WordPress Vulnerability Report — April 10, 2024

Since last week, 200 new vulnerabilities emerged in the WordPress ecosystem, including 1 in WordPress core, 4 in themes, and 195 in plugins. 18 of the vulnerable plugins remain unpatched, but Solid Security Pro users are protected by virtual patching from Patchstack.

Sarah Ulmer

Published:Apr 10, 2024

Filed Under:WordPress Vulnerability Report

Reading Time:39 min.

In this report, 200 vulnerabilities have been publicly disclosed. Security patches for 182 of these plugins, themes, and Core are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 18 plugin vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

Along with poor user account security, vulnerable plugins and themes are among the top reasons why WordPress websites get hacked. Unfortunately, cyberattacks are increasing in volume and sophistication. They’re also increasingly aimed at small to mid-sized businesses.

1. WordPress Core

1.1 WordPress Core

2. WordPress Plugins — 177 Patched / 18 Unpatched

2.1 User Activity Log
2.2 Slideshow Gallery LITE
2.3 Slideshow Gallery LITE
2.4 Slideshow Gallery LITE
2.5 MM-email2image
2.6 MM-email2image
2.7 Bannerlid
2.8 Auto Poster
2.9 Breakdance
2.10 CGC Maintenance Mode
2.11 Passster – Password Protection
2.12 Easy Login Styler – White Label Admin Login Page for WordPress
2.13 EnvíaloSimple
2.14 Font Farsi
2.15 Global Elementor Buttons
2.16 Gradient Text Widget for Elementor
2.17 Oxygen Builder
2.18 WordPress Gallery Exporter
2.19 WooCommerce
2.20 Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
2.21 Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
2.22 ElementsKit Elementor addons
2.23 ElementsKit Elementor addons
2.24 File Manager
2.25 Ocean Extra
2.26 Premium Addons for Elementor
2.27 BackWPup – WordPress Backup Plugin
2.28 Spectra – WordPress Gutenberg Blocks
2.29 Forminator – Contact Form, Payment Form & Custom Form Builder
2.30 Forminator – Contact Form, Payment Form & Custom Form Builder
2.31 WordPress Gallery Plugin – NextGEN Gallery
2.32 Page Builder Gutenberg Blocks – CoBlocks
2.33 Gutenberg Blocks by Kadence Blocks – Page Builder Features
2.34 Gutenberg Blocks by Kadence Blocks – Page Builder Features
2.35 Gutenberg Blocks by Kadence Blocks – Page Builder Features
2.36 CMB2
2.37 MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor
2.38 Royal Elementor Addons and Templates
2.39 Jeg Elementor Kit
2.40 Photo Gallery by 10Web – Mobile-Friendly Image Gallery
2.41 Post Views Counter
2.42 Responsive Lightbox & Gallery
2.43 WooCommerce Cart Abandonment Recovery
2.44 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)
2.45 Beaver Builder – WordPress Page Builder
2.46 Colibri Page Builder
2.47 Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates
2.48 Best WordPress Gallery Plugin – FooGallery
2.49 Genesis Blocks
2.50 Inline Related Posts
2.51 PowerPack Addons for Elementor (Free Widgets, Extensions and Templates)
2.52 PowerPack Addons for Elementor (Free Widgets, Extensions and Templates)
2.53 Relevanssi – A Better Search
2.54 Relevanssi – A Better Search
2.55 Template Kit – Import
2.56 Tracking Code Manager
2.57 Advanced Order Export For WooCommerce
2.58 ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor)
2.59 ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor)
2.60 Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce
2.61 Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce
2.62 EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor
2.63 EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor
2.64 EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor
2.65 Flexible Checkout Fields for WooCommerce – WooCommerce Checkout Manager
2.66 LearnPress – WordPress LMS Plugin
2.67 LearnPress – WordPress LMS Plugin
2.68 LearnPress – WordPress LMS Plugin
2.69 Sydney Toolbox
2.70 BoldGrid Easy SEO – Simple and Effective SEO
2.71 WordPress Tag and Category Manager – AI Autotagger
2.72 Carousel, Slider, Gallery by WP Carousel – Image Carousel & Photo Gallery, Post Carousel & Post Grid, Product Carousel & Product Grid for WooCommerce
2.73 WP-Members Membership Plugin
2.74 Bold Page Builder
2.75 Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy)
2.76 Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy)
2.77 FancyBox for WordPress
2.78 RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator
2.79 Image Watermark
2.80 WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels
2.81 User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor
2.82 Hubbub Lite – Fast, Reliable Social Sharing Buttons
2.83 WPFront User Role Editor
2.84 ConvertKit – Email Newsletter, Email Marketing, Subscribers and Landing Pages
2.85 SecuPress Free — WordPress Security
2.86 Post Grid Gutenberg Blocks and WordPress News Plugin – PostX
2.87 WP Import Export Lite
2.88 Easy Google Maps
2.89 Sumo – Boost Conversion and Sales
2.90 Themify – WooCommerce Product Filter
2.91 Themify – WooCommerce Product Filter
2.92 Themify – WooCommerce Product Filter
2.93 Ultimate Addons for Beaver Builder – Lite
2.94 All-in-One Video Gallery
2.95 Ecwid Ecommerce Shopping Cart
2.96 MP3 Audio Player for Music, Radio & Podcast by Sonaar
2.97 My Calendar
2.98 Powerkit – Supercharge your WordPress Site
2.99 ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization
2.100 WordPress File Upload
2.101 BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin
2.102 BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin
2.103 bunny.net – WordPress CDN Plugin
2.104 Captcha by BestWebSoft – Spam Protection, Security Plugin for WordPress Forms
2.105 Classified Listing – Classified ads & Business Directory Plugin
2.106 Classified Listing – Classified ads & Business Directory Plugin
2.107 Contact Form Email
2.108 Favorites
2.109 LifterLMS – WordPress LMS Plugin for eLearning
2.110 MailMunch – Grow your Email List
2.111 MasterStudy LMS WordPress Plugin – for Online Courses and Education
2.112 s2Member – Best Membership Plugin for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions
2.113 Subscribe To Comments Reloaded
2.114 Ultimate Maps by Supsystic
2.115 WP Photo Album Plus
2.116 WP Server Health Stats
2.117 Media Library Folders
2.118 WordPress Backup & Migration
2.119 Announcer – Sticky Message Banner, Notification Bar – Add to Top, Bottom of your Website
2.120 Generate Child Theme
2.121 LearnPress Export Import – WordPress extension for LearnPress
2.122 WPvivid Backup for MainWP
2.123 ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup
2.124 ProfileGrid – User Profiles, Memberships, Groups and Communities
2.125 ProfileGrid – User Profiles, Memberships, Groups and Communities
2.126 Announce from the Dashboard
2.127 MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution
2.128 WordPress Tooltips
2.129 WP Sort Order
2.130 Edwiser Bridge – WordPress Moodle LMS Integration
2.131 JS Help Desk – Best Help Desk & Support Plugin
2.132 WP-Stateless – Google Cloud Storage
2.133 Advanced Local Pickup for WooCommerce
2.134 Custom post types, Custom Fields & more
2.135 Community by PeepSo – Social Network, Membership, Registration, User Profiles
2.136 Watu Quiz
2.137 Watu Quiz
2.138 WordPress Comments Import & Export
2.139 EventPrime – Events Calendar, Bookings and Tickets
2.140 Products, Order & Customers Export for WooCommerce
2.141 Import XML and RSS Feeds
2.142 Modal Popup Box – Popup Builder, Show Offers And News in Popup
2.143 Multiple Page Generator Plugin – MPG
2.144 WP OAuth Server (OAuth Authentication)
2.145 Premmerce Product Filter for WooCommerce
2.146 Super Testimonials
2.147 Product Sort and Display for WooCommerce
2.148 WP Directory Kit
2.149 Contact Form, Survey & Popup Form Plugin for WordPress – ARForms Form Builder
2.150 Contact Form, Survey & Popup Form Plugin for WordPress – ARForms Form Builder
2.151 Smart Online Order for Clover
2.152 Form to Chat App ??
2.153 Masteriyo LMS – eLearning and Online Course Builder for WordPress
2.154 Loan Repayment Calculator and Application Form
2.155 SearchIQ – The Search Solution
2.156 User Spam Remover
2.157 WooCommerce Checkout Field Editor (Checkout Manager)
2.158 App Builder – Create Native Android & iOS Apps On The Flight
2.159 AppPresser – Mobile App Framework
2.160 Benchmark Email Lite
2.161 Church Admin
2.162 Church Admin
2.163 Creative Addons for Elementor
2.164 ELEX WooCommerce Dynamic Pricing and Discounts
2.165 ELEX WooCommerce Dynamic Pricing and Discounts
2.166 WP Poll Maker – Best WordPress Poll Plugin for Voting Contest
2.167 FG Drupal to WordPress
2.168 Formsite | Embed online forms to collect orders, registrations, leads, and surveys
2.169 Nudgify Social Proof, Sales Popup & FOMO – Best WordPress Social Proof Plugin
2.170 Product Designer
2.171 ReDi Restaurant Reservation
2.172 Sign-up Sheets
2.173 Transcoder
2.174 Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider
2.175 RapidLoad 2.2 – Speed Monster in One Plugin
2.176 Sharkdropship Dropshipping & Affiliate for for AliExpress
2.177 WordPress Webinar Plugin – WebinarPress
2.178 WP2LEADS | WordPress und KlickTipp einfach verbinden – WooCommerce und KlickTipp einfach verbinden
2.179 5 star review funnel for Google Reviews, Trustpilot, ProvenExpert and more | RRatingg
2.180 AWP Classifieds
2.181 Beaver Themer
2.182 Bricksforge
2.183 Bricksforge
2.184 Bricksforge
2.185 Demo My WordPress
2.186 Easy Social Share Buttons
2.187 Easy Social Share Buttons
2.188 LayerSlider
2.189 REHub Framework
2.190 Relevanssi Premium
2.191 Relevanssi Premium
2.192 Slider Revolution
2.193 Wholesale For WooCommerce
2.194 WPB Show Core
2.195 WPB Show Core

