WordPress Vulnerability Report — May 15, 2024

Since last week, 192 new vulnerabilities emerged in the WordPress ecosystem, including 16 in themes and 176 in plugins. 47 of the vulnerable plugins remain unpatched, but Solid Security Pro users are protected by virtual patching from Patchstack.

Sarah Ulmer

Published:May 15, 2024

Filed Under:WordPress Vulnerability Report

Reading Time:37 min.

In this report, 192 vulnerabilities have been publicly disclosed. Security patches for 145 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 47 plugin vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

Along with poor user account security, vulnerable plugins and themes are among the top reasons why WordPress websites get hacked. Unfortunately, cyberattacks are increasing in volume and sophistication. They’re also increasingly aimed at small to mid-sized businesses.

1. WordPress Core
2. WordPress Plugins — 129 Patched / 47 Unpatched

2.1 Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer
2.2 Flo Forms – Easy Drag & Drop Form Builder
2.3 WP Post Author – Enhance Your Posts with the Author Bio, Co-Authors, Guest Authors, and Post Rating System, including User Registration Form Builder
2.4 WP Post Author – Enhance Your Posts with the Author Bio, Co-Authors, Guest Authors, and Post Rating System, including User Registration Form Builder
2.5 140+ Widgets | Best Addons For Elementor – FREE
2.6 JCH Optimize
2.7 Post Grid Master – Custom Post Types, Taxonomies & Ajax Filter Everything with Infinite Scroll, Load More, Pagination & Shortcode Builder
2.8 Kognetiks Chatbot for WordPress
2.9 Netgsm
2.10 Propovoice CRM – Best CRM & Invoicing Plugin to Manage Leads, Clients and Billings automation
2.11 Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider
2.12 WC Serial Numbers – Ultimate License Manager for Selling, Licensing & Securely Delivering Digital Content with WooCommerce
2.13 WordPress Webinar Plugin – WebinarPress
2.14 gee Search Plus, improved WordPress search
2.15 Sticky Social Link
2.16 DS Site Message
2.17 Viet Nam Affiliate
2.18 AWSOM News Announcement
2.19 BlogLentor
2.20 Brozzme Scroll Top
2.21 canvasio3D Light
2.22 Configure Login Timeout
2.23 Corona Virus (COVID-19) Banner & Live Data
2.24 Crelly Slider
2.25 Debug Info
2.26 EasyEvent
2.27 Enter Addons
2.28 Fancy Elementor Flipbox
2.29 Fast Custom Social Share by CodeBard
2.30 Featured Content Gallery
2.31 Forty Four – 404 Plugin for WordPress
2.32 GDPR Compliance
2.33 Comments Evolved for WordPress
2.34 LetterPress
2.35 MF Gig Calendar
2.36 Pk Favicon Manager
2.37 Pootle Pagebuilder – WordPress Page builder
2.38 Pure Chat
2.39 QuickieBar
2.40 Social Connect
2.41 Swift Performance Lite
2.42 Table Maker
2.43 TT Custom Post Type Creator
2.44 Viet Affiliate Link
2.45 WP etracker
2.46 WP Favorite Posts
2.47 WPCS ( WordPress Custom Search )
2.48 Yoast SEO
2.49 Jetpack – WP Security, Backup, Speed, & Growth
2.50 Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
2.51 Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
2.52 Starter Templates — Elementor, WordPress & Beaver Builder Templates
2.53 Starter Templates — Elementor, WordPress & Beaver Builder Templates
2.54 One Click Demo Import
2.55 Gutenberg Blocks with AI by Kadence WP – Page Builder Features
2.56 Translate Multilingual sites – TranslatePress
2.57 Blocksy Companion
2.58 FileBird – WordPress Media Library Folders & File Manager
2.59 Unlimited Elements For Elementor (Free Widgets, Addons, Templates)
2.60 Unlimited Elements For Elementor (Free Widgets, Addons, Templates)
2.61 Unlimited Elements For Elementor (Free Widgets, Addons, Templates)
2.62 White Label CMS
2.63 Advanced Ads – Ad Manager & AdSense
2.64 Advanced Ads – Ad Manager & AdSense
2.65 Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider)
2.66 Beaver Builder – WordPress Page Builder
2.67 Beaver Builder – WordPress Page Builder
2.68 Content Views – Post Grid & Filter, Recent Posts, Category Posts, & More (Gutenberg Blocks and Shortcode)
2.69 HT Mega – Absolute Addons For Elementor
2.70 Pods – Custom Content Types and Fields
2.71 WP Job Manager
2.72 XML Sitemap & Google News
2.73 EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor
2.74 LearnPress – WordPress LMS Plugin
2.75 LearnPress – WordPress LMS Plugin
2.76 LearnPress – WordPress LMS Plugin
2.77 LearnPress – WordPress LMS Plugin
2.78 Import and export users and customers
