WordPress Vulnerability Report — February 7, 2024

Since last week, 158 new vulnerabilities emerged in the WordPress ecosystem, including 1 in WordPress core, 1 in themes, and 156 in plugins. 37 of the vulnerable plugins remain unpatched, but Solid Security Pro users are protected by virtual patching from Patchstack.

Sarah Ulmer

Published:Feb 7, 2024

Filed Under:WordPress Vulnerability Report

Reading Time:30 min.

In this report, 158 vulnerabilities have been publicly disclosed, including 1 in WordPress core patched in the WordPress 6.4.3 update. Security patches for 120 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 37 plugin vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

Along with poor user account security, vulnerable plugins and themes are among the reasons why WordPress websites get hacked. (See our Annual Vulnerability Report for 2022.) Unfortunately, cyberattacks are increasing in volume and sophistication. They’re also increasingly aimed at small to mid-sized businesses.

1. WordPress Core

1.1 WordPress Core

2. WordPress Plugins — 119 Patched / 37 Unpatched

2.1 MW WP Form
2.2 ACF Photo Gallery Field
2.3 Form builder to get in touch with visitors, grow your email list and collect payments — Happyforms
2.4 Email Before Download
2.5 Page Restrict
2.6 Load More Anything
2.7 MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution
2.8 OWL Carousel – WordPress Owl Carousel Slider
2.9 Debug
2.10 Don’t Muck My Markup
2.11 Ultra Companion – Companion plugin for WPoperation Themes
2.12 Accessibility
2.13 PilotPress
2.14 Cincopa video and media plug-in
2.15 Scheduling Plugin – Online Booking for WordPress
2.16 CC BMI Calculator
2.17 Click To Tweet
2.18 ERE Recently Viewed – Essential Real Estate Add-On
2.19 W3SPEEDSTER
2.20 WP-CFM
2.21 Wp-Adv-Quiz
2.22 A no-code page builder for beautiful performance-based content
2.23 Autotitle for WordPress
2.24 CalculatorPro Calculators
2.25 Coupon Referral Program
2.26 Custom User CSS
2.27 Scroll Triggered Box
2.28 JTRT Responsive Tables
2.29 Mighty Addons for Elementor
2.30 Order Delivery Date for WP e-Commerce
2.31 Persian Fonts
2.32 Popup More Popups
2.33 Post Thumbnail Editor
2.34 PT Sign Ups
2.35 Quicksand Post Filter jQuery Plugin
2.36 Quicksand Post Filter jQuery Plugin
2.37 WordPress Toolbar
2.38 Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
2.39 Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode
2.40 Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress
2.41 TablePress – Tables in WordPress made easy
2.42 Premium Addons for Elementor
2.43 SiteOrigin Widgets Bundle
2.44 Admin Menu Editor
2.45 Happy Addons for Elementor
2.46 Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder
2.47 Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder
2.48 Backuply – Backup, Restore, Migrate and Clone
2.49 Cloudflare
2.50 Page Builder: Pagelayer – Drag and Drop website builder
2.51 Page Builder: Pagelayer – Drag and Drop website builder
2.52 SEO Plugin by Squirrly SEO
2.53 Orbit Fox by ThemeIsle
2.54 Orbit Fox by ThemeIsle
2.55 Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress
2.56 Elementor Addon Elements
2.57 Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, Twitter Grid)
2.58 Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Media Slider, Drag Drop Slider, Video Slider, Product Slider, Ecommerce Slider)
2.59 Instant Images – One Click Image Uploads from Unsplash, Openverse, Pixabay and Pexels
2.60 Minimal Coming Soon – Coming Soon Page
2.61 Relevanssi – A Better Search
2.62 The Plus Addons for Elementor
2.63 Cookie Information | Free GDPR Consent Solution
2.64 SlimStat Analytics
2.65 WP STAGING WordPress Backup Plugin – Migration Backup Restore
2.66 Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid
2.67 Advanced iFrame
2.68 Advanced iFrame
2.69 Calculated Fields Form
2.70 Database for Contact Form 7, WPforms, Elementor forms
2.71 Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder
2.72 Easy Digital Downloads – Sell Digital Files (eCommerce Store & Payments Made Easy)
2.73 Exclusive Addons for Elementor
2.74 Exclusive Addons for Elementor
2.75 RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator
2.76 MapPress Maps for WordPress
2.77 Shariff Wrapper
2.78 Starbox – the Author Box for Humans
2.79 Shield Security – Smart Bot Blocking & Intrusion Prevention Security
2.80 WooCommerce Conversion Tracking
2.81 WP 404 Auto Redirect to Similar Post
2.82 Apollo13 Framework Extensions
2.83 Feed Them Social – Page, Post, Video, and Photo Galleries
2.84 Html5 Video Player – mp4 player, Video Player for WordPress
2.85 Professional Social Sharing Buttons, Icons & Related Posts – Shareaholic
2.86 Structured Content (JSON-LD) #wpsc
2.87 BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net
2.88 BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net
2.89 WP Dashboard Notes
2.90 Meks Smart Social Widget
2.91 WordPress Simple Shopping Cart
2.92 WP Visitor Statistics (Real Time Traffic)
2.93 Affiliates Manager
2.94 Awesome Support – WordPress HelpDesk & Support Plugin
2.95 Booking Calendar | Appointment Booking | BookIt
2.96 Knowledge Base for Documentation, FAQs with AI Assistance
2.97 Link Library
2.98 Link Library
2.99 NEX-Forms – Ultimate Form Builder – Contact forms and much more
2.100 WordPress Review & Structure Data Schema Plugin – Review Schema
2.101 Wonder Slider Lite
2.102 Woocommerce Vietnam Checkout
2.103 Woostify Sites Library
2.104 Product Labels For Woocommerce (Sale Badges)
2.105 FG Joomla to WordPress
2.106 WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc
2.107 Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress Plugin
2.108 Fatal Error Notify
2.109 GDPR Data Request Form
2.110 Themify Builder
2.111 ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup
2.112 Contact Form 7 Connector
2.113 WOLF – WordPress Posts Bulk Editor and Manager Professional
2.114 WOLF – WordPress Posts Bulk Editor and Manager Professional
2.115 PopupAlly
2.116 ProductX – WooCommerce Builder & Gutenberg WooCommerce Blocks
2.117 WP Dummy Content Generator
2.118 Advanced Forms for ACF
2.119 Auto Listings – Car Listings & Car Dealership Plugin for WordPress
2.120 (Simply) Guest Author Name
2.121 Beds24 Online Booking
2.122 EventPrime – Events Calendar, Bookings and Tickets
2.123 Active Products Tables for WooCommerce. Professional products tables for WooCommerce store
2.124 Active Products Tables for WooCommerce. Professional products tables for WooCommerce store
2.125 PropertyHive
2.126 PropertyHive
2.127 SP Project & Document Manager
2.128 Add Customer for WooCommerce
2.129 Anonymous Restricted Content
2.130 Biteship: Plugin Ongkos Kirim Kurir Instant, Reguler, Kargo
2.131 Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for WordPress
2.132 Polls CP
2.133 Polls CP
2.134 FG Drupal to WordPress
2.135 FG PrestaShop to WooCommerce
2.136 Five Star Restaurant Reviews
2.137 Heateor Social Login WordPress
2.138 Icons Font Loader
2.139 Kikote – Location Picker at Checkout & Google Address AutoFill Plugin for WooCommerce
2.140 Restrict Usernames Emails Characters
2.141 WP Club Manager – WordPress Sports Club Plugin
2.142 Chartify – WordPress Chart Plugin
2.143 Portugal CTT Tracking for WooCommerce
2.144 Wp-Adv-Quiz
2.145 Allow SVG
2.146 coreActivity: Activity Logging plugin for WordPress
2.147 EventON Pro
2.148 PowerPack Pro for Elementor
2.149 PowerPack Pro for Elementor
2.150 Relevanssi Premium
2.151 LearnDash LMS
2.152 LearnDash LMS
2.153 LearnDash LMS
2.154 Userpro
2.155 Userpro
2.156 WooCommerce Box Office

3. WordPress Themes — 1 Patched / 0 Unpatched

3.1 Blocksy

Our WordPress Vulnerability Report covers the latest emerging WordPress plugin, theme, and core vulnerabilities. Each vulnerability will have a severity rating of Low, Medium, High, or Critical. Responsible disclosure of vulnerabilities is essential to keeping the WordPress community safe. Please share this report to help spread the word and make WordPress — and the web — more secure.

WordPress Core

WordPress 6.4.3 was released on January 30, 2024, as a short-cycle maintenance and security release with five bug fixes in Core and 16 bug fixes for the Block Editor. It is recommended that you update your sites immediately.

The next major release will be version 6.5, planned for March 26, 2024.

