WordPress Vulnerability Report — April 17, 2024

Since last week, 342 new vulnerabilities emerged in the WordPress ecosystem, including 1 in WordPress core, 26 in themes, and 315 in plugins. 88 of the vulnerable plugins and themes remain unpatched, but Solid Security Pro users are protected by virtual patching from Patchstack.

Sarah Ulmer

Published:Apr 17, 2024

Filed Under:WordPress Vulnerability Report

Reading Time:64 min.

In this report, 342 vulnerabilities have been publicly disclosed. Security patches for 254 of these plugins, themes, and Core are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 88 plugin and theme vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

Along with poor user account security, vulnerable plugins and themes are among the top reasons why WordPress websites get hacked. Unfortunately, cyberattacks are increasing in volume and sophistication. They’re also increasingly aimed at small to mid-sized businesses.

1. WordPress Core

1.1 WordPress Core

2. WordPress Plugins — 234 Patched / 81 Unpatched

2.1 Product Feed PRO for WooCommerce
2.2 What’s New Generator
2.3 Zero Spam for WordPress
2.4 Jotform Online Forms – Drag & Drop Form Builder, Securely Embed Contact Forms
2.5 Subscribe2 – Form, Email Subscribers & Newsletters
2.6 Leadinfo
2.7 PeproDev Ultimate Invoice
2.8 Sync Post With Other Site
2.9 Easy Textillate
2.10 WP Poll Maker – Best WordPress Poll Plugin for Voting Contest
2.11 Yoga Schedule Momoyoga
2.12 Simple Buttons Creator
2.13 Simple Buttons Creator
2.14 MM-email2image
2.15 MM-email2image
2.16 Bannerlid
2.17 Access Category Password
2.18 Ads.txt Admin
2.19 Advanced Search
2.20 Advanced Page Visit Counter
2.21 Advanced Post Block – Post Grid for WordPress block editor
2.22 AIKit
2.23 Aspose.Words Exporter
2.24 Shortcodes and extra features for Phlox theme
2.25 Shortcodes and extra features for Phlox theme
2.26 Before And After
2.27 bizcalendar-web
2.28 Bulk Block Converter
2.29 Canva – Design beautiful blog graphics
2.30 CBX Bookmark & Favorite
2.31 Citadela Listing
2.32 Citadela Listing
2.33 Convert Post Types
2.34 Crony Cronjob Manager
2.35 Custom Order Statuses for WooCommerce
2.36 Customily Product Personalizer
2.37 Delete Custom Fields
2.38 Disable Comments | WPZest
2.39 Easy CountDowner
2.40 Easy Logo
2.41 EZ Form Calculator
2.42 Filter Custom Fields & Taxonomies Light
2.43 Find Duplicates
2.44 Fixed HTML Toolbar
2.45 Flash Video Player
2.46 Font Farsi
2.47 Forms to Zapier, Integromat, IFTTT, Workato, Automate.io, elastic.io, Built.io, APIANT, Webhook
2.48 Freshdesk (official)
2.49 Kimili Flash Embed
2.50 Contact Form & Lead Form Elementor Builder
2.51 Contact Form & Lead Form Elementor Builder
2.52 Libsyn Publisher Hub
2.53 Libsyn Publisher Hub
2.54 Related Posts for WordPress
2.55 MJ Update History
2.56 Ovic Addon Toolkit
2.57 Payment Forms for Paystack
2.58 Product Feed on WooCommerce for Google
2.59 Code Insert Manager (Q2W3 Inc Manager)
2.60 Realtyna Organic IDX plugin
2.61 Sangar Slider
2.62 Shopkeeper Extender
2.63 WP Matterport Shortcode
2.64 Short URL
2.65 Simple Testimonials Showcase
2.66 Tax Rate Upload
2.67 Post Type Builder (PTB)
2.68 Post Type Builder (PTB)
2.69 Mega Addons For Elementor
2.70 User Activity Log Pro
2.71 Appointment Bookings for Zoom GoogleMeet and more – Wappointment
2.72 WidgetKit
2.73 2Checkout Payment Gateway for WooCommerce
2.74 Simple Registration for WooCommerce
2.75 WP-Cufon
2.76 WP File Download Light
2.77 WP Radio – Worldwide Online Radio Stations Directory for WordPress
2.78 WP Radio – Worldwide Online Radio Stations Directory for WordPress
2.79 Search Keyword Redirect
2.80 WP TradingView
2.81 WP User Profile Avatar
2.82 WooCommerce
2.83 ElementsKit Elementor addons
2.84 EWWW Image Optimizer
2.85 Speed Optimizer – The All-In-One WordPress Performance-Boosting Plugin
2.86 Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode
2.87 Smart Slider 3
2.88 Meta Box – WordPress Custom Fields Framework
2.89 Ocean Extra
2.90 Premium Addons for Elementor
2.91 Premium Addons for Elementor
2.92 Premium Addons for Elementor
2.93 Premium Addons for Elementor
2.94 The Events Calendar
2.95 BackWPup – WordPress Backup Plugin
2.96 Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Slideshows
2.97 WP Shortcodes Plugin — Shortcodes Ultimate
2.98 Forminator – Contact Form, Payment Form & Custom Form Builder
2.99 WordPress Gallery Plugin – NextGEN Gallery
2.100 Gutenberg Blocks by Kadence Blocks – Page Builder Features
2.101 WP Go Maps (formerly WP Google Maps)
2.102 Migration, Backup, Staging – WPvivid
2.103 Favicon by RealFaviconGenerator
2.104 Gutenberg
2.105 Newsletter – Send awesome emails from WordPress
2.106 Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE
2.107 Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE
2.108 Blocksy Companion
2.109 Smash Balloon Social Post Feed
2.110 Photo Gallery by 10Web – Mobile-Friendly Image Gallery
2.111 Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin
2.112 Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress
2.113 Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress
2.114 Ivory Search – WordPress Search Plugin
2.115 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)
2.116 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)
2.117 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)
2.118 Download Manager
2.119 Best WordPress Gallery Plugin – FooGallery
2.120 GiveWP – Donation Plugin and Fundraising Platform
2.121 Inline Related Posts
2.122 Inline Related Posts
2.123 Inline Related Posts
2.124 Import any XML or CSV File to WordPress
2.125 Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce
2.126 Enhanced Media Library
2.127 Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions
2.128 Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions
2.129 Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions
2.130 Remove Footer Credit
2.131 WPZOOM Social Feed Widget & Block
2.132 Real Media Library: Media Library Folder & File Manager
2.133 Sydney Toolbox
2.134 Theme My Login
2.135 Clone
2.136 BoldGrid Easy SEO – Simple and Effective SEO
2.137 User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin
2.138 ActiveCampaign – Forms, Site Tracking, Live Chat
2.139 Elementor Addons by Livemesh
2.140 Elementor Addons by Livemesh
2.141 Advanced iFrame
2.142 Booking for Appointments and Events Calendar – Amelia
2.143 Customer Reviews for WooCommerce
2.144 Exclusive Addons for Elementor
2.145 Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder
2.146 Redirection
2.147 Spotlight Social Feeds [Block, Shortcode, and Widget]
2.148 WPC Smart Quick View for WooCommerce
2.149 Carousel, Slider, Gallery by WP Carousel – Image Carousel & Photo Gallery, Post Carousel & Post Grid, Product Carousel & Product Grid for WooCommerce
2.150 Carousel, Slider, Gallery by WP Carousel – Image Carousel & Photo Gallery, Post Carousel & Post Grid, Product Carousel & Product Grid for WooCommerce
2.151 WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to Force HTTPS, Security+
2.152 Bold Page Builder
2.153 Bold Page Builder
2.154 Bold Page Builder
2.155 Bold Page Builder
2.156 Bold Page Builder
2.157 FancyBox for WordPress
2.158 RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator
2.159 WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels
2.160 Carousel Slider
2.161 Carousel Slider
2.162 DethemeKit For Elementor
2.163 Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks
2.164 Advanced Cron Manager – debug & control
2.165 FV Flowplayer Video Player
2.166 Link Whisper Free
2.167 Login With Ajax – Fast Logins, 2FA, Redirects
2.168 Social Share, Social Login and Social Comments Plugin – Super Socializer
2.169 Testimonial Slider
2.170 BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net
2.171 WP Customer Reviews
2.172 Ultimate Before After Image Slider & Gallery – BEAF
2.173 Dashboard Welcome for Elementor
2.174 Envo Extra
2.175 Import Users from CSV
2.176 IP2Location Country Blocker
2.177 MailChimp Forms by MailMunch
2.178 Email Marketing for WooCommerce by Omnisend
2.179 Powerkit – Supercharge your WordPress Site
2.180 Top Bar
2.181 Top Bar
2.182 Welcart e-Commerce
2.183 weForms – Easy Drag & Drop Contact Form Builder For WordPress
2.184 NextMove Lite – Thank You Page for WooCommerce
2.185 WP Accessibility Helper (WAH)
2.186 Asgaros Forum
2.187 BA Book Everything
2.188 bunny.net – WordPress CDN Plugin
2.189 Language Translate Widget for WordPress – ConveyThis
2.190 E2Pdf – Export To Pdf Tool for WordPress
2.191 eCommerce Product Catalog Plugin for WordPress
2.192 eRoom – Zoom Meetings & Webinars
2.193 Jobs for WordPress
2.194 Legal Pages – Privacy Policy, Terms & Conditions, GDPR, CCPA, and Cookie Notice Generator
2.195 LifterLMS – WordPress LMS Plugin for eLearning
2.196 Page Builder: Live Composer
2.197 Mailster WordPress Newsletter Plugin Compatibility Tester
2.198 Order Delivery Date for WooCommerce
2.199 Popup by Supsystic
2.200 Membership Plugin – Restrict Content
2.201 Simple Post Notes
2.202 UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress
2.203 WP Google Analytics Events – No-Code Custom Event Tracking for Google Analytics
2.204 Mail logging – WP Mail Catcher
2.205 WooCommerce Google Feed Manager
2.206 Elements Plus!
2.207 WooCommerce UPS Shipping – Live Rates and Access Points
2.208 Smart Forms – when you need more than just a contact form
2.209 Smart Forms – when you need more than just a contact form
2.210 Fatal Error Notify
2.211 Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress Plugin
2.212 Unlimited Elementor Inner Sections By BoomDevs
2.213 WPvivid Backup for MainWP
2.214 Finale Lite – Sales Countdown Timer & Discount for WooCommerce
2.215 ProfileGrid – User Profiles, Memberships, Groups and Communities
2.216 Ultimate Product Catalog
2.217 WP Compress – Image Optimizer [All-In-One]
2.218 Load More Anything
2.219 Boostify Header Footer Builder for Elementor
2.220 Country State City Dropdown CF7
2.221 Product Input Fields for WooCommerce
2.222 Radio Player – Live Shoutcast, Icecast and Any Audio Stream Player for WordPress
2.223 Responsive Gallery Grid
2.224 Responsive Tabs
2.225 Ultimate Bootstrap Elements for Elementor
2.226 WP Login and Logout Redirect
2.227 WOLF – WordPress Posts Bulk Editor and Manager Professional
2.228 Church Content – Sermons, Events and More
2.229 GEO my WordPress
2.230 Intagrate Lite
2.231 Podlove Podcast Publisher
2.232 Podlove Podcast Publisher
2.233 WP Client Reports
2.234 Shopping Cart & eCommerce Store
2.235 Shopping Cart & eCommerce Store
2.236 CP Media Player – Audio Player and Video Player
2.237 Contact Form Plugin
2.238 Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin
2.239 Marker.io – Visual Website Feedback
2.240 MultiParcels Shipping For WooCommerce
2.241 Account Engagement
2.242 WordPress Hosting Benchmark tool
2.243 WPC Grouped Product for WooCommerce
2.244 WP Synchro – WordPress Migration Plugin for Database & Files
2.245 Zoho Campaigns
2.246 Zoho Campaigns
2.247 Premmerce Product Filter for WooCommerce
2.248 SEO Booster
2.249 TOP Table Of Contents
2.250 Wallet System for WooCommerce – Digital Wallet, Cashback Rewards, Recharge User Wallets, View Transaction History
2.251 Extra Product Options Builder for WooCommerce
2.252 Custom Thank You Page Customize For WooCommerce by Binary Carpenter
2.253 Currency per Product for WooCommerce
2.254 Gallery Box
2.255 GG Woo Feed for WooCommerce Shopping Feed on Google Facebook and Other Channels
2.256 Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported)
2.257 InstaWP Connect – 1-click WP Staging & Migration
2.258 LH Add Media From Url
2.259 Table Plugin for WordPress with Google Sheets Integration – Sheets to WP Table Live Sync
2.260 Open Close WooCommerce Store – Best Business Schedules Manager
2.261 WP Event Aggregator: Import Eventbrite events, Meetup events, social events and any iCal Events into WordPress
2.262 AppPresser – Mobile App Framework
2.263 Benchmark Email Lite
2.264 Church Admin
2.265 TempTool [Show Current Template Info]
2.266 Dashboard To-Do List
2.267 ELEX WooCommerce Dynamic Pricing and Discounts
2.268 ELEX WooCommerce Dynamic Pricing and Discounts
2.269 XPlainer – WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin]
2.270 Login | Login Page | Login Logo | Rename Login Page | Custom Login Page | Temporary Users | Rebrand Login | Login Captcha
2.271 USPS Shipping for WooCommerce – Live Rates
2.272 Login with phone number
2.273 Login with phone number
2.274 MihanPanel – User Login , Registration and Dashboard
2.275 Netgsm
2.276 No-Bot Registration
2.277 Novelist
2.278 POEditor
2.279 ReDi Restaurant Reservation
2.280 Save as PDF Plugin by Pdfcrowd
2.281 WordPress Tour & Travel Booking Plugin for WooCommerce – WpTravelly
2.282 Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider
2.283 TWIPLA (Visitor Analytics IO) – Privacy-First Website Stats, Session Recordings, Heatmaps, Polls and Surveys
2.284 Multi Currency For WooCommerce
2.285 WP Dynamic Keywords Injector
2.286 MWW Disclaimer Buttons
2.287 Siteimprove
2.288 BMI Adult & Kid Calculator
2.289 Better Chat Support – Chat Bubble and Chat Button with Gutenberg, Elementor and Shortcode
2.290 Popup Like box – Page Plugin
2.291 Webinar Solution: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition
2.292 F4 Improvements
2.293 WP2LEADS | WordPress und KlickTipp einfach verbinden – WooCommerce und KlickTipp einfach verbinden
2.294 NPS computy
2.295 NPS computy
2.296 Save as Image Plugin by Pdfcrowd
2.297 5 star review funnel for Google Reviews, Trustpilot, ProvenExpert and more | RRatingg
2.298 AffiEasy
2.299 AWP Classifieds
2.300 BWL Advanced FAQ Manager
2.301 Calendarista Basic Edition
2.302 Digital Publications by Supsystic
2.303 Essential Grid
2.304 Fancy Product Designer
2.305 WPBakery Page Builder
2.306 WPBakery Page Builder
2.307 RestroPress
2.308 Slider Revolution
2.309 Table & Contact Form 7 Database – Tablesome
2.310 WooCommerce Customers Manager
2.311 WP Cost Estimation & Payment Forms Builder
2.312 WP Cost Estimation & Payment Forms Builder
2.313 WP Activity Log Premium
2.314 WPB Show Core
2.315 WPB Show Core

