WordPress Vulnerability Report — May 8, 2024
Since last week, 219 new vulnerabilities emerged in the WordPress ecosystem including 8 in themes, and 211 in plugins. 84 of the vulnerable plugins and themes remain unpatched, but Solid Security Pro users are protected by virtual patching from Patchstack.
In this report, 219 vulnerabilities have been publicly disclosed. Security patches for 135 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.
Additionally, there are 84 plugin and theme vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.
WordPress Core
WordPress 6.5.3 was released on May 7, 2024, as a short-cycle maintenance release. This release features 12 bug fixes on Core and 9 bug fixes for the Block editor.
The next major release will be version 6.6 planned for July 2024.
WordPress Plugins — 129 Patched / 82 Unpatched
Gutenberg Blocks with AI by Kadence WP – Page Builder Features
- Plugin Slug:
- kadence-blocks
- Installations
- 400,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-2273
All-in-One Video Gallery
- Plugin:
- All-in-One Video Gallery
- Plugin Slug:
- all-in-one-video-gallery
- Installations
- 20,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-4033
Xserver Migrator
- Plugin:
- Xserver Migrator
- Plugin Slug:
- xserver-migrator
- Installations
- 20,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2024-33913
Booster Extension
- Plugin:
- Booster Extension
- Plugin Slug:
- booster-extension
- Installations
- 10,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-2109
rtMedia for WordPress, BuddyPress and bbPress
- Plugin Slug:
- buddypress-media
- Installations
- 10,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
Democracy Poll
- Plugin:
- Democracy Poll
- Plugin Slug:
- democracy-poll
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-33920
Responsive Contact Form Builder & Lead Generation Plugin
- Plugin Slug:
- lead-form-builder
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-3637
Login Logout Register Menu
- Plugin:
- Login Logout Register Menu
- Plugin Slug:
- login-logout-register-menu
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-33932
Print-O-Matic
- Plugin:
- Print-O-Matic
- Plugin Slug:
- print-o-matic
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-33936
All-in-One Addons for Elementor – WidgetKit
- Plugin Slug:
- widgetkit-for-elementor
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-33908
WP Post Author – Enhance Your Posts with the Author Bio, Co-Authors, Guest Authors, and Post Rating System, including User Registration Form Builder
- Plugin Slug:
- wp-post-author
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-34389
WP Post Author – Enhance Your Posts with the Author Bio, Co-Authors, Guest Authors, and Post Rating System, including User Registration Form Builder
- Plugin Slug:
- wp-post-author
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-34387
EventON
- Plugin:
- EventON
- Plugin Slug:
- eventon-lite
- Installations
- 4,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-33940
Eleblog – Elementor Blog And Magazine Addons
- Plugin Slug:
- ele-blog
- Installations
- 3,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-33945
Share This Image
- Plugin:
- Share This Image
- Plugin Slug:
- share-this-image
- Installations
- 2,000+
- Vulnerability:
- Open Redirection
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-33930
Simple Image Popup
- Plugin:
- Simple Image Popup
- Plugin Slug:
- simple-image-popup
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-4433
Admin Page Spider
- Plugin:
- Admin Page Spider
- Plugin Slug:
- admin-page-spider
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-2401
Post Grid Master – Custom Post Types, Taxonomies & Ajax Filter Everything with Infinite Scroll, Load More, Pagination & Shortcode Builder
- Plugin Slug:
- ajax-filter-posts
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-34390
Viet Nam Affiliate
- Plugin:
- Viet Nam Affiliate
- Plugin Slug:
- viet-nam-affiliate
- Installations
- 10+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-34417
5280 Bootstrap Modal Contact Form
- Plugin:
- 5280 Bootstrap Modal Contact Form
- Plugin Slug:
- 5280-bootstrap-modal-contact-form
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-0847
Print Barcode Labels for your WooCommerce products/orders
- Plugin:
- Print Barcode Labels for your WooCommerce products/orders
- Plugin Slug:
- a4-barcode-generator
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-1677
Print Barcode Labels for your WooCommerce products/orders
- Plugin:
- Print Barcode Labels for your WooCommerce products/orders
- Plugin Slug:
- a4-barcode-generator
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-1679
AA Cash Calculator
- Plugin:
- AA Cash Calculator
- Plugin Slug:
- aa-calculator
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-0848
ACF Front End Editor
- Plugin:
- ACF Front End Editor
- Plugin Slug:
- acf-front-end-editor
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-3072
ACF On-The-Go
- Plugin:
- ACF On-The-Go
- Plugin Slug:
- acf-on-the-go
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-3071
AJAX Login and Registration modal popup + inline form
- Plugin:
- AJAX Login and Registration modal popup + inline form
- Plugin Slug:
- ajax-login-and-registration-modal-popup
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-33918
AnnounceKit
- Plugin:
- AnnounceKit
- Plugin Slug:
- announcekit
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-3023
