WordPress Vulnerability Report — April 10, 2024
Since last week, 200 new vulnerabilities emerged in the WordPress ecosystem, including 1 in WordPress core, 4 in themes, and 195 in plugins. 18 of the vulnerable plugins remain unpatched, but Solid Security Pro users are protected by virtual patching from Patchstack.
In this report, 200 vulnerabilities have been publicly disclosed. Security patches for 182 of these plugins, themes, and Core are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.
Additionally, there are 18 plugin vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.
WordPress Core
WordPress 6.5.2 was released on April 9, 2024, as a short-cycle security and maintenance release. This release features 2 bug fixes on Core, 12 bug fixes for the Block editor, and 1 security fix. Because this is a security release, it is recommended that you update your sites immediately.
The next major release will be version 6.6 planned for July 16, 2024.
WordPress Core
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 6.5
- Severity Score:
- Medium
- CVE:
- 2023-5692
WordPress Plugins — 177 Patched / 18 Unpatched
User Activity Log
- Plugin:
- User Activity Log
- Plugin Slug:
- user-activity-log
- Installations
- 10,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-31356
Slideshow Gallery LITE
- Plugin:
- Slideshow Gallery LITE
- Plugin Slug:
- slideshow-gallery
- Installations
- 9,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-31355
Slideshow Gallery LITE
- Plugin:
- Slideshow Gallery LITE
- Plugin Slug:
- slideshow-gallery
- Installations
- 9,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-31354
Slideshow Gallery LITE
- Plugin:
- Slideshow Gallery LITE
- Plugin Slug:
- slideshow-gallery
- Installations
- 9,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-31353
MM-email2image
- Plugin:
- MM-email2image
- Plugin Slug:
- mm-email2image
- Installations
- 20+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-3076
MM-email2image
- Plugin:
- MM-email2image
- Plugin Slug:
- mm-email2image
- Installations
- 20+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-3075
Bannerlid
Auto Poster
- Plugin:
- Auto Poster
- Plugin Slug:
- auto-poster
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2024-31345
Breakdance
- Plugin:
- Breakdance
- Plugin Slug:
- breakdance
- Vulnerability:
- Remote Code Execution (RCE)
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2024-31390
CGC Maintenance Mode
- Plugin:
- CGC Maintenance Mode
- Plugin Slug:
- cgc-maintenance-mode
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-1418
Passster – Password Protection
- Plugin:
- Passster – Password Protection
- Plugin Slug:
- content-protector
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-2026
Easy Login Styler – White Label Admin Login Page for WordPress
- Plugin:
- Easy Login Styler – White Label Admin Login Page for WordPress
- Plugin Slug:
- easy-login-styler
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-31344
EnvíaloSimple
- Plugin:
- EnvíaloSimple
- Plugin Slug:
- envialosimple-email-marketing-y-newsletters-gratis
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2024-2125
Font Farsi
- Plugin:
- Font Farsi
- Plugin Slug:
- font-farsi
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-1752
Global Elementor Buttons
- Plugin:
- Global Elementor Buttons
- Plugin Slug:
- global-elementor-buttons
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-2327
Gradient Text Widget for Elementor
- Plugin:
- Gradient Text Widget for Elementor
- Plugin Slug:
- gradient-text-widget-for-elementor
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-31346
Oxygen Builder
- Plugin:
- Oxygen Builder
- Plugin Slug:
- oxygen
- Vulnerability:
- Remote Code Execution (RCE)
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2024-31380
WordPress Gallery Exporter
- Plugin:
- WordPress Gallery Exporter
- Plugin Slug:
- wp-gallery-exporter
- Vulnerability:
- Arbitrary File Download
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-31342
WooCommerce
- Plugin:
- WooCommerce
- Plugin Slug:
- woocommerce
- Installations
- 5,000,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 8.6.0
- Severity Score:
- Medium
- CVE:
- 2024-22155
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
- Plugin:
- Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
- Plugin Slug:
- essential-addons-for-elementor-lite
- Installations
- 2,000,000+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 5.9.14
- Severity Score:
- High
- CVE:
- 2024-3018
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
- Plugin:
- Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
- Plugin Slug:
- essential-addons-for-elementor-lite
- Installations
- 2,000,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 5.9.14
- Severity Score:
- Medium
- CVE:
- 2024-2974
ElementsKit Elementor addons
- Plugin:
- ElementsKit Elementor addons
- Plugin Slug:
- elementskit-lite
- Installations
- 1,000,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.1.0
- Severity Score:
- Medium
- CVE:
- 2024-2803
ElementsKit Elementor addons
- Plugin:
- ElementsKit Elementor addons
- Plugin Slug:
- elementskit-lite
- Installations
- 1,000,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.0.7
- Severity Score:
- Medium
- CVE:
- 2024-1238
File Manager
- Plugin:
- File Manager
- Plugin Slug:
- wp-file-manager
- Installations
- 1,000,000+
- Vulnerability:
- Path Traversal
- Patched in Version:
- 7.2.6
- Severity Score:
- Medium
- CVE:
- 2024-2654
Ocean Extra
- Plugin:
- Ocean Extra
- Plugin Slug:
- ocean-extra
- Installations
- 700,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.2.7
- Severity Score:
- Medium
- CVE:
- 2024-3167
Premium Addons for Elementor
- Plugin:
- Premium Addons for Elementor
- Plugin Slug:
- premium-addons-for-elementor
- Installations
- 700,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 4.10.23
- Severity Score:
- Medium
- CVE:
- 2024-31278
BackWPup – WordPress Backup Plugin
- Plugin Slug:
- backwpup
- Installations
- 600,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 4.0.4
- Severity Score:
- Medium
- CVE:
- 2023-7164
Spectra – WordPress Gutenberg Blocks
- Plugin Slug:
- ultimate-addons-for-gutenberg
- Installations
- 600,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.10.4
- Severity Score:
- Medium
- CVE:
- 2023-6486
Forminator – Contact Form, Payment Form & Custom Form Builder
- Plugin Slug:
- forminator
- Installations
- 500,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.29.3
- Severity Score:
- Medium
- CVE:
- 2024-3053
Forminator – Contact Form, Payment Form & Custom Form Builder
- Plugin Slug:
- forminator
- Installations
- 500,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.29.1
- Severity Score:
- High
- CVE:
- 2024-1794
WordPress Gallery Plugin – NextGEN Gallery
- Plugin Slug:
- nextgen-gallery
- Installations
- 500,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.59.1
- Severity Score:
- Medium
- CVE:
- 2024-3097
Page Builder Gutenberg Blocks – CoBlocks
- Plugin Slug:
- coblocks
- Installations
- 400,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.1.7
- Severity Score:
- Medium
- CVE:
- 2024-2369
Gutenberg Blocks by Kadence Blocks – Page Builder Features
- Plugin Slug:
- kadence-blocks
- Installations
- 400,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.2.26
- Severity Score:
- Medium
- CVE:
- 2024-2509
Gutenberg Blocks by Kadence Blocks – Page Builder Features
- Plugin Slug:
- kadence-blocks
- Installations
- 400,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.2.32
- Severity Score:
- Medium
- CVE:
- 2024-2919
Gutenberg Blocks by Kadence Blocks – Page Builder Features
- Plugin Slug:
- kadence-blocks
- Installations
- 400,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.2.18
- Severity Score:
- Medium
- CVE:
- 2024-0598
CMB2
MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor
- Plugin Slug:
- metform
- Installations
- 300,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.8.6
- Severity Score:
- Medium
- CVE:
- 2024-2791
Royal Elementor Addons and Templates
- Plugin Slug:
- royal-elementor-addons
- Installations
- 300,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.3.95
- Severity Score:
- Medium
- CVE:
- 2024-31236
Jeg Elementor Kit
- Plugin:
- Jeg Elementor Kit
- Plugin Slug:
- jeg-elementor-kit
- Installations
- 200,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.6.4
- Severity Score:
- Medium
- CVE:
- 2024-1327
Photo Gallery by 10Web – Mobile-Friendly Image Gallery
- Plugin Slug:
- photo-gallery
- Installations
- 200,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.8.22
- Severity Score:
- Medium
- CVE:
- 2024-2296
Post Views Counter
- Plugin:
- Post Views Counter
- Plugin Slug:
- post-views-counter
- Installations
- 200,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.4.5
- Severity Score:
- Medium
- CVE:
- 2024-31264
Responsive Lightbox & Gallery
- Plugin:
- Responsive Lightbox & Gallery
- Plugin Slug:
- responsive-lightbox
- Installations
- 200,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.4.7
- Severity Score:
- Medium
- CVE:
- 2024-31252
WooCommerce Cart Abandonment Recovery
- Plugin Slug:
- woo-cart-abandonment-recovery
- Installations
- 200,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.2.27
- Severity Score:
- Medium
- CVE:
- 2024-2322
Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)
- Plugin Slug:
- bdthemes-element-pack-lite
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.3.3
- Severity Score:
- Medium
- CVE:
- 2024-0837
Beaver Builder – WordPress Page Builder
- Plugin Slug:
- beaver-builder-lite-version
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.8.0.7
- Severity Score:
- Medium
- CVE:
- 2024-2925
Colibri Page Builder
- Plugin:
- Colibri Page Builder
- Plugin Slug:
- colibri-page-builder
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.0.270
- Severity Score:
- Medium
- CVE:
- 2024-2839
Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates
- Plugin Slug:
- essential-blocks
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.5.4
- Severity Score:
- Medium
- CVE:
- 2024-31306
Best WordPress Gallery Plugin – FooGallery
- Plugin Slug:
- foogallery
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.4.15
- Severity Score:
- Medium
- CVE:
- 2024-2471
Genesis Blocks
- Plugin:
- Genesis Blocks
- Plugin Slug:
- genesis-blocks
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.1.3
- Severity Score:
- Medium
- CVE:
- 2024-1946
Inline Related Posts
- Plugin:
- Inline Related Posts
- Plugin Slug:
- intelly-related-posts
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.5.0
- Severity Score:
- Medium
- CVE:
- 2024-2444
PowerPack Addons for Elementor (Free Widgets, Extensions and Templates)
- Plugin Slug:
- powerpack-lite-for-elementor
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.7.18