3. WordPress Themes — 19 Patched / 7 Unpatched

3.1 Decode
3.2 Gridsby
3.3 GuCherry Blog
3.4 HappenStance
3.5 i-excel
3.6 i-max
3.7 Sensible WP
3.8 Blocksy
3.9 CityLogic
3.10 Default Mag
3.11 Emmet Lite
3.12 Lightning
3.13 Namaha
3.14 NewsXpress
3.15 Panoramic
3.16 PopularFX
3.17 Sarada Lite
3.18 Shopstar!
3.19 Sliding Door
3.20 Spa and Salon
3.21 Tainacan Interface
3.22 The Conference
3.23 X-T9
3.24 Soledad
3.25 Soledad
3.26 Soledad

Our WordPress Vulnerability Report covers the latest emerging WordPress plugin, theme, and core vulnerabilities. Each vulnerability will have a severity rating of Low, Medium, High, or Critical. Responsible disclosure of vulnerabilities is essential to keeping the WordPress community safe. Please share this report to help spread the word and make WordPress — and the web — more secure.

WordPress Core

WordPress 6.5.2 was released on April 9, 2024, as a short-cycle security and maintenance release. This release features 2 bug fixes on Core, 12 bug fixes for the Block editor, and 1 security fix. Because this is a security release, it is recommended that you update your sites immediately.

The next major release will be version 6.6 planned for July 16, 2024.

Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.5.2
Severity Score:: Medium

WordPress Plugins — 234 Patched / 81 Unpatched

Plugin:: Product Feed PRO for WooCommerce
Plugin Slug:: woo-product-feed-pro
Installations: 90,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-32513

Plugin:: What’s New Generator
Plugin Slug:: whats-new-genarator
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-32548

Plugin:: Zero Spam for WordPress
Plugin Slug:: zero-spam
Installations: 30,000+
Vulnerability:: Bypass Vulnerability
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-32521

Plugin:: Jotform Online Forms – Drag & Drop Form Builder, Securely Embed Contact Forms
Plugin Slug:: embed-form
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-32527

Plugin:: Subscribe2 – Form, Email Subscribers & Newsletters
Plugin Slug:: subscribe2
Installations: 20,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-32110

Plugin:: Leadinfo
Plugin Slug:: leadinfo
Installations: 5,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-32112

Plugin:: PeproDev Ultimate Invoice
Plugin Slug:: pepro-ultimate-invoice
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-32518

Plugin:: Sync Post With Other Site
Plugin Slug:: sync-post-with-other-site
Installations: 3,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-32082

Plugin:: Easy Textillate
Plugin Slug:: easy-textillate
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-32526

Plugin:: WP Poll Maker – Best WordPress Poll Plugin for Voting Contest
Plugin Slug:: epoll-wp-voting
Installations: 1,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-32514

Plugin:: Yoga Schedule Momoyoga
Plugin Slug:: momoyoga-integration
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-32529

Plugin:: Simple Buttons Creator
Plugin Slug:: simple-buttons-creator
Installations: 30+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-2858