Archives Calendar Widget
- Plugin:
- Archives Calendar Widget
- Plugin Slug:
- archives-calendar-widget
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-33950
AWSOM News Announcement
- Plugin:
- AWSOM News Announcement
- Plugin Slug:
- awsom-news-announcement
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-34428
BlogLentor
- Plugin:
- BlogLentor
- Plugin Slug:
- bloglentor-for-elementor
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-34421
Brozzme Scroll Top
- Plugin:
- Brozzme Scroll Top
- Plugin Slug:
- brozzme-scroll-top
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-34426
Calendar
- Plugin:
- Calendar
- Plugin Slug:
- calendar
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-2831
canvasio3D Light
- Plugin:
- canvasio3D Light
- Plugin Slug:
- canvasio3d-light
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2024-34411
Configure Login Timeout
- Plugin:
- Configure Login Timeout
- Plugin Slug:
- configure-login-timeout
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-34419
Corona Virus (COVID-19) Banner & Live Data
- Plugin:
- Corona Virus (COVID-19) Banner & Live Data
- Plugin Slug:
- corona-virus-covid-19-banner
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-34429
CPO Companion
- Plugin:
- CPO Companion
- Plugin Slug:
- cpo-companion
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-33916
Crelly Slider
- Plugin:
- Crelly Slider
- Plugin Slug:
- crelly-slider
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-3752
Different Menu in Different Pages
- Plugin:
- Different Menu in Different Pages
- Plugin Slug:
- different-menus-in-different-pages
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-3206
Easy Restaurant Table Booking
- Plugin:
- Easy Restaurant Table Booking
- Plugin Slug:
- easy-table-booking
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-4083
Event Management Tickets Booking
- Plugin:
- Event Management Tickets Booking
- Plugin Slug:
- event-monster
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-1895
Fancy Elementor Flipbox
- Plugin:
- Fancy Elementor Flipbox
- Plugin Slug:
- fancy-elementor-flipbox
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-2349
Elementor ImageBox
- Plugin:
- Elementor ImageBox
- Plugin Slug:
- fd-elementor-imagebox
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-3074
Featured Content Gallery
- Plugin:
- Featured Content Gallery
- Plugin Slug:
- featured-content-gallery
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-34424
Forty Four – 404 Plugin for WordPress
- Plugin:
- Forty Four – 404 Plugin for WordPress
- Plugin Slug:
- forty-four
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-34423
WP Front User Submit / Front Editor
- Plugin:
- WP Front User Submit / Front Editor
- Plugin Slug:
- front-editor
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-2967
GDPR Compliance
- Plugin:
- GDPR Compliance
- Plugin Slug:
- gdpr-compliance
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-34388
Giphypress
- Plugin:
- Giphypress
- Plugin Slug:
- giphypress
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-33927
Google Document Embedder
- Plugin:
- Google Document Embedder
- Plugin Slug:
- google-document-embedder
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-0216
Google Typography
- Plugin:
- Google Typography
- Plugin Slug:
- google-typography
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-33942
Comments Evolved for WordPress
- Plugin:
- Comments Evolved for WordPress
- Plugin Slug:
- gplus-comments
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-34420
GWP-Histats
- Plugin:
- GWP-Histats
- Plugin Slug:
- gwp-histats
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-33926
Inline Google Spreadsheet Viewer
- Plugin:
- Inline Google Spreadsheet Viewer
- Plugin Slug:
- inline-google-spreadsheet-viewer
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-3674
MF Gig Calendar
- Plugin:
- MF Gig Calendar
- Plugin Slug:
- mf-gig-calendar
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-3755
Min and Max Purchase for WooCommerce
- Plugin:
- Min and Max Purchase for WooCommerce
- Plugin Slug:
- min-and-max-purchase-for-woocommerce
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-33949
Mini Loops
- Plugin:
- Mini Loops
- Plugin Slug:
- mini-loops
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-33934
Grid Gallery
- Plugin:
- Grid Gallery
- Plugin Slug:
- new-grid-gallery
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-1897
Photo Gallery – Responsive Photo Gallery
- Plugin:
- Photo Gallery – Responsive Photo Gallery
- Plugin Slug:
- new-photo-gallery
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-1896
CodeBard’s Patron Button and Widgets for Patreon
- Plugin:
- CodeBard’s Patron Button and Widgets for Patreon
- Plugin Slug:
- patron-button-and-widgets-by-codebard
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-33928
PB MailCrypt
- Plugin:
- PB MailCrypt
- Plugin Slug:
- pb-mailcrypt-antispam-email-encryption
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-33935
Perfect Pullquotes
- Plugin:
- Perfect Pullquotes
- Plugin Slug:
- perfect-pullquotes
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-33951
Pk Favicon Manager
- Plugin:
- Pk Favicon Manager
- Plugin Slug:
- phpsword-favicon-manager
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2024-34416
Progressive WordPress (PWA)
- Plugin:
- Progressive WordPress (PWA)
- Plugin Slug:
- progressive-wp
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-33937