3. WordPress Themes — 4 Patched / 0 Unpatched

3.1 Hello Elementor
3.2 Rehub
3.3 Rehub
3.4 Rehub

Our WordPress Vulnerability Report covers the latest emerging WordPress plugin, theme, and core vulnerabilities. Each vulnerability will have a severity rating of Low, Medium, High, or Critical. Responsible disclosure of vulnerabilities is essential to keeping the WordPress community safe. Please share this report to help spread the word and make WordPress — and the web — more secure.

WordPress Core

WordPress 6.5.2 was released on April 9, 2024, as a short-cycle security and maintenance release. This release features 2 bug fixes on Core, 12 bug fixes for the Block editor, and 1 security fix. Because this is a security release, it is recommended that you update your sites immediately.

The next major release will be version 6.6 planned for July 16, 2024.

Vulnerability:: Sensitive Data Exposure
Patched in Version:: 6.5
Severity Score:: Medium
CVE:: 2023-5692

WordPress Plugins — 177 Patched / 18 Unpatched

Plugin:: User Activity Log
Plugin Slug:: user-activity-log
Installations: 10,000+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-31356

Plugin:: Slideshow Gallery LITE
Plugin Slug:: slideshow-gallery
Installations: 9,000+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-31355

Plugin:: Slideshow Gallery LITE
Plugin Slug:: slideshow-gallery
Installations: 9,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-31354

Plugin:: Slideshow Gallery LITE
Plugin Slug:: slideshow-gallery
Installations: 9,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-31353

Plugin:: MM-email2image
Plugin Slug:: mm-email2image
Installations: 20+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-3076

Plugin:: MM-email2image
Plugin Slug:: mm-email2image
Installations: 20+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-3075

Plugin:: Bannerlid
Plugin Slug:: bannerlid
Installations: 10+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-3048

Plugin:: Auto Poster
Plugin Slug:: auto-poster
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-31345

Plugin:: Breakdance
Plugin Slug:: breakdance
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-31390

