WordPress Vulnerability Report

WordPress Vulnerability Report — November 13, 2024

This last week, 323 new plugin and theme vulnerabilities emerged in the WordPress ecosystem. 228 of the vulnerable plugins and themes remain unpatched, but Solid Security Pro users are protected by virtual patching from Patchstack.

Sarah

Published:Nov 13, 2024

Filed Under:WordPress Vulnerability Report

Reading Time:54 min.

In this report, 323 vulnerabilities have been publicly disclosed. Security patches for 95 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 228 plugin and theme vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

Along with poor user account security, vulnerable plugins and themes are among the top reasons why WordPress websites get hacked. Unfortunately, cyberattacks are increasing in volume and sophistication. They’re also increasingly aimed at small to mid-sized businesses.

Our WordPress Vulnerability Report covers the latest emerging WordPress plugin, theme, and core vulnerabilities. Each vulnerability will have a severity rating of LowMediumHigh, or Critical. Responsible disclosure of vulnerabilities is essential to keeping the WordPress community safe. Please share this report to help spread the word and make WordPress — and the web — more secure.

WordPress Core

WordPress 6.7, code-named “Rollins,” is out now, paying tribute to the legendary jazz saxophonist Sonny Rollins. WordPress 6.7 debuts the modern Twenty Twenty-Five theme, offering design flexibility for blogs.

No new core vulnerabilities were disclosed this week.

WordPress Plugins — 92 Patched / 226 Unpatched

Team Member – Multi Language Supported Team Plugin

Plugin:
Team Member – Multi Language Supported Team Plugin
Plugin Slug:
team-showcase-supreme
Installations
8,000+
Vulnerability:
Local File Inclusion
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-52385
The vulnerability has not been patched. You should deactivate the plugin.

Post From Frontend

Plugin:
Post From Frontend
Plugin Slug:
post-from-frontend
Installations
10+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-9689
The vulnerability has not been patched. You should deactivate the plugin.

AA Audio Player

Plugin:
AA Audio Player
Plugin Slug:
aa-audio-player
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-52348
The vulnerability has not been patched. You should deactivate the plugin.

Bing Search API Integration

Plugin:
Bing Search API Integration
Plugin Slug:
abbs-bing-search
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51692
The vulnerability has not been patched. You should deactivate the plugin.

AchillesTheme-shortcodes

Plugin:
AchillesTheme-shortcodes
Plugin Slug:
achilles-shortcodes
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51878
The vulnerability has not been patched. You should deactivate the plugin.

Add Ribbon Shortcode

Plugin:
Add Ribbon Shortcode
Plugin Slug:
add-ribbon
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51823
The vulnerability has not been patched. You should deactivate the plugin.

Advanced Video Player with Analytics

Plugin:
Advanced Video Player with Analytics
Plugin Slug:
advanced-video-player-with-analytics
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51824
The vulnerability has not been patched. You should deactivate the plugin.

Adventure Bucket List

Plugin:
Adventure Bucket List
Plugin Slug:
adventure-bucket-list
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51908
The vulnerability has not been patched. You should deactivate the plugin.

AgendaPress – Easily Publish Meeting Agendas and Programs on WordPress

Plugin:
AgendaPress – Easily Publish Meeting Agendas and Programs on WordPress
Plugin Slug:
agendapress
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51807
The vulnerability has not been patched. You should deactivate the plugin.

Sage AI: Chatbots, OpenAI GPT-4 Bulk Articles, Dalle-3 Image Generation

Plugin:
Sage AI: Chatbots, OpenAI GPT-4 Bulk Articles, Dalle-3 Image Generation
Plugin Slug:
ai-content-generator
Vulnerability:
Arbitrary File Upload
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2024-52384
The vulnerability has not been patched. You should deactivate the plugin.

Instant Image Generator

Plugin:
Instant Image Generator
Plugin Slug:
ai-image
Vulnerability:
Arbitrary File Upload
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2024-52377
The vulnerability has not been patched. You should deactivate the plugin.

Ajax Content Filter

Plugin:
Ajax Content Filter
Plugin Slug:
ajax-content-filter
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51717
The vulnerability has not been patched. You should deactivate the plugin.

Alert Me!

Plugin:
Alert Me!
Plugin Slug:
alert-me
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51825
The vulnerability has not been patched. You should deactivate the plugin.

EleForms

Plugin:
EleForms
Plugin Slug:
all-contact-form-integration-for-elementor
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-6626
The vulnerability has not been patched. You should deactivate the plugin.

Assist24 Help Desk

Plugin:
Assist24 Help Desk
Plugin Slug:
assist24it
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51910
The vulnerability has not been patched. You should deactivate the plugin.

Audio Record

Plugin:
Audio Record
Plugin Slug:
audio-record
Vulnerability:
Arbitrary File Upload
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2024-51792
The vulnerability has not been patched. You should deactivate the plugin.

audioCase

Plugin:
audioCase
Plugin Slug:
audiocase
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51909
The vulnerability has not been patched. You should deactivate the plugin.

Awesome Fitness Testimonials

Plugin:
Awesome Fitness Testimonials
Plugin Slug:
awesome-fitness-testimonials
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51806
The vulnerability has not been patched. You should deactivate the plugin.

Awesome Tool Tip

Plugin:
Awesome Tool Tip
Plugin Slug:
awesome-tool-tip
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-52349
The vulnerability has not been patched. You should deactivate the plugin.

AzonBox

Plugin:
AzonBox
Plugin Slug:
azonbox
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51931
The vulnerability has not been patched. You should deactivate the plugin.

Bamboo Enquiries

Plugin:
Bamboo Enquiries
Plugin Slug:
bamboo-enquiries
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51859
The vulnerability has not been patched. You should deactivate the plugin.

Banner System

Plugin:
Banner System
Plugin Slug:
banner-system
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51816
The vulnerability has not been patched. You should deactivate the plugin.

Be Shortcodes

Plugin:
Be Shortcodes
Plugin Slug:
be-shortcodes
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51881
The vulnerability has not been patched. You should deactivate the plugin.

Beacon For Help Scout

Plugin:
Beacon For Help Scout
Plugin Slug:
beacon-for-helpscout
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51828
The vulnerability has not been patched. You should deactivate the plugin.

BeBetter Social Icons

Plugin:
BeBetter Social Icons
Plugin Slug:
bebetter-social-icons
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51880
The vulnerability has not been patched. You should deactivate the plugin.

best bootstrap widgets for elementor

Plugin:
best bootstrap widgets for elementor
Plugin Slug:
best-bootstrap-widgets-for-elementor
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51851
The vulnerability has not been patched. You should deactivate the plugin.

Bg Patriarchia BU

Plugin:
Bg Patriarchia BU
Plugin Slug:
bg-patriarchia-bu
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51799
The vulnerability has not been patched. You should deactivate the plugin.

Bitcoin Payments

Plugin:
Bitcoin Payments
Plugin Slug:
bitcoin-payments
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51826
The vulnerability has not been patched. You should deactivate the plugin.

Blocks Post Grid

Plugin:
Blocks Post Grid
Plugin Slug:
blocks-post-grid
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51928
The vulnerability has not been patched. You should deactivate the plugin.

Boat Rental Plugin for WordPress

Plugin:
Boat Rental Plugin for WordPress
Plugin Slug:
boat-rental-system
Vulnerability:
Arbitrary File Upload
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2024-52376
The vulnerability has not been patched. You should deactivate the plugin.

Boombox Shortcode

Plugin:
Boombox Shortcode
Plugin Slug:
boombox-shortcode
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51827
The vulnerability has not been patched. You should deactivate the plugin.

Brand my Footer

Plugin:
Brand my Footer
Plugin Slug:
brand-my-footer
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51801
The vulnerability has not been patched. You should deactivate the plugin.

Bread & Butter

Plugin:
Bread & Butter
Plugin Slug:
bread-butter
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51802
The vulnerability has not been patched. You should deactivate the plugin.

Browsing History

Plugin:
Browsing History
Plugin Slug:
browsing-history
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51885
The vulnerability has not been patched. You should deactivate the plugin.

BU Slideshow

Plugin:
BU Slideshow
Plugin Slug:
bu-slideshow
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-52351
The vulnerability has not been patched. You should deactivate the plugin.

Buooy Sticky Header

Plugin:
Buooy Sticky Header
Plugin Slug:
buooy-sticky-header
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51699
The vulnerability has not been patched. You should deactivate the plugin.

