In this report, 122 vulnerabilities have been publicly disclosed. Security patches for 73 of these plugins are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.
Additionally, there are 49 plugin and theme vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.
WordPress Core
WordPress 6.6.1 is available! This minor release features 7 bug fixes in Core and 9 bug fixes for the Block Editor. You can review a summary of the maintenance updates in this release by reading the Release Candidate announcement.
WordPress Plugins — 72 Patched / 46 Unpatched
TI WooCommerce Wishlist
- Plugin:
- TI WooCommerce Wishlist
- Plugin Slug:
- ti-woocommerce-wishlist
- Installations
- 100,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2024-43917
YARPP – Yet Another Related Posts Plugin
- Plugin Slug:
- yet-another-related-posts-plugin
- Installations
- 100,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-43919
WP Table Builder – WordPress Table Plugin
- Plugin Slug:
- wp-table-builder
- Installations
- 60,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-3282
DSGVO All in one for WP
- Plugin:
- DSGVO All in one for WP
- Plugin Slug:
- dsgvo-all-in-one-for-wp
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-43964
Maintenance & Coming Soon Redirect Animation
- Plugin Slug:
- maintenance-coming-soon-redirect-animation
- Installations
- 5,000+
- Vulnerability:
- Bypass Vulnerability
- Patched in Version:
- No Fix
- Severity Score:
- Low
- CVE:
- 2024-43944
Super Testimonials
- Plugin:
- Super Testimonials
- Plugin Slug:
- super-testimonial
- Installations
- 3,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2024-43959
SKT Blocks – Gutenberg based Page Builder
- Plugin Slug:
- skt-blocks
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-43946
Classic Addons – WPBakery Page Builder
- Plugin Slug:
- classic-addons-wpbakery-page-builder-addons
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-43953
SendGrid for WordPress
- Plugin:
- SendGrid for WordPress
- Plugin Slug:
- wp-sendgrid-mailer
- Installations
- 1,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-43965
Skitter Slideshow
- Plugin:
- Skitter Slideshow
- Plugin Slug:
- wp-skitter-slideshow
- Installations
- 500+
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2022-1751
AdRotate
- Plugin:
- AdRotate
- Plugin Slug:
- adrotate1
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2022-1206
Animated Number Counters
- Plugin:
- Animated Number Counters
- Plugin Slug:
- animated-number-counters
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-43957
App Builder
- Plugin:
- App Builder
- Plugin Slug:
- app-builder
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-7651
azurecurve Toggle Show/Hide
- Plugin:
- azurecurve Toggle Show/Hide
- Plugin Slug:
- azurecurve-toggle-showhide
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-43961
Blog Introduction
- Plugin:
- Blog Introduction
- Plugin Slug:
- blogintroduction-wordpress-plugin
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-7862
Brickscore
- Plugin:
- Brickscore
- Plugin Slug:
- brickscore
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-43950
Smart Online Order for Clover
- Plugin:
- Smart Online Order for Clover
- Plugin Slug:
- clover-online-orders
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-7032
Droip
- Plugin:
- Droip
- Plugin Slug:
- droip
- Vulnerability:
- Arbitrary File Deletion
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2024-43955
Droip
- Plugin:
- Droip
- Plugin Slug:
- droip
- Vulnerability:
- Settings Change
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-43954
GHActivity
- Plugin:
- GHActivity
- Plugin Slug:
- ghactivity
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-43949
Gixaw Chat
- Plugin:
- Gixaw Chat
- Plugin Slug:
- gixaw-chat
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-7816
Hide My Site
- Plugin:
- Hide My Site
- Plugin Slug:
- hide-my-site
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-5880
ILC Thickbox
- Plugin:
- ILC Thickbox
- Plugin Slug:
- ilc-thickbox
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-7820
