WordPress Vulnerability Report — June 12, 2024

Since last week, 228 new vulnerabilities emerged in the WordPress ecosystem including 217 in themes and 11 in plugins. 60 of the vulnerable plugins remain unpatched, but Solid Security Pro users are protected by virtual patching from Patchstack.

Sarah

Published:Jun 12, 2024

Filed Under:WordPress Vulnerability Report

Reading Time:42 min.

In this report, 228 vulnerabilities have been publicly disclosed. Security patches for 168 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 60 plugin vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

Along with poor user account security, vulnerable plugins and themes are among the top reasons why WordPress websites get hacked. Unfortunately, cyberattacks are increasing in volume and sophistication. They’re also increasingly aimed at small to mid-sized businesses.

1. WordPress Core
2. WordPress Plugins — 157 Patched / 60 Unpatched

2.1 Woody code snippets – Insert Header Footer Code, AdSense Ads
2.2 Album and Image Gallery plus Lightbox
2.3 Insert or Embed Articulate Content into WordPress
2.4 KiviCare – Clinic & Patient Management System (EHR)
2.5 Weather Widget Pro
2.6 Admin Notices Manager
2.7 Authorize.net Payment Gateway For WooCommerce
2.8 Boostify Header Footer Builder for Elementor
2.9 BuddyPress Cover
2.10 BuddyForms
2.11 BuddyPress Members Only
2.12 Clever Addons for Elementor
2.13 Easy Social Like Box – Popup – Sidebar Widget
2.14 Under Construction / Maintenance Mode from Acurax
2.15 Contact Form Builder, Contact Widget
2.16 Cowidgets – Elementor Addons
2.17 Custom Dash
2.18 Download Attachments
2.19 EasyAzon
2.20 ElementsReady Addons for Elementor
2.21 Essential Real Estate
2.22 Essential Real Estate
2.23 Fluid Notification Bar
2.24 Frontend Registration – Contact Form 7
2.25 FS Product Inquiry
2.26 FS Product Inquiry
2.27 Responsive Image Gallery, Gallery Album
2.28 Google CSE
2.29 Insert Post Ads
2.30 MJ Update History
2.31 Nafeza Prayer Time
2.32 Netgsm
2.33 Ovic Importer
2.34 prettyPhoto
2.35 Restrict for Elementor
2.36 Rotating Tweets
2.37 SellKit
2.38 Simple COD Fees for WooCommerce
2.39 Simple Image Popup Shortcode
2.40 Social Link Pages
2.41 Social Login Lite For WooCommerce
2.42 Startklar Elementor Addons
2.43 Stellissimo Text Box
2.44 Strategery Migrations
2.45 TemplatesNext OnePager
2.46 The Moneytizer
2.47 The Moneytizer
2.48 Themesflat Addons For Elementor
2.49 Tooltip CK
2.50 Upload Fields for WPForms
2.51 Upunzipper
2.52 Claudio Sanches
2.53 WooCommerce Dropshipping
2.54 WP-DB-Table-Editor
2.55 SC filechecker
2.56 WP-Recall
2.57 WP-Recall
2.58 WP Translate
2.59 WPUpper Share Buttons
2.60 Easy Forms for Mailchimp
2.61 Advanced Custom Fields (ACF)
2.62 Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
2.63 WPS Hide Login
2.64 TablePress – Tables in WordPress made easy
2.65 WP Shortcodes Plugin — Shortcodes Ultimate
2.66 SiteOrigin Widgets Bundle
2.67 Newsletter – Send awesome emails from WordPress
2.68 Royal Elementor Addons and Templates
2.69 Royal Elementor Addons and Templates
2.70 WP Reset – Most Advanced WordPress Reset Tool
2.71 Photo Gallery by 10Web – Mobile-Friendly Image Gallery
2.72 Photo Gallery by 10Web – Mobile-Friendly Image Gallery
2.73 Qi Addons For Elementor
2.74 Qi Addons For Elementor
2.75 Unlimited Elements For Elementor (Free Widgets, Addons, Templates)
2.76 Unlimited Elements For Elementor (Free Widgets, Addons, Templates)
2.77 Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider)
2.78 Colibri Page Builder
2.79 Download Manager
2.80 GiveWP – Donation Plugin and Fundraising Platform
2.81 Newsletter, SMTP, Email marketing and Subscribe forms by Brevo (formely Sendinblue)
2.82 Minimal Coming Soon – Coming Soon Page
2.83 WP Mobile Menu – The Mobile-Friendly Responsive Menu
2.84 Strong Testimonials
2.85 The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce
2.86 GDPR/CCPA Cookie Consent Banner
2.87 Widget Options – The #1 WordPress Widget & Block Control Plugin
2.88 Widget Options – The #1 WordPress Widget & Block Control Plugin
2.89 WP Force SSL & HTTPS SSL Redirect
2.90 Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce
2.91 EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor
2.92 LearnPress – WordPress LMS Plugin
2.93 The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid
2.94 Brizy – Page Builder
2.95 Brizy – Page Builder
2.96 Tutor LMS – eLearning and online course solution
2.97 Comments – wpDiscuz
2.98 Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode & Coming Soon Pages
2.99 Clever Fox
2.100 Clever Fox
2.101 Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates)
2.102 CF7 Google Sheets Connector
2.103 Custom Field Template
2.104 Custom Field Template
2.105 Custom Field Template
2.106 Custom Field Template
2.107 Login/Signup Popup ( Inline Form + Woocommerce )
2.108 Login/Signup Popup ( Inline Form + Woocommerce )
2.109 Qi Blocks
2.110 Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker
2.111 Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy)
2.112 WP jQuery Lightbox
2.113 Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor
2.114 Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor
2.115 Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor
2.116 Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor
2.117 SureTriggers – Connect All Your Plugins, Apps, Tools & Automate Everything!
2.118 Visualizer: Tables and Charts Manager for WordPress
2.119 WooCommerce Tools
2.120 YITH WooCommerce Tab Manager
2.121 Bosa Elementor Addons and Templates for WooCommerce
2.122 Brave – Create Popup, Optins, Lead Generation, Survey, Sticky Elements & Interactive Content
2.123 Envo Extra
2.124 One Page Express Companion
2.125 Responsive Addons – Starter Templates, Advanced Features and Customizer Settings for Responsive Theme.
2.126 Product Addons & Fields for WooCommerce
2.127 WP Dark Mode – WordPress Dark Mode Plugin for Improved Accessibility, Dark Theme, Night Mode, and Social Sharing
2.128 Advanced Woo Labels – Product Labels for WooCommerce
2.129 Awesome Support – WordPress HelpDesk & Support Plugin
2.130 Countdown, Coming Soon, Maintenance – Countdown & Clock
2.131 LA-Studio Element Kit for Elementor
2.132 LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes
2.133 Link Library
2.134 Open Graph
2.135 Sensei LMS – Online Courses, Quizzes, & Learning
2.136 Weaver Xtreme Theme Support
2.137 YITH WooCommerce Product Add-Ons
2.138 BlockArt Blocks – Gutenberg Blocks, Page Builder Blocks ,WordPress Block Plugin, Sections & Template Library
2.139 Database Cleaner: Clean, Optimize & Repair
2.140 Materialis Companion
2.141 ElasticPress
2.142 YITH Custom Login
2.143 Five Star Restaurant Menu and Food Ordering
2.144 ProfileGrid – User Profiles, Groups and Communities
2.145 WS Form LITE – Drag & Drop Contact Form Builder for WordPress
2.146 MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution
2.147 Integrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files into Your WordPress Site
2.148 Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library )
2.149 Pure Chat – Live Chat & More!
2.150 Testimonial Carousel For Elementor
2.151 Wbcom Designs – Custom Font Uploader
2.152 Album Gallery – WordPress Gallery
2.153 Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery
2.154 Podlove Web Player
2.155 Salon Booking System
2.156 Shopping Cart & eCommerce Store
2.157 WPMobile.App — Android and iOS Mobile Application
2.158 Debug Log Manager
2.159 Kenta Blocks – Responsive Blocks and block templates library
2.160 Tickera – WordPress Event Ticketing
2.161 Auto Coupons for WooCommerce
2.162 Media Slider – Photo Slider, Video Slider, Link Slider, Carousal Slideshow
2.163 Mollie Forms
2.164 Newsletters
2.165 PropertyHive
2.166 Simple Ajax Chat – Add a Fast, Secure Chat Box
2.167 Slider Responsive Slideshow – Image slider, Gallery slideshow
2.168 Cards for Beaver Builder
2.169 Leyka
2.170 GDPR CCPA Compliance & Cookie Consent Banner
2.171 Active Products Tables for WooCommerce. Use constructor to create tables
2.172 RestroPress – Online Food Ordering System
2.173 Block for Font Awesome
2.174 Kognetiks Chatbot for WordPress
2.175 Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress
2.176 Copymatic – AI Content Writer & Generator
2.177 Dashboard To-Do List
2.178 Emergency Password Reset
2.179 Event Tickets with Ticket Scanner
2.180 Extra Product Options for WooCommerce
2.181 GamiPress – Link
2.182 Heateor Social Login WordPress
2.183 Heateor Social Login WordPress
2.184 HT Feed
2.185 Market Exporter
2.186 Recurring PayPal Donations
2.187 Save as PDF Plugin by Pdfcrowd
2.188 SKT Addons for Elementor
2.189 BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages
2.190 WP Docs
2.191 WP Docs
2.192 WP Flow Plus
2.193 WP Time Slots Booking Form
2.194 WP Time Slots Booking Form
2.195 12 Step Meeting List
2.196 MelaPress Login Security
2.197 Gutenberg Blocks and Page Layouts – Attire Blocks
2.198 Music Store – WordPress eCommerce
2.199 Advanced Custom Fields PRO
2.200 ARForms
2.201 ARForms
2.202 Boostify Header Footer Builder for Elementor
2.203 Buddyboss Platform
2.204 Essential Addons for Elementor Pro
2.205 Widget Options – Extended
2.206 Widget Options – Extended
2.207 GP Premium
2.208 Otter Blocks PRO
2.209 MegaMenu
2.210 tagDiv Composer
2.211 Checkout Field Editor for WooCommerce (Pro)
2.212 Sensei Pro (WC Paid Courses)
2.213 Sensei Pro (WC Paid Courses)
2.214 WP eMember
2.215 WP Visitors Tracker
2.216 WPvivid Backup for MainWP
2.217 WS Form Pro

