WordPress Vulnerability Report — July 3, 2024
Since last week, 223 new vulnerabilities emerged in the WordPress ecosystem including 3 in Core, 185 in plugins, and 35 in themes. 41 of the vulnerable plugins and themes remain unpatched, but Solid Security Pro users are protected by virtual patching from Patchstack.
In this report, 223 vulnerabilities have been publicly disclosed. Security patches for 182 of these plugins, themes, and Core are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.
Additionally, there are 41 plugin and theme vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.
WordPress Core
WordPress 6.5.5 is now available! This release features three security fixes. Because this is a security release, it is recommended that you update your sites immediately. This minor release also includes 3 bug fixes in Core.
WordPress 6.6 RC2 is ready for download and testing! The target release date for WordPress 6.6 is July 16, 2024. Your help testing RC versions over the next few weeks is vital to ensuring the final release is everything it should be: stable, powerful, and intuitive.
WordPress Core
- Vulnerability:
- Path Traversal
- Patched in Version:
- 6.5.5
- Severity Score:
- Medium
- CVE:
- 2024-32111
WordPress Core
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 6.5.5
- Severity Score:
- Medium
- CVE:
- 2024-31111
WordPress Core
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 6.5.5
- Severity Score:
- Medium
WordPress Plugins — 153 Patched / 32 Unpatched
SEO SIMPLE PACK
- Plugin:
- SEO SIMPLE PACK
- Plugin Slug:
- seo-simple-pack
- Installations
- 100,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-2795
NextScripts: Social Networks Auto-Poster
- Plugin Slug:
- social-networks-auto-poster-facebook-twitter-g
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-37275
ARI Fancy Lightbox – WordPress Popup
- Plugin Slug:
- ari-fancy-lightbox
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-4367
BSK PDF Manager
- Plugin:
- BSK PDF Manager
- Plugin Slug:
- bsk-pdf-manager
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-4367
PDF Viewer
- Plugin:
- PDF Viewer
- Plugin Slug:
- pdf-viewer
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-4367
Logo Manager For Enamad
- Plugin:
- Logo Manager For Enamad
- Plugin Slug:
- logo-manager-for-enamad
- Installations
- 7,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-4757
WP Directory Kit
- Plugin:
- WP Directory Kit
- Plugin Slug:
- wpdirectorykit
- Installations
- 3,000+
- Vulnerability:
- Content Injection
- Patched in Version:
- No Fix
- Severity Score:
- Low
- CVE:
- 2024-37253
Pagerank tools
- Plugin:
- Pagerank tools
- Plugin Slug:
- pagerank-tools
- Installations
- 20+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-5730
Animated AL List
- Plugin:
- Animated AL List
- Plugin Slug:
- animated-al-list
- Installations
- 10+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-5728
Simple AL Slider
- Plugin:
- Simple AL Slider
- Plugin Slug:
- simple-al-slider
- Installations
- 10+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-5729
Widget4Call
- Plugin:
- Widget4Call
- Plugin Slug:
- widget4call
- Installations
- 10+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-5727
All In One Redirection
- Plugin:
- All In One Redirection
- Plugin Slug:
- all-in-one-redirection
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-37245
Auto Featured Image
- Plugin:
- Auto Featured Image
- Plugin Slug:
- auto-featured-image
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2024-6054
Bible Text
- Plugin:
- Bible Text
- Plugin Slug:
- bible-text
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-5444
Bookster
- Plugin:
- Bookster
- Plugin Slug:
- bookster
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-5071
ContentLock
- Plugin:
- ContentLock
- Plugin Slug:
- contentlock
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-6022
ContentLock
- Plugin:
- ContentLock
- Plugin Slug:
- contentlock
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-6023
ContentLock
- Plugin:
- ContentLock
- Plugin Slug:
- contentlock
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-6024
Floating Social Buttons
- Plugin:
- Floating Social Buttons
- Plugin Slug:
- floating-social-buttons
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-6405
Frontend Checklist
- Plugin:
- Frontend Checklist
- Plugin Slug:
- frontend-checklist
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-4957
Gallery Slideshow
- Plugin:
- Gallery Slideshow
- Plugin Slug:
- gallery-slideshow
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-37246
jQuery T(-) Countdown Widget
- Plugin:
- jQuery T(-) Countdown Widget
- Plugin Slug:
- jquery-t-countdown-widget
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-37247
Mime Types Extended
- Plugin:
- Mime Types Extended
- Plugin Slug:
- mime-types-extended
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-4759
Muslim Prayer Time BD
- Plugin:
- Muslim Prayer Time BD
- Plugin Slug:
- muslim-prayer-time-bd
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-4758
Ninja Beaver Add-ons for Beaver Builder
- Plugin:
- Ninja Beaver Add-ons for Beaver Builder
- Plugin Slug:
- ninja-beaver-lite-addons-for-beaver-builder
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-37244
PDF Viewer for Elementor
- Plugin:
- PDF Viewer for Elementor
- Plugin Slug:
- pdf-viewer-for-elementor
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-4367
Simple Photoswipe
- Plugin:
- Simple Photoswipe
- Plugin Slug:
- simple-photoswipe
- Vulnerability:
- Settings Change
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-5570
Simple Photoswipe
- Plugin:
- Simple Photoswipe
- Plugin Slug:
- simple-photoswipe
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-5473
Simply Show Hooks
- Plugin:
- Simply Show Hooks
- Plugin Slug:
- simply-show-hooks
- Vulnerability:
- Backdoor
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2024-6297
Spotify Play Button
- Plugin:
- Spotify Play Button
- Plugin Slug:
- spotify-play-button