2.79 Mesmerize Companion
2.80 Sydney Toolbox
2.81 AI Engine
2.82 Custom Field Suite
2.83 Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy)
2.84 Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy)
2.85 Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder
2.86 Image Hover Effects – Elementor Addon
2.87 Ditty – Responsive News Tickers, Sliders, and Lists
2.88 Timber
2.89 Visual Footer Credit Remover
2.90 Social Sharing Plugin – Social Warfare
2.91 Back In Stock Notifier for WooCommerce | WooCommerce Waitlist Pro
2.92 Content Blocks (Custom Post Widget)
2.93 Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers
2.94 ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization
2.95 ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization
2.96 ClickCease Click Fraud Protection
2.97 Easy Affiliate Links
2.98 Envo’s Elementor Templates & Widgets for WooCommerce
2.99 Graphina – Elementor Charts and Graphs
2.100 HTML5 Audio Player- Best WordPress Audio Player Plugin
2.101 Link Library
2.102 Gallery Block (Meow Gallery)
2.103 Hotel Booking Lite
2.104 Shared Counts – Social Media Share Buttons
2.105 Simple Basic Contact Form
2.106 SportsPress – Sports Club & League Manager
2.107 SSL Zen – Free Let’s Encrypt SSL Certificate & HTTPS/SSL Redirect WordPress Plugin
2.108 Themify Shortcodes
2.109 Thim Elementor Kit
2.110 Thim Elementor Kit
2.111 weMail – Email Marketing, Newsletter, Optin Forms, Subscribers WordPress Plugin
2.112 All-in-One Addons for Elementor – WidgetKit
2.113 Orders Tracking for WooCommerce
2.114 WP Latest Posts
2.115 WP Photo Album Plus
2.116 YITH WooCommerce Gift Cards
2.117 WP SMS – Messaging, SMS & MMS Notifications, 2FA & OTP for WordPress, WooCommerce, GravityForms, etc
2.118 Gutenify – Visual Site Builder Blocks & Site Templates.
2.119 If-So Dynamic Content Personalization
2.120 WordPress Affiliates Plugin — SliceWP Affiliates
2.121 Shipment Tracking, Tracking, and Order Tracking for WooCommerce – ParcelPanel (Free to install)
2.122 WP Compress – Image Optimizer [All-In-One]
2.123 WP Compress – Image Optimizer [All-In-One]
2.124 Better Elementor Addons
2.125 The Best WordPress Knowledgebase and Documentation Plugin – weDocs
2.126 WOLF – WordPress Posts Bulk Editor and Manager Professional
2.127 Edwiser Bridge – WordPress Moodle LMS Integration
2.128 Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library )
2.129 Shopping Cart & eCommerce Store
2.130 Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler
2.131 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin
2.132 Startklar Elementor Addons
2.133 Startklar Elementor Addons
2.134 Auto Affiliate Links
2.135 All Bootstrap Blocks
2.136 Mihdan: Yandex Turbo Feed
2.137 Move Addons for Elementor
2.138 Shared Files – Advanced File Sharing & Download Manager with Frontend Uploads & Lead Generation
2.139 WooCommerce Wishlist (High customization, fast setup,Free Elementor Wishlist, most features)
2.140 WooCommerce Wishlist (High customization, fast setup,Free Elementor Wishlist, most features)
2.141 iPages Flipbook For WordPress
2.142 ShopBuilder – Elementor WooCommerce Builder Addons
2.143 Zotpress
2.144 Academy LMS – eLearning and online course solution for WordPress
2.145 Arigato Autoresponder and Newsletter
2.146 Church Admin
2.147 Contact List – Premium Staff Listing, Business Directory & Address Book
2.148 Falang multilanguage for WordPress
2.149 Ghost
2.150 Gold Addons for Elementor
2.151 Dynamics 365 Integration
2.152 Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms
2.153 SKT Addons for Elementor
2.154 SKT Addons for Elementor
2.155 Squelch Tabs and Accordions Shortcodes
2.156 Counter Up – Animated Number Counter & Milestone Showcase
2.157 WP Discourse
2.158 WPCal.io – Easy Meeting Scheduler
2.159 Barcode Scanner and Inventory manager. POS (Point of Sale) – scan barcodes & create orders with barcode reader.
2.160 Barcode Scanner and Inventory manager. POS (Point of Sale) – scan barcodes & create orders with barcode reader.
2.161 Sticky banner
2.162 Joli FAQ SEO – WordPress FAQ Plugin
2.163 Soccer Engine – Soccer Plugin for WordPress
2.164 Hostel
2.165 ADFO – Custom data in admin dashboard
2.166 ADFO – Custom data in admin dashboard
2.167 Z-Downloads
2.168 Aiomatic
2.169 Breakdance
2.170 Divi Builder
2.171 Fancy Product Designer
2.172 Porto Theme – Functionality
2.173 Spectra Pro
2.174 Stockholm Core
2.175 Stockholm Core
2.176 Unyson

