In this report, 194 vulnerabilities have been publicly disclosed. Security patches for 100 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.
Additionally, there are 94 plugin and themes vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.
WordPress Core
WordPress 6.5.5 is now available! This release features three security fixes. Because this is a security release, it is recommended that you update your sites immediately. This minor release also includes 3 bug fixes in Core.
WordPress Plugins — 85 Patched / 91 Unpatched
Custom Field Suite
- Plugin:
- Custom Field Suite
- Plugin Slug:
- custom-field-suite
- Installations
- 50,000+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-3562
Custom Field Suite
- Plugin:
- Custom Field Suite
- Plugin Slug:
- custom-field-suite
- Installations
- 50,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-3561
Custom Field Suite
- Plugin:
- Custom Field Suite
- Plugin Slug:
- custom-field-suite
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-3558
Academy LMS – eLearning and online course solution for WordPress
- Plugin Slug:
- academy
- Installations
- 1,000+
- Vulnerability:
- Open Redirection
- Patched in Version:
- No Fix
- Severity Score:
- Low
- CVE:
- 2024-37234
Ultimate Custom Add To Cart Button (Ajax) For WooCommerce by Binary Carpenter
- Plugin Slug:
- custom-add-to-cart-button-for-woocommerce
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-37202
Event Monster – Event Management, Tickets Booking, Upcoming Event
- Plugin Slug:
- event-monster
- Installations
- 1,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-5059
My Favorites
- Plugin:
- My Favorites
- Plugin Slug:
- my-favorites
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-37114
Optinly – Exit Intent, Newsletter Popups, Gamification & Opt-in Forms
- Plugin Slug:
- optinly
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-37220
Zoho Marketing Automation
- Plugin:
- Zoho Marketing Automation
- Plugin Slug:
- zoho-marketinghub
- Installations
- 1,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-37225
Accordions
- Plugin:
- Accordions
- Plugin Slug:
- accordions-or-faqs
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-37122
Ali2Woo Lite
- Plugin:
- Ali2Woo Lite
- Plugin Slug:
- ali2woo-lite
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-37214
Ali2Woo Lite
- Plugin:
- Ali2Woo Lite
- Plugin Slug:
- ali2woo-lite
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-37213
Ali2Woo Lite
- Plugin:
- Ali2Woo Lite
- Plugin Slug:
- ali2woo-lite
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-37212
Ali2Woo Lite
- Plugin:
- Ali2Woo Lite
- Plugin Slug:
- ali2woo-lite
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-37211
Ali2Woo Lite
- Plugin:
- Ali2Woo Lite
- Plugin Slug:
- ali2woo-lite
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-37210
Ali2Woo Lite
- Plugin:
- Ali2Woo Lite
- Plugin Slug:
- ali2woo-lite
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-4450
Ali2Woo Lite
- Plugin:
- Ali2Woo Lite
- Plugin Slug:
- ali2woo-lite
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-2381
Bible Text
- Plugin:
- Bible Text
- Plugin Slug:
- bible-text
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-5444
Blogmentor – Blog Layouts for Elementor
- Plugin:
- Blogmentor – Blog Layouts for Elementor
- Plugin Slug:
- blogmentor
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-37229
Blogmentor – Blog Layouts for Elementor
- Plugin:
- Blogmentor – Blog Layouts for Elementor
- Plugin Slug:
- blogmentor
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-4623
Scheduling Plugin – Online Booking for WordPress
- Plugin:
- Scheduling Plugin – Online Booking for WordPress
- Plugin Slug:
- calendar-booking
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-1634
CB (legacy)
- Plugin:
- CB (legacy)
- Plugin Slug:
- commons-booking
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-4382
CB (legacy)
- Plugin:
- CB (legacy)
- Plugin Slug:
- commons-booking
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-4381
ContentLock
- Plugin:
- ContentLock
- Plugin Slug:
- contentlock
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-6022
ContentLock
- Plugin:
- ContentLock
- Plugin Slug:
- contentlock
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-6023
ContentLock
- Plugin:
- ContentLock
- Plugin Slug:
- contentlock
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-6024
CSSable Countdown
- Plugin:
- CSSable Countdown
- Plugin Slug:
- cssable-countdown
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-4384
Custom Product List Table
- Plugin:
- Custom Product List Table
- Plugin Slug:
- custom-product-list-table
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-4541
