WordPress Vulnerability Report — May 22, 2024

Since last week, 153 new vulnerabilities emerged in the WordPress ecosystem including 11 in themes and 142 in plugins. 34 of the vulnerable plugins and themes remain unpatched, but Solid Security Pro users are protected by virtual patching from Patchstack.

Sarah Ulmer

Published:May 22, 2024

Filed Under:WordPress Vulnerability Report

Reading Time:30 min.

In this report, 153 vulnerabilities have been publicly disclosed. Security patches for 119 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 34 plugin and themes vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

Along with poor user account security, vulnerable plugins and themes are among the top reasons why WordPress websites get hacked. Unfortunately, cyberattacks are increasing in volume and sophistication. They’re also increasingly aimed at small to mid-sized businesses.

1. WordPress Core
2. WordPress Plugins — 109 Patched / 33 Unpatched

2.1 Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer
2.2 Tagembed: Embed Twitter Feed, Google Reviews, YouTube Videos, TikTok, RSS Feed & More Social Media Feeds
2.3 Popup Maker – Responsive popup, Exit Intent Pop up, Email Optins, Autoresponder & More
2.4 reCAPTCHA Jetpack
2.5 reCAPTCHA Jetpack
2.6 UnGallery
2.7 Add Custom CSS and JS
2.8 WP Stacker
2.9 AdFoxly – Ad Manager, AdSense Ads & Ads.txt
2.10 Base64 Encoder/Decoder
2.11 Base64 Encoder/Decoder
2.12 Base64 Encoder/Decoder
2.13 Crafthemes Demo Import
2.14 Dextaz Ping
2.15 Elegant Blocks
2.16 Fast Custom Social Share by CodeBard
2.17 HL Twitter
2.18 HL Twitter
2.19 LetterPress
2.20 Newsletter Popup
2.21 Popup4Phone
2.22 Popup4Phone
2.23 PopupAlly
2.24 Praison SEO WordPress
2.25 Simple Popup Manager
2.26 SP Project & Document Manager
2.27 SP Project & Document Manager
2.28 Tainacan
2.29 Tainacan
2.30 WP Backpack
2.31 WP Next Post Navi
2.32 WP Prayer
2.33 WPB Elementor Addons
2.34 Elementor Website Builder – More than Just a Page Builder
2.35 Yoast SEO
2.36 Jetpack – WP Security, Backup, Speed, & Growth
2.37 Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
2.38 Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
2.39 Rank Math SEO with AI Best SEO Tools
2.40 Elementor Header & Footer Builder
2.41 Elementor Header & Footer Builder
2.42 Page Builder by SiteOrigin
2.43 The Events Calendar
2.44 WP Shortcodes Plugin — Shortcodes Ultimate
2.45 WP Shortcodes Plugin — Shortcodes Ultimate
2.46 NextGEN Gallery – Create an Amazing Photo Gallery in Seconds
2.47 Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder
2.48 Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder
2.49 Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder
2.50 Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder
2.51 Happy Addons for Elementor
2.52 Happy Addons for Elementor
2.53 Gutenberg Blocks with AI by Kadence WP – Page Builder Features
2.54 Gutenberg Blocks with AI by Kadence WP – Page Builder Features
2.55 Password Protected – Ultimate Plugin to Protect WordPress Site, Pages & WooCommerce Store
2.56 Royal Elementor Addons and Templates
2.57 Menu Icons by ThemeIsle
2.58 Image Optimization by Optimole – Lazy Load, CDN, Convert WebP & AVIF
2.59 Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates
2.60 GiveWP – Donation Plugin and Fundraising Platform
2.61 HT Mega – Absolute Addons For Elementor
2.62 HT Mega – Absolute Addons For Elementor
2.63 ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor)
2.64 ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor)
2.65 ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor)
