WordPress Vulnerability Report

WordPress Vulnerability Report — July 17, 2024

Since last week, 300 new vulnerabilities emerged in the WordPress ecosystem including 285 plugins and 15 themes. 132 of the vulnerable plugins and themes remain unpatched, but Solid Security Pro users are protected by virtual patching from Patchstack.

Sarah

Published:Jul 17, 2024

Filed Under:WordPress Vulnerability Report

Reading Time:53 min.

In this report, 300 vulnerabilities have been publicly disclosed. Security patches for 168 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 132 plugin and theme vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

Along with poor user account security, vulnerable plugins and themes are among the top reasons why WordPress websites get hacked. Unfortunately, cyberattacks are increasing in volume and sophistication. They’re also increasingly aimed at small to mid-sized businesses.

Our WordPress Vulnerability Report covers the latest emerging WordPress plugin, theme, and core vulnerabilities. Each vulnerability will have a severity rating of LowMediumHigh, or Critical. Responsible disclosure of vulnerabilities is essential to keeping the WordPress community safe. Please share this report to help spread the word and make WordPress — and the web — more secure.

WordPress Core

Say hello to WordPress 6.6 “Dorsey,” named after the legendary American Big Band leader, Tommy Dorsey. Explore the new features and enhancements of WordPress 6.6.

No new core vulnerabilities were disclosed this week.

WordPress Plugins — 167 Patched / 118 Unpatched

Genesis Blocks

Plugin:
Genesis Blocks
Plugin Slug:
genesis-blocks
Installations
100,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-3563
The vulnerability has not been patched. You should deactivate the plugin.

Search & Replace

Plugin:
Search & Replace
Plugin Slug:
search-and-replace
Installations
100,000+
Vulnerability:
Deserialization of untrusted data
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-38759
The vulnerability has not been patched. You should deactivate the plugin.

VK All in One Expansion Unit

Plugin:
VK All in One Expansion Unit
Plugin Slug:
vk-all-in-one-expansion-unit
Installations
100,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-37956
The vulnerability has not been patched. You should deactivate the plugin.

Titan Anti-spam & Security

Plugin:
Titan Anti-spam & Security
Plugin Slug:
anti-spam
Installations
90,000+
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-38777
The vulnerability has not been patched. You should deactivate the plugin.

Matomo Analytics – Ethical Stats. Powerful Insights.

Plugin:
Matomo Analytics – Ethical Stats. Powerful Insights.
Plugin Slug:
matomo
Installations
80,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-38766
The vulnerability has not been patched. You should deactivate the plugin.

Meks Smart Author Widget

Plugin:
Meks Smart Author Widget
Plugin Slug:
meks-smart-author-widget
Installations
20,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-37958
The vulnerability has not been patched. You should deactivate the plugin.

Packlink PRO shipping module

Plugin:
Packlink PRO shipping module
Plugin Slug:
packlink-pro-shipping
Installations
10,000+
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-38740
The vulnerability has not been patched. You should deactivate the plugin.

ReCaptcha Integration for WordPress

Plugin:
ReCaptcha Integration for WordPress
Plugin Slug:
wp-recaptcha-integration
Installations
10,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-37946
The vulnerability has not been patched. You should deactivate the plugin.

Generate PDF using Contact Form 7

Plugin:
Generate PDF using Contact Form 7
Plugin Slug:
generate-pdf-using-contact-form-7
Installations
4,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2024-37555
The vulnerability has not been patched. You should deactivate the plugin.

Generate PDF using Contact Form 7

Plugin:
Generate PDF using Contact Form 7
Plugin Slug:
generate-pdf-using-contact-form-7
Installations
4,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-6317
The vulnerability has not been patched. You should deactivate the plugin.

Panda Video

Plugin:
Panda Video
Plugin Slug:
pandavideo
Installations
4,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-5457
The vulnerability has not been patched. You should deactivate the plugin.

Panda Video

Plugin:
Panda Video
Plugin Slug:
pandavideo
Installations
4,000+
Vulnerability:
Local File Inclusion
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-5456
The vulnerability has not been patched. You should deactivate the plugin.

Realtyna Organic IDX plugin + WPL Real Estate

Plugin:
Realtyna Organic IDX plugin + WPL Real Estate
Plugin Slug:
real-estate-listing-realtyna-wpl
Installations
3,000+
Vulnerability:
Arbitrary File Upload
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2024-38736
The vulnerability has not been patched. You should deactivate the plugin.

Timeline Module for Beaver Builder

Plugin:
Timeline Module for Beaver Builder
Plugin Slug:
timeline-for-beaver-builder
Installations
3,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-37919
The vulnerability has not been patched. You should deactivate the plugin.

WP User Switch

Plugin:
WP User Switch
Plugin Slug:
wp-user-switch
Installations
1,000+
Vulnerability:
Privilege Escalation
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-37560
The vulnerability has not been patched. You should deactivate the plugin.

Admin Dashboard RSS Feed

Plugin:
Admin Dashboard RSS Feed
Plugin Slug:
admin-dashboard-rss-feed
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-38725
The vulnerability has not been patched. You should deactivate the plugin.

Google Adsense & Banner Ads by AdsforWP

Plugin:
Google Adsense & Banner Ads by AdsforWP
Plugin Slug:
ads-for-wp
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-38751
The vulnerability has not been patched. You should deactivate the plugin.

AdPush

Plugin:
AdPush
Plugin Slug:
adsense-plugin
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-38672
The vulnerability has not been patched. You should deactivate the plugin.

Advanced AJAX Page Loader

Plugin:
Advanced AJAX Page Loader
Plugin Slug:
advanced-ajax-page-loader
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2024-6310
The vulnerability has not been patched. You should deactivate the plugin.

Advanced post slider

Plugin:
Advanced post slider
Plugin Slug:
advanced-post-slider
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-38750
The vulnerability has not been patched. You should deactivate the plugin.

EleForms

Plugin:
EleForms
Plugin Slug:
all-contact-form-integration-for-elementor
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-38748
The vulnerability has not been patched. You should deactivate the plugin.

Amazing Hover Effects

Plugin:
Amazing Hover Effects
Plugin Slug:
amazing-hover-effects
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-38741
The vulnerability has not been patched. You should deactivate the plugin.

Animated Typed JS Shortcode

Plugin:
Animated Typed JS Shortcode
Plugin Slug:
animated-typed-js-shortcode
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-38679
The vulnerability has not been patched. You should deactivate the plugin.

Appmaker – Convert WooCommerce to Android & iOS Native Mobile Apps

Plugin:
Appmaker – Convert WooCommerce to Android & iOS Native Mobile Apps
Plugin Slug:
appmaker-woocommerce-mobile-app-manager
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-38680
The vulnerability has not been patched. You should deactivate the plugin.

Arkhe Blocks

Plugin:
Arkhe Blocks
Plugin Slug:
arkhe-blocks
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-38675
The vulnerability has not been patched. You should deactivate the plugin.

Attachment File Icons

Plugin:
Attachment File Icons
Plugin Slug:
attachment-file-icons
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2024-6309
The vulnerability has not been patched. You should deactivate the plugin.

Auto Featured Image (Auto Post Thumbnail)

Plugin:
Auto Featured Image (Auto Post Thumbnail)
Plugin Slug:
auto-post-thumbnail
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-38719
The vulnerability has not been patched. You should deactivate the plugin.

Booking Ultra Pro

Plugin:
Booking Ultra Pro
Plugin Slug:
booking-ultra-pro
Vulnerability:
Local File Inclusion
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-38717
The vulnerability has not been patched. You should deactivate the plugin.

Booking Ultra Pro

Plugin:
Booking Ultra Pro
Plugin Slug:
booking-ultra-pro
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-38676
The vulnerability has not been patched. You should deactivate the plugin.

Caxton – Create Pro page layouts in Gutenberg

Plugin:
Caxton – Create Pro page layouts in Gutenberg
Plugin Slug:
caxton
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-37948
The vulnerability has not been patched. You should deactivate the plugin.

Cliengo – Chatbot

Plugin:
Cliengo – Chatbot
Plugin Slug:
cliengo
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-37923
The vulnerability has not been patched. You should deactivate the plugin.

Cliengo – Chatbot

Plugin:
Cliengo – Chatbot
Plugin Slug:
cliengo
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-5993
The vulnerability has not been patched. You should deactivate the plugin.

Cliengo – Chatbot

Plugin:
Cliengo – Chatbot
Plugin Slug:
cliengo
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-5992
The vulnerability has not been patched. You should deactivate the plugin.

CodePen Embedded Pens Shortcode

Plugin:
CodePen Embedded Pens Shortcode
Plugin Slug:
codepen-embedded-pen-shortcode
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-37960
The vulnerability has not been patched. You should deactivate the plugin.

codoc

Plugin:
codoc
Plugin Slug:
codoc
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-37961
The vulnerability has not been patched. You should deactivate the plugin.