3. WordPress Themes — 16 Patched

3.1 Consus
3.2 EmpowerWP
3.3 Himalayas
3.4 Ketos
3.5 Mindscape
3.6 Niveau
3.7 Oasis
3.8 raindrops
3.9 Skyline WP
3.10 Zeka
3.11 Divi
3.12 Extra
3.13 Porto
3.14 Porto
3.15 Stockholm
3.16 Stockholm

Our WordPress Vulnerability Report covers the latest emerging WordPress plugin, theme, and core vulnerabilities. Each vulnerability will have a severity rating of Low, Medium, High, or Critical. Responsible disclosure of vulnerabilities is essential to keeping the WordPress community safe. Please share this report to help spread the word and make WordPress — and the web — more secure.

WordPress Core

WordPress 6.5.3 was released on May 7, 2024, as a short-cycle maintenance release. This release features 12 bug fixes on Core and 9 bug fixes for the Block editor.

The next major release will be version 6.6 planned for July 2024.

WordPress Plugins — 129 Patched / 47 Unpatched

Plugin:: Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer
Plugin Slug:: clearfy
Installations: 80,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-34806

Plugin:: Flo Forms – Easy Drag & Drop Form Builder
Plugin Slug:: flo-forms
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-35174

Plugin:: WP Post Author – Enhance Your Posts with the Author Bio, Co-Authors, Guest Authors, and Post Rating System, including User Registration Form Builder
Plugin Slug:: wp-post-author
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-34389

Plugin:: WP Post Author – Enhance Your Posts with the Author Bio, Co-Authors, Guest Authors, and Post Rating System, including User Registration Form Builder
Plugin Slug:: wp-post-author
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-34387

Plugin:: 140+ Widgets | Best Addons For Elementor – FREE
Plugin Slug:: xpro-elementor-addons
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-34570

Plugin:: JCH Optimize
Plugin Slug:: jch-optimize
Installations: 6,000+
Vulnerability:: Path Traversal
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-34808

Plugin:: Post Grid Master – Custom Post Types, Taxonomies & Ajax Filter Everything with Infinite Scroll, Load More, Pagination & Shortcode Builder
Plugin Slug:: ajax-filter-posts
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-34390

Plugin:: Kognetiks Chatbot for WordPress
Plugin Slug:: chatbot-chatgpt
Installations: 1,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-32700

Plugin:: Netgsm
Plugin Slug:: netgsm
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-4746

Plugin:: Propovoice CRM – Best CRM & Invoicing Plugin to Manage Leads, Clients and Billings automation
Plugin Slug:: propovoice
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-4747

Plugin:: Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider
Plugin Slug:: ultimate-store-kit
Installations: 1,000+
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-4606

Plugin:: WC Serial Numbers – Ultimate License Manager for Selling, Licensing & Securely Delivering Digital Content with WooCommerce
Plugin Slug:: wc-serial-numbers
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-35173

Plugin:: WordPress Webinar Plugin – WebinarPress
Plugin Slug:: wp-webinarsystem
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-34818

Plugin:: gee Search Plus, improved WordPress search
Plugin Slug:: gsearch-plus
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-34560

Plugin:: Sticky Social Link
Plugin Slug:: sticky-social-link
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-34546

Plugin:: DS Site Message
Plugin Slug:: ds-site-message
Installations: 10+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-34439

Plugin:: Viet Nam Affiliate
Plugin Slug:: viet-nam-affiliate
Installations: 10+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-34417

Plugin:: AWSOM News Announcement
Plugin Slug:: awsom-news-announcement
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-34428

Plugin:: BlogLentor
Plugin Slug:: bloglentor-for-elementor
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-34421

Plugin:: Brozzme Scroll Top
Plugin Slug:: brozzme-scroll-top
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-34426

Plugin:: canvasio3D Light
Plugin Slug:: canvasio3d-light
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-34411

Plugin:: Configure Login Timeout
Plugin Slug:: configure-login-timeout
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-34419

Plugin:: Corona Virus (COVID-19) Banner & Live Data
Plugin Slug:: corona-virus-covid-19-banner
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-34429

Plugin:: Crelly Slider
Plugin Slug:: crelly-slider
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-3752

Plugin:: Debug Info
Plugin Slug:: debug-info
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-34565

Plugin:: EasyEvent
Plugin Slug:: easyevent
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-3628

Plugin:: Enter Addons
Plugin Slug:: enteraddons
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-3831

Plugin:: Fancy Elementor Flipbox
Plugin Slug:: fancy-elementor-flipbox
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-34572

Plugin:: Fast Custom Social Share by CodeBard
Plugin Slug:: fast-custom-social-share-by-codebard
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-34807

Plugin:: Featured Content Gallery
Plugin Slug:: featured-content-gallery
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-34424

Plugin:: Forty Four – 404 Plugin for WordPress
Plugin Slug:: forty-four
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-34423

Plugin:: GDPR Compliance
Plugin Slug:: gdpr-compliance
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-34388

Plugin:: Comments Evolved for WordPress
Plugin Slug:: gplus-comments
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-34420

Plugin:: LetterPress
Plugin Slug:: letterpress
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-34568

Plugin:: MF Gig Calendar
Plugin Slug:: mf-gig-calendar
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-3755

Plugin:: Pk Favicon Manager
Plugin Slug:: phpsword-favicon-manager
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-34416

Plugin:: Pootle Pagebuilder – WordPress Page builder
Plugin Slug:: pootle-page-builder
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-34573

Plugin:: Pure Chat
Plugin Slug:: pure-chat
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-3595

Plugin:: QuickieBar
Plugin Slug:: quickiebar
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-34425

Plugin:: Social Connect
Plugin Slug:: social-connect
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-4393

Plugin:: Swift Performance Lite
Plugin Slug:: swift-performance-lite
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-3722

Plugin:: Table Maker
Plugin Slug:: table-maker
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-34574

Plugin:: TT Custom Post Type Creator
Plugin Slug:: tt-custom-post-type-creator
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-34430

Plugin:: Viet Affiliate Link
Plugin Slug:: viet-affiliate-link
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-34422

Plugin:: WP etracker
Plugin Slug:: wp-etracker
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-34431

Plugin:: WP Favorite Posts
Plugin Slug:: wp-favorite-posts
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-34427

Plugin:: WPCS ( WordPress Custom Search )
Plugin Slug:: wpcs-wp-custom-search
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-34418

Plugin:: Yoast SEO
Plugin Slug:: wordpress-seo
Installations: 5,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 22.6
Severity Score:: High
CVE:: 2024-4041

Plugin:: Jetpack – WP Security, Backup, Speed, & Growth
Plugin Slug:: jetpack
Installations: 4,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 13.4
Severity Score:: Medium
CVE:: 2024-4392