Demo Awesome
- Plugin:
- Demo Awesome
- Plugin Slug:
- demo-awesome
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-37207
Demo Awesome
- Plugin:
- Demo Awesome
- Plugin Slug:
- demo-awesome
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-37206
DImage 360
- Plugin:
- DImage 360
- Plugin Slug:
- dimage-360
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-35774
DOP Shortcodes
- Plugin:
- DOP Shortcodes
- Plugin Slug:
- dop-shortcodes
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-4377
Elegant Themes Icons
- Plugin:
- Elegant Themes Icons
- Plugin Slug:
- elegant-themes-icons
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-37100
EmbedSocial
- Plugin:
- EmbedSocial
- Plugin Slug:
- embedalbum-pro
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-3984
Empty Cart Button for WooCommerce
- Plugin:
- Empty Cart Button for WooCommerce
- Plugin Slug:
- empty-cart-button-for-woocommerce
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-37217
Export WP Page to Static HTML/CSS
- Plugin:
- Export WP Page to Static HTML/CSS
- Plugin Slug:
- export-wp-page-to-static-html
- Vulnerability:
- Open Redirection
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-3597
FS Poster
- Plugin:
- FS Poster
- Plugin Slug:
- fs-poster
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-37237
Universal Slider
- Plugin:
- Universal Slider
- Plugin Slug:
- fusion-slider
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-5649
Kanban Boards for WordPress
- Plugin:
- Kanban Boards for WordPress
- Plugin Slug:
- kanban
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-37226
Kimili Flash Embed
- Plugin:
- Kimili Flash Embed
- Plugin Slug:
- kimili-flash-embed
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-37221
Laybuy Payment Extension for WooCommerce
- Plugin:
- Laybuy Payment Extension for WooCommerce
- Plugin Slug:
- laybuy-gateway-for-woocommerce
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-37203
License Manager for WooCommerce
- Plugin:
- License Manager for WooCommerce
- Plugin Slug:
- license-manager-for-woocommerce
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-1639
Lifeline Donation
- Plugin:
- Lifeline Donation
- Plugin Slug:
- lifeline-donation
- Vulnerability:
- Broken Authentication
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2024-5432
Page Builder: Live Composer
- Plugin:
- Page Builder: Live Composer
- Plugin Slug:
- live-composer-page-builder
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-35780
Page Builder: Live Composer
- Plugin:
- Page Builder: Live Composer
- Plugin Slug:
- live-composer-page-builder
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-35779
Page Builder: Live Composer
- Plugin:
- Page Builder: Live Composer
- Plugin Slug:
- live-composer-page-builder
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-35768
Master Slider
- Plugin:
- Master Slider
- Plugin Slug:
- master-slider
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-37222
Master Slider
- Plugin:
- Master Slider
- Plugin Slug:
- master-slider
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-50900
Master Slider
- Plugin:
- Master Slider
- Plugin Slug:
- master-slider
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-4375
MIMO Woocommerce Order Tracking
- Plugin:
- MIMO Woocommerce Order Tracking
- Plugin Slug:
- mimo-woocommerce-order-tracking
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-5768
Restaurant Reservations
- Plugin:
- Restaurant Reservations
- Plugin Slug:
- nd-restaurant-reservations
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-37223
WordPress Picture / Portfolio / Media Gallery
- Plugin:
- WordPress Picture / Portfolio / Media Gallery
- Plugin Slug:
- nimble-portfolio
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-5021
OSM Map Widget for Elementor
- Plugin:
- OSM Map Widget for Elementor
- Plugin Slug:
- osm-map-elementor
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-4663
Page Builder Sandwich – Front-End Page Builder
- Plugin:
- Page Builder Sandwich – Front-End Page Builder
- Plugin Slug:
- page-builder-sandwich
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-37219
Page Builder Sandwich – Front-End Page Builder
- Plugin:
- Page Builder Sandwich – Front-End Page Builder
- Plugin Slug:
- page-builder-sandwich
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-37219
Page Builder Sandwich – Front-End Page Builder
- Plugin:
- Page Builder Sandwich – Front-End Page Builder
- Plugin Slug:
- page-builder-sandwich
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-37218
PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode
- Plugin:
- PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode
- Plugin Slug:
- paypal-pay-buy-donation-and-cart-buttons-shortcode
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-5448
PDF Viewer for Elementor
- Plugin:
- PDF Viewer for Elementor
- Plugin Slug:
- pdf-viewer-for-elementor
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-0845
Photo Video Gallery Master
- Plugin:
- Photo Video Gallery Master
- Plugin Slug:
- photo-video-gallery-master
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-5724
phpinfo() WP
- Plugin:
- phpinfo() WP
- Plugin Slug:
- phpinfo-wp
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-35776
Play.ht
- Plugin:
- Play.ht
- Plugin Slug:
- play-ht
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-37233
Promolayer
- Plugin:
- Promolayer
- Plugin Slug:
- promolayer-popup-builder
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-3602
Replace Image
- Plugin:
- Replace Image
- Plugin Slug:
- replace-image
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-4873
Shortcode Addons
- Plugin:
- Shortcode Addons
- Plugin Slug:
- shortcode-addons
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-37121
Sketchfab Embed
- Plugin:
- Sketchfab Embed
- Plugin Slug:
- sketchfab-oembed
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-37216
Slideshow SE
- Plugin:
- Slideshow SE
- Plugin Slug:
- slideshow-se
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-35778
Slideshow SE
- Plugin:
- Slideshow SE
- Plugin Slug:
- slideshow-se
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-35769
SP Project & Document Manager
- Plugin:
- SP Project & Document Manager
- Plugin Slug:
- sp-client-document-manager
- Vulnerability:
- Directory Traversal
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-37224
Transition Slider – Responsive Image Slider and Gallery
- Plugin:
- Transition Slider – Responsive Image Slider and Gallery
- Plugin Slug:
- transition-slider-lite
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-37215
User Rights Access Manager
- Plugin:
- User Rights Access Manager
- Plugin Slug:
- user-rights-access-manager
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-37209
Tabs
- Plugin:
- Tabs
- Plugin Slug:
- vc-tabs
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-37120
Wheel of Life
- Plugin:
- Wheel of Life
- Plugin Slug:
- wheel-of-life
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-3627
WishList Member X
- Plugin:
- WishList Member X
- Plugin Slug:
- wishlist-member-x
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2024-37113
WishList Member X
- Plugin:
- WishList Member X
- Plugin Slug:
- wishlist-member-x
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2024-37112
WishList Member X
- Plugin:
- WishList Member X
- Plugin Slug:
- wishlist-member-x
- Vulnerability:
- Denial of Service Attack
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-37111
WishList Member X
- Plugin:
- WishList Member X
- Plugin Slug:
- wishlist-member-x
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-37110
WishList Member X
- Plugin:
- WishList Member X
- Plugin Slug:
- wishlist-member-x
- Vulnerability:
- Arbitrary Code Execution
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2024-37109
WishList Member X
- Plugin:
- WishList Member X
- Plugin Slug:
- wishlist-member-x
- Vulnerability:
- Arbitrary File Deletion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-37108
WishList Member X
- Plugin:
- WishList Member X
- Plugin Slug:
- wishlist-member-x
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-37107
WishList Member X
- Plugin:
- WishList Member X
- Plugin Slug:
- wishlist-member-x
- Vulnerability:
- Settings Change
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-37106
Woocommerce Customers Order History
- Plugin:
- Woocommerce Customers Order History
- Plugin Slug:
- woo-customers-order-history
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-37201
Word Balloon
- Plugin:
- Word Balloon
- Plugin Slug:
- word-balloon
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-35781
WP Blog Post Layouts
- Plugin:
- WP Blog Post Layouts
- Plugin Slug:
- wp-blog-post-layouts
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-5503
WP Hotel Booking
- Plugin:
- WP Hotel Booking
- Plugin Slug:
- wp-hotel-booking
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2024-3605
WP Logs Book
- Plugin:
- WP Logs Book
- Plugin Slug:
- wp-logs-book
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-4477
WP Logs Book
- Plugin:
- WP Logs Book
- Plugin Slug:
- wp-logs-book
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-4474
Pexels: Free Stock Photos
- Plugin:
- Pexels: Free Stock Photos
- Plugin Slug:
- wp-pexels-free-stock-photos
