WordPress Vulnerability Report — March 27, 2024

Since last week, 209 new vulnerabilities emerged in the WordPress ecosystem, including 9 in themes and 200 in plugins. 19 of the vulnerable plugins and themes remain unpatched, but Solid Security Pro users are protected by virtual patching from Patchstack.

Sarah Ulmer

Published:Mar 27, 2024

Filed Under:WordPress Vulnerability Report

Reading Time:40 min.

In this report, 209 vulnerabilities have been publicly disclosed. Security patches for 190 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 19 plugin and theme vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

Along with poor user account security, vulnerable plugins and themes are among the top reasons why WordPress websites get hacked. (See our Annual Vulnerability Report for 2022.) Unfortunately, cyberattacks are increasing in volume and sophistication. They’re also increasingly aimed at small to mid-sized businesses.

1. WordPress Core
2. WordPress Plugins — 182 Patched / 18 Unpatched

2.1 Create by Mediavine
2.2 Coming Soon & Maintenance Mode by Colorlib
2.3 Travelpayouts: All Travel Brands in One Place
2.4 Advanced Social Feeds Widget & Shortcode
2.5 Animated Headline
2.6 Easy Maintenance Mode
2.7 Enjoy Social Feed plugin for WordPress website
2.8 Enjoy Social Feed plugin for WordPress website
2.9 Innovs HR
2.10 Network Summary
2.11 Scalable Vector Graphics (SVG)
2.12 Social Media Share Buttons
2.13 Standout Color Boxes and Buttons
2.14 UX Flat
2.15 Website Article Monetization By MageNet
2.16 Management App for WooCommerce
2.17 Live Sales Notification for Woocommerce – Woomotiv
2.18 Youzify Buddypress Moderation
2.19 Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
2.20 Rank Math SEO with AI SEO Tools
2.21 File Manager
2.22 Popup Maker – Popup for opt-ins, lead gen, & more
2.23 Page Builder by SiteOrigin
2.24 Forminator – Contact Form, Payment Form & Custom Form Builder
2.25 Page Builder Gutenberg Blocks – CoBlocks
2.26 Gutenberg Blocks by Kadence Blocks – Page Builder Features
2.27 WP Go Maps (formerly WP Google Maps)
2.28 Breeze – WordPress Cache Plugin
2.29 PDF Embedder
2.30 Pretty Links – Affiliate Links, Link Branding, Link Tracking & Marketing Plugin
2.31 Pretty Links – Affiliate Links, Link Branding, Link Tracking & Marketing Plugin
2.32 SEOPress – On-site SEO
2.33 Blocksy Companion
2.34 WooCommerce Checkout & Funnel Builder by CartFlows – Create High Converting Stores For WooCommerce
2.35 Jeg Elementor Kit
2.36 Page Builder: Pagelayer – Drag and Drop website builder
2.37 Popup Builder – Create highly converting, mobile friendly marketing popups.
2.38 Unlimited Elements For Elementor (Free Widgets, Addons, Templates)
2.39 PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer – DearFlip
2.40 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)
2.41 Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider)
2.42 Check & Log Email
2.43 GiveWP – Donation Plugin and Fundraising Platform
2.44 HT Mega – Absolute Addons For Elementor
2.45 Qi Addons For Elementor
2.46 SEO Plugin by Squirrly SEO
2.47 Tracking Code Manager
2.48 VK All in One Expansion Unit
2.49 EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor
2.50 Widget for Social Page Feeds
2.51 Permalink Manager Pro
2.52 Permalink Manager Pro
2.53 Permalink Manager Pro
2.54 Real Media Library: Media Library Folder & File Manager
2.55 Media Library Assistant
2.56 Exclusive Addons for Elementor
2.57 Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder
2.58 Getwid – Gutenberg Blocks
2.59 Translate WordPress and go Multilingual – Weglot
2.60 Bold Page Builder
2.61 Calculated Fields Form
2.62 Easy Social Feed – Social Photos Gallery – Post Feed – Like Box
2.63 Image Hover Effects – Elementor Addon
2.64 WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels
2.65 Smart Custom Fields
2.66 Booster for WooCommerce
2.67 WPFront Notification Bar
2.68 Photo Gallery by Supsystic
2.69 Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor
2.70 Piotnet Addons For Elementor
2.71 Simply Static
2.72 Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates)
2.73 BetterDocs – Best Documentation, FAQ & Knowledge Base Plugin with AI Support & Instant Answer for Elementor & Gutenberg
2.74 Compact WP Audio Player
2.75 OneClick Chat to Order
2.76 Portfolio Gallery – Image Gallery Plugin
2.77 Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin
2.78 Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin
2.79 Stratum – Elementor Widgets
2.80 Team Members
2.81 Tutor LMS Elementor Addons
2.82 WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible
2.83 Responsive Pricing Table
2.84 Conversios – Google Analytics 4 (GA4), Meta Pixel & more Via Google Tag Manager For WooCommerce
2.85 MailChimp Forms by MailMunch
2.86 Restrict User Access – Ultimate Membership & Content Protection