Comment Images Reloaded

Plugin:
Comment Images Reloaded
Plugin Slug:
comment-images-reloaded
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-5856
The vulnerability has not been patched. You should deactivate the plugin.

Animated Rotating Words

Plugin:
Animated Rotating Words
Plugin Slug:
css3-rotating-words
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-38753
The vulnerability has not been patched. You should deactivate the plugin.

WPCS

Plugin:
WPCS
Plugin Slug:
currency-switcher
Vulnerability:
Content Injection
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-38700
The vulnerability has not been patched. You should deactivate the plugin.

Default Thumbnail Plus

Plugin:
Default Thumbnail Plus
Plugin Slug:
default-thumbnail-plus
Vulnerability:
Arbitrary File Upload
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2024-6161
The vulnerability has not been patched. You should deactivate the plugin.

DirectoryPress

Plugin:
DirectoryPress
Plugin Slug:
directorypress
Vulnerability:
SQL Injection
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-38755
The vulnerability has not been patched. You should deactivate the plugin.

Download Button for Elementor

Plugin:
Download Button for Elementor
Plugin Slug:
download-button-for-elementor
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-38718
The vulnerability has not been patched. You should deactivate the plugin.

Easy Pixels

Plugin:
Easy Pixels
Plugin Slug:
easy-pixels-by-jevnet
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-5479
The vulnerability has not been patched. You should deactivate the plugin.

EazyDocs

Plugin:
EazyDocs
Plugin Slug:
eazydocs
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-38721
The vulnerability has not been patched. You should deactivate the plugin.

EazyDocs

Plugin:
EazyDocs
Plugin Slug:
eazydocs
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-38720
The vulnerability has not been patched. You should deactivate the plugin.

Pricing Table

Plugin:
Pricing Table
Plugin Slug:
elfsight-pricing-table
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-4102
The vulnerability has not been patched. You should deactivate the plugin.

Pricing Table

Plugin:
Pricing Table
Plugin Slug:
elfsight-pricing-table
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-4100
The vulnerability has not been patched. You should deactivate the plugin.

Power BI Embedded for WordPress

Plugin:
Power BI Embedded for WordPress
Plugin Slug:
embed-power-bi
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-37959
The vulnerability has not been patched. You should deactivate the plugin.

Event post

Plugin:
Event post
Plugin Slug:
event-post
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-1375
The vulnerability has not been patched. You should deactivate the plugin.

Event post

Plugin:
Event post
Plugin Slug:
event-post
Vulnerability:
Local File Inclusion
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-38735
The vulnerability has not been patched. You should deactivate the plugin.

EventON

Plugin:
EventON
Plugin Slug:
eventon-lite
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-6180
The vulnerability has not been patched. You should deactivate the plugin.

Events Calendar for Google

Plugin:
Events Calendar for Google
Plugin Slug:
events-calendar-for-google
Vulnerability:
Local File Inclusion
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-38716
The vulnerability has not been patched. You should deactivate the plugin.

ExS Widgets

Plugin:
ExS Widgets
Plugin Slug:
exs-widgets
Vulnerability:
Local File Inclusion
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-38715
The vulnerability has not been patched. You should deactivate the plugin.

Extensions for Elementor

Plugin:
Extensions for Elementor
Plugin Slug:
extensions-for-elementor
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-4868
The vulnerability has not been patched. You should deactivate the plugin.

XPlainer – WooCommerce Product FAQ

Plugin:
XPlainer – WooCommerce Product FAQ
Plugin Slug:
faq-for-woocommerce
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-5704
The vulnerability has not been patched. You should deactivate the plugin.

XPlainer – WooCommerce Product FAQ

Plugin:
XPlainer – WooCommerce Product FAQ
Plugin Slug:
faq-for-woocommerce
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-5669
The vulnerability has not been patched. You should deactivate the plugin.

File Manager Advanced Shortcode

Plugin:
File Manager Advanced Shortcode
Plugin Slug:
file-manager-advanced-shortcode
Vulnerability:
Arbitrary File Upload
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2023-7061
The vulnerability has not been patched. You should deactivate the plugin.

WordPress Form Builder Plugin – Gutenberg Forms

Plugin:
WordPress Form Builder Plugin – Gutenberg Forms
Plugin Slug:
forms-gutenberg
Vulnerability:
Arbitrary File Upload
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2024-6313
The vulnerability has not been patched. You should deactivate the plugin.

Fusion

Plugin:
Fusion
Plugin Slug:
fusion
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-37962
The vulnerability has not been patched. You should deactivate the plugin.

SCSS Happy Compiler

Plugin:
SCSS Happy Compiler
Plugin Slug:
happy-scss-compiler
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-5600
The vulnerability has not been patched. You should deactivate the plugin.

HitPay Payment Gateway for WooCommerce

Plugin:
HitPay Payment Gateway for WooCommerce
Plugin Slug:
hitpay-payment-gateway
Vulnerability:
Sensitive Data Exposure
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-38747
The vulnerability has not been patched. You should deactivate the plugin.

Import Spreadsheets from Microsoft Excel

Plugin:
Import Spreadsheets from Microsoft Excel
Plugin Slug:
import-spreadsheets-from-microsoft-excel
Vulnerability:
Arbitrary File Upload
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2024-38734
The vulnerability has not been patched. You should deactivate the plugin.

IQ Testimonials

Plugin:
IQ Testimonials
Plugin Slug:
iq-testimonials
Vulnerability:
Arbitrary File Upload
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2024-6314
The vulnerability has not been patched. You should deactivate the plugin.

WooCommerce Report

Plugin:
WooCommerce Report
Plugin Slug:
ithemelandco-woo-report
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-38683
The vulnerability has not been patched. You should deactivate the plugin.

Job Board Manager

Plugin:
Job Board Manager
Plugin Slug:
job-board-manager
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-38722
The vulnerability has not been patched. You should deactivate the plugin.

Just Custom Fields

Plugin:
Just Custom Fields
Plugin Slug:
just-custom-fields
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-6168
The vulnerability has not been patched. You should deactivate the plugin.

Just Custom Fields

Plugin:
Just Custom Fields
Plugin Slug:
just-custom-fields
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-6167
The vulnerability has not been patched. You should deactivate the plugin.

Laposta

Plugin:
Laposta
Plugin Slug:
laposta
Vulnerability:
Sensitive Data Exposure
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-6574
The vulnerability has not been patched. You should deactivate the plugin.

Light Poll

Plugin:
Light Poll
Plugin Slug:
light-poll
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-6720
The vulnerability has not been patched. You should deactivate the plugin.

Magical Addons For Elementor

Plugin:
Magical Addons For Elementor
Plugin Slug:
magical-addons-for-elementor
Vulnerability:
Server Side Request Forgery (SSRF)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-38730
The vulnerability has not been patched. You should deactivate the plugin.

Magical Addons For Elementor

Plugin:
Magical Addons For Elementor
Plugin Slug:
magical-addons-for-elementor
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-38681
The vulnerability has not been patched. You should deactivate the plugin.

Magical Posts Display – Elementor & Gutenberg Posts Blocks

Plugin:
Magical Posts Display – Elementor & Gutenberg Posts Blocks
Plugin Slug:
magical-posts-display
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-37951
The vulnerability has not been patched. You should deactivate the plugin.

MBE eShip

Plugin:
MBE eShip
Plugin Slug:
mail-boxes-etc
Vulnerability:
Sensitive Data Exposure
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-38742
The vulnerability has not been patched. You should deactivate the plugin.

MBE eShip

Plugin:
MBE eShip
Plugin Slug:
mail-boxes-etc
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-38729
The vulnerability has not been patched. You should deactivate the plugin.

MBE eShip

Plugin:
MBE eShip
Plugin Slug:
mail-boxes-etc
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-37953
The vulnerability has not been patched. You should deactivate the plugin.

Master Popups

Plugin:
Master Popups
Plugin Slug:
master-popups-lite
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-37950
The vulnerability has not been patched. You should deactivate the plugin.

Meks Video Importer

Plugin:
Meks Video Importer
Plugin Slug:
meks-video-importer
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-38733
The vulnerability has not been patched. You should deactivate the plugin.

URL Shortener by MyThemeShop

Plugin:
URL Shortener by MyThemeShop
Plugin Slug:
mts-url-shortener
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-5802
The vulnerability has not been patched. You should deactivate the plugin.

Olive One Click Demo Import

Plugin:
Olive One Click Demo Import
Plugin Slug:
olive-one-click-demo-import
Vulnerability:
Sensitive Data Exposure
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-38749
The vulnerability has not been patched. You should deactivate the plugin.

OSM – OpenStreetMap

Plugin:
OSM – OpenStreetMap
Plugin Slug:
osm
Vulnerability:
SQL Injection
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-3604
The vulnerability has not been patched. You should deactivate the plugin.

Payflex Payment Gateway

Plugin:
Payflex Payment Gateway
Plugin Slug:
payflex-payment-gateway
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-0619
The vulnerability has not been patched. You should deactivate the plugin.

