WordPress Vulnerability Report — April 24, 2024
Since last week, 358 new vulnerabilities emerged in the WordPress ecosystem, including 3 in themes and 355 in plugins. 46 of the vulnerable plugins and themes remain unpatched, but Solid Security Pro users are protected by virtual patching from Patchstack.
In this report, 358 vulnerabilities have been publicly disclosed. Security patches for 312 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.
Additionally, there are 46 plugin and theme vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.
WordPress Core
WordPress 6.5.2 was released on April 9, 2024, as a short-cycle security and maintenance release. This release features 2 bug fixes on Core, 12 bug fixes for the Block editor, and 1 security fix. Because this is a security release, it is recommended that you update your sites immediately.
The next major release will be version 6.6 planned for July 16, 2024.
WordPress Plugins — 310 Patched / 45 Unpatched
What’s New Generator
- Plugin:
- What’s New Generator
- Plugin Slug:
- whats-new-genarator
- Installations
- 40,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-32548
Zero Spam for WordPress
- Plugin:
- Zero Spam for WordPress
- Plugin Slug:
- zero-spam
- Installations
- 30,000+
- Vulnerability:
- Bypass Vulnerability
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-32521
Responsive Contact Form Builder & Lead Generation Plugin
- Plugin Slug:
- lead-form-builder
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-1416
Responsive Contact Form Builder & Lead Generation Plugin
- Plugin Slug:
- lead-form-builder
- Installations
- 10,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-1415
PeproDev Ultimate Invoice
- Plugin:
- PeproDev Ultimate Invoice
- Plugin Slug:
- pepro-ultimate-invoice
- Installations
- 3,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-32518
Easy Textillate
- Plugin:
- Easy Textillate
- Plugin Slug:
- easy-textillate
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-32526
WP Poll Maker – Best WordPress Poll Plugin for Voting Contest
- Plugin Slug:
- epoll-wp-voting
- Installations
- 1,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2024-32514
Yoga Schedule Momoyoga
- Plugin:
- Yoga Schedule Momoyoga
- Plugin Slug:
- momoyoga-integration
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-32529
QR Code Composer – Automatic QR code Generator
- Plugin Slug:
- qr-code-composer
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-32560
Simple Buttons Creator
- Plugin:
- Simple Buttons Creator
- Plugin Slug:
- simple-buttons-creator
- Installations
- 30+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-2858
Simple Buttons Creator
- Plugin:
- Simple Buttons Creator
- Plugin Slug:
- simple-buttons-creator
- Installations
- 30+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-2857
Access Category Password
- Plugin:
- Access Category Password
- Plugin Slug:
- access-category-password
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-32535
Advanced Search
- Plugin:
- Advanced Search
- Plugin Slug:
- advance-search
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-2739
Advanced Post Block – Post Grid for WordPress block editor
- Plugin:
- Advanced Post Block – Post Grid for WordPress block editor
- Plugin Slug:
- advanced-post-block
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-0908
Shortcodes and extra features for Phlox theme
- Plugin:
- Shortcodes and extra features for Phlox theme
- Plugin Slug:
- auxin-elements
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-7064
Shortcodes and extra features for Phlox theme
- Plugin:
- Shortcodes and extra features for Phlox theme
- Plugin Slug:
- auxin-elements
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-3517
Bulk Block Converter
- Plugin:
- Bulk Block Converter
- Plugin Slug:
- bulk-block-converter
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-32542
Canva – Design beautiful blog graphics
- Plugin:
- Canva – Design beautiful blog graphics
- Plugin Slug:
- canva
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-32545
Custom Order Statuses for WooCommerce
- Plugin:
- Custom Order Statuses for WooCommerce
- Plugin Slug:
- custom-order-statuses-for-woocommerce
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-32524
Delete Custom Fields
- Plugin:
- Delete Custom Fields
- Plugin Slug:
- delete-custom-fields
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-0613
Easy CountDowner
- Plugin:
- Easy CountDowner
- Plugin Slug:
- easy-countdowner
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-32538
Flash Video Player
- Plugin:
- Flash Video Player
- Plugin Slug:
- flash-video-player
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-32537
Knight Lab Timeline
- Plugin:
- Knight Lab Timeline
- Plugin Slug:
- knight-lab-timelinejs
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-32554
LoginPress Pro
- Plugin:
- LoginPress Pro
- Plugin Slug:
- loginpress-pro
- Vulnerability:
- Settings Change
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-32677
LoginPress Pro
- Plugin:
- LoginPress Pro
- Plugin Slug:
- loginpress-pro
- Vulnerability:
- Bypass Vulnerability
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-32676
Related Posts for WordPress
- Plugin:
- Related Posts for WordPress
- Plugin Slug:
- microkids-related-posts
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-32549
MJ Update History
- Plugin:
- MJ Update History
- Plugin Slug:
- mj-update-history
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-32543
Ovic Responsive WPBakery
- Plugin:
- Ovic Responsive WPBakery
- Plugin Slug:
- ovic-vc-addon
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-32142
PeproDev CF7 Database
- Plugin:
- PeproDev CF7 Database
- Plugin Slug:
- pepro-cf7-database
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-41864
Code Insert Manager (Q2W3 Inc Manager)
- Plugin:
- Code Insert Manager (Q2W3 Inc Manager)
- Plugin Slug:
- q2w3-inc-manager
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-32547
Shopkeeper Extender
- Plugin:
- Shopkeeper Extender
- Plugin Slug:
- shopkeeper-extender
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-2801
Shortcode Addons
- Plugin:
- Shortcode Addons
- Plugin Slug:
- shortcode-addons
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- High
Simple Testimonials Showcase
- Plugin:
- Simple Testimonials Showcase
- Plugin Slug:
- simple-testimonials-showcase
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-32530
SP Project & Document Manager
- Plugin:
- SP Project & Document Manager
- Plugin Slug:
- sp-client-document-manager
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-32551
Superfly Menu
- Plugin:
- Superfly Menu
- Plugin Slug:
- superfly-menu
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-32553
Tax Rate Upload
- Plugin:
- Tax Rate Upload
- Plugin Slug:
- tax-rate-upload
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-32546
Mega Addons For Elementor
- Plugin:
- Mega Addons For Elementor
- Plugin Slug:
- ultimate-addons-for-elementor
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-32515
WidgetKit
- Plugin:
- WidgetKit
- Plugin Slug:
- widgetkit-for-elementor
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-2137
2Checkout Payment Gateway for WooCommerce
- Plugin:
- 2Checkout Payment Gateway for WooCommerce
- Plugin Slug:
- woocommerce-2checkout-payment
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-0629
Simple Registration for WooCommerce
- Plugin:
- Simple Registration for WooCommerce
- Plugin Slug:
- woocommerce-simple-registration
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2024-32511
WP-Cufon
- Plugin:
- WP-Cufon
- Plugin Slug:
- wp-cufon
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-32541
WP File Download Light
- Plugin:
- WP File Download Light
- Plugin Slug:
- wp-file-download-light
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-32539
WP TradingView
- Plugin:
- WP TradingView
- Plugin Slug:
- wp-tradingview
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-32536
WP User Profile Avatar
- Plugin:
- WP User Profile Avatar
- Plugin Slug:
- wp-user-profile-avatar
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-6067
Z Y N I T H
- Plugin:
- Z Y N I T H
- Plugin Slug:
- zynith-seo
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-32562
Really Simple SSL
- Plugin:
- Really Simple SSL
- Plugin Slug:
- really-simple-ssl
- Installations
- 5,000,000+
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- 8.0.0
- Severity Score:
- Medium
- CVE:
- 2024-31229
WooCommerce
- Plugin:
- WooCommerce
- Plugin Slug:
- woocommerce
- Installations
- 5,000,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 8.6
- Severity Score:
- Medium
- CVE:
- 2024-1310
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
- Plugin:
- Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
- Plugin Slug:
- essential-addons-for-elementor-lite
- Installations
- 2,000,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.9.15
- Severity Score:
- Medium
- CVE:
- 2024-3333
Rank Math SEO with AI Best SEO Tools
- Plugin Slug:
- seo-by-rank-math
- Installations
- 2,000,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.0.217
- Severity Score:
- Medium
- CVE:
- 2024-3665
ElementsKit Elementor addons and Templates Library
- Plugin Slug:
- elementskit-lite
- Installations
- 1,000,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.0.7