QuickieBar
- Plugin:
- QuickieBar
- Plugin Slug:
- quickiebar
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-34425
Realtyna Organic IDX plugin
- Plugin:
- Realtyna Organic IDX plugin
- Plugin Slug:
- real-estate-listing-realtyna-wpl
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-33924
School Management Pro
- Plugin:
- School Management Pro
- Plugin Slug:
- school-management-pro
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-33911
Sliding Widgets
- Plugin:
- Sliding Widgets
- Plugin Slug:
- sliding-widgets
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-33938
Social Share Buttons by Supsystic
- Plugin:
- Social Share Buttons by Supsystic
- Plugin Slug:
- social-share-buttons-by-supsystic
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-22303
SP Project & Document Manager
- Plugin:
- SP Project & Document Manager
- Plugin Slug:
- sp-client-document-manager
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-33923
Subway – Private Site Option
- Plugin:
- Subway – Private Site Option
- Plugin Slug:
- subway
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-1678
SVS Pricing Tables
- Plugin:
- SVS Pricing Tables
- Plugin Slug:
- svs-pricing-tables
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-2958
SVS Pricing Tables
- Plugin:
- SVS Pricing Tables
- Plugin Slug:
- svs-pricing-tables
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-2959
Swift Framework
- Plugin:
- Swift Framework
- Plugin Slug:
- swift-framework
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-3916
Swift Framework
- Plugin:
- Swift Framework
- Plugin Slug:
- swift-framework
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-3915
TT Custom Post Type Creator
- Plugin:
- TT Custom Post Type Creator
- Plugin Slug:
- tt-custom-post-type-creator
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-34430
TweetScroll Widget
- Plugin:
- TweetScroll Widget
- Plugin Slug:
- tweetscroll-widget
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-33948
Viet Affiliate Link
- Plugin:
- Viet Affiliate Link
- Plugin Slug:
- viet-affiliate-link
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-34422
Woo Total Sales
- Plugin:
- Woo Total Sales
- Plugin Slug:
- woo-total-sales
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-1688
WP etracker
- Plugin:
- WP etracker
- Plugin Slug:
- wp-etracker
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-34431
WP Favorite Posts
- Plugin:
- WP Favorite Posts
- Plugin Slug:
- wp-favorite-posts
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-34427
WPCS ( WordPress Custom Search )
- Plugin:
- WPCS ( WordPress Custom Search )
- Plugin Slug:
- wpcs-wp-custom-search
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-34418
WTI Like Post
- Plugin:
- WTI Like Post
- Plugin Slug:
- wti-like-post
- Vulnerability:
- Bypass Vulnerability
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-33917
ZD YouTube FLV Player
- Plugin:
- ZD YouTube FLV Player
- Plugin Slug:
- zd-youtube-flv-player
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-2663
Yoast SEO
Contact Form by WPForms – Drag & Drop Form Builder for WordPress
- Plugin Slug:
- wpforms-lite
- Installations
- 5,000,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.8.8.2
- Severity Score:
- Medium
- CVE:
- 2024-3649
All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic
- Plugin Slug:
- all-in-one-seo-pack
- Installations
- 3,000,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.6.1.1
- Severity Score:
- Medium
- CVE:
- 2024-3554
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
- Plugin:
- Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
- Plugin Slug:
- essential-addons-for-elementor-lite
- Installations
- 2,000,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.9.18
- Severity Score:
- Medium
- CVE:
- 2024-4156
Rank Math SEO with AI Best SEO Tools
- Plugin Slug:
- seo-by-rank-math
- Installations
- 2,000,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.0.218
- Severity Score:
- Medium
- CVE:
- 2024-4335
ElementsKit Elementor addons and Templates Library
- Plugin Slug:
- elementskit-lite
- Installations
- 1,000,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.1.3
- Severity Score:
- Medium
- CVE:
- 2024-3650
Premium Addons for Elementor
- Plugin:
- Premium Addons for Elementor
- Plugin Slug:
- premium-addons-for-elementor
- Installations
- 700,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.10.31
- Severity Score:
- Medium
- CVE:
- 2024-4203
Spectra – WordPress Gutenberg Blocks
- Plugin Slug:
- ultimate-addons-for-gutenberg
- Installations
- 700,000+
- Vulnerability:
- Path Traversal
- Patched in Version:
- 2.12.7
- Severity Score:
- Medium
- CVE:
- 2024-3107
Contact Form 7 Database Addon – CFDB7
- Plugin Slug:
- contact-form-cfdb7
- Installations
- 600,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 1.2.7
- Severity Score:
- Medium
- CVE:
- 2024-3870
WP Shortcodes Plugin — Shortcodes Ultimate
- Plugin Slug:
- shortcodes-ultimate
- Installations
- 600,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 7.1.3
- Severity Score:
- Medium
- CVE:
- 2024-3550
SEOPress – On-site SEO
- Plugin:
- SEOPress – On-site SEO
- Plugin Slug:
- wp-seopress
- Installations
- 300,000+
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- 7.7
- Severity Score:
- Medium
- CVE:
- 2024-34383
Jeg Elementor Kit
- Plugin:
- Jeg Elementor Kit
- Plugin Slug:
- jeg-elementor-kit
- Installations
- 200,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.6.5
- Severity Score:
- Medium
- CVE:
- 2024-3819
Qi Addons For Elementor
- Plugin:
- Qi Addons For Elementor
- Plugin Slug:
- qi-addons-for-elementor
- Installations
- 200,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.7.1
- Severity Score:
- Medium
- CVE:
- 2024-3309
Supreme Modules Lite – Divi Theme, Extra Theme and Divi Builder
- Plugin Slug:
- supreme-modules-for-divi
- Installations
- 200,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.5.4
- Severity Score:
- Medium
- CVE:
- 2024-4334
Elementor Addon Elements
- Plugin:
- Elementor Addon Elements
- Plugin Slug:
- addon-elements-for-elementor-page-builder
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.13.4
- Severity Score:
- Medium
- CVE:
- 2024-3743
BackUpWordPress
- Plugin:
- BackUpWordPress
- Plugin Slug:
- backupwordpress
- Installations
- 100,000+
- Vulnerability:
- Directory Traversal
- Patched in Version:
- 3.14
- Severity Score:
- Low
- CVE:
- 2024-3034
BuddyPress
- Plugin:
- BuddyPress
- Plugin Slug:
- buddypress
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 12.4.1
- Severity Score:
- Medium
- CVE:
- 2024-3974
Content Views – Post Grid & Filter, Recent Posts, Category Posts, & More (Gutenberg Blocks and Shortcode)
- Plugin Slug:
- content-views-query-and-display-post-page
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.7.2
- Severity Score:
- Medium
- CVE:
- 2024-4446
The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce
- Plugin:
- The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce
- Plugin Slug:
- the-plus-addons-for-elementor-page-builder
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.5.0
- Severity Score:
- Medium
- CVE:
- 2024-34373
ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor)
- Plugin Slug:
- woolentor-addons
- Installations
- 100,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.8.8
- Severity Score:
- Medium
- CVE:
- 2023-6327
ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor)
- Plugin Slug:
- woolentor-addons
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.8.8
- Severity Score:
- Medium
- CVE:
- 2024-3991
The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid
- Plugin Slug:
- the-post-grid
- Installations
- 90,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 7.7.0
- Severity Score:
- Medium
- CVE:
- 2024-3936
MailerLite – Signup forms (official)
- Plugin Slug:
- official-mailerlite-sign-up-forms
- Installations
- 80,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.7.7
- Severity Score:
- Medium
- CVE:
- 2024-1386
MailerLite – Signup forms (official)
- Plugin Slug:
- official-mailerlite-sign-up-forms
- Installations
- 80,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.7.7
- Severity Score:
- Medium
- CVE:
- 2024-2797
Sydney Toolbox
- Plugin:
- Sydney Toolbox
- Plugin Slug:
- sydney-toolbox
- Installations
- 80,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.31
- Severity Score:
- Medium
- CVE:
- 2024-4036
Tutor LMS – eLearning and online course solution
- Plugin Slug:
- tutor
- Installations
- 80,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.7.0
- Severity Score:
- Medium
- CVE:
- 2024-3553
WP ULike – Most Advanced WordPress Marketing Toolkit
- Plugin Slug:
- wp-ulike
- Installations
- 80,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.7.0
- Severity Score:
- Medium
- CVE:
- 2024-1572
WP ULike – Most Advanced WordPress Marketing Toolkit
- Plugin Slug:
- wp-ulike
- Installations
- 80,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 4.7.0
- Severity Score:
- High
- CVE:
- 2024-1797
WP ULike – Most Advanced WordPress Marketing Toolkit
- Plugin Slug:
- wp-ulike
- Installations
- 80,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.7.0
- Severity Score:
- Medium
- CVE:
- 2024-1759
Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager
- Plugin Slug:
- folders
- Installations
- 70,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.0.3
- Severity Score:
- Medium
- CVE:
- 2024-3868
3D FlipBook – PDF Flipbook WordPress
- Plugin Slug:
- interactive-3d-flipbook-powered-physics-engine
- Installations
- 70,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.15.5
- Severity Score:
- Medium
- CVE:
- 2024-3883
Media Cleaner: Clean your WordPress!
- Plugin Slug:
- media-cleaner
- Installations
- 70,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 6.7.3
- Severity Score:
- Medium
- CVE:
- 2024-33922
Drag and Drop Multiple File Upload – Contact Form 7
- Plugin Slug:
- drag-and-drop-multiple-file-upload-contact-form-7
- Installations
- 60,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 1.3.7.8
- Severity Score:
- Medium
- CVE:
- 2024-3717
Exclusive Addons for Elementor
- Plugin:
- Exclusive Addons for Elementor
- Plugin Slug:
- exclusive-addons-for-elementor
- Installations
- 60,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.6.9.2
- Severity Score:
- Medium
- CVE:
- 2024-33914
Getwid – Gutenberg Blocks
- Plugin:
- Getwid – Gutenberg Blocks
- Plugin Slug:
- getwid
- Installations
- 60,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.0.8
- Severity Score:
- Medium
- CVE:
- 2024-3588
Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder
- Plugin Slug:
- form-maker
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.15.25
- Severity Score:
- Medium
- CVE:
- 2024-2258
Image Hover Effects – Elementor Addon
- Plugin Slug:
- image-hover-effects-addon-for-elementor
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.4.2
- Severity Score:
- Medium
- CVE:
- 2024-1166
Photo Gallery, Images, Slider in Rbs Image Gallery
