In this report, 201 vulnerabilities have been publicly disclosed. Security patches for 185 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.
Additionally, there are 16 plugin vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.
WordPress Core
WordPress 6.4.3 was released on January 30, 2024, as a short-cycle maintenance and security release with five bug fixes in Core and 16 bug fixes for the Block Editor. It is recommended that you update your sites immediately.
The next major release will be version 6.5, planned for March 26, 2024.
WordPress Plugins — 183 Patched / 16 Unpatched
Conversios – Google Analytics 4 (GA4), Meta Pixel & more Via Google Tag Manager For WooCommerce
- Plugin:
- Conversios – Google Analytics 4 (GA4), Meta Pixel & more Via Google Tag Manager For WooCommerce
- Plugin Slug:
- enhanced-e-commerce-for-woocommerce-store
- Installations
- 20,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-1203
HT Easy GA4 – Google Analytics WordPress Plugin
- Plugin Slug:
- ht-easy-google-analytics
- Installations
- 6,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-1176
Advanced Social Feeds Widget & Shortcode
- Plugin:
- Advanced Social Feeds Widget & Shortcode
- Plugin Slug:
- advanced-facebook-twitter-widget
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-0951
ArtiBot
- Plugin:
- ArtiBot
- Plugin Slug:
- artibot
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-0447
Enjoy Social Feed plugin for WordPress website
- Plugin:
- Enjoy Social Feed plugin for WordPress website
- Plugin Slug:
- enjoy-instagram-instagram-responsive-images-gallery-and-carousel
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-0780
Enjoy Social Feed plugin for WordPress website
- Plugin:
- Enjoy Social Feed plugin for WordPress website
- Plugin Slug:
- enjoy-instagram-instagram-responsive-images-gallery-and-carousel
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-0779
f(x) Private Site
- Plugin:
- f(x) Private Site
- Plugin Slug:
- fx-private-site
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-0906
Innovs HR
- Plugin:
- Innovs HR
- Plugin Slug:
- innovs-hr-manager
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-0858
LadiApp
- Plugin:
- LadiApp
- Plugin Slug:
- ladipage
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-4731
LadiApp
- Plugin:
- LadiApp
- Plugin Slug:
- ladipage
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-4728
Malware Scanner
- Plugin:
- Malware Scanner
- Plugin Slug:
- miniorange-malware-protection
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2024-2172
Newsletter2Go
- Plugin:
- Newsletter2Go
- Plugin Slug:
- newsletter2go
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-1328
Play.ht
- Plugin:
- Play.ht
- Plugin Slug:
- play-ht
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-0828
Play.ht
- Plugin:
- Play.ht
- Plugin Slug:
- play-ht
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-0827
Scalable Vector Graphics (SVG)
- Plugin:
- Scalable Vector Graphics (SVG)
- Plugin Slug:
- scalable-vector-graphics-svg
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-7085
Web Application Firewall – website security
- Plugin:
- Web Application Firewall – website security
- Plugin Slug:
- web-application-firewall
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2024-2172
Contact Form 7
- Plugin:
- Contact Form 7
- Plugin Slug:
- contact-form-7
- Installations
- 5,000,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.9.2
- Severity Score:
- High
- CVE:
- 2024-2242
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
- Plugin:
- Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
- Plugin Slug:
- essential-addons-for-elementor-lite
- Installations
- 2,000,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.9.10
- Severity Score:
- Medium
- CVE:
- 2024-1536
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
- Plugin:
- Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
- Plugin Slug:
- essential-addons-for-elementor-lite
- Installations
- 2,000,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.9.10
- Severity Score:
- Medium
- CVE:
- 2024-1537
ElementsKit Elementor addons
- Plugin:
- ElementsKit Elementor addons
- Plugin Slug:
- elementskit-lite
- Installations
- 1,000,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.0.6
- Severity Score:
- Medium
- CVE:
- 2024-2042
ElementsKit Elementor addons
- Plugin:
- ElementsKit Elementor addons
- Plugin Slug:
- elementskit-lite
- Installations
- 1,000,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.0.5
- Severity Score:
- Medium
- CVE:
- 2024-1239
ElementsKit Elementor addons
- Plugin:
- ElementsKit Elementor addons
- Plugin Slug:
- elementskit-lite
- Installations
- 1,000,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.0.4
- Severity Score:
- Medium
- CVE:
- 2023-6525
Elementor Header & Footer Builder
- Plugin Slug:
- header-footer-elementor
- Installations
- 1,000,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.6.25
- Severity Score:
- Medium
- CVE:
- 2024-1237
Premium Addons for Elementor