3. WordPress Themes — 11 Patched / 0 Unpatched

3.1 Blocksy
3.2 Bloglo
3.3 Event
3.4 Formula
3.5 Formula
3.6 Idyllic
3.7 Pixgraphy
3.8 Responsive
3.9 Rife Free
3.10 Eduma
3.11 Radcliffe 2

Our WordPress Vulnerability Report covers the latest emerging WordPress plugin, theme, and core vulnerabilities. Each vulnerability will have a severity rating of Low, Medium, High, or Critical. Responsible disclosure of vulnerabilities is essential to keeping the WordPress community safe. Please share this report to help spread the word and make WordPress — and the web — more secure.

WordPress Core

WordPress 6.6 Beta 2 was released on June 11, 2024. This beta version of the WordPress software is under development. The target release date for WordPress 6.6 is July 16, 2024. Your help testing Beta and RC versions over the next five weeks is vital to making sure the final release is everything it should be: stable, powerful, and intuitive.

WordPress Plugins — 157 Patched / 60 Unpatched

Plugin:: Woody code snippets – Insert Header Footer Code, AdSense Ads
Plugin Slug:: insert-php
Installations: 70,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-35751

Plugin:: Album and Image Gallery plus Lightbox
Plugin Slug:: album-and-image-gallery-plus-lightbox
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-4194

Plugin:: Insert or Embed Articulate Content into WordPress
Plugin Slug:: insert-or-embed-articulate-content-into-wordpress
Installations: 3,000+
Vulnerability:: Content Injection
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-0756

Plugin:: KiviCare – Clinic & Patient Management System (EHR)
Plugin Slug:: kivicare-clinic-management-system
Installations: 2,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-35659

Plugin:: Weather Widget Pro
Plugin Slug:: weather-in-any-city-widget
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-35755

Plugin:: Admin Notices Manager
Plugin Slug:: admin-notices-manager
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-1717

Plugin:: Authorize.net Payment Gateway For WooCommerce
Plugin Slug:: authorizenet-payment-gateway-for-woocommerce
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-2382