Plugin:: Simple Buttons Creator
Plugin Slug:: simple-buttons-creator
Installations: 30+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-2857

Plugin:: MM-email2image
Plugin Slug:: mm-email2image
Installations: 20+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-3076

Plugin:: MM-email2image
Plugin Slug:: mm-email2image
Installations: 20+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-3075

Plugin:: Bannerlid
Plugin Slug:: bannerlid
Installations: 10+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-3048

Plugin:: Access Category Password
Plugin Slug:: access-category-password
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-32535

Plugin:: Ads.txt Admin
Plugin Slug:: ads-txt-admin
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-32448

Plugin:: Advanced Search
Plugin Slug:: advance-search
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-2739

Plugin:: Advanced Page Visit Counter
Plugin Slug:: advanced-page-visit-counter
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-32098

Plugin:: Advanced Post Block – Post Grid for WordPress block editor
Plugin Slug:: advanced-post-block
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-0908

Plugin:: AIKit
Plugin Slug:: aikit-wordpress-ai-writing-assistant-using-gpt3
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-31370

Plugin:: Aspose.Words Exporter
Plugin Slug:: aspose-doc-exporter
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-32146

Plugin:: Shortcodes and extra features for Phlox theme
Plugin Slug:: auxin-elements
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2023-7064

Plugin:: Shortcodes and extra features for Phlox theme
Plugin Slug:: auxin-elements
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-3517

Plugin:: Before And After
Plugin Slug:: before-and-after
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-32084

Plugin:: bizcalendar-web
Plugin Slug:: bizcalendar-web
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-1780

Plugin:: Bulk Block Converter
Plugin Slug:: bulk-block-converter
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-32542

Plugin:: Canva – Design beautiful blog graphics
Plugin Slug:: canva
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-32545

Plugin:: CBX Bookmark & Favorite
Plugin Slug:: cbxwpbookmark
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-32132

Plugin:: Citadela Listing
Plugin Slug:: citadela-directory
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-32086

Plugin:: Citadela Listing
Plugin Slug:: citadela-directory
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-32085

Plugin:: Convert Post Types
Plugin Slug:: convert-post-types
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-32108

Plugin:: Crony Cronjob Manager
Plugin Slug:: crony
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-32102

Plugin:: Custom Order Statuses for WooCommerce
Plugin Slug:: custom-order-statuses-for-woocommerce
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-32524

Plugin:: Customily Product Personalizer
Plugin Slug:: customily-v2
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-1774

Plugin:: Delete Custom Fields
Plugin Slug:: delete-custom-fields
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-0613

Plugin:: Disable Comments | WPZest
Plugin Slug:: disable-comments-wpz
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-32135

Plugin:: Easy CountDowner
Plugin Slug:: easy-countdowner
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-32538

Plugin:: Easy Logo
Plugin Slug:: easylogo
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-32083

Plugin:: EZ Form Calculator
Plugin Slug:: ez-form-calculator
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-32133

Plugin:: Filter Custom Fields & Taxonomies Light
Plugin Slug:: filter-custom-fields-taxonomies-light
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-32081

Plugin:: Find Duplicates
Plugin Slug:: find-duplicates
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-32127

Plugin:: Fixed HTML Toolbar
Plugin Slug:: fixed-html-toolbar
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-32540

Plugin:: Flash Video Player
Plugin Slug:: flash-video-player
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-32537

Plugin:: Font Farsi
Plugin Slug:: font-farsi
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-1752

Plugin:: Forms to Zapier, Integromat, IFTTT, Workato, Automate.io, elastic.io, Built.io, APIANT, Webhook
Plugin Slug:: forms-to-zapier
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-32134

Plugin:: Freshdesk (official)
Plugin Slug:: freshdesk-support
Vulnerability:: Open Redirection
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-32129

Plugin:: Kimili Flash Embed
Plugin Slug:: kimili-flash-embed
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-32092

Plugin:: Contact Form & Lead Form Elementor Builder
Plugin Slug:: lead-form-builder
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-1416

Plugin:: Contact Form & Lead Form Elementor Builder
Plugin Slug:: lead-form-builder
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-1415

Plugin:: Libsyn Publisher Hub
Plugin Slug:: libsyn-podcasting
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-32141

Plugin:: Libsyn Publisher Hub
Plugin Slug:: libsyn-podcasting
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-32140

Plugin:: Related Posts for WordPress
Plugin Slug:: microkids-related-posts
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-32549

Plugin:: MJ Update History
Plugin Slug:: mj-update-history
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-32543

Plugin:: Ovic Addon Toolkit
Plugin Slug:: ovic-addon-toolkit
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-32432

Plugin:: Payment Forms for Paystack
Plugin Slug:: payment-forms-for-paystack
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-32130

Plugin:: Product Feed on WooCommerce for Google
Plugin Slug:: purple-xmls-google-product-feed-for-woocommerce
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-32087

Plugin:: Code Insert Manager (Q2W3 Inc Manager)
Plugin Slug:: q2w3-inc-manager
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-32547

Plugin:: Realtyna Organic IDX plugin
Plugin Slug:: real-estate-listing-realtyna-wpl
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-32128

Plugin:: Sangar Slider
Plugin Slug:: sangar-slider-lite
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-32091

Plugin:: Shopkeeper Extender
Plugin Slug:: shopkeeper-extender
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-2801

Plugin:: WP Matterport Shortcode
Plugin Slug:: shortcode-gallery-for-matterport-showcase
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-32109

Plugin:: Short URL
Plugin Slug:: shorten-url
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-32138

Plugin:: Simple Testimonials Showcase
Plugin Slug:: simple-testimonials-showcase
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-32530

Plugin:: Tax Rate Upload
Plugin Slug:: tax-rate-upload
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-32546

Plugin:: Post Type Builder (PTB)
Plugin Slug:: themify-ptb
Vulnerability:: Content Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-31366

Plugin:: Post Type Builder (PTB)
Plugin Slug:: themify-ptb
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-31365

Plugin:: Mega Addons For Elementor
Plugin Slug:: ultimate-addons-for-elementor
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-32515

Plugin:: User Activity Log Pro
Plugin Slug:: user-activity-log-pro
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-32137

Plugin:: Appointment Bookings for Zoom GoogleMeet and more – Wappointment
Plugin Slug:: wappointment
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-32454

Plugin:: WidgetKit
Plugin Slug:: widgetkit-for-elementor
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-2137

Plugin:: 2Checkout Payment Gateway for WooCommerce
Plugin Slug:: woocommerce-2checkout-payment
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-0629

Plugin:: Simple Registration for WooCommerce
Plugin Slug:: woocommerce-simple-registration
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-32511

Plugin:: WP-Cufon
Plugin Slug:: wp-cufon
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-32541

Plugin:: WP File Download Light
Plugin Slug:: wp-file-download-light
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-32539

Plugin:: WP Radio – Worldwide Online Radio Stations Directory for WordPress
Plugin Slug:: wp-radio
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-1042

Plugin:: WP Radio – Worldwide Online Radio Stations Directory for WordPress
Plugin Slug:: wp-radio
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-1041

Plugin:: Search Keyword Redirect
Plugin Slug:: wp-search-keyword-redirect
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-32080

Plugin:: WP TradingView
Plugin Slug:: wp-tradingview
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-32536

Plugin:: WP User Profile Avatar
Plugin Slug:: wp-user-profile-avatar
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2023-6067

Plugin:: WooCommerce
Plugin Slug:: woocommerce
Installations: 5,000,000+
Vulnerability:: Broken Access Control
Patched in Version:: 8.6
Severity Score:: Medium
CVE:: 2024-1310

Plugin:: ElementsKit Elementor addons
Plugin Slug:: elementskit-lite
Installations: 1,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.0.7
Severity Score:: Medium
CVE:: 2024-32505

Plugin:: EWWW Image Optimizer
Plugin Slug:: ewww-image-optimizer
Installations: 1,000,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 7.3.0
Severity Score:: Medium
CVE:: 2024-31924

Plugin:: Speed Optimizer – The All-In-One WordPress Performance-Boosting Plugin
Plugin Slug:: sg-cachepress
Installations: 1,000,000+
Vulnerability:: Broken Access Control
Patched in Version:: 7.5.0
Severity Score:: Medium
CVE:: 2024-32532

Plugin:: Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode
Plugin Slug:: coming-soon
Installations: 900,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 6.15.21
Severity Score:: Medium
CVE:: 2024-32088

Plugin:: Smart Slider 3
Plugin Slug:: smart-slider-3
Installations: 900,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.5.1.23
Severity Score:: Medium
CVE:: 2024-3027

Plugin:: Meta Box – WordPress Custom Fields Framework
Plugin Slug:: meta-box
Installations: 700,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.9.4
Severity Score:: Medium
CVE:: 2024-1204

Plugin:: Ocean Extra
Plugin Slug:: ocean-extra
Installations: 700,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.7
Severity Score:: Medium
CVE:: 2024-3167

Plugin:: Premium Addons for Elementor
Plugin Slug:: premium-addons-for-elementor
Installations: 700,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.10.28
Severity Score:: Medium
CVE:: 2024-2665

Plugin:: Premium Addons for Elementor
Plugin Slug:: premium-addons-for-elementor
Installations: 700,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.10.25
Severity Score:: Medium
CVE:: 2024-2664