2.66 Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce
2.67 iframe
2.68 Master Slider – Responsive Touch Slider
2.69 Import and export users and customers
2.70 Post and Page Builder by BoldGrid – Visual Drag and Drop Editor
2.71 Sydney Toolbox
2.72 Tutor LMS – eLearning and online course solution
2.73 Tutor LMS – eLearning and online course solution
2.74 Tutor LMS – eLearning and online course solution
2.75 Visual Portfolio, Photo Gallery & Post Grid
2.76 Exclusive Addons for Elementor
2.77 WP Table Builder – WordPress Table Plugin
2.78 Order Export & Order Import for WooCommerce
2.79 Ultimate Blocks – WordPress Blocks Plugin
2.80 DethemeKit For Elementor
2.81 DethemeKit For Elementor
2.82 Piotnet Addons For Elementor
2.83 Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks
2.84 Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor
2.85 Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin
2.86 Visualizer: Tables and Charts Manager for WordPress
2.87 All-in-One Video Gallery
2.88 Envo Extra
2.89 Logo Slider – Logo Carousel, Logo Showcase & Client Logo Slider WordPress Plugin
2.90 Post Grid Elementor Addon
2.91 WPZOOM Addons for Elementor (Templates, Widgets)
2.92 BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin
2.93 Mega Elements – Addons for Elementor
2.94 Landing Page Builder – Coming Soon page, Maintenance Mode, Lead Page, WordPress Landing Pages
2.95 ReviewX – Multi-criteria Rating & Reviews for WooCommerce
2.96 Simple Basic Contact Form
2.97 140+ Widgets | Best Addons For Elementor – FREE
2.98 YITH WooCommerce Gift Cards
2.99 Alt Text AI – Automatically generate image alt text for SEO and accessibility
2.100 WP SMS – Messaging, SMS & MMS Notifications, 2FA & OTP for WordPress, WooCommerce, GravityForms, etc
2.101 VikBooking Hotel Booking Engine & PMS
2.102 Integration for HubSpot and Contact Form 7, WPForms, Elementor, Ninja Forms
2.103 WP Compress – Image Optimizer [All-In-One]
2.104 WP Compress – Image Optimizer [All-In-One]
2.105 Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg
2.106 Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg
2.107 JCH Optimize
2.108 Radio Player – Live Shoutcast, Icecast and Any Audio Stream Player for WordPress
2.109 Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library )
2.110 Magazine Blocks – Blog Designer, Magazine & Newspaper Website Builder, Page Builder with Posts Blocks, Post Grid
2.111 Move Addons for Elementor
2.112 YouTube Video Gallery by YouTube Showcase – Video Gallery Plugin for WordPress
2.113 Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms
2.114 Debug Log – Manger Tool
2.115 FundEngine – Donation and Crowdfunding Platform
2.116 Kognetiks Chatbot for WordPress
2.117 Copymatic – AI Content Writer & Generator
2.118 Custom Post Type Attachment
2.119 Fastly
2.120 Fastly
2.121 Contact Form Widget – Contact Query, Contact Page, Form Maker, Query Table
2.122 Save as PDF Plugin by Pdfcrowd
2.123 ShiftController Employee Shift Scheduling
2.124 Popup Builder
2.125 Picture Gallery – Frontend Image Uploads, AJAX Photo List
2.126 Popup – Popup More Popups
2.127 Builder for WooCommerce product reviews shortcodes – ReviewShort
2.128 Bulk Posts Editing For WordPress
2.129 Bulk Posts Editing For WordPress
2.130 month name translation benaceur
2.131 Advanced Custom Fields PRO
2.132 Advanced Custom Fields PRO
2.133 ConvertPlus
2.134 Cost Calculator Builder Pro
2.135 ElementsKit Pro
2.136 Penci Soledad Data Migrator
2.137 Swift Framework Page Builder
2.138 Tutor LMS Pro
2.139 Tutor LMS Pro
2.140 Tutor LMS Pro
2.141 Uber Menu
2.142 Automatic

