WordPress Vulnerability Report — August 14, 2024

Since last week, 181 new vulnerabilities emerged in the WordPress ecosystem including 172 plugins and 9 themes. 63 of the vulnerable plugins and themes remain unpatched, but Solid Security Pro users are protected by virtual patching from Patchstack.

Sarah

Published:Aug 14, 2024

Filed Under:WordPress Vulnerability Report

Reading Time:35 min.

In this report, 181 vulnerabilities have been publicly disclosed. Security patches for 118 of these plugins are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 63 plugin and theme vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

Along with poor user account security, vulnerable plugins and themes are among the top reasons why WordPress websites get hacked. Unfortunately, cyberattacks are increasing in volume and sophistication. They’re also increasingly aimed at small to mid-sized businesses.

1. WordPress Core
2. WordPress Plugins — 114 Patched / 58 Unpatched

2.1 PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer – DearFlip
2.2 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)
2.3 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)
2.4 Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer
2.5 Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder
2.6 Social Slider Feed
2.7 Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy)
2.8 WP Dashboard Notes
2.9 LA-Studio Element Kit for Elementor
2.10 Mediavine Control Panel
2.11 weMail – Email Marketing, Newsletter, Optin Forms, Subscribers WordPress Plugin
2.12 Backup and Restore WordPress – Backup Plugin
2.13 Backup and Restore WordPress – Backup Plugin
2.14 Backup and Restore WordPress – Backup Plugin
2.15 YaMaps for WordPress Plugin
2.16 Create by Mediavine
2.17 WP Job Portal – A Complete Recruitment System for Company or Job Board website
2.18 MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution
2.19 MailChimp Subscribe Form, Optin Builder, PopUp Builder, Form Builder
2.20 Order Export for WooCommerce
2.21 Smart Online Order for Clover
2.22 Smart Online Order for Clover
2.23 Enter Addons – Ultimate Template Builder for Elementor
2.24 Kodex Posts likes
2.25 WordPress Tour & Travel Booking Plugin for WooCommerce – WpTravelly
2.26 Filr – Secure document library
2.27 Job Manager and Recruitment Board for Employers and Candidates – Crew HRM
2.28 affiliate-toolkit
2.29 Bit Form Pro
2.30 Bit Form Pro
2.31 Bit Form Pro
2.32 Bit Form Pro
2.33 Blox Page Builder
2.34 Compute Links
2.35 House Manager
2.36 Ultimate Membership Pro
2.37 Ultimate Membership Pro
2.38 Ultimate Membership Pro
2.39 Leopard – WordPress offload media
2.40 Leopard – WordPress offload media
2.41 Linkify Text
2.42 My Custom CSS PHP & ADS
2.43 MyBookTable Bookstore
2.44 No Update Nag
2.45 Obfuscate Email
2.46 Opal Membership
2.47 Opal Membership
2.48 Reveal Template
2.49 Send Emails with Mandrill
2.50 Store Locator Plus
2.51 Traffic Manager
2.52 Mega Addons For Elementor
2.53 Unite Gallery Lite
2.54 WHMpress
2.55 WHMpress
2.56 Woo Products Widgets For Elementor
2.57 Bitly
2.58 JobSearch
2.59 Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
2.60 Spectra – WordPress Gutenberg Blocks
2.61 Premium Addons for Elementor
2.62 Meta Box – WordPress Custom Fields Framework
2.63 Easy Table of Contents
2.64 Gutenberg Blocks with AI by Kadence WP – Page Builder Features
2.65 AMP for WP – Accelerated Mobile Pages
2.66 Aruba HiSpeed Cache
2.67 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)
2.68 Slider & Popup Builder by Depicter – Add Image Slider, Carousel Slider, Exit Intent Popup, Popup Modal, Coupon Popup, Post Slider Carousel
2.69 Lightbox & Modal Popup WordPress Plugin – FooBox
2.70 GiveWP – Donation Plugin and Fundraising Platform
2.71 Hummingbird Performance – Cache & Page Speed Optimization for Core Web Vitals | Critical CSS | Minify CSS | Defer CSS Javascript | CDN
2.72 Hummingbird Performance – Cache & Page Speed Optimization for Core Web Vitals | Critical CSS | Minify CSS | Defer CSS Javascript | CDN
2.73 Robin image optimizer — save money on image compression
2.74 Simple Local Avatars
2.75 HUSKY – Products Filter Professional for WooCommerce
2.76 TypeSquare Webfonts for ????????
2.77 LearnPress – WordPress LMS Plugin
2.78 MainWP Child Reports
2.79 ??????? ?????
2.80 Tutor LMS – eLearning and online course solution
2.81 Tutor LMS – eLearning and online course solution
2.82 Ajax Search Lite
2.83 Brizy – Page Builder
2.84 Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager
2.85 Import and export users and customers
2.86 Booking for Appointments and Events Calendar – Amelia
2.87 3D FlipBook – PDF Flipbook WordPress
2.88 Media Library Assistant
2.89 WP Table Builder – WordPress Table Plugin
2.90 Category Posts Widget
2.91 Easy Digital Downloads – eCommerce Payments and Subscriptions made easy
2.92 Easy Digital Downloads – eCommerce Payments and Subscriptions made easy
