WordPress Vulnerability Report — August 21, 2024

Since last week, 183 new vulnerabilities emerged in the WordPress ecosystem including 174 plugins and 9 themes. 53 of the vulnerable plugins and themes remain unpatched, but Solid Security Pro users are protected by virtual patching from Patchstack.

Sarah

Published:Aug 21, 2024

Filed Under:WordPress Vulnerability Report

Reading Time:36 min.

In this report, 183 vulnerabilities have been publicly disclosed. Security patches for 129 of these plugins are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 53 plugin and theme vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

Along with poor user account security, vulnerable plugins and themes are among the top reasons why WordPress websites get hacked. Unfortunately, cyberattacks are increasing in volume and sophistication. They’re also increasingly aimed at small to mid-sized businesses.

1. WordPress Core
2. WordPress Plugins — 126 Patched / 47 Unpatched

2.1 Cookie Notice & Compliance for GDPR / CCPA
2.2 Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer
2.3 Button contact VR
2.4 Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy)
2.5 Backup and Restore WordPress – Backup Plugin
2.6 Backup and Restore WordPress – Backup Plugin
2.7 Backup and Restore WordPress – Backup Plugin
2.8 WP User Manager – User Profile Builder & Membership
2.9 WP SMS – Ultimate SMS & MMS Notifications, 2FA, OTP, and Integrations with WooCommerce, GravityForms, and More
2.10 WP Job Portal – A Complete Recruitment System for Company or Job Board website
2.11 All Bootstrap Blocks
2.12 Photo Engine (Media Organizer & Lightroom)
2.13 Propovoice: All-in-One Client Management System
2.14 Skitter Slideshow
2.15 Admission AppManager
2.16 AdRotate
2.17 Bit Form Pro
2.18 Bit Form Pro
2.19 Bit Form Pro
2.20 Bit Form Pro
2.21 Smart Online Order for Clover
2.22 Smart Online Order for Clover
2.23 Compute Links
2.24 DL Robots.txt
2.25 Simple Share
2.26 Ultimate Membership Pro
2.27 Ultimate Membership Pro
2.28 Ultimate Membership Pro
2.29 Leopard – WordPress offload media
2.30 Leopard – WordPress offload media
2.31 LOGIN AND REGISTRATION ATTEMPTS LIMIT
2.32 Create by Mediavine
2.33 MyBookTable Bookstore
2.34 Opti Marketing
2.35 Order Export for WooCommerce
2.36 Snapshot Backup
2.37 Store Locator Plus
2.38 TrueBooker
2.39 TrueBooker
2.40 Mega Addons For Elementor
2.41 WHMpress
2.42 WHMpress
2.43 InPost for WooCommerce
2.44 Woo Products Widgets For Elementor
2.45 JobSearch
2.46 WP MultiTasking
2.47 WP MultiTasking
2.48 WooCommerce
2.49 LiteSpeed Cache
2.50 Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
2.51 Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder
2.52 MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor
2.53 Fonts Plugin | Use Google Fonts, Adobe Fonts or Upload Fonts
2.54 Fonts Plugin | Use Google Fonts, Adobe Fonts or Upload Fonts
2.55 SpeedyCache – Cache, Optimization, Performance
2.56 White Label CMS
2.57 PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer – DearFlip
2.58 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)
2.59 Stripe Payments For WooCommerce by Checkout Plugins
2.60 Stripe Payments For WooCommerce by Checkout Plugins
2.61 Slider & Popup Builder by Depicter – Add Image Slider, Carousel Slider, Exit Intent Popup, Popup Modal, Coupon Popup, Post Slider Carousel
2.62 EmbedPress – Embed PDF, PDF 3D FlipBook, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor
2.63 GiveWP – Donation Plugin and Fundraising Platform
2.64 GiveWP – Donation Plugin and Fundraising Platform
2.65 GiveWP – Donation Plugin and Fundraising Platform
2.66 GiveWP – Donation Plugin and Fundraising Platform
2.67 Insert PHP Code Snippet
2.68 Newsletter, SMTP, Email marketing and Subscribe forms by Brevo (formely Sendinblue)
2.69 The Ultimate Video Player For WordPress – by Presto Player
2.70 Relevanssi – A Better Search
2.71 SEO Plugin by Squirrly SEO
2.72 The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce
2.73 Asset CleanUp: Page Speed Booster
2.74 Tutor LMS – eLearning and online course solution
2.75 Theme My Login
2.76 AI Engine
2.77 Media Library Assistant
2.78 Clone
2.79 FOX – Currency Switcher Professional for WooCommerce
2.80 Category Posts Widget
2.81 Download Plugins and Themes in ZIP from Dashboard
2.82 Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor
2.83 Post Grid and Gutenberg Blocks
2.84 Structured Content (JSON-LD) #wpsc
2.85 WP Last Modified Info
2.86 HTML5 Video Player – mp4 Video Player Plugin and Block
2.87 HTML5 Video Player – mp4 Video Player Plugin and Block
2.88 Brave – Create Popup, Optins, Lead Generation, Survey, Sticky Elements & Interactive Content
2.89 Void Contact Form 7 Widget For Elementor Page Builder
2.90 Icegram Engage – Ultimate WP Popup Builder, Lead Generation, Optins, and CTA
2.91 Icegram Engage – Ultimate WP Popup Builder, Lead Generation, Optins, and CTA
2.92 Child Theme Creator by Orbisius
2.93 UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP
2.94 WordPress File Upload
2.95 wpForo Forum
2.96 wpForo Forum
2.97 WPBakery Page Builder Addons by Livemesh
2.98 AFI – The Easiest Integration Plugin
2.99 Bold Timeline Lite
2.100 Cryptocurrency Widgets – Price Ticker & Coins List
2.101 RegistrationMagic – User Registration Plugin with Custom Registration Forms
2.102 E2Pdf – Export Pdf Tool for WordPress
2.103 Envo’s Elementor Templates & Widgets for WooCommerce
2.104 Generate Images – Magic Post Thumbnail
2.105 Modal Window – create popup modal window
2.106 myCred – Loyalty Points and Rewards plugin for WordPress and WooCommerce – Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification
2.107 myCred – Loyalty Points and Rewards plugin for WordPress and WooCommerce – Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification
2.108 Landing Page Builder – Coming Soon page, Maintenance Mode, Lead Page, WordPress Landing Pages
2.109 Recipe Card Blocks for Gutenberg & Elementor – Best WordPress Recipe Plugin
2.110 ReviewX – Multi-criteria Rating & Reviews for WooCommerce
2.111 weMail – Email Marketing, Newsletter, Optin Forms, Subscribers WordPress Plugin
2.112 WPC Frequently Bought Together for WooCommerce
2.113 WP Data Access – WordPress App, Table and Form Builder plugin
2.114 BP Profile Search
2.115 ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup
2.116 Plugin Notes Plus
2.117 InPost PL
2.118 Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder
2.119 Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder
2.120 Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder
2.121 Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder
2.122 Custom Layouts – Post + Product grids made easy
2.123 GEO my WP
2.124 JS Help Desk – The Ultimate Help Desk & Support Plugin
2.125 JS Help Desk – The Ultimate Help Desk & Support Plugin
2.126 Salon Booking System
2.127 Void Elementor Post Grid Addon for Elementor Page builder
2.128 Shopping Cart & eCommerce Store
2.129 WP Telegram Widget and Join Link
2.130 Clever Addons for Elementor
2.131 Meta Field Block
2.132 Icegram Collect – Easy Form, Lead Collection and Subscription plugin
2.133 MStore API – Create Native Android & iOS Apps On The Cloud
2.134 Order Tracking – WordPress Status Tracking Plugin
2.135 Dark Mode for WP Dashboard
2.136 Newsletters
2.137 Newsletters
2.138 oik
2.139 Responsive Blocks – WordPress Gutenberg Blocks
2.140 WP-Lister Lite for eBay
2.141 Visual Website Collaboration, Feedback & Project Management – Atarim
2.142 JoomSport – for Sports: Team & League, Football, Hockey & more
2.143 Masteriyo LMS – eLearning and Online Course Builder for WordPress
2.144 Team Showcase
2.145 Print Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce
2.146 Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal, Social Share Buttons
2.147 Custom Field For WP Job Manager
2.148 Event Tickets with Ticket Scanner
2.149 FormFacade – WordPress plugin for Google Forms
2.150 Invite Anyone
2.151 PDF Builder for WPForms
2.152 Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider
2.153 WP Bannerize Pro
2.154 WP Travel Gutenberg Blocks
2.155 WordPress Webinar Plugin – WebinarPress
2.156 Login As Users
2.157 Grow by Tradedoubler – Advertiser Plugin for WooCommerce
2.158 Employee, Leave and Recruitment Management System – Crew HRM
2.159 Chatbot with ChatGPT WordPress
2.160 Sheet to Table Live Sync for Google Sheet
2.161 PowerPack for Beaver Builder
2.162 ElementsKit Pro
2.163 ElementsKit Pro
2.164 JetBlocks For Elementor
2.165 JetElements For Elementor
2.166 JetElements For Elementor
2.167 JetSearch
2.168 JetTabs
2.169 tagDiv Opt-In Builder
2.170 Term And Category Based Posts Widget
2.171 WooCommerce Social Login
2.172 WP eStore
2.173 WP eStore
2.174 Zephyr Project Manager

