WordPress Vulnerability Report — March 20, 2024

Since last week, 201 new vulnerabilities emerged in the WordPress ecosystem, including 2 in themes and 199 in plugins. 16 of the vulnerable plugins remain unpatched, but Solid Security Pro users are protected by virtual patching from Patchstack.

Sarah Ulmer

Published:Mar 20, 2024

Filed Under:WordPress Vulnerability Report

Reading Time:39 min.

In this report, 201 vulnerabilities have been publicly disclosed. Security patches for 185 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 16 plugin vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

Along with poor user account security, vulnerable plugins and themes are among the top reasons why WordPress websites get hacked. (See our Annual Vulnerability Report for 2022.) Unfortunately, cyberattacks are increasing in volume and sophistication. They’re also increasingly aimed at small to mid-sized businesses.

1. WordPress Core
2. WordPress Plugins — 183 Patched / 16 Unpatched

2.1 Conversios – Google Analytics 4 (GA4), Meta Pixel & more Via Google Tag Manager For WooCommerce
2.2 HT Easy GA4 – Google Analytics WordPress Plugin
2.3 Advanced Social Feeds Widget & Shortcode
2.4 ArtiBot
2.5 Enjoy Social Feed plugin for WordPress website
2.6 Enjoy Social Feed plugin for WordPress website
2.7 f(x) Private Site
2.8 Innovs HR
2.9 LadiApp
2.10 LadiApp
2.11 Malware Scanner
2.12 Newsletter2Go
2.13 Play.ht
2.14 Play.ht
2.15 Scalable Vector Graphics (SVG)
2.16 Web Application Firewall – website security
2.17 Contact Form 7
2.18 Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
2.19 Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
2.20 ElementsKit Elementor addons
2.21 ElementsKit Elementor addons
2.22 ElementsKit Elementor addons
2.23 Elementor Header & Footer Builder
2.24 Premium Addons for Elementor
2.25 Premium Addons for Elementor
2.26 WP Statistics
2.27 Happy Addons for Elementor
2.28 Gutenberg Blocks by Kadence Blocks – Page Builder Features
2.29 POST SMTP – The #1 WordPress SMTP Plugin with Advanced Email Logging and Delivery Failure Notifications
2.30 WP Go Maps (formerly WP Google Maps)
2.31 WP Go Maps (formerly WP Google Maps)
2.32 Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE
2.33 PDF Embedder
2.34 Backuply – Backup, Restore, Migrate and Clone
2.35 Anti-Malware Security and Brute-Force Firewall
2.36 Jeg Elementor Kit
2.37 Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress
2.38 Elementor Addon Elements
2.39 Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More
2.40 Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More
2.41 Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider)
2.42 Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider)
2.43 Beaver Builder – WordPress Page Builder
2.44 Burst Statistics – Privacy-Friendly Analytics for WordPress
2.45 Colibri Page Builder
2.46 Download Manager
2.47 Everest Forms – Build Contact Forms, Surveys, Polls, Quizzes, Newsletter & Application Forms, and Many More with Ease!
2.48 GiveWP – Donation Plugin and Fundraising Platform
2.49 WP Armour – Honeypot Anti Spam
2.50 HT Mega – Absolute Addons For Elementor
2.51 HT Mega – Absolute Addons For Elementor
2.52 HT Mega – Absolute Addons For Elementor
2.53 Qi Addons For Elementor
2.54 Tracking Code Manager
2.55 HUSKY – Products Filter Professional for WooCommerce
2.56 HUSKY – Products Filter Professional for WooCommerce
2.57 ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor)
2.58 Hustle – Email Marketing, Lead Generation, Optins, Popups
2.59 Widget for Social Page Feeds
2.60 Permalink Manager Pro
2.61 Permalink Manager Pro
2.62 Tutor LMS – eLearning and online course solution
2.63 Tutor LMS – eLearning and online course solution
2.64 Tutor LMS – eLearning and online course solution
2.65 Elementor Addons by Livemesh
2.66 Site Reviews
2.67 Site Reviews
2.68 Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode & Coming Soon Pages
2.69 Contact Form by BestWebSoft – Advanced Contact Us Form Builder for WordPress
2.70 Easy Accordion – Best Accordion FAQ Plugin for WordPress
2.71 Easy Social Feed – Social Photos Gallery – Post Feed – Like Box
2.72 Easy Social Feed – Social Photos Gallery – Post Feed – Like Box
2.73 Easy Social Feed – Social Photos Gallery – Post Feed – Like Box
2.74 Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks
2.75 Shariff Wrapper
2.76 Shariff Wrapper
2.77 Shariff Wrapper
2.78 Shariff Wrapper
2.79 Premmerce Permalink Manager for WooCommerce
2.80 Super Page Cache for Cloudflare
2.81 WP Recipe Maker
2.82 Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress
2.83 Starbox – the Author Box for Humans
2.84 Crisp – Live Chat and Chatbot
2.85 FV Flowplayer Video Player
2.86 Link Whisper Free
2.87 Seriously Simple Podcasting
