WordPress Vulnerability Report — March 6, 2024
Since last week, 126 new vulnerabilities emerged in the WordPress ecosystem, including 5 in themes and 121 in plugins. 49 of the vulnerable plugins and themes remain unpatched, but Solid Security Pro users are protected by virtual patching from Patchstack.
In this report, 126 vulnerabilities have been publicly disclosed. Security patches for 77 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.
Additionally, there are 49 plugin and theme vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.
WordPress Core
WordPress 6.4.3 was released on January 30, 2024, as a short-cycle maintenance and security release with five bug fixes in Core and 16 bug fixes for the Block Editor. It is recommended that you update your sites immediately.
The next major release will be version 6.5, planned for March 26, 2024.
WordPress Plugins — 73 Patched / 48 Unpatched
Slivery Extender
- Plugin:
- Slivery Extender
- Plugin Slug:
- slivery-extender
- Installations
- 2,000+
- Vulnerability:
- Remote Code Execution (RCE)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-27191
IDonate – blood request management system
- Plugin Slug:
- idonate
- Installations
- 50+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
Adsmonetizer
- Plugin:
- Adsmonetizer
- Plugin Slug:
- adsensei-b30
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-1437
ArtiBot
- Plugin:
- ArtiBot
- Plugin Slug:
- artibot
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-0449
Auto Refresh Single Page
- Plugin:
- Auto Refresh Single Page
- Plugin Slug:
- auto-refresh-single-page
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-1731
BeePress
- Plugin:
- BeePress
- Plugin Slug:
- beepress
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-27197
Blue Triad EZAnalytics
- Plugin:
- Blue Triad EZAnalytics
- Plugin Slug:
- blue-triad-ezanalytics
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-1782
Change Memory Limit
- Plugin:
- Change Memory Limit
- Plugin Slug:
- change-memory-limit
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-1093
Under Construction / Maintenance Mode from Acurax
- Plugin:
- Under Construction / Maintenance Mode from Acurax
- Plugin Slug:
- coming-soon-maintenance-mode-from-acurax
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-6922
Under Construction / Maintenance Mode from Acurax
- Plugin:
- Under Construction / Maintenance Mode from Acurax
- Plugin Slug:
- coming-soon-maintenance-mode-from-acurax
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-1476
Configure SMTP
- Plugin:
- Configure SMTP
- Plugin Slug:
- configure-smtp
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-27192
Build & Control Block Patterns
- Plugin:
- Build & Control Block Patterns
- Plugin Slug:
- control-block-patterns
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-1095
Custom fields shortcode
- Plugin:
- Custom fields shortcode
- Plugin Slug:
- custom-fields-shortcode
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-6809
Download Media
- Plugin:
- Download Media
- Plugin Slug:
- download-media
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-27190
Duitku Payment Gateway
- Plugin:
- Duitku Payment Gateway
- Plugin Slug:
- duitku-social-payment-gateway
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-0631
Easy!Appointments
- Plugin:
- Easy!Appointments
- Plugin Slug:
- easyappointments
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-0698
Ebook Store
- Plugin:
- Ebook Store
- Plugin Slug:
- ebook-store
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-23501
Conversios.io
- Plugin:
- Conversios.io
- Plugin Slug:
- enhanced-e-commerce-for-woocommerce-store
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-0786
FeedWordPress
- Plugin:
- FeedWordPress
- Plugin Slug:
- feedwordpress
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-0839
Fontific | Google Fonts
- Plugin:
- Fontific | Google Fonts
- Plugin Slug:
- fontific
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-27194
