In this report, 128 vulnerabilities have been publicly disclosed. Security patches for 79 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.
Additionally, there are 49 plugin vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.
WordPress Core
WordPress 6.6 Beta 1 was released on June 4, 2024. The scheduled final release date for WordPress 6.6 is July 16, 2024. Your help testing Beta and RC versions over the next six weeks is vital to making sure the final release is everything it should be: stable, powerful, and intuitive.
WordPress Plugins — 78 Patched / 49 Unpatched
Brave – Create Popup, Optins, Lead Generation, Survey, Sticky Elements & Interactive Content
- Plugin:
- Brave – Create Popup, Optins, Lead Generation, Survey, Sticky Elements & Interactive Content
- Plugin Slug:
- brave-popup-builder
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-35655
List categories
- Plugin:
- List categories
- Plugin Slug:
- list-categories
- Installations
- 7,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-4356
Testimonial Carousel For Elementor
- Plugin Slug:
- testimonials-carousel-elementor
- Installations
- 6,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-2253
Insert or Embed Articulate Content into WordPress
- Plugin Slug:
- insert-or-embed-articulate-content-into-wordpress
- Installations
- 3,000+
- Vulnerability:
- Content Injection
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-0756
Simple Spoiler
- Plugin:
- Simple Spoiler
- Plugin Slug:
- simple-spoiler
- Installations
- 3,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-35639
KiviCare – Clinic & Patient Management System (EHR)
- Plugin Slug:
- kivicare-clinic-management-system
- Installations
- 2,000+
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-35659
Random Banner
- Plugin:
- Random Banner
- Plugin Slug:
- random-banner
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-35645
AffiEasy
Playlist for Youtube
- Plugin:
- Playlist for Youtube
- Plugin Slug:
- playlist-for-youtube
- Installations
- 30+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-3937
ActiveDEMAND
- Plugin:
- ActiveDEMAND
- Plugin Slug:
- activedemand
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-35638
Admin Notices Manager
- Plugin:
- Admin Notices Manager
- Plugin Slug:
- admin-notices-manager
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-1717
Authorize.net Payment Gateway For WooCommerce
- Plugin:
- Authorize.net Payment Gateway For WooCommerce
- Plugin Slug:
- authorizenet-payment-gateway-for-woocommerce
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-2382
BuddyForms
- Plugin:
- BuddyForms
- Plugin Slug:
- buddyforms
- Vulnerability:
- Bypass Vulnerability
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-5149
Comparison Slider
- Plugin:
- Comparison Slider
- Plugin Slug:
- comparison-slider
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-4422
Comparison Slider
- Plugin:
- Comparison Slider
- Plugin Slug:
- comparison-slider
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-4427
Comparison Slider
- Plugin:
- Comparison Slider
- Plugin Slug:
- comparison-slider
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-4426
Cowidgets – Elementor Addons
- Plugin:
- Cowidgets – Elementor Addons
- Plugin Slug:
- cowidgets-elementor-addons
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-35782
Download Attachments
- Plugin:
- Download Attachments
- Plugin Slug:
- download-attachments
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-3230
Essential Real Estate
- Plugin:
- Essential Real Estate
- Plugin Slug:
- essential-real-estate
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-4273
Essential Real Estate
- Plugin:
- Essential Real Estate
- Plugin Slug:
- essential-real-estate
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-4274
Fluid Notification Bar
- Plugin:
- Fluid Notification Bar
- Plugin Slug:
- fluid-notification-bar
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-3031
Frontend Registration – Contact Form 7
- Plugin:
- Frontend Registration – Contact Form 7
- Plugin Slug:
- frontend-registration-contact-form-7
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-4870
FS Product Inquiry
- Plugin:
- FS Product Inquiry
- Plugin Slug:
- fs-product-inquiry
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-4857
FS Product Inquiry
- Plugin:
- FS Product Inquiry
- Plugin Slug:
- fs-product-inquiry