3. WordPress Themes — 3 Patched / 6 Unpatched

3.1 Allegiant
3.2 Bravada
3.3 Busiprof
3.4 GivingPress Lite
3.5 Visual Composer Starter
3.6 Purity Of Soul
3.7 Hello Agency
3.8 Bricks Builder
3.9 Houzez

Our WordPress Vulnerability Report covers the latest emerging WordPress plugin, theme, and core vulnerabilities. Each vulnerability will have a severity rating of Low, Medium, High, or Critical. Responsible disclosure of vulnerabilities is essential to keeping the WordPress community safe. Please share this report to help spread the word and make WordPress — and the web — more secure.

WordPress Core

WordPress 6.6.1 is available! This minor release features 7 bug fixes in Core and 9 bug fixes for the Block Editor. You can review a summary of the maintenance updates in this release by reading the Release Candidate announcement.

WordPress Plugins — 126 Patched / 47 Unpatched

Plugin:: Cookie Notice & Compliance for GDPR / CCPA
Plugin Slug:: cookie-notice
Installations: 1,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2022-3399

Plugin:: Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer
Plugin Slug:: clearfy
Installations: 70,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43260

Plugin:: Button contact VR
Plugin Slug:: button-contact-vr
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43347

Plugin:: Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy)
Plugin Slug:: wp-analytify
Installations: 30,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43265

Plugin:: Backup and Restore WordPress – Backup Plugin
Plugin Slug:: wp-backitup
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43270

Plugin:: Backup and Restore WordPress – Backup Plugin
Plugin Slug:: wp-backitup
Installations: 10,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43269

Plugin:: Backup and Restore WordPress – Backup Plugin
Plugin Slug:: wp-backitup
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43268

Plugin:: WP User Manager – User Profile Builder & Membership
Plugin Slug:: wp-user-manager
Installations: 10,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43336

Plugin:: WP SMS – Ultimate SMS & MMS Notifications, 2FA, OTP, and Integrations with WooCommerce, GravityForms, and More
Plugin Slug:: wp-sms
Installations: 9,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43331

Plugin:: WP Job Portal – A Complete Recruitment System for Company or Job Board website
Plugin Slug:: wp-job-portal
Installations: 6,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43266

Plugin:: All Bootstrap Blocks
Plugin Slug:: all-bootstrap-blocks
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43349

Plugin:: Photo Engine (Media Organizer & Lightroom)
Plugin Slug:: wplr-sync
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43332

Plugin:: Propovoice: All-in-One Client Management System
Plugin Slug:: propovoice
Installations: 1,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43350

Plugin:: Skitter Slideshow
Plugin Slug:: wp-skitter-slideshow
Installations: 500+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2022-1751

Plugin:: Admission AppManager
Plugin Slug:: admission-appmanager
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2023-4507

Plugin:: AdRotate
Plugin Slug:: adrotate1
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2022-1206

Plugin:: Bit Form Pro
Plugin Slug:: bitformpro
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43251

Plugin:: Bit Form Pro
Plugin Slug:: bitformpro
Vulnerability:: Settings Change
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-43250

Plugin:: Bit Form Pro
Plugin Slug:: bitformpro
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-43249

Plugin:: Bit Form Pro
Plugin Slug:: bitformpro
Vulnerability:: Arbitrary File Deletion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-43248

Plugin:: Smart Online Order for Clover
Plugin Slug:: clover-online-orders
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43254

Plugin:: Smart Online Order for Clover
Plugin Slug:: clover-online-orders
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43253

Plugin:: Compute Links
Plugin Slug:: compute-links
Vulnerability:: Remote File Inclusion
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-43261

Plugin:: DL Robots.txt
Plugin Slug:: dl-robotstxt
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-6797

Plugin:: Simple Share
Plugin Slug:: dts-simple-share
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-7556

Plugin:: Ultimate Membership Pro
Plugin Slug:: indeed-membership-pro
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-43242

Plugin:: Ultimate Membership Pro
Plugin Slug:: indeed-membership-pro
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-43241

Plugin:: Ultimate Membership Pro
Plugin Slug:: indeed-membership-pro
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-43240

Plugin:: Leopard – WordPress offload media
Plugin Slug:: leopard-wordpress-offload-media
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43257

Plugin:: Leopard – WordPress offload media
Plugin Slug:: leopard-wordpress-offload-media
Vulnerability:: Settings Change
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-43256

Plugin:: LOGIN AND REGISTRATION ATTEMPTS LIMIT
Plugin Slug:: login-attempts-limit-wp
Vulnerability:: Bypass Vulnerability
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2022-4532

Plugin:: Create by Mediavine
Plugin Slug:: mediavine-create
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43264

Plugin:: MyBookTable Bookstore
Plugin Slug:: mybooktable
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-43255

Plugin:: Opti Marketing
Plugin Slug:: opti-marketing
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-6928

Plugin:: Order Export for WooCommerce
Plugin Slug:: order-export-and-more-for-woocommerce
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43259

Plugin:: Snapshot Backup
Plugin Slug:: snapshot-backup
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-7689

Plugin:: Store Locator Plus
Plugin Slug:: store-locator-le
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43258

Plugin:: TrueBooker
Plugin Slug:: truebooker-appointment-booking
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-6924

Plugin:: TrueBooker
Plugin Slug:: truebooker-appointment-booking
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-6925

Plugin:: Mega Addons For Elementor
Plugin Slug:: ultimate-addons-for-elementor
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43267

Plugin:: WHMpress
Plugin Slug:: whmpress
Vulnerability:: Settings Change
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-43247

Plugin:: WHMpress
Plugin Slug:: whmpress
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-43246

Plugin:: InPost for WooCommerce
Plugin Slug:: woo-inpost
Vulnerability:: Arbitrary File Deletion
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-6500

Plugin:: Woo Products Widgets For Elementor
Plugin Slug:: woo-products-widgets-for-elementor
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-43271

Plugin:: JobSearch
Plugin Slug:: wp-jobsearch
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-43245

Plugin:: WP MultiTasking
Plugin Slug:: wp-multitasking
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-6859

Plugin:: WP MultiTasking
Plugin Slug:: wp-multitasking
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-6856

Plugin:: WooCommerce
Plugin Slug:: woocommerce
Installations: 7,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 9.1.3
Severity Score:: Medium
CVE:: 2024-39666