2.88 Team Members
2.89 Visualizer: Tables and Charts Manager for WordPress
2.90 WP Popups – WordPress Popup builder
2.91 Accordion
2.92 Responsive Pricing Table
2.93 DSGVO All in one for WP
2.94 Related Posts for WordPress
2.95 Restrict User Access – Ultimate Membership & Content Protection
2.96 Simple Job Board
2.97 Video Conferencing with Zoom
2.98 weForms – Easy Drag & Drop Contact Form Builder For WordPress
2.99 TeraWallet – Best WooCommerce Wallet System With Cashback Rewards, Partial Payment, Wallet Refunds
2.100 404 Solution
2.101 WPBakery Page Builder Addons by Livemesh
2.102 Contact Form 7 – PayPal & Stripe Add-on
2.103 Cryptocurrency Widgets – Price Ticker & Coins List
2.104 RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login
2.105 RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login
2.106 JetWidgets For Elementor
2.107 Jobs for WordPress
2.108 LA-Studio Element Kit for Elementor
2.109 Link Library
2.110 Link Library
2.111 MasterStudy LMS WordPress Plugin – for Online Courses and Education
2.112 s2Member – Best Membership Plugin for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions
2.113 SupportCandy – Helpdesk & Customer Support Ticket System
2.114 Ultimate Posts Widget
2.115 UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress
2.116 WP Coder – Powerful HTML, CSS, JS and PHP Injection
2.117 Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit
2.118 WooCommerce Google Feed Manager
2.119 YITH WooCommerce Product Add-Ons
2.120 Zippy
2.121 Elements Plus!
2.122 PowerPack Lite for Beaver Builder
2.123 Tablesome – Responsive Table, Email Log, Form Automation – Contact Form 7, Elementor, WPForms, Gravity Forms, Fluent, Forminator
2.124 ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup
2.125 Better Search – Relevant search results for WordPress
2.126 Database for Contact Form 7
2.127 Restaurant Menu and Food Ordering
2.128 Easiest Sales Funnel Builder For WordPress & WooCommerce by WPFunnels
2.129 Extensions For CF7 (Contact form 7 Database, Conditional Fields and Redirection)
2.130 HT Easy GA4 – Google Analytics WordPress Plugin
2.131 Specific Content For Mobile – Customize the mobile version without redirections
2.132 Ultimate Gift Cards for WooCommerce – Create, Redeem & Manage Digital Gift Certificates with Personalized Templates
2.133 AntiSpam for Contact Form 7
2.134 Free Downloads WooCommerce
2.135 Error Log Viewer by BestWebSoft
2.136 Survey Maker – Best WordPress Survey Plugin
2.137 Contact Form Builder by Bit Form: Create Contact Form, Multi Step Form, Conversational Form
2.138 ElementInvader Addons for Elementor
2.139 News Announcement Scroll
2.140 Sell Tickets – Event Ticketing and Event Registration – Ticket Tailor for WordPress
2.141 Coupon Affiliates – WooCommerce Affiliate Plugin
2.142 Auto Affiliate Links
2.143 WP Calameo
2.144 WP Fusion Lite – Marketing Automation and CRM Integration for WordPress
2.145 Email Subscription Popup
2.146 EventPrime – Events Calendar, Bookings and Tickets
2.147 EventPrime – Events Calendar, Bookings and Tickets
2.148 EventPrime – Events Calendar, Bookings and Tickets
2.149 EventPrime – Events Calendar, Bookings and Tickets
2.150 Profile Box Shortcode And Widget
2.151 Multiple Page Generator Plugin – MPG
2.152 oik
2.153 Registration Forms – User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction
2.154 PropertyHive
2.155 Categorify – WordPress Media Library Category & File Manager
2.156 Categorify – WordPress Media Library Category & File Manager
2.157 Smart Online Order for Clover
2.158 CWW Companion
2.159 WP Responsive Tabs horizontal vertical and accordion Tabs
2.160 Sitekit
2.161 The Moneytizer
2.162 Advanced Sermons
2.163 Bulgarisation for WooCommerce
2.164 Bulgarisation for WooCommerce
2.165 Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for WordPress
2.166 Knight Lab Timeline
2.167 MyCurator Content Curation
2.168 Passwordless Login
2.169 Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blogs)
2.170 WEN Responsive Columns
2.171 wp-mpdf
2.172 WP SendFox
2.173 Backup Bolt
2.174 WC Shop Sync – Integrate Square and WooCommerce for Seamless Shop Management
2.175 Team Circle Image Slider With Lightbox
2.176 MJM Clinic
2.177 MJM Clinic
2.178 Barcode Scanner with Inventory & Order Manager
2.179 Calendarista Basic Edition
2.180 Contact Forms by Cimatti
2.181 Digits
2.182 Evergreen Content Poster
2.183 Fancy Product Designer
2.184 Formidable Registration
2.185 WooCommerce License Manager
2.186 WooThumbs for WooCommerce by Iconic
2.187 Mollie Forms
2.188 Mollie Forms
2.189 OxyExtras
2.190 Scrollsequence
2.191 Tourfic
2.192 Tourfic
2.193 Tourfic
2.194 Tourfic
2.195 User profile
2.196 Builder for WooCommerce reviews shortcodes – ReviewShort
2.197 Automatic
2.198 Automatic
2.199 Automatic