2.87 Video Conferencing with Zoom
2.88 WPBakery Page Builder Addons by Livemesh
2.89 Advanced Form Integration – Connect WooCommerce and Contact Form 7 to Google Sheets and other platforms
2.90 Coming Soon, Under Construction & Maintenance Mode By Dazzler
2.91 FlatPM – Ad Manager, AdSense and Custom Code
2.92 GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress
2.93 JetWidgets For Elementor
2.94 Jobs for WordPress
2.95 Lightweight Accordion
2.96 Modal Window – create popup modal window
2.97 Author Box, Guest Author and Co-Authors for Your Posts – Molongui
2.98 ReviewX – Multi-criteria Rating & Reviews for WooCommerce
2.99 s2Member – Best Membership Plugin for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions
2.100 WP Coder – Powerful HTML, CSS, JS and PHP Injection
2.101 Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit
2.102 PowerPack Lite for Beaver Builder
2.103 RevivePress – Keep your Old Content Evergreen
2.104 Gum Elementor Addon
2.105 Media Cloud for Bunny CDN, Amazon S3, Cloudflare R2, Google Cloud Storage, DigitalOcean and more
2.106 Better Search – Relevant search results for WordPress
2.107 WooCommerce POS – Point of Sale (POS)
2.108 WP Compress – Image Optimizer [All-In-One]
2.109 Easy Property Listings
2.110 Podlove Podcast Publisher
2.111 Woo Viet – WooCommerce for Vietnam
2.112 WP Change Email Sender
2.113 Doneren met Mollie
2.114 Error Log Viewer by BestWebSoft
2.115 Podlove Web Player
2.116 Radio Player – Live Shoutcast, Icecast and Any Audio Stream Player for WordPress
2.117 Survey Maker – Best WordPress Survey Plugin
2.118 Fancy Comments WordPress
2.119 Slider Hero with Animation, Video Background
2.120 Premium Packages – Sell Digital Products Securely
2.121 Custom WooCommerce Checkout Fields Editor
2.122 Advanced Classifieds & Directory Pro
2.123 EventPrime – Events Calendar, Bookings and Tickets
2.124 Hot Random Image
2.125 Move Addons for Elementor
2.126 Move Addons for Elementor
2.127 Order Tip for WooCommerce
2.128 PropertyHive
2.129 Simple Ajax Chat – Add a Fast, Secure Chat Box
2.130 WP Directory Kit
2.131 affiliate-toolkit – WordPress Affiliate Plugin
2.132 Appointment Booking Calendar
2.133 Cards for Beaver Builder
2.134 Crypto Converter ? Widget
2.135 WP Poll Maker – Best WordPress Poll Plugin for Voting Contest
2.136 Grid Shortcodes
2.137 WordPress Pinterest Plugin – Make a Popup, User Profile, Masonry and Gallery Layout
2.138 MyBookTable Bookstore by Stormhill Media
2.139 Aparat for WordPress
2.140 360 Javascript Viewer
2.141 Advanced Sermons
2.142 Bulk NoIndex & NoFollow Toolkit
2.143 Church Admin
2.144 Church Admin
2.145 Co-marquage service-public.fr
2.146 Co-marquage service-public.fr
2.147 Dracula Dark Mode – Enhanced Accessibility, Dark Mode & Reading Mode for WordPress
2.148 Dropdown multisite selector
2.149 Exchange Rates Widget
2.150 Football Pool
2.151 Fullscreen Galleria
2.152 WP Fast Total Search – The Power of Indexed Search
2.153 Photo Gallery by Ays – Responsive Image Gallery
2.154 GamiPress – Button
2.155 Gratisfaction- Loyalty, Rewards , Referral, Birthday and Giveaway Program
2.156 iCalendrier
2.157 Web Icons
2.158 Locatoraid Store Locator
2.159 MyCurator Content Curation
2.160 Off-Canvas Sidebars & Menus (Slidebars)
2.161 Passwordless Login
2.162 PDF Builder for WPForms
2.163 Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget
2.164 BizPrint – Print WooCommerce Order Receipts, Invoices, Labels & More.
2.165 ReDi Restaurant Reservation
2.166 SEO Backlink Monitor
2.167 StreamWeasels Twitch Integration
2.168 Sunshine Photo Cart: Free Client Galleries for Photographers
2.169 Travelers’ Map
2.170 WC Builder – WooCommerce Page Builder for WPBakery
2.171 Shipping with Venipak for WooCommerce
2.172 BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages
2.173 WishSuite – Wishlist for WooCommerce
2.174 WooCommerce Clover Payment Gateway
2.175 WooCommerce Cloak Affiliate Links
2.176 WP-Lister Lite for Amazon
2.177 MDTF – Meta Data and Taxonomies Filter
2.178 MDTF – Meta Data and Taxonomies Filter
2.179 MDTF – Meta Data and Taxonomies Filter
2.180 LiquidPoll – Polls, Surveys, NPS and Feedback Reviews
2.181 WP Post Disclaimer
2.182 Backup Bolt
2.183 Frontend Dashboard
2.184 System Dashboard
2.185 CM Download Manager – Document and File Management
2.186 CM Download Manager – Document and File Management
2.187 CM Download Manager – Document and File Management
2.188 Contests by Rewards Fuel
2.189 Contests by Rewards Fuel
2.190 MJM Clinic
2.191 BuddyForms
2.192 Easy Social Share Buttons
2.193 Fancy Product Designer
2.194 Invitation Code Content Restriction Plugin from CreativeMinds
2.195 Memberpress
2.196 New RoyalSlider
2.197 Olive One Click Demo Import
2.198 Permalink Manager Pro
2.199 Schema Pro
2.200 WordPress Importer