Plugin:: LiteSpeed Cache
Plugin Slug:: litespeed-cache
Installations: 5,000,000+
Vulnerability:: Privilege Escalation
Patched in Version:: 6.4
Severity Score:: Critical
CVE:: 2024-28000

Plugin:: Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
Plugin Slug:: essential-addons-for-elementor-lite
Installations: 2,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.0.0
Severity Score:: Medium
CVE:: 2024-7092

Plugin:: Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder
Plugin Slug:: popup-maker
Installations: 700,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.19.1
Severity Score:: Medium
CVE:: 2024-7054

Plugin:: MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor
Plugin Slug:: metform
Installations: 400,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 3.3.0
Severity Score:: Critical
CVE:: 2023-0714

Plugin:: Fonts Plugin | Use Google Fonts, Adobe Fonts or Upload Fonts
Plugin Slug:: olympus-google-fonts
Installations: 200,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.7.8
Severity Score:: Medium
CVE:: 2024-43302

Plugin:: Fonts Plugin | Use Google Fonts, Adobe Fonts or Upload Fonts
Plugin Slug:: olympus-google-fonts
Installations: 200,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.7.8
Severity Score:: High
CVE:: 2024-43301

Plugin:: SpeedyCache – Cache, Optimization, Performance
Plugin Slug:: speedycache
Installations: 200,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.1.9
Severity Score:: Medium
CVE:: 2024-43299

Plugin:: White Label CMS
Plugin Slug:: white-label-cms
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.7.5
Severity Score:: High
CVE:: 2024-43303

Plugin:: PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer – DearFlip
Plugin Slug:: 3d-flipbook-dflip-lite
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.56
Severity Score:: Medium
CVE:: 2024-4367

Plugin:: Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)
Plugin Slug:: bdthemes-element-pack-lite
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.7.3
Severity Score:: Medium
CVE:: 2024-7247

Plugin:: Stripe Payments For WooCommerce by Checkout Plugins
Plugin Slug:: checkout-plugins-stripe-woo
Installations: 100,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.9.2
Severity Score:: Medium
CVE:: 2024-43316

Plugin:: Stripe Payments For WooCommerce by Checkout Plugins
Plugin Slug:: checkout-plugins-stripe-woo
Installations: 100,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 1.9.2
Severity Score:: High
CVE:: 2024-43315

Plugin:: Slider & Popup Builder by Depicter – Add Image Slider, Carousel Slider, Exit Intent Popup, Popup Modal, Coupon Popup, Post Slider Carousel
Plugin Slug:: depicter
Installations: 100,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 3.1.2
Severity Score:: Critical
CVE:: 2024-4389

Plugin:: EmbedPress – Embed PDF, PDF 3D FlipBook, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor
Plugin Slug:: embedpress
Installations: 100,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 4.0.10
Severity Score:: High
CVE:: 2024-43328

Plugin:: GiveWP – Donation Plugin and Fundraising Platform
Plugin Slug:: give
Installations: 100,000+
Vulnerability:: Arbitrary File Deletion
Patched in Version:: 3.14.2
Severity Score:: Medium
CVE:: 2024-5941

Plugin:: GiveWP – Donation Plugin and Fundraising Platform
Plugin Slug:: give
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.14.0
Severity Score:: Medium
CVE:: 2024-5940

Plugin:: GiveWP – Donation Plugin and Fundraising Platform
Plugin Slug:: give
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.14.0
Severity Score:: Medium
CVE:: 2024-5939

Plugin:: GiveWP – Donation Plugin and Fundraising Platform
Plugin Slug:: give
Installations: 100,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 3.14.2
Severity Score:: Critical
CVE:: 2024-5932

Plugin:: Insert PHP Code Snippet
Plugin Slug:: insert-php-code-snippet
Installations: 100,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.3.7
Severity Score:: Medium
CVE:: 2024-43275

Plugin:: Newsletter, SMTP, Email marketing and Subscribe forms by Brevo (formely Sendinblue)
Plugin Slug:: mailin
Installations: 100,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.1.83
Severity Score:: Medium
CVE:: 2024-43287

Plugin:: The Ultimate Video Player For WordPress – by Presto Player
Plugin Slug:: presto-player
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.0.3
Severity Score:: Medium
CVE:: 2024-43285

Plugin:: Relevanssi – A Better Search
Plugin Slug:: relevanssi
Installations: 100,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 4.23.0
Severity Score:: Medium
CVE:: 2024-7630

Plugin:: SEO Plugin by Squirrly SEO
Plugin Slug:: squirrly-seo
Installations: 100,000+
Vulnerability:: SQL Injection
Patched in Version:: 12.3.20
Severity Score:: High
CVE:: 2024-43286

Plugin:: The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce
Plugin Slug:: the-plus-addons-for-elementor-page-builder
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.6.3
Severity Score:: Medium
CVE:: 2024-5763

Plugin:: Asset CleanUp: Page Speed Booster
Plugin Slug:: wp-asset-clean-up
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.3.9.4
Severity Score:: Medium
CVE:: 2024-43314

Plugin:: Tutor LMS – eLearning and online course solution
Plugin Slug:: tutor
Installations: 90,000+
Vulnerability:: SQL Injection
Patched in Version:: 2.7.3
Severity Score:: High
CVE:: 2024-43282

