WordPress Vulnerability Report — March 27, 2024
Since last week, 209 new vulnerabilities emerged in the WordPress ecosystem, including 9 in themes and 200 in plugins. 19 of the vulnerable plugins and themes remain unpatched, but Solid Security Pro users are protected by virtual patching from Patchstack.
In this report, 209 vulnerabilities have been publicly disclosed. Security patches for 190 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.
Additionally, there are 19 plugin and theme vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.
WordPress Core
WordPress 6.4.3 was released on January 30, 2024, as a short-cycle maintenance and security release with five bug fixes in Core and 16 bug fixes for the Block Editor. It is recommended that you update your sites immediately.
WordPress Plugins — 182 Patched / 18 Unpatched
Create by Mediavine
- Plugin:
- Create by Mediavine
- Plugin Slug:
- mediavine-create
- Installations
- 8,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2024-1711
Coming Soon & Maintenance Mode by Colorlib
- Plugin Slug:
- colorlib-coming-soon-maintenance
- Installations
- 7,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-1473
Travelpayouts: All Travel Brands in One Place
- Plugin Slug:
- travelpayouts
- Installations
- 7,000+
- Vulnerability:
- Open Redirection
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-0337
Advanced Social Feeds Widget & Shortcode
- Plugin:
- Advanced Social Feeds Widget & Shortcode
- Plugin Slug:
- advanced-facebook-twitter-widget
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-0951
Animated Headline
- Plugin:
- Animated Headline
- Plugin Slug:
- animated-headline
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-2304
Easy Maintenance Mode
- Plugin:
- Easy Maintenance Mode
- Plugin Slug:
- easy-maintenance-mode-coming-soon
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-1477
Enjoy Social Feed plugin for WordPress website
- Plugin:
- Enjoy Social Feed plugin for WordPress website
- Plugin Slug:
- enjoy-instagram-instagram-responsive-images-gallery-and-carousel
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-0780
Enjoy Social Feed plugin for WordPress website
- Plugin:
- Enjoy Social Feed plugin for WordPress website
- Plugin Slug:
- enjoy-instagram-instagram-responsive-images-gallery-and-carousel
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-0779
Innovs HR
- Plugin:
- Innovs HR
- Plugin Slug:
- innovs-hr-manager
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-0858
Network Summary
- Plugin:
- Network Summary
- Plugin Slug:
- network-summary
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2024-2804
Scalable Vector Graphics (SVG)
- Plugin:
- Scalable Vector Graphics (SVG)
- Plugin Slug:
- scalable-vector-graphics-svg
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-7085
Social Media Share Buttons
- Plugin:
- Social Media Share Buttons
- Plugin Slug:
- social-media-builder
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-2721
Standout Color Boxes and Buttons
- Plugin:
- Standout Color Boxes and Buttons
- Plugin Slug:
- standout-color-boxes-and-buttons
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-2474
UX Flat
- Plugin:
- UX Flat
- Plugin Slug:
- ux-flat
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-2459
Website Article Monetization By MageNet
- Plugin:
- Website Article Monetization By MageNet
- Plugin Slug:
- website-article-monetization-by-magenet
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-1379
Management App for WooCommerce
- Plugin:
- Management App for WooCommerce
- Plugin Slug:
- wemanage-app-worker
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2024-1205
Live Sales Notification for Woocommerce – Woomotiv
- Plugin:
- Live Sales Notification for Woocommerce – Woomotiv
- Plugin Slug:
- woomotiv
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-1325
Youzify Buddypress Moderation
- Plugin:
- Youzify Buddypress Moderation
- Plugin Slug:
- youzify-moderation
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-2864
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
- Plugin:
- Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
- Plugin Slug:
- essential-addons-for-elementor-lite
- Installations
- 2,000,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.9.12
- Severity Score:
- Medium
- CVE:
- 2024-2623
Rank Math SEO with AI SEO Tools
- Plugin:
- Rank Math SEO with AI SEO Tools
- Plugin Slug:
- seo-by-rank-math
- Installations
- 2,000,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.0.215
- Severity Score:
- Medium
- CVE:
- 2024-2536
File Manager
- Plugin:
- File Manager
- Plugin Slug:
- wp-file-manager
- Installations
- 1,000,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 7.2.5
- Severity Score:
- High
- CVE:
- 2024-1538
Popup Maker – Popup for opt-ins, lead gen, & more
- Plugin Slug:
- popup-maker
- Installations
- 700,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.18.3
- Severity Score:
- Medium
- CVE:
- 2024-2336
Page Builder by SiteOrigin
- Plugin:
- Page Builder by SiteOrigin
- Plugin Slug:
- siteorigin-panels
- Installations
- 700,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.29.7
- Severity Score:
- Medium
- CVE:
- 2024-2202
Forminator – Contact Form, Payment Form & Custom Form Builder
- Plugin Slug:
- forminator
- Installations
- 500,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.29.1
- Severity Score:
- High
- CVE:
- 2024-29777
Page Builder Gutenberg Blocks – CoBlocks
- Plugin Slug:
- coblocks
- Installations