- Severity Score:
- Medium
- CVE:
- 2024-2491
PowerPack Addons for Elementor (Free Widgets, Extensions and Templates)
- Plugin Slug:
- powerpack-lite-for-elementor
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.7.19
- Severity Score:
- Medium
- CVE:
- 2024-2492
Relevanssi – A Better Search
- Plugin:
- Relevanssi – A Better Search
- Plugin Slug:
- relevanssi
- Installations
- 100,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.22.2
- Severity Score:
- Medium
- CVE:
- 2024-3213
Relevanssi – A Better Search
- Plugin:
- Relevanssi – A Better Search
- Plugin Slug:
- relevanssi
- Installations
- 100,000+
- Vulnerability:
- CSV Injection
- Patched in Version:
- 4.22.2
- Severity Score:
- Medium
- CVE:
- 2024-3214
Template Kit – Import
- Plugin:
- Template Kit – Import
- Plugin Slug:
- template-kit-import
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.0.15
- Severity Score:
- Medium
- CVE:
- 2024-2334
Tracking Code Manager
- Plugin:
- Tracking Code Manager
- Plugin Slug:
- tracking-code-manager
- Installations
- 100,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.2.0
- Severity Score:
- Medium
- CVE:
- 2024-31347
Advanced Order Export For WooCommerce
- Plugin Slug:
- woo-order-export-lite
- Installations
- 100,000+
- Vulnerability:
- Remote Code Execution (RCE)
- Patched in Version:
- 3.4.5
- Severity Score:
- Critical
- CVE:
- 2024-31266
ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor)
- Plugin Slug:
- woolentor-addons
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.8.5
- Severity Score:
- Medium
- CVE:
- 2024-2946
ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor)
- Plugin Slug:
- woolentor-addons
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.8.4
- Severity Score:
- Medium
- CVE:
- 2024-2868
Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce
- Plugin Slug:
- email-subscribers
- Installations
- 90,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.7.16
- Severity Score:
- Medium
- CVE:
- 2024-2656
Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce
- Plugin Slug:
- email-subscribers
- Installations
- 90,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 5.7.14
- Severity Score:
- Medium
- CVE:
- 2024-31352
EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor
- Plugin Slug:
- embedpress
- Installations
- 90,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.9.15
- Severity Score:
- Medium
- CVE:
- 2024-3244
EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor
- Plugin Slug:
- embedpress
- Installations
- 90,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.9.9
- Severity Score:
- Medium
- CVE:
- 2024-31284
EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor
- Plugin Slug:
- embedpress
- Installations
- 90,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.9.12
- Severity Score:
- Medium
- CVE:
- 2024-31274
Flexible Checkout Fields for WooCommerce – WooCommerce Checkout Manager
- Plugin Slug:
- flexible-checkout-fields
- Installations
- 90,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.1.3
- Severity Score:
- Medium
- CVE:
- 2024-31267
LearnPress – WordPress LMS Plugin
- Plugin Slug:
- learnpress
- Installations
- 90,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 4.0.1
- Severity Score:
- High
- CVE:
- 2024-2115
LearnPress – WordPress LMS Plugin
- Plugin Slug:
- learnpress
- Installations
- 90,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.2.6.4
- Severity Score:
- Medium
- CVE:
- 2024-1463
LearnPress – WordPress LMS Plugin
- Plugin Slug:
- learnpress
- Installations
- 90,000+
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- 4.2.6.4
- Severity Score:
- Medium
- CVE:
- 2024-1289
Sydney Toolbox
- Plugin:
- Sydney Toolbox
- Plugin Slug:
- sydney-toolbox
- Installations
- 80,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.29
- Severity Score:
- Medium
- CVE:
- 2024-3208
BoldGrid Easy SEO – Simple and Effective SEO
- Plugin Slug:
- boldgrid-easy-seo
- Installations
- 70,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 1.6.15
- Severity Score:
- Medium
- CVE:
- 2024-2950
WordPress Tag and Category Manager – AI Autotagger
- Plugin Slug:
- simple-tags
- Installations
- 60,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.20.0
- Severity Score:
- Medium
- CVE:
- 2024-2830
Carousel, Slider, Gallery by WP Carousel – Image Carousel & Photo Gallery, Post Carousel & Post Grid, Product Carousel & Product Grid for WooCommerce
- Plugin Slug:
- wp-carousel-free
- Installations
- 60,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.6.4
- Severity Score:
- Medium
- CVE:
- 2024-2949
WP-Members Membership Plugin
- Plugin:
- WP-Members Membership Plugin
- Plugin Slug:
- wp-members
- Installations
- 60,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.4.9.3
- Severity Score:
- High
- CVE:
- 2024-1852
Bold Page Builder
- Plugin:
- Bold Page Builder
- Plugin Slug:
- bold-page-builder
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.8.9
- Severity Score:
- Medium
- CVE:
- 2024-3267
Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy)
- Plugin:
- Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy)
- Plugin Slug:
- easy-digital-downloads
- Installations
- 50,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 3.2.7
- Severity Score:
- Medium
- CVE:
- 2024-31293
Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy)
- Plugin:
- Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy)