Plugin:: Boostify Header Footer Builder for Elementor
Plugin Slug:: boostify-header-footer-builder
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-4788

Plugin:: BuddyPress Cover
Plugin Slug:: bp-cover
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-35746

Plugin:: BuddyForms
Plugin Slug:: buddyforms
Vulnerability:: Bypass Vulnerability
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-5149

Plugin:: BuddyPress Members Only
Plugin Slug:: buddypress-members-only
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-0972

Plugin:: Clever Addons for Elementor
Plugin Slug:: cafe-lite
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-2350

Plugin:: Easy Social Like Box – Popup – Sidebar Widget
Plugin Slug:: cardoza-facebook-like-box
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-5224

Plugin:: Under Construction / Maintenance Mode from Acurax
Plugin Slug:: coming-soon-maintenance-mode-from-acurax
Vulnerability:: Bypass Vulnerability
Patched in Version:: No Fix
Severity Score:: Low
CVE:: 2024-35749

Plugin:: Contact Form Builder, Contact Widget
Plugin Slug:: contact-forms-builder
Vulnerability:: Bypass Vulnerability
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-35747

Plugin:: Cowidgets – Elementor Addons
Plugin Slug:: cowidgets-elementor-addons
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-35782

Plugin:: Custom Dash
Plugin Slug:: custom-dash
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-4942

Plugin:: Download Attachments
Plugin Slug:: download-attachments
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-3230

Plugin:: EasyAzon
Plugin Slug:: easyazon
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2023-6956

Plugin:: ElementsReady Addons for Elementor
Plugin Slug:: element-ready-lite
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-5152

Plugin:: Essential Real Estate
Plugin Slug:: essential-real-estate
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-4273

Plugin:: Essential Real Estate
Plugin Slug:: essential-real-estate
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-4274

Plugin:: Fluid Notification Bar
Plugin Slug:: fluid-notification-bar
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-3031

Plugin:: Frontend Registration – Contact Form 7
Plugin Slug:: frontend-registration-contact-form-7
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-4870

Plugin:: FS Product Inquiry
Plugin Slug:: fs-product-inquiry
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-4857

Plugin:: FS Product Inquiry
Plugin Slug:: fs-product-inquiry
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-4856

Plugin:: Responsive Image Gallery, Gallery Album
Plugin Slug:: gallery-album
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-35750

Plugin:: Google CSE
Plugin Slug:: google-cse
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-4755

Plugin:: Insert Post Ads
Plugin Slug:: insert-post-ads
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-35665

Plugin:: MJ Update History
Plugin Slug:: mj-update-history
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-35671

Plugin:: Nafeza Prayer Time
Plugin Slug:: nafeza-prayer-time
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-4462

Plugin:: Netgsm
Plugin Slug:: netgsm
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-35672

Plugin:: Ovic Importer
Plugin Slug:: ovic-import-demo
Vulnerability:: Arbitrary File Download
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-35754

Plugin:: prettyPhoto
Plugin Slug:: prettyphoto
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-5162

Plugin:: Restrict for Elementor
Plugin Slug:: restrict-for-elementor
Vulnerability:: Bypass Vulnerability
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-0910

Plugin:: Rotating Tweets
Plugin Slug:: rotatingtweets
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-5141

Plugin:: SellKit
Plugin Slug:: sellkit
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-4608

Plugin:: Simple COD Fees for WooCommerce
Plugin Slug:: simple-cod-fee-for-woocommerce
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-35662

Plugin:: Simple Image Popup Shortcode
Plugin Slug:: simple-image-popup-shortcode
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-5342

Plugin:: Social Link Pages
Plugin Slug:: social-link-pages
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-3555

Plugin:: Social Login Lite For WooCommerce
Plugin Slug:: social-login-lite-for-woocommerce
Vulnerability:: Broken Authentication
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-4552

Plugin:: Startklar Elementor Addons
Plugin Slug:: startklar-elmentor-forms-extwidgets
Vulnerability:: Arbitrary File Deletion
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-5153

Plugin:: Stellissimo Text Box
Plugin Slug:: stellissimo-text-box
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-35752

Plugin:: Strategery Migrations
Plugin Slug:: strategery-migrations
Vulnerability:: Arbitrary File Download
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-35745

Plugin:: TemplatesNext OnePager
Plugin Slug:: templatesnext-onepager
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-35753

Plugin:: The Moneytizer
Plugin Slug:: the-moneytizer
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2023-6966

Plugin:: The Moneytizer
Plugin Slug:: the-moneytizer
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2023-6968

Plugin:: Themesflat Addons For Elementor
Plugin Slug:: themesflat-addons-for-elementor
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-35666

Plugin:: Tooltip CK
Plugin Slug:: tooltip-ck
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-35756

Plugin:: Upload Fields for WPForms
Plugin Slug:: upload-fields-for-wpforms
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-35661

Plugin:: Upunzipper
Plugin Slug:: upunzipper
Vulnerability:: Arbitrary File Deletion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-35744

Plugin:: Claudio Sanches
Plugin Slug:: woocommerce-checkout-cielo
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-1718

Plugin:: WooCommerce Dropshipping
Plugin Slug:: woocommerce-dropshipping
Vulnerability:: Content Spoofing
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-35748

Plugin:: WP-DB-Table-Editor
Plugin Slug:: wp-db-table-editor
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-2019

Plugin:: SC filechecker
Plugin Slug:: wp-file-checker
Vulnerability:: Arbitrary File Deletion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-35743

Plugin:: WP-Recall
Plugin Slug:: wp-recall
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-1175

Plugin:: WP-Recall
Plugin Slug:: wp-recall
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-35657

Plugin:: WP Translate
Plugin Slug:: wp-translate
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-35663

Plugin:: WPUpper Share Buttons
Plugin Slug:: wpupper-share-buttons
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-4997

Plugin:: Easy Forms for Mailchimp
Plugin Slug:: yikes-inc-easy-mailchimp-extender
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-35742

Plugin:: Advanced Custom Fields (ACF)
Plugin Slug:: advanced-custom-fields
Installations: 2,000,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 6.3
Severity Score:: Medium
CVE:: 2024-4565