3. WordPress Themes — 2 Patched / 0 Unpatched

3.1 Blocksy
3.2 Blossom Spa

Our WordPress Vulnerability Report covers the latest emerging WordPress plugin, theme, and core vulnerabilities. Each vulnerability will have a severity rating of Low, Medium, High, or Critical. Responsible disclosure of vulnerabilities is essential to keeping the WordPress community safe. Please share this report to help spread the word and make WordPress — and the web — more secure.

WordPress Core

WordPress 6.4.3 was released on January 30, 2024, as a short-cycle maintenance and security release with five bug fixes in Core and 16 bug fixes for the Block Editor. It is recommended that you update your sites immediately.

The next major release will be version 6.5, planned for March 26, 2024.

WordPress Plugins — 183 Patched / 16 Unpatched

Plugin:: Conversios – Google Analytics 4 (GA4), Meta Pixel & more Via Google Tag Manager For WooCommerce
Plugin Slug:: enhanced-e-commerce-for-woocommerce-store
Installations: 20,000+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-1203

Plugin:: HT Easy GA4 – Google Analytics WordPress Plugin
Plugin Slug:: ht-easy-google-analytics
Installations: 6,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-1176

Plugin:: Advanced Social Feeds Widget & Shortcode
Plugin Slug:: advanced-facebook-twitter-widget
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-0951

Plugin:: ArtiBot
Plugin Slug:: artibot
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-0447

Plugin:: Enjoy Social Feed plugin for WordPress website
Plugin Slug:: enjoy-instagram-instagram-responsive-images-gallery-and-carousel
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-0780

Plugin:: Enjoy Social Feed plugin for WordPress website
Plugin Slug:: enjoy-instagram-instagram-responsive-images-gallery-and-carousel
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-0779

Plugin:: f(x) Private Site
Plugin Slug:: fx-private-site
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-0906

Plugin:: Innovs HR
Plugin Slug:: innovs-hr-manager
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-0858

Plugin:: LadiApp
Plugin Slug:: ladipage
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2023-4731

Plugin:: LadiApp
Plugin Slug:: ladipage
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2023-4728

Plugin:: Malware Scanner
Plugin Slug:: miniorange-malware-protection
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-2172

Plugin:: Newsletter2Go
Plugin Slug:: newsletter2go
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-1328

Plugin:: Play.ht
Plugin Slug:: play-ht
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-0828

Plugin:: Play.ht
Plugin Slug:: play-ht
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-0827

Plugin:: Scalable Vector Graphics (SVG)
Plugin Slug:: scalable-vector-graphics-svg
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2023-7085

Plugin:: Web Application Firewall – website security
Plugin Slug:: web-application-firewall
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-2172

Plugin:: Contact Form 7
Plugin Slug:: contact-form-7
Installations: 5,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.9.2
Severity Score:: High
CVE:: 2024-2242

Plugin:: Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
Plugin Slug:: essential-addons-for-elementor-lite
Installations: 2,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.9.10
Severity Score:: Medium
CVE:: 2024-1536

Plugin:: Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
Plugin Slug:: essential-addons-for-elementor-lite
Installations: 2,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.9.10
Severity Score:: Medium
CVE:: 2024-1537

Plugin:: ElementsKit Elementor addons
Plugin Slug:: elementskit-lite
Installations: 1,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.0.6
Severity Score:: Medium
CVE:: 2024-2042

Plugin:: ElementsKit Elementor addons
Plugin Slug:: elementskit-lite
Installations: 1,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.0.5
Severity Score:: Medium
CVE:: 2024-1239

Plugin:: ElementsKit Elementor addons
Plugin Slug:: elementskit-lite
Installations: 1,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.0.4
Severity Score:: Medium
CVE:: 2023-6525

Plugin:: Elementor Header & Footer Builder
Plugin Slug:: header-footer-elementor
Installations: 1,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.25
Severity Score:: Medium
CVE:: 2024-1237

Plugin:: Premium Addons for Elementor
Plugin Slug:: premium-addons-for-elementor
Installations: 700,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.10.17
Severity Score:: Medium
CVE:: 2024-29106

Plugin:: Premium Addons for Elementor
Plugin Slug:: premium-addons-for-elementor
Installations: 700,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.10.24
Severity Score:: Medium
CVE:: 2024-2399

Plugin:: WP Statistics
Plugin Slug:: wp-statistics
Installations: 600,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 14.5.1
Severity Score:: High
CVE:: 2024-2194

Plugin:: Happy Addons for Elementor
Plugin Slug:: happy-elementor-addons
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.10.2
Severity Score:: Medium
CVE:: 2024-29108

Plugin:: Gutenberg Blocks by Kadence Blocks – Page Builder Features
Plugin Slug:: kadence-blocks
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.24
Severity Score:: Medium
CVE:: 2024-1541

Plugin:: POST SMTP – The #1 WordPress SMTP Plugin with Advanced Email Logging and Delivery Failure Notifications
Plugin Slug:: post-smtp
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.8.7
Severity Score:: High
CVE:: 2024-29128

Plugin:: WP Go Maps (formerly WP Google Maps)
Plugin Slug:: wp-google-maps
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 9.0.33
Severity Score:: Medium
CVE:: 2023-4839

Plugin:: WP Go Maps (formerly WP Google Maps)
Plugin Slug:: wp-google-maps
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 9.0.33
Severity Score:: Medium
CVE:: 2024-1582

Plugin:: Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE
Plugin Slug:: otter-blocks
Installations: 300,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.5
Severity Score:: Medium
CVE:: 2024-2226

Plugin:: PDF Embedder
Plugin Slug:: pdf-embedder
Installations: 300,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.7.1
Severity Score:: Medium
CVE:: 2024-29141

Plugin:: Backuply – Backup, Restore, Migrate and Clone
Plugin Slug:: backuply
Installations: 200,000+
Vulnerability:: Directory Traversal
Patched in Version:: 1.2.8
Severity Score:: Medium
CVE:: 2024-2294

Plugin:: Anti-Malware Security and Brute-Force Firewall
Plugin Slug:: gotmls
Installations: 200,000+
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: 4.23.56
Severity Score:: Critical
CVE:: 2024-22144

Plugin:: Jeg Elementor Kit
Plugin Slug:: jeg-elementor-kit
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.3
Severity Score:: Medium
CVE:: 2024-29101

Plugin:: Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress
Plugin Slug:: wp-user-avatar
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.15.3
Severity Score:: Medium
CVE:: 2024-1535

Plugin:: Elementor Addon Elements
Plugin Slug:: addon-elements-for-elementor-page-builder
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.12.11
Severity Score:: Medium
CVE:: 2024-29107

Plugin:: Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More
Plugin Slug:: advanced-access-manager
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.9.21
Severity Score:: High
CVE:: 2024-29127

Plugin:: Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More
Plugin Slug:: advanced-access-manager
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.9.21
Severity Score:: Medium
CVE:: 2024-29124

Plugin:: Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider)
Plugin Slug:: bdthemes-prime-slider-lite
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.13.3
Severity Score:: Medium
CVE:: 2024-1507

Plugin:: Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider)
Plugin Slug:: bdthemes-prime-slider-lite
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.13.3
Severity Score:: Medium
CVE:: 2024-1508

Plugin:: Beaver Builder – WordPress Page Builder
Plugin Slug:: beaver-builder-lite-version
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.7.4.5
Severity Score:: Medium
CVE:: 2024-1080