Plugin:: Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
Plugin Slug:: essential-addons-for-elementor-lite
Installations: 2,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.9.21
Severity Score:: Medium
CVE:: 2024-4624

Plugin:: Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
Plugin Slug:: essential-addons-for-elementor-lite
Installations: 2,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.9.20
Severity Score:: Medium
CVE:: 2024-4275

Plugin:: Starter Templates — Elementor, WordPress & Beaver Builder Templates
Plugin Slug:: astra-sites
Installations: 1,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.2.2
Severity Score:: Medium
CVE:: 2024-4630

Plugin:: Starter Templates — Elementor, WordPress & Beaver Builder Templates
Plugin Slug:: astra-sites
Installations: 1,000,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 4.1.7
Severity Score:: Medium
CVE:: 2024-1467

Plugin:: One Click Demo Import
Plugin Slug:: one-click-demo-import
Installations: 1,000,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 3.2.1
Severity Score:: Medium
CVE:: 2024-34433

Plugin:: Gutenberg Blocks with AI by Kadence WP – Page Builder Features
Plugin Slug:: kadence-blocks
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.37
Severity Score:: Medium
CVE:: 2024-4481

Plugin:: Translate Multilingual sites – TranslatePress
Plugin Slug:: translatepress-multilingual
Installations: 300,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.7.6
Severity Score:: Medium
CVE:: 2024-34827

Plugin:: Blocksy Companion
Plugin Slug:: blocksy-companion
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.46
Severity Score:: Medium
CVE:: 2024-4487

Plugin:: FileBird – WordPress Media Library Folders & File Manager
Plugin Slug:: filebird
Installations: 200,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 5.6.4
Severity Score:: Medium
CVE:: 2024-35166

Plugin:: Unlimited Elements For Elementor (Free Widgets, Addons, Templates)
Plugin Slug:: unlimited-elements-for-elementor
Installations: 200,000+
Vulnerability:: SQL Injection
Patched in Version:: 1.5.105
Severity Score:: High
CVE:: 2024-3055

Plugin:: Unlimited Elements For Elementor (Free Widgets, Addons, Templates)
Plugin Slug:: unlimited-elements-for-elementor
Installations: 200,000+
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: 1.5.103
Severity Score:: High
CVE:: 2024-2662

Plugin:: Unlimited Elements For Elementor (Free Widgets, Addons, Templates)
Plugin Slug:: unlimited-elements-for-elementor
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.103
Severity Score:: High
CVE:: 2024-3547

Plugin:: White Label CMS
Plugin Slug:: white-label-cms
Installations: 200,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.7.4
Severity Score:: Medium
CVE:: 2024-4280

Plugin:: Advanced Ads – Ad Manager & AdSense
Plugin Slug:: advanced-ads
Installations: 100,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 1.52.2
Severity Score:: Medium
CVE:: 2024-2290

Plugin:: Advanced Ads – Ad Manager & AdSense
Plugin Slug:: advanced-ads
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.52.2
Severity Score:: Medium
CVE:: 2024-3952

Plugin:: Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider)
Plugin Slug:: bdthemes-prime-slider-lite
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.14.4
Severity Score:: Medium
CVE:: 2024-4339

Plugin:: Beaver Builder – WordPress Page Builder
Plugin Slug:: beaver-builder-lite-version
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.8.1.3
Severity Score:: Medium
CVE:: 2024-4430

Plugin:: Beaver Builder – WordPress Page Builder
Plugin Slug:: beaver-builder-lite-version
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.8.1.2
Severity Score:: Medium
CVE:: 2024-3923

Plugin:: Content Views – Post Grid & Filter, Recent Posts, Category Posts, & More (Gutenberg Blocks and Shortcode)
Plugin Slug:: content-views-query-and-display-post-page
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.7.2
Severity Score:: Medium
CVE:: 2024-4446

Plugin:: HT Mega – Absolute Addons For Elementor
Plugin Slug:: ht-mega-for-elementor
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.5.1
Severity Score:: Medium
CVE:: 2024-3990

Plugin:: Pods – Custom Content Types and Fields
Plugin Slug:: pods
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.1.1
Severity Score:: Medium
CVE:: 2024-3956

Plugin:: WP Job Manager
Plugin Slug:: wp-job-manager
Installations: 100,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.3.0
Severity Score:: Medium
CVE:: 2024-34549

Plugin:: XML Sitemap & Google News
Plugin Slug:: xml-sitemap-feed
Installations: 100,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 5.4.9
Severity Score:: High
CVE:: 2024-4441

Plugin:: EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor
Plugin Slug:: embedpress
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.9.17
Severity Score:: Medium
CVE:: 2024-4316

Plugin:: LearnPress – WordPress LMS Plugin
Plugin Slug:: learnpress
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.2.6.6
Severity Score:: Medium
CVE:: 2024-4277

Plugin:: LearnPress – WordPress LMS Plugin
Plugin Slug:: learnpress
Installations: 90,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.2.6.6
Severity Score:: Medium
CVE:: 2024-4444

Plugin:: LearnPress – WordPress LMS Plugin
Plugin Slug:: learnpress
Installations: 90,000+
Vulnerability:: SQL Injection
Patched in Version:: 4.2.6.6
Severity Score:: Critical
CVE:: 2024-4434

Plugin:: LearnPress – WordPress LMS Plugin
Plugin Slug:: learnpress
Installations: 90,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 4.2.6.6
Severity Score:: Critical
CVE:: 2024-4397

Plugin:: Import and export users and customers
Plugin Slug:: import-users-from-csv-with-meta
Installations: 80,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.26.6
Severity Score:: Medium
CVE:: 2024-34815