Plugin:: Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
Plugin Slug:: essential-addons-for-elementor-lite
Installations: 2,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.9.23
Severity Score:: Medium
CVE:: 2024-5188

Plugin:: WPS Hide Login
Plugin Slug:: wps-hide-login
Installations: 1,000,000+
Vulnerability:: Bypass Vulnerability
Patched in Version:: 1.9.16
Severity Score:: Medium
CVE:: 2024-2473

Plugin:: TablePress – Tables in WordPress made easy
Plugin Slug:: tablepress
Installations: 800,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 2.3.2
Severity Score:: Medium
CVE:: 2024-4354

Plugin:: WP Shortcodes Plugin — Shortcodes Ultimate
Plugin Slug:: shortcodes-ultimate
Installations: 600,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.1.7
Severity Score:: Medium
CVE:: 2024-4821

Plugin:: SiteOrigin Widgets Bundle
Plugin Slug:: so-widgets-bundle
Installations: 600,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.62.0
Severity Score:: Medium
CVE:: 2024-5090

Plugin:: Newsletter – Send awesome emails from WordPress
Plugin Slug:: newsletter
Installations: 300,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 8.3.5
Severity Score:: High
CVE:: 2024-5317

Plugin:: Royal Elementor Addons and Templates
Plugin Slug:: royal-elementor-addons
Installations: 300,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.977
Severity Score:: Medium
CVE:: 2024-4489

Plugin:: Royal Elementor Addons and Templates
Plugin Slug:: royal-elementor-addons
Installations: 300,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.977
Severity Score:: Medium
CVE:: 2024-4488

Plugin:: WP Reset – Most Advanced WordPress Reset Tool
Plugin Slug:: wp-reset
Installations: 300,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.03
Severity Score:: Medium
CVE:: 2024-4661

Plugin:: Photo Gallery by 10Web – Mobile-Friendly Image Gallery
Plugin Slug:: photo-gallery
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8.24
Severity Score:: Medium
CVE:: 2024-5426

Plugin:: Photo Gallery by 10Web – Mobile-Friendly Image Gallery
Plugin Slug:: photo-gallery
Installations: 200,000+
Vulnerability:: Path Traversal
Patched in Version:: 1.8.24
Severity Score:: Medium
CVE:: 2024-5481

Plugin:: Qi Addons For Elementor
Plugin Slug:: qi-addons-for-elementor
Installations: 200,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 1.7.3
Severity Score:: High
CVE:: 2024-4887

Plugin:: Qi Addons For Elementor
Plugin Slug:: qi-addons-for-elementor
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.7.3
Severity Score:: Medium
CVE:: 2024-4364

Plugin:: Unlimited Elements For Elementor (Free Widgets, Addons, Templates)
Plugin Slug:: unlimited-elements-for-elementor
Installations: 200,000+
Vulnerability:: SQL Injection
Patched in Version:: 1.5.110
Severity Score:: High
CVE:: 2024-5329

Plugin:: Unlimited Elements For Elementor (Free Widgets, Addons, Templates)
Plugin Slug:: unlimited-elements-for-elementor
Installations: 200,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.5.110
Severity Score:: Medium
CVE:: 2024-35674

Plugin:: Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider)
Plugin Slug:: bdthemes-prime-slider-lite
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.14.8
Severity Score:: Medium
CVE:: 2024-5640

Plugin:: Colibri Page Builder
Plugin Slug:: colibri-page-builder
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.277
Severity Score:: Medium
CVE:: 2024-5038

Plugin:: Download Manager
Plugin Slug:: download-manager
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.94
Severity Score:: Medium
CVE:: 2024-4001

Plugin:: GiveWP – Donation Plugin and Fundraising Platform
Plugin Slug:: give
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.12.1
Severity Score:: High
CVE:: 2024-35679

Plugin:: Newsletter, SMTP, Email marketing and Subscribe forms by Brevo (formely Sendinblue)
Plugin Slug:: mailin
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1.78
Severity Score:: High
CVE:: 2024-35668

Plugin:: Minimal Coming Soon – Coming Soon Page
Plugin Slug:: minimal-coming-soon-maintenance-mode
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.39
Severity Score:: Medium
CVE:: 2024-5087

Plugin:: WP Mobile Menu – The Mobile-Friendly Responsive Menu
Plugin Slug:: mobile-menu
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.8.4.3
Severity Score:: Medium
CVE:: 2024-3987

Plugin:: Strong Testimonials
Plugin Slug:: strong-testimonials
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.1.13
Severity Score:: Medium
CVE:: 2023-6491

Plugin:: The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce
Plugin Slug:: the-plus-addons-for-elementor-page-builder
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.5.5
Severity Score:: Medium
CVE:: 2024-35709

Plugin:: GDPR/CCPA Cookie Consent Banner
Plugin Slug:: uk-cookie-consent
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.2.1
Severity Score:: Medium
CVE:: 2024-35692

Plugin:: Widget Options – The #1 WordPress Widget & Block Control Plugin
Plugin Slug:: widget-options
Installations: 100,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 4.0.2
Severity Score:: Medium
CVE:: 2024-35690

Plugin:: Widget Options – The #1 WordPress Widget & Block Control Plugin
Plugin Slug:: widget-options
Installations: 100,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 4.0.2
Severity Score:: Medium
CVE:: 2024-35690

Plugin:: WP Force SSL & HTTPS SSL Redirect
Plugin Slug:: wp-force-ssl
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.67
Severity Score:: Medium
CVE:: 2024-5770

Plugin:: Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce
Plugin Slug:: email-subscribers
Installations: 90,000+
Vulnerability:: SQL Injection
Patched in Version:: 5.7.21
Severity Score:: Critical
CVE:: 2024-4295

Plugin:: EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor
Plugin Slug:: embedpress
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.0.2
Severity Score:: Medium
CVE:: 2024-5571

Plugin:: LearnPress – WordPress LMS Plugin
Plugin Slug:: learnpress
Installations: 90,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 4.2.6.8.1
Severity Score:: Medium
CVE:: 2024-5483

Plugin:: The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid
Plugin Slug:: the-post-grid
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.7.2
Severity Score:: Medium
CVE:: 2024-35739

Plugin:: Brizy – Page Builder
Plugin Slug:: brizy
Installations: 80,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.44
Severity Score:: Medium
CVE:: 2024-3667