3. WordPress Themes — 10 Patched / 1 Unpatched

3.1 ImageMagick Sharpen Resized Images
3.2 Blocksy
3.3 ChaosTheory
3.4 Consus
3.5 EmpowerWP
3.6 Ketos
3.7 Mindscape
3.8 Niveau
3.9 Oasis
3.10 Skyline WP
3.11 Zeka

Our WordPress Vulnerability Report covers the latest emerging WordPress plugin, theme, and core vulnerabilities. Each vulnerability will have a severity rating of Low, Medium, High, or Critical. Responsible disclosure of vulnerabilities is essential to keeping the WordPress community safe. Please share this report to help spread the word and make WordPress — and the web — more secure.

WordPress Core

WordPress 6.5.3 was released on May 7, 2024, as a short-cycle maintenance release. This release features 12 bug fixes on Core and 9 bug fixes for the Block editor.

The next major release will be version 6.6 planned for July 2024.

WordPress Plugins — 109 Patched / 33 Unpatched

Plugin:: Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer
Plugin Slug:: clearfy
Installations: 80,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-34806

Plugin:: Tagembed: Embed Twitter Feed, Google Reviews, YouTube Videos, TikTok, RSS Feed & More Social Media Feeds
Plugin Slug:: tagembed-widget
Installations: 8,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-34804

Plugin:: Popup Maker – Responsive popup, Exit Intent Pop up, Email Optins, Autoresponder & More
Plugin Slug:: popup-maker-wp
Installations: 7,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-34770

Plugin:: reCAPTCHA Jetpack
Plugin Slug:: recaptcha-jetpack
Installations: 700+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-3941

Plugin:: reCAPTCHA Jetpack
Plugin Slug:: recaptcha-jetpack
Installations: 700+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-3940

Plugin:: UnGallery
Plugin Slug:: ungallery
Installations: 50+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-3582

Plugin:: Add Custom CSS and JS
Plugin Slug:: add-custom-css-and-js
Installations: 10+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-3903

Plugin:: WP Stacker
Plugin Slug:: wp-stacker
Installations: 10+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-5003

Plugin:: AdFoxly – Ad Manager, AdSense Ads & Ads.txt
Plugin Slug:: adfoxly
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-34802

Plugin:: Base64 Encoder/Decoder
Plugin Slug:: base64-encoderdecoder
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-3824

Plugin:: Base64 Encoder/Decoder
Plugin Slug:: base64-encoderdecoder
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-3823

Plugin:: Base64 Encoder/Decoder
Plugin Slug:: base64-encoderdecoder
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-3822

Plugin:: Crafthemes Demo Import
Plugin Slug:: crafthemes-demo-import
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-34800

Plugin:: Dextaz Ping
Plugin Slug:: dextaz-ping
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-34792

Plugin:: Elegant Blocks
Plugin Slug:: elegant-blocks
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-34769

Plugin:: Fast Custom Social Share by CodeBard
Plugin Slug:: fast-custom-social-share-by-codebard
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-34807

Plugin:: HL Twitter
Plugin Slug:: hl-twitter
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-3630

Plugin:: HL Twitter
Plugin Slug:: hl-twitter
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-3629

Plugin:: LetterPress
Plugin Slug:: letterpress
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-3590

Plugin:: Newsletter Popup
Plugin Slug:: newsletter-popup
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-3644

Plugin:: Popup4Phone
Plugin Slug:: popup4phone
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-3580

Plugin:: Popup4Phone
Plugin Slug:: popup4phone
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-3231

Plugin:: PopupAlly
Plugin Slug:: popupally
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-34796

Plugin:: Praison SEO WordPress
Plugin Slug:: seo-wordpress
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-34801

Plugin:: Simple Popup Manager
Plugin Slug:: simple-popup-manager
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-34797

Plugin:: SP Project & Document Manager
Plugin Slug:: sp-client-document-manager
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-3748

Plugin:: SP Project & Document Manager
Plugin Slug:: sp-client-document-manager
Vulnerability:: Directory Traversal
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-1693

Plugin:: Tainacan
Plugin Slug:: tainacan
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-34795

Plugin:: Tainacan
Plugin Slug:: tainacan
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-34794

Plugin:: WP Backpack
Plugin Slug:: wp-backpack
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-4756

Plugin:: WP Next Post Navi
Plugin Slug:: wp-next-post-navi
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-34793

Plugin:: WP Prayer
Plugin Slug:: wp-prayer
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-3405

Plugin:: WPB Elementor Addons
Plugin Slug:: wpb-elementor-addons
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-34791

Plugin:: Elementor Website Builder – More than Just a Page Builder
Plugin Slug:: elementor
Installations: 5,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.21.6
Severity Score:: Medium
CVE:: 2024-4619

Plugin:: Yoast SEO
Plugin Slug:: wordpress-seo
Installations: 5,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 22.7
Severity Score:: Medium
CVE:: 2024-4984

Plugin:: Jetpack – WP Security, Backup, Speed, & Growth
Plugin Slug:: jetpack
Installations: 4,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 13.4
Severity Score:: Medium
CVE:: 2024-4392

Plugin:: Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
Plugin Slug:: essential-addons-for-elementor-lite
Installations: 2,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.9.16
Severity Score:: Medium
CVE:: 2024-34764

Plugin:: Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
Plugin Slug:: essential-addons-for-elementor-lite
Installations: 2,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.9.21
Severity Score:: Medium
CVE:: 2024-4624

Plugin:: Rank Math SEO with AI Best SEO Tools
Plugin Slug:: seo-by-rank-math
Installations: 2,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.219-beta
Severity Score:: Medium
CVE:: 2024-4617

