In this report, 96 vulnerabilities have been publicly disclosed. Security patches for 76 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.
Additionally, there are 20 plugin vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.
WordPress Core
WordPress 6.4.3 was released on January 30, 2024, as a short-cycle maintenance and security release with five bug fixes in Core and 16 bug fixes for the Block Editor. It is recommended that you update your sites immediately.
The next major release will be version 6.5, planned for March 26, 2024.
WordPress Plugins — 75 Patched / 20 Unpatched
Featured Image from URL (FIFU)
- Plugin:
- Featured Image from URL (FIFU)
- Plugin Slug:
- featured-image-from-url
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-1496
Malware Scanner
- Plugin:
- Malware Scanner
- Plugin Slug:
- miniorange-malware-protection
- Installations
- 10,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-25902
Multi Step Form
- Plugin:
- Multi Step Form
- Plugin Slug:
- multi-step-form
- Installations
- 10,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-25905
Comments Like Dislike
- Plugin:
- Comments Like Dislike
- Plugin Slug:
- comments-like-dislike
- Installations
- 9,000+
- Vulnerability:
- Bypass Vulnerability
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-25906
PJ News Ticker
- Plugin:
- PJ News Ticker
- Plugin Slug:
- pj-news-ticker
- Installations
- 5,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-25094
TinyMCE and TinyMCE Advanced Professsional Formats and Styles
- Plugin Slug:
- tinymce-and-tinymce-advanced-professsional-formats-and-styles
- Installations
- 3,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-25904
MyWaze
- Plugin:
- MyWaze
- Plugin Slug:
- my-waze
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-25594
PB oEmbed HTML5 Audio – with Cache Support
- Plugin Slug:
- pb-oembed-html5-audio-with-cache-support
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-25098
Canto
- Plugin:
- Canto
- Plugin Slug:
- canto
- Vulnerability:
- Remote Code Execution (RCE)
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2024-25096
GigPress
- Plugin:
- GigPress
- Plugin Slug:
- gigpress
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-7233
MoveTo
- Plugin:
- MoveTo
- Plugin Slug:
- moveto
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2024-25913
MoveTo
- Plugin:
- MoveTo
- Plugin Slug:
- moveto
- Vulnerability:
- Settings Change
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2024-25912
MoveTo
- Plugin:
- MoveTo
- Plugin Slug:
- moveto
- Vulnerability:
- Denial of Service Attack
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-25911
MoveTo
- Plugin:
- MoveTo
- Plugin Slug:
- moveto
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2024-25910
Oliver POS
- Plugin:
- Oliver POS
- Plugin Slug:
- oliver-pos
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-0702
postMash – custom post order
- Plugin:
- postMash – custom post order
- Plugin Slug:
- postmash
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2024-25927
Sitepact’s Contact Form 7 Extension For Klaviyo
- Plugin:
- Sitepact’s Contact Form 7 Extension For Klaviyo
- Plugin Slug:
- sitepact-klaviyo-contact-form-7
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-25928
Widgets Controller
- Plugin:
- Widgets Controller
- Plugin Slug:
- widgets-controller
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-25926
Pexels: Free Stock Photos
- Plugin:
- Pexels: Free Stock Photos
- Plugin Slug:
- wp-pexels-free-stock-photos
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-25915
Easy Forms for Mailchimp
- Plugin:
- Easy Forms for Mailchimp
- Plugin Slug:
- yikes-inc-easy-mailchimp-extender
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-25095
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
- Plugin:
- Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
- Plugin Slug:
- essential-addons-for-elementor-lite
- Installations
- 2,000,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.9.9
- Severity Score:
- Medium
- CVE:
- 2024-1171
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
- Plugin:
- Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
- Plugin Slug:
- essential-addons-for-elementor-lite
- Installations
- 2,000,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.9.9
- Severity Score:
- Medium
- CVE:
- 2024-1172
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
- Plugin:
- Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
- Plugin Slug:
- essential-addons-for-elementor-lite
- Installations
- 2,000,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.9.9
- Severity Score:
- Medium
- CVE:
- 2024-1276
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
- Plugin:
- Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
- Plugin Slug:
- essential-addons-for-elementor-lite
- Installations
- 2,000,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.9.9
- Severity Score:
- Medium
- CVE:
- 2024-1236
Ocean Extra
- Plugin:
- Ocean Extra
- Plugin Slug:
- ocean-extra
- Installations
- 700,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.2.5
- Severity Score:
- Medium
- CVE:
- 2024-1277
Premium Addons for Elementor
- Plugin:
- Premium Addons for Elementor
- Plugin Slug:
- premium-addons-for-elementor
- Installations
- 700,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.10.19
- Severity Score:
- Medium
- CVE:
- 2024-0326
Broken Link Checker
- Plugin:
- Broken Link Checker
- Plugin Slug:
- broken-link-checker
- Installations
- 600,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.2.4
- Severity Score:
- Medium
- CVE:
- 2024-25592
WP Shortcodes Plugin — Shortcodes Ultimate
- Plugin Slug:
- shortcodes-ultimate
- Installations
- 600,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 7.0.3
- Severity Score:
- Medium
- CVE:
- 2024-1510
SiteOrigin Widgets Bundle
- Plugin:
- SiteOrigin Widgets Bundle
- Plugin Slug:
- so-widgets-bundle
- Installations
- 600,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.58.3
- Severity Score:
- Medium
- CVE:
- 2024-1070
SiteOrigin Widgets Bundle
- Plugin:
- SiteOrigin Widgets Bundle
- Plugin Slug:
- so-widgets-bundle
- Installations
- 600,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.58.4
- Severity Score:
- Medium
- CVE:
- 2024-1058
Password Protected – Ultimate Plugin to Password Protect Your WordPress Content with Ease
- Plugin Slug:
- password-protected
- Installations
- 400,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.6.7
- Severity Score:
- Medium
- CVE:
- 2024-0656
Popup Builder – Create highly converting, mobile friendly marketing popups.
- Plugin Slug:
- popup-builder
- Installations
- 200,000+
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- 4.2.6
- Severity Score:
- Medium
- CVE:
- 2023-6294
WP Activity Log
- Plugin:
- WP Activity Log
- Plugin Slug:
- wp-security-audit-log
- Installations
- 200,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.6.2
- Severity Score:
- High
- CVE:
- 2023-50905
Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress
- Plugin Slug:
- wp-user-avatar
- Installations
- 200,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.15.0
- Severity Score:
- Medium
- CVE:
- 2024-1570
Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress
- Plugin Slug:
- wp-user-avatar
- Installations
- 200,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.15.0
- Severity Score:
- High
- CVE:
- 2024-1519
Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress
- Plugin Slug:
- wp-user-avatar
- Installations
- 200,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.15.0
- Severity Score:
- Medium
- CVE:
- 2024-1408
Best WordPress Gallery Plugin – FooGallery
- Plugin Slug:
- foogallery
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.4.9
- Severity Score:
- Medium
- CVE:
- 2024-0604
Login Lockdown – Protect Login Form
- Plugin Slug:
- login-lockdown
- Installations
- 100,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.09
- Severity Score:
- Medium
- CVE:
- 2024-1340
Page scroll to id
- Plugin:
- Page scroll to id
- Plugin Slug:
- page-scroll-to-id
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.7.9
- Severity Score:
- Medium
- CVE:
- 2024-1445
PowerPack Addons for Elementor (Free Widgets, Extensions and Templates)