3. WordPress Themes — 8 Patched / 1 Unpatched

3.1 Graphene
3.2 Astra
3.3 Astra
3.4 ColorMag
3.5 Newsmatic
3.6 Avada
3.7 Avada
3.8 Avada
3.9 Avada

Our WordPress Vulnerability Report covers the latest emerging WordPress plugin, theme, and core vulnerabilities. Each vulnerability will have a severity rating of Low, Medium, High, or Critical. Responsible disclosure of vulnerabilities is essential to keeping the WordPress community safe. Please share this report to help spread the word and make WordPress — and the web — more secure.

WordPress Core

WordPress 6.4.3 was released on January 30, 2024, as a short-cycle maintenance and security release with five bug fixes in Core and 16 bug fixes for the Block Editor. It is recommended that you update your sites immediately.

WordPress Plugins — 182 Patched / 18 Unpatched

Plugin:: Create by Mediavine
Plugin Slug:: mediavine-create
Installations: 8,000+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-1711

Plugin:: Coming Soon & Maintenance Mode by Colorlib
Plugin Slug:: colorlib-coming-soon-maintenance
Installations: 7,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-1473

Plugin:: Travelpayouts: All Travel Brands in One Place
Plugin Slug:: travelpayouts
Installations: 7,000+
Vulnerability:: Open Redirection
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-0337

Plugin:: Advanced Social Feeds Widget & Shortcode
Plugin Slug:: advanced-facebook-twitter-widget
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-0951

Plugin:: Animated Headline
Plugin Slug:: animated-headline
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-2304

Plugin:: Easy Maintenance Mode
Plugin Slug:: easy-maintenance-mode-coming-soon
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-1477

Plugin:: Enjoy Social Feed plugin for WordPress website
Plugin Slug:: enjoy-instagram-instagram-responsive-images-gallery-and-carousel
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-0780

Plugin:: Enjoy Social Feed plugin for WordPress website
Plugin Slug:: enjoy-instagram-instagram-responsive-images-gallery-and-carousel
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-0779

Plugin:: Innovs HR
Plugin Slug:: innovs-hr-manager
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-0858

Plugin:: Network Summary
Plugin Slug:: network-summary
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-2804

Plugin:: Scalable Vector Graphics (SVG)
Plugin Slug:: scalable-vector-graphics-svg
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2023-7085

Plugin:: Social Media Share Buttons
Plugin Slug:: social-media-builder
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-2721

Plugin:: Standout Color Boxes and Buttons
Plugin Slug:: standout-color-boxes-and-buttons
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-2474

Plugin:: UX Flat
Plugin Slug:: ux-flat
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-2459

Plugin:: Website Article Monetization By MageNet
Plugin Slug:: website-article-monetization-by-magenet
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-1379

Plugin:: Management App for WooCommerce
Plugin Slug:: wemanage-app-worker
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-1205

Plugin:: Live Sales Notification for Woocommerce – Woomotiv
Plugin Slug:: woomotiv
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-1325

Plugin:: Youzify Buddypress Moderation
Plugin Slug:: youzify-moderation
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-2864

Plugin:: Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
Plugin Slug:: essential-addons-for-elementor-lite
Installations: 2,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.9.12
Severity Score:: Medium
CVE:: 2024-2623

Plugin:: Rank Math SEO with AI SEO Tools
Plugin Slug:: seo-by-rank-math
Installations: 2,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.215
Severity Score:: Medium
CVE:: 2024-2536

Plugin:: File Manager
Plugin Slug:: wp-file-manager
Installations: 1,000,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 7.2.5
Severity Score:: High
CVE:: 2024-1538

Plugin:: Popup Maker – Popup for opt-ins, lead gen, & more
Plugin Slug:: popup-maker
Installations: 700,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.18.3
Severity Score:: Medium
CVE:: 2024-2336

Plugin:: Page Builder by SiteOrigin
Plugin Slug:: siteorigin-panels
Installations: 700,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.29.7
Severity Score:: Medium
CVE:: 2024-2202

Plugin:: Forminator – Contact Form, Payment Form & Custom Form Builder
Plugin Slug:: forminator
Installations: 500,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.29.1
Severity Score:: High
CVE:: 2024-29777

Plugin:: Page Builder Gutenberg Blocks – CoBlocks
Plugin Slug:: coblocks
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1.7
Severity Score:: Medium
CVE:: 2024-1049

Plugin:: Gutenberg Blocks by Kadence Blocks – Page Builder Features
Plugin Slug:: kadence-blocks
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.26
Severity Score:: Medium
CVE:: 2024-1999

Plugin:: WP Go Maps (formerly WP Google Maps)
Plugin Slug:: wp-google-maps
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 9.0.30
Severity Score:: High
CVE:: 2024-29931

Plugin:: Breeze – WordPress Cache Plugin
Plugin Slug:: breeze
Installations: 300,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.4
Severity Score:: Medium
CVE:: 2024-27188

Plugin:: PDF Embedder
Plugin Slug:: pdf-embedder
Installations: 300,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.7.1
Severity Score:: Medium
CVE:: 2024-29141

Plugin:: Pretty Links – Affiliate Links, Link Branding, Link Tracking & Marketing Plugin
Plugin Slug:: pretty-link
Installations: 300,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.6.4
Severity Score:: Medium
CVE:: 2024-2326

Plugin:: Pretty Links – Affiliate Links, Link Branding, Link Tracking & Marketing Plugin
Plugin Slug:: pretty-link
Installations: 300,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.6.3
Severity Score:: High
CVE:: 2024-29770

Plugin:: SEOPress – On-site SEO
Plugin Slug:: wp-seopress
Installations: 300,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.6
Severity Score:: Medium
CVE:: 2024-2165

Plugin:: Blocksy Companion
Plugin Slug:: blocksy-companion
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.32
Severity Score:: Medium
CVE:: 2024-2392

Plugin:: WooCommerce Checkout & Funnel Builder by CartFlows – Create High Converting Stores For WooCommerce
Plugin Slug:: cartflows
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.2
Severity Score:: Medium
CVE:: 2024-29813

Plugin:: Jeg Elementor Kit
Plugin Slug:: jeg-elementor-kit
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.3
Severity Score:: Medium
CVE:: 2024-1326

Plugin:: Page Builder: Pagelayer – Drag and Drop website builder
Plugin Slug:: pagelayer
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8.5
Severity Score:: Medium
CVE:: 2024-2504

Plugin:: Popup Builder – Create highly converting, mobile friendly marketing popups.
Plugin Slug:: popup-builder
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.2.7
Severity Score:: Medium
CVE:: 2024-30184

Plugin:: Unlimited Elements For Elementor (Free Widgets, Addons, Templates)
Plugin Slug:: unlimited-elements-for-elementor
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.94
Severity Score:: High
CVE:: 2024-29792

Plugin:: PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer – DearFlip
Plugin Slug:: 3d-flipbook-dflip-lite
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.27
Severity Score:: Medium
CVE:: 2024-29807

Plugin:: Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)
Plugin Slug:: bdthemes-element-pack-lite
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.5.4
Severity Score:: Medium
CVE:: 2024-30185

Plugin:: Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider)
Plugin Slug:: bdthemes-prime-slider-lite
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.13.2
Severity Score:: Medium
CVE:: 2024-30186

Plugin:: Check & Log Email
Plugin Slug:: check-email
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.0.10
Severity Score:: High
CVE:: 2024-0866