Plugin:: Elementor Header & Footer Builder
Plugin Slug:: header-footer-elementor
Installations: 1,000,000+
Vulnerability:: Content Injection
Patched in Version:: 1.6.27
Severity Score:: Medium
CVE:: 2024-2619

Plugin:: Elementor Header & Footer Builder
Plugin Slug:: header-footer-elementor
Installations: 1,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.29
Severity Score:: Medium
CVE:: 2024-4634

Plugin:: Page Builder by SiteOrigin
Plugin Slug:: siteorigin-panels
Installations: 700,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.29.16
Severity Score:: Medium
CVE:: 2024-4361

Plugin:: The Events Calendar
Plugin Slug:: the-events-calendar
Installations: 700,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.4.0.1
Severity Score:: High
CVE:: 2024-4180

Plugin:: WP Shortcodes Plugin — Shortcodes Ultimate
Plugin Slug:: shortcodes-ultimate
Installations: 600,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.1.6
Severity Score:: Medium
CVE:: 2024-4553

Plugin:: WP Shortcodes Plugin — Shortcodes Ultimate
Plugin Slug:: shortcodes-ultimate
Installations: 600,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.1.2
Severity Score:: Medium
CVE:: 2024-3548

Plugin:: NextGEN Gallery – Create an Amazing Photo Gallery in Seconds
Plugin Slug:: nextgen-gallery
Installations: 500,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.59.1
Severity Score:: Medium
CVE:: 2024-2744

Plugin:: Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder
Plugin Slug:: fluentform
Installations: 400,000+
Vulnerability:: Privilege Escalation
Patched in Version:: 5.1.17
Severity Score:: Critical
CVE:: 2024-2771

Plugin:: Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder
Plugin Slug:: fluentform
Installations: 400,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.1.17
Severity Score:: High
CVE:: 2024-2782

Plugin:: Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder
Plugin Slug:: fluentform
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.1.14
Severity Score:: Medium
CVE:: 2024-2772

Plugin:: Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder
Plugin Slug:: fluentform
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.1.17
Severity Score:: Medium
CVE:: 2024-4709

Plugin:: Happy Addons for Elementor
Plugin Slug:: happy-elementor-addons
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.10.9
Severity Score:: Medium
CVE:: 2024-4865

Plugin:: Happy Addons for Elementor
Plugin Slug:: happy-elementor-addons
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.10.8
Severity Score:: Medium
CVE:: 2024-4478

Plugin:: Gutenberg Blocks with AI by Kadence WP – Page Builder Features
Plugin Slug:: kadence-blocks
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.37
Severity Score:: Medium
CVE:: 2024-4057

Plugin:: Gutenberg Blocks with AI by Kadence WP – Page Builder Features
Plugin Slug:: kadence-blocks
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.38
Severity Score:: Medium
CVE:: 2024-3189

Plugin:: Password Protected – Ultimate Plugin to Protect WordPress Site, Pages & WooCommerce Store
Plugin Slug:: password-protected
Installations: 400,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.6.7
Severity Score:: Medium
CVE:: 2024-0437

Plugin:: Royal Elementor Addons and Templates
Plugin Slug:: royal-elementor-addons
Installations: 300,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.975
Severity Score:: Medium
CVE:: 2024-3887

Plugin:: Menu Icons by ThemeIsle
Plugin Slug:: menu-icons
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 0.13.14
Severity Score:: Medium
CVE:: 2024-4635

Plugin:: Image Optimization by Optimole – Lazy Load, CDN, Convert WebP & AVIF
Plugin Slug:: optimole-wp
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.13.0
Severity Score:: Medium
CVE:: 2024-4636

Plugin:: Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates
Plugin Slug:: essential-blocks
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.5.13
Severity Score:: Medium
CVE:: 2024-4891

Plugin:: GiveWP – Donation Plugin and Fundraising Platform
Plugin Slug:: give
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.11.0
Severity Score:: Medium
CVE:: 2024-3714

Plugin:: HT Mega – Absolute Addons For Elementor
Plugin Slug:: ht-mega-for-elementor
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.5.3
Severity Score:: Medium
CVE:: 2024-4876

Plugin:: HT Mega – Absolute Addons For Elementor
Plugin Slug:: ht-mega-for-elementor
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.5.3
Severity Score:: Medium
CVE:: 2024-4875

Plugin:: ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor)
Plugin Slug:: woolentor-addons
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.8.9
Severity Score:: Medium
CVE:: 2024-3345

Plugin:: ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor)
Plugin Slug:: woolentor-addons
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.8.9
Severity Score:: High
CVE:: 2024-4566