- Plugin:
- Premium Addons for Elementor
- Plugin Slug:
- premium-addons-for-elementor
- Installations
- 700,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.10.17
- Severity Score:
- Medium
- CVE:
- 2024-29106
Premium Addons for Elementor
- Plugin:
- Premium Addons for Elementor
- Plugin Slug:
- premium-addons-for-elementor
- Installations
- 700,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.10.24
- Severity Score:
- Medium
- CVE:
- 2024-2399
WP Statistics
- Plugin:
- WP Statistics
- Plugin Slug:
- wp-statistics
- Installations
- 600,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 14.5.1
- Severity Score:
- High
- CVE:
- 2024-2194
Happy Addons for Elementor
- Plugin:
- Happy Addons for Elementor
- Plugin Slug:
- happy-elementor-addons
- Installations
- 400,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.10.2
- Severity Score:
- Medium
- CVE:
- 2024-29108
Gutenberg Blocks by Kadence Blocks – Page Builder Features
- Plugin Slug:
- kadence-blocks
- Installations
- 400,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.2.24
- Severity Score:
- Medium
- CVE:
- 2024-1541
POST SMTP – The #1 WordPress SMTP Plugin with Advanced Email Logging and Delivery Failure Notifications
- Plugin Slug:
- post-smtp
- Installations
- 400,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.8.7
- Severity Score:
- High
- CVE:
- 2024-29128
WP Go Maps (formerly WP Google Maps)
- Plugin Slug:
- wp-google-maps
- Installations
- 400,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 9.0.33
- Severity Score:
- Medium
- CVE:
- 2023-4839
WP Go Maps (formerly WP Google Maps)
- Plugin Slug:
- wp-google-maps
- Installations
- 400,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 9.0.33
- Severity Score:
- Medium
- CVE:
- 2024-1582
Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE
- Plugin Slug:
- otter-blocks
- Installations
- 300,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.6.5
- Severity Score:
- Medium
- CVE:
- 2024-2226
PDF Embedder
- Plugin:
- PDF Embedder
- Plugin Slug:
- pdf-embedder
- Installations
- 300,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.7.1
- Severity Score:
- Medium
- CVE:
- 2024-29141
Backuply – Backup, Restore, Migrate and Clone
- Plugin Slug:
- backuply
- Installations
- 200,000+
- Vulnerability:
- Directory Traversal
- Patched in Version:
- 1.2.8
- Severity Score:
- Medium
- CVE:
- 2024-2294
Anti-Malware Security and Brute-Force Firewall
- Plugin Slug:
- gotmls
- Installations
- 200,000+
- Vulnerability:
- Remote Code Execution (RCE)
- Patched in Version:
- 4.23.56
- Severity Score:
- Critical
- CVE:
- 2024-22144
Jeg Elementor Kit
- Plugin:
- Jeg Elementor Kit
- Plugin Slug:
- jeg-elementor-kit
- Installations
- 200,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.6.3
- Severity Score:
- Medium
- CVE:
- 2024-29101
Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress
- Plugin Slug:
- wp-user-avatar
- Installations
- 200,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.15.3
- Severity Score:
- Medium
- CVE:
- 2024-1535
Elementor Addon Elements
- Plugin:
- Elementor Addon Elements
- Plugin Slug:
- addon-elements-for-elementor-page-builder
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.12.11
- Severity Score:
- Medium
- CVE:
- 2024-29107
Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More
- Plugin Slug:
- advanced-access-manager
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 6.9.21
- Severity Score:
- High
- CVE:
- 2024-29127
Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More
- Plugin Slug:
- advanced-access-manager
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 6.9.21
- Severity Score:
- Medium
- CVE:
- 2024-29124
Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider)
- Plugin Slug:
- bdthemes-prime-slider-lite
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.13.3
- Severity Score:
- Medium
- CVE:
- 2024-1507
Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider)
- Plugin Slug:
- bdthemes-prime-slider-lite
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.13.3
- Severity Score:
- Medium
- CVE:
- 2024-1508
Beaver Builder – WordPress Page Builder
- Plugin Slug:
- beaver-builder-lite-version
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.7.4.5
- Severity Score:
- Medium
- CVE:
- 2024-1080
Burst Statistics – Privacy-Friendly Analytics for WordPress
- Plugin Slug:
- burst-statistics
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.5.7
- Severity Score:
- Medium
- CVE:
- 2024-1894
Colibri Page Builder
- Plugin:
- Colibri Page Builder
- Plugin Slug:
- colibri-page-builder
- Installations
- 100,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.0.263
- Severity Score:
- Medium
- CVE:
- 2024-1870
Download Manager
- Plugin:
- Download Manager
- Plugin Slug:
- download-manager
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.2.85
- Severity Score:
- Medium
- CVE:
- 2024-29114
Everest Forms – Build Contact Forms, Surveys, Polls, Quizzes, Newsletter & Application Forms, and Many More with Ease!
