium

Plugin Slug:
bookingpress-appointment-booking

Installations
10,000+

Vulnerability:
Insecure Direct Object References (IDOR)

Patched in Version:
1.0.82

Severity Score:
Medium

Plugin Slug:
bookingpress-appointment-booking

Installations
10,000+

Vulnerability:
Arbitrary File Upload

Patched in Version:
1.0.88

Severity Score:
Medium

Plugin Slug:
bunnycdn

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.0.2

Severity Score:
Medium

Plugin Slug:
captcha-bws

Installations
10,000+

Vulnerability:
Bypass Vulnerability

Patched in Version:
5.2.1

Severity Score:
Medium

Plugin Slug:
classified-listing

Installations
10,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
3.0.5

Severity Score:
High

Plugin Slug:
classified-listing

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.0.5

Severity Score:
Medium

Plugin Slug:
contact-form-to-email

Installations
10,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
1.3.45

Severity Score:
Medium

Plugin Slug:
favorites

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.3.4

Severity Score:
Medium

Plugin Slug:
lifterlms

Installations
10,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
7.5.1

Severity Score:
Medium

Plugin Slug:
mailmunch

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.1.7

Severity Score:
Medium

Plugin Slug:
masterstudy-lms-learning-management-system

Installations
10,000+

Vulnerability:
Local File Inclusion

Patched in Version:
3.3.4

Severity Score:
Critical

Plugin Slug:
s2member

Installations
10,000+

Vulnerability:
Privilege Escalation

Patched in Version:
240325

Severity Score:
High

Plugin Slug:
subscribe-to-comments-reloaded

Installations
10,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
240119

Severity Score:
Medium

Plugin Slug:
ultimate-maps-by-supsystic

Installations
10,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.2.17

Severity Score:
Medium

Plugin Slug:
wp-photo-album-plus

Installations
10,000+

Vulnerability:
Arbitrary File Upload

Patched in Version:
8.6.03.005

Severity Score:
Critical

Plugin Slug:
wp-server-stats

Installations
10,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.7.4

Severity Score:
Medium

Plugin Slug:
media-library-plus

Installations
9,000+

Vulnerability:
Directory Traversal

Patched in Version:
8.1.9

Severity Score:
Medium

Plugin Slug:
wp-migration-duplicator

Installations
9,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
1.4.8

Severity Score:
Low

Plugin Slug:
announcer

Installations
8,000+

Vulnerability:
Broken Access Control

Patched in Version:
6.0.1

Severity Score:
Medium

Plugin Slug:
generate-child-theme

Installations
8,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.0.1

Severity Score:
Medium

Plugin Slug:
learnpress-import-export

Installations
8,000+

Vulnerability:
SQL Injection

Patched in Version:
4.0.4

Severity Score:
High

Plugin Slug:
wpvivid-backup-mainwp

Installations
8,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
0.9.34

Severity Score:
Medium

Plugin Slug:
armember-membership

Installations
7,000+

Vulnerability:
Directory Traversal

Patched in Version:
4.0.28

Severity Score:
Medium

Plugin Slug:
profilegrid-user-profiles-groups-and-communities

Installations
7,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
5.7.9

Severity Score:
Medium

Plugin Slug:
profilegrid-user-profiles-groups-and-communities

Installations
7,000+

Vulnerability:
Insecure Direct Object References (IDOR)

Patched in Version:
5.7.7

Severity Score:
Medium

Plugin Slug:
announce-from-the-dashboard

Installations
6,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.5.3

Severity Score:
Medium

Plugin Slug:
dc-woocommerce-multi-vendor

Installations
6,000+

Vulnerability:
Broken Access Control

Patched in Version:
4.1.4

Severity Score:
High

Plugin Slug:
wordpress-tooltips

Installations
6,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
9.5.9

Severity Score:
High

Plugin Slug:
wp-sort-order

Installations
6,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.3.2

Severity Score:
Medium

Plugin Slug:
edwiser-bridge

Installations
5,000+

Vulnerability:
SQL Injection

Patched in Version:
3.0.4

Severity Score:
High

Plugin Slug:
js-support-ticket

Installations
5,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.8.4

Severity Score:
Medium

Plugin Slug:
wp-stateless

Installations
5,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.4.1

Severity Score:
High

Plugin Slug:
advanced-local-pickup-for-woocommerce

Installations
4,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.6.3

Severity Score:
High

Plugin Slug:
custom-post-types

Installations
4,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
5.0.5

Severity Score:
Medium

Plugin Slug:
peepso-core

Installations
4,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
6.3.1.2

Severity Score:
Medium

Plugin Slug:
watu

Installations
4,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.4.1.1

Severity Score:
Medium

Plugin Slug:
watu

Installations
4,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
3.4.1.1

Severity Score:
Medium

Plugin Slug:
comments-import-export-woocommerce

Installations
3,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.3.6

Severity Score:
Medium

Plugin Slug:
eventprime-event-calendar-management

Installations
3,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.3.5

Severity Score:
High

Plugin Slug:
export-woocommerce

Installations
3,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.0.9

Severity Score:
Medium

Plugin Slug:
import-xml-feed

Installations
3,000+

Vulnerability:
Arbitrary File Upload

Patched in Version:
2.1.6

Severity Score:
High

Plugin Slug:
modal-popup-box

Installations
3,000+

Vulnerability:
PHP Object Injection

Patched in Version:
1.5.3

Severity Score:
High

Plugin Slug:
multiple-pages-generator-by-porthas

Installations
3,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
3.4.1

Severity Score:
Medium

Plugin Slug:
oauth2-provider

Installations
3,000+

Vulnerability:
Open Redirection

Patched in Version:
4.4.0

Severity Score:
Medium

Plugin Slug:
premmerce-woocommerce-product-filter

Installations
3,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.7.3

Severity Score:
Medium

Plugin Slug:
super-testimonial

Installations
3,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.0.6

Severity Score:
Medium

Plugin Slug:
woocommerce-product-sort-and-display

Installations
3,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.4.2

Severity Score:
Medium

Plugin Slug:
wpdirectorykit

Installations
3,000+

Vulnerability:
SQL Injection

Patched in Version:
1.3.1

Severity Score:
High

Plugin Slug:
arforms-form-builder

Installations
2,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.6.2

Severity Score:
Medium

Plugin Slug:
arforms-form-builder

Installations
2,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.6.2

Severity Score:
High

Plugin Slug:
clover-online-orders

Installations
2,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.5.6

Severity Score:
Medium

Plugin Slug:
form-to-chat

Installations
2,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.1.7

Severity Score:
Medium

Plugin Slug:
learning-management-system

Installations
2,000+

Vulnerability:
Privilege Escalation

Patched in Version:
1.7.3

Severity Score:
Critical

Plugin Slug:
quick-interest-slider

Installations
2,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.9.5

Severity Score:
Medium

Plugin Slug:
searchiq

Installations
2,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
4.6

Severity Score:
High

Plugin Slug:
user-spam-remover

Installations
2,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
1.1

Severity Score:
Medium

Plugin Slug:
woo-checkout-regsiter-field-editor

Installations
2,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.1.9

Severity Score:
Medium

Plugin Slug:
app-builder

Installations
1,000+

Vulnerability:
Open Redirection

Patched in Version:
3.8.8

Severity Score:
Medium

Plugin Slug:
apppresser

Installations
1,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
4.3.1

Severity Score:
Medium

Plugin Slug:
benchmark-email-lite

Installations
1,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
4.2

Severity Score:
Medium

Plugin Slug:
church-admin

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
4.1.7

Severity Score:
Medium

Plugin Slug:
church-admin

Installations
1,000+

Vulnerability:
Arbitrary File Upload

Patched in Version:
4.1.6

Severity Score:
Critical

Plugin Slug:
creative-addons-for-elementor

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.6.0

Severity Score:
Medium

Plugin Slug:
elex-woocommerce-dynamic-pricing-and-discounts

Installations
1,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.1.3

Severity Score:
Medium

Plugin Slug:
elex-woocommerce-dynamic-pricing-and-discounts

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.1.3

Severity Score:
High

Plugin Slug:
epoll-wp-voting

Installations
1,000+

Vulnerability:
Arbitrary File Deletion

Patched in Version:
3.4

Severity Score:
High

Plugin Slug:
fg-drupal-to-wp

Installations
1,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
3.71.0

Severity Score:
Medium

Plugin Slug:
formsite

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.7

Severity Score:
Medium

Plugin Slug:
nudgify

Installations
1,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.3.4

Severity Score:
Medium

Plugin Slug:
product-designer

Installations
1,000+

Vulnerability:
PHP Object Injection

Patched in Version:
1.0.33

Severity Score:
High

Plugin Slug:
redi-restaurant-reservation

Installations
1,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
24.0303

Severity Score:
High

Plugin Slug:
sign-up-sheets

Installations
1,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.2.12

Severity Score:
Medium

Plugin Slug:
transcoder

Installations
1,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.3.6

Severity Score:
Medium

Plugin Slug:
ultimate-store-kit

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.6.0

Severity Score:
Medium

Plugin Slug:
unusedcss

Installations
1,000+

Vulnerability:
Server Side Request Forgery (SSRF)

Patched in Version:
2.2.12

Severity Score:
High

Plugin Slug:
wooshark-aliexpress-importer

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.2.5

Severity Score:
Medium

Plugin Slug:
wp-webinarsystem

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.33.10

Severity Score:
High

Plugin Slug:
wp2leads

Installations
100+

Vulnerability:
Broken Access Control

Patched in Version:
3.2.8

Severity Score:
Medium

Plugin Slug:
5-stars-rating-funnel

Installations
30+

Vulnerability:
Arbitrary Content Deletion

Patched in Version:
1.3.02

Severity Score:
High

Plugin:

AWP Classifieds

Plugin Slug:
another-wordpress-classifieds-plugin

Vulnerability:
Broken Access Control

Patched in Version:
4.3.2

Severity Score:
Medium

Plugin:

Beaver Themer

Plugin Slug:
beaver-themer

Vulnerability:
Sensitive Data Exposure

Patched in Version:
1.4.9.1

Severity Score:
Medium

Plugin:

Bricksforge

Plugin Slug:
bricksforge

Vulnerability:
Settings Change

Patched in Version:
2.1.1

Severity Score:
Critical

Plugin:

Bricksforge

Plugin Slug:
bricksforge

Vulnerability:
Settings Change

Patched in Version:
2.1.1

Severity Score:
High

Plugin:

Bricksforge

Plugin Slug:
bricksforge

Vulnerability:
Broken Access Control

Patched in Version:
2.1.1

Severity Score:
Medium

Plugin:

Demo My WordPress

Plugin Slug:
demo-my-wordpress

Vulnerability:
Privilege Escalation

Patched in Version:
1.1.0

Severity Score:
Critical

Plugin:

Easy Social Share Buttons

Plugin Slug:
easy-social-share-buttons3

Vulnerability:
Broken Access Control

Patched in Version:
9.5

Severity Score:
Medium

Plugin:

Easy Social Share Buttons

Plugin Slug:
easy-social-share-buttons3

Vulnerability:
Local File Inclusion

Patched in Version:
9.5

Severity Score:
High

Plugin:

LayerSlider

Plugin Slug:
layerslider

Vulnerability:
SQL Injection

Patched in Version:
7.10.1

Severity Score:
Critical

Plugin:

REHub Framework

Plugin Slug:
rehub-framework

Vulnerability:
SQL Injection

Patched in Version:
19.6.2

Severity Score:
High

Plugin:

Relevanssi Premium

Plugin Slug:
relevanssi-premium

Vulnerability:
Broken Access Control

Patched in Version:
2.25.2

Severity Score:
Medium

Plugin:

Relevanssi Premium

Plugin Slug:
relevanssi-premium

Vulnerability:
CSV Injection

Patched in Version:
2.25.2

Severity Score:
Medium

Plugin:

Slider Revolution

Plugin Slug:
revslider

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
6.7.0

Severity Score:
Medium

Plugin:

Wholesale For WooCommerce

Plugin Slug:
woocommerce-wholesale-pricing

Vulnerability:
Arbitrary Content Deletion

Patched in Version:
2.3.1

Severity Score:
High

Plugin:

WPB Show Core

Plugin Slug:
wpb-show-core

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.7

Severity Score:
High

Plugin:

WPB Show Core

Plugin Slug:
wpb-show-core

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.6

Severity Score:
High

WordPress Themes — 4 Patched / 0 Unpatched

Theme Slug:
hello-elementor

Downloads
6,963,021

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
3.0.1

Severity Score:
Medium

Theme:

Rehub

Theme Slug:
rehub-theme

Vulnerability:
SQL Injection

Patched in Version:
19.6.2

Severity Score:
High

Theme:

Rehub

Theme Slug:
rehub-theme

Vulnerability:
Local File Inclusion

Patched in Version:
19.6.2

Severity Score:
High

Theme:

Rehub

Theme Slug:
rehub-theme

Vulnerability:
Local File Inclusion

Patched in Version:
19.6.2

Severity Score:
Critical

Solid Security is part of Solid Suite — The best foundation for WordPress websites.

Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!

Get Solid Security

Keep reading the article at Blog – SolidWP. The article was originally written by Sarah Ulmer on 2024-04-10 10:02:18.

The article was hand-picked and curated for you by the Editorial Team of WP Archives.

Disclosure: Some of the links in this post are "affiliate links." This means if you click on the link and purchase the product, We may receive an affiliate commission.

Previous Post
Next Post

Related Posts

WordPress Vulnerability Roundup: March , Part 1

WordPress

Customizing WordPress User Roles With Branda

WordPress

20 Best React Dashboard Templates For Killer Applications –

WordPress

Booknetic: WordPress Appointments & Booking –

WordPress

Quickly & Easily Build Popups with WP Popups Pro –

WordPress

How Much Does a Domain Name Really Cost

WordPress

Leave a Comment Cancel Reply
Your email address will not be published. Required fields are marked *
Type here..

Name*

Email*

Website

Save my name, email, and website in this browser for the next time I comment.

Notify me of follow-up comments by email.
Notify me of new posts by email.

Δ

WordPress Vulnerability Report — April 17, 2024
WordPress

In this report, 342 vulnerabilities have been publicly disclosed. Security patches for 254 of these plugins, themes, and Core are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 88 plugin and theme vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

Along with poor user account security, vulnerable plugins and themes are among the top reasons why WordPress websites get hacked. Unfortunately, cyberattacks are increasing in volume and sophistication. They’re also increasingly aimed at small to mid-sized businesses.

Table of Contents

1. WordPress Core

1.1
WordPress Core

2. WordPress Plugins — 234 Patched / 81 Unpatched

2.1
Product Feed PRO for WooCommerce

2.2
What’s New Generator

2.3
Zero Spam for WordPress

2.4
Jotform Online Forms – Drag & Drop Form Builder, Securely Embed Contact Forms

2.5
Subscribe2 – Form, Email Subscribers & Newsletters

2.6
Leadinfo

2.7
PeproDev Ultimate Invoice

2.8
Sync Post With Other Site

2.9
Easy Textillate

2.10
WP Poll Maker – Best WordPress Poll Plugin for Voting Contest

2.11
Yoga Schedule Momoyoga

2.12
Simple Buttons Creator

2.13
Simple Buttons Creator

2.14
MM-email2image

2.15
MM-email2image

2.16
Bannerlid

2.17
Access Category Password

2.18
Ads.txt Admin

2.19
Advanced Search

2.20
Advanced Page Visit Counter

2.21
Advanced Post Block – Post Grid for WordPress block editor

2.22
AIKit

2.23
Aspose.Words Exporter

2.24
Shortcodes and extra features for Phlox theme

2.25
Shortcodes and extra features for Phlox theme

2.26
Before And After

2.27
bizcalendar-web

2.28
Bulk Block Converter

2.29
Canva – Design beautiful blog graphics

2.30
CBX Bookmark & Favorite

2.31
Citadela Listing

2.32
Citadela Listing

2.33
Convert Post Types

2.34
Crony Cronjob Manager

2.35
Custom Order Statuses for WooCommerce

2.36
Customily Product Personalizer

2.37
Delete Custom Fields

2.38
Disable Comments | WPZest

2.39
Easy CountDowner

2.40
Easy Logo

2.41
EZ Form Calculator

2.42
Filter Custom Fields & Taxonomies Light

2.43
Find Duplicates

2.44
Fixed HTML Toolbar

2.45
Flash Video Player

2.46
Font Farsi

2.47
Forms to Zapier, Integromat, IFTTT, Workato, Automate.io, elastic.io, Built.io, APIANT, Webhook

2.48
Freshdesk (official)

2.49
Kimili Flash Embed

2.50
Contact Form & Lead Form Elementor Builder

2.51
Contact Form & Lead Form Elementor Builder

2.52
Libsyn Publisher Hub

2.53
Libsyn Publisher Hub

2.54
Related Posts for WordPress

2.55
MJ Update History

2.56
Ovic Addon Toolkit

2.57
Payment Forms for Paystack

2.58
Product Feed on WooCommerce for Google

2.59
Code Insert Manager (Q2W3 Inc Manager)

2.60
Realtyna Organic IDX plugin

2.61
Sangar Slider

2.62
Shopkeeper Extender

2.63
WP Matterport Shortcode

2.64
Short URL

2.65
Simple Testimonials Showcase

2.66
Tax Rate Upload

2.67
Post Type Builder (PTB)

2.68
Post Type Builder (PTB)

2.69
Mega Addons For Elementor

2.70
User Activity Log Pro

2.71
Appointment Bookings for Zoom GoogleMeet and more – Wappointment

2.72
WidgetKit

2.73
2Checkout Payment Gateway for WooCommerce

2.74
Simple Registration for WooCommerce

2.75
WP-Cufon

2.76
WP File Download Light

2.77
WP Radio – Worldwide Online Radio Stations Directory for WordPress

2.78
WP Radio – Worldwide Online Radio Stations Directory for WordPress

2.79
Search Keyword Redirect

2.80
WP TradingView

2.81
WP User Profile Avatar

2.82
WooCommerce

2.83
ElementsKit Elementor addons

2.84
EWWW Image Optimizer

2.85
Speed Optimizer – The All-In-One WordPress Performance-Boosting Plugin

2.86
Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode

2.87
Smart Slider 3

2.88
Meta Box – WordPress Custom Fields Framework

2.89
Ocean Extra

2.90
Premium Addons for Elementor

2.91
Premium Addons for Elementor

2.92
Premium Addons for Elementor

2.93
Premium Addons for Elementor

2.94
The Events Calendar

2.95
BackWPup – WordPress Backup Plugin

2.96
Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Slideshows

2.97
WP Shortcodes Plugin — Shortcodes Ultimate

2.98
Forminator – Contact Form, Payment Form & Custom Form Builder

2.99
WordPress Gallery Plugin – NextGEN Gallery

2.100
Gutenberg Blocks by Kadence Blocks – Page Builder Features

2.101
WP Go Maps (formerly WP Google Maps)

2.102
Migration, Backup, Staging – WPvivid

2.103
Favicon by RealFaviconGenerator

2.104
Gutenberg

2.105
Newsletter – Send awesome emails from WordPress

2.106
Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE

2.107
Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE

2.108
Blocksy Companion

2.109
Smash Balloon Social Post Feed

2.110
Photo Gallery by 10Web – Mobile-Friendly Image Gallery

2.111
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin

2.112
Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress

2.113
Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress

2.114
Ivory Search – WordPress Search Plugin

2.115
Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)

2.116
Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)

2.117
Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)

2.118
Download Manager

2.119
Best WordPress Gallery Plugin – FooGallery

2.120
GiveWP – Donation Plugin and Fundraising Platform

2.121
Inline Related Posts

2.122
Inline Related Posts

2.123
Inline Related Posts

2.124
Import any XML or CSV File to WordPress

2.125
Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce

2.126
Enhanced Media Library

2.127
Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions

2.128
Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions

2.129
Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions

2.130
Remove Footer Credit

2.131
WPZOOM Social Feed Widget & Block

2.132
Real Media Library: Media Library Folder & File Manager

2.133
Sydney Toolbox

2.134
Theme My Login

2.135
Clone

2.136
BoldGrid Easy SEO – Simple and Effective SEO

2.137
User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin

2.138
ActiveCampaign – Forms, Site Tracking, Live Chat

2.139
Elementor Addons by Livemesh

2.140
Elementor Addons by Livemesh

2.141
Advanced iFrame

2.142
Booking for Appointments and Events Calendar – Amelia

2.143
Customer Reviews for WooCommerce

2.144
Exclusive Addons for Elementor

2.145
Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder

2.146
Redirection

2.147
Spotlight Social Feeds [Block, Shortcode, and Widget]

2.148
WPC Smart Quick View for WooCommerce

2.149
Carousel, Slider, Gallery by WP Carousel – Image Carousel & Photo Gallery, Post Carousel & Post Grid, Product Carousel & Product Grid for WooCommerce

2.150
Carousel, Slider, Gallery by WP Carousel – Image Carousel & Photo Gallery, Post Carousel & Post Grid, Product Carousel & Product Grid for WooCommerce