Gestpay for WooCommerce
- Plugin:
- Gestpay for WooCommerce
- Plugin Slug:
- gestpay-for-woocommerce
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-0431
Maintenance Mode by helderk
- Plugin:
- Maintenance Mode by helderk
- Plugin Slug:
- hkdev-maintenance-mode
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-1478
JM Twitter Cards
- Plugin:
- JM Twitter Cards
- Plugin Slug:
- jm-twitter-cards
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-1769
Marketing Optimizer
- Plugin:
- Marketing Optimizer
- Plugin Slug:
- marketing-optimizer
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-1976
Master Slider
- Plugin:
- Master Slider
- Plugin Slug:
- master-slider
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-0611
Master Slider
- Plugin:
- Master Slider
- Plugin Slug:
- master-slider
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-1449
Media Alt Renamer
- Plugin:
- Media Alt Renamer
- Plugin Slug:
- media-alt-renamer
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-1434
WooCommerce Coupon Popup, SmartBar, Slide In | MyShopKit
- Plugin:
- WooCommerce Coupon Popup, SmartBar, Slide In | MyShopKit
- Plugin Slug:
- myshopkit-popup-smartbar-slidein
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-1436
Page Builder Sandwich – Front-End Page Builder
- Plugin:
- Page Builder Sandwich – Front-End Page Builder
- Plugin Slug:
- page-builder-sandwich
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-1285
Page Builder Sandwich – Front-End Page Builder
- Plugin:
- Page Builder Sandwich – Front-End Page Builder
- Plugin Slug:
- page-builder-sandwich
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-1381
Page Restrict
- Plugin:
- Page Restrict
- Plugin Slug:
- pagerestrict
- Vulnerability:
- Bypass Vulnerability
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-0682
Password Protected Store for WooCommerce
- Plugin:
- Password Protected Store for WooCommerce
- Plugin Slug:
- password-protected-woo-store
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-1088
PayU India
- Plugin:
- PayU India
- Plugin Slug:
- payu-india
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-27193
postMash – custom post order
- Plugin:
- postMash – custom post order
- Plugin Slug:
- postmash
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-27196
Restaurant Solutions – Checklist
- Plugin:
- Restaurant Solutions – Checklist
- Plugin Slug:
- restaurant-solutions-checklist
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-1977
Rolo Slider
- Plugin:
- Rolo Slider
- Plugin Slug:
- rolo-slider
- Vulnerability:
- Settings Change
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-1438
Simple Tweet
- Plugin:
- Simple Tweet
- Plugin Slug:
- simple-tweet
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-0700
Ultimate Bootstrap Elements for Elementor
- Plugin:
- Ultimate Bootstrap Elements for Elementor
- Plugin Slug:
- ultimate-bootstrap-elements-for-elementor
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-2132
Ultimate Bootstrap Elements for Elementor
- Plugin:
- Ultimate Bootstrap Elements for Elementor
- Plugin Slug:
- ultimate-bootstrap-elements-for-elementor
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-1398
User Shortcodes Plus
- Plugin:
- User Shortcodes Plus
- Plugin Slug:
- user-shortcodes-plus
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2023-6969
Vimeography: Vimeo Video Gallery WordPress Plugin
- Plugin:
- Vimeography: Vimeo Video Gallery WordPress Plugin
- Plugin Slug:
- vimeography
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-0825
Watermark RELOADED
- Plugin:
- Watermark RELOADED
- Plugin Slug:
- watermark-reloaded
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-27195
WordPress Access Control
- Plugin:
- WordPress Access Control
- Plugin Slug:
- wordpress-access-control
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-0975
CodeMirror Blocks
- Plugin:
- CodeMirror Blocks
- Plugin Slug:
- wp-codemirror-block
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-1791