- 400,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.1.7
- Severity Score:
- Medium
- CVE:
- 2024-1049
Gutenberg Blocks by Kadence Blocks – Page Builder Features
- Plugin Slug:
- kadence-blocks
- Installations
- 400,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.2.26
- Severity Score:
- Medium
- CVE:
- 2024-1999
WP Go Maps (formerly WP Google Maps)
- Plugin Slug:
- wp-google-maps
- Installations
- 400,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 9.0.30
- Severity Score:
- High
- CVE:
- 2024-29931
Breeze – WordPress Cache Plugin
- Plugin:
- Breeze – WordPress Cache Plugin
- Plugin Slug:
- breeze
- Installations
- 300,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.1.4
- Severity Score:
- Medium
- CVE:
- 2024-27188
PDF Embedder
- Plugin:
- PDF Embedder
- Plugin Slug:
- pdf-embedder
- Installations
- 300,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.7.1
- Severity Score:
- Medium
- CVE:
- 2024-29141
Pretty Links – Affiliate Links, Link Branding, Link Tracking & Marketing Plugin
- Plugin Slug:
- pretty-link
- Installations
- 300,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 3.6.4
- Severity Score:
- Medium
- CVE:
- 2024-2326
Pretty Links – Affiliate Links, Link Branding, Link Tracking & Marketing Plugin
- Plugin Slug:
- pretty-link
- Installations
- 300,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.6.3
- Severity Score:
- High
- CVE:
- 2024-29770
SEOPress – On-site SEO
- Plugin:
- SEOPress – On-site SEO
- Plugin Slug:
- wp-seopress
- Installations
- 300,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 7.6
- Severity Score:
- Medium
- CVE:
- 2024-2165
Blocksy Companion
- Plugin:
- Blocksy Companion
- Plugin Slug:
- blocksy-companion
- Installations
- 200,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.0.32
- Severity Score:
- Medium
- CVE:
- 2024-2392
WooCommerce Checkout & Funnel Builder by CartFlows – Create High Converting Stores For WooCommerce
- Plugin:
- WooCommerce Checkout & Funnel Builder by CartFlows – Create High Converting Stores For WooCommerce
- Plugin Slug:
- cartflows
- Installations
- 200,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.0.2
- Severity Score:
- Medium
- CVE:
- 2024-29813
Jeg Elementor Kit
- Plugin:
- Jeg Elementor Kit
- Plugin Slug:
- jeg-elementor-kit
- Installations
- 200,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.6.3
- Severity Score:
- Medium
- CVE:
- 2024-1326
Page Builder: Pagelayer – Drag and Drop website builder
- Plugin Slug:
- pagelayer
- Installations
- 200,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.8.5
- Severity Score:
- Medium
- CVE:
- 2024-2504
Popup Builder – Create highly converting, mobile friendly marketing popups.
- Plugin Slug:
- popup-builder
- Installations
- 200,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.2.7
- Severity Score:
- Medium
- CVE:
- 2024-30184
Unlimited Elements For Elementor (Free Widgets, Addons, Templates)
- Plugin Slug:
- unlimited-elements-for-elementor
- Installations
- 200,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.5.94
- Severity Score:
- High
- CVE:
- 2024-29792
PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer – DearFlip
- Plugin Slug:
- 3d-flipbook-dflip-lite
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.2.27
- Severity Score:
- Medium
- CVE:
- 2024-29807
Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)
- Plugin Slug:
- bdthemes-element-pack-lite
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.5.4
- Severity Score:
- Medium
- CVE:
- 2024-30185
Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider)
- Plugin Slug:
- bdthemes-prime-slider-lite
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.13.2
- Severity Score:
- Medium
- CVE:
- 2024-30186
Check & Log Email
- Plugin:
- Check & Log Email
- Plugin Slug:
- check-email
- Installations
- 100,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.0.10
- Severity Score:
- High
- CVE:
- 2024-0866
GiveWP – Donation Plugin and Fundraising Platform
- Plugin Slug:
- give
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.6.0
- Severity Score:
- Medium
- CVE:
- 2024-1424
HT Mega – Absolute Addons For Elementor
- Plugin Slug:
- ht-mega-for-elementor
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.4.4
- Severity Score:
- Medium
- CVE:
- 2024-30182
Qi Addons For Elementor
- Plugin:
- Qi Addons For Elementor
- Plugin Slug:
- qi-addons-for-elementor
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.6.8
- Severity Score:
- Medium
- CVE:
- 2024-0826
SEO Plugin by Squirrly SEO
- Plugin:
- SEO Plugin by Squirrly SEO
- Plugin Slug:
- squirrly-seo
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 12.3.17
- Severity Score:
- High
- CVE:
- 2024-29790
Tracking Code Manager
- Plugin:
- Tracking Code Manager
- Plugin Slug:
- tracking-code-manager
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.1.0
- Severity Score:
- Medium
- CVE:
- 2024-2579
VK All in One Expansion Unit
- Plugin:
- VK All in One Expansion Unit
- Plugin Slug:
- vk-all-in-one-expansion-unit
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 9.97.0.0
- Severity Score:
- Medium
- CVE:
- 2024-2170
EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor
- Plugin Slug:
- embedpress
- Installations
- 90,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.9.13
- Severity Score:
- Medium
- CVE:
- 2024-2468
Widget for Social Page Feeds
- Plugin:
- Widget for Social Page Feeds
- Plugin Slug:
- facebook-pagelike-widget
- Installations
- 80,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 6.4