Plugin:: Premium Addons for Elementor
Plugin Slug:: premium-addons-for-elementor
Installations: 700,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.10.25
Severity Score:: Medium
CVE:: 2024-2666

Plugin:: Premium Addons for Elementor
Plugin Slug:: premium-addons-for-elementor
Installations: 700,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.10.17
Severity Score:: Medium
CVE:: 2024-0376

Plugin:: The Events Calendar
Plugin Slug:: the-events-calendar
Installations: 700,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 6.3.1
Severity Score:: Medium
CVE:: 2024-31433

Plugin:: BackWPup – WordPress Backup Plugin
Plugin Slug:: backwpup
Installations: 600,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 4.0.4
Severity Score:: Medium
CVE:: 2023-7164

Plugin:: Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Slideshows
Plugin Slug:: ml-slider
Installations: 600,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.70.1
Severity Score:: Medium
CVE:: 2024-3285

Plugin:: WP Shortcodes Plugin — Shortcodes Ultimate
Plugin Slug:: shortcodes-ultimate
Installations: 600,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.0.5
Severity Score:: Medium
CVE:: 2024-2583

Plugin:: Forminator – Contact Form, Payment Form & Custom Form Builder
Plugin Slug:: forminator
Installations: 500,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.29.3
Severity Score:: Medium
CVE:: 2024-3053

Plugin:: WordPress Gallery Plugin – NextGEN Gallery
Plugin Slug:: nextgen-gallery
Installations: 500,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.59.1
Severity Score:: Medium
CVE:: 2024-3097

Plugin:: Gutenberg Blocks by Kadence Blocks – Page Builder Features
Plugin Slug:: kadence-blocks
Installations: 400,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 3.2.12
Severity Score:: High
CVE:: 2023-6964

Plugin:: WP Go Maps (formerly WP Google Maps)
Plugin Slug:: wp-google-maps
Installations: 400,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 9.0.35
Severity Score:: Medium
CVE:: 2023-6777

Plugin:: Migration, Backup, Staging – WPvivid
Plugin Slug:: wpvivid-backuprestore
Installations: 400,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 0.9.100
Severity Score:: Medium
CVE:: 2024-3054

Plugin:: Favicon by RealFaviconGenerator
Plugin Slug:: favicon-by-realfavicongenerator
Installations: 300,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.3.30
Severity Score:: Medium
CVE:: 2024-31422

Plugin:: Gutenberg
Plugin Slug:: gutenberg
Installations: 300,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 18.1.0
Severity Score:: Medium

Plugin:: Newsletter – Send awesome emails from WordPress
Plugin Slug:: newsletter
Installations: 300,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 8.0.7
Severity Score:: Medium
CVE:: 2024-31434

Plugin:: Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE
Plugin Slug:: otter-blocks
Installations: 300,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.9
Severity Score:: Medium
CVE:: 2024-3343

Plugin:: Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE
Plugin Slug:: otter-blocks
Installations: 300,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.9
Severity Score:: Medium
CVE:: 2024-3344

Plugin:: Blocksy Companion
Plugin Slug:: blocksy-companion
Installations: 200,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.0.29
Severity Score:: Medium
CVE:: 2024-31932

Plugin:: Smash Balloon Social Post Feed
Plugin Slug:: custom-facebook-feed
Installations: 200,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 4.2.2
Severity Score:: Medium
CVE:: 2024-31379

Plugin:: Photo Gallery by 10Web – Mobile-Friendly Image Gallery
Plugin Slug:: photo-gallery
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8.22
Severity Score:: Medium
CVE:: 2024-2296

Plugin:: Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin
Plugin Slug:: ultimate-member
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.8.5
Severity Score:: Medium
CVE:: 2024-2765

Plugin:: Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress
Plugin Slug:: wp-user-avatar
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.15.5
Severity Score:: Medium
CVE:: 2024-2867

Plugin:: Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress
Plugin Slug:: wp-user-avatar
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.15.6
Severity Score:: Medium
CVE:: 2024-3210

Plugin:: Ivory Search – WordPress Search Plugin
Plugin Slug:: add-search-to-menu
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.5.6
Severity Score:: Medium
CVE:: 2024-3233

Plugin:: Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)
Plugin Slug:: bdthemes-element-pack-lite
Installations: 100,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 5.6.0
Severity Score:: Medium
CVE:: 2024-2966

Plugin:: Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)
Plugin Slug:: bdthemes-element-pack-lite
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.5.4
Severity Score:: Medium
CVE:: 2024-1428

Plugin:: Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)
Plugin Slug:: bdthemes-element-pack-lite
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.3.3
Severity Score:: Medium
CVE:: 2024-0837

Plugin:: Download Manager
Plugin Slug:: download-manager
Installations: 100,000+
Vulnerability:: Bypass Vulnerability
Patched in Version:: 3.2.83
Severity Score:: Medium
CVE:: 2024-32131

Plugin:: Best WordPress Gallery Plugin – FooGallery
Plugin Slug:: foogallery
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.15
Severity Score:: Medium
CVE:: 2024-2471

Plugin:: GiveWP – Donation Plugin and Fundraising Platform
Plugin Slug:: give
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.7.0
Severity Score:: Medium
CVE:: 2024-1957

Plugin:: Inline Related Posts
Plugin Slug:: intelly-related-posts
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.6.0
Severity Score:: Medium
CVE:: 2023-6257

Plugin:: Inline Related Posts
Plugin Slug:: intelly-related-posts
Installations: 100,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.4.0
Severity Score:: Medium
CVE:: 2024-31426

Plugin:: Inline Related Posts
Plugin Slug:: intelly-related-posts
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.5.0
Severity Score:: Medium
CVE:: 2024-2444

Plugin:: Import any XML or CSV File to WordPress
Plugin Slug:: wp-all-import
Installations: 100,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.7.4
Severity Score:: Medium
CVE:: 2024-31939

Plugin:: Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce
Plugin Slug:: email-subscribers
Installations: 90,000+
Vulnerability:: SQL Injection
Patched in Version:: 5.7.15
Severity Score:: Critical
CVE:: 2024-2876

Plugin:: Enhanced Media Library
Plugin Slug:: enhanced-media-library
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.8.10
Severity Score:: Medium
CVE:: 2024-2840

Plugin:: Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions
Plugin Slug:: paid-memberships-pro
Installations: 90,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.0.2
Severity Score:: Medium
CVE:: 2024-3215

Plugin:: Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions
Plugin Slug:: paid-memberships-pro
Installations: 90,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.0
Severity Score:: Medium
CVE:: 2024-0588

Plugin:: Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions
Plugin Slug:: paid-memberships-pro
Installations: 90,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.0
Severity Score:: Medium
CVE:: 2024-0588

Plugin:: Remove Footer Credit
Plugin Slug:: remove-footer-credit
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.14
Severity Score:: Medium
CVE:: 2024-32429

Plugin:: WPZOOM Social Feed Widget & Block
Plugin Slug:: instagram-widget-by-wpzoom
Installations: 80,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.1.14
Severity Score:: Medium
CVE:: 2024-3662

Plugin:: Real Media Library: Media Library Folder & File Manager
Plugin Slug:: real-media-library-lite
Installations: 80,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.22.12
Severity Score:: Medium
CVE:: 2024-2328

Plugin:: Sydney Toolbox
Plugin Slug:: sydney-toolbox
Installations: 80,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.29
Severity Score:: Medium
CVE:: 2024-3208

Plugin:: Theme My Login
Plugin Slug:: theme-my-login
Installations: 80,000+
Vulnerability:: Broken Access Control
Patched in Version:: 7.1.7
Severity Score:: Medium
CVE:: 2024-32525

Plugin:: Clone
Plugin Slug:: wp-clone-by-wp-academy
Installations: 80,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.4.4
Severity Score:: Medium
CVE:: 2024-31435

Plugin:: BoldGrid Easy SEO – Simple and Effective SEO
Plugin Slug:: boldgrid-easy-seo
Installations: 70,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.6.15
Severity Score:: Medium
CVE:: 2024-2950

Plugin:: User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin
Plugin Slug:: user-registration
Installations: 70,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.2.0
Severity Score:: Medium
CVE:: 2024-3295

Plugin:: ActiveCampaign – Forms, Site Tracking, Live Chat
Plugin Slug:: activecampaign-subscription-forms
Installations: 60,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 8.1.15
Severity Score:: Medium
CVE:: 2024-32430

Plugin:: Elementor Addons by Livemesh
Plugin Slug:: addons-for-elementor
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 8.3.7
Severity Score:: Medium
CVE:: 2024-2539

Plugin:: Elementor Addons by Livemesh
Plugin Slug:: addons-for-elementor
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 8.3.7
Severity Score:: Medium
CVE:: 2024-2655

Plugin:: Advanced iFrame
Plugin Slug:: advanced-iframe
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2024.3
Severity Score:: Medium
CVE:: 2024-32079

Plugin:: Booking for Appointments and Events Calendar – Amelia
Plugin Slug:: ameliabooking
Installations: 60,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.0.96
Severity Score:: Medium
CVE:: 2024-31425

Plugin:: Customer Reviews for WooCommerce
Plugin Slug:: customer-reviews-woocommerce
Installations: 60,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.47.0
Severity Score:: Medium
CVE:: 2024-3243