- Plugin Slug:
- robo-gallery
- Installations
- 50,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 3.2.19
- Severity Score:
- Medium
- CVE:
- 2024-34382
Simple Membership
- Plugin:
- Simple Membership
- Plugin Slug:
- simple-membership
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.4.6
- Severity Score:
- Medium
- CVE:
- 2024-4383
Anti-Spam: Spam Protection | Block Spam Users, Comments, Forms
- Plugin Slug:
- stop-spammer-registrations-plugin
- Installations
- 50,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2024.5
- Severity Score:
- Medium
- CVE:
- 2023-7065
Booster for WooCommerce
- Plugin:
- Booster for WooCommerce
- Plugin Slug:
- woocommerce-jetpack
- Installations
- 50,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 7.1.9
- Severity Score:
- Medium
- CVE:
- 2024-3957
WP Recipe Maker
- Plugin:
- WP Recipe Maker
- Plugin Slug:
- wp-recipe-maker
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 9.4.0
- Severity Score:
- Medium
- CVE:
- 2024-3490
Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates)
- Plugin Slug:
- sina-extension-for-elementor
- Installations
- 40,000+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 3.5.2
- Severity Score:
- Medium
- CVE:
- 2024-34384
Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy)
- Plugin Slug:
- wp-analytify
- Installations
- 40,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 5.2.4
- Severity Score:
- Medium
- CVE:
- 2024-1809
Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy)
- Plugin Slug:
- wp-analytify
- Installations
- 40,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 5.2.4
- Severity Score:
- Medium
- CVE:
- 2024-1584
WP Video Lightbox
- Plugin:
- WP Video Lightbox
- Plugin Slug:
- wp-video-lightbox
- Installations
- 40,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.9.11
- Severity Score:
- Medium
- CVE:
- 2024-4324
Popup Box – Best WordPress Popup Plugin
- Plugin Slug:
- ays-popup-box
- Installations
- 30,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 4.1.3
- Severity Score:
- High
- CVE:
- 2024-34367
Float menu – awesome floating side menu
- Plugin Slug:
- float-menu
- Installations
- 30,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 6.0.1
- Severity Score:
- Medium
- CVE:
- 2024-2405
Gutenverse – Gutenberg Blocks – Page Builder for Site Editor
- Plugin Slug:
- gutenverse
- Installations
- 30,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.9.1
- Severity Score:
- Medium
- CVE:
- 2024-3692
Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor
- Plugin Slug:
- master-addons
- Installations
- 30,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.0.6.0
- Severity Score:
- Medium
- CVE:
- 2024-4265
Timetable and Event Schedule by MotoPress
- Plugin Slug:
- mp-timetable
- Installations
- 30,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 2.4.12
- Severity Score:
- High
- CVE:
- 2024-3342
LeadConnector
- Plugin:
- LeadConnector
- Plugin Slug:
- leadconnector
- Installations
- 20,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.8
- Severity Score:
- High
- CVE:
- 2024-34378
LeadConnector
- Plugin:
- LeadConnector
- Plugin Slug:
- leadconnector
- Installations
- 20,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.8
- Severity Score:
- Medium
- CVE:
- 2024-1371
ClickCease Click Fraud Protection
- Plugin Slug:
- clickcease-click-fraud-protection
- Installations
- 10,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 3.2.5
- Severity Score:
- Medium
- CVE:
- 2023-6810
RegistrationMagic – User Registration Plugin with Custom Registration Forms
- Plugin Slug:
- custom-registration-form-builder-with-submission-manager
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.3.2.1
- Severity Score:
- High
- CVE:
- 2024-33947
Directorist – WordPress Business Directory Plugin with Classified Ads Listings
- Plugin Slug:
- directorist
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 7.9.0
- Severity Score:
- Medium
- CVE:
- 2024-33929
EAN for WooCommerce
- Plugin:
- EAN for WooCommerce
- Plugin Slug:
- ean-for-woocommerce
- Installations
- 10,000+
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 4.9.0
- Severity Score:
- High
- CVE:
- 2024-34370
GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress
- Plugin:
- GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress
- Plugin Slug:
- gamipress
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 6.8.9
- Severity Score:
- Low
- CVE:
- 2024-2505
LA-Studio Element Kit for Elementor
- Plugin Slug:
- lastudio-element-kit
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.3.7.6
- Severity Score:
- Medium
- CVE:
- 2024-3005
Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps)
- Plugin Slug:
- leaflet-maps-marker
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.12.9
- Severity Score:
- Medium
- CVE:
- 2024-3670
MasterStudy LMS WordPress Plugin – for Online Courses and Education
- Plugin Slug:
- masterstudy-lms-learning-management-system
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.3.9
- Severity Score:
- Medium
- CVE:
- 2024-3942
Modal Window – create popup modal window
- Plugin Slug:
- modal-window
- Installations
- 10,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 5.3.10
- Severity Score:
- Medium
- CVE:
- 2024-3472
WordPress Header Builder Plugin – Pearl
- Plugin Slug:
- pearl-header-builder
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.3.7
- Severity Score:
- Medium
- CVE:
- 2024-4000
ReviewX – Multi-criteria Rating & Reviews for WooCommerce
- Plugin Slug:
- reviewx
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.6.22
- Severity Score:
- Medium
- CVE:
- 2024-33921
RomethemeKit For Elementor
- Plugin:
- RomethemeKit For Elementor
- Plugin Slug:
- rometheme-for-elementor
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.4.2
- Severity Score:
- Medium
- CVE:
- 2024-33919
Simple Basic Contact Form
- Plugin:
- Simple Basic Contact Form
- Plugin Slug:
- simple-basic-contact-form
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 20240502
- Severity Score:
- High
- CVE:
- 2024-4150
Thim Elementor Kit
- Plugin:
- Thim Elementor Kit
- Plugin Slug:
- thim-elementor-kit
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.1.9
- Severity Score:
- Medium
- CVE:
- 2024-34415
Web Push Notifications – Webpushr
- Plugin Slug:
- webpushr-web-push-notifications
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.36.0
- Severity Score:
- High
- CVE:
- 2024-34369
Alt Text AI – Automatically generate image alt text for SEO and accessibility
- Plugin Slug:
- alttext-ai
- Installations
- 9,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.3.5
- Severity Score:
- Medium
- CVE:
- 2024-34366
Smart Forms – when you need more than just a contact form
- Plugin Slug:
- smart-forms
- Installations
- 9,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.6.96
- Severity Score:
- Medium
- CVE:
- 2024-1905
ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup
- Plugin:
- ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup
- Plugin Slug:
- armember-membership
- Installations
- 8,000+
- Vulnerability:
- Open Redirection
- Patched in Version:
- 4.0.31
- Severity Score:
- Medium
- CVE:
- 2024-4133
Embed Google Fonts
- Plugin:
- Embed Google Fonts
- Plugin Slug:
- embed-google-fonts
- Installations
- 8,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.1.1
- Severity Score:
- Medium
- CVE:
- 2024-33925
WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting
- Plugin:
- WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting
- Plugin Slug:
- erp
- Installations
- 8,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 1.13.2
- Severity Score:
- High
- CVE:
- 2024-1173
WordPress Affiliates Plugin — SliceWP Affiliates
- Plugin Slug:
- slicewp
- Installations
- 8,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.1.11
- Severity Score:
- Medium
- CVE:
- 2024-34413
WPC Composite Products for WooCommerce
- Plugin Slug:
- wpc-composite-products
- Installations
- 8,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 7.2.8
- Severity Score:
- Medium
- CVE:
- 2024-2838
Customer Email Verification for WooCommerce
- Plugin Slug:
- emails-verification-for-woocommerce
- Installations
- 7,000+
- Vulnerability:
- Bypass Vulnerability
- Patched in Version:
- 2.7.5
- Severity Score:
- Medium
- CVE:
- 2024-4185
iPanorama 360 – WordPress Virtual Tour Builder
- Plugin Slug:
- ipanorama-360-virtual-tour-builder-lite
- Installations
- 7,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.8.2
- Severity Score:
- Medium
- CVE:
- 2024-33941
Shipment Tracking, Tracking, and Order Tracking for WooCommerce – ParcelPanel (Free to install)
- Plugin:
- Shipment Tracking, Tracking, and Order Tracking for WooCommerce – ParcelPanel (Free to install)
- Plugin Slug:
- parcelpanel
- Installations
- 7,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 3.9.0
- Severity Score:
- High
- CVE:
- 2024-34412
Sticky Buttons – floating buttons builder
- Plugin Slug:
- sticky-buttons
- Installations
- 7,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 3.2.4
- Severity Score:
- Medium
- CVE:
- 2024-3475
Button Generator – easily Button Builder
- Plugin Slug:
- button-generation
- Installations
- 6,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 3.0
- Severity Score:
- Medium
- CVE:
- 2024-3471
Print My Blog – Print, PDF, & eBook Converter WordPress Plugin
- Plugin Slug:
- print-my-blog
- Installations
- 6,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.26.3
- Severity Score:
- Medium
- CVE:
- 2024-33907
Side Menu Lite – add sticky fixed buttons
- Plugin Slug:
- side-menu-lite
- Installations
- 6,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 4.2.1
- Severity Score:
- Medium
- CVE:
- 2024-3476
Edwiser Bridge – WordPress Moodle LMS Integration
- Plugin Slug:
- edwiser-bridge
- Installations
- 5,000+
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 3.0.6
- Severity Score:
- Critical
- CVE:
- 2024-4186
ElementsReady Addons for Elementor
- Plugin Slug:
- element-ready-lite
- Installations
- 5,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.9.0
- Severity Score:
- Medium
- CVE:
- 2024-34374
Testimonial Slider
- Plugin:
- Testimonial Slider
- Plugin Slug:
- testimonial-slider
- Installations
- 5,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.3.3
- Severity Score:
- Medium
- CVE:
- 2024-4193
WPify Woo Czech
- Plugin:
- WPify Woo Czech
- Plugin Slug:
- wpify-woo
- Installations
- 5,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.0.11
- Severity Score:
- High
- CVE:
- 2024-33946
Popup Box – new WordPress popup plugin
- Plugin Slug:
- popup-box
- Installations
- 4,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.2.7
- Severity Score:
- Medium
- CVE:
- 2024-3477
Startklar Elementor Addons
- Plugin:
- Startklar Elementor Addons
- Plugin Slug:
- startklar-elmentor-forms-extwidgets
- Installations
- 4,000+
- Vulnerability:
- Arbitrary File Deletion
- Patched in Version:
- 1.7.14
- Severity Score:
- High
- CVE:
- 2024-4346
Startklar Elementor Addons