Pie Register

Plugin:
Pie Register
Plugin Slug:
pie-register
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2024-6069
The vulnerability has not been patched. You should deactivate the plugin.

Plugin Notes Plus

Plugin:
Plugin Notes Plus
Plugin Slug:
plugin-notes-plus
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-37561
The vulnerability has not been patched. You should deactivate the plugin.

Post Layouts for Gutenberg

Plugin:
Post Layouts for Gutenberg
Plugin Slug:
post-layouts
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-38682
The vulnerability has not been patched. You should deactivate the plugin.

Product Designer

Plugin:
Product Designer
Plugin Slug:
product-designer
Vulnerability:
Arbitrary Content Deletion
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-38726
The vulnerability has not been patched. You should deactivate the plugin.

Product Designer

Plugin:
Product Designer
Plugin Slug:
product-designer
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-3608
The vulnerability has not been patched. You should deactivate the plugin.

Plum: Spin Wheel & Email Pop-up

Plugin:
Plum: Spin Wheel & Email Pop-up
Plugin Slug:
qodeblock
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-38744
The vulnerability has not been patched. You should deactivate the plugin.

Plum: Spin Wheel & Email Pop-up

Plugin:
Plum: Spin Wheel & Email Pop-up
Plugin Slug:
qodeblock
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-38743
The vulnerability has not been patched. You should deactivate the plugin.

Coming Soon

Plugin:
Coming Soon
Plugin Slug:
responsive-coming-soon-page
Vulnerability:
Sensitive Data Exposure
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-38756
The vulnerability has not been patched. You should deactivate the plugin.

REVIEWS.io

Plugin:
REVIEWS.io
Plugin Slug:
reviewscouk-for-woocommerce
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-38677
The vulnerability has not been patched. You should deactivate the plugin.

ScrollTo Bottom

Plugin:
ScrollTo Bottom
Plugin Slug:
scrollto-bottom
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2024-6321
The vulnerability has not been patched. You should deactivate the plugin.

ScrollTo Top

Plugin:
ScrollTo Top
Plugin Slug:
scrollto-top
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2024-6320
The vulnerability has not been patched. You should deactivate the plugin.

Seraphinite Post .DOCX Source

Plugin:
Seraphinite Post .DOCX Source
Plugin Slug:
seraphinite-post-docx-source
Vulnerability:
Server Side Request Forgery (SSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-38728
The vulnerability has not been patched. You should deactivate the plugin.

Seraphinite Post .DOCX Source

Plugin:
Seraphinite Post .DOCX Source
Plugin Slug:
seraphinite-post-docx-source
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-38727
The vulnerability has not been patched. You should deactivate the plugin.

Simple Alert Boxes

Plugin:
Simple Alert Boxes
Plugin Slug:
simple-alert-boxes
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-5937
The vulnerability has not been patched. You should deactivate the plugin.

Simple Post Notes

Plugin:
Simple Post Notes
Plugin Slug:
simple-post-notes
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-37562
The vulnerability has not been patched. You should deactivate the plugin.

Simple Responsive Slider

Plugin:
Simple Responsive Slider
Plugin Slug:
simple-responsive-slider
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-37954
The vulnerability has not been patched. You should deactivate the plugin.

SKT Addons for Elementor

Plugin:
SKT Addons for Elementor
Plugin Slug:
skt-addons-for-elementor
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-38674
The vulnerability has not been patched. You should deactivate the plugin.

Sky Addons for Elementor

Plugin:
Sky Addons for Elementor
Plugin Slug:
sky-elementor-addons
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-38687
The vulnerability has not been patched. You should deactivate the plugin.

GutSlider – All in One Block Slider

Plugin:
GutSlider – All in One Block Slider
Plugin Slug:
slider-blocks
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-37955
The vulnerability has not been patched. You should deactivate the plugin.

Tabs For WPBakery Page Builder

Plugin:
Tabs For WPBakery Page Builder
Plugin Slug:
tabs-for-visual-composer
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-37936
The vulnerability has not been patched. You should deactivate the plugin.

Taggbox

Plugin:
Taggbox
Plugin Slug:
taggbox-widget
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-38754
The vulnerability has not been patched. You should deactivate the plugin.

TOCHAT.BE

Plugin:
TOCHAT.BE
Plugin Slug:
tochat-be
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-37563
The vulnerability has not been patched. You should deactivate the plugin.

UltraAddons Elementor Lite

Plugin:
UltraAddons Elementor Lite
Plugin Slug:
ultraaddons-elementor-lite
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-4866
The vulnerability has not been patched. You should deactivate the plugin.

User Activity Log Pro

Plugin:
User Activity Log Pro
Plugin Slug:
user-activity-log-pro
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-37929
The vulnerability has not been patched. You should deactivate the plugin.

WappPress

Plugin:
WappPress
Plugin Slug:
wapppress-builds-android-app-for-website
Vulnerability:
Server Side Request Forgery (SSRF)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-38758
The vulnerability has not been patched. You should deactivate the plugin.

Webico Slider Flatsome Addons

Plugin:
Webico Slider Flatsome Addons
Plugin Slug:
webico-slider-flatsome-addons
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-5881
The vulnerability has not been patched. You should deactivate the plugin.

LearnDash LMS – Reports

Plugin:
LearnDash LMS – Reports
Plugin Slug:
wisdm-reports-for-learndash
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-5648
The vulnerability has not been patched. You should deactivate the plugin.

Woocommerce OpenPos

Plugin:
Woocommerce OpenPos
Plugin Slug:
woocommerce-openpos
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-37935
The vulnerability has not been patched. You should deactivate the plugin.

Woocommerce OpenPos

Plugin:
Woocommerce OpenPos
Plugin Slug:
woocommerce-openpos
Vulnerability:
SQL Injection
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2024-37933
The vulnerability has not been patched. You should deactivate the plugin.

Woocommerce OpenPos

Plugin:
Woocommerce OpenPos
Plugin Slug:
woocommerce-openpos
Vulnerability:
Arbitrary File Deletion
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-37932
The vulnerability has not been patched. You should deactivate the plugin.

WooCommerce Predictive Search

Plugin:
WooCommerce Predictive Search
Plugin Slug:
woocommerce-predictive-search
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-38669
The vulnerability has not been patched. You should deactivate the plugin.

Change From Email

Plugin:
Change From Email
Plugin Slug:
wp-from-email
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-38738
The vulnerability has not been patched. You should deactivate the plugin.

WP GoToWebinar

Plugin:
WP GoToWebinar
Plugin Slug:
wp-gotowebinar
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-38671
The vulnerability has not been patched. You should deactivate the plugin.

Multisite Content Copier/Updater

Plugin:
Multisite Content Copier/Updater
Plugin Slug:
wp-multisite-content-copier
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-38673
The vulnerability has not been patched. You should deactivate the plugin.

WP2Speed Faster

Plugin:
WP2Speed Faster
Plugin Slug:
wp2speed
Vulnerability:
Sensitive Data Exposure
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-37924
The vulnerability has not been patched. You should deactivate the plugin.

WP2Speed Faster

Plugin:
WP2Speed Faster
Plugin Slug:
wp2speed
Vulnerability:
Broken Authentication
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-5810
The vulnerability has not been patched. You should deactivate the plugin.

Recipe Maker For Your Food Blog from Zip Recipes

Plugin:
Recipe Maker For Your Food Blog from Zip Recipes
Plugin Slug:
zip-recipes
Vulnerability:
Sensitive Data Exposure
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-38688
The vulnerability has not been patched. You should deactivate the plugin.

Zoho Campaigns

Plugin:
Zoho Campaigns
Plugin Slug:
zoho-campaigns
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-38752
The vulnerability has not been patched. You should deactivate the plugin.

Duplicator – Migration & Backup Plugin

Plugin:
Duplicator – Migration & Backup Plugin
Plugin Slug:
duplicator
Installations
1,000,000+
Vulnerability:
Full Path Disclosure (FPD)
Patched in Version:
1.5.10
Severity Score:
Medium
CVE:
2024-6210
The vulnerability has been patched, so you should update to version 1.5.10.

WPS Hide Login

Plugin:
WPS Hide Login
Plugin Slug:
wps-hide-login
Installations
1,000,000+
Vulnerability:
Bypass Vulnerability
Patched in Version:
1.9.16.4
Severity Score:
Medium
CVE:
2024-6289
The vulnerability has been patched, so you should update to version 1.9.16.4.

Premium Addons for Elementor

Plugin:
Premium Addons for Elementor
Plugin Slug:
premium-addons-for-elementor
Installations
700,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
4.10.37
Severity Score:
Medium
CVE:
2024-6495
The vulnerability has been patched, so you should update to version 4.10.37.

Premium Addons for Elementor

Plugin:
Premium Addons for Elementor
Plugin Slug:
premium-addons-for-elementor
Installations
700,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
4.10.35
Severity Score:
Medium
CVE:
2024-37922
The vulnerability has been patched, so you should update to version 4.10.35.