- Plugin Slug:
- everest-forms
- Installations
- 100,000+
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- 2.0.8
- Severity Score:
- High
- CVE:
- 2024-1812
GiveWP – Donation Plugin and Fundraising Platform
- Plugin Slug:
- give
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.4.0
- Severity Score:
- High
- CVE:
- 2024-27987
WP Armour – Honeypot Anti Spam
- Plugin:
- WP Armour – Honeypot Anti Spam
- Plugin Slug:
- honeypot
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.1.14
- Severity Score:
- High
- CVE:
- 2024-29091
HT Mega – Absolute Addons For Elementor
- Plugin Slug:
- ht-mega-for-elementor
- Installations
- 100,000+
- Vulnerability:
- Directory Traversal
- Patched in Version:
- 2.4.7
- Severity Score:
- High
- CVE:
- 2024-1974
HT Mega – Absolute Addons For Elementor
- Plugin Slug:
- ht-mega-for-elementor
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.4.7
- Severity Score:
- Medium
- CVE:
- 2024-1397
HT Mega – Absolute Addons For Elementor
- Plugin Slug:
- ht-mega-for-elementor
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.4.5
- Severity Score:
- Medium
- CVE:
- 2024-1421
Qi Addons For Elementor
- Plugin:
- Qi Addons For Elementor
- Plugin Slug:
- qi-addons-for-elementor
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.6.8
- Severity Score:
- Medium
- CVE:
- 2024-0826
Tracking Code Manager
- Plugin:
- Tracking Code Manager
- Plugin Slug:
- tracking-code-manager
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.1.0
- Severity Score:
- Medium
- CVE:
- 2024-2579
HUSKY – Products Filter Professional for WooCommerce
- Plugin Slug:
- woocommerce-products-filter
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.3.5.2
- Severity Score:
- Medium
- CVE:
- 2024-1796
HUSKY – Products Filter Professional for WooCommerce
- Plugin Slug:
- woocommerce-products-filter
- Installations
- 100,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 1.3.5.3
- Severity Score:
- High
- CVE:
- 2024-1795
ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor)
- Plugin Slug:
- woolentor-addons
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.8.2
- Severity Score:
- Medium
- CVE:
- 2024-1960
Hustle – Email Marketing, Lead Generation, Optins, Popups
- Plugin Slug:
- wordpress-popup
- Installations
- 100,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 7.8.4
- Severity Score:
- High
- CVE:
- 2024-0368
Widget for Social Page Feeds
- Plugin:
- Widget for Social Page Feeds
- Plugin Slug:
- facebook-pagelike-widget
- Installations
- 80,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 6.4
- Severity Score:
- Medium
- CVE:
- 2024-0973
Permalink Manager Pro
- Plugin:
- Permalink Manager Pro
- Plugin Slug:
- permalink-manager
- Installations
- 80,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.4.3.2
- Severity Score:
- Low
- CVE:
- 2024-2538
Permalink Manager Pro
- Plugin:
- Permalink Manager Pro
- Plugin Slug:
- permalink-manager
- Installations
- 80,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.4.3.1
- Severity Score:
- High
- CVE:
- 2024-29092
Tutor LMS – eLearning and online course solution
- Plugin Slug:
- tutor
- Installations
- 80,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.6.2
- Severity Score:
- Medium
- CVE:
- 2024-1503
Tutor LMS – eLearning and online course solution
- Plugin Slug:
- tutor
- Installations
- 80,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.6.2
- Severity Score:
- Medium
- CVE:
- 2024-1502
Tutor LMS – eLearning and online course solution
- Plugin Slug:
- tutor
- Installations
- 80,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 2.6.2
- Severity Score:
- High
- CVE:
- 2024-1751
Elementor Addons by Livemesh
- Plugin:
- Elementor Addons by Livemesh
- Plugin Slug:
- addons-for-elementor
- Installations
- 70,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 8.3.6
- Severity Score:
- Medium
- CVE:
- 2024-27986
Site Reviews
- Plugin:
- Site Reviews
- Plugin Slug:
- site-reviews
- Installations
- 60,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 6.11.7
- Severity Score:
- Medium
- CVE:
- 2024-29095
Site Reviews
- Plugin:
- Site Reviews
- Plugin Slug:
- site-reviews
- Installations
- 60,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 6.11.7
- Severity Score:
- Medium
- CVE:
- 2024-2293
Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode & Coming Soon Pages
- Plugin Slug:
- visualcomposer
- Installations
- 60,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 45.7.0
- Severity Score:
- Medium
- CVE:
- 2024-27997
Contact Form by BestWebSoft – Advanced Contact Us Form Builder for WordPress
- Plugin Slug:
- contact-form-plugin
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.2.9
- Severity Score:
- High
- CVE:
- 2024-2198
Easy Accordion – Best Accordion FAQ Plugin for WordPress
- Plugin Slug:
- easy-accordion-free
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.3.5
- Severity Score:
- Medium
- CVE:
- 2024-1363
Easy Social Feed – Social Photos Gallery – Post Feed – Like Box
- Plugin Slug:
- easy-facebook-likebox
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 6.5.5
- Severity Score:
- Medium
- CVE:
- 2024-1278