Plugin:: CGC Maintenance Mode
Plugin Slug:: cgc-maintenance-mode
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-1418

Plugin:: Passster – Password Protection
Plugin Slug:: content-protector
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-2026

Plugin:: Easy Login Styler – White Label Admin Login Page for WordPress
Plugin Slug:: easy-login-styler
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-31344

Plugin:: EnvíaloSimple
Plugin Slug:: envialosimple-email-marketing-y-newsletters-gratis
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-2125

Plugin:: Font Farsi
Plugin Slug:: font-farsi
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-1752

Plugin:: Global Elementor Buttons
Plugin Slug:: global-elementor-buttons
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-2327

Plugin:: Gradient Text Widget for Elementor
Plugin Slug:: gradient-text-widget-for-elementor
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-31346

Plugin:: Oxygen Builder
Plugin Slug:: oxygen
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-31380

Plugin:: WordPress Gallery Exporter
Plugin Slug:: wp-gallery-exporter
Vulnerability:: Arbitrary File Download
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-31342

Plugin:: WooCommerce
Plugin Slug:: woocommerce
Installations: 5,000,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 8.6.0
Severity Score:: Medium
CVE:: 2024-22155

Plugin:: Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
Plugin Slug:: essential-addons-for-elementor-lite
Installations: 2,000,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 5.9.14
Severity Score:: High
CVE:: 2024-3018

Plugin:: Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
Plugin Slug:: essential-addons-for-elementor-lite
Installations: 2,000,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 5.9.14
Severity Score:: Medium
CVE:: 2024-2974

Plugin:: ElementsKit Elementor addons
Plugin Slug:: elementskit-lite
Installations: 1,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1.0
Severity Score:: Medium
CVE:: 2024-2803

Plugin:: ElementsKit Elementor addons
Plugin Slug:: elementskit-lite
Installations: 1,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.0.7
Severity Score:: Medium
CVE:: 2024-1238

Plugin:: File Manager
Plugin Slug:: wp-file-manager
Installations: 1,000,000+
Vulnerability:: Path Traversal
Patched in Version:: 7.2.6
Severity Score:: Medium
CVE:: 2024-2654

Plugin:: Ocean Extra
Plugin Slug:: ocean-extra
Installations: 700,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.7
Severity Score:: Medium
CVE:: 2024-3167

Plugin:: Premium Addons for Elementor
Plugin Slug:: premium-addons-for-elementor
Installations: 700,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 4.10.23
Severity Score:: Medium
CVE:: 2024-31278

Plugin:: BackWPup – WordPress Backup Plugin
Plugin Slug:: backwpup
Installations: 600,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 4.0.4
Severity Score:: Medium
CVE:: 2023-7164

Plugin:: Spectra – WordPress Gutenberg Blocks
Plugin Slug:: ultimate-addons-for-gutenberg
Installations: 600,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.10.4
Severity Score:: Medium
CVE:: 2023-6486

Plugin:: Forminator – Contact Form, Payment Form & Custom Form Builder
Plugin Slug:: forminator
Installations: 500,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.29.3
Severity Score:: Medium
CVE:: 2024-3053

Plugin:: Forminator – Contact Form, Payment Form & Custom Form Builder
Plugin Slug:: forminator
Installations: 500,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.29.1
Severity Score:: High
CVE:: 2024-1794

Plugin:: WordPress Gallery Plugin – NextGEN Gallery
Plugin Slug:: nextgen-gallery
Installations: 500,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.59.1
Severity Score:: Medium
CVE:: 2024-3097

Plugin:: Page Builder Gutenberg Blocks – CoBlocks
Plugin Slug:: coblocks
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1.7
Severity Score:: Medium
CVE:: 2024-2369

Plugin:: Gutenberg Blocks by Kadence Blocks – Page Builder Features
Plugin Slug:: kadence-blocks
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.26
Severity Score:: Medium
CVE:: 2024-2509

Plugin:: Gutenberg Blocks by Kadence Blocks – Page Builder Features
Plugin Slug:: kadence-blocks
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.32
Severity Score:: Medium
CVE:: 2024-2919

Plugin:: Gutenberg Blocks by Kadence Blocks – Page Builder Features
Plugin Slug:: kadence-blocks
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.18
Severity Score:: Medium
CVE:: 2024-0598

Plugin:: CMB2
Plugin Slug:: cmb2
Installations: 300,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 2.11.0
Severity Score:: High
CVE:: 2024-1792

Plugin:: MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor
Plugin Slug:: metform
Installations: 300,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.8.6
Severity Score:: Medium
CVE:: 2024-2791

Plugin:: Royal Elementor Addons and Templates
Plugin Slug:: royal-elementor-addons
Installations: 300,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.95
Severity Score:: Medium
CVE:: 2024-31236

Plugin:: Jeg Elementor Kit
Plugin Slug:: jeg-elementor-kit
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.4
Severity Score:: Medium
CVE:: 2024-1327

Plugin:: Photo Gallery by 10Web – Mobile-Friendly Image Gallery
Plugin Slug:: photo-gallery
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8.22
Severity Score:: Medium
CVE:: 2024-2296

Plugin:: Post Views Counter
Plugin Slug:: post-views-counter
Installations: 200,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.4.5
Severity Score:: Medium
CVE:: 2024-31264

Plugin:: Responsive Lightbox & Gallery
Plugin Slug:: responsive-lightbox
Installations: 200,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.4.7
Severity Score:: Medium
CVE:: 2024-31252

Plugin:: WooCommerce Cart Abandonment Recovery
Plugin Slug:: woo-cart-abandonment-recovery
Installations: 200,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.2.27
Severity Score:: Medium
CVE:: 2024-2322

Plugin:: Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)
Plugin Slug:: bdthemes-element-pack-lite
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.3.3
Severity Score:: Medium
CVE:: 2024-0837

Plugin:: Beaver Builder – WordPress Page Builder
Plugin Slug:: beaver-builder-lite-version
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.8.0.7
Severity Score:: Medium
CVE:: 2024-2925

Plugin:: Colibri Page Builder
Plugin Slug:: colibri-page-builder
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.270
Severity Score:: Medium
CVE:: 2024-2839