Easy Table of Contents

Plugin:
Easy Table of Contents
Plugin Slug:
easy-table-of-contents
Installations
500,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.0.67.1
Severity Score:
Medium
CVE:
2024-6334
The vulnerability has been patched, so you should update to version 2.0.67.1.

SEOPress – On-site SEO

Plugin:
SEOPress – On-site SEO
Plugin Slug:
wp-seopress
Installations
300,000+
Vulnerability:
PHP Object Injection
Patched in Version:
7.9
Severity Score:
High
CVE:
2024-5488
The vulnerability has been patched, so you should update to version 7.9.

Unlimited Elements For Elementor (Free Widgets, Addons, Templates)

Plugin:
Unlimited Elements For Elementor (Free Widgets, Addons, Templates)
Plugin Slug:
unlimited-elements-for-elementor
Installations
200,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.5.113
Severity Score:
Medium
CVE:
2024-6169
The vulnerability has been patched, so you should update to version 1.5.113.

HT Mega – Absolute Addons For Elementor

Plugin:
HT Mega – Absolute Addons For Elementor
Plugin Slug:
ht-mega-for-elementor
Installations
100,000+
Vulnerability:
Path Traversal
Patched in Version:
2.5.8
Severity Score:
Medium
CVE:
2024-38706
The vulnerability has been patched, so you should update to version 2.5.8.

Inline Related Posts

Plugin:
Inline Related Posts
Plugin Slug:
intelly-related-posts
Installations
100,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
3.7.0
Severity Score:
High
CVE:
2024-5626
The vulnerability has been patched, so you should update to version 3.7.0.

WordPress Button Plugin MaxButtons

Plugin:
WordPress Button Plugin MaxButtons
Plugin Slug:
maxbuttons
Installations
100,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
9.7.8
Severity Score:
Medium
CVE:
2024-3026
The vulnerability has been patched, so you should update to version 9.7.8.

HUSKY – Products Filter Professional for WooCommerce

Plugin:
HUSKY – Products Filter Professional for WooCommerce
Plugin Slug:
woocommerce-products-filter
Installations
100,000+
Vulnerability:
SQL Injection
Patched in Version:
1.3.6.1
Severity Score:
Critical
CVE:
2024-6457
The vulnerability has been patched, so you should update to version 1.3.6.1.

EmbedPress – Embed PDF, PDF 3D FlipBook, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor

Plugin:
EmbedPress – Embed PDF, PDF 3D FlipBook, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor
Plugin Slug:
embedpress
Installations
90,000+
Vulnerability:
Broken Access Control
Patched in Version:
4.0.5
Severity Score:
Medium
CVE:
2024-38707
The vulnerability has been patched, so you should update to version 4.0.5.

Event Tickets and Registration

Plugin:
Event Tickets and Registration
Plugin Slug:
event-tickets
Installations
90,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
5.11.0.5
Severity Score:
Medium
CVE:
2024-38762
The vulnerability has been patched, so you should update to version 5.11.0.5.

Tutor LMS – eLearning and online course solution

Plugin:
Tutor LMS – eLearning and online course solution
Plugin Slug:
tutor
Installations
90,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.7.3
Severity Score:
Medium
CVE:
2024-37947
The vulnerability has been patched, so you should update to version 2.7.3.

Brizy – Page Builder

Plugin:
Brizy – Page Builder
Plugin Slug:
brizy
Installations
80,000+
Vulnerability:
Broken Access Control
Patched in Version:
2.4.45
Severity Score:
High
CVE:
2024-1937
The vulnerability has been patched, so you should update to version 2.4.45.

YITH WooCommerce Ajax Product Filter

Plugin:
YITH WooCommerce Ajax Product Filter
Plugin Slug:
yith-woocommerce-ajax-navigation
Installations
80,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
5.2.0
Severity Score:
Medium
CVE:
2024-37943
The vulnerability has been patched, so you should update to version 5.2.0.

Premium Portfolio Features for Phlox theme

Plugin:
Premium Portfolio Features for Phlox theme
Plugin Slug:
auxin-portfolio
Installations
50,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.3.3
Severity Score:
Medium
CVE:
2024-3587
The vulnerability has been patched, so you should update to version 2.3.3.

Image Hover Effects – Elementor Addon

Plugin:
Image Hover Effects – Elementor Addon
Plugin Slug:
image-hover-effects-addon-for-elementor
Installations
50,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.4.4
Severity Score:
Medium
CVE:
2024-4780
The vulnerability has been patched, so you should update to version 1.4.4.

Internal Link Juicer: SEO Auto Linker for WordPress

Plugin:
Internal Link Juicer: SEO Auto Linker for WordPress
Plugin Slug:
internal-links
Installations
50,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
2.24.4
Severity Score:
Medium
CVE:
2024-37941
The vulnerability has been patched, so you should update to version 2.24.4.

Ultimate Blocks – WordPress Blocks Plugin

Plugin:
Ultimate Blocks – WordPress Blocks Plugin
Plugin Slug:
ultimate-blocks
Installations
50,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
3.1.9
Severity Score:
Medium
CVE:
2024-4655
The vulnerability has been patched, so you should update to version 3.1.9.

Ditty – Responsive News Tickers, Sliders, and Lists

Plugin:
Ditty – Responsive News Tickers, Sliders, and Lists
Plugin Slug:
ditty-news-ticker
Installations
40,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
3.1.43
Severity Score:
Medium
CVE:
2024-5575
The vulnerability has been patched, so you should update to version 3.1.43.

PowerPress Podcasting plugin by Blubrry

Plugin:
PowerPress Podcasting plugin by Blubrry
Plugin Slug:
powerpress
Installations
40,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
11.9.11
Severity Score:
Medium
CVE:
2024-6588
The vulnerability has been patched, so you should update to version 11.9.11.

Qi Blocks

Plugin:
Qi Blocks
Plugin Slug:
qi-blocks
Installations
40,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.3.1
Severity Score:
Medium
CVE:
2024-38712
The vulnerability has been patched, so you should update to version 1.3.1.

Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker

Plugin:
Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker
Plugin Slug:
quiz-master-next
Installations
40,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
9.0.5
Severity Score:
Medium
CVE:
2024-6025
The vulnerability has been patched, so you should update to version 9.0.5.

Social Media Widget

Plugin:
Social Media Widget
Plugin Slug:
social-media-widget
Installations
40,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
4.0.9
Severity Score:
Medium
CVE:
2024-0974
The vulnerability has been patched, so you should update to version 4.0.9.

FULL – Cliente

Plugin:
FULL – Cliente
Plugin Slug:
full-customer
Installations
30,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
3.1.13
Severity Score:
High
CVE:
2024-6447
The vulnerability has been patched, so you should update to version 3.1.13.

Index WP MySQL For Speed

Plugin:
Index WP MySQL For Speed
Plugin Slug:
index-wp-mysql-for-speed
Installations
30,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.4.18
Severity Score:
High
CVE:
2024-4977
The vulnerability has been patched, so you should update to version 1.4.18.

Seriously Simple Podcasting

Plugin:
Seriously Simple Podcasting
Plugin Slug:
seriously-simple-podcasting
Installations
30,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
3.3.0
Severity Score:
Medium
CVE:
2024-3751
The vulnerability has been patched, so you should update to version 3.3.0.

Team Members

Plugin:
Team Members
Plugin Slug:
team-members
Installations
30,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
5.3.4
Severity Score:
Medium
CVE:
2024-38670
The vulnerability has been patched, so you should update to version 5.3.4.

WP Popups – WordPress Popup builder

Plugin:
WP Popups – WordPress Popup builder
Plugin Slug:
wp-popups-lite
Installations
30,000+
Vulnerability:
Full Path Disclosure (FPD)
Patched in Version:
2.2.0.2
Severity Score:
Medium
CVE:
2024-6555
The vulnerability has been patched, so you should update to version 2.2.0.2.

Login by Auth0

Plugin:
Login by Auth0
Plugin Slug:
auth0
Installations
20,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
4.6.1
Severity Score:
High
CVE:
2023-6813
The vulnerability has been patched, so you should update to version 4.6.1.

Branda – White Label WordPress, Custom Login Page Customizer

Plugin:
Branda – White Label WordPress, Custom Login Page Customizer
Plugin Slug:
branda-white-labeling
Installations
20,000+
Vulnerability:
Full Path Disclosure (FPD)
Patched in Version:
3.4.19
Severity Score:
Medium
CVE:
2024-6554
The vulnerability has been patched, so you should update to version 3.4.19.

Image Photo Gallery Final Tiles Grid

Plugin:
Image Photo Gallery Final Tiles Grid
Plugin Slug:
final-tiles-grid-gallery-lite
Installations
20,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
3.6.0
Severity Score:
Medium
CVE:
2024-3710
The vulnerability has been patched, so you should update to version 3.6.0.