Plugin:: Mesmerize Companion
Plugin Slug:: mesmerize-companion
Installations: 80,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.149
Severity Score:: Medium
CVE:: 2024-3494

Plugin:: Sydney Toolbox
Plugin Slug:: sydney-toolbox
Installations: 80,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.32
Severity Score:: Medium
CVE:: 2024-4473

Plugin:: AI Engine
Plugin Slug:: ai-engine
Installations: 70,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 2.2.70
Severity Score:: Critical
CVE:: 2024-34440

Plugin:: Custom Field Suite
Plugin Slug:: custom-field-suite
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.6
Severity Score:: Medium
CVE:: 2024-3068

Plugin:: Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy)
Plugin Slug:: easy-digital-downloads
Installations: 50,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 3.2.12
Severity Score:: Medium
CVE:: 2024-32100

Plugin:: Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy)
Plugin Slug:: easy-digital-downloads
Installations: 50,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.2.12
Severity Score:: Medium
CVE:: 2024-31113

Plugin:: Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder
Plugin Slug:: form-maker
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.15.25
Severity Score:: Medium
CVE:: 2024-34437

Plugin:: Image Hover Effects – Elementor Addon
Plugin Slug:: image-hover-effects-addon-for-elementor
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4.2
Severity Score:: Medium
CVE:: 2024-1166

Plugin:: Ditty – Responsive News Tickers, Sliders, and Lists
Plugin Slug:: ditty-news-ticker
Installations: 40,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 3.1.39
Severity Score:: High
CVE:: 2024-3954

Plugin:: Timber
Plugin Slug:: timber-library
Installations: 40,000+
Vulnerability:: Deserialization of untrusted data
Patched in Version:: 1.23.1
Severity Score:: High
CVE:: 2024-29800

Plugin:: Visual Footer Credit Remover
Plugin Slug:: visual-footer-credit-remover
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3
Severity Score:: Medium
CVE:: 2024-2846

Plugin:: Social Sharing Plugin – Social Warfare
Plugin Slug:: social-warfare
Installations: 30,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 4.4.6
Severity Score:: Medium
CVE:: 2024-34825

Plugin:: Back In Stock Notifier for WooCommerce | WooCommerce Waitlist Pro
Plugin Slug:: back-in-stock-notifier-for-woocommerce
Installations: 20,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.3.2
Severity Score:: Medium
CVE:: 2024-4038

Plugin:: Content Blocks (Custom Post Widget)
Plugin Slug:: custom-post-widget
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.3.1
Severity Score:: Medium
CVE:: 2024-34566

Plugin:: Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers
Plugin Slug:: rafflepress
Installations: 20,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.12.5
Severity Score:: Medium
CVE:: 2024-4745

Plugin:: ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization
Plugin Slug:: shortpixel-adaptive-images
Installations: 20,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 3.8.4
Severity Score:: Medium
CVE:: 2024-35172

Plugin:: ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization
Plugin Slug:: shortpixel-adaptive-images
Installations: 20,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.8.4
Severity Score:: Medium
CVE:: 2024-4689

Plugin:: ClickCease Click Fraud Protection
Plugin Slug:: clickcease-click-fraud-protection
Installations: 10,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 3.2.5
Severity Score:: Medium
CVE:: 2023-6810

Plugin:: Easy Affiliate Links
Plugin Slug:: easy-affiliate-links
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.7.3
Severity Score:: Medium
CVE:: 2024-34441

Plugin:: Envo’s Elementor Templates & Widgets for WooCommerce
Plugin Slug:: envo-elementor-for-woocommerce
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4.9
Severity Score:: Medium
CVE:: 2024-35167

Plugin:: Graphina – Elementor Charts and Graphs
Plugin Slug:: graphina-elementor-charts-and-graphs
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8.10
Severity Score:: Medium
CVE:: 2024-4574

Plugin:: HTML5 Audio Player- Best WordPress Audio Player Plugin
Plugin Slug:: html5-audio-player
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.22
Severity Score:: Medium
CVE:: 2024-4398

Plugin:: Link Library
Plugin Slug:: link-library
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.7
Severity Score:: Medium
CVE:: 2024-4281

Plugin:: Gallery Block (Meow Gallery)
Plugin Slug:: meow-gallery
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.1.4
Severity Score:: Medium
CVE:: 2024-4386

Plugin:: Hotel Booking Lite
Plugin Slug:: motopress-hotel-booking-lite
Installations: 10,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 4.11.2
Severity Score:: Critical
CVE:: 2024-4413

Plugin:: Shared Counts – Social Media Share Buttons
Plugin Slug:: shared-counts
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.5.0
Severity Score:: Medium

Plugin:: Simple Basic Contact Form
Plugin Slug:: simple-basic-contact-form
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 20240511
Severity Score:: Medium
CVE:: 2024-4144

Plugin:: SportsPress – Sports Club & League Manager
Plugin Slug:: sportspress
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.7.21
Severity Score:: Medium
CVE:: 2024-34824

Plugin:: SSL Zen – Free Let’s Encrypt SSL Certificate & HTTPS/SSL Redirect WordPress Plugin
Plugin Slug:: ssl-zen
Installations: 10,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 4.6.0
Severity Score:: Medium
CVE:: 2024-1076

Plugin:: Themify Shortcodes
Plugin Slug:: themify-shortcodes
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.0
Severity Score:: Medium
CVE:: 2024-4567

Plugin:: Thim Elementor Kit
Plugin Slug:: thim-elementor-kit
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.9.1
Severity Score:: Medium
CVE:: 2024-4329