Plugin:: ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor)
Plugin Slug:: woolentor-addons
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.8.8
Severity Score:: Medium
CVE:: 2024-34767

Plugin:: Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce
Plugin Slug:: email-subscribers
Installations: 90,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.7.20
Severity Score:: High
CVE:: 2024-4010

Plugin:: iframe
Plugin Slug:: iframe
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.1
Severity Score:: Medium
CVE:: 2024-34805

Plugin:: Master Slider – Responsive Touch Slider
Plugin Slug:: master-slider
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.9.10
Severity Score:: Medium
CVE:: 2024-4470

Plugin:: Import and export users and customers
Plugin Slug:: import-users-from-csv-with-meta
Installations: 80,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.26.7
Severity Score:: Medium
CVE:: 2024-4656

Plugin:: Post and Page Builder by BoldGrid – Visual Drag and Drop Editor
Plugin Slug:: post-and-page-builder
Installations: 80,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.26.5
Severity Score:: Medium
CVE:: 2024-4400

Plugin:: Sydney Toolbox
Plugin Slug:: sydney-toolbox
Installations: 80,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.32
Severity Score:: Medium
CVE:: 2024-4473

Plugin:: Tutor LMS – eLearning and online course solution
Plugin Slug:: tutor
Installations: 80,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.7.1
Severity Score:: High
CVE:: 2024-4223

Plugin:: Tutor LMS – eLearning and online course solution
Plugin Slug:: tutor
Installations: 80,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 2.7.1
Severity Score:: Medium
CVE:: 2024-4279

Plugin:: Tutor LMS – eLearning and online course solution
Plugin Slug:: tutor
Installations: 80,000+
Vulnerability:: SQL Injection
Patched in Version:: 2.7.1
Severity Score:: High
CVE:: 2024-4318

Plugin:: Visual Portfolio, Photo Gallery & Post Grid
Plugin Slug:: visual-portfolio
Installations: 70,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.3.3
Severity Score:: Medium
CVE:: 2024-4363

Plugin:: Exclusive Addons for Elementor
Plugin Slug:: exclusive-addons-for-elementor
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.9.7
Severity Score:: Medium
CVE:: 2024-4618

Plugin:: WP Table Builder – WordPress Table Plugin
Plugin Slug:: wp-table-builder
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4.15
Severity Score:: Medium
CVE:: 2024-4700

Plugin:: Order Export & Order Import for WooCommerce
Plugin Slug:: order-import-export-for-woocommerce
Installations: 50,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 2.5.0
Severity Score:: Medium
CVE:: 2024-34751

Plugin:: Ultimate Blocks – WordPress Blocks Plugin
Plugin Slug:: ultimate-blocks
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1.7
Severity Score:: Medium
CVE:: 2024-3241

Plugin:: DethemeKit For Elementor
Plugin Slug:: dethemekit-for-elementor
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.4
Severity Score:: Medium
CVE:: 2024-4374

Plugin:: DethemeKit For Elementor
Plugin Slug:: dethemekit-for-elementor
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.3
Severity Score:: Medium
CVE:: 2024-34575

Plugin:: Piotnet Addons For Elementor
Plugin Slug:: piotnet-addons-for-elementor
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.28
Severity Score:: Medium
CVE:: 2024-4432

Plugin:: Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks
Plugin Slug:: post-grid
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.81
Severity Score:: Medium
CVE:: 2024-3155

Plugin:: Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor
Plugin Slug:: master-addons
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.6.1
Severity Score:: Medium
CVE:: 2024-3134

Plugin:: Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin
Plugin Slug:: simply-schedule-appointments
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.7.18
Severity Score:: Medium
CVE:: 2024-4288

Plugin:: Visualizer: Tables and Charts Manager for WordPress
Plugin Slug:: visualizer
Installations: 30,000+
Vulnerability:: SQL Injection
Patched in Version:: 3.11.0
Severity Score:: High
CVE:: 2024-3750

Plugin:: All-in-One Video Gallery
Plugin Slug:: all-in-one-video-gallery
Installations: 20,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 3.7.0
Severity Score:: High
CVE:: 2024-4670

Plugin:: Envo Extra
Plugin Slug:: envo-extra
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8.17
Severity Score:: Medium
CVE:: 2024-4385

Plugin:: Logo Slider – Logo Carousel, Logo Showcase & Client Logo Slider WordPress Plugin
Plugin Slug:: logo-slider-wp
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.0.0
Severity Score:: Medium
CVE:: 2024-3288