Form Vibes – Database Manager for Forms

Plugin:
Form Vibes – Database Manager for Forms
Plugin Slug:
form-vibes
Installations
20,000+
Vulnerability:
SQL Injection
Patched in Version:
1.4.11
Severity Score:
High
CVE:
2024-5325
The vulnerability has been patched, so you should update to version 1.4.11.

Secure Copy Content Protection and Content Locking

Plugin:
Secure Copy Content Protection and Content Locking
Plugin Slug:
secure-copy-content-protection
Installations
20,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
4.0.9
Severity Score:
Medium
CVE:
2024-6138
The vulnerability has been patched, so you should update to version 4.0.9.

Slider by 10Web – Responsive Image Slider

Plugin:
Slider by 10Web – Responsive Image Slider
Plugin Slug:
slider-wd
Installations
20,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.2.56
Severity Score:
Medium
CVE:
2024-6026
The vulnerability has been patched, so you should update to version 1.2.56.

Wallet for WooCommerce

Plugin:
Wallet for WooCommerce
Plugin Slug:
woo-wallet
Installations
20,000+
Vulnerability:
SQL Injection
Patched in Version:
1.5.5
Severity Score:
High
CVE:
2024-6353
The vulnerability has been patched, so you should update to version 1.5.5.

Wholesale Suite – WooCommerce Wholesale Prices, B2B, Catalog Mode, Order Form, Wholesale User Roles, Dynamic Pricing & More

Plugin:
Wholesale Suite – WooCommerce Wholesale Prices, B2B, Catalog Mode, Order Form, Wholesale User Roles, Dynamic Pricing & More
Plugin Slug:
woocommerce-wholesale-prices
Installations
20,000+
Vulnerability:
Broken Access Control
Patched in Version:
2.2.0
Severity Score:
Medium
CVE:
2024-38745
The vulnerability has been patched, so you should update to version 2.2.0.

WP Accessibility Helper (WAH)

Plugin:
WP Accessibility Helper (WAH)
Plugin Slug:
wp-accessibility-helper
Installations
20,000+
Vulnerability:
Broken Access Control
Patched in Version:
0.6.3
Severity Score:
Medium
CVE:
2024-37926
The vulnerability has been patched, so you should update to version 0.6.3.

WordPress File Upload

Plugin:
WordPress File Upload
Plugin Slug:
wp-file-upload
Installations
20,000+
Vulnerability:
Directory Traversal
Patched in Version:
4.24.8
Severity Score:
Medium
CVE:
2024-5852
The vulnerability has been patched, so you should update to version 4.24.8.

Backup and Staging by WP Time Capsule

Plugin:
Backup and Staging by WP Time Capsule
Plugin Slug:
wp-time-capsule
Installations
20,000+
Vulnerability:
Privilege Escalation
Patched in Version:
1.22.21
Severity Score:
Critical
CVE:
2024-38770
The vulnerability has been patched, so you should update to version 1.22.21.

Goftino

Plugin:
Goftino
Plugin Slug:
goftino
Installations
10,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.7
Severity Score:
Medium
CVE:
2024-38697
The vulnerability has been patched, so you should update to version 1.7.

Gum Elementor Addon

Plugin:
Gum Elementor Addon
Plugin Slug:
gum-elementor-addon
Installations
10,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.3.6
Severity Score:
Medium
CVE:
2024-37565
The vulnerability has been patched, so you should update to version 1.3.6.

Link Library

Plugin:
Link Library
Plugin Slug:
link-library
Installations
10,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
7.7.2
Severity Score:
High
CVE:
2024-38711
The vulnerability has been patched, so you should update to version 7.7.2.

Metorik – Reports & Email Automation for WooCommerce

Plugin:
Metorik – Reports & Email Automation for WooCommerce
Plugin Slug:
metorik-helper
Installations
10,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
1.7.2
Severity Score:
Medium
CVE:
2024-38691
The vulnerability has been patched, so you should update to version 1.7.2.

Product Enquiry for WooCommerce

Plugin:
Product Enquiry for WooCommerce
Plugin Slug:
product-enquiry-for-woocommerce
Installations
10,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
3.1.8
Severity Score:
Medium
CVE:
2024-3964
The vulnerability has been patched, so you should update to version 3.1.8.

WP Photo Album Plus

Plugin:
WP Photo Album Plus
Plugin Slug:
wp-photo-album-plus
Installations
10,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
8.8.02.003
Severity Score:
Medium
CVE:
2024-38713
The vulnerability has been patched, so you should update to version 8.8.02.003.

SchedulePress – Auto Post & Publish, Auto Social Share, Schedule Posts with Editorial Calendar & Missed Schedule Post Publisher

Plugin:
SchedulePress – Auto Post & Publish, Auto Social Share, Schedule Posts with Editorial Calendar & Missed Schedule Post Publisher
Plugin Slug:
wp-scheduled-posts
Installations
10,000+
Vulnerability:
Sensitive Data Exposure
Patched in Version:
5.1.4
Severity Score:
Medium
CVE:
2024-6557
The vulnerability has been patched, so you should update to version 5.1.4.

If-So Dynamic Content Personalization

Plugin:
If-So Dynamic Content Personalization
Plugin Slug:
if-so
Installations
8,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.8.0.4
Severity Score:
Medium
CVE:
2024-6070
The vulnerability has been patched, so you should update to version 1.8.0.4.

If-So Dynamic Content Personalization

Plugin:
If-So Dynamic Content Personalization
Plugin Slug:
if-so
Installations
8,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.8.0.4
Severity Score:
High
CVE:
2024-5713
The vulnerability has been patched, so you should update to version 1.8.0.4.

Get Use APIs – JSON Content Importer

Plugin:
Get Use APIs – JSON Content Importer
Plugin Slug:
json-content-importer
Installations
8,000+
Vulnerability:
Server Side Request Forgery (SSRF)
Patched in Version:
1.6.0
Severity Score:
Medium
CVE:
2024-38723
The vulnerability has been patched, so you should update to version 1.6.0.

iPanorama 360 – WordPress Virtual Tour Builder

Plugin:
iPanorama 360 – WordPress Virtual Tour Builder
Plugin Slug:
ipanorama-360-virtual-tour-builder-lite
Installations
7,000+
Vulnerability:
Broken Access Control
Patched in Version:
1.8.4
Severity Score:
Medium
CVE:
2024-38690
The vulnerability has been patched, so you should update to version 1.8.4.

Social Sharing Plugin – Kiwi

Plugin:
Social Sharing Plugin – Kiwi
Plugin Slug:
kiwi-social-share
Installations
7,000+
Vulnerability:
Sensitive Data Exposure
Patched in Version:
2.1.8
Severity Score:
Medium
CVE:
2024-3228
The vulnerability has been patched, so you should update to version 2.1.8.

ProfileGrid – User Profiles, Groups and Communities

Plugin:
ProfileGrid – User Profiles, Groups and Communities
Plugin Slug:
profilegrid-user-profiles-groups-and-communities
Installations
7,000+
Vulnerability:
Insecure Direct Object References (IDOR)
Patched in Version:
5.9.0
Severity Score:
Medium
CVE:
2024-6410
The vulnerability has been patched, so you should update to version 5.9.0.

ProfileGrid – User Profiles, Groups and Communities

Plugin:
ProfileGrid – User Profiles, Groups and Communities
Plugin Slug:
profilegrid-user-profiles-groups-and-communities
Installations
7,000+
Vulnerability:
Privilege Escalation
Patched in Version:
5.9.0
Severity Score:
High
CVE:
2024-6411
The vulnerability has been patched, so you should update to version 5.9.0.

InstaWP Connect – 1-click WP Staging & Migration

Plugin:
InstaWP Connect – 1-click WP Staging & Migration
Plugin Slug:
instawp-connect
Installations
5,000+
Vulnerability:
Privilege Escalation
Patched in Version:
0.1.0.45
Severity Score:
Critical
CVE:
2024-6397
The vulnerability has been patched, so you should update to version 0.1.0.45.

Send Users Email

Plugin:
Send Users Email
Plugin Slug:
send-users-email
Installations
5,000+
Vulnerability:
Sensitive Data Exposure
Patched in Version:
1.5.2
Severity Score:
Medium
CVE:
2024-38760
The vulnerability has been patched, so you should update to version 1.5.2.

WP Links Page

Plugin:
WP Links Page
Plugin Slug:
wp-links-page
Installations
5,000+
Vulnerability:
Broken Access Control
Patched in Version:
4.9.6
Severity Score:
Medium
CVE:
2024-6465
The vulnerability has been patched, so you should update to version 4.9.6.

WP QuickLaTeX

Plugin:
WP QuickLaTeX
Plugin Slug:
wp-quicklatex
Installations
5,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
3.8.7
Severity Score:
Medium
CVE:
2024-5472
The vulnerability has been patched, so you should update to version 3.8.7.

CM WordPress Search And Replace Plugin

Plugin:
CM WordPress Search And Replace Plugin
Plugin Slug:
cm-on-demand-search-and-replace
Installations
4,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
1.3.9
Severity Score:
Medium
CVE:
2024-5028
The vulnerability has been patched, so you should update to version 1.3.9.