Plugin:: Brizy – Page Builder
Plugin Slug:: brizy
Installations: 80,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.44
Severity Score:: High
CVE:: 2024-2087

Plugin:: Tutor LMS – eLearning and online course solution
Plugin Slug:: tutor
Installations: 80,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 2.7.2
Severity Score:: Medium
CVE:: 2024-5438

Plugin:: Comments – wpDiscuz
Plugin Slug:: wpdiscuz
Installations: 80,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.6.19
Severity Score:: Medium
CVE:: 2024-35681

Plugin:: Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode & Coming Soon Pages
Plugin Slug:: visualcomposer
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 45.9.0
Severity Score:: Medium
CVE:: 2024-35653

Plugin:: Clever Fox
Plugin Slug:: clever-fox
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 25.2.1
Severity Score:: Medium
CVE:: 2024-1768

Plugin:: Clever Fox
Plugin Slug:: clever-fox
Installations: 50,000+
Vulnerability:: Broken Access Control
Patched in Version:: 25.2.1
Severity Score:: Medium
CVE:: 2023-6876

Plugin:: Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates)
Plugin Slug:: sina-extension-for-elementor
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.5.4
Severity Score:: Medium
CVE:: 2024-35703

Plugin:: CF7 Google Sheets Connector
Plugin Slug:: cf7-google-sheets-connector
Installations: 40,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.0.10
Severity Score:: Medium
CVE:: 2024-5654

Plugin:: Custom Field Template
Plugin Slug:: custom-field-template
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.2
Severity Score:: Medium
CVE:: 2024-0627

Plugin:: Custom Field Template
Plugin Slug:: custom-field-template
Installations: 40,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.6.2
Severity Score:: Medium
CVE:: 2023-6748

Plugin:: Custom Field Template
Plugin Slug:: custom-field-template
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.2
Severity Score:: Medium
CVE:: 2023-6745

Plugin:: Custom Field Template
Plugin Slug:: custom-field-template
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.2
Severity Score:: Medium
CVE:: 2024-0653

Plugin:: Login/Signup Popup ( Inline Form + Woocommerce )
Plugin Slug:: easy-login-woocommerce
Installations: 40,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.7.3
Severity Score:: Medium
CVE:: 2024-5665

Plugin:: Login/Signup Popup ( Inline Form + Woocommerce )
Plugin Slug:: easy-login-woocommerce
Installations: 40,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.7.3
Severity Score:: High
CVE:: 2024-5324

Plugin:: Qi Blocks
Plugin Slug:: qi-blocks
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.0
Severity Score:: Medium
CVE:: 2024-5221

Plugin:: Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker
Plugin Slug:: quiz-master-next
Installations: 40,000+
Vulnerability:: SQL Injection
Patched in Version:: 9.0.2
Severity Score:: High
CVE:: 2024-3592

Plugin:: Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy)
Plugin Slug:: wp-analytify
Installations: 40,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 5.2.4
Severity Score:: Medium
CVE:: 2024-35689

Plugin:: WP jQuery Lightbox
Plugin Slug:: wp-jquery-lightbox
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.5
Severity Score:: Medium
CVE:: 2024-5425

Plugin:: Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor
Plugin Slug:: master-addons
Installations: 30,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.0.6.2
Severity Score:: Medium
CVE:: 2024-5382

Plugin:: Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor
Plugin Slug:: master-addons
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.6.1
Severity Score:: Medium
CVE:: 2024-35702

Plugin:: Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor
Plugin Slug:: master-addons
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.6.0
Severity Score:: Medium
CVE:: 2024-35688

Plugin:: Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor
Plugin Slug:: master-addons
Installations: 30,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.0.5.6
Severity Score:: Medium
CVE:: 2024-35660

Plugin:: SureTriggers – Connect All Your Plugins, Apps, Tools & Automate Everything!
Plugin Slug:: suretriggers
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.48
Severity Score:: Medium
CVE:: 2024-5485

Plugin:: Visualizer: Tables and Charts Manager for WordPress
Plugin Slug:: visualizer
Installations: 30,000+
Vulnerability:: SQL Injection
Patched in Version:: 3.11.2
Severity Score:: High
CVE:: 2024-35736

Plugin:: WooCommerce Tools
Plugin Slug:: woo-tools
Installations: 30,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.2.10
Severity Score:: Medium
CVE:: 2024-1689

Plugin:: YITH WooCommerce Tab Manager
Plugin Slug:: yith-woocommerce-tab-manager
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.35.1
Severity Score:: Medium
CVE:: 2024-35698

Plugin:: Bosa Elementor Addons and Templates for WooCommerce
Plugin Slug:: bosa-elementor-for-woocommerce
Installations: 20,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.0.13
Severity Score:: Medium
CVE:: 2024-35724

Plugin:: Brave – Create Popup, Optins, Lead Generation, Survey, Sticky Elements & Interactive Content
Plugin Slug:: brave-popup-builder
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.0.0
Severity Score:: Medium
CVE:: 2024-35655

Plugin:: Envo Extra
Plugin Slug:: envo-extra
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8.25
Severity Score:: Medium
CVE:: 2024-5645

Plugin:: One Page Express Companion
Plugin Slug:: one-page-express-companion
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.38
Severity Score:: Medium
CVE:: 2024-4703

Plugin:: Responsive Addons – Starter Templates, Advanced Features and Customizer Settings for Responsive Theme.
Plugin Slug:: responsive-add-ons
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.0.6
Severity Score:: Medium
CVE:: 2024-5222

Plugin:: Product Addons & Fields for WooCommerce
Plugin Slug:: woocommerce-product-addon
Installations: 20,000+
Vulnerability:: Content Injection
Patched in Version:: 32.0.21
Severity Score:: Medium
CVE:: 2024-35728

Plugin:: WP Dark Mode – WordPress Dark Mode Plugin for Improved Accessibility, Dark Theme, Night Mode, and Social Sharing
Plugin Slug:: wp-dark-mode
Installations: 20,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.0.5
Severity Score:: Medium
CVE:: 2024-5449

Plugin:: Advanced Woo Labels – Product Labels for WooCommerce
Plugin Slug:: advanced-woo-labels
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.94
Severity Score:: Medium
CVE:: 2024-35675