Plugin:: Thim Elementor Kit
Plugin Slug:: thim-elementor-kit
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.9
Severity Score:: Medium
CVE:: 2024-34415

Plugin:: weMail – Email Marketing, Newsletter, Optin Forms, Subscribers WordPress Plugin
Plugin Slug:: wemail
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.14.3
Severity Score:: Medium
CVE:: 2024-34822

Plugin:: All-in-One Addons for Elementor – WidgetKit
Plugin Slug:: widgetkit-for-elementor
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.5.0
Severity Score:: Medium
CVE:: 2024-34548

Plugin:: Orders Tracking for WooCommerce
Plugin Slug:: woo-orders-tracking
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.2.11
Severity Score:: Medium
CVE:: 2024-4039

Plugin:: WP Latest Posts
Plugin Slug:: wp-latest-posts
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.0.8
Severity Score:: Medium
CVE:: 2024-4135

Plugin:: WP Photo Album Plus
Plugin Slug:: wp-photo-album-plus
Installations: 10,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 8.7.01.002
Severity Score:: Critical
CVE:: 2024-31377

Plugin:: YITH WooCommerce Gift Cards
Plugin Slug:: yith-woocommerce-gift-cards
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.13.0
Severity Score:: Medium
CVE:: 2024-0870

Plugin:: WP SMS – Messaging, SMS & MMS Notifications, 2FA & OTP for WordPress, WooCommerce, GravityForms, etc
Plugin Slug:: wp-sms
Installations: 9,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.5.2
Severity Score:: Medium
CVE:: 2024-34811

Plugin:: Gutenify – Visual Site Builder Blocks & Site Templates.
Plugin Slug:: gutenify
Installations: 8,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.4.1
Severity Score:: Medium
CVE:: 2024-35165

Plugin:: If-So Dynamic Content Personalization
Plugin Slug:: if-so
Installations: 8,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.7.1.1
Severity Score:: Medium
CVE:: 2024-34820

Plugin:: WordPress Affiliates Plugin — SliceWP Affiliates
Plugin Slug:: slicewp
Installations: 8,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.11
Severity Score:: Medium
CVE:: 2024-34413

Plugin:: Shipment Tracking, Tracking, and Order Tracking for WooCommerce – ParcelPanel (Free to install)
Plugin Slug:: parcelpanel
Installations: 7,000+
Vulnerability:: SQL Injection
Patched in Version:: 3.9.0
Severity Score:: High
CVE:: 2024-34412

Plugin:: WP Compress – Image Optimizer [All-In-One]
Plugin Slug:: wp-compress-image-optimizer
Installations: 7,000+
Vulnerability:: Broken Access Control
Patched in Version:: 6.20.02
Severity Score:: Medium
CVE:: 2024-4445

Plugin:: WP Compress – Image Optimizer [All-In-One]
Plugin Slug:: wp-compress-image-optimizer
Installations: 7,000+
Vulnerability:: Open Redirection
Patched in Version:: 6.20.02
Severity Score:: Medium
CVE:: 2023-6812

Plugin:: Better Elementor Addons
Plugin Slug:: better-elementor-addons
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4.5
Severity Score:: Medium
CVE:: 2024-34432

Plugin:: The Best WordPress Knowledgebase and Documentation Plugin – weDocs
Plugin Slug:: wedocs
Installations: 6,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.1.5
Severity Score:: Medium
CVE:: 2024-34442

Plugin:: WOLF – WordPress Posts Bulk Editor and Manager Professional
Plugin Slug:: bulk-editor
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.8.3
Severity Score:: Medium
CVE:: 2024-34558

Plugin:: Edwiser Bridge – WordPress Moodle LMS Integration
Plugin Slug:: edwiser-bridge
Installations: 5,000+
Vulnerability:: Privilege Escalation
Patched in Version:: 3.0.6
Severity Score:: Critical
CVE:: 2024-4186

Plugin:: Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library )
Plugin Slug:: magical-addons-for-elementor
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.35
Severity Score:: Medium
CVE:: 2024-34547

Plugin:: Shopping Cart & eCommerce Store
Plugin Slug:: wp-easycart
Installations: 5,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 5.6.5
Severity Score:: Medium
CVE:: 2024-4213

Plugin:: Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler
Plugin Slug:: cf7-styler
Installations: 4,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.6.5
Severity Score:: Medium
CVE:: 2024-34826

Plugin:: 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin
Plugin Slug:: real3d-flipbook-lite
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.72
Severity Score:: Medium
CVE:: 2024-34561

Plugin:: Startklar Elementor Addons
Plugin Slug:: startklar-elmentor-forms-extwidgets
Installations: 4,000+
Vulnerability:: Arbitrary File Deletion
Patched in Version:: 1.7.14
Severity Score:: High
CVE:: 2024-4346

Plugin:: Startklar Elementor Addons
Plugin Slug:: startklar-elmentor-forms-extwidgets
Installations: 4,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 1.7.14
Severity Score:: Critical
CVE:: 2024-4345

Plugin:: Auto Affiliate Links
Plugin Slug:: wp-auto-affiliate-links
Installations: 4,000+
Vulnerability:: SQL Injection
Patched in Version:: 6.4.4
Severity Score:: High
CVE:: 2024-34386

Plugin:: All Bootstrap Blocks
Plugin Slug:: all-bootstrap-blocks
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.16
Severity Score:: Medium
CVE:: 2024-35169

Plugin:: Mihdan: Yandex Turbo Feed
Plugin Slug:: mihdan-yandex-turbo-feed
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.6
Severity Score:: Medium
CVE:: 2024-4411

