WordPress Vulnerability Report — April 24, 2024

Since last week, 358 new vulnerabilities emerged in the WordPress ecosystem, including 3 in themes and 355 in plugins. 46 of the vulnerable plugins and themes remain unpatched, but Solid Security Pro users are protected by virtual patching from Patchstack.

Sarah Ulmer

Published:Apr 24, 2024

Filed Under:WordPress Vulnerability Report

Reading Time:68 min.

In this report, 358 vulnerabilities have been publicly disclosed. Security patches for 312 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 46 plugin and theme vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

Along with poor user account security, vulnerable plugins and themes are among the top reasons why WordPress websites get hacked. Unfortunately, cyberattacks are increasing in volume and sophistication. They’re also increasingly aimed at small to mid-sized businesses.

1. WordPress Core
2. WordPress Plugins — 310 Patched / 45 Unpatched

2.1 What’s New Generator
2.2 Zero Spam for WordPress
2.3 Responsive Contact Form Builder & Lead Generation Plugin
2.4 Responsive Contact Form Builder & Lead Generation Plugin
2.5 PeproDev Ultimate Invoice
2.6 Easy Textillate
2.7 WP Poll Maker – Best WordPress Poll Plugin for Voting Contest
2.8 Yoga Schedule Momoyoga
2.9 QR Code Composer – Automatic QR code Generator
2.10 Simple Buttons Creator
2.11 Simple Buttons Creator
2.12 Access Category Password
2.13 Advanced Search
2.14 Advanced Post Block – Post Grid for WordPress block editor
2.15 Shortcodes and extra features for Phlox theme
2.16 Shortcodes and extra features for Phlox theme
2.17 Bulk Block Converter
2.18 Canva – Design beautiful blog graphics
2.19 Custom Order Statuses for WooCommerce
2.20 Delete Custom Fields
2.21 Easy CountDowner
2.22 Flash Video Player
2.23 Knight Lab Timeline
2.24 LoginPress Pro
2.25 LoginPress Pro
2.26 Related Posts for WordPress
2.27 MJ Update History
2.28 Ovic Responsive WPBakery
2.29 PeproDev CF7 Database
2.30 Code Insert Manager (Q2W3 Inc Manager)
2.31 Shopkeeper Extender
2.32 Shortcode Addons
2.33 Simple Testimonials Showcase
2.34 SP Project & Document Manager
2.35 Superfly Menu
2.36 Tax Rate Upload
2.37 Mega Addons For Elementor
2.38 WidgetKit
2.39 2Checkout Payment Gateway for WooCommerce
2.40 Simple Registration for WooCommerce
2.41 WP-Cufon
2.42 WP File Download Light
2.43 WP TradingView
2.44 WP User Profile Avatar
2.45 Z Y N I T H
2.46 Really Simple SSL
2.47 WooCommerce
2.48 Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
2.49 Rank Math SEO with AI Best SEO Tools
2.50 ElementsKit Elementor addons and Templates Library
2.51 Speed Optimizer – The All-In-One WordPress Performance-Boosting Plugin
2.52 Smart Slider 3
2.53 Meta Box – WordPress Custom Fields Framework
2.54 Premium Addons for Elementor
2.55 Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Slideshows
2.56 WP Shortcodes Plugin — Shortcodes Ultimate
2.57 Click to Chat – HoliThemes
2.58 Happy Addons for Elementor
2.59 Happy Addons for Elementor
2.60 Happy Addons for Elementor
2.61 Migration, Backup, Staging – WPvivid
2.62 Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE
2.63 Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE
2.64 Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE
2.65 Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE
2.66 Royal Elementor Addons and Templates
2.67 Royal Elementor Addons and Templates
2.68 Royal Elementor Addons and Templates
2.69 FileBird – WordPress Media Library Folders & File Manager
2.70 FileBird – WordPress Media Library Folders & File Manager
2.71 Jeg Elementor Kit
2.72 Photo Gallery by 10Web – Mobile-Friendly Image Gallery
2.73 Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin
2.74 Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress
2.75 YITH WooCommerce Compare
2.76 Ivory Search – WordPress Search Plugin
2.77 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)
2.78 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)
2.79 Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider)
2.80 Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider)
2.81 Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider)
2.82 Colibri Page Builder
2.83 Colibri Page Builder
2.84 Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates
2.85 Table Rate Shipping Method for WooCommerce by Flexible Shipping
2.86 GiveWP – Donation Plugin and Fundraising Platform
2.87 HT Mega – Absolute Addons For Elementor
2.88 HT Mega – Absolute Addons For Elementor
2.89 HT Mega – Absolute Addons For Elementor
2.90 HT Mega – Absolute Addons For Elementor
2.91 HT Mega – Absolute Addons For Elementor
2.92 Hummingbird – Optimize Speed, Enable Cache, Minify CSS & Defer Critical JS
2.93 Inline Related Posts
2.94 Schema & Structured Data for WP & AMP
2.95 Social Media Share Buttons & Social Sharing Icons
2.96 WooCommerce Multilingual & Multicurrency with WPML
2.97 HUSKY – Products Filter Professional for WooCommerce
2.98 ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor)
2.99 Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce
2.100 Enhanced Media Library
2.101 LearnPress – WordPress LMS Plugin
2.102 Master Slider – Responsive Touch Slider
2.103 Master Slider – Responsive Touch Slider
2.104 Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions
2.105 Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions
2.106 Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions
2.107 VK Block Patterns
2.108 Product Feed PRO for WooCommerce by AdTribes – WooCommerce Product Feeds for Google, Facebook/Meta, Bing, & More
2.109 WP Show Posts
2.110 WP STAGING WordPress Backup Plugin – Migration Backup Restore
2.111 Backup Migration
2.112 Import and export users and customers
2.113 WPZOOM Social Feed Widget & Block
2.114 Real Media Library: Media Library Folder & File Manager
2.115 Theme My Login
2.116 Comments – wpDiscuz
2.117 Database for Contact Form 7, WPforms, Elementor forms
2.118 User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin
2.119 User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin
2.120 Export and Import Users and Customers
2.121 Cornerstone
2.122 Customer Reviews for WooCommerce
2.123 Customer Reviews for WooCommerce
2.124 Customer Reviews for WooCommerce
2.125 Exclusive Addons for Elementor
2.126 Exclusive Addons for Elementor
2.127 Exclusive Addons for Elementor
2.128 WPC Smart Quick View for WooCommerce
2.129 WP 2FA – Two-factor authentication for WordPress
2.130 Easy Social Feed – Social Photos Gallery – Post Feed – Like Box
2.131 RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator
2.132 Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder
2.133 hCaptcha for WordPress
2.134 Popup Anything – Popup for opt-ins and Lead Generation Conversions
2.135 Quick Featured Images
2.136 Carousel Slider
2.137 Carousel Slider
2.138 Content Control – The Ultimate Content Restriction Plugin! Restrict Content, Create Conditional Blocks & More
2.139 DethemeKit For Elementor
2.140 Ditty – Responsive News Tickers, Sliders, and Lists
2.141 Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks
2.142 Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks
2.143 Simply Static
2.144 Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX
2.145 WP 404 Auto Redirect to Similar Post
2.146 Gutenberg Block Editor Toolkit – EditorsKit
2.147 FV Flowplayer Video Player
2.148 Slider by 10Web – Responsive Image Slider
2.149 Social Sharing Plugin – Social Warfare
2.150 Social Share, Social Login and Social Comments Plugin – Super Socializer
2.151 Testimonial Slider
2.152 WP Customer Reviews
2.153 Appointment Hour Booking – WordPress Booking Plugin
2.154 Data Tables Generator by Supsystic
2.155 Jotform Online Forms – Drag & Drop Form Builder, Securely Embed Contact Forms
2.156 Envo Extra
2.157 HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce
2.158 Pricing Table by Supsystic
2.159 Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers
2.160 Rate My Post – Star Rating Plugin by FeedbackWP
2.161 Secure Copy Content Protection and Content Locking
2.162 SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer
2.163 Top Bar
2.164 Social Share Icons & Social Share Buttons
2.165 weForms – Easy Drag & Drop Contact Form Builder For WordPress
2.166 TeraWallet – Best WooCommerce Wallet System With Cashback Rewards, Partial Payment, Wallet Refunds
2.167 Brevo for WooCommerce
2.168 WP Meta SEO
2.169 WP Meta SEO
2.170 Advanced Floating Content Lite
2.171 BA Book Everything
2.172 BA Book Everything
2.173 Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss
2.174 rtMedia for WordPress, BuddyPress and bbPress
2.175 Language Translate Widget for WordPress – ConveyThis
2.176 EAN for WooCommerce
2.177 EAN for WooCommerce
2.178 Easy Custom Auto Excerpt
2.179 eCommerce Product Catalog Plugin for WordPress
2.180 Elespare – Blog, Magazine and Newspaper Addons for Elementor with Templates, Widgets, Kits, and Header/Footer Builder. One Click Import: No Coding Required!
2.181 Email Customizer for WooCommerce | Drag and Drop Email Templates Builder
2.182 eRoom – Zoom Meetings & Webinars
2.183 GeoDirectory – WordPress Business Directory Plugin, or Classified Directory
2.184 List Custom Taxonomy Widget
2.185 Mailster WordPress Newsletter Plugin Compatibility Tester
2.186 Mega Elements – Addons for Elementor
2.187 Restaurant Menu – Food Ordering System – Table Reservation
2.188 myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin
2.189 Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction
2.190 RomethemeKit For Elementor
2.191 Social Share Buttons, Social Sharing Icons, Click to Tweet — Social Media Plugin by Social Snap
2.192 WPC Frequently Bought Together for WooCommerce
2.193 WooCommerce Google Feed Manager
2.194 SchedulePress – Best Editorial Calendar, Missed Schedule & Auto Social Share
2.195 WP Travel Engine – Best Travel Booking WordPress Plugin
2.196 WP Ultimate Review
2.197 WP Ultimate Review
2.198 WP Ultimate Review
2.199 Frontend Admin by DynamiApps
2.200 Elements Plus!
2.201 FG Joomla to WordPress
2.202 WP Cookie Consent ( for GDPR, CCPA & ePrivacy )
2.203 Media Library Folders
2.204 RomethemeForm For Elementor
2.205 Smart Forms – when you need more than just a contact form
2.206 Smart Forms – when you need more than just a contact form
2.207 WP LinkedIn Auto Publish
2.208 WordPress Backup & Migration
2.209 WP Social Comments
2.210 Maintenance Mode
2.211 LearnPress Export Import – WordPress extension for LearnPress
2.212 Tagembed: Embed Twitter Feed, Google Reviews, YouTube Videos, TikTok, RSS Feed & More Social Media Feeds
2.213 VikBooking Hotel Booking Engine & PMS
2.214 ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup
2.215 Icon Widget
2.216 ProfileGrid – User Profiles, Memberships, Groups and Communities
2.217 ProfileGrid – User Profiles, Memberships, Groups and Communities
2.218 ProfileGrid – User Profiles, Memberships, Groups and Communities
2.219 ProfileGrid – User Profiles, Memberships, Groups and Communities
2.220 Country State City Dropdown CF7
2.221 Easy Property Listings
2.222 EnvíaloSimple: Email Marketing y Newsletters
2.223 Image Slider
2.224 Poll Maker – Best WordPress Poll Plugin
2.225 Poll Maker – Best WordPress Poll Plugin
2.226 Radio Player – Live Shoutcast, Icecast and Any Audio Stream Player for WordPress
2.227 Responsive Tabs
2.228 Podlove Podcast Publisher
2.229 Podlove Podcast Publisher
2.230 Salon booking system
2.231 TrackShip for WooCommerce
2.232 Ultimate 410 Gone Status Code
2.233 MyRewards – Loyalty Points and Rewards for WooCommerce – Reward orders, referrals, product reviews and more
2.234 Shopping Cart & eCommerce Store
2.235 Advanced Local Pickup for WooCommerce
2.236 Embed Google Photos album
2.237 Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin
2.238 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin
2.239 RSS Feed Widget
2.240 Tickera – WordPress Event Ticketing
2.241 VikRentCar Car Rental Management System
2.242 WP ADA Compliance Check Basic – Most Comprehensive Web Accessibility Solution for WordPress
2.243 WP Dummy Content Generator
2.244 WP Fusion Lite – Marketing Automation and CRM Integration for WordPress
2.245 WPC Grouped Product for WooCommerce
2.246 Coupon & Discount Code Reveal Button
2.247 Debug Log Manager
2.248 WP-FormAssembly
2.249 HelloAsso
2.250 MaxGalleria
2.251 Navigation menu as Dropdown Widget
2.252 Newsletters
2.253 Newsletters
2.254 Shared Files – Advanced File Sharing & Download Manager with Frontend Uploads & Lead Generation
2.255 Vision – Image Map Builder
2.256 Widget Post Slider
2.257 WP-Lister Lite for eBay
2.258 WP-Lister Lite for eBay
2.259 WP-Recall – Registration, Profile, Commerce & More
2.260 WP-Recall – Registration, Profile, Commerce & More
2.261 WP-Recall – Registration, Profile, Commerce & More
2.262 WP Stripe Checkout
2.263 Accessibility Widget
2.264 Advanced Testimonial Carousel for Elementor
2.265 All-in-one Like Widget
2.266 Custom Thank You Page Customize For WooCommerce by Binary Carpenter
2.267 CookieHub – Cookie Consent Banner (DSGVO, CCPA, RGPD and GDPR compliance)
2.268 GG Woo Feed for WooCommerce Shopping Feed on Google Facebook and Other Channels
2.269 InstaWP Connect – 1-click WP Staging & Migration
2.270 Kattene
2.271 LH Add Media From Url
2.272 Mortgage Calculators WP
2.273 Active Products Tables for WooCommerce. Use constructor to create tables
2.274 The Pack Elementor addons (Header Footer & WooCommerce Builder, Template Library)
2.275 The Pack Elementor addons (Header Footer & WooCommerce Builder, Template Library)
2.276 Open Close WooCommerce Store – Best Business Schedules Manager
2.277 SuperFaktura WooCommerce
2.278 WP Helper Premium
2.279 Academy LMS – eLearning and online course solution for WordPress
2.280 ActiveDEMAND
2.281 AI Post Generator | AutoWriter
2.282 EleForms – All In One Form Integration including DB for Elementor
2.283 EleForms – All In One Form Integration including DB for Elementor
2.284 App Builder – Create Native Android & iOS Apps On The Flight
2.285 AppPresser – Mobile App Framework
2.286 Attesa Extra
2.287 Backend Designer
2.288 Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC)
2.289 Import Content in WordPress & WooCommerce with Excel
2.290 Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Competition Plugin for WordPress
2.291 Culqi
2.292 DirectoryPress – Business Directory And Classified Ad Listing
2.293 DSGVO Youtube
2.294 USPS Shipping for WooCommerce – Live Rates
2.295 Headline Analyzer
2.296 AI Infographic Maker
2.297 Login with phone number
2.298 Login with phone number
2.299 Netgsm
2.300 BizPrint – Print WooCommerce Order Receipts, Invoices, Labels & More.
2.301 Reviews Plus
2.302 Seers | GDPR & CCPA Cookie Consent & Compliance
2.303 WooCommerce Shipping Label
2.304 StreamWeasels Twitch Integration
2.305 Tagbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics
2.306 Poll | Vote | Contest – Best Poll Plugin for WordPress
2.307 Void Elementor WHMCS Elements For Elementor Page Builder
2.308 Multi Currency For WooCommerce
2.309 Order Limit for WooCommerce
2.310 BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages
2.311 SharkDropship and Affiliate for AliExpress, eBay, Amazon, Etsy
2.312 WP Club Manager – WordPress Sports Club Plugin
2.313 WP Club Manager – WordPress Sports Club Plugin
2.314 WP Dynamic Keywords Injector
2.315 WP GoToWebinar
2.316 MDTF – Meta Data and Taxonomies Filter
2.317 WordPress Simple HTML Sitemap
2.318 WP Smart Import : Import any XML File to WordPress
2.319 WPBITS Addons For Elementor Page Builder
2.320 WPCal.io – Easy Meeting Scheduler
2.321 Frontend Dashboard
2.322 Olive One Click Demo Import
2.323 Language Switcher for Transposh
2.324 BMI Adult & Kid Calculator
2.325 ShortPixel Critical CSS
2.326 Support Genix – Support Tickets Managing System & Helpdesk Plugin for WordPress and WooCommerce
2.327 Evergreen Content Poster – Auto Post and Schedule Your Best Content to Social Media
2.328 Fixed HTML Toolbar
2.329 NPS computy
2.330 NPS computy
2.331 5 star review funnel for Google Reviews, Trustpilot, ProvenExpert and more | RRatingg
2.332 ARForms
2.333 ARForms
2.334 ARForms
2.335 ARForms
2.336 ARForms
2.337 Barcode Scanner with Inventory & Order Manager
2.338 CBX Bookmark & Favorite
2.339 Chauffeur Taxi Booking System for WordPress
2.340 Conversational Forms for ChatBot
2.341 ElementsKit Pro
2.342 Essential Addons for Elementor Pro
2.343 Fancy Product Designer
2.344 Integrate Google Drive
2.345 Integrate Google Drive
2.346 WPBakery Page Builder
2.347 WPBakery Page Builder
2.348 Max Addons Pro for Bricks
2.349 Max Addons Pro for Bricks
2.350 WooCommerce Customers Manager
2.351 Automatic
2.352 WP Cost Estimation & Payment Forms Builder
2.353 WP Cost Estimation & Payment Forms Builder
2.354 WP Media Category Management
2.355 Wp Staging Pro

