WordPress Vulnerability Report — May 1, 2024

Since last week, 359 new vulnerabilities emerged in the WordPress ecosystem, including 28 in themes and 331 in plugins. 90 of the vulnerable plugins and themes remain unpatched, but Solid Security Pro users are protected by virtual patching from Patchstack.

Sarah Ulmer

Published:May 1, 2024

Filed Under:WordPress Vulnerability Report

Reading Time:66 min.

In this report, 359 vulnerabilities have been publicly disclosed. Security patches for 269 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 90 plugin and theme vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

Along with poor user account security, vulnerable plugins and themes are among the top reasons why WordPress websites get hacked. Unfortunately, cyberattacks are increasing in volume and sophistication. They’re also increasingly aimed at small to mid-sized businesses.

1. WordPress Core
2. WordPress Plugins — 248 Patched / 21 Unpatched

2.1 Auto Featured Image (Auto Post Thumbnail)
2.2 FameTheme Demo Importer
2.3 Piotnet Addons For Elementor
2.4 AGCA – Custom Dashboard & Login Page
2.5 Serious Slider
2.6 Meks Smart Social Widget
2.7 Xserver Migrator
2.8 Annual Archive
2.9 rtMedia for WordPress, BuddyPress and bbPress
2.10 ClickCease Click Fraud Protection
2.11 Democracy Poll
2.12 Login Logout Register Menu
2.13 Meks ThemeForest Smart Widget
2.14 Print-O-Matic
2.15 Smart Recent Posts Widget
2.16 CM Tooltip Glossary
2.17 Customify Site Library
2.18 WordPress Ad Widget
2.19 PopupAlly
2.20 Pretty Google Calendar
2.21 Fan Page Widget by ThemeNcode
2.22 Filterable Portfolio
2.23 Share This Image
2.24 Smart Maintenance Mode
2.25 ENL Newsletter
2.26 ENL Newsletter
2.27 ENL Newsletter
2.28 Advanced Search
2.29 Advanced Most Recent Posts Mod
2.30 Advanced Post List
2.31 AJAX Login and Registration modal popup + inline form
2.32 Element Pack Pro
2.33 CF7 File Download – File Download for CF7
2.34 Client Dash
2.35 Contact Form 7 Extension For Mailchimp
2.36 CPO Companion
2.37 Crelly Slider
2.38 Easy Set Favicon
2.39 Embed Google Fonts
2.40 XStore Core
2.41 XStore Core
2.42 XStore Core
2.43 XStore Core
2.44 XStore Core
2.45 XStore Core
2.46 XStore Core
2.47 XStore Core
2.48 Giphypress
2.49 GWP-Histats
2.50 JW Player for WordPress
2.51 MF Gig Calendar
2.52 Mini Loops
2.53 Opal Widgets For Elementor
2.54 CodeBard’s Patron Button and Widgets for Patreon
2.55 PB MailCrypt
2.56 Piotnet Addons For Elementor Pro
2.57 Piotnet Addons For Elementor Pro
2.58 Piotnet Addons For Elementor Pro
2.59 Piotnet Addons For Elementor Pro
2.60 Piotnet Addons For Elementor Pro
2.61 Progressive WordPress (PWA)
2.62 Realtyna Organic IDX plugin
2.63 Recencio Book Reviews
2.64 Regenerate post permalink
2.65 School Management Pro
2.66 Shortcode Addons
2.67 Sliding Widgets
2.68 Social Share Buttons by Supsystic
2.69 Solid Affiliate
2.70 SP Project & Document Manager
2.71 Sticky Anything
2.72 WidgetKit
2.73 WZone
2.74 WZone
2.75 WZone
2.76 WZone
2.77 WZone
2.78 WZone
2.79 WP GDPR Compliance
2.80 WP Masquerade
2.81 WP Page Post Widget Clone
2.82 WTI Like Post
2.83 XforWooCommerce
2.84 All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic
2.85 Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
2.86 Rank Math SEO with AI Best SEO Tools
2.87 ElementsKit Elementor addons and Templates Library
2.88 Popup Builder by OptinMonster – WordPress Popups for Optins, Email Newsletters and Lead Generation
2.89 Premium Addons for Elementor
2.90 Premium Addons for Elementor
2.91 Spectra – WordPress Gutenberg Blocks
2.92 Contact Form 7 Database Addon – CFDB7
2.93 WP Shortcodes Plugin — Shortcodes Ultimate
2.94 Happy Addons for Elementor
2.95 Duplicate Post
2.96 MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor
2.97 Royal Elementor Addons and Templates
2.98 Royal Elementor Addons and Templates
2.99 PDF Invoices & Packing Slips for WooCommerce
2.100 PDF Invoices & Packing Slips for WooCommerce
2.101 Call Now Button – The #1 Click to Call Button for WordPress
2.102 Floating Chat Widget: Contact Chat Icons, WhatsApp, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button – Chaty
2.103 Instant Images – One Click Image Uploads from Unsplash, Openverse, Pixabay and Pexels
2.104 Jeg Elementor Kit
2.105 Jeg Elementor Kit
2.106 Photo Gallery by 10Web – Mobile-Friendly Image Gallery
2.107 Qi Addons For Elementor
2.108 YITH WooCommerce Compare
2.109 Elementor Addon Elements
2.110 BackUpWordPress
2.111 Colibri Page Builder
2.112 Colibri Page Builder
2.113 Content Views – Post Grid & Filter, Recent Posts, Category Posts, & More (Gutenberg Blocks and Shortcode)
2.114 FileOrganizer – Manage WordPress and Website Files
2.115 Table Rate Shipping Method for WooCommerce by Flexible Shipping
2.116 HT Mega – Absolute Addons For Elementor
2.117 Hummingbird – Cache & Page Speed Optimization for Core Web Vitals | Critical CSS | Minify CSS | Defer CSS Javascript
2.118 Social Sharing Plugin – Sassy Social Share
2.119 Schema & Structured Data for WP & AMP
2.120 Strong Testimonials
2.121 Social Media Share Buttons & Social Sharing Icons
2.122 WP Chat App
2.123 Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions
2.124 Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions
2.125 VK Block Patterns
2.126 WP STAGING WordPress Backup Plugin – Migration Backup Restore
2.127 Backup Migration
2.128 Import and export users and customers
2.129 MainWP Child Reports
2.130 Tutor LMS – eLearning and online course solution
2.131 Tutor LMS – eLearning and online course solution
2.132 WP SMTP
2.133 WP ULike – Most Advanced WordPress Marketing Toolkit
2.134 WP ULike – Most Advanced WordPress Marketing Toolkit
2.135 WP ULike – Most Advanced WordPress Marketing Toolkit
2.136 Comments – wpDiscuz
2.137 Database for Contact Form 7, WPforms, Elementor forms
2.138 Media Cleaner: Clean your WordPress!
2.139 Export and Import Users and Customers
2.140 Blog2Social: Social Media Auto Post & Scheduler
2.141 Exclusive Addons for Elementor
2.142 Exclusive Addons for Elementor
2.143 Exclusive Addons for Elementor
2.144 Getwid – Gutenberg Blocks
2.145 FOX – Currency Switcher Professional for WooCommerce
2.146 WP-Members Membership Plugin
2.147 Enhanced Text Widget
2.148 Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder
2.149 Collapse-O-Matic
2.150 Quick Featured Images
2.151 Simple Membership
2.152 Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates)
2.153 Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks
2.154 Simply Static
2.155 Print Invoice & Delivery Notes for WooCommerce
2.156 Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy)
2.157 Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy)
2.158 AGCA – Custom Dashboard & Login Page
2.159 Popup Box – Best WordPress Popup Plugin
2.160 FV Flowplayer Video Player
2.161 Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor
2.162 Timetable and Event Schedule by MotoPress
2.163 Social Sharing Plugin – Social Warfare
2.164 VOD Infomaniak
2.165 WP Google Review Slider
2.166 Hide Dashboard Notifications
2.167 Appointment Hour Booking – WordPress Booking Plugin
2.168 Payment Gateway Based Fees and Discounts for WooCommerce
2.169 Data Tables Generator by Supsystic
2.170 Photo Gallery – GT3 Image Gallery & Gutenberg Block Gallery
2.171 Pricing Table by Supsystic
2.172 Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers
2.173 Rate My Post – Star Rating Plugin by FeedbackWP
2.174 Secure Copy Content Protection and Content Locking
2.175 Secure Copy Content Protection and Content Locking
2.176 Social Share Icons & Social Share Buttons
2.177 Social Share Icons & Social Share Buttons
2.178 Video Conferencing with Zoom
2.179 Product Addons & Fields for WooCommerce
2.180 Brevo for WooCommerce
2.181 WPZOOM Addons for Elementor (Templates, Widgets)
2.182 Advanced Floating Content Lite
2.183 Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss
2.184 rtMedia for WordPress, BuddyPress and bbPress
2.185 Classified Listing – Classified ads & Business Directory Plugin
2.186 Directorist – WordPress Business Directory Plugin with Classified Ads Listings
2.187 Elespare – Blog, Magazine and Newspaper Addons for Elementor with Templates, Widgets, Kits, and Header/Footer Builder. One Click Import: No Coding Required!
2.188 Email Customizer for WooCommerce | Drag and Drop Email Templates Builder
2.189 GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress
2.190 GeoDirectory – WordPress Business Directory Plugin, or Classified Directory
2.191 SSL Mixed Content Fix
2.192 List Custom Taxonomy Widget
2.193 Page Builder: Live Composer
2.194 myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin
2.195 Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction
2.196 Pop-up
2.197 Five Star Restaurant Reservations – WordPress Booking Plugin
2.198 ReviewX – Multi-criteria Rating & Reviews for WooCommerce
2.199 RomethemeKit For Elementor
2.200 RomethemeKit For Elementor
2.201 Send PDF for Contact Form 7
2.202 Social Share Buttons, Social Sharing Icons, Click to Tweet — Social Media Plugin by Social Snap
2.203 Ultimate Posts Widget
2.204 Easy Accept Payments via PayPal
2.205 WP Datepicker
2.206 SchedulePress – Best Editorial Calendar, Missed Schedule & Auto Social Share
2.207 WP Travel Engine – Best Travel Booking WordPress Plugin
2.208 Arconix FAQ
2.209 FG Joomla to WordPress
2.210 RomethemeForm For Elementor
2.211 Smart Forms – when you need more than just a contact form
2.212 Smart Forms – when you need more than just a contact form
2.213 WP LinkedIn Auto Publish
2.214 WordPress Backup & Migration
2.215 ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup
2.216 Maintenance Mode
2.217 WPC Composite Products for WooCommerce
2.218 ProfileGrid – User Profiles, Memberships, Groups and Communities
2.219 ProfileGrid – User Profiles, Memberships, Groups and Communities
2.220 ProfileGrid – User Profiles, Memberships, Groups and Communities
2.221 The Plus Blocks for Block Editor | Gutenberg
2.222 Better Elementor Addons
2.223 Easy Property Listings
2.224 Image Slider
2.225 Integrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files into Your WordPress Site
2.226 Integrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files into Your WordPress Site
2.227 Print My Blog – Print, PDF, & eBook Converter WordPress Plugin
2.228 Radio Player – Live Shoutcast, Icecast and Any Audio Stream Player for WordPress
2.229 Arconix Shortcodes
2.230 Assistant – Every Day Productivity Apps
2.231 Podlove Podcast Publisher
2.232 Podlove Podcast Publisher
2.233 Salon booking system
2.234 Salon booking system
2.235 Salon booking system
2.236 Ultimate 410 Gone Status Code
2.237 Advanced Local Pickup for WooCommerce
2.238 Embed Google Photos album
2.239 Import WP – Export and Import CSV and XML files to WordPress
2.240 Tickera – WordPress Event Ticketing
2.241 VikRentCar Car Rental Management System
2.242 WP ADA Compliance Check Basic – Most Comprehensive Web Accessibility Solution for WordPress
2.243 WP Fusion Lite – Marketing Automation and CRM Integration for WordPress
2.244 Coupon & Discount Code Reveal Button
2.245 Debug Log Manager
2.246 Newsletters
2.247 Newsletters
2.248 PropertyHive
2.249 Vision – Image Map Builder
2.250 Widget Post Slider
2.251 WP-Lister Lite for eBay
2.252 WP-Recall – Registration, Profile, Commerce & More
2.253 WP-Recall – Registration, Profile, Commerce & More
2.254 Accessibility Widget
2.255 Advanced Testimonial Carousel for Elementor
2.256 All-in-one Like Widget
2.257 Knowledge Base documentation & wiki plugin – BasePress Docs
2.258 Knowledge Base documentation & wiki plugin – BasePress Docs
2.259 CookieHub – Cookie Consent Banner (DSGVO, CCPA, RGPD and GDPR compliance)
2.260 Custom field finder
2.261 RSS Redirect & Feedburner Alternative
2.262 InstaWP Connect – 1-click WP Staging & Migration
2.263 iPages Flipbook For WordPress
2.264 The Pack Elementor addons (Header Footer & WooCommerce Builder, Template Library)
2.265 The Pack Elementor addons (Header Footer & WooCommerce Builder, Template Library)
2.266 User Meta – User Profile Builder and User management plugin
2.267 SuperFaktura WooCommerce
2.268 Academy LMS – eLearning and online course solution for WordPress
2.269 Academy LMS – eLearning and online course solution for WordPress
2.270 ActiveDEMAND
2.271 Admin Bar Editor – Hide Toolbar by User Roles
2.272 AI Post Generator | AutoWriter
2.273 AppPresser – Mobile App Framework
2.274 Booking Ultra Pro Appointments Booking Calendar Plugin
2.275 Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC)
2.276 Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Competition Plugin for WordPress
2.277 ChatBot Conversational Forms
2.278 Culqi
2.279 EPROLO Dropshipping
2.280 USPS Shipping for WooCommerce – Live Rates
2.281 Headline Analyzer
2.282 KB Support – WordPress Help Desk and Knowledge Base
2.283 Login with phone number
2.284 BizPrint – Print WooCommerce Order Receipts, Invoices, Labels & More.
2.285 Radio Station by netmix® – Manage and play your Show Schedule in WordPress!
2.286 Reviews Plus
2.287 Save as PDF Plugin by Pdfcrowd
2.288 Seers | GDPR & CCPA Cookie Consent & Compliance
2.289 Image Optimizer, Resizer and CDN – Sirv
2.290 StreamWeasels Twitch Integration
2.291 Poll | Vote | Contest – Best Poll Plugin for WordPress
2.292 Vitepos – Point of sale (POS) plugin for WooCommerce
2.293 WP Club Manager – WordPress Sports Club Plugin
2.294 WP GoToWebinar
2.295 MDTF – Meta Data and Taxonomies Filter
2.296 WP Time Slots Booking Form
2.297 WPCal.io – Easy Meeting Scheduler
2.298 WPPizza – A Restaurant Plugin
2.299 Frontend Dashboard
2.300 Leaky Paywall
2.301 Olive One Click Demo Import
2.302 SharkDropship and Affiliate for AliExpress, eBay, Amazon, Etsy
2.303 Barcode Scanner and Inventory manager. POS (Point of Sale) – scan barcodes & create orders with barcode reader.
2.304 Barcode Scanner and Inventory manager. POS (Point of Sale) – scan barcodes & create orders with barcode reader.
2.305 Slash Admin
2.306 Car Dealer (Dealership) and Vehicle sales
2.307 ShortPixel Critical CSS
2.308 Admin and Customer Messages After Order for WooCommerce: OrderConvo
2.309 SSU – WordPress Amazon S3 & Wasabi Smart File Uploads Plugin
2.310 Evergreen Content Poster – Auto Post and Schedule Your Best Content to Social Media
2.311 Build 5 Star Reviews on Google Reviews, Yelp, Facebook… easily and risk-free | RRatingg
2.312 Better Comments
2.313 Better Comments
2.314 Header Footer Code Manager Pro
2.315 ARForms
2.316 ARForms
2.317 ARForms
2.318 ARForms
2.319 ARForms
2.320 ARForms Form Builder
2.321 Digital Publications by Supsystic
2.322 ElementsKit Pro
2.323 Fancy Product Designer
2.324 Interactive World Maps
2.325 Max Addons Pro for Bricks
2.326 Max Addons Pro for Bricks
2.327 WooCommerce Shipping Label
2.328 WooCommerce Customers Manager
2.329 WooCommerce Customers Manager
2.330 WP Media Category Management
2.331 Wp Staging Pro