Plugin:: Move Addons for Elementor
Plugin Slug:: move-addons
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.1
Severity Score:: Medium
CVE:: 2024-34562

Plugin:: Shared Files – Advanced File Sharing & Download Manager with Frontend Uploads & Lead Generation
Plugin Slug:: shared-files
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.7.20
Severity Score:: Medium
CVE:: 2024-34438

Plugin:: WooCommerce Wishlist (High customization, fast setup,Free Elementor Wishlist, most features)
Plugin Slug:: smart-wishlist-for-more-convert
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.7.9
Severity Score:: Medium
CVE:: 2024-34813

Plugin:: WooCommerce Wishlist (High customization, fast setup,Free Elementor Wishlist, most features)
Plugin Slug:: smart-wishlist-for-more-convert
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.7.3
Severity Score:: Medium
CVE:: 2024-34819

Plugin:: iPages Flipbook For WordPress
Plugin Slug:: ipages-flipbook
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.5.2
Severity Score:: Medium
CVE:: 2024-4744

Plugin:: ShopBuilder – Elementor WooCommerce Builder Addons
Plugin Slug:: shopbuilder
Installations: 2,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.1.9
Severity Score:: Medium
CVE:: 2024-34812

Plugin:: Zotpress
Plugin Slug:: zotpress
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.3.10
Severity Score:: Medium
CVE:: 2024-34569

Plugin:: Academy LMS – eLearning and online course solution for WordPress
Plugin Slug:: academy
Installations: 1,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.9.26
Severity Score:: Medium
CVE:: 2024-35171

Plugin:: Arigato Autoresponder and Newsletter
Plugin Slug:: bft-autoresponder
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.7.2.4
Severity Score:: Medium
CVE:: 2024-34823

Plugin:: Church Admin
Plugin Slug:: church-admin
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 4.2.0
Severity Score:: Medium
CVE:: 2024-34828

Plugin:: Contact List – Premium Staff Listing, Business Directory & Address Book
Plugin Slug:: contact-list
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.9.88
Severity Score:: Medium
CVE:: 2024-34821

Plugin:: Falang multilanguage for WordPress
Plugin Slug:: falang
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.50
Severity Score:: Medium
CVE:: 2024-4417

Plugin:: Ghost
Plugin Slug:: ghost
Installations: 1,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.5.0
Severity Score:: High
CVE:: 2024-34559

Plugin:: Gold Addons for Elementor
Plugin Slug:: gold-addons-for-elementor
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.0
Severity Score:: Medium
CVE:: 2024-34563

Plugin:: Dynamics 365 Integration
Plugin Slug:: integration-dynamics
Installations: 1,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.3.18
Severity Score:: Medium
CVE:: 2024-34550

Plugin:: Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms
Plugin Slug:: integration-for-contact-form-7-and-pipedrive
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.2.1
Severity Score:: Medium
CVE:: 2024-34817

Plugin:: SKT Addons for Elementor
Plugin Slug:: skt-addons-for-elementor
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.9
Severity Score:: Medium
CVE:: 2024-34445

Plugin:: SKT Addons for Elementor
Plugin Slug:: skt-addons-for-elementor
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.9
Severity Score:: Medium
CVE:: 2024-34436

Plugin:: Squelch Tabs and Accordions Shortcodes
Plugin Slug:: squelch-tabs-and-accordions-shortcodes
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 0.4.8
Severity Score:: Medium
CVE:: 2024-4463

Plugin:: Counter Up – Animated Number Counter & Milestone Showcase
Plugin Slug:: wp-counter-up
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.3.0
Severity Score:: Medium
CVE:: 2024-34564

Plugin:: WP Discourse
Plugin Slug:: wp-discourse
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.5.2
Severity Score:: Medium
CVE:: 2024-35168

Plugin:: WPCal.io – Easy Meeting Scheduler
Plugin Slug:: wpcal
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 0.9.5.9
Severity Score:: Medium
CVE:: 2024-34816

Plugin:: Barcode Scanner and Inventory manager. POS (Point of Sale) – scan barcodes & create orders with barcode reader.
Plugin Slug:: barcode-scanner-lite-pos-to-manage-products-inventory-and-orders
Installations: 800+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.5.5
Severity Score:: Medium
CVE:: 2024-34557

Plugin:: Barcode Scanner and Inventory manager. POS (Point of Sale) – scan barcodes & create orders with barcode reader.
Plugin Slug:: barcode-scanner-lite-pos-to-manage-products-inventory-and-orders
Installations: 800+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.5.5
Severity Score:: Medium
CVE:: 2024-34556

Plugin:: Sticky banner
Plugin Slug:: sticky-banner
Installations: 600+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.0
Severity Score:: Medium
CVE:: 2024-35170

Plugin:: Joli FAQ SEO – WordPress FAQ Plugin
Plugin Slug:: joli-faq-seo
Installations: 400+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.3.3
Severity Score:: Medium
CVE:: 2024-4082

Plugin:: Soccer Engine – Soccer Plugin for WordPress
Plugin Slug:: soccer-engine-lite
Installations: 90+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.13
Severity Score:: Medium
CVE:: 2024-4312

Plugin:: Hostel
Plugin Slug:: hostel
Installations: 70+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.1.5.4
Severity Score:: Medium
CVE:: 2024-4314

Plugin:: ADFO – Custom data in admin dashboard
Plugin Slug:: admin-form
Installations: 60+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.9.1
Severity Score:: Medium
CVE:: 2024-4103