LatePoint
- Plugin:
- LatePoint
- Plugin Slug:
- latepoint
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-43945
LWS Affiliation
- Plugin:
- LWS Affiliation
- Plugin Slug:
- lws-affiliation
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-43962
Memberpress
- Plugin:
- Memberpress
- Plugin Slug:
- memberpress
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-43956
Misiek Paypal
- Plugin:
- Misiek Paypal
- Plugin Slug:
- misiek-paypal
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-7861
Misiek Photo Album
- Plugin:
- Misiek Photo Album
- Plugin Slug:
- misiek-photo-album
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-7818
Misiek Photo Album
- Plugin:
- Misiek Photo Album
- Plugin Slug:
- misiek-photo-album
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-7817
Music Request Manager
- Plugin:
- Music Request Manager
- Plugin Slug:
- music-request-manager
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-6018
Music Request Manager
- Plugin:
- Music Request Manager
- Plugin Slug:
- music-request-manager
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-6019
Music Request Manager
- Plugin:
- Music Request Manager
- Plugin Slug:
- music-request-manager
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-6017
OTA Sync Booking Engine Widget
- Plugin:
- OTA Sync Booking Engine Widget
- Plugin Slug:
- ota-sync-booking-engine-widget
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-7647
Propovoice Pro
- Plugin:
- Propovoice Pro
- Plugin Slug:
- propovoice-pro
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2024-43941
Responsive Video
- Plugin:
- Responsive Video
- Plugin Slug:
- responsive-video
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-7629
RT Easy Builder – Advanced addons for Elementor
- Plugin:
- RT Easy Builder – Advanced addons for Elementor
- Plugin Slug:
- rt-easy-builder-advanced-addons-for-elementor
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-2254
Simple Headline Rotator
- Plugin:
- Simple Headline Rotator
- Plugin Slug:
- simple-headline-rotator
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-7860
Snapshot Backup
- Plugin:
- Snapshot Backup
- Plugin Slug:
- snapshot-backup
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-7689
Web and WooCommerce Addons for WPBakery Builder
- Plugin:
- Web and WooCommerce Addons for WPBakery Builder
- Plugin Slug:
- vc-addons-by-bit14
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-43960
Woo Inquiry
- Plugin:
- Woo Inquiry
- Plugin Slug:
- woo-inquiry
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2024-7854
WordSurvey
- Plugin:
- WordSurvey
- Plugin Slug:
- wordsurvey
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-6767
WP Testimonial Widget
- Plugin:
- WP Testimonial Widget
- Plugin Slug:
- wp-testimonial-widget
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-43967
WP Testimonial Widget
- Plugin:
- WP Testimonial Widget
- Plugin Slug:
- wp-testimonial-widget
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-43966
WP Testimonial Widget
- Plugin:
- WP Testimonial Widget
- Plugin Slug:
- wp-testimonial-widget
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-7390
Z Y N I T H
- Plugin:
- Z Y N I T H
- Plugin Slug:
- zynith-seo
- Vulnerability:
- Settings Change
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-43940
Z Y N I T H
- Plugin:
- Z Y N I T H
- Plugin Slug:
- zynith-seo
- Vulnerability:
- Settings Change
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-43939
LiteSpeed Cache
- Plugin:
- LiteSpeed Cache
- Plugin Slug:
- litespeed-cache
- Installations
- 5,000,000+
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 6.4
- Severity Score:
- Critical
- CVE:
- 2024-28000
Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder
- Plugin:
- Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder
- Plugin Slug:
- popup-maker
- Installations
- 700,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.19.1
- Severity Score:
- Medium
- CVE:
- 2024-7054
Jeg Elementor Kit
- Plugin:
- Jeg Elementor Kit
- Plugin Slug:
- jeg-elementor-kit
- Installations