2.93 Ditty – Responsive News Tickers, Sliders, and Lists
2.94 Gutenberg Blocks, Page Builder – ComboBlocks
2.95 Slider by Soliloquy – Responsive Image Slider for WordPress
2.96 Advanced Cron Manager – debug & control
2.97 BetterDocs – Best Documentation, FAQ & Knowledge Base Plugin with AI Support & Instant Answer for Elementor & Gutenberg
2.98 BetterDocs – Best Documentation, FAQ & Knowledge Base Plugin with AI Support & Instant Answer for Elementor & Gutenberg
2.99 Cost Calculator Builder
2.100 Accept Stripe Payments
2.101 Ultimate Addons for Beaver Builder – Lite
2.102 Fuse Social Floating Sidebar
2.103 Icegram Engage – Ultimate WP Popup Builder, Lead Generation, Optins, and CTA
2.104 Slider by 10Web – Responsive Image Slider
2.105 Easy PayPal & Stripe Buy Now Button
2.106 WordPress File Upload
2.107 WordPress File Upload
2.108 140+ Widgets | Xpro Addons For Elementor – FREE
2.109 Gutenberg Page Builder Blocks & Ready-Made Patterns Library for Blogs, Magazines, Newspapers, and Business Websites. Easy One-Click Import, No Coding Needed! – Blockspare
2.110 Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress
2.111 GeoDirectory – WP Business Directory Plugin and Classified Listings Directory
2.112 Graphina – Elementor Charts and Graphs
2.113 Horizontal scrolling announcements
2.114 myCred – Loyalty Points and Rewards plugin for WordPress and WooCommerce – Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification
2.115 Registrations for the Events Calendar – Event Registration Plugin
2.116 WooCommerce Product Table Lite
2.117 Participants Database
2.118 Selection Lite
2.119 Themify Shortcodes
2.120 Chatbot for WordPress by Collect.chat ??
2.121 CM Tooltip Glossary
2.122 Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress Plugin
2.123 ParcelPanel (Free to install) – Shipment Tracking, Tracking, and Order Tracking for WooCommerce
2.124 Ultimate Bootstrap Elements for Elementor
2.125 JetGridBuilder — Grid Builder for Elementor and Gutenberg
2.126 Timeline and History slider
2.127 WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce
2.128 JS Help Desk – The Ultimate Help Desk & Support Plugin
2.129 JS Help Desk – The Ultimate Help Desk & Support Plugin
2.130 Organization chart
2.131 Pinpoint Booking System – #1 WordPress Booking Plugin
2.132 Card Elements for Elementor
2.133 Cooked – Recipe Management
2.134 FormCraft – Form Builder
2.135 Icegram Collect – Easy Form, Lead Collection and Subscription plugin
2.136 Waitlist Woocommerce ( Back in stock notifier )
2.137 EventPrime – Events Calendar, Bookings and Tickets
2.138 Products, Order & Customers Export for WooCommerce
2.139 Sender – Newsletter, SMS and Email Marketing Automation for WooCommerce
2.140 Shared Files – Frontend File Upload Form & Secure File Sharing
2.141 Visual Website Collaboration, Feedback & Project Management – Atarim
2.142 BSK Forms Blacklist
2.143 CRM Perks Forms – WordPress Form Builder
2.144 Masteriyo LMS – eLearning and Online Course Builder for WordPress
2.145 Masteriyo LMS – eLearning and Online Course Builder for WordPress
2.146 Masteriyo LMS – eLearning and Online Course Builder for WordPress
2.147 WP Search Analytics
2.148 Post Grid Master – Custom Post Types, Taxonomies & Ajax Filter Everything with Infinite Scroll, Load More, Pagination & Shortcode Builder
2.149 Christmasify!
2.150 Falang multilanguage for WordPress
2.151 Football Pool
2.152 Football Pool
2.153 StreamCast – Radio Player for WordPress
2.154 Sunshine Photo Cart: Free Client Photo Galleries for Photographers
2.155 WappPress – Create Mobile App for any WordPress site with our Mobile App Builder in just 1 minute
2.156 WP Bannerize Pro
2.157 WPSection
2.158 BerqWP – Automated All-In-One PageSpeed Optimization Plugin for Core Web Vitals, Cache, CDN, Images, CSS, and JavaScript
2.159 Community Events
2.160 WPBakery Page Builder
2.161 WPBakery Page Builder
2.162 Modern Events Calendar
2.163 Modern Events Calendar Lite
2.164 Search Filter Pro
2.165 Shortcodes Ultimate Pro
2.166 Term And Category Based Posts Widget
2.167 Docket (WooCommerce Collections / Wishlist / Watchlist)
2.168 Docket (WooCommerce Collections / Wishlist / Watchlist)
2.169 WooCommerce Multiple Customer Addresses & Shipping
2.170 WP eStore
2.171 WP eStore
2.172 WP eMember

3. WordPress Themes — 4 Patched / 5 Unpatched

3.1 Busiprof
3.2 Visual Composer Starter
3.3 Multipurpose
3.4 News Flash
3.5 The Next LVL
3.6 Orchid Store
3.7 MDx
3.8 Houzez
3.9 Woffice

Our WordPress Vulnerability Report covers the latest emerging WordPress plugin, theme, and core vulnerabilities. Each vulnerability will have a severity rating of Low, Medium, High, or Critical. Responsible disclosure of vulnerabilities is essential to keeping the WordPress community safe. Please share this report to help spread the word and make WordPress — and the web — more secure.

