In this report, 255 vulnerabilities have been publicly disclosed. Security patches for 178 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.
Additionally, there are 77 plugin vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.
WordPress Core
WordPress 6.5 “Regina” was released on April 2, 2024, as the first major release of 2024. With the new release, you can add and manage fonts across your site, get more from your revisions, play with enhanced background and shadow tools, discover new Data Views, and so much more.
Following a major release, you should not update live sites without first taking backups and testing the update in a non-production environment.
WordPress Plugins — 175 Patched / 77 Unpatched
Shortcodes and extra features for Phlox theme
- Plugin Slug:
- auxin-elements
- Installations
- 100,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-31099
Easy Social Feed – Social Photos Gallery – Post Feed – Like Box
- Plugin Slug:
- easy-facebook-likebox
- Installations
- 50,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-30526
PDF Viewer for Elementor
- Plugin:
- PDF Viewer for Elementor
- Plugin Slug:
- pdf-viewer-for-elementor
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-30524
GetResponse for WordPress
- Plugin:
- GetResponse for WordPress
- Plugin Slug:
- getresponse-integration
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-31104
Better Elementor Addons
- Plugin:
- Better Elementor Addons
- Plugin Slug:
- better-elementor-addons
- Installations
- 6,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-2280
Yoo Slider
- Plugin:
- Yoo Slider
- Plugin Slug:
- yoo-slider
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-31106
Responsive flipbook
- Plugin:
- Responsive flipbook
- Plugin Slug:
- wppdf
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-30552
WP Twitter Mega Fan Box Widget
- Plugin:
- WP Twitter Mega Fan Box Widget
- Plugin Slug:
- wp-twitter-mega-fan-box
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-30553
Sponsors
- Plugin:
- Sponsors
- Plugin Slug:
- wp-sponsors
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-30483
WP-Eggdrop
- Plugin:
- WP-Eggdrop
- Plugin Slug:
- wp-eggdrop
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-2968
WP-Eggdrop
- Plugin:
- WP-Eggdrop
- Plugin Slug:
- wp-eggdrop
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-2969
Broken Images
- Plugin:
- Broken Images
- Plugin Slug:
- wp-broken-images
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-31093
Popup Cart Lite for WooCommerce
- Plugin:
- Popup Cart Lite for WooCommerce
- Plugin Slug:
- woocommerce-woocart-popup-lite
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-31100
Woocommerce Social Media Share Buttons
- Plugin:
- Woocommerce Social Media Share Buttons
- Plugin Slug:
- woocommerce-social-media-share-buttons
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-31109
WooCommerce Bookings Calendar
- Plugin:
- WooCommerce Bookings Calendar
- Plugin Slug:
- woo-bookings-calendar
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-31117
Whizzy
- Plugin:
- Whizzy
- Plugin Slug:
- whizzy
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-30543
Whizzy
- Plugin:
- Whizzy
- Plugin Slug:
- whizzy
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-30544
Weekly Class Schedule
- Plugin:
- Weekly Class Schedule
- Plugin Slug:
- weekly-class-schedule
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-31084
10Web Map Builder for Google Maps
- Plugin:
- 10Web Map Builder for Google Maps
- Plugin Slug:
- wd-google-maps
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-31116
User Rights Access Manager
- Plugin:
- User Rights Access Manager
- Plugin Slug:
- user-rights-access-manager
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-31122
Ultimate Social Comments – Email Notification & Lazy Load
- Plugin:
- Ultimate Social Comments – Email Notification & Lazy Load
- Plugin Slug:
- ultimate-facebook-comments
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-30555
Sticky Anything
- Plugin:
- Sticky Anything
- Plugin Slug:
- toast-stick-anything
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-30551
Thumbs Rating
- Plugin:
- Thumbs Rating
- Plugin Slug:
- thumbs-rating
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-31095
Tax Rate Upload
- Plugin:
- Tax Rate Upload
- Plugin Slug:
- tax-rate-upload
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-31105
Spin 360 deg and 3D Model Viewer
- Plugin:
- Spin 360 deg and 3D Model Viewer
- Plugin Slug:
- spin360
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-30559
SpiderFAQ
- Plugin:
- SpiderFAQ
- Plugin Slug:
- spider-faq
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-31123
Special Box for Content
- Plugin:
- Special Box for Content
- Plugin Slug:
- special-box-for-content
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-31119
SP Project & Document Manager
- Plugin:
- SP Project & Document Manager
- Plugin Slug:
- sp-client-document-manager
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-31118
Social Author Bio
- Plugin:
- Social Author Bio
- Plugin Slug:
- social-autho-bio
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-30545
Lightbox slider – Responsive Lightbox Gallery
- Plugin:
- Lightbox slider – Responsive Lightbox Gallery
- Plugin Slug:
- simple-lightbox-gallery
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-1858
Shortcode Addons
- Plugin:
- Shortcode Addons
- Plugin Slug:
- shortcode-addons
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2024-31114
SEO Title Tag
- Plugin:
- SEO Title Tag
- Plugin Slug:
- seo-title-tag
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-31097
Prenotazioni
- Plugin:
- Prenotazioni
- Plugin Slug:
- prenotazioni
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-31102
Post-Plugin Library
- Plugin:
- Post-Plugin Library
- Plugin Slug:
- post-plugin-library
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-31085
Pocket News Generator
- Plugin:
- Pocket News Generator
- Plugin Slug:
- pocket-news-generator
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-2963
Pocket News Generator
- Plugin:
- Pocket News Generator
- Plugin Slug:
- pocket-news-generator
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-2964
Platinum SEO
- Plugin:
- Platinum SEO
- Plugin Slug:
- platinum-seo-pack
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-31089
pageMash > Page Management
- Plugin:
- pageMash > Page Management
- Plugin Slug:
- pagemash
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-31087
Oxygen Builder
- Plugin:
- Oxygen Builder
- Plugin Slug:
- oxygen
- Vulnerability:
- Remote Code Execution (RCE)
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2024-31380
OpenID
- Plugin:
- OpenID
- Plugin Slug:
- openid
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-31107
News Wall
- Plugin:
- News Wall
- Plugin Slug:
- news-wall
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-2970
New Order Notification for Woocommerce
- Plugin:
- New Order Notification for Woocommerce
- Plugin Slug:
- new-order-notification-for-woocommerce
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-31098
Lordicon Animated Icons
- Plugin:
- Lordicon Animated Icons
- Plugin Slug:
- lordicon-interactive-icons
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-30519