- 200,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.6.8
- Severity Score:
- Medium
- CVE:
- 2024-6804
Responsive Lightbox & Gallery
- Plugin:
- Responsive Lightbox & Gallery
- Plugin Slug:
- responsive-lightbox
- Installations
- 200,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.4.8
- Severity Score:
- Medium
- CVE:
- 2024-43924
Responsive Lightbox & Gallery
- Plugin:
- Responsive Lightbox & Gallery
- Plugin Slug:
- responsive-lightbox
- Installations
- 200,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.4.8
- Severity Score:
- Medium
- CVE:
- 2024-6870
Orbit Fox by ThemeIsle
- Plugin:
- Orbit Fox by ThemeIsle
- Plugin Slug:
- themeisle-companion
- Installations
- 200,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.10.37
- Severity Score:
- Medium
- CVE:
- 2024-7778
Beaver Builder – WordPress Page Builder
- Plugin Slug:
- beaver-builder-lite-version
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.8.3.4
- Severity Score:
- High
- CVE:
- 2024-43926
Custom Permalinks
- Plugin:
- Custom Permalinks
- Plugin Slug:
- custom-permalinks
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.7.0
- Severity Score:
- Medium
- CVE:
- 2023-0926
Email Address Encoder
- Plugin:
- Email Address Encoder
- Plugin Slug:
- email-address-encoder
- Installations
- 100,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.0.24
- Severity Score:
- Medium
- CVE:
- 2024-43927
EmbedPress – Embed PDF, 3D Flipbook, Social Feeds, Google Docs, Vimeo, Wistia, YouTube Videos, Audios, Google Maps in Gutenberg Block & Elementor
- Plugin Slug:
- embedpress
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.0.9
- Severity Score:
- Medium
- CVE:
- 2024-43936
Gallery Plugin for WordPress – Envira Photo Gallery
- Plugin Slug:
- envira-gallery-lite
- Installations
- 100,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.8.15
- Severity Score:
- Medium
- CVE:
- 2024-43925
GiveWP – Donation Plugin and Fundraising Platform
- Plugin Slug:
- give
- Installations
- 100,000+
- Vulnerability:
- Arbitrary File Deletion
- Patched in Version:
- 3.14.2
- Severity Score:
- Medium
- CVE:
- 2024-5941
GiveWP – Donation Plugin and Fundraising Platform
- Plugin Slug:
- give
- Installations
- 100,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.14.0
- Severity Score:
- Medium
- CVE:
- 2024-5940
GiveWP – Donation Plugin and Fundraising Platform
- Plugin Slug:
- give
- Installations
- 100,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.14.0
- Severity Score:
- Medium
- CVE:
- 2024-5939
WordPress Button Plugin MaxButtons
- Plugin Slug:
- maxbuttons
- Installations
- 100,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 9.8.0
- Severity Score:
- Medium
- CVE:
- 2024-6499
NitroPack – Caching & Speed Optimization for Core Web Vitals, Defer CSS & JS, Lazy load Images and CDN
- Plugin Slug:
- nitropack
- Installations
- 100,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.16.8
- Severity Score:
- Medium
- CVE:
- 2024-43922
String locator
- Plugin:
- String locator
- Plugin Slug:
- string-locator
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.6.6
- Severity Score:
- High
- CVE:
- 2023-6987
The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce
- Plugin:
- The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce
- Plugin Slug:
- the-plus-addons-for-elementor-page-builder
- Installations
- 100,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 5.6.3
- Severity Score:
- Medium
- CVE:
- 2024-43932
The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce
- Plugin:
- The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce
- Plugin Slug:
- the-plus-addons-for-elementor-page-builder
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.6.3
- Severity Score:
- Medium
- CVE:
- 2024-5763
Ninja Tables – Easiest Data Table Builder
- Plugin Slug:
- ninja-tables
- Installations
- 90,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.0.13
- Severity Score:
- Medium
- CVE:
- 2024-7304
AI Engine
Shield Security – Smart Bot Blocking & Intrusion Prevention Security
- Plugin Slug:
- wp-simple-firewall