2.151
WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to Force HTTPS, Security+

2.152
Bold Page Builder

2.153
Bold Page Builder

2.154
Bold Page Builder

2.155
Bold Page Builder

2.156
Bold Page Builder

2.157
FancyBox for WordPress

2.158
RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator

2.159
WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels

2.160
Carousel Slider

2.161
Carousel Slider

2.162
DethemeKit For Elementor

2.163
Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks

2.164
Advanced Cron Manager – debug & control

2.165
FV Flowplayer Video Player

2.166
Link Whisper Free

2.167
Login With Ajax – Fast Logins, 2FA, Redirects

2.168
Social Share, Social Login and Social Comments Plugin – Super Socializer

2.169
Testimonial Slider

2.170
BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net

2.171
WP Customer Reviews

2.172
Ultimate Before After Image Slider & Gallery – BEAF

2.173
Dashboard Welcome for Elementor

2.174
Envo Extra

2.175
Import Users from CSV

2.176
IP2Location Country Blocker

2.177
MailChimp Forms by MailMunch

2.178
Email Marketing for WooCommerce by Omnisend

2.179
Powerkit – Supercharge your WordPress Site

2.180
Top Bar

2.181
Top Bar

2.182
Welcart e-Commerce

2.183
weForms – Easy Drag & Drop Contact Form Builder For WordPress

2.184
NextMove Lite – Thank You Page for WooCommerce

2.185
WP Accessibility Helper (WAH)

2.186
Asgaros Forum

2.187
BA Book Everything

2.188
bunny.net – WordPress CDN Plugin

2.189
Language Translate Widget for WordPress – ConveyThis

2.190
E2Pdf – Export To Pdf Tool for WordPress

2.191
eCommerce Product Catalog Plugin for WordPress

2.192
eRoom – Zoom Meetings & Webinars

2.193
Jobs for WordPress

2.194
Legal Pages – Privacy Policy, Terms & Conditions, GDPR, CCPA, and Cookie Notice Generator

2.195
LifterLMS – WordPress LMS Plugin for eLearning

2.196
Page Builder: Live Composer

2.197
Mailster WordPress Newsletter Plugin Compatibility Tester

2.198
Order Delivery Date for WooCommerce

2.199
Popup by Supsystic

2.200
Membership Plugin – Restrict Content

2.201
Simple Post Notes

2.202
UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress

2.203
WP Google Analytics Events – No-Code Custom Event Tracking for Google Analytics

2.204
Mail logging – WP Mail Catcher

2.205
WooCommerce Google Feed Manager

2.206
Elements Plus!

2.207
WooCommerce UPS Shipping – Live Rates and Access Points

2.208
Smart Forms – when you need more than just a contact form

2.209
Smart Forms – when you need more than just a contact form

2.210
Fatal Error Notify

2.211
Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress Plugin

2.212
Unlimited Elementor Inner Sections By BoomDevs

2.213
WPvivid Backup for MainWP

2.214
Finale Lite – Sales Countdown Timer & Discount for WooCommerce

2.215
ProfileGrid – User Profiles, Memberships, Groups and Communities

2.216
Ultimate Product Catalog

2.217
WP Compress – Image Optimizer [All-In-One]

2.218
Load More Anything

2.219
Boostify Header Footer Builder for Elementor

2.220
Country State City Dropdown CF7

2.221
Product Input Fields for WooCommerce

2.222
Radio Player – Live Shoutcast, Icecast and Any Audio Stream Player for WordPress

2.223
Responsive Gallery Grid

2.224
Responsive Tabs

2.225
Ultimate Bootstrap Elements for Elementor

2.226
WP Login and Logout Redirect

2.227
WOLF – WordPress Posts Bulk Editor and Manager Professional

2.228
Church Content – Sermons, Events and More

2.229
GEO my WordPress

2.230
Intagrate Lite

2.231
Podlove Podcast Publisher

2.232
Podlove Podcast Publisher

2.233
WP Client Reports

2.234
Shopping Cart & eCommerce Store

2.235
Shopping Cart & eCommerce Store

2.236
CP Media Player – Audio Player and Video Player

2.237
Contact Form Plugin

2.238
Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin

2.239
Marker.io – Visual Website Feedback

2.240
MultiParcels Shipping For WooCommerce

2.241
Account Engagement

2.242
WordPress Hosting Benchmark tool

2.243
WPC Grouped Product for WooCommerce

2.244
WP Synchro – WordPress Migration Plugin for Database & Files

2.245
Zoho Campaigns

2.246
Zoho Campaigns

2.247
Premmerce Product Filter for WooCommerce

2.248
SEO Booster

2.249
TOP Table Of Contents

2.250
Wallet System for WooCommerce – Digital Wallet, Cashback Rewards, Recharge User Wallets, View Transaction History

2.251
Extra Product Options Builder for WooCommerce

2.252
Custom Thank You Page Customize For WooCommerce by Binary Carpenter

2.253
Currency per Product for WooCommerce

2.254
Gallery Box

2.255
GG Woo Feed for WooCommerce Shopping Feed on Google Facebook and Other Channels

2.256
Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported)

2.257
InstaWP Connect – 1-click WP Staging & Migration

2.258
LH Add Media From Url

2.259
Table Plugin for WordPress with Google Sheets Integration – Sheets to WP Table Live Sync

2.260
Open Close WooCommerce Store – Best Business Schedules Manager

2.261
WP Event Aggregator: Import Eventbrite events, Meetup events, social events and any iCal Events into WordPress

2.262
AppPresser – Mobile App Framework

2.263
Benchmark Email Lite

2.264
Church Admin

2.265
TempTool [Show Current Template Info]

2.266
Dashboard To-Do List

2.267
ELEX WooCommerce Dynamic Pricing and Discounts

2.268
ELEX WooCommerce Dynamic Pricing and Discounts

2.269
XPlainer – WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin]

2.270
Login | Login Page | Login Logo | Rename Login Page | Custom Login Page | Temporary Users | Rebrand Login | Login Captcha

2.271
USPS Shipping for WooCommerce – Live Rates

2.272
Login with phone number

2.273
Login with phone number

2.274
MihanPanel – User Login , Registration and Dashboard

2.275
Netgsm

2.276
No-Bot Registration

2.277
Novelist

2.278
POEditor

2.279
ReDi Restaurant Reservation

2.280
Save as PDF Plugin by Pdfcrowd

2.281
WordPress Tour & Travel Booking Plugin for WooCommerce – WpTravelly

2.282
Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider

2.283
TWIPLA (Visitor Analytics IO) – Privacy-First Website Stats, Session Recordings, Heatmaps, Polls and Surveys

2.284
Multi Currency For WooCommerce

2.285
WP Dynamic Keywords Injector

2.286
MWW Disclaimer Buttons

2.287
Siteimprove

2.288
BMI Adult & Kid Calculator

2.289
Better Chat Support – Chat Bubble and Chat Button with Gutenberg, Elementor and Shortcode

2.290
Popup Like box – Page Plugin

2.291
Webinar Solution: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition

2.292
F4 Improvements

2.293
WP2LEADS | WordPress und KlickTipp einfach verbinden – WooCommerce und KlickTipp einfach verbinden

2.294
NPS computy

2.295
NPS computy

2.296
Save as Image Plugin by Pdfcrowd

2.297
5 star review funnel for Google Reviews, Trustpilot, ProvenExpert and more | RRatingg

2.298
AffiEasy

2.299
AWP Classifieds

2.300
BWL Advanced FAQ Manager

2.301
Calendarista Basic Edition

2.302
Digital Publications by Supsystic

2.303
Essential Grid

2.304
Fancy Product Designer

2.305
WPBakery Page Builder

2.306
WPBakery Page Builder

2.307
RestroPress

2.308
Slider Revolution

2.309
Table & Contact Form 7 Database – Tablesome

2.310
WooCommerce Customers Manager

2.311
WP Cost Estimation & Payment Forms Builder

2.312
WP Cost Estimation & Payment Forms Builder

2.313
WP Activity Log Premium

2.314
WPB Show Core

2.315
WPB Show Core

3. WordPress Themes — 19 Patched / 7 Unpatched

3.1
Decode

3.2
Gridsby

3.3
GuCherry Blog

3.4
HappenStance

3.5
i-excel

3.6
i-max

3.7
Sensible WP

3.8
Blocksy

3.9
CityLogic

3.10
Default Mag

3.11
Emmet Lite

3.12
Lightning

3.13
Namaha

3.14
NewsXpress

3.15
Panoramic

3.16
PopularFX

3.17
Sarada Lite

3.18
Shopstar!

3.19
Sliding Door

3.20
Spa and Salon

3.21
Tainacan Interface

3.22
The Conference

3.23
X-T9

3.24
Soledad

3.25
Soledad

3.26
Soledad

Our WordPress Vulnerability Report covers the latest emerging WordPress plugin, theme, and core vulnerabilities. Each vulnerability will have a severity rating of Low, Medium, High, or Critical. Responsible disclosure of vulnerabilities is essential to keeping the WordPress community safe. Please share this report to help spread the word and make WordPress — and the web — more secure.

WordPress Core

WordPress 6.5.2 was released on April 9, 2024, as a short-cycle security and maintenance release. This release features 2 bug fixes on Core, 12 bug fixes for the Block editor, and 1 security fix. Because this is a security release, it is recommended that you update your sites immediately.

The next major release will be version 6.6 planned for July 16, 2024.

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
6.5.2

Severity Score:
Medium

WordPress Plugins — 234 Patched / 81 Unpatched

Plugin Slug:
woo-product-feed-pro

Installations
90,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
whats-new-genarator

Installations
40,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
zero-spam

Installations
30,000+

Vulnerability:
Bypass Vulnerability

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
embed-form

Installations
20,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
subscribe2

Installations
20,000+

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
leadinfo

Installations
5,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
pepro-ultimate-invoice

Installations
3,000+

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
sync-post-with-other-site

Installations
3,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
easy-textillate

Installations
2,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
epoll-wp-voting

Installations
1,000+

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

Plugin Slug:
momoyoga-integration

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
simple-buttons-creator

Installations
30+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
simple-buttons-creator

Installations
30+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
mm-email2image

Installations
20+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
mm-email2image

Installations
20+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
bannerlid

Installations
10+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Access Category Password

Plugin Slug:
access-category-password

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Ads.txt Admin

Plugin Slug:
ads-txt-admin

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Advanced Search

Plugin Slug:
advance-search

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Advanced Page Visit Counter

Plugin Slug:
advanced-page-visit-counter

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Advanced Post Block – Post Grid for WordPress block editor

Plugin Slug:
advanced-post-block

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

AIKit

Plugin Slug:
aikit-wordpress-ai-writing-assistant-using-gpt3

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Aspose.Words Exporter

Plugin Slug:
aspose-doc-exporter

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Shortcodes and extra features for Phlox theme

Plugin Slug:
auxin-elements

Vulnerability:
PHP Object Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Shortcodes and extra features for Phlox theme

Plugin Slug:
auxin-elements

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Before And After

Plugin Slug:
before-and-after

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

bizcalendar-web

Plugin Slug:
bizcalendar-web

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Bulk Block Converter

Plugin Slug:
bulk-block-converter

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Canva – Design beautiful blog graphics

Plugin Slug:
canva

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

CBX Bookmark & Favorite

Plugin Slug:
cbxwpbookmark

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Citadela Listing

Plugin Slug:
citadela-directory

Vulnerability:
Sensitive Data Exposure

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Citadela Listing

Plugin Slug:
citadela-directory

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Convert Post Types

Plugin Slug:
convert-post-types

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Crony Cronjob Manager

Plugin Slug:
crony

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Custom Order Statuses for WooCommerce

Plugin Slug:
custom-order-statuses-for-woocommerce

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Customily Product Personalizer

Plugin Slug:
customily-v2

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Delete Custom Fields

Plugin Slug:
delete-custom-fields

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Disable Comments | WPZest

Plugin Slug:
disable-comments-wpz

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Easy CountDowner

Plugin Slug:
easy-countdowner

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Easy Logo

Plugin Slug:
easylogo

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

EZ Form Calculator

Plugin Slug:
ez-form-calculator

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Filter Custom Fields & Taxonomies Light