Plugin:: Burst Statistics – Privacy-Friendly Analytics for WordPress
Plugin Slug:: burst-statistics
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.7
Severity Score:: Medium
CVE:: 2024-1894

Plugin:: Colibri Page Builder
Plugin Slug:: colibri-page-builder
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.0.263
Severity Score:: Medium
CVE:: 2024-1870

Plugin:: Download Manager
Plugin Slug:: download-manager
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.85
Severity Score:: Medium
CVE:: 2024-29114

Plugin:: Everest Forms – Build Contact Forms, Surveys, Polls, Quizzes, Newsletter & Application Forms, and Many More with Ease!
Plugin Slug:: everest-forms
Installations: 100,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 2.0.8
Severity Score:: High
CVE:: 2024-1812

Plugin:: GiveWP – Donation Plugin and Fundraising Platform
Plugin Slug:: give
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.4.0
Severity Score:: High
CVE:: 2024-27987

Plugin:: WP Armour – Honeypot Anti Spam
Plugin Slug:: honeypot
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.14
Severity Score:: High
CVE:: 2024-29091

Plugin:: HT Mega – Absolute Addons For Elementor
Plugin Slug:: ht-mega-for-elementor
Installations: 100,000+
Vulnerability:: Directory Traversal
Patched in Version:: 2.4.7
Severity Score:: High
CVE:: 2024-1974

Plugin:: HT Mega – Absolute Addons For Elementor
Plugin Slug:: ht-mega-for-elementor
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.7
Severity Score:: Medium
CVE:: 2024-1397

Plugin:: HT Mega – Absolute Addons For Elementor
Plugin Slug:: ht-mega-for-elementor
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.5
Severity Score:: Medium
CVE:: 2024-1421

Plugin:: Qi Addons For Elementor
Plugin Slug:: qi-addons-for-elementor
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.8
Severity Score:: Medium
CVE:: 2024-0826

Plugin:: Tracking Code Manager
Plugin Slug:: tracking-code-manager
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.0
Severity Score:: Medium
CVE:: 2024-2579

Plugin:: HUSKY – Products Filter Professional for WooCommerce
Plugin Slug:: woocommerce-products-filter
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.5.2
Severity Score:: Medium
CVE:: 2024-1796

Plugin:: HUSKY – Products Filter Professional for WooCommerce
Plugin Slug:: woocommerce-products-filter
Installations: 100,000+
Vulnerability:: SQL Injection
Patched in Version:: 1.3.5.3
Severity Score:: High
CVE:: 2024-1795

Plugin:: ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor)
Plugin Slug:: woolentor-addons
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.8.2
Severity Score:: Medium
CVE:: 2024-1960

Plugin:: Hustle – Email Marketing, Lead Generation, Optins, Popups
Plugin Slug:: wordpress-popup
Installations: 100,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 7.8.4
Severity Score:: High
CVE:: 2024-0368

Plugin:: Widget for Social Page Feeds
Plugin Slug:: facebook-pagelike-widget
Installations: 80,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.4
Severity Score:: Medium
CVE:: 2024-0973

Plugin:: Permalink Manager Pro
Plugin Slug:: permalink-manager
Installations: 80,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.4.3.2
Severity Score:: Low
CVE:: 2024-2538

Plugin:: Permalink Manager Pro
Plugin Slug:: permalink-manager
Installations: 80,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.3.1
Severity Score:: High
CVE:: 2024-29092

Plugin:: Tutor LMS – eLearning and online course solution
Plugin Slug:: tutor
Installations: 80,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.6.2
Severity Score:: Medium
CVE:: 2024-1503

Plugin:: Tutor LMS – eLearning and online course solution
Plugin Slug:: tutor
Installations: 80,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.6.2
Severity Score:: Medium
CVE:: 2024-1502

Plugin:: Tutor LMS – eLearning and online course solution
Plugin Slug:: tutor
Installations: 80,000+
Vulnerability:: SQL Injection
Patched in Version:: 2.6.2
Severity Score:: High
CVE:: 2024-1751

Plugin:: Elementor Addons by Livemesh
Plugin Slug:: addons-for-elementor
Installations: 70,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 8.3.6
Severity Score:: Medium
CVE:: 2024-27986

Plugin:: Site Reviews
Plugin Slug:: site-reviews
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.11.7
Severity Score:: Medium
CVE:: 2024-29095

Plugin:: Site Reviews
Plugin Slug:: site-reviews
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.11.7
Severity Score:: Medium
CVE:: 2024-2293

Plugin:: Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode & Coming Soon Pages
Plugin Slug:: visualcomposer
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 45.7.0
Severity Score:: Medium
CVE:: 2024-27997

Plugin:: Contact Form by BestWebSoft – Advanced Contact Us Form Builder for WordPress
Plugin Slug:: contact-form-plugin
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.2.9
Severity Score:: High
CVE:: 2024-2198

Plugin:: Easy Accordion – Best Accordion FAQ Plugin for WordPress
Plugin Slug:: easy-accordion-free
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.3.5
Severity Score:: Medium
CVE:: 2024-1363

Plugin:: Easy Social Feed – Social Photos Gallery – Post Feed – Like Box
Plugin Slug:: easy-facebook-likebox
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.5.5
Severity Score:: Medium
CVE:: 2024-1278

Plugin:: Easy Social Feed – Social Photos Gallery – Post Feed – Like Box
Plugin Slug:: easy-facebook-likebox
Installations: 50,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 6.5.5
Severity Score:: Medium
CVE:: 2024-1213

Plugin:: Easy Social Feed – Social Photos Gallery – Post Feed – Like Box
Plugin Slug:: easy-facebook-likebox
Installations: 50,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 6.5.5
Severity Score:: Medium
CVE:: 2024-1214