3. WordPress Themes — 21 Patched / 7 Unpatched

3.1 UDesign
3.2 XStore
3.3 XStore
3.4 XStore
3.5 XStore
3.6 XStore
3.7 XStore
3.8 Accountra
3.9 Althea WP
3.10 Blocksy
3.11 Blocksy
3.12 Brite
3.13 Colibri WP
3.14 ColorNews
3.15 Elevate WP
3.16 Financio
3.17 Hugo WP
3.18 Intrace
3.19 Pathway
3.20 Photology
3.21 Royal Elementor Kit
3.22 Startupzy
3.23 Teluro
3.24 Travey
3.25 Vertice
3.26 Virtue
3.27 WP Portfolio
3.28 Zeever

Our WordPress Vulnerability Report covers the latest emerging WordPress plugin, theme, and core vulnerabilities. Each vulnerability will have a severity rating of Low, Medium, High, or Critical. Responsible disclosure of vulnerabilities is essential to keeping the WordPress community safe. Please share this report to help spread the word and make WordPress — and the web — more secure.

WordPress Core

WordPress 6.5.2 was released on April 9, 2024, as a short-cycle security and maintenance release. This release features 2 bug fixes on Core, 12 bug fixes for the Block editor, and 1 security fix. Because this is a security release, it is recommended that you update your sites immediately.

The next major release will be version 6.6 planned for July 16, 2024.

WordPress Plugins — 248 Patched / 21 Unpatched

Plugin:: Auto Featured Image (Auto Post Thumbnail)
Plugin Slug:: auto-post-thumbnail
Installations: 70,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-33629

Plugin:: FameTheme Demo Importer
Plugin Slug:: famethemes-demo-importer
Installations: 50,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-33679

Plugin:: Piotnet Addons For Elementor
Plugin Slug:: piotnet-addons-for-elementor
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-33630

Plugin:: AGCA – Custom Dashboard & Login Page
Plugin Slug:: ag-custom-admin
Installations: 30,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-33627

Plugin:: Serious Slider
Plugin Slug:: cryout-serious-slider
Installations: 30,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-33650

Plugin:: Meks Smart Social Widget
Plugin Slug:: meks-smart-social-widget
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-33693

Plugin:: Xserver Migrator
Plugin Slug:: xserver-migrator
Installations: 20,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-33913

Plugin:: Annual Archive
Plugin Slug:: anual-archive
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-33598

Plugin:: rtMedia for WordPress, BuddyPress and bbPress
Plugin Slug:: buddypress-media
Installations: 10,000+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High

Plugin:: ClickCease Click Fraud Protection
Plugin Slug:: clickcease-click-fraud-protection
Installations: 10,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-33678

Plugin:: Democracy Poll
Plugin Slug:: democracy-poll
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-33920

Plugin:: Login Logout Register Menu
Plugin Slug:: login-logout-register-menu
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-33932

Plugin:: Meks ThemeForest Smart Widget
Plugin Slug:: meks-themeforest-smart-widget
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-33694

Plugin:: Print-O-Matic
Plugin Slug:: print-o-matic
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-33936

Plugin:: Smart Recent Posts Widget
Plugin Slug:: smart-recent-posts-widget
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-33692

Plugin:: CM Tooltip Glossary
Plugin Slug:: enhanced-tooltipglossary
Installations: 8,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-4086

Plugin:: Customify Site Library
Plugin Slug:: customify-sites
Installations: 6,000+
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-33644

Plugin:: WordPress Ad Widget
Plugin Slug:: ad-widget
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-33696

Plugin:: PopupAlly
Plugin Slug:: popupally
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-33639

Plugin:: Pretty Google Calendar
Plugin Slug:: pretty-google-calendar
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-33640