Plugin:: Post Grid Elementor Addon
Plugin Slug:: post-grid-elementor-addon
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.17
Severity Score:: Medium
CVE:: 2024-34789

Plugin:: WPZOOM Addons for Elementor (Templates, Widgets)
Plugin Slug:: wpzoom-elementor-addons
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.37
Severity Score:: Medium
CVE:: 2024-4370

Plugin:: BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin
Plugin Slug:: bookingpress-appointment-booking
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.0.83
Severity Score:: Medium
CVE:: 2024-34799

Plugin:: Mega Elements – Addons for Elementor
Plugin Slug:: mega-elements-addons-for-elementor
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.2
Severity Score:: Medium
CVE:: 2024-4702

Plugin:: Landing Page Builder – Coming Soon page, Maintenance Mode, Lead Page, WordPress Landing Pages
Plugin Slug:: page-builder-add
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.1.9
Severity Score:: High
CVE:: 2024-34752

Plugin:: ReviewX – Multi-criteria Rating & Reviews for WooCommerce
Plugin Slug:: reviewx
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.6.28
Severity Score:: Medium
CVE:: 2024-3609

Plugin:: Simple Basic Contact Form
Plugin Slug:: simple-basic-contact-form
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 20240511
Severity Score:: Medium
CVE:: 2024-4144

Plugin:: 140+ Widgets | Best Addons For Elementor – FREE
Plugin Slug:: xpro-elementor-addons
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4.3.1
Severity Score:: Medium
CVE:: 2024-4440

Plugin:: YITH WooCommerce Gift Cards
Plugin Slug:: yith-woocommerce-gift-cards
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.13.0
Severity Score:: Medium
CVE:: 2024-0870

Plugin:: Alt Text AI – Automatically generate image alt text for SEO and accessibility
Plugin Slug:: alttext-ai
Installations: 9,000+
Vulnerability:: SQL Injection
Patched in Version:: 1.5.0
Severity Score:: High
CVE:: 2024-4847

Plugin:: WP SMS – Messaging, SMS & MMS Notifications, 2FA & OTP for WordPress, WooCommerce, GravityForms, etc
Plugin Slug:: wp-sms
Installations: 9,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.5.2
Severity Score:: Medium
CVE:: 2024-34811

Plugin:: VikBooking Hotel Booking Engine & PMS
Plugin Slug:: vikbooking
Installations: 8,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 1.6.8
Severity Score:: Medium
CVE:: 2024-2441

Plugin:: Integration for HubSpot and Contact Form 7, WPForms, Elementor, Ninja Forms
Plugin Slug:: cf7-hubspot
Installations: 7,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.3.2
Severity Score:: Medium
CVE:: 2024-34756

Plugin:: WP Compress – Image Optimizer [All-In-One]
Plugin Slug:: wp-compress-image-optimizer
Installations: 7,000+
Vulnerability:: Broken Access Control
Patched in Version:: 6.20.02
Severity Score:: Medium
CVE:: 2024-4445

Plugin:: WP Compress – Image Optimizer [All-In-One]
Plugin Slug:: wp-compress-image-optimizer
Installations: 7,000+
Vulnerability:: Open Redirection
Patched in Version:: 6.20.02
Severity Score:: Medium
CVE:: 2023-6812

Plugin:: Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg
Plugin Slug:: borderless
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.4
Severity Score:: Medium
CVE:: 2024-34757

Plugin:: Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg
Plugin Slug:: borderless
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.4
Severity Score:: Medium
CVE:: 2024-4666

Plugin:: JCH Optimize
Plugin Slug:: jch-optimize
Installations: 6,000+
Vulnerability:: Path Traversal
Patched in Version:: 4.2.1
Severity Score:: Medium
CVE:: 2024-34808

Plugin:: Radio Player – Live Shoutcast, Icecast and Any Audio Stream Player for WordPress
Plugin Slug:: radio-player
Installations: 6,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.0.74
Severity Score:: Medium
CVE:: 2024-34753

Plugin:: Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library )
Plugin Slug:: magical-addons-for-elementor
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.38
Severity Score:: Medium
CVE:: 2024-2923

Plugin:: Magazine Blocks – Blog Designer, Magazine & Newspaper Website Builder, Page Builder with Posts Blocks, Post Grid
Plugin Slug:: magazine-blocks
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.7
Severity Score:: Medium
CVE:: 2024-34760