- Severity Score:
- Medium
- CVE:
- 2024-0973
Permalink Manager Pro
- Plugin:
- Permalink Manager Pro
- Plugin Slug:
- permalink-manager
- Installations
- 80,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.4.3.2
- Severity Score:
- Medium
- CVE:
- 2024-2543
Permalink Manager Pro
- Plugin:
- Permalink Manager Pro
- Plugin Slug:
- permalink-manager
- Installations
- 80,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.4.3.2
- Severity Score:
- High
- CVE:
- 2024-2738
Permalink Manager Pro
- Plugin:
- Permalink Manager Pro
- Plugin Slug:
- permalink-manager
- Installations
- 80,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.4.3.2
- Severity Score:
- Low
- CVE:
- 2024-2538
Real Media Library: Media Library Folder & File Manager
- Plugin Slug:
- real-media-library-lite
- Installations
- 80,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.22.8
- Severity Score:
- Medium
- CVE:
- 2024-2027
Media Library Assistant
- Plugin:
- Media Library Assistant
- Plugin Slug:
- media-library-assistant
- Installations
- 70,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 3.14
- Severity Score:
- High
- CVE:
- 2024-2871
Exclusive Addons for Elementor
- Plugin:
- Exclusive Addons for Elementor
- Plugin Slug:
- exclusive-addons-for-elementor
- Installations
- 60,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.6.9
- Severity Score:
- Medium
- CVE:
- 2024-30177
Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder
- Plugin Slug:
- form-maker
- Installations
- 60,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 1.15.23
- Severity Score:
- Medium
- CVE:
- 2024-2112
Getwid – Gutenberg Blocks
- Plugin:
- Getwid – Gutenberg Blocks
- Plugin Slug:
- getwid
- Installations
- 60,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.0.6
- Severity Score:
- Medium
- CVE:
- 2024-1948
Translate WordPress and go Multilingual – Weglot
- Plugin Slug:
- weglot
- Installations
- 60,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.2.6
- Severity Score:
- Medium
- CVE:
- 2024-2124
Bold Page Builder
- Plugin:
- Bold Page Builder
- Plugin Slug:
- bold-page-builder
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.7.7
- Severity Score:
- Medium
- CVE:
- 2024-30179
Calculated Fields Form
- Plugin:
- Calculated Fields Form
- Plugin Slug:
- calculated-fields-form
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.2.55
- Severity Score:
- High
- CVE:
- 2024-29759
Easy Social Feed – Social Photos Gallery – Post Feed – Like Box
- Plugin Slug:
- easy-facebook-likebox
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 6.5.4
- Severity Score:
- Medium
- CVE:
- 2024-30180
Image Hover Effects – Elementor Addon
- Plugin Slug:
- image-hover-effects-addon-for-elementor
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.4.1
- Severity Score:
- Medium
- CVE:
- 2024-29936
WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels
- Plugin Slug:
- print-invoices-packing-slip-labels-for-woocommerce
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.4.2
- Severity Score:
- High
- CVE:
- 2024-0957
Smart Custom Fields
- Plugin:
- Smart Custom Fields
- Plugin Slug:
- smart-custom-fields
- Installations
- 50,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 5.0.0
- Severity Score:
- Medium
- CVE:
- 2024-1995
Booster for WooCommerce
- Plugin:
- Booster for WooCommerce
- Plugin Slug:
- woocommerce-jetpack
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 7.1.8
- Severity Score:
- High
- CVE:
- 2024-29760
WPFront Notification Bar
- Plugin:
- WPFront Notification Bar
- Plugin Slug:
- wpfront-notification-bar
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.4
- Severity Score:
- Medium
- CVE:
- 2024-29819
Photo Gallery by Supsystic
- Plugin:
- Photo Gallery by Supsystic
- Plugin Slug:
- gallery-by-supsystic
- Installations
- 40,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.15.17
- Severity Score:
- Medium
- CVE:
- 2024-29921
Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor
- Plugin Slug:
- master-addons
- Installations
- 40,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.0.5.6
- Severity Score:
- Medium
- CVE:
- 2024-29911
Piotnet Addons For Elementor
- Plugin:
- Piotnet Addons For Elementor
- Plugin Slug:
- piotnet-addons-for-elementor
- Installations
- 40,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.4.26
- Severity Score:
- Medium
- CVE:
- 2024-29934
Simply Static
- Plugin:
- Simply Static
- Plugin Slug:
- simply-static
- Installations
- 40,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.1.4
- Severity Score:
- Medium
- CVE:
- 2024-30178
Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates)
- Plugin Slug:
- sina-extension-for-elementor
- Installations
- 40,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.5.1
- Severity Score:
- Medium
- CVE:
- 2024-29935
BetterDocs – Best Documentation, FAQ & Knowledge Base Plugin with AI Support & Instant Answer for Elementor & Gutenberg
- Plugin Slug:
- betterdocs
- Installations
- 30,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.5.0
- Severity Score:
- Medium
- CVE:
- 2024-2845
Compact WP Audio Player
- Plugin:
- Compact WP Audio Player
- Plugin Slug:
- compact-wp-audio-player
- Installations
- 30,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.9.10
- Severity Score:
- Medium
- CVE:
- 2024-29917
OneClick Chat to Order
- Plugin:
- OneClick Chat to Order
- Plugin Slug:
- oneclick-whatsapp-order
- Installations
- 30,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.0.6
- Severity Score:
- Medium
- CVE:
- 2024-29789
Portfolio Gallery – Image Gallery Plugin
- Plugin Slug:
- portfolio-filter-gallery
- Installations
- 30,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.5.7
- Severity Score:
- Medium
- CVE:
- 2024-29769
Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin
- Plugin Slug:
- simply-schedule-appointments
- Installations
- 30,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 1.6.7.9
- Severity Score:
- High
- CVE:
- 2024-2342
Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin
- Plugin Slug:
- simply-schedule-appointments
- Installations
- 30,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 1.6.7.9
- Severity Score:
- High
- CVE:
- 2024-2341
Stratum – Elementor Widgets
- Plugin:
- Stratum – Elementor Widgets
- Plugin Slug:
- stratum
- Installations
- 30,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.3.16
- Severity Score:
- Medium
- CVE:
- 2024-29914
Team Members
- Plugin:
- Team Members
- Plugin Slug:
- team-members
- Installations
- 30,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.3.2
- Severity Score:
- Medium
- CVE:
- 2024-1331
Tutor LMS Elementor Addons
- Plugin:
- Tutor LMS Elementor Addons
- Plugin Slug:
- tutor-lms-elementor-addons
- Installations
- 30,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.1.4
- Severity Score:
- Medium
- CVE:
- 2024-29913
WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible
- Plugin:
- WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible
- Plugin Slug:
- wc-frontend-manager
- Installations
- 30,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 6.7.9
- Severity Score:
- Medium
- CVE:
- 2024-29929
Responsive Pricing Table
- Plugin:
- Responsive Pricing Table
- Plugin Slug:
- dk-pricr-responsive-pricing-table
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.1.11
- Severity Score:
- Medium
- CVE:
- 2024-1333
Conversios – Google Analytics 4 (GA4), Meta Pixel & more Via Google Tag Manager For WooCommerce
- Plugin:
- Conversios – Google Analytics 4 (GA4), Meta Pixel & more Via Google Tag Manager For WooCommerce
- Plugin Slug:
- enhanced-e-commerce-for-woocommerce-store
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 7.0.0
- Severity Score:
- High
- CVE:
- 2024-29794
MailChimp Forms by MailMunch
- Plugin:
- MailChimp Forms by MailMunch
- Plugin Slug:
- mailchimp-forms-by-mailmunch
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.2.3
- Severity Score:
- Medium
- CVE:
- 2024-29793
Restrict User Access – Ultimate Membership & Content Protection
- Plugin Slug:
- restrict-user-access
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.6
- Severity Score:
- High
- CVE:
- 2024-29138
Video Conferencing with Zoom
- Plugin:
- Video Conferencing with Zoom
- Plugin Slug:
- video-conferencing-with-zoom-api
- Installations
- 20,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 4.4.6
- Severity Score:
- Medium
- CVE:
- 2024-2033
WPBakery Page Builder Addons by Livemesh
- Plugin Slug:
- addons-for-visual-composer
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.8
- Severity Score:
- Medium
- CVE:
- 2024-30183
Advanced Form Integration – Connect WooCommerce and Contact Form 7 to Google Sheets and other platforms
- Plugin Slug:
- advanced-form-integration
- Installations
- 10,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 1.82.6
- Severity Score:
- High
- CVE:
- 2024-2387
Coming Soon, Under Construction & Maintenance Mode By Dazzler
- Plugin Slug:
- coming-soon-wp
- Installations
- 10,000+
- Vulnerability:
- Bypass Vulnerability
- Patched in Version:
- 2.1.3
- Severity Score:
- Medium
- CVE:
- 2024-1181
FlatPM – Ad Manager, AdSense and Custom Code
- Plugin Slug:
- flatpm-wp
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.1.05
- Severity Score:
- Medium
- CVE:
- 2024-29803
GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress
- Plugin:
- GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress
- Plugin Slug:
- gamipress
- Installations
- 10,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 6.8.7
- Severity Score:
- High
- CVE:
- 2024-1799
JetWidgets For Elementor
- Plugin:
- JetWidgets For Elementor
- Plugin Slug:
- jetwidgets-for-elementor
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.0.17
- Severity Score:
- Medium
- CVE:
- 2024-2507
Jobs for WordPress
- Plugin:
- Jobs for WordPress
- Plugin Slug:
- job-postings
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.7.4
- Severity Score:
- Medium
- CVE:
- 2024-0820
Lightweight Accordion
- Plugin:
- Lightweight Accordion
- Plugin Slug:
- lightweight-accordion
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.5.17
- Severity Score:
- Medium
- CVE:
- 2024-2436
Modal Window – create popup modal window
- Plugin Slug:
- modal-window
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.3.9
- Severity Score:
- Medium
- CVE:
- 2024-2457
Author Box, Guest Author and Co-Authors for Your Posts – Molongui
- Plugin Slug:
- molongui-authorship
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.7.8
- Severity Score:
- Medium
- CVE:
- 2024-29764
ReviewX – Multi-criteria Rating & Reviews for WooCommerce
- Plugin Slug:
- reviewx
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.6.23
- Severity Score:
- Medium
- CVE:
- 2024-29812
s2Member – Best Membership Plugin for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions
- Plugin Slug:
- s2member
- Installations
- 10,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 240315
- Severity Score:
- Medium
- CVE:
- 2024-0899
WP Coder – Powerful HTML, CSS, JS and PHP Injection