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-4856
Gianism
- Plugin:
- Gianism
- Plugin Slug:
- gianism
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-3921
Global Notification Bar
- Plugin:
- Global Notification Bar
- Plugin Slug:
- global-notification-bar
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-35647
Insert Post Ads
- Plugin:
- Insert Post Ads
- Plugin Slug:
- insert-post-ads
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-35665
MJ Update History
- Plugin:
- MJ Update History
- Plugin Slug:
- mj-update-history
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-35671
Nafeza Prayer Time
- Plugin:
- Nafeza Prayer Time
- Plugin Slug:
- nafeza-prayer-time
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-4462
Netgsm
- Plugin:
- Netgsm
- Plugin Slug:
- netgsm
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-35672
QQWorld Auto Save Images
- Plugin:
- QQWorld Auto Save Images
- Plugin Slug:
- qqworld-auto-save-images
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-1324
Remote Content Shortcode
- Plugin:
- Remote Content Shortcode
- Plugin Slug:
- remote-content-shortcode
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-2089
Simple COD Fees for WooCommerce
- Plugin:
- Simple COD Fees for WooCommerce
- Plugin Slug:
- simple-cod-fee-for-woocommerce
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-35662
Smartarget Message Bar
- Plugin:
- Smartarget Message Bar
- Plugin Slug:
- smartarget-message-bar
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-35646
Social Link Pages
- Plugin:
- Social Link Pages
- Plugin Slug:
- social-link-pages
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-3555
Social Login Lite For WooCommerce
- Plugin:
- Social Login Lite For WooCommerce
- Plugin Slug:
- social-login-lite-for-woocommerce
- Vulnerability:
- Broken Authentication
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2024-4552
StopBadBots
- Plugin:
- StopBadBots
- Plugin Slug:
- stopbadbots
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-4355
Themesflat Addons For Elementor
- Plugin:
- Themesflat Addons For Elementor
- Plugin Slug:
- themesflat-addons-for-elementor
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-35666
Upload Fields for WPForms
- Plugin:
- Upload Fields for WPForms
- Plugin Slug:
- upload-fields-for-wpforms
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-35661
Uploadcare File Uploader and Adaptive Delivery (beta)
- Plugin:
- Uploadcare File Uploader and Adaptive Delivery (beta)
- Plugin Slug:
- uploadcare
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-35636
Claudio Sanches
- Plugin:
- Claudio Sanches
- Plugin Slug:
- woocommerce-checkout-cielo
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-1718
WP Back Button
- Plugin:
- WP Back Button
- Plugin Slug:
- wp-back-button
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-35643
WP-DB-Table-Editor
- Plugin:
- WP-DB-Table-Editor
- Plugin Slug:
- wp-db-table-editor
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-2019
WP-Recall
- Plugin:
- WP-Recall
- Plugin Slug:
- wp-recall
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-35657
WP To Do
- Plugin:
- WP To Do
- Plugin Slug:
- wp-todo
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-3946
WP To Do
- Plugin:
- WP To Do
- Plugin Slug:
- wp-todo
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-3943
WP Translate
- Plugin:
- WP Translate
- Plugin Slug:
- wp-translate
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-35663
WPUpper Share Buttons
- Plugin:
- WPUpper Share Buttons
- Plugin Slug:
- wpupper-share-buttons
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-4997
Yumpu ePaper publishing
- Plugin:
- Yumpu ePaper publishing
- Plugin Slug:
- yumpu-epaper-publishing
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-3277
Advanced Custom Fields (ACF)
- Plugin:
- Advanced Custom Fields (ACF)
- Plugin Slug:
- advanced-custom-fields
- Installations
- 2,000,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 6.3
- Severity Score:
- Medium
- CVE:
- 2024-4565
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
- Plugin:
- Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
- Plugin Slug:
- essential-addons-for-elementor-lite
- Installations
- 2,000,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.9.22
- Severity Score:
- Medium
- CVE:
- 2024-5073
YITH WooCommerce Wishlist
- Plugin:
- YITH WooCommerce Wishlist
- Plugin Slug:
- yith-woocommerce-wishlist