Kanban Boards for WordPress
- Plugin:
- Kanban Boards for WordPress
- Plugin Slug:
- kanban
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-31103
Mighty Classic Pros And Cons
- Plugin:
- Mighty Classic Pros And Cons
- Plugin Slug:
- joomdev-wp-pros-cons
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-30556
IP Blocker Lite
- Plugin:
- IP Blocker Lite
- Plugin Slug:
- ip-address-blocker
- Vulnerability:
- Bypass Vulnerability
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-30479
iFlyChat – WordPress Chat
- Plugin:
- iFlyChat – WordPress Chat
- Plugin Slug:
- iflychat
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-31108
HeartThis
- Plugin:
- HeartThis
- Plugin Slug:
- heart-this
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-31121
Header Image Slider
- Plugin:
- Header Image Slider
- Plugin Slug:
- header-image-slider
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-30547
Responsive Image Gallery, Gallery Album
- Plugin:
- Responsive Image Gallery, Gallery Album
- Plugin Slug:
- gallery-album
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-30550
Responsive Image Gallery, Gallery Album
- Plugin:
- Responsive Image Gallery, Gallery Album
- Plugin Slug:
- gallery-album
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-31120
Filter Custom Fields & Taxonomies Light
- Plugin:
- Filter Custom Fields & Taxonomies Light
- Plugin Slug:
- filter-custom-fields-taxonomies-light
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-31094
WP ERP
- Plugin:
- WP ERP
- Plugin Slug:
- erp
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-0956
WP ERP
- Plugin:
- WP ERP
- Plugin Slug:
- erp
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-0608
WP ERP
- Plugin:
- WP ERP
- Plugin Slug:
- erp
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-0609
EnvíaloSimple
- Plugin:
- EnvíaloSimple
- Plugin Slug:
- envialosimple-email-marketing-y-newsletters-gratis
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2024-2125
DX-Watermark
- Plugin:
- DX-Watermark
- Plugin Slug:
- dx-watermark
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2024-30560
Hacklog Down As PDF
- Plugin:
- Hacklog Down As PDF
- Plugin Slug:
- down-as-pdf
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-31090
DD Rating
- Plugin:
- DD Rating
- Plugin Slug:
- dd-rating
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-30554
Custom Field Bulk Editor
- Plugin:
- Custom Field Bulk Editor
- Plugin Slug:
- custom-field-bulk-editor
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-31091
Convert Post Types
- Plugin:
- Convert Post Types
- Plugin Slug:
- convert-post-types
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-31112
Contact Forms by Cimatti
- Plugin:
- Contact Forms by Cimatti
- Plugin Slug:
- contact-forms
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-30549
Contact Form 7 Newsletter
- Plugin:
- Contact Form 7 Newsletter
- Plugin Slug:
- contact-form-7-newsletter
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-31110
Comic Easel
- Plugin:
- Comic Easel
- Plugin Slug:
- comic-easel
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-31092
Christmas Greetings
- Plugin:
- Christmas Greetings
- Plugin Slug:
- christmas-greetings
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-2116
Chauffeur Taxi Booking System for WordPress
- Plugin:
- Chauffeur Taxi Booking System for WordPress
- Plugin Slug:
- chauffeur-booking-system
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2024-31115
Change default login logo,url and title
- Plugin:
- Change default login logo,url and title
- Plugin Slug:
- change-default-login-logo-url-and-title
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-31086
CGC Maintenance Mode
- Plugin:
- CGC Maintenance Mode
- Plugin Slug:
- cgc-maintenance-mode
- Vulnerability:
- Bypass Vulnerability
- Patched in Version:
- No Fix
- Severity Score:
- Low
- CVE:
- 2024-30480
Carousel Anything For WPBakery Page Builder
- Plugin:
- Carousel Anything For WPBakery Page Builder
- Plugin Slug:
- carousel-anything
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-30520
Button
- Plugin:
- Button
- Plugin Slug:
- button
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-1872
Breakdance
- Plugin:
- Breakdance
- Plugin Slug:
- breakdance
- Vulnerability:
- Remote Code Execution (RCE)
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2024-31390
Appointment Calendar
- Plugin:
- Appointment Calendar
- Plugin Slug:
- appointment-calendar
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-30561
All In One Redirection
- Plugin:
- All In One Redirection
- Plugin Slug:
- all-in-one-redirection-404-pages-list
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-30506
AI Twitter Feeds (Twitter widget & shortcode)
- Plugin:
- AI Twitter Feeds (Twitter widget & shortcode)
- Plugin Slug:
- ai-twitter-feeds
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-31101
Aesop Story Engine
- Plugin:
- Aesop Story Engine
- Plugin Slug:
- aesop-story-engine
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-30557
AdsPlace’r – Ad Manager, Inserter, AdSense Ads
- Plugin:
- AdsPlace’r – Ad Manager, Inserter, AdSense Ads
- Plugin Slug:
- adsplacer
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-31088
Add Shortcodes Actions And Filters
- Plugin:
- Add Shortcodes Actions And Filters
- Plugin Slug:
- add-actions-and-filters
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-30558
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
- Plugin:
- Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
- Plugin Slug:
- essential-addons-for-elementor-lite
- Installations
- 2,000,000+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 5.9.14
- Severity Score:
- High
- CVE:
- 2024-3018
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
- Plugin:
- Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
- Plugin Slug:
- essential-addons-for-elementor-lite
- Installations
- 2,000,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 5.9.14
- Severity Score:
- Medium
- CVE:
- 2024-2974
All-In-One Security (AIOS) – Security and Firewall
- Plugin Slug:
- all-in-one-wp-security-and-firewall
- Installations
- 1,000,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 5.2.7
- Severity Score:
- Medium
- CVE:
- 2024-30468
ElementsKit Elementor addons
- Plugin:
- ElementsKit Elementor addons
- Plugin Slug:
- elementskit-lite
- Installations
- 1,000,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.0.7
- Severity Score:
- Medium
- CVE:
- 2024-1238
ElementsKit Elementor addons
- Plugin:
- ElementsKit Elementor addons
- Plugin Slug:
- elementskit-lite
- Installations
- 1,000,000+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 3.0.7
- Severity Score:
- High
- CVE:
- 2024-2047
Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress
- Plugin Slug:
- ninja-forms
- Installations
- 800,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 3.8.1
- Severity Score:
- Medium
- CVE:
- 2024-2113
Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress
- Plugin Slug:
- ninja-forms
- Installations
- 800,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.8.1
- Severity Score:
- Medium
- CVE:
- 2024-2108
Forminator – Contact Form, Payment Form & Custom Form Builder
- Plugin Slug:
- forminator
- Installations