Plugin:: Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates
Plugin Slug:: essential-blocks
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.5.4
Severity Score:: Medium
CVE:: 2024-31306

Plugin:: Best WordPress Gallery Plugin – FooGallery
Plugin Slug:: foogallery
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.15
Severity Score:: Medium
CVE:: 2024-2471

Plugin:: Genesis Blocks
Plugin Slug:: genesis-blocks
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1.3
Severity Score:: Medium
CVE:: 2024-1946

Plugin:: Inline Related Posts
Plugin Slug:: intelly-related-posts
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.5.0
Severity Score:: Medium
CVE:: 2024-2444

Plugin:: PowerPack Addons for Elementor (Free Widgets, Extensions and Templates)
Plugin Slug:: powerpack-lite-for-elementor
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.7.18
Severity Score:: Medium
CVE:: 2024-2491

Plugin:: PowerPack Addons for Elementor (Free Widgets, Extensions and Templates)
Plugin Slug:: powerpack-lite-for-elementor
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.7.19
Severity Score:: Medium
CVE:: 2024-2492

Plugin:: Relevanssi – A Better Search
Plugin Slug:: relevanssi
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.22.2
Severity Score:: Medium
CVE:: 2024-3213

Plugin:: Relevanssi – A Better Search
Plugin Slug:: relevanssi
Installations: 100,000+
Vulnerability:: CSV Injection
Patched in Version:: 4.22.2
Severity Score:: Medium
CVE:: 2024-3214

Plugin:: Template Kit – Import
Plugin Slug:: template-kit-import
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.15
Severity Score:: Medium
CVE:: 2024-2334

Plugin:: Tracking Code Manager
Plugin Slug:: tracking-code-manager
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.2.0
Severity Score:: Medium
CVE:: 2024-31347

Plugin:: Advanced Order Export For WooCommerce
Plugin Slug:: woo-order-export-lite
Installations: 100,000+
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: 3.4.5
Severity Score:: Critical
CVE:: 2024-31266

Plugin:: ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor)
Plugin Slug:: woolentor-addons
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.8.5
Severity Score:: Medium
CVE:: 2024-2946

Plugin:: ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor)
Plugin Slug:: woolentor-addons
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.8.4
Severity Score:: Medium
CVE:: 2024-2868

Plugin:: Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce
Plugin Slug:: email-subscribers
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.7.16
Severity Score:: Medium
CVE:: 2024-2656

Plugin:: Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce
Plugin Slug:: email-subscribers
Installations: 90,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.7.14
Severity Score:: Medium
CVE:: 2024-31352

Plugin:: EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor
Plugin Slug:: embedpress
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.9.15
Severity Score:: Medium
CVE:: 2024-3244

Plugin:: EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor
Plugin Slug:: embedpress
Installations: 90,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.9.9
Severity Score:: Medium
CVE:: 2024-31284

Plugin:: EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor
Plugin Slug:: embedpress
Installations: 90,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.9.12
Severity Score:: Medium
CVE:: 2024-31274

Plugin:: Flexible Checkout Fields for WooCommerce – WooCommerce Checkout Manager
Plugin Slug:: flexible-checkout-fields
Installations: 90,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.1.3
Severity Score:: Medium
CVE:: 2024-31267

Plugin:: LearnPress – WordPress LMS Plugin
Plugin Slug:: learnpress
Installations: 90,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 4.0.1
Severity Score:: High
CVE:: 2024-2115

Plugin:: LearnPress – WordPress LMS Plugin
Plugin Slug:: learnpress
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.2.6.4
Severity Score:: Medium
CVE:: 2024-1463

Plugin:: LearnPress – WordPress LMS Plugin
Plugin Slug:: learnpress
Installations: 90,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 4.2.6.4
Severity Score:: Medium
CVE:: 2024-1289

Plugin:: Sydney Toolbox
Plugin Slug:: sydney-toolbox
Installations: 80,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.29
Severity Score:: Medium
CVE:: 2024-3208

Plugin:: BoldGrid Easy SEO – Simple and Effective SEO
Plugin Slug:: boldgrid-easy-seo
Installations: 70,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.6.15
Severity Score:: Medium
CVE:: 2024-2950

Plugin:: WordPress Tag and Category Manager – AI Autotagger
Plugin Slug:: simple-tags
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.20.0
Severity Score:: Medium
CVE:: 2024-2830

Plugin:: Carousel, Slider, Gallery by WP Carousel – Image Carousel & Photo Gallery, Post Carousel & Post Grid, Product Carousel & Product Grid for WooCommerce
Plugin Slug:: wp-carousel-free
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.4
Severity Score:: Medium
CVE:: 2024-2949

Plugin:: WP-Members Membership Plugin
Plugin Slug:: wp-members
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.4.9.3
Severity Score:: High
CVE:: 2024-1852

Plugin:: Bold Page Builder
Plugin Slug:: bold-page-builder
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.8.9
Severity Score:: Medium
CVE:: 2024-3267

Plugin:: Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy)
Plugin Slug:: easy-digital-downloads
Installations: 50,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.2.7
Severity Score:: Medium
CVE:: 2024-31293

Plugin:: Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy)
Plugin Slug:: easy-digital-downloads
Installations: 50,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 3.2.10
Severity Score:: Medium
CVE:: 2024-2302

Plugin:: FancyBox for WordPress
Plugin Slug:: fancybox-for-wordpress
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.3.4
Severity Score:: Medium
CVE:: 2024-0662

Plugin:: RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator
Plugin Slug:: feedzy-rss-feeds
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.3.4
Severity Score:: Medium
CVE:: 2023-6877

Plugin:: Image Watermark
Plugin Slug:: image-watermark
Installations: 50,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.7.4
Severity Score:: Medium
CVE:: 2024-1994

Plugin:: WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels
Plugin Slug:: print-invoices-packing-slip-labels-for-woocommerce
Installations: 50,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.4.3
Severity Score:: Medium
CVE:: 2024-3216