Easy Social Feed – Social Photos Gallery – Post Feed – Like Box
- Plugin Slug:
- easy-facebook-likebox
- Installations
- 50,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 6.5.5
- Severity Score:
- Medium
- CVE:
- 2024-1213
Easy Social Feed – Social Photos Gallery – Post Feed – Like Box
- Plugin Slug:
- easy-facebook-likebox
- Installations
- 50,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 6.5.5
- Severity Score:
- Medium
- CVE:
- 2024-1214
Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks
- Plugin:
- Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks
- Plugin Slug:
- post-grid
- Installations
- 50,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 2.2.69
- Severity Score:
- Medium
- CVE:
- 2023-7072
Shariff Wrapper
- Plugin:
- Shariff Wrapper
- Plugin Slug:
- shariff
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.6.11
- Severity Score:
- Medium
- CVE:
- 2024-29109
Shariff Wrapper
- Plugin:
- Shariff Wrapper
- Plugin Slug:
- shariff
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.6.10
- Severity Score:
- Medium
- CVE:
- 2023-6500
Shariff Wrapper
- Plugin:
- Shariff Wrapper
- Plugin Slug:
- shariff
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.6.11
- Severity Score:
- Medium
- CVE:
- 2024-1450
Shariff Wrapper
- Plugin:
- Shariff Wrapper
- Plugin Slug:
- shariff
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.6.10
- Severity Score:
- Medium
- CVE:
- 2024-0966
Premmerce Permalink Manager for WooCommerce
- Plugin Slug:
- woo-permalink-manager
- Installations
- 50,000+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 2.3.11
- Severity Score:
- High
- CVE:
- 2024-27971
Super Page Cache for Cloudflare
- Plugin:
- Super Page Cache for Cloudflare
- Plugin Slug:
- wp-cloudflare-page-cache
- Installations
- 50,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 4.7.6
- Severity Score:
- High
- CVE:
- 2024-27968
WP Recipe Maker
- Plugin:
- WP Recipe Maker
- Plugin Slug:
- wp-recipe-maker
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 9.3.0
- Severity Score:
- Medium
- CVE:
- 2024-1571
Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress
- Plugin Slug:
- quiz-master-next
- Installations
- 40,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 8.2.3
- Severity Score:
- Medium
- CVE:
- 2024-27966
Starbox – the Author Box for Humans
- Plugin Slug:
- starbox
- Installations
- 40,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.5.0
- Severity Score:
- Medium
- CVE:
- 2024-1273
Crisp – Live Chat and Chatbot
- Plugin:
- Crisp – Live Chat and Chatbot
- Plugin Slug:
- crisp
- Installations
- 30,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 0.45
- Severity Score:
- Medium
- CVE:
- 2024-27963
FV Flowplayer Video Player
- Plugin:
- FV Flowplayer Video Player
- Plugin Slug:
- fv-wordpress-flowplayer
- Installations
- 30,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 7.5.44.7212
- Severity Score:
- Medium
- CVE:
- 2024-29122
Link Whisper Free
- Plugin:
- Link Whisper Free
- Plugin Slug:
- link-whisper
- Installations
- 30,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 0.6.9
- Severity Score:
- High
- CVE:
- 2024-27992
Seriously Simple Podcasting
- Plugin:
- Seriously Simple Podcasting
- Plugin Slug:
- seriously-simple-podcasting
- Installations
- 30,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 3.0.0
- Severity Score:
- Medium
- CVE:
- 2023-6444
Team Members
- Plugin:
- Team Members
- Plugin Slug:
- team-members
- Installations
- 30,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.3.2
- Severity Score:
- Medium
- CVE:
- 2024-1331
Visualizer: Tables and Charts Manager for WordPress
- Plugin Slug:
- visualizer
- Installations
- 30,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.10.6
- Severity Score:
- High
- CVE:
- 2024-27958
WP Popups – WordPress Popup builder
- Plugin Slug:
- wp-popups-lite
- Installations
- 30,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.1.5.6
- Severity Score:
- Medium
- CVE:
- 2024-29105
Accordion
Responsive Pricing Table
- Plugin:
- Responsive Pricing Table
- Plugin Slug:
- dk-pricr-responsive-pricing-table
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.1.11
- Severity Score:
- Medium
- CVE:
- 2024-1333
DSGVO All in one for WP
- Plugin:
- DSGVO All in one for WP
- Plugin Slug:
- dsgvo-all-in-one-for-wp
- Installations
- 20,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 4.4
- Severity Score:
- Medium
- CVE:
- 2024-27967
Related Posts for WordPress
- Plugin:
- Related Posts for WordPress
- Plugin Slug:
- related-posts-for-wp
- Installations
- 20,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.2.2
- Severity Score:
- Medium
- CVE:
- 2024-0592
Restrict User Access – Ultimate Membership & Content Protection
- Plugin Slug:
- restrict-user-access
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.6
- Severity Score:
- High
- CVE:
- 2024-29138
Simple Job Board
- Plugin:
- Simple Job Board
- Plugin Slug:
- simple-job-board
- Installations
- 20,000+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 2.11.1
- Severity Score:
- Critical
- CVE:
- 2024-1813
Video Conferencing with Zoom
- Plugin:
- Video Conferencing with Zoom
- Plugin Slug:
- video-conferencing-with-zoom-api
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.4.5
- Severity Score:
- Medium
- CVE:
- 2024-2031
weForms – Easy Drag & Drop Contact Form Builder For WordPress
- Plugin Slug:
- weforms
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.6.22
- Severity Score:
- High
- CVE:
- 2024-0386
TeraWallet – Best WooCommerce Wallet System With Cashback Rewards, Partial Payment, Wallet Refunds
- Plugin:
- TeraWallet – Best WooCommerce Wallet System With Cashback Rewards, Partial Payment, Wallet Refunds
- Plugin Slug:
- woo-wallet
- Installations
- 20,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.4.11
- Severity Score:
- Medium
- CVE:
- 2024-1690
404 Solution
- Plugin:
- 404 Solution
- Plugin Slug:
- 404-solution
- Installations
- 10,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 2.35.8
- Severity Score:
- High
- CVE:
- 2024-1068
WPBakery Page Builder Addons by Livemesh
- Plugin Slug:
- addons-for-visual-composer
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.8.3
- Severity Score:
- Medium
- CVE:
- 2024-2079
Contact Form 7 – PayPal & Stripe Add-on
- Plugin Slug:
- contact-form-7-paypal-add-on
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.1
- Severity Score:
- High
- CVE:
- 2024-29130
Cryptocurrency Widgets – Price Ticker & Coins List
- Plugin Slug:
- cryptocurrency-price-ticker-widget
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.6.9
- Severity Score:
- Medium
- CVE:
- 2024-27953
RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login
- Plugin Slug:
- custom-registration-form-builder-with-submission-manager
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.2.6.0
- Severity Score:
- High
- CVE:
- 2024-29113
RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login
- Plugin Slug:
- custom-registration-form-builder-with-submission-manager
- Installations
- 10,000+
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 5.3.1.0
- Severity Score:
- High
- CVE:
- 2024-1991
JetWidgets For Elementor
- Plugin:
- JetWidgets For Elementor
- Plugin Slug:
- jetwidgets-for-elementor
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.0.16
- Severity Score:
- Medium
- CVE:
- 2024-2138
Jobs for WordPress
- Plugin:
- Jobs for WordPress
- Plugin Slug:
- job-postings
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.7.4
- Severity Score:
- Medium
- CVE:
- 2024-0820
LA-Studio Element Kit for Elementor
- Plugin Slug:
- lastudio-element-kit
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.3.7.5
- Severity Score:
- Medium
- CVE:
- 2024-2249
Link Library
- Plugin:
- Link Library
- Plugin Slug:
- link-library
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 7.6.1
- Severity Score:
- High
- CVE:
- 2024-29123
Link Library
- Plugin:
- Link Library
- Plugin Slug:
- link-library
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 7.6.7
- Severity Score:
- High
- CVE:
- 2024-2325
MasterStudy LMS WordPress Plugin – for Online Courses and Education
- Plugin Slug:
- masterstudy-lms-learning-management-system
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.3.0
- Severity Score:
- Medium
- CVE:
- 2024-1904
s2Member – Best Membership Plugin for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions
- Plugin Slug:
- s2member
- Installations
- 10,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 240315
- Severity Score:
- Medium
- CVE:
- 2024-0899
SupportCandy – Helpdesk & Customer Support Ticket System
- Plugin Slug:
- supportcandy
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.2.4
- Severity Score:
- Medium
- CVE:
- 2024-27991
Ultimate Posts Widget
- Plugin:
- Ultimate Posts Widget
- Plugin Slug:
- ultimate-posts-widget
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.3.1
- Severity Score:
- Medium
- CVE:
- 2024-0561
UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress
- Plugin Slug:
- userswp
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.2.7
- Severity Score:
- Medium
- CVE:
- 2024-2423
WP Coder – Powerful HTML, CSS, JS and PHP Injection
- Plugin Slug:
- wp-coder
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.5.1
- Severity Score:
- Medium
- CVE:
- 2024-2578
Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit
- Plugin:
- Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit
- Plugin Slug:
- wp-marketing-automations
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.8.3
- Severity Score:
- Medium
- CVE:
- 2024-2580
WooCommerce Google Feed Manager
- Plugin:
- WooCommerce Google Feed Manager
- Plugin Slug:
- wp-product-feed-manager
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.3.0
- Severity Score:
- Medium
- CVE:
- 2024-29112
YITH WooCommerce Product Add-Ons
- Plugin:
- YITH WooCommerce Product Add-Ons
- Plugin Slug:
- yith-woocommerce-product-add-ons
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.6.0
- Severity Score:
- High
- CVE:
- 2024-27994
Zippy
- Plugin:
- Zippy
- Plugin Slug:
- zippy
- Installations
- 10,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 1.6.10
- Severity Score:
- High
- CVE:
- 2024-27964
Elements Plus!
- Plugin:
- Elements Plus!