Plugin:: Awesome Support – WordPress HelpDesk & Support Plugin
Plugin Slug:: awesome-support
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 6.1.8
Severity Score:: Medium
CVE:: 2024-35741

Plugin:: Countdown, Coming Soon, Maintenance – Countdown & Clock
Plugin Slug:: countdown-builder
Installations: 10,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 2.7.8.1
Severity Score:: Medium
CVE:: 2024-2017

Plugin:: LA-Studio Element Kit for Elementor
Plugin Slug:: lastudio-element-kit
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.3.7.4
Severity Score:: Medium
CVE:: 2024-35725

Plugin:: LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes
Plugin Slug:: lifterlms
Installations: 10,000+
Vulnerability:: SQL Injection
Patched in Version:: 7.6.3
Severity Score:: High
CVE:: 2024-4743

Plugin:: Link Library
Plugin Slug:: link-library
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.6.4
Severity Score:: High
CVE:: 2024-35687

Plugin:: Open Graph
Plugin Slug:: opengraph
Installations: 10,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.11.3
Severity Score:: Medium
CVE:: 2024-5615

Plugin:: Sensei LMS – Online Courses, Quizzes, & Learning
Plugin Slug:: sensei-lms
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.24.0
Severity Score:: Medium
CVE:: 2024-35686

Plugin:: Weaver Xtreme Theme Support
Plugin Slug:: weaverx-theme-support
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.5
Severity Score:: Medium
CVE:: 2024-4939

Plugin:: YITH WooCommerce Product Add-Ons
Plugin Slug:: yith-woocommerce-product-add-ons
Installations: 10,000+
Vulnerability:: Content Injection
Patched in Version:: 4.9.3
Severity Score:: Medium
CVE:: 2024-35680

Plugin:: BlockArt Blocks – Gutenberg Blocks, Page Builder Blocks ,WordPress Block Plugin, Sections & Template Library
Plugin Slug:: blockart-blocks
Installations: 9,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.6
Severity Score:: Medium
CVE:: 2024-35704

Plugin:: Database Cleaner: Clean, Optimize & Repair
Plugin Slug:: database-cleaner
Installations: 9,000+
Vulnerability:: Directory Traversal
Patched in Version:: 1.0.6
Severity Score:: Medium
CVE:: 2024-35712

Plugin:: Materialis Companion
Plugin Slug:: materialis-companion
Installations: 9,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.42
Severity Score:: Medium
CVE:: 2024-4707

Plugin:: ElasticPress
Plugin Slug:: elasticpress
Installations: 8,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 5.1.2
Severity Score:: Medium
CVE:: 2024-35684

Plugin:: YITH Custom Login
Plugin Slug:: yith-custom-login
Installations: 8,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.7.1
Severity Score:: Medium
CVE:: 2024-35732

Plugin:: Five Star Restaurant Menu and Food Ordering
Plugin Slug:: food-and-drink-menu
Installations: 7,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.4.17
Severity Score:: Medium
CVE:: 2024-5459

Plugin:: ProfileGrid – User Profiles, Groups and Communities
Plugin Slug:: profilegrid-user-profiles-groups-and-communities
Installations: 7,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.8.7
Severity Score:: Medium
CVE:: 2024-5453

Plugin:: WS Form LITE – Drag & Drop Contact Form Builder for WordPress
Plugin Slug:: ws-form
Installations: 7,000+
Vulnerability:: CSV Injection
Patched in Version:: 1.9.218
Severity Score:: Medium
CVE:: 2023-5424

Plugin:: MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution
Plugin Slug:: dc-woocommerce-multi-vendor
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.1.12
Severity Score:: Medium
CVE:: 2024-5259

Plugin:: Integrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files into Your WordPress Site
Plugin Slug:: integrate-google-drive
Installations: 6,000+
Vulnerability:: Broken Authentication
Patched in Version:: 1.3.94
Severity Score:: Medium
CVE:: 2024-35670

Plugin:: Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library )
Plugin Slug:: magical-addons-for-elementor
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.40
Severity Score:: Medium
CVE:: 2024-5161

Plugin:: Pure Chat – Live Chat & More!
Plugin Slug:: pure-chat
Installations: 6,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.3
Severity Score:: Medium
CVE:: 2024-35673

Plugin:: Testimonial Carousel For Elementor
Plugin Slug:: testimonials-carousel-elementor
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 10.2.0
Severity Score:: Medium
CVE:: 2024-35713

Plugin:: Wbcom Designs – Custom Font Uploader
Plugin Slug:: custom-font-uploader
Installations: 5,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.4.0
Severity Score:: Medium
CVE:: 2024-5489

Plugin:: Album Gallery – WordPress Gallery
Plugin Slug:: new-album-gallery
Installations: 5,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.5.8
Severity Score:: Medium
CVE:: 2024-35720

Plugin:: Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery
Plugin Slug:: new-image-gallery
Installations: 5,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.4.6
Severity Score:: Medium
CVE:: 2024-35721

Plugin:: Podlove Web Player
Plugin Slug:: podlove-web-player
Installations: 5,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 5.7.4
Severity Score:: Medium
CVE:: 2024-35710

Plugin:: Salon Booking System
Plugin Slug:: salon-booking-system
Installations: 5,000+
Vulnerability:: Broken Access Control
Patched in Version:: 10.0
Severity Score:: Medium
CVE:: 2024-4468

Plugin:: Shopping Cart & eCommerce Store
Plugin Slug:: wp-easycart
Installations: 5,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.6.0
Severity Score:: Medium
CVE:: 2024-35667

Plugin:: WPMobile.App — Android and iOS Mobile Application
Plugin Slug:: wpappninja
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 11.42
Severity Score:: High
CVE:: 2024-35694

Plugin:: Debug Log Manager
Plugin Slug:: debug-log-manager
Installations: 4,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.3.2
Severity Score:: Medium
CVE:: 2024-35669

Plugin:: Kenta Blocks – Responsive Blocks and block templates library
Plugin Slug:: kenta-blocks
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4.0
Severity Score:: Medium
CVE:: 2024-35731

Plugin:: Tickera – WordPress Event Ticketing
Plugin Slug:: tickera-event-ticketing-system
Installations: 4,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.5.2.7
Severity Score:: Medium
CVE:: 2024-35729