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-6132
WP Scraper
- Plugin:
- WP Scraper
- Plugin Slug:
- wp-scraper
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-37208
Widget Bundle
- Plugin:
- Widget Bundle
- Plugin Slug:
- wp-widget-bundle
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-4970
Widget Bundle
- Plugin:
- Widget Bundle
- Plugin Slug:
- wp-widget-bundle
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-4969
Widget Bundle
- Plugin:
- Widget Bundle
- Plugin Slug:
- wp-widget-bundle
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-4616
Loco Translate
- Plugin:
- Loco Translate
- Plugin Slug:
- loco-translate
- Installations
- 1,000,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.6.10
- Severity Score:
- Medium
- CVE:
- 2024-37236
Smush Image Optimization – Optimize Images | Compress & Lazy Load Images | Convert WebP | Image CDN
- Plugin:
- Smush Image Optimization – Optimize Images | Compress & Lazy Load Images | Convert WebP | Image CDN
- Plugin Slug:
- wp-smushit
- Installations
- 1,000,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.16.5
- Severity Score:
- Medium
- CVE:
- 2023-3352
Solid Security – Password, Two Factor Authentication, and Brute Force Protection
- Plugin Slug:
- better-wp-security
- Installations
- 900,000+
- Vulnerability:
- Denial of Service Attack
- Patched in Version:
- 9.3.2
- Severity Score:
- Low
- CVE:
- 2022-44593
SiteGuard WP Plugin
- Plugin:
- SiteGuard WP Plugin
- Plugin Slug:
- siteguard
- Installations
- 500,000+
- Vulnerability:
- Bypass Vulnerability
- Patched in Version:
- 1.7.7
- Severity Score:
- Medium
- CVE:
- 2024-37881
SEOPress – On-site SEO
- Plugin:
- SEOPress – On-site SEO
- Plugin Slug:
- wp-seopress
- Installations
- 300,000+
- Vulnerability:
- Open Redirection
- Patched in Version:
- 7.8
- Severity Score:
- Medium
- CVE:
- 2024-4900
SEOPress – On-site SEO
- Plugin:
- SEOPress – On-site SEO
- Plugin Slug:
- wp-seopress
- Installations
- 300,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 7.8
- Severity Score:
- Medium
- CVE:
- 2024-4899
SEOPress – On-site SEO
- Plugin:
- SEOPress – On-site SEO
- Plugin Slug:
- wp-seopress
- Installations
- 300,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 7.9.1
- Severity Score:
- Medium
- CVE:
- 2024-1168
WooCommerce Checkout & Funnel Builder by CartFlows – Create High Converting Stores For WooCommerce
- Plugin:
- WooCommerce Checkout & Funnel Builder by CartFlows – Create High Converting Stores For WooCommerce
- Plugin Slug:
- cartflows
- Installations
- 200,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.0.8
- Severity Score:
- Medium
- CVE:
- 2024-4632
Orbit Fox by ThemeIsle
- Plugin:
- Orbit Fox by ThemeIsle
- Plugin Slug:
- themeisle-companion
- Installations
- 200,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.10.35
- Severity Score:
- Medium
- CVE:
- 2024-2484
Gallery Plugin for WordPress – Envira Photo Gallery
- Plugin Slug:
- envira-gallery-lite
- Installations
- 100,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.8.8
- Severity Score:
- Medium
- CVE:
- 2024-37095
Defender Security – Malware Scanner, Login Security & Firewall
- Plugin Slug:
- defender-security
- Installations
- 90,000+
- Vulnerability:
- Broken Authentication
- Patched in Version:
- 3.3.3
- Severity Score:
- Medium
- CVE:
- 2022-44581
Slider & Popup Builder by Depicter – Add Image Slider, Carousel Slider, Exit Intent Popup, Popup Modal, Coupon Popup, Post Slider Carousel
- Plugin Slug:
- depicter
- Installations
- 90,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.1.0
- Severity Score:
- Medium
- CVE:
- 2024-4390
Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce
- Plugin Slug:
- email-subscribers
- Installations
- 90,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 5.7.24
- Severity Score:
- Critical
- CVE:
- 2024-5756
Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions
- Plugin Slug:
- paid-memberships-pro
- Installations
- 90,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 3.0
- Severity Score:
- Medium
- CVE:
- 2024-1407
Media Library Assistant
- Plugin:
- Media Library Assistant
- Plugin Slug:
- media-library-assistant
- Installations
- 70,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 3.17
- Severity Score:
- High
- CVE:
- 2024-5605
Booking for Appointments and Events Calendar – Amelia
- Plugin Slug:
- ameliabooking
- Installations
- 60,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.1.6
- Severity Score:
- Medium
- CVE:
- 2024-6225
User Profile Picture
- Plugin:
- User Profile Picture
- Plugin Slug:
- metronet-profile-picture
- Installations
- 60,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.6.2
- Severity Score:
- Medium
- CVE:
- 2024-5639