- Severity Score:
- Medium
- CVE:
- 2024-32505
Speed Optimizer – The All-In-One WordPress Performance-Boosting Plugin
- Plugin Slug:
- sg-cachepress
- Installations
- 1,000,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 7.5.0
- Severity Score:
- Medium
- CVE:
- 2024-32532
Smart Slider 3
- Plugin:
- Smart Slider 3
- Plugin Slug:
- smart-slider-3
- Installations
- 900,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.5.1.23
- Severity Score:
- Medium
- CVE:
- 2024-3027
Meta Box – WordPress Custom Fields Framework
- Plugin Slug:
- meta-box
- Installations
- 700,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 5.9.4
- Severity Score:
- Medium
- CVE:
- 2024-1204
Premium Addons for Elementor
- Plugin:
- Premium Addons for Elementor
- Plugin Slug:
- premium-addons-for-elementor
- Installations
- 700,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.10.26
- Severity Score:
- Medium
- CVE:
- 2024-32791
Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Slideshows
- Plugin Slug:
- ml-slider
- Installations
- 600,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.70.1
- Severity Score:
- Medium
- CVE:
- 2024-3285
WP Shortcodes Plugin — Shortcodes Ultimate
- Plugin Slug:
- shortcodes-ultimate
- Installations
- 600,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 7.0.5
- Severity Score:
- Medium
- CVE:
- 2024-2583
Click to Chat – HoliThemes
- Plugin:
- Click to Chat – HoliThemes
- Plugin Slug:
- click-to-chat-for-whatsapp
- Installations
- 500,000+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 4.0
- Severity Score:
- High
- CVE:
- 2024-3849
Happy Addons for Elementor
- Plugin:
- Happy Addons for Elementor
- Plugin Slug:
- happy-elementor-addons
- Installations
- 400,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.10.6
- Severity Score:
- Medium
- CVE:
- 2024-3891
Happy Addons for Elementor
- Plugin:
- Happy Addons for Elementor
- Plugin Slug:
- happy-elementor-addons
- Installations
- 400,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.10.5
- Severity Score:
- Medium
- CVE:
- 2024-32698
Happy Addons for Elementor
- Plugin:
- Happy Addons for Elementor
- Plugin Slug:
- happy-elementor-addons
- Installations
- 400,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 3.10.5
- Severity Score:
- Medium
- CVE:
- 2024-1387
Migration, Backup, Staging – WPvivid
- Plugin Slug:
- wpvivid-backuprestore
- Installations
- 400,000+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 0.9.100
- Severity Score:
- Medium
- CVE:
- 2024-3054
Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE
- Plugin Slug:
- otter-blocks
- Installations
- 300,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.6.6
- Severity Score:
- Medium
- CVE:
- 2024-2729
Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE
- Plugin Slug:
- otter-blocks
- Installations
- 300,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.6.10
- Severity Score:
- Medium
- CVE:
- 2024-3725
Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE
- Plugin Slug:
- otter-blocks
- Installations
- 300,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.6.9
- Severity Score:
- Medium
- CVE:
- 2024-3343
Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE
- Plugin Slug:
- otter-blocks
- Installations
- 300,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.6.9
- Severity Score:
- Medium
- CVE:
- 2024-3344
Royal Elementor Addons and Templates
- Plugin Slug:
- royal-elementor-addons
- Installations
- 300,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.3.972
- Severity Score:
- Medium
- CVE:
- 2024-3675
Royal Elementor Addons and Templates
- Plugin Slug:
- royal-elementor-addons
- Installations
- 300,000+
- Vulnerability:
- Bypass Vulnerability
- Patched in Version:
- 1.3.95
- Severity Score:
- Medium
- CVE:
- 2024-32786
Royal Elementor Addons and Templates
- Plugin Slug:
- royal-elementor-addons
- Installations
- 300,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 1.3.95
- Severity Score:
- High
- CVE:
- 2024-1567
FileBird – WordPress Media Library Folders & File Manager
- Plugin Slug:
- filebird
- Installations
- 200,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.6.4
- Severity Score:
- Medium
- CVE:
- 2024-2345
FileBird – WordPress Media Library Folders & File Manager
- Plugin Slug:
- filebird
- Installations
- 200,000+
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- 5.6.4
- Severity Score:
- Medium
- CVE:
- 2024-2346
Jeg Elementor Kit
- Plugin:
- Jeg Elementor Kit
- Plugin Slug:
- jeg-elementor-kit
- Installations
- 200,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.6.4
- Severity Score:
- Medium
- CVE:
- 2024-32721
Photo Gallery by 10Web – Mobile-Friendly Image Gallery
- Plugin Slug:
- photo-gallery
- Installations
- 200,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.8.22
- Severity Score:
- High
- CVE:
- 2024-32583
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin
- Plugin Slug:
- ultimate-member
- Installations
- 200,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.8.5
- Severity Score:
- Medium
- CVE:
- 2024-2765
Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress
- Plugin Slug:
- wp-user-avatar
- Installations
- 200,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.15.5
- Severity Score:
- Medium
- CVE:
- 2024-2867
YITH WooCommerce Compare
- Plugin:
- YITH WooCommerce Compare
- Plugin Slug:
- yith-woocommerce-compare
- Installations
- 200,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.38.0
- Severity Score:
- Medium
- CVE:
- 2024-32699
Ivory Search – WordPress Search Plugin
- Plugin Slug:
- add-search-to-menu
- Installations
- 100,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 5.5.6
- Severity Score:
- Medium
- CVE:
- 2024-3233
Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)
- Plugin Slug:
- bdthemes-element-pack-lite
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.6.1
- Severity Score:
- Medium
- CVE:
- 2024-32572
Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)
- Plugin Slug:
- bdthemes-element-pack-lite
- Installations
- 100,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 5.6.0
- Severity Score:
- Medium
- CVE:
- 2024-2966
Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider)
- Plugin Slug:
- bdthemes-prime-slider-lite
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.14.1
- Severity Score:
- Medium
- CVE:
- 2024-1730
Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider)
- Plugin Slug:
- bdthemes-prime-slider-lite
- Installations
- 100,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.13.3
- Severity Score:
- High
- CVE:
- 2024-32682
Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider)
- Plugin Slug:
- bdthemes-prime-slider-lite
- Installations
- 100,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.13.3
- Severity Score:
- Medium
- CVE:
- 2024-32681
Colibri Page Builder
- Plugin:
- Colibri Page Builder
- Plugin Slug:
- colibri-page-builder
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.0.264
- Severity Score:
- Medium
- CVE:
- 2024-3338
Colibri Page Builder
- Plugin:
- Colibri Page Builder
- Plugin Slug:
- colibri-page-builder
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.0.274
- Severity Score:
- Medium
- CVE:
- 2024-3340
Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates
- Plugin Slug:
- essential-blocks
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.5.10
- Severity Score:
- Medium
- CVE:
- 2024-3818
Table Rate Shipping Method for WooCommerce by Flexible Shipping
- Plugin Slug:
- flexible-shipping
- Installations
- 100,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.24.16
- Severity Score:
- Medium
- CVE:
- 2024-32828
GiveWP – Donation Plugin and Fundraising Platform
- Plugin Slug:
- give
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.7.0
- Severity Score:
- Medium
- CVE:
- 2024-1957
HT Mega – Absolute Addons For Elementor
- Plugin Slug:
- ht-mega-for-elementor
- Installations
- 100,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 2.4.8
- Severity Score:
- Medium
- CVE:
- 2024-32782
HT Mega – Absolute Addons For Elementor
- Plugin Slug:
- ht-mega-for-elementor
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.4.9
- Severity Score:
- Medium
- CVE:
- 2024-2790
HT Mega – Absolute Addons For Elementor
- Plugin Slug:
- ht-mega-for-elementor
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.4.7
- Severity Score:
- Medium
- CVE:
- 2024-2085
HT Mega – Absolute Addons For Elementor
- Plugin Slug:
- ht-mega-for-elementor
- Installations
- 100,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 2.4.7
- Severity Score:
- High
- CVE:
- 2023-6214
HT Mega – Absolute Addons For Elementor
- Plugin Slug:
- ht-mega-for-elementor
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.5.0
- Severity Score:
- Medium
- CVE:
- 2024-3307
Hummingbird – Optimize Speed, Enable Cache, Minify CSS & Defer Critical JS
- Plugin Slug:
- hummingbird-performance
- Installations
- 100,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.7.4
- Severity Score:
- Medium
- CVE:
- 2024-32792
Inline Related Posts
- Plugin:
- Inline Related Posts
- Plugin Slug:
- intelly-related-posts
- Installations
- 100,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.6.0
- Severity Score:
- Medium
- CVE:
- 2023-6257
Schema & Structured Data for WP & AMP
- Plugin Slug:
- schema-and-structured-data-for-wp
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.30
- Severity Score:
- Medium
- CVE:
- 2024-3491
Social Media Share Buttons & Social Sharing Icons
- Plugin Slug:
- ultimate-social-media-icons
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.8.9
- Severity Score:
- Medium
- CVE:
- 2024-2118
WooCommerce Multilingual & Multicurrency with WPML
- Plugin Slug:
- woocommerce-multilingual
- Installations
- 100,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 5.3.4
- Severity Score:
- High
- CVE:
- 2024-32602
HUSKY – Products Filter Professional for WooCommerce
- Plugin Slug:
- woocommerce-products-filter
- Installations
- 100,000+
- Vulnerability:
- Remote Code Execution (RCE)
- Patched in Version:
- 1.3.5.3
- Severity Score:
- High
- CVE:
- 2024-32680
ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor)
- Plugin Slug:
- woolentor-addons
- Installations
- 100,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.8.2
- Severity Score:
- Medium
- CVE:
- 2023-7067
Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce
- Plugin Slug:
- email-subscribers
- Installations
- 90,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 5.7.15
- Severity Score:
- Critical
- CVE:
- 2024-2876
Enhanced Media Library
- Plugin:
- Enhanced Media Library
- Plugin Slug:
- enhanced-media-library
- Installations
- 90,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.8.10
- Severity Score:
- Medium
- CVE:
- 2024-2840
LearnPress – WordPress LMS Plugin
- Plugin Slug:
- learnpress
- Installations
- 90,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.2.6.5
- Severity Score:
- Medium
- CVE:
- 2024-3560
Master Slider – Responsive Touch Slider
- Plugin Slug:
- master-slider
- Installations
- 90,000+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 3.9.7
- Severity Score:
- High
- CVE:
- 2024-32600
Master Slider – Responsive Touch Slider
- Plugin Slug:
- master-slider
- Installations
- 90,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.9.9
- Severity Score:
- Medium
- CVE:
- 2024-32580
Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions
- Plugin Slug:
- paid-memberships-pro
- Installations
- 90,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 3.0
- Severity Score:
- Medium
- CVE:
- 2024-32794
Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions
- Plugin Slug:
- paid-memberships-pro
- Installations
- 90,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 3.0
- Severity Score:
- Medium
- CVE:
- 2024-32793
Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions
- Plugin Slug:
- paid-memberships-pro
- Installations
- 90,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 3.0.2
- Severity Score:
- Medium
- CVE:
- 2024-3215
VK Block Patterns
- Plugin:
- VK Block Patterns
- Plugin Slug:
- vk-block-patterns
- Installations
- 90,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.31.1.1
- Severity Score:
- Medium
- CVE:
- 2024-32826
Product Feed PRO for WooCommerce by AdTribes – WooCommerce Product Feeds for Google, Facebook/Meta, Bing, & More
- Plugin Slug:
- woo-product-feed-pro
- Installations
- 90,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 13.3.2
- Severity Score:
- Medium
- CVE:
- 2024-32513
WP Show Posts
- Plugin:
- WP Show Posts
- Plugin Slug:
- wp-show-posts
- Installations
- 90,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 1.1.6
- Severity Score:
- Medium
- CVE:
- 2023-6731
WP STAGING WordPress Backup Plugin – Migration Backup Restore
- Plugin Slug:
- wp-staging
- Installations
- 90,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.4.0
- Severity Score:
- Medium
- CVE:
- 2024-2309
Backup Migration
- Plugin:
- Backup Migration
- Plugin Slug:
- backup-backup
- Installations
- 80,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 1.4.4
- Severity Score:
- Medium
- CVE:
- 2024-32686
Import and export users and customers
- Plugin Slug:
- import-users-from-csv-with-meta
- Installations
- 80,000+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 1.26.3
- Severity Score:
- Medium
- CVE:
- 2024-32817
WPZOOM Social Feed Widget & Block
- Plugin Slug:
- instagram-widget-by-wpzoom
- Installations
- 80,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.1.14
- Severity Score:
- Medium
- CVE:
- 2024-3662
Real Media Library: Media Library Folder & File Manager
- Plugin Slug:
- real-media-library-lite
- Installations
- 80,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.22.12
- Severity Score:
- Medium
- CVE:
- 2024-2328
Theme My Login
- Plugin:
- Theme My Login
- Plugin Slug:
- theme-my-login
- Installations
- 80,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 7.1.7
- Severity Score:
- Medium
- CVE:
- 2024-32525
Comments – wpDiscuz
- Plugin:
- Comments – wpDiscuz
- Plugin Slug:
- wpdiscuz
- Installations
- 80,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 7.6.16
- Severity Score:
- Medium
- CVE:
- 2024-2477
Database for Contact Form 7, WPforms, Elementor forms
- Plugin Slug:
- contact-form-entries
- Installations
- 70,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.3.9
- Severity Score:
- High
- CVE:
- 2024-3715
User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin
- Plugin Slug:
- user-registration
- Installations
- 70,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.2.0
- Severity Score:
- High
- CVE:
- 2024-2417
User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin
- Plugin Slug:
- user-registration
- Installations
- 70,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.2.0
- Severity Score:
- Medium
- CVE:
- 2024-3295
Export and Import Users and Customers
- Plugin Slug:
- users-customers-import-export-for-wp-woocommerce
- Installations
- 70,000+
- Vulnerability:
- Deserialization of untrusted data
- Patched in Version:
- 2.5.4
- Severity Score:
- Medium
- CVE:
- 2024-32835
Cornerstone
- Plugin:
- Cornerstone
- Plugin Slug:
- cornerstone
- Installations
- 60,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 0.8.1
- Severity Score:
- High
- CVE:
- 2024-32570
Customer Reviews for WooCommerce
- Plugin:
- Customer Reviews for WooCommerce
- Plugin Slug:
- customer-reviews-woocommerce
- Installations
- 60,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.48.0
- Severity Score:
- High
- CVE:
- 2024-3731
Customer Reviews for WooCommerce
- Plugin:
- Customer Reviews for WooCommerce
- Plugin Slug:
- customer-reviews-woocommerce
- Installations
- 60,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 5.47.0
- Severity Score:
- Medium
- CVE:
- 2024-3869
Customer Reviews for WooCommerce
- Plugin:
- Customer Reviews for WooCommerce
- Plugin Slug:
- customer-reviews-woocommerce
- Installations
- 60,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 5.47.0
- Severity Score:
- Medium
- CVE:
- 2024-3243
Exclusive Addons for Elementor
- Plugin:
- Exclusive Addons for Elementor
- Plugin Slug:
- exclusive-addons-for-elementor
- Installations
- 60,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.6.9.4
- Severity Score:
- Medium
- CVE:
- 2024-2750
Exclusive Addons for Elementor
- Plugin:
- Exclusive Addons for Elementor
- Plugin Slug:
- exclusive-addons-for-elementor
- Installations
- 60,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.6.9.5
- Severity Score:
- Medium
- CVE:
- 2024-3489
Exclusive Addons for Elementor
- Plugin:
- Exclusive Addons for Elementor
- Plugin Slug:
- exclusive-addons-for-elementor
- Installations
- 60,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.6.9.3
- Severity Score:
- Medium
- CVE:
- 2024-32557
WPC Smart Quick View for WooCommerce
- Plugin Slug:
- woo-smart-quick-view
- Installations
- 60,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.0.3
- Severity Score:
- Medium
- CVE:
- 2023-6494
WP 2FA – Two-factor authentication for WordPress
- Plugin Slug:
- wp-2fa
- Installations
- 60,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.6.3
- Severity Score:
- High
- CVE:
- 2024-32568
Easy Social Feed – Social Photos Gallery – Post Feed – Like Box
- Plugin Slug:
- easy-facebook-likebox
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 6.5.6
- Severity Score:
- Medium
- CVE:
- 2024-1219
RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator
- Plugin:
- RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator
- Plugin Slug:
- feedzy-rss-feeds
- Installations
- 50,000+
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- 4.4.8
- Severity Score:
- Medium
- CVE:
- 2023-6805
Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder
- Plugin Slug:
- form-maker
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.15.24
- Severity Score:
- Medium
- CVE:
- 2024-32534
hCaptcha for WordPress
- Plugin:
- hCaptcha for WordPress
- Plugin Slug:
- hcaptcha-for-forms-and-more
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.0.1
- Severity Score:
- Medium
- CVE:
- 2024-4014
Popup Anything – Popup for opt-ins and Lead Generation Conversions
- Plugin Slug:
- popup-anything-on-click
- Installations
- 50,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.8.1
- Severity Score:
- Medium
- CVE:
- 2024-32601
Quick Featured Images
- Plugin:
- Quick Featured Images
- Plugin Slug:
- quick-featured-images
- Installations
- 50,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 13.7.1
- Severity Score:
- Medium
- CVE:
- 2024-3664
Carousel Slider
- Plugin:
- Carousel Slider
- Plugin Slug:
- carousel-slider
- Installations
- 40,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.2.7
- Severity Score:
- Medium
- CVE:
- 2024-1712
Carousel Slider
- Plugin:
- Carousel Slider
- Plugin Slug:
- carousel-slider
- Installations
- 40,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.2.10
- Severity Score:
- Medium
- CVE:
- 2024-3703
Content Control – The Ultimate Content Restriction Plugin! Restrict Content, Create Conditional Blocks & More
- Plugin Slug:
- content-control
- Installations
- 40,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.2.0
- Severity Score:
- Medium
- CVE:
- 2024-0615
DethemeKit For Elementor
- Plugin:
- DethemeKit For Elementor
- Plugin Slug:
- dethemekit-for-elementor
- Installations
- 40,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.1.0
- Severity Score:
- Medium
- CVE:
- 2024-32508
Ditty – Responsive News Tickers, Sliders, and Lists
- Plugin Slug:
- ditty-news-ticker
- Installations
- 40,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.1.32
- Severity Score:
- Medium
- CVE:
- 2024-32569
Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks
- Plugin:
- Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks
- Plugin Slug:
- post-grid
- Installations
- 40,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 2.2.79
- Severity Score:
- High
- CVE:
- 2024-32816
Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks
- Plugin:
- Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks
- Plugin Slug:
- post-grid
- Installations
- 40,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.2.76
- Severity Score:
- Medium
- CVE:
- 2024-0881
Simply Static
- Plugin:
- Simply Static
- Plugin Slug:
- simply-static
- Installations
- 40,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 3.1.4
- Severity Score:
- High
- CVE:
- 2024-32825
Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX
- Plugin Slug:
- ultimate-post
- Installations
- 40,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.0.2
- Severity Score:
- Medium
- CVE:
- 2024-32564
WP 404 Auto Redirect to Similar Post
- Plugin Slug:
- wp-404-auto-redirect-to-similar-post
- Installations
- 40,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.0.5
- Severity Score:
- High
- CVE:
- 2024-32559
Gutenberg Block Editor Toolkit – EditorsKit
- Plugin Slug:
- block-options
- Installations
- 30,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.40.5
- Severity Score:
- Medium
- CVE:
- 2024-32586
FV Flowplayer Video Player
- Plugin:
- FV Flowplayer Video Player
- Plugin Slug:
- fv-wordpress-flowplayer
- Installations
- 30,000+
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- 7.5.45.7212
- Severity Score:
- Medium
- CVE:
- 2024-32955
Slider by 10Web – Responsive Image Slider
- Plugin Slug:
- slider-wd
- Installations
- 30,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.2.55
- Severity Score:
- High
- CVE:
- 2024-32578
Social Sharing Plugin – Social Warfare
- Plugin Slug:
- social-warfare
- Installations
- 30,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.4.6.2
- Severity Score:
- Medium
- CVE:
- 2024-1959
Social Share, Social Login and Social Comments Plugin – Super Socializer
- Plugin Slug:
- super-socializer
- Installations
- 30,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 7.13.64
- Severity Score:
- Medium
- CVE:
- 2024-2836
Testimonial Slider
- Plugin:
- Testimonial Slider
- Plugin Slug:
- testimonial-slider-and-showcase
- Installations
- 30,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.3.8
- Severity Score:
- Medium
- CVE:
- 2024-1746
WP Customer Reviews
- Plugin:
- WP Customer Reviews
- Plugin Slug:
- wp-customer-reviews
- Installations
- 30,000+
- Vulnerability:
- Unvalidated Redirects and Forwards
- Patched in Version:
- 3.7.1
- Severity Score:
- Medium
- CVE:
- 2024-1849
Appointment Hour Booking – WordPress Booking Plugin
- Plugin Slug:
- appointment-hour-booking
- Installations
- 20,000+
- Vulnerability:
- Other Vulnerability Type
- Patched in Version:
- 1.4.57
- Severity Score:
- Medium
- CVE:
- 2024-32720
Data Tables Generator by Supsystic
- Plugin Slug:
- data-tables-generator-by-supsystic
- Installations
- 20,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.10.32
- Severity Score:
- Medium
- CVE:
- 2024-32829
Jotform Online Forms – Drag & Drop Form Builder, Securely Embed Contact Forms
- Plugin Slug:
- embed-form
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.3.2
- Severity Score:
- Medium
- CVE:
- 2024-32527
Envo Extra
- Plugin:
- Envo Extra
- Plugin Slug:
- envo-extra
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.8.12
- Severity Score:
- Medium
- CVE:
- 2024-32456
HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce
- Plugin Slug:
- hurrytimer
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.10.0
- Severity Score:
- Medium
- CVE:
- 2024-32556
Pricing Table by Supsystic
- Plugin:
- Pricing Table by Supsystic
- Plugin Slug:
- pricing-table-by-supsystic
- Installations
- 20,000+
- Vulnerability:
- Content Injection
- Patched in Version:
- 1.9.13
- Severity Score:
- Medium
- CVE:
- 2024-32790
Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers
- Plugin Slug:
- rafflepress
- Installations
- 20,000+
- Vulnerability:
- Bypass Vulnerability
- Patched in Version:
- 1.12.11
- Severity Score:
- Medium
- CVE:
- 2024-32827
Rate My Post – Star Rating Plugin by FeedbackWP
- Plugin Slug:
- rate-my-post
- Installations
- 20,000+
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- 3.4.5
- Severity Score:
- Medium
- CVE:
- 2024-32823
Secure Copy Content Protection and Content Locking
- Plugin Slug:
- secure-copy-content-protection
- Installations
- 20,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.7.2
- Severity Score:
- Medium
- CVE:
- 2024-32787
SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer
- Plugin Slug:
- smartcrawl-seo
- Installations
- 20,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.10.3
- Severity Score:
- Medium
- CVE:
- 2024-3287
Top Bar
Social Share Icons & Social Share Buttons
- Plugin Slug:
- ultimate-social-media-plus
- Installations
- 20,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.6.3
- Severity Score:
- Medium
- CVE:
- 2024-32820
weForms – Easy Drag & Drop Contact Form Builder For WordPress
- Plugin Slug:
- weforms
- Installations
- 20,000+
- Vulnerability:
- Bypass Vulnerability
- Patched in Version:
- 1.6.21
- Severity Score:
- Medium
- CVE:
- 2024-32512
TeraWallet – Best WooCommerce Wallet System With Cashback Rewards, Partial Payment, Wallet Refunds
- Plugin:
- TeraWallet – Best WooCommerce Wallet System With Cashback Rewards, Partial Payment, Wallet Refunds
- Plugin Slug:
- woo-wallet
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.5.1
- Severity Score:
- Medium
- CVE:
- 2024-32584
Brevo for WooCommerce
- Plugin:
- Brevo for WooCommerce
- Plugin Slug:
- woocommerce-sendinblue-newsletter-subscription
- Installations
- 20,000+
- Vulnerability:
- Arbitrary File Download
- Patched in Version:
- 4.0.18
- Severity Score:
- High
- CVE:
- 2024-32807
WP Meta SEO
- Plugin:
- WP Meta SEO
- Plugin Slug:
- wp-meta-seo
- Installations
- 20,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 4.5.13
- Severity Score:
- Medium
- CVE:
- 2023-6962
WP Meta SEO
- Plugin:
- WP Meta SEO
- Plugin Slug:
- wp-meta-seo
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.5.13
- Severity Score:
- High
- CVE:
- 2023-6961
Advanced Floating Content Lite
- Plugin:
- Advanced Floating Content Lite
- Plugin Slug:
- advanced-floating-content-lite
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.2.6
- Severity Score:
- Medium
- CVE:
- 2024-32723
BA Book Everything
- Plugin:
- BA Book Everything
- Plugin Slug:
- ba-book-everything
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.6.9
- Severity Score:
- Medium
- CVE:
- 2024-32598
BA Book Everything
- Plugin:
- BA Book Everything
- Plugin Slug:
- ba-book-everything
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.6.9
- Severity Score:
- Medium
- CVE:
- 2024-32576
Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss
- Plugin Slug:
- bp-better-messages
- Installations
- 10,000+
- Vulnerability:
- Broken Authentication
- Patched in Version:
- 2.4.33
- Severity Score:
- Medium
- CVE:
- 2024-32802
rtMedia for WordPress, BuddyPress and bbPress
- Plugin Slug:
- buddypress-media
- Installations
- 10,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 4.6.19
- Severity Score:
- High
- CVE:
- 2024-3293
Language Translate Widget for WordPress – ConveyThis
- Plugin Slug:
- conveythis-translate
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 224
- Severity Score:
- High
- CVE:
- 2023-6811
EAN for WooCommerce
- Plugin:
- EAN for WooCommerce
- Plugin Slug:
- ean-for-woocommerce
- Installations
- 10,000+
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- 4.9.3
- Severity Score:
- Medium
- CVE:
- 2023-6897
EAN for WooCommerce
- Plugin:
- EAN for WooCommerce
- Plugin Slug:
- ean-for-woocommerce
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.9.3
- Severity Score:
- Medium
- CVE:
- 2023-6892
Easy Custom Auto Excerpt
- Plugin:
- Easy Custom Auto Excerpt
- Plugin Slug:
- easy-custom-auto-excerpt
- Installations
- 10,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 2.5.0
- Severity Score:
- Medium
- CVE:
- 2024-3312
eCommerce Product Catalog Plugin for WordPress
- Plugin Slug:
- ecommerce-product-catalog
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.3.33
- Severity Score:
- High
- CVE:
- 2024-32558
Elespare – Blog, Magazine and Newspaper Addons for Elementor with Templates, Widgets, Kits, and Header/Footer Builder. One Click Import: No Coding Required!