Plugin:: GiveWP – Donation Plugin and Fundraising Platform
Plugin Slug:: give
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.6.0
Severity Score:: Medium
CVE:: 2024-1424

Plugin:: HT Mega – Absolute Addons For Elementor
Plugin Slug:: ht-mega-for-elementor
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.4
Severity Score:: Medium
CVE:: 2024-30182

Plugin:: Qi Addons For Elementor
Plugin Slug:: qi-addons-for-elementor
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.8
Severity Score:: Medium
CVE:: 2024-0826

Plugin:: SEO Plugin by Squirrly SEO
Plugin Slug:: squirrly-seo
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 12.3.17
Severity Score:: High
CVE:: 2024-29790

Plugin:: Tracking Code Manager
Plugin Slug:: tracking-code-manager
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.0
Severity Score:: Medium
CVE:: 2024-2579

Plugin:: VK All in One Expansion Unit
Plugin Slug:: vk-all-in-one-expansion-unit
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 9.97.0.0
Severity Score:: Medium
CVE:: 2024-2170

Plugin:: EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor
Plugin Slug:: embedpress
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.9.13
Severity Score:: Medium
CVE:: 2024-2468

Plugin:: Widget for Social Page Feeds
Plugin Slug:: facebook-pagelike-widget
Installations: 80,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.4
Severity Score:: Medium
CVE:: 2024-0973

Plugin:: Permalink Manager Pro
Plugin Slug:: permalink-manager
Installations: 80,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.4.3.2
Severity Score:: Medium
CVE:: 2024-2543

Plugin:: Permalink Manager Pro
Plugin Slug:: permalink-manager
Installations: 80,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.3.2
Severity Score:: High
CVE:: 2024-2738

Plugin:: Permalink Manager Pro
Plugin Slug:: permalink-manager
Installations: 80,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.4.3.2
Severity Score:: Low
CVE:: 2024-2538

Plugin:: Real Media Library: Media Library Folder & File Manager
Plugin Slug:: real-media-library-lite
Installations: 80,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.22.8
Severity Score:: Medium
CVE:: 2024-2027

Plugin:: Media Library Assistant
Plugin Slug:: media-library-assistant
Installations: 70,000+
Vulnerability:: SQL Injection
Patched in Version:: 3.14
Severity Score:: High
CVE:: 2024-2871

Plugin:: Exclusive Addons for Elementor
Plugin Slug:: exclusive-addons-for-elementor
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.9
Severity Score:: Medium
CVE:: 2024-30177

Plugin:: Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder
Plugin Slug:: form-maker
Installations: 60,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.15.23
Severity Score:: Medium
CVE:: 2024-2112

Plugin:: Getwid – Gutenberg Blocks
Plugin Slug:: getwid
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.6
Severity Score:: Medium
CVE:: 2024-1948

Plugin:: Translate WordPress and go Multilingual – Weglot
Plugin Slug:: weglot
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.2.6
Severity Score:: Medium
CVE:: 2024-2124

Plugin:: Bold Page Builder
Plugin Slug:: bold-page-builder
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.7.7
Severity Score:: Medium
CVE:: 2024-30179

Plugin:: Calculated Fields Form
Plugin Slug:: calculated-fields-form
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.55
Severity Score:: High
CVE:: 2024-29759

Plugin:: Easy Social Feed – Social Photos Gallery – Post Feed – Like Box
Plugin Slug:: easy-facebook-likebox
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.5.4
Severity Score:: Medium
CVE:: 2024-30180

Plugin:: Image Hover Effects – Elementor Addon
Plugin Slug:: image-hover-effects-addon-for-elementor
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4.1
Severity Score:: Medium
CVE:: 2024-29936

Plugin:: WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels
Plugin Slug:: print-invoices-packing-slip-labels-for-woocommerce
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.4.2
Severity Score:: High
CVE:: 2024-0957

Plugin:: Smart Custom Fields
Plugin Slug:: smart-custom-fields
Installations: 50,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.0.0
Severity Score:: Medium
CVE:: 2024-1995

Plugin:: Booster for WooCommerce
Plugin Slug:: woocommerce-jetpack
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.1.8
Severity Score:: High
CVE:: 2024-29760

Plugin:: WPFront Notification Bar
Plugin Slug:: wpfront-notification-bar
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.4
Severity Score:: Medium
CVE:: 2024-29819

Plugin:: Photo Gallery by Supsystic
Plugin Slug:: gallery-by-supsystic
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.15.17
Severity Score:: Medium
CVE:: 2024-29921

Plugin:: Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor
Plugin Slug:: master-addons
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.5.6
Severity Score:: Medium
CVE:: 2024-29911

Plugin:: Piotnet Addons For Elementor
Plugin Slug:: piotnet-addons-for-elementor
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.26
Severity Score:: Medium
CVE:: 2024-29934

Plugin:: Simply Static
Plugin Slug:: simply-static
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1.4
Severity Score:: Medium
CVE:: 2024-30178

Plugin:: Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates)
Plugin Slug:: sina-extension-for-elementor
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.5.1
Severity Score:: Medium
CVE:: 2024-29935

Plugin:: BetterDocs – Best Documentation, FAQ & Knowledge Base Plugin with AI Support & Instant Answer for Elementor & Gutenberg
Plugin Slug:: betterdocs
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.5.0
Severity Score:: Medium
CVE:: 2024-2845

Plugin:: Compact WP Audio Player
Plugin Slug:: compact-wp-audio-player
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.9.10
Severity Score:: Medium
CVE:: 2024-29917

Plugin:: OneClick Chat to Order
Plugin Slug:: oneclick-whatsapp-order
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.6
Severity Score:: Medium
CVE:: 2024-29789

Plugin:: Portfolio Gallery – Image Gallery Plugin
Plugin Slug:: portfolio-filter-gallery
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.7
Severity Score:: Medium
CVE:: 2024-29769

Plugin:: Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin
Plugin Slug:: simply-schedule-appointments
Installations: 30,000+
Vulnerability:: SQL Injection
Patched in Version:: 1.6.7.9
Severity Score:: High
CVE:: 2024-2342