- Plugin Slug:
- powerpack-lite-for-elementor
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.7.16
- Severity Score:
- Medium
- CVE:
- 2024-1411
Schema & Structured Data for WP & AMP
- Plugin Slug:
- schema-and-structured-data-for-wp
- Installations
- 100,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.27
- Severity Score:
- Medium
- CVE:
- 2024-1288
Schema & Structured Data for WP & AMP
- Plugin Slug:
- schema-and-structured-data-for-wp
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.27
- Severity Score:
- Medium
- CVE:
- 2024-1586
Defender Security – Malware Scanner, Login Security & Firewall
- Plugin Slug:
- defender-security
- Installations
- 90,000+
- Vulnerability:
- Bypass Vulnerability
- Patched in Version:
- 4.4.2
- Severity Score:
- Medium
- CVE:
- 2024-25595
EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor
- Plugin Slug:
- embedpress
- Installations
- 90,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.9.9
- Severity Score:
- Medium
- CVE:
- 2024-1425
EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor
- Plugin Slug:
- embedpress
- Installations
- 90,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.9.9
- Severity Score:
- Medium
- CVE:
- 2024-1349
Email Encoder – Protect Email Addresses and Phone Numbers
- Plugin Slug:
- email-encoder-bundle
- Installations
- 80,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.2.1
- Severity Score:
- Medium
- CVE:
- 2024-1282
Elementor Addons by Livemesh
- Plugin:
- Elementor Addons by Livemesh
- Plugin Slug:
- addons-for-elementor
- Installations
- 70,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 8.3.1
- Severity Score:
- Medium
- CVE:
- 2024-25598
Simple Share Buttons Adder
- Plugin:
- Simple Share Buttons Adder
- Plugin Slug:
- simple-share-buttons-adder
- Installations
- 70,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 8.4.12
- Severity Score:
- Medium
- CVE:
- 2024-0621
Microsoft Clarity
- Plugin:
- Microsoft Clarity
- Plugin Slug:
- microsoft-clarity
- Installations
- 60,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 0.9.4
- Severity Score:
- High
- CVE:
- 2024-0590
Bold Page Builder
- Plugin:
- Bold Page Builder
- Plugin Slug:
- bold-page-builder
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.8.1
- Severity Score:
- Medium
- CVE:
- 2024-1159
Bold Page Builder
- Plugin:
- Bold Page Builder
- Plugin Slug:
- bold-page-builder
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.8.1
- Severity Score:
- Medium
- CVE:
- 2024-1160
Bold Page Builder
- Plugin:
- Bold Page Builder
- Plugin Slug:
- bold-page-builder
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.8.1
- Severity Score:
- Medium
- CVE:
- 2024-1157
MapPress Maps for WordPress
- Plugin:
- MapPress Maps for WordPress
- Plugin Slug:
- mappress-google-maps-for-wordpress
- Installations
- 50,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 2.88.16
- Severity Score:
- Medium
- CVE:
- 2024-0421
MapPress Maps for WordPress
- Plugin:
- MapPress Maps for WordPress
- Plugin Slug:
- mappress-google-maps-for-wordpress
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.88.15
- Severity Score:
- Medium
- CVE:
- 2024-0420
Booster for WooCommerce
- Plugin:
- Booster for WooCommerce
- Plugin Slug:
- woocommerce-jetpack
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 7.1.7
- Severity Score:
- Medium
- CVE:
- 2024-1054
WP Maintenance
- Plugin:
- WP Maintenance
- Plugin Slug:
- wp-maintenance
- Installations
- 50,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 6.1.7
- Severity Score:
- Medium
- CVE:
- 2024-1472
Custom Field Template
- Plugin:
- Custom Field Template
- Plugin Slug:
- custom-field-template
- Installations
- 40,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.6.1
- Severity Score:
- Medium
- CVE:
- 2024-25919
WP Editor
- Plugin:
- WP Editor
- Plugin Slug:
- wp-editor
- Installations
- 40,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 1.2.8
- Severity Score:
- Medium
- CVE:
- 2024-25591
Maspik – Spam Blacklist
- Plugin:
- Maspik – Spam Blacklist
- Plugin Slug:
- contact-forms-anti-spam
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 0.10.7
