WordPress Vulnerability Report — July 10, 2024

Since last week, 182 new vulnerabilities emerged in the WordPress ecosystem including 159 plugins and 23 themes. 59 of the vulnerable plugins and themes remain unpatched, but Solid Security Pro users are protected by virtual patching from Patchstack.

Sarah Ulmer

Published:Jul 10, 2024

Filed Under:WordPress Vulnerability Report

Reading Time:33 min.

In this report, 182 vulnerabilities have been publicly disclosed. Security patches for 123 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 59 plugin and theme vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

Along with poor user account security, vulnerable plugins and themes are among the top reasons why WordPress websites get hacked. Unfortunately, cyberattacks are increasing in volume and sophistication. They’re also increasingly aimed at small to mid-sized businesses.

1. WordPress Core
2. WordPress Plugins — 103 Patched / 56 Unpatched

2.1 Social Media Share Buttons & Social Sharing Icons
2.2 Meks Easy Ads Widget
2.3 WPJAM Basic
2.4 Ultimate WordPress Auction Plugin
2.5 CC & BCC for Woocommerce Order Emails
2.6 nicen-localize-image
2.7 OpenStreetMap for Gutenberg and WPBakery Page Builder (formerly Visual Composer)
2.8 Tooltip for Gravity Forms
2.9 WPFavicon
2.10 Leaky Paywall
2.11 Quiz | Survey | Exam | Questionnaire | Feedback – Best Survey Plugin for WordPress
2.12 Taager
2.13 Weight Tracker
2.14 Rating Widget: Post Rating, 5 Star Rating, Reviews, Thumbs Up & Down, Reaction
2.15 Link To Bible
2.16 Amelia Shortcode Extended
2.17 WS Theme Addons
2.18 Canvas-Nest.js
2.19 Logic Hop – Dynamic Content Personalization for WordPress
2.20 Meal Tracker
2.21 Contact Form by TotalForm – Next-gen Form Builder for WordPress
2.22 WS Contact Form
2.23 Easy Speedup by PageCDN
2.24 WebSitter Pro
2.25 Magic Conversation For Gravity Forms
2.26 Field Day
2.27 Livemesh Addons for Elementor
2.28 Livemesh Addons for Elementor
2.29 ADDRESSYA
2.30 alfred24 Click & Collect
2.31 Alfred Easy Shipping
2.32 CommandBar for WP Admin
2.33 Digital River Global Commerce
2.34 Easy Custom Code (LESS/CSS/JS) – Live editing
2.35 Floating Social Buttons
2.36 Floating Social Media Links
2.37 Responsive Image Gallery, Gallery Album
2.38 Ideaplus
2.39 Image Hover Effects – Caption Hover with Carousel
2.40 Jobs.af
2.41 Login Logo Editor
2.42 Mine Video Player
2.43 Get Better Reviews for WooCommerce
2.44 Save as PDF plugin by Pdfcrowd
2.45 Simple Social Share
2.46 Simply Show Hooks
2.47 sitetweet
2.48 Elementor Addons, Widgets and Enhancements – Stax
2.49 Template Kit – Export
2.50 Testimonials Widget
2.51 UltraAddons Elementor Lite
2.52 Viva Payments
2.53 WordPress Notification Bar
2.54 wp-code-highlightjs
2.55 WP Cookie Law Info
2.56 WP To Do
2.57 Elementor Header & Footer Builder
2.58 Rank Math SEO – AI SEO Tools to Dominate SEO Rankings
2.59 Ninja Forms – The Contact Form Builder That Grows With You
2.60 Spectra – WordPress Gutenberg Blocks
2.61 Premium Addons for Elementor
2.62 Premium Addons for Elementor
2.63 The Events Calendar
2.64 Ocean Extra
2.65 Gutenberg
2.66 Beaver Builder – WordPress Page Builder
2.67 The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce
2.68 Nested Pages
2.69 Featured Image from URL (FIFU)
2.70 LearnPress – WordPress LMS Plugin
2.71 LearnPress – WordPress LMS Plugin
2.72 Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions
2.73 The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid
2.74 The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid
2.75 The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid
2.76 The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid
2.77 Booking for Appointments and Events Calendar – Amelia
2.78 Media Library Assistant
2.79 Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder
2.80 Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates)
2.81 Ultimate Blocks – WordPress Blocks Plugin
2.82 Pixel Manager for WooCommerce – Track Google Analytics, Google Ads, TikTok and more
2.83 Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker
2.84 WP Lightbox 2
2.85 Apollo13 Framework Extensions
2.86 Void Contact Form 7 Widget For Elementor Page Builder
2.87 Cost Calculator Builder
2.88 Cost Calculator Builder
2.89 Easy Google Maps
2.90 Rife Elementor Extensions & Templates
2.91 weForms – Easy Drag & Drop Contact Form Builder For WordPress
2.92 WP User Frontend – Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submission Plugin
2.93 Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress
2.94 Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress
2.95 AI Power: Complete AI Pack – Powered by GPT-4
2.96 LA-Studio Element Kit for Elementor
2.97 Mega Elements – Addons for Elementor
2.98 Simple Newsletter Plugin – Noptin
2.99 NEX-Forms – Ultimate Form Builder – Contact forms and much more
2.100 Swift Performance Lite
2.101 Product Customer List for WooCommerce
2.102 Word Balloon
2.103 Event Manager, Events Calendar, Tickets, Registrations – Eventin
2.104 Motors – Car Dealer, Classifieds & Listing
2.105 Tablesome – Responsive Table, Woocommerce Automation, Email Log, Form Automation – Contact Form 7, Elementor, WPForms, Forminator
2.106 WordPress Sentry
2.107 YITH WooCommerce Affiliates
2.108 Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress
2.109 Create by Mediavine
2.110 ProfileGrid – User Profiles, Groups and Communities
2.111 Ultimate Bootstrap Elements for Elementor
2.112 WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce
2.113 Beaver Builder Addons by WPZOOM
2.114 Snippet Shortcodes
2.115 AWSM Team – Team Showcase Plugin
2.116 bbPress Notify (No-Spam)
2.117 Popup Builder – On Page Load Popup, Exit Popup, Login Popup, On Click, Sticky Bar, Anti-AdBlock – FireBox
2.118 Advanced Classifieds & Directory Pro
2.119 FileBird Document Library
2.120 HelloAsso
2.121 IMGspider – ????????
2.122 ShopBuilder – Elementor WooCommerce Builder Addons
2.123 CRM Perks Forms – WordPress Form Builder
2.124 EazyDocs – Most Powerful Knowledge base, wiki, Documentation Builder Plugin
2.125 MakeCommerce for WooCommerce
2.126 Online Booking & Scheduling Calendar for WordPress by vcita
2.127 One Click Order Re-Order
2.128 Premium Blocks – Gutenberg Blocks for WordPress
2.129 YAHMAN Add-ons
2.130 Church Admin
2.131 IdeaPush
2.132 Newspack Newsletters
2.133 Post Meta Data Manager
2.134 SuperSaaS – online appointment scheduling
2.135 Zephyr Project Manager
2.136 Comment Reply Email
2.137 ShipAny WooCommerce: Ship, Label, Tracking
2.138 Integration for Luminate and Gravity Forms
2.139 Qualified Electronic Signatures by eID Easy
2.140 BLAZE Retail Widget
2.141 Contact Form 7 Multi-Step Addon
2.142 XPlainer – WooCommerce Product FAQ
2.143 JetThemeCore
2.144 Modern Events Calendar
2.145 Modern Events Calendar Lite
2.146 Newspack Ads
2.147 Newspack Content Converter
2.148 Newspack Campaigns
2.149 PayPlus Payment Gateway
2.150 PayPlus Payment Gateway
2.151 Social Warfare
2.152 Ultimate Addons for Elementor
2.153 Woffice Core
2.154 Woffice Core
2.155 WooCommerce Social Login
2.156 CopySafe Web Protection
2.157 WP Directory Kit
2.158 WPQA – Builder forms Addon
2.159 WPQA – Builder forms Addon