WordPress Core

WordPress 6.6.1 is available! This minor release features 7 bug fixes in Core and 9 bug fixes for the Block Editor. You can review a summary of the maintenance updates in this release by reading the Release Candidate announcement.

WordPress Plugins — 114 Patched / 58 Unpatched

Plugin:: PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer – DearFlip
Plugin Slug:: 3d-flipbook-dflip-lite
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-4367

Plugin:: Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)
Plugin Slug:: bdthemes-element-pack-lite
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-4360

Plugin:: Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)
Plugin Slug:: bdthemes-element-pack-lite
Installations: 100,000+
Vulnerability:: Arbitrary File Download
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-4359

Plugin:: Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer
Plugin Slug:: clearfy
Installations: 80,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43260

Plugin:: Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder
Plugin Slug:: form-maker
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-43220

Plugin:: Social Slider Feed
Plugin Slug:: instagram-slider-widget
Installations: 50,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43215

Plugin:: Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy)
Plugin Slug:: wp-analytify
Installations: 30,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43265

Plugin:: WP Dashboard Notes
Plugin Slug:: wp-dashboard-notes
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43226

Plugin:: LA-Studio Element Kit for Elementor
Plugin Slug:: lastudio-element-kit
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43210

Plugin:: Mediavine Control Panel
Plugin Slug:: mediavine-control-panel
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43218

Plugin:: weMail – Email Marketing, Newsletter, Optin Forms, Subscribers WordPress Plugin
Plugin Slug:: wemail
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-43238

Plugin:: Backup and Restore WordPress – Backup Plugin
Plugin Slug:: wp-backitup
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43270

Plugin:: Backup and Restore WordPress – Backup Plugin
Plugin Slug:: wp-backitup
Installations: 10,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43269

Plugin:: Backup and Restore WordPress – Backup Plugin
Plugin Slug:: wp-backitup
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43268

Plugin:: YaMaps for WordPress Plugin
Plugin Slug:: yamaps
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43224

Plugin:: Create by Mediavine
Plugin Slug:: mediavine-create
Installations: 7,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43264

Plugin:: WP Job Portal – A Complete Recruitment System for Company or Job Board website
Plugin Slug:: wp-job-portal
Installations: 6,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43266

Plugin:: MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution
Plugin Slug:: dc-woocommerce-multi-vendor
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-43213

Plugin:: MailChimp Subscribe Form, Optin Builder, PopUp Builder, Form Builder
Plugin Slug:: mailchimp-subscribe-sm
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43211

Plugin:: Order Export for WooCommerce
Plugin Slug:: order-export-and-more-for-woocommerce
Installations: 3,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43259

Plugin:: Smart Online Order for Clover
Plugin Slug:: clover-online-orders
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43254

Plugin:: Smart Online Order for Clover
Plugin Slug:: clover-online-orders
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43253

Plugin:: Enter Addons – Ultimate Template Builder for Elementor
Plugin Slug:: enteraddons
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43225

Plugin:: Kodex Posts likes
Plugin Slug:: kodex-posts-likes
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-43217

Plugin:: WordPress Tour & Travel Booking Plugin for WooCommerce – WpTravelly
Plugin Slug:: tour-booking-manager
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-43212

Plugin:: Filr – Secure document library
Plugin Slug:: filr-protection
Installations: 900+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43216

Plugin:: Job Manager and Recruitment Board for Employers and Candidates – Crew HRM
Plugin Slug:: hr-management
Installations: 80+
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-43252

Plugin:: affiliate-toolkit
Plugin Slug:: affiliate-toolkit-starter
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-6562

Plugin:: Bit Form Pro
Plugin Slug:: bitformpro
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43251

Plugin:: Bit Form Pro
Plugin Slug:: bitformpro
Vulnerability:: Settings Change
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-43250

Plugin:: Bit Form Pro
Plugin Slug:: bitformpro
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-43249

Plugin:: Bit Form Pro
Plugin Slug:: bitformpro
Vulnerability:: Arbitrary File Deletion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-43248

Plugin:: Blox Page Builder
Plugin Slug:: blox-page-builder
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-6315

Plugin:: Compute Links
Plugin Slug:: compute-links
Vulnerability:: Remote File Inclusion
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-43261

Plugin:: House Manager
Plugin Slug:: house-manager
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-3973

Plugin:: Ultimate Membership Pro
Plugin Slug:: indeed-membership-pro
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-43242

Plugin:: Ultimate Membership Pro
Plugin Slug:: indeed-membership-pro
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-43241

Plugin:: Ultimate Membership Pro
Plugin Slug:: indeed-membership-pro
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-43240

Plugin:: Leopard – WordPress offload media
Plugin Slug:: leopard-wordpress-offload-media
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43257

Plugin:: Leopard – WordPress offload media
Plugin Slug:: leopard-wordpress-offload-media
Vulnerability:: Settings Change
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-43256

Plugin:: Linkify Text
Plugin Slug:: linkify-text
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-7382

Plugin:: My Custom CSS PHP & ADS
Plugin Slug:: my-custom-css
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-7410