WP eCommerce
- Plugin:
- WP eCommerce
- Plugin Slug:
- wp-e-commerce
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-1516
WP eCommerce
- Plugin:
- WP eCommerce
- Plugin Slug:
- wp-e-commerce
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2024-1514
Page Duplicator
- Plugin:
- Page Duplicator
- Plugin Slug:
- wp-page-duplicator
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-1368
WP Private Content Plus
- Plugin:
- WP Private Content Plus
- Plugin Slug:
- wp-private-content-plus
- Vulnerability:
- Bypass Vulnerability
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-0680
LiteSpeed Cache
- Plugin:
- LiteSpeed Cache
- Plugin Slug:
- litespeed-cache
- Installations
- 5,000,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 5.7.0.1
- Severity Score:
- High
- CVE:
- 2023-45000
LiteSpeed Cache
- Plugin:
- LiteSpeed Cache
- Plugin Slug:
- litespeed-cache
- Installations
- 5,000,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.7.0.1
- Severity Score:
- High
- CVE:
- 2023-40000
Complianz – GDPR/CCPA Cookie Consent
- Plugin Slug:
- complianz-gdpr
- Installations
- 900,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 7.0.0
- Severity Score:
- Medium
- CVE:
- 2024-1592
Premium Addons for Elementor
- Plugin:
- Premium Addons for Elementor
- Plugin Slug:
- premium-addons-for-elementor
- Installations
- 700,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.10.22
- Severity Score:
- Medium
- CVE:
- 2024-1680
WP Shortcodes Plugin — Shortcodes Ultimate
- Plugin Slug:
- shortcodes-ultimate
- Installations
- 600,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 7.0.4
- Severity Score:
- Medium
- CVE:
- 2024-1808
SiteOrigin Widgets Bundle
- Plugin:
- SiteOrigin Widgets Bundle
- Plugin Slug:
- so-widgets-bundle
- Installations
- 600,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.58.8
- Severity Score:
- Medium
- CVE:
- 2024-1723
Happy Addons for Elementor
- Plugin:
- Happy Addons for Elementor
- Plugin Slug:
- happy-elementor-addons
- Installations
- 400,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.10.2
- Severity Score:
- Medium
- CVE:
- 2024-0438
Nextend Social Login and Register
- Plugin Slug:
- nextend-facebook-connect
- Installations
- 300,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.1.13
- Severity Score:
- High
- CVE:
- 2024-1775
GenerateBlocks
- Plugin:
- GenerateBlocks
- Plugin Slug:
- generateblocks
- Installations
- 200,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 1.8.3
- Severity Score:
- Medium
- CVE:
- 2024-1452
Page Builder: Pagelayer – Drag and Drop website builder
- Plugin Slug:
- pagelayer
- Installations
- 200,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.8.1
- Severity Score:
- Medium
- CVE:
- 2023-7115
Orbit Fox by ThemeIsle
- Plugin:
- Orbit Fox by ThemeIsle
- Plugin Slug:
- themeisle-companion
- Installations
- 200,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.10.32
- Severity Score:
- Medium
- CVE:
- 2024-1323
Orbit Fox by ThemeIsle
- Plugin:
- Orbit Fox by ThemeIsle
- Plugin Slug:
- themeisle-companion
- Installations
- 200,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.10.31
- Severity Score:
- Medium
- CVE:
- 2024-1499
Beaver Builder – WordPress Page Builder
- Plugin Slug:
- beaver-builder-lite-version
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.7.4.3
- Severity Score:
- Medium
- CVE:
- 2024-1074
Download Manager
- Plugin:
- Download Manager
- Plugin Slug:
- download-manager
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.2.86
- Severity Score:
- Medium
- CVE:
- 2023-6954
Download Manager
- Plugin:
- Download Manager
- Plugin Slug:
- download-manager
- Installations
- 100,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.2.85
- Severity Score:
- Medium
- CVE:
- 2023-6785
Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates
- Plugin Slug:
- essential-blocks
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.5.2
- Severity Score:
- Medium
- CVE:
- 2024-1854
Events Manager – Calendar, Bookings, Tickets, and more!