- Plugin Slug:
- elespare
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.1.3
- Severity Score:
- Medium
- CVE:
- 2024-0900
Email Customizer for WooCommerce | Drag and Drop Email Templates Builder
- Plugin Slug:
- email-customizer-for-woocommerce
- Installations
- 10,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 2.6.1
- Severity Score:
- High
- CVE:
- 2024-32781
eRoom – Zoom Meetings & Webinars
- Plugin:
- eRoom – Zoom Meetings & Webinars
- Plugin Slug:
- eroom-zoom-meetings-webinar
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.4.19
- Severity Score:
- Medium
- CVE:
- 2024-3275
GeoDirectory – WordPress Business Directory Plugin, or Classified Directory
- Plugin Slug:
- geodirectory
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.3.49
- Severity Score:
- Medium
- CVE:
- 2024-3732
List Custom Taxonomy Widget
- Plugin:
- List Custom Taxonomy Widget
- Plugin Slug:
- list-custom-taxonomy-widget
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.2
- Severity Score:
- Medium
- CVE:
- 2024-32833
Mailster WordPress Newsletter Plugin Compatibility Tester
- Plugin Slug:
- mailster
- Installations
- 10,000+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 4.0.7
- Severity Score:
- High
- CVE:
- 2024-32523
Mega Elements – Addons for Elementor
- Plugin Slug:
- mega-elements-addons-for-elementor
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.2.0
- Severity Score:
- Medium
- CVE:
- 2024-32575
Restaurant Menu – Food Ordering System – Table Reservation
- Plugin Slug:
- menu-ordering-reservations
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.4.2
- Severity Score:
- Medium
- CVE:
- 2024-32579
myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin
- Plugin Slug:
- mycred
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.6.4
- Severity Score:
- Medium
- CVE:
- 2024-32711
Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction
- Plugin:
- Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction
- Plugin Slug:
- paid-member-subscriptions
- Installations
- 10,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.11.1
- Severity Score:
- Medium
- CVE:
- 2024-32728
RomethemeKit For Elementor
- Plugin:
- RomethemeKit For Elementor
- Plugin Slug:
- rometheme-for-elementor
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.4.2
- Severity Score:
- Medium
- CVE:
- 2024-32956
Social Share Buttons, Social Sharing Icons, Click to Tweet — Social Media Plugin by Social Snap
- Plugin:
- Social Share Buttons, Social Sharing Icons, Click to Tweet — Social Media Plugin by Social Snap
- Plugin Slug:
- socialsnap
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.3.6
- Severity Score:
- Medium
- CVE:
- 2024-32805
WPC Frequently Bought Together for WooCommerce
- Plugin Slug:
- woo-bought-together
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 7.0.4
- Severity Score:
- Medium
- CVE:
- 2024-32687
WooCommerce Google Feed Manager
- Plugin:
- WooCommerce Google Feed Manager
- Plugin Slug:
- wp-product-feed-manager
- Installations
- 10,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 2.6.0
- Severity Score:
- High
- CVE:
- 2024-3067
SchedulePress – Best Editorial Calendar, Missed Schedule & Auto Social Share
- Plugin Slug:
- wp-scheduled-posts
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 5.0.9
- Severity Score:
- Medium
- CVE:
- 2024-32717
WP Travel Engine – Best Travel Booking WordPress Plugin
- Plugin Slug:
- wp-travel-engine
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 5.8.1
- Severity Score:
- High
- CVE:
- 2024-32798
WP Ultimate Review
- Plugin:
- WP Ultimate Review
- Plugin Slug:
- wp-ultimate-review
- Installations
- 10,000+
- Vulnerability:
- Bypass Vulnerability
- Patched in Version:
- 2.3.0
- Severity Score:
- Medium
- CVE:
- 2024-32685
WP Ultimate Review
- Plugin:
- WP Ultimate Review
- Plugin Slug:
- wp-ultimate-review
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.3.0
- Severity Score:
- Medium
- CVE:
- 2024-32684
WP Ultimate Review
- Plugin:
- WP Ultimate Review
- Plugin Slug:
- wp-ultimate-review
- Installations
- 10,000+
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- 2.3.0
- Severity Score:
- Medium
- CVE:
- 2024-32683
Frontend Admin by DynamiApps
- Plugin:
- Frontend Admin by DynamiApps
- Plugin Slug:
- acf-frontend-form-element
- Installations
- 9,000+
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 3.19.5
- Severity Score:
- Critical
- CVE:
- 2024-3729
Elements Plus!
- Plugin:
- Elements Plus!
- Plugin Slug:
- elements-plus
- Installations
- 9,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.16.4
- Severity Score:
- Medium
- CVE:
- 2024-32457
FG Joomla to WordPress
- Plugin:
- FG Joomla to WordPress
- Plugin Slug:
- fg-joomla-to-wordpress
- Installations
- 9,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 4.21.0
- Severity Score:
- Medium
- CVE:
- 2024-32788
WP Cookie Consent ( for GDPR, CCPA & ePrivacy )
- Plugin Slug:
- gdpr-cookie-consent
- Installations
- 9,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.1.0
- Severity Score:
- Medium
- CVE:
- 2024-3599
Media Library Folders
- Plugin:
- Media Library Folders
- Plugin Slug:
- media-library-plus
- Installations
- 9,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 8.2.1
- Severity Score:
- High
- CVE:
- 2024-3615
RomethemeForm For Elementor
- Plugin:
- RomethemeForm For Elementor
- Plugin Slug:
- romethemeform
- Installations
- 9,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.1.3
- Severity Score:
- Medium
- CVE:
- 2024-32727
Smart Forms – when you need more than just a contact form
- Plugin Slug:
- smart-forms
- Installations
- 9,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.6.94
- Severity Score:
- Medium
- CVE:
- 2024-1307
Smart Forms – when you need more than just a contact form
- Plugin Slug:
- smart-forms
- Installations
- 9,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.6.94
- Severity Score:
- Medium
- CVE:
- 2024-1306
WP LinkedIn Auto Publish
- Plugin:
- WP LinkedIn Auto Publish
- Plugin Slug:
- wp-linkedin-auto-publish
- Installations
- 9,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 8.12
- Severity Score:
- Medium
- CVE:
- 2024-32797
WordPress Backup & Migration
- Plugin:
- WordPress Backup & Migration
- Plugin Slug:
- wp-migration-duplicator
- Installations
- 9,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.4.9
- Severity Score:
- Medium
- CVE:
- 2024-3546
WP Social Comments
- Plugin:
- WP Social Comments
- Plugin Slug:
- gs-facebook-comments
- Installations
- 8,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.7.4
- Severity Score:
- Medium
- CVE:
- 2024-32689
Maintenance Mode
- Plugin:
- Maintenance Mode
- Plugin Slug:
- hkdev-maintenance-mode
- Installations
- 8,000+
- Vulnerability:
- Bypass Vulnerability
- Patched in Version:
- 3.0.2
- Severity Score:
- Low
- CVE:
- 2024-32708
LearnPress Export Import – WordPress extension for LearnPress
- Plugin Slug:
- learnpress-import-export
- Installations
- 8,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.0.4
- Severity Score:
- High
- CVE:
- 2024-32588
Tagembed: Embed Twitter Feed, Google Reviews, YouTube Videos, TikTok, RSS Feed & More Social Media Feeds
- Plugin Slug:
- tagembed-widget
- Installations
- 8,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.9
- Severity Score:
- Medium
- CVE:
- 2024-32561
VikBooking Hotel Booking Engine & PMS
- Plugin Slug:
- vikbooking
- Installations
- 8,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.6.8
- Severity Score:
- High
- CVE:
- 2024-32563
ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup
- Plugin:
- ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup
- Plugin Slug:
- armember-membership
- Installations
- 7,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.0.29
- Severity Score:
- Critical
- CVE:
- 2024-32948
Icon Widget
- Plugin:
- Icon Widget
- Plugin Slug:
- icon-widget
- Installations
- 7,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.4.0
- Severity Score:
- Medium
- CVE:
- 2024-1993
ProfileGrid – User Profiles, Memberships, Groups and Communities
- Plugin Slug:
- profilegrid-user-profiles-groups-and-communities
- Installations
- 7,000+
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- 5.8.0
- Severity Score:
- Medium
- CVE:
- 2024-32808
ProfileGrid – User Profiles, Memberships, Groups and Communities
- Plugin Slug:
- profilegrid-user-profiles-groups-and-communities
- Installations
- 7,000+
- Vulnerability:
- Bypass Vulnerability
- Patched in Version:
- 5.8.3
- Severity Score:
- Medium
- CVE:
- 2024-32774
ProfileGrid – User Profiles, Memberships, Groups and Communities
- Plugin Slug:
- profilegrid-user-profiles-groups-and-communities
- Installations
- 7,000+
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- 5.8.0
- Severity Score:
- Medium
- CVE:
- 2024-32772
ProfileGrid – User Profiles, Memberships, Groups and Communities
- Plugin Slug:
- profilegrid-user-profiles-groups-and-communities
- Installations
- 7,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 5.8.4
- Severity Score:
- Medium
- CVE:
- 2024-3606
Country State City Dropdown CF7
- Plugin:
- Country State City Dropdown CF7
- Plugin Slug:
- country-state-city-auto-dropdown
- Installations
- 6,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.7.2
- Severity Score:
- Medium
- CVE:
- 2024-3520
Easy Property Listings
- Plugin:
- Easy Property Listings
- Plugin Slug:
- easy-property-listings
- Installations
- 6,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.5.4
- Severity Score:
- Medium
- CVE:
- 2024-32799
EnvíaloSimple: Email Marketing y Newsletters
- Plugin Slug:
- envialosimple-email-marketing-y-newsletters-gratis
- Installations
- 6,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.3
- Severity Score:
- Medium
- CVE:
- 2024-32587
Image Slider
- Plugin:
- Image Slider
- Plugin Slug:
- image-slider-widget
- Installations
- 6,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.1.127
- Severity Score:
- Medium
- CVE:
- 2024-32707
Poll Maker – Best WordPress Poll Plugin
- Plugin Slug:
- poll-maker
- Installations
- 6,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 5.1.9
- Severity Score:
- Medium
- CVE:
- 2024-3601
Poll Maker – Best WordPress Poll Plugin
- Plugin Slug:
- poll-maker
- Installations
- 6,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.1.9
- Severity Score:
- High
- CVE:
- 2024-3600
Radio Player – Live Shoutcast, Icecast and Any Audio Stream Player for WordPress
- Plugin Slug:
- radio-player
- Installations
- 6,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 2.0.74
- Severity Score:
- Medium
- CVE:
- 2024-32506
Responsive Tabs
- Plugin:
- Responsive Tabs
- Plugin Slug:
- responsive-tabs
- Installations
- 6,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.0.7
- Severity Score:
- Medium
- CVE:
- 2024-1846
Podlove Podcast Publisher
- Plugin:
- Podlove Podcast Publisher
- Plugin Slug:
- podlove-podcasting-plugin-for-wordpress
- Installations
- 5,000+
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- 4.0.12
- Severity Score:
- Medium
- CVE:
- 2024-32812
Podlove Podcast Publisher
- Plugin:
- Podlove Podcast Publisher
- Plugin Slug:
- podlove-podcasting-plugin-for-wordpress
- Installations
- 5,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.0.15
- Severity Score:
- High
- CVE:
- 2024-32712
Salon booking system
- Plugin:
- Salon booking system
- Plugin Slug:
- salon-booking-system
- Installations
- 5,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 9.6.3
- Severity Score:
- High
- CVE:
- 2024-2101
TrackShip for WooCommerce
- Plugin:
- TrackShip for WooCommerce
- Plugin Slug:
- trackship-for-woocommerce
- Installations
- 5,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.7.6
- Severity Score:
- Medium
- CVE:
- 2024-32678
Ultimate 410 Gone Status Code
- Plugin:
- Ultimate 410 Gone Status Code
- Plugin Slug:
- ultimate-410
- Installations
- 5,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.1.5
- Severity Score:
- Medium
- CVE:
- 2024-3677
MyRewards – Loyalty Points and Rewards for WooCommerce – Reward orders, referrals, product reviews and more
- Plugin Slug:
- woorewards
- Installations
- 5,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 5.3.1
- Severity Score:
- Medium
- CVE:
- 2024-32688
Shopping Cart & eCommerce Store
- Plugin:
- Shopping Cart & eCommerce Store
- Plugin Slug:
- wp-easycart
- Installations
- 5,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 5.6.4
- Severity Score:
- High
- CVE:
- 2024-3211
Advanced Local Pickup for WooCommerce
- Plugin Slug:
- advanced-local-pickup-for-woocommerce
- Installations
- 4,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.6.2
- Severity Score:
- Medium
- CVE:
- 2024-32814
Embed Google Photos album
- Plugin:
- Embed Google Photos album
- Plugin Slug:
- embed-google-photos-album-easily
- Installations
- 4,000+
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- 2.2.1
- Severity Score:
- Medium
- CVE:
- 2024-32775
Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin
- Plugin Slug:
- everest-backup
- Installations
- 4,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 2.2.5
- Severity Score:
- Critical
- CVE:
- 2023-7201
3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin
- Plugin Slug:
- real3d-flipbook-lite
- Installations
- 4,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.63
- Severity Score:
- High
- CVE:
- 2024-32694
RSS Feed Widget
- Plugin:
- RSS Feed Widget
- Plugin Slug:
- rss-feed-widget
- Installations
- 4,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.9.8
- Severity Score:
- Medium
- CVE:
- 2024-32690
Tickera – WordPress Event Ticketing
- Plugin Slug:
- tickera-event-ticketing-system
- Installations
- 4,000+
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- 3.5.2.5
- Severity Score:
- Medium
- CVE:
- 2023-7252
VikRentCar Car Rental Management System
- Plugin Slug:
- vikrentcar
- Installations
- 4,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 1.3.3
- Severity Score:
- Medium
- CVE:
- 2024-32780
WP ADA Compliance Check Basic – Most Comprehensive Web Accessibility Solution for WordPress
- Plugin Slug:
- wp-ada-compliance-check-basic
- Installations
- 4,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 3.1.4
- Severity Score:
- Medium
- CVE:
- 2024-32947
WP Dummy Content Generator
- Plugin:
- WP Dummy Content Generator
- Plugin Slug:
- wp-dummy-content-generator
- Installations
- 4,000+
- Vulnerability:
- Arbitrary Code Execution
- Patched in Version:
- 3.3.0
- Severity Score:
- Critical
- CVE:
- 2024-32599
WP Fusion Lite – Marketing Automation and CRM Integration for WordPress
- Plugin Slug:
- wp-fusion-lite
- Installations
- 4,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 3.43.0
- Severity Score:
- Medium
- CVE:
- 2024-32796
WPC Grouped Product for WooCommerce
- Plugin Slug:
- wpc-grouped-product
- Installations
- 4,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.4.3
- Severity Score:
- Medium
- CVE:
- 2024-32520
Coupon & Discount Code Reveal Button
- Plugin Slug:
- coupon-reveal-button
- Installations
- 3,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.2.6
- Severity Score:
- Medium
- CVE:
- 2024-32722
Debug Log Manager
- Plugin:
- Debug Log Manager
- Plugin Slug:
- debug-log-manager
- Installations
- 3,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.3.2
- Severity Score:
- High
- CVE:
- 2024-32582
WP-FormAssembly
- Plugin:
- WP-FormAssembly
- Plugin Slug:
- formassembly-web-forms
- Installations
- 3,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.0.11
- Severity Score:
- Medium
- CVE:
- 2023-49768
HelloAsso
- Plugin:
- HelloAsso
- Plugin Slug:
- helloasso
- Installations
- 3,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.1.6
- Severity Score:
- Medium
- CVE:
- 2024-32697
MaxGalleria
- Plugin:
- MaxGalleria
- Plugin Slug:
- maxgalleria
- Installations
- 3,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 6.4.3
- Severity Score:
- Medium
- CVE:
- 2024-3581
Navigation menu as Dropdown Widget
- Plugin Slug:
- navigation-menu-as-dropdown-widget
- Installations
- 3,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.3.5
- Severity Score:
- Medium
- CVE:
- 2024-32126
Newsletters
- Plugin:
- Newsletters
- Plugin Slug:
- newsletters-lite
- Installations
- 3,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 4.9.6
- Severity Score:
- Critical
- CVE:
- 2024-32954
Newsletters
- Plugin:
- Newsletters
- Plugin Slug:
- newsletters-lite
- Installations
- 3,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 4.9.6
- Severity Score:
- High
- CVE:
- 2024-32953
Shared Files – Advanced File Sharing & Download Manager with Frontend Uploads & Lead Generation
- Plugin:
- Shared Files – Advanced File Sharing & Download Manager with Frontend Uploads & Lead Generation
- Plugin Slug:
- shared-files
- Installations
- 3,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.7.17
- Severity Score:
- Medium
- CVE:
- 2024-32679
Vision – Image Map Builder
- Plugin:
- Vision – Image Map Builder
- Plugin Slug:
- vision
- Installations
- 3,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.7.2
- Severity Score:
- Medium
- CVE:
- 2024-32779
Widget Post Slider
- Plugin:
- Widget Post Slider
- Plugin Slug:
- widget-post-slider
- Installations
- 3,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.3.6
- Severity Score:
- Medium
- CVE:
- 2024-32801
WP-Lister Lite for eBay
- Plugin:
- WP-Lister Lite for eBay
- Plugin Slug:
- wp-lister-for-ebay
- Installations
- 3,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 3.6.0
- Severity Score:
- Critical
- CVE:
- 2024-32836
WP-Lister Lite for eBay
- Plugin:
- WP-Lister Lite for eBay
- Plugin Slug:
- wp-lister-for-ebay
- Installations
- 3,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.6.0
- Severity Score:
- Medium
- CVE:
- 2024-32573
WP-Recall – Registration, Profile, Commerce & More
- Plugin Slug:
- wp-recall
- Installations
- 3,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 16.26.6
- Severity Score:
- High
- CVE:
- 2024-32710
WP-Recall – Registration, Profile, Commerce & More
- Plugin Slug:
- wp-recall
- Installations
- 3,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 16.26.6
- Severity Score:
- Critical
- CVE:
- 2024-32709
WP-Recall – Registration, Profile, Commerce & More
- Plugin Slug:
- wp-recall
- Installations
- 3,000+
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- 16.26.6
- Severity Score:
- Medium
- CVE:
- 2024-32604
WP Stripe Checkout
- Plugin:
- WP Stripe Checkout
- Plugin Slug:
- wp-stripe-checkout
- Installations
- 3,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.2.2.42
- Severity Score:
- Medium
- CVE:
- 2024-32571
Accessibility Widget
- Plugin:
- Accessibility Widget
- Plugin Slug:
- accessibility-widget
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.2.1
- Severity Score:
- Medium
- CVE:
- 2024-32831
Advanced Testimonial Carousel for Elementor
- Plugin Slug:
- advanced-testimonial-carousel-for-elementor
- Installations
- 2,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.0.1
- Severity Score:
- Medium
- CVE:
- 2024-32783
All-in-one Like Widget
- Plugin:
- All-in-one Like Widget
- Plugin Slug:
- all-in-one-facebook-like-widget
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.2.8
- Severity Score:
- Medium
- CVE:
- 2024-32815
Custom Thank You Page Customize For WooCommerce by Binary Carpenter
- Plugin Slug:
- bc-woo-custom-thank-you-pages
- Installations
- 2,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.4.14
- Severity Score:
- Medium
- CVE:
- 2024-32517
CookieHub – Cookie Consent Banner (DSGVO, CCPA, RGPD and GDPR compliance)