3. WordPress Themes — 20 Patched / 3 Unpatched

3.1 zBench
3.2 Boot Store
3.3 counterpoint
3.4 Ashe
3.5 Bakes And Cakes
3.6 Bard
3.7 Blocksy
3.8 Business One Page
3.9 Construction Landing Page
3.10 Hestia
3.11 Highlight
3.12 Lawyer Landing Page
3.13 Metro Magazine
3.14 Newsmatic
3.15 Posterity
3.16 Rara Business
3.17 Rife Free
3.18 Trendy News
3.19 Basil
3.20 BookYourTravel
3.21 Himer
3.22 Himer
3.23 Woffice

Our WordPress Vulnerability Report covers the latest emerging WordPress plugin, theme, and core vulnerabilities. Each vulnerability will have a severity rating of Low, Medium, High, or Critical. Responsible disclosure of vulnerabilities is essential to keeping the WordPress community safe. Please share this report to help spread the word and make WordPress — and the web — more secure.

WordPress Core

WordPress 6.5.5 is now available! This release features three security fixes. Because this is a security release, it is recommended that you update your sites immediately. This minor release also includes 3 bug fixes in Core.

WordPress 6.6 RC3 is ready for download and testing! The target release date for WordPress 6.6 is July 16, 2024. Your help testing RC versions is vital to ensuring the final release is everything it should be: stable, powerful, and intuitive.

WordPress Plugins — 103 Patched / 56 Unpatched

Plugin:: Social Media Share Buttons & Social Sharing Icons
Plugin Slug:: ultimate-social-media-icons
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-37552

Plugin:: Meks Easy Ads Widget
Plugin Slug:: meks-easy-ads-widget
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-37548

Plugin:: WPJAM Basic
Plugin Slug:: wpjam-basic
Installations: 5,000+
Vulnerability:: Backdoor
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Ultimate WordPress Auction Plugin
Plugin Slug:: ultimate-auction
Installations: 2,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-37543

Plugin:: CC & BCC for Woocommerce Order Emails
Plugin Slug:: cc-bcc-for-woocommerce-order-emails
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-37522