Plugin:: Fan Page Widget by ThemeNcode
Plugin Slug:: facebook-fan-page-widget
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-33695

Plugin:: Filterable Portfolio
Plugin Slug:: filterable-portfolio
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-4234

Plugin:: Share This Image
Plugin Slug:: share-this-image
Installations: 2,000+
Vulnerability:: Open Redirection
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-33930

Plugin:: Smart Maintenance Mode
Plugin Slug:: smart-maintenance-mode
Installations: 2,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-33638

Plugin:: ENL Newsletter
Plugin Slug:: enl-newsletter
Installations: 10+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-3060

Plugin:: ENL Newsletter
Plugin Slug:: enl-newsletter
Installations: 10+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-3059

Plugin:: ENL Newsletter
Plugin Slug:: enl-newsletter
Installations: 10+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-3058

Plugin:: Advanced Search
Plugin Slug:: advance-search
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-3265

Plugin:: Advanced Most Recent Posts Mod
Plugin Slug:: advanced-most-recent-posts-mod
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-33643

Plugin:: Advanced Post List
Plugin Slug:: advanced-post-list
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-33642

Plugin:: AJAX Login and Registration modal popup + inline form
Plugin Slug:: ajax-login-and-registration-modal-popup
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-33918

Plugin:: Element Pack Pro
Plugin Slug:: bdthemes-element-pack
Vulnerability:: Arbitrary File Download
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-33568

Plugin:: CF7 File Download – File Download for CF7
Plugin Slug:: cf7-file-download
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-33697

Plugin:: Client Dash
Plugin Slug:: client-dash
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-33652

Plugin:: Contact Form 7 Extension For Mailchimp
Plugin Slug:: contact-form-7-mailchimp-extension
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-33677

Plugin:: CPO Companion
Plugin Slug:: cpo-companion
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-33916

Plugin:: Crelly Slider
Plugin Slug:: crelly-slider
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-33542

Plugin:: Easy Set Favicon
Plugin Slug:: easy-set-favicon
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-33645

Plugin:: Embed Google Fonts
Plugin Slug:: embed-google-fonts
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-33925

Plugin:: XStore Core
Plugin Slug:: et-core-plugin
Vulnerability:: Arbitrary File Download
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-33558

Plugin:: XStore Core
Plugin Slug:: et-core-plugin
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-33557

Plugin:: XStore Core
Plugin Slug:: et-core-plugin
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-33556

Plugin:: XStore Core
Plugin Slug:: et-core-plugin
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-33555

Plugin:: XStore Core
Plugin Slug:: et-core-plugin
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-33554

Plugin:: XStore Core
Plugin Slug:: et-core-plugin
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-33553

Plugin:: XStore Core
Plugin Slug:: et-core-plugin
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-33552

Plugin:: XStore Core
Plugin Slug:: et-core-plugin
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-33551

Plugin:: Giphypress
Plugin Slug:: giphypress
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-33927

Plugin:: GWP-Histats
Plugin Slug:: gwp-histats
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-33926

Plugin:: JW Player for WordPress
Plugin Slug:: jw-player-7-for-wp
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-33931

Plugin:: MF Gig Calendar
Plugin Slug:: mf-gig-calendar
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-33651

Plugin:: Mini Loops
Plugin Slug:: mini-loops
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-33934

Plugin:: Opal Widgets For Elementor
Plugin Slug:: opal-widgets-for-elementor
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-33649

Plugin:: CodeBard’s Patron Button and Widgets for Patreon
Plugin Slug:: patron-button-and-widgets-by-codebard
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-33928

Plugin:: PB MailCrypt
Plugin Slug:: pb-mailcrypt-antispam-email-encryption
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-33935

Plugin:: Piotnet Addons For Elementor Pro
Plugin Slug:: piotnet-addons-for-elementor-pro
Vulnerability:: Arbitrary Content Deletion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-33635

Plugin:: Piotnet Addons For Elementor Pro
Plugin Slug:: piotnet-addons-for-elementor-pro
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-33634

Plugin:: Piotnet Addons For Elementor Pro
Plugin Slug:: piotnet-addons-for-elementor-pro
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-33633

Plugin:: Piotnet Addons For Elementor Pro
Plugin Slug:: piotnet-addons-for-elementor-pro
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-33632

Plugin:: Piotnet Addons For Elementor Pro
Plugin Slug:: piotnet-addons-for-elementor-pro
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-33631

Plugin:: Progressive WordPress (PWA)
Plugin Slug:: progressive-wp
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-33937

Plugin:: Realtyna Organic IDX plugin
Plugin Slug:: real-estate-listing-realtyna-wpl
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-33924

Plugin:: Recencio Book Reviews
Plugin Slug:: recencio-book-reviews
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-33648

Plugin:: Regenerate post permalink
Plugin Slug:: regenerate-post-permalinks
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-33681

Plugin:: School Management Pro
Plugin Slug:: school-management-pro
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-33911

Plugin:: Shortcode Addons
Plugin Slug:: shortcode-addons
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High

Plugin:: Sliding Widgets
Plugin Slug:: sliding-widgets
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-33938

Plugin:: Social Share Buttons by Supsystic
Plugin Slug:: social-share-buttons-by-supsystic
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-22303

Plugin:: Solid Affiliate
Plugin Slug:: solid-affiliate
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-33637

Plugin:: SP Project & Document Manager
Plugin Slug:: sp-client-document-manager
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-33923

Plugin:: Sticky Anything
Plugin Slug:: toast-stick-anything
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-33646

Plugin:: WidgetKit
Plugin Slug:: widgetkit-for-elementor
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-33908

Plugin:: WZone
Plugin Slug:: woozone
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-33549

Plugin:: WZone
Plugin Slug:: woozone
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-33548

Plugin:: WZone
Plugin Slug:: woozone
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-33547

Plugin:: WZone
Plugin Slug:: woozone
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-33546

Plugin:: WZone
Plugin Slug:: woozone
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-33545

Plugin:: WZone
Plugin Slug:: woozone
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-33544

Plugin:: WP GDPR Compliance
Plugin Slug:: wp-gdpr-compliance
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-33682

Plugin:: WP Masquerade
Plugin Slug:: wp-masquerade
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-33550

Plugin:: WP Page Post Widget Clone
Plugin Slug:: wp-page-post-widget-clone
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-33636

Plugin:: WTI Like Post
Plugin Slug:: wti-like-post
Vulnerability:: Bypass Vulnerability
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-33917

Plugin:: XforWooCommerce
Plugin Slug:: xforwoocommerce
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-33628

Plugin:: All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic
Plugin Slug:: all-in-one-seo-pack
Installations: 3,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.6.1.1
Severity Score:: Medium
CVE:: 2024-3554

Plugin:: Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
Plugin Slug:: essential-addons-for-elementor-lite
Installations: 2,000,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 5.9.16
Severity Score:: Medium
CVE:: 2024-3733

Plugin:: Rank Math SEO with AI Best SEO Tools
Plugin Slug:: seo-by-rank-math
Installations: 2,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.217
Severity Score:: Medium
CVE:: 2024-3665

Plugin:: ElementsKit Elementor addons and Templates Library
Plugin Slug:: elementskit-lite
Installations: 1,000,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 3.1.1
Severity Score:: High
CVE:: 2024-3499

Plugin:: Popup Builder by OptinMonster – WordPress Popups for Optins, Email Newsletters and Lead Generation
Plugin Slug:: optinmonster
Installations: 1,000,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.16.0
Severity Score:: Medium
CVE:: 2024-33691

Plugin:: Premium Addons for Elementor
Plugin Slug:: premium-addons-for-elementor
Installations: 700,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.10.29
Severity Score:: Medium
CVE:: 2024-3885

Plugin:: Premium Addons for Elementor
Plugin Slug:: premium-addons-for-elementor
Installations: 700,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.10.26
Severity Score:: Medium
CVE:: 2024-32791

Plugin:: Spectra – WordPress Gutenberg Blocks
Plugin Slug:: ultimate-addons-for-gutenberg
Installations: 700,000+
Vulnerability:: Path Traversal
Patched in Version:: 2.12.7
Severity Score:: Medium
CVE:: 2024-3107

Plugin:: Contact Form 7 Database Addon – CFDB7
Plugin Slug:: contact-form-cfdb7
Installations: 600,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.2.7
Severity Score:: Medium
CVE:: 2024-3870

Plugin:: WP Shortcodes Plugin — Shortcodes Ultimate
Plugin Slug:: shortcodes-ultimate
Installations: 600,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.1.0
Severity Score:: Medium
CVE:: 2024-3188

Plugin:: Happy Addons for Elementor
Plugin Slug:: happy-elementor-addons
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.10.7
Severity Score:: Medium
CVE:: 2024-3890

Plugin:: Duplicate Post
Plugin Slug:: copy-delete-posts
Installations: 300,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.4.5
Severity Score:: Medium
CVE:: 2024-31435

Plugin:: MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor
Plugin Slug:: metform
Installations: 300,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.8.4
Severity Score:: Medium
CVE:: 2024-33570

Plugin:: Royal Elementor Addons and Templates
Plugin Slug:: royal-elementor-addons
Installations: 300,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.972
Severity Score:: Medium
CVE:: 2024-3675

Plugin:: Royal Elementor Addons and Templates
Plugin Slug:: royal-elementor-addons
Installations: 300,000+
Vulnerability:: Bypass Vulnerability
Patched in Version:: 1.3.95
Severity Score:: Medium
CVE:: 2024-32786

Plugin:: PDF Invoices & Packing Slips for WooCommerce
Plugin Slug:: woocommerce-pdf-invoices-packing-slips
Installations: 300,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 3.8.1
Severity Score:: High
CVE:: 2024-3047

Plugin:: PDF Invoices & Packing Slips for WooCommerce
Plugin Slug:: woocommerce-pdf-invoices-packing-slips
Installations: 300,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.8.1
Severity Score:: High
CVE:: 2024-3045

Plugin:: Call Now Button – The #1 Click to Call Button for WordPress
Plugin Slug:: call-now-button
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4.7
Severity Score:: Medium
CVE:: 2024-2908