- Plugin:
- Startklar Elementor Addons
- Plugin Slug:
- startklar-elmentor-forms-extwidgets
- Installations
- 4,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 1.7.14
- Severity Score:
- Critical
- CVE:
- 2024-4345
Auto Affiliate Links
- Plugin:
- Auto Affiliate Links
- Plugin Slug:
- wp-auto-affiliate-links
- Installations
- 4,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 6.4.4
- Severity Score:
- High
- CVE:
- 2024-34386
Custom WooCommerce Checkout Fields Editor
- Plugin Slug:
- add-fields-to-checkout-page-woocommerce
- Installations
- 3,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.3.2
- Severity Score:
- Medium
- CVE:
- 2024-33956
Debug Log Manager
- Plugin:
- Debug Log Manager
- Plugin Slug:
- debug-log-manager
- Installations
- 3,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.3.2
- Severity Score:
- Medium
- CVE:
- 2024-33915
Mihdan: Yandex Turbo Feed
- Plugin:
- Mihdan: Yandex Turbo Feed
- Plugin Slug:
- mihdan-yandex-turbo-feed
- Installations
- 3,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.6.6
- Severity Score:
- Medium
- CVE:
- 2024-4411
Herd Effects – fake notifications and social proof plugin
- Plugin Slug:
- mwp-herd-effect
- Installations
- 3,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 5.2.7
- Severity Score:
- Medium
- CVE:
- 2024-3478
PropertyHive
- Plugin:
- PropertyHive
- Plugin Slug:
- propertyhive
- Installations
- 3,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.0.11
- Severity Score:
- Medium
- CVE:
- 2024-34381
iPages Flipbook For WordPress
- Plugin:
- iPages Flipbook For WordPress
- Plugin Slug:
- ipages-flipbook
- Installations
- 2,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.5.2
- Severity Score:
- Medium
- CVE:
- 2024-33909
JW Player for WordPress
- Plugin:
- JW Player for WordPress
- Plugin Slug:
- jw-player-7-for-wp
- Installations
- 2,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.3.4
- Severity Score:
- Medium
- CVE:
- 2024-33931
Masteriyo LMS – eLearning and Online Course Builder for WordPress
- Plugin Slug:
- learning-management-system
- Installations
- 2,000+
- Vulnerability:
- Broken Authentication
- Patched in Version:
- 1.7.4
- Severity Score:
- Medium
- CVE:
- 2024-33939
Video Gallery – Api Gallery, YouTube and Vimeo, Link Gallery
- Plugin Slug:
- new-video-gallery
- Installations
- 2,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.5.4
- Severity Score:
- Medium
- CVE:
- 2024-34377
Table Plugin for WordPress with Google Sheets Integration – Sheets to WP Table Live Sync
- Plugin Slug:
- sheets-to-wp-table-live-sync
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.7.1
- Severity Score:
- Medium
- CVE:
- 2024-34375
Ultimate Under Construction
- Plugin:
- Ultimate Under Construction
- Plugin Slug:
- ultimate-under-construction
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.9.4
- Severity Score:
- Medium
- CVE:
- 2024-33943
Where Did You Hear About Us Checkout Field for WooCommerce
- Plugin Slug:
- wc-customer-source
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.3.2
- Severity Score:
- Medium
- CVE:
- 2024-2752
Follow Us Badges
- Plugin:
- Follow Us Badges
- Plugin Slug:
- wpsite-follow-us-badges
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.1.11
- Severity Score:
- Medium
- CVE:
- 2024-3280
Academy LMS – eLearning and online course solution for WordPress
- Plugin Slug:
- academy
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.9.17
- Severity Score:
- High
- CVE:
- 2024-33912
Admin Bar Editor – Hide Toolbar by User Roles
- Plugin Slug:
- admin-bar
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.0.23
- Severity Score:
- Medium
- CVE:
- 2024-1716
Post Grid Master – Custom Post Types, Taxonomies & Ajax Filter Everything with Infinite Scroll, Load More, Pagination & Shortcode Builder
- Plugin Slug:
- ajax-filter-posts
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.4.8
- Severity Score:
- Medium
- CVE:
- 2024-34372
ChatBot Conversational Forms
- Plugin:
- ChatBot Conversational Forms
- Plugin Slug:
- conversational-forms
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.3.0
- Severity Score:
- Medium
- CVE:
- 2024-34380
Counter Box – WordPress plugin for countdown, timer, counter
- Plugin Slug:
- counter-box
- Installations
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.2.4
- Severity Score:
- Medium
- CVE:
- 2024-3481
Login with phone number
- Plugin:
- Login with phone number
- Plugin Slug:
- login-with-phone-number
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.7.20
- Severity Score:
- Medium
- CVE:
- 2024-34371
Mooberry Book Manager
- Plugin:
- Mooberry Book Manager
- Plugin Slug:
- mooberry-book-manager
- Installations
- 1,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 4.15.13
- Severity Score:
- Medium
- CVE:
- 2024-34368
SimpleShop
- Plugin:
- SimpleShop
- Plugin Slug:
- simpleshop-cz
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.10.3
- Severity Score:
- Medium
- CVE:
- 2024-1229
SimpleShop
- Plugin:
- SimpleShop
- Plugin Slug:
- simpleshop-cz
- Installations
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.10.1
- Severity Score:
- Medium
- CVE:
- 2024-1230
MDTF – Meta Data and Taxonomies Filter
- Plugin Slug:
- wp-meta-data-filter-and-taxonomy-filter
- Installations
- 1,000+
- Vulnerability:
- Content Injection
- Patched in Version:
- 1.3.3.3
- Severity Score:
- Medium
- CVE:
- 2024-34434
Barcode Scanner and Inventory manager. POS (Point of Sale) – scan barcodes & create orders with barcode reader.