Plugin:: Exclusive Addons for Elementor
Plugin Slug:: exclusive-addons-for-elementor
Installations: 60,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.6.9.1
Severity Score:: Medium
CVE:: 2024-32110

Plugin:: Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder
Plugin Slug:: form-maker
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.15.24
Severity Score:: Medium
CVE:: 2024-32534

Plugin:: Redirection
Plugin Slug:: redirect-redirection
Installations: 60,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.2.0
Severity Score:: Medium
CVE:: 2024-31435

Plugin:: Spotlight Social Feeds [Block, Shortcode, and Widget]
Plugin Slug:: spotlight-social-photo-feeds
Installations: 60,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.6.11
Severity Score:: Medium
CVE:: 2024-31381

Plugin:: WPC Smart Quick View for WooCommerce
Plugin Slug:: woo-smart-quick-view
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.0.3
Severity Score:: Medium
CVE:: 2023-6494

Plugin:: Carousel, Slider, Gallery by WP Carousel – Image Carousel & Photo Gallery, Post Carousel & Post Grid, Product Carousel & Product Grid for WooCommerce
Plugin Slug:: wp-carousel-free
Installations: 60,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 2.6.4
Severity Score:: High
CVE:: 2024-3020

Plugin:: Carousel, Slider, Gallery by WP Carousel – Image Carousel & Photo Gallery, Post Carousel & Post Grid, Product Carousel & Product Grid for WooCommerce
Plugin Slug:: wp-carousel-free
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.4
Severity Score:: Medium
CVE:: 2024-2949

Plugin:: WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to Force HTTPS, Security+
Plugin Slug:: wp-letsencrypt-ssl
Installations: 60,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 7.1.0
Severity Score:: High
CVE:: 2023-7046

Plugin:: Bold Page Builder
Plugin Slug:: bold-page-builder
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.8.9
Severity Score:: Medium
CVE:: 2024-2734

Plugin:: Bold Page Builder
Plugin Slug:: bold-page-builder
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.8.9
Severity Score:: Medium
CVE:: 2024-2735

Plugin:: Bold Page Builder
Plugin Slug:: bold-page-builder
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.8.9
Severity Score:: Medium
CVE:: 2024-2736

Plugin:: Bold Page Builder
Plugin Slug:: bold-page-builder
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.8.9
Severity Score:: Medium
CVE:: 2024-2733

Plugin:: Bold Page Builder
Plugin Slug:: bold-page-builder
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.8.9
Severity Score:: Medium
CVE:: 2024-3267

Plugin:: FancyBox for WordPress
Plugin Slug:: fancybox-for-wordpress
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.3.4
Severity Score:: Medium
CVE:: 2024-0662

Plugin:: RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator
Plugin Slug:: feedzy-rss-feeds
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.3.4
Severity Score:: Medium
CVE:: 2023-6877

Plugin:: WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels
Plugin Slug:: print-invoices-packing-slip-labels-for-woocommerce
Installations: 50,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.4.3
Severity Score:: Medium
CVE:: 2024-3216

Plugin:: Carousel Slider
Plugin Slug:: carousel-slider
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.7
Severity Score:: Medium
CVE:: 2024-1712

Plugin:: Carousel Slider
Plugin Slug:: carousel-slider
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.10
Severity Score:: Medium
CVE:: 2024-3703

Plugin:: DethemeKit For Elementor
Plugin Slug:: dethemekit-for-elementor
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.0
Severity Score:: Medium
CVE:: 2024-32508

Plugin:: Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks
Plugin Slug:: post-grid
Installations: 40,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.2.76
Severity Score:: Medium
CVE:: 2024-0881

Plugin:: Advanced Cron Manager – debug & control
Plugin Slug:: advanced-cron-manager
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.5.3
Severity Score:: Medium
CVE:: 2024-31926

Plugin:: FV Flowplayer Video Player
Plugin Slug:: fv-wordpress-flowplayer
Installations: 30,000+
Vulnerability:: Unvalidated Redirects and Forwards
Patched in Version:: 7.5.45.7212
Severity Score:: Medium
CVE:: 2024-32078

Plugin:: Link Whisper Free
Plugin Slug:: link-whisper
Installations: 30,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 0.7.0
Severity Score:: Medium
CVE:: 2024-31934

Plugin:: Login With Ajax – Fast Logins, 2FA, Redirects
Plugin Slug:: login-with-ajax
Installations: 30,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 4.2
Severity Score:: Medium
CVE:: 2024-30546

Plugin:: Social Share, Social Login and Social Comments Plugin – Super Socializer
Plugin Slug:: super-socializer
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.13.64
Severity Score:: Medium
CVE:: 2024-2836

Plugin:: Testimonial Slider
Plugin Slug:: testimonial-slider-and-showcase
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.3.8
Severity Score:: Medium
CVE:: 2024-1746

Plugin:: BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net
Plugin Slug:: woo-bulk-editor
Installations: 30,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.1.4.2
Severity Score:: Medium
CVE:: 2024-31430

Plugin:: WP Customer Reviews
Plugin Slug:: wp-customer-reviews
Installations: 30,000+
Vulnerability:: Unvalidated Redirects and Forwards
Patched in Version:: 3.7.1
Severity Score:: Medium
CVE:: 2024-1849

Plugin:: Ultimate Before After Image Slider & Gallery – BEAF
Plugin Slug:: beaf-before-and-after-gallery
Installations: 20,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 4.5.5
Severity Score:: Medium
CVE:: 2024-32433

Plugin:: Dashboard Welcome for Elementor
Plugin Slug:: dashboard-welcome-for-elementor
Installations: 20,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.0.8
Severity Score:: Medium
CVE:: 2024-32110

Plugin:: Envo Extra
Plugin Slug:: envo-extra
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8.12
Severity Score:: Medium
CVE:: 2024-32456

Plugin:: Import Users from CSV
Plugin Slug:: import-users-from-csv
Installations: 20,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 1.3
Severity Score:: Medium
CVE:: 2024-32431

Plugin:: IP2Location Country Blocker
Plugin Slug:: ip2location-country-blocker
Installations: 20,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.34.3
Severity Score:: Medium
CVE:: 2024-32443

Plugin:: MailChimp Forms by MailMunch
Plugin Slug:: mailchimp-forms-by-mailmunch
Installations: 20,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.2.2
Severity Score:: Medium
CVE:: 2024-31378

Plugin:: Email Marketing for WooCommerce by Omnisend
Plugin Slug:: omnisend-connect
Installations: 20,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.14.4
Severity Score:: Medium
CVE:: 2024-32101

Plugin:: Powerkit – Supercharge your WordPress Site
Plugin Slug:: powerkit
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.9.2
Severity Score:: Medium
CVE:: 2024-2458

Plugin:: Top Bar
Plugin Slug:: top-bar
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.0.5
Severity Score:: Medium
CVE:: 2024-1660

Plugin:: Top Bar
Plugin Slug:: top-bar
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.0.6
Severity Score:: Medium
CVE:: 2024-31928

Plugin:: Welcart e-Commerce
Plugin Slug:: usc-e-shop
Installations: 20,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.10.0
Severity Score:: Medium
CVE:: 2024-32144

Plugin:: weForms – Easy Drag & Drop Contact Form Builder For WordPress
Plugin Slug:: weforms
Installations: 20,000+
Vulnerability:: Bypass Vulnerability
Patched in Version:: 1.6.21
Severity Score:: Medium
CVE:: 2024-32512

Plugin:: NextMove Lite – Thank You Page for WooCommerce
Plugin Slug:: woo-thank-you-page-nextmove-lite
Installations: 20,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.18.2
Severity Score:: Medium
CVE:: 2024-32104

Plugin:: WP Accessibility Helper (WAH)
Plugin Slug:: wp-accessibility-helper
Installations: 20,000+
Vulnerability:: Broken Access Control
Patched in Version:: 0.6.2.6
Severity Score:: Medium
CVE:: 2024-31423

Plugin:: Asgaros Forum
Plugin Slug:: asgaros-forum
Installations: 10,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.9.0
Severity Score:: Medium
CVE:: 2024-32440

Plugin:: BA Book Everything
Plugin Slug:: ba-book-everything
Installations: 10,000+
Vulnerability:: SQL Injection
Patched in Version:: 1.6.5
Severity Score:: High
CVE:: 2024-32125

Plugin:: bunny.net – WordPress CDN Plugin
Plugin Slug:: bunnycdn
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.2
Severity Score:: Medium
CVE:: 2024-31361

Plugin:: Language Translate Widget for WordPress – ConveyThis
Plugin Slug:: conveythis-translate
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 224
Severity Score:: High
CVE:: 2023-6811

Plugin:: E2Pdf – Export To Pdf Tool for WordPress
Plugin Slug:: e2pdf
Installations: 10,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.23.00
Severity Score:: Medium
CVE:: 2024-31373

Plugin:: eCommerce Product Catalog Plugin for WordPress
Plugin Slug:: ecommerce-product-catalog
Installations: 10,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.3.29
Severity Score:: Medium
CVE:: 2024-32437

Plugin:: eRoom – Zoom Meetings & Webinars
Plugin Slug:: eroom-zoom-meetings-webinar
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.4.19
Severity Score:: Medium
CVE:: 2024-3275