- Plugin Slug:
- wp-coder
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.5.1
- Severity Score:
- Medium
- CVE:
- 2024-2578
Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit
- Plugin:
- Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit
- Plugin Slug:
- wp-marketing-automations
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.8.3
- Severity Score:
- Medium
- CVE:
- 2024-2580
PowerPack Lite for Beaver Builder
- Plugin Slug:
- powerpack-addon-for-beaver-builder
- Installations
- 9,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.3.0.1
- Severity Score:
- Medium
- CVE:
- 2024-2289
RevivePress – Keep your Old Content Evergreen
- Plugin Slug:
- wp-auto-republish
- Installations
- 9,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.5.6.1
- Severity Score:
- Medium
- CVE:
- 2024-1844
Gum Elementor Addon
- Plugin:
- Gum Elementor Addon
- Plugin Slug:
- gum-elementor-addon
- Installations
- 8,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.3.3
- Severity Score:
- Medium
- CVE:
- 2024-2348
Media Cloud for Bunny CDN, Amazon S3, Cloudflare R2, Google Cloud Storage, DigitalOcean and more
- Plugin:
- Media Cloud for Bunny CDN, Amazon S3, Cloudflare R2, Google Cloud Storage, DigitalOcean and more
- Plugin Slug:
- ilab-media-tools
- Installations
- 8,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.5.25
- Severity Score:
- Medium
- CVE:
- 2024-29795
Better Search – Relevant search results for WordPress
- Plugin Slug:
- better-search
- Installations
- 7,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.3.1
- Severity Score:
- High
- CVE:
- 2024-29142
WooCommerce POS – Point of Sale (POS)
- Plugin Slug:
- woocommerce-pos
- Installations
- 7,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 1.4.12
- Severity Score:
- Medium
- CVE:
- 2024-2384
WP Compress – Image Optimizer [All-In-One]
- Plugin Slug:
- wp-compress-image-optimizer
- Installations
- 7,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 6.11.11
- Severity Score:
- High
- CVE:
- 2024-1934
Easy Property Listings
- Plugin:
- Easy Property Listings
- Plugin Slug:
- easy-property-listings
- Installations
- 6,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 3.5.3
- Severity Score:
- High
- CVE:
- 2024-1893
Podlove Podcast Publisher
- Plugin:
- Podlove Podcast Publisher
- Plugin Slug:
- podlove-podcasting-plugin-for-wordpress
- Installations
- 6,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.0.10
- Severity Score:
- High
- CVE:
- 2024-29915
Woo Viet – WooCommerce for Vietnam
- Plugin Slug:
- woo-viet
- Installations
- 6,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.5.3
- Severity Score:
- Medium
- CVE:
- 2024-29816
WP Change Email Sender
- Plugin:
- WP Change Email Sender
- Plugin Slug:
- wp-change-email-sender
- Installations
- 6,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.3.0
- Severity Score:
- Medium
- CVE:
- 2024-29815
Doneren met Mollie
- Plugin:
- Doneren met Mollie
- Plugin Slug:
- doneren-met-mollie
- Installations
- 5,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.10.3
- Severity Score:
- High
- CVE:
- 2024-29767
Error Log Viewer by BestWebSoft
- Plugin:
- Error Log Viewer by BestWebSoft
- Plugin Slug:
- error-log-viewer
- Installations
- 5,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 1.1.3
- Severity Score:
- High
- CVE:
- 2023-6821
Podlove Web Player
- Plugin:
- Podlove Web Player
- Plugin Slug:
- podlove-web-player
- Installations
- 5,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.7.3
- Severity Score:
- Medium
- CVE:
- 2024-29788
Radio Player – Live Shoutcast, Icecast and Any Audio Stream Player for WordPress
- Plugin Slug:
- radio-player
- Installations
- 5,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.0.74
- Severity Score:
- Medium
- CVE:
- 2024-29811
Survey Maker – Best WordPress Survey Plugin
- Plugin Slug:
- survey-maker
- Installations
- 5,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.0.7
- Severity Score:
- High
- CVE:
- 2024-29918
Fancy Comments WordPress
- Plugin:
- Fancy Comments WordPress
- Plugin Slug:
- fancy-facebook-comments
- Installations
- 4,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.2.15
- Severity Score:
- Medium
- CVE:
- 2024-29804
Slider Hero with Animation, Video Background
- Plugin Slug:
- slider-hero
- Installations
- 4,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 8.7.0
- Severity Score:
- Medium
- CVE:
- 2024-29922
Premium Packages – Sell Digital Products Securely
- Plugin Slug:
- wpdm-premium-packages
- Installations
- 4,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.8.3
- Severity Score:
- High
- CVE:
- 2024-29924
Custom WooCommerce Checkout Fields Editor
- Plugin Slug:
- add-fields-to-checkout-page-woocommerce
- Installations
- 3,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.3.2
- Severity Score:
- Medium
- CVE:
- 2024-1697
Advanced Classifieds & Directory Pro
- Plugin Slug:
- advanced-classifieds-and-directory-pro
- Installations
- 3,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.1.2
- Severity Score:
- Medium
- CVE:
- 2024-2222
EventPrime – Events Calendar, Bookings and Tickets
- Plugin Slug:
- eventprime-event-calendar-management
- Installations
- 3,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.4.0
- Severity Score:
- Medium
- CVE:
- 2024-29776
Hot Random Image
- Plugin:
- Hot Random Image
- Plugin Slug:
- hot-random-image
- Installations
- 3,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.8.2
- Severity Score:
- Medium
