WordPress Vulnerability Report — April 17, 2024
Since last week, 342 new vulnerabilities emerged in the WordPress ecosystem, including 1 in WordPress core, 26 in themes, and 315 in plugins. 88 of the vulnerable plugins and themes remain unpatched, but Solid Security Pro users are protected by virtual patching from Patchstack.
In this report, 342 vulnerabilities have been publicly disclosed. Security patches for 254 of these plugins, themes, and Core are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.
Additionally, there are 88 plugin and theme vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.
WordPress Core
WordPress 6.5.2 was released on April 9, 2024, as a short-cycle security and maintenance release. This release features 2 bug fixes on Core, 12 bug fixes for the Block editor, and 1 security fix. Because this is a security release, it is recommended that you update your sites immediately.
The next major release will be version 6.6 planned for July 16, 2024.
WordPress Core
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 6.5.2
- Severity Score:
- Medium
WordPress Plugins — 234 Patched / 81 Unpatched
Product Feed PRO for WooCommerce
- Plugin:
- Product Feed PRO for WooCommerce
- Plugin Slug:
- woo-product-feed-pro
- Installations
- 90,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-32513
What’s New Generator
- Plugin:
- What’s New Generator
- Plugin Slug:
- whats-new-genarator
- Installations
- 40,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-32548
Zero Spam for WordPress
- Plugin:
- Zero Spam for WordPress
- Plugin Slug:
- zero-spam
- Installations
- 30,000+
- Vulnerability:
- Bypass Vulnerability
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-32521
Jotform Online Forms – Drag & Drop Form Builder, Securely Embed Contact Forms
- Plugin Slug:
- embed-form
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-32527
Subscribe2 – Form, Email Subscribers & Newsletters
- Plugin Slug:
- subscribe2
- Installations
- 20,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-32110
Leadinfo
- Plugin:
- Leadinfo
- Plugin Slug:
- leadinfo
- Installations
- 5,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-32112
PeproDev Ultimate Invoice
- Plugin:
- PeproDev Ultimate Invoice
- Plugin Slug:
- pepro-ultimate-invoice
- Installations
- 3,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-32518
Sync Post With Other Site
- Plugin:
- Sync Post With Other Site
- Plugin Slug:
- sync-post-with-other-site
- Installations
- 3,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-32082
Easy Textillate
- Plugin:
- Easy Textillate
- Plugin Slug:
- easy-textillate
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-32526
WP Poll Maker – Best WordPress Poll Plugin for Voting Contest
- Plugin Slug:
- epoll-wp-voting
- Installations
- 1,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2024-32514
Yoga Schedule Momoyoga
- Plugin:
- Yoga Schedule Momoyoga
- Plugin Slug:
- momoyoga-integration
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-32529
Simple Buttons Creator
- Plugin:
- Simple Buttons Creator
- Plugin Slug:
- simple-buttons-creator
- Installations
- 30+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-2858
Simple Buttons Creator
- Plugin:
- Simple Buttons Creator
- Plugin Slug:
- simple-buttons-creator
- Installations
- 30+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-2857
MM-email2image
- Plugin:
- MM-email2image
- Plugin Slug:
- mm-email2image
- Installations
- 20+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-3076
MM-email2image
- Plugin:
- MM-email2image
- Plugin Slug:
- mm-email2image
- Installations
- 20+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-3075
Bannerlid
Access Category Password
- Plugin:
- Access Category Password
- Plugin Slug:
- access-category-password
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-32535
Ads.txt Admin
- Plugin:
- Ads.txt Admin
- Plugin Slug:
- ads-txt-admin
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-32448
Advanced Search
- Plugin:
- Advanced Search
- Plugin Slug:
- advance-search
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-2739
Advanced Page Visit Counter
- Plugin:
- Advanced Page Visit Counter
- Plugin Slug:
- advanced-page-visit-counter
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-32098
Advanced Post Block – Post Grid for WordPress block editor
- Plugin:
- Advanced Post Block – Post Grid for WordPress block editor
- Plugin Slug:
- advanced-post-block
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-0908
AIKit
- Plugin:
- AIKit
- Plugin Slug:
- aikit-wordpress-ai-writing-assistant-using-gpt3
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-31370
Aspose.Words Exporter
- Plugin:
- Aspose.Words Exporter
- Plugin Slug:
- aspose-doc-exporter
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-32146
Shortcodes and extra features for Phlox theme
- Plugin:
- Shortcodes and extra features for Phlox theme
- Plugin Slug:
- auxin-elements
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2023-7064
Shortcodes and extra features for Phlox theme
- Plugin:
- Shortcodes and extra features for Phlox theme
- Plugin Slug:
- auxin-elements
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-3517
Before And After
- Plugin:
- Before And After
- Plugin Slug:
- before-and-after
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-32084
bizcalendar-web
- Plugin:
- bizcalendar-web
- Plugin Slug:
- bizcalendar-web
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-1780
Bulk Block Converter
- Plugin:
- Bulk Block Converter
- Plugin Slug:
- bulk-block-converter
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-32542
Canva – Design beautiful blog graphics
- Plugin:
- Canva – Design beautiful blog graphics
- Plugin Slug:
- canva
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-32545
CBX Bookmark & Favorite
- Plugin:
- CBX Bookmark & Favorite
- Plugin Slug:
- cbxwpbookmark
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-32132
Citadela Listing
- Plugin:
- Citadela Listing
- Plugin Slug:
- citadela-directory
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-32086
Citadela Listing
- Plugin:
- Citadela Listing
- Plugin Slug:
- citadela-directory
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-32085
Convert Post Types
- Plugin:
- Convert Post Types
- Plugin Slug:
- convert-post-types
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-32108
Crony Cronjob Manager
- Plugin:
- Crony Cronjob Manager
- Plugin Slug:
- crony
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-32102
Custom Order Statuses for WooCommerce
- Plugin:
- Custom Order Statuses for WooCommerce
- Plugin Slug:
- custom-order-statuses-for-woocommerce
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-32524
Customily Product Personalizer
- Plugin:
- Customily Product Personalizer
- Plugin Slug:
- customily-v2
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-1774
Delete Custom Fields
- Plugin:
- Delete Custom Fields
- Plugin Slug:
- delete-custom-fields
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-0613
Disable Comments | WPZest
- Plugin:
- Disable Comments | WPZest
- Plugin Slug:
- disable-comments-wpz
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-32135
Easy CountDowner
- Plugin:
- Easy CountDowner
- Plugin Slug:
- easy-countdowner
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-32538
Easy Logo
- Plugin:
- Easy Logo
- Plugin Slug:
- easylogo
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-32083
EZ Form Calculator
- Plugin:
- EZ Form Calculator
- Plugin Slug:
- ez-form-calculator
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-32133
Filter Custom Fields & Taxonomies Light
- Plugin:
- Filter Custom Fields & Taxonomies Light
- Plugin Slug:
- filter-custom-fields-taxonomies-light
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-32081
Find Duplicates
- Plugin:
- Find Duplicates
- Plugin Slug:
- find-duplicates
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-32127
Fixed HTML Toolbar
- Plugin:
- Fixed HTML Toolbar
- Plugin Slug:
- fixed-html-toolbar
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-32540
Flash Video Player
- Plugin:
- Flash Video Player
- Plugin Slug:
- flash-video-player
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-32537
Font Farsi
- Plugin:
- Font Farsi
- Plugin Slug:
- font-farsi
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-1752
Forms to Zapier, Integromat, IFTTT, Workato, Automate.io, elastic.io, Built.io, APIANT, Webhook
- Plugin:
- Forms to Zapier, Integromat, IFTTT, Workato, Automate.io, elastic.io, Built.io, APIANT, Webhook
- Plugin Slug:
- forms-to-zapier
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-32134
Freshdesk (official)
- Plugin:
- Freshdesk (official)
- Plugin Slug:
- freshdesk-support
- Vulnerability:
- Open Redirection
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-32129
Kimili Flash Embed
- Plugin:
- Kimili Flash Embed
- Plugin Slug:
- kimili-flash-embed
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-32092
Contact Form & Lead Form Elementor Builder
- Plugin:
- Contact Form & Lead Form Elementor Builder
- Plugin Slug:
- lead-form-builder
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-1416
Contact Form & Lead Form Elementor Builder
- Plugin:
- Contact Form & Lead Form Elementor Builder
- Plugin Slug:
- lead-form-builder
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-1415
Libsyn Publisher Hub
- Plugin:
- Libsyn Publisher Hub
- Plugin Slug:
- libsyn-podcasting
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-32141
Libsyn Publisher Hub
- Plugin:
- Libsyn Publisher Hub
- Plugin Slug:
- libsyn-podcasting
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-32140
Related Posts for WordPress
- Plugin:
- Related Posts for WordPress
- Plugin Slug:
- microkids-related-posts
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-32549
MJ Update History
- Plugin:
- MJ Update History
- Plugin Slug:
- mj-update-history
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-32543
Ovic Addon Toolkit
- Plugin:
- Ovic Addon Toolkit
- Plugin Slug:
- ovic-addon-toolkit
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-32432
Payment Forms for Paystack
- Plugin:
- Payment Forms for Paystack
- Plugin Slug:
- payment-forms-for-paystack
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-32130
Product Feed on WooCommerce for Google
- Plugin:
- Product Feed on WooCommerce for Google
- Plugin Slug:
- purple-xmls-google-product-feed-for-woocommerce
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-32087
Code Insert Manager (Q2W3 Inc Manager)
- Plugin:
- Code Insert Manager (Q2W3 Inc Manager)
- Plugin Slug:
- q2w3-inc-manager
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-32547
Realtyna Organic IDX plugin
- Plugin:
- Realtyna Organic IDX plugin
- Plugin Slug:
- real-estate-listing-realtyna-wpl
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2024-32128
Sangar Slider
- Plugin:
- Sangar Slider
- Plugin Slug:
- sangar-slider-lite
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-32091
Shopkeeper Extender
- Plugin:
- Shopkeeper Extender
- Plugin Slug:
- shopkeeper-extender
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-2801
WP Matterport Shortcode
- Plugin:
- WP Matterport Shortcode
- Plugin Slug:
- shortcode-gallery-for-matterport-showcase
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-32109
Short URL
- Plugin:
- Short URL
- Plugin Slug:
- shorten-url
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-32138
Simple Testimonials Showcase
- Plugin:
- Simple Testimonials Showcase
- Plugin Slug:
- simple-testimonials-showcase
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-32530
Tax Rate Upload
- Plugin:
- Tax Rate Upload
- Plugin Slug:
- tax-rate-upload
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-32546
Post Type Builder (PTB)
- Plugin:
- Post Type Builder (PTB)
- Plugin Slug:
- themify-ptb
- Vulnerability:
- Content Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-31366
Post Type Builder (PTB)
- Plugin:
- Post Type Builder (PTB)
- Plugin Slug:
- themify-ptb
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-31365
Mega Addons For Elementor
- Plugin:
- Mega Addons For Elementor
- Plugin Slug:
- ultimate-addons-for-elementor
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-32515
User Activity Log Pro
- Plugin:
- User Activity Log Pro
- Plugin Slug:
- user-activity-log-pro
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-32137
Appointment Bookings for Zoom GoogleMeet and more – Wappointment
- Plugin:
- Appointment Bookings for Zoom GoogleMeet and more – Wappointment
- Plugin Slug:
- wappointment
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-32454
WidgetKit
- Plugin:
- WidgetKit
- Plugin Slug:
- widgetkit-for-elementor
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-2137
2Checkout Payment Gateway for WooCommerce
- Plugin:
- 2Checkout Payment Gateway for WooCommerce
- Plugin Slug:
- woocommerce-2checkout-payment
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-0629
Simple Registration for WooCommerce
- Plugin:
- Simple Registration for WooCommerce
- Plugin Slug:
- woocommerce-simple-registration
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2024-32511
WP-Cufon
- Plugin:
- WP-Cufon
- Plugin Slug:
- wp-cufon
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-32541
WP File Download Light
- Plugin:
- WP File Download Light
- Plugin Slug:
- wp-file-download-light
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-32539
WP Radio – Worldwide Online Radio Stations Directory for WordPress
- Plugin:
- WP Radio – Worldwide Online Radio Stations Directory for WordPress
- Plugin Slug:
- wp-radio
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-1042
WP Radio – Worldwide Online Radio Stations Directory for WordPress
- Plugin:
- WP Radio – Worldwide Online Radio Stations Directory for WordPress
- Plugin Slug:
- wp-radio
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-1041
Search Keyword Redirect
- Plugin:
- Search Keyword Redirect
- Plugin Slug:
- wp-search-keyword-redirect
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-32080
WP TradingView
- Plugin:
- WP TradingView
- Plugin Slug:
- wp-tradingview
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-32536
WP User Profile Avatar
- Plugin:
- WP User Profile Avatar
- Plugin Slug:
- wp-user-profile-avatar
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-6067
WooCommerce
- Plugin:
- WooCommerce
- Plugin Slug:
- woocommerce
- Installations
- 5,000,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 8.6
- Severity Score:
- Medium
- CVE:
- 2024-1310
ElementsKit Elementor addons
- Plugin:
- ElementsKit Elementor addons
- Plugin Slug:
- elementskit-lite
- Installations
- 1,000,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.0.7
- Severity Score:
- Medium
- CVE:
- 2024-32505
EWWW Image Optimizer
- Plugin:
- EWWW Image Optimizer
- Plugin Slug:
- ewww-image-optimizer
- Installations
- 1,000,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 7.3.0
- Severity Score:
- Medium
- CVE:
- 2024-31924
Speed Optimizer – The All-In-One WordPress Performance-Boosting Plugin
- Plugin Slug:
- sg-cachepress
- Installations
- 1,000,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 7.5.0
- Severity Score:
- Medium
- CVE:
- 2024-32532
Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode
- Plugin Slug:
- coming-soon
- Installations
- 900,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 6.15.21
- Severity Score:
- Medium
- CVE:
- 2024-32088
Smart Slider 3
- Plugin:
- Smart Slider 3
- Plugin Slug:
- smart-slider-3
- Installations
- 900,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.5.1.23
- Severity Score:
- Medium
- CVE:
- 2024-3027
Meta Box – WordPress Custom Fields Framework
- Plugin Slug:
- meta-box
- Installations
- 700,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 5.9.4
- Severity Score:
- Medium
- CVE:
- 2024-1204
Ocean Extra
- Plugin:
- Ocean Extra
- Plugin Slug:
- ocean-extra
- Installations
- 700,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.2.7
- Severity Score:
- Medium
- CVE:
- 2024-3167
Premium Addons for Elementor
- Plugin:
- Premium Addons for Elementor
- Plugin Slug:
- premium-addons-for-elementor
- Installations
- 700,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.10.28
- Severity Score:
- Medium
- CVE:
- 2024-2665
Premium Addons for Elementor
- Plugin:
- Premium Addons for Elementor
- Plugin Slug:
- premium-addons-for-elementor
- Installations
- 700,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.10.25
- Severity Score:
- Medium
- CVE:
- 2024-2664
Premium Addons for Elementor
- Plugin:
- Premium Addons for Elementor
- Plugin Slug:
- premium-addons-for-elementor
- Installations
- 700,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.10.25
- Severity Score:
- Medium
- CVE:
- 2024-2666
Premium Addons for Elementor
- Plugin:
- Premium Addons for Elementor
- Plugin Slug:
- premium-addons-for-elementor
- Installations
- 700,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.10.17
- Severity Score:
- Medium
- CVE:
- 2024-0376
The Events Calendar
- Plugin:
- The Events Calendar
- Plugin Slug:
- the-events-calendar
- Installations
- 700,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 6.3.1
- Severity Score:
- Medium
- CVE:
- 2024-31433
BackWPup – WordPress Backup Plugin
- Plugin Slug:
- backwpup
- Installations
- 600,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 4.0.4
- Severity Score:
- Medium
- CVE:
- 2023-7164
Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Slideshows
- Plugin Slug:
- ml-slider
- Installations
- 600,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.70.1
- Severity Score:
- Medium
- CVE:
- 2024-3285
WP Shortcodes Plugin — Shortcodes Ultimate
- Plugin Slug:
- shortcodes-ultimate
- Installations
- 600,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 7.0.5
- Severity Score:
- Medium
- CVE:
- 2024-2583
Forminator – Contact Form, Payment Form & Custom Form Builder
- Plugin Slug:
- forminator
- Installations
- 500,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.29.3
- Severity Score:
- Medium
- CVE:
- 2024-3053
WordPress Gallery Plugin – NextGEN Gallery
- Plugin Slug:
- nextgen-gallery
- Installations
- 500,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.59.1
- Severity Score:
- Medium
- CVE:
- 2024-3097
Gutenberg Blocks by Kadence Blocks – Page Builder Features
- Plugin Slug:
- kadence-blocks
- Installations
- 400,000+
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- 3.2.12
- Severity Score:
- High
- CVE:
- 2023-6964
WP Go Maps (formerly WP Google Maps)
- Plugin Slug:
- wp-google-maps
- Installations
- 400,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 9.0.35
- Severity Score:
- Medium
- CVE:
- 2023-6777
Migration, Backup, Staging – WPvivid
- Plugin Slug:
- wpvivid-backuprestore
- Installations
- 400,000+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 0.9.100
- Severity Score:
- Medium
- CVE:
- 2024-3054
Favicon by RealFaviconGenerator
- Plugin:
- Favicon by RealFaviconGenerator
- Plugin Slug:
- favicon-by-realfavicongenerator
- Installations
- 300,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.3.30
- Severity Score:
- Medium
- CVE:
- 2024-31422
Gutenberg
- Plugin:
- Gutenberg
- Plugin Slug:
- gutenberg
- Installations
- 300,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 18.1.0
- Severity Score:
- Medium
Newsletter – Send awesome emails from WordPress
- Plugin Slug:
- newsletter
- Installations
- 300,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 8.0.7
- Severity Score:
- Medium
- CVE:
- 2024-31434
Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE
- Plugin Slug:
- otter-blocks
- Installations
- 300,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.6.9
- Severity Score:
- Medium
- CVE:
- 2024-3343
Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE
- Plugin Slug:
- otter-blocks
- Installations
- 300,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.6.9
- Severity Score:
- Medium
- CVE:
- 2024-3344
Blocksy Companion
- Plugin:
- Blocksy Companion
- Plugin Slug:
- blocksy-companion
- Installations
- 200,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.0.29
- Severity Score:
- Medium
- CVE:
- 2024-31932
Smash Balloon Social Post Feed
- Plugin:
- Smash Balloon Social Post Feed
- Plugin Slug:
- custom-facebook-feed
- Installations
- 200,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 4.2.2
- Severity Score:
- Medium
- CVE:
- 2024-31379
Photo Gallery by 10Web – Mobile-Friendly Image Gallery
- Plugin Slug:
- photo-gallery
- Installations
- 200,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.8.22
- Severity Score:
- Medium
- CVE:
- 2024-2296
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin
- Plugin Slug:
- ultimate-member
- Installations
- 200,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.8.5
- Severity Score:
- Medium
- CVE:
- 2024-2765
Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress
- Plugin Slug:
- wp-user-avatar
- Installations
- 200,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.15.5
- Severity Score:
- Medium
- CVE:
- 2024-2867
Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress
- Plugin Slug:
- wp-user-avatar
- Installations
- 200,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.15.6
- Severity Score:
- Medium
- CVE:
- 2024-3210
Ivory Search – WordPress Search Plugin
- Plugin Slug:
- add-search-to-menu
- Installations
- 100,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 5.5.6
- Severity Score:
- Medium
- CVE:
- 2024-3233
Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)
- Plugin Slug:
- bdthemes-element-pack-lite
- Installations
- 100,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 5.6.0
- Severity Score:
- Medium
- CVE:
- 2024-2966
Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)
- Plugin Slug:
- bdthemes-element-pack-lite
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.5.4
- Severity Score:
- Medium
- CVE:
- 2024-1428
Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)
- Plugin Slug:
- bdthemes-element-pack-lite
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.3.3
- Severity Score:
- Medium
- CVE:
- 2024-0837
Download Manager
- Plugin:
- Download Manager
- Plugin Slug:
- download-manager
- Installations
- 100,000+
- Vulnerability:
- Bypass Vulnerability
- Patched in Version:
- 3.2.83
- Severity Score:
- Medium
- CVE:
- 2024-32131
Best WordPress Gallery Plugin – FooGallery
- Plugin Slug:
- foogallery
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.4.15
- Severity Score:
- Medium
- CVE:
- 2024-2471
GiveWP – Donation Plugin and Fundraising Platform
- Plugin Slug:
- give
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.7.0
- Severity Score:
- Medium
- CVE:
- 2024-1957
Inline Related Posts
- Plugin:
- Inline Related Posts
- Plugin Slug:
- intelly-related-posts
- Installations
- 100,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.6.0
- Severity Score:
- Medium
- CVE:
- 2023-6257
Inline Related Posts
- Plugin:
- Inline Related Posts
- Plugin Slug:
- intelly-related-posts
- Installations
- 100,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 3.4.0
- Severity Score:
- Medium
- CVE:
- 2024-31426
Inline Related Posts
- Plugin:
- Inline Related Posts
- Plugin Slug:
- intelly-related-posts
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.5.0
- Severity Score:
- Medium
- CVE:
- 2024-2444
Import any XML or CSV File to WordPress
- Plugin Slug:
- wp-all-import
- Installations
- 100,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 3.7.4
- Severity Score:
- Medium
- CVE:
- 2024-31939
Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce
- Plugin Slug:
- email-subscribers
- Installations
- 90,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 5.7.15
- Severity Score:
- Critical
- CVE:
- 2024-2876
Enhanced Media Library
- Plugin:
- Enhanced Media Library
- Plugin Slug:
- enhanced-media-library
- Installations
- 90,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.8.10
- Severity Score:
- Medium
- CVE:
- 2024-2840
Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions
- Plugin Slug:
- paid-memberships-pro
- Installations
- 90,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 3.0.2
- Severity Score:
- Medium
- CVE:
- 2024-3215
Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions
- Plugin Slug:
- paid-memberships-pro
- Installations
- 90,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 3.0
- Severity Score:
- Medium
- CVE:
- 2024-0588
Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions
- Plugin Slug:
- paid-memberships-pro
- Installations
- 90,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 3.0
- Severity Score:
- Medium
- CVE:
- 2024-0588
Remove Footer Credit
- Plugin:
- Remove Footer Credit
- Plugin Slug:
- remove-footer-credit
- Installations
- 90,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.0.14
- Severity Score:
- Medium
- CVE:
- 2024-32429
WPZOOM Social Feed Widget & Block
- Plugin Slug:
- instagram-widget-by-wpzoom
- Installations
- 80,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.1.14
- Severity Score:
- Medium
- CVE:
- 2024-3662
Real Media Library: Media Library Folder & File Manager
- Plugin Slug:
- real-media-library-lite
- Installations
- 80,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.22.12
- Severity Score:
- Medium
- CVE:
- 2024-2328
Sydney Toolbox
- Plugin:
- Sydney Toolbox
- Plugin Slug:
- sydney-toolbox
- Installations
- 80,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.29
- Severity Score:
- Medium
- CVE:
- 2024-3208
Theme My Login
- Plugin:
- Theme My Login
- Plugin Slug:
- theme-my-login
- Installations
- 80,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 7.1.7
- Severity Score:
- Medium
- CVE:
- 2024-32525
Clone
- Plugin:
- Clone
- Plugin Slug:
- wp-clone-by-wp-academy
- Installations
- 80,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.4.4
- Severity Score:
- Medium
- CVE:
- 2024-31435
BoldGrid Easy SEO – Simple and Effective SEO
- Plugin Slug:
- boldgrid-easy-seo
- Installations
- 70,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 1.6.15
- Severity Score:
- Medium
- CVE:
- 2024-2950
User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin
- Plugin Slug:
- user-registration
- Installations