Plugin:: Auto Coupons for WooCommerce
Plugin Slug:: woo-auto-coupons
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.0.15
Severity Score:: High
CVE:: 2024-35733

Plugin:: Media Slider – Photo Slider, Video Slider, Link Slider, Carousal Slideshow
Plugin Slug:: media-slider
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.4.0
Severity Score:: Medium
CVE:: 2024-35717

Plugin:: Mollie Forms
Plugin Slug:: mollie-forms
Installations: 3,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.6.14
Severity Score:: Medium
CVE:: 2024-2368

Plugin:: Newsletters
Plugin Slug:: newsletters-lite
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.9.6
Severity Score:: High
CVE:: 2024-35718

Plugin:: PropertyHive
Plugin Slug:: propertyhive
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.14
Severity Score:: Medium
CVE:: 2024-35701

Plugin:: Simple Ajax Chat – Add a Fast, Secure Chat Box
Plugin Slug:: simple-ajax-chat
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 20240412
Severity Score:: Medium
CVE:: 2024-2470

Plugin:: Slider Responsive Slideshow – Image slider, Gallery slideshow
Plugin Slug:: slider-responsive-slideshow
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.4.2
Severity Score:: Medium
CVE:: 2024-35722

Plugin:: Cards for Beaver Builder
Plugin Slug:: bb-bootstrap-cards
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.4
Severity Score:: Medium
CVE:: 2024-5663

Plugin:: Leyka
Plugin Slug:: leyka
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.31.2
Severity Score:: Medium
CVE:: 2024-35683

Plugin:: GDPR CCPA Compliance & Cookie Consent Banner
Plugin Slug:: ninja-gdpr-compliance
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.7.1
Severity Score:: Medium
CVE:: 2024-5607

Plugin:: Active Products Tables for WooCommerce. Use constructor to create tables
Plugin Slug:: profit-products-tables-for-woocommerce
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.6.4
Severity Score:: High
CVE:: 2024-35730

Plugin:: RestroPress – Online Food Ordering System
Plugin Slug:: restropress
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1.2.2
Severity Score:: Medium
CVE:: 2024-35719

Plugin:: Block for Font Awesome
Plugin Slug:: block-for-font-awesome
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4.5
Severity Score:: Medium
CVE:: 2024-35705

Plugin:: Kognetiks Chatbot for WordPress
Plugin Slug:: chatbot-chatgpt
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.9.9
Severity Score:: Medium
CVE:: 2024-35738

Plugin:: Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress
Plugin Slug:: contact-form-to-db
Installations: 1,000+
Vulnerability:: SQL Injection
Patched in Version:: 1.7.3
Severity Score:: High
CVE:: 2024-35678

Plugin:: Copymatic – AI Content Writer & Generator
Plugin Slug:: copymatic
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.0
Severity Score:: Medium
CVE:: 2024-35716

Plugin:: Dashboard To-Do List
Plugin Slug:: dashboard-to-do-list
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.3.0
Severity Score:: Medium
CVE:: 2024-35723

Plugin:: Emergency Password Reset
Plugin Slug:: emergency-password-reset
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 9.0
Severity Score:: Medium
CVE:: 2024-35648

Plugin:: Event Tickets with Ticket Scanner
Plugin Slug:: event-tickets-with-ticket-scanner
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.3.2
Severity Score:: High
CVE:: 2024-35652

Plugin:: Extra Product Options for WooCommerce
Plugin Slug:: extra-product-options-for-woocommerce
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.0.7
Severity Score:: Medium
CVE:: 2024-35727

Plugin:: GamiPress – Link
Plugin Slug:: gamipress-link
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.5
Severity Score:: Medium
CVE:: 2024-5536

Plugin:: Heateor Social Login WordPress
Plugin Slug:: heateor-social-login
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.33
Severity Score:: Medium
CVE:: 2024-35707

Plugin:: Heateor Social Login WordPress
Plugin Slug:: heateor-social-login
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.33
Severity Score:: High
CVE:: 2024-35706

Plugin:: HT Feed
Plugin Slug:: ht-instagram
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.9
Severity Score:: Medium
CVE:: 2024-35699

Plugin:: Market Exporter
Plugin Slug:: market-exporter
Installations: 1,000+
Vulnerability:: Arbitrary File Deletion
Patched in Version:: 2.0.20
Severity Score:: High
CVE:: 2024-5637

Plugin:: Recurring PayPal Donations
Plugin Slug:: recurring-donation
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8
Severity Score:: Medium
CVE:: 2024-35676

Plugin:: Save as PDF Plugin by Pdfcrowd
Plugin Slug:: save-as-pdf-by-pdfcrowd
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.3.0
Severity Score:: Medium
CVE:: 2024-35649

Plugin:: SKT Addons for Elementor
Plugin Slug:: skt-addons-for-elementor
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1
Severity Score:: Medium
CVE:: 2024-5091

Plugin:: BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages
Plugin Slug:: wc4bp
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.4.20
Severity Score:: Medium
CVE:: 2024-35726

Plugin:: WP Docs
Plugin Slug:: wp-docs
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.4
Severity Score:: High
CVE:: 2024-35696

Plugin:: WP Docs
Plugin Slug:: wp-docs
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.4
Severity Score:: Medium
CVE:: 2024-35695

Plugin:: WP Flow Plus
Plugin Slug:: wp-imageflow2
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.2.3
Severity Score:: Medium
CVE:: 2024-35651

Plugin:: WP Time Slots Booking Form
Plugin Slug:: wp-time-slots-booking-form
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.2.12
Severity Score:: Medium
CVE:: 2024-35735

Plugin:: WP Time Slots Booking Form
Plugin Slug:: wp-time-slots-booking-form
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.11
Severity Score:: High
CVE:: 2024-35734

Plugin:: 12 Step Meeting List
Plugin Slug:: 12-step-meeting-list
Installations: 900+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.14.34
Severity Score:: High
CVE:: 2024-35693

Plugin:: MelaPress Login Security
Plugin Slug:: melapress-login-security
Installations: 600+
Vulnerability:: Local File Inclusion
Patched in Version:: 1.3.1
Severity Score:: Medium
CVE:: 2024-35650