Plugin:: Move Addons for Elementor
Plugin Slug:: move-addons
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.2
Severity Score:: Medium
CVE:: 2024-4695

Plugin:: YouTube Video Gallery by YouTube Showcase – Video Gallery Plugin for WordPress
Plugin Slug:: youtube-showcase
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.4.0
Severity Score:: Medium
CVE:: 2024-3268

Plugin:: Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms
Plugin Slug:: cf7-salesforce
Installations: 2,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.4.0
Severity Score:: Medium
CVE:: 2024-34755

Plugin:: Debug Log – Manger Tool
Plugin Slug:: debug-log-config-tool
Installations: 2,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.5
Severity Score:: Medium
CVE:: 2024-34798

Plugin:: FundEngine – Donation and Crowdfunding Platform
Plugin Slug:: wp-fundraising-donation
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.7.0
Severity Score:: Medium
CVE:: 2024-34758

Plugin:: Kognetiks Chatbot for WordPress
Plugin Slug:: chatbot-chatgpt
Installations: 1,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 2.0.1
Severity Score:: Critical
CVE:: 2024-32700

Plugin:: Copymatic – AI Content Writer & Generator
Plugin Slug:: copymatic
Installations: 1,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 1.7
Severity Score:: Critical
CVE:: 2024-31351

Plugin:: Custom Post Type Attachment
Plugin Slug:: custom-post-type-pdf-attachment
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.4.6
Severity Score:: Medium
CVE:: 2024-4546

Plugin:: Fastly
Plugin Slug:: fastly
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.2.26
Severity Score:: Medium
CVE:: 2024-34803

Plugin:: Fastly
Plugin Slug:: fastly
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.2.26
Severity Score:: Medium
CVE:: 2024-34768

Plugin:: Contact Form Widget – Contact Query, Contact Page, Form Maker, Query Table
Plugin Slug:: new-contact-form-widget
Installations: 1,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.4.0
Severity Score:: Medium
CVE:: 2024-34754

Plugin:: Save as PDF Plugin by Pdfcrowd
Plugin Slug:: save-as-pdf-by-pdfcrowd
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.0
Severity Score:: Medium
CVE:: 2023-5971

Plugin:: ShiftController Employee Shift Scheduling
Plugin Slug:: shiftcontroller
Installations: 1,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 4.9.58
Severity Score:: High
CVE:: 2024-4733

Plugin:: Popup Builder
Plugin Slug:: easy-notify-lite
Installations: 700+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.30
Severity Score:: Medium
CVE:: 2024-34567

Plugin:: Picture Gallery – Frontend Image Uploads, AJAX Photo List
Plugin Slug:: picture-gallery
Installations: 400+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.12
Severity Score:: Medium
CVE:: 2024-34759

Plugin:: Popup – Popup More Popups
Plugin Slug:: popup-more
Installations: 400+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.3.3
Severity Score:: Medium
CVE:: 2024-32800

Plugin:: Builder for WooCommerce product reviews shortcodes – ReviewShort
Plugin Slug:: woo-product-reviews-shortcode
Installations: 300+
Vulnerability:: Broken Access Control
Patched in Version:: 1.01.6
Severity Score:: Medium
CVE:: 2024-34763

Plugin:: Bulk Posts Editing For WordPress
Plugin Slug:: ithemeland-bulk-posts-editing-lite
Installations: 200+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 4.2.4
Severity Score:: Medium
CVE:: 2024-4204

Plugin:: Bulk Posts Editing For WordPress
Plugin Slug:: ithemeland-bulk-posts-editing-lite
Installations: 200+
Vulnerability:: Broken Access Control
Patched in Version:: 4.2.4
Severity Score:: Medium
CVE:: 2024-4199

Plugin:: month name translation benaceur
Plugin Slug:: month-name-translation-benaceur
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.3.8
Severity Score:: Medium
CVE:: 2024-3634

Plugin:: Advanced Custom Fields PRO
Plugin Slug:: advanced-custom-fields-pro
Vulnerability:: Arbitrary Code Execution
Patched in Version:: 6.2.10
Severity Score:: High
CVE:: 2024-34761

Plugin:: Advanced Custom Fields PRO
Plugin Slug:: advanced-custom-fields-pro
Vulnerability:: Local File Inclusion
Patched in Version:: 6.2.10
Severity Score:: Critical
CVE:: 2024-34762

Plugin:: ConvertPlus
Plugin Slug:: convertplug
Vulnerability:: PHP Object Injection
Patched in Version:: 3.5.26.1
Severity Score:: High
CVE:: 2024-4838