Plugin:: Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks
Plugin Slug:: post-grid
Installations: 50,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.2.69
Severity Score:: Medium
CVE:: 2023-7072

Plugin:: Shariff Wrapper
Plugin Slug:: shariff
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.6.11
Severity Score:: Medium
CVE:: 2024-29109

Plugin:: Shariff Wrapper
Plugin Slug:: shariff
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.6.10
Severity Score:: Medium
CVE:: 2023-6500

Plugin:: Shariff Wrapper
Plugin Slug:: shariff
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.6.11
Severity Score:: Medium
CVE:: 2024-1450

Plugin:: Shariff Wrapper
Plugin Slug:: shariff
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.6.10
Severity Score:: Medium
CVE:: 2024-0966

Plugin:: Premmerce Permalink Manager for WooCommerce
Plugin Slug:: woo-permalink-manager
Installations: 50,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 2.3.11
Severity Score:: High
CVE:: 2024-27971

Plugin:: Super Page Cache for Cloudflare
Plugin Slug:: wp-cloudflare-page-cache
Installations: 50,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 4.7.6
Severity Score:: High
CVE:: 2024-27968

Plugin:: WP Recipe Maker
Plugin Slug:: wp-recipe-maker
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 9.3.0
Severity Score:: Medium
CVE:: 2024-1571

Plugin:: Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress
Plugin Slug:: quiz-master-next
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 8.2.3
Severity Score:: Medium
CVE:: 2024-27966

Plugin:: Starbox – the Author Box for Humans
Plugin Slug:: starbox
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.5.0
Severity Score:: Medium
CVE:: 2024-1273

Plugin:: Crisp – Live Chat and Chatbot
Plugin Slug:: crisp
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 0.45
Severity Score:: Medium
CVE:: 2024-27963

Plugin:: FV Flowplayer Video Player
Plugin Slug:: fv-wordpress-flowplayer
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.5.44.7212
Severity Score:: Medium
CVE:: 2024-29122

Plugin:: Link Whisper Free
Plugin Slug:: link-whisper
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 0.6.9
Severity Score:: High
CVE:: 2024-27992

Plugin:: Seriously Simple Podcasting
Plugin Slug:: seriously-simple-podcasting
Installations: 30,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 3.0.0
Severity Score:: Medium
CVE:: 2023-6444

Plugin:: Team Members
Plugin Slug:: team-members
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.3.2
Severity Score:: Medium
CVE:: 2024-1331

Plugin:: Visualizer: Tables and Charts Manager for WordPress
Plugin Slug:: visualizer
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.10.6
Severity Score:: High
CVE:: 2024-27958

Plugin:: WP Popups – WordPress Popup builder
Plugin Slug:: wp-popups-lite
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.5.6
Severity Score:: Medium
CVE:: 2024-29105

Plugin:: Accordion
Plugin Slug:: accordions
Installations: 20,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.2.97
Severity Score:: Medium
CVE:: 2024-1641

Plugin:: Responsive Pricing Table
Plugin Slug:: dk-pricr-responsive-pricing-table
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.1.11
Severity Score:: Medium
CVE:: 2024-1333

Plugin:: DSGVO All in one for WP
Plugin Slug:: dsgvo-all-in-one-for-wp
Installations: 20,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 4.4
Severity Score:: Medium
CVE:: 2024-27967

Plugin:: Related Posts for WordPress
Plugin Slug:: related-posts-for-wp
Installations: 20,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.2.2
Severity Score:: Medium
CVE:: 2024-0592

Plugin:: Restrict User Access – Ultimate Membership & Content Protection
Plugin Slug:: restrict-user-access
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6
Severity Score:: High
CVE:: 2024-29138

Plugin:: Simple Job Board
Plugin Slug:: simple-job-board
Installations: 20,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 2.11.1
Severity Score:: Critical
CVE:: 2024-1813

Plugin:: Video Conferencing with Zoom
Plugin Slug:: video-conferencing-with-zoom-api
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.4.5
Severity Score:: Medium
CVE:: 2024-2031

Plugin:: weForms – Easy Drag & Drop Contact Form Builder For WordPress
Plugin Slug:: weforms
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.22
Severity Score:: High
CVE:: 2024-0386

Plugin:: TeraWallet – Best WooCommerce Wallet System With Cashback Rewards, Partial Payment, Wallet Refunds
Plugin Slug:: woo-wallet
Installations: 20,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.4.11
Severity Score:: Medium
CVE:: 2024-1690

Plugin:: 404 Solution
Plugin Slug:: 404-solution
Installations: 10,000+
Vulnerability:: SQL Injection
Patched in Version:: 2.35.8
Severity Score:: High
CVE:: 2024-1068

Plugin:: WPBakery Page Builder Addons by Livemesh
Plugin Slug:: addons-for-visual-composer
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.8.3
Severity Score:: Medium
CVE:: 2024-2079

Plugin:: Contact Form 7 – PayPal & Stripe Add-on
Plugin Slug:: contact-form-7-paypal-add-on
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1
Severity Score:: High
CVE:: 2024-29130

Plugin:: Cryptocurrency Widgets – Price Ticker & Coins List
Plugin Slug:: cryptocurrency-price-ticker-widget
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.6.9
Severity Score:: Medium
CVE:: 2024-27953

Plugin:: RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login
Plugin Slug:: custom-registration-form-builder-with-submission-manager
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.2.6.0
Severity Score:: High
CVE:: 2024-29113

Plugin:: RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login
Plugin Slug:: custom-registration-form-builder-with-submission-manager
Installations: 10,000+
Vulnerability:: Privilege Escalation
Patched in Version:: 5.3.1.0
Severity Score:: High
CVE:: 2024-1991

Plugin:: JetWidgets For Elementor
Plugin Slug:: jetwidgets-for-elementor
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.16
Severity Score:: Medium
CVE:: 2024-2138

Plugin:: Jobs for WordPress
Plugin Slug:: job-postings
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.7.4
Severity Score:: Medium
CVE:: 2024-0820