Plugin:: Jobs for WordPress
Plugin Slug:: job-postings
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.7.6
Severity Score:: High
CVE:: 2024-32149

Plugin:: Legal Pages – Privacy Policy, Terms & Conditions, GDPR, CCPA, and Cookie Notice Generator
Plugin Slug:: legal-pages
Installations: 10,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.4.3
Severity Score:: Medium
CVE:: 2024-32451

Plugin:: LifterLMS – WordPress LMS Plugin for eLearning
Plugin Slug:: lifterlms
Installations: 10,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 7.5.1
Severity Score:: Medium
CVE:: 2024-31363

Plugin:: Page Builder: Live Composer
Plugin Slug:: live-composer-page-builder
Installations: 10,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.5.36
Severity Score:: Medium
CVE:: 2024-31933

Plugin:: Mailster WordPress Newsletter Plugin Compatibility Tester
Plugin Slug:: mailster
Installations: 10,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 4.0.7
Severity Score:: High
CVE:: 2024-32523

Plugin:: Order Delivery Date for WooCommerce
Plugin Slug:: order-delivery-date-for-woocommerce
Installations: 10,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.21.0
Severity Score:: Medium
CVE:: 2024-32434

Plugin:: Popup by Supsystic
Plugin Slug:: popup-by-supsystic
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.10.28
Severity Score:: Medium
CVE:: 2024-31421

Plugin:: Membership Plugin – Restrict Content
Plugin Slug:: restrict-content
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.2.9
Severity Score:: Medium
CVE:: 2024-31432

Plugin:: Simple Post Notes
Plugin Slug:: simple-post-notes
Installations: 10,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.7.7
Severity Score:: Medium
CVE:: 2024-31935

Plugin:: UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress
Plugin Slug:: userswp
Installations: 10,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.2.6
Severity Score:: Medium
CVE:: 2024-31936

Plugin:: WP Google Analytics Events – No-Code Custom Event Tracking for Google Analytics
Plugin Slug:: wp-google-analytics-events
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.8.1
Severity Score:: High
CVE:: 2024-32145

Plugin:: Mail logging – WP Mail Catcher
Plugin Slug:: wp-mail-catcher
Installations: 10,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.1.7
Severity Score:: Medium
CVE:: 2024-32099

Plugin:: WooCommerce Google Feed Manager
Plugin Slug:: wp-product-feed-manager
Installations: 10,000+
Vulnerability:: SQL Injection
Patched in Version:: 2.6.0
Severity Score:: High
CVE:: 2024-3067

Plugin:: Elements Plus!
Plugin Slug:: elements-plus
Installations: 9,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.16.4
Severity Score:: Medium
CVE:: 2024-32457

Plugin:: WooCommerce UPS Shipping – Live Rates and Access Points
Plugin Slug:: flexible-shipping-ups
Installations: 9,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.2.5
Severity Score:: Medium
CVE:: 2024-31944

Plugin:: Smart Forms – when you need more than just a contact form
Plugin Slug:: smart-forms
Installations: 9,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.6.94
Severity Score:: Medium
CVE:: 2024-1307

Plugin:: Smart Forms – when you need more than just a contact form
Plugin Slug:: smart-forms
Installations: 9,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.6.94
Severity Score:: Medium
CVE:: 2024-1306

Plugin:: Fatal Error Notify
Plugin Slug:: fatal-error-notify
Installations: 8,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.5.3
Severity Score:: Medium
CVE:: 2024-32455

Plugin:: Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress Plugin
Plugin Slug:: mage-eventpress
Installations: 8,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 4.1.3
Severity Score:: Medium
CVE:: 2024-32110

Plugin:: Unlimited Elementor Inner Sections By BoomDevs
Plugin Slug:: unlimited-elementor-inner-sections-by-boomdevs
Installations: 8,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.0.5
Severity Score:: Medium
CVE:: 2024-32110

Plugin:: WPvivid Backup for MainWP
Plugin Slug:: wpvivid-backup-mainwp
Installations: 8,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 0.9.34
Severity Score:: Medium

Plugin:: Finale Lite – Sales Countdown Timer & Discount for WooCommerce
Plugin Slug:: finale-woocommerce-sales-countdown-timer-discount
Installations: 7,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.18.1
Severity Score:: Medium
CVE:: 2024-32107

Plugin:: ProfileGrid – User Profiles, Memberships, Groups and Communities
Plugin Slug:: profilegrid-user-profiles-groups-and-communities
Installations: 7,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 5.7.9
Severity Score:: Medium
CVE:: 2024-31362

Plugin:: Ultimate Product Catalog
Plugin Slug:: ultimate-product-catalogue
Installations: 7,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 5.2.16
Severity Score:: Medium
CVE:: 2024-31921

Plugin:: WP Compress – Image Optimizer [All-In-One]
Plugin Slug:: wp-compress-image-optimizer
Installations: 7,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 6.11.01
Severity Score:: Medium
CVE:: 2024-32106

Plugin:: Load More Anything
Plugin Slug:: ajax-load-more-anything
Installations: 6,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.3.6
Severity Score:: Medium
CVE:: 2024-32110

Plugin:: Boostify Header Footer Builder for Elementor
Plugin Slug:: boostify-header-footer-builder
Installations: 6,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.3.2
Severity Score:: Medium
CVE:: 2024-32110

Plugin:: Country State City Dropdown CF7
Plugin Slug:: country-state-city-auto-dropdown
Installations: 6,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.7.2
Severity Score:: Medium
CVE:: 2024-3520

Plugin:: Product Input Fields for WooCommerce
Plugin Slug:: product-input-fields-for-woocommerce
Installations: 6,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.8.0
Severity Score:: Medium
CVE:: 2024-31431

Plugin:: Radio Player – Live Shoutcast, Icecast and Any Audio Stream Player for WordPress
Plugin Slug:: radio-player
Installations: 6,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.0.74
Severity Score:: Medium
CVE:: 2024-32506

Plugin:: Responsive Gallery Grid
Plugin Slug:: responsive-gallery-grid
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.3.11
Severity Score:: Medium
CVE:: 2024-1664

Plugin:: Responsive Tabs
Plugin Slug:: responsive-tabs
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.0.7
Severity Score:: Medium
CVE:: 2024-1846

Plugin:: Ultimate Bootstrap Elements for Elementor
Plugin Slug:: ultimate-bootstrap-elements-for-elementor
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4.1
Severity Score:: Medium
CVE:: 2024-2132

Plugin:: WP Login and Logout Redirect
Plugin Slug:: wp-login-and-logout-redirect
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0
Severity Score:: Medium
CVE:: 2024-31927

Plugin:: WOLF – WordPress Posts Bulk Editor and Manager Professional
Plugin Slug:: bulk-editor
Installations: 5,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.0.8.2
Severity Score:: Medium
CVE:: 2024-31430

Plugin:: Church Content – Sermons, Events and More
Plugin Slug:: church-theme-content
Installations: 5,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.6.1
Severity Score:: Medium
CVE:: 2024-32094

Plugin:: GEO my WordPress
Plugin Slug:: geo-my-wp
Installations: 5,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 4.2
Severity Score:: Medium
CVE:: 2024-32097

Plugin:: Intagrate Lite
Plugin Slug:: instagrate-to-wordpress
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.8
Severity Score:: Medium
CVE:: 2024-31929

Plugin:: Podlove Podcast Publisher
Plugin Slug:: podlove-podcasting-plugin-for-wordpress
Installations: 5,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.1.1
Severity Score:: Medium
CVE:: 2024-32143

Plugin:: Podlove Podcast Publisher
Plugin Slug:: podlove-podcasting-plugin-for-wordpress
Installations: 5,000+
Vulnerability:: SQL Injection
Patched in Version:: 4.0.14
Severity Score:: High
CVE:: 2024-32139

Plugin:: WP Client Reports
Plugin Slug:: wp-client-reports
Installations: 5,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.0.23
Severity Score:: Medium
CVE:: 2024-32439

Plugin:: Shopping Cart & eCommerce Store
Plugin Slug:: wp-easycart
Installations: 5,000+
Vulnerability:: SQL Injection
Patched in Version:: 5.6.4
Severity Score:: High
CVE:: 2024-3211

Plugin:: Shopping Cart & eCommerce Store
Plugin Slug:: wp-easycart
Installations: 5,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 5.6.0
Severity Score:: Medium
CVE:: 2024-32452

Plugin:: CP Media Player – Audio Player and Video Player
Plugin Slug:: audio-and-video-player
Installations: 4,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.2.0
Severity Score:: Medium
CVE:: 2024-31941

Plugin:: Contact Form Plugin
Plugin Slug:: contact-form-lite
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.25
Severity Score:: Medium
CVE:: 2024-32147

Plugin:: Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin
Plugin Slug:: everest-backup
Installations: 4,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 2.2.5
Severity Score:: Critical
CVE:: 2023-7201

Plugin:: Marker.io – Visual Website Feedback
Plugin Slug:: marker-io
Installations: 4,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.1.9
Severity Score:: Medium
CVE:: 2024-31427

Plugin:: MultiParcels Shipping For WooCommerce
Plugin Slug:: multiparcels-shipping-for-woocommerce
Installations: 4,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.16.9
Severity Score:: Medium
CVE:: 2024-32095