Plugin:: Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin
Plugin Slug:: simply-schedule-appointments
Installations: 30,000+
Vulnerability:: SQL Injection
Patched in Version:: 1.6.7.9
Severity Score:: High
CVE:: 2024-2341

Plugin:: Stratum – Elementor Widgets
Plugin Slug:: stratum
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.16
Severity Score:: Medium
CVE:: 2024-29914

Plugin:: Team Members
Plugin Slug:: team-members
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.3.2
Severity Score:: Medium
CVE:: 2024-1331

Plugin:: Tutor LMS Elementor Addons
Plugin Slug:: tutor-lms-elementor-addons
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.4
Severity Score:: Medium
CVE:: 2024-29913

Plugin:: WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible
Plugin Slug:: wc-frontend-manager
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.7.9
Severity Score:: Medium
CVE:: 2024-29929

Plugin:: Responsive Pricing Table
Plugin Slug:: dk-pricr-responsive-pricing-table
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.1.11
Severity Score:: Medium
CVE:: 2024-1333

Plugin:: Conversios – Google Analytics 4 (GA4), Meta Pixel & more Via Google Tag Manager For WooCommerce
Plugin Slug:: enhanced-e-commerce-for-woocommerce-store
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.0.0
Severity Score:: High
CVE:: 2024-29794

Plugin:: MailChimp Forms by MailMunch
Plugin Slug:: mailchimp-forms-by-mailmunch
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.3
Severity Score:: Medium
CVE:: 2024-29793

Plugin:: Restrict User Access – Ultimate Membership & Content Protection
Plugin Slug:: restrict-user-access
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6
Severity Score:: High
CVE:: 2024-29138

Plugin:: Video Conferencing with Zoom
Plugin Slug:: video-conferencing-with-zoom-api
Installations: 20,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 4.4.6
Severity Score:: Medium
CVE:: 2024-2033

Plugin:: WPBakery Page Builder Addons by Livemesh
Plugin Slug:: addons-for-visual-composer
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.8
Severity Score:: Medium
CVE:: 2024-30183

Plugin:: Advanced Form Integration – Connect WooCommerce and Contact Form 7 to Google Sheets and other platforms
Plugin Slug:: advanced-form-integration
Installations: 10,000+
Vulnerability:: SQL Injection
Patched in Version:: 1.82.6
Severity Score:: High
CVE:: 2024-2387

Plugin:: Coming Soon, Under Construction & Maintenance Mode By Dazzler
Plugin Slug:: coming-soon-wp
Installations: 10,000+
Vulnerability:: Bypass Vulnerability
Patched in Version:: 2.1.3
Severity Score:: Medium
CVE:: 2024-1181

Plugin:: FlatPM – Ad Manager, AdSense and Custom Code
Plugin Slug:: flatpm-wp
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1.05
Severity Score:: Medium
CVE:: 2024-29803

Plugin:: GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress
Plugin Slug:: gamipress
Installations: 10,000+
Vulnerability:: SQL Injection
Patched in Version:: 6.8.7
Severity Score:: High
CVE:: 2024-1799

Plugin:: JetWidgets For Elementor
Plugin Slug:: jetwidgets-for-elementor
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.17
Severity Score:: Medium
CVE:: 2024-2507

Plugin:: Jobs for WordPress
Plugin Slug:: job-postings
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.7.4
Severity Score:: Medium
CVE:: 2024-0820

Plugin:: Lightweight Accordion
Plugin Slug:: lightweight-accordion
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.17
Severity Score:: Medium
CVE:: 2024-2436

Plugin:: Modal Window – create popup modal window
Plugin Slug:: modal-window
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.3.9
Severity Score:: Medium
CVE:: 2024-2457

Plugin:: Author Box, Guest Author and Co-Authors for Your Posts – Molongui
Plugin Slug:: molongui-authorship
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.7.8
Severity Score:: Medium
CVE:: 2024-29764

Plugin:: ReviewX – Multi-criteria Rating & Reviews for WooCommerce
Plugin Slug:: reviewx
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.23
Severity Score:: Medium
CVE:: 2024-29812

Plugin:: s2Member – Best Membership Plugin for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions
Plugin Slug:: s2member
Installations: 10,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 240315
Severity Score:: Medium
CVE:: 2024-0899

Plugin:: WP Coder – Powerful HTML, CSS, JS and PHP Injection
Plugin Slug:: wp-coder
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.5.1
Severity Score:: Medium
CVE:: 2024-2578

Plugin:: Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit
Plugin Slug:: wp-marketing-automations
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.8.3
Severity Score:: Medium
CVE:: 2024-2580

Plugin:: PowerPack Lite for Beaver Builder
Plugin Slug:: powerpack-addon-for-beaver-builder
Installations: 9,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.0.1
Severity Score:: Medium
CVE:: 2024-2289

Plugin:: RevivePress – Keep your Old Content Evergreen
Plugin Slug:: wp-auto-republish
Installations: 9,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.5.6.1
Severity Score:: Medium
CVE:: 2024-1844

Plugin:: Gum Elementor Addon
Plugin Slug:: gum-elementor-addon
Installations: 8,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.3
Severity Score:: Medium
CVE:: 2024-2348

Plugin:: Media Cloud for Bunny CDN, Amazon S3, Cloudflare R2, Google Cloud Storage, DigitalOcean and more
Plugin Slug:: ilab-media-tools
Installations: 8,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.5.25
Severity Score:: Medium
CVE:: 2024-29795

Plugin:: Better Search – Relevant search results for WordPress
Plugin Slug:: better-search
Installations: 7,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.3.1
Severity Score:: High
CVE:: 2024-29142

Plugin:: WooCommerce POS – Point of Sale (POS)
Plugin Slug:: woocommerce-pos
Installations: 7,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.4.12
Severity Score:: Medium
CVE:: 2024-2384

Plugin:: WP Compress – Image Optimizer [All-In-One]
Plugin Slug:: wp-compress-image-optimizer
Installations: 7,000+
Vulnerability:: Broken Access Control
Patched in Version:: 6.11.11
Severity Score:: High
CVE:: 2024-1934