- Plugin Slug:
- easy-digital-downloads
- Installations
- 50,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 3.2.10
- Severity Score:
- Medium
- CVE:
- 2024-2302
FancyBox for WordPress
- Plugin:
- FancyBox for WordPress
- Plugin Slug:
- fancybox-for-wordpress
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.3.4
- Severity Score:
- Medium
- CVE:
- 2024-0662
RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator
- Plugin:
- RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator
- Plugin Slug:
- feedzy-rss-feeds
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.3.4
- Severity Score:
- Medium
- CVE:
- 2023-6877
Image Watermark
- Plugin:
- Image Watermark
- Plugin Slug:
- image-watermark
- Installations
- 50,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.7.4
- Severity Score:
- Medium
- CVE:
- 2024-1994
WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels
- Plugin Slug:
- print-invoices-packing-slip-labels-for-woocommerce
- Installations
- 50,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.4.3
- Severity Score:
- Medium
- CVE:
- 2024-3216
User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor
- Plugin Slug:
- profile-builder
- Installations
- 50,000+
- Vulnerability:
- Bypass Vulnerability
- Patched in Version:
- 3.11.3
- Severity Score:
- Medium
- CVE:
- 2024-31341
Hubbub Lite – Fast, Reliable Social Sharing Buttons
- Plugin Slug:
- social-pug
- Installations
- 50,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 1.33.1
- Severity Score:
- Medium
- CVE:
- 2024-1526
WPFront User Role Editor
- Plugin:
- WPFront User Role Editor
- Plugin Slug:
- wpfront-user-role-editor
- Installations
- 50,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 4.1.0
- Severity Score:
- Medium
- CVE:
- 2024-2931
ConvertKit – Email Newsletter, Email Marketing, Subscribers and Landing Pages
- Plugin Slug:
- convertkit
- Installations
- 40,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 2.4.6
- Severity Score:
- Medium
- CVE:
- 2024-31245
SecuPress Free — WordPress Security
- Plugin Slug:
- secupress
- Installations
- 40,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.2.5.2
- Severity Score:
- Medium
- CVE:
- 2024-1504
Post Grid Gutenberg Blocks and WordPress News Plugin – PostX
- Plugin Slug:
- ultimate-post
- Installations
- 40,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.2.4
- Severity Score:
- Medium
- CVE:
- 2024-31246
WP Import Export Lite
- Plugin:
- WP Import Export Lite
- Plugin Slug:
- wp-import-export-lite
- Installations
- 40,000+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 3.9.27
- Severity Score:
- Medium
- CVE:
- 2024-31308
Easy Google Maps
- Plugin:
- Easy Google Maps
- Plugin Slug:
- google-maps-easy
- Installations
- 30,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.11.12
- Severity Score:
- Medium
- CVE:
- 2024-31269
Sumo – Boost Conversion and Sales
- Plugin Slug:
- sumome
- Installations
- 30,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.35
- Severity Score:
- Low
- CVE:
- 2024-31265
Themify – WooCommerce Product Filter
- Plugin Slug:
- themify-wc-product-filter
- Installations
- 30,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.4.4
- Severity Score:
- Medium
- CVE:
- 2024-2278
Themify – WooCommerce Product Filter
- Plugin Slug:
- themify-wc-product-filter
- Installations
- 30,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.4.4
- Severity Score:
- High
- CVE:
- 2024-2263
Themify – WooCommerce Product Filter
- Plugin Slug:
- themify-wc-product-filter
- Installations
- 30,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.4.4
- Severity Score:
- Medium
- CVE:
- 2024-2262
Ultimate Addons for Beaver Builder – Lite
- Plugin Slug:
- ultimate-addons-for-beaver-builder-lite
- Installations
- 30,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.5.8
- Severity Score:
- Medium
- CVE:
- 2024-2141
All-in-One Video Gallery
- Plugin:
- All-in-One Video Gallery
- Plugin Slug:
- all-in-one-video-gallery
- Installations
- 20,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.6.0
- Severity Score:
- Medium
- CVE:
- 2024-31248
Ecwid Ecommerce Shopping Cart
- Plugin:
- Ecwid Ecommerce Shopping Cart
- Plugin Slug:
- ecwid-shopping-cart
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 6.12.11
- Severity Score:
- Medium
- CVE:
- 2024-2456
MP3 Audio Player for Music, Radio & Podcast by Sonaar
- Plugin Slug:
- mp3-music-player-by-sonaar
- Installations
- 20,000+
- Vulnerability:
- Arbitrary File Download
- Patched in Version:
- 5.0
- Severity Score:
- High
- CVE:
- 2024-31343
My Calendar
- Plugin:
- My Calendar
- Plugin Slug:
- my-calendar
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.4.24
- Severity Score:
- Medium
- CVE:
- 2024-1274
Powerkit – Supercharge your WordPress Site
- Plugin Slug:
- powerkit
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.9.2
- Severity Score:
- Medium
- CVE:
- 2024-2458
ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization
- Plugin Slug:
- shortpixel-adaptive-images
- Installations
- 20,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.8.3
- Severity Score:
- Medium
- CVE:
- 2024-31230
WordPress File Upload
- Plugin:
- WordPress File Upload
- Plugin Slug:
- wp-file-upload
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.24.6
- Severity Score:
- Medium
- CVE:
- 2024-2847
BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin
- Plugin Slug:
- bookingpress-appointment-booking
- Installations
- 10,000+
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- 1.0.82
- Severity Score:
- Medium
- CVE:
- 2024-31296
BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin
- Plugin Slug:
- bookingpress-appointment-booking
- Installations
- 10,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 1.0.88
- Severity Score:
- Medium
- CVE:
- 2024-3022
bunny.net – WordPress CDN Plugin
- Plugin:
- bunny.net – WordPress CDN Plugin
- Plugin Slug:
- bunnycdn
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.0.2
- Severity Score:
- Medium
- CVE:
- 2024-31361
Captcha by BestWebSoft – Spam Protection, Security Plugin for WordPress Forms
- Plugin Slug:
- captcha-bws
- Installations
- 10,000+
- Vulnerability:
- Bypass Vulnerability
- Patched in Version:
- 5.2.1
- Severity Score:
- Medium
- CVE:
- 2024-31295
Classified Listing – Classified ads & Business Directory Plugin
- Plugin Slug:
- classified-listing
- Installations
- 10,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 3.0.5
- Severity Score:
- High
- CVE:
- 2024-1315
Classified Listing – Classified ads & Business Directory Plugin
- Plugin Slug:
- classified-listing
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.0.5
- Severity Score:
- Medium
- CVE:
- 2024-1352
Contact Form Email
- Plugin:
- Contact Form Email
- Plugin Slug:
- contact-form-to-email
- Installations
- 10,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 1.3.45
- Severity Score:
- Medium
- CVE:
- 2024-31302
Favorites
LifterLMS – WordPress LMS Plugin for eLearning
- Plugin Slug:
- lifterlms
- Installations
- 10,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 7.5.1
- Severity Score:
- Medium
- CVE:
- 2024-31363
MailMunch – Grow your Email List
- Plugin:
- MailMunch – Grow your Email List
- Plugin Slug:
- mailmunch
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.1.7
- Severity Score:
- Medium
- CVE:
- 2024-31349
MasterStudy LMS WordPress Plugin – for Online Courses and Education
- Plugin Slug:
- masterstudy-lms-learning-management-system
- Installations
- 10,000+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 3.3.4
- Severity Score:
- Critical
- CVE:
- 2024-3136
s2Member – Best Membership Plugin for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions
- Plugin Slug:
- s2member
- Installations
- 10,000+
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 240325
- Severity Score:
- High
- CVE:
- 2024-31237
Subscribe To Comments Reloaded
- Plugin:
- Subscribe To Comments Reloaded
- Plugin Slug:
- subscribe-to-comments-reloaded
- Installations
- 10,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 240119
- Severity Score:
- Medium
- CVE:
- 2024-31249
Ultimate Maps by Supsystic
- Plugin:
- Ultimate Maps by Supsystic
- Plugin Slug:
- ultimate-maps-by-supsystic
- Installations
- 10,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.2.17
- Severity Score:
- Medium
- CVE:
- 2024-31271
WP Photo Album Plus
- Plugin:
- WP Photo Album Plus
- Plugin Slug:
- wp-photo-album-plus
- Installations
- 10,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 8.6.03.005
- Severity Score:
- Critical
- CVE:
- 2024-31286
WP Server Health Stats
- Plugin:
- WP Server Health Stats
- Plugin Slug:
- wp-server-stats
- Installations
- 10,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.7.4
- Severity Score:
- Medium
- CVE:
- 2024-31250
Media Library Folders
- Plugin:
- Media Library Folders
- Plugin Slug:
- media-library-plus
- Installations
- 9,000+
- Vulnerability:
- Directory Traversal
- Patched in Version:
- 8.1.9
- Severity Score:
- Medium
- CVE:
- 2024-31287
WordPress Backup & Migration
- Plugin:
- WordPress Backup & Migration
- Plugin Slug:
- wp-migration-duplicator
- Installations
- 9,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 1.4.8
- Severity Score:
- Low
- CVE:
- 2024-31254
Announcer – Sticky Message Banner, Notification Bar – Add to Top, Bottom of your Website
- Plugin Slug:
- announcer
- Installations
- 8,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 6.0.1
- Severity Score:
- Medium
- CVE:
- 2024-31261
Generate Child Theme
- Plugin:
- Generate Child Theme
- Plugin Slug:
- generate-child-theme
- Installations
- 8,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.0.1
- Severity Score:
- Medium
- CVE:
- 2024-31279
LearnPress Export Import – WordPress extension for LearnPress
- Plugin Slug:
- learnpress-import-export
- Installations
- 8,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 4.0.4
- Severity Score:
- High
- CVE:
- 2024-31241
WPvivid Backup for MainWP
- Plugin:
- WPvivid Backup for MainWP
- Plugin Slug:
- wpvivid-backup-mainwp
- Installations
- 8,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 0.9.34
- Severity Score:
- Medium
ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup
- Plugin:
- ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup
- Plugin Slug:
- armember-membership
- Installations
- 7,000+
- Vulnerability:
- Directory Traversal
- Patched in Version:
- 4.0.28
- Severity Score:
- Medium
ProfileGrid – User Profiles, Memberships, Groups and Communities
- Plugin Slug:
- profilegrid-user-profiles-groups-and-communities
- Installations
- 7,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 5.7.9
- Severity Score:
- Medium
- CVE:
- 2024-31362
ProfileGrid – User Profiles, Memberships, Groups and Communities
- Plugin Slug:
- profilegrid-user-profiles-groups-and-communities
- Installations