- Installations
- 900,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.33.0
- Severity Score:
- Medium
- CVE:
- 2024-34385
Premium Addons for Elementor
- Plugin:
- Premium Addons for Elementor
- Plugin Slug:
- premium-addons-for-elementor
- Installations
- 700,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.10.32
- Severity Score:
- Medium
- CVE:
- 2024-4205
WP Shortcodes Plugin — Shortcodes Ultimate
- Plugin Slug:
- shortcodes-ultimate
- Installations
- 600,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 7.1.7
- Severity Score:
- Medium
- CVE:
- 2024-4821
Page Builder Gutenberg Blocks – CoBlocks
- Plugin Slug:
- coblocks
- Installations
- 400,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.1.10
- Severity Score:
- Medium
- CVE:
- 2024-2933
Happy Addons for Elementor
- Plugin:
- Happy Addons for Elementor
- Plugin Slug:
- happy-elementor-addons
- Installations
- 400,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.11.0
- Severity Score:
- Medium
- CVE:
- 2024-5347
Post SMTP – WP SMTP Plugin with Email Logs & Mobile App for Failure Alerts – Any SMTP Plus Gmail SMTP, Office 365, Brevo, Mailgun, Amazon SES, Postmark
- Plugin Slug:
- post-smtp
- Installations
- 400,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 2.9.4
- Severity Score:
- High
- CVE:
- 2024-5207
Newsletter – Send awesome emails from WordPress
- Plugin Slug:
- newsletter
- Installations
- 300,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 8.3.5
- Severity Score:
- High
- CVE:
- 2024-5317
Royal Elementor Addons and Templates
- Plugin Slug:
- royal-elementor-addons
- Installations
- 300,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.3.976
- Severity Score:
- Medium
- CVE:
- 2024-4342
Blocksy Companion
- Plugin:
- Blocksy Companion
- Plugin Slug:
- blocksy-companion
- Installations
- 200,000+
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- 2.0.43
- Severity Score:
- Medium
- CVE:
- 2024-35633
Popup Builder – Create highly converting, mobile friendly marketing popups.
- Plugin Slug:
- popup-builder
- Installations
- 200,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.3.0
- Severity Score:
- Medium
- CVE:
- 2024-2506
Supreme Modules Lite – Divi Theme, Extra Theme and Divi Builder
- Plugin Slug:
- supreme-modules-for-divi
- Installations
- 200,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.5.52
- Severity Score:
- Medium
- CVE:
- 2024-5501
Unlimited Elements For Elementor (Free Widgets, Addons, Templates)
- Plugin Slug:
- unlimited-elements-for-elementor
- Installations
- 200,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.5.108
- Severity Score:
- Medium
- CVE:
- 2024-3190
Download Manager
- Plugin:
- Download Manager
- Plugin Slug:
- download-manager
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.2.94
- Severity Score:
- Medium
- CVE:
- 2024-4001
Download Manager
- Plugin:
- Download Manager
- Plugin Slug:
- download-manager
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.2.91
- Severity Score:
- Medium
- CVE:
- 2024-4160
Download Monitor
- Plugin:
- Download Monitor
- Plugin Slug:
- download-monitor
- Installations
- 100,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.9.14
- Severity Score:
- Medium
- CVE:
- 2024-3269
Newsletter, SMTP, Email marketing and Subscribe forms by Brevo (formely Sendinblue)
- Plugin Slug:
- mailin
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.1.78
- Severity Score:
- High
- CVE:
- 2024-35668
PowerPack Addons for Elementor (Free Widgets, Extensions and Templates)
- Plugin Slug:
- powerpack-lite-for-elementor
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.7.20
- Severity Score:
- Medium
- CVE:
- 2024-5327
WP STAGING WordPress Backup Plugin – Migration Backup Restore
- Plugin Slug:
- wp-staging
- Installations
- 100,000+
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- 3.5.0
- Severity Score:
- Medium
- CVE:
- 2024-4469
Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce
- Plugin Slug:
- email-subscribers
- Installations
- 90,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 5.7.21
- Severity Score:
- Critical
- CVE:
- 2024-4295
EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor
- Plugin Slug:
- embedpress
- Installations
- 90,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.0.2
- Severity Score:
- Medium
- CVE:
- 2024-5571
LearnPress – WordPress LMS Plugin
- Plugin Slug:
- learnpress
- Installations