Plugin:: Easy Property Listings
Plugin Slug:: easy-property-listings
Installations: 6,000+
Vulnerability:: SQL Injection
Patched in Version:: 3.5.3
Severity Score:: High
CVE:: 2024-1893

Plugin:: Podlove Podcast Publisher
Plugin Slug:: podlove-podcasting-plugin-for-wordpress
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.0.10
Severity Score:: High
CVE:: 2024-29915

Plugin:: Woo Viet – WooCommerce for Vietnam
Plugin Slug:: woo-viet
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.3
Severity Score:: Medium
CVE:: 2024-29816

Plugin:: WP Change Email Sender
Plugin Slug:: wp-change-email-sender
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.0
Severity Score:: Medium
CVE:: 2024-29815

Plugin:: Doneren met Mollie
Plugin Slug:: doneren-met-mollie
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.10.3
Severity Score:: High
CVE:: 2024-29767

Plugin:: Error Log Viewer by BestWebSoft
Plugin Slug:: error-log-viewer
Installations: 5,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.1.3
Severity Score:: High
CVE:: 2023-6821

Plugin:: Podlove Web Player
Plugin Slug:: podlove-web-player
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.7.3
Severity Score:: Medium
CVE:: 2024-29788

Plugin:: Radio Player – Live Shoutcast, Icecast and Any Audio Stream Player for WordPress
Plugin Slug:: radio-player
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.74
Severity Score:: Medium
CVE:: 2024-29811

Plugin:: Survey Maker – Best WordPress Survey Plugin
Plugin Slug:: survey-maker
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.0.7
Severity Score:: High
CVE:: 2024-29918

Plugin:: Fancy Comments WordPress
Plugin Slug:: fancy-facebook-comments
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.15
Severity Score:: Medium
CVE:: 2024-29804

Plugin:: Slider Hero with Animation, Video Background
Plugin Slug:: slider-hero
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 8.7.0
Severity Score:: Medium
CVE:: 2024-29922

Plugin:: Premium Packages – Sell Digital Products Securely
Plugin Slug:: wpdm-premium-packages
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.8.3
Severity Score:: High
CVE:: 2024-29924

Plugin:: Custom WooCommerce Checkout Fields Editor
Plugin Slug:: add-fields-to-checkout-page-woocommerce
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.2
Severity Score:: Medium
CVE:: 2024-1697

Plugin:: Advanced Classifieds & Directory Pro
Plugin Slug:: advanced-classifieds-and-directory-pro
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.1.2
Severity Score:: Medium
CVE:: 2024-2222

Plugin:: EventPrime – Events Calendar, Bookings and Tickets
Plugin Slug:: eventprime-event-calendar-management
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.4.0
Severity Score:: Medium
CVE:: 2024-29776

Plugin:: Hot Random Image
Plugin Slug:: hot-random-image
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8.2
Severity Score:: Medium
CVE:: 2024-29796

Plugin:: Move Addons for Elementor
Plugin Slug:: move-addons
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.0
Severity Score:: Medium
CVE:: 2024-29920

Plugin:: Move Addons for Elementor
Plugin Slug:: move-addons
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.0
Severity Score:: Medium
CVE:: 2024-2131

Plugin:: Order Tip for WooCommerce
Plugin Slug:: order-tip-woo
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.4.0
Severity Score:: Medium
CVE:: 2024-1119

Plugin:: PropertyHive
Plugin Slug:: propertyhive
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.9
Severity Score:: High
CVE:: 2024-29923

Plugin:: Simple Ajax Chat – Add a Fast, Secure Chat Box
Plugin Slug:: simple-ajax-chat
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 20240223
Severity Score:: High
CVE:: 2024-1983

Plugin:: WP Directory Kit
Plugin Slug:: wpdirectorykit
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.0
Severity Score:: High
CVE:: 2024-29774

Plugin:: affiliate-toolkit – WordPress Affiliate Plugin
Plugin Slug:: affiliate-toolkit-starter
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.4.6
Severity Score:: Medium
CVE:: 2024-29817

Plugin:: Appointment Booking Calendar
Plugin Slug:: appointment-booking-calendar
Installations: 2,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.3.83
Severity Score:: Medium
CVE:: 2024-0856

Plugin:: Cards for Beaver Builder
Plugin Slug:: bb-bootstrap-cards
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.3
Severity Score:: Medium
CVE:: 2024-2305

Plugin:: Crypto Converter ? Widget
Plugin Slug:: crypto-converter-widget
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.9.0
Severity Score:: Medium
CVE:: 2024-29930

Plugin:: WP Poll Maker – Best WordPress Poll Plugin for Voting Contest
Plugin Slug:: epoll-wp-voting
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.4
Severity Score:: Medium
CVE:: 2024-29818

Plugin:: Grid Shortcodes
Plugin Slug:: grid-shortcodes
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.1
Severity Score:: Medium
CVE:: 2024-29797

Plugin:: WordPress Pinterest Plugin – Make a Popup, User Profile, Masonry and Gallery Layout
Plugin Slug:: gs-pinterest-portfolio
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8.3
Severity Score:: Medium
CVE:: 2024-30192

Plugin:: MyBookTable Bookstore by Stormhill Media
Plugin Slug:: mybooktable
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.3.8
Severity Score:: Medium
CVE:: 2024-29772

Plugin:: Aparat for WordPress
Plugin Slug:: wp-aparat
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.1
Severity Score:: Medium
CVE:: 2024-29765

Plugin:: 360 Javascript Viewer
Plugin Slug:: 360deg-javascript-viewer
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.7.13
Severity Score:: Medium
CVE:: 2024-1637

Plugin:: Advanced Sermons
Plugin Slug:: advanced-sermons
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2
Severity Score:: High
CVE:: 2024-29928

Plugin:: Bulk NoIndex & NoFollow Toolkit
Plugin Slug:: bulk-noindex-nofollow-toolkit-by-mad-fish
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.10
Severity Score:: High
CVE:: 2024-29791

Plugin:: Church Admin
Plugin Slug:: church-admin
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.0.27
Severity Score:: Medium
CVE:: 2024-30197