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-5199
Video Widget
- Plugin:
- Video Widget
- Plugin Slug:
- video-widget
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-5169
WebP & SVG Support
- Plugin:
- WebP & SVG Support
- Plugin Slug:
- webp-svg-support
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-3633
Contact Form 7
- Plugin:
- Contact Form 7
- Plugin Slug:
- contact-form-7
- Installations
- 10,000,000+
- Vulnerability:
- Open Redirection
- Patched in Version:
- 5.9.5
- Severity Score:
- Medium
- CVE:
- 2024-4704
Elementor Website Builder – More than Just a Page Builder
- Plugin Slug:
- elementor
- Installations
- 10,000,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.22.2
- Severity Score:
- Medium
- CVE:
- 2024-37437
WooCommerce
- Plugin:
- WooCommerce
- Plugin Slug:
- woocommerce
- Installations
- 7,000,000+
- Vulnerability:
- Content Injection
- Patched in Version:
- 9.0.0
- Severity Score:
- Low
- CVE:
- 2024-35777
Elementor Header & Footer Builder
- Plugin Slug:
- header-footer-elementor
- Installations
- 2,000,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.6.36
- Severity Score:
- Medium
- CVE:
- 2024-33933
ElementsKit Elementor addons
- Plugin:
- ElementsKit Elementor addons
- Plugin Slug:
- elementskit-lite
- Installations
- 1,000,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.2.0
- Severity Score:
- Medium
- CVE:
- 2024-37255
File Manager
- Plugin:
- File Manager
- Plugin Slug:
- wp-file-manager
- Installations
- 1,000,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 7.2.8
- Severity Score:
- Medium
- CVE:
- 2024-37254
Easy Table of Contents
- Plugin:
- Easy Table of Contents
- Plugin Slug:
- easy-table-of-contents
- Installations
- 500,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.0.66
- Severity Score:
- Medium
- CVE:
- 2024-5573
SiteGuard WP Plugin
- Plugin:
- SiteGuard WP Plugin
- Plugin Slug:
- siteguard
- Installations
- 500,000+
- Vulnerability:
- Bypass Vulnerability
- Patched in Version:
- 1.7.7
- Severity Score:
- Medium
- CVE:
- 2024-37881
Happy Addons for Elementor
- Plugin:
- Happy Addons for Elementor
- Plugin Slug:
- happy-elementor-addons
- Installations
- 400,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.11.2
- Severity Score:
- Medium
- CVE:
- 2024-5790
Gutenberg Blocks with AI by Kadence WP – Page Builder Features
- Plugin Slug:
- kadence-blocks
- Installations
- 400,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.2.46
- Severity Score:
- Medium
- CVE:
- 2024-5819
Gutenberg Blocks with AI by Kadence WP – Page Builder Features
- Plugin Slug:
- kadence-blocks
- Installations
- 400,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.2.43
- Severity Score:
- Medium
- CVE:
- 2024-5289
PixelYourSite – Your smart PIXEL (TAG) & API Manager
- Plugin Slug:
- pixelyoursite
- Installations
- 400,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 9.6.2
- Severity Score:
- Medium
- CVE:
- 2024-37447
PDF Embedder
- Plugin:
- PDF Embedder
- Plugin Slug:
- pdf-embedder
- Installations
- 300,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.8.0
- Severity Score:
- Medium
- CVE:
- 2024-4367
SEOPress – On-site SEO
- Plugin:
- SEOPress – On-site SEO
- Plugin Slug:
- wp-seopress
- Installations
- 300,000+
- Vulnerability:
- Open Redirection
- Patched in Version:
- 7.8
- Severity Score:
- Medium
- CVE:
- 2024-4900
SEOPress – On-site SEO
- Plugin:
- SEOPress – On-site SEO
- Plugin Slug:
- wp-seopress
- Installations
- 300,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 7.8
- Severity Score:
- Medium
- CVE:
- 2024-4899
Elementor Addon Elements
- Plugin:
- Elementor Addon Elements
- Plugin Slug:
- addon-elements-for-elementor-page-builder
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.13.6
- Severity Score:
- Medium
- CVE:
- 2024-4569
Advanced File Manager
- Plugin:
- Advanced File Manager
- Plugin Slug:
- file-manager-advanced
- Installations
- 100,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 5.2.5
- Severity Score:
- Medium
- CVE:
- 2024-5598
HT Mega – Absolute Addons For Elementor
- Plugin Slug:
- ht-mega-for-elementor
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.5.6
- Severity Score:
- Medium
- CVE:
- 2024-5215
Pods – Custom Content Types and Fields
- Plugin Slug:
- pods
- Installations
- 100,000+
- Vulnerability:
- Backdoor
- Patched in Version:
- 3.2.2
- Severity Score:
- Critical
- CVE:
- 2024-6297
Stackable – Page Builder Gutenberg Blocks
- Plugin Slug:
- stackable-ultimate-gutenberg-blocks
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.13.2
- Severity Score:
- Medium
- CVE:
- 2024-6296
The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce
- Plugin:
- The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce
- Plugin Slug:
- the-plus-addons-for-elementor-page-builder
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.6.1
- Severity Score:
- Medium
- CVE:
- 2024-4983
WP Chat App
- Plugin:
- WP Chat App
- Plugin Slug:
- wp-whatsapp
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.6.5
- Severity Score:
- Medium
- CVE:
- 2024-4664
Defender Security – Malware Scanner, Login Security & Firewall
- Plugin Slug:
- defender-security
- Installations
- 90,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.7.3
- Severity Score:
- Medium
- CVE:
- 2024-37444
Slider & Popup Builder by Depicter – Add Image Slider, Carousel Slider, Exit Intent Popup, Popup Modal, Coupon Popup, Post Slider Carousel
- Plugin Slug:
- depicter
- Installations
- 90,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.1.0
- Severity Score:
- Medium
- CVE:
- 2024-37414
Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce
- Plugin Slug:
- email-subscribers
- Installations
- 90,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 5.7.26
- Severity Score:
- Critical
- CVE:
- 2024-37252
EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor
- Plugin Slug:
- embedpress
- Installations
- 90,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.0.3
- Severity Score:
- Medium
- CVE:
- 2024-4367
Events Manager – Calendar, Bookings, Tickets, and more!