Plugin:: Theme My Login
Plugin Slug:: theme-my-login
Installations: 80,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 7.1.8
Severity Score:: Medium
CVE:: 2024-7422

Plugin:: AI Engine
Plugin Slug:: ai-engine
Installations: 70,000+
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: 2.5.1
Severity Score:: Critical
CVE:: 2024-6451

Plugin:: Media Library Assistant
Plugin Slug:: media-library-assistant
Installations: 70,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 3.19
Severity Score:: Critical
CVE:: 2024-6823

Plugin:: Clone
Plugin Slug:: wp-clone-by-wp-academy
Installations: 70,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.4.6
Severity Score:: Medium
CVE:: 2024-43298

Plugin:: FOX – Currency Switcher Professional for WooCommerce
Plugin Slug:: woocommerce-currency-switcher
Installations: 60,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.4.2.1
Severity Score:: Medium
CVE:: 2024-43297

Plugin:: Category Posts Widget
Plugin Slug:: category-posts
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.9.17
Severity Score:: Medium
CVE:: 2024-6158

Plugin:: Download Plugins and Themes in ZIP from Dashboard
Plugin Slug:: download-plugins-dashboard
Installations: 40,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.8.8
Severity Score:: Medium
CVE:: 2024-7501

Plugin:: Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor
Plugin Slug:: gutentor
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.3.6
Severity Score:: Medium
CVE:: 2024-43308

Plugin:: Post Grid and Gutenberg Blocks
Plugin Slug:: post-grid
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.88
Severity Score:: Medium
CVE:: 2024-7588

Plugin:: Structured Content (JSON-LD) #wpsc
Plugin Slug:: structured-content
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.3
Severity Score:: Medium
CVE:: 2024-43307

Plugin:: WP Last Modified Info
Plugin Slug:: wp-last-modified-info
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.9.1
Severity Score:: Medium
CVE:: 2024-6864

Plugin:: HTML5 Video Player – mp4 Video Player Plugin and Block
Plugin Slug:: html5-video-player
Installations: 30,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.5.32
Severity Score:: Medium
CVE:: 2024-43319

Plugin:: HTML5 Video Player – mp4 Video Player Plugin and Block
Plugin Slug:: html5-video-player
Installations: 30,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.5.31
Severity Score:: Medium
CVE:: 2024-43296

Plugin:: Brave – Create Popup, Optins, Lead Generation, Survey, Sticky Elements & Interactive Content
Plugin Slug:: brave-popup-builder
Installations: 20,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 0.7.1
Severity Score:: Medium
CVE:: 2024-43337

Plugin:: Void Contact Form 7 Widget For Elementor Page Builder
Plugin Slug:: cf7-widget-elementor
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.2
Severity Score:: Medium
CVE:: 2024-43291

Plugin:: Icegram Engage – Ultimate WP Popup Builder, Lead Generation, Optins, and CTA
Plugin Slug:: icegram
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1.26
Severity Score:: Medium
CVE:: 2024-43344

Plugin:: Icegram Engage – Ultimate WP Popup Builder, Lead Generation, Optins, and CTA
Plugin Slug:: icegram
Installations: 20,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.1.25
Severity Score:: Medium
CVE:: 2024-43272

Plugin:: Child Theme Creator by Orbisius
Plugin Slug:: orbisius-child-theme-creator
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.5
Severity Score:: High
CVE:: 2024-43276

Plugin:: UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP
Plugin Slug:: userswp
Installations: 20,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.2.16
Severity Score:: Medium
CVE:: 2024-43277

Plugin:: WordPress File Upload
Plugin Slug:: wp-file-upload
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.24.9
Severity Score:: High
CVE:: 2024-7301

Plugin:: wpForo Forum
Plugin Slug:: wpforo
Installations: 20,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.3.5
Severity Score:: High
CVE:: 2024-43289

Plugin:: wpForo Forum
Plugin Slug:: wpforo
Installations: 20,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 2.3.5
Severity Score:: Medium
CVE:: 2024-43288

Plugin:: WPBakery Page Builder Addons by Livemesh
Plugin Slug:: addons-for-visual-composer
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.9.1
Severity Score:: Medium
CVE:: 2024-43320

Plugin:: AFI – The Easiest Integration Plugin
Plugin Slug:: advanced-form-integration
Installations: 10,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.89.6
Severity Score:: Medium
CVE:: 2024-43340

Plugin:: Bold Timeline Lite
Plugin Slug:: bold-timeline-lite
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.1
Severity Score:: Medium
CVE:: 2024-43294

Plugin:: Cryptocurrency Widgets – Price Ticker & Coins List
Plugin Slug:: cryptocurrency-price-ticker-widget
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.8.1
Severity Score:: High
CVE:: 2024-43304

Plugin:: RegistrationMagic – User Registration Plugin with Custom Registration Forms
Plugin Slug:: custom-registration-form-builder-with-submission-manager
Installations: 10,000+
Vulnerability:: Content Injection
Patched in Version:: 6.0.1.1
Severity Score:: Medium
CVE:: 2024-43317

Plugin:: E2Pdf – Export Pdf Tool for WordPress
Plugin Slug:: e2pdf
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.25.11
Severity Score:: Medium
CVE:: 2024-43318

Plugin:: Envo’s Elementor Templates & Widgets for WooCommerce
Plugin Slug:: envo-elementor-for-woocommerce
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4.17
Severity Score:: Medium
CVE:: 2024-43292