Plugin:: Floating Chat Widget: Contact Chat Icons, WhatsApp, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button – Chaty
Plugin Slug:: chaty
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1.9
Severity Score:: Medium
CVE:: 2024-2972

Plugin:: Instant Images – One Click Image Uploads from Unsplash, Openverse, Pixabay and Pexels
Plugin Slug:: instant-images
Installations: 200,000+
Vulnerability:: Privilege Escalation
Patched in Version:: 6.1.1
Severity Score:: High
CVE:: 2024-33569

Plugin:: Jeg Elementor Kit
Plugin Slug:: jeg-elementor-kit
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.5
Severity Score:: Medium
CVE:: 2024-3819

Plugin:: Jeg Elementor Kit
Plugin Slug:: jeg-elementor-kit
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.4
Severity Score:: Medium
CVE:: 2024-32721

Plugin:: Photo Gallery by 10Web – Mobile-Friendly Image Gallery
Plugin Slug:: photo-gallery
Installations: 200,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.8.21
Severity Score:: Medium
CVE:: 2024-33586

Plugin:: Qi Addons For Elementor
Plugin Slug:: qi-addons-for-elementor
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.7.1
Severity Score:: Medium
CVE:: 2024-3309

Plugin:: YITH WooCommerce Compare
Plugin Slug:: yith-woocommerce-compare
Installations: 200,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.38.0
Severity Score:: Medium
CVE:: 2024-32699

Plugin:: Elementor Addon Elements
Plugin Slug:: addon-elements-for-elementor-page-builder
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.13.4
Severity Score:: Medium
CVE:: 2024-3743

Plugin:: BackUpWordPress
Plugin Slug:: backupwordpress
Installations: 100,000+
Vulnerability:: Directory Traversal
Patched in Version:: 3.14
Severity Score:: Low
CVE:: 2024-3034

Plugin:: Colibri Page Builder
Plugin Slug:: colibri-page-builder
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.264
Severity Score:: Medium
CVE:: 2024-3338

Plugin:: Colibri Page Builder
Plugin Slug:: colibri-page-builder
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.274
Severity Score:: Medium
CVE:: 2024-3340

Plugin:: Content Views – Post Grid & Filter, Recent Posts, Category Posts, & More (Gutenberg Blocks and Shortcode)
Plugin Slug:: content-views-query-and-display-post-page
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.7.1
Severity Score:: Medium
CVE:: 2024-3929

Plugin:: FileOrganizer – Manage WordPress and Website Files
Plugin Slug:: fileorganizer
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.7
Severity Score:: Medium
CVE:: 2024-2324

Plugin:: Table Rate Shipping Method for WooCommerce by Flexible Shipping
Plugin Slug:: flexible-shipping
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.24.16
Severity Score:: Medium
CVE:: 2024-32828

Plugin:: HT Mega – Absolute Addons For Elementor
Plugin Slug:: ht-mega-for-elementor
Installations: 100,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.4.8
Severity Score:: Medium
CVE:: 2024-32782

Plugin:: Hummingbird – Cache & Page Speed Optimization for Core Web Vitals | Critical CSS | Minify CSS | Defer CSS Javascript
Plugin Slug:: hummingbird-performance
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.7.4
Severity Score:: Medium
CVE:: 2024-32792

Plugin:: Social Sharing Plugin – Sassy Social Share
Plugin Slug:: sassy-social-share
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.3.61
Severity Score:: Medium
CVE:: 2024-2159

Plugin:: Schema & Structured Data for WP & AMP
Plugin Slug:: schema-and-structured-data-for-wp
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.30
Severity Score:: Medium
CVE:: 2024-3491

Plugin:: Strong Testimonials
Plugin Slug:: strong-testimonials
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1.12
Severity Score:: Medium
CVE:: 2024-3261

Plugin:: Social Media Share Buttons & Social Sharing Icons
Plugin Slug:: ultimate-social-media-icons
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.8.7
Severity Score:: Medium
CVE:: 2024-31435

Plugin:: WP Chat App
Plugin Slug:: wp-whatsapp
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.6.4
Severity Score:: Medium
CVE:: 2024-2837

Plugin:: Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions
Plugin Slug:: paid-memberships-pro
Installations: 90,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.0
Severity Score:: Medium
CVE:: 2024-32794

Plugin:: Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions
Plugin Slug:: paid-memberships-pro
Installations: 90,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.0
Severity Score:: Medium
CVE:: 2024-32793

Plugin:: VK Block Patterns
Plugin Slug:: vk-block-patterns
Installations: 90,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.31.1.1
Severity Score:: Medium
CVE:: 2024-32826

Plugin:: WP STAGING WordPress Backup Plugin – Migration Backup Restore
Plugin Slug:: wp-staging
Installations: 90,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 3.5.0
Severity Score:: Medium
CVE:: 2024-3682

Plugin:: Backup Migration
Plugin Slug:: backup-backup
Installations: 80,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.4.2
Severity Score:: Medium
CVE:: 2024-31435

Plugin:: Import and export users and customers
Plugin Slug:: import-users-from-csv-with-meta
Installations: 80,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 1.26.3
Severity Score:: Medium
CVE:: 2024-32817

Plugin:: MainWP Child Reports
Plugin Slug:: mainwp-child-reports
Installations: 80,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.2
Severity Score:: Medium
CVE:: 2024-33680

Plugin:: Tutor LMS – eLearning and online course solution
Plugin Slug:: tutor
Installations: 80,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.7.0
Severity Score:: Medium
CVE:: 2024-3553

Plugin:: Tutor LMS – eLearning and online course solution
Plugin Slug:: tutor
Installations: 80,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.7.0
Severity Score:: Medium
CVE:: 2024-3994

Plugin:: WP SMTP
Plugin Slug:: wp-smtp
Installations: 80,000+
Vulnerability:: SQL Injection
Patched in Version:: 1.2.7
Severity Score:: High
CVE:: 2024-1789

Plugin:: WP ULike – Most Advanced WordPress Marketing Toolkit
Plugin Slug:: wp-ulike
Installations: 80,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.7.0
Severity Score:: Medium
CVE:: 2024-1572

Plugin:: WP ULike – Most Advanced WordPress Marketing Toolkit
Plugin Slug:: wp-ulike
Installations: 80,000+
Vulnerability:: SQL Injection
Patched in Version:: 4.7.0
Severity Score:: High
CVE:: 2024-1797

Plugin:: WP ULike – Most Advanced WordPress Marketing Toolkit
Plugin Slug:: wp-ulike
Installations: 80,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.7.0
Severity Score:: Medium
CVE:: 2024-1759

Plugin:: Comments – wpDiscuz
Plugin Slug:: wpdiscuz
Installations: 80,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.6.16
Severity Score:: Medium
CVE:: 2024-2477

Plugin:: Database for Contact Form 7, WPforms, Elementor forms
Plugin Slug:: contact-form-entries
Installations: 70,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.9
Severity Score:: High
CVE:: 2024-3715

Plugin:: Media Cleaner: Clean your WordPress!
Plugin Slug:: media-cleaner
Installations: 70,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 6.7.3
Severity Score:: Medium
CVE:: 2024-33922

Plugin:: Export and Import Users and Customers
Plugin Slug:: users-customers-import-export-for-wp-woocommerce
Installations: 70,000+
Vulnerability:: Deserialization of untrusted data
Patched in Version:: 2.5.4
Severity Score:: Medium
CVE:: 2024-32835

Plugin:: Blog2Social: Social Media Auto Post & Scheduler
Plugin Slug:: blog2social
Installations: 60,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 7.5.0
Severity Score:: Medium
CVE:: 2024-3678

Plugin:: Exclusive Addons for Elementor
Plugin Slug:: exclusive-addons-for-elementor
Installations: 60,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.6.9.2
Severity Score:: Medium
CVE:: 2024-33914

Plugin:: Exclusive Addons for Elementor
Plugin Slug:: exclusive-addons-for-elementor
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.9.4
Severity Score:: Medium
CVE:: 2024-2750

Plugin:: Exclusive Addons for Elementor
Plugin Slug:: exclusive-addons-for-elementor
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.9.5
Severity Score:: Medium
CVE:: 2024-3489

Plugin:: Getwid – Gutenberg Blocks
Plugin Slug:: getwid
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.8
Severity Score:: Medium
CVE:: 2024-3588

Plugin:: FOX – Currency Switcher Professional for WooCommerce
Plugin Slug:: woocommerce-currency-switcher
Installations: 60,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.4.1.9
Severity Score:: Medium
CVE:: 2024-3734

Plugin:: WP-Members Membership Plugin
Plugin Slug:: wp-members
Installations: 60,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 3.4.9.4
Severity Score:: Medium
CVE:: 2024-2920

Plugin:: Enhanced Text Widget
Plugin Slug:: enhanced-text-widget
Installations: 50,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.6.5
Severity Score:: Medium
CVE:: 2024-31435

Plugin:: Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder
Plugin Slug:: form-maker
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.15.25
Severity Score:: Medium
CVE:: 2024-2258

Plugin:: Collapse-O-Matic
Plugin Slug:: jquery-collapse-o-matic
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8.5.6
Severity Score:: Medium
CVE:: 2023-7030

Plugin:: Quick Featured Images
Plugin Slug:: quick-featured-images
Installations: 50,000+
Vulnerability:: Broken Access Control
Patched in Version:: 13.7.1
Severity Score:: Medium
CVE:: 2024-3664

Plugin:: Simple Membership
Plugin Slug:: simple-membership
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.4.4
Severity Score:: Medium
CVE:: 2024-3730

Plugin:: Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates)
Plugin Slug:: sina-extension-for-elementor
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.5.3
Severity Score:: Medium
CVE:: 2024-3988

Plugin:: Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks
Plugin Slug:: post-grid
Installations: 40,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.2.79
Severity Score:: High
CVE:: 2024-32816

Plugin:: Simply Static
Plugin Slug:: simply-static
Installations: 40,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 3.1.4
Severity Score:: High
CVE:: 2024-32825

Plugin:: Print Invoice & Delivery Notes for WooCommerce
Plugin Slug:: woocommerce-delivery-notes
Installations: 40,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.9.0
Severity Score:: Medium
CVE:: 2024-4233