Vulnerability:: Arbitrary File Upload
Patched in Version:: 6.4.3
Severity Score:: Medium
CVE:: 2018-14028

WordPress Plugins — 119 Patched / 37 Unpatched

Plugin:: MW WP Form
Plugin Slug:: mw-wp-form
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-24804

Plugin:: ACF Photo Gallery Field
Plugin Slug:: navz-photo-gallery
Installations: 50,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-23518

Plugin:: Form builder to get in touch with visitors, grow your email list and collect payments — Happyforms
Plugin Slug:: happyforms
Installations: 30,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-23521

Plugin:: Email Before Download
Plugin Slug:: email-before-download
Installations: 10,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-23519

Plugin:: Page Restrict
Plugin Slug:: pagerestrict
Installations: 10,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-24702

Plugin:: Load More Anything
Plugin Slug:: ajax-load-more-anything
Installations: 6,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-24704

Plugin:: MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution
Plugin Slug:: dc-woocommerce-multi-vendor
Installations: 6,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-24703

Plugin:: OWL Carousel – WordPress Owl Carousel Slider
Plugin Slug:: lgx-owl-carousel
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-24801

Plugin:: Debug
Plugin Slug:: debug
Installations: 3,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-24798

Plugin:: Don’t Muck My Markup
Plugin Slug:: dont-muck-my-markup
Installations: 3,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-23510

Plugin:: Ultra Companion – Companion plugin for WPoperation Themes
Plugin Slug:: ultra-companion
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-24803

Plugin:: Accessibility
Plugin Slug:: accessibility
Installations: 2,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-24705

Plugin:: PilotPress
Plugin Slug:: pilotpress
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-23524

Plugin:: Cincopa video and media plug-in
Plugin Slug:: video-playlist-and-gallery-plugin
Installations: 2,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-23515

Plugin:: Scheduling Plugin – Online Booking for WordPress
Plugin Slug:: calendar-booking
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-23517

Plugin:: CC BMI Calculator
Plugin Slug:: cc-bmi-calculator
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-23516

Plugin:: Click To Tweet
Plugin Slug:: click-to-tweet
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-23514

Plugin:: ERE Recently Viewed – Essential Real Estate Add-On
Plugin Slug:: ere-recently-viewed
Installations: 1,000+
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-24797

Plugin:: W3SPEEDSTER
Plugin Slug:: w3speedster-wp
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-24708

Plugin:: WP-CFM
Plugin Slug:: wp-cfm
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-24706

Plugin:: Wp-Adv-Quiz
Plugin Slug:: advanced-quiz
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2023-5956

Plugin:: A no-code page builder for beautiful performance-based content
Plugin Slug:: setka-editor
Installations: 200+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-24701

Plugin:: Autotitle for WordPress
Plugin Slug:: autotitle-for-wordpress
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2023-6946

Plugin:: CalculatorPro Calculators
Plugin Slug:: calculatorpro-calculators
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-24847

Plugin:: Coupon Referral Program
Plugin Slug:: coupon-referral-program
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-25100

Plugin:: Custom User CSS
Plugin Slug:: custom-user-css
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2023-6391

Plugin:: Scroll Triggered Box
Plugin Slug:: dreamgrow-scroll-triggered-box
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-24865

Plugin:: JTRT Responsive Tables
Plugin Slug:: jtrt-responsive-tables
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-24802

Plugin:: Mighty Addons for Elementor
Plugin Slug:: mighty-addons
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-24846

Plugin:: Order Delivery Date for WP e-Commerce
Plugin Slug:: order-delivery-date
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-0678

Plugin:: Persian Fonts
Plugin Slug:: persian-fonts
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2023-7167

Plugin:: Popup More Popups
Plugin Slug:: popup-more
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-0844

Plugin:: Post Thumbnail Editor
Plugin Slug:: post-thumbnail-editor
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-24845

Plugin:: PT Sign Ups
Plugin Slug:: ptoffice-sign-ups
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-24848

Plugin:: Quicksand Post Filter jQuery Plugin
Plugin Slug:: quicksand-jquery-post-filter
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-24850

Plugin:: Quicksand Post Filter jQuery Plugin
Plugin Slug:: quicksand-jquery-post-filter
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-24849

Plugin:: WordPress Toolbar
Plugin Slug:: wordpress-toolbar
Vulnerability:: Open Redirection
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2023-6389

Plugin:: Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
Plugin Slug:: essential-addons-for-elementor-lite
Installations: 2,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.9.8
Severity Score:: Medium
CVE:: 2024-0954

Plugin:: Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode
Plugin Slug:: coming-soon
Installations: 900,000+
Vulnerability:: Broken Access Control
Patched in Version:: 6.15.22
Severity Score:: Medium
CVE:: 2024-1072