ElementInvader Addons for Elementor

Plugin:
ElementInvader Addons for Elementor
Plugin Slug:
elementinvader-addons-for-elementor
Installations
4,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.2.5
Severity Score:
Medium
CVE:
2024-38705
The vulnerability has been patched, so you should update to version 1.2.5.

VikRentCar Car Rental Management System

Plugin:
VikRentCar Car Rental Management System
Plugin Slug:
vikrentcar
Installations
4,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
1.3.2
Severity Score:
Medium
CVE:
2024-1845
The vulnerability has been patched, so you should update to version 1.3.2.

Watu Quiz

Plugin:
Watu Quiz
Plugin Slug:
watu
Installations
4,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
3.4.1.2
Severity Score:
Medium
CVE:
2024-2640
The vulnerability has been patched, so you should update to version 3.4.1.2.

Zoho CRM Lead Magnet

Plugin:
Zoho CRM Lead Magnet
Plugin Slug:
zoho-crm-forms
Installations
4,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.7.8.9
Severity Score:
High
CVE:
2024-38696
The vulnerability has been patched, so you should update to version 1.7.8.9.

AForms — Form Builder for Price Calculator & Cost Estimation

Plugin:
AForms — Form Builder for Price Calculator & Cost Estimation
Plugin Slug:
aforms-form-builder-for-price-calculator-cost-estimation
Installations
3,000+
Vulnerability:
Sensitive Data Exposure
Patched in Version:
2.2.7
Severity Score:
Medium
CVE:
2024-6565
The vulnerability has been patched, so you should update to version 2.2.7.

ConeBlog – Elementor Blog Widgets

Plugin:
ConeBlog – Elementor Blog Widgets
Plugin Slug:
coneblog-widgets
Installations
3,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.4.9
Severity Score:
Medium
CVE:
2024-37918
The vulnerability has been patched, so you should update to version 1.4.9.

Insert or Embed Articulate Content into WordPress

Plugin:
Insert or Embed Articulate Content into WordPress
Plugin Slug:
insert-or-embed-articulate-content-into-wordpress
Installations
3,000+
Vulnerability:
Arbitrary File Upload
Patched in Version:
4.3000000024
Severity Score:
Critical
CVE:
2024-5630
The vulnerability has been patched, so you should update to version 4.3000000024.

oik

Plugin:
oik
Plugin Slug:
oik
Installations
3,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
4.12.0
Severity Score:
Medium
CVE:
2024-6391
The vulnerability has been patched, so you should update to version 4.12.0.

Spiffy Calendar

Plugin:
Spiffy Calendar
Plugin Slug:
spiffy-calendar
Installations
3,000+
Vulnerability:
SQL Injection
Patched in Version:
4.9.12
Severity Score:
High
CVE:
2024-38692
The vulnerability has been patched, so you should update to version 4.9.12.

Wallet System for WooCommerce – Wallet, Digital Wallet, Cashback, Recharge User Wallets, Partial Payments, Wallet restriction, Refunds

Plugin:
Wallet System for WooCommerce – Wallet, Digital Wallet, Cashback, Recharge User Wallets, Partial Payments, Wallet restriction, Refunds
Plugin Slug:
wallet-system-for-woocommerce
Installations
3,000+
Vulnerability:
Sensitive Data Exposure
Patched in Version:
2.5.14
Severity Score:
High
CVE:
2024-38699
The vulnerability has been patched, so you should update to version 2.5.14.

Chained Quiz

Plugin:
Chained Quiz
Plugin Slug:
chained-quiz
Installations
2,000+
Vulnerability:
Broken Access Control
Patched in Version:
1.3.2.9
Severity Score:
Medium
CVE:
2024-37921
The vulnerability has been patched, so you should update to version 1.3.2.9.

Featured Image Generator

Plugin:
Featured Image Generator
Plugin Slug:
featured-image-generator
Installations
2,000+
Vulnerability:
Broken Access Control
Patched in Version:
1.3.3
Severity Score:
Medium
CVE:
2024-5677
The vulnerability has been patched, so you should update to version 1.3.3.

Glossary

Plugin:
Glossary
Plugin Slug:
glossary-by-codeat
Installations
2,000+
Vulnerability:
Sensitive Data Exposure
Patched in Version:
2.2.27
Severity Score:
Medium
CVE:
2024-6570
The vulnerability has been patched, so you should update to version 2.2.27.

JSON API User

Plugin:
JSON API User
Plugin Slug:
json-api-user
Installations
2,000+
Vulnerability:
Privilege Escalation
Patched in Version:
3.9.4
Severity Score:
Critical
CVE:
2024-6624
The vulnerability has been patched, so you should update to version 3.9.4.

MakeStories (for Google Web Stories)

Plugin:
MakeStories (for Google Web Stories)
Plugin Slug:
makestories-helper
Installations
2,000+
Vulnerability:
Arbitrary File Download
Patched in Version:
3.0.4
Severity Score:
High
CVE:
2024-38746
The vulnerability has been patched, so you should update to version 3.0.4.

Media Hygiene: Remove or Delete Unused Images and More!

Plugin:
Media Hygiene: Remove or Delete Unused Images and More!
Plugin Slug:
media-hygiene
Installations
2,000+
Vulnerability:
Broken Access Control
Patched in Version:
3.0.2
Severity Score:
Medium
CVE:
2024-5855
The vulnerability has been patched, so you should update to version 3.0.2.

Product Delivery Date for WooCommerce – Lite

Plugin:
Product Delivery Date for WooCommerce – Lite
Plugin Slug:
product-delivery-date-for-woocommerce-lite
Installations
2,000+
Vulnerability:
Broken Access Control
Patched in Version:
2.7.3
Severity Score:
Medium
CVE:
2024-38702
The vulnerability has been patched, so you should update to version 2.7.3.

Simple Popup Plugin

Plugin:
Simple Popup Plugin
Plugin Slug:
simple-popup-plugin
Installations
2,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
4.5
Severity Score:
Medium
CVE:
2024-38689
The vulnerability has been patched, so you should update to version 4.5.

SKT Skill Bar

Plugin:
SKT Skill Bar
Plugin Slug:
skt-skill-bar
Installations
2,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.1
Severity Score:
Medium
CVE:
2024-38698
The vulnerability has been patched, so you should update to version 2.1.

SVG Block

Plugin:
SVG Block
Plugin Slug:
svg-block
Installations
2,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.1.20
Severity Score:
Medium
CVE:
2024-4269
The vulnerability has been patched, so you should update to version 1.1.20.

Web and WooCommerce Addons for WPBakery Builder

Plugin:
Web and WooCommerce Addons for WPBakery Builder
Plugin Slug:
vc-addons-by-bit14
Installations
2,000+
Vulnerability:
Broken Access Control
Patched in Version:
1.4.6
Severity Score:
Medium
CVE:
2024-6579
The vulnerability has been patched, so you should update to version 1.4.6.

Product Table by WBW

Plugin:
Product Table by WBW
Plugin Slug:
woo-product-tables
Installations
2,000+
Vulnerability:
Remote Code Execution (RCE)
Patched in Version:
2.0.2
Severity Score:
Critical
CVE:
2024-6365
The vulnerability has been patched, so you should update to version 2.0.2.

Blog, Posts and Category Filter for Elementor

Plugin:
Blog, Posts and Category Filter for Elementor
Plugin Slug:
blog-posts-and-category-for-elementor
Installations
1,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.0.0
Severity Score:
Medium
CVE:
2024-4667
The vulnerability has been patched, so you should update to version 2.0.0.

Bradmax Player

Plugin:
Bradmax Player
Plugin Slug:
bradmax-player
Installations
1,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.1.28
Severity Score:
Medium
CVE:
2024-37957
The vulnerability has been patched, so you should update to version 1.1.28.

CM Email Registration Blacklist and Whitelist

Plugin:
CM Email Registration Blacklist and Whitelist
Plugin Slug:
cm-email-blacklist
Installations
1,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
1.4.9
Severity Score:
Medium
CVE:
2024-5167
The vulnerability has been patched, so you should update to version 1.4.9.

WP Fast Total Search – The Power of Indexed Search

Plugin:
WP Fast Total Search – The Power of Indexed Search
Plugin Slug:
fulltext-search
Installations
1,000+
Vulnerability:
Broken Access Control
Patched in Version:
1.69.234
Severity Score:
Medium
CVE:
2024-38714
The vulnerability has been patched, so you should update to version 1.69.234.

GD Rating System

Plugin:
GD Rating System
Plugin Slug:
gd-rating-system
Installations
1,000+
Vulnerability:
Local File Inclusion
Patched in Version:
3.6.1
Severity Score:
Medium
CVE:
2024-38709
The vulnerability has been patched, so you should update to version 3.6.1.