- 7,000+
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- 5.7.7
- Severity Score:
- Medium
- CVE:
- 2024-31291
Announce from the Dashboard
- Plugin:
- Announce from the Dashboard
- Plugin Slug:
- announce-from-the-dashboard
- Installations
- 6,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.5.3
- Severity Score:
- Medium
- CVE:
- 2024-3030
MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution
- Plugin Slug:
- dc-woocommerce-multi-vendor
- Installations
- 6,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.1.4
- Severity Score:
- High
- CVE:
- 2024-31304
WordPress Tooltips
- Plugin:
- WordPress Tooltips
- Plugin Slug:
- wordpress-tooltips
- Installations
- 6,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 9.5.9
- Severity Score:
- High
- CVE:
- 2024-31285
WP Sort Order
- Plugin:
- WP Sort Order
- Plugin Slug:
- wp-sort-order
- Installations
- 6,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.3.2
- Severity Score:
- Medium
- CVE:
- 2024-31294
Edwiser Bridge – WordPress Moodle LMS Integration
- Plugin Slug:
- edwiser-bridge
- Installations
- 5,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 3.0.4
- Severity Score:
- High
- CVE:
- 2024-31260
JS Help Desk – Best Help Desk & Support Plugin
- Plugin Slug:
- js-support-ticket
- Installations
- 5,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.8.4
- Severity Score:
- Medium
- CVE:
- 2024-31273
WP-Stateless – Google Cloud Storage
- Plugin Slug:
- wp-stateless
- Installations
- 5,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.4.1
- Severity Score:
- High
- CVE:
- 2024-1385
Advanced Local Pickup for WooCommerce
- Plugin Slug:
- advanced-local-pickup-for-woocommerce
- Installations
- 4,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.6.3
- Severity Score:
- High
- CVE:
- 2024-31283
Custom post types, Custom Fields & more
- Plugin Slug:
- custom-post-types
- Installations
- 4,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.0.5
- Severity Score:
- Medium
- CVE:
- 2023-6993
Community by PeepSo – Social Network, Membership, Registration, User Profiles
- Plugin Slug:
- peepso-core
- Installations
- 4,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 6.3.1.2
- Severity Score:
- Medium
- CVE:
- 2024-31251
Watu Quiz
Watu Quiz
WordPress Comments Import & Export
- Plugin Slug:
- comments-import-export-woocommerce
- Installations
- 3,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.3.6
- Severity Score:
- Medium
- CVE:
- 2024-31235
EventPrime – Events Calendar, Bookings and Tickets
- Plugin Slug:
- eventprime-event-calendar-management
- Installations
- 3,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.3.5
- Severity Score:
- High
- CVE:
- 2024-31275
Products, Order & Customers Export for WooCommerce
- Plugin Slug:
- export-woocommerce
- Installations
- 3,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.0.9
- Severity Score:
- Medium
- CVE:
- 2024-31276
Import XML and RSS Feeds
- Plugin:
- Import XML and RSS Feeds
- Plugin Slug:
- import-xml-feed
- Installations
- 3,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 2.1.6
- Severity Score:
- High
- CVE:
- 2024-31292
Modal Popup Box – Popup Builder, Show Offers And News in Popup
- Plugin Slug:
- modal-popup-box
- Installations
- 3,000+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 1.5.3
- Severity Score:
- High
- CVE:
- 2024-2008
Multiple Page Generator Plugin – MPG
- Plugin Slug:
- multiple-pages-generator-by-porthas
- Installations
- 3,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 3.4.1
- Severity Score:
- Medium
- CVE:
- 2024-31301
WP OAuth Server (OAuth Authentication)
- Plugin Slug:
- oauth2-provider
- Installations
- 3,000+
- Vulnerability:
- Open Redirection
- Patched in Version:
- 4.4.0
- Severity Score:
- Medium
- CVE:
- 2024-31253
Premmerce Product Filter for WooCommerce
- Plugin Slug:
- premmerce-woocommerce-product-filter
- Installations
- 3,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.7.3
- Severity Score:
- Medium
- CVE:
- 2024-31359
Super Testimonials
- Plugin:
- Super Testimonials
- Plugin Slug:
- super-testimonial
- Installations
- 3,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.0.6
- Severity Score:
- Medium
- CVE:
- 2024-31348
Product Sort and Display for WooCommerce
- Plugin Slug:
- woocommerce-product-sort-and-display
- Installations
- 3,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.4.2
- Severity Score:
- Medium
- CVE:
- 2024-1807
WP Directory Kit
- Plugin:
- WP Directory Kit
- Plugin Slug:
- wpdirectorykit
- Installations
- 3,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 1.3.1
- Severity Score:
- High
- CVE:
- 2024-3217
Contact Form, Survey & Popup Form Plugin for WordPress – ARForms Form Builder
- Plugin Slug:
- arforms-form-builder
- Installations
- 2,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.6.2
- Severity Score:
- Medium
- CVE:
- 2024-31272
Contact Form, Survey & Popup Form Plugin for WordPress – ARForms Form Builder
- Plugin Slug:
- arforms-form-builder
- Installations
- 2,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.6.2
- Severity Score:
- High
- CVE:
- 2024-31270
Smart Online Order for Clover
- Plugin:
- Smart Online Order for Clover
- Plugin Slug:
- clover-online-orders
- Installations
- 2,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.5.6
- Severity Score:
- Medium
- CVE:
- 2024-31238
Form to Chat App ??
- Plugin:
- Form to Chat App ??