- Plugin Slug:
- events-manager
- Installations
- 90,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 6.4.9
- Severity Score:
- High
- CVE:
- 2024-5889
Featured Image from URL (FIFU)
- Plugin:
- Featured Image from URL (FIFU)
- Plugin Slug:
- featured-image-from-url
- Installations
- 90,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.8.2
- Severity Score:
- Medium
- CVE:
- 2024-37276
LearnPress – WordPress LMS Plugin
- Plugin Slug:
- learnpress
- Installations
- 90,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.2.6.8.2
- Severity Score:
- Medium
- CVE:
- 2024-6088
LearnPress – WordPress LMS Plugin
- Plugin Slug:
- learnpress
- Installations
- 90,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.2.6.8.2
- Severity Score:
- Medium
- CVE:
- 2024-6099
WP Mobile Menu – The Mobile-Friendly Responsive Menu
- Plugin Slug:
- mobile-menu
- Installations
- 90,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.8.4.4
- Severity Score:
- Medium
- CVE:
- 2024-37274
Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions
- Plugin Slug:
- paid-memberships-pro
- Installations
- 90,000+
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- 3.0.5
- Severity Score:
- High
- CVE:
- 2024-37277
Permalink Manager Lite
- Plugin:
- Permalink Manager Lite
- Plugin Slug:
- permalink-manager
- Installations
- 90,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.4.3.4
- Severity Score:
- High
- CVE:
- 2024-37257
The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid
- Plugin Slug:
- the-post-grid
- Installations
- 90,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 7.7.2
- Severity Score:
- Medium
- CVE:
- 2024-1427
Tutor LMS – eLearning and online course solution
- Plugin Slug:
- tutor
- Installations
- 90,000+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 2.7.2
- Severity Score:
- Medium
- CVE:
- 2024-37266
Tutor LMS – eLearning and online course solution
- Plugin Slug:
- tutor
- Installations
- 90,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 2.7.2
- Severity Score:
- High
- CVE:
- 2024-37256
WP Maps – Display Google Maps Perfectly with Ease
- Plugin Slug:
- wp-google-map-plugin
- Installations
- 80,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 4.6.2
- Severity Score:
- High
- CVE:
- 2024-2386
3D FlipBook – PDF Flipbook WordPress
- Plugin Slug:
- interactive-3d-flipbook-powered-physics-engine
- Installations
- 70,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.15.6
- Severity Score:
- Medium
- CVE:
- 2024-4367
Media Library Assistant
- Plugin:
- Media Library Assistant
- Plugin Slug:
- media-library-assistant
- Installations
- 70,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.18
- Severity Score:
- High
- CVE:
- 2024-5544
Page and Post Clone
- Plugin:
- Page and Post Clone
- Plugin Slug:
- page-or-post-clone
- Installations
- 70,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 6.1
- Severity Score:
- Low
- CVE:
- 2024-5942
Exclusive Addons for Elementor
- Plugin:
- Exclusive Addons for Elementor
- Plugin Slug:
- exclusive-addons-for-elementor
- Installations
- 60,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.6.9.9
- Severity Score:
- Medium
- CVE:
- 2024-5332
Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder
- Plugin Slug:
- form-maker
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.15.26
- Severity Score:
- Medium
- CVE:
- 2024-6130
Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates)
- Plugin Slug:
- sina-extension-for-elementor
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.5.6
- Severity Score:
- Medium
- CVE:
- 2024-5260
Ultimate Blocks – WordPress Blocks Plugin
- Plugin Slug:
- ultimate-blocks
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.2.0
- Severity Score:
- Medium
- CVE:
- 2024-37457
DethemeKit For Elementor
- Plugin:
- DethemeKit For Elementor
- Plugin Slug:
- dethemekit-for-elementor
- Installations
- 40,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.1.6
- Severity Score:
- Medium
- CVE:
- 2024-6283
Interactive Content – H5P
- Plugin:
- Interactive Content – H5P
- Plugin Slug:
- h5p
- Installations
- 40,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.15.8
- Severity Score:
- Medium
- CVE:
- 2024-3111
PowerPress Podcasting plugin by Blubrry
- Plugin Slug:
- powerpress
- Installations
- 40,000+
- Vulnerability:
- Backdoor
- Patched in Version:
- 11.9.5
- Severity Score:
- Critical
- CVE:
- 2024-6297
Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker
- Plugin Slug:
- quiz-master-next
- Installations
- 40,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 9.0.2
- Severity Score:
- Medium
- CVE:
- 2024-4934
Void Contact Form 7 Widget For Elementor Page Builder
- Plugin Slug:
- cf7-widget-elementor
- Installations
- 30,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.4.1
- Severity Score:
- Medium
- CVE:
- 2024-5419
Cost Calculator Builder
- Plugin:
- Cost Calculator Builder
- Plugin Slug:
- cost-calculator-builder
- Installations
- 30,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.2.13
- Severity Score:
- Medium
- CVE:
- 2024-6011
Cost Calculator Builder
- Plugin:
- Cost Calculator Builder
- Plugin Slug:
- cost-calculator-builder
- Installations
- 30,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.2.13
- Severity Score:
- Medium
- CVE:
- 2024-6012
Easy Google Maps
- Plugin:
- Easy Google Maps
- Plugin Slug:
- google-maps-easy
- Installations
- 30,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.11.16
- Severity Score:
- Medium
- CVE:
- 2024-5219
PDF Poster – PDF Embedder Plugin
- Plugin:
- PDF Poster – PDF Embedder Plugin
- Plugin Slug:
- pdf-poster
- Installations
- 30,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.1.22
- Severity Score:
- Medium
- CVE:
- 2024-4367
Portfolio Gallery – Image Gallery Plugin
- Plugin Slug:
- portfolio-filter-gallery
- Installations
- 30,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.6.5
- Severity Score:
- Medium
- CVE:
- 2024-6262
Rife Elementor Extensions & Templates
- Plugin Slug:
- rife-elementor-extensions
- Installations
- 30,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.2.2
- Severity Score:
- Medium
- CVE:
- 2024-5504
Gallery Blocks with Lightbox. Image Gallery, (HTML5 video , YouTube, Vimeo) Video Gallery and Lightbox for native gallery
- Plugin Slug:
- simply-gallery-block
- Installations
- 30,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.2.2
- Severity Score:
- Medium
- CVE:
- 2024-5424
Twenty20 Image Before-After
- Plugin:
- Twenty20 Image Before-After
- Plugin Slug:
- twenty20
- Installations
- 30,000+
- Vulnerability:
- Backdoor
- Patched in Version:
- 1.6.4
- Severity Score:
- Critical
- CVE:
- 2024-6297
Ad Invalid Click Protector (AICP)
- Plugin Slug:
- ad-invalid-click-protector
- Installations
- 20,000+
- Vulnerability:
- Backdoor
- Patched in Version:
- 1.2.10
- Severity Score:
- Critical
- CVE:
- 2024-6297
Branda – White Label WordPress, Custom Login Page Customizer
- Plugin Slug:
- branda-white-labeling
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.4.18
- Severity Score:
- Medium
- CVE:
- 2024-37239
Conversios – Google Analytics 4 (GA4), Google Ads, Meta Pixel & more for WooCommerce
- Plugin Slug:
- enhanced-e-commerce-for-woocommerce-store
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 7.1.1
- Severity Score:
- High
- CVE:
- 2024-6288
Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One Click Upsells
- Plugin Slug:
- funnel-builder
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.4.0
- Severity Score:
- Medium
- CVE:
- 2024-5192
PDF.js Viewer
- Plugin:
- PDF.js Viewer
- Plugin Slug:
- pdfjs-viewer-shortcode
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.2
- Severity Score:
- Medium
- CVE:
- 2024-4367
Quiz Maker
- Plugin:
- Quiz Maker
- Plugin Slug:
- quiz-maker
- Installations
- 20,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 6.5.8.4
- Severity Score:
- Critical
- CVE:
- 2024-6028
Ultimate Post Kit Addons For Elementor – (Post Grid, Post Carousel, Post Slider, Category List, Post Tabs, Timeline, Post Ticker, Tag Cloud)
- Plugin Slug:
- ultimate-post-kit
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.11.8
- Severity Score:
- Medium
- CVE:
- 2024-5662
UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress
- Plugin Slug:
- userswp
- Installations
- 20,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 1.2.11
- Severity Score:
- Critical
- CVE:
- 2024-6265
E2Pdf – Export To Pdf Tool for WordPress
- Plugin Slug:
- e2pdf
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.23.00
- Severity Score:
- Medium
- CVE:
- 2024-37415
E2Pdf – Export To Pdf Tool for WordPress
- Plugin Slug:
- e2pdf
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.25.01
- Severity Score:
- Medium
- CVE:
- 2024-4367
Easy Affiliate Links
- Plugin:
- Easy Affiliate Links
- Plugin Slug:
- easy-affiliate-links
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.7.4
- Severity Score:
- Medium
- CVE:
- 2024-5864
Cookie Consent for WP – Cookie Consent, Consent Log, Cookie Scanner, Script Blocker (for GDPR, CCPA & ePrivacy)
- Plugin Slug:
- gdpr-cookie-consent
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.3.0
- Severity Score:
- High
- CVE:
- 2024-4869
AI Power: Complete AI Pack – Powered by GPT-4
- Plugin Slug:
- gpt3-ai-content-generator
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.8.67
- Severity Score:
- Medium
- CVE:
- 2024-37465
HTML5 Audio Player- Audio Player Plugin
- Plugin Slug:
- html5-audio-player
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.2.24
- Severity Score:
- Medium
- CVE:
- 2024-37445
Mailster WordPress Newsletter Plugin
- Plugin Slug:
- mailster
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.0.10
- Severity Score:
- High
- CVE:
- 2024-37433
Mega Elements – Addons for Elementor
- Plugin Slug:
- mega-elements-addons-for-elementor
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.2.3
- Severity Score:
- Medium
- CVE:
- 2024-37466
Simple Newsletter Plugin – Noptin
- Plugin Slug:
- newsletter-optin-box
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.4.3
- Severity Score:
- Medium
- CVE:
- 2024-37456
All-in-One Addons for Elementor – WidgetKit
- Plugin Slug:
- widgetkit-for-elementor
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.5.1
- Severity Score:
- Medium
- CVE:
- 2024-37428
Wonder PDF Embed
- Plugin:
- Wonder PDF Embed
- Plugin Slug:
- wonderplugin-pdf-embed
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.8
- Severity Score:
- Medium
- CVE:
- 2024-4367
WP Photo Album Plus
- Plugin:
- WP Photo Album Plus
- Plugin Slug:
- wp-photo-album-plus
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 8.8.00.003
- Severity Score:
- High
- CVE:
- 2024-37416
WP Server Health Stats
- Plugin:
- WP Server Health Stats
- Plugin Slug:
- wp-server-stats
- Installations
- 10,000+
- Vulnerability:
- Backdoor
- Patched in Version:
- 1.7.7
- Severity Score:
- Critical
- CVE:
- 2024-6297
Motors – Car Dealer, Classifieds & Listing
- Plugin Slug:
- motors-car-dealership-classified-listings
- Installations
- 9,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.4.11