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 20.0.6
- Severity Score:
- High
- CVE:
- 2024-7313
Visual CSS Style Editor
- Plugin:
- Visual CSS Style Editor
- Plugin Slug:
- yellow-pencil-visual-theme-customizer
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 7.6.4
- Severity Score:
- High
- CVE:
- 2024-43963
Piotnet Addons For Elementor
- Plugin:
- Piotnet Addons For Elementor
- Plugin Slug:
- piotnet-addons-for-elementor
- Installations
- 40,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.4.31
- Severity Score:
- Medium
- CVE:
- 2024-5502
Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker
- Plugin Slug:
- quiz-master-next
- Installations
- 40,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 9.1.1
- Severity Score:
- Medium
- CVE:
- 2024-6879
WP Last Modified Info
- Plugin:
- WP Last Modified Info
- Plugin Slug:
- wp-last-modified-info
- Installations
- 40,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.9.1
- Severity Score:
- Medium
- CVE:
- 2024-6864
Image Hotspot by DevVN
- Plugin:
- Image Hotspot by DevVN
- Plugin Slug:
- devvn-image-hotspot
- Installations
- 30,000+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 1.2.6
- Severity Score:
- High
- CVE:
- 2024-7656
Gutenverse – Blocks and Website Builder for Site Editor
- Plugin Slug:
- gutenverse
- Installations
- 30,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.0.0
- Severity Score:
- Medium
- CVE:
- 2024-43920
Simple Job Board
- Plugin:
- Simple Job Board
- Plugin Slug:
- simple-job-board
- Installations
- 20,000+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 2.12.4
- Severity Score:
- High
- CVE:
- 2024-7351
140+ Widgets | Xpro Addons For Elementor – FREE
- Plugin Slug:
- xpro-elementor-addons
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.4.4.4
- Severity Score:
- Medium
- CVE:
- 2024-7791
Generate Images – Magic Post Thumbnail
- Plugin Slug:
- magic-post-thumbnail
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.2.10
- Severity Score:
- High
- CVE:
- 2024-43921
WooCommerce Google Feed Manager
- Plugin:
- WooCommerce Google Feed Manager
- Plugin Slug:
- wp-product-feed-manager
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.9.0
- Severity Score:
- Medium
WooCommerce Google Feed Manager
- Plugin:
- WooCommerce Google Feed Manager
- Plugin Slug:
- wp-product-feed-manager
- Installations
- 10,000+
- Vulnerability:
- Arbitrary File Deletion
- Patched in Version:
- 2.9.0
- Severity Score:
- High
- CVE:
- 2024-7258
BP Profile Search
- Plugin:
- BP Profile Search
- Plugin Slug:
- bp-profile-search
- Installations
- 8,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 5.8
- Severity Score:
- High
- CVE:
- 2024-7850
AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress
- Plugin Slug:
- acymailing
- Installations
- 7,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 9.8.0
- Severity Score:
- High
- CVE:
- 2024-7384
Themify Builder
- Plugin:
- Themify Builder
- Plugin Slug:
- themify-builder
- Installations
- 7,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 7.6.2
- Severity Score:
- Medium
- CVE:
- 2024-7836
Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder
- Plugin Slug:
- bit-form
- Installations
- 6,000+
- Vulnerability:
- Arbitrary File Download
- Patched in Version:
- 2.13.10
- Severity Score:
- High
- CVE:
- 2024-7777
Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder
- Plugin Slug:
- bit-form
- Installations
- 6,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.13.10
- Severity Score:
- Medium
- CVE:
- 2024-7775
Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder
- Plugin Slug:
- bit-form
- Installations
- 6,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 2.13.10
- Severity Score:
- High
- CVE:
- 2024-7702
Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder
- Plugin Slug:
- bit-form
- Installations
- 6,000+
- Vulnerability:
- Arbitrary File Deletion
- Patched in Version:
- 2.13.5
- Severity Score:
- Medium
- CVE:
- 2024-7782
WP Delicious – Recipe Plugin for Food Bloggers (formerly Delicious Recipes)
- Plugin Slug:
- delicious-recipes
- Installations