- 500,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.29.1
- Severity Score:
- High
- CVE:
- 2024-1794
Page Builder Gutenberg Blocks – CoBlocks
- Plugin Slug:
- coblocks
- Installations
- 400,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.1.7
- Severity Score:
- Medium
- CVE:
- 2024-2369
Gutenberg Blocks by Kadence Blocks – Page Builder Features
- Plugin Slug:
- kadence-blocks
- Installations
- 400,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.2.18
- Severity Score:
- Medium
- CVE:
- 2024-0598
Gutenberg Blocks by Kadence Blocks – Page Builder Features
- Plugin Slug:
- kadence-blocks
- Installations
- 400,000+
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- 3.2.26
- Severity Score:
- Medium
- CVE:
- 2024-24888
MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor
- Plugin Slug:
- metform
- Installations
- 300,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.8.6
- Severity Score:
- Medium
- CVE:
- 2024-2791
Newsletter – Send awesome emails from WordPress
- Plugin Slug:
- newsletter
- Installations
- 300,000+
- Vulnerability:
- Bypass Vulnerability
- Patched in Version:
- 8.2.1
- Severity Score:
- Medium
- CVE:
- 2024-30522
Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE
- Plugin Slug:
- otter-blocks
- Installations
- 300,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.6.6
- Severity Score:
- Medium
- CVE:
- 2024-2841
CMP – Coming Soon & Maintenance Plugin by NiteoThemes
- Plugin Slug:
- cmp-coming-soon-maintenance
- Installations
- 200,000+
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- 4.1.11
- Severity Score:
- Medium
- CVE:
- 2023-50374
Jeg Elementor Kit
- Plugin:
- Jeg Elementor Kit
- Plugin Slug:
- jeg-elementor-kit
- Installations
- 200,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.6.4
- Severity Score:
- Medium
- CVE:
- 2024-1327
Unlimited Elements For Elementor (Free Widgets, Addons, Templates)
- Plugin Slug:
- unlimited-elements-for-elementor
- Installations
- 200,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.5.97
- Severity Score:
- Medium
- CVE:
- 2024-0367
WooCommerce Cart Abandonment Recovery
- Plugin Slug:
- woo-cart-abandonment-recovery
- Installations
- 200,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.2.27
- Severity Score:
- Medium
- CVE:
- 2024-2322
Elementor Addon Elements
- Plugin:
- Elementor Addon Elements
- Plugin Slug:
- addon-elements-for-elementor-page-builder
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.13.2
- Severity Score:
- Medium
- CVE:
- 2024-30422
Elementor Addon Elements
- Plugin:
- Elementor Addon Elements
- Plugin Slug:
- addon-elements-for-elementor-page-builder
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.13.3
- Severity Score:
- Medium
- CVE:
- 2024-2792
Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)
- Plugin Slug:
- bdthemes-element-pack-lite
- Installations
- 100,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 5.5.4
- Severity Score:
- High
- CVE:
- 2024-30496
Beaver Builder – WordPress Page Builder
- Plugin Slug:
- beaver-builder-lite-version
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.8.0.7
- Severity Score:
- Medium
- CVE:
- 2024-2925
Beaver Builder – WordPress Page Builder
- Plugin Slug:
- beaver-builder-lite-version
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.7.4.5
- Severity Score:
- Medium
- CVE:
- 2024-30425
Colibri Page Builder
- Plugin:
- Colibri Page Builder
- Plugin Slug:
- colibri-page-builder
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.0.270
- Severity Score:
- Medium
- CVE:
- 2024-2839
Download Monitor
- Plugin:
- Download Monitor
- Plugin Slug:
- download-monitor
- Installations
- 100,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 4.9.5
- Severity Score:
- High
- CVE:
- 2024-30501
Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates
- Plugin Slug:
- essential-blocks
- Installations
- 100,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.4.10
- Severity Score:
- Medium
- CVE:
- 2024-30467
Genesis Blocks
- Plugin:
- Genesis Blocks
- Plugin Slug:
- genesis-blocks
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.1.3
- Severity Score:
- Medium
- CVE:
- 2024-1946
List category posts
- Plugin:
- List category posts
- Plugin Slug:
- list-category-posts
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 0.89.7
- Severity Score:
- Medium
- CVE:
- 2024-1051
Meta Tag Manager
- Plugin:
- Meta Tag Manager
- Plugin Slug:
- meta-tag-manager
- Installations
- 100,000+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 3.1
- Severity Score:
- High
- CVE:
- 2024-1770
Page Builder: Pagelayer – Drag and Drop website builder
- Plugin Slug:
- pagelayer
- Installations
- 100,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.8.2
- Severity Score:
- Medium
- CVE:
- 2024-30465
Pods – Custom Content Types and Fields
- Plugin Slug:
- pods
- Installations
- 100,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.0.10.2
- Severity Score:
- Medium
- CVE:
- 2023-6965
Pods – Custom Content Types and Fields
- Plugin Slug:
- pods
- Installations
- 100,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 3.0.10.2
- Severity Score:
- High
- CVE:
- 2023-6967
Pods – Custom Content Types and Fields
- Plugin Slug:
- pods
- Installations
- 100,000+
- Vulnerability:
- Remote Code Execution (RCE)
- Patched in Version:
- 3.0.10.2
- Severity Score:
- Critical
- CVE:
- 2023-6999
PowerPack Addons for Elementor (Free Widgets, Extensions and Templates)
- Plugin Slug:
- powerpack-lite-for-elementor
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.7.18
- Severity Score:
- Medium
- CVE:
- 2024-2491
PowerPack Addons for Elementor (Free Widgets, Extensions and Templates)
- Plugin Slug:
- powerpack-lite-for-elementor
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.7.19
- Severity Score:
- Medium
- CVE:
- 2024-2492
Social Icons Widget & Block by WPZOOM
- Plugin Slug:
- social-icons-widget-by-wpzoom
- Installations
- 100,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.2.16
- Severity Score:
- Medium
- CVE:
- 2024-30464
Stackable – Page Builder Gutenberg Blocks
- Plugin Slug:
- stackable-ultimate-gutenberg-blocks
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.12.12
- Severity Score:
- Medium
- CVE:
- 2024-2039
Template Kit – Import
- Plugin:
- Template Kit – Import
- Plugin Slug:
- template-kit-import
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.0.15
- Severity Score:
- Medium
- CVE:
- 2024-2334
WooCommerce Multilingual & Multicurrency with WPML
- Plugin Slug:
- woocommerce-multilingual
- Installations
- 100,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 5.3.5
- Severity Score:
- Medium
- CVE:
- 2024-30466
HUSKY – Products Filter Professional for WooCommerce
- Plugin Slug:
- woocommerce-products-filter
- Installations
- 100,000+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 1.3.5.3
- Severity Score:
- Medium
- CVE:
- 2024-3061
HUSKY – Products Filter Professional for WooCommerce
- Plugin Slug:
- woocommerce-products-filter
- Installations
- 100,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.3.5.2
- Severity Score:
- Medium
- CVE:
- 2024-30462
WP Chat App
- Plugin:
- WP Chat App
- Plugin Slug:
- wp-whatsapp
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.6.3
- Severity Score:
- Medium
- CVE:
- 2024-2513
Events Manager – Calendar, Bookings, Tickets, and more!