- Severity Score:
- Medium
- CVE:
- 2024-5545
PowerPack Lite for Beaver Builder
- Plugin Slug:
- powerpack-addon-for-beaver-builder
- Installations
- 9,000+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 1.3.0.4
- Severity Score:
- Medium
- CVE:
- 2024-37410
PowerPack Lite for Beaver Builder
- Plugin Slug:
- powerpack-addon-for-beaver-builder
- Installations
- 9,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.3.0.5
- Severity Score:
- Medium
- CVE:
- 2024-37409
Create by Mediavine
- Plugin:
- Create by Mediavine
- Plugin Slug:
- mediavine-create
- Installations
- 7,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.9.8
- Severity Score:
- Medium
- CVE:
- 2024-5601
ProfileGrid – User Profiles, Groups and Communities
- Plugin Slug:
- profilegrid-user-profiles-groups-and-communities
- Installations
- 7,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 5.8.8
- Severity Score:
- Medium
- CVE:
- 2024-37453
Print My Blog – Print, PDF, & eBook Converter WordPress Plugin
- Plugin Slug:
- print-my-blog
- Installations
- 6,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.27.1
- Severity Score:
- Medium
- CVE:
- 2024-37271
Ultimate Bootstrap Elements for Elementor
- Plugin Slug:
- ultimate-bootstrap-elements-for-elementor
- Installations
- 6,000+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 1.4.3
- Severity Score:
- High
- CVE:
- 2024-37462
WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce
- Plugin Slug:
- wp-cafe
- Installations
- 6,000+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 2.2.26
- Severity Score:
- Medium
- CVE:
- 2024-5431
Beaver Builder Addons by WPZOOM
- Plugin:
- Beaver Builder Addons by WPZOOM
- Plugin Slug:
- wpzoom-addons-for-beaver-builder
- Installations
- 6,000+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 1.3.6
- Severity Score:
- Medium
- CVE:
- 2024-37464
Easy Image Collage
- Plugin:
- Easy Image Collage
- Plugin Slug:
- easy-image-collage
- Installations
- 5,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.13.6
- Severity Score:
- Medium
- CVE:
- 2024-5863
AWSM Team – Team Showcase Plugin
- Plugin:
- AWSM Team – Team Showcase Plugin
- Plugin Slug:
- awsm-team
- Installations
- 4,000+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 1.3.2
- Severity Score:
- Medium
- CVE:
- 2024-37454
Patreon WordPress
- Plugin:
- Patreon WordPress
- Plugin Slug:
- patreon-connect
- Installations
- 4,000+
- Vulnerability:
- Bypass Vulnerability
- Patched in Version:
- 1.9.1
- Severity Score:
- Medium
- CVE:
- 2024-37430
Social Rocket – Social Sharing Plugin
- Plugin Slug:
- social-rocket
- Installations
- 3,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.3.4
- Severity Score:
- High
- CVE:
- 2024-37258
Stock Ticker
- Plugin:
- Stock Ticker
- Plugin Slug:
- stock-ticker
- Installations
- 3,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.24.6
- Severity Score:
- Medium
- CVE:
- 2024-6363
Visual Website Collaboration, Feedback & Project Management – Atarim
- Plugin Slug:
- atarim-visual-collaboration
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.32
- Severity Score:
- Medium
- CVE:
- 2024-37434
Cards for Beaver Builder
- Plugin:
- Cards for Beaver Builder
- Plugin Slug:
- bb-bootstrap-cards
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.1.5
- Severity Score:
- Medium
- CVE:
- 2024-37278
Chained Quiz
- Plugin:
- Chained Quiz
- Plugin Slug:
- chained-quiz
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.3.2.9
- Severity Score:
- Medium
- CVE:
- 2024-37446
Cowidgets – Elementor Addons
- Plugin:
- Cowidgets – Elementor Addons
- Plugin Slug:
- cowidgets-elementor-addons
- Installations
- 2,000+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 1.2.0
- Severity Score:
- High
- CVE:
- 2024-37419
CRM Perks Forms – WordPress Form Builder
- Plugin Slug:
- crm-perks-forms
- Installations
- 2,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.1.6
- Severity Score:
- Medium
- CVE:
- 2024-37463
WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg
- Plugin Slug:
- groundhogg
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.4.3
- Severity Score:
- High
- CVE:
- 2024-37264
Online Booking & Scheduling Calendar for WordPress by vcita
- Plugin Slug:
- meeting-scheduler-by-vcita
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.4.3
- Severity Score:
- High
- CVE:
- 2024-37262
WP Secure Maintenance
- Plugin:
- WP Secure Maintenance
- Plugin Slug:
- wp-secure-maintainance
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.7
- Severity Score:
- Medium
- CVE:
- 2024-4753
Church Admin
- Plugin:
- Church Admin
- Plugin Slug:
- church-admin
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.4.5
- Severity Score:
- Medium
- CVE:
- 2024-37440
Enter Addons – Ultimate Template Builder for Elementor
- Plugin Slug:
- enteraddons
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.1.7
- Severity Score:
- Medium
- CVE:
- 2024-37263
Extensions for Elementor
- Plugin:
- Extensions for Elementor
- Plugin Slug:
- extensions-for-elementor
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.0.31
- Severity Score:
- Medium
- CVE:
- 2024-5666
Photo Gallery by Ays – Responsive Image Gallery
- Plugin Slug:
- gallery-photo-gallery
- Installations
- 1,000+
- Vulnerability:
- Content Injection
- Patched in Version:
- 5.7.1
- Severity Score:
- Low
- CVE:
- 2024-37442
IdeaPush
- Plugin:
- IdeaPush
- Plugin Slug:
- ideapush
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 8.66
- Severity Score:
- High
- CVE:
- 2024-37461
IdeaPush
- Plugin:
- IdeaPush
- Plugin Slug:
- ideapush