Plugin:: nicen-localize-image
Plugin Slug:: nicen-localize-image
Installations: 1,000+
Vulnerability:: Backdoor
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: OpenStreetMap for Gutenberg and WPBakery Page Builder (formerly Visual Composer)
Plugin Slug:: stepbyteservice-openstreetmap
Installations: 1,000+
Vulnerability:: Backdoor
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Tooltip for Gravity Forms
Plugin Slug:: tooltip-for-gravity-forms
Installations: 1,000+
Vulnerability:: Backdoor
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: WPFavicon
Plugin Slug:: wpfavicon
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-37558

Plugin:: Leaky Paywall
Plugin Slug:: leaky-paywall
Installations: 800+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-37540

Plugin:: Quiz | Survey | Exam | Questionnaire | Feedback – Best Survey Plugin for WordPress
Plugin Slug:: totalsurvey
Installations: 600+
Vulnerability:: Backdoor
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Taager
Plugin Slug:: taager
Installations: 500+
Vulnerability:: Backdoor
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Weight Tracker
Plugin Slug:: weight-loss-tracker
Installations: 500+
Vulnerability:: Backdoor
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Rating Widget: Post Rating, 5 Star Rating, Reviews, Thumbs Up & Down, Reaction
Plugin Slug:: totalrating
Installations: 300+
Vulnerability:: Backdoor
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Link To Bible
Plugin Slug:: link-to-bible
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-37538

Plugin:: Amelia Shortcode Extended
Plugin Slug:: theidealweb-amelia-shortcode-extended
Installations: 200+
Vulnerability:: Backdoor
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: WS Theme Addons
Plugin Slug:: ws-theme-addons
Installations: 200+
Vulnerability:: Backdoor
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Canvas-Nest.js
Plugin Slug:: canvas-nestjs
Installations: 100+
Vulnerability:: Backdoor
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Logic Hop – Dynamic Content Personalization for WordPress
Plugin Slug:: logic-hop
Installations: 100+
Vulnerability:: Backdoor
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Meal Tracker
Plugin Slug:: meal-tracker
Installations: 100+
Vulnerability:: Backdoor
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Contact Form by TotalForm – Next-gen Form Builder for WordPress
Plugin Slug:: totalform
Installations: 70+
Vulnerability:: Backdoor
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: WS Contact Form
Plugin Slug:: ws-contact-form
Installations: 40+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-37537

Plugin:: Easy Speedup by PageCDN
Plugin Slug:: pagecdn
Installations: 30+
Vulnerability:: Backdoor
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: WebSitter Pro
Plugin Slug:: triagetrak
Installations: 30+
Vulnerability:: Backdoor
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Magic Conversation For Gravity Forms
Plugin Slug:: magic-conversation-for-gravity-forms
Installations: 10+
Vulnerability:: Backdoor
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Field Day
Plugin Slug:: activityhub
Vulnerability:: Backdoor
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Livemesh Addons for Elementor
Plugin Slug:: addons-for-elementor
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-37547

Plugin:: Livemesh Addons for Elementor
Plugin Slug:: addons-for-elementor
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-3638

Plugin:: ADDRESSYA
Plugin Slug:: addressya-for-woocommerce
Vulnerability:: Backdoor
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: alfred24 Click & Collect
Plugin Slug:: alfred-click-collect
Vulnerability:: Backdoor
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Alfred Easy Shipping
Plugin Slug:: alfred-easy-shipping
Vulnerability:: Backdoor
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: CommandBar for WP Admin
Plugin Slug:: commandbar-for-wp-admin
Vulnerability:: Backdoor
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Digital River Global Commerce
Plugin Slug:: digital-river-global-commerce
Vulnerability:: Backdoor
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Easy Custom Code (LESS/CSS/JS) – Live editing
Plugin Slug:: easy-custom-code
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-37536

Plugin:: Floating Social Buttons
Plugin Slug:: floating-social-buttons
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-6405

Plugin:: Floating Social Media Links
Plugin Slug:: floating-social-media-links
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-37545

Plugin:: Responsive Image Gallery, Gallery Album
Plugin Slug:: gallery-album
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-37542

Plugin:: Ideaplus
Plugin Slug:: ideaplus
Vulnerability:: Backdoor
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Image Hover Effects – Caption Hover with Carousel
Plugin Slug:: image-hover-effects-with-carousel
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-37546

Plugin:: Jobs.af
Plugin Slug:: jobs-af
Vulnerability:: Backdoor
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Login Logo Editor
Plugin Slug:: login-logo-editor-by-oizuled
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-37523

Plugin:: Mine Video Player
Plugin Slug:: mine-video
Vulnerability:: Backdoor
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: Get Better Reviews for WooCommerce
Plugin Slug:: more-better-reviews-for-woocommerce
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-37544

Plugin:: Save as PDF plugin by Pdfcrowd
Plugin Slug:: save-as-pdf-by-pdfcrowd
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-37549

Plugin:: Simple Social Share
Plugin Slug:: simple-social-share
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-37551

Plugin:: Simply Show Hooks
Plugin Slug:: simply-show-hooks
Vulnerability:: Backdoor
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: sitetweet
Plugin Slug:: sitetweet-tweets-user-behaviors-on-your-site-on-twitter
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-5767