Plugin:: MyBookTable Bookstore
Plugin Slug:: mybooktable
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-43255

Plugin:: No Update Nag
Plugin Slug:: no-update-nag
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-7412

Plugin:: Obfuscate Email
Plugin Slug:: obfuscate-email
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-7413

Plugin:: Opal Membership
Plugin Slug:: opal-membership
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-7649

Plugin:: Opal Membership
Plugin Slug:: opal-membership
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-7648

Plugin:: Reveal Template
Plugin Slug:: reveal-template
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-7416

Plugin:: Send Emails with Mandrill
Plugin Slug:: send-emails-with-mandrill
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43208

Plugin:: Store Locator Plus
Plugin Slug:: store-locator-le
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43258

Plugin:: Traffic Manager
Plugin Slug:: traffic-manager
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-7485

Plugin:: Mega Addons For Elementor
Plugin Slug:: ultimate-addons-for-elementor
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43267

Plugin:: Unite Gallery Lite
Plugin Slug:: unite-gallery-lite
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-43207

Plugin:: WHMpress
Plugin Slug:: whmpress
Vulnerability:: Settings Change
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-43247

Plugin:: WHMpress
Plugin Slug:: whmpress
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-43246

Plugin:: Woo Products Widgets For Elementor
Plugin Slug:: woo-products-widgets-for-elementor
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-43271

Plugin:: Bitly
Plugin Slug:: wp-bitly
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43209

Plugin:: JobSearch
Plugin Slug:: wp-jobsearch
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-43245

Plugin:: Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
Plugin Slug:: essential-addons-for-elementor-lite
Installations: 2,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.0.0
Severity Score:: Medium
CVE:: 2024-7092

Plugin:: Spectra – WordPress Gutenberg Blocks
Plugin Slug:: ultimate-addons-for-gutenberg
Installations: 900,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.15.1
Severity Score:: Medium
CVE:: 2024-7590

Plugin:: Premium Addons for Elementor
Plugin Slug:: premium-addons-for-elementor
Installations: 700,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.10.39
Severity Score:: Medium
CVE:: 2024-6824

Plugin:: Meta Box – WordPress Custom Fields Framework
Plugin Slug:: meta-box
Installations: 600,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.9.11
Severity Score:: High
CVE:: 2024-43235

Plugin:: Easy Table of Contents
Plugin Slug:: easy-table-of-contents
Installations: 500,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.68
Severity Score:: Medium
CVE:: 2024-7082

Plugin:: Gutenberg Blocks with AI by Kadence WP – Page Builder Features
Plugin Slug:: kadence-blocks
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.39
Severity Score:: Medium
CVE:: 2024-6884

Plugin:: AMP for WP – Accelerated Mobile Pages
Plugin Slug:: accelerated-mobile-pages
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.0.97
Severity Score:: Medium
CVE:: 2024-43146

Plugin:: Aruba HiSpeed Cache
Plugin Slug:: aruba-hispeed-cache
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.0.13
Severity Score:: Medium
CVE:: 2024-43119

Plugin:: Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)
Plugin Slug:: bdthemes-element-pack-lite
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.7.3
Severity Score:: Medium
CVE:: 2024-7247

Plugin:: Slider & Popup Builder by Depicter – Add Image Slider, Carousel Slider, Exit Intent Popup, Popup Modal, Coupon Popup, Post Slider Carousel
Plugin Slug:: depicter
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.0
Severity Score:: Medium
CVE:: 2024-43161

Plugin:: Lightbox & Modal Popup WordPress Plugin – FooBox
Plugin Slug:: foobox-image-lightbox
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.7.32
Severity Score:: Medium
CVE:: 2024-5668

Plugin:: GiveWP – Donation Plugin and Fundraising Platform
Plugin Slug:: give
Installations: 100,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 3.14.2
Severity Score:: Critical
CVE:: 2024-37099

Plugin:: Hummingbird Performance – Cache & Page Speed Optimization for Core Web Vitals | Critical CSS | Minify CSS | Defer CSS Javascript | CDN
Plugin Slug:: hummingbird-performance
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.9.2
Severity Score:: Medium
CVE:: 2024-43118

Plugin:: Hummingbird Performance – Cache & Page Speed Optimization for Core Web Vitals | Critical CSS | Minify CSS | Defer CSS Javascript | CDN
Plugin Slug:: hummingbird-performance
Installations: 100,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.9.2
Severity Score:: Medium
CVE:: 2024-43117

Plugin:: Robin image optimizer — save money on image compression
Plugin Slug:: robin-image-optimizer
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.7.0
Severity Score:: Medium
CVE:: 2024-43122

Plugin:: Simple Local Avatars
Plugin Slug:: simple-local-avatars
Installations: 100,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.7.11
Severity Score:: Medium
CVE:: 2024-43116

Plugin:: HUSKY – Products Filter Professional for WooCommerce
Plugin Slug:: woocommerce-products-filter
Installations: 100,000+
Vulnerability:: Privilege Escalation
Patched in Version:: 1.3.6.2
Severity Score:: Critical
CVE:: 2024-43121

Plugin:: TypeSquare Webfonts for ????????
Plugin Slug:: xserver-typesquare-webfonts
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.0.8
Severity Score:: Medium
CVE:: 2024-43120