Plugin:: Generate Images – Magic Post Thumbnail
Plugin Slug:: magic-post-thumbnail
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.2.8
Severity Score:: Medium
CVE:: 2024-6724

Plugin:: Modal Window – create popup modal window
Plugin Slug:: modal-window
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.0.4
Severity Score:: Medium
CVE:: 2024-43346

Plugin:: myCred – Loyalty Points and Rewards plugin for WordPress and WooCommerce – Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification
Plugin Slug:: mycred
Installations: 10,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 2.7.3
Severity Score:: Critical
CVE:: 2024-43354

Plugin:: myCred – Loyalty Points and Rewards plugin for WordPress and WooCommerce – Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification
Plugin Slug:: mycred
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.7.3
Severity Score:: Medium
CVE:: 2024-43353

Plugin:: Landing Page Builder – Coming Soon page, Maintenance Mode, Lead Page, WordPress Landing Pages
Plugin Slug:: page-builder-add
Installations: 10,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 1.5.2.1
Severity Score:: High
CVE:: 2024-43345

Plugin:: Recipe Card Blocks for Gutenberg & Elementor – Best WordPress Recipe Plugin
Plugin Slug:: recipe-card-blocks-by-wpzoom
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.3.2
Severity Score:: Medium
CVE:: 2024-43293

Plugin:: ReviewX – Multi-criteria Rating & Reviews for WooCommerce
Plugin Slug:: reviewx
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.6.29
Severity Score:: Medium
CVE:: 2024-43323

Plugin:: weMail – Email Marketing, Newsletter, Optin Forms, Subscribers WordPress Plugin
Plugin Slug:: wemail
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.14.6
Severity Score:: High
CVE:: 2024-43238

Plugin:: WPC Frequently Bought Together for WooCommerce
Plugin Slug:: woo-bought-together
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 7.2.0
Severity Score:: Medium
CVE:: 2024-43312

Plugin:: WP Data Access – WordPress App, Table and Form Builder plugin
Plugin Slug:: wp-data-access
Installations: 10,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 5.5.9
Severity Score:: Medium
CVE:: 2024-43295

Plugin:: BP Profile Search
Plugin Slug:: bp-profile-search
Installations: 9,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 5.8
Severity Score:: High
CVE:: 2024-7850

Plugin:: ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup
Plugin Slug:: armember-membership
Installations: 8,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.0.38
Severity Score:: Medium
CVE:: 2024-7703

Plugin:: Plugin Notes Plus
Plugin Slug:: plugin-notes-plus
Installations: 8,000+
Vulnerability:: Arbitrary Content Deletion
Patched in Version:: 1.2.8
Severity Score:: Medium
CVE:: 2024-43326

Plugin:: InPost PL
Plugin Slug:: inpost-for-woocommerce
Installations: 7,000+
Vulnerability:: Arbitrary File Deletion
Patched in Version:: 1.4.5
Severity Score:: Critical
CVE:: 2024-6500

Plugin:: Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder
Plugin Slug:: bit-form
Installations: 6,000+
Vulnerability:: Arbitrary File Download
Patched in Version:: 2.13.10
Severity Score:: High
CVE:: 2024-7777

Plugin:: Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder
Plugin Slug:: bit-form
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.13.10
Severity Score:: Medium
CVE:: 2024-7775

Plugin:: Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder
Plugin Slug:: bit-form
Installations: 6,000+
Vulnerability:: SQL Injection
Patched in Version:: 2.13.10
Severity Score:: High
CVE:: 2024-7702

Plugin:: Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder
Plugin Slug:: bit-form
Installations: 6,000+
Vulnerability:: Arbitrary File Deletion
Patched in Version:: 2.13.5
Severity Score:: Medium
CVE:: 2024-7782

Plugin:: Custom Layouts – Post + Product grids made easy
Plugin Slug:: custom-layouts
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4.12
Severity Score:: Medium
CVE:: 2024-43305

Plugin:: GEO my WP
Plugin Slug:: geo-my-wp
Installations: 5,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 4.5.0.2
Severity Score:: High
CVE:: 2024-6330

Plugin:: JS Help Desk – The Ultimate Help Desk & Support Plugin
Plugin Slug:: js-support-ticket
Installations: 5,000+
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: 2.8.7
Severity Score:: Critical
CVE:: 2024-7094

Plugin:: JS Help Desk – The Ultimate Help Desk & Support Plugin
Plugin Slug:: js-support-ticket
Installations: 5,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.8.7
Severity Score:: Medium
CVE:: 2024-43274

Plugin:: Salon Booking System
Plugin Slug:: salon-booking-system
Installations: 5,000+
Vulnerability:: Open Redirection
Patched in Version:: 10.9
Severity Score:: Medium
CVE:: 2024-43280

Plugin:: Void Elementor Post Grid Addon for Elementor Page builder
Plugin Slug:: void-elementor-post-grid-addon-for-elementor-page-builder
Installations: 5,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 2.4
Severity Score:: Medium
CVE:: 2024-43281

Plugin:: Shopping Cart & eCommerce Store
Plugin Slug:: wp-easycart
Installations: 5,000+
Vulnerability:: SQL Injection
Patched in Version:: 5.7.3
Severity Score:: High
CVE:: 2024-7827