Plugin:: Church Admin
Plugin Slug:: church-admin
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.1.18
Severity Score:: Medium
CVE:: 2024-30193

Plugin:: Co-marquage service-public.fr
Plugin Slug:: co-marquage-service-public
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 0.5.72
Severity Score:: Medium
CVE:: 2024-29908

Plugin:: Co-marquage service-public.fr
Plugin Slug:: co-marquage-service-public
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 0.5.73
Severity Score:: High
CVE:: 2024-29758

Plugin:: Dracula Dark Mode – Enhanced Accessibility, Dark Mode & Reading Mode for WordPress
Plugin Slug:: dracula-dark-mode
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.9
Severity Score:: Medium
CVE:: 2024-29771

Plugin:: Dropdown multisite selector
Plugin Slug:: dropdown-multisite-selector
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 0.9.2.1
Severity Score:: Medium
CVE:: 2024-29910

Plugin:: Exchange Rates Widget
Plugin Slug:: exchange-rates-widget
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4.1
Severity Score:: Medium
CVE:: 2024-29814

Plugin:: Football Pool
Plugin Slug:: football-pool
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.11.4
Severity Score:: Medium
CVE:: 2024-29802

Plugin:: Fullscreen Galleria
Plugin Slug:: fullscreen-galleria
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.12
Severity Score:: Medium
CVE:: 2024-29801

Plugin:: WP Fast Total Search – The Power of Indexed Search
Plugin Slug:: fulltext-search
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.60.213
Severity Score:: Medium
CVE:: 2024-29799

Plugin:: Photo Gallery by Ays – Responsive Image Gallery
Plugin Slug:: gallery-photo-gallery
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.5.3
Severity Score:: High
CVE:: 2024-29919

Plugin:: GamiPress – Button
Plugin Slug:: gamipress-button
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.8
Severity Score:: Medium
CVE:: 2024-2460

Plugin:: Gratisfaction- Loyalty, Rewards , Referral, Birthday and Giveaway Program
Plugin Slug:: gratisfaction-all-in-one-loyalty-contests-referral-program-for-woocommerce
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.3.5
Severity Score:: Medium
CVE:: 2024-29798

Plugin:: iCalendrier
Plugin Slug:: icalendrier
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.81
Severity Score:: Medium
CVE:: 2024-29912

Plugin:: Web Icons
Plugin Slug:: icon
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.0.11
Severity Score:: Medium
CVE:: 2024-29933

Plugin:: Locatoraid Store Locator
Plugin Slug:: locatoraid
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.9.31
Severity Score:: Medium
CVE:: 2024-30181

Plugin:: MyCurator Content Curation
Plugin Slug:: mycurator
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.77
Severity Score:: High
CVE:: 2024-29139

Plugin:: Off-Canvas Sidebars & Menus (Slidebars)
Plugin Slug:: off-canvas-sidebars
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 0.5.8.2
Severity Score:: Medium
CVE:: 2024-29762

Plugin:: Passwordless Login
Plugin Slug:: passwordless-login
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.3
Severity Score:: Medium
CVE:: 2024-29143

Plugin:: PDF Builder for WPForms
Plugin Slug:: pdf-builder-for-wpforms
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.89
Severity Score:: Medium
CVE:: 2024-29820

Plugin:: Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget
Plugin Slug:: post-grid-carousel-ultimate
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.7
Severity Score:: Medium
CVE:: 2024-29925

Plugin:: BizPrint – Print WooCommerce Order Receipts, Invoices, Labels & More.
Plugin Slug:: print-google-cloud-print-gcp-woocommerce
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 4.5.6
Severity Score:: High
CVE:: 2024-29773

Plugin:: ReDi Restaurant Reservation
Plugin Slug:: redi-restaurant-reservation
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 24.0303
Severity Score:: High
CVE:: 2024-29806

Plugin:: SEO Backlink Monitor
Plugin Slug:: seo-backlink-monitor
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.0
Severity Score:: High
CVE:: 2024-29907

Plugin:: StreamWeasels Twitch Integration
Plugin Slug:: streamweasels-twitch-integration
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.7.6
Severity Score:: Medium
CVE:: 2024-29766

Plugin:: Sunshine Photo Cart: Free Client Galleries for Photographers
Plugin Slug:: sunshine-photo-cart
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1.2
Severity Score:: High
CVE:: 2024-30194

Plugin:: Travelers’ Map
Plugin Slug:: travelers-map
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.1
Severity Score:: Medium
CVE:: 2024-29909

Plugin:: WC Builder – WooCommerce Page Builder for WPBakery
Plugin Slug:: wc-builder
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.19
Severity Score:: Medium
CVE:: 2024-29926

Plugin:: Shipping with Venipak for WooCommerce
Plugin Slug:: wc-venipak-shipping
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.19.6
Severity Score:: High
CVE:: 2024-29805

Plugin:: BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages
Plugin Slug:: wc4bp
Installations: 1,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 3.4.21
Severity Score:: High
CVE:: 2024-2025

Plugin:: WishSuite – Wishlist for WooCommerce
Plugin Slug:: wishsuite
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.8
Severity Score:: Medium
CVE:: 2024-29927

Plugin:: WooCommerce Clover Payment Gateway
Plugin Slug:: woo-clover-gateway-by-zaytech
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.3.2
Severity Score:: Medium
CVE:: 2024-0626

Plugin:: WooCommerce Cloak Affiliate Links
Plugin Slug:: woocommerce-cloak-affiliate-links
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.0.34
Severity Score:: High
CVE:: 2024-1308

Plugin:: WP-Lister Lite for Amazon
Plugin Slug:: wp-lister-for-amazon
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.9
Severity Score:: High
CVE:: 2024-30199

Plugin:: MDTF – Meta Data and Taxonomies Filter
Plugin Slug:: wp-meta-data-filter-and-taxonomy-filter
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.3
Severity Score:: Medium
CVE:: 2024-29906