Plugin:: Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress
Plugin Slug:: ninja-forms
Installations: 800,000+
Vulnerability:: SQL Injection
Patched in Version:: 3.7.2
Severity Score:: Medium
CVE:: 2024-0685

Plugin:: TablePress – Tables in WordPress made easy
Plugin Slug:: tablepress
Installations: 800,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 2.2.5
Severity Score:: Low
CVE:: 2024-23825

Plugin:: Premium Addons for Elementor
Plugin Slug:: premium-addons-for-elementor
Installations: 700,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.10.17
Severity Score:: Medium
CVE:: 2024-24831

Plugin:: SiteOrigin Widgets Bundle
Plugin Slug:: so-widgets-bundle
Installations: 600,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.58.2
Severity Score:: Medium
CVE:: 2024-0961

Plugin:: Admin Menu Editor
Plugin Slug:: admin-menu-editor
Installations: 400,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.12.1
Severity Score:: Medium
CVE:: 2024-24876

Plugin:: Happy Addons for Elementor
Plugin Slug:: happy-elementor-addons
Installations: 400,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.10.2
Severity Score:: Medium
CVE:: 2024-24833

Plugin:: Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder
Plugin Slug:: formidable
Installations: 300,000+
Vulnerability:: Content Injection
Patched in Version:: 6.7.1
Severity Score:: Medium
CVE:: 2024-23522

Plugin:: Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder
Plugin Slug:: formidable
Installations: 300,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 6.8
Severity Score:: Medium
CVE:: 2024-0660

Plugin:: Backuply – Backup, Restore, Migrate and Clone
Plugin Slug:: backuply
Installations: 200,000+
Vulnerability:: Directory Traversal
Patched in Version:: 1.2.4
Severity Score:: Medium
CVE:: 2024-0697

Plugin:: Cloudflare
Plugin Slug:: cloudflare
Installations: 200,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 4.12.3
Severity Score:: Medium
CVE:: 2024-0212

Plugin:: Page Builder: Pagelayer – Drag and Drop website builder
Plugin Slug:: pagelayer
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8.0
Severity Score:: Medium
CVE:: 2023-5124

Plugin:: Page Builder: Pagelayer – Drag and Drop website builder
Plugin Slug:: pagelayer
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.7.9
Severity Score:: Medium
CVE:: 2023-6738

Plugin:: SEO Plugin by Squirrly SEO
Plugin Slug:: squirrly-seo
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 12.3.16
Severity Score:: Medium
CVE:: 2024-0597

Plugin:: Orbit Fox by ThemeIsle
Plugin Slug:: themeisle-companion
Installations: 200,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.10.29
Severity Score:: Medium
CVE:: 2024-1047

Plugin:: Orbit Fox by ThemeIsle
Plugin Slug:: themeisle-companion
Installations: 200,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.10.230
Severity Score:: Medium
CVE:: 2024-1162

Plugin:: Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress
Plugin Slug:: wp-user-avatar
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.14.4
Severity Score:: Medium
CVE:: 2024-1046

Plugin:: Elementor Addon Elements
Plugin Slug:: addon-elements-for-elementor-page-builder
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.12.12
Severity Score:: Medium
CVE:: 2024-0834

Plugin:: Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, Twitter Grid)
Plugin Slug:: bdthemes-element-pack-lite
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.4.12
Severity Score:: Medium
CVE:: 2024-24840

Plugin:: Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Media Slider, Drag Drop Slider, Video Slider, Product Slider, Ecommerce Slider)
Plugin Slug:: bdthemes-prime-slider-lite
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.11.11
Severity Score:: Medium
CVE:: 2024-24883

Plugin:: Instant Images – One Click Image Uploads from Unsplash, Openverse, Pixabay and Pexels
Plugin Slug:: instant-images
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 6.1.1
Severity Score:: High
CVE:: 2024-0869

Plugin:: Minimal Coming Soon – Coming Soon Page
Plugin Slug:: minimal-coming-soon-maintenance-mode
Installations: 100,000+
Vulnerability:: Bypass Vulnerability
Patched in Version:: 2.38
Severity Score:: Low
CVE:: 2024-1075

Plugin:: Relevanssi – A Better Search
Plugin Slug:: relevanssi
Installations: 100,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 4.22
Severity Score:: Medium

Plugin:: The Plus Addons for Elementor
Plugin Slug:: the-plus-addons-for-elementor-page-builder
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.3.4
Severity Score:: Medium
CVE:: 2024-23511

Plugin:: Cookie Information | Free GDPR Consent Solution
Plugin Slug:: wp-gdpr-compliance
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.0.23
Severity Score:: High
CVE:: 2023-6700