- CVE:
- 2024-29796
Move Addons for Elementor
- Plugin:
- Move Addons for Elementor
- Plugin Slug:
- move-addons
- Installations
- 3,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.3.0
- Severity Score:
- Medium
- CVE:
- 2024-29920
Move Addons for Elementor
- Plugin:
- Move Addons for Elementor
- Plugin Slug:
- move-addons
- Installations
- 3,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.3.0
- Severity Score:
- Medium
- CVE:
- 2024-2131
Order Tip for WooCommerce
- Plugin:
- Order Tip for WooCommerce
- Plugin Slug:
- order-tip-woo
- Installations
- 3,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.4.0
- Severity Score:
- Medium
- CVE:
- 2024-1119
PropertyHive
- Plugin:
- PropertyHive
- Plugin Slug:
- propertyhive
- Installations
- 3,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.0.9
- Severity Score:
- High
- CVE:
- 2024-29923
Simple Ajax Chat – Add a Fast, Secure Chat Box
- Plugin Slug:
- simple-ajax-chat
- Installations
- 3,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 20240223
- Severity Score:
- High
- CVE:
- 2024-1983
WP Directory Kit
- Plugin:
- WP Directory Kit
- Plugin Slug:
- wpdirectorykit
- Installations
- 3,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.3.0
- Severity Score:
- High
- CVE:
- 2024-29774
affiliate-toolkit – WordPress Affiliate Plugin
- Plugin Slug:
- affiliate-toolkit-starter
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.4.6
- Severity Score:
- Medium
- CVE:
- 2024-29817
Appointment Booking Calendar
- Plugin:
- Appointment Booking Calendar
- Plugin Slug:
- appointment-booking-calendar
- Installations
- 2,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.3.83
- Severity Score:
- Medium
- CVE:
- 2024-0856
Cards for Beaver Builder
- Plugin:
- Cards for Beaver Builder
- Plugin Slug:
- bb-bootstrap-cards
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.1.3
- Severity Score:
- Medium
- CVE:
- 2024-2305
Crypto Converter ? Widget
- Plugin:
- Crypto Converter ? Widget
- Plugin Slug:
- crypto-converter-widget
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.9.0
- Severity Score:
- Medium
- CVE:
- 2024-29930
WP Poll Maker – Best WordPress Poll Plugin for Voting Contest
- Plugin Slug:
- epoll-wp-voting
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.4
- Severity Score:
- Medium
- CVE:
- 2024-29818
Grid Shortcodes
- Plugin:
- Grid Shortcodes
- Plugin Slug:
- grid-shortcodes
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.1.1
- Severity Score:
- Medium
- CVE:
- 2024-29797
WordPress Pinterest Plugin – Make a Popup, User Profile, Masonry and Gallery Layout
- Plugin Slug:
- gs-pinterest-portfolio
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.8.3
- Severity Score:
- Medium
- CVE:
- 2024-30192
MyBookTable Bookstore by Stormhill Media
- Plugin Slug:
- mybooktable
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.3.8
- Severity Score:
- Medium
- CVE:
- 2024-29772
Aparat for WordPress
- Plugin:
- Aparat for WordPress
- Plugin Slug:
- wp-aparat
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.2.1
- Severity Score:
- Medium
- CVE:
- 2024-29765
360 Javascript Viewer
- Plugin:
- 360 Javascript Viewer
- Plugin Slug:
- 360deg-javascript-viewer
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.7.13
- Severity Score:
- Medium
- CVE:
- 2024-1637
Advanced Sermons
- Plugin:
- Advanced Sermons
- Plugin Slug:
- advanced-sermons
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.2
- Severity Score:
- High
- CVE:
- 2024-29928
Bulk NoIndex & NoFollow Toolkit
- Plugin:
- Bulk NoIndex & NoFollow Toolkit
- Plugin Slug:
- bulk-noindex-nofollow-toolkit-by-mad-fish
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.10
- Severity Score:
- High
- CVE:
- 2024-29791
Church Admin
- Plugin:
- Church Admin
- Plugin Slug:
- church-admin
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.0.27
- Severity Score:
- Medium
- CVE:
- 2024-30197
Church Admin
- Plugin:
- Church Admin
- Plugin Slug:
- church-admin
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.1.18
- Severity Score:
- Medium
- CVE:
- 2024-30193
Co-marquage service-public.fr
- Plugin:
- Co-marquage service-public.fr
- Plugin Slug:
- co-marquage-service-public
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 0.5.72
- Severity Score:
- Medium
- CVE:
- 2024-29908
Co-marquage service-public.fr
- Plugin:
- Co-marquage service-public.fr
- Plugin Slug:
- co-marquage-service-public
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 0.5.73
- Severity Score:
- High
- CVE:
- 2024-29758
Dracula Dark Mode – Enhanced Accessibility, Dark Mode & Reading Mode for WordPress
- Plugin Slug:
- dracula-dark-mode
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.0.9
- Severity Score:
- Medium
- CVE:
- 2024-29771
Dropdown multisite selector
- Plugin:
- Dropdown multisite selector
- Plugin Slug:
- dropdown-multisite-selector
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 0.9.2.1
- Severity Score:
- Medium
- CVE:
- 2024-29910
Exchange Rates Widget
- Plugin:
- Exchange Rates Widget
- Plugin Slug:
- exchange-rates-widget
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.4.1
- Severity Score:
- Medium
- CVE:
- 2024-29814
Football Pool
- Plugin:
- Football Pool
- Plugin Slug:
- football-pool
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.11.4
- Severity Score:
- Medium
- CVE:
- 2024-29802
Fullscreen Galleria
- Plugin:
- Fullscreen Galleria
- Plugin Slug:
- fullscreen-galleria
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.6.12
- Severity Score:
- Medium