3. WordPress Themes — 2 Patched / 1 Unpatched

3.1 GuCherry Blog
3.2 Royal Elementor Kit
3.3 Tainacan Interface

Our WordPress Vulnerability Report covers the latest emerging WordPress plugin, theme, and core vulnerabilities. Each vulnerability will have a severity rating of Low, Medium, High, or Critical. Responsible disclosure of vulnerabilities is essential to keeping the WordPress community safe. Please share this report to help spread the word and make WordPress — and the web — more secure.

WordPress Core

WordPress 6.5.2 was released on April 9, 2024, as a short-cycle security and maintenance release. This release features 2 bug fixes on Core, 12 bug fixes for the Block editor, and 1 security fix. Because this is a security release, it is recommended that you update your sites immediately.

The next major release will be version 6.6 planned for July 16, 2024.

WordPress Plugins — 310 Patched / 45 Unpatched

Plugin:: What’s New Generator
Plugin Slug:: whats-new-genarator
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-32548

Plugin:: Zero Spam for WordPress
Plugin Slug:: zero-spam
Installations: 30,000+
Vulnerability:: Bypass Vulnerability
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-32521

Plugin:: Responsive Contact Form Builder & Lead Generation Plugin
Plugin Slug:: lead-form-builder
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-1416

Plugin:: Responsive Contact Form Builder & Lead Generation Plugin
Plugin Slug:: lead-form-builder
Installations: 10,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-1415

Plugin:: PeproDev Ultimate Invoice
Plugin Slug:: pepro-ultimate-invoice
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-32518

Plugin:: Easy Textillate
Plugin Slug:: easy-textillate
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-32526

Plugin:: WP Poll Maker – Best WordPress Poll Plugin for Voting Contest
Plugin Slug:: epoll-wp-voting
Installations: 1,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-32514

Plugin:: Yoga Schedule Momoyoga
Plugin Slug:: momoyoga-integration
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-32529

Plugin:: QR Code Composer – Automatic QR code Generator
Plugin Slug:: qr-code-composer
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-32560

Plugin:: Simple Buttons Creator
Plugin Slug:: simple-buttons-creator
Installations: 30+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-2858

Plugin:: Simple Buttons Creator
Plugin Slug:: simple-buttons-creator
Installations: 30+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-2857

Plugin:: Access Category Password
Plugin Slug:: access-category-password
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-32535

Plugin:: Advanced Search
Plugin Slug:: advance-search
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-2739

Plugin:: Advanced Post Block – Post Grid for WordPress block editor
Plugin Slug:: advanced-post-block
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-0908

Plugin:: Shortcodes and extra features for Phlox theme
Plugin Slug:: auxin-elements
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2023-7064

Plugin:: Shortcodes and extra features for Phlox theme
Plugin Slug:: auxin-elements
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-3517

Plugin:: Bulk Block Converter
Plugin Slug:: bulk-block-converter
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-32542

Plugin:: Canva – Design beautiful blog graphics
Plugin Slug:: canva
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-32545

Plugin:: Custom Order Statuses for WooCommerce
Plugin Slug:: custom-order-statuses-for-woocommerce
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-32524