Plugin:: Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy)
Plugin Slug:: wp-analytify
Installations: 40,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.2.4
Severity Score:: Medium
CVE:: 2024-1809

Plugin:: Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy)
Plugin Slug:: wp-analytify
Installations: 40,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.2.4
Severity Score:: Medium
CVE:: 2024-1584

Plugin:: AGCA – Custom Dashboard & Login Page
Plugin Slug:: ag-custom-admin
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.2.2
Severity Score:: Medium
CVE:: 2024-2907

Plugin:: Popup Box – Best WordPress Popup Plugin
Plugin Slug:: ays-popup-box
Installations: 30,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.3.7
Severity Score:: Medium
CVE:: 2024-3897

Plugin:: FV Flowplayer Video Player
Plugin Slug:: fv-wordpress-flowplayer
Installations: 30,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 7.5.45.7212
Severity Score:: Medium
CVE:: 2024-32955

Plugin:: Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor
Plugin Slug:: master-addons
Installations: 30,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.0.5.6
Severity Score:: Medium
CVE:: 2024-33595

Plugin:: Timetable and Event Schedule by MotoPress
Plugin Slug:: mp-timetable
Installations: 30,000+
Vulnerability:: SQL Injection
Patched in Version:: 2.4.12
Severity Score:: High
CVE:: 2024-3342

Plugin:: Social Sharing Plugin – Social Warfare
Plugin Slug:: social-warfare
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.4.6.2
Severity Score:: Medium
CVE:: 2024-1959

Plugin:: VOD Infomaniak
Plugin Slug:: vod-infomaniak
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.7
Severity Score:: High
CVE:: 2024-33571

Plugin:: WP Google Review Slider
Plugin Slug:: wp-google-places-review-slider
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 13.6
Severity Score:: Medium
CVE:: 2024-2310

Plugin:: Hide Dashboard Notifications
Plugin Slug:: wp-hide-backed-notices
Installations: 30,000+
Vulnerability:: Bypass Vulnerability
Patched in Version:: 1.3
Severity Score:: Medium
CVE:: 2024-33683

Plugin:: Appointment Hour Booking – WordPress Booking Plugin
Plugin Slug:: appointment-hour-booking
Installations: 20,000+
Vulnerability:: Other Vulnerability Type
Patched in Version:: 1.4.57
Severity Score:: Medium
CVE:: 2024-32720

Plugin:: Payment Gateway Based Fees and Discounts for WooCommerce
Plugin Slug:: checkout-fees-for-woocommerce
Installations: 20,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.12.2
Severity Score:: Medium
CVE:: 2024-33585

Plugin:: Data Tables Generator by Supsystic
Plugin Slug:: data-tables-generator-by-supsystic
Installations: 20,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.10.32
Severity Score:: Medium
CVE:: 2024-32829

Plugin:: Photo Gallery – GT3 Image Gallery & Gutenberg Block Gallery
Plugin Slug:: gt3-photo-video-gallery
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.7.7.22
Severity Score:: Medium
CVE:: 2024-4035

Plugin:: Pricing Table by Supsystic
Plugin Slug:: pricing-table-by-supsystic
Installations: 20,000+
Vulnerability:: Content Injection
Patched in Version:: 1.9.13
Severity Score:: Medium
CVE:: 2024-32790

Plugin:: Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers
Plugin Slug:: rafflepress
Installations: 20,000+
Vulnerability:: Bypass Vulnerability
Patched in Version:: 1.12.11
Severity Score:: Medium
CVE:: 2024-32827

Plugin:: Rate My Post – Star Rating Plugin by FeedbackWP
Plugin Slug:: rate-my-post
Installations: 20,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 3.4.5
Severity Score:: Medium
CVE:: 2024-32823

Plugin:: Secure Copy Content Protection and Content Locking
Plugin Slug:: secure-copy-content-protection
Installations: 20,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.9.1
Severity Score:: Medium
CVE:: 2024-33587

Plugin:: Secure Copy Content Protection and Content Locking
Plugin Slug:: secure-copy-content-protection
Installations: 20,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.7.2
Severity Score:: Medium
CVE:: 2024-32787

Plugin:: Social Share Icons & Social Share Buttons
Plugin Slug:: ultimate-social-media-plus
Installations: 20,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.6.2
Severity Score:: Medium
CVE:: 2024-31435

Plugin:: Social Share Icons & Social Share Buttons
Plugin Slug:: ultimate-social-media-plus
Installations: 20,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.6.3
Severity Score:: Medium
CVE:: 2024-32820

Plugin:: Video Conferencing with Zoom
Plugin Slug:: video-conferencing-with-zoom-api
Installations: 20,000+
Vulnerability:: Open Redirection
Patched in Version:: 4.4.5
Severity Score:: Medium
CVE:: 2024-33584

Plugin:: Product Addons & Fields for WooCommerce
Plugin Slug:: woocommerce-product-addon
Installations: 20,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 32.0.19
Severity Score:: Critical
CVE:: 2024-3962

Plugin:: Brevo for WooCommerce
Plugin Slug:: woocommerce-sendinblue-newsletter-subscription
Installations: 20,000+
Vulnerability:: Arbitrary File Download
Patched in Version:: 4.0.18
Severity Score:: High
CVE:: 2024-32807

Plugin:: WPZOOM Addons for Elementor (Templates, Widgets)
Plugin Slug:: wpzoom-elementor-addons
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.36
Severity Score:: Medium
CVE:: 2024-33539

Plugin:: Advanced Floating Content Lite
Plugin Slug:: advanced-floating-content-lite
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.6
Severity Score:: Medium
CVE:: 2024-32723

Plugin:: Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss
Plugin Slug:: bp-better-messages
Installations: 10,000+
Vulnerability:: Broken Authentication
Patched in Version:: 2.4.33
Severity Score:: Medium
CVE:: 2024-32802

Plugin:: rtMedia for WordPress, BuddyPress and bbPress
Plugin Slug:: buddypress-media
Installations: 10,000+
Vulnerability:: SQL Injection
Patched in Version:: 4.6.19
Severity Score:: High
CVE:: 2024-3293

Plugin:: Classified Listing – Classified ads & Business Directory Plugin
Plugin Slug:: classified-listing
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.0.11
Severity Score:: Medium
CVE:: 2024-3893

Plugin:: Directorist – WordPress Business Directory Plugin with Classified Ads Listings
Plugin Slug:: directorist
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 7.9.0
Severity Score:: Medium
CVE:: 2024-33929

Plugin:: Elespare – Blog, Magazine and Newspaper Addons for Elementor with Templates, Widgets, Kits, and Header/Footer Builder. One Click Import: No Coding Required!
Plugin Slug:: elespare
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.1.3
Severity Score:: Medium
CVE:: 2024-0900

Plugin:: Email Customizer for WooCommerce | Drag and Drop Email Templates Builder
Plugin Slug:: email-customizer-for-woocommerce
Installations: 10,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.6.1
Severity Score:: High
CVE:: 2024-32781

Plugin:: GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress
Plugin Slug:: gamipress
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 6.8.9
Severity Score:: Low
CVE:: 2024-2505

Plugin:: GeoDirectory – WordPress Business Directory Plugin, or Classified Directory
Plugin Slug:: geodirectory
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.3.49
Severity Score:: Medium
CVE:: 2024-3732

Plugin:: SSL Mixed Content Fix
Plugin Slug:: http-https-remover
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.2.7
Severity Score:: Medium
CVE:: 2024-31435

Plugin:: List Custom Taxonomy Widget
Plugin Slug:: list-custom-taxonomy-widget
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.2
Severity Score:: Medium
CVE:: 2024-32833

Plugin:: Page Builder: Live Composer
Plugin Slug:: live-composer-page-builder
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.5.39
Severity Score:: Medium
CVE:: 2024-32957

Plugin:: myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin
Plugin Slug:: mycred
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.4
Severity Score:: Medium
CVE:: 2024-32711

Plugin:: Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction
Plugin Slug:: paid-member-subscriptions
Installations: 10,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.11.1
Severity Score:: Medium
CVE:: 2024-32728

Plugin:: Pop-up
Plugin Slug:: pop-up-pop-up
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.2.4
Severity Score:: Medium
CVE:: 2024-31435

Plugin:: Five Star Restaurant Reservations – WordPress Booking Plugin
Plugin Slug:: restaurant-reservations
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.6.17
Severity Score:: Medium
CVE:: 2024-33596

Plugin:: ReviewX – Multi-criteria Rating & Reviews for WooCommerce
Plugin Slug:: reviewx
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.6.22
Severity Score:: Medium
CVE:: 2024-33921

Plugin:: RomethemeKit For Elementor
Plugin Slug:: rometheme-for-elementor
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.4.2
Severity Score:: Medium
CVE:: 2024-33919

Plugin:: RomethemeKit For Elementor
Plugin Slug:: rometheme-for-elementor
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4.2
Severity Score:: Medium
CVE:: 2024-32956

Plugin:: Send PDF for Contact Form 7
Plugin Slug:: send-pdf-for-contact-form-7
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.0.2.4
Severity Score:: Medium
CVE:: 2024-3585

Plugin:: Social Share Buttons, Social Sharing Icons, Click to Tweet — Social Media Plugin by Social Snap
Plugin Slug:: socialsnap
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.3.6
Severity Score:: Medium
CVE:: 2024-32805

Plugin:: Ultimate Posts Widget
Plugin Slug:: ultimate-posts-widget
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.3.0
Severity Score:: Medium
CVE:: 2024-31435

Plugin:: Easy Accept Payments via PayPal
Plugin Slug:: wordpress-easy-paypal-payment-or-donation-accept-plugin
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.0
Severity Score:: High
CVE:: 2024-33591

Plugin:: WP Datepicker
Plugin Slug:: wp-datepicker
Installations: 10,000+
Vulnerability:: Privilege Escalation
Patched in Version:: 2.1.1
Severity Score:: High
CVE:: 2024-3895

Plugin:: SchedulePress – Best Editorial Calendar, Missed Schedule & Auto Social Share
Plugin Slug:: wp-scheduled-posts
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.0.9
Severity Score:: Medium
CVE:: 2024-32717