- CVE:
- 2024-29801
WP Fast Total Search – The Power of Indexed Search
- Plugin Slug:
- fulltext-search
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.60.213
- Severity Score:
- Medium
- CVE:
- 2024-29799
Photo Gallery by Ays – Responsive Image Gallery
- Plugin Slug:
- gallery-photo-gallery
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.5.3
- Severity Score:
- High
- CVE:
- 2024-29919
GamiPress – Button
- Plugin:
- GamiPress – Button
- Plugin Slug:
- gamipress-button
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.0.8
- Severity Score:
- Medium
- CVE:
- 2024-2460
Gratisfaction- Loyalty, Rewards , Referral, Birthday and Giveaway Program
- Plugin Slug:
- gratisfaction-all-in-one-loyalty-contests-referral-program-for-woocommerce
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.3.5
- Severity Score:
- Medium
- CVE:
- 2024-29798
iCalendrier
- Plugin:
- iCalendrier
- Plugin Slug:
- icalendrier
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.81
- Severity Score:
- Medium
- CVE:
- 2024-29912
Web Icons
- Plugin:
- Web Icons
- Plugin Slug:
- icon
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.0.0.11
- Severity Score:
- Medium
- CVE:
- 2024-29933
Locatoraid Store Locator
- Plugin:
- Locatoraid Store Locator
- Plugin Slug:
- locatoraid
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.9.31
- Severity Score:
- Medium
- CVE:
- 2024-30181
MyCurator Content Curation
- Plugin:
- MyCurator Content Curation
- Plugin Slug:
- mycurator
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.77
- Severity Score:
- High
- CVE:
- 2024-29139
Off-Canvas Sidebars & Menus (Slidebars)
- Plugin Slug:
- off-canvas-sidebars
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 0.5.8.2
- Severity Score:
- Medium
- CVE:
- 2024-29762
Passwordless Login
- Plugin:
- Passwordless Login
- Plugin Slug:
- passwordless-login
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.1.3
- Severity Score:
- Medium
- CVE:
- 2024-29143
PDF Builder for WPForms
- Plugin:
- PDF Builder for WPForms
- Plugin Slug:
- pdf-builder-for-wpforms
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.2.89
- Severity Score:
- Medium
- CVE:
- 2024-29820
Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget
- Plugin Slug:
- post-grid-carousel-ultimate
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.6.7
- Severity Score:
- Medium
- CVE:
- 2024-29925
BizPrint – Print WooCommerce Order Receipts, Invoices, Labels & More.
- Plugin Slug:
- print-google-cloud-print-gcp-woocommerce
- Installations
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 4.5.6
- Severity Score:
- High
- CVE:
- 2024-29773
ReDi Restaurant Reservation
- Plugin:
- ReDi Restaurant Reservation
- Plugin Slug:
- redi-restaurant-reservation
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 24.0303
- Severity Score:
- High
- CVE:
- 2024-29806
SEO Backlink Monitor
- Plugin:
- SEO Backlink Monitor
- Plugin Slug:
- seo-backlink-monitor
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.6.0
- Severity Score:
- High
- CVE:
- 2024-29907
StreamWeasels Twitch Integration
- Plugin:
- StreamWeasels Twitch Integration
- Plugin Slug:
- streamweasels-twitch-integration
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.7.6
- Severity Score:
- Medium
- CVE:
- 2024-29766
Sunshine Photo Cart: Free Client Galleries for Photographers
- Plugin Slug:
- sunshine-photo-cart
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.1.2
- Severity Score:
- High
- CVE:
- 2024-30194
Travelers’ Map
- Plugin:
- Travelers’ Map
- Plugin Slug:
- travelers-map
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.2.1
- Severity Score:
- Medium
- CVE:
- 2024-29909
WC Builder – WooCommerce Page Builder for WPBakery
- Plugin Slug:
- wc-builder
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.0.19
- Severity Score:
- Medium
- CVE:
- 2024-29926
Shipping with Venipak for WooCommerce
- Plugin Slug:
- wc-venipak-shipping
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.19.6
- Severity Score:
- High
- CVE:
- 2024-29805
BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages
- Plugin Slug:
- wc4bp
- Installations
- 1,000+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 3.4.21
- Severity Score:
- High
- CVE:
- 2024-2025
WishSuite – Wishlist for WooCommerce
- Plugin Slug:
- wishsuite
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.3.8
- Severity Score:
- Medium
- CVE:
- 2024-29927
WooCommerce Clover Payment Gateway
- Plugin Slug:
- woo-clover-gateway-by-zaytech
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.3.2
- Severity Score:
- Medium
- CVE:
- 2024-0626
WooCommerce Cloak Affiliate Links
- Plugin Slug:
- woocommerce-cloak-affiliate-links
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.0.34
- Severity Score:
- High
- CVE:
- 2024-1308
WP-Lister Lite for Amazon
- Plugin:
- WP-Lister Lite for Amazon
- Plugin Slug:
- wp-lister-for-amazon
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.6.9
- Severity Score:
- High
- CVE:
- 2024-30199
MDTF – Meta Data and Taxonomies Filter
- Plugin Slug:
- wp-meta-data-filter-and-taxonomy-filter
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.3.3
- Severity Score:
- Medium
- CVE:
- 2024-29906
MDTF – Meta Data and Taxonomies Filter
- Plugin Slug:
- wp-meta-data-filter-and-taxonomy-filter
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.3.3
- Severity Score:
- Medium
- CVE:
- 2024-29932
MDTF – Meta Data and Taxonomies Filter
- Plugin Slug:
- wp-meta-data-filter-and-taxonomy-filter
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.3.3.1