Plugin:: Elementor Addons, Widgets and Enhancements – Stax
Plugin Slug:: stax-addons-for-elementor
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-37541

Plugin:: Template Kit – Export
Plugin Slug:: template-kit-export
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-37550

Plugin:: Testimonials Widget
Plugin Slug:: testimonials-widget
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-37553

Plugin:: UltraAddons Elementor Lite
Plugin Slug:: ultraaddons-elementor-lite
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-37554

Plugin:: Viva Payments
Plugin Slug:: viva-payments-simple-checkout
Vulnerability:: Backdoor
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: WordPress Notification Bar
Plugin Slug:: wordpress-notification-bar
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-37556

Plugin:: wp-code-highlightjs
Plugin Slug:: wp-code-highlightjs
Vulnerability:: Backdoor
Patched in Version:: No Fix
Severity Score:: Medium

Plugin:: WP Cookie Law Info
Plugin Slug:: wp-cookie-law-info
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-37557

Plugin:: WP To Do
Plugin Slug:: wp-todo
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-37539

Plugin:: Elementor Header & Footer Builder
Plugin Slug:: header-footer-elementor
Installations: 2,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.36
Severity Score:: Medium
CVE:: 2024-33933

Plugin:: Rank Math SEO – AI SEO Tools to Dominate SEO Rankings
Plugin Slug:: seo-by-rank-math
Installations: 2,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.219
Severity Score:: Medium
CVE:: 2024-4627

Plugin:: Ninja Forms – The Contact Form Builder That Grows With You
Plugin Slug:: ninja-forms
Installations: 800,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.8.5
Severity Score:: Medium
CVE:: 2024-37934

Plugin:: Spectra – WordPress Gutenberg Blocks
Plugin Slug:: ultimate-addons-for-gutenberg
Installations: 800,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.13.8
Severity Score:: Medium
CVE:: 2024-37517

Plugin:: Premium Addons for Elementor
Plugin Slug:: premium-addons-for-elementor
Installations: 700,000+
Vulnerability:: Denial of Service Attack
Patched in Version:: 4.10.36
Severity Score:: Low
CVE:: 2024-6434

Plugin:: Premium Addons for Elementor
Plugin Slug:: premium-addons-for-elementor
Installations: 700,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.10.36
Severity Score:: Medium
CVE:: 2024-6340

Plugin:: The Events Calendar
Plugin Slug:: the-events-calendar
Installations: 700,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 6.5.1.5
Severity Score:: Medium
CVE:: 2024-37518

Plugin:: Ocean Extra
Plugin Slug:: ocean-extra
Installations: 600,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.3.0
Severity Score:: Medium
CVE:: 2024-37489

Plugin:: Gutenberg
Plugin Slug:: gutenberg
Installations: 300,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 18.6.1
Severity Score:: Medium
CVE:: 2024-37492

Plugin:: Beaver Builder – WordPress Page Builder
Plugin Slug:: beaver-builder-lite-version
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.8.3
Severity Score:: Medium
CVE:: 2024-37500

Plugin:: The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce
Plugin Slug:: the-plus-addons-for-elementor-page-builder
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.6.2
Severity Score:: Medium
CVE:: 2024-4482

Plugin:: Nested Pages
Plugin Slug:: wp-nested-pages
Installations: 100,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.2.8
Severity Score:: High
CVE:: 2024-5943

Plugin:: Featured Image from URL (FIFU)
Plugin Slug:: featured-image-from-url
Installations: 90,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.8.3
Severity Score:: Medium
CVE:: 2024-37516

Plugin:: LearnPress – WordPress LMS Plugin
Plugin Slug:: learnpress
Installations: 90,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.2.6.8.2
Severity Score:: Medium
CVE:: 2024-6088

Plugin:: LearnPress – WordPress LMS Plugin
Plugin Slug:: learnpress
Installations: 90,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.2.6.8.2
Severity Score:: Medium
CVE:: 2024-6099

Plugin:: Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions
Plugin Slug:: paid-memberships-pro
Installations: 90,000+
Vulnerability:: SQL Injection
Patched in Version:: 3.0.6
Severity Score:: High
CVE:: 2024-37486

Plugin:: The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid
Plugin Slug:: the-post-grid
Installations: 90,000+
Vulnerability:: Broken Access Control
Patched in Version:: 7.7.5
Severity Score:: Medium
CVE:: 2024-37483

Plugin:: The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid
Plugin Slug:: the-post-grid
Installations: 90,000+
Vulnerability:: Broken Access Control
Patched in Version:: 7.7.5
Severity Score:: Medium
CVE:: 2024-37482

Plugin:: The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid
Plugin Slug:: the-post-grid
Installations: 90,000+
Vulnerability:: Broken Access Control
Patched in Version:: 7.7.5
Severity Score:: Medium
CVE:: 2024-37481

Plugin:: The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid
Plugin Slug:: the-post-grid
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.7.2
Severity Score:: Medium
CVE:: 2024-1427

Plugin:: Booking for Appointments and Events Calendar – Amelia
Plugin Slug:: ameliabooking
Installations: 70,000+
Vulnerability:: Backdoor
Patched in Version:: 1.1.9
Severity Score:: Medium