Plugin:: Cost Calculator Builder Pro
Plugin Slug:: cost-calculator-builder-pro
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 3.1.73
Severity Score:: Medium
CVE:: 2024-4789

Plugin:: ElementsKit Pro
Plugin Slug:: elementskit
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.6.2
Severity Score:: Medium
CVE:: 2024-4452

Plugin:: Penci Soledad Data Migrator
Plugin Slug:: penci-data-migrator
Vulnerability:: Local File Inclusion
Patched in Version:: 1.3.1
Severity Score:: Critical
CVE:: 2024-3551

Plugin:: Swift Framework Page Builder
Plugin Slug:: socialdriver-framework
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2024.0.0
Severity Score:: Medium
CVE:: 2024-2697

Plugin:: Tutor LMS Pro
Plugin Slug:: tutor-pro
Vulnerability:: Broken Access Control
Patched in Version:: 2.7.1
Severity Score:: High
CVE:: 2024-4352

Plugin:: Tutor LMS Pro
Plugin Slug:: tutor-pro
Vulnerability:: Broken Access Control
Patched in Version:: 2.7.1
Severity Score:: High
CVE:: 2024-4222

Plugin:: Tutor LMS Pro
Plugin Slug:: tutor-pro
Vulnerability:: Privilege Escalation
Patched in Version:: 2.7.1
Severity Score:: High
CVE:: 2024-4351

Plugin:: Uber Menu
Plugin Slug:: ubermenu
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.8.3
Severity Score:: Medium
CVE:: 2024-4710

Plugin:: Automatic
Plugin Slug:: wp-automatic
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.95.0
Severity Score:: Medium
CVE:: 2024-4849

WordPress Themes — 10 Patched / 1 Unpatched

Theme:: ImageMagick Sharpen Resized Images
Theme Slug:: imagemagick-sharpen-resized-images
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-34790

Theme:: Blocksy
Theme Slug:: blocksy
Downloads: 3,200,500
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.47
Severity Score:: Medium
CVE:: 2024-4943

Theme:: ChaosTheory
Theme Slug:: chaostheory
Downloads: 441,334
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.2
Severity Score:: Medium
CVE:: 2024-34766

Theme:: Consus
Theme Slug:: consus
Downloads: 16,413
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.0.7
Severity Score:: Medium
CVE:: 2024-34810

Theme:: EmpowerWP
Theme Slug:: empowerwp
Downloads: 219,617
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.0.22
Severity Score:: Medium
CVE:: 2024-34809

Theme:: Ketos
Theme Slug:: ketos
Downloads: 28,821
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.0.6
Severity Score:: Medium
CVE:: 2024-34810

Theme:: Mindscape
Theme Slug:: mindscape
Downloads: 42,404
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.0.23
Severity Score:: Medium
CVE:: 2024-34810

Theme:: Niveau
Theme Slug:: niveau
Downloads: 16,949
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.0.9
Severity Score:: Medium
CVE:: 2024-34810

Theme:: Oasis
Theme Slug:: oasis
Downloads: 69,561
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.0.13
Severity Score:: Medium
CVE:: 2024-34810

Theme:: Skyline WP
Theme Slug:: skyline-wp
Downloads: 169,826
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.0.11
Severity Score:: Medium
CVE:: 2024-34810

Theme:: Zeka
Theme Slug:: zeka
Downloads: 20,361
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.0.10
Severity Score:: Medium
CVE:: 2024-34810

Solid Security is part of Solid Suite — The best foundation for WordPress websites.

Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!

Get Solid Security

Author:

Sarah Ulmer

Sarah has been with SolidWP since 2015. Thanks to her deep connection to the brand, its products, and its users, Sarah was tapped as Solid’s primary Product Marketer in 2023. Sarah helps ensure that Solid’s product development team understands our users’ needs. When not at work, Sarah can be found at home with her husband, their three boys, and their dogs. Sarah enjoys long family walks, running with her lab, and watching her three boys play soccer. Sarah is originally from Texas and loves watching football games (Go Longhorns!)

Browse all of Sarah's articles

Sign up

Placeholder text

Thanks

Oops something went wrong, please try submitting again

Solid Suite

Protect

Repair

Manage

Free Plugins

Solid Suite

Academy

Solid Academy

Guides

Livestreams

Tutorials Academy

Resources

Blog

Vulnerability Report

Support

Documentation

Table of Contents

WordPress Core

WordPress Plugins — 109 Patched / 33 Unpatched