- Severity Score:
- Medium
- CVE:
- 2024-25101
My Private Site
- Plugin:
- My Private Site
- Plugin Slug:
- jonradio-private-site
- Installations
- 20,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.1.0
- Severity Score:
- Medium
- CVE:
- 2024-0978
My Calendar
- Plugin:
- My Calendar
- Plugin Slug:
- my-calendar
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.4.24
- Severity Score:
- Medium
- CVE:
- 2024-25916
Analytics Insights – Google Analytics Dashboard for WordPress
- Plugin Slug:
- analytics-insights
- Installations
- 10,000+
- Vulnerability:
- Open Redirection
- Patched in Version:
- 6.3
- Severity Score:
- Medium
- CVE:
- 2024-0250
Directorist – WordPress Business Directory Plugin with Classified Ads Listings
- Plugin Slug:
- directorist
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 7.8.5
- Severity Score:
- Medium
- CVE:
- 2024-1322
Link Library
- Plugin:
- Link Library
- Plugin Slug:
- link-library
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 7.6.1
- Severity Score:
- High
- CVE:
- 2024-1559
MasterStudy LMS WordPress Plugin – for Online Courses and Education
- Plugin Slug:
- masterstudy-lms-learning-management-system
- Installations
- 10,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 3.2.6
- Severity Score:
- Critical
- CVE:
- 2024-1512
NEX-Forms – Ultimate Form Builder – Contact forms and much more
- Plugin Slug:
- nex-forms-express-wp-form-builder
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 8.5.6
- Severity Score:
- Medium
- CVE:
- 2024-25593
Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction
- Plugin:
- Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction
- Plugin Slug:
- paid-member-subscriptions
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.11.2
- Severity Score:
- Medium
- CVE:
- 2024-1390
Smart Manager – WooCommerce Bulk Edit Products, Orders, Coupons, Any WordPress Post Type (Advanced)
- Plugin:
- Smart Manager – WooCommerce Bulk Edit Products, Orders, Coupons, Any WordPress Post Type (Advanced)
- Plugin Slug:
- smart-manager-for-wp-e-commerce
- Installations
- 10,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 8.28.0
- Severity Score:
- High
- CVE:
- 2024-0566
WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc
- Plugin Slug:
- wp-sms
- Installations
- 9,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 6.4
- Severity Score:
- Medium
- CVE:
- 2024-25920
Coming Soon Maintenance Mode
- Plugin:
- Coming Soon Maintenance Mode
- Plugin Slug:
- coming-soon-maintenance-mode
- Installations
- 6,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 1.0.6
- Severity Score:
- Medium
- CVE:
- 2024-1475
Community by PeepSo – Social Network, Membership, Registration, User Profiles
- Plugin Slug:
- peepso-core
- Installations
- 4,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 6.2.7.1
- Severity Score:
- Medium
- CVE:
- 2024-25923
WP Testimonials
- Plugin:
- WP Testimonials
- Plugin Slug:
- testimonial-widgets
- Installations
- 4,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 1.4.4
- Severity Score:
- High
- CVE:
- 2024-25924
Piraeus Bank WooCommerce Payment Gateway
- Plugin Slug:
- woo-payment-gateway-for-piraeus-bank
- Installations
- 4,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 1.7.0
- Severity Score:
- Critical
- CVE:
- 2024-0610
WPify Woo Czech
- Plugin:
- WPify Woo Czech
- Plugin Slug:
- wpify-woo
- Installations
- 4,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.0.9
- Severity Score:
- Medium
- CVE:
- 2024-1492
Paytium: Mollie payment forms & donations
- Plugin Slug:
- paytium
- Installations
- 3,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.4.3
- Severity Score:
- Medium
- CVE:
- 2024-25099
SKT Page Builder
- Plugin:
- SKT Page Builder
- Plugin Slug:
- skt-builder
- Installations
- 3,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.2
- Severity Score:
- Medium
- CVE:
- 2024-1337
Doofinder WP & WooCommerce Search
- Plugin Slug:
- doofinder-for-woocommerce
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.1.9
- Severity Score:
- Medium
- CVE:
- 2024-25596