Plugin:: LA-Studio Element Kit for Elementor
Plugin Slug:: lastudio-element-kit
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.7.5
Severity Score:: Medium
CVE:: 2024-2249

Plugin:: Link Library
Plugin Slug:: link-library
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.6.1
Severity Score:: High
CVE:: 2024-29123

Plugin:: Link Library
Plugin Slug:: link-library
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.6.7
Severity Score:: High
CVE:: 2024-2325

Plugin:: MasterStudy LMS WordPress Plugin – for Online Courses and Education
Plugin Slug:: masterstudy-lms-learning-management-system
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.3.0
Severity Score:: Medium
CVE:: 2024-1904

Plugin:: s2Member – Best Membership Plugin for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions
Plugin Slug:: s2member
Installations: 10,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 240315
Severity Score:: Medium
CVE:: 2024-0899

Plugin:: SupportCandy – Helpdesk & Customer Support Ticket System
Plugin Slug:: supportcandy
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.4
Severity Score:: Medium
CVE:: 2024-27991

Plugin:: Ultimate Posts Widget
Plugin Slug:: ultimate-posts-widget
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.3.1
Severity Score:: Medium
CVE:: 2024-0561

Plugin:: UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress
Plugin Slug:: userswp
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.7
Severity Score:: Medium
CVE:: 2024-2423

Plugin:: WP Coder – Powerful HTML, CSS, JS and PHP Injection
Plugin Slug:: wp-coder
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.5.1
Severity Score:: Medium
CVE:: 2024-2578

Plugin:: Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit
Plugin Slug:: wp-marketing-automations
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.8.3
Severity Score:: Medium
CVE:: 2024-2580

Plugin:: WooCommerce Google Feed Manager
Plugin Slug:: wp-product-feed-manager
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.3.0
Severity Score:: Medium
CVE:: 2024-29112

Plugin:: YITH WooCommerce Product Add-Ons
Plugin Slug:: yith-woocommerce-product-add-ons
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.6.0
Severity Score:: High
CVE:: 2024-27994

Plugin:: Zippy
Plugin Slug:: zippy
Installations: 10,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 1.6.10
Severity Score:: High
CVE:: 2024-27964

Plugin:: Elements Plus!
Plugin Slug:: elements-plus
Installations: 9,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.16.3
Severity Score:: Medium
CVE:: 2024-2335

Plugin:: PowerPack Lite for Beaver Builder
Plugin Slug:: powerpack-addon-for-beaver-builder
Installations: 9,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.0.1
Severity Score:: Medium
CVE:: 2024-2289

Plugin:: Tablesome – Responsive Table, Email Log, Form Automation – Contact Form 7, Elementor, WPForms, Gravity Forms, Fluent, Forminator
Plugin Slug:: tablesome
Installations: 8,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.28
Severity Score:: High
CVE:: 2024-29110

Plugin:: ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup
Plugin Slug:: armember-membership
Installations: 7,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.0.24
Severity Score:: Medium
CVE:: 2024-27995

Plugin:: Better Search – Relevant search results for WordPress
Plugin Slug:: better-search
Installations: 7,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.3.1
Severity Score:: High
CVE:: 2024-29142

Plugin:: Database for Contact Form 7
Plugin Slug:: cf7-database
Installations: 7,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.0.7
Severity Score:: High
CVE:: 2024-29103

Plugin:: Restaurant Menu and Food Ordering
Plugin Slug:: food-and-drink-menu
Installations: 7,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.15
Severity Score:: Medium
CVE:: 2024-29089

Plugin:: Easiest Sales Funnel Builder For WordPress & WooCommerce by WPFunnels
Plugin Slug:: wpfunnels
Installations: 7,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.0.7
Severity Score:: Medium
CVE:: 2024-27965

Plugin:: Extensions For CF7 (Contact form 7 Database, Conditional Fields and Redirection)
Plugin Slug:: extensions-for-cf7
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.0.7
Severity Score:: High
CVE:: 2024-29102

Plugin:: HT Easy GA4 – Google Analytics WordPress Plugin
Plugin Slug:: ht-easy-google-analytics
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.8
Severity Score:: High
CVE:: 2024-29094

Plugin:: Specific Content For Mobile – Customize the mobile version without redirections
Plugin Slug:: specific-content-for-mobile
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 0.1.9.6
Severity Score:: High
CVE:: 2024-29126

Plugin:: Ultimate Gift Cards for WooCommerce – Create, Redeem & Manage Digital Gift Certificates with Personalized Templates
Plugin Slug:: woo-gift-cards-lite
Installations: 6,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.6.7
Severity Score:: Medium
CVE:: 2024-1857

Plugin:: AntiSpam for Contact Form 7
Plugin Slug:: cf7-antispam
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 0.6.1
Severity Score:: High
CVE:: 2024-27961

Plugin:: Free Downloads WooCommerce
Plugin Slug:: download-now-for-woocommerce
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.5.8.3
Severity Score:: Medium
CVE:: 2024-27969

Plugin:: Error Log Viewer by BestWebSoft
Plugin Slug:: error-log-viewer
Installations: 5,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.1.3
Severity Score:: High
CVE:: 2023-6821

Plugin:: Survey Maker – Best WordPress Survey Plugin
Plugin Slug:: survey-maker
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.0.6
Severity Score:: Medium
CVE:: 2024-27996

Plugin:: Contact Form Builder by Bit Form: Create Contact Form, Multi Step Form, Conversational Form
Plugin Slug:: bit-form
Installations: 4,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 2.10.2
Severity Score:: Medium
CVE:: 2024-1640

Plugin:: ElementInvader Addons for Elementor
Plugin Slug:: elementinvader-addons-for-elementor
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.3
Severity Score:: Medium
CVE:: 2024-2308