Plugin Slug:
filter-custom-fields-taxonomies-light

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Find Duplicates

Plugin Slug:
find-duplicates

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Fixed HTML Toolbar

Plugin Slug:
fixed-html-toolbar

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Flash Video Player

Plugin Slug:
flash-video-player

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Font Farsi

Plugin Slug:
font-farsi

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Forms to Zapier, Integromat, IFTTT, Workato, Automate.io, elastic.io, Built.io, APIANT, Webhook

Plugin Slug:
forms-to-zapier

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Freshdesk (official)

Plugin Slug:
freshdesk-support

Vulnerability:
Open Redirection

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Kimili Flash Embed

Plugin Slug:
kimili-flash-embed

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Contact Form & Lead Form Elementor Builder

Plugin Slug:
lead-form-builder

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Contact Form & Lead Form Elementor Builder

Plugin Slug:
lead-form-builder

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Libsyn Publisher Hub

Plugin Slug:
libsyn-podcasting

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Libsyn Publisher Hub

Plugin Slug:
libsyn-podcasting

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Related Posts for WordPress

Plugin Slug:
microkids-related-posts

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

MJ Update History

Plugin Slug:
mj-update-history

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Ovic Addon Toolkit

Plugin Slug:
ovic-addon-toolkit

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Payment Forms for Paystack

Plugin Slug:
payment-forms-for-paystack

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Product Feed on WooCommerce for Google

Plugin Slug:
purple-xmls-google-product-feed-for-woocommerce

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Code Insert Manager (Q2W3 Inc Manager)

Plugin Slug:
q2w3-inc-manager

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Realtyna Organic IDX plugin

Plugin Slug:
real-estate-listing-realtyna-wpl

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

Sangar Slider

Plugin Slug:
sangar-slider-lite

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Shopkeeper Extender

Plugin Slug:
shopkeeper-extender

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

WP Matterport Shortcode

Plugin Slug:
shortcode-gallery-for-matterport-showcase

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Short URL

Plugin Slug:
shorten-url

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Simple Testimonials Showcase

Plugin Slug:
simple-testimonials-showcase

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Tax Rate Upload

Plugin Slug:
tax-rate-upload

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Post Type Builder (PTB)

Plugin Slug:
themify-ptb

Vulnerability:
Content Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Post Type Builder (PTB)

Plugin Slug:
themify-ptb

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Mega Addons For Elementor

Plugin Slug:
ultimate-addons-for-elementor

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

User Activity Log Pro

Plugin Slug:
user-activity-log-pro

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Appointment Bookings for Zoom GoogleMeet and more – Wappointment

Plugin Slug:
wappointment

Vulnerability:
Server Side Request Forgery (SSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

WidgetKit

Plugin Slug:
widgetkit-for-elementor

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

2Checkout Payment Gateway for WooCommerce

Plugin Slug:
woocommerce-2checkout-payment

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Simple Registration for WooCommerce

Plugin Slug:
woocommerce-simple-registration

Vulnerability:
Privilege Escalation

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

WP-Cufon

Plugin Slug:
wp-cufon

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

WP File Download Light

Plugin Slug:
wp-file-download-light

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

WP Radio – Worldwide Online Radio Stations Directory for WordPress

Plugin Slug:
wp-radio

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

WP Radio – Worldwide Online Radio Stations Directory for WordPress

Plugin Slug:
wp-radio

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Search Keyword Redirect

Plugin Slug:
wp-search-keyword-redirect

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

WP TradingView

Plugin Slug:
wp-tradingview

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

WP User Profile Avatar

Plugin Slug:
wp-user-profile-avatar

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
woocommerce

Installations
5,000,000+

Vulnerability:
Broken Access Control

Patched in Version:
8.6

Severity Score:
Medium

Plugin Slug:
elementskit-lite

Installations
1,000,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.0.7

Severity Score:
Medium

Plugin Slug:
ewww-image-optimizer

Installations
1,000,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
7.3.0

Severity Score:
Medium

Plugin Slug:
sg-cachepress

Installations
1,000,000+

Vulnerability:
Broken Access Control

Patched in Version:
7.5.0

Severity Score:
Medium

Plugin Slug:
coming-soon

Installations
900,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
6.15.21

Severity Score:
Medium

Plugin Slug:
smart-slider-3

Installations
900,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.5.1.23

Severity Score:
Medium

Plugin Slug:
meta-box

Installations
700,000+

Vulnerability:
Broken Access Control

Patched in Version:
5.9.4

Severity Score:
Medium

Plugin Slug:
ocean-extra

Installations
700,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.2.7

Severity Score:
Medium

Plugin Slug:
premium-addons-for-elementor

Installations
700,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.10.28

Severity Score:
Medium

Plugin Slug:
premium-addons-for-elementor

Installations
700,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.10.25

Severity Score:
Medium

Plugin Slug:
premium-addons-for-elementor

Installations
700,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.10.25

Severity Score:
Medium

Plugin Slug:
premium-addons-for-elementor

Installations
700,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.10.17

Severity Score:
Medium

Plugin Slug:
the-events-calendar

Installations
700,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
6.3.1

Severity Score:
Medium

Plugin Slug:
backwpup

Installations
600,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
4.0.4

Severity Score:
Medium

Plugin Slug:
ml-slider

Installations
600,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.70.1

Severity Score:
Medium

Plugin Slug:
shortcodes-ultimate

Installations
600,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
7.0.5

Severity Score:
Medium

Plugin Slug:
forminator

Installations
500,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.29.3

Severity Score:
Medium

Plugin Slug:
nextgen-gallery

Installations
500,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.59.1

Severity Score:
Medium

Plugin Slug:
kadence-blocks

Installations
400,000+

Vulnerability:
Server Side Request Forgery (SSRF)

Patched in Version:
3.2.12

Severity Score:
High

Plugin Slug:
wp-google-maps

Installations
400,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
9.0.35

Severity Score:
Medium

Plugin Slug:
wpvivid-backuprestore

Installations
400,000+

Vulnerability:
PHP Object Injection

Patched in Version:
0.9.100

Severity Score:
Medium

Plugin Slug:
favicon-by-realfavicongenerator

Installations
300,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.3.30

Severity Score:
Medium

Plugin Slug:
gutenberg

Installations
300,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
18.1.0

Severity Score:
Medium

Plugin Slug:
newsletter

Installations
300,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
8.0.7

Severity Score:
Medium

Plugin Slug:
otter-blocks

Installations
300,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.6.9

Severity Score:
Medium

Plugin Slug:
otter-blocks

Installations
300,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.6.9

Severity Score:
Medium

Plugin Slug:
blocksy-companion

Installations
200,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.0.29

Severity Score:
Medium

Plugin Slug:
custom-facebook-feed

Installations
200,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
4.2.2

Severity Score:
Medium

Plugin Slug:
photo-gallery

Installations
200,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.8.22

Severity Score:
Medium

Plugin Slug:
ultimate-member

Installations
200,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.8.5

Severity Score:
Medium

Plugin Slug:
wp-user-avatar

Installations
200,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.15.5

Severity Score:
Medium

Plugin Slug:
wp-user-avatar

Installations
200,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.15.6

Severity Score:
Medium

Plugin Slug:
add-search-to-menu

Installations
100,000+

Vulnerability:
Broken Access Control

Patched in Version:
5.5.6

Severity Score:
Medium

Plugin Slug:
bdthemes-element-pack-lite

Installations
100,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
5.6.0

Severity Score:
Medium

Plugin Slug:
bdthemes-element-pack-lite

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
5.5.4

Severity Score:
Medium

Plugin Slug:
bdthemes-element-pack-lite

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
5.3.3

Severity Score:
Medium

Plugin Slug:
download-manager

Installations
100,000+

Vulnerability:
Bypass Vulnerability

Patched in Version:
3.2.83

Severity Score:
Medium

Plugin Slug:
foogallery

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.4.15

Severity Score:
Medium

Plugin Slug:
give

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.7.0

Severity Score:
Medium

Plugin Slug:
intelly-related-posts

Installations
100,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.6.0

Severity Score:
Medium

Plugin Slug:
intelly-related-posts

Installations
100,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
3.4.0

Severity Score:
Medium

Plugin Slug:
intelly-related-posts

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.5.0

Severity Score:
Medium

Plugin Slug:
wp-all-import

Installations
100,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
3.7.4

Severity Score:
Medium

Plugin Slug:
email-subscribers

Installations
90,000+

Vulnerability:
SQL Injection

Patched in Version:
5.7.15

Severity Score:
Critical

Plugin Slug:
enhanced-media-library

Installations
90,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.8.10

Severity Score:
Medium

Plugin Slug:
paid-memberships-pro

Installations
90,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
3.0.2

Severity Score:
Medium

Plugin Slug:
paid-memberships-pro

Installations
90,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
3.0

Severity Score:
Medium

Plugin Slug:
paid-memberships-pro

Installations
90,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
3.0

Severity Score:
Medium

Plugin Slug:
remove-footer-credit

Installations
90,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.0.14

Severity Score:
Medium

Plugin Slug:
instagram-widget-by-wpzoom

Installations
80,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.1.14

Severity Score:
Medium

Plugin Slug:
real-media-library-lite

Installations
80,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.22.12

Severity Score:
Medium

Plugin Slug:
sydney-toolbox

Installations
80,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.29

Severity Score:
Medium

Plugin Slug:
theme-my-login

Installations
80,000+

Vulnerability:
Broken Access Control

Patched in Version:
7.1.7

Severity Score:
Medium

Plugin Slug:
wp-clone-by-wp-academy

Installations
80,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.4.4

Severity Score:
Medium

Plugin Slug:
boldgrid-easy-seo

Installations
70,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
1.6.15

Severity Score:
Medium

Plugin Slug:
user-registration

Installations
70,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.2.0

Severity Score:
Medium

Plugin Slug:
activecampaign-subscription-forms

Installations
60,000+

Vulnerability:
Server Side Request Forgery (SSRF)