Plugin:: User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor
Plugin Slug:: profile-builder
Installations: 50,000+
Vulnerability:: Bypass Vulnerability
Patched in Version:: 3.11.3
Severity Score:: Medium
CVE:: 2024-31341

Plugin:: Hubbub Lite – Fast, Reliable Social Sharing Buttons
Plugin Slug:: social-pug
Installations: 50,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.33.1
Severity Score:: Medium
CVE:: 2024-1526

Plugin:: WPFront User Role Editor
Plugin Slug:: wpfront-user-role-editor
Installations: 50,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 4.1.0
Severity Score:: Medium
CVE:: 2024-2931

Plugin:: ConvertKit – Email Newsletter, Email Marketing, Subscribers and Landing Pages
Plugin Slug:: convertkit
Installations: 40,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.4.6
Severity Score:: Medium
CVE:: 2024-31245

Plugin:: SecuPress Free — WordPress Security
Plugin Slug:: secupress
Installations: 40,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.2.5.2
Severity Score:: Medium
CVE:: 2024-1504

Plugin:: Post Grid Gutenberg Blocks and WordPress News Plugin – PostX
Plugin Slug:: ultimate-post
Installations: 40,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.2.4
Severity Score:: Medium
CVE:: 2024-31246

Plugin:: WP Import Export Lite
Plugin Slug:: wp-import-export-lite
Installations: 40,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 3.9.27
Severity Score:: Medium
CVE:: 2024-31308

Plugin:: Easy Google Maps
Plugin Slug:: google-maps-easy
Installations: 30,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.11.12
Severity Score:: Medium
CVE:: 2024-31269

Plugin:: Sumo – Boost Conversion and Sales
Plugin Slug:: sumome
Installations: 30,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.35
Severity Score:: Low
CVE:: 2024-31265

Plugin:: Themify – WooCommerce Product Filter
Plugin Slug:: themify-wc-product-filter
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4.4
Severity Score:: Medium
CVE:: 2024-2278

Plugin:: Themify – WooCommerce Product Filter
Plugin Slug:: themify-wc-product-filter
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4.4
Severity Score:: High
CVE:: 2024-2263

Plugin:: Themify – WooCommerce Product Filter
Plugin Slug:: themify-wc-product-filter
Installations: 30,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.4.4
Severity Score:: Medium
CVE:: 2024-2262

Plugin:: Ultimate Addons for Beaver Builder – Lite
Plugin Slug:: ultimate-addons-for-beaver-builder-lite
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.8
Severity Score:: Medium
CVE:: 2024-2141

Plugin:: All-in-One Video Gallery
Plugin Slug:: all-in-one-video-gallery
Installations: 20,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.6.0
Severity Score:: Medium
CVE:: 2024-31248

Plugin:: Ecwid Ecommerce Shopping Cart
Plugin Slug:: ecwid-shopping-cart
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.12.11
Severity Score:: Medium
CVE:: 2024-2456

Plugin:: MP3 Audio Player for Music, Radio & Podcast by Sonaar
Plugin Slug:: mp3-music-player-by-sonaar
Installations: 20,000+
Vulnerability:: Arbitrary File Download
Patched in Version:: 5.0
Severity Score:: High
CVE:: 2024-31343

Plugin:: My Calendar
Plugin Slug:: my-calendar
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.4.24
Severity Score:: Medium
CVE:: 2024-1274

Plugin:: Powerkit – Supercharge your WordPress Site
Plugin Slug:: powerkit
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.9.2
Severity Score:: Medium
CVE:: 2024-2458

Plugin:: ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization
Plugin Slug:: shortpixel-adaptive-images
Installations: 20,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.8.3
Severity Score:: Medium
CVE:: 2024-31230

Plugin:: WordPress File Upload
Plugin Slug:: wp-file-upload
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.24.6
Severity Score:: Medium
CVE:: 2024-2847

Plugin:: BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin
Plugin Slug:: bookingpress-appointment-booking
Installations: 10,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 1.0.82
Severity Score:: Medium
CVE:: 2024-31296

Plugin:: BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin
Plugin Slug:: bookingpress-appointment-booking
Installations: 10,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 1.0.88
Severity Score:: Medium
CVE:: 2024-3022

Plugin:: bunny.net – WordPress CDN Plugin
Plugin Slug:: bunnycdn
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.2
Severity Score:: Medium
CVE:: 2024-31361

Plugin:: Captcha by BestWebSoft – Spam Protection, Security Plugin for WordPress Forms
Plugin Slug:: captcha-bws
Installations: 10,000+
Vulnerability:: Bypass Vulnerability
Patched in Version:: 5.2.1
Severity Score:: Medium
CVE:: 2024-31295

Plugin:: Classified Listing – Classified ads & Business Directory Plugin
Plugin Slug:: classified-listing
Installations: 10,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.0.5
Severity Score:: High
CVE:: 2024-1315

Plugin:: Classified Listing – Classified ads & Business Directory Plugin
Plugin Slug:: classified-listing
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.0.5
Severity Score:: Medium
CVE:: 2024-1352

Plugin:: Contact Form Email
Plugin Slug:: contact-form-to-email
Installations: 10,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.3.45
Severity Score:: Medium
CVE:: 2024-31302

Plugin:: Favorites
Plugin Slug:: favorites
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.3.4
Severity Score:: Medium
CVE:: 2024-2948

Plugin:: LifterLMS – WordPress LMS Plugin for eLearning
Plugin Slug:: lifterlms
Installations: 10,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 7.5.1
Severity Score:: Medium
CVE:: 2024-31363

Plugin:: MailMunch – Grow your Email List
Plugin Slug:: mailmunch
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1.7
Severity Score:: Medium
CVE:: 2024-31349

Plugin:: MasterStudy LMS WordPress Plugin – for Online Courses and Education
Plugin Slug:: masterstudy-lms-learning-management-system
Installations: 10,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 3.3.4
Severity Score:: Critical
CVE:: 2024-3136

Plugin:: s2Member – Best Membership Plugin for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions
Plugin Slug:: s2member
Installations: 10,000+
Vulnerability:: Privilege Escalation
Patched in Version:: 240325
Severity Score:: High
CVE:: 2024-31237