Gravity Forms: Multiple Form Instances

Plugin:
Gravity Forms: Multiple Form Instances
Plugin Slug:
gravity-forms-multiple-form-instances
Installations
1,000+
Vulnerability:
Full Path Disclosure (FPD)
Patched in Version:
1.1.2
Severity Score:
Medium
CVE:
2024-6550
The vulnerability has been patched, so you should update to version 1.1.2.

Quotes and Tips by BestWebSoft

Plugin:
Quotes and Tips by BestWebSoft
Plugin Slug:
quotes-and-tips
Installations
1,000+
Vulnerability:
Arbitrary File Upload
Patched in Version:
1.45
Severity Score:
Critical
CVE:
2024-3112
The vulnerability has been patched, so you should update to version 1.45.

Image Optimizer, Resizer and CDN – Sirv

Plugin:
Image Optimizer, Resizer and CDN – Sirv
Plugin Slug:
sirv
Installations
1,000+
Vulnerability:
Broken Access Control
Patched in Version:
7.2.8
Severity Score:
Medium
CVE:
2024-6392
The vulnerability has been patched, so you should update to version 7.2.8.

Squelch Tabs and Accordions Shortcodes

Plugin:
Squelch Tabs and Accordions Shortcodes
Plugin Slug:
squelch-tabs-and-accordions-shortcodes
Installations
1,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
0.4.9
Severity Score:
Medium
CVE:
2024-5946
The vulnerability has been patched, so you should update to version 0.4.9.

Team Manager – WordPress Showcase Team Members

Plugin:
Team Manager – WordPress Showcase Team Members
Plugin Slug:
wp-team-manager
Installations
1,000+
Vulnerability:
Local File Inclusion
Patched in Version:
2.1.13
Severity Score:
Medium
CVE:
2024-38704
The vulnerability has been patched, so you should update to version 2.1.13.

WPBITS Addons For Elementor Page Builder

Plugin:
WPBITS Addons For Elementor Page Builder
Plugin Slug:
wpbits-addons-for-elementor
Installations
1,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.5.1
Severity Score:
Medium
CVE:
2024-37945
The vulnerability has been patched, so you should update to version 1.5.1.

WPBITS Addons For Elementor Page Builder

Plugin:
WPBITS Addons For Elementor Page Builder
Plugin Slug:
wpbits-addons-for-elementor
Installations
1,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.5.1
Severity Score:
Medium
CVE:
2024-4862
The vulnerability has been patched, so you should update to version 1.5.1.

Barcode Scanner and Inventory manager. POS (Point of Sale) – scan barcodes & create orders with barcode reader.

Plugin:
Barcode Scanner and Inventory manager. POS (Point of Sale) – scan barcodes & create orders with barcode reader.
Plugin Slug:
barcode-scanner-lite-pos-to-manage-products-inventory-and-orders
Installations
800+
Vulnerability:
SQL Injection
Patched in Version:
1.6.2
Severity Score:
High
CVE:
2024-38708
The vulnerability has been patched, so you should update to version 1.6.2.

DN Footer Contacts

Plugin:
DN Footer Contacts
Plugin Slug:
dn-footer-contacts
Installations
200+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.6.3
Severity Score:
Medium
CVE:
2024-3410
The vulnerability has been patched, so you should update to version 1.6.3.

Smart Image Gallery

Plugin:
Smart Image Gallery
Plugin Slug:
photoshow
Installations
200+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
1.0.19
Severity Score:
Medium
CVE:
2024-3632
The vulnerability has been patched, so you should update to version 1.0.19.

Tournamatch

Plugin:
Tournamatch
Plugin Slug:
tournamatch
Installations
200+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
4.6.1
Severity Score:
Medium
CVE:
2024-5644
The vulnerability has been patched, so you should update to version 4.6.1.

Tournamatch

Plugin:
Tournamatch
Plugin Slug:
tournamatch
Installations
200+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
4.6.1
Severity Score:
Medium
CVE:
2024-5627
The vulnerability has been patched, so you should update to version 4.6.1.

Bug Library

Plugin:
Bug Library
Plugin Slug:
bug-library
Installations
100+
Vulnerability:
Remote Code Execution (RCE)
Patched in Version:
2.1.1
Severity Score:
Critical
CVE:
2024-5450
The vulnerability has been patched, so you should update to version 2.1.1.

Embed Peertube Playlist

Plugin:
Embed Peertube Playlist
Plugin Slug:
embed-peertube-playlist
Installations
100+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.10
Severity Score:
Medium
CVE:
2024-4602
The vulnerability has been patched, so you should update to version 1.10.

Website Content in Page or Post

Plugin:
Website Content in Page or Post
Plugin Slug:
show-website-content-in-wordpress-page-or-post
Installations
100+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2024.04.09
Severity Score:
Medium
CVE:
2024-2430
The vulnerability has been patched, so you should update to version 2024.04.09.

Hostel

Plugin:
Hostel
Plugin Slug:
hostel
Installations
70+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.1.5.3
Severity Score:
High
CVE:
2024-3753
The vulnerability has been patched, so you should update to version 1.1.5.3.

OpenPGP Form Encryption for WordPress

Plugin:
OpenPGP Form Encryption for WordPress
Plugin Slug:
openpgp-form-encryption
Installations
50+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.5.1
Severity Score:
Medium
CVE:
2024-3919
The vulnerability has been patched, so you should update to version 1.5.1.

SULly

Plugin:
SULly
Plugin Slug:
sully
Installations
30+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
4.3.1
Severity Score:
Medium
CVE:
2024-5151
The vulnerability has been patched, so you should update to version 4.3.1.

SULly

Plugin:
SULly
Plugin Slug:
sully
Installations
30+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
4.3.1
Severity Score:
Medium
CVE:
2024-5034
The vulnerability has been patched, so you should update to version 4.3.1.

SULly

Plugin:
SULly
Plugin Slug:
sully
Installations
30+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
4.3.1
Severity Score:
High
CVE:
2024-5033
The vulnerability has been patched, so you should update to version 4.3.1.

SULly

Plugin:
SULly
Plugin Slug:
sully
Installations
30+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
4.3.1
Severity Score:
High
CVE:
2024-5032
The vulnerability has been patched, so you should update to version 4.3.1.

Simple Video Directory

Plugin:
Simple Video Directory
Plugin Slug:
simple-media-directory
Installations
10+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.4.4
Severity Score:
Medium
CVE:
2024-5811
The vulnerability has been patched, so you should update to version 1.4.4.

BSK PDF Manager

Plugin:
BSK PDF Manager
Plugin Slug:
bsk-pdf-manager
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
3.6.1
Severity Score:
Medium
CVE:
2024-38767
The vulnerability has been patched, so you should update to version 3.6.1.

Contact Form 7 Summary and Print

Plugin:
Contact Form 7 Summary and Print
Plugin Slug:
cf7-summary-and-print
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
1.2.6
Severity Score:
High
CVE:
2024-38724
The vulnerability has been patched, so you should update to version 1.2.6.

EventON

Plugin:
EventON
Plugin Slug:
eventon-lite
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.2.15
Severity Score:
Medium
CVE:
2024-4752
The vulnerability has been patched, so you should update to version 2.2.15.

File Manager Advanced Shortcode

Plugin:
File Manager Advanced Shortcode
Plugin Slug:
file-manager-advanced-shortcode
Vulnerability:
Directory Traversal
Patched in Version:
2.4.1
Severity Score:
High
CVE:
2023-7062
The vulnerability has been patched, so you should update to version 2.4.1.

Houzez CRM

Plugin:
Houzez CRM
Plugin Slug:
houzez-crm
Vulnerability:
SQL Injection
Patched in Version:
1.4.3
Severity Score:
High
CVE:
2024-5792
The vulnerability has been patched, so you should update to version 1.4.3.

Houzez Theme – Functionality

Plugin:
Houzez Theme – Functionality
Plugin Slug:
houzez-theme-functionality
Vulnerability:
SQL Injection
Patched in Version:
3.2.3
Severity Score:
High
CVE:
2024-5793
The vulnerability has been patched, so you should update to version 3.2.3.

Calendar.online / Kalender.digital

Plugin:
Calendar.online / Kalender.digital
Plugin Slug:
kalender-digital
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.0.9
Severity Score:
Medium
CVE:
2024-38678
The vulnerability has been patched, so you should update to version 1.0.9.

Modern Events Calendar

Plugin:
Modern Events Calendar
Plugin Slug:
modern-events-calendar
Vulnerability:
Arbitrary File Upload
Patched in Version:
7.12.0
Severity Score:
High
CVE:
2024-5441
The vulnerability has been patched, so you should update to version 7.12.0.

Modern Events Calendar Lite

Plugin:
Modern Events Calendar Lite
Plugin Slug:
modern-events-calendar-lite
Vulnerability:
Arbitrary File Upload
Patched in Version:
7.12.0
Severity Score:
High
CVE:
2024-5441
The vulnerability has been patched, so you should update to version 7.12.0.