Patched in Version:
8.1.15

Severity Score:
Medium

Plugin Slug:
addons-for-elementor

Installations
60,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
8.3.7

Severity Score:
Medium

Plugin Slug:
addons-for-elementor

Installations
60,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
8.3.7

Severity Score:
Medium

Plugin Slug:
advanced-iframe

Installations
60,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2024.3

Severity Score:
Medium

Plugin Slug:
ameliabooking

Installations
60,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.0.96

Severity Score:
Medium

Plugin Slug:
customer-reviews-woocommerce

Installations
60,000+

Vulnerability:
Broken Access Control

Patched in Version:
5.47.0

Severity Score:
Medium

Plugin Slug:
exclusive-addons-for-elementor

Installations
60,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.6.9.1

Severity Score:
Medium

Plugin Slug:
form-maker

Installations
60,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.15.24

Severity Score:
Medium

Plugin Slug:
redirect-redirection

Installations
60,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.2.0

Severity Score:
Medium

Plugin Slug:
spotlight-social-photo-feeds

Installations
60,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.6.11

Severity Score:
Medium

Plugin Slug:
woo-smart-quick-view

Installations
60,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.0.3

Severity Score:
Medium

Plugin Slug:
wp-carousel-free

Installations
60,000+

Vulnerability:
PHP Object Injection

Patched in Version:
2.6.4

Severity Score:
High

Plugin Slug:
wp-carousel-free

Installations
60,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.6.4

Severity Score:
Medium

Plugin Slug:
wp-letsencrypt-ssl

Installations
60,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
7.1.0

Severity Score:
High

Plugin Slug:
bold-page-builder

Installations
50,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.8.9

Severity Score:
Medium

Plugin Slug:
bold-page-builder

Installations
50,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.8.9

Severity Score:
Medium

Plugin Slug:
bold-page-builder

Installations
50,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.8.9

Severity Score:
Medium

Plugin Slug:
bold-page-builder

Installations
50,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.8.9

Severity Score:
Medium

Plugin Slug:
bold-page-builder

Installations
50,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.8.9

Severity Score:
Medium

Plugin Slug:
fancybox-for-wordpress

Installations
50,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.3.4

Severity Score:
Medium

Plugin Slug:
feedzy-rss-feeds

Installations
50,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.3.4

Severity Score:
Medium

Plugin Slug:
print-invoices-packing-slip-labels-for-woocommerce

Installations
50,000+

Vulnerability:
Broken Access Control

Patched in Version:
4.4.3

Severity Score:
Medium

Plugin Slug:
carousel-slider

Installations
40,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.2.7

Severity Score:
Medium

Plugin Slug:
carousel-slider

Installations
40,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.2.10

Severity Score:
Medium

Plugin Slug:
dethemekit-for-elementor

Installations
40,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.1.0

Severity Score:
Medium

Plugin Slug:
post-grid

Installations
40,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.2.76

Severity Score:
Medium

Plugin Slug:
advanced-cron-manager

Installations
30,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.5.3

Severity Score:
Medium

Plugin Slug:
fv-wordpress-flowplayer

Installations
30,000+

Vulnerability:
Unvalidated Redirects and Forwards

Patched in Version:
7.5.45.7212

Severity Score:
Medium

Plugin Slug:
link-whisper

Installations
30,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
0.7.0

Severity Score:
Medium

Plugin Slug:
login-with-ajax

Installations
30,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
4.2

Severity Score:
Medium

Plugin Slug:
super-socializer

Installations
30,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
7.13.64

Severity Score:
Medium

Plugin Slug:
testimonial-slider-and-showcase

Installations
30,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.3.8

Severity Score:
Medium

Plugin Slug:
woo-bulk-editor

Installations
30,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.1.4.2

Severity Score:
Medium

Plugin Slug:
wp-customer-reviews

Installations
30,000+

Vulnerability:
Unvalidated Redirects and Forwards

Patched in Version:
3.7.1

Severity Score:
Medium

Plugin Slug:
beaf-before-and-after-gallery

Installations
20,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
4.5.5

Severity Score:
Medium

Plugin Slug:
dashboard-welcome-for-elementor

Installations
20,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.0.8

Severity Score:
Medium

Plugin Slug:
envo-extra

Installations
20,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.8.12

Severity Score:
Medium

Plugin Slug:
import-users-from-csv

Installations
20,000+

Vulnerability:
PHP Object Injection

Patched in Version:
1.3

Severity Score:
Medium

Plugin Slug:
ip2location-country-blocker

Installations
20,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.34.3

Severity Score:
Medium

Plugin Slug:
mailchimp-forms-by-mailmunch

Installations
20,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
3.2.2

Severity Score:
Medium

Plugin Slug:
omnisend-connect

Installations
20,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.14.4

Severity Score:
Medium

Plugin Slug:
powerkit

Installations
20,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.9.2

Severity Score:
Medium

Plugin Slug:
top-bar

Installations
20,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.0.5

Severity Score:
Medium

Plugin Slug:
top-bar

Installations
20,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.0.6

Severity Score:
Medium

Plugin Slug:
usc-e-shop

Installations
20,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.10.0

Severity Score:
Medium

Plugin Slug:
weforms

Installations
20,000+

Vulnerability:
Bypass Vulnerability

Patched in Version:
1.6.21

Severity Score:
Medium

Plugin Slug:
woo-thank-you-page-nextmove-lite

Installations
20,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.18.2

Severity Score:
Medium

Plugin Slug:
wp-accessibility-helper

Installations
20,000+

Vulnerability:
Broken Access Control

Patched in Version:
0.6.2.6

Severity Score:
Medium

Plugin Slug:
asgaros-forum

Installations
10,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.9.0

Severity Score:
Medium

Plugin Slug:
ba-book-everything

Installations
10,000+

Vulnerability:
SQL Injection

Patched in Version:
1.6.5

Severity Score:
High

Plugin Slug:
bunnycdn

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.0.2

Severity Score:
Medium

Plugin Slug:
conveythis-translate

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
224

Severity Score:
High

Plugin Slug:
e2pdf

Installations
10,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.23.00

Severity Score:
Medium

Plugin Slug:
ecommerce-product-catalog

Installations
10,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
3.3.29

Severity Score:
Medium

Plugin Slug:
eroom-zoom-meetings-webinar

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.4.19

Severity Score:
Medium

Plugin Slug:
job-postings

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.7.6

Severity Score:
High

Plugin Slug:
legal-pages

Installations
10,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.4.3

Severity Score:
Medium

Plugin Slug:
lifterlms

Installations
10,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
7.5.1

Severity Score:
Medium

Plugin Slug:
live-composer-page-builder

Installations
10,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.5.36

Severity Score:
Medium

Plugin Slug:
mailster

Installations
10,000+

Vulnerability:
Local File Inclusion

Patched in Version:
4.0.7

Severity Score:
High

Plugin Slug:
order-delivery-date-for-woocommerce

Installations
10,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
3.21.0

Severity Score:
Medium

Plugin Slug:
popup-by-supsystic

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.10.28

Severity Score:
Medium

Plugin Slug:
restrict-content

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.2.9

Severity Score:
Medium

Plugin Slug:
simple-post-notes

Installations
10,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.7.7

Severity Score:
Medium

Plugin Slug:
userswp

Installations
10,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.2.6

Severity Score:
Medium

Plugin Slug:
wp-google-analytics-events

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.8.1

Severity Score:
High

Plugin Slug:
wp-mail-catcher

Installations
10,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.1.7

Severity Score:
Medium

Plugin Slug:
wp-product-feed-manager

Installations
10,000+

Vulnerability:
SQL Injection

Patched in Version:
2.6.0

Severity Score:
High

Plugin Slug:
elements-plus

Installations
9,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.16.4

Severity Score:
Medium

Plugin Slug:
flexible-shipping-ups

Installations
9,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.2.5

Severity Score:
Medium

Plugin Slug:
smart-forms

Installations
9,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.6.94

Severity Score:
Medium

Plugin Slug:
smart-forms

Installations
9,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.6.94

Severity Score:
Medium

Plugin Slug:
fatal-error-notify

Installations
8,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.5.3

Severity Score:
Medium

Plugin Slug:
mage-eventpress

Installations
8,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
4.1.3

Severity Score:
Medium

Plugin Slug:
unlimited-elementor-inner-sections-by-boomdevs

Installations
8,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.0.5

Severity Score:
Medium

Plugin Slug:
wpvivid-backup-mainwp

Installations
8,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
0.9.34

Severity Score:
Medium

Plugin Slug:
finale-woocommerce-sales-countdown-timer-discount

Installations
7,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.18.1

Severity Score:
Medium

Plugin Slug:
profilegrid-user-profiles-groups-and-communities

Installations
7,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
5.7.9

Severity Score:
Medium

Plugin Slug:
ultimate-product-catalogue

Installations
7,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
5.2.16

Severity Score:
Medium

Plugin Slug:
wp-compress-image-optimizer

Installations
7,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
6.11.01

Severity Score:
Medium

Plugin Slug:
ajax-load-more-anything

Installations
6,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.3.6

Severity Score:
Medium

Plugin Slug:
boostify-header-footer-builder

Installations
6,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.3.2

Severity Score:
Medium

Plugin Slug:
country-state-city-auto-dropdown

Installations
6,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.7.2

Severity Score:
Medium

Plugin Slug:
product-input-fields-for-woocommerce

Installations
6,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.8.0

Severity Score:
Medium

Plugin Slug:
radio-player

Installations
6,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
2.0.74

Severity Score:
Medium

Plugin Slug:
responsive-gallery-grid

Installations
6,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.3.11

Severity Score:
Medium

Plugin Slug:
responsive-tabs

Installations
6,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.0.7

Severity Score:
Medium

Plugin Slug:
ultimate-bootstrap-elements-for-elementor

Installations
6,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.4.1

Severity Score:
Medium

Plugin Slug:
wp-login-and-logout-redirect

Installations
6,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.0

Severity Score:
Medium

Plugin Slug:
bulk-editor

Installations
5,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.0.8.2

Severity Score:
Medium

Plugin Slug:
church-theme-content

Installations
5,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.6.1

Severity Score:
Medium

Plugin Slug:
geo-my-wp

Installations
5,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
4.2

Severity Score:
Medium

Plugin Slug:
instagrate-to-wordpress

Installations
5,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.3.8

Severity Score:
Medium

Plugin Slug:
podlove-podcasting-plugin-for-wordpress

Installations
5,000+

Vulnerability:
Broken Access Control

Patched in Version:
4.1.1

Severity Score:
Medium

Plugin Slug:
podlove-podcasting-plugin-for-wordpress

Installations
5,000+

Vulnerability:
SQL Injection

Patched in Version:
4.0.14

Severity Score:
High

Plugin Slug:
wp-client-reports

Installations
5,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.0.23

Severity Score:
Medium

Plugin Slug:
wp-easycart

Installations
5,000+

Vulnerability:
SQL Injection

Patched in Version:
5.6.4

Severity Score:
High

Plugin Slug:
wp-easycart

Installations
5,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
5.6.0

Severity Score:
Medium

Plugin Slug:
audio-and-video-player

Installations
4,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.2.0

Severity Score:
Medium

Plugin Slug:
contact-form-lite

Installations
4,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.1.25

Severity Score:
Medium

Plugin Slug:
everest-backup

Installations
4,000+

Vulnerability:
Arbitrary File Upload

Patched in Version:
2.2.5

Severity Score:
Critical

Plugin Slug:
marker-io

Installations
4,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.1.9

Severity Score:
Medium

Plugin Slug:
multiparcels-shipping-for-woocommerce

Installations
4,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.16.9

Severity Score:
Medium

Plugin Slug:
pardot

Installations
4,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.1.1

Severity Score:
Medium

Plugin Slug:
wpbenchmark

Installations
4,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.3.7

Severity Score:
Medium

Plugin Slug:
wpc-grouped-product

Installations
4,000+

Vulnerability:
Broken Access Control

Patched in Version:
4.4.3

Severity Score:
Medium

Plugin Slug:
wpsynchro

Installations
4,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.11.3

Severity Score:
Medium

Plugin Slug:
zoho-campaigns

Installations
4,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.0.8

Severity Score:
Medium

Plugin Slug:
zoho-campaigns

Installations
4,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.0.8

Severity Score:
Medium

Plugin Slug:
premmerce-woocommerce-product-filter

Installations
3,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.7.3

Severity Score:
Medium

Plugin Slug:
seo-booster

Installations
3,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
3.8.10

Severity Score:
Medium

Plugin Slug:
top-table-of-contents

Installations
3,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.3.16

Severity Score:
Medium

Plugin Slug:
wallet-system-for-woocommerce

Installations
3,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.5.10

Severity Score:
Medium

Plugin Slug:
additional-product-fields-for-woocommerce

Installations
2,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.2.105

Severity Score:
Medium

Plugin Slug:
bc-woo-custom-thank-you-pages

Installations
2,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.4.14

Severity Score:
Medium

Plugin Slug:
currency-per-product-for-woocommerce

Installations
2,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.7.0

Severity Score:
Medium

Plugin Slug:
gallery-box

Installations
2,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.7.34

Severity Score:
Medium

Plugin Slug:
gg-woo-feed

Installations
2,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.2.7

Severity Score:
Medium

Plugin Slug:
gift-voucher

Installations
2,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
4.4.1

Severity Score:
Medium

Plugin Slug:
instawp-connect

Installations
2,000+

Vulnerability:
Arbitrary File Upload

Patched in Version:
0.1.0.23

Severity Score:
Critical

Plugin Slug:
lh-add-media-from-url

Installations
2,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.23

Severity Score:
High

Plugin Slug:
sheets-to-wp-table-live-sync

Installations
2,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
3.5.1

Severity Score:
Medium

Plugin Slug:
woc-open-close

Installations
2,000+

Vulnerability:
Broken Access Control

Patched in Version:
4.9.2

Severity Score:
Medium

Plugin Slug:
wp-event-aggregator

Installations
2,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.7.7

Severity Score:
Medium

Plugin Slug:
apppresser

Installations
1,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
4.3.1

Severity Score:
Medium

Plugin Slug:
benchmark-email-lite

Installations
1,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
4.2

Severity Score:
Medium

Plugin Slug:
church-admin

Installations
1,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
4.0.28

Severity Score:
Medium

Plugin Slug:
current-template-name

Installations
1,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.1.13

Severity Score:
Medium

Plugin Slug:
dashboard-to-do-list

Installations
1,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.3.2

Severity Score:
Medium

Plugin Slug:
elex-woocommerce-dynamic-pricing-and-discounts

Installations
1,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.1.3

Severity Score:
Medium

Plugin Slug:
elex-woocommerce-dynamic-pricing-and-discounts

Installations
1,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.1.3

Severity Score:
Medium

Plugin Slug:
faq-for-woocommerce

Installations
1,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.5.1

Severity Score:
Medium

Plugin Slug:
feather-login-page

Installations
1,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.1.6

Severity Score:
Medium

Plugin Slug:
flexible-shipping-usps

Installations
1,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.9.3

Severity Score:
Medium

Plugin Slug:
login-with-phone-number

Installations
1,000+

Vulnerability:
Privilege Escalation

Patched in Version:
1.7.17

Severity Score:
High

Plugin Slug:
login-with-phone-number

Installations
1,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.6.94

Severity Score:
High

Plugin Slug:
mihanpanel-lite

Installations
1,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
12.7

Severity Score:
Medium

Plugin Slug:
netgsm

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.9

Severity Score:
High

Plugin Slug:
no-bot-registration

Installations
1,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.0

Severity Score:
Medium

Plugin Slug:
novelist

Installations
1,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.2.3

Severity Score:
Medium

Plugin Slug:
poeditor

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
0.9.9

Severity Score:
Medium

Plugin Slug:
redi-restaurant-reservation

Installations
1,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
24.0303

Severity Score:
Medium

Plugin Slug:
save-as-pdf-by-pdfcrowd

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.2.2

Severity Score:
Medium

Plugin Slug:
tour-booking-manager

Installations
1,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.6.1

Severity Score:
Medium

Plugin Slug:
ultimate-store-kit

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.6.0

Severity Score:
Medium

Plugin Slug:
visitor-analytics-io

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.3.0

Severity Score:
Medium

Plugin Slug:
wc-multi-currency

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.5.6

Severity Score:
Medium

Plugin Slug:
wp-dynamic-keywords-injector

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.3.22

Severity Score:
High

Plugin Slug:
mww-disclaimer-buttons

Installations
900+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.2

Severity Score:
Medium

Plugin Slug:
siteimprove

Installations
900+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.0.7

Severity Score:
Medium

Plugin Slug:
bmi-adultkid-calculator

Installations
700+

Vulnerability:
Broken Access Control

Patched in Version:
1.2.2

Severity Score:
High

Plugin Slug:
chat-help

Installations
400+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.6.0

Severity Score:
Medium

Plugin Slug:
ays-facebook-popup-likebox

Installations
200+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.7.3

Severity Score:
Medium

Plugin Slug:
webinar-ignition

Installations
200+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
3.06.0

Severity Score:
Medium

Plugin Slug:
f4-improvements

Installations
100+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.8.1

Severity Score:
Medium

Plugin Slug:
wp2leads

Installations
100+

Vulnerability:
Broken Access Control

Patched in Version:
3.2.8

Severity Score:
Medium

Plugin Slug:
nps-computy

Installations
80+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.7.6

Severity Score:
Medium

Plugin Slug:
nps-computy

Installations
80+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.7.6

Severity Score:
Medium

Plugin Slug:
save-as-image-by-pdfcrowd

Installations
50+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.2.2

Severity Score:
Medium

Plugin Slug:
5-stars-rating-funnel

Installations
40+

Vulnerability:
Arbitrary Content Deletion

Patched in Version:
1.3.02

Severity Score:
High

Plugin Slug:
affieasy

Installations
30+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.1.6

Severity Score:
Medium

Plugin:

AWP Classifieds

Plugin Slug:
another-wordpress-classifieds-plugin

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
4.3.2

Severity Score:
Medium

Plugin:

BWL Advanced FAQ Manager

Plugin Slug:
bwl-advanced-faq-manager

Vulnerability:
SQL Injection

Patched in Version:
2.0.4

Severity Score:
High

Plugin:

Calendarista Basic Edition

Plugin Slug:
calendarista-basic-edition

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
3.0.3

Severity Score:
Medium

Plugin:

Digital Publications by Supsystic

Plugin Slug:
digital-publications-by-supsystic

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.7.8

Severity Score:
Medium

Plugin:

Essential Grid

Plugin Slug:
essential-grid

Vulnerability:
Broken Access Control

Patched in Version:
3.1.2

Severity Score:
Medium

Plugin:

Fancy Product Designer

Plugin Slug:
fancy-product-designer

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
6.1.81

Severity Score:
Medium

Plugin:

WPBakery Page Builder

Plugin Slug:
js_composer

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
7.6

Severity Score:
Medium

Plugin:

WPBakery Page Builder

Plugin Slug:
js_composer

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
7.6

Severity Score:
Medium

Plugin:

RestroPress

Plugin Slug:
restropress

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
3.1.2.1

Severity Score:
Medium

Plugin:

Slider Revolution

Plugin Slug:
revslider

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
6.7.0

Severity Score:
Medium

Plugin:

Table & Contact Form 7 Database – Tablesome

Plugin Slug:
tablesome

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.0.26

Severity Score:
Medium

Plugin:

WooCommerce Customers Manager

Plugin Slug:
woocommerce-customers-manager

Vulnerability:
SQL Injection

Patched in Version:
29.7

Severity Score:
High

Plugin:

WP Cost Estimation & Payment Forms Builder

Plugin Slug:
wp-estimation-form

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
10.1.76

Severity Score:
High

Plugin:

WP Cost Estimation & Payment Forms Builder

Plugin Slug:
wp-estimation-form

Vulnerability:
Broken Access Control

Patched in Version:
10.1.77

Severity Score:
Medium

Plugin:

WP Activity Log Premium

Plugin Slug:
wp-security-audit-log-premium

Vulnerability:
SQL Injection

Patched in Version:
4.6.4.1

Severity Score:
High

Plugin:

WPB Show Core

Plugin Slug:
wpb-show-core

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.7

Severity Score:
High

Plugin:

WPB Show Core

Plugin Slug:
wpb-show-core

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.6

Severity Score:
High

WordPress Themes — 19 Patched / 7 Unpatched

Theme Slug:
decode

Downloads
269,521

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Theme Slug:
gridsby

Downloads
288,716

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Theme Slug:
gucherry-blog

Downloads
136,966

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Theme Slug:
happenstance

Downloads
134,390

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Theme Slug:
i-excel

Downloads
262,257

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Theme Slug:
i-max

Downloads
270,530

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Theme Slug:
sensible-wp

Downloads
277,690

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Theme Slug:
blocksy

Downloads
3,056,299

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.0.23

Severity Score:
Medium

Theme Slug:
citylogic

Downloads
292,720

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.1.30

Severity Score:
Medium

Theme Slug:
default-mag

Downloads
93,066

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.3.6

Severity Score:
Medium

Theme Slug:
emmet-lite

Downloads
104,881

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.7.8

Severity Score:
Medium

Theme Slug:
lightning

Downloads
2,240,450

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
15.19.0

Severity Score:
Medium

Theme Slug:
namaha

Downloads
63,477

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.0.41

Severity Score:
Medium

Theme Slug:
newsxpress

Downloads
11,096

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.0.8

Severity Score:
Medium

Theme Slug:
panoramic

Downloads
614,830

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.1.57

Severity Score:
Medium

Theme Slug:
popularfx

Downloads
773,374

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.2.5

Severity Score:
Medium

Theme Slug:
sarada-lite

Downloads
86,466

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.1.3

Severity Score:
Medium

Theme Slug:
shopstar

Downloads
286,946

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.1.34

Severity Score:
Medium

Theme Slug:
sliding-door

Downloads
537,017

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
3.4

Severity Score:
Medium

Theme Slug:
spa-and-salon

Downloads
155,971

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.2.8

Severity Score:
Medium

Theme Slug:
tainacan-interface

Downloads
16,543

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.7.2

Severity Score:
High

Theme Slug:
the-conference

Downloads
52,521

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.2.1

Severity Score:
Medium

Theme Slug:
x-t9

Downloads
30,187

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.19.1

Severity Score:
Medium

Theme:

Soledad

Theme Slug:
soledad

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
8.4.6

Severity Score:
Medium

Theme:

Soledad

Theme Slug:
soledad

Vulnerability:
Broken Access Control

Patched in Version:
8.4.6

Severity Score:
Medium

Theme:

Soledad

Theme Slug:
soledad

Vulnerability:
Broken Access Control

Patched in Version:
8.4.6

Severity Score:
High

Solid Security is part of Solid Suite — The best foundation for WordPress websites.

Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!

Get Solid Security

Keep reading the article at Blog – SolidWP. The article was originally written by Sarah Ulmer on 2024-04-17 09:16:24.

The article was hand-picked and curated for you by the Editorial Team of WP Archives.

Disclosure: Some of the links in this post are "affiliate links." This means if you click on the link and purchase the product, We may receive an affiliate commission.