Plugin:: LearnPress – WordPress LMS Plugin
Plugin Slug:: learnpress
Installations: 90,000+
Vulnerability:: SQL Injection
Patched in Version:: 4.2.6.9.4
Severity Score:: High
CVE:: 2024-7548

Plugin:: MainWP Child Reports
Plugin Slug:: mainwp-child-reports
Installations: 90,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.2.1
Severity Score:: High
CVE:: 2024-7492

Plugin:: ??????? ?????
Plugin Slug:: persian-woocommerce
Installations: 90,000+
Vulnerability:: Broken Access Control
Patched in Version:: 9.0.0
Severity Score:: Medium
CVE:: 2024-43219

Plugin:: Tutor LMS – eLearning and online course solution
Plugin Slug:: tutor
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.7.4
Severity Score:: Medium
CVE:: 2024-43231

Plugin:: Tutor LMS – eLearning and online course solution
Plugin Slug:: tutor
Installations: 90,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.7.4
Severity Score:: Medium
CVE:: 2024-43142

Plugin:: Ajax Search Lite
Plugin Slug:: ajax-search-lite
Installations: 80,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.12.1
Severity Score:: Medium
CVE:: 2024-7084

Plugin:: Brizy – Page Builder
Plugin Slug:: brizy
Installations: 80,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.5.2
Severity Score:: Medium
CVE:: 2024-6254

Plugin:: Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager
Plugin Slug:: folders
Installations: 80,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.0.4
Severity Score:: Medium
CVE:: 2024-7317

Plugin:: Import and export users and customers
Plugin Slug:: import-users-from-csv-with-meta
Installations: 80,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.26.9
Severity Score:: High
CVE:: 2024-38787

Plugin:: Booking for Appointments and Events Calendar – Amelia
Plugin Slug:: ameliabooking
Installations: 70,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.2.1
Severity Score:: Medium
CVE:: 2024-6552

Plugin:: 3D FlipBook – PDF Flipbook WordPress
Plugin Slug:: interactive-3d-flipbook-powered-physics-engine
Installations: 70,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.15.7
Severity Score:: Medium
CVE:: 2024-43152

Plugin:: Media Library Assistant
Plugin Slug:: media-library-assistant
Installations: 70,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 3.19
Severity Score:: Critical
CVE:: 2024-6823

Plugin:: WP Table Builder – WordPress Table Plugin
Plugin Slug:: wp-table-builder
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.0
Severity Score:: Medium
CVE:: 2024-43125

Plugin:: Category Posts Widget
Plugin Slug:: category-posts
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.9.17
Severity Score:: Medium
CVE:: 2024-6158

Plugin:: Easy Digital Downloads – eCommerce Payments and Subscriptions made easy
Plugin Slug:: easy-digital-downloads
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.3.3
Severity Score:: Medium
CVE:: 2024-6692

Plugin:: Easy Digital Downloads – eCommerce Payments and Subscriptions made easy
Plugin Slug:: easy-digital-downloads
Installations: 50,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.3.1
Severity Score:: Medium
CVE:: 2024-43162

Plugin:: Ditty – Responsive News Tickers, Sliders, and Lists
Plugin Slug:: ditty-news-ticker
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1.45
Severity Score:: Medium
CVE:: 2024-6710

Plugin:: Gutenberg Blocks, Page Builder – ComboBlocks
Plugin Slug:: post-grid
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.87
Severity Score:: Medium
CVE:: 2024-43155

Plugin:: Slider by Soliloquy – Responsive Image Slider for WordPress
Plugin Slug:: soliloquy-lite
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.7.7
Severity Score:: Medium
CVE:: 2024-35775

Plugin:: Advanced Cron Manager – debug & control
Plugin Slug:: advanced-cron-manager
Installations: 30,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.5.10
Severity Score:: Medium
CVE:: 2024-43154

Plugin:: BetterDocs – Best Documentation, FAQ & Knowledge Base Plugin with AI Support & Instant Answer for Elementor & Gutenberg
Plugin Slug:: betterdocs
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.5.9
Severity Score:: Medium
CVE:: 2024-43227

Plugin:: BetterDocs – Best Documentation, FAQ & Knowledge Base Plugin with AI Support & Instant Answer for Elementor & Gutenberg
Plugin Slug:: betterdocs
Installations: 30,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 3.5.9
Severity Score:: Medium
CVE:: 2024-43129

Plugin:: Cost Calculator Builder
Plugin Slug:: cost-calculator-builder
Installations: 30,000+
Vulnerability:: SQL Injection
Patched in Version:: 3.2.16
Severity Score:: Critical
CVE:: 2024-43144

Plugin:: Accept Stripe Payments
Plugin Slug:: stripe-payments
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.87
Severity Score:: Medium
CVE:: 2024-7353

Plugin:: Ultimate Addons for Beaver Builder – Lite
Plugin Slug:: ultimate-addons-for-beaver-builder-lite
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.10
Severity Score:: Medium
CVE:: 2024-43151

Plugin:: Fuse Social Floating Sidebar
Plugin Slug:: fuse-social-floating-sidebar
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.4.11
Severity Score:: Medium
CVE:: 2024-5226