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 8.61
- Severity Score:
- Medium
- CVE:
- 2024-37265
Login with phone number
- Plugin:
- Login with phone number
- Plugin Slug:
- login-with-phone-number
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.7.36
- Severity Score:
- Medium
- CVE:
- 2024-37429
Newspack Newsletters
- Plugin:
- Newspack Newsletters
- Plugin Slug:
- newspack-newsletters
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.13.3
- Severity Score:
- Medium
- CVE:
- 2024-37475
PayPlus Payment Gateway
- Plugin:
- PayPlus Payment Gateway
- Plugin Slug:
- payplus-payment-gateway
- Installations
- 1,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 6.6.9
- Severity Score:
- Critical
- CVE:
- 2024-6205
PayPlus Payment Gateway
- Plugin:
- PayPlus Payment Gateway
- Plugin Slug:
- payplus-payment-gateway
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 6.6.9
- Severity Score:
- High
- CVE:
- 2024-37459
Post Meta Data Manager
- Plugin:
- Post Meta Data Manager
- Plugin Slug:
- post-meta-data-manager
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.3.0
- Severity Score:
- Medium
- CVE:
- 2024-6264
SuperSaaS – online appointment scheduling
- Plugin Slug:
- supersaas-appointment-scheduling
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.1.10
- Severity Score:
- Medium
- CVE:
- 2024-37460
Tainacan
WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin
- Plugin Slug:
- timetics
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.0.22
- Severity Score:
- Medium
- CVE:
- 2024-37427
WP-Lister Lite for Amazon
- Plugin:
- WP-Lister Lite for Amazon
- Plugin Slug:
- wp-lister-for-amazon
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.6.17
- Severity Score:
- High
- CVE:
- 2024-37261
The Ultimate WordPress Toolkit – WP Extended
- Plugin Slug:
- wpextended
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.0.0
- Severity Score:
- High
- CVE:
- 2024-37259
Zita Elementor Site Library
- Plugin:
- Zita Elementor Site Library
- Plugin Slug:
- zita-site-library
- Installations
- 1,000+
- Vulnerability:
- Arbitrary Code Execution
- Patched in Version:
- 1.6.2
- Severity Score:
- Critical
- CVE:
- 2024-37420
Zita Elementor Site Library
- Plugin:
- Zita Elementor Site Library
- Plugin Slug:
- zita-site-library
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.6.3
- Severity Score:
- Medium
- CVE:
- 2024-3249
Progress Planner
- Plugin:
- Progress Planner
- Plugin Slug:
- progress-planner
- Installations
- 30+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 0.9.3
- Severity Score:
- Medium
- CVE:
- 2024-37422
Progress Planner
- Plugin:
- Progress Planner
- Plugin Slug:
- progress-planner
- Installations
- 30+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 0.9.2
- Severity Score:
- Medium
- CVE:
- 2024-37411
Advanced Custom Fields PRO
- Plugin:
- Advanced Custom Fields PRO
- Plugin Slug:
- advanced-custom-fields-pro
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 6.3.2
- Severity Score:
- Medium
- CVE:
- 2024-37251
Advanced Custom Fields PRO
- Plugin:
- Advanced Custom Fields PRO
- Plugin Slug:
- advanced-custom-fields-pro
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 6.3.2
- Severity Score:
- Medium
- CVE:
- 2024-37250
Advanced Custom Fields PRO
- Plugin:
- Advanced Custom Fields PRO
- Plugin Slug:
- advanced-custom-fields-pro
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 6.3.2
- Severity Score:
- Medium
- CVE:
- 2024-37249
ARMember Premium
- Plugin:
- ARMember Premium
- Plugin Slug:
- armember
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 6.7.1
- Severity Score:
- Medium
- CVE:
- 2022-47424
BLAZE Retail Widget
- Plugin:
- BLAZE Retail Widget
- Plugin Slug:
- blaze-widget
- Vulnerability:
- Backdoor
- Patched in Version:
- 2.5.4
- Severity Score:
- Critical
- CVE:
- 2024-6297
Bricks Builder (Premium)
- Plugin:
- Bricks Builder (Premium)
- Plugin Slug:
- bricksbuilder
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- 1.9.9
- Severity Score:
- Medium
- CVE:
- 2024-4874
Contact Form 7 Multi-Step Addon
- Plugin:
- Contact Form 7 Multi-Step Addon
- Plugin Slug:
- contact-form-7-multi-step-addon
- Vulnerability:
- Backdoor
- Patched in Version:
- 1.0.7
- Severity Score:
- Critical
- CVE:
- 2024-6297
Elementor Pro
- Plugin:
- Elementor Pro
- Plugin Slug:
- elementor-pro
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.21.3
- Severity Score:
- High
- CVE:
- 2024-35656
Blocks Pro
- Plugin:
- Blocks Pro
- Plugin Slug:
- kadence-blocks-pro
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.3.8
- Severity Score:
- Medium
- CVE:
- 2024-1330
Masterstudy Elementor Widgets
- Plugin:
- Masterstudy Elementor Widgets
- Plugin Slug:
- masterstudy-elementor-widgets
- Vulnerability:
- Remote Code Execution (RCE)
- Patched in Version:
- 1.2.3
- Severity Score:
- Critical
- CVE:
- 2024-37091
Masterstudy Elementor Widgets
- Plugin:
- Masterstudy Elementor Widgets
- Plugin Slug:
- masterstudy-elementor-widgets
- Vulnerability:
- SQL Injection
- Patched in Version:
- 1.2.3
- Severity Score:
- High
- CVE:
- 2024-37090
Masterstudy Elementor Widgets
- Plugin:
- Masterstudy Elementor Widgets
- Plugin Slug:
- masterstudy-elementor-widgets
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.2.3
- Severity Score:
- Medium
- CVE:
- 2024-37269
Newspack Ads
- Plugin:
- Newspack Ads
- Plugin Slug:
- newspack-ads
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.47.2
- Severity Score:
- Medium
- CVE:
- 2024-37474
Newspack Blocks
- Plugin:
- Newspack Blocks
- Plugin Slug:
- newspack-blocks