- Plugin Slug:
- elements-plus
- Installations
- 9,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.16.3
- Severity Score:
- Medium
- CVE:
- 2024-2335
PowerPack Lite for Beaver Builder
- Plugin Slug:
- powerpack-addon-for-beaver-builder
- Installations
- 9,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.3.0.1
- Severity Score:
- Medium
- CVE:
- 2024-2289
Tablesome – Responsive Table, Email Log, Form Automation – Contact Form 7, Elementor, WPForms, Gravity Forms, Fluent, Forminator
- Plugin Slug:
- tablesome
- Installations
- 8,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.0.28
- Severity Score:
- High
- CVE:
- 2024-29110
ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup
- Plugin:
- ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup
- Plugin Slug:
- armember-membership
- Installations
- 7,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.0.24
- Severity Score:
- Medium
- CVE:
- 2024-27995
Better Search – Relevant search results for WordPress
- Plugin Slug:
- better-search
- Installations
- 7,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.3.1
- Severity Score:
- High
- CVE:
- 2024-29142
Database for Contact Form 7
- Plugin:
- Database for Contact Form 7
- Plugin Slug:
- cf7-database
- Installations
- 7,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.0.7
- Severity Score:
- High
- CVE:
- 2024-29103
Restaurant Menu and Food Ordering
- Plugin Slug:
- food-and-drink-menu
- Installations
- 7,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.4.15
- Severity Score:
- Medium
- CVE:
- 2024-29089
Easiest Sales Funnel Builder For WordPress & WooCommerce by WPFunnels
- Plugin Slug:
- wpfunnels
- Installations
- 7,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.0.7
- Severity Score:
- Medium
- CVE:
- 2024-27965
Extensions For CF7 (Contact form 7 Database, Conditional Fields and Redirection)
- Plugin Slug:
- extensions-for-cf7
- Installations
- 6,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.0.7
- Severity Score:
- High
- CVE:
- 2024-29102
HT Easy GA4 – Google Analytics WordPress Plugin
- Plugin Slug:
- ht-easy-google-analytics
- Installations
- 6,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.1.8
- Severity Score:
- High
- CVE:
- 2024-29094
Specific Content For Mobile – Customize the mobile version without redirections
- Plugin Slug:
- specific-content-for-mobile
- Installations
- 6,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 0.1.9.6
- Severity Score:
- High
- CVE:
- 2024-29126
Ultimate Gift Cards for WooCommerce – Create, Redeem & Manage Digital Gift Certificates with Personalized Templates
- Plugin Slug:
- woo-gift-cards-lite
- Installations
- 6,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.6.7
- Severity Score:
- Medium
- CVE:
- 2024-1857
AntiSpam for Contact Form 7
- Plugin:
- AntiSpam for Contact Form 7
- Plugin Slug:
- cf7-antispam
- Installations
- 5,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 0.6.1
- Severity Score:
- High
- CVE:
- 2024-27961
Free Downloads WooCommerce
- Plugin:
- Free Downloads WooCommerce
- Plugin Slug:
- download-now-for-woocommerce
- Installations
- 5,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.5.8.3
- Severity Score:
- Medium
- CVE:
- 2024-27969
Error Log Viewer by BestWebSoft
- Plugin:
- Error Log Viewer by BestWebSoft
- Plugin Slug:
- error-log-viewer
- Installations
- 5,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 1.1.3
- Severity Score:
- High
- CVE:
- 2023-6821
Survey Maker – Best WordPress Survey Plugin
- Plugin Slug:
- survey-maker
- Installations
- 5,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.0.6
- Severity Score:
- Medium
- CVE:
- 2024-27996
Contact Form Builder by Bit Form: Create Contact Form, Multi Step Form, Conversational Form
- Plugin Slug:
- bit-form
- Installations
- 4,000+
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- 2.10.2
- Severity Score:
- Medium
- CVE:
- 2024-1640
ElementInvader Addons for Elementor
- Plugin Slug:
- elementinvader-addons-for-elementor
- Installations
- 4,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.2.3
- Severity Score:
- Medium
- CVE:
- 2024-2308
News Announcement Scroll
- Plugin:
- News Announcement Scroll
- Plugin Slug:
- news-announcement-scroll
- Installations
- 4,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 9.1.0
- Severity Score:
- High
- CVE:
- 2023-5663
Sell Tickets – Event Ticketing and Event Registration – Ticket Tailor for WordPress
- Plugin Slug:
- ticket-tailor
- Installations
- 4,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.12
- Severity Score:
- Medium
- CVE:
- 2024-29104
Coupon Affiliates – WooCommerce Affiliate Plugin
- Plugin Slug:
- woo-coupon-usage
- Installations
- 4,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.12.8
- Severity Score:
- High
- CVE:
- 2024-29125
Auto Affiliate Links
- Plugin:
- Auto Affiliate Links
- Plugin Slug:
- wp-auto-affiliate-links
- Installations
- 4,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 6.4.3.1
- Severity Score:
- Medium
- CVE:
- 2024-1843
WP Calameo
- Plugin:
- WP Calameo
- Plugin Slug:
- wp-calameo
- Installations
- 4,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.1.8
- Severity Score:
- Medium
- CVE:
- 2024-29098
WP Fusion Lite – Marketing Automation and CRM Integration for WordPress
- Plugin Slug:
- wp-fusion-lite
- Installations
- 4,000+
- Vulnerability:
- Remote Code Execution (RCE)
- Patched in Version:
- 3.42.10
- Severity Score:
- Critical
- CVE:
- 2024-27972
Email Subscription Popup
- Plugin:
- Email Subscription Popup
- Plugin Slug:
- email-subscribe
- Installations
- 3,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.2.21