Plugin:: WP Telegram Widget and Join Link
Plugin Slug:: wptelegram-widget
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.28
Severity Score:: Medium
CVE:: 2024-43309

Plugin:: Clever Addons for Elementor
Plugin Slug:: cafe-lite
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.1
Severity Score:: Medium
CVE:: 2024-43324

Plugin:: Meta Field Block
Plugin Slug:: display-a-meta-field-as-block
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.14
Severity Score:: Medium
CVE:: 2024-43278

Plugin:: Icegram Collect – Easy Form, Lead Collection and Subscription plugin
Plugin Slug:: icegram-rainmaker
Installations: 4,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.3.15
Severity Score:: Medium
CVE:: 2024-43273

Plugin:: MStore API – Create Native Android & iOS Apps On The Cloud
Plugin Slug:: mstore-api
Installations: 4,000+
Vulnerability:: Broken Authentication
Patched in Version:: 4.15.3
Severity Score:: High
CVE:: 2024-7628

Plugin:: Order Tracking – WordPress Status Tracking Plugin
Plugin Slug:: order-tracking
Installations: 4,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.3.13
Severity Score:: Medium
CVE:: 2024-43343

Plugin:: Dark Mode for WP Dashboard
Plugin Slug:: dark-mode-for-wp-dashboard
Installations: 3,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.2.4
Severity Score:: Medium
CVE:: 2024-43325

Plugin:: Newsletters
Plugin Slug:: newsletters-lite
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.9.9
Severity Score:: High
CVE:: 2024-43279

Plugin:: Newsletters
Plugin Slug:: newsletters-lite
Installations: 3,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 4.9.9.1
Severity Score:: Medium
CVE:: 2024-7411

Plugin:: oik
Plugin Slug:: oik
Installations: 3,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 4.12.1
Severity Score:: Medium
CVE:: 2024-43356

Plugin:: Responsive Blocks – WordPress Gutenberg Blocks
Plugin Slug:: responsive-block-editor-addons
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8.9
Severity Score:: Medium
CVE:: 2024-43335

Plugin:: WP-Lister Lite for eBay
Plugin Slug:: wp-lister-for-ebay
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.6.1
Severity Score:: High
CVE:: 2024-43306

Plugin:: Visual Website Collaboration, Feedback & Project Management – Atarim
Plugin Slug:: atarim-visual-collaboration
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.0.2
Severity Score:: Medium
CVE:: 2024-43290

Plugin:: JoomSport – for Sports: Team & League, Football, Hockey & more
Plugin Slug:: joomsport-sports-league-results-management
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.5.7
Severity Score:: Medium
CVE:: 2024-43355

Plugin:: Masteriyo LMS – eLearning and Online Course Builder for WordPress
Plugin Slug:: learning-management-system
Installations: 2,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 1.11.5
Severity Score:: Medium
CVE:: 2024-43239

Plugin:: Team Showcase
Plugin Slug:: team
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.22.24
Severity Score:: Medium
CVE:: 2024-43321

Plugin:: Print Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce
Plugin Slug:: a4-barcode-generator
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.4.10
Severity Score:: Medium
CVE:: 2024-43310

Plugin:: Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal, Social Share Buttons
Plugin Slug:: contest-gallery
Installations: 1,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 23.1.3
Severity Score:: Medium
CVE:: 2024-43283

Plugin:: Custom Field For WP Job Manager
Plugin Slug:: custom-field-for-wp-job-manager
Installations: 1,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 1.3
Severity Score:: Medium
CVE:: 2023-7049

Plugin:: Event Tickets with Ticket Scanner
Plugin Slug:: event-tickets-with-ticket-scanner
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.3.8
Severity Score:: Medium
CVE:: 2024-6711

Plugin:: FormFacade – WordPress plugin for Google Forms
Plugin Slug:: formfacade
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.3
Severity Score:: High
CVE:: 2024-43313

Plugin:: Invite Anyone
Plugin Slug:: invite-anyone
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4.8
Severity Score:: High
CVE:: 2024-43327

Plugin:: PDF Builder for WPForms
Plugin Slug:: pdf-builder-for-wpforms
Installations: 1,000+
Vulnerability:: Full Path Disclosure (FPD)
Patched in Version:: 1.2.117
Severity Score:: Medium
CVE:: 2024-7414

Plugin:: Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider
Plugin Slug:: ultimate-store-kit
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.0
Severity Score:: Medium
CVE:: 2024-43342

Plugin:: WP Bannerize Pro
Plugin Slug:: wp-bannerize-pro
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.9.1
Severity Score:: Medium
CVE:: 2024-7388

Plugin:: WP Travel Gutenberg Blocks
Plugin Slug:: wp-travel-blocks
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.6.0
Severity Score:: Medium
CVE:: 2024-43284

Plugin:: WordPress Webinar Plugin – WebinarPress
Plugin Slug:: wp-webinarsystem
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.33.21
Severity Score:: Medium
CVE:: 2024-43339

Plugin:: Login As Users
Plugin Slug:: login-as-users
Installations: 300+
Vulnerability:: Privilege Escalation
Patched in Version:: 1.4.3
Severity Score:: Critical
CVE:: 2024-43311