Plugin:: News Announcement Scroll
Plugin Slug:: news-announcement-scroll
Installations: 4,000+
Vulnerability:: SQL Injection
Patched in Version:: 9.1.0
Severity Score:: High
CVE:: 2023-5663

Plugin:: Sell Tickets – Event Ticketing and Event Registration – Ticket Tailor for WordPress
Plugin Slug:: ticket-tailor
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.12
Severity Score:: Medium
CVE:: 2024-29104

Plugin:: Coupon Affiliates – WooCommerce Affiliate Plugin
Plugin Slug:: woo-coupon-usage
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.12.8
Severity Score:: High
CVE:: 2024-29125

Plugin:: Auto Affiliate Links
Plugin Slug:: wp-auto-affiliate-links
Installations: 4,000+
Vulnerability:: Broken Access Control
Patched in Version:: 6.4.3.1
Severity Score:: Medium
CVE:: 2024-1843

Plugin:: WP Calameo
Plugin Slug:: wp-calameo
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.8
Severity Score:: Medium
CVE:: 2024-29098

Plugin:: WP Fusion Lite – Marketing Automation and CRM Integration for WordPress
Plugin Slug:: wp-fusion-lite
Installations: 4,000+
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: 3.42.10
Severity Score:: Critical
CVE:: 2024-27972

Plugin:: Email Subscription Popup
Plugin Slug:: email-subscribe
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.21
Severity Score:: High
CVE:: 2024-27960

Plugin:: EventPrime – Events Calendar, Bookings and Tickets
Plugin Slug:: eventprime-event-calendar-management
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.4.2
Severity Score:: Medium
CVE:: 2024-1126

Plugin:: EventPrime – Events Calendar, Bookings and Tickets
Plugin Slug:: eventprime-event-calendar-management
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.4.4
Severity Score:: High
CVE:: 2024-1320

Plugin:: EventPrime – Events Calendar, Bookings and Tickets
Plugin Slug:: eventprime-event-calendar-management
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.4.3
Severity Score:: Medium
CVE:: 2024-1123

Plugin:: EventPrime – Events Calendar, Bookings and Tickets
Plugin Slug:: eventprime-event-calendar-management
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.4.4
Severity Score:: Medium
CVE:: 2024-1124

Plugin:: Profile Box Shortcode And Widget
Plugin Slug:: facebook-likebox-widget-and-shortcode
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.1
Severity Score:: Medium
CVE:: 2024-1401

Plugin:: Multiple Page Generator Plugin – MPG
Plugin Slug:: multiple-pages-generator-by-porthas
Installations: 3,000+
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: 3.4.1
Severity Score:: Critical
CVE:: 2024-27951

Plugin:: oik
Plugin Slug:: oik
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.10.2
Severity Score:: Medium
CVE:: 2024-2256

Plugin:: Registration Forms – User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction
Plugin Slug:: pie-register
Installations: 3,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 3.8.3.3
Severity Score:: Critical
CVE:: 2024-27957

Plugin:: PropertyHive
Plugin Slug:: propertyhive
Installations: 3,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 2.0.10
Severity Score:: Medium
CVE:: 2024-27985

Plugin:: Categorify – WordPress Media Library Category & File Manager
Plugin Slug:: categorify
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.0.7.5
Severity Score:: Medium
CVE:: 2024-1649

Plugin:: Categorify – WordPress Media Library Category & File Manager
Plugin Slug:: categorify
Installations: 2,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.0.7.5
Severity Score:: Medium
CVE:: 2024-1906

Plugin:: Smart Online Order for Clover
Plugin Slug:: clover-online-orders
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.6
Severity Score:: Medium
CVE:: 2024-29115

Plugin:: CWW Companion
Plugin Slug:: cww-companion
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.8
Severity Score:: Medium
CVE:: 2024-2130

Plugin:: WP Responsive Tabs horizontal vertical and accordion Tabs
Plugin Slug:: responsive-horizontal-vertical-and-accordion-tabs
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.18
Severity Score:: Medium
CVE:: 2024-27989

Plugin:: Sitekit
Plugin Slug:: sitekit
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.7
Severity Score:: Medium
CVE:: 2024-29111

Plugin:: The Moneytizer
Plugin Slug:: the-moneytizer
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 9.6.1
Severity Score:: Medium
CVE:: 2024-27990

Plugin:: Advanced Sermons
Plugin Slug:: advanced-sermons
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.3
Severity Score:: High
CVE:: 2024-27952

Plugin:: Bulgarisation for WooCommerce
Plugin Slug:: bulgarisation-for-woocommerce
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.0.15
Severity Score:: Medium
CVE:: 2024-0683

Plugin:: Bulgarisation for WooCommerce
Plugin Slug:: bulgarisation-for-woocommerce
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.0.15
Severity Score:: Medium
CVE:: 2024-2395

Plugin:: Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for WordPress
Plugin Slug:: contest-gallery
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 21.3.1
Severity Score:: Medium
CVE:: 2024-1487

Plugin:: Knight Lab Timeline
Plugin Slug:: knight-lab-timelinejs
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.9.3.4
Severity Score:: Medium
CVE:: 2024-2287

Plugin:: MyCurator Content Curation
Plugin Slug:: mycurator
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.77
Severity Score:: High
CVE:: 2024-29139

Plugin:: Passwordless Login
Plugin Slug:: passwordless-login
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.3
Severity Score:: Medium
CVE:: 2024-29143

Plugin:: Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blogs)
Plugin Slug:: sky-elementor-addons
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.5.0
Severity Score:: Medium
CVE:: 2024-2286

Plugin:: WEN Responsive Columns
Plugin Slug:: wen-responsive-columns
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.3
Severity Score:: Medium
CVE:: 2024-27988

Plugin:: wp-mpdf
Plugin Slug:: wp-mpdf
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.8
Severity Score:: High
CVE:: 2024-27962

Plugin:: WP SendFox
Plugin Slug:: wp-sendfox
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.3.1
Severity Score:: Medium
CVE:: 2024-27970