CE21 Suite

Plugin:
CE21 Suite
Plugin Slug:
ce21-suite
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-10294
The vulnerability has not been patched. You should deactivate the plugin.

CE21 Suite

Plugin:
CE21 Suite
Plugin Slug:
ce21-suite
Vulnerability:
Sensitive Data Exposure
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2024-10285
The vulnerability has not been patched. You should deactivate the plugin.

CF7 WOW Styler

Plugin:
CF7 WOW Styler
Plugin Slug:
cf7-styler
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51689
The vulnerability has not been patched. You should deactivate the plugin.

Charity Addon for Elementor

Plugin:
Charity Addon for Elementor
Plugin Slug:
charity-addon-for-elementor
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51938
The vulnerability has not been patched. You should deactivate the plugin.

codeSnips

Plugin:
codeSnips
Plugin Slug:
codesnips
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51808
The vulnerability has not been patched. You should deactivate the plugin.

Smooth Maps

Plugin:
Smooth Maps
Plugin Slug:
colour-smooth-maps
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51901
The vulnerability has not been patched. You should deactivate the plugin.

Combo WP Rewrite Slugs

Plugin:
Combo WP Rewrite Slugs
Plugin Slug:
combo-wp-rewrite-slugs
Vulnerability:
Settings Change
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51817
The vulnerability has not been patched. You should deactivate the plugin.

Community Yard Sale

Plugin:
Community Yard Sale
Plugin Slug:
community-yard-sale
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51846
The vulnerability has not been patched. You should deactivate the plugin.

Computer Repair Shop

Plugin:
Computer Repair Shop
Plugin Slug:
computer-repair-shop
Vulnerability:
Arbitrary File Upload
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2024-51793
The vulnerability has not been patched. You should deactivate the plugin.

WP Virtual Room Configurator

Plugin:
WP Virtual Room Configurator
Plugin Slug:
configure-conference-room
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51907
The vulnerability has not been patched. You should deactivate the plugin.

Content Syndication Toolkit Reader

Plugin:
Content Syndication Toolkit Reader
Plugin Slug:
content-syndication-toolkit-reader
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51696
The vulnerability has not been patched. You should deactivate the plugin.

Conversion Helper

Plugin:
Conversion Helper
Plugin Slug:
conversion-helper
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-10676
The vulnerability has not been patched. You should deactivate the plugin.

Cowidgets – Elementor Addons

Plugin:
Cowidgets – Elementor Addons
Plugin Slug:
cowidgets-elementor-addons
Vulnerability:
Sensitive Data Exposure
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-10779
The vulnerability has not been patched. You should deactivate the plugin.

Cowidgets – Elementor Addons

Plugin:
Cowidgets – Elementor Addons
Plugin Slug:
cowidgets-elementor-addons
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-8960
The vulnerability has not been patched. You should deactivate the plugin.

Custom Dashboard Widget

Plugin:
Custom Dashboard Widget
Plugin Slug:
create-custom-dashboard-widget
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51860
The vulnerability has not been patched. You should deactivate the plugin.

Creative Blocks

Plugin:
Creative Blocks
Plugin Slug:
creative-blocks
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51822
The vulnerability has not been patched. You should deactivate the plugin.

CRM 2go

Plugin:
CRM 2go
Plugin Slug:
crm2go
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-52350
The vulnerability has not been patched. You should deactivate the plugin.

Custom URL Shortener

Plugin:
Custom URL Shortener
Plugin Slug:
custom-url-shorter
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51930
The vulnerability has not been patched. You should deactivate the plugin.

Daily Image

Plugin:
Daily Image
Plugin Slug:
daily-image
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51776
The vulnerability has not been patched. You should deactivate the plugin.

Dashing Memberships

Plugin:
Dashing Memberships
Plugin Slug:
dashing-memberships
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51760
The vulnerability has not been patched. You should deactivate the plugin.

Datasets Manager by Arttia Creative

Plugin:
Datasets Manager by Arttia Creative
Plugin Slug:
datasets-manager-by-arttia-creative
Vulnerability:
Arbitrary File Upload
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2024-52375
The vulnerability has not been patched. You should deactivate the plugin.

Debug Tool

Plugin:
Debug Tool
Plugin Slug:
debug-tool
Vulnerability:
Arbitrary File Upload
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2024-10586
The vulnerability has not been patched. You should deactivate the plugin.

Devexhub Gallery

Plugin:
Devexhub Gallery
Plugin Slug:
devexhub-gallery
Vulnerability:
Arbitrary File Upload
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2024-52373
The vulnerability has not been patched. You should deactivate the plugin.

DigiPass

Plugin:
DigiPass
Plugin Slug:
digipass
Vulnerability:
Arbitrary File Download
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-52378
The vulnerability has not been patched. You should deactivate the plugin.

Do That Task

Plugin:
Do That Task
Plugin Slug:
do-that-task
Vulnerability:
Arbitrary File Upload
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2024-52374
The vulnerability has not been patched. You should deactivate the plugin.

Don’t Break The Code

Plugin:
Don’t Break The Code
Plugin Slug:
dont-break-the-code
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51779
The vulnerability has not been patched. You should deactivate the plugin.

Doofinder

Plugin:
Doofinder
Plugin Slug:
doofinder
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51697
The vulnerability has not been patched. You should deactivate the plugin.

drop in image slideshow gallery

Plugin:
drop in image slideshow gallery
Plugin Slug:
drop-in-image-slideshow-gallery
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51914
The vulnerability has not been patched. You should deactivate the plugin.

DuoGeek Blocks

Plugin:
DuoGeek Blocks
Plugin Slug:
duogeek-blocks
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51868
The vulnerability has not been patched. You should deactivate the plugin.

Easy CSV Importer BETA

Plugin:
Easy CSV Importer BETA
Plugin Slug:
easy-csv-importer
Vulnerability:
Arbitrary File Upload
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2024-52372
The vulnerability has not been patched. You should deactivate the plugin.

Easy Social Sharebar

Plugin:
Easy Social Sharebar
Plugin Slug:
easy-social-sharebar
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51833
The vulnerability has not been patched. You should deactivate the plugin.

eewee admin custom

Plugin:
eewee admin custom
Plugin Slug:
eewee-admincustom
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51780
The vulnerability has not been patched. You should deactivate the plugin.

Ekiline Block Collection

Plugin:
Ekiline Block Collection
Plugin Slug:
ekiline-block-collection
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51934
The vulnerability has not been patched. You should deactivate the plugin.

Embed documents shortcode

Plugin:
Embed documents shortcode
Plugin Slug:
embed-documents-shortcode
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51904
The vulnerability has not been patched. You should deactivate the plugin.

ESB Testimonials

Plugin:
ESB Testimonials
Plugin Slug:
esb-testimonials
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51936
The vulnerability has not been patched. You should deactivate the plugin.

Fabrica Synced Pattern Instances

Plugin:
Fabrica Synced Pattern Instances
Plugin Slug:
fabrica-reusable-block-instances
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51695
The vulnerability has not been patched. You should deactivate the plugin.

Faltu Testimonial Rotator

Plugin:
Faltu Testimonial Rotator
Plugin Slug:
faltu-testimonial-rotator
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51853
The vulnerability has not been patched. You should deactivate the plugin.

Fancy User List

Plugin:
Fancy User List
Plugin Slug:
fancy-user-listing
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51889
The vulnerability has not been patched. You should deactivate the plugin.

Fast Video and Image Display

Plugin:
Fast Video and Image Display
Plugin Slug:
fast-video-and-image-display
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51935
The vulnerability has not been patched. You should deactivate the plugin.

Featured product by category name

Plugin:
Featured product by category name
Plugin Slug:
featured-product-by-category-name
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51911
The vulnerability has not been patched. You should deactivate the plugin.

File Select Control For Elementor

Plugin:
File Select Control For Elementor
Plugin Slug:
file-select-control-for-elementor
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51841
The vulnerability has not been patched. You should deactivate the plugin.

Firework Shoppable Live Video

Plugin:
Firework Shoppable Live Video
Plugin Slug:
firework-videos
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51781
The vulnerability has not been patched. You should deactivate the plugin.

Forms: 3rd-Party Post Again

Plugin:
Forms: 3rd-Party Post Again
Plugin Slug:
forms-3rdparty-post-again
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51783
The vulnerability has not been patched. You should deactivate the plugin.