Previous Post
Next Post

Related Posts

WordPress Vulnerability Roundup: March , Part 1

WordPress

Customizing WordPress User Roles With Branda

WordPress

20 Best React Dashboard Templates For Killer Applications –

WordPress

Booknetic: WordPress Appointments & Booking –

WordPress

Quickly & Easily Build Popups with WP Popups Pro –

WordPress

How Much Does a Domain Name Really Cost

WordPress

Leave a Comment Cancel Reply
Your email address will not be published. Required fields are marked *
Type here..

Name*

Email*

Website

Save my name, email, and website in this browser for the next time I comment.

Notify me of follow-up comments by email.
Notify me of new posts by email.

Δ

WordPress Vulnerability Report — March 6, 2024
WordPress

In this report, 126 vulnerabilities have been publicly disclosed. Security patches for 77 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 49 plugin and theme vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

Along with poor user account security, vulnerable plugins and themes are among the reasons why WordPress websites get hacked. (See our Annual Vulnerability Report for 2022.) Unfortunately, cyberattacks are increasing in volume and sophistication. They’re also increasingly aimed at small to mid-sized businesses.

Table of Contents

1. WordPress Core

2. WordPress Plugins — 73 Patched / 48 Unpatched

2.1
Slivery Extender

2.2
IDonate – blood request management system

2.3
Adsmonetizer

2.4
ArtiBot

2.5
Auto Refresh Single Page

2.6
BeePress

2.7
Blue Triad EZAnalytics

2.8
Change Memory Limit

2.9
Under Construction / Maintenance Mode from Acurax

2.10
Under Construction / Maintenance Mode from Acurax

2.11
Configure SMTP

2.12
Build & Control Block Patterns

2.13
Custom fields shortcode

2.14
Download Media

2.15
Duitku Payment Gateway

2.16
Easy!Appointments

2.17
Ebook Store

2.18
Conversios.io

2.19
FeedWordPress

2.20
Fontific | Google Fonts

2.21
Gestpay for WooCommerce

2.22
Maintenance Mode by helderk

2.23
JM Twitter Cards

2.24
Marketing Optimizer

2.25
Master Slider

2.26
Master Slider

2.27
Media Alt Renamer

2.28
WooCommerce Coupon Popup, SmartBar, Slide In | MyShopKit

2.29
Page Builder Sandwich – Front-End Page Builder

2.30
Page Builder Sandwich – Front-End Page Builder

2.31
Page Restrict

2.32
Password Protected Store for WooCommerce

2.33
PayU India

2.34
postMash – custom post order

2.35
Restaurant Solutions – Checklist

2.36
Rolo Slider

2.37
Simple Tweet

2.38
Ultimate Bootstrap Elements for Elementor

2.39
Ultimate Bootstrap Elements for Elementor

2.40
User Shortcodes Plus

2.41
Vimeography: Vimeo Video Gallery WordPress Plugin

2.42
Watermark RELOADED

2.43
WordPress Access Control

2.44
CodeMirror Blocks

2.45
WP eCommerce

2.46
WP eCommerce

2.47
Page Duplicator

2.48
WP Private Content Plus

2.49
LiteSpeed Cache

2.50
LiteSpeed Cache

2.51
Complianz – GDPR/CCPA Cookie Consent

2.52
Premium Addons for Elementor

2.53
WP Shortcodes Plugin — Shortcodes Ultimate

2.54
SiteOrigin Widgets Bundle

2.55
Happy Addons for Elementor

2.56
Nextend Social Login and Register

2.57
GenerateBlocks

2.58
Page Builder: Pagelayer – Drag and Drop website builder

2.59
Orbit Fox by ThemeIsle

2.60
Orbit Fox by ThemeIsle

2.61
Beaver Builder – WordPress Page Builder

2.62
Download Manager

2.63
Download Manager

2.64
Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates

2.65
Events Manager – Calendar, Bookings, Tickets, and more!

2.66
WP Show Posts

2.67
Advanced iFrame

2.68
AI Engine

2.69
Booking for Appointments and Events Calendar – Amelia

2.70
Exclusive Addons for Elementor

2.71
Exclusive Addons for Elementor

2.72
Exclusive Addons for Elementor

2.73
Exclusive Addons for Elementor

2.74
Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode & Coming Soon Pages

2.75
Calculated Fields Form

2.76
Custom Field Suite

2.77
NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor

2.78
WP Dashboard Notes

2.79
MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance

2.80
Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers

2.81
Restrict User Access – Ultimate Membership & Content Protection

2.82
Seraphinite Accelerator

2.83
NextMove Lite – Thank You Page for WooCommerce

2.84
Easy PayPal & Stripe Buy Now Button

2.85
Easy PayPal & Stripe Buy Now Button

2.86
WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce

2.87
Wp Social Login and Register Social Counter

2.88
AWeber – Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth

2.89
Contact Form 7 – PayPal & Stripe Add-on

2.90
Contact Form 7 – PayPal & Stripe Add-on

2.91
Envo’s Elementor Templates & Widgets for WooCommerce

2.92
Envo’s Elementor Templates & Widgets for WooCommerce

2.93
Envo’s Elementor Templates & Widgets for WooCommerce

2.94
LifterLMS – WordPress LMS Plugin for eLearning

2.95
SportsPress – Sports Club & League Manager

2.96
Smart Forms – when you need more than just a contact form

2.97
WPvivid Backup for MainWP

2.98
Finale Lite – Sales Countdown Timer & Discount for WooCommerce

2.99
SoundCloud Shortcode

2.100
SMS Alert Order Notifications – WooCommerce

2.101
Thank You Page Customizer for WooCommerce – Increase Your Sales

2.102
Thank You Page Customizer for WooCommerce – Increase Your Sales

2.103
Coming Soon Page & Maintenance Mode

2.104
Chat Bubble – Floating Chat with Contact Chat Icons, Messages, Telegram, Email, SMS, Call me back

2.105
Slider Responsive Slideshow – Image slider, Gallery slideshow

2.106
Spiffy Calendar

2.107
Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan

2.108
Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan

2.109
Friends

2.110
Oliver POS – A WooCommerce Point of Sale (POS)

2.111
Page Restriction WordPress (WP) – Protect WP Pages/Post

2.112
Image Optimizer, Resizer and CDN – Sirv

2.113
Image Optimizer, Resizer and CDN – Sirv

2.114
Tainacan

2.115
Comments Extra Fields For Post,Pages and CPT

2.116
Comments Extra Fields For Post,Pages and CPT

2.117
Backup

2.118
Elementor Pro

2.119
JobSearch

2.120
JobSearch

2.121
WP Social Widget

3. WordPress Themes — 4 Patched / 1 Unpatched

3.1
Atahualpa

3.2
Yuki

3.3
Yuki

3.4
Avada

3.5
Avada

Our WordPress Vulnerability Report covers the latest emerging WordPress plugin, theme, and core vulnerabilities. Each vulnerability will have a severity rating of Low, Medium, High, or Critical. Responsible disclosure of vulnerabilities is essential to keeping the WordPress community safe. Please share this report to help spread the word and make WordPress — and the web — more secure.

WordPress Core

WordPress 6.4.3 was released on January 30, 2024, as a short-cycle maintenance and security release with five bug fixes in Core and 16 bug fixes for the Block Editor. It is recommended that you update your sites immediately.

The next major release will be version 6.5, planned for March 26, 2024.

No new core vulnerabilities were disclosed this week.

WordPress Plugins — 73 Patched / 48 Unpatched

Plugin Slug:
slivery-extender

Installations
2,000+

Vulnerability:
Remote Code Execution (RCE)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
idonate

Installations
50+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Adsmonetizer

Plugin Slug:
adsensei-b30

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

ArtiBot

Plugin Slug:
artibot

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Auto Refresh Single Page

Plugin Slug:
auto-refresh-single-page

Vulnerability:
PHP Object Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin:

BeePress

Plugin Slug:
beepress

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Blue Triad EZAnalytics

Plugin Slug:
blue-triad-ezanalytics

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Change Memory Limit

Plugin Slug:
change-memory-limit

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Under Construction / Maintenance Mode from Acurax

Plugin Slug:
coming-soon-maintenance-mode-from-acurax

Vulnerability:
Sensitive Data Exposure

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Under Construction / Maintenance Mode from Acurax

Plugin Slug:
coming-soon-maintenance-mode-from-acurax

Vulnerability:
Sensitive Data Exposure

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Configure SMTP

Plugin Slug:
configure-smtp

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Build & Control Block Patterns

Plugin Slug:
control-block-patterns

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Custom fields shortcode

Plugin Slug:
custom-fields-shortcode

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Download Media

Plugin Slug:
download-media

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Duitku Payment Gateway

Plugin Slug:
duitku-social-payment-gateway

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Easy!Appointments

Plugin Slug:
easyappointments

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Ebook Store

Plugin Slug:
ebook-store

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Conversios.io

Plugin Slug:
enhanced-e-commerce-for-woocommerce-store

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin:

FeedWordPress

Plugin Slug:
feedwordpress

Vulnerability:
Insecure Direct Object References (IDOR)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Fontific | Google Fonts

Plugin Slug:
fontific

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Gestpay for WooCommerce

Plugin Slug:
gestpay-for-woocommerce

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Maintenance Mode by helderk

Plugin Slug:
hkdev-maintenance-mode

Vulnerability:
Sensitive Data Exposure

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

JM Twitter Cards

Plugin Slug:
jm-twitter-cards

Vulnerability:
Sensitive Data Exposure

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Marketing Optimizer

Plugin Slug:
marketing-optimizer

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Master Slider

Plugin Slug:
master-slider

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Master Slider

Plugin Slug:
master-slider

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Media Alt Renamer

Plugin Slug:
media-alt-renamer

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

WooCommerce Coupon Popup, SmartBar, Slide In | MyShopKit

Plugin Slug:
myshopkit-popup-smartbar-slidein

Vulnerability:
Sensitive Data Exposure

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Page Builder Sandwich – Front-End Page Builder

Plugin Slug:
page-builder-sandwich

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Page Builder Sandwich – Front-End Page Builder

Plugin Slug:
page-builder-sandwich

Vulnerability:
Sensitive Data Exposure

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Page Restrict

Plugin Slug:
pagerestrict

Vulnerability:
Bypass Vulnerability

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Password Protected Store for WooCommerce

Plugin Slug:
password-protected-woo-store

Vulnerability:
Sensitive Data Exposure

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

PayU India

Plugin Slug:
payu-india

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

postMash – custom post order

Plugin Slug:
postmash

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

Plugin Slug:
restaurant-solutions-checklist

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Rolo Slider

Plugin Slug:
rolo-slider

Vulnerability:
Settings Change

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Simple Tweet

Plugin Slug:
simple-tweet

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Ultimate Bootstrap Elements for Elementor

Plugin Slug:
ultimate-bootstrap-elements-for-elementor

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Ultimate Bootstrap Elements for Elementor

Plugin Slug:
ultimate-bootstrap-elements-for-elementor

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

User Shortcodes Plus

Plugin Slug:
user-shortcodes-plus

Vulnerability:
Insecure Direct Object References (IDOR)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