- Plugin Slug:
- events-manager
- Installations
- 90,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 6.4.7
- Severity Score:
- Medium
- CVE:
- 2024-0614
WP Show Posts
- Plugin:
- WP Show Posts
- Plugin Slug:
- wp-show-posts
- Installations
- 90,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 1.1.5
- Severity Score:
- Medium
- CVE:
- 2024-1479
Advanced iFrame
- Plugin:
- Advanced iFrame
- Plugin Slug:
- advanced-iframe
- Installations
- 60,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2024.2
- Severity Score:
- Medium
- CVE:
- 2024-1341
AI Engine
Booking for Appointments and Events Calendar – Amelia
- Plugin Slug:
- ameliabooking
- Installations
- 60,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.0.99
- Severity Score:
- High
- CVE:
- 2024-1484
Exclusive Addons for Elementor
- Plugin:
- Exclusive Addons for Elementor
- Plugin Slug:
- exclusive-addons-for-elementor
- Installations
- 60,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.6.9.1
- Severity Score:
- Medium
- CVE:
- 2024-1414
Exclusive Addons for Elementor
- Plugin:
- Exclusive Addons for Elementor
- Plugin Slug:
- exclusive-addons-for-elementor
- Installations
- 60,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.6.9.1
- Severity Score:
- Medium
- CVE:
- 2024-1234
Exclusive Addons for Elementor
- Plugin:
- Exclusive Addons for Elementor
- Plugin Slug:
- exclusive-addons-for-elementor
- Installations
- 60,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.6.9.1
- Severity Score:
- Medium
- CVE:
- 2024-2028
Exclusive Addons for Elementor
- Plugin:
- Exclusive Addons for Elementor
- Plugin Slug:
- exclusive-addons-for-elementor
- Installations
- 60,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.6.9.1
- Severity Score:
- Medium
- CVE:
- 2024-1413
Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode & Coming Soon Pages
- Plugin Slug:
- visualcomposer
- Installations
- 60,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 45.7.0
- Severity Score:
- Medium
- CVE:
- 2023-6880
Calculated Fields Form
- Plugin:
- Calculated Fields Form
- Plugin Slug:
- calculated-fields-form
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.1.57
- Severity Score:
- High
- CVE:
- 2024-2020
Custom Field Suite
- Plugin:
- Custom Field Suite
- Plugin Slug:
- custom-field-suite
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.6.5
- Severity Score:
- Medium
- CVE:
- 2024-0689
NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor
- Plugin Slug:
- notificationx
- Installations
- 30,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 2.8.3
- Severity Score:
- Critical
- CVE:
- 2024-1698
WP Dashboard Notes
- Plugin:
- WP Dashboard Notes
- Plugin Slug:
- wp-dashboard-notes
- Installations
- 30,000+
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- 1.0.11
- Severity Score:
- Medium
- CVE:
- 2023-7198
MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance
- Plugin Slug:
- mainwp
- Installations
- 20,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 5.0
- Severity Score:
- Medium
- CVE:
- 2024-1642
Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers
- Plugin Slug:
- rafflepress
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.12.7
- Severity Score:
- High
- CVE:
- 2024-1935
Restrict User Access – Ultimate Membership & Content Protection
- Plugin Slug:
- restrict-user-access
- Installations
- 20,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 2.6
- Severity Score:
- Medium
- CVE:
- 2024-0687
Seraphinite Accelerator
- Plugin:
- Seraphinite Accelerator
- Plugin Slug:
- seraphinite-accelerator
- Installations
- 20,000+
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- 2.21
- Severity Score:
- Medium
- CVE:
- 2024-1568
NextMove Lite – Thank You Page for WooCommerce
- Plugin Slug:
- woo-thank-you-page-nextmove-lite
- Installations
- 20,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.18.1
- Severity Score:
- Medium
- CVE:
- 2024-1120
Easy PayPal & Stripe Buy Now Button
- Plugin Slug:
- wp-ecommerce-paypal
- Installations
- 20,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.9