WP 2FA – Two-factor authentication for WordPress
- Plugin Slug:
- wp-2fa
- Installations
- 60,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 2.6.4
- Severity Score:
- Medium
- CVE:
- 2022-44587
ConvertKit – Email Newsletter, Email Marketing, Subscribers and Landing Pages
- Plugin Slug:
- convertkit
- Installations
- 50,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.4.9.1
- Severity Score:
- Medium
- CVE:
- 2024-3961
Photo Gallery, Images, Slider in Rbs Image Gallery
- Plugin Slug:
- robo-gallery
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.2.20
- Severity Score:
- Medium
- CVE:
- 2024-3894
Photo Gallery, Images, Slider in Rbs Image Gallery
- Plugin Slug:
- robo-gallery
- Installations
- 50,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 3.2.20
- Severity Score:
- Medium
- CVE:
- 2024-5343
Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates)
- Plugin Slug:
- sina-extension-for-elementor
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.5.5
- Severity Score:
- Medium
- CVE:
- 2024-5036
Ultimate Blocks – WordPress Blocks Plugin
- Plugin Slug:
- ultimate-blocks
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.1.1
- Severity Score:
- Medium
- CVE:
- 2023-6692
WP Maintenance
- Plugin:
- WP Maintenance
- Plugin Slug:
- wp-maintenance
- Installations
- 50,000+
- Vulnerability:
- Bypass Vulnerability
- Patched in Version:
- 6.1.9.3
- Severity Score:
- Medium
- CVE:
- 2024-0789
Popup Box – Create Countdown, Coupon, Video, Contact Form Popups
- Plugin Slug:
- ays-popup-box
- Installations
- 30,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.5.2
- Severity Score:
- Medium
- CVE:
- 2024-37096
BlossomThemes Email Newsletter
- Plugin:
- BlossomThemes Email Newsletter
- Plugin Slug:
- blossomthemes-email-newsletter
- Installations
- 30,000+
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- 2.2.7
- Severity Score:
- Medium
- CVE:
- 2024-37098
Greenshift – animation and page builder blocks
- Plugin Slug:
- greenshift-animation-and-page-builder-blocks
- Installations
- 30,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 8.9.4
- Severity Score:
- Medium
- CVE:
- 2024-35765
Themify – WooCommerce Product Filter
- Plugin Slug:
- themify-wc-product-filter
- Installations
- 30,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 1.5.0
- Severity Score:
- Critical
- CVE:
- 2024-6027
Hide Dashboard Notifications
- Plugin:
- Hide Dashboard Notifications
- Plugin Slug:
- wp-hide-backed-notices
- Installations
- 30,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.3.1
- Severity Score:
- Medium
- CVE:
- 2024-1955
WP SVG Images
- Plugin:
- WP SVG Images
- Plugin Slug:
- wp-svg-images
- Installations
- 30,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.3
- Severity Score:
- Medium
- CVE:
- 2024-5945
Branda – White Label WordPress, Custom Login Page Customizer
- Plugin Slug:
- branda-white-labeling
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.4.18
- Severity Score:
- Medium
- CVE:
- 2024-5191
Serious Slider
- Plugin:
- Serious Slider
- Plugin Slug:
- cryout-serious-slider
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.2.5
- Severity Score:
- Medium
- CVE:
- 2024-35762
Table Addons for Elementor
- Plugin:
- Table Addons for Elementor
- Plugin Slug:
- table-addons-for-elementor
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.1.3
- Severity Score:
- Medium
- CVE:
- 2024-4313
WPZOOM Addons for Elementor (Templates, Widgets)
- Plugin Slug:
- wpzoom-elementor-addons
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.1.39
- Severity Score:
- Medium
- CVE:
- 2024-5686
Business Directory Plugin – Easy Listing Directories for WordPress
- Plugin Slug:
- business-directory-plugin
- Installations
- 10,000+
- Vulnerability:
- CSV Injection
- Patched in Version:
- 6.4.4
- Severity Score:
- Medium
- CVE:
- 2023-5527
JetWidgets For Elementor
- Plugin:
- JetWidgets For Elementor
- Plugin Slug:
- jetwidgets-for-elementor
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.0.18
- Severity Score:
- Medium
- CVE:
- 2024-4626
MasterStudy LMS WordPress Plugin – for Online Courses and Education
- Plugin Slug:
- masterstudy-lms-learning-management-system
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.2.13
- Severity Score:
- High
- CVE:
- 2024-37094
MasterStudy LMS WordPress Plugin – for Online Courses and Education
- Plugin Slug:
- masterstudy-lms-learning-management-system
- Installations
- 10,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 3.2.2
- Severity Score:
- Medium
- CVE:
- 2024-37093
Sparkle Demo Importer
- Plugin:
- Sparkle Demo Importer
- Plugin Slug:
- sparkle-demo-importer
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.4.8