Plugin:: Icegram Engage – Ultimate WP Popup Builder, Lead Generation, Optins, and CTA
Plugin Slug:: icegram
Installations: 20,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.1.25
Severity Score:: Medium
CVE:: 2024-43272

Plugin:: Slider by 10Web – Responsive Image Slider
Plugin Slug:: slider-wd
Installations: 20,000+
Vulnerability:: SQL Injection
Patched in Version:: 1.2.58
Severity Score:: High
CVE:: 2024-7150

Plugin:: Easy PayPal & Stripe Buy Now Button
Plugin Slug:: wp-ecommerce-paypal
Installations: 20,000+
Vulnerability:: Open Redirection
Patched in Version:: 1.9.1
Severity Score:: Medium
CVE:: 2024-43236

Plugin:: WordPress File Upload
Plugin Slug:: wp-file-upload
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.24.8
Severity Score:: High
CVE:: 2024-6494

Plugin:: WordPress File Upload
Plugin Slug:: wp-file-upload
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.24.8
Severity Score:: High
CVE:: 2024-6651

Plugin:: 140+ Widgets | Xpro Addons For Elementor – FREE
Plugin Slug:: xpro-elementor-addons
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4.4.3
Severity Score:: Medium
CVE:: 2024-43150

Plugin:: Gutenberg Page Builder Blocks & Ready-Made Patterns Library for Blogs, Magazines, Newspapers, and Business Websites. Easy One-Click Import, No Coding Needed! – Blockspare
Plugin Slug:: blockspare
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.1
Severity Score:: Medium
CVE:: 2024-43164

Plugin:: Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress
Plugin Slug:: bookingpress-appointment-booking
Installations: 10,000+
Vulnerability:: Broken Authentication
Patched in Version:: 1.1.8
Severity Score:: Critical
CVE:: 2024-7350

Plugin:: GeoDirectory – WP Business Directory Plugin and Classified Listings Directory
Plugin Slug:: geodirectory
Installations: 10,000+
Vulnerability:: SQL Injection
Patched in Version:: 2.3.62
Severity Score:: High
CVE:: 2024-43145

Plugin:: Graphina – Elementor Charts and Graphs
Plugin Slug:: graphina-elementor-charts-and-graphs
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.0
Severity Score:: Medium
CVE:: 2024-43124

Plugin:: Horizontal scrolling announcements
Plugin Slug:: horizontal-scrolling-announcements
Installations: 10,000+
Vulnerability:: SQL Injection
Patched in Version:: 2.5
Severity Score:: High
CVE:: 2023-5000

Plugin:: myCred – Loyalty Points and Rewards plugin for WordPress and WooCommerce – Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification
Plugin Slug:: mycred
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.7.3
Severity Score:: Medium
CVE:: 2024-43214

Plugin:: Registrations for the Events Calendar – Event Registration Plugin
Plugin Slug:: registrations-for-the-events-calendar
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.12.2
Severity Score:: Medium
CVE:: 2024-43143

Plugin:: WooCommerce Product Table Lite
Plugin Slug:: wc-product-table-lite
Installations: 10,000+
Vulnerability:: Content Injection
Patched in Version:: 3.8.6
Severity Score:: Medium
CVE:: 2024-43128

Plugin:: Participants Database
Plugin Slug:: participants-database
Installations: 9,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 2.5.9.3
Severity Score:: Critical
CVE:: 2024-43141

Plugin:: Selection Lite
Plugin Slug:: selection-lite
Installations: 9,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.12
Severity Score:: Medium
CVE:: 2024-43147

Plugin:: Themify Shortcodes
Plugin Slug:: themify-shortcodes
Installations: 9,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.2
Severity Score:: Medium
CVE:: 2024-43133

Plugin:: Chatbot for WordPress by Collect.chat ??
Plugin Slug:: collectchat
Installations: 8,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.4
Severity Score:: Medium
CVE:: 2024-6498

Plugin:: CM Tooltip Glossary
Plugin Slug:: enhanced-tooltipglossary
Installations: 8,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.3.9
Severity Score:: Medium
CVE:: 2024-43149

Plugin:: Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress Plugin
Plugin Slug:: mage-eventpress
Installations: 8,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 4.2.2
Severity Score:: Medium
CVE:: 2024-43138

Plugin:: ParcelPanel (Free to install) – Shipment Tracking, Tracking, and Order Tracking for WooCommerce
Plugin Slug:: parcelpanel
Installations: 7,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.3.3
Severity Score:: High
CVE:: 2024-43163

Plugin:: Ultimate Bootstrap Elements for Elementor
Plugin Slug:: ultimate-bootstrap-elements-for-elementor
Installations: 7,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 1.4.5
Severity Score:: High
CVE:: 2024-43140

Plugin:: JetGridBuilder — Grid Builder for Elementor and Gutenberg
Plugin Slug:: jetgridbuilder
Installations: 6,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 1.1.3
Severity Score:: High
CVE:: 2024-43221

Plugin:: Timeline and History slider
Plugin Slug:: timeline-and-history-slider
Installations: 6,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 2.4
Severity Score:: High
CVE:: 2024-43232

Plugin:: WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce
Plugin Slug:: wp-cafe
Installations: 6,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 2.2.29
Severity Score:: High
CVE:: 2024-43135