Vimeography: Vimeo Video Gallery WordPress Plugin

Plugin Slug:
vimeography

Vulnerability:
PHP Object Injection

Patched in Version:
No Fix

Severity Score:
High

Plugin:

Watermark RELOADED

Plugin Slug:
watermark-reloaded

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

Plugin:

WordPress Access Control

Plugin Slug:
wordpress-access-control

Vulnerability:
Sensitive Data Exposure

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

CodeMirror Blocks

Plugin Slug:
wp-codemirror-block

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

WP eCommerce

Plugin Slug:
wp-e-commerce

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

WP eCommerce

Plugin Slug:
wp-e-commerce

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
Critical

Plugin:

Page Duplicator

Plugin Slug:
wp-page-duplicator

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

Plugin:

WP Private Content Plus

Plugin Slug:
wp-private-content-plus

Vulnerability:
Bypass Vulnerability

Patched in Version:
No Fix

Severity Score:
Medium

Plugin Slug:
litespeed-cache

Installations
5,000,000+

Vulnerability:
Broken Access Control

Patched in Version:
5.7.0.1

Severity Score:
High

Plugin Slug:
litespeed-cache

Installations
5,000,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
5.7.0.1

Severity Score:
High

Plugin Slug:
complianz-gdpr

Installations
900,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
7.0.0

Severity Score:
Medium

Plugin Slug:
premium-addons-for-elementor

Installations
700,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.10.22

Severity Score:
Medium

Plugin Slug:
shortcodes-ultimate

Installations
600,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
7.0.4

Severity Score:
Medium

Plugin Slug:
so-widgets-bundle

Installations
600,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.58.8

Severity Score:
Medium

Plugin Slug:
happy-elementor-addons

Installations
400,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.10.2

Severity Score:
Medium

Plugin Slug:
nextend-facebook-connect

Installations
300,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.1.13

Severity Score:
High

Plugin Slug:
generateblocks

Installations
200,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
1.8.3

Severity Score:
Medium

Plugin Slug:
pagelayer

Installations
200,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.8.1

Severity Score:
Medium

Plugin Slug:
themeisle-companion

Installations
200,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.10.32

Severity Score:
Medium

Plugin Slug:
themeisle-companion

Installations
200,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.10.31

Severity Score:
Medium

Plugin Slug:
beaver-builder-lite-version

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.7.4.3

Severity Score:
Medium

Plugin Slug:
download-manager

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.2.86

Severity Score:
Medium

Plugin Slug:
download-manager

Installations
100,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.2.85

Severity Score:
Medium

Plugin Slug:
essential-blocks

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.5.2

Severity Score:
Medium

Plugin Slug:
events-manager

Installations
90,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
6.4.7

Severity Score:
Medium

Plugin Slug:
wp-show-posts

Installations
90,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
1.1.5

Severity Score:
Medium

Plugin Slug:
advanced-iframe

Installations
60,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2024.2

Severity Score:
Medium

Plugin Slug:
ai-engine

Installations
60,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.2.1

Severity Score:
High

Plugin Slug:
ameliabooking

Installations
60,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.0.99

Severity Score:
High

Plugin Slug:
exclusive-addons-for-elementor

Installations
60,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.6.9.1

Severity Score:
Medium

Plugin Slug:
exclusive-addons-for-elementor

Installations
60,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.6.9.1

Severity Score:
Medium

Plugin Slug:
exclusive-addons-for-elementor

Installations
60,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.6.9.1

Severity Score:
Medium

Plugin Slug:
exclusive-addons-for-elementor

Installations
60,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.6.9.1

Severity Score:
Medium

Plugin Slug:
visualcomposer

Installations
60,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
45.7.0

Severity Score:
Medium

Plugin Slug:
calculated-fields-form

Installations
50,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
5.1.57

Severity Score:
High

Plugin Slug:
custom-field-suite

Installations
50,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.6.5

Severity Score:
Medium

Plugin Slug:
notificationx

Installations
30,000+

Vulnerability:
SQL Injection

Patched in Version:
2.8.3

Severity Score:
Critical

Plugin Slug:
wp-dashboard-notes

Installations
30,000+

Vulnerability:
Insecure Direct Object References (IDOR)

Patched in Version:
1.0.11

Severity Score:
Medium

Plugin Slug:
mainwp

Installations
20,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
5.0

Severity Score:
Medium

Plugin Slug:
rafflepress

Installations
20,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.12.7

Severity Score:
High

Plugin Slug:
restrict-user-access

Installations
20,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
2.6

Severity Score:
Medium

Plugin Slug:
seraphinite-accelerator

Installations
20,000+

Vulnerability:
Server Side Request Forgery (SSRF)

Patched in Version:
2.21

Severity Score:
Medium

Plugin Slug:
woo-thank-you-page-nextmove-lite

Installations
20,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.18.1

Severity Score:
Medium

Plugin Slug:
wp-ecommerce-paypal

Installations
20,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.9

Severity Score:
Medium

Plugin Slug:
wp-ecommerce-paypal

Installations
20,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.9

Severity Score:
Medium

Plugin Slug:
wp-event-manager

Installations
20,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.1.42

Severity Score:
High

Plugin Slug:
wp-social

Installations
20,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.0.1

Severity Score:
Medium

Plugin Slug:
aweber-web-form-widget

Installations
10,000+

Vulnerability:
SQL Injection

Patched in Version:
7.3.15

Severity Score:
High

Plugin Slug:
contact-form-7-paypal-add-on

Installations
10,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.2

Severity Score:
Medium

Plugin Slug:
contact-form-7-paypal-add-on

Installations
10,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.2

Severity Score:
Medium

Plugin Slug:
envo-elementor-for-woocommerce

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.4.5

Severity Score:
Medium

Plugin Slug:
envo-elementor-for-woocommerce

Installations
10,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.4.5

Severity Score:
Medium

Plugin Slug:
envo-elementor-for-woocommerce

Installations
10,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.4.5

Severity Score:
Medium

Plugin Slug:
lifterlms

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
7.5.2

Severity Score:
Medium

Plugin Slug:
sportspress

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.7.18

Severity Score:
Medium

Plugin Slug:
smart-forms

Installations
9,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.6.87

Severity Score:
Medium

Plugin Slug:
wpvivid-backup-mainwp

Installations
8,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
0.9.33

Severity Score:
High

Plugin Slug:
finale-woocommerce-sales-countdown-timer-discount

Installations
7,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.18.0

Severity Score:
Medium

Plugin Slug:
soundcloud-shortcode

Installations
7,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.0.2

Severity Score:
Medium

Plugin Slug:
sms-alert

Installations
5,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
3.7.0

Severity Score:
Medium

Plugin Slug:
woo-thank-you-page-customizer

Installations
5,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.1.3

Severity Score:
Medium

Plugin Slug:
woo-thank-you-page-customizer

Installations
5,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.1.3

Severity Score:
Medium

Plugin Slug:
responsive-coming-soon

Installations
4,000+

Vulnerability:
Bypass Vulnerability

Patched in Version:
2.2.2

Severity Score:
Medium

Plugin Slug:
chat-bubble

Installations
3,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.4

Severity Score:
Medium

Plugin Slug:
slider-responsive-slideshow

Installations
3,000+

Vulnerability:
PHP Object Injection

Patched in Version:
1.4.0

Severity Score:
High

Plugin Slug:
spiffy-calendar

Installations
3,000+

Vulnerability:
Broken Access Control

Patched in Version:
4.9.9

Severity Score:
Medium

Plugin Slug:
antihacker

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
4.52

Severity Score:
Medium

Plugin Slug:
antihacker

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
4.53

Severity Score:
Medium

Plugin Slug:
friends

Installations
1,000+

Vulnerability:
Server Side Request Forgery (SSRF)

Patched in Version:
2.8.6

Severity Score:
Medium

Plugin Slug:
oliver-pos

Installations
1,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.4.1.9

Severity Score:
Medium

Plugin Slug:
page-and-post-restriction

Installations
1,000+

Vulnerability:
Bypass Vulnerability

Patched in Version:
1.3.5

Severity Score:
Medium

Plugin Slug:
sirv

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
7.2.1

Severity Score:
Medium

Plugin Slug:
sirv

Installations
1,000+

Vulnerability:
Server Side Request Forgery (SSRF)

Patched in Version:
7.2.1

Severity Score:
Medium

Plugin Slug:
tainacan

Installations
1,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
0.20.7

Severity Score:
Medium

Plugin Slug:
wp-comment-fields

Installations
1,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
5.1

Severity Score:
Medium

Plugin Slug:
wp-comment-fields

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
5.1

Severity Score:
Medium

Plugin:

Backup

Plugin Slug:
backup2

Vulnerability:
Sensitive Data Exposure

Patched in Version:
2.0.9.9

Severity Score:
High

Plugin:

Elementor Pro

Plugin Slug:
elementor-pro

Vulnerability:
Sensitive Data Exposure

Patched in Version:
3.19.3

Severity Score:
Medium

Plugin:

JobSearch

Plugin Slug:
wp-jobsearch

Vulnerability:
Remote Code Execution (RCE)

Patched in Version:
2.3.4

Severity Score:
Critical

Plugin:

JobSearch

Plugin Slug:
wp-jobsearch

Vulnerability:
Broken Authentication

Patched in Version:
2.3.4

Severity Score:
Critical

Plugin:

WP Social Widget

Plugin Slug:
wp-social-widget

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.2.6

Severity Score:
Medium

WordPress Themes — 4 Patched / 1 Unpatched

Theme Slug:
atahualpa

Downloads
1,333,690

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

Theme Slug:
yuki

Downloads
133,433

Vulnerability:
Broken Access Control

Patched in Version:
1.3.14

Severity Score:
Medium

Theme Slug:
yuki

Downloads
133,433

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.3.15

Severity Score:
Medium

Theme:

Avada

Theme Slug:
avada

Vulnerability:
Sensitive Data Exposure

Patched in Version:
7.11.6

Severity Score:
Medium

Theme:

Avada

Theme Slug:
avada

Vulnerability:
Arbitrary File Upload

Patched in Version:
7.11.5

Severity Score:
Critical

Solid Security is part of Solid Suite — The best foundation for WordPress websites.

Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!

Get Solid Security

Keep reading the article at Blog – SolidWP. The article was originally written by Sarah Ulmer on 2024-03-06 14:16:57.

The article was hand-picked and curated for you by the Editorial Team of WP Archives.

Disclosure: Some of the links in this post are "affiliate links." This means if you click on the link and purchase the product, We may receive an affiliate commission.

Previous Post
Next Post

Related Posts

WordPress Vulnerability Roundup: March , Part 1

WordPress

Customizing WordPress User Roles With Branda

WordPress

20 Best React Dashboard Templates For Killer Applications –

WordPress

Booknetic: WordPress Appointments & Booking –

WordPress

Quickly & Easily Build Popups with WP Popups Pro –

WordPress

How Much Does a Domain Name Really Cost

WordPress

Leave a Comment Cancel Reply
Your email address will not be published. Required fields are marked *
Type here..

Name*

Email*

Website

Save my name, email, and website in this browser for the next time I comment.

Notify me of follow-up comments by email.
Notify me of new posts by email.

Δ