- Severity Score:
- High
- CVE:
- 2024-27960
EventPrime – Events Calendar, Bookings and Tickets
- Plugin Slug:
- eventprime-event-calendar-management
- Installations
- 3,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.4.2
- Severity Score:
- Medium
- CVE:
- 2024-1126
EventPrime – Events Calendar, Bookings and Tickets
- Plugin Slug:
- eventprime-event-calendar-management
- Installations
- 3,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.4.4
- Severity Score:
- High
- CVE:
- 2024-1320
EventPrime – Events Calendar, Bookings and Tickets
- Plugin Slug:
- eventprime-event-calendar-management
- Installations
- 3,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.4.3
- Severity Score:
- Medium
- CVE:
- 2024-1123
EventPrime – Events Calendar, Bookings and Tickets
- Plugin Slug:
- eventprime-event-calendar-management
- Installations
- 3,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.4.4
- Severity Score:
- Medium
- CVE:
- 2024-1124
Profile Box Shortcode And Widget
- Plugin:
- Profile Box Shortcode And Widget
- Plugin Slug:
- facebook-likebox-widget-and-shortcode
- Installations
- 3,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.2.1
- Severity Score:
- Medium
- CVE:
- 2024-1401
Multiple Page Generator Plugin – MPG
- Plugin Slug:
- multiple-pages-generator-by-porthas
- Installations
- 3,000+
- Vulnerability:
- Remote Code Execution (RCE)
- Patched in Version:
- 3.4.1
- Severity Score:
- Critical
- CVE:
- 2024-27951
oik
Registration Forms – User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction
- Plugin Slug:
- pie-register
- Installations
- 3,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 3.8.3.3
- Severity Score:
- Critical
- CVE:
- 2024-27957
PropertyHive
- Plugin:
- PropertyHive
- Plugin Slug:
- propertyhive
- Installations
- 3,000+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 2.0.10
- Severity Score:
- Medium
- CVE:
- 2024-27985
Categorify – WordPress Media Library Category & File Manager
- Plugin Slug:
- categorify
- Installations
- 2,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.0.7.5
- Severity Score:
- Medium
- CVE:
- 2024-1649
Categorify – WordPress Media Library Category & File Manager
- Plugin Slug:
- categorify
- Installations
- 2,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.0.7.5
- Severity Score:
- Medium
- CVE:
- 2024-1906
Smart Online Order for Clover
- Plugin:
- Smart Online Order for Clover
- Plugin Slug:
- clover-online-orders
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.5.6
- Severity Score:
- Medium
- CVE:
- 2024-29115
CWW Companion
- Plugin:
- CWW Companion
- Plugin Slug:
- cww-companion
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.2.8
- Severity Score:
- Medium
- CVE:
- 2024-2130
WP Responsive Tabs horizontal vertical and accordion Tabs
- Plugin Slug:
- responsive-horizontal-vertical-and-accordion-tabs
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.1.18
- Severity Score:
- Medium
- CVE:
- 2024-27989
Sitekit
- Plugin:
- Sitekit
- Plugin Slug:
- sitekit
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.7
- Severity Score:
- Medium
- CVE:
- 2024-29111
The Moneytizer
- Plugin:
- The Moneytizer
- Plugin Slug:
- the-moneytizer
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 9.6.1
- Severity Score:
- Medium
- CVE:
- 2024-27990
Advanced Sermons
- Plugin:
- Advanced Sermons
- Plugin Slug:
- advanced-sermons
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.3
- Severity Score:
- High
- CVE:
- 2024-27952
Bulgarisation for WooCommerce
- Plugin:
- Bulgarisation for WooCommerce
- Plugin Slug:
- bulgarisation-for-woocommerce
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.0.15
- Severity Score:
- Medium
- CVE:
- 2024-0683
Bulgarisation for WooCommerce
- Plugin:
- Bulgarisation for WooCommerce
- Plugin Slug:
- bulgarisation-for-woocommerce
- Installations
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 3.0.15
- Severity Score:
- Medium
- CVE:
- 2024-2395
Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for WordPress
- Plugin Slug:
- contest-gallery
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 21.3.1
- Severity Score:
- Medium
- CVE:
- 2024-1487
Knight Lab Timeline
- Plugin:
- Knight Lab Timeline
- Plugin Slug:
- knight-lab-timelinejs
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.9.3.4
- Severity Score:
- Medium
- CVE:
- 2024-2287
MyCurator Content Curation
- Plugin:
- MyCurator Content Curation
- Plugin Slug:
- mycurator
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.77
- Severity Score:
- High
- CVE:
- 2024-29139
Passwordless Login
- Plugin:
- Passwordless Login
- Plugin Slug:
- passwordless-login
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.1.3
- Severity Score:
- Medium
- CVE:
- 2024-29143
Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blogs)
- Plugin Slug:
- sky-elementor-addons
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.5.0
- Severity Score:
- Medium
- CVE:
- 2024-2286
WEN Responsive Columns
- Plugin:
- WEN Responsive Columns
- Plugin Slug:
- wen-responsive-columns
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.3.3
- Severity Score:
- Medium
- CVE:
- 2024-27988
wp-mpdf
- Plugin:
- wp-mpdf
- Plugin Slug:
- wp-mpdf
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.8
- Severity Score:
- High
- CVE:
- 2024-27962
WP SendFox
- Plugin:
- WP SendFox
- Plugin Slug:
- wp-sendfox
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.3.1
- Severity Score:
- Medium
- CVE:
- 2024-27970
Backup Bolt
- Plugin:
- Backup Bolt
- Plugin Slug:
- backup-bolt
- Installations
- 900+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 1.4.0