Plugin:: JS Help Desk – The Ultimate Help Desk & Support Plugin
Plugin Slug:: js-support-ticket
Installations: 5,000+
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: 2.8.7
Severity Score:: Critical
CVE:: 2024-7094

Plugin:: JS Help Desk – The Ultimate Help Desk & Support Plugin
Plugin Slug:: js-support-ticket
Installations: 5,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.8.7
Severity Score:: Medium
CVE:: 2024-43274

Plugin:: Organization chart
Plugin Slug:: organization-chart
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.1
Severity Score:: Medium
CVE:: 2024-7355

Plugin:: Pinpoint Booking System – #1 WordPress Booking Plugin
Plugin Slug:: booking-system
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.9.9.4.8
Severity Score:: Medium
CVE:: 2024-3636

Plugin:: Card Elements for Elementor
Plugin Slug:: card-elements-for-elementor
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.3
Severity Score:: Medium
CVE:: 2024-43123

Plugin:: Cooked – Recipe Management
Plugin Slug:: cooked
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8.1
Severity Score:: Medium
CVE:: 2024-41816

Plugin:: FormCraft – Form Builder
Plugin Slug:: formcraft-form-builder
Installations: 4,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.2.11
Severity Score:: Medium
CVE:: 2024-43157

Plugin:: Icegram Collect – Easy Form, Lead Collection and Subscription plugin
Plugin Slug:: icegram-rainmaker
Installations: 4,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.3.15
Severity Score:: Medium
CVE:: 2024-43273

Plugin:: Waitlist Woocommerce ( Back in stock notifier )
Plugin Slug:: waitlist-woocommerce
Installations: 4,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.6.1
Severity Score:: Medium
CVE:: 2024-43134

Plugin:: EventPrime – Events Calendar, Bookings and Tickets
Plugin Slug:: eventprime-event-calendar-management
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.0.4.0
Severity Score:: Medium
CVE:: 2024-43223

Plugin:: Products, Order & Customers Export for WooCommerce
Plugin Slug:: export-woocommerce
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.12
Severity Score:: High
CVE:: 2024-43127

Plugin:: Sender – Newsletter, SMS and Email Marketing Automation for WooCommerce
Plugin Slug:: sender-net-automated-emails
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.16
Severity Score:: High
CVE:: 2024-43126

Plugin:: Shared Files – Frontend File Upload Form & Secure File Sharing
Plugin Slug:: shared-files
Installations: 3,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.7.29
Severity Score:: Medium
CVE:: 2024-43230

Plugin:: Visual Website Collaboration, Feedback & Project Management – Atarim
Plugin Slug:: atarim-visual-collaboration
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.0.3
Severity Score:: Medium
CVE:: 2024-7621

Plugin:: BSK Forms Blacklist
Plugin Slug:: bsk-gravityforms-blacklist
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.8.1
Severity Score:: High
CVE:: 2024-43233

Plugin:: CRM Perks Forms – WordPress Form Builder
Plugin Slug:: crm-perks-forms
Installations: 2,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 1.1.4
Severity Score:: Critical
CVE:: 2024-7484

Plugin:: Masteriyo LMS – eLearning and Online Course Builder for WordPress
Plugin Slug:: learning-management-system
Installations: 2,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 1.11.5
Severity Score:: Medium
CVE:: 2024-43239

Plugin:: Masteriyo LMS – eLearning and Online Course Builder for WordPress
Plugin Slug:: learning-management-system
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.12.0
Severity Score:: Medium
CVE:: 2024-43159

Plugin:: Masteriyo LMS – eLearning and Online Course Builder for WordPress
Plugin Slug:: learning-management-system
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.11.5
Severity Score:: High
CVE:: 2024-43158

Plugin:: WP Search Analytics
Plugin Slug:: search-analytics
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.4.10
Severity Score:: Medium
CVE:: 2024-43229

Plugin:: Post Grid Master – Custom Post Types, Taxonomies & Ajax Filter Everything with Infinite Scroll, Load More, Pagination & Shortcode Builder
Plugin Slug:: ajax-filter-posts
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.4.11
Severity Score:: High
CVE:: 2024-43156

Plugin:: Christmasify!
Plugin Slug:: christmasify
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.5.6
Severity Score:: High
CVE:: 2024-7574

Plugin:: Falang multilanguage for WordPress
Plugin Slug:: falang
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.3.53
Severity Score:: Medium
CVE:: 2024-6869

Plugin:: Football Pool
Plugin Slug:: football-pool
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.11.10
Severity Score:: Medium
CVE:: 2024-43139

Plugin:: Football Pool
Plugin Slug:: football-pool
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.12.1
Severity Score:: Medium
CVE:: 2024-43130

Plugin:: StreamCast – Radio Player for WordPress
Plugin Slug:: streamcast
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.4
Severity Score:: Medium
CVE:: 2024-43148

Plugin:: Sunshine Photo Cart: Free Client Photo Galleries for Photographers
Plugin Slug:: sunshine-photo-cart
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.2.2
Severity Score:: Medium
CVE:: 2024-43136

Plugin:: WappPress – Create Mobile App for any WordPress site with our Mobile App Builder in just 1 minute
Plugin Slug:: wapppress-builds-android-app-for-website
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.0.5
Severity Score:: Medium
CVE:: 2024-43137