Plugin:: Delete Custom Fields
Plugin Slug:: delete-custom-fields
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-0613

Plugin:: Easy CountDowner
Plugin Slug:: easy-countdowner
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-32538

Plugin:: Flash Video Player
Plugin Slug:: flash-video-player
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-32537

Plugin:: Knight Lab Timeline
Plugin Slug:: knight-lab-timelinejs
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-32554

Plugin:: LoginPress Pro
Plugin Slug:: loginpress-pro
Vulnerability:: Settings Change
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-32677

Plugin:: LoginPress Pro
Plugin Slug:: loginpress-pro
Vulnerability:: Bypass Vulnerability
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-32676

Plugin:: Related Posts for WordPress
Plugin Slug:: microkids-related-posts
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-32549

Plugin:: MJ Update History
Plugin Slug:: mj-update-history
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-32543

Plugin:: Ovic Responsive WPBakery
Plugin Slug:: ovic-vc-addon
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-32142

Plugin:: PeproDev CF7 Database
Plugin Slug:: pepro-cf7-database
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2023-41864

Plugin:: Code Insert Manager (Q2W3 Inc Manager)
Plugin Slug:: q2w3-inc-manager
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-32547

Plugin:: Shopkeeper Extender
Plugin Slug:: shopkeeper-extender
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-2801

Plugin:: Shortcode Addons
Plugin Slug:: shortcode-addons
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High

Plugin:: Simple Testimonials Showcase
Plugin Slug:: simple-testimonials-showcase
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-32530

Plugin:: SP Project & Document Manager
Plugin Slug:: sp-client-document-manager
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-32551

Plugin:: Superfly Menu
Plugin Slug:: superfly-menu
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-32553

Plugin:: Tax Rate Upload
Plugin Slug:: tax-rate-upload
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-32546

Plugin:: Mega Addons For Elementor
Plugin Slug:: ultimate-addons-for-elementor
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-32515

Plugin:: WidgetKit
Plugin Slug:: widgetkit-for-elementor
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-2137

Plugin:: 2Checkout Payment Gateway for WooCommerce
Plugin Slug:: woocommerce-2checkout-payment
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-0629

Plugin:: Simple Registration for WooCommerce
Plugin Slug:: woocommerce-simple-registration
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-32511

Plugin:: WP-Cufon
Plugin Slug:: wp-cufon
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-32541

Plugin:: WP File Download Light
Plugin Slug:: wp-file-download-light
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-32539

Plugin:: WP TradingView
Plugin Slug:: wp-tradingview
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-32536

Plugin:: WP User Profile Avatar
Plugin Slug:: wp-user-profile-avatar
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2023-6067

Plugin:: Z Y N I T H
Plugin Slug:: zynith-seo
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-32562

Plugin:: Really Simple SSL
Plugin Slug:: really-simple-ssl
Installations: 5,000,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 8.0.0
Severity Score:: Medium
CVE:: 2024-31229

Plugin:: WooCommerce
Plugin Slug:: woocommerce
Installations: 5,000,000+
Vulnerability:: Broken Access Control
Patched in Version:: 8.6
Severity Score:: Medium
CVE:: 2024-1310

Plugin:: Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
Plugin Slug:: essential-addons-for-elementor-lite
Installations: 2,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.9.15
Severity Score:: Medium
CVE:: 2024-3333

Plugin:: Rank Math SEO with AI Best SEO Tools
Plugin Slug:: seo-by-rank-math
Installations: 2,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.217
Severity Score:: Medium
CVE:: 2024-3665

Plugin:: ElementsKit Elementor addons and Templates Library
Plugin Slug:: elementskit-lite
Installations: 1,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.0.7
Severity Score:: Medium
CVE:: 2024-32505

Plugin:: Speed Optimizer – The All-In-One WordPress Performance-Boosting Plugin
Plugin Slug:: sg-cachepress
Installations: 1,000,000+
Vulnerability:: Broken Access Control
Patched in Version:: 7.5.0
Severity Score:: Medium
CVE:: 2024-32532

Plugin:: Smart Slider 3
Plugin Slug:: smart-slider-3
Installations: 900,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.5.1.23
Severity Score:: Medium
CVE:: 2024-3027

Plugin:: Meta Box – WordPress Custom Fields Framework
Plugin Slug:: meta-box
Installations: 700,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.9.4
Severity Score:: Medium
CVE:: 2024-1204

Plugin:: Premium Addons for Elementor
Plugin Slug:: premium-addons-for-elementor
Installations: 700,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.10.26
Severity Score:: Medium
CVE:: 2024-32791

Plugin:: Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Slideshows
Plugin Slug:: ml-slider
Installations: 600,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.70.1
Severity Score:: Medium
CVE:: 2024-3285

Plugin:: WP Shortcodes Plugin — Shortcodes Ultimate
Plugin Slug:: shortcodes-ultimate
Installations: 600,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.0.5
Severity Score:: Medium
CVE:: 2024-2583

Plugin:: Click to Chat – HoliThemes
Plugin Slug:: click-to-chat-for-whatsapp
Installations: 500,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 4.0
Severity Score:: High
CVE:: 2024-3849

Plugin:: Happy Addons for Elementor
Plugin Slug:: happy-elementor-addons
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.10.6
Severity Score:: Medium
CVE:: 2024-3891

Plugin:: Happy Addons for Elementor
Plugin Slug:: happy-elementor-addons
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.10.5
Severity Score:: Medium
CVE:: 2024-32698

Plugin:: Happy Addons for Elementor
Plugin Slug:: happy-elementor-addons
Installations: 400,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 3.10.5
Severity Score:: Medium
CVE:: 2024-1387

Plugin:: Migration, Backup, Staging – WPvivid
Plugin Slug:: wpvivid-backuprestore
Installations: 400,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 0.9.100
Severity Score:: Medium
CVE:: 2024-3054

Plugin:: Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE
Plugin Slug:: otter-blocks
Installations: 300,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.6
Severity Score:: Medium
CVE:: 2024-2729

Plugin:: Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE
Plugin Slug:: otter-blocks
Installations: 300,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.10
Severity Score:: Medium
CVE:: 2024-3725

Plugin:: Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE
Plugin Slug:: otter-blocks
Installations: 300,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.9
Severity Score:: Medium
CVE:: 2024-3343

Plugin:: Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE
Plugin Slug:: otter-blocks
Installations: 300,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.9
Severity Score:: Medium
CVE:: 2024-3344

Plugin:: Royal Elementor Addons and Templates
Plugin Slug:: royal-elementor-addons
Installations: 300,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.972
Severity Score:: Medium
CVE:: 2024-3675

Plugin:: Royal Elementor Addons and Templates
Plugin Slug:: royal-elementor-addons
Installations: 300,000+
Vulnerability:: Bypass Vulnerability
Patched in Version:: 1.3.95
Severity Score:: Medium
CVE:: 2024-32786

Plugin:: Royal Elementor Addons and Templates
Plugin Slug:: royal-elementor-addons
Installations: 300,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 1.3.95
Severity Score:: High
CVE:: 2024-1567

Plugin:: FileBird – WordPress Media Library Folders & File Manager
Plugin Slug:: filebird
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.6.4
Severity Score:: Medium
CVE:: 2024-2345

Plugin:: FileBird – WordPress Media Library Folders & File Manager
Plugin Slug:: filebird
Installations: 200,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 5.6.4
Severity Score:: Medium
CVE:: 2024-2346

Plugin:: Jeg Elementor Kit
Plugin Slug:: jeg-elementor-kit
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.4
Severity Score:: Medium
CVE:: 2024-32721

Plugin:: Photo Gallery by 10Web – Mobile-Friendly Image Gallery
Plugin Slug:: photo-gallery
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8.22
Severity Score:: High
CVE:: 2024-32583

Plugin:: Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin
Plugin Slug:: ultimate-member
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.8.5
Severity Score:: Medium
CVE:: 2024-2765

Plugin:: Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress
Plugin Slug:: wp-user-avatar
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.15.5
Severity Score:: Medium
CVE:: 2024-2867

Plugin:: YITH WooCommerce Compare
Plugin Slug:: yith-woocommerce-compare
Installations: 200,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.38.0
Severity Score:: Medium
CVE:: 2024-32699

Plugin:: Ivory Search – WordPress Search Plugin
Plugin Slug:: add-search-to-menu
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.5.6
Severity Score:: Medium
CVE:: 2024-3233

Plugin:: Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)
Plugin Slug:: bdthemes-element-pack-lite
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.6.1
Severity Score:: Medium
CVE:: 2024-32572

Plugin:: Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)
Plugin Slug:: bdthemes-element-pack-lite
Installations: 100,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 5.6.0
Severity Score:: Medium
CVE:: 2024-2966

Plugin:: Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider)
Plugin Slug:: bdthemes-prime-slider-lite
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.14.1
Severity Score:: Medium
CVE:: 2024-1730

Plugin:: Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider)
Plugin Slug:: bdthemes-prime-slider-lite
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.13.3
Severity Score:: High
CVE:: 2024-32682

Plugin:: Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider)
Plugin Slug:: bdthemes-prime-slider-lite
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.13.3
Severity Score:: Medium
CVE:: 2024-32681

Plugin:: Colibri Page Builder
Plugin Slug:: colibri-page-builder
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.264
Severity Score:: Medium
CVE:: 2024-3338

Plugin:: Colibri Page Builder
Plugin Slug:: colibri-page-builder
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.274
Severity Score:: Medium
CVE:: 2024-3340

Plugin:: Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates
Plugin Slug:: essential-blocks
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.5.10
Severity Score:: Medium
CVE:: 2024-3818

Plugin:: Table Rate Shipping Method for WooCommerce by Flexible Shipping
Plugin Slug:: flexible-shipping
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.24.16
Severity Score:: Medium
CVE:: 2024-32828

Plugin:: GiveWP – Donation Plugin and Fundraising Platform
Plugin Slug:: give
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.7.0
Severity Score:: Medium
CVE:: 2024-1957

Plugin:: HT Mega – Absolute Addons For Elementor
Plugin Slug:: ht-mega-for-elementor
Installations: 100,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.4.8
Severity Score:: Medium
CVE:: 2024-32782

Plugin:: HT Mega – Absolute Addons For Elementor
Plugin Slug:: ht-mega-for-elementor
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.9
Severity Score:: Medium
CVE:: 2024-2790

Plugin:: HT Mega – Absolute Addons For Elementor
Plugin Slug:: ht-mega-for-elementor
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.7
Severity Score:: Medium
CVE:: 2024-2085