FriendStore for WooCommerce

Plugin:
FriendStore for WooCommerce
Plugin Slug:
friendstore-for-woocommerce
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51784
The vulnerability has not been patched. You should deactivate the plugin.

Horsemanager

Plugin:
Horsemanager
Plugin Slug:
fruitcake-horsemanager
Vulnerability:
SQL Injection
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51843
The vulnerability has not been patched. You should deactivate the plugin.

Gboy Custom Google Map

Plugin:
Gboy Custom Google Map
Plugin Slug:
gboy-custom-google-map
Vulnerability:
SQL Injection
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51882
The vulnerability has not been patched. You should deactivate the plugin.

Geoportail Shortcode

Plugin:
Geoportail Shortcode
Plugin Slug:
geoportail-shortcode
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51890
The vulnerability has not been patched. You should deactivate the plugin.

Geotagged Media

Plugin:
Geotagged Media
Plugin Slug:
geotagged-media
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51694
The vulnerability has not been patched. You should deactivate the plugin.

Global Gateway e4 | Payeezy Gateway |

Plugin:
Global Gateway e4 | Payeezy Gateway |
Plugin Slug:
globe-gateway-e4
Vulnerability:
Arbitrary File Deletion
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-52371
The vulnerability has not been patched. You should deactivate the plugin.

Google Visualization Charts

Plugin:
Google Visualization Charts
Plugin Slug:
google-visualization-charts
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51862
The vulnerability has not been patched. You should deactivate the plugin.

GreenCon

Plugin:
GreenCon
Plugin Slug:
greencon
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51926
The vulnerability has not been patched. You should deactivate the plugin.

WoW Guild Armory Roster

Plugin:
WoW Guild Armory Roster
Plugin Slug:
guild-armory-roster
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51850
The vulnerability has not been patched. You should deactivate the plugin.

Gutenium Blocks

Plugin:
Gutenium Blocks
Plugin Slug:
gutenium
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51869
The vulnerability has not been patched. You should deactivate the plugin.

Satisfaction Reports from Help Scout

Plugin:
Satisfaction Reports from Help Scout
Plugin Slug:
happiness-reports-for-help-scout
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51778
The vulnerability has not been patched. You should deactivate the plugin.

HB AUDIO GALLERY

Plugin:
HB AUDIO GALLERY
Plugin Slug:
hb-audio-gallery
Vulnerability:
Arbitrary File Upload
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2024-51790
The vulnerability has not been patched. You should deactivate the plugin.

Hola Free Video Player

Plugin:
Hola Free Video Player
Plugin Slug:
hola-free-video-player
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51854
The vulnerability has not been patched. You should deactivate the plugin.

HQ60 Fidelity Card

Plugin:
HQ60 Fidelity Card
Plugin Slug:
hq60-fidelity-card
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51713
The vulnerability has not been patched. You should deactivate the plugin.

I Plant A Tree

Plugin:
I Plant A Tree
Plugin Slug:
i-plant-a-tree
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51883
The vulnerability has not been patched. You should deactivate the plugin.

IA Map Analytics Basic

Plugin:
IA Map Analytics Basic
Plugin Slug:
ia-map-analytics-basic
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51937
The vulnerability has not been patched. You should deactivate the plugin.

Icon Widget

Plugin:
Icon Widget
Plugin Slug:
icon-widget-with-links
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51929
The vulnerability has not been patched. You should deactivate the plugin.

Image Carousel Shortcode

Plugin:
Image Carousel Shortcode
Plugin Slug:
image-carousel-shortcode
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51842
The vulnerability has not been patched. You should deactivate the plugin.

Image Classify

Plugin:
Image Classify
Plugin Slug:
image-classify
Vulnerability:
Arbitrary File Upload
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2024-51789
The vulnerability has not been patched. You should deactivate the plugin.

Inline Click To Tweet

Plugin:
Inline Click To Tweet
Plugin Slug:
inline-click-to-tweet
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51803
The vulnerability has not been patched. You should deactivate the plugin.

IntelliWidget Elements

Plugin:
IntelliWidget Elements
Plugin Slug:
intelliwidget-elements
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51912
The vulnerability has not been patched. You should deactivate the plugin.

Jigoshop – Store Toolkit

Plugin:
Jigoshop – Store Toolkit
Plugin Slug:
jigoshop-store-toolkit
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51712
The vulnerability has not been patched. You should deactivate the plugin.

KBucket

Plugin:
KBucket
Plugin Slug:
kbucket
Vulnerability:
Arbitrary File Upload
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2024-52369
The vulnerability has not been patched. You should deactivate the plugin.

Keymaster Chord Notation Free

Plugin:
Keymaster Chord Notation Free
Plugin Slug:
keymaster-chord-notation-free
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51809
The vulnerability has not been patched. You should deactivate the plugin.

Kings Tab Slider

Plugin:
Kings Tab Slider
Plugin Slug:
kings-tab-slider
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51932
The vulnerability has not been patched. You should deactivate the plugin.

L Squared Hub WP

Plugin:
L Squared Hub WP
Plugin Slug:
l-squared-hub-wp-virtual-device
Vulnerability:
SQL Injection
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51820
The vulnerability has not been patched. You should deactivate the plugin.

Lenxel Core for Lenxel(LNX) LMS

Plugin:
Lenxel Core for Lenxel(LNX) LMS
Plugin Slug:
lenxel-core
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-9270
The vulnerability has not been patched. You should deactivate the plugin.

Location Click Map

Plugin:
Location Click Map
Plugin Slug:
location-click-map
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51844
The vulnerability has not been patched. You should deactivate the plugin.

Loginplus

Plugin:
Loginplus
Plugin Slug:
loginplus
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51782
The vulnerability has not been patched. You should deactivate the plugin.

Luzuk Slider

Plugin:
Luzuk Slider
Plugin Slug:
luzuk-slider
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51834
The vulnerability has not been patched. You should deactivate the plugin.

Luzuk Team

Plugin:
Luzuk Team
Plugin Slug:
luzuk-team
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51871
The vulnerability has not been patched. You should deactivate the plugin.

Luzuk Testimonials

Plugin:
Luzuk Testimonials
Plugin Slug:
luzuk-testimonials
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51872
The vulnerability has not been patched. You should deactivate the plugin.

Mage Front End Forms

Plugin:
Mage Front End Forms
Plugin Slug:
mage-forms
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-52339
The vulnerability has not been patched. You should deactivate the plugin.

Magic Slider

Plugin:
Magic Slider
Plugin Slug:
magic-slider
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51896
The vulnerability has not been patched. You should deactivate the plugin.

Map Store Locator

Plugin:
Map Store Locator
Plugin Slug:
map-store-location
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51920
The vulnerability has not been patched. You should deactivate the plugin.

Mapme

Plugin:
Mapme
Plugin Slug:
mapme
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51913
The vulnerability has not been patched. You should deactivate the plugin.

Master Bar

Plugin:
Master Bar
Plugin Slug:
master-bar
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51698
The vulnerability has not been patched. You should deactivate the plugin.

MDC YouTube Downloader

Plugin:
MDC YouTube Downloader
Plugin Slug:
mdc-youtube-downloader
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51875
The vulnerability has not been patched. You should deactivate the plugin.

Matix Popup Builder

Plugin:
Matix Popup Builder
Plugin Slug:
medma-matix
Vulnerability:
Privilege Escalation
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2024-52382
The vulnerability has not been patched. You should deactivate the plugin.

mFolio Lite

Plugin:
mFolio Lite
Plugin Slug:
mfolio-lite
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2024-9307
The vulnerability has not been patched. You should deactivate the plugin.

MG Post Contributors

Plugin:
MG Post Contributors
Plugin Slug:
mg-post-contributors
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51701
The vulnerability has not been patched. You should deactivate the plugin.

Minical Hotel Booking Plugin

Plugin:
Minical Hotel Booking Plugin
Plugin Slug:
minical
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51895
The vulnerability has not been patched. You should deactivate the plugin.

Mobile Kiosk

Plugin:
Mobile Kiosk
Plugin Slug:
mobile-kiosk
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51829
The vulnerability has not been patched. You should deactivate the plugin.

Moka Get Posts Shortcode

Plugin:
Moka Get Posts Shortcode
Plugin Slug:
moka-get-posts
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51804
The vulnerability has not been patched. You should deactivate the plugin.

Moose Elementor Kit

Plugin:
Moose Elementor Kit
Plugin Slug:
moose-elementor-kit
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51856
The vulnerability has not been patched. You should deactivate the plugin.