- Plugin Slug:
- cookiehub
- Installations
- 2,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.1.1
- Severity Score:
- Medium
- CVE:
- 2024-32784
GG Woo Feed for WooCommerce Shopping Feed on Google Facebook and Other Channels
- Plugin Slug:
- gg-woo-feed
- Installations
- 2,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.2.7
- Severity Score:
- Medium
- CVE:
- 2024-32519
InstaWP Connect – 1-click WP Staging & Migration
- Plugin Slug:
- instawp-connect
- Installations
- 2,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 0.1.0.25
- Severity Score:
- Medium
- CVE:
- 2024-32701
Kattene
- Plugin:
- Kattene
- Plugin Slug:
- kattene
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.8
- Severity Score:
- Medium
- CVE:
- 2024-32590
LH Add Media From Url
- Plugin:
- LH Add Media From Url
- Plugin Slug:
- lh-add-media-from-url
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.23
- Severity Score:
- High
- CVE:
- 2024-32533
Mortgage Calculators WP
- Plugin:
- Mortgage Calculators WP
- Plugin Slug:
- mortgage-calculators-wp
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.60
- Severity Score:
- Medium
- CVE:
- 2024-32581
Active Products Tables for WooCommerce. Use constructor to create tables
- Plugin Slug:
- profit-products-tables-for-woocommerce
- Installations
- 2,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.0.6.3
- Severity Score:
- Medium
- CVE:
- 2024-32691
The Pack Elementor addons (Header Footer & WooCommerce Builder, Template Library)
- Plugin Slug:
- the-pack-addon
- Installations
- 2,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.0.8.4
- Severity Score:
- High
- CVE:
- 2024-32785
The Pack Elementor addons (Header Footer & WooCommerce Builder, Template Library)
- Plugin Slug:
- the-pack-addon
- Installations
- 2,000+
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- 2.0.8.3
- Severity Score:
- Medium
- CVE:
- 2024-32718
Open Close WooCommerce Store – Best Business Schedules Manager
- Plugin Slug:
- woc-open-close
- Installations
- 2,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.9.2
- Severity Score:
- Medium
- CVE:
- 2024-32522
SuperFaktura WooCommerce
- Plugin:
- SuperFaktura WooCommerce
- Plugin Slug:
- woocommerce-superfaktura
- Installations
- 2,000+
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- 1.40.4
- Severity Score:
- Medium
- CVE:
- 2024-32803
WP Helper Premium
- Plugin:
- WP Helper Premium
- Plugin Slug:
- wp-helper-lite
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.6.0
- Severity Score:
- High
- CVE:
- 2024-32595
Academy LMS – eLearning and online course solution for WordPress
- Plugin Slug:
- academy
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.9.17
- Severity Score:
- Medium
- CVE:
- 2024-32714
ActiveDEMAND
- Plugin:
- ActiveDEMAND
- Plugin Slug:
- activedemand
- Installations
- 1,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 0.2.42
- Severity Score:
- Critical
- CVE:
- 2024-32809
AI Post Generator | AutoWriter
- Plugin:
- AI Post Generator | AutoWriter
- Plugin Slug:
- ai-post-generator
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.4
- Severity Score:
- Medium
- CVE:
- 2024-32713
EleForms – All In One Form Integration including DB for Elementor
- Plugin Slug:
- all-contact-form-integration-for-elementor
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.9.9.8
- Severity Score:
- Medium
- CVE:
- 2024-2043
EleForms – All In One Form Integration including DB for Elementor
- Plugin Slug:
- all-contact-form-integration-for-elementor
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.9.9.8
- Severity Score:
- High
- CVE:
- 2024-2082
App Builder – Create Native Android & iOS Apps On The Flight
- Plugin Slug:
- app-builder
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.8.9
- Severity Score:
- Medium
- CVE:
- 2024-32565
AppPresser – Mobile App Framework
- Plugin Slug:
- apppresser
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.3.1
- Severity Score:
- Medium
- CVE:
- 2024-32776
Attesa Extra
- Plugin:
- Attesa Extra
- Plugin Slug:
- attesa-extra
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.4.0
- Severity Score:
- Medium
- CVE:
- 2024-32594
Backend Designer
- Plugin:
- Backend Designer
- Plugin Slug:
- backend-designer
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.4
- Severity Score:
- Medium
- CVE:
- 2024-32591
Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC)
- Plugin Slug:
- buddyforms
- Installations
- 1,000+
- Vulnerability:
- Arbitrary File Download
- Patched in Version:
- 2.8.9
- Severity Score:
- High
- CVE:
- 2024-32830
Import Content in WordPress & WooCommerce with Excel
- Plugin Slug:
- content-excel-importer
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.3
- Severity Score:
- Medium
- CVE:
- 2024-32585
Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Competition Plugin for WordPress
- Plugin Slug:
- contest-gallery
- Installations
- 1,000+
- Vulnerability:
- Arbitrary File Deletion
- Patched in Version:
- 21.3.5
- Severity Score:
- High
- CVE:
- 2024-32778
Culqi
- Plugin:
- Culqi
- Plugin Slug:
- culqi-checkout
- Installations
- 1,000+
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- 3.0.15
- Severity Score:
- Medium
- CVE:
- 2024-32819
DirectoryPress – Business Directory And Classified Ad Listing
- Plugin Slug:
- directorypress
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.6.8
- Severity Score:
- High
- CVE:
- 2024-32567
DSGVO Youtube
- Plugin:
- DSGVO Youtube
- Plugin Slug:
- dsgvo-youtube
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.4.6
- Severity Score:
- Medium
- CVE:
- 2024-32596
USPS Shipping for WooCommerce – Live Rates
- Plugin Slug:
- flexible-shipping-usps
- Installations
- 1,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 1.10.0
- Severity Score:
- Medium
- CVE:
- 2024-32811
Headline Analyzer
- Plugin:
- Headline Analyzer
- Plugin Slug:
- headline-analyzer
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.3.4
- Severity Score:
- Medium
- CVE:
- 2024-32806
AI Infographic Maker
- Plugin:
- AI Infographic Maker
- Plugin Slug:
- infographic-and-list-builder-ilist
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.6.8
- Severity Score:
- Medium
- CVE:
- 2024-32696
Login with phone number
- Plugin:
- Login with phone number
- Plugin Slug:
- login-with-phone-number
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.6.94
- Severity Score:
- Critical
- CVE:
- 2024-32832
Login with phone number
- Plugin:
- Login with phone number
- Plugin Slug:
- login-with-phone-number
- Installations
- 1,000+
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 1.7.17
- Severity Score:
- High
- CVE:
- 2024-32507
Netgsm
- Plugin:
- Netgsm
- Plugin Slug:
- netgsm
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.9
- Severity Score:
- High
- CVE:
- 2024-32544
BizPrint – Print WooCommerce Order Receipts, Invoices, Labels & More.
- Plugin Slug:
- print-google-cloud-print-gcp-woocommerce
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.5.4
- Severity Score:
- High
- CVE:
- 2024-32777
Reviews Plus
- Plugin:
- Reviews Plus
- Plugin Slug:
- reviews-plus
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.3.5
- Severity Score:
- Medium
- CVE:
- 2024-32822
Seers | GDPR & CCPA Cookie Consent & Compliance
- Plugin Slug:
- seers-cookie-consent-banner-privacy-policy
- Installations
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 8.1.1
- Severity Score:
- High
- CVE:
- 2024-32789
WooCommerce Shipping Label
- Plugin:
- WooCommerce Shipping Label
- Plugin Slug:
- shipping-labels-for-woo
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.3.9
- Severity Score:
- Medium
- CVE:
- 2024-32834
StreamWeasels Twitch Integration
- Plugin:
- StreamWeasels Twitch Integration
- Plugin Slug:
- streamweasels-twitch-integration
- Installations
- 1,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 1.8.0
- Severity Score:
- Medium
- CVE:
- 2024-32716
Tagbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics
- Plugin Slug:
- taggbox-widget
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.3
- Severity Score:
- Medium
- CVE:
- 2024-32552
Poll | Vote | Contest – Best Poll Plugin for WordPress
- Plugin Slug:
- totalpoll-lite
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.10.0
- Severity Score:
- Medium
- CVE:
- 2024-32821
Void Elementor WHMCS Elements For Elementor Page Builder
- Plugin Slug:
- void-elementor-whmcs-elements
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.0.1
- Severity Score:
- Medium
- CVE:
- 2024-32592
Multi Currency For WooCommerce
- Plugin:
- Multi Currency For WooCommerce
- Plugin Slug:
- wc-multi-currency
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.5.6
- Severity Score:
- Medium
- CVE:
- 2024-32516
Order Limit for WooCommerce
- Plugin:
- Order Limit for WooCommerce
- Plugin Slug:
- wc-order-limit-lite
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.0.1
- Severity Score:
- Medium
- CVE:
- 2024-32675
BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages
- Plugin Slug:
- wc4bp
- Installations
- 1,000+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 3.4.21
- Severity Score:
- High
- CVE:
- 2024-32603
SharkDropship and Affiliate for AliExpress, eBay, Amazon, Etsy
- Plugin Slug:
- woo-aliexpress-dropshipping
- Installations
- 1,000+
- Vulnerability:
- Arbitrary Content Deletion
- Patched in Version:
- 2.1.2
- Severity Score:
- High
- CVE:
- 2024-32724
WP Club Manager – WordPress Sports Club Plugin
- Plugin Slug:
- wp-club-manager
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.2.12
- Severity Score:
- Medium
- CVE:
- 2024-32719
WP Club Manager – WordPress Sports Club Plugin
- Plugin Slug:
- wp-club-manager
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.2.12
- Severity Score:
- Medium
- CVE:
- 2024-32566
WP Dynamic Keywords Injector