Plugin:: Gutenberg Blocks and Page Layouts – Attire Blocks
Plugin Slug:: attire-blocks
Installations: 400+
Vulnerability:: Broken Access Control
Patched in Version:: 1.9.3
Severity Score:: Medium
CVE:: 2024-4088

Plugin:: Music Store – WordPress eCommerce
Plugin Slug:: music-store
Installations: 400+
Vulnerability:: SQL Injection
Patched in Version:: 1.1.14
Severity Score:: Critical

Plugin:: Advanced Custom Fields PRO
Plugin Slug:: advanced-custom-fields-pro
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 6.3
Severity Score:: Medium
CVE:: 2024-4565

Plugin:: ARForms
Plugin Slug:: arforms
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.6
Severity Score:: Medium
CVE:: 2024-4621

Plugin:: ARForms
Plugin Slug:: arforms
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: 6.6
Severity Score:: Critical
CVE:: 2024-4620

Plugin:: Boostify Header Footer Builder for Elementor
Plugin Slug:: boostify-header-footer-builder
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.3
Severity Score:: Medium
CVE:: 2024-5006

Plugin:: Buddyboss Platform
Plugin Slug:: buddyboss-platform
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 2.6.0
Severity Score:: Medium
CVE:: 2024-4750

Plugin:: Essential Addons for Elementor Pro
Plugin Slug:: essential-addons-elementor
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.8.16
Severity Score:: Medium
CVE:: 2024-5612

Plugin:: Widget Options – Extended
Plugin Slug:: extended-widget-options
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 5.1.3
Severity Score:: Medium
CVE:: 2024-35691

Plugin:: Widget Options – Extended
Plugin Slug:: extended-widget-options
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 5.1.3
Severity Score:: Medium
CVE:: 2024-35691

Plugin:: GP Premium
Plugin Slug:: gp-premium
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.1
Severity Score:: High
CVE:: 2024-3469

Plugin:: Otter Blocks PRO
Plugin Slug:: otter-pro
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.6.12
Severity Score:: Medium
CVE:: 2024-35682

Plugin:: MegaMenu
Plugin Slug:: stm-megamenu
Vulnerability:: Local File Inclusion
Patched in Version:: 2.3.13
Severity Score:: Critical
CVE:: 2024-35677

Plugin:: tagDiv Composer
Plugin Slug:: td-composer
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.9
Severity Score:: Medium
CVE:: 2024-3888

Plugin:: Checkout Field Editor for WooCommerce (Pro)
Plugin Slug:: woocommerce-checkout-field-editor-pro
Vulnerability:: Arbitrary File Deletion
Patched in Version:: 3.6.3
Severity Score:: High
CVE:: 2024-35658

Plugin:: Sensei Pro (WC Paid Courses)
Plugin Slug:: woothemes-sensei
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.24.0.1.24.0
Severity Score:: Medium
CVE:: 2024-34765

Plugin:: Sensei Pro (WC Paid Courses)
Plugin Slug:: woothemes-sensei
Vulnerability:: Broken Access Control
Patched in Version:: 4.24.0.1.24.0
Severity Score:: Medium
CVE:: 2024-35686

Plugin:: WP eMember
Plugin Slug:: wp-eMember
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 10.3.9
Severity Score:: High
CVE:: 2024-4749

Plugin:: WP Visitors Tracker
Plugin Slug:: wp_visitorstracker
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4
Severity Score:: High
CVE:: 2024-35737

Plugin:: WPvivid Backup for MainWP
Plugin Slug:: wpvivid-backup-mainw
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 0.9.33
Severity Score:: High
CVE:: 2024-35664

Plugin:: WS Form Pro
Plugin Slug:: ws-form-pro
Vulnerability:: CSV Injection
Patched in Version:: 1.9.218
Severity Score:: Medium
CVE:: 2023-5424

WordPress Themes — 11 Patched / 0 Unpatched

Theme:: Blocksy
Theme Slug:: blocksy
Downloads: 3,260,919
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.51
Severity Score:: Medium
CVE:: 2024-5439

Theme:: Bloglo
Theme Slug:: bloglo
Downloads: 61,501
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.4
Severity Score:: Medium
CVE:: 2024-35715

Theme:: Event
Theme Slug:: event
Downloads: 140,599
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.3
Severity Score:: Medium
CVE:: 2024-35711

Theme:: Formula
Theme Slug:: formula
Downloads: 75,879
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 0.5.2
Severity Score:: High
CVE:: 2024-5613

Theme:: Formula
Theme Slug:: formula
Downloads: 75,879
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 0.5.2
Severity Score:: High
CVE:: 2024-5638

Theme:: Idyllic
Theme Slug:: idyllic
Downloads: 155,730
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.9
Severity Score:: Medium
CVE:: 2024-35714

Theme:: Pixgraphy
Theme Slug:: pixgraphy
Downloads: 313,930
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.9
Severity Score:: Medium
CVE:: 2024-35740

Theme:: Responsive
Theme Slug:: responsive
Downloads: 4,505,360
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.0.3.1
Severity Score:: Medium
CVE:: 2024-35654

Theme:: Rife Free
Theme Slug:: rife-free
Downloads: 691,576
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.20
Severity Score:: Medium
CVE:: 2024-35708

Theme:: Eduma
Theme Slug:: eduma
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.4.8
Severity Score:: High
CVE:: 2024-35697

Theme:: Radcliffe 2
Theme Slug:: radcliffe-2
Vulnerability:: Broken Access Control
Patched in Version:: 2.0.18
Severity Score:: Medium
CVE:: 2024-35685

Solid Security is part of Solid Suite — The best foundation for WordPress websites.

Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!

Get Solid Security

Author:

Sarah

Sarah has been with StellarWP since 2024. As our marketing generalist, she spends her day writing content and completing projects for SolidWP, LearnDash, and The Events Calendar. In her free time, Sarah can be found playing pickleball, enjoying coffee at a local coffee shop, and spending time with her husband.

Browse all of Sarah's articles

Sign up

Placeholder text

Thanks

Oops something went wrong, please try submitting again

Solid Suite

Protect

Repair

Manage

Free Plugins

Solid Suite

Academy

Solid Academy

Guides

Livestreams

Tutorials Academy

Resources

Blog

Vulnerability Report

Support

Documentation

Table of Contents

WordPress Core

WordPress Plugins — 157 Patched / 60 Unpatched