Multi-day Booking Calendar

Plugin:
Multi-day Booking Calendar
Plugin Slug:
multi-day-booking-calendar
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51873
The vulnerability has not been patched. You should deactivate the plugin.

Multifox Plus

Plugin:
Multifox Plus
Plugin Slug:
multifox-plus
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51916
The vulnerability has not been patched. You should deactivate the plugin.

Multiple Votes in one page

Plugin:
Multiple Votes in one page
Plugin Slug:
multiple-votes-in-one-page
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51917
The vulnerability has not been patched. You should deactivate the plugin.

My Restaurant Menu

Plugin:
My Restaurant Menu
Plugin Slug:
my-restaurant-menu
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51849
The vulnerability has not been patched. You should deactivate the plugin.

WP Responsive Video

Plugin:
WP Responsive Video
Plugin Slug:
my-wp-responsive-video
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51940
The vulnerability has not been patched. You should deactivate the plugin.

Narnoo Commerce Manager

Plugin:
Narnoo Commerce Manager
Plugin Slug:
narnoo-commerce-manager
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51708
The vulnerability has not been patched. You should deactivate the plugin.

News Articles

Plugin:
News Articles
Plugin Slug:
news-articles
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51897
The vulnerability has not been patched. You should deactivate the plugin.

News Ticker

Plugin:
News Ticker
Plugin Slug:
newsticker
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51830
The vulnerability has not been patched. You should deactivate the plugin.

The Novel Design Store Directory

Plugin:
The Novel Design Store Directory
Plugin Slug:
noveldesign-store-directory
Vulnerability:
Arbitrary File Upload
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2024-51788
The vulnerability has not been patched. You should deactivate the plugin.

NV Slider

Plugin:
NV Slider
Plugin Slug:
nv-slider
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51887
The vulnerability has not been patched. You should deactivate the plugin.

Official SalesWizard CRM Plugin

Plugin:
Official SalesWizard CRM Plugin
Plugin Slug:
official-saleswizard-crm
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51891
The vulnerability has not been patched. You should deactivate the plugin.

Olympus Shortcodes

Plugin:
Olympus Shortcodes
Plugin Slug:
olympus-shortcodes
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51857
The vulnerability has not been patched. You should deactivate the plugin.

OpenCart Product Display

Plugin:
OpenCart Product Display
Plugin Slug:
opencart-product-display
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51835
The vulnerability has not been patched. You should deactivate the plugin.

OS BXSlider

Plugin:
OS BXSlider
Plugin Slug:
os-bxslider
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-52342
The vulnerability has not been patched. You should deactivate the plugin.

OS Our Team

Plugin:
OS Our Team
Plugin Slug:
os-our-team
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-52341
The vulnerability has not been patched. You should deactivate the plugin.

OS Pricing Tables

Plugin:
OS Pricing Tables
Plugin Slug:
os-pricing-tables
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-52343
The vulnerability has not been patched. You should deactivate the plugin.

Parallaxer

Plugin:
Parallaxer
Plugin Slug:
parallaxer-lite-parallax-effects-on-images
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51848
The vulnerability has not been patched. You should deactivate the plugin.

ParOne Feeds

Plugin:
ParOne Feeds
Plugin Slug:
parone
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51874
The vulnerability has not been patched. You should deactivate the plugin.

Pay With Stripe

Plugin:
Pay With Stripe
Plugin Slug:
payments-stripe-gateway
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51918
The vulnerability has not been patched. You should deactivate the plugin.

Pdf Embedder Fay

Plugin:
Pdf Embedder Fay
Plugin Slug:
pdf-embedder-fay
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51795
The vulnerability has not been patched. You should deactivate the plugin.

Persian Nested Show/Hide Text

Plugin:
Persian Nested Show/Hide Text
Plugin Slug:
persian-nested-showhide-text
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51831
The vulnerability has not been patched. You should deactivate the plugin.

PF Timer

Plugin:
PF Timer
Plugin Slug:
pf-timer
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51863
The vulnerability has not been patched. You should deactivate the plugin.

Photographer Connections

Plugin:
Photographer Connections
Plugin Slug:
photographer-connections
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-52340
The vulnerability has not been patched. You should deactivate the plugin.

Picsmize

Plugin:
Picsmize
Plugin Slug:
picsmize
Vulnerability:
Arbitrary File Upload
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2024-52380
The vulnerability has not been patched. You should deactivate the plugin.

Plenigo

Plugin:
Plenigo
Plugin Slug:
plenigo
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51832
The vulnerability has not been patched. You should deactivate the plugin.

Popup Image

Plugin:
Popup Image
Plugin Slug:
popup-image
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51811
The vulnerability has not been patched. You should deactivate the plugin.

Postcasa Shortcode

Plugin:
Postcasa Shortcode
Plugin Slug:
postcasa
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-52352
The vulnerability has not been patched. You should deactivate the plugin.

Postify: Post Layout For Elementor

Plugin:
Postify: Post Layout For Elementor
Plugin Slug:
postify-for-elementor
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51893
The vulnerability has not been patched. You should deactivate the plugin.

Posts Filter

Plugin:
Posts Filter
Plugin Slug:
posts-filter
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51886
The vulnerability has not been patched. You should deactivate the plugin.

Posts Search

Plugin:
Posts Search
Plugin Slug:
posts-search
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51884
The vulnerability has not been patched. You should deactivate the plugin.

PropertyShift

Plugin:
PropertyShift
Plugin Slug:
propertyshift
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51762
The vulnerability has not been patched. You should deactivate the plugin.

Provide Forex Signals

Plugin:
Provide Forex Signals
Plugin Slug:
provide-forex-signals
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-52344
The vulnerability has not been patched. You should deactivate the plugin.

Pull This

Plugin:
Pull This
Plugin Slug:
pull-this
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51838
The vulnerability has not been patched. You should deactivate the plugin.

ra_qrcode

Plugin:
ra_qrcode
Plugin Slug:
ra-qrcode
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-52345
The vulnerability has not been patched. You should deactivate the plugin.

Relais 2FA

Plugin:
Relais 2FA
Plugin Slug:
relais-2fa
Vulnerability:
Broken Authentication
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2024-10245
The vulnerability has not been patched. You should deactivate the plugin.

Responsive Data Table

Plugin:
Responsive Data Table
Plugin Slug:
responsive-data-table
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51710
The vulnerability has not been patched. You should deactivate the plugin.

Share Buttons – Social Media

Plugin:
Share Buttons – Social Media
Plugin Slug:
rich-web-share-button
Vulnerability:
SQL Injection
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51845
The vulnerability has not been patched. You should deactivate the plugin.

Rig Elements For Elementor

Plugin:
Rig Elements For Elementor
Plugin Slug:
rig-elements
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51927
The vulnerability has not been patched. You should deactivate the plugin.

RSV 360 View

Plugin:
RSV 360 View
Plugin Slug:
rsv-360-view
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51906
The vulnerability has not been patched. You should deactivate the plugin.

RSV PDF Preview

Plugin:
RSV PDF Preview
Plugin Slug:
rsv-pdf-preview
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51905
The vulnerability has not been patched. You should deactivate the plugin.

Saragna

Plugin:
Saragna
Plugin Slug:
saragna-social-stream
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51711
The vulnerability has not been patched. You should deactivate the plugin.

scrollup

Plugin:
scrollup
Plugin Slug:
scrollup
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51921
The vulnerability has not been patched. You should deactivate the plugin.

Search order by product SKU for WooCommerce

Plugin:
Search order by product SKU for WooCommerce
Plugin Slug:
search-order-by-product-sku-for-woocommerce
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51693
The vulnerability has not been patched. You should deactivate the plugin.

Sell Media File with Stripe

Plugin:
Sell Media File with Stripe
Plugin Slug:
sell-media-file
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51892
The vulnerability has not been patched. You should deactivate the plugin.

Semantic Shortcode

Plugin:
Semantic Shortcode
Plugin Slug:
semantic-shortcode
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51898
The vulnerability has not been patched. You should deactivate the plugin.

Lewe Bootstrap Visuals

Plugin:
Lewe Bootstrap Visuals
Plugin Slug:
shortcode-bootstrap-visuals
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51810
The vulnerability has not been patched. You should deactivate the plugin.

Shortcode Collection

Plugin:
Shortcode Collection
Plugin Slug:
shortcode-collection
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51864
The vulnerability has not been patched. You should deactivate the plugin.