Plugin:: Backup Bolt
Plugin Slug:: backup-bolt
Installations: 900+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.4.0
Severity Score:: Medium
CVE:: 2023-7236

Plugin:: WC Shop Sync – Integrate Square and WooCommerce for Seamless Shop Management
Plugin Slug:: woosquare
Installations: 900+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.3
Severity Score:: High
CVE:: 2024-27959

Plugin:: Team Circle Image Slider With Lightbox
Plugin Slug:: circle-image-slider-with-lightbox
Installations: 500+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.0.1
Severity Score:: Medium
CVE:: 2015-10130

Plugin:: MJM Clinic
Plugin Slug:: mjm-clinic
Installations: 50+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.23
Severity Score:: Medium
CVE:: 2024-29140

Plugin:: MJM Clinic
Plugin Slug:: mjm-clinic
Installations: 50+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.23
Severity Score:: Medium
CVE:: 2024-29096

Plugin:: Barcode Scanner with Inventory & Order Manager
Plugin Slug:: barcode-scanner-lite-pos-to-manage-products-inventory-and-orders
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.4
Severity Score:: High
CVE:: 2024-27998

Plugin:: Calendarista Basic Edition
Plugin Slug:: calendarista-basic-edition
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.0.3
Severity Score:: High
CVE:: 2024-27993

Plugin:: Contact Forms by Cimatti
Plugin Slug:: contact-forms
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8.0
Severity Score:: High
CVE:: 2024-29117

Plugin:: Digits
Plugin Slug:: digits
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 8.4.2
Severity Score:: Medium
CVE:: 2024-0203

Plugin:: Evergreen Content Poster
Plugin Slug:: evergreen-content-poster
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4.2
Severity Score:: High
CVE:: 2024-29099

Plugin:: Fancy Product Designer
Plugin Slug:: fancy-product-designer
Vulnerability:: SQL Injection
Patched in Version:: 6.1.5
Severity Score:: High
CVE:: 2024-0365

Plugin:: Formidable Registration
Plugin Slug:: formidable-registration
Vulnerability:: Broken Authentication
Patched in Version:: 2.12
Severity Score:: Critical
CVE:: 2024-1290

Plugin:: WooCommerce License Manager
Plugin Slug:: fs-license-manager
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.3.2
Severity Score:: High
CVE:: 2024-29121

Plugin:: WooThumbs for WooCommerce by Iconic
Plugin Slug:: iconic-woothumbs
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.5.4
Severity Score:: High
CVE:: 2024-29116

Plugin:: Mollie Forms
Plugin Slug:: mollie-forms
Vulnerability:: Broken Access Control
Patched in Version:: 2.6.4
Severity Score:: Medium
CVE:: 2024-1400

Plugin:: Mollie Forms
Plugin Slug:: mollie-forms
Vulnerability:: Broken Access Control
Patched in Version:: 2.6.4
Severity Score:: Medium
CVE:: 2024-1645

Plugin:: OxyExtras
Plugin Slug:: oxyextras
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4.5
Severity Score:: High
CVE:: 2024-29129

Plugin:: Scrollsequence
Plugin Slug:: scrollsequence
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.5
Severity Score:: Medium
CVE:: 2024-29118

Plugin:: Tourfic
Plugin Slug:: tourfic
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.11.8
Severity Score:: High
CVE:: 2024-29137

Plugin:: Tourfic
Plugin Slug:: tourfic
Vulnerability:: PHP Object Injection
Patched in Version:: 2.11.19
Severity Score:: High
CVE:: 2024-29136

Plugin:: Tourfic
Plugin Slug:: tourfic
Vulnerability:: Arbitrary File Upload
Patched in Version:: 2.11.16
Severity Score:: Critical
CVE:: 2024-29135

Plugin:: Tourfic
Plugin Slug:: tourfic
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.11.9
Severity Score:: Medium
CVE:: 2024-29134

Plugin:: User profile
Plugin Slug:: user-profile
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.21
Severity Score:: Medium
CVE:: 2024-29097

Plugin:: Builder for WooCommerce reviews shortcodes – ReviewShort
Plugin Slug:: woo-product-reviews-shortcode
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.01.4
Severity Score:: Medium
CVE:: 2024-29093

Plugin:: Automatic
Plugin Slug:: wp-automatic
Vulnerability:: SQL Injection
Patched in Version:: 3.92.1
Severity Score:: Critical
CVE:: 2024-27956

Plugin:: Automatic
Plugin Slug:: wp-automatic
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.92.1
Severity Score:: High
CVE:: 2024-27955

Plugin:: Automatic
Plugin Slug:: wp-automatic
Vulnerability:: Arbitrary File Download
Patched in Version:: 3.92.1
Severity Score:: Critical
CVE:: 2024-27954

WordPress Themes — 2 Patched / 0 Unpatched

Theme:: Blocksy
Theme Slug:: blocksy
Downloads: 2,949,629
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.27
Severity Score:: Medium
CVE:: 2024-1767

Theme:: Blossom Spa
Theme Slug:: blossom-spa
Downloads: 191,726
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.3.5
Severity Score:: Medium
CVE:: 2024-2107

Solid Security is part of Solid Suite — The best foundation for WordPress websites.

Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!

Get Solid Security

Author:

Sarah Ulmer

Sarah has been with SolidWP since 2015. As our product marketer, Sarah works on providing helpful content for our customers and building the most beautiful spreadsheets you’ll ever behold. When not at work, Sarah can be found at home with her husband, their three boys, and their dogs. Sarah enjoys long family walks, running with her lab, and watching her two older boys play soccer. Sarah is originally from Texas and loves watching football games (Go Longhorns!)

Browse all of Sarah's articles

Sign up

Placeholder text

Thanks

Oops something went wrong, please try submitting again

Table of Contents

WordPress Core

WordPress Plugins — 183 Patched / 16 Unpatched