- 5,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.6.8
- Severity Score:
- Medium
- CVE:
- 2024-43935
GEO my WP
Logo Showcase Ultimate – Logo Carousel, Logo Slider & Logo Grid
- Plugin Slug:
- logo-showcase-ultimate
- Installations
- 5,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.4.2
- Severity Score:
- Medium
- CVE:
- 2024-8046
Shopping Cart & eCommerce Store
- Plugin:
- Shopping Cart & eCommerce Store
- Plugin Slug:
- wp-easycart
- Installations
- 5,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 5.7.3
- Severity Score:
- High
- CVE:
- 2024-7827
WPMobile.App — Android and iOS Mobile Application
- Plugin Slug:
- wpappninja
- Installations
- 5,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 11.49
- Severity Score:
- Medium
- CVE:
- 2024-43933
WP Crowdfunding
- Plugin:
- WP Crowdfunding
- Plugin Slug:
- wp-crowdfunding
- Installations
- 4,000+
- Vulnerability:
- Settings Change
- Patched in Version:
- 2.1.11
- Severity Score:
- Medium
- CVE:
- 2024-43937
Collapsing Archives
- Plugin:
- Collapsing Archives
- Plugin Slug:
- collapsing-archives
- Installations
- 3,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.0.6
- Severity Score:
- Medium
- CVE:
- 2024-43934
Name Directory
- Plugin:
- Name Directory
- Plugin Slug:
- name-directory
- Installations
- 3,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.29.1
- Severity Score:
- Medium
- CVE:
- 2024-43938
LH Add Media From Url
- Plugin:
- LH Add Media From Url
- Plugin Slug:
- lh-add-media-from-url
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.30
- Severity Score:
- High
- CVE:
- 2024-7090
WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin
- Plugin Slug:
- timetics
- Installations
- 2,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 1.0.24
- Severity Score:
- Medium
- CVE:
- 2024-43923
Event Espresso – Event Registration & Ticketing Sales
- Plugin Slug:
- event-espresso-decaf
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 5.0.22.decaf
- Severity Score:
- Medium
- CVE:
- 2024-6883
ImageRecycle pdf & image compression
- Plugin Slug:
- imagerecycle-pdf-image-compression
- Installations
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 3.1.15
- Severity Score:
- Medium
- CVE:
- 2024-8120
ImageRecycle pdf & image compression
- Plugin Slug:
- imagerecycle-pdf-image-compression
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.1.15
- Severity Score:
- Medium
- CVE:
- 2024-6631
Image Optimizer, Resizer and CDN – Sirv
- Plugin Slug:
- sirv
- Installations
- 1,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 7.2.8
- Severity Score:
- Critical
User Private Files – Upload and Share Files with Secure WordPress File Manager
- Plugin Slug:
- user-private-files
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.1.1
- Severity Score:
- Medium
- CVE:
- 2024-7848
Zephyr Project Manager
- Plugin:
- Zephyr Project Manager
- Plugin Slug:
- zephyr-project-manager
- Installations
- 1,000+
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- 3.3.103
- Severity Score:
- Medium
- CVE:
- 2024-43916
Zephyr Project Manager
- Plugin:
- Zephyr Project Manager
- Plugin Slug:
- zephyr-project-manager
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.3.103
- Severity Score:
- Medium
- CVE:
- 2024-43915
Favicon Generator (CLOSED)
- Plugin:
- Favicon Generator (CLOSED)
- Plugin Slug:
- favicon-generator
- Installations
- 300+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.1
- Severity Score:
- Critical
- CVE:
- 2024-7568
Chatbot with ChatGPT WordPress
- Plugin:
- Chatbot with ChatGPT WordPress
- Plugin Slug:
- smartsearchwp
- Installations
- 40+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 2.4.5
- Severity Score:
- Critical
- CVE:
- 2024-6847
Chatbot with ChatGPT WordPress
- Plugin:
- Chatbot with ChatGPT WordPress
- Plugin Slug:
- smartsearchwp
- Installations
- 40+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.4.5
- Severity Score:
- High
- CVE:
- 2024-6843
Greenshift Query and Meta Addon
- Plugin:
- Greenshift Query and Meta Addon
- Plugin Slug:
- greenshiftquery
- Vulnerability:
- SQL Injection