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.0.9
- Severity Score:
- Medium
- CVE:
- 2024-37425
Newspack Blocks
- Plugin:
- Newspack Blocks
- Plugin Slug:
- newspack-blocks
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 3.0.9
- Severity Score:
- Critical
- CVE:
- 2024-37424
Newspack Blocks
- Plugin:
- Newspack Blocks
- Plugin Slug:
- newspack-blocks
- Vulnerability:
- Arbitrary File Deletion
- Patched in Version:
- 3.0.9
- Severity Score:
- High
- CVE:
- 2024-37423
Newspack Content Converter
- Plugin:
- Newspack Content Converter
- Plugin Slug:
- newspack-content-converter
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.0.0
- Severity Score:
- Medium
- CVE:
- 2024-37477
Newspack Campaigns
- Plugin:
- Newspack Campaigns
- Plugin Slug:
- newspack-popups
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.31.2
- Severity Score:
- Medium
- CVE:
- 2024-37476
Slider Revolution
- Plugin:
- Slider Revolution
- Plugin Slug:
- revslider
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 6.7.14
- Severity Score:
- Medium
- CVE:
- 2024-37449
Seo Optimized Images
- Plugin:
- Seo Optimized Images
- Plugin Slug:
- seo-optimized-images
- Vulnerability:
- Backdoor
- Patched in Version:
- 2.1.4
- Severity Score:
- Critical
- CVE:
- 2024-6297
Social Warfare
- Plugin:
- Social Warfare
- Plugin Slug:
- social-warfare
- Vulnerability:
- Backdoor
- Patched in Version:
- 4.4.7.3
- Severity Score:
- Critical
- CVE:
- 2024-6297
Uber Menu
- Plugin:
- Uber Menu
- Plugin Slug:
- ubermenu
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 3.8.4
- Severity Score:
- Medium
- CVE:
- 2024-3593
Ultimate Addons for Elementor
- Plugin:
- Ultimate Addons for Elementor
- Plugin Slug:
- ultimate-elementor
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 1.36.32
- Severity Score:
- High
- CVE:
- 2024-37455
Uncanny Automator Pro
- Plugin:
- Uncanny Automator Pro
- Plugin Slug:
- uncanny-automator-pro
- Vulnerability:
- Settings Change
- Patched in Version:
- 5.3.0.1
- Severity Score:
- Medium
- CVE:
- 2024-37119
Uncanny Automator Pro
- Plugin:
- Uncanny Automator Pro
- Plugin Slug:
- uncanny-automator-pro
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 5.3.0.1
- Severity Score:
- Medium
- CVE:
- 2024-37118
Uncanny Toolkit Pro for LearnDash
- Plugin:
- Uncanny Toolkit Pro for LearnDash
- Plugin Slug:
- uncanny-toolkit-pro
- Vulnerability:
- Other Vulnerability Type
- Patched in Version:
- 4.1.4.1
- Severity Score:
- Medium
- CVE:
- 2024-37439
Uncanny Toolkit Pro for LearnDash
- Plugin:
- Uncanny Toolkit Pro for LearnDash
- Plugin Slug:
- uncanny-toolkit-pro
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 4.1.4.1
- Severity Score:
- Medium
- CVE:
- 2024-37438
Uncanny Toolkit Pro for LearnDash
- Plugin:
- Uncanny Toolkit Pro for LearnDash
- Plugin Slug:
- uncanny-toolkit-pro
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.1.4.1
- Severity Score:
- High
- CVE:
- 2024-37436
TrustedLogin Vendor
- Plugin:
- TrustedLogin Vendor
- Plugin Slug:
- vendor
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 1.1.1
- Severity Score:
- Medium
- CVE:
- 2024-37270
Woffice Core
- Plugin:
- Woffice Core
- Plugin Slug:
- woffice-core
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.4.9
- Severity Score:
- High
- CVE:
- 2024-37471
Woffice Core
- Plugin:
- Woffice Core
- Plugin Slug:
- woffice-core
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 5.4.9
- Severity Score:
- High
- CVE:
- 2024-37470
WP Job Manager – Resume Manager
- Plugin:
- WP Job Manager – Resume Manager
- Plugin Slug:
- wp-job-manager-resumes
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.2.0
- Severity Score:
- Medium
- CVE:
- 2024-37443
Wrapper Link Elementor
- Plugin:
- Wrapper Link Elementor
- Plugin Slug:
- wrapper-link-elementor
- Vulnerability:
- Backdoor
- Patched in Version:
- 1.0.5
- Severity Score:
- Critical
- CVE:
- 2024-6297
WordPress Themes — 26 Patched / 9 Unpatched
Anima
- Theme:
- Anima
- Theme Slug:
- anima
- Downloads
- 168,999
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-37248
Infinite Photography
- Theme:
- Infinite Photography
- Theme Slug:
- infinite-photography
- Downloads
- 107,414
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-5796
Boot Store
- Theme:
- Boot Store
- Theme Slug:
- boot-store
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-5938
Grey Opaque
- Theme:
- Grey Opaque
- Theme Slug:
- grey-opaque
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-5966
Mosaic
- Theme:
- Mosaic
- Theme Slug:
- mosaic
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-5965
Schema Lite
- Theme:
- Schema Lite
- Theme Slug:
- schema-lite
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-37452
Scylla lite
- Theme:
- Scylla lite
- Theme Slug:
- scylla-lite
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-5922
Silesia
- Theme:
- Silesia
- Theme Slug:
- silesia
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-5788
Theron Lite
- Theme:
- Theron Lite
- Theme Slug:
- theron-lite
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-5925
Ashe
- Theme:
- Ashe
- Theme Slug:
- ashe
- Downloads
- 1,957,104
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.234
- Severity Score:
- Medium
- CVE:
- 2024-37478
Benevolent
- Theme:
- Benevolent
- Theme Slug:
- benevolent
- Downloads
- 160,655
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.3.5
- Severity Score:
- Medium
- CVE:
- 2024-37450
Blocksy
- Theme:
- Blocksy
- Theme Slug:
- blocksy
- Downloads
- 3,336,053
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.0.23