- 90,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 4.2.6.8.1
- Severity Score:
- Medium
- CVE:
- 2024-5483
Brizy – Page Builder
- Plugin:
- Brizy – Page Builder
- Plugin Slug:
- brizy
- Installations
- 80,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.4.44
- Severity Score:
- Medium
- CVE:
- 2024-3667
Brizy – Page Builder
- Plugin:
- Brizy – Page Builder
- Plugin Slug:
- brizy
- Installations
- 80,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.4.44
- Severity Score:
- High
- CVE:
- 2024-2087
Ninja Tables – Easiest Data Table Builder
- Plugin Slug:
- ninja-tables
- Installations
- 80,000+
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- 5.0.10
- Severity Score:
- Medium
- CVE:
- 2024-35635
User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin
- Plugin Slug:
- user-registration
- Installations
- 70,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.2.1
- Severity Score:
- High
- CVE:
- 2024-4958
wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin
- Plugin Slug:
- wpdatatables
- Installations
- 70,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 6.4
- Severity Score:
- High
- CVE:
- 2024-3821
wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin
- Plugin Slug:
- wpdatatables
- Installations
- 70,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 6.3.2
- Severity Score:
- Critical
- CVE:
- 2024-3820
Site Reviews
- Plugin:
- Site Reviews
- Plugin Slug:
- site-reviews
- Installations
- 60,000+
- Vulnerability:
- Bypass Vulnerability
- Patched in Version:
- 7.0.0
- Severity Score:
- Medium
- CVE:
- 2024-3050
Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode & Coming Soon Pages
- Plugin Slug:
- visualcomposer
- Installations
- 60,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 45.9.0
- Severity Score:
- Medium
- CVE:
- 2024-35653
WordPress Infinite Scroll – Ajax Load More
- Plugin Slug:
- ajax-load-more
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 7.1.2
- Severity Score:
- Medium
- CVE:
- 2024-4711
Shield Security – Smart Bot Blocking & Intrusion Prevention Security
- Plugin Slug:
- wp-simple-firewall
- Installations
- 50,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 19.1.11
- Severity Score:
- Medium
- CVE:
- 2024-4344
DethemeKit For Elementor
- Plugin:
- DethemeKit For Elementor
- Plugin Slug:
- dethemekit-for-elementor
- Installations
- 40,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.1.5
- Severity Score:
- Medium
- CVE:
- 2024-5418
Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX
- Plugin Slug:
- ultimate-post
- Installations
- 40,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.1.2
- Severity Score:
- Medium
- CVE:
- 2024-5223
HTML5 Video Player – Best WordPress Video Player Plugin and Block
- Plugin Slug:
- html5-video-player
- Installations
- 30,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 2.5.27
- Severity Score:
- Critical
- CVE:
- 2024-5522
Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor
- Plugin Slug:
- master-addons
- Installations
- 30,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.0.5.6
- Severity Score:
- Medium
- CVE:
- 2024-35660
SureTriggers – Connect All Your Plugins, Apps, Tools & Automate Everything!
- Plugin Slug:
- suretriggers
- Installations
- 30,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.0.48
- Severity Score:
- Medium
- CVE:
- 2024-5485
Content Blocks (Custom Post Widget)
- Plugin Slug:
- custom-post-widget
- Installations
- 20,000+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 3.3.1
- Severity Score:
- High
- CVE:
- 2024-3564
Responsive Addons – Starter Templates, Advanced Features and Customizer Settings for Responsive Theme.
- Plugin Slug:
- responsive-add-ons
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.0.6
- Severity Score:
- Medium
- CVE:
- 2024-5222
wpForo Forum
- Plugin:
- wpForo Forum
- Plugin Slug:
- wpforo
- Installations
- 20,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 2.3.4
- Severity Score:
- High
- CVE:
- 2024-3200
Gum Elementor Addon
- Plugin:
- Gum Elementor Addon
- Plugin Slug:
- gum-elementor-addon
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.3.5
- Severity Score:
- Medium
- CVE:
- 2024-4668
LifterLMS – WordPress LMS for eLearning
- Plugin Slug:
- lifterlms
- Installations
- 10,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 7.6.3
- Severity Score:
- High
- CVE:
- 2024-4743
Elements For Elementor
- Plugin:
- Elements For Elementor
- Plugin Slug:
- nd-elements