Redirecter

Plugin:
Redirecter
Plugin Slug:
shortcode-for-redirection
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51855
The vulnerability has not been patched. You should deactivate the plugin.

Simple Pricing Table

Plugin:
Simple Pricing Table
Plugin Slug:
simple-pricing-table
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51899
The vulnerability has not been patched. You should deactivate the plugin.

Simple Social Share Block

Plugin:
Simple Social Share Block
Plugin Slug:
simple-social-share-block
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51865
The vulnerability has not been patched. You should deactivate the plugin.

SimpleGMaps

Plugin:
SimpleGMaps
Plugin Slug:
simplegmaps
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-52346
The vulnerability has not been patched. You should deactivate the plugin.

Simple Modal

Plugin:
Simple Modal
Plugin Slug:
simplemodal
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51718
The vulnerability has not been patched. You should deactivate the plugin.

Simplistic SEO

Plugin:
Simplistic SEO
Plugin Slug:
simplistic-seo
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51719
The vulnerability has not been patched. You should deactivate the plugin.

Simpul Events by Esotech

Plugin:
Simpul Events by Esotech
Plugin Slug:
simpul-events-by-esotech
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51867
The vulnerability has not been patched. You should deactivate the plugin.

Social button

Plugin:
Social button
Plugin Slug:
social-button
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51866
The vulnerability has not been patched. You should deactivate the plugin.

Social Locker

Plugin:
Social Locker
Plugin Slug:
social-locker-content
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51858
The vulnerability has not been patched. You should deactivate the plugin.

Stylish Internal Links

Plugin:
Stylish Internal Links
Plugin Slug:
stylish-internal-links
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51939
The vulnerability has not been patched. You should deactivate the plugin.

Surbma | Font Awesome

Plugin:
Surbma | Font Awesome
Plugin Slug:
surbma-font-awesome
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51798
The vulnerability has not been patched. You should deactivate the plugin.

SV Forms

Plugin:
SV Forms
Plugin Slug:
sv-forms
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51877
The vulnerability has not been patched. You should deactivate the plugin.

SVT Simple

Plugin:
SVT Simple
Plugin Slug:
svt-simple
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51759
The vulnerability has not been patched. You should deactivate the plugin.

Table of Contents Plus

Plugin:
Table of Contents Plus
Plugin Slug:
table-of-contents-plus
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-5578
The vulnerability has not been patched. You should deactivate the plugin.

Team Showcase and Slider – Team Members Builder

Plugin:
Team Showcase and Slider – Team Members Builder
Plugin Slug:
team-showcase-ultimate
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51763
The vulnerability has not been patched. You should deactivate the plugin.

TeleAdmin

Plugin:
TeleAdmin
Plugin Slug:
teleadmin
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51709
The vulnerability has not been patched. You should deactivate the plugin.

Testimonial Slider Shortcode

Plugin:
Testimonial Slider Shortcode
Plugin Slug:
testimonial-slider-shortcode
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51925
The vulnerability has not been patched. You should deactivate the plugin.

Text Advertisements

Plugin:
Text Advertisements
Plugin Slug:
text-advertisements
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51879
The vulnerability has not been patched. You should deactivate the plugin.

Tigris Flexplatform

Plugin:
Tigris Flexplatform
Plugin Slug:
tigris-flexplatform
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51819
The vulnerability has not been patched. You should deactivate the plugin.

TinyCode

Plugin:
TinyCode
Plugin Slug:
tinycode
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51902
The vulnerability has not been patched. You should deactivate the plugin.

Topbar ID for Elementor

Plugin:
Topbar ID for Elementor
Plugin Slug:
topbar-id-for-elementor
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51894
The vulnerability has not been patched. You should deactivate the plugin.

Trendy Restaurant Menu

Plugin:
Trendy Restaurant Menu
Plugin Slug:
trendy-restaurant-menu
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51796
The vulnerability has not been patched. You should deactivate the plugin.

SrcSet Responsive Images for WordPress

Plugin:
SrcSet Responsive Images for WordPress
Plugin Slug:
truenorth-srcset
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51702
The vulnerability has not been patched. You should deactivate the plugin.

Twitter real time search scrolling

Plugin:
Twitter real time search scrolling
Plugin Slug:
twitter-real-time-search-scrolling
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51716
The vulnerability has not been patched. You should deactivate the plugin.

Ultimate Accordion

Plugin:
Ultimate Accordion
Plugin Slug:
ultimate-accordion
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51797
The vulnerability has not been patched. You should deactivate the plugin.

User Meta

Plugin:
User Meta
Plugin Slug:
user-meta
Vulnerability:
Sensitive Data Exposure
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-9262
The vulnerability has not been patched. You should deactivate the plugin.

User Password Reset

Plugin:
User Password Reset
Plugin Slug:
user-password-reset
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51714
The vulnerability has not been patched. You should deactivate the plugin.

Utech Spinning Earth

Plugin:
Utech Spinning Earth
Plugin Slug:
utech-spinning-earth
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51839
The vulnerability has not been patched. You should deactivate the plugin.

UW Freelancer

Plugin:
UW Freelancer
Plugin Slug:
uw-freelancer
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51706
The vulnerability has not been patched. You should deactivate the plugin.

VP Sitemap

Plugin:
VP Sitemap
Plugin Slug:
vp-sitemap
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51922
The vulnerability has not been patched. You should deactivate the plugin.

Wd-image-magnifier-xoss

Plugin:
Wd-image-magnifier-xoss
Plugin Slug:
wd-image-magnifier-xoss
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51840
The vulnerability has not been patched. You should deactivate the plugin.

WE – Client Logo Carousel

Plugin:
WE – Client Logo Carousel
Plugin Slug:
we-client-logo-carousel
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51821
The vulnerability has not been patched. You should deactivate the plugin.

Websand Subscription Form

Plugin:
Websand Subscription Form
Plugin Slug:
websand-subscription-form
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51923
The vulnerability has not been patched. You should deactivate the plugin.

Wezido

Plugin:
Wezido
Plugin Slug:
wezido-elementor-addon-based-on-easy-digital-downloads
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51836
The vulnerability has not been patched. You should deactivate the plugin.

WP Agenda

Plugin:
WP Agenda
Plugin Slug:
wp-agenda
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51924
The vulnerability has not been patched. You should deactivate the plugin.

wp_automatic_widget

Plugin:
wp_automatic_widget
Plugin Slug:
wp-automatic-widget
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51876
The vulnerability has not been patched. You should deactivate the plugin.

WP-Basics

Plugin:
WP-Basics
Plugin Slug:
wp-basics
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51703
The vulnerability has not been patched. You should deactivate the plugin.

WP Contest

Plugin:
WP Contest
Plugin Slug:
wp-contest
Vulnerability:
SQL Injection
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51837
The vulnerability has not been patched. You should deactivate the plugin.

EventPress

Plugin:
EventPress
Plugin Slug:
wp-eventpress
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51861
The vulnerability has not been patched. You should deactivate the plugin.

Wp-ImageZoom

Plugin:
Wp-ImageZoom
Plugin Slug:
wp-imagezoom
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-9934
The vulnerability has not been patched. You should deactivate the plugin.

imPress

Plugin:
imPress
Plugin Slug:
wp-js-impress
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51704
The vulnerability has not been patched. You should deactivate the plugin.

WP Listings Pro

Plugin:
WP Listings Pro
Plugin Slug:
wp-listings-pro
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51903
The vulnerability has not been patched. You should deactivate the plugin.

WP MMenu Lite

Plugin:
WP MMenu Lite
Plugin Slug:
wp-mmenu-lite
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51705
The vulnerability has not been patched. You should deactivate the plugin.

WP PagSeguro Payments

Plugin:
WP PagSeguro Payments
Plugin Slug:
wp-pagseguro-payments
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51847
The vulnerability has not been patched. You should deactivate the plugin.

Wp Slide Categorywise

Plugin:
Wp Slide Categorywise
Plugin Slug:
wp-slide-categorywise
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51690
The vulnerability has not been patched. You should deactivate the plugin.

WP Visual Adverts

Plugin:
WP Visual Adverts
Plugin Slug:
wp-visual-adverts
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51707
The vulnerability has not been patched. You should deactivate the plugin.

Website remote Install vor Gravity, WPForms, Formidable, Ninja, Caldera

Plugin:
Website remote Install vor Gravity, WPForms, Formidable, Ninja, Caldera
Plugin Slug:
wp-website-creator
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-52347
The vulnerability has not been patched. You should deactivate the plugin.