Plugin:: HT Mega – Absolute Addons For Elementor
Plugin Slug:: ht-mega-for-elementor
Installations: 100,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.4.7
Severity Score:: High
CVE:: 2023-6214

Plugin:: HT Mega – Absolute Addons For Elementor
Plugin Slug:: ht-mega-for-elementor
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.5.0
Severity Score:: Medium
CVE:: 2024-3307

Plugin:: Hummingbird – Optimize Speed, Enable Cache, Minify CSS & Defer Critical JS
Plugin Slug:: hummingbird-performance
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.7.4
Severity Score:: Medium
CVE:: 2024-32792

Plugin:: Inline Related Posts
Plugin Slug:: intelly-related-posts
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.6.0
Severity Score:: Medium
CVE:: 2023-6257

Plugin:: Schema & Structured Data for WP & AMP
Plugin Slug:: schema-and-structured-data-for-wp
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.30
Severity Score:: Medium
CVE:: 2024-3491

Plugin:: Social Media Share Buttons & Social Sharing Icons
Plugin Slug:: ultimate-social-media-icons
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.8.9
Severity Score:: Medium
CVE:: 2024-2118

Plugin:: WooCommerce Multilingual & Multicurrency with WPML
Plugin Slug:: woocommerce-multilingual
Installations: 100,000+
Vulnerability:: SQL Injection
Patched in Version:: 5.3.4
Severity Score:: High
CVE:: 2024-32602

Plugin:: HUSKY – Products Filter Professional for WooCommerce
Plugin Slug:: woocommerce-products-filter
Installations: 100,000+
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: 1.3.5.3
Severity Score:: High
CVE:: 2024-32680

Plugin:: ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor)
Plugin Slug:: woolentor-addons
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.8.2
Severity Score:: Medium
CVE:: 2023-7067

Plugin:: Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce
Plugin Slug:: email-subscribers
Installations: 90,000+
Vulnerability:: SQL Injection
Patched in Version:: 5.7.15
Severity Score:: Critical
CVE:: 2024-2876

Plugin:: Enhanced Media Library
Plugin Slug:: enhanced-media-library
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.8.10
Severity Score:: Medium
CVE:: 2024-2840

Plugin:: LearnPress – WordPress LMS Plugin
Plugin Slug:: learnpress
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.2.6.5
Severity Score:: Medium
CVE:: 2024-3560

Plugin:: Master Slider – Responsive Touch Slider
Plugin Slug:: master-slider
Installations: 90,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 3.9.7
Severity Score:: High
CVE:: 2024-32600

Plugin:: Master Slider – Responsive Touch Slider
Plugin Slug:: master-slider
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.9.9
Severity Score:: Medium
CVE:: 2024-32580

Plugin:: Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions
Plugin Slug:: paid-memberships-pro
Installations: 90,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.0
Severity Score:: Medium
CVE:: 2024-32794

Plugin:: Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions
Plugin Slug:: paid-memberships-pro
Installations: 90,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.0
Severity Score:: Medium
CVE:: 2024-32793

Plugin:: Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions
Plugin Slug:: paid-memberships-pro
Installations: 90,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.0.2
Severity Score:: Medium
CVE:: 2024-3215

Plugin:: VK Block Patterns
Plugin Slug:: vk-block-patterns
Installations: 90,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.31.1.1
Severity Score:: Medium
CVE:: 2024-32826

Plugin:: Product Feed PRO for WooCommerce by AdTribes – WooCommerce Product Feeds for Google, Facebook/Meta, Bing, & More
Plugin Slug:: woo-product-feed-pro
Installations: 90,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 13.3.2
Severity Score:: Medium
CVE:: 2024-32513

Plugin:: WP Show Posts
Plugin Slug:: wp-show-posts
Installations: 90,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.1.6
Severity Score:: Medium
CVE:: 2023-6731

Plugin:: WP STAGING WordPress Backup Plugin – Migration Backup Restore
Plugin Slug:: wp-staging
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.4.0
Severity Score:: Medium
CVE:: 2024-2309

Plugin:: Backup Migration
Plugin Slug:: backup-backup
Installations: 80,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.4.4
Severity Score:: Medium
CVE:: 2024-32686

Plugin:: Import and export users and customers
Plugin Slug:: import-users-from-csv-with-meta
Installations: 80,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 1.26.3
Severity Score:: Medium
CVE:: 2024-32817

Plugin:: WPZOOM Social Feed Widget & Block
Plugin Slug:: instagram-widget-by-wpzoom
Installations: 80,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.1.14
Severity Score:: Medium
CVE:: 2024-3662

Plugin:: Real Media Library: Media Library Folder & File Manager
Plugin Slug:: real-media-library-lite
Installations: 80,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.22.12
Severity Score:: Medium
CVE:: 2024-2328

Plugin:: Theme My Login
Plugin Slug:: theme-my-login
Installations: 80,000+
Vulnerability:: Broken Access Control
Patched in Version:: 7.1.7
Severity Score:: Medium
CVE:: 2024-32525

Plugin:: Comments – wpDiscuz
Plugin Slug:: wpdiscuz
Installations: 80,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.6.16
Severity Score:: Medium
CVE:: 2024-2477

Plugin:: Database for Contact Form 7, WPforms, Elementor forms
Plugin Slug:: contact-form-entries
Installations: 70,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.9
Severity Score:: High
CVE:: 2024-3715

Plugin:: User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin
Plugin Slug:: user-registration
Installations: 70,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.2.0
Severity Score:: High
CVE:: 2024-2417

Plugin:: User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin
Plugin Slug:: user-registration
Installations: 70,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.2.0
Severity Score:: Medium
CVE:: 2024-3295

Plugin:: Export and Import Users and Customers
Plugin Slug:: users-customers-import-export-for-wp-woocommerce
Installations: 70,000+
Vulnerability:: Deserialization of untrusted data
Patched in Version:: 2.5.4
Severity Score:: Medium
CVE:: 2024-32835

Plugin:: Cornerstone
Plugin Slug:: cornerstone
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 0.8.1
Severity Score:: High
CVE:: 2024-32570

Plugin:: Customer Reviews for WooCommerce
Plugin Slug:: customer-reviews-woocommerce
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.48.0
Severity Score:: High
CVE:: 2024-3731

Plugin:: Customer Reviews for WooCommerce
Plugin Slug:: customer-reviews-woocommerce
Installations: 60,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.47.0
Severity Score:: Medium
CVE:: 2024-3869

Plugin:: Customer Reviews for WooCommerce
Plugin Slug:: customer-reviews-woocommerce
Installations: 60,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.47.0
Severity Score:: Medium
CVE:: 2024-3243

Plugin:: Exclusive Addons for Elementor
Plugin Slug:: exclusive-addons-for-elementor
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.9.4
Severity Score:: Medium
CVE:: 2024-2750

Plugin:: Exclusive Addons for Elementor
Plugin Slug:: exclusive-addons-for-elementor
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.9.5
Severity Score:: Medium
CVE:: 2024-3489

Plugin:: Exclusive Addons for Elementor
Plugin Slug:: exclusive-addons-for-elementor
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.9.3
Severity Score:: Medium
CVE:: 2024-32557

Plugin:: WPC Smart Quick View for WooCommerce
Plugin Slug:: woo-smart-quick-view
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.0.3
Severity Score:: Medium
CVE:: 2023-6494

Plugin:: WP 2FA – Two-factor authentication for WordPress
Plugin Slug:: wp-2fa
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.3
Severity Score:: High
CVE:: 2024-32568

Plugin:: Easy Social Feed – Social Photos Gallery – Post Feed – Like Box
Plugin Slug:: easy-facebook-likebox
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.5.6
Severity Score:: Medium
CVE:: 2024-1219

Plugin:: RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator
Plugin Slug:: feedzy-rss-feeds
Installations: 50,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 4.4.8
Severity Score:: Medium
CVE:: 2023-6805

Plugin:: Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder
Plugin Slug:: form-maker
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.15.24
Severity Score:: Medium
CVE:: 2024-32534

Plugin:: hCaptcha for WordPress
Plugin Slug:: hcaptcha-for-forms-and-more
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.0.1
Severity Score:: Medium
CVE:: 2024-4014

Plugin:: Popup Anything – Popup for opt-ins and Lead Generation Conversions
Plugin Slug:: popup-anything-on-click
Installations: 50,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.8.1
Severity Score:: Medium
CVE:: 2024-32601

Plugin:: Quick Featured Images
Plugin Slug:: quick-featured-images
Installations: 50,000+
Vulnerability:: Broken Access Control
Patched in Version:: 13.7.1
Severity Score:: Medium
CVE:: 2024-3664

Plugin:: Carousel Slider
Plugin Slug:: carousel-slider
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.7
Severity Score:: Medium
CVE:: 2024-1712

Plugin:: Carousel Slider
Plugin Slug:: carousel-slider
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.10
Severity Score:: Medium
CVE:: 2024-3703

Plugin:: Content Control – The Ultimate Content Restriction Plugin! Restrict Content, Create Conditional Blocks & More
Plugin Slug:: content-control
Installations: 40,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.2.0
Severity Score:: Medium
CVE:: 2024-0615

Plugin:: DethemeKit For Elementor
Plugin Slug:: dethemekit-for-elementor
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.0
Severity Score:: Medium
CVE:: 2024-32508

Plugin:: Ditty – Responsive News Tickers, Sliders, and Lists
Plugin Slug:: ditty-news-ticker
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1.32
Severity Score:: Medium
CVE:: 2024-32569

Plugin:: Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks
Plugin Slug:: post-grid
Installations: 40,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.2.79
Severity Score:: High
CVE:: 2024-32816

Plugin:: Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks
Plugin Slug:: post-grid
Installations: 40,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.2.76
Severity Score:: Medium
CVE:: 2024-0881

Plugin:: Simply Static
Plugin Slug:: simply-static
Installations: 40,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 3.1.4
Severity Score:: High
CVE:: 2024-32825

Plugin:: Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX
Plugin Slug:: ultimate-post
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.0.2
Severity Score:: Medium
CVE:: 2024-32564

Plugin:: WP 404 Auto Redirect to Similar Post
Plugin Slug:: wp-404-auto-redirect-to-similar-post
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.5
Severity Score:: High
CVE:: 2024-32559

Plugin:: Gutenberg Block Editor Toolkit – EditorsKit
Plugin Slug:: block-options
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.40.5
Severity Score:: Medium
CVE:: 2024-32586