Plugin:: WP Travel Engine – Best Travel Booking WordPress Plugin
Plugin Slug:: wp-travel-engine
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.8.1
Severity Score:: High
CVE:: 2024-32798

Plugin:: Arconix FAQ
Plugin Slug:: arconix-faq
Installations: 9,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.9.4
Severity Score:: Medium
CVE:: 2024-4233

Plugin:: FG Joomla to WordPress
Plugin Slug:: fg-joomla-to-wordpress
Installations: 9,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 4.21.0
Severity Score:: Medium
CVE:: 2024-32788

Plugin:: RomethemeForm For Elementor
Plugin Slug:: romethemeform
Installations: 9,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.1.3
Severity Score:: Medium
CVE:: 2024-32727

Plugin:: Smart Forms – when you need more than just a contact form
Plugin Slug:: smart-forms
Installations: 9,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.96
Severity Score:: Medium
CVE:: 2024-1905

Plugin:: Smart Forms – when you need more than just a contact form
Plugin Slug:: smart-forms
Installations: 9,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.6.92
Severity Score:: Medium
CVE:: 2024-33593

Plugin:: WP LinkedIn Auto Publish
Plugin Slug:: wp-linkedin-auto-publish
Installations: 9,000+
Vulnerability:: Broken Access Control
Patched in Version:: 8.12
Severity Score:: Medium
CVE:: 2024-32797

Plugin:: WordPress Backup & Migration
Plugin Slug:: wp-migration-duplicator
Installations: 9,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.4.9
Severity Score:: Medium
CVE:: 2024-3546

Plugin:: ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup
Plugin Slug:: armember-membership
Installations: 8,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.0.29
Severity Score:: Critical
CVE:: 2024-32948

Plugin:: Maintenance Mode
Plugin Slug:: hkdev-maintenance-mode
Installations: 8,000+
Vulnerability:: Bypass Vulnerability
Patched in Version:: 3.0.2
Severity Score:: Low
CVE:: 2024-32708

Plugin:: WPC Composite Products for WooCommerce
Plugin Slug:: wpc-composite-products
Installations: 8,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.2.8
Severity Score:: Medium
CVE:: 2024-2838

Plugin:: ProfileGrid – User Profiles, Memberships, Groups and Communities
Plugin Slug:: profilegrid-user-profiles-groups-and-communities
Installations: 7,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 5.8.0
Severity Score:: Medium
CVE:: 2024-32808

Plugin:: ProfileGrid – User Profiles, Memberships, Groups and Communities
Plugin Slug:: profilegrid-user-profiles-groups-and-communities
Installations: 7,000+
Vulnerability:: Bypass Vulnerability
Patched in Version:: 5.8.3
Severity Score:: Medium
CVE:: 2024-32774

Plugin:: ProfileGrid – User Profiles, Memberships, Groups and Communities
Plugin Slug:: profilegrid-user-profiles-groups-and-communities
Installations: 7,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 5.8.0
Severity Score:: Medium
CVE:: 2024-32772

Plugin:: The Plus Blocks for Block Editor | Gutenberg
Plugin Slug:: the-plus-addons-for-block-editor
Installations: 7,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.2.6
Severity Score:: Medium
CVE:: 2024-33572

Plugin:: Better Elementor Addons
Plugin Slug:: better-elementor-addons
Installations: 6,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 1.4.2
Severity Score:: Medium
CVE:: 2024-33541

Plugin:: Easy Property Listings
Plugin Slug:: easy-property-listings
Installations: 6,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.5.4
Severity Score:: Medium
CVE:: 2024-32799

Plugin:: Image Slider
Plugin Slug:: image-slider-widget
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.127
Severity Score:: Medium
CVE:: 2024-32707

Plugin:: Integrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files into Your WordPress Site
Plugin Slug:: integrate-google-drive
Installations: 6,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.3.91
Severity Score:: High
CVE:: 2024-32949

Plugin:: Integrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files into Your WordPress Site
Plugin Slug:: integrate-google-drive
Installations: 6,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.3.91
Severity Score:: Medium
CVE:: 2024-32813

Plugin:: Print My Blog – Print, PDF, & eBook Converter WordPress Plugin
Plugin Slug:: print-my-blog
Installations: 6,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.26.3
Severity Score:: Medium
CVE:: 2024-33907

Plugin:: Radio Player – Live Shoutcast, Icecast and Any Audio Stream Player for WordPress
Plugin Slug:: radio-player
Installations: 6,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 2.0.74
Severity Score:: Medium
CVE:: 2024-33592

Plugin:: Arconix Shortcodes
Plugin Slug:: arconix-shortcodes
Installations: 5,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.1.11
Severity Score:: Medium
CVE:: 2024-4233

Plugin:: Assistant – Every Day Productivity Apps
Plugin Slug:: assistant
Installations: 5,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.4.9.2
Severity Score:: Medium
CVE:: 2024-33538

Plugin:: Podlove Podcast Publisher
Plugin Slug:: podlove-podcasting-plugin-for-wordpress
Installations: 5,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 4.0.12
Severity Score:: Medium
CVE:: 2024-32812

Plugin:: Podlove Podcast Publisher
Plugin Slug:: podlove-podcasting-plugin-for-wordpress
Installations: 5,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.0.15
Severity Score:: High
CVE:: 2024-32712

Plugin:: Salon booking system
Plugin Slug:: salon-booking-system
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 9.6.6
Severity Score:: Medium
CVE:: 2024-2603

Plugin:: Salon booking system
Plugin Slug:: salon-booking-system
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 9.6.6
Severity Score:: Medium
CVE:: 2024-2439

Plugin:: Salon booking system
Plugin Slug:: salon-booking-system
Installations: 5,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 9.6.6
Severity Score:: Medium
CVE:: 2024-2429

Plugin:: Ultimate 410 Gone Status Code
Plugin Slug:: ultimate-410
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.5
Severity Score:: Medium
CVE:: 2024-3677

Plugin:: Advanced Local Pickup for WooCommerce
Plugin Slug:: advanced-local-pickup-for-woocommerce
Installations: 4,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.6.2
Severity Score:: Medium
CVE:: 2024-32814

Plugin:: Embed Google Photos album
Plugin Slug:: embed-google-photos-album-easily
Installations: 4,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 2.2.1
Severity Score:: Medium
CVE:: 2024-32775

Plugin:: Import WP – Export and Import CSV and XML files to WordPress
Plugin Slug:: jc-importer
Installations: 4,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 2.13.1
Severity Score:: Medium
CVE:: 2023-7253

Plugin:: Tickera – WordPress Event Ticketing
Plugin Slug:: tickera-event-ticketing-system
Installations: 4,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 3.5.2.5
Severity Score:: Medium
CVE:: 2023-7252

Plugin:: VikRentCar Car Rental Management System
Plugin Slug:: vikrentcar
Installations: 4,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.3.3
Severity Score:: Medium
CVE:: 2024-32780

Plugin:: WP ADA Compliance Check Basic – Most Comprehensive Web Accessibility Solution for WordPress
Plugin Slug:: wp-ada-compliance-check-basic
Installations: 4,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.1.4
Severity Score:: Medium
CVE:: 2024-32947

Plugin:: WP Fusion Lite – Marketing Automation and CRM Integration for WordPress
Plugin Slug:: wp-fusion-lite
Installations: 4,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 3.43.0
Severity Score:: Medium
CVE:: 2024-32796

Plugin:: Coupon & Discount Code Reveal Button
Plugin Slug:: coupon-reveal-button
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.6
Severity Score:: Medium
CVE:: 2024-32722

Plugin:: Debug Log Manager
Plugin Slug:: debug-log-manager
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.3.2
Severity Score:: Medium
CVE:: 2024-33915

Plugin:: Newsletters
Plugin Slug:: newsletters-lite
Installations: 3,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 4.9.6
Severity Score:: Critical
CVE:: 2024-32954

Plugin:: Newsletters
Plugin Slug:: newsletters-lite
Installations: 3,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 4.9.6
Severity Score:: High
CVE:: 2024-32953

Plugin:: PropertyHive
Plugin Slug:: propertyhive
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.0.13
Severity Score:: Medium
CVE:: 2024-3607

Plugin:: Vision – Image Map Builder
Plugin Slug:: vision
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.7.2
Severity Score:: Medium
CVE:: 2024-32779

Plugin:: Widget Post Slider
Plugin Slug:: widget-post-slider
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.6
Severity Score:: Medium
CVE:: 2024-32801

Plugin:: WP-Lister Lite for eBay
Plugin Slug:: wp-lister-for-ebay
Installations: 3,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 3.6.0
Severity Score:: Critical
CVE:: 2024-32836

Plugin:: WP-Recall – Registration, Profile, Commerce & More
Plugin Slug:: wp-recall
Installations: 3,000+
Vulnerability:: SQL Injection
Patched in Version:: 16.26.6
Severity Score:: High
CVE:: 2024-32710

Plugin:: WP-Recall – Registration, Profile, Commerce & More
Plugin Slug:: wp-recall
Installations: 3,000+
Vulnerability:: SQL Injection
Patched in Version:: 16.26.6
Severity Score:: Critical
CVE:: 2024-32709

Plugin:: Accessibility Widget
Plugin Slug:: accessibility-widget
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.1
Severity Score:: Medium
CVE:: 2024-32831

Plugin:: Advanced Testimonial Carousel for Elementor
Plugin Slug:: advanced-testimonial-carousel-for-elementor
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.0.1
Severity Score:: Medium
CVE:: 2024-32783

Plugin:: All-in-one Like Widget
Plugin Slug:: all-in-one-facebook-like-widget
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.8
Severity Score:: Medium
CVE:: 2024-32815

Plugin:: Knowledge Base documentation & wiki plugin – BasePress Docs
Plugin Slug:: basepress
Installations: 2,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 2.16.2.1
Severity Score:: Medium
CVE:: 2024-33590

Plugin:: Knowledge Base documentation & wiki plugin – BasePress Docs
Plugin Slug:: basepress
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.16.2.1
Severity Score:: Medium
CVE:: 2024-33588