- Plugin Slug:
- events-manager
- Installations
- 90,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 6.4.7
- Severity Score:
- Medium
- CVE:
- 2024-30515
Events Manager – Calendar, Bookings, Tickets, and more!
- Plugin Slug:
- events-manager
- Installations
- 90,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 6.4.7.2
- Severity Score:
- Medium
- CVE:
- 2024-30421
Events Manager – Calendar, Bookings, Tickets, and more!
- Plugin Slug:
- events-manager
- Installations
- 90,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 6.4.7.2
- Severity Score:
- Medium
- CVE:
- 2024-2110
Events Manager – Calendar, Bookings, Tickets, and more!
- Plugin Slug:
- events-manager
- Installations
- 90,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 6.4.7.2
- Severity Score:
- Medium
- CVE:
- 2024-2111
Sydney Toolbox
- Plugin:
- Sydney Toolbox
- Plugin Slug:
- sydney-toolbox
- Installations
- 80,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.27
- Severity Score:
- Medium
- CVE:
- 2024-2936
BoldGrid Easy SEO – Simple and Effective SEO
- Plugin Slug:
- boldgrid-easy-seo
- Installations
- 70,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.6.14
- Severity Score:
- Medium
- CVE:
- 2024-1692
Media Library Assistant
- Plugin:
- Media Library Assistant
- Plugin Slug:
- media-library-assistant
- Installations
- 70,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.14
- Severity Score:
- Medium
- CVE:
- 2024-2475
Export and Import Users and Customers
- Plugin Slug:
- users-customers-import-export-for-wp-woocommerce
- Installations
- 70,000+
- Vulnerability:
- Path Traversal
- Patched in Version:
- 2.5.3
- Severity Score:
- Medium
- CVE:
- 2024-30492
underConstruction
- Plugin:
- underConstruction
- Plugin Slug:
- underconstruction
- Installations
- 60,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.22
- Severity Score:
- Medium
- CVE:
- 2024-30548
FOX – Currency Switcher Professional for WooCommerce
- Plugin Slug:
- woocommerce-currency-switcher
- Installations
- 60,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.4.1.8
- Severity Score:
- Medium
- CVE:
- 2024-30458
WP-Members Membership Plugin
- Plugin:
- WP-Members Membership Plugin
- Plugin Slug:
- wp-members
- Installations
- 60,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.4.9.3
- Severity Score:
- High
- CVE:
- 2024-1852
WordPress Infinite Scroll – Ajax Load More
- Plugin Slug:
- ajax-load-more
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 7.0.2
- Severity Score:
- Medium
Bold Page Builder
- Plugin:
- Bold Page Builder
- Plugin Slug:
- bold-page-builder
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.8.1
- Severity Score:
- Medium
- CVE:
- 2024-30442
Hubbub Lite – Fast, Reliable Social Sharing Buttons
- Plugin Slug:
- social-pug
- Installations
- 50,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 1.33.1
- Severity Score:
- Medium
- CVE:
- 2024-1526
Hubbub Lite – Fast, Reliable Social Sharing Buttons
- Plugin Slug:
- social-pug
- Installations
- 50,000+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 1.33.2
- Severity Score:
- High
- CVE:
- 2024-2501
WPFront User Role Editor
- Plugin:
- WPFront User Role Editor
- Plugin Slug:
- wpfront-user-role-editor
- Installations
- 50,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 4.1.0
- Severity Score:
- Medium
- CVE:
- 2024-2931
Email Newsletter, Marketing, Email Automation and CRM Plugin for WordPress by FluentCRM
- Plugin Slug:
- fluent-crm
- Installations
- 40,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.8.45
- Severity Score:
- Medium
- CVE:
- 2024-30430
Klarna Payments for WooCommerce
- Plugin:
- Klarna Payments for WooCommerce
- Plugin Slug:
- klarna-payments-for-woocommerce
- Installations
- 40,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.3.0
- Severity Score:
- Medium
- CVE:
- 2024-30477
Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks
- Plugin:
- Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks
- Plugin Slug:
- post-grid
- Installations
- 40,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.2.76
- Severity Score:
- High
- CVE:
- 2024-30441
SecuPress Free — WordPress Security
- Plugin Slug:
- secupress
- Installations
- 40,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.2.5.2
- Severity Score:
- Medium
- CVE:
- 2024-1504
Pz-LinkCard
- Plugin:
- Pz-LinkCard
- Plugin Slug:
- pz-linkcard
- Installations
- 30,000+
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- 2.5.3
- Severity Score:
- Medium
- CVE:
- 2024-0677
Pz-LinkCard
- Plugin:
- Pz-LinkCard
- Plugin Slug:
- pz-linkcard
- Installations
- 30,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.5.3
- Severity Score:
- Medium
- CVE:
- 2024-0673
Themify – WooCommerce Product Filter
- Plugin Slug:
- themify-wc-product-filter
- Installations
- 30,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.4.4
- Severity Score:
- Medium
- CVE:
- 2024-2278
Themify – WooCommerce Product Filter
- Plugin Slug:
- themify-wc-product-filter
- Installations
- 30,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.4.4
- Severity Score:
- High
- CVE:
- 2024-2263
Themify – WooCommerce Product Filter
- Plugin Slug:
- themify-wc-product-filter
- Installations
- 30,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.4.4
- Severity Score:
- Medium
- CVE:
- 2024-2262
Ultimate Addons for Beaver Builder – Lite
- Plugin Slug:
- ultimate-addons-for-beaver-builder-lite
- Installations
- 30,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.5.8
- Severity Score:
- Medium
- CVE:
- 2024-2141
BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net
- Plugin Slug:
- woo-bulk-editor
- Installations
- 30,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.1.4.4
- Severity Score:
- Medium
- CVE:
- 2024-30463
Brave – Create Popup, Optins, Lead Generation, Survey, Sticky Elements & Interactive Content
- Plugin:
- Brave – Create Popup, Optins, Lead Generation, Survey, Sticky Elements & Interactive Content
- Plugin Slug:
- brave-popup-builder
- Installations
- 20,000+
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- 0.6.6
- Severity Score:
- Medium
- CVE:
- 2024-30453
Easy Appointments
- Plugin:
- Easy Appointments
- Plugin Slug:
- easy-appointments
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.11.19
- Severity Score:
- Medium
- CVE:
- 2024-2842
Easy Appointments
- Plugin:
- Easy Appointments
- Plugin Slug:
- easy-appointments
- Installations
- 20,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.11.19
- Severity Score:
- Medium
- CVE:
- 2024-2844
Ecwid Ecommerce Shopping Cart
- Plugin:
- Ecwid Ecommerce Shopping Cart
- Plugin Slug:
- ecwid-shopping-cart
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 6.12.11
- Severity Score:
- Medium
- CVE:
- 2024-2456
MP3 Audio Player for Music, Radio & Podcast by Sonaar
- Plugin Slug:
- mp3-music-player-by-sonaar
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.1.1
- Severity Score:
- Medium
- CVE:
- 2024-30530
MP3 Audio Player for Music, Radio & Podcast by Sonaar
- Plugin Slug:
- mp3-music-player-by-sonaar
- Installations
- 20,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 5.1.1
- Severity Score:
- High
- CVE:
- 2024-30487
My Calendar
- Plugin:
- My Calendar
- Plugin Slug:
- my-calendar
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.4.24
- Severity Score:
- Medium
- CVE:
- 2024-1274
ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization
- Plugin Slug:
- shortpixel-adaptive-images
- Installations
- 20,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.8.3
- Severity Score:
- Medium
- CVE:
- 2024-31230
weForms – Easy Drag & Drop Contact Form Builder For WordPress
- Plugin Slug:
- weforms
- Installations
- 20,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.6.21
- Severity Score:
- Low
- CVE:
- 2024-30512
WordPress File Upload
- Plugin:
- WordPress File Upload
- Plugin Slug:
- wp-file-upload
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.24.6
- Severity Score:
- Medium
- CVE:
- 2024-2847
Awesome Support – WordPress HelpDesk & Support Plugin
- Plugin Slug:
- awesome-support
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 6.1.8
- Severity Score:
- Medium
- CVE:
- 2024-30539
Booking Package
- Plugin:
- Booking Package
- Plugin Slug:
- booking-package
- Installations
- 10,000+
- Vulnerability:
- Other Vulnerability Type
- Patched in Version:
- 1.6.29
- Severity Score:
- High
- CVE:
- 2024-30516
Favorites
GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress
- Plugin:
- GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress
- Plugin Slug:
- gamipress
- Installations
- 10,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 6.8.6
- Severity Score:
- Medium
- CVE:
- 2024-30455
GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress
- Plugin:
- GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress
- Plugin Slug:
- gamipress
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 6.9.1
- Severity Score:
- Medium
- CVE:
- 2024-2783
LWS Optimize
- Plugin:
- LWS Optimize
- Plugin Slug:
- lws-optimize
- Installations
- 10,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.0
- Severity Score:
- Medium
- CVE:
- 2024-30541
Mailster WordPress Newsletter Plugin Compatibility Tester
- Plugin Slug:
- mailster
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.0.7
- Severity Score:
- High
- CVE:
- 2024-30503
Mang Board WP
- Plugin:
- Mang Board WP
- Plugin Slug:
- mangboard
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.8.1
- Severity Score:
- High
- CVE:
- 2024-30431
MasterStudy LMS WordPress Plugin – for Online Courses and Education
- Plugin Slug:
- masterstudy-lms-learning-management-system
- Installations
- 10,000+
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 3.3.2
- Severity Score:
- Critical
- CVE:
- 2024-2409
MasterStudy LMS WordPress Plugin – for Online Courses and Education
- Plugin Slug:
- masterstudy-lms-learning-management-system
- Installations
- 10,000+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 3.3.1
- Severity Score:
- Critical
- CVE:
- 2024-2411
Author Box, Guest Author and Co-Authors for Your Posts – Molongui
- Plugin Slug:
- molongui-authorship
- Installations
- 10,000+
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- 4.7.8
- Severity Score:
- Low
- CVE:
- 2024-30507
Landing Page Builder – Coming Soon page, Maintenance Mode, Lead Page, WordPress Landing Pages
- Plugin:
- Landing Page Builder – Coming Soon page, Maintenance Mode, Lead Page, WordPress Landing Pages
- Plugin Slug:
- page-builder-add
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.5.1.8
- Severity Score:
- Medium
- CVE:
- 2024-30452
SellKit – Funnel builder and checkout optimizer for WooCommerce to sell more, faster
- Plugin Slug:
- sellkit
- Installations
- 10,000+
- Vulnerability:
- Arbitrary File Download
- Patched in Version:
- 1.8.3
- Severity Score:
- Medium
- CVE:
- 2024-30509
Simple Revisions Delete
- Plugin:
- Simple Revisions Delete
- Plugin Slug:
- simple-revisions-delete
- Installations
- 10,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.5.4
- Severity Score:
- Medium
- CVE:
- 2024-30482
VS Contact Form
- Plugin:
- VS Contact Form
- Plugin Slug:
- very-simple-contact-form
- Installations
- 10,000+
- Vulnerability:
- Bypass Vulnerability
- Patched in Version:
- 14.8
- Severity Score:
- Medium
- CVE:
- 2024-30540
WP Travel Engine – Best Travel Booking WordPress Plugin
- Plugin Slug:
- wp-travel-engine
- Installations
- 10,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 5.8.0
- Severity Score:
- High
- CVE:
- 2024-30504
WP Travel Engine – Best Travel Booking WordPress Plugin
- Plugin Slug:
- wp-travel-engine
- Installations
- 10,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 5.8.0
- Severity Score:
- Critical
- CVE:
- 2024-30502
140+ Widgets | Best Addons For Elementor – FREE
- Plugin Slug:
- xpro-elementor-addons
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.4.3
- Severity Score:
- Medium
- CVE:
- 2024-2250
Media Library Folders
- Plugin:
- Media Library Folders
- Plugin Slug:
- media-library-plus
- Installations
- 9,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 8.1.8
- Severity Score:
- High
- CVE:
- 2024-30486
WP Hotel Booking
- Plugin:
- WP Hotel Booking
- Plugin Slug:
- wp-hotel-booking
- Installations
- 9,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.0.9.3
- Severity Score:
- Medium
- CVE:
- 2024-30508
WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc
- Plugin Slug:
- wp-sms
- Installations
- 9,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 6.6.3
- Severity Score:
- Medium
- CVE:
- 2024-30454
Collect.chat – Chatbot ??