Plugin:: FV Flowplayer Video Player
Plugin Slug:: fv-wordpress-flowplayer
Installations: 30,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 7.5.45.7212
Severity Score:: Medium
CVE:: 2024-32955

Plugin:: Slider by 10Web – Responsive Image Slider
Plugin Slug:: slider-wd
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.55
Severity Score:: High
CVE:: 2024-32578

Plugin:: Social Sharing Plugin – Social Warfare
Plugin Slug:: social-warfare
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.4.6.2
Severity Score:: Medium
CVE:: 2024-1959

Plugin:: Social Share, Social Login and Social Comments Plugin – Super Socializer
Plugin Slug:: super-socializer
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.13.64
Severity Score:: Medium
CVE:: 2024-2836

Plugin:: Testimonial Slider
Plugin Slug:: testimonial-slider-and-showcase
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.3.8
Severity Score:: Medium
CVE:: 2024-1746

Plugin:: WP Customer Reviews
Plugin Slug:: wp-customer-reviews
Installations: 30,000+
Vulnerability:: Unvalidated Redirects and Forwards
Patched in Version:: 3.7.1
Severity Score:: Medium
CVE:: 2024-1849

Plugin:: Appointment Hour Booking – WordPress Booking Plugin
Plugin Slug:: appointment-hour-booking
Installations: 20,000+
Vulnerability:: Other Vulnerability Type
Patched in Version:: 1.4.57
Severity Score:: Medium
CVE:: 2024-32720

Plugin:: Data Tables Generator by Supsystic
Plugin Slug:: data-tables-generator-by-supsystic
Installations: 20,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.10.32
Severity Score:: Medium
CVE:: 2024-32829

Plugin:: Jotform Online Forms – Drag & Drop Form Builder, Securely Embed Contact Forms
Plugin Slug:: embed-form
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.2
Severity Score:: Medium
CVE:: 2024-32527

Plugin:: Envo Extra
Plugin Slug:: envo-extra
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8.12
Severity Score:: Medium
CVE:: 2024-32456

Plugin:: HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce
Plugin Slug:: hurrytimer
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.10.0
Severity Score:: Medium
CVE:: 2024-32556

Plugin:: Pricing Table by Supsystic
Plugin Slug:: pricing-table-by-supsystic
Installations: 20,000+
Vulnerability:: Content Injection
Patched in Version:: 1.9.13
Severity Score:: Medium
CVE:: 2024-32790

Plugin:: Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers
Plugin Slug:: rafflepress
Installations: 20,000+
Vulnerability:: Bypass Vulnerability
Patched in Version:: 1.12.11
Severity Score:: Medium
CVE:: 2024-32827

Plugin:: Rate My Post – Star Rating Plugin by FeedbackWP
Plugin Slug:: rate-my-post
Installations: 20,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 3.4.5
Severity Score:: Medium
CVE:: 2024-32823

Plugin:: Secure Copy Content Protection and Content Locking
Plugin Slug:: secure-copy-content-protection
Installations: 20,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.7.2
Severity Score:: Medium
CVE:: 2024-32787

Plugin:: SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer
Plugin Slug:: smartcrawl-seo
Installations: 20,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.10.3
Severity Score:: Medium
CVE:: 2024-3287

Plugin:: Top Bar
Plugin Slug:: top-bar
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.0.5
Severity Score:: Medium
CVE:: 2024-1660

Plugin:: Social Share Icons & Social Share Buttons
Plugin Slug:: ultimate-social-media-plus
Installations: 20,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.6.3
Severity Score:: Medium
CVE:: 2024-32820

Plugin:: weForms – Easy Drag & Drop Contact Form Builder For WordPress
Plugin Slug:: weforms
Installations: 20,000+
Vulnerability:: Bypass Vulnerability
Patched in Version:: 1.6.21
Severity Score:: Medium
CVE:: 2024-32512

Plugin:: TeraWallet – Best WooCommerce Wallet System With Cashback Rewards, Partial Payment, Wallet Refunds
Plugin Slug:: woo-wallet
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.1
Severity Score:: Medium
CVE:: 2024-32584

Plugin:: Brevo for WooCommerce
Plugin Slug:: woocommerce-sendinblue-newsletter-subscription
Installations: 20,000+
Vulnerability:: Arbitrary File Download
Patched in Version:: 4.0.18
Severity Score:: High
CVE:: 2024-32807

Plugin:: WP Meta SEO
Plugin Slug:: wp-meta-seo
Installations: 20,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 4.5.13
Severity Score:: Medium
CVE:: 2023-6962

Plugin:: WP Meta SEO
Plugin Slug:: wp-meta-seo
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.5.13
Severity Score:: High
CVE:: 2023-6961

Plugin:: Advanced Floating Content Lite
Plugin Slug:: advanced-floating-content-lite
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.6
Severity Score:: Medium
CVE:: 2024-32723

Plugin:: BA Book Everything
Plugin Slug:: ba-book-everything
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.9
Severity Score:: Medium
CVE:: 2024-32598

Plugin:: BA Book Everything
Plugin Slug:: ba-book-everything
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.9
Severity Score:: Medium
CVE:: 2024-32576

Plugin:: Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss
Plugin Slug:: bp-better-messages
Installations: 10,000+
Vulnerability:: Broken Authentication
Patched in Version:: 2.4.33
Severity Score:: Medium
CVE:: 2024-32802

Plugin:: rtMedia for WordPress, BuddyPress and bbPress
Plugin Slug:: buddypress-media
Installations: 10,000+
Vulnerability:: SQL Injection
Patched in Version:: 4.6.19
Severity Score:: High
CVE:: 2024-3293

Plugin:: Language Translate Widget for WordPress – ConveyThis
Plugin Slug:: conveythis-translate
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 224
Severity Score:: High
CVE:: 2023-6811

Plugin:: EAN for WooCommerce
Plugin Slug:: ean-for-woocommerce
Installations: 10,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 4.9.3
Severity Score:: Medium
CVE:: 2023-6897

Plugin:: EAN for WooCommerce
Plugin Slug:: ean-for-woocommerce
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.9.3
Severity Score:: Medium
CVE:: 2023-6892

Plugin:: Easy Custom Auto Excerpt
Plugin Slug:: easy-custom-auto-excerpt
Installations: 10,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.5.0
Severity Score:: Medium
CVE:: 2024-3312

Plugin:: eCommerce Product Catalog Plugin for WordPress
Plugin Slug:: ecommerce-product-catalog
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.3.33
Severity Score:: High
CVE:: 2024-32558

Plugin:: Elespare – Blog, Magazine and Newspaper Addons for Elementor with Templates, Widgets, Kits, and Header/Footer Builder. One Click Import: No Coding Required!
Plugin Slug:: elespare
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.1.3
Severity Score:: Medium
CVE:: 2024-0900

Plugin:: Email Customizer for WooCommerce | Drag and Drop Email Templates Builder
Plugin Slug:: email-customizer-for-woocommerce
Installations: 10,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.6.1
Severity Score:: High
CVE:: 2024-32781

Plugin:: eRoom – Zoom Meetings & Webinars
Plugin Slug:: eroom-zoom-meetings-webinar
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.4.19
Severity Score:: Medium
CVE:: 2024-3275

Plugin:: GeoDirectory – WordPress Business Directory Plugin, or Classified Directory
Plugin Slug:: geodirectory
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.3.49
Severity Score:: Medium
CVE:: 2024-3732

Plugin:: List Custom Taxonomy Widget
Plugin Slug:: list-custom-taxonomy-widget
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.2
Severity Score:: Medium
CVE:: 2024-32833

Plugin:: Mailster WordPress Newsletter Plugin Compatibility Tester
Plugin Slug:: mailster
Installations: 10,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 4.0.7
Severity Score:: High
CVE:: 2024-32523

Plugin:: Mega Elements – Addons for Elementor
Plugin Slug:: mega-elements-addons-for-elementor
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.0
Severity Score:: Medium
CVE:: 2024-32575

Plugin:: Restaurant Menu – Food Ordering System – Table Reservation
Plugin Slug:: menu-ordering-reservations
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.2
Severity Score:: Medium
CVE:: 2024-32579

Plugin:: myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin
Plugin Slug:: mycred
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.4
Severity Score:: Medium
CVE:: 2024-32711

Plugin:: Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction
Plugin Slug:: paid-member-subscriptions
Installations: 10,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.11.1
Severity Score:: Medium
CVE:: 2024-32728

Plugin:: RomethemeKit For Elementor
Plugin Slug:: rometheme-for-elementor
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4.2
Severity Score:: Medium
CVE:: 2024-32956

Plugin:: Social Share Buttons, Social Sharing Icons, Click to Tweet — Social Media Plugin by Social Snap
Plugin Slug:: socialsnap
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.3.6
Severity Score:: Medium
CVE:: 2024-32805

Plugin:: WPC Frequently Bought Together for WooCommerce
Plugin Slug:: woo-bought-together
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 7.0.4
Severity Score:: Medium
CVE:: 2024-32687

Plugin:: WooCommerce Google Feed Manager
Plugin Slug:: wp-product-feed-manager
Installations: 10,000+
Vulnerability:: SQL Injection
Patched in Version:: 2.6.0
Severity Score:: High
CVE:: 2024-3067

Plugin:: SchedulePress – Best Editorial Calendar, Missed Schedule & Auto Social Share
Plugin Slug:: wp-scheduled-posts
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.0.9
Severity Score:: Medium
CVE:: 2024-32717

Plugin:: WP Travel Engine – Best Travel Booking WordPress Plugin
Plugin Slug:: wp-travel-engine
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.8.1
Severity Score:: High
CVE:: 2024-32798

Plugin:: WP Ultimate Review
Plugin Slug:: wp-ultimate-review
Installations: 10,000+
Vulnerability:: Bypass Vulnerability
Patched in Version:: 2.3.0
Severity Score:: Medium
CVE:: 2024-32685

Plugin:: WP Ultimate Review
Plugin Slug:: wp-ultimate-review
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.3.0
Severity Score:: Medium
CVE:: 2024-32684

Plugin:: WP Ultimate Review
Plugin Slug:: wp-ultimate-review
Installations: 10,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 2.3.0
Severity Score:: Medium
CVE:: 2024-32683