WPHelpful

Plugin:
WPHelpful
Plugin Slug:
wphelpful
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51761
The vulnerability has not been patched. You should deactivate the plugin.

Admin Amplify

Plugin:
Admin Amplify
Plugin Slug:
wpr-admin-amplify
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51691
The vulnerability has not been patched. You should deactivate the plugin.

yPHPlista

Plugin:
yPHPlista
Plugin Slug:
yphplista
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51805
The vulnerability has not been patched. You should deactivate the plugin.

????????

Plugin:
????????
Plugin Slug:
yr-activity-link
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51814
The vulnerability has not been patched. You should deactivate the plugin.

Cookie Nonsense for YT

Plugin:
Cookie Nonsense for YT
Plugin Slug:
yt-cookie-nonsense
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51933
The vulnerability has not been patched. You should deactivate the plugin.

ZIJ KART

Plugin:
ZIJ KART
Plugin Slug:
zij-kart
Vulnerability:
Local File Inclusion
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-52381
The vulnerability has not been patched. You should deactivate the plugin.

Elementor Header & Footer Builder

Plugin:
Elementor Header & Footer Builder
Plugin Slug:
header-footer-elementor
Installations
2,000,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.6.46
Severity Score:
Medium
CVE:
2024-10325
The vulnerability has been patched, so you should update to version 1.6.46.

Loginizer

Plugin:
Loginizer
Plugin Slug:
loginizer
Installations
1,000,000+
Vulnerability:
Broken Authentication
Patched in Version:
1.9.3
Severity Score:
High
CVE:
2024-10097
The vulnerability has been patched, so you should update to version 1.9.3.

Safe SVG

Plugin:
Safe SVG
Plugin Slug:
safe-svg
Installations
1,000,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.2.6
Severity Score:
Medium
CVE:
2024-8378
The vulnerability has been patched, so you should update to version 2.2.6.

Happy Addons for Elementor

Plugin:
Happy Addons for Elementor
Plugin Slug:
happy-elementor-addons
Installations
400,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
3.12.6
Severity Score:
Medium
CVE:
2024-10538
The vulnerability has been patched, so you should update to version 3.12.6.

Photo Gallery by 10Web – Mobile-Friendly Image Gallery

Plugin:
Photo Gallery by 10Web – Mobile-Friendly Image Gallery
Plugin Slug:
photo-gallery
Installations
200,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.8.31
Severity Score:
Medium
CVE:
2024-9878
The vulnerability has been patched, so you should update to version 1.8.31.

Admin and Site Enhancements (ASE)

Plugin:
Admin and Site Enhancements (ASE)
Plugin Slug:
admin-site-enhancements
Installations
100,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
7.5.2
Severity Score:
Medium
CVE:
2024-10790
The vulnerability has been patched, so you should update to version 7.5.2.

Contact Form 7 – Dynamic Text Extension

Plugin:
Contact Form 7 – Dynamic Text Extension
Plugin Slug:
contact-form-7-dynamic-text-extension
Installations
100,000+
Vulnerability:
Sensitive Data Exposure
Patched in Version:
4.5.1
Severity Score:
Medium
CVE:
2024-10084
The vulnerability has been patched, so you should update to version 4.5.1.

Pods – Custom Content Types and Fields

Plugin:
Pods – Custom Content Types and Fields
Plugin Slug:
pods
Installations
100,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
3.2.7.1
Severity Score:
Medium
CVE:
2024-9883
The vulnerability has been patched, so you should update to version 3.2.7.1.

WP ULike – All-in-One Engagement Toolkit

Plugin:
WP ULike – All-in-One Engagement Toolkit
Plugin Slug:
wp-ulike
Installations
80,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
4.7.5
Severity Score:
Medium
CVE:
2024-7879
The vulnerability has been patched, so you should update to version 4.7.5.

WP Booking Calendar

Plugin:
WP Booking Calendar
Plugin Slug:
booking
Installations
50,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
10.6.3
Severity Score:
Medium
CVE:
2024-10027
The vulnerability has been patched, so you should update to version 10.6.3.

MapPress Maps for WordPress

Plugin:
MapPress Maps for WordPress
Plugin Slug:
mappress-google-maps-for-wordpress
Installations
40,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.94.2
Severity Score:
Medium
CVE:
2024-10715
The vulnerability has been patched, so you should update to version 2.94.2.

Easy SVG Support

Plugin:
Easy SVG Support
Plugin Slug:
easy-svg
Installations
30,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
3.8
Severity Score:
Medium
CVE:
2024-10269
The vulnerability has been patched, so you should update to version 3.8.

Envo Extra

Plugin:
Envo Extra
Plugin Slug:
envo-extra
Installations
30,000+
Vulnerability:
Sensitive Data Exposure
Patched in Version:
1.9.4
Severity Score:
Medium
CVE:
2024-10770
The vulnerability has been patched, so you should update to version 1.9.4.

Seriously Simple Podcasting

Plugin:
Seriously Simple Podcasting
Plugin Slug:
seriously-simple-podcasting
Installations
30,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
3.6.0
Severity Score:
High
CVE:
2024-9667
The vulnerability has been patched, so you should update to version 3.6.0.

Futurio Extra

Plugin:
Futurio Extra
Plugin Slug:
futurio-extra
Installations
20,000+
Vulnerability:
Broken Access Control
Patched in Version:
2.0.14
Severity Score:
Medium
CVE:
2024-10695
The vulnerability has been patched, so you should update to version 2.0.14.

Code Embed

Plugin:
Code Embed
Plugin Slug:
simple-embed-code
Installations
20,000+
Vulnerability:
Server Side Request Forgery (SSRF)
Patched in Version:
2.5.1
Severity Score:
Medium
CVE:
2024-10814
The vulnerability has been patched, so you should update to version 2.5.1.

140+ Widgets | Xpro Addons For Elementor – FREE

Plugin:
140+ Widgets | Xpro Addons For Elementor – FREE
Plugin Slug:
xpro-elementor-addons
Installations
20,000+
Vulnerability:
Sensitive Data Exposure
Patched in Version:
1.4.6.1
Severity Score:
Medium
CVE:
2024-10319
The vulnerability has been patched, so you should update to version 1.4.6.1.

Contact Form 7 – PayPal & Stripe Add-on

Plugin:
Contact Form 7 – PayPal & Stripe Add-on
Plugin Slug:
contact-form-7-paypal-add-on
Installations
10,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.3.2
Severity Score:
High
CVE:
2024-10683
The vulnerability has been patched, so you should update to version 2.3.2.

SysBasics Customize My Account for WooCommerce

Plugin:
SysBasics Customize My Account for WooCommerce
Plugin Slug:
customize-my-account-for-woocommerce
Installations
10,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.7.30
Severity Score:
High
CVE:
2024-10837
The vulnerability has been patched, so you should update to version 2.7.30.

Pricing Tables WordPress Plugin – Easy Pricing Tables

Plugin:
Pricing Tables WordPress Plugin – Easy Pricing Tables
Plugin Slug:
easy-pricing-tables
Installations
10,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
3.2.7
Severity Score:
Medium
CVE:
2024-8323
The vulnerability has been patched, so you should update to version 3.2.7.

JetWidgets For Elementor

Plugin:
JetWidgets For Elementor
Plugin Slug:
jetwidgets-for-elementor
Installations
10,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.0.19
Severity Score:
Medium
CVE:
2024-10323
The vulnerability has been patched, so you should update to version 1.0.19.

myCred – Loyalty Points and Rewards plugin for WordPress and WooCommerce – Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification

Plugin:
myCred – Loyalty Points and Rewards plugin for WordPress and WooCommerce – Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification
Plugin Slug:
mycred
Installations
10,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.7.5
Severity Score:
Medium
CVE:
2024-10187
The vulnerability has been patched, so you should update to version 2.7.5.

OSM – OpenStreetMap

Plugin:
OSM – OpenStreetMap
Plugin Slug:
osm
Installations
10,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
6.1.3
Severity Score:
Medium
CVE:
2024-52355
The vulnerability has been patched, so you should update to version 6.1.3.

WP Photo Album Plus

Plugin:
WP Photo Album Plus
Plugin Slug:
wp-photo-album-plus
Installations
10,000+
Vulnerability:
Broken Access Control
Patched in Version:
8.9.01.001
Severity Score:
Medium
CVE:
2024-10958
The vulnerability has been patched, so you should update to version 8.9.01.001.