- Plugin:
- Collect.chat – Chatbot ??
- Plugin Slug:
- collectchat
- Installations
- 8,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.4.2
- Severity Score:
- Medium
- CVE:
- 2024-30436
Finale Lite – Sales Countdown Timer & Discount for WooCommerce
- Plugin Slug:
- finale-woocommerce-sales-countdown-timer-discount
- Installations
- 7,000+
- Vulnerability:
- Remote Code Execution (RCE)
- Patched in Version:
- 2.18.1
- Severity Score:
- High
- CVE:
- 2024-30485
Hash Elements
- Plugin:
- Hash Elements
- Plugin Slug:
- hash-elements
- Installations
- 7,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.3.4
- Severity Score:
- Medium
- CVE:
- 2024-30426
ProfileGrid – User Profiles, Memberships, Groups and Communities
- Plugin Slug:
- profilegrid-user-profiles-groups-and-communities
- Installations
- 7,000+
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- 5.7.3
- Severity Score:
- Medium
- CVE:
- 2024-30513
ProfileGrid – User Profiles, Memberships, Groups and Communities
- Plugin Slug:
- profilegrid-user-profiles-groups-and-communities
- Installations
- 7,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 5.7.9
- Severity Score:
- High
- CVE:
- 2024-30491
ProfileGrid – User Profiles, Memberships, Groups and Communities
- Plugin Slug:
- profilegrid-user-profiles-groups-and-communities
- Installations
- 7,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 5.7.9
- Severity Score:
- Critical
- CVE:
- 2024-30490
The Plus Blocks for Block Editor | Gutenberg
- Plugin Slug:
- the-plus-addons-for-block-editor
- Installations
- 7,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.2.6
- Severity Score:
- High
- CVE:
- 2024-30435
wp-forecast
- Plugin:
- wp-forecast
- Plugin Slug:
- wp-forecast
- Installations
- 7,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 9.3
- Severity Score:
- Medium
- CVE:
- 2024-30429
Announce from the Dashboard
- Plugin:
- Announce from the Dashboard
- Plugin Slug:
- announce-from-the-dashboard
- Installations
- 6,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.5.3
- Severity Score:
- Medium
- CVE:
- 2024-3030
Better Elementor Addons
- Plugin:
- Better Elementor Addons
- Plugin Slug:
- better-elementor-addons
- Installations
- 6,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.3.8
- Severity Score:
- Medium
- CVE:
- 2024-30423
MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution
- Plugin Slug:
- dc-woocommerce-multi-vendor
- Installations
- 6,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.1.4
- Severity Score:
- Medium
- CVE:
- 2024-30433
JCH Optimize
- Plugin:
- JCH Optimize
- Plugin Slug:
- jch-optimize
- Installations
- 6,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.0.1
- Severity Score:
- Medium
- CVE:
- 2024-30481
Nelio Content – Best Editorial Calendar & Social Media Scheduling
- Plugin Slug:
- nelio-content
- Installations
- 6,000+
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- 3.2.1
- Severity Score:
- Medium
- CVE:
- 2024-30531
Salon booking system
- Plugin:
- Salon booking system
- Plugin Slug:
- salon-booking-system
- Installations
- 6,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 9.5.1
- Severity Score:
- Critical
- CVE:
- 2024-30510
Sliced Invoices – WordPress Invoice Plugin
- Plugin Slug:
- sliced-invoices
- Installations
- 6,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.9.3
- Severity Score:
- Medium
- CVE:
- 2024-30517
Beaver Builder Addons by WPZOOM
- Plugin:
- Beaver Builder Addons by WPZOOM
- Plugin Slug:
- wpzoom-addons-for-beaver-builder
- Installations
- 6,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.3.5
- Severity Score:
- Medium
- CVE:
- 2024-30424
Booking Activities
- Plugin:
- Booking Activities
- Plugin Slug:
- booking-activities
- Installations
- 5,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.15.20
- Severity Score:
- High
- CVE:
- 2024-30449
Paid Memberships Pro – Mailchimp Add On
- Plugin Slug:
- pmpro-mailchimp
- Installations
- 5,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 2.3.5
- Severity Score:
- Medium
- CVE:
- 2024-30523
B Slider – Slider for your block editor
- Plugin Slug:
- b-slider
- Installations
- 4,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.1.13
- Severity Score:
- Medium
- CVE:
- 2024-30432
Slugs Manager: Delete Old Permalinks from WordPress Database
- Plugin Slug:
- remove-old-slugspermalinks
- Installations
- 4,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.7.0
- Severity Score:
- Medium
- CVE:
- 2024-30536
Custom WooCommerce Checkout Fields Editor
- Plugin Slug:
- add-fields-to-checkout-page-woocommerce
- Installations
- 3,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.3.1
- Severity Score:
- Medium
- CVE:
- 2024-30518
Builderall Builder for WordPress
- Plugin:
- Builderall Builder for WordPress
- Plugin Slug:
- builderall-cheetah-for-wp
- Installations
- 3,000+
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- 2.0.2
- Severity Score:
- Medium
- CVE:
- 2024-30532
CubeWP – All-in-One Dynamic Content Framework
- Plugin Slug:
- cubewp-framework
- Installations
- 3,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 1.1.13
- Severity Score:
- Critical
- CVE:
- 2024-30500
Landingi Landing Pages
- Plugin:
- Landingi Landing Pages
- Plugin Slug:
- landingi-landing-pages
- Installations
- 3,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 3.1.2
- Severity Score:
- Medium
- CVE:
- 2024-30521
Move Addons for Elementor
- Plugin:
- Move Addons for Elementor
- Plugin Slug:
- move-addons
- Installations
- 3,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.3.0
- Severity Score:
- Medium
- CVE:
- 2024-30525
Spiffy Calendar
- Plugin:
- Spiffy Calendar
- Plugin Slug:
- spiffy-calendar
- Installations
- 3,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.9.11
- Severity Score:
- Medium
- CVE:
- 2024-30528
Spiffy Calendar