Plugin:: CookieHub – Cookie Consent Banner (DSGVO, CCPA, RGPD and GDPR compliance)
Plugin Slug:: cookiehub
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.1.1
Severity Score:: Medium
CVE:: 2024-32784

Plugin:: Custom field finder
Plugin Slug:: custom-field-finder
Installations: 2,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 0.4
Severity Score:: Medium
CVE:: 2024-33641

Plugin:: RSS Redirect & Feedburner Alternative
Plugin Slug:: feedburner-alternative-and-rss-redirect
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.0
Severity Score:: Medium
CVE:: 2024-31435

Plugin:: InstaWP Connect – 1-click WP Staging & Migration
Plugin Slug:: instawp-connect
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 0.1.0.25
Severity Score:: Medium
CVE:: 2024-32701

Plugin:: iPages Flipbook For WordPress
Plugin Slug:: ipages-flipbook
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.5.2
Severity Score:: Medium
CVE:: 2024-33909

Plugin:: The Pack Elementor addons (Header Footer & WooCommerce Builder, Template Library)
Plugin Slug:: the-pack-addon
Installations: 2,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.0.8.4
Severity Score:: High
CVE:: 2024-32785

Plugin:: The Pack Elementor addons (Header Footer & WooCommerce Builder, Template Library)
Plugin Slug:: the-pack-addon
Installations: 2,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 2.0.8.3
Severity Score:: Medium
CVE:: 2024-32718

Plugin:: User Meta – User Profile Builder and User management plugin
Plugin Slug:: user-meta
Installations: 2,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 3.1
Severity Score:: Medium
CVE:: 2024-33575

Plugin:: SuperFaktura WooCommerce
Plugin Slug:: woocommerce-superfaktura
Installations: 2,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 1.40.4
Severity Score:: Medium
CVE:: 2024-32803

Plugin:: Academy LMS – eLearning and online course solution for WordPress
Plugin Slug:: academy
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.9.17
Severity Score:: High
CVE:: 2024-33912

Plugin:: Academy LMS – eLearning and online course solution for WordPress
Plugin Slug:: academy
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.9.17
Severity Score:: Medium
CVE:: 2024-32714

Plugin:: ActiveDEMAND
Plugin Slug:: activedemand
Installations: 1,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 0.2.42
Severity Score:: Critical
CVE:: 2024-32809

Plugin:: Admin Bar Editor – Hide Toolbar by User Roles
Plugin Slug:: admin-bar
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.0.23
Severity Score:: Medium
CVE:: 2024-1716

Plugin:: AI Post Generator | AutoWriter
Plugin Slug:: ai-post-generator
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.4
Severity Score:: Medium
CVE:: 2024-32713

Plugin:: AppPresser – Mobile App Framework
Plugin Slug:: apppresser
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.3.1
Severity Score:: Medium
CVE:: 2024-32776

Plugin:: Booking Ultra Pro Appointments Booking Calendar Plugin
Plugin Slug:: booking-ultra-pro
Installations: 1,000+
Vulnerability:: Privilege Escalation
Patched in Version:: 1.1.13
Severity Score:: High
CVE:: 2024-32960

Plugin:: Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC)
Plugin Slug:: buddyforms
Installations: 1,000+
Vulnerability:: Arbitrary File Download
Patched in Version:: 2.8.9
Severity Score:: High
CVE:: 2024-32830

Plugin:: Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Competition Plugin for WordPress
Plugin Slug:: contest-gallery
Installations: 1,000+
Vulnerability:: Arbitrary File Deletion
Patched in Version:: 21.3.5
Severity Score:: High
CVE:: 2024-32778

Plugin:: ChatBot Conversational Forms
Plugin Slug:: conversational-forms
Installations: 1,000+
Vulnerability:: Arbitrary File Download
Patched in Version:: 1.2.0
Severity Score:: High
CVE:: 2024-32729

Plugin:: Culqi
Plugin Slug:: culqi-checkout
Installations: 1,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 3.0.15
Severity Score:: Medium
CVE:: 2024-32819

Plugin:: EPROLO Dropshipping
Plugin Slug:: eprolo-dropshipping
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.7.2
Severity Score:: Medium
CVE:: 2024-33573

Plugin:: USPS Shipping for WooCommerce – Live Rates
Plugin Slug:: flexible-shipping-usps
Installations: 1,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.10.0
Severity Score:: Medium
CVE:: 2024-32811

Plugin:: Headline Analyzer
Plugin Slug:: headline-analyzer
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.3.4
Severity Score:: Medium
CVE:: 2024-32806

Plugin:: KB Support – WordPress Help Desk and Knowledge Base
Plugin Slug:: kb-support
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.6.1
Severity Score:: Medium
CVE:: 2024-33589

Plugin:: Login with phone number
Plugin Slug:: login-with-phone-number
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.6.94
Severity Score:: Critical
CVE:: 2024-32832

Plugin:: BizPrint – Print WooCommerce Order Receipts, Invoices, Labels & More.
Plugin Slug:: print-google-cloud-print-gcp-woocommerce
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.5.4
Severity Score:: High
CVE:: 2024-32777

Plugin:: Radio Station by netmix® – Manage and play your Show Schedule in WordPress!
Plugin Slug:: radio-station
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.5.8
Severity Score:: Medium
CVE:: 2024-33689

Plugin:: Reviews Plus
Plugin Slug:: reviews-plus
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.3.5
Severity Score:: Medium
CVE:: 2024-32822

Plugin:: Save as PDF Plugin by Pdfcrowd
Plugin Slug:: save-as-pdf-by-pdfcrowd
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.2.1
Severity Score:: Medium
CVE:: 2024-33684

Plugin:: Seers | GDPR & CCPA Cookie Consent & Compliance
Plugin Slug:: seers-cookie-consent-banner-privacy-policy
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 8.1.1
Severity Score:: High
CVE:: 2024-32789

Plugin:: Image Optimizer, Resizer and CDN – Sirv
Plugin Slug:: sirv
Installations: 1,000+
Vulnerability:: Privilege Escalation
Patched in Version:: 7.2.3
Severity Score:: High
CVE:: 2024-32959

Plugin:: StreamWeasels Twitch Integration
Plugin Slug:: streamweasels-twitch-integration
Installations: 1,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.8.0
Severity Score:: Medium
CVE:: 2024-32716

Plugin:: Poll | Vote | Contest – Best Poll Plugin for WordPress
Plugin Slug:: totalpoll-lite
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.10.0
Severity Score:: Medium
CVE:: 2024-32821

Plugin:: Vitepos – Point of sale (POS) plugin for WooCommerce
Plugin Slug:: vitepos-lite
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.0.2
Severity Score:: Medium
CVE:: 2024-33574

Plugin:: WP Club Manager – WordPress Sports Club Plugin
Plugin Slug:: wp-club-manager
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.2.12
Severity Score:: Medium
CVE:: 2024-32719

Plugin:: WP GoToWebinar
Plugin Slug:: wp-gotowebinar
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 15.1
Severity Score:: Medium
CVE:: 2024-32804

Plugin:: MDTF – Meta Data and Taxonomies Filter
Plugin Slug:: wp-meta-data-filter-and-taxonomy-filter
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.3.3.1
Severity Score:: Medium
CVE:: 2024-32818

Plugin:: WP Time Slots Booking Form
Plugin Slug:: wp-time-slots-booking-form
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.2.07
Severity Score:: High
CVE:: 2024-33543

Plugin:: WPCal.io – Easy Meeting Scheduler
Plugin Slug:: wpcal
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 0.9.5.9
Severity Score:: Medium
CVE:: 2024-32795

Plugin:: WPPizza – A Restaurant Plugin
Plugin Slug:: wppizza
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.18.11
Severity Score:: Medium
CVE:: 2024-33576

Plugin:: Frontend Dashboard
Plugin Slug:: frontend-dashboard
Installations: 900+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.2.4
Severity Score:: High
CVE:: 2024-32726

Plugin:: Leaky Paywall
Plugin Slug:: leaky-paywall
Installations: 900+
Vulnerability:: Broken Access Control
Patched in Version:: 4.20.9
Severity Score:: High
CVE:: 2024-33594

Plugin:: Olive One Click Demo Import
Plugin Slug:: olive-one-click-demo-import
Installations: 900+
Vulnerability:: Arbitrary File Download
Patched in Version:: 1.1.2
Severity Score:: High
CVE:: 2024-32715

Plugin:: SharkDropship and Affiliate for AliExpress, eBay, Amazon, Etsy
Plugin Slug:: woo-aliexpress-dropshipping
Installations: 900+
Vulnerability:: Arbitrary Content Deletion
Patched in Version:: 2.1.2
Severity Score:: High
CVE:: 2024-32724

Plugin:: Barcode Scanner and Inventory manager. POS (Point of Sale) – scan barcodes & create orders with barcode reader.
Plugin Slug:: barcode-scanner-lite-pos-to-manage-products-inventory-and-orders
Installations: 800+
Vulnerability:: Privilege Escalation
Patched in Version:: 1.5.4
Severity Score:: Critical
CVE:: 2024-33567

Plugin:: Barcode Scanner and Inventory manager. POS (Point of Sale) – scan barcodes & create orders with barcode reader.
Plugin Slug:: barcode-scanner-lite-pos-to-manage-products-inventory-and-orders
Installations: 800+
Vulnerability:: Broken Access Control
Patched in Version:: 1.5.4
Severity Score:: Critical
CVE:: 2024-33565

Plugin:: Slash Admin
Plugin Slug:: slash-admin
Installations: 800+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.8.2
Severity Score:: High
CVE:: 2024-32958

Plugin:: Car Dealer (Dealership) and Vehicle sales
Plugin Slug:: cardealer
Installations: 700+
Vulnerability:: Content Injection
Patched in Version:: 4.16
Severity Score:: Low
CVE:: 2024-4214

Plugin:: ShortPixel Critical CSS
Plugin Slug:: shortpixel-critical-css
Installations: 700+
Vulnerability:: Broken Access Control
Patched in Version:: 1.0.3
Severity Score:: High
CVE:: 2024-32810