Algori PDF Viewer

Plugin:
Algori PDF Viewer
Plugin Slug:
algori-pdf-viewer
Installations
8,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.0.8
Severity Score:
Medium
CVE:
2018-5158
The vulnerability has been patched, so you should update to version 1.0.8.

Contact Form 7 Redirect & Thank You Page

Plugin:
Contact Form 7 Redirect & Thank You Page
Plugin Slug:
cf7-redirect-thank-you-page
Installations
7,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.0.7
Severity Score:
High
CVE:
2024-10685
The vulnerability has been patched, so you should update to version 1.0.7.

Ultimate Bootstrap Elements for Elementor

Plugin:
Ultimate Bootstrap Elements for Elementor
Plugin Slug:
ultimate-bootstrap-elements-for-elementor
Installations
7,000+
Vulnerability:
Sensitive Data Exposure
Patched in Version:
1.4.7
Severity Score:
Medium
CVE:
2024-10329
The vulnerability has been patched, so you should update to version 1.4.7.

XT Floating Cart for WooCommerce

Plugin:
XT Floating Cart for WooCommerce
Plugin Slug:
woo-floating-cart-lite
Installations
6,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.8.3
Severity Score:
Medium
CVE:
2024-9178
The vulnerability has been patched, so you should update to version 2.8.3.

ElementsReady Addons for Elementor

Plugin:
ElementsReady Addons for Elementor
Plugin Slug:
element-ready-lite
Installations
5,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
6.4.4
Severity Score:
Medium
CVE:
2024-51787
The vulnerability has been patched, so you should update to version 6.4.4.

Podlove Podcast Publisher

Plugin:
Podlove Podcast Publisher
Plugin Slug:
podlove-podcasting-plugin-for-wordpress
Installations
5,000+
Vulnerability:
Remote Code Execution (RCE)
Patched in Version:
4.1.17
Severity Score:
Critical
CVE:
2024-52393
The vulnerability has been patched, so you should update to version 4.1.17.

Simple Shortcode for Google Maps

Plugin:
Simple Shortcode for Google Maps
Plugin Slug:
simple-google-maps-short-code
Installations
5,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.6
Severity Score:
Medium
CVE:
2024-10621
The vulnerability has been patched, so you should update to version 1.6.

LIQUID BLOCKS – Slider, Carousel, Accordion

Plugin:
LIQUID BLOCKS – Slider, Carousel, Accordion
Plugin Slug:
liquid-blocks
Installations
4,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.3.0
Severity Score:
Medium
CVE:
2024-52357
The vulnerability has been patched, so you should update to version 1.3.0.

Content Slider Block

Plugin:
Content Slider Block
Plugin Slug:
content-slider-block
Installations
3,000+
Vulnerability:
Sensitive Data Exposure
Patched in Version:
3.1.6
Severity Score:
Medium
CVE:
2024-10667
The vulnerability has been patched, so you should update to version 3.1.6.

Multiple Page Generator Plugin – MPG

Plugin:
Multiple Page Generator Plugin – MPG
Plugin Slug:
multiple-pages-generator-by-porthas
Installations
3,000+
Vulnerability:
Path Traversal
Patched in Version:
4.0.3
Severity Score:
Low
CVE:
2024-10672
The vulnerability has been patched, so you should update to version 4.0.3.

Tickera – WordPress Event Ticketing

Plugin:
Tickera – WordPress Event Ticketing
Plugin Slug:
tickera-event-ticketing-system
Installations
3,000+
Vulnerability:
Broken Access Control
Patched in Version:
3.5.4.6
Severity Score:
Medium
CVE:
2024-10263
The vulnerability has been patched, so you should update to version 3.5.4.6.

Responsive Filterable Portfolio

Plugin:
Responsive Filterable Portfolio
Plugin Slug:
responsive-filterable-portfolio
Installations
2,000+
Vulnerability:
Server Side Request Forgery (SSRF)
Patched in Version:
1.0.23
Severity Score:
Medium
CVE:
2024-51785
The vulnerability has been patched, so you should update to version 1.0.23.

Slickstream: Engagement and Conversions

Plugin:
Slickstream: Engagement and Conversions
Plugin Slug:
slick-engagement
Installations
2,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.0.0
Severity Score:
Medium
CVE:
2024-10179
The vulnerability has been patched, so you should update to version 2.0.0.

Zotpress

Plugin:
Zotpress
Plugin Slug:
zotpress
Installations
2,000+
Vulnerability:
Broken Access Control
Patched in Version:
7.3.13
Severity Score:
Medium
CVE:
2024-7429
The vulnerability has been patched, so you should update to version 7.3.13.

Event post

Plugin:
Event post
Plugin Slug:
event-post
Installations
1,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
5.9.7
Severity Score:
Medium
CVE:
2024-10186
The vulnerability has been patched, so you should update to version 5.9.7.

Event post

Plugin:
Event post
Plugin Slug:
event-post
Installations
1,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
5.9.7
Severity Score:
Medium
CVE:
2024-10186
The vulnerability has been patched, so you should update to version 5.9.7.

Heateor Social Login WordPress

Plugin:
Heateor Social Login WordPress
Plugin Slug:
heateor-social-login
Installations
1,000+
Vulnerability:
Broken Authentication
Patched in Version:
1.1.36
Severity Score:
High
CVE:
2024-10020
The vulnerability has been patched, so you should update to version 1.1.36.

WooCommerce Report

Plugin:
WooCommerce Report
Plugin Slug:
ithemelandco-woo-report
Installations
1,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
1.5.2
Severity Score:
High
CVE:
2024-10711
The vulnerability has been patched, so you should update to version 1.5.2.

Web Stories Widgets For Elementor

Plugin:
Web Stories Widgets For Elementor
Plugin Slug:
shortcodes-for-amp-web-stories-and-elementor-widget
Installations
1,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.1.1
Severity Score:
Medium
CVE:
2024-52354
The vulnerability has been patched, so you should update to version 1.1.1.

SKT Addons for Elementor

Plugin:
SKT Addons for Elementor
Plugin Slug:
skt-addons-for-elementor
Installations
1,000+
Vulnerability:
Sensitive Data Exposure
Patched in Version:
3.4
Severity Score:
Medium
CVE:
2024-10693
The vulnerability has been patched, so you should update to version 3.4.

Tumult Hype Animations

Plugin:
Tumult Hype Animations
Plugin Slug:
tumult-hype-animations
Installations
1,000+
Vulnerability:
Broken Access Control
Patched in Version:
1.9.15
Severity Score:
Medium
CVE:
2024-10543
The vulnerability has been patched, so you should update to version 1.9.15.

Video Gallery for WooCommerce

Plugin:
Video Gallery for WooCommerce
Plugin Slug:
video-wc-gallery
Installations
1,000+
Vulnerability:
Broken Access Control
Patched in Version:
1.32
Severity Score:
Medium
CVE:
2024-10535
The vulnerability has been patched, so you should update to version 1.32.

W3SPEEDSTER

Plugin:
W3SPEEDSTER
Plugin Slug:
w3speedster-wp
Installations
1,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
7.27
Severity Score:
Medium
CVE:
2024-52392
The vulnerability has been patched, so you should update to version 7.27.

xili-tidy-tags

Plugin:
xili-tidy-tags
Plugin Slug:
xili-tidy-tags
Installations
1,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.12.05
Severity Score:
High
CVE:
2024-9357
The vulnerability has been patched, so you should update to version 1.12.05.

CYAN Backup

Plugin:
CYAN Backup
Plugin Slug:
cyan-backup
Installations
500+
Vulnerability:
Arbitrary File Download
Patched in Version:
2.5.4
Severity Score:
Medium
CVE:
2024-52390
The vulnerability has been patched, so you should update to version 2.5.4.

Shortcodes Blocks Creator Ultimate

Plugin:
Shortcodes Blocks Creator Ultimate
Plugin Slug:
ultimate-shortcodes-creator
Installations
300+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.2.0
Severity Score:
Medium
CVE:
2024-10340
The vulnerability has been patched, so you should update to version 2.2.0.

Basticom Framework

Plugin:
Basticom Framework
Plugin Slug:
basticom-framework
Installations
100+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.5.1
Severity Score:
Medium
CVE:
2024-9443
The vulnerability has been patched, so you should update to version 1.5.1.