Plugin:: WP Bannerize Pro
Plugin Slug:: wp-bannerize-pro
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.9.1
Severity Score:: Medium
CVE:: 2024-7388

Plugin:: WPSection
Plugin Slug:: wpsection
Installations: 1,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 1.3.9
Severity Score:: Medium
CVE:: 2024-43165

Plugin:: BerqWP – Automated All-In-One PageSpeed Optimization Plugin for Core Web Vitals, Cache, CDN, Images, CSS, and JavaScript
Plugin Slug:: searchpro
Installations: 900+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 1.7.7
Severity Score:: Critical
CVE:: 2024-43160

Plugin:: Community Events
Plugin Slug:: community-events
Installations: 40+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.1
Severity Score:: Medium
CVE:: 2024-6270

Plugin:: WPBakery Page Builder
Plugin Slug:: js_composer
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.8
Severity Score:: Medium
CVE:: 2024-5708

Plugin:: WPBakery Page Builder
Plugin Slug:: js_composer
Vulnerability:: Local File Inclusion
Patched in Version:: 7.8
Severity Score:: Medium
CVE:: 2024-5709

Plugin:: Modern Events Calendar
Plugin Slug:: modern-events-calendar
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 7.13.0
Severity Score:: Medium
CVE:: 2024-6522

Plugin:: Modern Events Calendar Lite
Plugin Slug:: modern-events-calendar-lite
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 7.13.0
Severity Score:: Medium
CVE:: 2024-6522

Plugin:: Search Filter Pro
Plugin Slug:: search-filter-pro
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.5.18
Severity Score:: Medium
CVE:: 2024-6481

Plugin:: Shortcodes Ultimate Pro
Plugin Slug:: shortcodes-ultimate-pro
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.2.1
Severity Score:: Medium
CVE:: 2024-6766

Plugin:: Term And Category Based Posts Widget
Plugin Slug:: term-and-category-based-posts-widget
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.9.13
Severity Score:: Medium
CVE:: 2024-6158

Plugin:: Docket (WooCommerce Collections / Wishlist / Watchlist)
Plugin Slug:: woocommerce-collections
Vulnerability:: SQL Injection
Patched in Version:: 1.7.0
Severity Score:: Critical
CVE:: 2024-43132

Plugin:: Docket (WooCommerce Collections / Wishlist / Watchlist)
Plugin Slug:: woocommerce-collections
Vulnerability:: Arbitrary Content Deletion
Patched in Version:: 1.7.0
Severity Score:: High
CVE:: 2024-43131

Plugin:: WooCommerce Multiple Customer Addresses & Shipping
Plugin Slug:: woocommerce-multiple-customer-addresses
Vulnerability:: Multiple Vulnerabilities
Patched in Version:: 24.9
Severity Score:: Medium

Plugin:: WP eStore
Plugin Slug:: wp-cart-for-digital-products
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 8.5.6
Severity Score:: Medium
CVE:: 2024-6136

Plugin:: WP eStore
Plugin Slug:: wp-cart-for-digital-products
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 8.5.6
Severity Score:: High
CVE:: 2024-6133

Plugin:: WP eMember
Plugin Slug:: wp-eMember
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 10.7.0
Severity Score:: High
CVE:: 2024-5081

WordPress Themes — 4 Patched / 5 Unpatched

Theme:: Busiprof
Theme Slug:: busiprof
Downloads: 519,822
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43262

Theme:: Visual Composer Starter
Theme Slug:: visual-composer-starter
Downloads: 106,347
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43263

Theme:: Multipurpose
Theme Slug:: multipurpose
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-7486

Theme:: News Flash
Theme Slug:: news-flash
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-7560

Theme:: The Next LVL
Theme Slug:: the-next
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-7561

Theme:: Orchid Store
Theme Slug:: orchid-store
Downloads: 349,182
Vulnerability:: Broken Access Control
Patched in Version:: 1.5.7
Severity Score:: Medium
CVE:: 2024-6987

Theme:: MDx
Theme Slug:: MDx
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.4
Severity Score:: Medium
CVE:: 2024-6639

Theme:: Houzez
Theme Slug:: houzez
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.5
Severity Score:: High
CVE:: 2024-43244

Theme:: Woffice
Theme Slug:: woffice
Vulnerability:: Privilege Escalation
Patched in Version:: 5.4.12
Severity Score:: Critical
CVE:: 2024-43153

Solid Security is part of Solid Suite — The best foundation for WordPress websites.

Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!

Get Solid Security

Author:

Sarah

Sarah has been with StellarWP since 2024. As our marketing generalist, she spends her day writing content and completing projects for SolidWP, LearnDash, and The Events Calendar. In her free time, Sarah can be found playing pickleball, enjoying coffee at a local coffee shop, and spending time with her husband.

Browse all of Sarah's articles

Sign up

Placeholder text

Thanks

Oops something went wrong, please try submitting again

Solid Suite

Protect

Repair

Manage

Free Plugins

Solid Suite

Academy

Solid Academy

Guides

Livestreams

Tutorials Academy

Resources

Blog

Vulnerability Report

Support

Documentation

Table of Contents

WordPress Core

WordPress Plugins — 114 Patched / 58 Unpatched