Plugin:: Frontend Admin by DynamiApps
Plugin Slug:: acf-frontend-form-element
Installations: 9,000+
Vulnerability:: Privilege Escalation
Patched in Version:: 3.19.5
Severity Score:: Critical
CVE:: 2024-3729

Plugin:: Elements Plus!
Plugin Slug:: elements-plus
Installations: 9,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.16.4
Severity Score:: Medium
CVE:: 2024-32457

Plugin:: FG Joomla to WordPress
Plugin Slug:: fg-joomla-to-wordpress
Installations: 9,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 4.21.0
Severity Score:: Medium
CVE:: 2024-32788

Plugin:: WP Cookie Consent ( for GDPR, CCPA & ePrivacy )
Plugin Slug:: gdpr-cookie-consent
Installations: 9,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.1.0
Severity Score:: Medium
CVE:: 2024-3599

Plugin:: Media Library Folders
Plugin Slug:: media-library-plus
Installations: 9,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 8.2.1
Severity Score:: High
CVE:: 2024-3615

Plugin:: RomethemeForm For Elementor
Plugin Slug:: romethemeform
Installations: 9,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.1.3
Severity Score:: Medium
CVE:: 2024-32727

Plugin:: Smart Forms – when you need more than just a contact form
Plugin Slug:: smart-forms
Installations: 9,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.6.94
Severity Score:: Medium
CVE:: 2024-1307

Plugin:: Smart Forms – when you need more than just a contact form
Plugin Slug:: smart-forms
Installations: 9,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.6.94
Severity Score:: Medium
CVE:: 2024-1306

Plugin:: WP LinkedIn Auto Publish
Plugin Slug:: wp-linkedin-auto-publish
Installations: 9,000+
Vulnerability:: Broken Access Control
Patched in Version:: 8.12
Severity Score:: Medium
CVE:: 2024-32797

Plugin:: WordPress Backup & Migration
Plugin Slug:: wp-migration-duplicator
Installations: 9,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.4.9
Severity Score:: Medium
CVE:: 2024-3546

Plugin:: WP Social Comments
Plugin Slug:: gs-facebook-comments
Installations: 8,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.7.4
Severity Score:: Medium
CVE:: 2024-32689

Plugin:: Maintenance Mode
Plugin Slug:: hkdev-maintenance-mode
Installations: 8,000+
Vulnerability:: Bypass Vulnerability
Patched in Version:: 3.0.2
Severity Score:: Low
CVE:: 2024-32708

Plugin:: LearnPress Export Import – WordPress extension for LearnPress
Plugin Slug:: learnpress-import-export
Installations: 8,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.0.4
Severity Score:: High
CVE:: 2024-32588

Plugin:: Tagembed: Embed Twitter Feed, Google Reviews, YouTube Videos, TikTok, RSS Feed & More Social Media Feeds
Plugin Slug:: tagembed-widget
Installations: 8,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.9
Severity Score:: Medium
CVE:: 2024-32561

Plugin:: VikBooking Hotel Booking Engine & PMS
Plugin Slug:: vikbooking
Installations: 8,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.8
Severity Score:: High
CVE:: 2024-32563

Plugin:: ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup
Plugin Slug:: armember-membership
Installations: 7,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.0.29
Severity Score:: Critical
CVE:: 2024-32948

Plugin:: Icon Widget
Plugin Slug:: icon-widget
Installations: 7,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4.0
Severity Score:: Medium
CVE:: 2024-1993

Plugin:: ProfileGrid – User Profiles, Memberships, Groups and Communities
Plugin Slug:: profilegrid-user-profiles-groups-and-communities
Installations: 7,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 5.8.0
Severity Score:: Medium
CVE:: 2024-32808

Plugin:: ProfileGrid – User Profiles, Memberships, Groups and Communities
Plugin Slug:: profilegrid-user-profiles-groups-and-communities
Installations: 7,000+
Vulnerability:: Bypass Vulnerability
Patched in Version:: 5.8.3
Severity Score:: Medium
CVE:: 2024-32774

Plugin:: ProfileGrid – User Profiles, Memberships, Groups and Communities
Plugin Slug:: profilegrid-user-profiles-groups-and-communities
Installations: 7,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 5.8.0
Severity Score:: Medium
CVE:: 2024-32772

Plugin:: ProfileGrid – User Profiles, Memberships, Groups and Communities
Plugin Slug:: profilegrid-user-profiles-groups-and-communities
Installations: 7,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.8.4
Severity Score:: Medium
CVE:: 2024-3606

Plugin:: Country State City Dropdown CF7
Plugin Slug:: country-state-city-auto-dropdown
Installations: 6,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.7.2
Severity Score:: Medium
CVE:: 2024-3520

Plugin:: Easy Property Listings
Plugin Slug:: easy-property-listings
Installations: 6,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.5.4
Severity Score:: Medium
CVE:: 2024-32799

Plugin:: EnvíaloSimple: Email Marketing y Newsletters
Plugin Slug:: envialosimple-email-marketing-y-newsletters-gratis
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.3
Severity Score:: Medium
CVE:: 2024-32587

Plugin:: Image Slider
Plugin Slug:: image-slider-widget
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.127
Severity Score:: Medium
CVE:: 2024-32707

Plugin:: Poll Maker – Best WordPress Poll Plugin
Plugin Slug:: poll-maker
Installations: 6,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.1.9
Severity Score:: Medium
CVE:: 2024-3601

Plugin:: Poll Maker – Best WordPress Poll Plugin
Plugin Slug:: poll-maker
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.1.9
Severity Score:: High
CVE:: 2024-3600

Plugin:: Radio Player – Live Shoutcast, Icecast and Any Audio Stream Player for WordPress
Plugin Slug:: radio-player
Installations: 6,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.0.74
Severity Score:: Medium
CVE:: 2024-32506

Plugin:: Responsive Tabs
Plugin Slug:: responsive-tabs
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.0.7
Severity Score:: Medium
CVE:: 2024-1846

Plugin:: Podlove Podcast Publisher
Plugin Slug:: podlove-podcasting-plugin-for-wordpress
Installations: 5,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 4.0.12
Severity Score:: Medium
CVE:: 2024-32812

Plugin:: Podlove Podcast Publisher
Plugin Slug:: podlove-podcasting-plugin-for-wordpress
Installations: 5,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.0.15
Severity Score:: High
CVE:: 2024-32712

Plugin:: Salon booking system
Plugin Slug:: salon-booking-system
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 9.6.3
Severity Score:: High
CVE:: 2024-2101

Plugin:: TrackShip for WooCommerce
Plugin Slug:: trackship-for-woocommerce
Installations: 5,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.7.6
Severity Score:: Medium
CVE:: 2024-32678

Plugin:: Ultimate 410 Gone Status Code
Plugin Slug:: ultimate-410
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.5
Severity Score:: Medium
CVE:: 2024-3677

Plugin:: MyRewards – Loyalty Points and Rewards for WooCommerce – Reward orders, referrals, product reviews and more
Plugin Slug:: woorewards
Installations: 5,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.3.1
Severity Score:: Medium
CVE:: 2024-32688

Plugin:: Shopping Cart & eCommerce Store
Plugin Slug:: wp-easycart
Installations: 5,000+
Vulnerability:: SQL Injection
Patched in Version:: 5.6.4
Severity Score:: High
CVE:: 2024-3211

Plugin:: Advanced Local Pickup for WooCommerce
Plugin Slug:: advanced-local-pickup-for-woocommerce
Installations: 4,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.6.2
Severity Score:: Medium
CVE:: 2024-32814

Plugin:: Embed Google Photos album
Plugin Slug:: embed-google-photos-album-easily
Installations: 4,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 2.2.1
Severity Score:: Medium
CVE:: 2024-32775

Plugin:: Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin
Plugin Slug:: everest-backup
Installations: 4,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 2.2.5
Severity Score:: Critical
CVE:: 2023-7201

Plugin:: 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin
Plugin Slug:: real3d-flipbook-lite
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.63
Severity Score:: High
CVE:: 2024-32694

Plugin:: RSS Feed Widget
Plugin Slug:: rss-feed-widget
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.9.8
Severity Score:: Medium
CVE:: 2024-32690

Plugin:: Tickera – WordPress Event Ticketing
Plugin Slug:: tickera-event-ticketing-system
Installations: 4,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 3.5.2.5
Severity Score:: Medium
CVE:: 2023-7252

Plugin:: VikRentCar Car Rental Management System
Plugin Slug:: vikrentcar
Installations: 4,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.3.3
Severity Score:: Medium
CVE:: 2024-32780

Plugin:: WP ADA Compliance Check Basic – Most Comprehensive Web Accessibility Solution for WordPress
Plugin Slug:: wp-ada-compliance-check-basic
Installations: 4,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.1.4
Severity Score:: Medium
CVE:: 2024-32947

Plugin:: WP Dummy Content Generator
Plugin Slug:: wp-dummy-content-generator
Installations: 4,000+
Vulnerability:: Arbitrary Code Execution
Patched in Version:: 3.3.0
Severity Score:: Critical
CVE:: 2024-32599

Plugin:: WP Fusion Lite – Marketing Automation and CRM Integration for WordPress
Plugin Slug:: wp-fusion-lite
Installations: 4,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 3.43.0
Severity Score:: Medium
CVE:: 2024-32796

Plugin:: WPC Grouped Product for WooCommerce
Plugin Slug:: wpc-grouped-product
Installations: 4,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.4.3
Severity Score:: Medium
CVE:: 2024-32520

Plugin:: Coupon & Discount Code Reveal Button
Plugin Slug:: coupon-reveal-button
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.6
Severity Score:: Medium
CVE:: 2024-32722

Plugin:: Debug Log Manager
Plugin Slug:: debug-log-manager
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.3.2
Severity Score:: High
CVE:: 2024-32582

Plugin:: WP-FormAssembly
Plugin Slug:: formassembly-web-forms
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.11
Severity Score:: Medium
CVE:: 2023-49768

Plugin:: HelloAsso
Plugin Slug:: helloasso
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.6
Severity Score:: Medium
CVE:: 2024-32697

Plugin:: MaxGalleria
Plugin Slug:: maxgalleria
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: 6.4.3
Severity Score:: Medium
CVE:: 2024-3581

Plugin:: Navigation menu as Dropdown Widget
Plugin Slug:: navigation-menu-as-dropdown-widget
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.5
Severity Score:: Medium
CVE:: 2024-32126

Plugin:: Newsletters
Plugin Slug:: newsletters-lite
Installations: 3,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 4.9.6
Severity Score:: Critical
CVE:: 2024-32954