Plugin:: Grow by Tradedoubler – Advertiser Plugin for WooCommerce
Plugin Slug:: tradedoubler-affiliate-tracker
Installations: 200+
Vulnerability:: Local File Inclusion
Patched in Version:: 2.0.22
Severity Score:: High
CVE:: 2024-6460

Plugin:: Employee, Leave and Recruitment Management System – Crew HRM
Plugin Slug:: hr-management
Installations: 80+
Vulnerability:: PHP Object Injection
Patched in Version:: 1.1.2
Severity Score:: Critical
CVE:: 2024-43252

Plugin:: Chatbot with ChatGPT WordPress
Plugin Slug:: smartsearchwp
Installations: 30+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.5
Severity Score:: High
CVE:: 2024-6843

Plugin:: Sheet to Table Live Sync for Google Sheet
Plugin Slug:: sheet-to-wp-table-for-google-sheet
Installations: 20+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.2
Severity Score:: Medium
CVE:: 2024-6532

Plugin:: PowerPack for Beaver Builder
Plugin Slug:: bbpowerpack
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.37.4
Severity Score:: High
CVE:: 2024-43330

Plugin:: ElementsKit Pro
Plugin Slug:: elementskit
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.6.6
Severity Score:: Medium
CVE:: 2024-7064

Plugin:: ElementsKit Pro
Plugin Slug:: elementskit
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 3.6.7
Severity Score:: Medium
CVE:: 2024-7063

Plugin:: JetBlocks For Elementor
Plugin Slug:: jet-blocks
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.12.1
Severity Score:: Medium
CVE:: 2024-7147

Plugin:: JetElements For Elementor
Plugin Slug:: jet-elements
Vulnerability:: Local File Inclusion
Patched in Version:: 2.6.20.1
Severity Score:: High
CVE:: 2024-7145

Plugin:: JetElements For Elementor
Plugin Slug:: jet-elements
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.20.1
Severity Score:: Medium
CVE:: 2024-7144

Plugin:: JetSearch
Plugin Slug:: jet-search
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.5.2.1
Severity Score:: Medium
CVE:: 2024-7136

Plugin:: JetTabs
Plugin Slug:: jet-tabs
Vulnerability:: Local File Inclusion
Patched in Version:: 2.2.3.1
Severity Score:: High
CVE:: 2024-7146

Plugin:: tagDiv Opt-In Builder
Plugin Slug:: td-subscription
Vulnerability:: SQL Injection
Patched in Version:: 1.5
Severity Score:: High
CVE:: 2023-3416

Plugin:: Term And Category Based Posts Widget
Plugin Slug:: term-and-category-based-posts-widget
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.9.13
Severity Score:: Medium
CVE:: 2024-6158

Plugin:: WooCommerce Social Login
Plugin Slug:: woo-social-login
Vulnerability:: Broken Authentication
Patched in Version:: 2.7.6
Severity Score:: Critical
CVE:: 2024-7503

Plugin:: WP eStore
Plugin Slug:: wp-cart-for-digital-products
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 8.5.6
Severity Score:: Medium
CVE:: 2024-6136

Plugin:: WP eStore
Plugin Slug:: wp-cart-for-digital-products
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 8.5.6
Severity Score:: High
CVE:: 2024-6133

Plugin:: Zephyr Project Manager
Plugin Slug:: zephyr-project-manager
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 3.3.101
Severity Score:: Medium
CVE:: 2024-43322

WordPress Themes — 3 Patched / 6 Unpatched

Theme:: Allegiant
Theme Slug:: allegiant
Downloads: 387,229
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43329

Theme:: Bravada
Theme Slug:: bravada
Downloads: 381,818
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43351

Theme:: Busiprof
Theme Slug:: busiprof
Downloads: 519,971
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43262

Theme:: GivingPress Lite
Theme Slug:: givingpress-lite
Downloads: 74,402
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43352

Theme:: Visual Composer Starter
Theme Slug:: visual-composer-starter
Downloads: 106,392
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43263

Theme:: Purity Of Soul
Theme Slug:: purity-of-soul
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-43348

Theme:: Hello Agency
Theme Slug:: hello-agency
Downloads: 12,106
Vulnerability:: Broken Access Control
Patched in Version:: 1.0.6
Severity Score:: Medium
CVE:: 2024-43341

Theme:: Bricks Builder
Theme Slug:: bricks
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.8.2
Severity Score:: Medium
CVE:: 2023-3408

Theme:: Houzez
Theme Slug:: houzez
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.5
Severity Score:: High
CVE:: 2024-43244

Solid Security is part of Solid Suite — The best foundation for WordPress websites.

Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!

Get Solid Security

Author:

Sarah

Sarah has been with StellarWP since 2024. As our marketing generalist, she spends her day writing content and completing projects for SolidWP, LearnDash, and The Events Calendar. In her free time, Sarah can be found playing pickleball, enjoying coffee at a local coffee shop, and spending time with her husband.

Browse all of Sarah's articles

Sign up

Placeholder text

Thanks

Oops something went wrong, please try submitting again

Solid Suite

Protect

Repair

Manage

Free Plugins

Solid Suite

Academy

Solid Academy

Guides

Livestreams

Tutorials Academy

Resources

Blog

Vulnerability Report

Support

Documentation

Table of Contents

WordPress Core

WordPress Plugins — 126 Patched / 47 Unpatched