- Installations
- 10,000+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 2.2
- Severity Score:
- High
- CVE:
- 2024-5348
Simple Like Page Plugin
- Plugin:
- Simple Like Page Plugin
- Plugin Slug:
- simple-facebook-plugin
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.5.3
- Severity Score:
- Medium
- CVE:
- 2024-3583
Weaver Xtreme Theme Support
- Plugin:
- Weaver Xtreme Theme Support
- Plugin Slug:
- weaverx-theme-support
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 6.5
- Severity Score:
- Medium
- CVE:
- 2024-4939
Five Star Restaurant Menu and Food Ordering
- Plugin Slug:
- food-and-drink-menu
- Installations
- 7,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.4.17
- Severity Score:
- Medium
- CVE:
- 2024-5459
ProfileGrid – User Profiles, Groups and Communities
- Plugin Slug:
- profilegrid-user-profiles-groups-and-communities
- Installations
- 7,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 5.8.7
- Severity Score:
- Medium
- CVE:
- 2024-5453
Integrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files into Your WordPress Site
- Plugin Slug:
- integrate-google-drive
- Installations
- 6,000+
- Vulnerability:
- Broken Authentication
- Patched in Version:
- 1.3.94
- Severity Score:
- Medium
- CVE:
- 2024-35670
WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce
- Plugin Slug:
- wp-cafe
- Installations
- 6,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.2.26
- Severity Score:
- Medium
- CVE:
- 2024-5427
Shopping Cart & eCommerce Store
- Plugin:
- Shopping Cart & eCommerce Store
- Plugin Slug:
- wp-easycart
- Installations
- 5,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 5.6.0
- Severity Score:
- Medium
- CVE:
- 2024-35667
Debug Log Manager
- Plugin:
- Debug Log Manager
- Plugin Slug:
- debug-log-manager
- Installations
- 4,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.3.2
- Severity Score:
- Medium
- CVE:
- 2024-35669
Responsive Owl Carousel for Elementor
- Plugin Slug:
- responsive-owl-carousel-elementor
- Installations
- 4,000+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 1.2.1
- Severity Score:
- High
- CVE:
- 2024-5345
Mollie Forms
- Plugin:
- Mollie Forms
- Plugin Slug:
- mollie-forms
- Installations
- 3,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.6.14
- Severity Score:
- Medium
- CVE:
- 2024-2368
Preferred Languages
- Plugin:
- Preferred Languages
- Plugin Slug:
- preferred-languages
- Installations
- 3,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.3.0
- Severity Score:
- Medium
- CVE:
- 2024-35644
Simple Ajax Chat – Add a Fast, Secure Chat Box
- Plugin Slug:
- simple-ajax-chat
- Installations
- 3,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 20240412
- Severity Score:
- Medium
- CVE:
- 2024-2470
Site Favicon
- Plugin:
- Site Favicon
- Plugin Slug:
- site-favicon
- Installations
- 3,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 0.3
- Severity Score:
- Medium
- CVE:
- 2024-35642
Visual Website Collaboration, Feedback & Project Management – Atarim
- Plugin Slug:
- atarim-visual-collaboration
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.31
- Severity Score:
- High
- CVE:
- 2024-2793
Church Admin
- Plugin:
- Church Admin
- Plugin Slug:
- church-admin
- Installations
- 1,000+
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- 4.4.0
- Severity Score:
- Medium
- CVE:
- 2024-35637
Emergency Password Reset
- Plugin:
- Emergency Password Reset
- Plugin Slug:
- emergency-password-reset
- Installations
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 9.0
- Severity Score:
- Medium
- CVE:
- 2024-35648
Event Tickets with Ticket Scanner
- Plugin Slug:
- event-tickets-with-ticket-scanner
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.3.2
- Severity Score:
- High
- CVE:
- 2024-35652
GamiPress – Link
- Plugin:
- GamiPress – Link
- Plugin Slug:
- gamipress-link
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.1.5
- Severity Score:
- Medium
- CVE:
- 2024-5536
Safety Exit
- Plugin:
- Safety Exit
- Plugin Slug:
- safety-exit
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.7.1
- Severity Score:
- Medium
- CVE:
- 2024-35640
Save as PDF Plugin by Pdfcrowd
- Plugin:
- Save as PDF Plugin by Pdfcrowd
- Plugin Slug:
- save-as-pdf-by-pdfcrowd
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.3.0
- Severity Score:
- Medium
- CVE:
- 2024-35649
WP Flow Plus
- Plugin:
- WP Flow Plus
- Plugin Slug:
- wp-imageflow2