Plugin:: Newsletters
Plugin Slug:: newsletters-lite
Installations: 3,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 4.9.6
Severity Score:: High
CVE:: 2024-32953

Plugin:: Shared Files – Advanced File Sharing & Download Manager with Frontend Uploads & Lead Generation
Plugin Slug:: shared-files
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.7.17
Severity Score:: Medium
CVE:: 2024-32679

Plugin:: Vision – Image Map Builder
Plugin Slug:: vision
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.7.2
Severity Score:: Medium
CVE:: 2024-32779

Plugin:: Widget Post Slider
Plugin Slug:: widget-post-slider
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.6
Severity Score:: Medium
CVE:: 2024-32801

Plugin:: WP-Lister Lite for eBay
Plugin Slug:: wp-lister-for-ebay
Installations: 3,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 3.6.0
Severity Score:: Critical
CVE:: 2024-32836

Plugin:: WP-Lister Lite for eBay
Plugin Slug:: wp-lister-for-ebay
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.6.0
Severity Score:: Medium
CVE:: 2024-32573

Plugin:: WP-Recall – Registration, Profile, Commerce & More
Plugin Slug:: wp-recall
Installations: 3,000+
Vulnerability:: SQL Injection
Patched in Version:: 16.26.6
Severity Score:: High
CVE:: 2024-32710

Plugin:: WP-Recall – Registration, Profile, Commerce & More
Plugin Slug:: wp-recall
Installations: 3,000+
Vulnerability:: SQL Injection
Patched in Version:: 16.26.6
Severity Score:: Critical
CVE:: 2024-32709

Plugin:: WP-Recall – Registration, Profile, Commerce & More
Plugin Slug:: wp-recall
Installations: 3,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 16.26.6
Severity Score:: Medium
CVE:: 2024-32604

Plugin:: WP Stripe Checkout
Plugin Slug:: wp-stripe-checkout
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.2.42
Severity Score:: Medium
CVE:: 2024-32571

Plugin:: Accessibility Widget
Plugin Slug:: accessibility-widget
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.1
Severity Score:: Medium
CVE:: 2024-32831

Plugin:: Advanced Testimonial Carousel for Elementor
Plugin Slug:: advanced-testimonial-carousel-for-elementor
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.0.1
Severity Score:: Medium
CVE:: 2024-32783

Plugin:: All-in-one Like Widget
Plugin Slug:: all-in-one-facebook-like-widget
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.8
Severity Score:: Medium
CVE:: 2024-32815

Plugin:: Custom Thank You Page Customize For WooCommerce by Binary Carpenter
Plugin Slug:: bc-woo-custom-thank-you-pages
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.4.14
Severity Score:: Medium
CVE:: 2024-32517

Plugin:: CookieHub – Cookie Consent Banner (DSGVO, CCPA, RGPD and GDPR compliance)
Plugin Slug:: cookiehub
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.1.1
Severity Score:: Medium
CVE:: 2024-32784

Plugin:: GG Woo Feed for WooCommerce Shopping Feed on Google Facebook and Other Channels
Plugin Slug:: gg-woo-feed
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.2.7
Severity Score:: Medium
CVE:: 2024-32519

Plugin:: InstaWP Connect – 1-click WP Staging & Migration
Plugin Slug:: instawp-connect
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 0.1.0.25
Severity Score:: Medium
CVE:: 2024-32701

Plugin:: Kattene
Plugin Slug:: kattene
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8
Severity Score:: Medium
CVE:: 2024-32590

Plugin:: LH Add Media From Url
Plugin Slug:: lh-add-media-from-url
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.23
Severity Score:: High
CVE:: 2024-32533

Plugin:: Mortgage Calculators WP
Plugin Slug:: mortgage-calculators-wp
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.60
Severity Score:: Medium
CVE:: 2024-32581

Plugin:: Active Products Tables for WooCommerce. Use constructor to create tables
Plugin Slug:: profit-products-tables-for-woocommerce
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.0.6.3
Severity Score:: Medium
CVE:: 2024-32691

Plugin:: The Pack Elementor addons (Header Footer & WooCommerce Builder, Template Library)
Plugin Slug:: the-pack-addon
Installations: 2,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.0.8.4
Severity Score:: High
CVE:: 2024-32785

Plugin:: The Pack Elementor addons (Header Footer & WooCommerce Builder, Template Library)
Plugin Slug:: the-pack-addon
Installations: 2,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 2.0.8.3
Severity Score:: Medium
CVE:: 2024-32718

Plugin:: Open Close WooCommerce Store – Best Business Schedules Manager
Plugin Slug:: woc-open-close
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.9.2
Severity Score:: Medium
CVE:: 2024-32522

Plugin:: SuperFaktura WooCommerce
Plugin Slug:: woocommerce-superfaktura
Installations: 2,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 1.40.4
Severity Score:: Medium
CVE:: 2024-32803

Plugin:: WP Helper Premium
Plugin Slug:: wp-helper-lite
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.6.0
Severity Score:: High
CVE:: 2024-32595

Plugin:: Academy LMS – eLearning and online course solution for WordPress
Plugin Slug:: academy
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.9.17
Severity Score:: Medium
CVE:: 2024-32714

Plugin:: ActiveDEMAND
Plugin Slug:: activedemand
Installations: 1,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 0.2.42
Severity Score:: Critical
CVE:: 2024-32809

Plugin:: AI Post Generator | AutoWriter
Plugin Slug:: ai-post-generator
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.4
Severity Score:: Medium
CVE:: 2024-32713

Plugin:: EleForms – All In One Form Integration including DB for Elementor
Plugin Slug:: all-contact-form-integration-for-elementor
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.9.9.8
Severity Score:: Medium
CVE:: 2024-2043

Plugin:: EleForms – All In One Form Integration including DB for Elementor
Plugin Slug:: all-contact-form-integration-for-elementor
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.9.9.8
Severity Score:: High
CVE:: 2024-2082

Plugin:: App Builder – Create Native Android & iOS Apps On The Flight
Plugin Slug:: app-builder
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.8.9
Severity Score:: Medium
CVE:: 2024-32565

Plugin:: AppPresser – Mobile App Framework
Plugin Slug:: apppresser
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.3.1
Severity Score:: Medium
CVE:: 2024-32776

Plugin:: Attesa Extra
Plugin Slug:: attesa-extra
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4.0
Severity Score:: Medium
CVE:: 2024-32594

Plugin:: Backend Designer
Plugin Slug:: backend-designer
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4
Severity Score:: Medium
CVE:: 2024-32591

Plugin:: Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC)
Plugin Slug:: buddyforms
Installations: 1,000+
Vulnerability:: Arbitrary File Download
Patched in Version:: 2.8.9
Severity Score:: High
CVE:: 2024-32830

Plugin:: Import Content in WordPress & WooCommerce with Excel
Plugin Slug:: content-excel-importer
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.3
Severity Score:: Medium
CVE:: 2024-32585

Plugin:: Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Competition Plugin for WordPress
Plugin Slug:: contest-gallery
Installations: 1,000+
Vulnerability:: Arbitrary File Deletion
Patched in Version:: 21.3.5
Severity Score:: High
CVE:: 2024-32778

Plugin:: Culqi
Plugin Slug:: culqi-checkout
Installations: 1,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 3.0.15
Severity Score:: Medium
CVE:: 2024-32819

Plugin:: DirectoryPress – Business Directory And Classified Ad Listing
Plugin Slug:: directorypress
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.6.8
Severity Score:: High
CVE:: 2024-32567

Plugin:: DSGVO Youtube
Plugin Slug:: dsgvo-youtube
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4.6
Severity Score:: Medium
CVE:: 2024-32596

Plugin:: USPS Shipping for WooCommerce – Live Rates
Plugin Slug:: flexible-shipping-usps
Installations: 1,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.10.0
Severity Score:: Medium
CVE:: 2024-32811

Plugin:: Headline Analyzer
Plugin Slug:: headline-analyzer
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.3.4
Severity Score:: Medium
CVE:: 2024-32806

Plugin:: AI Infographic Maker
Plugin Slug:: infographic-and-list-builder-ilist
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.6.8
Severity Score:: Medium
CVE:: 2024-32696

Plugin:: Login with phone number
Plugin Slug:: login-with-phone-number
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.6.94
Severity Score:: Critical
CVE:: 2024-32832

Plugin:: Login with phone number
Plugin Slug:: login-with-phone-number
Installations: 1,000+
Vulnerability:: Privilege Escalation
Patched in Version:: 1.7.17
Severity Score:: High
CVE:: 2024-32507

Plugin:: Netgsm
Plugin Slug:: netgsm
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.9
Severity Score:: High
CVE:: 2024-32544

Plugin:: BizPrint – Print WooCommerce Order Receipts, Invoices, Labels & More.
Plugin Slug:: print-google-cloud-print-gcp-woocommerce
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.5.4
Severity Score:: High
CVE:: 2024-32777

Plugin:: Reviews Plus
Plugin Slug:: reviews-plus
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.3.5
Severity Score:: Medium
CVE:: 2024-32822

Plugin:: Seers | GDPR & CCPA Cookie Consent & Compliance
Plugin Slug:: seers-cookie-consent-banner-privacy-policy
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 8.1.1
Severity Score:: High
CVE:: 2024-32789

Plugin:: WooCommerce Shipping Label
Plugin Slug:: shipping-labels-for-woo
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.3.9
Severity Score:: Medium
CVE:: 2024-32834

Plugin:: StreamWeasels Twitch Integration
Plugin Slug:: streamweasels-twitch-integration
Installations: 1,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.8.0
Severity Score:: Medium
CVE:: 2024-32716

Plugin:: Tagbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics
Plugin Slug:: taggbox-widget
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.3
Severity Score:: Medium
CVE:: 2024-32552

Plugin:: Poll | Vote | Contest – Best Poll Plugin for WordPress
Plugin Slug:: totalpoll-lite
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.10.0
Severity Score:: Medium
CVE:: 2024-32821

Plugin:: Void Elementor WHMCS Elements For Elementor Page Builder
Plugin Slug:: void-elementor-whmcs-elements
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.1
Severity Score:: Medium
CVE:: 2024-32592

Plugin:: Multi Currency For WooCommerce
Plugin Slug:: wc-multi-currency
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.5.6
Severity Score:: Medium
CVE:: 2024-32516