- Severity Score:
- Medium
- CVE:
- 2024-1719
Easy PayPal & Stripe Buy Now Button
- Plugin Slug:
- wp-ecommerce-paypal
- Installations
- 20,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.9
- Severity Score:
- Medium
- CVE:
- 2024-1719
WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce
- Plugin Slug:
- wp-event-manager
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.1.42
- Severity Score:
- High
- CVE:
- 2024-0976
Wp Social Login and Register Social Counter
- Plugin Slug:
- wp-social
- Installations
- 20,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.0.1
- Severity Score:
- Medium
- CVE:
- 2024-1763
AWeber – Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth
- Plugin Slug:
- aweber-web-form-widget
- Installations
- 10,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 7.3.15
- Severity Score:
- High
- CVE:
- 2024-1793
Contact Form 7 – PayPal & Stripe Add-on
- Plugin Slug:
- contact-form-7-paypal-add-on
- Installations
- 10,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.2
- Severity Score:
- Medium
- CVE:
- 2024-1719
Contact Form 7 – PayPal & Stripe Add-on
- Plugin Slug:
- contact-form-7-paypal-add-on
- Installations
- 10,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.2
- Severity Score:
- Medium
- CVE:
- 2024-1719
Envo’s Elementor Templates & Widgets for WooCommerce
- Plugin Slug:
- envo-elementor-for-woocommerce
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.4.5
- Severity Score:
- Medium
- CVE:
- 2024-0766
Envo’s Elementor Templates & Widgets for WooCommerce
- Plugin Slug:
- envo-elementor-for-woocommerce
- Installations
- 10,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.4.5
- Severity Score:
- Medium
- CVE:
- 2024-0767
Envo’s Elementor Templates & Widgets for WooCommerce
- Plugin Slug:
- envo-elementor-for-woocommerce
- Installations
- 10,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.4.5
- Severity Score:
- Medium
- CVE:
- 2024-0768
LifterLMS – WordPress LMS Plugin for eLearning
- Plugin Slug:
- lifterlms
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 7.5.2
- Severity Score:
- Medium
- CVE:
- 2024-0377
SportsPress – Sports Club & League Manager
- Plugin Slug:
- sportspress
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.7.18
- Severity Score:
- Medium
- CVE:
- 2024-1178
Smart Forms – when you need more than just a contact form
- Plugin Slug:
- smart-forms
- Installations
- 9,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.6.87
- Severity Score:
- Medium
- CVE:
- 2023-7203
WPvivid Backup for MainWP
- Plugin:
- WPvivid Backup for MainWP
- Plugin Slug:
- wpvivid-backup-mainwp
- Installations
- 8,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 0.9.33
- Severity Score:
- High
- CVE:
- 2024-1383
Finale Lite – Sales Countdown Timer & Discount for WooCommerce
- Plugin Slug:
- finale-woocommerce-sales-countdown-timer-discount
- Installations
- 7,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.18.0
- Severity Score:
- Medium
- CVE:
- 2024-1120
SoundCloud Shortcode
- Plugin:
- SoundCloud Shortcode
- Plugin Slug:
- soundcloud-shortcode
- Installations
- 7,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.0.2
- Severity Score:
- Medium
- CVE:
- 2024-25936
SMS Alert Order Notifications – WooCommerce
- Plugin Slug:
- sms-alert
- Installations
- 5,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 3.7.0
- Severity Score:
- Medium
- CVE:
- 2024-1489
Thank You Page Customizer for WooCommerce – Increase Your Sales
- Plugin Slug:
- woo-thank-you-page-customizer
- Installations
- 5,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.1.3
- Severity Score:
- Medium
- CVE:
- 2024-1687
Thank You Page Customizer for WooCommerce – Increase Your Sales
- Plugin Slug:
- woo-thank-you-page-customizer
- Installations
- 5,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.1.3
- Severity Score:
- Medium
- CVE:
- 2024-1686
Coming Soon Page & Maintenance Mode
- Plugin Slug:
- responsive-coming-soon
- Installations
- 4,000+
- Vulnerability:
- Bypass Vulnerability
- Patched in Version:
- 2.2.2
- Severity Score:
- Medium
- CVE:
- 2024-1136
Chat Bubble – Floating Chat with Contact Chat Icons, Messages, Telegram, Email, SMS, Call me back
- Plugin:
- Chat Bubble – Floating Chat with Contact Chat Icons, Messages, Telegram, Email, SMS, Call me back
- Plugin Slug:
- chat-bubble
- Installations
- 3,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.4
- Severity Score:
- Medium
- CVE:
- 2024-0898
Slider Responsive Slideshow – Image slider, Gallery slideshow
- Plugin Slug:
- slider-responsive-slideshow
- Installations
- 3,000+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 1.4.0
- Severity Score:
- High
- CVE:
- 2024-1859
Spiffy Calendar
- Plugin:
- Spiffy Calendar
- Plugin Slug:
- spiffy-calendar
- Installations
- 3,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.9.9
- Severity Score:
- Medium
- CVE:
- 2024-0855
Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan
- Plugin Slug:
- antihacker
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.52
- Severity Score:
- Medium
- CVE:
- 2024-1860
Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan
- Plugin Slug:
- antihacker
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.53
- Severity Score:
- Medium
- CVE:
- 2024-1861
Friends
Oliver POS – A WooCommerce Point of Sale (POS)
- Plugin Slug:
- oliver-pos
- Installations
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.4.1.9
- Severity Score:
- Medium
- CVE:
- 2024-1954
Page Restriction WordPress (WP) – Protect WP Pages/Post
- Plugin Slug:
- page-and-post-restriction
- Installations
- 1,000+
- Vulnerability:
- Bypass Vulnerability
- Patched in Version:
- 1.3.5
- Severity Score:
- Medium
- CVE:
- 2024-0681
Image Optimizer, Resizer and CDN – Sirv
- Plugin Slug:
- sirv
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 7.2.1
- Severity Score:
- Medium
- CVE:
- 2024-27950
Image Optimizer, Resizer and CDN – Sirv
- Plugin Slug:
- sirv
- Installations
- 1,000+
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- 7.2.1
- Severity Score:
- Medium
- CVE:
- 2024-27949
Tainacan
Comments Extra Fields For Post,Pages and CPT
- Plugin Slug:
- wp-comment-fields
- Installations
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 5.1
- Severity Score:
- Medium
- CVE:
- 2024-0830
Comments Extra Fields For Post,Pages and CPT
- Plugin Slug:
- wp-comment-fields
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 5.1
- Severity Score:
- Medium
- CVE:
- 2024-0829
Backup
- Plugin:
- Backup
- Plugin Slug:
- backup2
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 2.0.9.9
- Severity Score:
- High
- CVE:
- 2023-7165
Elementor Pro
- Plugin:
- Elementor Pro
- Plugin Slug:
- elementor-pro
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 3.19.3
- Severity Score:
- Medium
- CVE:
- 2024-23523
JobSearch
- Plugin:
- JobSearch
- Plugin Slug:
- wp-jobsearch
- Vulnerability:
- Remote Code Execution (RCE)
- Patched in Version:
- 2.3.4
- Severity Score:
- Critical
- CVE:
- 2023-6585
JobSearch
- Plugin:
- JobSearch
- Plugin Slug:
- wp-jobsearch
- Vulnerability:
- Broken Authentication
- Patched in Version:
- 2.3.4
- Severity Score:
- Critical
- CVE:
- 2023-6584
WP Social Widget
- Plugin:
- WP Social Widget
- Plugin Slug:
- wp-social-widget
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.2.6
- Severity Score:
- Medium
- CVE:
- 2024-27189
WordPress Themes — 4 Patched / 1 Unpatched
Atahualpa
- Theme:
- Atahualpa
- Theme Slug:
- atahualpa
- Downloads
- 1,333,690
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-27948
Yuki
Yuki
Avada
- Theme:
- Avada
- Theme Slug:
- avada
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 7.11.6
- Severity Score:
- Medium
- CVE:
- 2024-1668
Avada
- Theme:
- Avada
- Theme Slug:
- avada
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 7.11.5
- Severity Score:
- Critical
- CVE:
- 2024-1468
Solid Security is part of Solid Suite — The best foundation for WordPress websites.
Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!
Sign up now — Get SolidWP updates and valuable content straight to your inbox
Sign up
Get started with confidence — risk free, guaranteed