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.2.3
- Severity Score:
- Medium
- CVE:
- 2024-35651
MelaPress Login Security
- Plugin:
- MelaPress Login Security
- Plugin Slug:
- melapress-login-security
- Installations
- 600+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 1.3.1
- Severity Score:
- Medium
- CVE:
- 2024-35650
Gutenberg Blocks and Page Layouts – Attire Blocks
- Plugin Slug:
- attire-blocks
- Installations
- 400+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.9.3
- Severity Score:
- Medium
- CVE:
- 2024-4088
Just Writing Statistics
- Plugin:
- Just Writing Statistics
- Plugin Slug:
- just-writing-statistics
- Installations
- 200+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.6
- Severity Score:
- Medium
- CVE:
- 2024-35641
Advanced Custom Fields PRO
- Plugin:
- Advanced Custom Fields PRO
- Plugin Slug:
- advanced-custom-fields-pro
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 6.3
- Severity Score:
- Medium
- CVE:
- 2024-4565
Boostify Header Footer Builder for Elementor
- Plugin:
- Boostify Header Footer Builder for Elementor
- Plugin Slug:
- boostify-header-footer-builder
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.3.3
- Severity Score:
- Medium
- CVE:
- 2024-5006
Buddyboss Platform
- Plugin:
- Buddyboss Platform
- Plugin Slug:
- buddyboss-platform
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- 2.6.0
- Severity Score:
- Medium
- CVE:
- 2024-4750
Contact Form Manager
- Plugin:
- Contact Form Manager
- Plugin Slug:
- contact-form-manager
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.6.1
- Severity Score:
- Medium
- CVE:
- 2024-2295
GP Premium
- Plugin:
- GP Premium
- Plugin Slug:
- gp-premium
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.4.1
- Severity Score:
- High
- CVE:
- 2024-3469
tagDiv Composer
- Plugin:
- tagDiv Composer
- Plugin Slug:
- td-composer
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.9
- Severity Score:
- Medium
- CVE:
- 2024-3888
The Plus Addons for Elementor Pro
- Plugin:
- The Plus Addons for Elementor Pro
- Plugin Slug:
- theplus_elementor_addon
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.5.5
- Severity Score:
- Medium
- CVE:
- 2024-5341
Checkout Field Editor for WooCommerce (Pro)
- Plugin:
- Checkout Field Editor for WooCommerce (Pro)
- Plugin Slug:
- woocommerce-checkout-field-editor-pro
- Vulnerability:
- Arbitrary File Deletion
- Patched in Version:
- 3.6.3
- Severity Score:
- High
- CVE:
- 2024-35658
WP eMember
- Plugin:
- WP eMember
- Plugin Slug:
- wp-eMember
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 10.3.9
- Severity Score:
- High
- CVE:
- 2024-4749
WPvivid Backup for MainWP
- Plugin:
- WPvivid Backup for MainWP
- Plugin Slug:
- wpvivid-backup-mainw
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 0.9.33
- Severity Score:
- High
- CVE:
- 2024-35664
WordPress Themes — 1 Patched / 0 Unpatched
Responsive
- Theme:
- Responsive
- Theme Slug:
- responsive
- Downloads
- 4,502,287
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.0.3.1
- Severity Score:
- Medium
- CVE:
- 2024-35654
Solid Security is part of Solid Suite — The best foundation for WordPress websites.
Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!
Join us for the next Solid Academy Webinar!
Free weekly webinars that will help you master WordPress and increase your business's bottom line.
What is a WordPress Phishing Attack?
Learn how to identify and prevent phishing attacks on WordPress websites.
Kiki SheldonWebsite Protection: 5 Ways to Keep Your Website Safe
Robust website protection is the shield that stands between your business and relentless cyber attacks. Prioritizing website protection enables businesses to fortify defenses to safeguard their online presence and preserve the trust of their customers in the face of ever-evolving cybersecurity threats.
Kiki Sheldon23 Ideas To Grow Your WordPress Business in 2023
WordPress is the most popular website-building platform worldwide, trusted by numerous brands. WordPress enables you to build a user-friendly and highly reliable site, together with tools and plugins to enhance your marketing and work like a lead magnet. All these features make WordPress the platform chosen by more than 43% of businesses globally.
SolidWP Editorial TeamSign up now — Get SolidWP updates and valuable content straight to your inbox
Sign up
Placeholder text
Placeholder text
Get started with confidence — risk free, guaranteed