Plugin:: Subscribe To Comments Reloaded
Plugin Slug:: subscribe-to-comments-reloaded
Installations: 10,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 240119
Severity Score:: Medium
CVE:: 2024-31249

Plugin:: Ultimate Maps by Supsystic
Plugin Slug:: ultimate-maps-by-supsystic
Installations: 10,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.2.17
Severity Score:: Medium
CVE:: 2024-31271

Plugin:: WP Photo Album Plus
Plugin Slug:: wp-photo-album-plus
Installations: 10,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 8.6.03.005
Severity Score:: Critical
CVE:: 2024-31286

Plugin:: WP Server Health Stats
Plugin Slug:: wp-server-stats
Installations: 10,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.7.4
Severity Score:: Medium
CVE:: 2024-31250

Plugin:: Media Library Folders
Plugin Slug:: media-library-plus
Installations: 9,000+
Vulnerability:: Directory Traversal
Patched in Version:: 8.1.9
Severity Score:: Medium
CVE:: 2024-31287

Plugin:: WordPress Backup & Migration
Plugin Slug:: wp-migration-duplicator
Installations: 9,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.4.8
Severity Score:: Low
CVE:: 2024-31254

Plugin:: Announcer – Sticky Message Banner, Notification Bar – Add to Top, Bottom of your Website
Plugin Slug:: announcer
Installations: 8,000+
Vulnerability:: Broken Access Control
Patched in Version:: 6.0.1
Severity Score:: Medium
CVE:: 2024-31261

Plugin:: Generate Child Theme
Plugin Slug:: generate-child-theme
Installations: 8,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.0.1
Severity Score:: Medium
CVE:: 2024-31279

Plugin:: LearnPress Export Import – WordPress extension for LearnPress
Plugin Slug:: learnpress-import-export
Installations: 8,000+
Vulnerability:: SQL Injection
Patched in Version:: 4.0.4
Severity Score:: High
CVE:: 2024-31241

Plugin:: WPvivid Backup for MainWP
Plugin Slug:: wpvivid-backup-mainwp
Installations: 8,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 0.9.34
Severity Score:: Medium

Plugin:: ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup
Plugin Slug:: armember-membership
Installations: 7,000+
Vulnerability:: Directory Traversal
Patched in Version:: 4.0.28
Severity Score:: Medium

Plugin:: ProfileGrid – User Profiles, Memberships, Groups and Communities
Plugin Slug:: profilegrid-user-profiles-groups-and-communities
Installations: 7,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 5.7.9
Severity Score:: Medium
CVE:: 2024-31362

Plugin:: ProfileGrid – User Profiles, Memberships, Groups and Communities
Plugin Slug:: profilegrid-user-profiles-groups-and-communities
Installations: 7,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 5.7.7
Severity Score:: Medium
CVE:: 2024-31291

Plugin:: Announce from the Dashboard
Plugin Slug:: announce-from-the-dashboard
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.3
Severity Score:: Medium
CVE:: 2024-3030

Plugin:: MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution
Plugin Slug:: dc-woocommerce-multi-vendor
Installations: 6,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.1.4
Severity Score:: High
CVE:: 2024-31304

Plugin:: WordPress Tooltips
Plugin Slug:: wordpress-tooltips
Installations: 6,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 9.5.9
Severity Score:: High
CVE:: 2024-31285

Plugin:: WP Sort Order
Plugin Slug:: wp-sort-order
Installations: 6,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.3.2
Severity Score:: Medium
CVE:: 2024-31294

Plugin:: Edwiser Bridge – WordPress Moodle LMS Integration
Plugin Slug:: edwiser-bridge
Installations: 5,000+
Vulnerability:: SQL Injection
Patched in Version:: 3.0.4
Severity Score:: High
CVE:: 2024-31260

Plugin:: JS Help Desk – Best Help Desk & Support Plugin
Plugin Slug:: js-support-ticket
Installations: 5,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.8.4
Severity Score:: Medium
CVE:: 2024-31273

Plugin:: WP-Stateless – Google Cloud Storage
Plugin Slug:: wp-stateless
Installations: 5,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.4.1
Severity Score:: High
CVE:: 2024-1385

Plugin:: Advanced Local Pickup for WooCommerce
Plugin Slug:: advanced-local-pickup-for-woocommerce
Installations: 4,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.6.3
Severity Score:: High
CVE:: 2024-31283

Plugin:: Custom post types, Custom Fields & more
Plugin Slug:: custom-post-types
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.0.5
Severity Score:: Medium
CVE:: 2023-6993

Plugin:: Community by PeepSo – Social Network, Membership, Registration, User Profiles
Plugin Slug:: peepso-core
Installations: 4,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 6.3.1.2
Severity Score:: Medium
CVE:: 2024-31251

Plugin:: Watu Quiz
Plugin Slug:: watu
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.4.1.1
Severity Score:: Medium
CVE:: 2024-0873

Plugin:: Watu Quiz
Plugin Slug:: watu
Installations: 4,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 3.4.1.1
Severity Score:: Medium
CVE:: 2024-0872

Plugin:: WordPress Comments Import & Export
Plugin Slug:: comments-import-export-woocommerce
Installations: 3,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.3.6
Severity Score:: Medium
CVE:: 2024-31235

Plugin:: EventPrime – Events Calendar, Bookings and Tickets
Plugin Slug:: eventprime-event-calendar-management
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.3.5
Severity Score:: High
CVE:: 2024-31275

Plugin:: Products, Order & Customers Export for WooCommerce
Plugin Slug:: export-woocommerce
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.0.9
Severity Score:: Medium
CVE:: 2024-31276

Plugin:: Import XML and RSS Feeds
Plugin Slug:: import-xml-feed
Installations: 3,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 2.1.6
Severity Score:: High
CVE:: 2024-31292

Plugin:: Modal Popup Box – Popup Builder, Show Offers And News in Popup
Plugin Slug:: modal-popup-box
Installations: 3,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 1.5.3
Severity Score:: High
CVE:: 2024-2008