- Plugin:
- WP Dynamic Keywords Injector
- Plugin Slug:
- wp-dynamic-keywords-injector
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.3.22
- Severity Score:
- High
- CVE:
- 2024-32528
WP GoToWebinar
- Plugin:
- WP GoToWebinar
- Plugin Slug:
- wp-gotowebinar
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 15.1
- Severity Score:
- Medium
- CVE:
- 2024-32804
MDTF – Meta Data and Taxonomies Filter
- Plugin Slug:
- wp-meta-data-filter-and-taxonomy-filter
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.3.3.1
- Severity Score:
- Medium
- CVE:
- 2024-32818
WordPress Simple HTML Sitemap
- Plugin:
- WordPress Simple HTML Sitemap
- Plugin Slug:
- wp-simple-html-sitemap
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.9
- Severity Score:
- High
- CVE:
- 2024-32574
WP Smart Import : Import any XML File to WordPress
- Plugin Slug:
- wp-smart-import
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.1.0
- Severity Score:
- Medium
- CVE:
- 2024-32597
WPBITS Addons For Elementor Page Builder
- Plugin Slug:
- wpbits-addons-for-elementor
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.4
- Severity Score:
- Medium
- CVE:
- 2024-32593
WPCal.io – Easy Meeting Scheduler
- Plugin Slug:
- wpcal
- Installations
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 0.9.5.9
- Severity Score:
- Medium
- CVE:
- 2024-32795
Frontend Dashboard
- Plugin:
- Frontend Dashboard
- Plugin Slug:
- frontend-dashboard
- Installations
- 900+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 2.2.4
- Severity Score:
- High
- CVE:
- 2024-32726
Olive One Click Demo Import
- Plugin:
- Olive One Click Demo Import
- Plugin Slug:
- olive-one-click-demo-import
- Installations
- 900+
- Vulnerability:
- Arbitrary File Download
- Patched in Version:
- 1.1.2
- Severity Score:
- High
- CVE:
- 2024-32715
Language Switcher for Transposh
- Plugin:
- Language Switcher for Transposh
- Plugin Slug:
- language-switcher-for-transposh
- Installations
- 800+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.6.0
- Severity Score:
- High
- CVE:
- 2024-32695
BMI Adult & Kid Calculator
- Plugin:
- BMI Adult & Kid Calculator
- Plugin Slug:
- bmi-adultkid-calculator
- Installations
- 700+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.2.2
- Severity Score:
- High
- CVE:
- 2024-32550
ShortPixel Critical CSS
- Plugin:
- ShortPixel Critical CSS
- Plugin Slug:
- shortpixel-critical-css
- Installations
- 700+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.0.3
- Severity Score:
- High
- CVE:
- 2024-32810
Support Genix – Support Tickets Managing System & Helpdesk Plugin for WordPress and WooCommerce
- Plugin:
- Support Genix – Support Tickets Managing System & Helpdesk Plugin for WordPress and WooCommerce
- Plugin Slug:
- support-genix-lite
- Installations
- 400+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.2.4
- Severity Score:
- Critical
- CVE:
- 2023-49742
Evergreen Content Poster – Auto Post and Schedule Your Best Content to Social Media
- Plugin Slug:
- evergreen-content-poster
- Installations
- 100+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.4.3
- Severity Score:
- Medium
- CVE:
- 2024-32824
Fixed HTML Toolbar
- Plugin:
- Fixed HTML Toolbar
- Plugin Slug:
- fixed-html-toolbar
- Installations
- 100+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.0.8
- Severity Score:
- Medium
- CVE:
- 2024-32540
NPS computy
- Plugin:
- NPS computy
- Plugin Slug:
- nps-computy
- Installations
- 90+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.7.6
- Severity Score:
- Medium
- CVE:
- 2024-1755
NPS computy
- Plugin:
- NPS computy
- Plugin Slug:
- nps-computy
- Installations
- 90+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.7.6
- Severity Score:
- Medium
- CVE:
- 2024-1754
5 star review funnel for Google Reviews, Trustpilot, ProvenExpert and more | RRatingg
- Plugin Slug:
- 5-stars-rating-funnel
- Installations
- 40+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.3.02
- Severity Score:
- Medium
- CVE:
- 2024-32725
ARForms
- Plugin:
- ARForms
- Plugin Slug:
- arforms
- Vulnerability:
- SQL Injection
- Patched in Version:
- 6.4.1
- Severity Score:
- High
- CVE:
- 2024-32706
ARForms
- Plugin:
- ARForms
- Plugin Slug:
- arforms
- Vulnerability:
- Settings Change
- Patched in Version:
- 6.4.1
- Severity Score:
- High
- CVE:
- 2024-32705
ARForms
- Plugin:
- ARForms
- Plugin Slug:
- arforms
- Vulnerability:
- Settings Change
- Patched in Version:
- 6.4.1
- Severity Score:
- High
- CVE:
- 2024-32704
ARForms
- Plugin:
- ARForms
- Plugin Slug:
- arforms
- Vulnerability:
- Arbitrary File Deletion
- Patched in Version:
- 6.4.1
- Severity Score:
- High
- CVE:
- 2024-32703
ARForms
- Plugin:
- ARForms
- Plugin Slug:
- arforms
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 6.4.1
- Severity Score:
- High
- CVE:
- 2024-32702
Barcode Scanner with Inventory & Order Manager
- Plugin:
- Barcode Scanner with Inventory & Order Manager
- Plugin Slug:
- barcode-scanner-lite-pos-to-manage-products-inventory-and-orders
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.5.4
- Severity Score:
- High
- CVE:
- 2024-32589
CBX Bookmark & Favorite
- Plugin:
- CBX Bookmark & Favorite
- Plugin Slug:
- cbxwpbookmark
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.7.22
- Severity Score:
- Medium
- CVE:
- 2024-32577
Chauffeur Taxi Booking System for WordPress
- Plugin:
- Chauffeur Taxi Booking System for WordPress
- Plugin Slug:
- chauffeur-booking-system
- Vulnerability:
- Broken Authentication
- Patched in Version:
- 7.0
- Severity Score:
- High
- CVE:
- 2024-32692
Conversational Forms for ChatBot
- Plugin:
- Conversational Forms for ChatBot
- Plugin Slug:
- conversational-forms
- Vulnerability:
- Arbitrary File Download
- Patched in Version:
- 1.2.0
- Severity Score:
- High
- CVE:
- 2024-32729
ElementsKit Pro
- Plugin:
- ElementsKit Pro
- Plugin Slug:
- elementskit
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.6.1
- Severity Score:
- Medium
- CVE:
- 2024-3598
Essential Addons for Elementor Pro
- Plugin:
- Essential Addons for Elementor Pro
- Plugin Slug:
- essential-addons-elementor
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.8.12
- Severity Score:
- Medium
- CVE:
- 2024-3645
Fancy Product Designer
- Plugin:
- Fancy Product Designer
- Plugin Slug:
- fancy-product-designer
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 6.1.81
- Severity Score:
- Medium
- CVE:
- 2024-0902
Integrate Google Drive
- Plugin:
- Integrate Google Drive
- Plugin Slug:
- integrate-google-drive
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.3.91
- Severity Score:
- High
- CVE:
- 2024-32949
Integrate Google Drive
- Plugin:
- Integrate Google Drive
- Plugin Slug:
- integrate-google-drive
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.3.91
- Severity Score:
- Medium
- CVE:
- 2024-32813
WPBakery Page Builder
- Plugin:
- WPBakery Page Builder
- Plugin Slug:
- js_composer
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 7.6
- Severity Score:
- Medium
- CVE:
- 2024-1840
WPBakery Page Builder
- Plugin:
- WPBakery Page Builder
- Plugin Slug:
- js_composer
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 7.6
- Severity Score:
- Medium
- CVE:
- 2024-1805
Max Addons Pro for Bricks
- Plugin:
- Max Addons Pro for Bricks
- Plugin Slug:
- max-addons-pro-bricks
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.6.2
- Severity Score:
- High
- CVE:
- 2024-32952
Max Addons Pro for Bricks
- Plugin:
- Max Addons Pro for Bricks
- Plugin Slug:
- max-addons-pro-bricks
- Vulnerability:
- Settings Change
- Patched in Version:
- 1.6.2
- Severity Score:
- Medium
- CVE:
- 2024-32951
WooCommerce Customers Manager
- Plugin:
- WooCommerce Customers Manager
- Plugin Slug:
- woocommerce-customers-manager
- Vulnerability:
- SQL Injection
- Patched in Version:
- 29.7
- Severity Score:
- High
- CVE:
- 2024-0399
Automatic
- Plugin:
- Automatic
- Plugin Slug:
- wp-automatic
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 3.93.0
- Severity Score:
- High
- CVE:
- 2024-32693
WP Cost Estimation & Payment Forms Builder
- Plugin:
- WP Cost Estimation & Payment Forms Builder
- Plugin Slug:
- wp-estimation-form
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 10.1.76
- Severity Score:
- High
- CVE:
- 2024-32510
WP Cost Estimation & Payment Forms Builder
- Plugin:
- WP Cost Estimation & Payment Forms Builder
- Plugin Slug:
- wp-estimation-form
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 10.1.77
- Severity Score:
- Medium
- CVE:
- 2024-32509
WP Media Category Management
- Plugin:
- WP Media Category Management
- Plugin Slug:
- wp-media-category-management
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.3.0
- Severity Score:
- High
- CVE:
- 2024-32950
Wp Staging Pro
- Plugin:
- Wp Staging Pro
- Plugin Slug:
- wp-staging-pro
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.4.0
- Severity Score:
- Medium
- CVE:
- 2024-2309
WordPress Themes — 2 Patched / 1 Unpatched
GuCherry Blog
- Theme:
- GuCherry Blog
- Theme Slug:
- gucherry-blog
- Downloads
- 137,149
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-32531
Royal Elementor Kit
- Theme:
- Royal Elementor Kit
- Theme Slug:
- royal-elementor-kit
- Downloads
- 457,475
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.0.117
- Severity Score:
- Medium
- CVE:
- 2024-32773
Tainacan Interface
- Theme:
- Tainacan Interface
- Theme Slug:
- tainacan-interface
- Downloads
- 16,620
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.7.2
- Severity Score:
- High
- CVE:
- 2024-3867
Solid Security is part of Solid Suite — The best foundation for WordPress websites.
Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!
Sign up now — Get SolidWP updates and valuable content straight to your inbox
Sign up
Get started with confidence — risk free, guaranteed