Plugin:: Media Library Assistant
Plugin Slug:: media-library-assistant
Installations: 70,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.18
Severity Score:: High
CVE:: 2024-5544

Plugin:: Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder
Plugin Slug:: form-maker
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.15.26
Severity Score:: Medium
CVE:: 2024-6130

Plugin:: Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates)
Plugin Slug:: sina-extension-for-elementor
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.5.6
Severity Score:: Medium
CVE:: 2024-5260

Plugin:: Ultimate Blocks – WordPress Blocks Plugin
Plugin Slug:: ultimate-blocks
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.0
Severity Score:: Medium
CVE:: 2024-37457

Plugin:: Pixel Manager for WooCommerce – Track Google Analytics, Google Ads, TikTok and more
Plugin Slug:: woocommerce-google-adwords-conversion-tracking-tag
Installations: 50,000+
Vulnerability:: Backdoor
Patched in Version:: 1.43.4
Severity Score:: Medium

Plugin:: Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker
Plugin Slug:: quiz-master-next
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 9.0.2
Severity Score:: Medium
CVE:: 2024-4934

Plugin:: WP Lightbox 2
Plugin Slug:: wp-lightbox-2
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.0.6.7
Severity Score:: Medium
CVE:: 2024-6263

Plugin:: Apollo13 Framework Extensions
Plugin Slug:: apollo13-framework-extensions
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.9.4
Severity Score:: Medium
CVE:: 2024-37480

Plugin:: Void Contact Form 7 Widget For Elementor Page Builder
Plugin Slug:: cf7-widget-elementor
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.1
Severity Score:: Medium
CVE:: 2024-5419

Plugin:: Cost Calculator Builder
Plugin Slug:: cost-calculator-builder
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.13
Severity Score:: Medium
CVE:: 2024-6011

Plugin:: Cost Calculator Builder
Plugin Slug:: cost-calculator-builder
Installations: 30,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.2.13
Severity Score:: Medium
CVE:: 2024-6012

Plugin:: Easy Google Maps
Plugin Slug:: google-maps-easy
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.11.16
Severity Score:: Medium
CVE:: 2024-5219

Plugin:: Rife Elementor Extensions & Templates
Plugin Slug:: rife-elementor-extensions
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.2
Severity Score:: Medium
CVE:: 2024-5504

Plugin:: weForms – Easy Drag & Drop Contact Form Builder For WordPress
Plugin Slug:: weforms
Installations: 20,000+
Vulnerability:: Backdoor
Patched in Version:: 1.6.24
Severity Score:: Medium

Plugin:: WP User Frontend – Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submission Plugin
Plugin Slug:: wp-user-frontend
Installations: 20,000+
Vulnerability:: Backdoor
Patched in Version:: 4.0.8
Severity Score:: Medium

Plugin:: Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress
Plugin Slug:: charitable
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.8.1.8
Severity Score:: Medium
CVE:: 2024-37510

Plugin:: Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress
Plugin Slug:: charitable
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.8.1.8
Severity Score:: Medium
CVE:: 2024-37506

Plugin:: AI Power: Complete AI Pack – Powered by GPT-4
Plugin Slug:: gpt3-ai-content-generator
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8.67
Severity Score:: Medium
CVE:: 2024-37465

Plugin:: LA-Studio Element Kit for Elementor
Plugin Slug:: lastudio-element-kit
Installations: 10,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 1.3.9
Severity Score:: High
CVE:: 2024-37479

Plugin:: Mega Elements – Addons for Elementor
Plugin Slug:: mega-elements-addons-for-elementor
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.3
Severity Score:: Medium
CVE:: 2024-37466

Plugin:: Simple Newsletter Plugin – Noptin
Plugin Slug:: newsletter-optin-box
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.4.3
Severity Score:: Medium
CVE:: 2024-37456

Plugin:: NEX-Forms – Ultimate Form Builder – Contact forms and much more
Plugin Slug:: nex-forms-express-wp-form-builder
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 8.6.1
Severity Score:: Medium
CVE:: 2024-37512

Plugin:: Swift Performance Lite
Plugin Slug:: swift-performance-lite
Installations: 10,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.3.6.21
Severity Score:: Medium
CVE:: 2024-37511

Plugin:: Product Customer List for WooCommerce
Plugin Slug:: wc-product-customer-list
Installations: 10,000+
Vulnerability:: Backdoor
Patched in Version:: 3.1.7
Severity Score:: Medium

Plugin:: Word Balloon
Plugin Slug:: word-balloon
Installations: 10,000+
Vulnerability:: Backdoor
Patched in Version:: 4.22.2
Severity Score:: Medium

Plugin:: Event Manager, Events Calendar, Tickets, Registrations – Eventin
Plugin Slug:: wp-event-solution
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.0.0
Severity Score:: Medium
CVE:: 2024-37507

Plugin:: Motors – Car Dealer, Classifieds & Listing
Plugin Slug:: motors-car-dealership-classified-listings
Installations: 9,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.4.11
Severity Score:: Medium
CVE:: 2024-5545