- Plugin Slug:
- barcode-scanner-lite-pos-to-manage-products-inventory-and-orders
- Installations
- 800+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 1.5.5
- Severity Score:
- High
- CVE:
- 2024-2661
Wow Skype Buttons
- Plugin:
- Wow Skype Buttons
- Plugin Slug:
- mwp-skype
- Installations
- 700+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 4.0.4
- Severity Score:
- Medium
- CVE:
- 2024-3474
Last Viewed Posts by WPBeginner
- Plugin:
- Last Viewed Posts by WPBeginner
- Plugin Slug:
- last-viewed-posts
- Installations
- 600+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 1.0.1
- Severity Score:
- Critical
- CVE:
- 2024-3070
Hostel
Tabellen von faustball.com
- Plugin:
- Tabellen von faustball.com
- Plugin Slug:
- docollipics-faustball-de
- Installations
- 30+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.1.0
- Severity Score:
- Medium
- CVE:
- 2024-4085
Breakdance
- Plugin:
- Breakdance
- Plugin Slug:
- breakdance
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.7.1
- Severity Score:
- Medium
- CVE:
- 2023-6854
ConvertPlus
- Plugin:
- ConvertPlus
- Plugin Slug:
- convertplug
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.5.26
- Severity Score:
- Medium
- CVE:
- 2024-3237
ConvertPlus
- Plugin:
- ConvertPlus
- Plugin Slug:
- convertplug
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 3.5.26
- Severity Score:
- High
- CVE:
- 2024-3240
Cost Calculator Builder Pro
- Plugin:
- Cost Calculator Builder Pro
- Plugin Slug:
- cost-calculator-builder-pro
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.1.68
- Severity Score:
- High
- CVE:
- 2024-4097
Digital Publications by Supsystic
- Plugin:
- Digital Publications by Supsystic
- Plugin Slug:
- digital-publications-by-supsystic
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.7.8
- Severity Score:
- Medium
- CVE:
- 2024-33910
Elementor Pro
- Plugin:
- Elementor Pro
- Plugin Slug:
- elementor-pro
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.21.2
- Severity Score:
- Medium
- CVE:
- 2024-4107
Fancy Product Designer
- Plugin:
- Fancy Product Designer
- Plugin Slug:
- fancy-product-designer
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 6.1.81
- Severity Score:
- Medium
- CVE:
- 2024-0904
Gravity Forms Unique ID
- Plugin:
- Gravity Forms Unique ID
- Plugin Slug:
- gp-unique-id
- Vulnerability:
- Content Spoofing
- Patched in Version:
- 1.5.6
- Severity Score:
- Medium
- CVE:
- 2024-0710
Mhr Post Ticker
- Plugin:
- Mhr Post Ticker
- Plugin Slug:
- mhr-post-ticker
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.2
- Severity Score:
- Medium
- CVE:
- 2024-3021
Slider Revolution
- Plugin:
- Slider Revolution
- Plugin Slug:
- revslider
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 6.7.8
- Severity Score:
- Medium
- CVE:
- 2024-4092
WooCommerce AWeber Newsletter Subscription
- Plugin:
- WooCommerce AWeber Newsletter Subscription
- Plugin Slug:
- woocommerce-aweber-newsletter-subscription
- Vulnerability:
- Settings Change
- Patched in Version:
- 4.0.3
- Severity Score:
- Medium
- CVE:
- 2024-33944
WordPress Themes — 6 Patched / 2 Unpatched
Adventure Journal
- Theme:
- Adventure Journal
- Theme Slug:
- adventure-journal
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-33953
Unique
- Theme:
- Unique
- Theme Slug:
- unique
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-33952
Blocksy
Edge
- Theme:
- Edge
- Theme Slug:
- edge
- Downloads
- 336,008
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.1.0
- Severity Score:
- Medium
- CVE:
- 2024-34376
Freesia Empire
- Theme:
- Freesia Empire
- Theme Slug:
- freesia-empire
- Downloads
- 203,860
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.4.2
- Severity Score:
- Medium
- CVE:
- 2024-33955
Pliska
- Theme:
- Pliska
- Theme Slug:
- pliska
- Downloads
- 47,512
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 0.3.6
- Severity Score:
- Medium
- CVE:
- 2024-33954
raindrops
- Theme:
- raindrops
- Theme Slug:
- raindrops
- Downloads
- 716,582
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.700
- Severity Score:
- Medium
- CVE:
- 2024-34414
Restaurant and Cafe
- Theme:
- Restaurant and Cafe
- Theme Slug:
- restaurant-and-cafe
- Downloads
- 126,841
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.2.2
- Severity Score:
- Medium
- CVE:
- 2024-34379
Solid Security is part of Solid Suite — The best foundation for WordPress websites.
Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!
Sign up now — Get SolidWP updates and valuable content straight to your inbox
Sign up
Get started with confidence — risk free, guaranteed