Plugin:: SlimStat Analytics
Plugin Slug:: wp-slimstat
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.1.4
Severity Score:: Medium
CVE:: 2024-1073

Plugin:: WP STAGING WordPress Backup Plugin – Migration Backup Restore
Plugin Slug:: wp-staging
Installations: 80,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 3.2.0
Severity Score:: Medium
CVE:: 2023-7204

Plugin:: Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid
Plugin Slug:: boldgrid-backup
Installations: 70,000+
Vulnerability:: Arbitrary File Download
Patched in Version:: 1.15.9
Severity Score:: High
CVE:: 2024-24869

Plugin:: Advanced iFrame
Plugin Slug:: advanced-iframe
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2024.0
Severity Score:: Medium
CVE:: 2024-24870

Plugin:: Advanced iFrame
Plugin Slug:: advanced-iframe
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2024.0
Severity Score:: Medium
CVE:: 2023-7069

Plugin:: Calculated Fields Form
Plugin Slug:: calculated-fields-form
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.53
Severity Score:: Medium
CVE:: 2024-0963

Plugin:: Database for Contact Form 7, WPforms, Elementor forms
Plugin Slug:: contact-form-entries
Installations: 60,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 1.3.3
Severity Score:: High
CVE:: 2024-1069

Plugin:: Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder
Plugin Slug:: form-maker
Installations: 60,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.15.22
Severity Score:: Medium
CVE:: 2024-0667

Plugin:: Easy Digital Downloads – Sell Digital Files (eCommerce Store & Payments Made Easy)
Plugin Slug:: easy-digital-downloads
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.7
Severity Score:: Medium
CVE:: 2024-0659

Plugin:: Exclusive Addons for Elementor
Plugin Slug:: exclusive-addons-for-elementor
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.9
Severity Score:: Medium
CVE:: 2024-0823

Plugin:: Exclusive Addons for Elementor
Plugin Slug:: exclusive-addons-for-elementor
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.9
Severity Score:: Medium
CVE:: 2024-0824

Plugin:: RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator
Plugin Slug:: feedzy-rss-feeds
Installations: 50,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.4.2
Severity Score:: Medium
CVE:: 2024-1092

Plugin:: MapPress Maps for WordPress
Plugin Slug:: mappress-google-maps-for-wordpress
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.88.17
Severity Score:: Medium
CVE:: 2023-7225

Plugin:: Shariff Wrapper
Plugin Slug:: shariff
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.6.10
Severity Score:: Medium
CVE:: 2024-1106

Plugin:: Starbox – the Author Box for Humans
Plugin Slug:: starbox
Installations: 50,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 3.4.8
Severity Score:: Medium
CVE:: 2024-0366

Plugin:: Shield Security – Smart Bot Blocking & Intrusion Prevention Security
Plugin Slug:: wp-simple-firewall
Installations: 50,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 18.5.10
Severity Score:: High
CVE:: 2023-6989

Plugin:: WooCommerce Conversion Tracking
Plugin Slug:: woocommerce-conversion-tracking
Installations: 40,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.0.12
Severity Score:: Medium
CVE:: 2024-24711

Plugin:: WP 404 Auto Redirect to Similar Post
Plugin Slug:: wp-404-auto-redirect-to-similar-post
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.4
Severity Score:: High
CVE:: 2024-0509

Plugin:: Apollo13 Framework Extensions
Plugin Slug:: apollo13-framework-extensions
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.9.3
Severity Score:: Medium
CVE:: 2024-24880

Plugin:: Feed Them Social – Page, Post, Video, and Photo Galleries
Plugin Slug:: feed-them-social
Installations: 30,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.2.1
Severity Score:: Medium
CVE:: 2024-24710

Plugin:: Html5 Video Player – mp4 player, Video Player for WordPress
Plugin Slug:: html5-video-player
Installations: 30,000+
Vulnerability:: SQL Injection
Patched in Version:: 2.5.25
Severity Score:: Critical
CVE:: 2024-1061

Plugin:: Professional Social Sharing Buttons, Icons & Related Posts – Shareaholic
Plugin Slug:: shareaholic
Installations: 30,000+
Vulnerability:: Broken Access Control
Patched in Version:: 9.7.12
Severity Score:: Medium
CVE:: 2024-24709

Plugin:: Structured Content (JSON-LD) #wpsc
Plugin Slug:: structured-content
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.2
Severity Score:: Medium
CVE:: 2024-24839

Plugin:: BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net
Plugin Slug:: woo-bulk-editor
Installations: 30,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.1.4.1
Severity Score:: Medium
CVE:: 2024-24835