- Severity Score:
- Medium
- CVE:
- 2024-37469
Blossom Shop
- Theme:
- Blossom Shop
- Theme Slug:
- blossom-shop
- Downloads
- 150,907
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.1.8
- Severity Score:
- Medium
- CVE:
- 2024-37412
Coachify
- Theme:
- Coachify
- Theme Slug:
- coachify
- Downloads
- 28,532
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.0.8
- Severity Score:
- Medium
- CVE:
- 2024-37417
Elegant Pink
- Theme:
- Elegant Pink
- Theme Slug:
- elegant-pink
- Downloads
- 196,614
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.3.1
- Severity Score:
- Medium
- CVE:
- 2024-37426
Esteem
- Theme:
- Esteem
- Theme Slug:
- esteem
- Downloads
- 354,167
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.5.1
- Severity Score:
- Medium
- CVE:
- 2024-37432
Hestia
- Theme:
- Hestia
- Theme Slug:
- hestia
- Downloads
- 4,062,876
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 3.1.3
- Severity Score:
- Medium
- CVE:
- 2024-37467
Highlight
- Theme:
- Highlight
- Theme Slug:
- highlight
- Downloads
- 435,589
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.0.30
- Severity Score:
- Medium
- CVE:
- 2024-37458
JobScout
- Theme:
- JobScout
- Theme Slug:
- jobscout
- Downloads
- 91,924
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.1.5
- Severity Score:
- Medium
- CVE:
- 2024-37421
Mesmerize
- Theme:
- Mesmerize
- Theme Slug:
- mesmerize
- Downloads
- 1,557,420
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.6.124
- Severity Score:
- Medium
- CVE:
- 2024-37431
NewsMash
- Theme:
- NewsMash
- Theme Slug:
- newsmash
- Downloads
- 64,856
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.0.35
- Severity Score:
- Medium
- CVE:
- 2024-37441
Newsmatic
- Theme:
- Newsmatic
- Theme Slug:
- newsmatic
- Downloads
- 213,444
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.3.3
- Severity Score:
- Medium
- CVE:
- 2024-37468
OnePress
- Theme:
- OnePress
- Theme Slug:
- onepress
- Downloads
- 2,262,614
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.3.7
- Severity Score:
- Medium
- CVE:
- 2024-37448
Perfect Portfolio
- Theme:
- Perfect Portfolio
- Theme Slug:
- perfect-portfolio
- Downloads
- 251,932
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.2.1
- Severity Score:
- Medium
- CVE:
- 2024-37435
Preschool and Kindergarten
- Theme:
- Preschool and Kindergarten
- Theme Slug:
- preschool-and-kindergarten
- Downloads
- 120,182
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.2.2
- Severity Score:
- Medium
- CVE:
- 2024-37413
Travel Agency
- Theme:
- Travel Agency
- Theme Slug:
- travel-agency
- Downloads
- 289,086
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.5.0
- Severity Score:
- Medium
- CVE:
- 2024-37451
Travel Monster
- Theme:
- Travel Monster
- Theme Slug:
- travel-monster
- Downloads
- 28,852
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.1.3
- Severity Score:
- Medium
- CVE:
- 2024-37272
Trendy News
- Theme:
- Trendy News
- Theme Slug:
- trendy-news
- Downloads
- 24,678
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.0.16
- Severity Score:
- Medium
- CVE:
- 2024-37473
Basil
- Theme:
- Basil
- Theme Slug:
- basil
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.0.5
- Severity Score:
- Medium
- CVE:
- 2024-39310
The7
- Theme:
- The7
- Theme Slug:
- dt-the7
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 11.14.0
- Severity Score:
- Medium
- CVE:
- 2024-5451
Foxiz
- Theme:
- Foxiz
- Theme Slug:
- foxiz
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- 2.3.6
- Severity Score:
- High
- CVE:
- 2024-37260
Goya
- Theme:
- Goya
- Theme Slug:
- goya
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.0.8.8
- Severity Score:
- High
- CVE:
- 2023-4017
Striking
- Theme:
- Striking
- Theme Slug:
- striking-r
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 2.3.5
- Severity Score:
- High
- CVE:
- 2024-37268
Striking
- Theme:
- Striking
- Theme Slug:
- striking-r
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.3.5
- Severity Score:
- High
- CVE:
- 2024-37267
Woffice
- Theme:
- Woffice
- Theme Slug:
- woffice
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.4.9
- Severity Score:
- High
- CVE:
- 2024-37472
Solid Security is part of Solid Suite — The best foundation for WordPress websites.
Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!
Join us for the next Solid Academy Webinar!
Free weekly webinars that will help you master WordPress and increase your business's bottom line.
What is a WordPress Phishing Attack?
Learn how to identify and prevent phishing attacks on WordPress websites.
Kiki SheldonWebsite Protection: 5 Ways to Keep Your Website Safe
Robust website protection is the shield that stands between your business and relentless cyber attacks. Prioritizing website protection enables businesses to fortify defenses to safeguard their online presence and preserve the trust of their customers in the face of ever-evolving cybersecurity threats.
Kiki Sheldon23 Ideas To Grow Your WordPress Business in 2023
WordPress is the most popular website-building platform worldwide, trusted by numerous brands. WordPress enables you to build a user-friendly and highly reliable site, together with tools and plugins to enhance your marketing and work like a lead magnet. All these features make WordPress the platform chosen by more than 43% of businesses globally.
SolidWP Editorial TeamSign up now — Get SolidWP updates and valuable content straight to your inbox
Sign up
Placeholder text
Placeholder text
Get started with confidence — risk free, guaranteed