- Patched in Version:
- 3.9.2
- Severity Score:
- High
- CVE:
- 2024-43942
Greenshift Woocommerce Addon
- Plugin:
- Greenshift Woocommerce Addon
- Plugin Slug:
- greenshiftwoo
- Vulnerability:
- SQL Injection
- Patched in Version:
- 1.9.8
- Severity Score:
- High
- CVE:
- 2024-43943
Oxygen Builder
- Plugin:
- Oxygen Builder
- Plugin Slug:
- oxygenbuilder
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.9
- Severity Score:
- Medium
- CVE:
- 2024-6688
Multilingual CMS
- Plugin:
- Multilingual CMS
- Plugin Slug:
- sitepress-multilingual-cms
- Vulnerability:
- Remote Code Execution (RCE)
- Patched in Version:
- 4.6.13
- Severity Score:
- Critical
- CVE:
- 2024-6386
WBW Product Table PRO
- Plugin:
- WBW Product Table PRO
- Plugin Slug:
- woo-producttables-pro
- Vulnerability:
- SQL Injection
- Patched in Version:
- 1.9.5
- Severity Score:
- Critical
- CVE:
- 2024-43918
WP Armour Extended
- Plugin:
- WP Armour Extended
- Plugin Slug:
- wp-armour-extended
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.32
- Severity Score:
- High
- CVE:
- 2024-43948
WP Armour Extended
- Plugin:
- WP Armour Extended
- Plugin Slug:
- wp-armour-extended
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.32
- Severity Score:
- Medium
- CVE:
- 2024-43947
File Manager Pro
- Plugin:
- File Manager Pro
- Plugin Slug:
- wp-file-manager-pro
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 8.3.8
- Severity Score:
- Critical
- CVE:
- 2024-7559
JobSearch
- Plugin:
- JobSearch
- Plugin Slug:
- wp-jobsearch
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 2.5.4
- Severity Score:
- Critical
- CVE:
- 2024-43931
JobSearch
- Plugin:
- JobSearch
- Plugin Slug:
- wp-jobsearch
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.5.4
- Severity Score:
- Medium
- CVE:
- 2024-43930
JobSearch
- Plugin:
- JobSearch
- Plugin Slug:
- wp-jobsearch
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.5.6
- Severity Score:
- Medium
- CVE:
- 2024-43929
JobSearch
- Plugin:
- JobSearch
- Plugin Slug:
- wp-jobsearch
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.5.6
- Severity Score:
- Medium
- CVE:
- 2024-43928
WordPress Themes — 1 Patched / 3 Unpatched
Esotera
- Theme:
- Esotera
- Theme Slug:
- esotera
- Downloads
- 59,465
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-43952
IntoTheDark
- Theme:
- IntoTheDark
- Theme Slug:
- intothedark
- Downloads
- 1,994
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-43958
Tempera
- Theme:
- Tempera
- Theme Slug:
- tempera
- Downloads
- 703,425
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-43951
Phlox PRO
- Theme:
- Phlox PRO
- Theme Slug:
- phlox-pro
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.16.5
- Severity Score:
- High
- CVE:
- 2024-6339
Solid Security is part of Solid Suite — The best foundation for WordPress websites.
Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!
Join us for the next Solid Academy Webinar!
Free weekly webinars that will help you master WordPress and increase your business's bottom line.
What is a WordPress Phishing Attack?
Learn how to identify and prevent phishing attacks on WordPress websites.
Kiki SheldonWebsite Protection: 5 Ways to Keep Your Website Safe
Robust website protection is the shield that stands between your business and relentless cyber attacks. Prioritizing website protection enables businesses to fortify defenses to safeguard their online presence and preserve the trust of their customers in the face of ever-evolving cybersecurity threats.
Kiki Sheldon23 Ideas To Grow Your WordPress Business in 2023
WordPress is the most popular website-building platform worldwide, trusted by numerous brands. WordPress enables you to build a user-friendly and highly reliable site, together with tools and plugins to enhance your marketing and work like a lead magnet. All these features make WordPress the platform chosen by more than 43% of businesses globally.
SolidWP Editorial TeamSign up now — Get SolidWP updates and valuable content straight to your inbox
Sign up
Placeholder text
Placeholder text
Get started with confidence — risk free, guaranteed