- Plugin Slug:
- form-to-chat
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.1.7
- Severity Score:
- Medium
- CVE:
- 2024-31258
Masteriyo LMS – eLearning and Online Course Builder for WordPress
- Plugin Slug:
- learning-management-system
- Installations
- 2,000+
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 1.7.3
- Severity Score:
- Critical
- CVE:
- 2024-24882
Loan Repayment Calculator and Application Form
- Plugin Slug:
- quick-interest-slider
- Installations
- 2,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.9.5
- Severity Score:
- Medium
- CVE:
- 2024-31263
SearchIQ – The Search Solution
- Plugin:
- SearchIQ – The Search Solution
- Plugin Slug:
- searchiq
- Installations
- 2,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 4.6
- Severity Score:
- High
- CVE:
- 2024-31259
User Spam Remover
- Plugin:
- User Spam Remover
- Plugin Slug:
- user-spam-remover
- Installations
- 2,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 1.1
- Severity Score:
- Medium
- CVE:
- 2024-31298
WooCommerce Checkout Field Editor (Checkout Manager)
- Plugin Slug:
- woo-checkout-regsiter-field-editor
- Installations
- 2,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.1.9
- Severity Score:
- Medium
- CVE:
- 2024-31262
App Builder – Create Native Android & iOS Apps On The Flight
- Plugin Slug:
- app-builder
- Installations
- 1,000+
- Vulnerability:
- Open Redirection
- Patched in Version:
- 3.8.8
- Severity Score:
- Medium
- CVE:
- 2024-31282
AppPresser – Mobile App Framework
- Plugin Slug:
- apppresser
- Installations
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 4.3.1
- Severity Score:
- Medium
- CVE:
- 2024-31268
Benchmark Email Lite
- Plugin:
- Benchmark Email Lite
- Plugin Slug:
- benchmark-email-lite
- Installations
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 4.2
- Severity Score:
- Medium
- CVE:
- 2024-31360
Church Admin
- Plugin:
- Church Admin
- Plugin Slug:
- church-admin
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.1.7
- Severity Score:
- Medium
- CVE:
- 2024-31281
Church Admin
- Plugin:
- Church Admin
- Plugin Slug:
- church-admin
- Installations
- 1,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 4.1.6
- Severity Score:
- Critical
- CVE:
- 2024-31280
Creative Addons for Elementor
- Plugin:
- Creative Addons for Elementor
- Plugin Slug:
- creative-addons-for-elementor
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.6.0
- Severity Score:
- Medium
- CVE:
- 2024-2924
ELEX WooCommerce Dynamic Pricing and Discounts
- Plugin Slug:
- elex-woocommerce-dynamic-pricing-and-discounts
- Installations
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.1.3
- Severity Score:
- Medium
- CVE:
- 2024-31364
ELEX WooCommerce Dynamic Pricing and Discounts
- Plugin Slug:
- elex-woocommerce-dynamic-pricing-and-discounts
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.1.3
- Severity Score:
- High
- CVE:
- 2024-31255
WP Poll Maker – Best WordPress Poll Plugin for Voting Contest
- Plugin Slug:
- epoll-wp-voting
- Installations
- 1,000+
- Vulnerability:
- Arbitrary File Deletion
- Patched in Version:
- 3.4
- Severity Score:
- High
- CVE:
- 2024-31240
FG Drupal to WordPress
- Plugin:
- FG Drupal to WordPress
- Plugin Slug:
- fg-drupal-to-wp
- Installations
- 1,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 3.71.0
- Severity Score:
- Medium
- CVE:
- 2024-31247
Formsite | Embed online forms to collect orders, registrations, leads, and surveys
- Plugin Slug:
- formsite
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.7
- Severity Score:
- Medium
- CVE:
- 2024-31257
Nudgify Social Proof, Sales Popup & FOMO – Best WordPress Social Proof Plugin
- Plugin Slug:
- nudgify
- Installations
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.3.4
- Severity Score:
- Medium
- CVE:
- 2024-31239
Product Designer
- Plugin:
- Product Designer
- Plugin Slug:
- product-designer
- Installations
- 1,000+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 1.0.33
- Severity Score:
- High
- CVE:
- 2024-31277
ReDi Restaurant Reservation
- Plugin:
- ReDi Restaurant Reservation
- Plugin Slug:
- redi-restaurant-reservation
- Installations
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 24.0303
- Severity Score:
- High
- CVE:
- 2024-31299
Sign-up Sheets
- Plugin:
- Sign-up Sheets
- Plugin Slug:
- sign-up-sheets
- Installations
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.2.12
- Severity Score:
- Medium
- CVE:
- 2024-31303
Transcoder
- Plugin:
- Transcoder
- Plugin Slug:
- transcoder
- Installations
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.3.6
- Severity Score:
- Medium
- CVE:
- 2024-31305
Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider
- Plugin Slug:
- ultimate-store-kit
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.6.0
- Severity Score:
- Medium
- CVE:
- 2024-31357
RapidLoad 2.2 – Speed Monster in One Plugin
- Plugin Slug:
- unusedcss
- Installations
- 1,000+
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- 2.2.12
- Severity Score:
- High
- CVE:
- 2024-31288