Forms

Plugin:
Forms
Plugin Slug:
forms-by-made-it
Installations
100+
Vulnerability:
Arbitrary File Upload
Patched in Version:
2.8.1
Severity Score:
Critical
CVE:
2024-51791
The vulnerability has been patched, so you should update to version 2.8.1.

Pro Addons For Elementor

Plugin:
Pro Addons For Elementor
Plugin Slug:
pro-addons-for-elementor
Installations
80+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.6.0
Severity Score:
Medium
CVE:
2024-51812
The vulnerability has been patched, so you should update to version 1.6.0.

Print PDF Generator and Publisher

Plugin:
Print PDF Generator and Publisher
Plugin Slug:
nopeamedia
Installations
50+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.2.0
Severity Score:
Medium
CVE:
2024-52394
The vulnerability has been patched, so you should update to version 1.2.0.

Anant Addons for Elementor

Plugin:
Anant Addons for Elementor
Plugin Slug:
anant-addons-for-elementor
Installations
20+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.0.6
Severity Score:
Medium
CVE:
2024-51813
The vulnerability has been patched, so you should update to version 1.0.6.

Realty by BestWebSoft

Plugin:
Realty by BestWebSoft
Plugin Slug:
realty
Installations
20+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.1.6
Severity Score:
Medium
CVE:
2024-51786
The vulnerability has been patched, so you should update to version 1.1.6.

Christian Science Bible Lesson Subjects

Plugin:
Christian Science Bible Lesson Subjects
Plugin Slug:
christian-science-bible-lesson-subjects
Installations
10+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.1
Severity Score:
Medium
CVE:
2024-52353
The vulnerability has been patched, so you should update to version 2.1.

Hebrew Dates

Plugin:
Hebrew Dates
Plugin Slug:
hebrewdates
Installations
10+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
2.3.0
Severity Score:
High
CVE:
2024-52388
The vulnerability has been patched, so you should update to version 2.3.0.

Floating Buttons for WooCommerce

Plugin:
Floating Buttons for WooCommerce
Plugin Slug:
shop-assistant-for-woocommerce-jarvis
Installations
10+
Vulnerability:
Broken Access Control
Patched in Version:
2.9.2
Severity Score:
Medium
CVE:
2024-52395
The vulnerability has been patched, so you should update to version 2.9.2.

Ultimate Flipbox Addon for Elementor

Plugin:
Ultimate Flipbox Addon for Elementor
Plugin Slug:
ultimate-flipbox-addon-for-elementor
Installations
10+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.0.5
Severity Score:
Medium
CVE:
2024-51870
The vulnerability has been patched, so you should update to version 1.0.5.

Dynamic Post Grid Elementor Addon

Plugin:
Dynamic Post Grid Elementor Addon
Plugin Slug:
dynamic-post-grid-elementor-addon
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.0.7
Severity Score:
Medium
CVE:
2024-51852
The vulnerability has been patched, so you should update to version 1.0.7.

Hive Support – WordPress Help Desk

Plugin:
Hive Support – WordPress Help Desk
Plugin Slug:
hive-support
Vulnerability:
Arbitrary File Upload
Patched in Version:
1.1.2
Severity Score:
Critical
CVE:
2024-52370
The vulnerability has been patched, so you should update to version 1.1.2.

kineticPay for WooCommerce

Plugin:
kineticPay for WooCommerce
Plugin Slug:
kineticpay-for-woocommerce
Vulnerability:
Arbitrary File Upload
Patched in Version:
3.0
Severity Score:
Critical
CVE:
2024-52379
The vulnerability has been patched, so you should update to version 3.0.

Loginizer Security

Plugin:
Loginizer Security
Plugin Slug:
loginizer-security
Vulnerability:
Broken Authentication
Patched in Version:
1.9.3
Severity Score:
High
CVE:
2024-10097
The vulnerability has been patched, so you should update to version 1.9.3.

Pie Register Premium

Plugin:
Pie Register Premium
Plugin Slug:
pie-register-premium
Vulnerability:
Broken Access Control
Patched in Version:
3.8.3.3
Severity Score:
Medium
CVE:
2024-52391
The vulnerability has been patched, so you should update to version 3.8.3.3.

Quform

Plugin:
Quform
Plugin Slug:
quform
Vulnerability:
Sensitive Data Exposure
Patched in Version:
2.21.0
Severity Score:
Medium
CVE:
2024-8756
The vulnerability has been patched, so you should update to version 2.21.0.

WooCommerce Social Login

Plugin:
WooCommerce Social Login
Plugin Slug:
woo-social-login
Vulnerability:
Broken Authentication
Patched in Version:
2.7.8
Severity Score:
High
CVE:
2024-10114
The vulnerability has been patched, so you should update to version 2.7.8.

WooCommerce Support Ticket System

Plugin:
WooCommerce Support Ticket System
Plugin Slug:
woocommerce-support-ticket-system
Vulnerability:
Arbitrary File Upload
Patched in Version:
17.8
Severity Score:
Critical
CVE:
2024-10627
The vulnerability has been patched, so you should update to version 17.8.

WooCommerce Support Ticket System

Plugin:
WooCommerce Support Ticket System
Plugin Slug:
woocommerce-support-ticket-system
Vulnerability:
Arbitrary File Deletion
Patched in Version:
17.8
Severity Score:
High
CVE:
2024-10625
The vulnerability has been patched, so you should update to version 17.8.

JobSearch

Plugin:
JobSearch
Plugin Slug:
wp-jobsearch
Vulnerability:
Arbitrary File Upload
Patched in Version:
2.6.8
Severity Score:
Critical
CVE:
2024-8614
The vulnerability has been patched, so you should update to version 2.6.8.

JobSearch

Plugin:
JobSearch
Plugin Slug:
wp-jobsearch
Vulnerability:
Arbitrary File Upload
Patched in Version:
2.6.8
Severity Score:
Critical
CVE:
2024-8615
The vulnerability has been patched, so you should update to version 2.6.8.

WP Membership

Plugin:
WP Membership
Plugin Slug:
wp-membership
Vulnerability:
Arbitrary File Upload
Patched in Version:
1.6.3
Severity Score:
Critical
CVE:
2024-10547
The vulnerability has been patched, so you should update to version 1.6.3.

User Extra Fields

Plugin:
User Extra Fields
Plugin Slug:
wp-user-extra-fields
Vulnerability:
Arbitrary File Upload
Patched in Version:
16.6
Severity Score:
Critical
CVE:
2024-10801
The vulnerability has been patched, so you should update to version 16.6.

WordPress Themes — 3 Patched / 2 Unpatched

Storely

Theme:
Storely
Theme Slug:
storely
Downloads
435,857
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51794
The vulnerability has not been patched. You should switch themes.

Anih

Theme:
Anih
Theme Slug:
anih
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-9775
The vulnerability has not been patched. You should switch themes.

Th Shop Mania

Theme:
Th Shop Mania
Theme Slug:
th-shop-mania
Downloads
35,161
Vulnerability:
Arbitrary Code Execution
Patched in Version:
1.5.0
Severity Score:
Medium
CVE:
2024-10674
The vulnerability has been patched, so you should update to version 1.5.0.

Top Store

Theme:
Top Store
Theme Slug:
top-store
Downloads
198,806
Vulnerability:
Arbitrary Code Execution
Patched in Version:
1.5.5
Severity Score:
Medium
CVE:
2024-10673
The vulnerability has been patched, so you should update to version 1.5.5.

WPLMS

Theme:
WPLMS
Theme Slug:
wplms
Vulnerability:
Path Traversal
Patched in Version:
4.963
Severity Score:
Critical
CVE:
2024-10470
The vulnerability has been patched, so you should update to version 4.963.

Solid Security is part of Solid Suite — The best foundation for WordPress websites.

Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!

Get Solid Security

Author:

Sarah

Sarah has been with StellarWP since 2024. As our marketing generalist, she spends her day writing content and completing projects for SolidWP, LearnDash, and The Events Calendar. In her free time, Sarah can be found playing pickleball, enjoying coffee at a local coffee shop, and spending time with her husband.

Browse all of Sarah's articles

Author:

Sarah

Sarah has been with StellarWP since 2024. As our marketing generalist, she spends her day writing content and completing projects for SolidWP, LearnDash, and The Events Calendar. In her free time, Sarah can be found playing pickleball, enjoying coffee at a local coffee shop, and spending time with her husband.

Browse all of Sarah's articles