- Plugin:
- Spiffy Calendar
- Plugin Slug:
- spiffy-calendar
- Installations
- 3,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.9.10
- Severity Score:
- Medium
- CVE:
- 2024-30427
Themify Event Post
- Plugin:
- Themify Event Post
- Plugin Slug:
- themify-event-post
- Installations
- 3,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.2.8
- Severity Score:
- Medium
- CVE:
- 2024-30440
Product Sort and Display for WooCommerce
- Plugin Slug:
- woocommerce-product-sort-and-display
- Installations
- 3,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.4.2
- Severity Score:
- Medium
- CVE:
- 2024-1807
CRM Perks Forms – WordPress Form Builder
- Plugin Slug:
- crm-perks-forms
- Installations
- 2,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 1.1.5
- Severity Score:
- High
- CVE:
- 2024-30499
CRM Perks Forms – WordPress Form Builder
- Plugin Slug:
- crm-perks-forms
- Installations
- 2,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 1.1.5
- Severity Score:
- Critical
- CVE:
- 2024-30498
CRM Perks Forms – WordPress Form Builder
- Plugin Slug:
- crm-perks-forms
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.1.5
- Severity Score:
- Medium
- CVE:
- 2024-30446
Layouts for Elementor
- Plugin:
- Layouts for Elementor
- Plugin Slug:
- layouts-for-elementor
- Installations
- 2,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 1.8
- Severity Score:
- High
- CVE:
- 2024-30533
WP Responsive Tabs horizontal vertical and accordion Tabs
- Plugin Slug:
- responsive-horizontal-vertical-and-accordion-tabs
- Installations
- 2,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 1.1.18
- Severity Score:
- High
- CVE:
- 2024-30497
RT Easy Builder – Advanced addons for Elementor
- Plugin Slug:
- rt-easy-builder-advanced-addons-for-elementor
- Installations
- 2,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.1
- Severity Score:
- Medium
- CVE:
- 2024-30484
WP Express Checkout (Accept PayPal Payments Easily)
- Plugin Slug:
- wp-express-checkout
- Installations
- 2,000+
- Vulnerability:
- Other Vulnerability Type
- Patched in Version:
- 2.3.8
- Severity Score:
- High
- CVE:
- 2024-30527
WPC Badge Management for WooCommerce
- Plugin Slug:
- wpc-badge-management
- Installations
- 2,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.4.1
- Severity Score:
- Medium
- CVE:
- 2024-30537
WordPress Page Builder – Zion Builder
- Plugin Slug:
- zionbuilder
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.6.10
- Severity Score:
- Medium
- CVE:
- 2024-30444
Zotpress
- Plugin:
- Zotpress
- Plugin Slug:
- zotpress
- Installations
- 2,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 7.3.8
- Severity Score:
- High
- CVE:
- 2024-30488
AI WP Writer – ?????????????? ????? ChatGPT 3.5, GPT 4 ? ????????????? ?????? ??????????
- Plugin Slug:
- ai-wp-writer
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.6.5.6
- Severity Score:
- Medium
- CVE:
- 2024-30459
Announcement & Notification Banner – Bulletin
- Plugin Slug:
- bulletin-announcements
- Installations
- 1,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 3.9.0
- Severity Score:
- High
- CVE:
- 2024-30478
Geo Controller
- Plugin:
- Geo Controller
- Plugin Slug:
- cf-geoplugin
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 8.6.5
- Severity Score:
- Medium
- CVE:
- 2024-30451
Church Admin
- Plugin:
- Church Admin
- Plugin Slug:
- church-admin
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.1.19
- Severity Score:
- Medium
- CVE:
- 2024-30505
Church Admin
- Plugin:
- Church Admin
- Plugin Slug:
- church-admin
- Installations
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 4.1.8
- Severity Score:
- Medium
- CVE:
- 2024-30493
Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Competition Plugin for WordPress
- Plugin Slug:
- contest-gallery
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 21.3.6
- Severity Score:
- High
- CVE:
- 2024-30428
Creative Addons for Elementor
- Plugin:
- Creative Addons for Elementor
- Plugin Slug:
- creative-addons-for-elementor
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.6.0
- Severity Score:
- Medium
- CVE:
- 2024-2924
WPCS – WordPress Currency Switcher Professional
- Plugin Slug:
- currency-switcher
- Installations
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.2.0.2
- Severity Score:
- Medium
- CVE:
- 2024-30456
Easy Form Builder
- Plugin:
- Easy Form Builder
- Plugin Slug:
- easy-form-builder
- Installations
- 1,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 3.7.5
- Severity Score:
- High
- CVE:
- 2024-30535
Falang multilanguage for WordPress
- Plugin Slug:
- falang
- Installations
- 1,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 1.3.48
- Severity Score:
- High
- CVE:
- 2024-30495
FG PrestaShop to WooCommerce
- Plugin:
- FG PrestaShop to WooCommerce
- Plugin Slug:
- fg-prestashop-to-woocommerce
- Installations
- 1,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 4.47.0
- Severity Score:
- Medium
- CVE:
- 2024-30511
A WordPress Testimonial Plugin to Showcase Testimonial Slider, Testimonial Grid and More: Solid Testimonials
- Plugin Slug:
- gs-testimonial
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.1.5
- Severity Score:
- Medium
- CVE:
- 2024-30443
Web Icons
- Plugin:
- Web Icons
- Plugin Slug:
- icon
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.0.0.11
- Severity Score:
- Medium
- CVE:
- 2024-30445
OSS Aliyun
- Plugin:
- OSS Aliyun
- Plugin Slug:
- oss-aliyun
- Installations
- 1,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 1.4.11
- Severity Score:
- High
- CVE:
- 2024-30494
Paid Memberships Pro – Payfast Gateway Add On
- Plugin Slug:
- pmpro-payfast
- Installations
- 1,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 1.4.2
- Severity Score:
- Medium
- CVE:
- 2024-30514
Print Page block – Print the entire page or Section.