Plugin:: Tablesome – Responsive Table, Woocommerce Automation, Email Log, Form Automation – Contact Form 7, Elementor, WPForms, Forminator
Plugin Slug:: tablesome
Installations: 9,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.0.34
Severity Score:: Medium
CVE:: 2024-37498

Plugin:: WordPress Sentry
Plugin Slug:: wp-sentry-integration
Installations: 9,000+
Vulnerability:: Backdoor
Patched in Version:: 7.9.0
Severity Score:: Medium

Plugin:: YITH WooCommerce Affiliates
Plugin Slug:: yith-woocommerce-affiliates
Installations: 8,000+
Vulnerability:: Backdoor
Patched in Version:: 3.8.1
Severity Score:: Medium

Plugin:: Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress
Plugin Slug:: youzify
Installations: 8,000+
Vulnerability:: SQL Injection
Patched in Version:: 1.2.6
Severity Score:: High
CVE:: 2024-37494

Plugin:: Create by Mediavine
Plugin Slug:: mediavine-create
Installations: 7,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.9.8
Severity Score:: Medium
CVE:: 2024-37495

Plugin:: ProfileGrid – User Profiles, Groups and Communities
Plugin Slug:: profilegrid-user-profiles-groups-and-communities
Installations: 7,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.8.8
Severity Score:: Medium
CVE:: 2024-37453

Plugin:: Ultimate Bootstrap Elements for Elementor
Plugin Slug:: ultimate-bootstrap-elements-for-elementor
Installations: 6,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 1.4.3
Severity Score:: High
CVE:: 2024-37462

Plugin:: WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce
Plugin Slug:: wp-cafe
Installations: 6,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 2.2.28
Severity Score:: High
CVE:: 2024-37513

Plugin:: Beaver Builder Addons by WPZOOM
Plugin Slug:: wpzoom-addons-for-beaver-builder
Installations: 6,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 1.3.6
Severity Score:: Medium
CVE:: 2024-37464

Plugin:: Snippet Shortcodes
Plugin Slug:: shortcode-variables
Installations: 5,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 4.1.5
Severity Score:: Medium
CVE:: 2024-4543

Plugin:: AWSM Team – Team Showcase Plugin
Plugin Slug:: awsm-team
Installations: 4,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 1.3.2
Severity Score:: Medium
CVE:: 2024-37454

Plugin:: bbPress Notify (No-Spam)
Plugin Slug:: bbpress-notify-nospam
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.18.4
Severity Score:: High
CVE:: 2024-37485

Plugin:: Popup Builder – On Page Load Popup, Exit Popup, Login Popup, On Click, Sticky Bar, Anti-AdBlock – FireBox
Plugin Slug:: firebox
Installations: 4,000+
Vulnerability:: Backdoor
Patched in Version:: 2.1.16
Severity Score:: Medium

Plugin:: Advanced Classifieds & Directory Pro
Plugin Slug:: advanced-classifieds-and-directory-pro
Installations: 3,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 3.2.1
Severity Score:: High
CVE:: 2024-37501

Plugin:: FileBird Document Library
Plugin Slug:: filebird-document-library
Installations: 3,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.0.8.1
Severity Score:: Medium
CVE:: 2024-37504

Plugin:: HelloAsso
Plugin Slug:: helloasso
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.10
Severity Score:: Medium
CVE:: 2024-37488

Plugin:: IMGspider – ????????
Plugin Slug:: imgspider
Installations: 3,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 2.3.11
Severity Score:: Critical
CVE:: 2024-6319

Plugin:: ShopBuilder – Elementor WooCommerce Builder Addons
Plugin Slug:: shopbuilder
Installations: 3,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 2.1.13
Severity Score:: Medium
CVE:: 2024-37520

Plugin:: CRM Perks Forms – WordPress Form Builder
Plugin Slug:: crm-perks-forms
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.1.6
Severity Score:: Medium
CVE:: 2024-37463

Plugin:: EazyDocs – Most Powerful Knowledge base, wiki, Documentation Builder Plugin
Plugin Slug:: eazydocs
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.5.0
Severity Score:: Medium
CVE:: 2024-3999

Plugin:: MakeCommerce for WooCommerce
Plugin Slug:: makecommerce
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.5.2
Severity Score:: High
CVE:: 2024-37509

Plugin:: Online Booking & Scheduling Calendar for WordPress by vcita
Plugin Slug:: meeting-scheduler-by-vcita
Installations: 2,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 4.4.3
Severity Score:: Medium
CVE:: 2024-37499

Plugin:: One Click Order Re-Order
Plugin Slug:: one-click-order-reorder
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.10
Severity Score:: Medium
CVE:: 2024-5641

Plugin:: Premium Blocks – Gutenberg Blocks for WordPress
Plugin Slug:: premium-blocks-for-gutenberg
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.28
Severity Score:: Medium
CVE:: 2024-37519

Plugin:: YAHMAN Add-ons
Plugin Slug:: yahman-add-ons
Installations: 2,000+
Vulnerability:: Backdoor
Patched in Version:: 0.9.29
Severity Score:: Medium

Plugin:: Church Admin
Plugin Slug:: church-admin
Installations: 1,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 4.4.7
Severity Score:: Critical
CVE:: 2024-37418