Plugin:: Order Limit for WooCommerce
Plugin Slug:: wc-order-limit-lite
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.0.1
Severity Score:: Medium
CVE:: 2024-32675

Plugin:: BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages
Plugin Slug:: wc4bp
Installations: 1,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 3.4.21
Severity Score:: High
CVE:: 2024-32603

Plugin:: SharkDropship and Affiliate for AliExpress, eBay, Amazon, Etsy
Plugin Slug:: woo-aliexpress-dropshipping
Installations: 1,000+
Vulnerability:: Arbitrary Content Deletion
Patched in Version:: 2.1.2
Severity Score:: High
CVE:: 2024-32724

Plugin:: WP Club Manager – WordPress Sports Club Plugin
Plugin Slug:: wp-club-manager
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.2.12
Severity Score:: Medium
CVE:: 2024-32719

Plugin:: WP Club Manager – WordPress Sports Club Plugin
Plugin Slug:: wp-club-manager
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.12
Severity Score:: Medium
CVE:: 2024-32566

Plugin:: WP Dynamic Keywords Injector
Plugin Slug:: wp-dynamic-keywords-injector
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.3.22
Severity Score:: High
CVE:: 2024-32528

Plugin:: WP GoToWebinar
Plugin Slug:: wp-gotowebinar
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 15.1
Severity Score:: Medium
CVE:: 2024-32804

Plugin:: MDTF – Meta Data and Taxonomies Filter
Plugin Slug:: wp-meta-data-filter-and-taxonomy-filter
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.3.3.1
Severity Score:: Medium
CVE:: 2024-32818

Plugin:: WordPress Simple HTML Sitemap
Plugin Slug:: wp-simple-html-sitemap
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.9
Severity Score:: High
CVE:: 2024-32574

Plugin:: WP Smart Import : Import any XML File to WordPress
Plugin Slug:: wp-smart-import
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.0
Severity Score:: Medium
CVE:: 2024-32597

Plugin:: WPBITS Addons For Elementor Page Builder
Plugin Slug:: wpbits-addons-for-elementor
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4
Severity Score:: Medium
CVE:: 2024-32593

Plugin:: WPCal.io – Easy Meeting Scheduler
Plugin Slug:: wpcal
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 0.9.5.9
Severity Score:: Medium
CVE:: 2024-32795

Plugin:: Frontend Dashboard
Plugin Slug:: frontend-dashboard
Installations: 900+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.2.4
Severity Score:: High
CVE:: 2024-32726

Plugin:: Olive One Click Demo Import
Plugin Slug:: olive-one-click-demo-import
Installations: 900+
Vulnerability:: Arbitrary File Download
Patched in Version:: 1.1.2
Severity Score:: High
CVE:: 2024-32715

Plugin:: Language Switcher for Transposh
Plugin Slug:: language-switcher-for-transposh
Installations: 800+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.0
Severity Score:: High
CVE:: 2024-32695

Plugin:: BMI Adult & Kid Calculator
Plugin Slug:: bmi-adultkid-calculator
Installations: 700+
Vulnerability:: Broken Access Control
Patched in Version:: 1.2.2
Severity Score:: High
CVE:: 2024-32550

Plugin:: ShortPixel Critical CSS
Plugin Slug:: shortpixel-critical-css
Installations: 700+
Vulnerability:: Broken Access Control
Patched in Version:: 1.0.3
Severity Score:: High
CVE:: 2024-32810

Plugin:: Support Genix – Support Tickets Managing System & Helpdesk Plugin for WordPress and WooCommerce
Plugin Slug:: support-genix-lite
Installations: 400+
Vulnerability:: Broken Access Control
Patched in Version:: 1.2.4
Severity Score:: Critical
CVE:: 2023-49742

Plugin:: Evergreen Content Poster – Auto Post and Schedule Your Best Content to Social Media
Plugin Slug:: evergreen-content-poster
Installations: 100+
Vulnerability:: Broken Access Control
Patched in Version:: 1.4.3
Severity Score:: Medium
CVE:: 2024-32824

Plugin:: Fixed HTML Toolbar
Plugin Slug:: fixed-html-toolbar
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.8
Severity Score:: Medium
CVE:: 2024-32540

Plugin:: NPS computy
Plugin Slug:: nps-computy
Installations: 90+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.7.6
Severity Score:: Medium
CVE:: 2024-1755

Plugin:: NPS computy
Plugin Slug:: nps-computy
Installations: 90+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.7.6
Severity Score:: Medium
CVE:: 2024-1754

Plugin:: 5 star review funnel for Google Reviews, Trustpilot, ProvenExpert and more | RRatingg
Plugin Slug:: 5-stars-rating-funnel
Installations: 40+
Vulnerability:: Broken Access Control
Patched in Version:: 1.3.02
Severity Score:: Medium
CVE:: 2024-32725

Plugin:: ARForms
Plugin Slug:: arforms
Vulnerability:: SQL Injection
Patched in Version:: 6.4.1
Severity Score:: High
CVE:: 2024-32706

Plugin:: ARForms
Plugin Slug:: arforms
Vulnerability:: Settings Change
Patched in Version:: 6.4.1
Severity Score:: High
CVE:: 2024-32705

Plugin:: ARForms
Plugin Slug:: arforms
Vulnerability:: Settings Change
Patched in Version:: 6.4.1
Severity Score:: High
CVE:: 2024-32704

Plugin:: ARForms
Plugin Slug:: arforms
Vulnerability:: Arbitrary File Deletion
Patched in Version:: 6.4.1
Severity Score:: High
CVE:: 2024-32703

Plugin:: ARForms
Plugin Slug:: arforms
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.4.1
Severity Score:: High
CVE:: 2024-32702

Plugin:: Barcode Scanner with Inventory & Order Manager
Plugin Slug:: barcode-scanner-lite-pos-to-manage-products-inventory-and-orders
Vulnerability:: Broken Access Control
Patched in Version:: 1.5.4
Severity Score:: High
CVE:: 2024-32589

Plugin:: CBX Bookmark & Favorite
Plugin Slug:: cbxwpbookmark
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.7.22
Severity Score:: Medium
CVE:: 2024-32577

Plugin:: Chauffeur Taxi Booking System for WordPress
Plugin Slug:: chauffeur-booking-system
Vulnerability:: Broken Authentication
Patched in Version:: 7.0
Severity Score:: High
CVE:: 2024-32692

Plugin:: Conversational Forms for ChatBot
Plugin Slug:: conversational-forms
Vulnerability:: Arbitrary File Download
Patched in Version:: 1.2.0
Severity Score:: High
CVE:: 2024-32729

Plugin:: ElementsKit Pro
Plugin Slug:: elementskit
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.6.1
Severity Score:: Medium
CVE:: 2024-3598

Plugin:: Essential Addons for Elementor Pro
Plugin Slug:: essential-addons-elementor
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.8.12
Severity Score:: Medium
CVE:: 2024-3645

Plugin:: Fancy Product Designer
Plugin Slug:: fancy-product-designer
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.1.81
Severity Score:: Medium
CVE:: 2024-0902

Plugin:: Integrate Google Drive
Plugin Slug:: integrate-google-drive
Vulnerability:: Broken Access Control
Patched in Version:: 1.3.91
Severity Score:: High
CVE:: 2024-32949

Plugin:: Integrate Google Drive
Plugin Slug:: integrate-google-drive
Vulnerability:: Broken Access Control
Patched in Version:: 1.3.91
Severity Score:: Medium
CVE:: 2024-32813

Plugin:: WPBakery Page Builder
Plugin Slug:: js_composer
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.6
Severity Score:: Medium
CVE:: 2024-1840

Plugin:: WPBakery Page Builder
Plugin Slug:: js_composer
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.6
Severity Score:: Medium
CVE:: 2024-1805

Plugin:: Max Addons Pro for Bricks
Plugin Slug:: max-addons-pro-bricks
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.2
Severity Score:: High
CVE:: 2024-32952

Plugin:: Max Addons Pro for Bricks
Plugin Slug:: max-addons-pro-bricks
Vulnerability:: Settings Change
Patched in Version:: 1.6.2
Severity Score:: Medium
CVE:: 2024-32951

Plugin:: WooCommerce Customers Manager
Plugin Slug:: woocommerce-customers-manager
Vulnerability:: SQL Injection
Patched in Version:: 29.7
Severity Score:: High
CVE:: 2024-0399

Plugin:: Automatic
Plugin Slug:: wp-automatic
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.93.0
Severity Score:: High
CVE:: 2024-32693

Plugin:: WP Cost Estimation & Payment Forms Builder
Plugin Slug:: wp-estimation-form
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 10.1.76
Severity Score:: High
CVE:: 2024-32510

Plugin:: WP Cost Estimation & Payment Forms Builder
Plugin Slug:: wp-estimation-form
Vulnerability:: Broken Access Control
Patched in Version:: 10.1.77
Severity Score:: Medium
CVE:: 2024-32509

Plugin:: WP Media Category Management
Plugin Slug:: wp-media-category-management
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.3.0
Severity Score:: High
CVE:: 2024-32950

Plugin:: Wp Staging Pro
Plugin Slug:: wp-staging-pro
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.4.0
Severity Score:: Medium
CVE:: 2024-2309

WordPress Themes — 2 Patched / 1 Unpatched

Theme:: GuCherry Blog
Theme Slug:: gucherry-blog
Downloads: 137,149
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-32531

Theme:: Royal Elementor Kit
Theme Slug:: royal-elementor-kit
Downloads: 457,475
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.0.117
Severity Score:: Medium
CVE:: 2024-32773

Theme:: Tainacan Interface
Theme Slug:: tainacan-interface
Downloads: 16,620
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.7.2
Severity Score:: High
CVE:: 2024-3867

Solid Security is part of Solid Suite — The best foundation for WordPress websites.

Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!

Get Solid Security

Author:

Sarah Ulmer

Sarah has been with SolidWP since 2015. As our product marketer, Sarah works on providing helpful content for our customers and building the most beautiful spreadsheets you’ll ever behold. When not at work, Sarah can be found at home with her husband, their three boys, and their dogs. Sarah enjoys long family walks, running with her lab, and watching her two older boys play soccer. Sarah is originally from Texas and loves watching football games (Go Longhorns!)

Browse all of Sarah's articles

Sign up

Placeholder text

Thanks

Oops something went wrong, please try submitting again

Table of Contents

WordPress Core

WordPress Plugins — 310 Patched / 45 Unpatched