- Plugin Slug:
- print-page
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.0.9
- Severity Score:
- Medium
- CVE:
- 2024-30438
OpenStreetMap for Gutenberg and WPBakery Page Builder (formerly Visual Composer)
- Plugin Slug:
- stepbyteservice-openstreetmap
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.1.2
- Severity Score:
- Medium
- CVE:
- 2024-30450
Tainacan
- Plugin:
- Tainacan
- Plugin Slug:
- tainacan
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 0.20.8
- Severity Score:
- Medium
- CVE:
- 2024-30529
Tumult Hype Animations
- Plugin:
- Tumult Hype Animations
- Plugin Slug:
- tumult-hype-animations
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.9.12
- Severity Score:
- High
- CVE:
- 2024-30461
Tumult Hype Animations
- Plugin:
- Tumult Hype Animations
- Plugin Slug:
- tumult-hype-animations
- Installations
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.9.12
- Severity Score:
- Medium
- CVE:
- 2024-30460
Webinar and Video Conference with Jitsi Meet – Create Branded Webinars for WordPress, Meetings & Livestreaming
- Plugin Slug:
- webinar-and-video-conference-with-jitsi-meet
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.6.4
- Severity Score:
- Medium
- CVE:
- 2024-30437
WholesaleX – WooCommerce Wholesale Plugin (Wholesale Prices, Dynamic Pricing, Tiered Pricing)
- Plugin:
- WholesaleX – WooCommerce Wholesale Plugin (Wholesale Prices, Dynamic Pricing, Tiered Pricing)
- Plugin Slug:
- wholesalex
- Installations
- 1,000+
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 1.3.3
- Severity Score:
- Critical
- CVE:
- 2024-30542
Sharkdropship Dropshipping & Affiliate for for AliExpress
- Plugin Slug:
- wooshark-aliexpress-importer
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.2.5
- Severity Score:
- Medium
- CVE:
- 2024-1732
WordPress CRM Plugin – WP-CRM System
- Plugin Slug:
- wp-crm-system
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.2.9.1
- Severity Score:
- Medium
- CVE:
- 2024-30434
MDTF – Meta Data and Taxonomies Filter
- Plugin Slug:
- wp-meta-data-filter-and-taxonomy-filter
- Installations
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.3.3.2
- Severity Score:
- Medium
- CVE:
- 2024-30457
DELUCKS SEO
- Plugin:
- DELUCKS SEO
- Plugin Slug:
- delucks-seo
- Installations
- 600+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.5.5
- Severity Score:
- Medium
- CVE:
- 2024-30538
Creative Image Slider – Responsive Slider Plugin
- Plugin Slug:
- creative-image-slider
- Installations
- 500+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.5.0
- Severity Score:
- High
- CVE:
- 2024-30447
YITH WooCommerce Account Funds Premium
- Plugin:
- YITH WooCommerce Account Funds Premium
- Plugin Slug:
- yith-woocommerce-account-funds-premium
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.34.0
- Severity Score:
- Medium
- CVE:
- 2024-30470
WP Cost Estimation & Payment Forms Builder
- Plugin:
- WP Cost Estimation & Payment Forms Builder
- Plugin Slug:
- wp-estimation-form
- Vulnerability:
- SQL Injection
- Patched in Version:
- 10.1.76
- Severity Score:
- High
- CVE:
- 2024-30489
Wholesale For WooCommerce
- Plugin:
- Wholesale For WooCommerce
- Plugin Slug:
- woocommerce-wholesale-pricing
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 2.3.1
- Severity Score:
- Medium
- CVE:
- 2024-30469
Slider by Supsystic
- Plugin:
- Slider by Supsystic
- Plugin Slug:
- slider-by-supsystic
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.8.11
- Severity Score:
- Medium
- CVE:
- 2024-30448
REHub Framework
- Plugin:
- REHub Framework
- Plugin Slug:
- rehub-framework
- Vulnerability:
- SQL Injection
- Patched in Version:
- 19.6.2
- Severity Score:
- High
- CVE:
- 2024-31234
Limit Attempts by BestWebSoft
- Plugin:
- Limit Attempts by BestWebSoft
- Plugin Slug:
- limit-attempts
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.3.0
- Severity Score:
- High
- CVE:
- 2024-30439
LayerSlider
- Plugin:
- LayerSlider
- Plugin Slug:
- layerslider
- Vulnerability:
- SQL Injection
- Patched in Version:
- 7.10.1
- Severity Score:
- Critical
- CVE:
- 2024-2879
WP ERP
- Plugin:
- WP ERP
- Plugin Slug:
- erp
- Vulnerability:
- SQL Injection
- Patched in Version:
- 1.30.0
- Severity Score:
- High
- CVE:
- 2024-0952
Calendarista Basic Edition
- Plugin:
- Calendarista Basic Edition
- Plugin Slug:
- calendarista-basic-edition
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.0.6
- Severity Score:
- Medium
- CVE:
- 2024-30534
WordPress Themes — 3 Patched / 0 Unpatched
Rehub
- Theme:
- Rehub
- Theme Slug:
- rehub-theme
- Vulnerability:
- SQL Injection
- Patched in Version:
- 19.6.2
- Severity Score:
- High
- CVE:
- 2024-31233
Rehub
- Theme:
- Rehub
- Theme Slug:
- rehub-theme
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 19.6.2
- Severity Score:
- High
- CVE:
- 2024-31232
Rehub
- Theme:
- Rehub
- Theme Slug:
- rehub-theme
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 19.6.2
- Severity Score:
- Critical
- CVE:
- 2024-31231
Solid Security is part of Solid Suite — The best foundation for WordPress websites.
Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!
Sign up now — Get SolidWP updates and valuable content straight to your inbox
Sign up
Get started with confidence — risk free, guaranteed