Plugin:: IdeaPush
Plugin Slug:: ideapush
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 8.66
Severity Score:: High
CVE:: 2024-37461

Plugin:: Newspack Newsletters
Plugin Slug:: newspack-newsletters
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.13.3
Severity Score:: Medium
CVE:: 2024-37475

Plugin:: Post Meta Data Manager
Plugin Slug:: post-meta-data-manager
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.0
Severity Score:: Medium
CVE:: 2024-6264

Plugin:: SuperSaaS – online appointment scheduling
Plugin Slug:: supersaas-appointment-scheduling
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.10
Severity Score:: Medium
CVE:: 2024-37460

Plugin:: Zephyr Project Manager
Plugin Slug:: zephyr-project-manager
Installations: 1,000+
Vulnerability:: Privilege Escalation
Patched in Version:: 3.3.99
Severity Score:: High
CVE:: 2024-37484

Plugin:: Comment Reply Email
Plugin Slug:: comment-reply-email
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5
Severity Score:: High
CVE:: 2024-35773

Plugin:: ShipAny WooCommerce: Ship, Label, Tracking
Plugin Slug:: shipany
Installations: 100+
Vulnerability:: Backdoor
Patched in Version:: 1.1.53
Severity Score:: Medium

Plugin:: Integration for Luminate and Gravity Forms
Plugin Slug:: integration-for-luminate-and-gravity-forms
Installations: 70+
Vulnerability:: Backdoor
Patched in Version:: 1.3.4
Severity Score:: Medium

Plugin:: Qualified Electronic Signatures by eID Easy
Plugin Slug:: eid-easy-qualified-electonic-signature
Installations: 20+
Vulnerability:: Backdoor
Patched in Version:: 3.3.1
Severity Score:: Medium

Plugin:: BLAZE Retail Widget
Plugin Slug:: blaze-widget
Vulnerability:: Backdoor
Patched in Version:: 2.5.4
Severity Score:: Medium

Plugin:: Contact Form 7 Multi-Step Addon
Plugin Slug:: contact-form-7-multi-step-addon
Vulnerability:: Backdoor
Patched in Version:: 1.0.7
Severity Score:: Medium

Plugin:: XPlainer – WooCommerce Product FAQ
Plugin Slug:: faq-for-woocommerce
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.4
Severity Score:: Medium
CVE:: 2024-37515

Plugin:: JetThemeCore
Plugin Slug:: jet-theme-core
Vulnerability:: Arbitrary File Deletion
Patched in Version:: 2.2.1
Severity Score:: High
CVE:: 2024-37497

Plugin:: Modern Events Calendar
Plugin Slug:: modern-events-calendar
Vulnerability:: Arbitrary File Upload
Patched in Version:: 7.12.0
Severity Score:: High
CVE:: 2024-5441

Plugin:: Modern Events Calendar Lite
Plugin Slug:: modern-events-calendar-lite
Vulnerability:: Arbitrary File Upload
Patched in Version:: 7.12.0
Severity Score:: High
CVE:: 2024-5441

Plugin:: Newspack Ads
Plugin Slug:: newspack-ads
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.47.2
Severity Score:: Medium
CVE:: 2024-37474

Plugin:: Newspack Content Converter
Plugin Slug:: newspack-content-converter
Vulnerability:: Broken Access Control
Patched in Version:: 1.0.0
Severity Score:: Medium
CVE:: 2024-37477

Plugin:: Newspack Campaigns
Plugin Slug:: newspack-popups
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.31.2
Severity Score:: Medium
CVE:: 2024-37476

Plugin:: PayPlus Payment Gateway
Plugin Slug:: payplus-payment-gateway
Vulnerability:: SQL Injection
Patched in Version:: 6.6.9
Severity Score:: Critical
CVE:: 2024-6205

Plugin:: PayPlus Payment Gateway
Plugin Slug:: payplus-payment-gateway
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.6.9
Severity Score:: High
CVE:: 2024-37459

Plugin:: Social Warfare
Plugin Slug:: social-warfare
Vulnerability:: Backdoor
Patched in Version:: 4.4.7.3
Severity Score:: Medium

Plugin:: Ultimate Addons for Elementor
Plugin Slug:: ultimate-elementor
Vulnerability:: Privilege Escalation
Patched in Version:: 1.36.32
Severity Score:: High
CVE:: 2024-37455

Plugin:: Woffice Core
Plugin Slug:: woffice-core
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.4.9
Severity Score:: High
CVE:: 2024-37471

Plugin:: Woffice Core
Plugin Slug:: woffice-core
Vulnerability:: Broken Access Control
Patched in Version:: 5.4.9
Severity Score:: High
CVE:: 2024-37470

Plugin:: WooCommerce Social Login
Plugin Slug:: woo-social-login
Vulnerability:: PHP Object Injection
Patched in Version:: 2.7.0
Severity Score:: Medium
CVE:: 2024-37502

Plugin:: CopySafe Web Protection
Plugin Slug:: wp-copysafe-web
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.15
Severity Score:: Medium
CVE:: 2024-37514