Plugin:: BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net
Plugin Slug:: woo-bulk-editor
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.4.1
Severity Score:: Medium
CVE:: 2024-24834

Plugin:: WP Dashboard Notes
Plugin Slug:: wp-dashboard-notes
Installations: 30,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.0.11
Severity Score:: Medium
CVE:: 2023-7239

Plugin:: Meks Smart Social Widget
Plugin Slug:: meks-smart-social-widget
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.4
Severity Score:: Medium
CVE:: 2024-0664

Plugin:: WordPress Simple Shopping Cart
Plugin Slug:: wordpress-simple-paypal-shopping-cart
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.7.2
Severity Score:: Medium
CVE:: 2023-6497

Plugin:: WP Visitor Statistics (Real Time Traffic)
Plugin Slug:: wp-stats-manager
Installations: 20,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 6.9.5
Severity Score:: Medium
CVE:: 2024-24867

Plugin:: Affiliates Manager
Plugin Slug:: affiliates-manager
Installations: 10,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.9.35
Severity Score:: Medium
CVE:: 2024-0859

Plugin:: Awesome Support – WordPress HelpDesk & Support Plugin
Plugin Slug:: awesome-support
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 6.1.7
Severity Score:: Medium
CVE:: 2024-24716

Plugin:: Booking Calendar | Appointment Booking | BookIt
Plugin Slug:: bookit
Installations: 10,000+
Vulnerability:: Bypass Vulnerability
Patched in Version:: 2.4.2
Severity Score:: Medium
CVE:: 2024-24715

Plugin:: Knowledge Base for Documentation, FAQs with AI Assistance
Plugin Slug:: echo-knowledge-base
Installations: 10,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 11.31.0
Severity Score:: High
CVE:: 2024-24842

Plugin:: Link Library
Plugin Slug:: link-library
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.6
Severity Score:: High
CVE:: 2024-24879

Plugin:: Link Library
Plugin Slug:: link-library
Installations: 10,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 7.6
Severity Score:: Medium
CVE:: 2024-24875

Plugin:: NEX-Forms – Ultimate Form Builder – Contact forms and much more
Plugin Slug:: nex-forms-express-wp-form-builder
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 8.5.7
Severity Score:: Medium
CVE:: 2024-1130

Plugin:: WordPress Review & Structure Data Schema Plugin – Review Schema
Plugin Slug:: review-schema
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.2.0
Severity Score:: Medium
CVE:: 2024-0836

Plugin:: Wonder Slider Lite
Plugin Slug:: wonderplugin-slider-lite
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 14.0
Severity Score:: High
CVE:: 2024-24877

Plugin:: Woocommerce Vietnam Checkout
Plugin Slug:: woo-vietnam-checkout
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.8
Severity Score:: Medium
CVE:: 2024-24885

Plugin:: Woostify Sites Library
Plugin Slug:: woostify-sites-library
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.4.8
Severity Score:: High
CVE:: 2023-6279

Plugin:: Product Labels For Woocommerce (Sale Badges)
Plugin Slug:: aco-product-labels-for-woocommerce
Installations: 9,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.4
Severity Score:: Medium
CVE:: 2024-24886

Plugin:: FG Joomla to WordPress
Plugin Slug:: fg-joomla-to-wordpress
Installations: 9,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 4.17.0
Severity Score:: Medium
CVE:: 2024-24837

Plugin:: WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc
Plugin Slug:: wp-sms
Installations: 9,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.5.3
Severity Score:: High
CVE:: 2024-24881

Plugin:: Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress Plugin
Plugin Slug:: mage-eventpress
Installations: 8,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 4.1.2
Severity Score:: High
CVE:: 2024-24796

Plugin:: Fatal Error Notify
Plugin Slug:: fatal-error-notify
Installations: 7,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.5.3
Severity Score:: Medium
CVE:: 2023-7202

Plugin:: GDPR Data Request Form
Plugin Slug:: gdpr-data-request-form
Installations: 7,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.7
Severity Score:: Medium
CVE:: 2024-24836

Plugin:: Themify Builder
Plugin Slug:: themify-builder
Installations: 7,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 7.0.6
Severity Score:: Medium
CVE:: 2024-24872

Plugin:: ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup
Plugin Slug:: armember-membership
Installations: 6,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 4.0.25
Severity Score:: Medium
CVE:: 2024-0969

Plugin:: Contact Form 7 Connector
Plugin Slug:: ari-cf7-connector
Installations: 5,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.2.3
Severity Score:: Medium
CVE:: 2024-24884