- Severity Score:
- Medium
- CVE:
- 2024-6120
WP Child Theme Generator
- Plugin:
- WP Child Theme Generator
- Plugin Slug:
- wp-child-theme-generator
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.1.2
- Severity Score:
- Medium
- CVE:
- 2024-3610
Enhance Your Posts with the WP Post Author Box, Co-Authors, Guest Authors, and Post Rating System, including Registration Form Builder
- Plugin Slug:
- wp-post-author
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.6.8
- Severity Score:
- Medium
- CVE:
- 2024-37101
Vimeography: Vimeo Video Gallery WordPress Plugin
- Plugin Slug:
- vimeography
- Installations
- 8,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.4.2
- Severity Score:
- Medium
- CVE:
- 2024-35770
WP Magazine Modules Lite
- Plugin:
- WP Magazine Modules Lite
- Plugin Slug:
- wp-magazine-modules-lite
- Installations
- 7,000+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 1.1.3
- Severity Score:
- High
- CVE:
- 2024-5574
WPAdverts – Classifieds Plugin
- Plugin:
- WPAdverts – Classifieds Plugin
- Plugin Slug:
- wpadverts
- Installations
- 6,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.1.3
- Severity Score:
- Medium
- CVE:
- 2024-37238
Salon Booking System
- Plugin:
- Salon Booking System
- Plugin Slug:
- salon-booking-system
- Installations
- 5,000+
- Vulnerability:
- Arbitrary File Deletion
- Patched in Version:
- 10.0
- Severity Score:
- High
- CVE:
- 2024-37231
Salon Booking System
- Plugin:
- Salon Booking System
- Plugin Slug:
- salon-booking-system
- Installations
- 5,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 10.3
- Severity Score:
- Critical
- CVE:
- 2024-3229
WP Job Portal – A Complete Recruitment System for Company or Job Board website
- Plugin Slug:
- wp-job-portal
- Installations
- 5,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.1.4
- Severity Score:
- Medium
- CVE:
- 2024-35760
WP Job Portal – A Complete Recruitment System for Company or Job Board website
- Plugin Slug:
- wp-job-portal
- Installations
- 5,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.1.4
- Severity Score:
- Medium
- CVE:
- 2024-35759
InstaWP Connect – 1-click WP Staging & Migration
- Plugin Slug:
- instawp-connect
- Installations
- 4,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 0.1.0.39
- Severity Score:
- Critical
- CVE:
- 2024-37228
Tickera – WordPress Event Ticketing
- Plugin Slug:
- tickera-event-ticketing-system
- Installations
- 4,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.5.2.9
- Severity Score:
- Medium
- CVE:
- 2024-5860
MaxGalleria
- Plugin:
- MaxGalleria
- Plugin Slug:
- maxgalleria
- Installations
- 3,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 6.4.5
- Severity Score:
- Medium
- CVE:
- 2024-5970
Newsletters
- Plugin:
- Newsletters
- Plugin Slug:
- newsletters-lite
- Installations
- 3,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 4.9.8
- Severity Score:
- Medium
- CVE:
- 2024-37227
PropertyHive
- Plugin:
- PropertyHive
- Plugin Slug:
- propertyhive
- Installations
- 3,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.0.10
- Severity Score:
- Medium
- CVE:
- 2024-37204
WP-Lister Lite for eBay
- Plugin:
- WP-Lister Lite for eBay
- Plugin Slug:
- wp-lister-for-ebay
- Installations
- 3,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 3.5.9
- Severity Score:
- High
- CVE:
- 2024-24709
affiliate-toolkit – WordPress Affiliate Plugin
- Plugin Slug:
- affiliate-toolkit-starter
- Installations
- 2,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 3.4.5
- Severity Score:
- Medium
- CVE:
- 2024-37205
WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg
- Plugin Slug:
- groundhogg
- Installations
- 2,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 3.4.3
- Severity Score:
- Medium
- CVE:
- 2024-37235
Online Booking & Scheduling Calendar for WordPress by vcita
- Plugin Slug:
- meeting-scheduler-by-vcita
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.4.3
- Severity Score:
- High
- CVE:
- 2024-5791
Online Booking & Scheduling Calendar for WordPress by vcita
- Plugin Slug:
- meeting-scheduler-by-vcita
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.4.1
- Severity Score:
- Medium
- CVE:
- 2024-35761
WP Secure Maintenance
- Plugin:
- WP Secure Maintenance
- Plugin Slug:
- wp-secure-maintainance
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.7
- Severity Score:
- Medium
- CVE:
- 2024-4753
Church Admin
- Plugin:
- Church Admin
- Plugin Slug:
- church-admin
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.4.5
- Severity Score:
- Medium
- CVE:
- 2024-35764
Easy Age Verify
- Plugin:
- Easy Age Verify
- Plugin Slug:
- easy-age-verify
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.8.3
- Severity Score:
- Medium
- CVE:
- 2024-35757
Falang multilanguage for WordPress
- Plugin Slug:
- falang
- Installations
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.3.52
- Severity Score:
- Medium
- CVE:
- 2024-37240
Login with phone number
- Plugin:
- Login with phone number
- Plugin Slug:
- login-with-phone-number
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.7.35
- Severity Score:
- High
- CVE:
- 2024-6125
Newspack Newsletters
- Plugin:
- Newspack Newsletters
- Plugin Slug:
- newspack-newsletters
- Installations
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.13.3
- Severity Score:
- Medium
- CVE:
- 2024-37242
Shariff for WordPress
- Plugin:
- Shariff for WordPress
- Plugin Slug:
- shariff-sharing
- Installations
- 1,000+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 4.6.14
- Severity Score:
- Critical
- CVE:
- 2024-4098
Image Optimizer, Resizer and CDN – Sirv
- Plugin Slug:
- sirv
- Installations
- 1,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 7.2.7
- Severity Score:
- Critical
- CVE:
- 2024-5853
Typing Text
- Plugin:
- Typing Text
- Plugin Slug:
- typing-text
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.2.6
- Severity Score:
- Medium
- CVE:
- 2024-5058
WPPizza – A Restaurant Plugin
- Plugin:
- WPPizza – A Restaurant Plugin
- Plugin Slug:
- wppizza
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.18.14
- Severity Score:
- High
- CVE:
- 2024-35766
Responsive video embed
- Plugin:
- Responsive video embed
- Plugin Slug:
- responsive-video-embed
- Installations
- 900+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 0.5.1
- Severity Score:
- Medium
- CVE:
- 2024-5475
Squeeze
- Plugin:
- Squeeze
- Plugin Slug:
- squeeze
- Installations
- 200+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 1.4.1
- Severity Score:
- Critical
- CVE:
- 2024-35767
Bricks Builder (Premium)
- Plugin:
- Bricks Builder (Premium)
- Plugin Slug:
- bricksbuilder
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- 1.9.9
- Severity Score:
- Medium
- CVE:
- 2024-4874
Consulting Elementor Widgets
- Plugin:
- Consulting Elementor Widgets
- Plugin Slug:
- consulting-elementor-widgets
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 1.3.1
- Severity Score:
- High
- CVE:
- 2024-37092
Consulting Elementor Widgets
- Plugin:
- Consulting Elementor Widgets
- Plugin Slug:
- consulting-elementor-widgets
- Vulnerability:
- Remote Code Execution (RCE)
- Patched in Version:
- 1.3.1
- Severity Score:
- Critical
- CVE:
- 2024-37091
Consulting Elementor Widgets
- Plugin:
- Consulting Elementor Widgets
- Plugin Slug:
- consulting-elementor-widgets
- Vulnerability:
- SQL Injection
- Patched in Version:
- 1.3.1
- Severity Score:
- High
- CVE:
- 2024-37090
Consulting Elementor Widgets
- Plugin:
- Consulting Elementor Widgets
- Plugin Slug:
- consulting-elementor-widgets
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 1.3.1
- Severity Score:
- Critical
- CVE:
- 2024-37089
Cost Calculator Builder Pro
- Plugin:
- Cost Calculator Builder Pro
- Plugin Slug:
- cost-calculator-builder-pro
- Vulnerability:
- Content Spoofing
- Patched in Version:
- 3.1.76
- Severity Score:
- Medium
- CVE:
- 2024-4787
Hercules Core
- Plugin:
- Hercules Core
- Plugin Slug:
- hercules-core
- Vulnerability:
- Settings Change
- Patched in Version:
- 6.7
- Severity Score:
- High
- CVE:
- 2024-37232
Ibtana
- Plugin:
- Ibtana
- Plugin Slug:
- ibtana-visual-editor
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.2.3.4
- Severity Score:
- Medium
- CVE:
- 2024-37123
Ibtana
- Plugin:
- Ibtana
- Plugin Slug:
- ibtana-visual-editor
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.2.3.4
- Severity Score:
- Medium
- CVE:
- 2024-5541
Newspack Blocks
- Plugin:
- Newspack Blocks
- Plugin Slug:
- newspack-blocks
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 3.0.9
- Severity Score:
- High
- CVE:
- 2024-37115
The Plus Addons for Elementor Pro
- Plugin:
- The Plus Addons for Elementor Pro
- Plugin Slug:
- theplus_elementor_addon
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 5.6.0
- Severity Score:
- High
- CVE:
- 2024-5455
The Plus Addons for Elementor Pro
- Plugin:
- The Plus Addons for Elementor Pro
- Plugin Slug:
- theplus_elementor_addon
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.6.0
- Severity Score:
- High
- CVE:
- 2024-5344
Uber Menu
- Plugin:
- Uber Menu
- Plugin Slug:
- ubermenu
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 3.8.4
- Severity Score:
- Medium
- CVE:
- 2024-3593
Shortcodes by United Themes
- Plugin:
- Shortcodes by United Themes
- Plugin Slug:
- ut-shortcodes
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.0.5
- Severity Score:
- High
- CVE:
- 2024-37097