Plugin:: Admin and Customer Messages After Order for WooCommerce: OrderConvo
Plugin Slug:: admin-and-client-message-after-order-for-woocommerce
Installations: 500+
Vulnerability:: Broken Access Control
Patched in Version:: 12.5
Severity Score:: Critical
CVE:: 2024-33566

Plugin:: SSU – WordPress Amazon S3 & Wasabi Smart File Uploads Plugin
Plugin Slug:: wp-s3-smart-upload
Installations: 400+
Vulnerability:: Broken Access Control
Patched in Version:: 1.5.1
Severity Score:: High
CVE:: 2024-33597

Plugin:: Evergreen Content Poster – Auto Post and Schedule Your Best Content to Social Media
Plugin Slug:: evergreen-content-poster
Installations: 100+
Vulnerability:: Broken Access Control
Patched in Version:: 1.4.3
Severity Score:: Medium
CVE:: 2024-32824

Plugin:: Build 5 Star Reviews on Google Reviews, Yelp, Facebook… easily and risk-free | RRatingg
Plugin Slug:: 5-stars-rating-funnel
Installations: 40+
Vulnerability:: Broken Access Control
Patched in Version:: 1.3.02
Severity Score:: Medium
CVE:: 2024-32725

Plugin:: Better Comments
Plugin Slug:: better-comments
Installations: 20+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.6
Severity Score:: Medium
CVE:: 2024-2404

Plugin:: Better Comments
Plugin Slug:: better-comments
Installations: 20+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.6
Severity Score:: Medium
CVE:: 2024-2402

Plugin:: Header Footer Code Manager Pro
Plugin Slug:: 99robots-header-footer-code-manager-pro
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.17
Severity Score:: High
CVE:: 2024-3473

Plugin:: ARForms
Plugin Slug:: arforms
Vulnerability:: SQL Injection
Patched in Version:: 6.4.1
Severity Score:: High
CVE:: 2024-32706

Plugin:: ARForms
Plugin Slug:: arforms
Vulnerability:: Settings Change
Patched in Version:: 6.4.1
Severity Score:: High
CVE:: 2024-32705

Plugin:: ARForms
Plugin Slug:: arforms
Vulnerability:: Settings Change
Patched in Version:: 6.4.1
Severity Score:: High
CVE:: 2024-32704

Plugin:: ARForms
Plugin Slug:: arforms
Vulnerability:: Arbitrary File Deletion
Patched in Version:: 6.4.1
Severity Score:: High
CVE:: 2024-32703

Plugin:: ARForms
Plugin Slug:: arforms
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.4.1
Severity Score:: High
CVE:: 2024-32702

Plugin:: ARForms Form Builder
Plugin Slug:: arforms-form-builder
Vulnerability:: Broken Access Control
Patched in Version:: 1.6.5
Severity Score:: High
CVE:: 2024-1945

Plugin:: Digital Publications by Supsystic
Plugin Slug:: digital-publications-by-supsystic
Vulnerability:: Broken Access Control
Patched in Version:: 1.7.8
Severity Score:: Medium
CVE:: 2024-33910

Plugin:: ElementsKit Pro
Plugin Slug:: elementskit
Vulnerability:: Local File Inclusion
Patched in Version:: 3.6.1
Severity Score:: High
CVE:: 2024-3500

Plugin:: Fancy Product Designer
Plugin Slug:: fancy-product-designer
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.1.8
Severity Score:: High
CVE:: 2024-0905

Plugin:: Interactive World Maps
Plugin Slug:: interactive-world-maps
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.5
Severity Score:: High
CVE:: 2024-3681

Plugin:: Max Addons Pro for Bricks
Plugin Slug:: max-addons-pro-bricks
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.2
Severity Score:: High
CVE:: 2024-32952

Plugin:: Max Addons Pro for Bricks
Plugin Slug:: max-addons-pro-bricks
Vulnerability:: Settings Change
Patched in Version:: 1.6.2
Severity Score:: Medium
CVE:: 2024-32951

Plugin:: WooCommerce Shipping Label
Plugin Slug:: shipping-labels-for-woo
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.3.9
Severity Score:: Medium
CVE:: 2024-32834

Plugin:: WooCommerce Customers Manager
Plugin Slug:: woocommerce-customers-manager
Vulnerability:: Broken Access Control
Patched in Version:: 29.8
Severity Score:: Medium
CVE:: 2024-1756

Plugin:: WooCommerce Customers Manager
Plugin Slug:: woocommerce-customers-manager
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 29.8
Severity Score:: High
CVE:: 2024-1743

Plugin:: WP Media Category Management
Plugin Slug:: wp-media-category-management
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.3.0
Severity Score:: High
CVE:: 2024-32950

Plugin:: Wp Staging Pro
Plugin Slug:: wp-staging-pro
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 5.5.0
Severity Score:: Medium
CVE:: 2024-3682

WordPress Themes — 21 Patched / 7 Unpatched

Theme:: UDesign
Theme Slug:: u-design
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-4077

Theme:: XStore
Theme Slug:: xstore
Vulnerability:: Settings Change
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-33564

Theme:: XStore
Theme Slug:: xstore
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-33563

Theme:: XStore
Theme Slug:: xstore
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-33562

Theme:: XStore
Theme Slug:: xstore
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-33561

Theme:: XStore
Theme Slug:: xstore
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-33560

Theme:: XStore
Theme Slug:: xstore
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-33559

Theme:: Accountra
Theme Slug:: accountra
Downloads: 20,885
Vulnerability:: Broken Access Control
Patched in Version:: 1.0.4
Severity Score:: Medium
CVE:: 2024-33685

Theme:: Althea WP
Theme Slug:: althea-wp
Downloads: 52,642
Vulnerability:: Broken Access Control
Patched in Version:: 1.0.16
Severity Score:: Medium
CVE:: 2024-33686

Theme:: Blocksy
Theme Slug:: blocksy
Downloads: 3,113,676
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.40
Severity Score:: Medium
CVE:: 2024-3747

Theme:: Blocksy
Theme Slug:: blocksy
Downloads: 3,113,676
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.34
Severity Score:: Medium
CVE:: 2024-32961

Theme:: Brite
Theme Slug:: brite
Downloads: 125,207
Vulnerability:: Broken Access Control
Patched in Version:: 1.0.15
Severity Score:: Medium
CVE:: 2024-33686

Theme:: Colibri WP
Theme Slug:: colibri-wp
Downloads: 1,271,195
Vulnerability:: Broken Access Control
Patched in Version:: 1.0.99
Severity Score:: Medium
CVE:: 2024-33686

Theme:: ColorNews
Theme Slug:: colornews
Downloads: 266,626
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.7
Severity Score:: Medium
CVE:: 2024-33540

Theme:: Elevate WP
Theme Slug:: elevate-wp
Downloads: 70,130
Vulnerability:: Broken Access Control
Patched in Version:: 1.0.17
Severity Score:: Medium
CVE:: 2024-33686

Theme:: Financio
Theme Slug:: financio
Downloads: 17,197
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.1.4
Severity Score:: Medium
CVE:: 2024-33690

Theme:: Hugo WP
Theme Slug:: hugo-wp
Downloads: 59,334
Vulnerability:: Broken Access Control
Patched in Version:: 1.0.10
Severity Score:: Medium
CVE:: 2024-33686

Theme:: Intrace
Theme Slug:: intrace
Downloads: 84,888
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.1.1
Severity Score:: Medium
CVE:: 2024-33685

Theme:: Pathway
Theme Slug:: pathway
Downloads: 57,050
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.0.16
Severity Score:: Medium
CVE:: 2024-33686

Theme:: Photology
Theme Slug:: photology
Downloads: 17,339
Vulnerability:: Broken Access Control
Patched in Version:: 1.1.4
Severity Score:: Medium
CVE:: 2024-33685

Theme:: Royal Elementor Kit
Theme Slug:: royal-elementor-kit
Downloads: 461,793
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.0.117
Severity Score:: Medium
CVE:: 2024-32773

Theme:: Startupzy
Theme Slug:: startupzy
Downloads: 66,824
Vulnerability:: Broken Access Control
Patched in Version:: 1.1.2
Severity Score:: Medium
CVE:: 2024-33685

Theme:: Teluro
Theme Slug:: teluro
Downloads: 188,771
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.0.36
Severity Score:: Medium
CVE:: 2024-33688

Theme:: Travey
Theme Slug:: travey
Downloads: 17,666
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.0.5
Severity Score:: Medium
CVE:: 2024-33685

Theme:: Vertice
Theme Slug:: vertice
Downloads: 47,531
Vulnerability:: Broken Access Control
Patched in Version:: 1.0.11
Severity Score:: Medium
CVE:: 2024-33686

Theme:: Virtue
Theme Slug:: virtue
Downloads: 2,473,892
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.4.9
Severity Score:: Medium
CVE:: 2024-4034

Theme:: WP Portfolio
Theme Slug:: wp-portfolio
Downloads: 82,208
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.5
Severity Score:: Medium
CVE:: 2024-33537

Theme:: Zeever
Theme Slug:: zeever
Downloads: 208,788
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.1.1
Severity Score:: Medium
CVE:: 2024-33685

Solid Security is part of Solid Suite — The best foundation for WordPress websites.

Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!

Get Solid Security

Author:

Sarah Ulmer

Sarah has been with SolidWP since 2015. Thanks to her deep connection to the brand, its products, and its users, Sarah was tapped as Solid’s primary Product Marketer in 2023. Sarah helps ensure that Solid’s product development team understands our users’ needs. When not at work, Sarah can be found at home with her husband, their three boys, and their dogs. Sarah enjoys long family walks, running with her lab, and watching her three boys play soccer. Sarah is originally from Texas and loves watching football games (Go Longhorns!)

Browse all of Sarah's articles

Sign up

Placeholder text

Thanks

Oops something went wrong, please try submitting again

Solid Suite

Protect

Repair

Manage

Free Plugins

Solid Suite

Academy

Solid Academy

Guides

Livestreams

Tutorials Academy

Resources

Blog

Vulnerability Report

Support

Documentation

Table of Contents

WordPress Core

WordPress Plugins — 248 Patched / 21 Unpatched