Plugin:: Account Engagement
Plugin Slug:: pardot
Installations: 4,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.1.1
Severity Score:: Medium
CVE:: 2024-32148

Plugin:: WordPress Hosting Benchmark tool
Plugin Slug:: wpbenchmark
Installations: 4,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.3.7
Severity Score:: Medium
CVE:: 2024-31922

Plugin:: WPC Grouped Product for WooCommerce
Plugin Slug:: wpc-grouped-product
Installations: 4,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.4.3
Severity Score:: Medium
CVE:: 2024-32520

Plugin:: WP Synchro – WordPress Migration Plugin for Database & Files
Plugin Slug:: wpsynchro
Installations: 4,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.11.3
Severity Score:: Medium
CVE:: 2024-32096

Plugin:: Zoho Campaigns
Plugin Slug:: zoho-campaigns
Installations: 4,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.0.8
Severity Score:: Medium
CVE:: 2024-32442

Plugin:: Zoho Campaigns
Plugin Slug:: zoho-campaigns
Installations: 4,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.0.8
Severity Score:: Medium
CVE:: 2024-32441

Plugin:: Premmerce Product Filter for WooCommerce
Plugin Slug:: premmerce-woocommerce-product-filter
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.7.3
Severity Score:: Medium
CVE:: 2024-31359

Plugin:: SEO Booster
Plugin Slug:: seo-booster
Installations: 3,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.8.10
Severity Score:: Medium
CVE:: 2024-32438

Plugin:: TOP Table Of Contents
Plugin Slug:: top-table-of-contents
Installations: 3,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.3.16
Severity Score:: Medium
CVE:: 2024-32110

Plugin:: Wallet System for WooCommerce – Digital Wallet, Cashback Rewards, Recharge User Wallets, View Transaction History
Plugin Slug:: wallet-system-for-woocommerce
Installations: 3,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.5.10
Severity Score:: Medium
CVE:: 2024-32446

Plugin:: Extra Product Options Builder for WooCommerce
Plugin Slug:: additional-product-fields-for-woocommerce
Installations: 2,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.2.105
Severity Score:: Medium
CVE:: 2024-31940

Plugin:: Custom Thank You Page Customize For WooCommerce by Binary Carpenter
Plugin Slug:: bc-woo-custom-thank-you-pages
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.4.14
Severity Score:: Medium
CVE:: 2024-32517

Plugin:: Currency per Product for WooCommerce
Plugin Slug:: currency-per-product-for-woocommerce
Installations: 2,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.7.0
Severity Score:: Medium
CVE:: 2024-31920

Plugin:: Gallery Box
Plugin Slug:: gallery-box
Installations: 2,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.7.34
Severity Score:: Medium
CVE:: 2024-32110

Plugin:: GG Woo Feed for WooCommerce Shopping Feed on Google Facebook and Other Channels
Plugin Slug:: gg-woo-feed
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.2.7
Severity Score:: Medium
CVE:: 2024-32519

Plugin:: Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported)
Plugin Slug:: gift-voucher
Installations: 2,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 4.4.1
Severity Score:: Medium
CVE:: 2024-32436

Plugin:: InstaWP Connect – 1-click WP Staging & Migration
Plugin Slug:: instawp-connect
Installations: 2,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 0.1.0.23
Severity Score:: Critical
CVE:: 2024-2667

Plugin:: LH Add Media From Url
Plugin Slug:: lh-add-media-from-url
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.23
Severity Score:: High
CVE:: 2024-32533

Plugin:: Table Plugin for WordPress with Google Sheets Integration – Sheets to WP Table Live Sync
Plugin Slug:: sheets-to-wp-table-live-sync
Installations: 2,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.5.1
Severity Score:: Medium
CVE:: 2024-32110

Plugin:: Open Close WooCommerce Store – Best Business Schedules Manager
Plugin Slug:: woc-open-close
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.9.2
Severity Score:: Medium
CVE:: 2024-32522

Plugin:: WP Event Aggregator: Import Eventbrite events, Meetup events, social events and any iCal Events into WordPress
Plugin Slug:: wp-event-aggregator
Installations: 2,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.7.7
Severity Score:: Medium
CVE:: 2024-31371

Plugin:: AppPresser – Mobile App Framework
Plugin Slug:: apppresser
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 4.3.1
Severity Score:: Medium
CVE:: 2024-31374

Plugin:: Benchmark Email Lite
Plugin Slug:: benchmark-email-lite
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 4.2
Severity Score:: Medium
CVE:: 2024-31360

Plugin:: Church Admin
Plugin Slug:: church-admin
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 4.0.28
Severity Score:: Medium
CVE:: 2024-32090

Plugin:: TempTool [Show Current Template Info]
Plugin Slug:: current-template-name
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.1.13
Severity Score:: Medium
CVE:: 2024-32110

Plugin:: Dashboard To-Do List
Plugin Slug:: dashboard-to-do-list
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.3.2
Severity Score:: Medium
CVE:: 2024-31376

Plugin:: ELEX WooCommerce Dynamic Pricing and Discounts
Plugin Slug:: elex-woocommerce-dynamic-pricing-and-discounts
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.1.3
Severity Score:: Medium
CVE:: 2024-32105

Plugin:: ELEX WooCommerce Dynamic Pricing and Discounts
Plugin Slug:: elex-woocommerce-dynamic-pricing-and-discounts
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.1.3
Severity Score:: Medium
CVE:: 2024-31364

Plugin:: XPlainer – WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin]
Plugin Slug:: faq-for-woocommerce
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.5.1
Severity Score:: Medium
CVE:: 2024-32110

Plugin:: Login | Login Page | Login Logo | Rename Login Page | Custom Login Page | Temporary Users | Rebrand Login | Login Captcha
Plugin Slug:: feather-login-page
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.1.6
Severity Score:: Medium
CVE:: 2024-31923

Plugin:: USPS Shipping for WooCommerce – Live Rates
Plugin Slug:: flexible-shipping-usps
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.9.3
Severity Score:: Medium
CVE:: 2024-31943

Plugin:: Login with phone number
Plugin Slug:: login-with-phone-number
Installations: 1,000+
Vulnerability:: Privilege Escalation
Patched in Version:: 1.7.17
Severity Score:: High
CVE:: 2024-32507

Plugin:: Login with phone number
Plugin Slug:: login-with-phone-number
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.6.94
Severity Score:: High
CVE:: 2024-31424

Plugin:: MihanPanel – User Login , Registration and Dashboard
Plugin Slug:: mihanpanel-lite
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 12.7
Severity Score:: Medium
CVE:: 2024-31389

Plugin:: Netgsm
Plugin Slug:: netgsm
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.9
Severity Score:: High
CVE:: 2024-32544

Plugin:: No-Bot Registration
Plugin Slug:: no-bot-registration
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.0
Severity Score:: Medium
CVE:: 2024-31372

Plugin:: Novelist
Plugin Slug:: novelist
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.2.3
Severity Score:: Medium
CVE:: 2024-32093

Plugin:: POEditor
Plugin Slug:: poeditor
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 0.9.9
Severity Score:: Medium
CVE:: 2024-32453

Plugin:: ReDi Restaurant Reservation
Plugin Slug:: redi-restaurant-reservation
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 24.0303
Severity Score:: Medium
CVE:: 2024-31385

Plugin:: Save as PDF Plugin by Pdfcrowd
Plugin Slug:: save-as-pdf-by-pdfcrowd
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.2
Severity Score:: Medium
CVE:: 2024-31930

Plugin:: WordPress Tour & Travel Booking Plugin for WooCommerce – WpTravelly
Plugin Slug:: tour-booking-manager
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.6.1
Severity Score:: Medium
CVE:: 2024-32450

Plugin:: Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider
Plugin Slug:: ultimate-store-kit
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.0
Severity Score:: Medium
CVE:: 2024-31357

Plugin:: TWIPLA (Visitor Analytics IO) – Privacy-First Website Stats, Session Recordings, Heatmaps, Polls and Surveys
Plugin Slug:: visitor-analytics-io
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.0
Severity Score:: Medium
CVE:: 2024-31937

Plugin:: Multi Currency For WooCommerce
Plugin Slug:: wc-multi-currency
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.5.6
Severity Score:: Medium
CVE:: 2024-32516

Plugin:: WP Dynamic Keywords Injector
Plugin Slug:: wp-dynamic-keywords-injector
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.3.22
Severity Score:: High
CVE:: 2024-32528

Plugin:: MWW Disclaimer Buttons
Plugin Slug:: mww-disclaimer-buttons
Installations: 900+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2
Severity Score:: Medium
CVE:: 2024-32428

Plugin:: Siteimprove
Plugin Slug:: siteimprove
Installations: 900+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.0.7
Severity Score:: Medium
CVE:: 2024-32103

Plugin:: BMI Adult & Kid Calculator
Plugin Slug:: bmi-adultkid-calculator
Installations: 700+
Vulnerability:: Broken Access Control
Patched in Version:: 1.2.2
Severity Score:: High
CVE:: 2024-32550

Plugin:: Better Chat Support – Chat Bubble and Chat Button with Gutenberg, Elementor and Shortcode
Plugin Slug:: chat-help
Installations: 400+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.6.0
Severity Score:: Medium
CVE:: 2024-32110