Moloni

Plugin:
Moloni
Plugin Slug:
moloni
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
4.8.0
Severity Score:
High
CVE:
2024-38694
The vulnerability has been patched, so you should update to version 4.8.0.

PayPlus Payment Gateway

Plugin:
PayPlus Payment Gateway
Plugin Slug:
payplus-payment-gateway
Vulnerability:
SQL Injection
Patched in Version:
7.0.8
Severity Score:
High
CVE:
2024-37564
The vulnerability has been patched, so you should update to version 7.0.8.

ReDi Restaurant Reservation

Plugin:
ReDi Restaurant Reservation
Plugin Slug:
redi-restaurant-reservation
Vulnerability:
Broken Access Control
Patched in Version:
24.0712
Severity Score:
Medium
CVE:
2024-38737
The vulnerability has been patched, so you should update to version 24.0712.

Seraphinite Accelerator (Full, premium)

Plugin:
Seraphinite Accelerator (Full, premium)
Plugin Slug:
seraphinite-accelerator-ext
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
2.21.13.1
Severity Score:
High
CVE:
2024-37940
The vulnerability has been patched, so you should update to version 2.21.13.1.

Shortcodes Ultimate Pro

Plugin:
Shortcodes Ultimate Pro
Plugin Slug:
shortcodes-ultimate-pro
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
7.1.5
Severity Score:
Medium
CVE:
2024-4217
The vulnerability has been patched, so you should update to version 7.1.5.

FormFlow: WhatsApp & Social Form Builder for Leads

Plugin:
FormFlow: WhatsApp & Social Form Builder for Leads
Plugin Slug:
simple-form
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.12.2
Severity Score:
Medium
CVE:
2024-3113
The vulnerability has been patched, so you should update to version 2.12.2.

Swift Framework Page Builder

Plugin:
Swift Framework Page Builder
Plugin Slug:
socialdriver-framework
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2024.04.30
Severity Score:
High
CVE:
2024-2870
The vulnerability has been patched, so you should update to version 2024.04.30.

Swift Framework Page Builder

Plugin:
Swift Framework Page Builder
Plugin Slug:
socialdriver-framework
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2024.04.30
Severity Score:
Medium
CVE:
2024-2696
The vulnerability has been patched, so you should update to version 2024.04.30.

Uncanny Automator Pro

Plugin:
Uncanny Automator Pro
Plugin Slug:
uncanny-automator-pro
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
5.3.0.1
Severity Score:
High
CVE:
2024-37117
The vulnerability has been patched, so you should update to version 5.3.0.1.

Affiliate Manager

Plugin:
Affiliate Manager
Plugin Slug:
wp-affiliate-platform
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
6.5.1
Severity Score:
Medium
CVE:
2024-5287
The vulnerability has been patched, so you should update to version 6.5.1.

Affiliate Manager

Plugin:
Affiliate Manager
Plugin Slug:
wp-affiliate-platform
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
6.5.1
Severity Score:
High
CVE:
2024-5284
The vulnerability has been patched, so you should update to version 6.5.1.

Affiliate Manager

Plugin:
Affiliate Manager
Plugin Slug:
wp-affiliate-platform
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
6.5.1
Severity Score:
High
CVE:
2024-5280
The vulnerability has been patched, so you should update to version 6.5.1.

WP eStore

Plugin:
WP eStore
Plugin Slug:
wp-cart-for-digital-products
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
8.5.5
Severity Score:
Medium
CVE:
2024-6075
The vulnerability has been patched, so you should update to version 8.5.5.

WP eStore

Plugin:
WP eStore
Plugin Slug:
wp-cart-for-digital-products
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
8.5.5
Severity Score:
High
CVE:
2024-6072
The vulnerability has been patched, so you should update to version 8.5.5.

WP eMember

Plugin:
WP eMember
Plugin Slug:
wp-eMember
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
10.6.7
Severity Score:
High
CVE:
2024-5715
The vulnerability has been patched, so you should update to version 10.6.7.

WP eMember

Plugin:
WP eMember
Plugin Slug:
wp-eMember
Vulnerability:
Arbitrary File Upload
Patched in Version:
10.6.6
Severity Score:
Medium
CVE:
2024-5080
The vulnerability has been patched, so you should update to version 10.6.6.

WP eMember

Plugin:
WP eMember
Plugin Slug:
wp-eMember
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
10.6.7
Severity Score:
High
CVE:
2024-5079
The vulnerability has been patched, so you should update to version 10.6.7.

WP eMember

Plugin:
WP eMember
Plugin Slug:
wp-eMember
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
10.6.6
Severity Score:
High
CVE:
2024-5077
The vulnerability has been patched, so you should update to version 10.6.6.

WP eMember

Plugin:
WP eMember
Plugin Slug:
wp-eMember
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
10.6.6
Severity Score:
Medium
CVE:
2024-5076
The vulnerability has been patched, so you should update to version 10.6.6.

WP eMember

Plugin:
WP eMember
Plugin Slug:
wp-eMember
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
10.6.6
Severity Score:
High
CVE:
2024-5074
The vulnerability has been patched, so you should update to version 10.6.6.

WP GoToWebinar

Plugin:
WP GoToWebinar
Plugin Slug:
wp-gotowebinar
Vulnerability:
Broken Access Control
Patched in Version:
15.7
Severity Score:
Medium
CVE:
2024-38695
The vulnerability has been patched, so you should update to version 15.7.

Zephyr Project Manager

Plugin:
Zephyr Project Manager
Plugin Slug:
zephyr-project-manager
Vulnerability:
Sensitive Data Exposure
Patched in Version:
3.3.100
Severity Score:
High
CVE:
2024-38761
The vulnerability has been patched, so you should update to version 3.3.100.

WordPress Themes — 1 Patched / 14 Unpatched

Oceanic

Theme:
Oceanic
Theme Slug:
oceanic
Downloads
88,451
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-38765
The vulnerability has not been patched. You should switch themes.

OnePress

Theme:
OnePress
Theme Slug:
onepress
Downloads
2,266,939
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-38739
The vulnerability has not been patched. You should switch themes.

Popularis Verse

Theme:
Popularis Verse
Theme Slug:
popularis-verse
Downloads
22,912
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-38763
The vulnerability has not been patched. You should switch themes.

Responsive Mobile

Theme:
Responsive Mobile
Theme Slug:
responsive-mobile
Downloads
240,681
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-37949
The vulnerability has not been patched. You should switch themes.

counterpoint

Theme:
counterpoint
Theme Slug:
counterpoint
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-37559
The vulnerability has not been patched. You should switch themes.

i-amaze

Theme:
i-amaze
Theme Slug:
i-amaze
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-38731
The vulnerability has not been patched. You should switch themes.

i-transform

Theme:
i-transform
Theme Slug:
i-transform
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-38764
The vulnerability has not been patched. You should switch themes.

Jobmonster

Theme:
Jobmonster
Theme Slug:
noo-jobmonster
Vulnerability:
Arbitrary File Deletion
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-37928
The vulnerability has not been patched. You should switch themes.

Jobmonster

Theme:
Jobmonster
Theme Slug:
noo-jobmonster
Vulnerability:
Privilege Escalation
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2024-37927
The vulnerability has not been patched. You should switch themes.

Patricia Blog

Theme:
Patricia Blog
Theme Slug:
patricia-blog
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-38732
The vulnerability has not been patched. You should switch themes.

Patricia Lite

Theme:
Patricia Lite
Theme Slug:
patricia-lite
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-37939
The vulnerability has not been patched. You should switch themes.

Point

Theme:
Point
Theme Slug:
point
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-37931
The vulnerability has not been patched. You should switch themes.

SmartMag

Theme:
SmartMag
Theme Slug:
smartmag-responsive-retina-wordpress-magazine
Vulnerability:
Multiple Vulnerabilities
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-37930
The vulnerability has not been patched. You should switch themes.

SociallyViral

Theme:
SociallyViral
Theme Slug:
sociallyviral
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-37938
The vulnerability has not been patched. You should switch themes.

BuddyBoss Theme

Theme:
BuddyBoss Theme
Theme Slug:
buddyboss-theme
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
2.5.01
Severity Score:
Medium
CVE:
2024-37925
The vulnerability has been patched, so you should update to version 2.5.01.

Solid Security is part of Solid Suite — The best foundation for WordPress websites.

Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!

Get Solid Security

Author:

Sarah

Sarah has been with StellarWP since 2024. As our marketing generalist, she spends her day writing content and completing projects for SolidWP, LearnDash, and The Events Calendar. In her free time, Sarah can be found playing pickleball, enjoying coffee at a local coffee shop, and spending time with her husband.

Browse all of Sarah's articles

Author:

Sarah

Sarah has been with StellarWP since 2024. As our marketing generalist, she spends her day writing content and completing projects for SolidWP, LearnDash, and The Events Calendar. In her free time, Sarah can be found playing pickleball, enjoying coffee at a local coffee shop, and spending time with her husband.

Browse all of Sarah's articles