Plugin:: MDTF – Meta Data and Taxonomies Filter
Plugin Slug:: wp-meta-data-filter-and-taxonomy-filter
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.3
Severity Score:: Medium
CVE:: 2024-29932

Plugin:: MDTF – Meta Data and Taxonomies Filter
Plugin Slug:: wp-meta-data-filter-and-taxonomy-filter
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.3.1
Severity Score:: High
CVE:: 2024-29763

Plugin:: LiquidPoll – Polls, Surveys, NPS and Feedback Reviews
Plugin Slug:: wp-poll
Installations: 1,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 3.3.77
Severity Score:: Medium
CVE:: 2024-2080

Plugin:: WP Post Disclaimer
Plugin Slug:: wp-post-disclaimer
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.4
Severity Score:: Medium
CVE:: 2024-29761

Plugin:: Backup Bolt
Plugin Slug:: backup-bolt
Installations: 900+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.4.0
Severity Score:: Medium
CVE:: 2023-7236

Plugin:: Frontend Dashboard
Plugin Slug:: frontend-dashboard
Installations: 900+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.2
Severity Score:: Medium
CVE:: 2024-29775

Plugin:: System Dashboard
Plugin Slug:: system-dashboard
Installations: 600+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.8.10
Severity Score:: Medium
CVE:: 2023-7246

Plugin:: CM Download Manager – Document and File Management
Plugin Slug:: cm-download-manager
Installations: 300+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.9.1
Severity Score:: Medium
CVE:: 2024-1962

Plugin:: CM Download Manager – Document and File Management
Plugin Slug:: cm-download-manager
Installations: 300+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.9.0
Severity Score:: Medium
CVE:: 2024-1232

Plugin:: CM Download Manager – Document and File Management
Plugin Slug:: cm-download-manager
Installations: 300+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.9.0
Severity Score:: Medium
CVE:: 2024-1231

Plugin:: Contests by Rewards Fuel
Plugin Slug:: contests-from-rewards-fuel
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.65
Severity Score:: Medium
CVE:: 2024-1787

Plugin:: Contests by Rewards Fuel
Plugin Slug:: contests-from-rewards-fuel
Installations: 100+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.0.63
Severity Score:: High
CVE:: 2024-1785

Plugin:: MJM Clinic
Plugin Slug:: mjm-clinic
Installations: 50+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.23
Severity Score:: Medium
CVE:: 2024-29140

Plugin:: BuddyForms
Plugin Slug:: buddyforms
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.8.6
Severity Score:: Medium
CVE:: 2024-30198

Plugin:: Easy Social Share Buttons
Plugin Slug:: easy-social-share-buttons3
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 9.5
Severity Score:: High
CVE:: 2024-30196

Plugin:: Fancy Product Designer
Plugin Slug:: fancy-product-designer
Vulnerability:: SQL Injection
Patched in Version:: 6.1.5
Severity Score:: High
CVE:: 2024-0365

Plugin:: Invitation Code Content Restriction Plugin from CreativeMinds
Plugin Slug:: invitation-code-content-access
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.5
Severity Score:: High
CVE:: 2022-4965

Plugin:: Memberpress
Plugin Slug:: memberpress
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.11.27
Severity Score:: High
CVE:: 2024-1412

Plugin:: New RoyalSlider
Plugin Slug:: new-royalslider
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.4.3
Severity Score:: High
CVE:: 2024-30195

Plugin:: Olive One Click Demo Import
Plugin Slug:: olive-one-click-demo-import
Vulnerability:: Broken Access Control
Patched in Version:: 1.1.2
Severity Score:: High
CVE:: 2024-2702

Plugin:: Permalink Manager Pro
Plugin Slug:: permalink-manager-pro
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.3.2
Severity Score:: High
CVE:: 2024-2738

Plugin:: Schema Pro
Plugin Slug:: wp-schema-pro
Vulnerability:: Broken Access Control
Patched in Version:: 2.7.16
Severity Score:: Medium
CVE:: 2024-1564

Plugin:: WordPress Importer
Plugin Slug:: wp-smart-import
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.5
Severity Score:: High
CVE:: 2024-30201

WordPress Themes — 8 Patched / 1 Unpatched

Theme:: Graphene
Theme Slug:: graphene
Downloads: 1,515,731
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-1984

Theme:: Astra
Theme Slug:: astra
Downloads: 11,885,431
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.6.9
Severity Score:: Medium
CVE:: 2024-2347

Theme:: Astra
Theme Slug:: astra
Downloads: 11,885,431
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.6.5
Severity Score:: Medium
CVE:: 2024-29768

Theme:: ColorMag
Theme Slug:: colormag
Downloads: 3,868,842
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1.7
Severity Score:: Medium
CVE:: 2024-2500

Theme:: Newsmatic
Theme Slug:: newsmatic
Downloads: 185,361
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.3.5
Severity Score:: Medium
CVE:: 2024-1587

Theme:: Avada
Theme Slug:: avada
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 7.11.7
Severity Score:: Medium
CVE:: 2024-2340

Theme:: Avada
Theme Slug:: avada
Vulnerability:: SQL Injection
Patched in Version:: 7.11.7
Severity Score:: High
CVE:: 2024-2344

Theme:: Avada
Theme Slug:: avada
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 7.11.7
Severity Score:: Medium
CVE:: 2024-2343

Theme:: Avada
Theme Slug:: avada
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.11.7
Severity Score:: Medium
CVE:: 2024-2311

Solid Security is part of Solid Suite — The best foundation for WordPress websites.

Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!

Get Solid Security

Author:

Sarah Ulmer

Sarah has been with SolidWP since 2015. As our product marketer, Sarah works on providing helpful content for our customers and building the most beautiful spreadsheets you’ll ever behold. When not at work, Sarah can be found at home with her husband, their three boys, and their dogs. Sarah enjoys long family walks, running with her lab, and watching her two older boys play soccer. Sarah is originally from Texas and loves watching football games (Go Longhorns!)

Browse all of Sarah's articles

Sign up

Placeholder text

Thanks

Oops something went wrong, please try submitting again

Table of Contents

WordPress Core

WordPress Plugins — 182 Patched / 18 Unpatched