Sharkdropship Dropshipping & Affiliate for for AliExpress
- Plugin Slug:
- wooshark-aliexpress-importer
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.2.5
- Severity Score:
- Medium
- CVE:
- 2024-1732
WordPress Webinar Plugin – WebinarPress
- Plugin Slug:
- wp-webinarsystem
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.33.10
- Severity Score:
- High
- CVE:
- 2024-31256
WP2LEADS | WordPress und KlickTipp einfach verbinden – WooCommerce und KlickTipp einfach verbinden
- Plugin:
- WP2LEADS | WordPress und KlickTipp einfach verbinden – WooCommerce und KlickTipp einfach verbinden
- Plugin Slug:
- wp2leads
- Installations
- 100+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.2.8
- Severity Score:
- Medium
- CVE:
- 2024-31375
5 star review funnel for Google Reviews, Trustpilot, ProvenExpert and more | RRatingg
- Plugin Slug:
- 5-stars-rating-funnel
- Installations
- 30+
- Vulnerability:
- Arbitrary Content Deletion
- Patched in Version:
- 1.3.02
- Severity Score:
- High
- CVE:
- 2024-31358
AWP Classifieds
- Plugin:
- AWP Classifieds
- Plugin Slug:
- another-wordpress-classifieds-plugin
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.3.2
- Severity Score:
- Medium
- CVE:
- 2024-31350
Beaver Themer
- Plugin:
- Beaver Themer
- Plugin Slug:
- beaver-themer
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 1.4.9.1
- Severity Score:
- Medium
- CVE:
- 2023-6695
Bricksforge
- Plugin:
- Bricksforge
- Plugin Slug:
- bricksforge
- Vulnerability:
- Settings Change
- Patched in Version:
- 2.1.1
- Severity Score:
- Critical
- CVE:
- 2024-31244
Bricksforge
- Plugin:
- Bricksforge
- Plugin Slug:
- bricksforge
- Vulnerability:
- Settings Change
- Patched in Version:
- 2.1.1
- Severity Score:
- High
- CVE:
- 2024-31243
Bricksforge
- Plugin:
- Bricksforge
- Plugin Slug:
- bricksforge
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.1.1
- Severity Score:
- Medium
- CVE:
- 2024-31242
Demo My WordPress
- Plugin:
- Demo My WordPress
- Plugin Slug:
- demo-my-wordpress
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 1.1.0
- Severity Score:
- Critical
- CVE:
- 2024-31290
Easy Social Share Buttons
- Plugin:
- Easy Social Share Buttons
- Plugin Slug:
- easy-social-share-buttons3
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 9.5
- Severity Score:
- Medium
- CVE:
- 2024-31307
Easy Social Share Buttons
- Plugin:
- Easy Social Share Buttons
- Plugin Slug:
- easy-social-share-buttons3
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 9.5
- Severity Score:
- High
- CVE:
- 2024-31300
LayerSlider
- Plugin:
- LayerSlider
- Plugin Slug:
- layerslider
- Vulnerability:
- SQL Injection
- Patched in Version:
- 7.10.1
- Severity Score:
- Critical
- CVE:
- 2024-2879
REHub Framework
- Plugin:
- REHub Framework
- Plugin Slug:
- rehub-framework
- Vulnerability:
- SQL Injection
- Patched in Version:
- 19.6.2
- Severity Score:
- High
- CVE:
- 2024-31234
Relevanssi Premium
- Plugin:
- Relevanssi Premium
- Plugin Slug:
- relevanssi-premium
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.25.2
- Severity Score:
- Medium
- CVE:
- 2024-3213
Relevanssi Premium
- Plugin:
- Relevanssi Premium
- Plugin Slug:
- relevanssi-premium
- Vulnerability:
- CSV Injection
- Patched in Version:
- 2.25.2
- Severity Score:
- Medium
- CVE:
- 2024-3214
Slider Revolution
- Plugin:
- Slider Revolution
- Plugin Slug:
- revslider
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 6.7.0
- Severity Score:
- Medium
- CVE:
- 2024-2306
Wholesale For WooCommerce
- Plugin:
- Wholesale For WooCommerce
- Plugin Slug:
- woocommerce-wholesale-pricing
- Vulnerability:
- Arbitrary Content Deletion
- Patched in Version:
- 2.3.1
- Severity Score:
- High
- CVE:
- 2024-31297
WPB Show Core
- Plugin:
- WPB Show Core
- Plugin Slug:
- wpb-show-core
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.7
- Severity Score:
- High
- CVE:
- 2024-1956
WPB Show Core
- Plugin:
- WPB Show Core
- Plugin Slug:
- wpb-show-core
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.6
- Severity Score:
- High
- CVE:
- 2024-1292
WordPress Themes — 4 Patched / 0 Unpatched
Hello Elementor
- Theme:
- Hello Elementor
- Theme Slug:
- hello-elementor
- Downloads
- 6,963,021
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 3.0.1
- Severity Score:
- Medium
- CVE:
- 2024-31289
Rehub
- Theme:
- Rehub
- Theme Slug:
- rehub-theme
- Vulnerability:
- SQL Injection
- Patched in Version:
- 19.6.2
- Severity Score:
- High
- CVE:
- 2024-31233
Rehub
- Theme:
- Rehub
- Theme Slug:
- rehub-theme
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 19.6.2
- Severity Score:
- High
- CVE:
- 2024-31232
Rehub
- Theme:
- Rehub
- Theme Slug:
- rehub-theme
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 19.6.2
- Severity Score:
- Critical
- CVE:
- 2024-31231
Solid Security is part of Solid Suite — The best foundation for WordPress websites.
Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!
Sign up now — Get SolidWP updates and valuable content straight to your inbox
Sign up
Get started with confidence — risk free, guaranteed