- 70,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.2.0
- Severity Score:
- Medium
- CVE:
- 2024-3295
ActiveCampaign – Forms, Site Tracking, Live Chat
- Plugin Slug:
- activecampaign-subscription-forms
- Installations
- 60,000+
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- 8.1.15
- Severity Score:
- Medium
- CVE:
- 2024-32430
Elementor Addons by Livemesh
- Plugin:
- Elementor Addons by Livemesh
- Plugin Slug:
- addons-for-elementor
- Installations
- 60,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 8.3.7
- Severity Score:
- Medium
- CVE:
- 2024-2539
Elementor Addons by Livemesh
- Plugin:
- Elementor Addons by Livemesh
- Plugin Slug:
- addons-for-elementor
- Installations
- 60,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 8.3.7
- Severity Score:
- Medium
- CVE:
- 2024-2655
Advanced iFrame
- Plugin:
- Advanced iFrame
- Plugin Slug:
- advanced-iframe
- Installations
- 60,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2024.3
- Severity Score:
- Medium
- CVE:
- 2024-32079
Booking for Appointments and Events Calendar – Amelia
- Plugin Slug:
- ameliabooking
- Installations
- 60,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.0.96
- Severity Score:
- Medium
- CVE:
- 2024-31425
Customer Reviews for WooCommerce
- Plugin:
- Customer Reviews for WooCommerce
- Plugin Slug:
- customer-reviews-woocommerce
- Installations
- 60,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 5.47.0
- Severity Score:
- Medium
- CVE:
- 2024-3243
Exclusive Addons for Elementor
- Plugin:
- Exclusive Addons for Elementor
- Plugin Slug:
- exclusive-addons-for-elementor
- Installations
- 60,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.6.9.1
- Severity Score:
- Medium
- CVE:
- 2024-32110
Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder
- Plugin Slug:
- form-maker
- Installations
- 60,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.15.24
- Severity Score:
- Medium
- CVE:
- 2024-32534
Redirection
- Plugin:
- Redirection
- Plugin Slug:
- redirect-redirection
- Installations
- 60,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.2.0
- Severity Score:
- Medium
- CVE:
- 2024-31435
Spotlight Social Feeds [Block, Shortcode, and Widget]
- Plugin Slug:
- spotlight-social-photo-feeds
- Installations
- 60,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.6.11
- Severity Score:
- Medium
- CVE:
- 2024-31381
WPC Smart Quick View for WooCommerce
- Plugin Slug:
- woo-smart-quick-view
- Installations
- 60,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.0.3
- Severity Score:
- Medium
- CVE:
- 2023-6494
Carousel, Slider, Gallery by WP Carousel – Image Carousel & Photo Gallery, Post Carousel & Post Grid, Product Carousel & Product Grid for WooCommerce
- Plugin Slug:
- wp-carousel-free
- Installations
- 60,000+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 2.6.4
- Severity Score:
- High
- CVE:
- 2024-3020
Carousel, Slider, Gallery by WP Carousel – Image Carousel & Photo Gallery, Post Carousel & Post Grid, Product Carousel & Product Grid for WooCommerce
- Plugin Slug:
- wp-carousel-free
- Installations
- 60,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.6.4
- Severity Score:
- Medium
- CVE:
- 2024-2949
WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to Force HTTPS, Security+
- Plugin:
- WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to Force HTTPS, Security+
- Plugin Slug:
- wp-letsencrypt-ssl
- Installations
- 60,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 7.1.0
- Severity Score:
- High
- CVE:
- 2023-7046
Bold Page Builder
- Plugin:
- Bold Page Builder
- Plugin Slug:
- bold-page-builder
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.8.9
- Severity Score:
- Medium
- CVE:
- 2024-2734
Bold Page Builder
- Plugin:
- Bold Page Builder
- Plugin Slug:
- bold-page-builder
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.8.9
- Severity Score:
- Medium
- CVE:
- 2024-2735
Bold Page Builder
- Plugin:
- Bold Page Builder
- Plugin Slug:
- bold-page-builder
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.8.9
- Severity Score:
- Medium
- CVE:
- 2024-2736
Bold Page Builder
- Plugin:
- Bold Page Builder
- Plugin Slug:
- bold-page-builder
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.8.9
- Severity Score:
- Medium
- CVE:
- 2024-2733
Bold Page Builder
- Plugin:
- Bold Page Builder
- Plugin Slug:
- bold-page-builder
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.8.9
- Severity Score:
- Medium
- CVE:
- 2024-3267
FancyBox for WordPress
- Plugin:
- FancyBox for WordPress
- Plugin Slug:
- fancybox-for-wordpress
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.3.4
- Severity Score:
- Medium
- CVE:
- 2024-0662
RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator
- Plugin:
- RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator
- Plugin Slug:
- feedzy-rss-feeds
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.3.4
- Severity Score:
- Medium
- CVE:
- 2023-6877
WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels
- Plugin Slug:
- print-invoices-packing-slip-labels-for-woocommerce
- Installations
- 50,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.4.3
- Severity Score:
- Medium
- CVE:
- 2024-3216
Carousel Slider
- Plugin:
- Carousel Slider
- Plugin Slug:
- carousel-slider
- Installations
- 40,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.2.7
- Severity Score:
- Medium
- CVE:
- 2024-1712
Carousel Slider
- Plugin:
- Carousel Slider
- Plugin Slug:
- carousel-slider
- Installations
- 40,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.2.10
- Severity Score:
- Medium
- CVE:
- 2024-3703
DethemeKit For Elementor
- Plugin:
- DethemeKit For Elementor
- Plugin Slug:
- dethemekit-for-elementor
- Installations
- 40,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.1.0
- Severity Score:
- Medium
- CVE:
- 2024-32508
Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks
- Plugin:
- Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks
- Plugin Slug:
- post-grid
- Installations
- 40,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.2.76
- Severity Score:
- Medium
- CVE:
- 2024-0881
Advanced Cron Manager – debug & control
- Plugin Slug:
- advanced-cron-manager
- Installations
- 30,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.5.3
- Severity Score:
- Medium
- CVE:
- 2024-31926
FV Flowplayer Video Player
- Plugin:
- FV Flowplayer Video Player
- Plugin Slug:
- fv-wordpress-flowplayer
- Installations
- 30,000+
- Vulnerability:
- Unvalidated Redirects and Forwards
- Patched in Version:
- 7.5.45.7212
- Severity Score:
- Medium
- CVE:
- 2024-32078
Link Whisper Free
- Plugin:
- Link Whisper Free
- Plugin Slug:
- link-whisper
- Installations
- 30,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 0.7.0
- Severity Score:
- Medium
- CVE:
- 2024-31934
Login With Ajax – Fast Logins, 2FA, Redirects
- Plugin Slug:
- login-with-ajax
- Installations
- 30,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 4.2
- Severity Score:
- Medium
- CVE:
- 2024-30546
Social Share, Social Login and Social Comments Plugin – Super Socializer
- Plugin Slug:
- super-socializer
- Installations
- 30,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 7.13.64
- Severity Score:
- Medium
- CVE:
- 2024-2836
Testimonial Slider
- Plugin:
- Testimonial Slider
- Plugin Slug:
- testimonial-slider-and-showcase
- Installations
- 30,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.3.8
- Severity Score:
- Medium
- CVE:
- 2024-1746
BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net
- Plugin Slug:
- woo-bulk-editor
- Installations
- 30,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.1.4.2
- Severity Score:
- Medium
- CVE:
- 2024-31430
WP Customer Reviews
- Plugin:
- WP Customer Reviews
- Plugin Slug:
- wp-customer-reviews
- Installations
- 30,000+
- Vulnerability:
- Unvalidated Redirects and Forwards
- Patched in Version:
- 3.7.1
- Severity Score:
- Medium
- CVE:
- 2024-1849
Ultimate Before After Image Slider & Gallery – BEAF
- Plugin Slug:
- beaf-before-and-after-gallery
- Installations
- 20,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 4.5.5
- Severity Score:
- Medium
- CVE:
- 2024-32433
Dashboard Welcome for Elementor
- Plugin:
- Dashboard Welcome for Elementor
- Plugin Slug:
- dashboard-welcome-for-elementor
- Installations
- 20,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.0.8
- Severity Score:
- Medium
- CVE:
- 2024-32110
Envo Extra
- Plugin:
- Envo Extra
- Plugin Slug:
- envo-extra
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.8.12
- Severity Score:
- Medium
- CVE:
- 2024-32456
Import Users from CSV
- Plugin:
- Import Users from CSV
- Plugin Slug:
- import-users-from-csv
- Installations
- 20,000+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 1.3
- Severity Score:
- Medium
- CVE:
- 2024-32431
IP2Location Country Blocker
- Plugin:
- IP2Location Country Blocker
- Plugin Slug:
- ip2location-country-blocker
- Installations
- 20,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.34.3
- Severity Score:
- Medium
- CVE:
- 2024-32443
MailChimp Forms by MailMunch
- Plugin:
- MailChimp Forms by MailMunch
- Plugin Slug:
- mailchimp-forms-by-mailmunch
- Installations
- 20,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 3.2.2
- Severity Score:
- Medium
- CVE:
- 2024-31378
Email Marketing for WooCommerce by Omnisend
- Plugin Slug:
- omnisend-connect
- Installations
- 20,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.14.4
- Severity Score:
- Medium
- CVE:
- 2024-32101
Powerkit – Supercharge your WordPress Site
- Plugin Slug:
- powerkit
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.9.2
- Severity Score:
- Medium
- CVE:
- 2024-2458
Top Bar
Top Bar
- Plugin:
- Top Bar
- Plugin Slug:
- top-bar
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.0.6
- Severity Score:
- Medium
- CVE:
- 2024-31928
Welcart e-Commerce
- Plugin:
- Welcart e-Commerce
- Plugin Slug:
- usc-e-shop
- Installations
- 20,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.10.0
- Severity Score:
- Medium
- CVE:
- 2024-32144
weForms – Easy Drag & Drop Contact Form Builder For WordPress
- Plugin Slug:
- weforms
- Installations
- 20,000+
- Vulnerability:
- Bypass Vulnerability
- Patched in Version:
- 1.6.21
- Severity Score:
- Medium
- CVE:
- 2024-32512
NextMove Lite – Thank You Page for WooCommerce
- Plugin Slug:
- woo-thank-you-page-nextmove-lite
- Installations
- 20,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.18.2
- Severity Score:
- Medium
- CVE:
- 2024-32104
WP Accessibility Helper (WAH)
- Plugin:
- WP Accessibility Helper (WAH)
- Plugin Slug:
- wp-accessibility-helper
- Installations
- 20,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 0.6.2.6
- Severity Score:
- Medium
- CVE:
- 2024-31423
Asgaros Forum
- Plugin:
- Asgaros Forum
- Plugin Slug:
- asgaros-forum
- Installations
- 10,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.9.0
- Severity Score:
- Medium
- CVE:
- 2024-32440
BA Book Everything
- Plugin:
- BA Book Everything
- Plugin Slug:
- ba-book-everything
- Installations
- 10,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 1.6.5
- Severity Score:
- High
- CVE:
- 2024-32125
bunny.net – WordPress CDN Plugin
- Plugin:
- bunny.net – WordPress CDN Plugin
- Plugin Slug:
- bunnycdn
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.0.2
- Severity Score:
- Medium
- CVE:
- 2024-31361
Language Translate Widget for WordPress – ConveyThis
- Plugin Slug:
- conveythis-translate
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 224
- Severity Score:
- High
- CVE:
- 2023-6811
E2Pdf – Export To Pdf Tool for WordPress
- Plugin Slug:
- e2pdf
- Installations
- 10,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.23.00
- Severity Score:
- Medium
- CVE:
- 2024-31373
eCommerce Product Catalog Plugin for WordPress
- Plugin Slug:
- ecommerce-product-catalog
- Installations
- 10,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 3.3.29
- Severity Score:
- Medium
- CVE:
- 2024-32437
eRoom – Zoom Meetings & Webinars
- Plugin:
- eRoom – Zoom Meetings & Webinars
- Plugin Slug:
- eroom-zoom-meetings-webinar
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.4.19
- Severity Score:
- Medium
- CVE:
- 2024-3275
Jobs for WordPress
- Plugin:
- Jobs for WordPress
- Plugin Slug:
- job-postings
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.7.6
- Severity Score:
- High
- CVE:
- 2024-32149
Legal Pages – Privacy Policy, Terms & Conditions, GDPR, CCPA, and Cookie Notice Generator
- Plugin Slug:
- legal-pages
- Installations
- 10,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.4.3
- Severity Score:
- Medium
- CVE:
- 2024-32451
LifterLMS – WordPress LMS Plugin for eLearning
- Plugin Slug:
- lifterlms
- Installations
- 10,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 7.5.1
- Severity Score:
- Medium
- CVE:
- 2024-31363
Page Builder: Live Composer
- Plugin:
- Page Builder: Live Composer
- Plugin Slug:
- live-composer-page-builder
- Installations
- 10,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.5.36
- Severity Score:
- Medium
- CVE:
- 2024-31933
Mailster WordPress Newsletter Plugin Compatibility Tester
- Plugin Slug:
- mailster
- Installations
- 10,000+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 4.0.7
- Severity Score:
- High
- CVE:
- 2024-32523
Order Delivery Date for WooCommerce
- Plugin Slug:
- order-delivery-date-for-woocommerce
- Installations
- 10,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 3.21.0
- Severity Score:
- Medium
- CVE:
- 2024-32434
Popup by Supsystic
- Plugin:
- Popup by Supsystic
- Plugin Slug:
- popup-by-supsystic
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.10.28
- Severity Score:
- Medium
- CVE:
- 2024-31421
Membership Plugin – Restrict Content
- Plugin Slug:
- restrict-content
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.2.9
- Severity Score:
- Medium
- CVE:
- 2024-31432
Simple Post Notes
- Plugin:
- Simple Post Notes
- Plugin Slug:
- simple-post-notes
- Installations
- 10,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.7.7
- Severity Score:
- Medium
- CVE:
- 2024-31935
UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress
- Plugin Slug:
- userswp
- Installations
- 10,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.2.6
- Severity Score:
- Medium
- CVE:
- 2024-31936
WP Google Analytics Events – No-Code Custom Event Tracking for Google Analytics
- Plugin Slug:
- wp-google-analytics-events
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.8.1
- Severity Score:
- High
- CVE:
- 2024-32145
Mail logging – WP Mail Catcher
- Plugin:
- Mail logging – WP Mail Catcher
- Plugin Slug:
- wp-mail-catcher
- Installations
- 10,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.1.7
- Severity Score:
- Medium
- CVE:
- 2024-32099
WooCommerce Google Feed Manager
- Plugin:
- WooCommerce Google Feed Manager
- Plugin Slug:
- wp-product-feed-manager
- Installations
- 10,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 2.6.0
- Severity Score:
- High
- CVE:
- 2024-3067
Elements Plus!
- Plugin:
- Elements Plus!
- Plugin Slug:
- elements-plus
- Installations
- 9,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.16.4
- Severity Score:
- Medium
- CVE:
- 2024-32457
WooCommerce UPS Shipping – Live Rates and Access Points
- Plugin Slug:
- flexible-shipping-ups
- Installations
- 9,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.2.5
- Severity Score:
- Medium
- CVE:
- 2024-31944
Smart Forms – when you need more than just a contact form
- Plugin Slug:
- smart-forms
- Installations
- 9,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.6.94
- Severity Score:
- Medium
- CVE:
- 2024-1307
Smart Forms – when you need more than just a contact form
- Plugin Slug:
- smart-forms
- Installations
- 9,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.6.94
- Severity Score:
- Medium
- CVE:
- 2024-1306
Fatal Error Notify
- Plugin:
- Fatal Error Notify
- Plugin Slug:
- fatal-error-notify
- Installations
- 8,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.5.3
- Severity Score:
- Medium
- CVE:
- 2024-32455
Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress Plugin
- Plugin Slug:
- mage-eventpress
- Installations
- 8,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 4.1.3
- Severity Score:
- Medium
- CVE:
- 2024-32110
Unlimited Elementor Inner Sections By BoomDevs
- Plugin Slug:
- unlimited-elementor-inner-sections-by-boomdevs
- Installations
- 8,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.0.5
- Severity Score:
- Medium
- CVE:
- 2024-32110
WPvivid Backup for MainWP
- Plugin:
- WPvivid Backup for MainWP
- Plugin Slug:
- wpvivid-backup-mainwp
- Installations
- 8,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 0.9.34
- Severity Score:
- Medium
Finale Lite – Sales Countdown Timer & Discount for WooCommerce
- Plugin Slug:
- finale-woocommerce-sales-countdown-timer-discount
- Installations
- 7,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.18.1
- Severity Score:
- Medium
- CVE:
- 2024-32107
ProfileGrid – User Profiles, Memberships, Groups and Communities
- Plugin Slug:
- profilegrid-user-profiles-groups-and-communities
- Installations
- 7,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 5.7.9
- Severity Score:
- Medium
- CVE:
- 2024-31362
Ultimate Product Catalog
- Plugin:
- Ultimate Product Catalog
- Plugin Slug:
- ultimate-product-catalogue
- Installations
- 7,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 5.2.16
- Severity Score:
- Medium
- CVE:
- 2024-31921
WP Compress – Image Optimizer [All-In-One]
- Plugin Slug:
- wp-compress-image-optimizer
- Installations
- 7,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 6.11.01
- Severity Score:
- Medium
- CVE:
- 2024-32106
Load More Anything
- Plugin:
- Load More Anything
- Plugin Slug:
- ajax-load-more-anything
- Installations
- 6,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.3.6
- Severity Score:
- Medium
- CVE:
- 2024-32110
Boostify Header Footer Builder for Elementor
- Plugin Slug:
- boostify-header-footer-builder
- Installations
- 6,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.3.2
- Severity Score:
- Medium
- CVE:
- 2024-32110
Country State City Dropdown CF7
- Plugin:
- Country State City Dropdown CF7
- Plugin Slug:
- country-state-city-auto-dropdown
- Installations
- 6,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.7.2
- Severity Score:
- Medium
- CVE:
- 2024-3520
Product Input Fields for WooCommerce
- Plugin Slug:
- product-input-fields-for-woocommerce
- Installations
- 6,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.8.0
- Severity Score:
- Medium
- CVE:
- 2024-31431
Radio Player – Live Shoutcast, Icecast and Any Audio Stream Player for WordPress
- Plugin Slug:
- radio-player
- Installations
- 6,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 2.0.74
- Severity Score:
- Medium
- CVE:
- 2024-32506
Responsive Gallery Grid
- Plugin:
- Responsive Gallery Grid
- Plugin Slug:
- responsive-gallery-grid
- Installations
- 6,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.3.11
- Severity Score:
- Medium
- CVE:
- 2024-1664
Responsive Tabs
- Plugin:
- Responsive Tabs
- Plugin Slug:
- responsive-tabs
- Installations
- 6,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.0.7
- Severity Score:
- Medium
- CVE:
- 2024-1846
Ultimate Bootstrap Elements for Elementor
- Plugin Slug:
- ultimate-bootstrap-elements-for-elementor
- Installations
- 6,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.4.1
- Severity Score:
- Medium
- CVE:
- 2024-2132
WP Login and Logout Redirect
- Plugin:
- WP Login and Logout Redirect
- Plugin Slug:
- wp-login-and-logout-redirect
- Installations
- 6,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.0
- Severity Score:
- Medium
- CVE:
- 2024-31927
WOLF – WordPress Posts Bulk Editor and Manager Professional
- Plugin Slug:
- bulk-editor
- Installations
- 5,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.0.8.2
- Severity Score:
- Medium
- CVE:
- 2024-31430
Church Content – Sermons, Events and More
- Plugin Slug:
- church-theme-content
- Installations
- 5,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.6.1
- Severity Score:
- Medium
- CVE:
- 2024-32094
GEO my WordPress
- Plugin:
- GEO my WordPress
- Plugin Slug:
- geo-my-wp
- Installations
- 5,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 4.2
- Severity Score:
- Medium
- CVE:
- 2024-32097
Intagrate Lite
- Plugin:
- Intagrate Lite
- Plugin Slug:
- instagrate-to-wordpress
- Installations
- 5,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.3.8
- Severity Score:
- Medium
- CVE:
- 2024-31929
Podlove Podcast Publisher
- Plugin:
- Podlove Podcast Publisher
- Plugin Slug:
- podlove-podcasting-plugin-for-wordpress
- Installations
- 5,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.1.1
- Severity Score:
- Medium
- CVE:
- 2024-32143
Podlove Podcast Publisher
- Plugin:
- Podlove Podcast Publisher
- Plugin Slug:
- podlove-podcasting-plugin-for-wordpress
- Installations
- 5,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 4.0.14
- Severity Score:
- High
- CVE:
- 2024-32139
WP Client Reports
- Plugin:
- WP Client Reports
- Plugin Slug:
- wp-client-reports
- Installations
- 5,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.0.23
- Severity Score:
- Medium
- CVE:
- 2024-32439
Shopping Cart & eCommerce Store
- Plugin:
- Shopping Cart & eCommerce Store
- Plugin Slug:
- wp-easycart
- Installations
- 5,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 5.6.4
- Severity Score:
- High
- CVE:
- 2024-3211
Shopping Cart & eCommerce Store
- Plugin:
- Shopping Cart & eCommerce Store
- Plugin Slug:
- wp-easycart
- Installations
- 5,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 5.6.0
- Severity Score:
- Medium
- CVE:
- 2024-32452
CP Media Player – Audio Player and Video Player
- Plugin Slug:
- audio-and-video-player
- Installations
- 4,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.2.0
- Severity Score:
- Medium
- CVE:
- 2024-31941
Contact Form Plugin
- Plugin:
- Contact Form Plugin
- Plugin Slug:
- contact-form-lite
- Installations
- 4,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.1.25
- Severity Score:
- Medium
- CVE:
- 2024-32147
Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin
- Plugin Slug:
- everest-backup
- Installations
- 4,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 2.2.5
- Severity Score:
- Critical
- CVE:
- 2023-7201
Marker.io – Visual Website Feedback
- Plugin Slug:
- marker-io
- Installations
- 4,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.1.9
- Severity Score:
- Medium
- CVE:
- 2024-31427
MultiParcels Shipping For WooCommerce
- Plugin Slug:
- multiparcels-shipping-for-woocommerce
- Installations
- 4,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.16.9
- Severity Score:
- Medium
- CVE:
- 2024-32095
Account Engagement
- Plugin:
- Account Engagement
- Plugin Slug:
- pardot
- Installations
- 4,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.1.1
- Severity Score:
- Medium
- CVE:
- 2024-32148
WordPress Hosting Benchmark tool
- Plugin:
- WordPress Hosting Benchmark tool
- Plugin Slug:
- wpbenchmark
- Installations
- 4,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.3.7
- Severity Score:
- Medium
- CVE:
- 2024-31922
WPC Grouped Product for WooCommerce
- Plugin Slug:
- wpc-grouped-product
- Installations
- 4,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.4.3
- Severity Score:
- Medium
- CVE:
- 2024-32520
WP Synchro – WordPress Migration Plugin for Database & Files
- Plugin Slug:
- wpsynchro
- Installations
- 4,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.11.3
- Severity Score:
- Medium
- CVE:
- 2024-32096
Zoho Campaigns
- Plugin:
- Zoho Campaigns
- Plugin Slug:
- zoho-campaigns
- Installations
- 4,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.0.8
- Severity Score:
- Medium
- CVE:
- 2024-32442
Zoho Campaigns
- Plugin:
- Zoho Campaigns
- Plugin Slug:
- zoho-campaigns
- Installations
- 4,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.0.8
- Severity Score:
- Medium
- CVE:
- 2024-32441
Premmerce Product Filter for WooCommerce
- Plugin Slug:
- premmerce-woocommerce-product-filter
- Installations
- 3,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.7.3
- Severity Score:
- Medium
- CVE:
- 2024-31359
SEO Booster
- Plugin:
- SEO Booster
- Plugin Slug:
- seo-booster
- Installations
- 3,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 3.8.10
- Severity Score:
- Medium
- CVE:
- 2024-32438
TOP Table Of Contents
- Plugin:
- TOP Table Of Contents
- Plugin Slug:
- top-table-of-contents
- Installations
- 3,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.3.16
- Severity Score:
- Medium
- CVE:
- 2024-32110
Wallet System for WooCommerce – Digital Wallet, Cashback Rewards, Recharge User Wallets, View Transaction History
- Plugin Slug:
- wallet-system-for-woocommerce
- Installations
- 3,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.5.10
- Severity Score:
- Medium
- CVE:
- 2024-32446
Extra Product Options Builder for WooCommerce
- Plugin Slug:
- additional-product-fields-for-woocommerce
- Installations
- 2,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.2.105
- Severity Score:
- Medium
- CVE:
- 2024-31940
Custom Thank You Page Customize For WooCommerce by Binary Carpenter
- Plugin Slug:
- bc-woo-custom-thank-you-pages
- Installations
- 2,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.4.14
- Severity Score:
- Medium
- CVE:
- 2024-32517
Currency per Product for WooCommerce
- Plugin Slug:
- currency-per-product-for-woocommerce
- Installations
- 2,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.7.0
- Severity Score:
- Medium
- CVE:
- 2024-31920
Gallery Box
- Plugin:
- Gallery Box
- Plugin Slug:
- gallery-box
- Installations
- 2,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.7.34
- Severity Score:
- Medium
- CVE:
- 2024-32110
GG Woo Feed for WooCommerce Shopping Feed on Google Facebook and Other Channels
- Plugin Slug:
- gg-woo-feed
- Installations
- 2,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.2.7
- Severity Score:
- Medium
- CVE:
- 2024-32519
Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported)
- Plugin Slug:
- gift-voucher
- Installations
- 2,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 4.4.1
- Severity Score:
- Medium
- CVE:
- 2024-32436
InstaWP Connect – 1-click WP Staging & Migration