Plugin:: ADFO – Custom data in admin dashboard
Plugin Slug:: admin-form
Installations: 60+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.9.1
Severity Score:: High
CVE:: 2024-4104

Plugin:: Z-Downloads
Plugin Slug:: z-downloads
Installations: 60+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 1.11.4
Severity Score:: Critical
CVE:: 2024-34555

Plugin:: Aiomatic
Plugin Slug:: aiomatic-automatic-ai-content-writer
Vulnerability:: Broken Access Control
Patched in Version:: 1.9.4
Severity Score:: Medium
CVE:: 2024-34435

Plugin:: Breakdance
Plugin Slug:: breakdance
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: 1.7.2
Severity Score:: High
CVE:: 2024-4605

Plugin:: Divi Builder
Plugin Slug:: divi-builder
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.25.1
Severity Score:: Medium
CVE:: 2024-4490

Plugin:: Fancy Product Designer
Plugin Slug:: fancy-product-designer
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.1.81
Severity Score:: Medium
CVE:: 2024-0904

Plugin:: Porto Theme – Functionality
Plugin Slug:: porto-functionality
Vulnerability:: Local File Inclusion
Patched in Version:: 3.1.1
Severity Score:: Medium
CVE:: 2024-3808

Plugin:: Spectra Pro
Plugin Slug:: spectra-pro
Vulnerability:: Privilege Escalation
Patched in Version:: 1.1.6
Severity Score:: High
CVE:: 2024-3828

Plugin:: Stockholm Core
Plugin Slug:: stockholm-core
Vulnerability:: Local File Inclusion
Patched in Version:: 2.4.2
Severity Score:: High
CVE:: 2024-34554

Plugin:: Stockholm Core
Plugin Slug:: stockholm-core
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.2
Severity Score:: High
CVE:: 2024-34553

Plugin:: Unyson
Plugin Slug:: unyson
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.7.31
Severity Score:: Medium
CVE:: 2024-34814

WordPress Themes — 16 Patched

Theme:: Consus
Theme Slug:: consus
Downloads: 16,364
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.0.7
Severity Score:: Medium
CVE:: 2024-34810

Theme:: EmpowerWP
Theme Slug:: empowerwp
Downloads: 219,376
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.0.22
Severity Score:: Medium
CVE:: 2024-34809

Theme:: Himalayas
Theme Slug:: himalayas
Downloads: 332,940
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.1
Severity Score:: Medium
CVE:: 2024-34571

Theme:: Ketos
Theme Slug:: ketos
Downloads: 28,703
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.0.6
Severity Score:: Medium
CVE:: 2024-34810

Theme:: Mindscape
Theme Slug:: mindscape
Downloads: 41,737
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.0.23
Severity Score:: Medium
CVE:: 2024-34810

Theme:: Niveau
Theme Slug:: niveau
Downloads: 16,831
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.0.9
Severity Score:: Medium
CVE:: 2024-34810

Theme:: Oasis
Theme Slug:: oasis
Downloads: 69,511
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.0.13
Severity Score:: Medium
CVE:: 2024-34810

Theme:: raindrops
Theme Slug:: raindrops
Downloads: 716,615
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.700
Severity Score:: Medium
CVE:: 2024-34414

Theme:: Skyline WP
Theme Slug:: skyline-wp
Downloads: 169,635
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.0.11
Severity Score:: Medium
CVE:: 2024-34810

Theme:: Zeka
Theme Slug:: zeka
Downloads: 20,249
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.0.10
Severity Score:: Medium
CVE:: 2024-34810

Theme:: Divi
Theme Slug:: divi
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.25.1
Severity Score:: Medium
CVE:: 2024-4490

Theme:: Extra
Theme Slug:: extra
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.25.1
Severity Score:: Medium
CVE:: 2024-4490

Theme:: Porto
Theme Slug:: porto
Vulnerability:: Local File Inclusion
Patched in Version:: 7.1.1
Severity Score:: High
CVE:: 2024-3806

Theme:: Porto
Theme Slug:: porto
Vulnerability:: Local File Inclusion
Patched in Version:: 7.1.1
Severity Score:: Medium
CVE:: 2024-3807

Theme:: Stockholm
Theme Slug:: stockholm
Vulnerability:: Local File Inclusion
Patched in Version:: 9.7
Severity Score:: High
CVE:: 2024-34552

Theme:: Stockholm
Theme Slug:: stockholm
Vulnerability:: Local File Inclusion
Patched in Version:: 9.7
Severity Score:: Critical
CVE:: 2024-34551

Solid Security is part of Solid Suite — The best foundation for WordPress websites.

Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!

Get Solid Security

Author:

Sarah Ulmer

Sarah has been with SolidWP since 2015. Thanks to her deep connection to the brand, its products, and its users, Sarah was tapped as Solid’s primary Product Marketer in 2023. Sarah helps ensure that Solid’s product development team understands our users’ needs. When not at work, Sarah can be found at home with her husband, their three boys, and their dogs. Sarah enjoys long family walks, running with her lab, and watching her three boys play soccer. Sarah is originally from Texas and loves watching football games (Go Longhorns!)

Browse all of Sarah's articles

Sign up

Placeholder text

Thanks

Oops something went wrong, please try submitting again

Solid Suite

Protect

Repair

Manage

Free Plugins

Solid Suite

Academy

Solid Academy

Guides

Livestreams

Tutorials Academy

Resources

Blog

Vulnerability Report

Support

Documentation

Table of Contents

WordPress Core

WordPress Plugins — 129 Patched / 47 Unpatched