- Severity Score:
- Medium
- CVE:
- 2023-7236
WC Shop Sync – Integrate Square and WooCommerce for Seamless Shop Management
- Plugin Slug:
- woosquare
- Installations
- 900+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.3
- Severity Score:
- High
- CVE:
- 2024-27959
Team Circle Image Slider With Lightbox
- Plugin Slug:
- circle-image-slider-with-lightbox
- Installations
- 500+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.0.1
- Severity Score:
- Medium
- CVE:
- 2015-10130
MJM Clinic
- Plugin:
- MJM Clinic
- Plugin Slug:
- mjm-clinic
- Installations
- 50+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.1.23
- Severity Score:
- Medium
- CVE:
- 2024-29140
MJM Clinic
- Plugin:
- MJM Clinic
- Plugin Slug:
- mjm-clinic
- Installations
- 50+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.1.23
- Severity Score:
- Medium
- CVE:
- 2024-29096
Barcode Scanner with Inventory & Order Manager
- Plugin:
- Barcode Scanner with Inventory & Order Manager
- Plugin Slug:
- barcode-scanner-lite-pos-to-manage-products-inventory-and-orders
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.5.4
- Severity Score:
- High
- CVE:
- 2024-27998
Calendarista Basic Edition
- Plugin:
- Calendarista Basic Edition
- Plugin Slug:
- calendarista-basic-edition
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.0.3
- Severity Score:
- High
- CVE:
- 2024-27993
Contact Forms by Cimatti
- Plugin:
- Contact Forms by Cimatti
- Plugin Slug:
- contact-forms
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.8.0
- Severity Score:
- High
- CVE:
- 2024-29117
Digits
- Plugin:
- Digits
- Plugin Slug:
- digits
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 8.4.2
- Severity Score:
- Medium
- CVE:
- 2024-0203
Evergreen Content Poster
- Plugin:
- Evergreen Content Poster
- Plugin Slug:
- evergreen-content-poster
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.4.2
- Severity Score:
- High
- CVE:
- 2024-29099
Fancy Product Designer
- Plugin:
- Fancy Product Designer
- Plugin Slug:
- fancy-product-designer
- Vulnerability:
- SQL Injection
- Patched in Version:
- 6.1.5
- Severity Score:
- High
- CVE:
- 2024-0365
Formidable Registration
- Plugin:
- Formidable Registration
- Plugin Slug:
- formidable-registration
- Vulnerability:
- Broken Authentication
- Patched in Version:
- 2.12
- Severity Score:
- Critical
- CVE:
- 2024-1290
WooCommerce License Manager
- Plugin:
- WooCommerce License Manager
- Plugin Slug:
- fs-license-manager
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.3.2
- Severity Score:
- High
- CVE:
- 2024-29121
WooThumbs for WooCommerce by Iconic
- Plugin:
- WooThumbs for WooCommerce by Iconic
- Plugin Slug:
- iconic-woothumbs
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.5.4
- Severity Score:
- High
- CVE:
- 2024-29116
Mollie Forms
- Plugin:
- Mollie Forms
- Plugin Slug:
- mollie-forms
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.6.4
- Severity Score:
- Medium
- CVE:
- 2024-1400
Mollie Forms
- Plugin:
- Mollie Forms
- Plugin Slug:
- mollie-forms
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.6.4
- Severity Score:
- Medium
- CVE:
- 2024-1645
OxyExtras
- Plugin:
- OxyExtras
- Plugin Slug:
- oxyextras
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.4.5
- Severity Score:
- High
- CVE:
- 2024-29129
Scrollsequence
- Plugin:
- Scrollsequence
- Plugin Slug:
- scrollsequence
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.5.5
- Severity Score:
- Medium
- CVE:
- 2024-29118
Tourfic
- Plugin:
- Tourfic
- Plugin Slug:
- tourfic
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.11.8
- Severity Score:
- High
- CVE:
- 2024-29137
Tourfic
- Plugin:
- Tourfic
- Plugin Slug:
- tourfic
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 2.11.19
- Severity Score:
- High
- CVE:
- 2024-29136
Tourfic
- Plugin:
- Tourfic
- Plugin Slug:
- tourfic
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 2.11.16
- Severity Score:
- Critical
- CVE:
- 2024-29135
Tourfic
- Plugin:
- Tourfic
- Plugin Slug:
- tourfic
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.11.9
- Severity Score:
- Medium
- CVE:
- 2024-29134
User profile
- Plugin:
- User profile
- Plugin Slug:
- user-profile
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.0.21
- Severity Score:
- Medium
- CVE:
- 2024-29097
Builder for WooCommerce reviews shortcodes – ReviewShort
- Plugin:
- Builder for WooCommerce reviews shortcodes – ReviewShort
- Plugin Slug:
- woo-product-reviews-shortcode
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.01.4
- Severity Score:
- Medium
- CVE:
- 2024-29093
Automatic
- Plugin:
- Automatic
- Plugin Slug:
- wp-automatic
- Vulnerability:
- SQL Injection
- Patched in Version:
- 3.92.1
- Severity Score:
- Critical
- CVE:
- 2024-27956
Automatic
- Plugin:
- Automatic
- Plugin Slug:
- wp-automatic
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 3.92.1
- Severity Score:
- High
- CVE:
- 2024-27955
Automatic
- Plugin:
- Automatic
- Plugin Slug:
- wp-automatic
- Vulnerability:
- Arbitrary File Download
- Patched in Version:
- 3.92.1
- Severity Score:
- Critical
- CVE:
- 2024-27954
WordPress Themes — 2 Patched / 0 Unpatched
Blocksy
Blossom Spa
- Theme:
- Blossom Spa
- Theme Slug:
- blossom-spa
- Downloads
- 191,726
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 1.3.5
- Severity Score:
- Medium
- CVE:
- 2024-2107
Solid Security is part of Solid Suite — The best foundation for WordPress websites.
Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!
Sign up now — Get SolidWP updates and valuable content straight to your inbox
Sign up
Get started with confidence — risk free, guaranteed