Plugin:: Multiple Page Generator Plugin – MPG
Plugin Slug:: multiple-pages-generator-by-porthas
Installations: 3,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.4.1
Severity Score:: Medium
CVE:: 2024-31301

Plugin:: WP OAuth Server (OAuth Authentication)
Plugin Slug:: oauth2-provider
Installations: 3,000+
Vulnerability:: Open Redirection
Patched in Version:: 4.4.0
Severity Score:: Medium
CVE:: 2024-31253

Plugin:: Premmerce Product Filter for WooCommerce
Plugin Slug:: premmerce-woocommerce-product-filter
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.7.3
Severity Score:: Medium
CVE:: 2024-31359

Plugin:: Super Testimonials
Plugin Slug:: super-testimonial
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.0.6
Severity Score:: Medium
CVE:: 2024-31348

Plugin:: Product Sort and Display for WooCommerce
Plugin Slug:: woocommerce-product-sort-and-display
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.4.2
Severity Score:: Medium
CVE:: 2024-1807

Plugin:: WP Directory Kit
Plugin Slug:: wpdirectorykit
Installations: 3,000+
Vulnerability:: SQL Injection
Patched in Version:: 1.3.1
Severity Score:: High
CVE:: 2024-3217

Plugin:: Contact Form, Survey & Popup Form Plugin for WordPress – ARForms Form Builder
Plugin Slug:: arforms-form-builder
Installations: 2,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.6.2
Severity Score:: Medium
CVE:: 2024-31272

Plugin:: Contact Form, Survey & Popup Form Plugin for WordPress – ARForms Form Builder
Plugin Slug:: arforms-form-builder
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.6.2
Severity Score:: High
CVE:: 2024-31270

Plugin:: Smart Online Order for Clover
Plugin Slug:: clover-online-orders
Installations: 2,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.5.6
Severity Score:: Medium
CVE:: 2024-31238

Plugin:: Form to Chat App ??
Plugin Slug:: form-to-chat
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.7
Severity Score:: Medium
CVE:: 2024-31258

Plugin:: Masteriyo LMS – eLearning and Online Course Builder for WordPress
Plugin Slug:: learning-management-system
Installations: 2,000+
Vulnerability:: Privilege Escalation
Patched in Version:: 1.7.3
Severity Score:: Critical
CVE:: 2024-24882

Plugin:: Loan Repayment Calculator and Application Form
Plugin Slug:: quick-interest-slider
Installations: 2,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.9.5
Severity Score:: Medium
CVE:: 2024-31263

Plugin:: SearchIQ – The Search Solution
Plugin Slug:: searchiq
Installations: 2,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 4.6
Severity Score:: High
CVE:: 2024-31259

Plugin:: User Spam Remover
Plugin Slug:: user-spam-remover
Installations: 2,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.1
Severity Score:: Medium
CVE:: 2024-31298

Plugin:: WooCommerce Checkout Field Editor (Checkout Manager)
Plugin Slug:: woo-checkout-regsiter-field-editor
Installations: 2,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.1.9
Severity Score:: Medium
CVE:: 2024-31262

Plugin:: App Builder – Create Native Android & iOS Apps On The Flight
Plugin Slug:: app-builder
Installations: 1,000+
Vulnerability:: Open Redirection
Patched in Version:: 3.8.8
Severity Score:: Medium
CVE:: 2024-31282

Plugin:: AppPresser – Mobile App Framework
Plugin Slug:: apppresser
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 4.3.1
Severity Score:: Medium
CVE:: 2024-31268

Plugin:: Benchmark Email Lite
Plugin Slug:: benchmark-email-lite
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 4.2
Severity Score:: Medium
CVE:: 2024-31360

Plugin:: Church Admin
Plugin Slug:: church-admin
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.1.7
Severity Score:: Medium
CVE:: 2024-31281

Plugin:: Church Admin
Plugin Slug:: church-admin
Installations: 1,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 4.1.6
Severity Score:: Critical
CVE:: 2024-31280

Plugin:: Creative Addons for Elementor
Plugin Slug:: creative-addons-for-elementor
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.0
Severity Score:: Medium
CVE:: 2024-2924

Plugin:: ELEX WooCommerce Dynamic Pricing and Discounts
Plugin Slug:: elex-woocommerce-dynamic-pricing-and-discounts
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.1.3
Severity Score:: Medium
CVE:: 2024-31364

Plugin:: ELEX WooCommerce Dynamic Pricing and Discounts
Plugin Slug:: elex-woocommerce-dynamic-pricing-and-discounts
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.3
Severity Score:: High
CVE:: 2024-31255

Plugin:: WP Poll Maker – Best WordPress Poll Plugin for Voting Contest
Plugin Slug:: epoll-wp-voting
Installations: 1,000+
Vulnerability:: Arbitrary File Deletion
Patched in Version:: 3.4
Severity Score:: High
CVE:: 2024-31240

Plugin:: FG Drupal to WordPress
Plugin Slug:: fg-drupal-to-wp
Installations: 1,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 3.71.0
Severity Score:: Medium
CVE:: 2024-31247

Plugin:: Formsite | Embed online forms to collect orders, registrations, leads, and surveys
Plugin Slug:: formsite
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.7
Severity Score:: Medium
CVE:: 2024-31257

Plugin:: Nudgify Social Proof, Sales Popup & FOMO – Best WordPress Social Proof Plugin
Plugin Slug:: nudgify
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.3.4
Severity Score:: Medium
CVE:: 2024-31239

Plugin:: Product Designer
Plugin Slug:: product-designer
Installations: 1,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 1.0.33
Severity Score:: High
CVE:: 2024-31277

Plugin:: ReDi Restaurant Reservation
Plugin Slug:: redi-restaurant-reservation
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 24.0303
Severity Score:: High
CVE:: 2024-31299

Plugin:: Sign-up Sheets
Plugin Slug:: sign-up-sheets
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.2.12
Severity Score:: Medium
CVE:: 2024-31303

Plugin:: Transcoder
Plugin Slug:: transcoder
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.3.6
Severity Score:: Medium
CVE:: 2024-31305