Plugin:: WP Directory Kit
Plugin Slug:: wpdirectorykit
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.6
Severity Score:: High
CVE:: 2024-37487

Plugin:: WPQA – Builder forms Addon
Plugin Slug:: wpqa
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 6.1.1
Severity Score:: Medium
CVE:: 2024-2376

Plugin:: WPQA – Builder forms Addon
Plugin Slug:: wpqa
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.1.1
Severity Score:: Medium
CVE:: 2024-2375

WordPress Themes — 20 Patched / 3 Unpatched

Theme:: zBench
Theme Slug:: zbench
Downloads: 588,387
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-37521

Theme:: Boot Store
Theme Slug:: boot-store
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-5938

Theme:: counterpoint
Theme Slug:: counterpoint
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-37559

Theme:: Ashe
Theme Slug:: ashe
Downloads: 1,959,473
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.234
Severity Score:: Medium
CVE:: 2024-37478

Theme:: Bakes And Cakes
Theme Slug:: bakes-and-cakes
Downloads: 154,588
Vulnerability:: Broken Access Control
Patched in Version:: 1.2.7
Severity Score:: Medium
CVE:: 2024-37496

Theme:: Bard
Theme Slug:: bard
Downloads: 912,192
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.211
Severity Score:: Medium
CVE:: 2024-37490

Theme:: Blocksy
Theme Slug:: blocksy
Downloads: 3,364,636
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.0.23
Severity Score:: Medium
CVE:: 2024-37469

Theme:: Business One Page
Theme Slug:: business-one-page
Downloads: 211,071
Vulnerability:: Broken Access Control
Patched in Version:: 1.3.0
Severity Score:: Medium
CVE:: 2024-37505

Theme:: Construction Landing Page
Theme Slug:: construction-landing-page
Downloads: 284,784
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.3.6
Severity Score:: Medium
CVE:: 2024-37508

Theme:: Hestia
Theme Slug:: hestia
Downloads: 4,067,479
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.1.3
Severity Score:: Medium
CVE:: 2024-37467

Theme:: Highlight
Theme Slug:: highlight
Downloads: 435,892
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.0.30
Severity Score:: Medium
CVE:: 2024-37458

Theme:: Lawyer Landing Page
Theme Slug:: lawyer-landing-page
Downloads: 128,839
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.2.5
Severity Score:: Medium
CVE:: 2024-37503

Theme:: Metro Magazine
Theme Slug:: metro-magazine
Downloads: 260,020
Vulnerability:: Broken Access Control
Patched in Version:: 1.3.8
Severity Score:: Medium
CVE:: 2024-37496

Theme:: Newsmatic
Theme Slug:: newsmatic
Downloads: 217,113
Vulnerability:: Broken Access Control
Patched in Version:: 1.3.3
Severity Score:: Medium
CVE:: 2024-37468

Theme:: Posterity
Theme Slug:: posterity
Downloads: 95,124
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.4
Severity Score:: Medium
CVE:: 2024-37493

Theme:: Rara Business
Theme Slug:: rara-business
Downloads: 201,763
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.2.6
Severity Score:: Medium
CVE:: 2024-37937

Theme:: Rife Free
Theme Slug:: rife-free
Downloads: 696,099
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.4.19
Severity Score:: Medium
CVE:: 2024-37491

Theme:: Trendy News
Theme Slug:: trendy-news
Downloads: 24,718
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.0.16
Severity Score:: Medium
CVE:: 2024-37473

Theme:: Basil
Theme Slug:: basil
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.5
Severity Score:: Medium
CVE:: 2024-39310

Theme:: BookYourTravel
Theme Slug:: bookyourtravel
Vulnerability:: Privilege Escalation
Patched in Version:: 8.18.19
Severity Score:: High
CVE:: 2024-37952

Theme:: Himer
Theme Slug:: himer
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.1
Severity Score:: Medium
CVE:: 2024-2234

Theme:: Himer
Theme Slug:: himer
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.1.1
Severity Score:: Medium
CVE:: 2024-2233

Theme:: Woffice
Theme Slug:: woffice
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.4.9
Severity Score:: High
CVE:: 2024-37472

Solid Security is part of Solid Suite — The best foundation for WordPress websites.

Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!

Get Solid Security

Author:

Sarah Ulmer

Sarah has been with SolidWP since 2015. Thanks to her deep connection to the brand, its products, and its users, Sarah was tapped as Solid’s primary Product Marketer in 2023. Sarah helps ensure that Solid’s product development team understands our users’ needs. When not at work, Sarah can be found at home with her husband, their three boys, and their dogs. Sarah enjoys long family walks, running with her lab, and watching her three boys play soccer. Sarah is originally from Texas and loves watching football games (Go Longhorns!)

Browse all of Sarah's articles

Sign up

Placeholder text

Thanks

Oops something went wrong, please try submitting again

Solid Suite

Protect

Repair

Manage

Free Plugins

Solid Suite

Academy

Solid Academy

Guides

Livestreams

Tutorials Academy

Resources

Blog

Vulnerability Report

Support

Documentation

Table of Contents

WordPress Core

WordPress Plugins — 103 Patched / 56 Unpatched