WP Job Manager – Resume Manager
- Plugin:
- WP Job Manager – Resume Manager
- Plugin Slug:
- wp-job-manager-resumes
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.2.0
- Severity Score:
- Medium
- CVE:
- 2024-37241
WordPress Themes — 15 Patched / 3 Unpatched
Sinatra
- Theme:
- Sinatra
- Theme Slug:
- sinatra
- Downloads
- 1,639,897
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-37116
Grey Opaque
- Theme:
- Grey Opaque
- Theme Slug:
- grey-opaque
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-5966
Mosaic
- Theme:
- Mosaic
- Theme Slug:
- mosaic
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-5965
Book Landing Page
- Theme:
- Book Landing Page
- Theme Slug:
- book-landing-page
- Downloads
- 128,701
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.2.4
- Severity Score:
- Medium
- CVE:
- 2024-37230
Chic Lite
- Theme:
- Chic Lite
- Theme Slug:
- chic-lite
- Downloads
- 216,515
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.1.4
- Severity Score:
- Medium
- CVE:
- 2024-37104
Customizr
- Theme:
- Customizr
- Theme Slug:
- customizr
- Downloads
- 4,188,035
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 4.4.22
- Severity Score:
- Medium
- CVE:
- 2024-35771
Digital Newspaper
- Theme:
- Digital Newspaper
- Theme Slug:
- digital-newspaper
- Downloads
- 47,141
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.1.6
- Severity Score:
- Medium
- CVE:
- 2024-37198
Education Zone
- Theme:
- Education Zone
- Theme Slug:
- education-zone
- Downloads
- 444,963
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.3.5
- Severity Score:
- Medium
- CVE:
- 2024-37103
Excellent
- Theme:
- Excellent
- Theme Slug:
- excellent
- Downloads
- 116,583
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.3.0
- Severity Score:
- Medium
- CVE:
- 2024-35763
Hueman
- Theme:
- Hueman
- Theme Slug:
- hueman
- Downloads
- 3,005,399
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 3.7.25
- Severity Score:
- Medium
- CVE:
- 2024-35772
Interface
- Theme:
- Interface
- Theme Slug:
- interface
- Downloads
- 429,855
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.1.1
- Severity Score:
- Medium
- CVE:
- 2024-35758
Materialis
- Theme:
- Materialis
- Theme Slug:
- materialis
- Downloads
- 255,867
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.1.30
- Severity Score:
- Medium
- CVE:
- 2023-3204
Vandana Lite
- Theme:
- Vandana Lite
- Theme Slug:
- vandana-lite
- Downloads
- 117,403
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.2.0
- Severity Score:
- Medium
- CVE:
- 2024-37243
Vilva
- Theme:
- Vilva
- Theme Slug:
- vilva
- Downloads
- 441,200
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.2.3
- Severity Score:
- Medium
- CVE:
- 2024-37102
Divi
- Theme:
- Divi
- Theme Slug:
- divi
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.25.2
- Severity Score:
- Medium
- CVE:
- 2024-5533
Enfold
- Theme:
- Enfold
- Theme Slug:
- enfold
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.6.10
- Severity Score:
- High
- CVE:
- 2024-37199
Flatsome
- Theme:
- Flatsome
- Theme Slug:
- flatsome
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.19.0
- Severity Score:
- Medium
- CVE:
- 2024-5346
Flatsome
- Theme:
- Flatsome
- Theme Slug:
- flatsome
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.19.0
- Severity Score:
- Medium
- CVE:
- 2024-5156
Solid Security is part of Solid Suite — The best foundation for WordPress websites.
Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!
Join us for the next Solid Academy Webinar!
Free weekly webinars that will help you master WordPress and increase your business's bottom line.
What is a WordPress Phishing Attack?
Learn how to identify and prevent phishing attacks on WordPress websites.
Kiki SheldonWebsite Protection: 5 Ways to Keep Your Website Safe
Robust website protection is the shield that stands between your business and relentless cyber attacks. Prioritizing website protection enables businesses to fortify defenses to safeguard their online presence and preserve the trust of their customers in the face of ever-evolving cybersecurity threats.
Kiki Sheldon23 Ideas To Grow Your WordPress Business in 2023
WordPress is the most popular website-building platform worldwide, trusted by numerous brands. WordPress enables you to build a user-friendly and highly reliable site, together with tools and plugins to enhance your marketing and work like a lead magnet. All these features make WordPress the platform chosen by more than 43% of businesses globally.
SolidWP Editorial TeamSign up now — Get SolidWP updates and valuable content straight to your inbox
Sign up
Placeholder text
Placeholder text
Get started with confidence — risk free, guaranteed