EazyDocs – Most Powerful Knowledge base, wiki, Documentation Builder Plugin (easy docs, knowledgebase)
- Plugin Slug:
- eazydocs
- Installations
- 2,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.4.0
- Severity Score:
- Medium
- CVE:
- 2024-0248
InstaWP Connect – 1-click WP Staging & Migration
- Plugin Slug:
- instawp-connect
- Installations
- 2,000+
- Vulnerability:
- Remote Code Execution (RCE)
- Patched in Version:
- 0.1.0.9
- Severity Score:
- Critical
- CVE:
- 2024-25918
SMTP Mail
- Plugin:
- SMTP Mail
- Plugin Slug:
- smtp-mail
- Installations
- 2,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.3.21
- Severity Score:
- Medium
- CVE:
- 2024-25914
GD Rating System
- Plugin:
- GD Rating System
- Plugin Slug:
- gd-rating-system
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.5.1
- Severity Score:
- High
- CVE:
- 2024-25093
Landing Page Cat – Coming Soon Page, Maintenance Page & Squeeze Pages
- Plugin Slug:
- landing-page-cat
- Installations
- 1,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 1.7.3
- Severity Score:
- Medium
- CVE:
- 2024-0708
Frontend File Manager Plugin
- Plugin:
- Frontend File Manager Plugin
- Plugin Slug:
- nmedia-user-file-uploader
- Installations
- 1,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 22.8
- Severity Score:
- Medium
- CVE:
- 2024-25903
TNC PDF viewer
- Plugin:
- TNC PDF viewer
- Plugin Slug:
- pdf-viewer-by-themencode
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.9.0
- Severity Score:
- Medium
- CVE:
- 2024-25097
Sunshine Photo Cart: Free Client Galleries for Photographers
- Plugin Slug:
- sunshine-photo-cart
- Installations
- 1,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 3.1
- Severity Score:
- Medium
- CVE:
- 2024-1294
Peach Payments Gateway
- Plugin:
- Peach Payments Gateway
- Plugin Slug:
- wc-peach-payments-gateway
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.2.0
- Severity Score:
- Medium
- CVE:
- 2024-25922
Ultimate Reviews
- Plugin:
- Ultimate Reviews
- Plugin Slug:
- ultimate-reviews
- Installations
- 900+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.2.9
- Severity Score:
- High
- CVE:
- 2024-25597
Action Network
- Plugin:
- Action Network
- Plugin Slug:
- wp-action-network
- Installations
- 600+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.4.3
- Severity Score:
- High
- CVE:
- 2024-25921
Web3 – Crypto wallet Login & NFT token gating
- Plugin Slug:
- web3-authentication
- Installations
- 200+
- Vulnerability:
- Broken Authentication
- Patched in Version:
- 3.0.0
- Severity Score:
- Critical
- CVE:
- 2023-6036
Cwicly
- Plugin:
- Cwicly
- Plugin Slug:
- cwicly
- Vulnerability:
- Remote Code Execution (RCE)
- Patched in Version:
- 1.4.0.3
- Severity Score:
- Critical
- CVE:
- 2024-24707
WooCommerce Easy Checkout Field Editor, Fees & Discounts
- Plugin:
- WooCommerce Easy Checkout Field Editor, Fees & Discounts
- Plugin Slug:
- phppoet-checkout-fields
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 3.5.13
- Severity Score:
- Critical
- CVE:
- 2024-25925
WP Media folder
- Plugin:
- WP Media folder
- Plugin Slug:
- wp-media-folder
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 5.7.3
- Severity Score:
- Critical
- CVE:
- 2024-25909
WP Media folder
- Plugin:
- WP Media folder
- Plugin Slug:
- wp-media-folder
- Vulnerability:
- Settings Change
- Patched in Version:
- 5.7.3
- Severity Score:
- Medium
- CVE:
- 2024-25908
WP Media folder
- Plugin:
- WP Media folder
- Plugin Slug:
- wp-media-folder
- Vulnerability:
- Settings Change
- Patched in Version:
- 5.7.3
- Severity Score:
- Medium
- CVE:
- 2024-25907
WP Setup Wizard
- Plugin:
- WP Setup Wizard
- Plugin Slug:
- wp-setup-wizard
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 1.0.8.2
- Severity Score:
- High
- CVE:
- 2024-25917
WordPress Themes — 1 Patched / 0 Unpatched
Bricks Builder
- Theme:
- Bricks Builder
- Theme Slug:
- bricks
- Vulnerability:
- Remote Code Execution (RCE)
- Patched in Version:
- 1.9.6.1
- Severity Score:
- Critical
- CVE:
- 2024-25600
Sign up now — Get SolidWP updates and valuable content straight to your inbox
Sign up
Get started with confidence — risk free, guaranteed