- Plugin Slug:
- instawp-connect
- Installations
- 2,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 0.1.0.23
- Severity Score:
- Critical
- CVE:
- 2024-2667
LH Add Media From Url
- Plugin:
- LH Add Media From Url
- Plugin Slug:
- lh-add-media-from-url
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.23
- Severity Score:
- High
- CVE:
- 2024-32533
Table Plugin for WordPress with Google Sheets Integration – Sheets to WP Table Live Sync
- Plugin Slug:
- sheets-to-wp-table-live-sync
- Installations
- 2,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 3.5.1
- Severity Score:
- Medium
- CVE:
- 2024-32110
Open Close WooCommerce Store – Best Business Schedules Manager
- Plugin Slug:
- woc-open-close
- Installations
- 2,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.9.2
- Severity Score:
- Medium
- CVE:
- 2024-32522
WP Event Aggregator: Import Eventbrite events, Meetup events, social events and any iCal Events into WordPress
- Plugin Slug:
- wp-event-aggregator
- Installations
- 2,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.7.7
- Severity Score:
- Medium
- CVE:
- 2024-31371
AppPresser – Mobile App Framework
- Plugin Slug:
- apppresser
- Installations
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 4.3.1
- Severity Score:
- Medium
- CVE:
- 2024-31374
Benchmark Email Lite
- Plugin:
- Benchmark Email Lite
- Plugin Slug:
- benchmark-email-lite
- Installations
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 4.2
- Severity Score:
- Medium
- CVE:
- 2024-31360
Church Admin
- Plugin:
- Church Admin
- Plugin Slug:
- church-admin
- Installations
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 4.0.28
- Severity Score:
- Medium
- CVE:
- 2024-32090
TempTool [Show Current Template Info]
- Plugin Slug:
- current-template-name
- Installations
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.1.13
- Severity Score:
- Medium
- CVE:
- 2024-32110
Dashboard To-Do List
- Plugin:
- Dashboard To-Do List
- Plugin Slug:
- dashboard-to-do-list
- Installations
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.3.2
- Severity Score:
- Medium
- CVE:
- 2024-31376
ELEX WooCommerce Dynamic Pricing and Discounts
- Plugin Slug:
- elex-woocommerce-dynamic-pricing-and-discounts
- Installations
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.1.3
- Severity Score:
- Medium
- CVE:
- 2024-32105
ELEX WooCommerce Dynamic Pricing and Discounts
- Plugin Slug:
- elex-woocommerce-dynamic-pricing-and-discounts
- Installations
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.1.3
- Severity Score:
- Medium
- CVE:
- 2024-31364
XPlainer – WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin]
- Plugin Slug:
- faq-for-woocommerce
- Installations
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.5.1
- Severity Score:
- Medium
- CVE:
- 2024-32110
Login | Login Page | Login Logo | Rename Login Page | Custom Login Page | Temporary Users | Rebrand Login | Login Captcha
- Plugin Slug:
- feather-login-page
- Installations
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.1.6
- Severity Score:
- Medium
- CVE:
- 2024-31923
USPS Shipping for WooCommerce – Live Rates
- Plugin Slug:
- flexible-shipping-usps
- Installations
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.9.3
- Severity Score:
- Medium
- CVE:
- 2024-31943
Login with phone number
- Plugin:
- Login with phone number
- Plugin Slug:
- login-with-phone-number
- Installations
- 1,000+
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 1.7.17
- Severity Score:
- High
- CVE:
- 2024-32507
Login with phone number
- Plugin:
- Login with phone number
- Plugin Slug:
- login-with-phone-number
- Installations
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.6.94
- Severity Score:
- High
- CVE:
- 2024-31424
MihanPanel – User Login , Registration and Dashboard
- Plugin Slug:
- mihanpanel-lite
- Installations
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 12.7
- Severity Score:
- Medium
- CVE:
- 2024-31389
Netgsm
- Plugin:
- Netgsm
- Plugin Slug:
- netgsm
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.9
- Severity Score:
- High
- CVE:
- 2024-32544
No-Bot Registration
- Plugin:
- No-Bot Registration
- Plugin Slug:
- no-bot-registration
- Installations
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.0
- Severity Score:
- Medium
- CVE:
- 2024-31372
Novelist
- Plugin:
- Novelist
- Plugin Slug:
- novelist
- Installations
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.2.3
- Severity Score:
- Medium
- CVE:
- 2024-32093
POEditor
- Plugin:
- POEditor
- Plugin Slug:
- poeditor
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 0.9.9
- Severity Score:
- Medium
- CVE:
- 2024-32453
ReDi Restaurant Reservation
- Plugin:
- ReDi Restaurant Reservation
- Plugin Slug:
- redi-restaurant-reservation
- Installations
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 24.0303
- Severity Score:
- Medium
- CVE:
- 2024-31385
Save as PDF Plugin by Pdfcrowd
- Plugin:
- Save as PDF Plugin by Pdfcrowd
- Plugin Slug:
- save-as-pdf-by-pdfcrowd
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.2.2
- Severity Score:
- Medium
- CVE:
- 2024-31930
WordPress Tour & Travel Booking Plugin for WooCommerce – WpTravelly
- Plugin Slug:
- tour-booking-manager
- Installations
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.6.1
- Severity Score:
- Medium
- CVE:
- 2024-32450
Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider
- Plugin Slug:
- ultimate-store-kit
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.6.0
- Severity Score:
- Medium
- CVE:
- 2024-31357
TWIPLA (Visitor Analytics IO) – Privacy-First Website Stats, Session Recordings, Heatmaps, Polls and Surveys
- Plugin Slug:
- visitor-analytics-io
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.3.0
- Severity Score:
- Medium
- CVE:
- 2024-31937
Multi Currency For WooCommerce
- Plugin:
- Multi Currency For WooCommerce
- Plugin Slug:
- wc-multi-currency
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.5.6
- Severity Score:
- Medium
- CVE:
- 2024-32516
WP Dynamic Keywords Injector
- Plugin:
- WP Dynamic Keywords Injector
- Plugin Slug:
- wp-dynamic-keywords-injector
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.3.22
- Severity Score:
- High
- CVE:
- 2024-32528
MWW Disclaimer Buttons
- Plugin:
- MWW Disclaimer Buttons
- Plugin Slug:
- mww-disclaimer-buttons
- Installations
- 900+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.2
- Severity Score:
- Medium
- CVE:
- 2024-32428
Siteimprove
- Plugin:
- Siteimprove
- Plugin Slug:
- siteimprove
- Installations
- 900+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.0.7
- Severity Score:
- Medium
- CVE:
- 2024-32103
BMI Adult & Kid Calculator
- Plugin:
- BMI Adult & Kid Calculator
- Plugin Slug:
- bmi-adultkid-calculator
- Installations
- 700+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.2.2
- Severity Score:
- High
- CVE:
- 2024-32550
Better Chat Support – Chat Bubble and Chat Button with Gutenberg, Elementor and Shortcode
- Plugin Slug:
- chat-help
- Installations
- 400+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.6.0
- Severity Score:
- Medium
- CVE:
- 2024-32110
Popup Like box – Page Plugin
- Plugin:
- Popup Like box – Page Plugin
- Plugin Slug:
- ays-facebook-popup-likebox
- Installations
- 200+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.7.3
- Severity Score:
- Medium
- CVE:
- 2024-31387
Webinar Solution: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition
- Plugin Slug:
- webinar-ignition
- Installations
- 200+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 3.06.0
- Severity Score:
- Medium
- CVE:
- 2024-32445
F4 Improvements
- Plugin:
- F4 Improvements
- Plugin Slug:
- f4-improvements
- Installations
- 100+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.8.1
- Severity Score:
- Medium
- CVE:
- 2024-31925
WP2LEADS | WordPress und KlickTipp einfach verbinden – WooCommerce und KlickTipp einfach verbinden
- Plugin:
- WP2LEADS | WordPress und KlickTipp einfach verbinden – WooCommerce und KlickTipp einfach verbinden
- Plugin Slug:
- wp2leads
- Installations
- 100+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.2.8
- Severity Score:
- Medium
- CVE:
- 2024-31375
NPS computy
- Plugin:
- NPS computy
- Plugin Slug:
- nps-computy
- Installations
- 80+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.7.6
- Severity Score:
- Medium
- CVE:
- 2024-1755
NPS computy
- Plugin:
- NPS computy
- Plugin Slug:
- nps-computy
- Installations
- 80+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.7.6
- Severity Score:
- Medium
- CVE:
- 2024-1754
Save as Image Plugin by Pdfcrowd
- Plugin:
- Save as Image Plugin by Pdfcrowd
- Plugin Slug:
- save-as-image-by-pdfcrowd
- Installations
- 50+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.2.2