Plugin:: WOLF – WordPress Posts Bulk Editor and Manager Professional
Plugin Slug:: bulk-editor
Installations: 5,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.0.8.2
Severity Score:: Medium
CVE:: 2024-0791

Plugin:: WOLF – WordPress Posts Bulk Editor and Manager Professional
Plugin Slug:: bulk-editor
Installations: 5,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.0.8.2
Severity Score:: Medium
CVE:: 2024-0790

Plugin:: PopupAlly
Plugin Slug:: popupally
Installations: 5,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.1.1
Severity Score:: Medium
CVE:: 2024-23520

Plugin:: ProductX – WooCommerce Builder & Gutenberg WooCommerce Blocks
Plugin Slug:: product-blocks
Installations: 4,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 3.1.5
Severity Score:: High
CVE:: 2024-23512

Plugin:: WP Dummy Content Generator
Plugin Slug:: wp-dummy-content-generator
Installations: 4,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.1.3
Severity Score:: Medium
CVE:: 2024-24805

Plugin:: Advanced Forms for ACF
Plugin Slug:: advanced-forms
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.9.3.3
Severity Score:: Medium
CVE:: 2024-1121

Plugin:: Auto Listings – Car Listings & Car Dealership Plugin for WordPress
Plugin Slug:: auto-listings
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.6
Severity Score:: Medium
CVE:: 2024-24713

Plugin:: (Simply) Guest Author Name
Plugin Slug:: guest-author-name
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.35
Severity Score:: Medium
CVE:: 2024-0254

Plugin:: Beds24 Online Booking
Plugin Slug:: beds24-online-booking
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.24
Severity Score:: Medium
CVE:: 2024-24717

Plugin:: EventPrime – Events Calendar, Bookings and Tickets
Plugin Slug:: eventprime-event-calendar-management
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.4.0
Severity Score:: High
CVE:: 2024-24832

Plugin:: Active Products Tables for WooCommerce. Professional products tables for WooCommerce store
Plugin Slug:: profit-products-tables-for-woocommerce
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.0.6.2
Severity Score:: Medium
CVE:: 2024-0797

Plugin:: Active Products Tables for WooCommerce. Professional products tables for WooCommerce store
Plugin Slug:: profit-products-tables-for-woocommerce
Installations: 2,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.0.6.2
Severity Score:: Medium
CVE:: 2024-0796

Plugin:: PropertyHive
Plugin Slug:: propertyhive
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.0.7
Severity Score:: Medium
CVE:: 2024-24718

Plugin:: PropertyHive
Plugin Slug:: propertyhive
Installations: 2,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 2.0.6
Severity Score:: High
CVE:: 2024-23513

Plugin:: SP Project & Document Manager
Plugin Slug:: sp-client-document-manager
Installations: 2,000+
Vulnerability:: SQL Injection
Patched in Version:: 4.70
Severity Score:: High
CVE:: 2024-24868

Plugin:: Add Customer for WooCommerce
Plugin Slug:: add-customer-for-woocommerce
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.7.1
Severity Score:: Medium
CVE:: 2024-24841

Plugin:: Anonymous Restricted Content
Plugin Slug:: anonymous-restricted-content
Installations: 1,000+
Vulnerability:: Bypass Vulnerability
Patched in Version:: 1.6.3
Severity Score:: Medium
CVE:: 2024-0909

Plugin:: Biteship: Plugin Ongkos Kirim Kurir Instant, Reguler, Kargo
Plugin Slug:: biteship
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.25
Severity Score:: High
CVE:: 2024-24866

Plugin:: Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for WordPress
Plugin Slug:: contest-gallery
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 21.2.9
Severity Score:: Medium
CVE:: 2024-24887

Plugin:: Polls CP
Plugin Slug:: cp-polls
Installations: 1,000+
Vulnerability:: Content Injection
Patched in Version:: 1.0.72
Severity Score:: Medium
CVE:: 2024-24874

Plugin:: Polls CP
Plugin Slug:: cp-polls
Installations: 1,000+
Vulnerability:: Bypass Vulnerability
Patched in Version:: 1.0.72
Severity Score:: Medium
CVE:: 2024-24873

Plugin:: FG Drupal to WordPress
Plugin Slug:: fg-drupal-to-wp
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.68.0
Severity Score:: Medium
CVE:: 2024-24837

Plugin:: FG PrestaShop to WooCommerce
Plugin Slug:: fg-prestashop-to-woocommerce
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 4.45.0
Severity Score:: Medium
CVE:: 2024-24837

Plugin:: Five Star Restaurant Reviews
Plugin Slug:: good-reviews-wp
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.3.6
Severity Score:: Medium
CVE:: 2024-24838