Plugin:: Popup Like box – Page Plugin
Plugin Slug:: ays-facebook-popup-likebox
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.7.3
Severity Score:: Medium
CVE:: 2024-31387

Plugin:: Webinar Solution: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition
Plugin Slug:: webinar-ignition
Installations: 200+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.06.0
Severity Score:: Medium
CVE:: 2024-32445

Plugin:: F4 Improvements
Plugin Slug:: f4-improvements
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8.1
Severity Score:: Medium
CVE:: 2024-31925

Plugin:: WP2LEADS | WordPress und KlickTipp einfach verbinden – WooCommerce und KlickTipp einfach verbinden
Plugin Slug:: wp2leads
Installations: 100+
Vulnerability:: Broken Access Control
Patched in Version:: 3.2.8
Severity Score:: Medium
CVE:: 2024-31375

Plugin:: NPS computy
Plugin Slug:: nps-computy
Installations: 80+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.7.6
Severity Score:: Medium
CVE:: 2024-1755

Plugin:: NPS computy
Plugin Slug:: nps-computy
Installations: 80+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.7.6
Severity Score:: Medium
CVE:: 2024-1754

Plugin:: Save as Image Plugin by Pdfcrowd
Plugin Slug:: save-as-image-by-pdfcrowd
Installations: 50+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.2
Severity Score:: Medium
CVE:: 2024-31931

Plugin:: 5 star review funnel for Google Reviews, Trustpilot, ProvenExpert and more | RRatingg
Plugin Slug:: 5-stars-rating-funnel
Installations: 40+
Vulnerability:: Arbitrary Content Deletion
Patched in Version:: 1.3.02
Severity Score:: High
CVE:: 2024-31358

Plugin:: AffiEasy
Plugin Slug:: affieasy
Installations: 30+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.1.6
Severity Score:: Medium
CVE:: 2024-32435

Plugin:: AWP Classifieds
Plugin Slug:: another-wordpress-classifieds-plugin
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 4.3.2
Severity Score:: Medium
CVE:: 2024-32447

Plugin:: BWL Advanced FAQ Manager
Plugin Slug:: bwl-advanced-faq-manager
Vulnerability:: SQL Injection
Patched in Version:: 2.0.4
Severity Score:: High
CVE:: 2024-32136

Plugin:: Calendarista Basic Edition
Plugin Slug:: calendarista-basic-edition
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.0.3
Severity Score:: Medium
CVE:: 2024-31942

Plugin:: Digital Publications by Supsystic
Plugin Slug:: digital-publications-by-supsystic
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.7.8
Severity Score:: Medium
CVE:: 2024-32089

Plugin:: Essential Grid
Plugin Slug:: essential-grid
Vulnerability:: Broken Access Control
Patched in Version:: 3.1.2
Severity Score:: Medium
CVE:: 2024-3235

Plugin:: Fancy Product Designer
Plugin Slug:: fancy-product-designer
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.1.81
Severity Score:: Medium
CVE:: 2024-0902

Plugin:: WPBakery Page Builder
Plugin Slug:: js_composer
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.6
Severity Score:: Medium
CVE:: 2024-1840

Plugin:: WPBakery Page Builder
Plugin Slug:: js_composer
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.6
Severity Score:: Medium
CVE:: 2024-1805

Plugin:: RestroPress
Plugin Slug:: restropress
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.1.2.1
Severity Score:: Medium
CVE:: 2024-32449

Plugin:: Slider Revolution
Plugin Slug:: revslider
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.7.0
Severity Score:: Medium
CVE:: 2024-2306

Plugin:: Table & Contact Form 7 Database – Tablesome
Plugin Slug:: tablesome
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.0.26
Severity Score:: Medium
CVE:: 2024-31388

Plugin:: WooCommerce Customers Manager
Plugin Slug:: woocommerce-customers-manager
Vulnerability:: SQL Injection
Patched in Version:: 29.7
Severity Score:: High
CVE:: 2024-0399

Plugin:: WP Cost Estimation & Payment Forms Builder
Plugin Slug:: wp-estimation-form
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 10.1.76
Severity Score:: High
CVE:: 2024-32510

Plugin:: WP Cost Estimation & Payment Forms Builder
Plugin Slug:: wp-estimation-form
Vulnerability:: Broken Access Control
Patched in Version:: 10.1.77
Severity Score:: Medium
CVE:: 2024-32509

Plugin:: WP Activity Log Premium
Plugin Slug:: wp-security-audit-log-premium
Vulnerability:: SQL Injection
Patched in Version:: 4.6.4.1
Severity Score:: High
CVE:: 2024-2018

Plugin:: WPB Show Core
Plugin Slug:: wpb-show-core
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.7
Severity Score:: High
CVE:: 2024-1956

Plugin:: WPB Show Core
Plugin Slug:: wpb-show-core
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6
Severity Score:: High
CVE:: 2024-1292

WordPress Themes — 19 Patched / 7 Unpatched

Theme:: Decode
Theme Slug:: decode
Downloads: 269,521
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-31386

Theme:: Gridsby
Theme Slug:: gridsby
Downloads: 288,716
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-31386

Theme:: GuCherry Blog
Theme Slug:: gucherry-blog
Downloads: 136,966
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-32531

Theme:: HappenStance
Theme Slug:: happenstance
Downloads: 134,390
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-31386

Theme:: i-excel
Theme Slug:: i-excel
Downloads: 262,257
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-31386

Theme:: i-max
Theme Slug:: i-max
Downloads: 270,530
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-31386

Theme:: Sensible WP
Theme Slug:: sensible-wp
Downloads: 277,690
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-31386

Theme:: Blocksy
Theme Slug:: blocksy
Downloads: 3,056,299
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.0.23
Severity Score:: Medium
CVE:: 2024-31382

Theme:: CityLogic
Theme Slug:: citylogic
Downloads: 292,720
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.1.30
Severity Score:: Medium
CVE:: 2024-31386

Theme:: Default Mag
Theme Slug:: default-mag
Downloads: 93,066
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.3.6
Severity Score:: Medium
CVE:: 2024-31386

Theme:: Emmet Lite
Theme Slug:: emmet-lite
Downloads: 104,881
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.7.8
Severity Score:: Medium
CVE:: 2024-31386

Theme:: Lightning
Theme Slug:: lightning
Downloads: 2,240,450
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 15.19.0
Severity Score:: Medium
CVE:: 2024-31386

Theme:: Namaha
Theme Slug:: namaha
Downloads: 63,477
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.0.41
Severity Score:: Medium
CVE:: 2024-31386

Theme:: NewsXpress
Theme Slug:: newsxpress
Downloads: 11,096
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.0.8
Severity Score:: Medium
CVE:: 2024-31938

Theme:: Panoramic
Theme Slug:: panoramic
Downloads: 614,830
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.1.57
Severity Score:: Medium
CVE:: 2024-31386

Theme:: PopularFX
Theme Slug:: popularfx
Downloads: 773,374
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.2.5
Severity Score:: Medium
CVE:: 2024-31383

Theme:: Sarada Lite
Theme Slug:: sarada-lite
Downloads: 86,466
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.1.3
Severity Score:: Medium
CVE:: 2024-31429

Theme:: Shopstar!
Theme Slug:: shopstar
Downloads: 286,946
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.1.34
Severity Score:: Medium
CVE:: 2024-31386

Theme:: Sliding Door
Theme Slug:: sliding-door
Downloads: 537,017
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.4
Severity Score:: Medium
CVE:: 2024-31386

Theme:: Spa and Salon
Theme Slug:: spa-and-salon
Downloads: 155,971
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.2.8
Severity Score:: Medium
CVE:: 2024-31384

Theme:: Tainacan Interface
Theme Slug:: tainacan-interface
Downloads: 16,543
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.7.2
Severity Score:: High
CVE:: 2024-3867

Theme:: The Conference
Theme Slug:: the-conference
Downloads: 52,521
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.2.1
Severity Score:: Medium
CVE:: 2024-31428

Theme:: X-T9
Theme Slug:: x-t9
Downloads: 30,187
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.19.1
Severity Score:: Medium
CVE:: 2024-31386

Theme:: Soledad
Theme Slug:: soledad
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 8.4.6
Severity Score:: Medium
CVE:: 2024-31369

Theme:: Soledad
Theme Slug:: soledad
Vulnerability:: Broken Access Control
Patched in Version:: 8.4.6
Severity Score:: Medium
CVE:: 2024-31368

Theme:: Soledad
Theme Slug:: soledad
Vulnerability:: Broken Access Control
Patched in Version:: 8.4.6
Severity Score:: High
CVE:: 2024-31367

Solid Security is part of Solid Suite — The best foundation for WordPress websites.

Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!

Get Solid Security

Author:

Sarah Ulmer

Sarah has been with SolidWP since 2015. As our product marketer, Sarah works on providing helpful content for our customers and building the most beautiful spreadsheets you’ll ever behold. When not at work, Sarah can be found at home with her husband, their three boys, and their dogs. Sarah enjoys long family walks, running with her lab, and watching her two older boys play soccer. Sarah is originally from Texas and loves watching football games (Go Longhorns!)

Browse all of Sarah's articles

Sign up

Placeholder text

Thanks

Oops something went wrong, please try submitting again

Table of Contents

WordPress Core

WordPress Plugins — 234 Patched / 81 Unpatched