Plugin:: Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider
Plugin Slug:: ultimate-store-kit
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.0
Severity Score:: Medium
CVE:: 2024-31357

Plugin:: RapidLoad 2.2 – Speed Monster in One Plugin
Plugin Slug:: unusedcss
Installations: 1,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 2.2.12
Severity Score:: High
CVE:: 2024-31288

Plugin:: Sharkdropship Dropshipping & Affiliate for for AliExpress
Plugin Slug:: wooshark-aliexpress-importer
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.2.5
Severity Score:: Medium
CVE:: 2024-1732

Plugin:: WordPress Webinar Plugin – WebinarPress
Plugin Slug:: wp-webinarsystem
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.33.10
Severity Score:: High
CVE:: 2024-31256

Plugin:: WP2LEADS | WordPress und KlickTipp einfach verbinden – WooCommerce und KlickTipp einfach verbinden
Plugin Slug:: wp2leads
Installations: 100+
Vulnerability:: Broken Access Control
Patched in Version:: 3.2.8
Severity Score:: Medium
CVE:: 2024-31375

Plugin:: 5 star review funnel for Google Reviews, Trustpilot, ProvenExpert and more | RRatingg
Plugin Slug:: 5-stars-rating-funnel
Installations: 30+
Vulnerability:: Arbitrary Content Deletion
Patched in Version:: 1.3.02
Severity Score:: High
CVE:: 2024-31358

Plugin:: AWP Classifieds
Plugin Slug:: another-wordpress-classifieds-plugin
Vulnerability:: Broken Access Control
Patched in Version:: 4.3.2
Severity Score:: Medium
CVE:: 2024-31350

Plugin:: Beaver Themer
Plugin Slug:: beaver-themer
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.4.9.1
Severity Score:: Medium
CVE:: 2023-6695

Plugin:: Bricksforge
Plugin Slug:: bricksforge
Vulnerability:: Settings Change
Patched in Version:: 2.1.1
Severity Score:: Critical
CVE:: 2024-31244

Plugin:: Bricksforge
Plugin Slug:: bricksforge
Vulnerability:: Settings Change
Patched in Version:: 2.1.1
Severity Score:: High
CVE:: 2024-31243

Plugin:: Bricksforge
Plugin Slug:: bricksforge
Vulnerability:: Broken Access Control
Patched in Version:: 2.1.1
Severity Score:: Medium
CVE:: 2024-31242

Plugin:: Demo My WordPress
Plugin Slug:: demo-my-wordpress
Vulnerability:: Privilege Escalation
Patched in Version:: 1.1.0
Severity Score:: Critical
CVE:: 2024-31290

Plugin:: Easy Social Share Buttons
Plugin Slug:: easy-social-share-buttons3
Vulnerability:: Broken Access Control
Patched in Version:: 9.5
Severity Score:: Medium
CVE:: 2024-31307

Plugin:: Easy Social Share Buttons
Plugin Slug:: easy-social-share-buttons3
Vulnerability:: Local File Inclusion
Patched in Version:: 9.5
Severity Score:: High
CVE:: 2024-31300

Plugin:: LayerSlider
Plugin Slug:: layerslider
Vulnerability:: SQL Injection
Patched in Version:: 7.10.1
Severity Score:: Critical
CVE:: 2024-2879

Plugin:: REHub Framework
Plugin Slug:: rehub-framework
Vulnerability:: SQL Injection
Patched in Version:: 19.6.2
Severity Score:: High
CVE:: 2024-31234

Plugin:: Relevanssi Premium
Plugin Slug:: relevanssi-premium
Vulnerability:: Broken Access Control
Patched in Version:: 2.25.2
Severity Score:: Medium
CVE:: 2024-3213

Plugin:: Relevanssi Premium
Plugin Slug:: relevanssi-premium
Vulnerability:: CSV Injection
Patched in Version:: 2.25.2
Severity Score:: Medium
CVE:: 2024-3214

Plugin:: Slider Revolution
Plugin Slug:: revslider
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.7.0
Severity Score:: Medium
CVE:: 2024-2306

Plugin:: Wholesale For WooCommerce
Plugin Slug:: woocommerce-wholesale-pricing
Vulnerability:: Arbitrary Content Deletion
Patched in Version:: 2.3.1
Severity Score:: High
CVE:: 2024-31297

Plugin:: WPB Show Core
Plugin Slug:: wpb-show-core
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.7
Severity Score:: High
CVE:: 2024-1956

Plugin:: WPB Show Core
Plugin Slug:: wpb-show-core
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6
Severity Score:: High
CVE:: 2024-1292

WordPress Themes — 4 Patched / 0 Unpatched

Theme:: Hello Elementor
Theme Slug:: hello-elementor
Downloads: 6,963,021
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.0.1
Severity Score:: Medium
CVE:: 2024-31289

Theme:: Rehub
Theme Slug:: rehub-theme
Vulnerability:: SQL Injection
Patched in Version:: 19.6.2
Severity Score:: High
CVE:: 2024-31233

Theme:: Rehub
Theme Slug:: rehub-theme
Vulnerability:: Local File Inclusion
Patched in Version:: 19.6.2
Severity Score:: High
CVE:: 2024-31232

Theme:: Rehub
Theme Slug:: rehub-theme
Vulnerability:: Local File Inclusion
Patched in Version:: 19.6.2
Severity Score:: Critical
CVE:: 2024-31231

Solid Security is part of Solid Suite — The best foundation for WordPress websites.

Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!

Get Solid Security

Author:

Sarah Ulmer

Sarah has been with SolidWP since 2015. As our product marketer, Sarah works on providing helpful content for our customers and building the most beautiful spreadsheets you’ll ever behold. When not at work, Sarah can be found at home with her husband, their three boys, and their dogs. Sarah enjoys long family walks, running with her lab, and watching her two older boys play soccer. Sarah is originally from Texas and loves watching football games (Go Longhorns!)

Browse all of Sarah's articles

Sign up

Placeholder text

Thanks

Oops something went wrong, please try submitting again

Table of Contents

WordPress Core

WordPress Plugins — 177 Patched / 18 Unpatched