Plugin:: Heateor Social Login WordPress
Plugin Slug:: heateor-social-login
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.31
Severity Score:: Medium
CVE:: 2024-24712

Plugin:: Icons Font Loader
Plugin Slug:: icons-font-loader
Installations: 1,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 1.1.5
Severity Score:: High
CVE:: 2024-24714

Plugin:: Kikote – Location Picker at Checkout & Google Address AutoFill Plugin for WooCommerce
Plugin Slug:: map-location-picker-at-checkout-for-woocommerce
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.9.0
Severity Score:: Medium
CVE:: 2024-24719

Plugin:: Restrict Usernames Emails Characters
Plugin Slug:: restrict-usernames-emails-characters
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1.4
Severity Score:: Medium
CVE:: 2023-6165

Plugin:: WP Club Manager – WordPress Sports Club Plugin
Plugin Slug:: wp-club-manager
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.2.11
Severity Score:: Medium
CVE:: 2024-1177

Plugin:: Chartify – WordPress Chart Plugin
Plugin Slug:: chart-builder
Installations: 700+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.7
Severity Score:: Medium
CVE:: 2023-47526

Plugin:: Portugal CTT Tracking for WooCommerce
Plugin Slug:: portugal-ctt-tracking-woocommerce
Installations: 700+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2
Severity Score:: High
CVE:: 2024-24878

Plugin:: Wp-Adv-Quiz
Plugin Slug:: advanced-quiz
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.3
Severity Score:: Medium
CVE:: 2023-5943

Plugin:: Allow SVG
Plugin Slug:: allow-svg
Installations: 10+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.0
Severity Score:: Medium
CVE:: 2023-6541

Plugin:: coreActivity: Activity Logging plugin for WordPress
Plugin Slug:: coreactivity
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8.1
Severity Score:: High
CVE:: 2024-0852

Plugin:: EventON Pro
Plugin Slug:: eventon-wordpress-event-calendar-plugin
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.4.1
Severity Score:: High
CVE:: 2023-7200

Plugin:: PowerPack Pro for Elementor
Plugin Slug:: powerpack-elements
Vulnerability:: Settings Change
Patched in Version:: 2.10.8
Severity Score:: High
CVE:: 2024-24844

Plugin:: PowerPack Pro for Elementor
Plugin Slug:: powerpack-elements
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.10.8
Severity Score:: High
CVE:: 2024-24843

Plugin:: Relevanssi Premium
Plugin Slug:: relevanssi-premium
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.25
Severity Score:: Medium

Plugin:: LearnDash LMS
Plugin Slug:: sfwd-lms
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 4.10.3
Severity Score:: Medium
CVE:: 2024-1208

Plugin:: LearnDash LMS
Plugin Slug:: sfwd-lms
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 4.10.2
Severity Score:: Medium
CVE:: 2024-1210

Plugin:: LearnDash LMS
Plugin Slug:: sfwd-lms
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 4.10.2
Severity Score:: Medium
CVE:: 2024-1209

Plugin:: Userpro
Plugin Slug:: userpro
Vulnerability:: Bypass Vulnerability
Patched in Version:: 5.1.7
Severity Score:: Medium
CVE:: 2024-0701

Plugin:: Userpro
Plugin Slug:: userpro
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.1.6
Severity Score:: Medium
CVE:: 2023-2439

Plugin:: WooCommerce Box Office
Plugin Slug:: woocommerce-box-office
Vulnerability:: Broken Access Control
Patched in Version:: 1.2.3
Severity Score:: Medium
CVE:: 2024-24799

WordPress Themes — 1 Patched / 0 Unpatched

Theme:: Blocksy
Theme Slug:: blocksy
Downloads: 2,786,039
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.20
Severity Score:: Medium
CVE:: 2024-24871

Solid Security is part of Solid Suite — The best foundation for WordPress websites.

Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!

Get Solid Security

Author:

Sarah Ulmer

Sarah has been with SolidWP since 2015. As our product marketer, Sarah works on providing helpful content for our customers and building the most beautiful spreadsheets you’ll ever behold. When not at work, Sarah can be found at home with her husband, their three boys, and their dogs. Sarah enjoys long family walks, running with her lab, and watching her two older boys play soccer. Sarah is originally from Texas and loves watching football games (Go Longhorns!)

Browse all of Sarah's articles

Sign up

Placeholder text

Thanks

Oops something went wrong, please try submitting again

Table of Contents

WordPress Core

WordPress Plugins — 119 Patched / 37 Unpatched