- Severity Score:
- Medium
- CVE:
- 2024-31931
5 star review funnel for Google Reviews, Trustpilot, ProvenExpert and more | RRatingg
- Plugin Slug:
- 5-stars-rating-funnel
- Installations
- 40+
- Vulnerability:
- Arbitrary Content Deletion
- Patched in Version:
- 1.3.02
- Severity Score:
- High
- CVE:
- 2024-31358
AffiEasy
- Plugin:
- AffiEasy
- Plugin Slug:
- affieasy
- Installations
- 30+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.1.6
- Severity Score:
- Medium
- CVE:
- 2024-32435
AWP Classifieds
- Plugin:
- AWP Classifieds
- Plugin Slug:
- another-wordpress-classifieds-plugin
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 4.3.2
- Severity Score:
- Medium
- CVE:
- 2024-32447
BWL Advanced FAQ Manager
- Plugin:
- BWL Advanced FAQ Manager
- Plugin Slug:
- bwl-advanced-faq-manager
- Vulnerability:
- SQL Injection
- Patched in Version:
- 2.0.4
- Severity Score:
- High
- CVE:
- 2024-32136
Calendarista Basic Edition
- Plugin:
- Calendarista Basic Edition
- Plugin Slug:
- calendarista-basic-edition
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 3.0.3
- Severity Score:
- Medium
- CVE:
- 2024-31942
Digital Publications by Supsystic
- Plugin:
- Digital Publications by Supsystic
- Plugin Slug:
- digital-publications-by-supsystic
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.7.8
- Severity Score:
- Medium
- CVE:
- 2024-32089
Essential Grid
- Plugin:
- Essential Grid
- Plugin Slug:
- essential-grid
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.1.2
- Severity Score:
- Medium
- CVE:
- 2024-3235
Fancy Product Designer
- Plugin:
- Fancy Product Designer
- Plugin Slug:
- fancy-product-designer
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 6.1.81
- Severity Score:
- Medium
- CVE:
- 2024-0902
WPBakery Page Builder
- Plugin:
- WPBakery Page Builder
- Plugin Slug:
- js_composer
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 7.6
- Severity Score:
- Medium
- CVE:
- 2024-1840
WPBakery Page Builder
- Plugin:
- WPBakery Page Builder
- Plugin Slug:
- js_composer
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 7.6
- Severity Score:
- Medium
- CVE:
- 2024-1805
RestroPress
- Plugin:
- RestroPress
- Plugin Slug:
- restropress
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 3.1.2.1
- Severity Score:
- Medium
- CVE:
- 2024-32449
Slider Revolution
- Plugin:
- Slider Revolution
- Plugin Slug:
- revslider
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 6.7.0
- Severity Score:
- Medium
- CVE:
- 2024-2306
Table & Contact Form 7 Database – Tablesome
- Plugin:
- Table & Contact Form 7 Database – Tablesome
- Plugin Slug:
- tablesome
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.0.26
- Severity Score:
- Medium
- CVE:
- 2024-31388
WooCommerce Customers Manager
- Plugin:
- WooCommerce Customers Manager
- Plugin Slug:
- woocommerce-customers-manager
- Vulnerability:
- SQL Injection
- Patched in Version:
- 29.7
- Severity Score:
- High
- CVE:
- 2024-0399
WP Cost Estimation & Payment Forms Builder
- Plugin:
- WP Cost Estimation & Payment Forms Builder
- Plugin Slug:
- wp-estimation-form
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 10.1.76
- Severity Score:
- High
- CVE:
- 2024-32510
WP Cost Estimation & Payment Forms Builder
- Plugin:
- WP Cost Estimation & Payment Forms Builder
- Plugin Slug:
- wp-estimation-form
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 10.1.77
- Severity Score:
- Medium
- CVE:
- 2024-32509
WP Activity Log Premium
- Plugin:
- WP Activity Log Premium
- Plugin Slug:
- wp-security-audit-log-premium
- Vulnerability:
- SQL Injection
- Patched in Version:
- 4.6.4.1
- Severity Score:
- High
- CVE:
- 2024-2018
WPB Show Core
- Plugin:
- WPB Show Core
- Plugin Slug:
- wpb-show-core
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.7
- Severity Score:
- High
- CVE:
- 2024-1956
WPB Show Core
- Plugin:
- WPB Show Core
- Plugin Slug:
- wpb-show-core
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.6
- Severity Score:
- High
- CVE:
- 2024-1292
WordPress Themes — 19 Patched / 7 Unpatched
Decode
- Theme:
- Decode
- Theme Slug:
- decode
- Downloads
- 269,521
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-31386
Gridsby
- Theme:
- Gridsby
- Theme Slug:
- gridsby
- Downloads
- 288,716
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-31386
GuCherry Blog
- Theme:
- GuCherry Blog
- Theme Slug:
- gucherry-blog
- Downloads
- 136,966
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-32531
HappenStance
- Theme:
- HappenStance
- Theme Slug:
- happenstance
- Downloads
- 134,390
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-31386
i-excel
- Theme:
- i-excel
- Theme Slug:
- i-excel
- Downloads
- 262,257
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-31386
i-max
- Theme:
- i-max
- Theme Slug:
- i-max
- Downloads
- 270,530
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-31386
Sensible WP
- Theme:
- Sensible WP
- Theme Slug:
- sensible-wp
- Downloads
- 277,690
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-31386
Blocksy
- Theme:
- Blocksy
- Theme Slug:
- blocksy
- Downloads
- 3,056,299
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.0.23
- Severity Score:
- Medium
- CVE:
- 2024-31382
CityLogic
- Theme:
- CityLogic
- Theme Slug:
- citylogic
- Downloads
- 292,720
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.1.30
- Severity Score:
- Medium
- CVE:
- 2024-31386
Default Mag
- Theme:
- Default Mag
- Theme Slug:
- default-mag
- Downloads
- 93,066
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.3.6
- Severity Score:
- Medium
- CVE:
- 2024-31386
Emmet Lite
- Theme:
- Emmet Lite
- Theme Slug:
- emmet-lite
- Downloads
- 104,881
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.7.8
- Severity Score:
- Medium
- CVE:
- 2024-31386
Lightning
- Theme:
- Lightning
- Theme Slug:
- lightning
- Downloads
- 2,240,450
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 15.19.0
- Severity Score:
- Medium
- CVE:
- 2024-31386
Namaha
- Theme:
- Namaha
- Theme Slug:
- namaha
- Downloads
- 63,477
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.0.41
- Severity Score:
- Medium
- CVE:
- 2024-31386
NewsXpress
- Theme:
- NewsXpress
- Theme Slug:
- newsxpress
- Downloads
- 11,096
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.0.8
- Severity Score:
- Medium
- CVE:
- 2024-31938
Panoramic
- Theme:
- Panoramic
- Theme Slug:
- panoramic
- Downloads
- 614,830
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.1.57
- Severity Score:
- Medium
- CVE:
- 2024-31386
PopularFX
- Theme:
- PopularFX
- Theme Slug:
- popularfx
- Downloads
- 773,374
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.2.5
- Severity Score:
- Medium
- CVE:
- 2024-31383
Sarada Lite
- Theme:
- Sarada Lite
- Theme Slug:
- sarada-lite
- Downloads
- 86,466
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.1.3
- Severity Score:
- Medium
- CVE:
- 2024-31429
Shopstar!
- Theme:
- Shopstar!
- Theme Slug:
- shopstar
- Downloads
- 286,946
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.1.34
- Severity Score:
- Medium
- CVE:
- 2024-31386
Sliding Door
- Theme:
- Sliding Door
- Theme Slug:
- sliding-door
- Downloads
- 537,017
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 3.4
- Severity Score:
- Medium
- CVE:
- 2024-31386
Spa and Salon
- Theme:
- Spa and Salon
- Theme Slug:
- spa-and-salon
- Downloads
- 155,971
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.2.8
- Severity Score:
- Medium
- CVE:
- 2024-31384
Tainacan Interface
- Theme:
- Tainacan Interface
- Theme Slug:
- tainacan-interface
- Downloads
- 16,543
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.7.2
- Severity Score:
- High
- CVE:
- 2024-3867
The Conference
- Theme:
- The Conference
- Theme Slug:
- the-conference
- Downloads
- 52,521
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.2.1
- Severity Score:
- Medium
- CVE:
- 2024-31428
X-T9
- Theme:
- X-T9
- Theme Slug:
- x-t9
- Downloads
- 30,187
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.19.1
- Severity Score:
- Medium
- CVE:
- 2024-31386
Soledad
- Theme:
- Soledad
- Theme Slug:
- soledad
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 8.4.6
- Severity Score:
- Medium
- CVE:
- 2024-31369
Soledad
- Theme:
- Soledad
- Theme Slug:
- soledad
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 8.4.6
- Severity Score:
- Medium
- CVE:
- 2024-31368
Soledad
- Theme:
- Soledad
- Theme Slug:
- soledad
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 8.4.6
- Severity Score:
- High
- CVE:
- 2024-31367
Solid Security is part of Solid Suite — The best foundation for WordPress websites.
Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!
Sign up now — Get SolidWP updates and valuable content straight to your inbox
Sign up
Get started with confidence — risk free, guaranteed