- Severity Score:
- High
- CVE:
- 2024-29763
LiquidPoll – Polls, Surveys, NPS and Feedback Reviews
- Plugin Slug:
- wp-poll
- Installations
- 1,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 3.3.77
- Severity Score:
- Medium
- CVE:
- 2024-2080
WP Post Disclaimer
- Plugin:
- WP Post Disclaimer
- Plugin Slug:
- wp-post-disclaimer
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.0.4
- Severity Score:
- Medium
- CVE:
- 2024-29761
Backup Bolt
- Plugin:
- Backup Bolt
- Plugin Slug:
- backup-bolt
- Installations
- 900+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 1.4.0
- Severity Score:
- Medium
- CVE:
- 2023-7236
Frontend Dashboard
- Plugin:
- Frontend Dashboard
- Plugin Slug:
- frontend-dashboard
- Installations
- 900+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.2.2
- Severity Score:
- Medium
- CVE:
- 2024-29775
System Dashboard
- Plugin:
- System Dashboard
- Plugin Slug:
- system-dashboard
- Installations
- 600+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.8.10
- Severity Score:
- Medium
- CVE:
- 2023-7246
CM Download Manager – Document and File Management
- Plugin Slug:
- cm-download-manager
- Installations
- 300+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.9.1
- Severity Score:
- Medium
- CVE:
- 2024-1962
CM Download Manager – Document and File Management
- Plugin Slug:
- cm-download-manager
- Installations
- 300+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.9.0
- Severity Score:
- Medium
- CVE:
- 2024-1232
CM Download Manager – Document and File Management
- Plugin Slug:
- cm-download-manager
- Installations
- 300+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.9.0
- Severity Score:
- Medium
- CVE:
- 2024-1231
Contests by Rewards Fuel
- Plugin:
- Contests by Rewards Fuel
- Plugin Slug:
- contests-from-rewards-fuel
- Installations
- 100+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.0.65
- Severity Score:
- Medium
- CVE:
- 2024-1787
Contests by Rewards Fuel
- Plugin:
- Contests by Rewards Fuel
- Plugin Slug:
- contests-from-rewards-fuel
- Installations
- 100+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.0.63
- Severity Score:
- High
- CVE:
- 2024-1785
MJM Clinic
- Plugin:
- MJM Clinic
- Plugin Slug:
- mjm-clinic
- Installations
- 50+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.1.23
- Severity Score:
- Medium
- CVE:
- 2024-29140
BuddyForms
- Plugin:
- BuddyForms
- Plugin Slug:
- buddyforms
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.8.6
- Severity Score:
- Medium
- CVE:
- 2024-30198
Easy Social Share Buttons
- Plugin:
- Easy Social Share Buttons
- Plugin Slug:
- easy-social-share-buttons3
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 9.5
- Severity Score:
- High
- CVE:
- 2024-30196
Fancy Product Designer
- Plugin:
- Fancy Product Designer
- Plugin Slug:
- fancy-product-designer
- Vulnerability:
- SQL Injection
- Patched in Version:
- 6.1.5
- Severity Score:
- High
- CVE:
- 2024-0365
Invitation Code Content Restriction Plugin from CreativeMinds
- Plugin:
- Invitation Code Content Restriction Plugin from CreativeMinds
- Plugin Slug:
- invitation-code-content-access
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.5.5
- Severity Score:
- High
- CVE:
- 2022-4965
Memberpress
- Plugin:
- Memberpress
- Plugin Slug:
- memberpress
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.11.27
- Severity Score:
- High
- CVE:
- 2024-1412
New RoyalSlider
- Plugin:
- New RoyalSlider
- Plugin Slug:
- new-royalslider
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.4.3
- Severity Score:
- High
- CVE:
- 2024-30195
Olive One Click Demo Import
- Plugin:
- Olive One Click Demo Import
- Plugin Slug:
- olive-one-click-demo-import
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.1.2
- Severity Score:
- High
- CVE:
- 2024-2702
Permalink Manager Pro
- Plugin:
- Permalink Manager Pro
- Plugin Slug:
- permalink-manager-pro
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.4.3.2
- Severity Score:
- High
- CVE:
- 2024-2738
Schema Pro
- Plugin:
- Schema Pro
- Plugin Slug:
- wp-schema-pro
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.7.16
- Severity Score:
- Medium
- CVE:
- 2024-1564
WordPress Importer
- Plugin:
- WordPress Importer
- Plugin Slug:
- wp-smart-import
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.0.5
- Severity Score:
- High
- CVE:
- 2024-30201
WordPress Themes — 8 Patched / 1 Unpatched
Graphene
Astra
Astra
- Theme:
- Astra
- Theme Slug:
- astra
- Downloads
- 11,885,431
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.6.5
- Severity Score:
- Medium
- CVE:
- 2024-29768
ColorMag
Newsmatic
Avada
- Theme:
- Avada
- Theme Slug:
- avada
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 7.11.7
- Severity Score:
- Medium
- CVE:
- 2024-2340
Avada
- Theme:
- Avada
- Theme Slug:
- avada
- Vulnerability:
- SQL Injection
- Patched in Version:
- 7.11.7
- Severity Score:
- High
- CVE:
- 2024-2344
Avada
- Theme:
- Avada
- Theme Slug:
- avada
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- 7.11.7
- Severity Score:
- Medium
- CVE:
- 2024-2343
Avada
- Theme:
- Avada
- Theme Slug:
- avada
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 7.11.7
- Severity Score:
- Medium
- CVE:
- 2024-2311
Solid Security is part of Solid Suite — The best foundation for WordPress websites.
Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!
Sign up now — Get SolidWP updates and valuable content straight to your inbox
Sign up
Get started with confidence — risk free, guaranteed