In this report, 277 vulnerabilities have been publicly disclosed. Security patches for 156 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.
Additionally, there are 121 plugin and theme vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.
WordPress Core
WordPress 6.7, code-named “Rollins,” is out now, paying tribute to the legendary jazz saxophonist Sonny Rollins. WordPress 6.7 debuts the modern Twenty Twenty-Five theme, offering design flexibility for blogs.
WordPress Plugins — 153 Patched / 115 Unpatched
Dynamic “To Top” Plugin
- Plugin:
- Dynamic “To Top” Plugin
- Plugin Slug:
- dynamic-to-top
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-52494
Meteor Slides
- Plugin:
- Meteor Slides
- Plugin Slug:
- meteor-slides
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-52493
Weather Atlas Widget
- Plugin:
- Weather Atlas Widget
- Plugin Slug:
- weather-atlas
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-52472
Premium Packages – Sell Digital Products Securely
- Plugin Slug:
- wpdm-premium-packages
- Installations
- 4,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-10164
Beds24 Online Booking
- Plugin:
- Beds24 Online Booking
- Plugin Slug:
- beds24-online-booking
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-10177
Announcement & Notification Banner – Bulletin
- Plugin Slug:
- bulletin-announcements
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-10682
Yaad Sarig Payment Gateway For WC
- Plugin Slug:
- yaad-sarig-payment-gateway-for-wc
- Installations
- 2,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-10665
Extensions for Elementor
- Plugin:
- Extensions for Elementor
- Plugin Slug:
- extensions-for-elementor
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-52471
Absolute Addons For Elementor
- Plugin:
- Absolute Addons For Elementor
- Plugin Slug:
- absolute-addons
- Installations
- 700+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-52496
Generic Elements
- Plugin:
- Generic Elements
- Plugin Slug:
- generic-elements-for-elementor
- Installations
- 600+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-53709
Library Bookshelves
- Plugin:
- Library Bookshelves
- Plugin Slug:
- library-bookshelves
- Installations
- 600+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-52453
SuevaFree Essential Kit
- Plugin:
- SuevaFree Essential Kit
- Plugin Slug:
- suevafree-essential-kit
- Installations
- 300+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-11432
Team Rosters
- Plugin:
- Team Rosters
- Plugin Slug:
- team-rosters
- Installations
- 300+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2024-52439
Buying Buddy IDX CRM
- Plugin:
- Buying Buddy IDX CRM
- Plugin Slug:
- buying-buddy-idx-crm
- Installations
- 200+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-52446
Post By Email
- Plugin:
- Post By Email
- Plugin Slug:
- post-by-email
- Installations
- 200+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-52463
Shopready – Elementor addons for WooCommerce Page Builder
- Plugin Slug:
- shopready-elementor-addon
- Installations
- 200+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-52497
Subaccounts for WooCommerce
- Plugin:
- Subaccounts for WooCommerce
- Plugin Slug:
- subaccounts-for-woocommerce
- Installations
- 200+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-11370
AI Responsive Gallery Album
- Plugin:
- AI Responsive Gallery Album
- Plugin Slug:
- ai-responsive-gallery-album
- Installations
- 100+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-52467
amr shortcodes
- Plugin:
- amr shortcodes
- Plugin Slug:
- amr-shortcodes
- Installations
- 100+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-52464
Distance Based Shipping Calculator
- Plugin Slug:
- distance-based-shipping-calculator
- Installations
- 100+
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-52495
Lazy load videos and sticky control
- Plugin Slug:
- lazy-load-videos-and-sticky-control
- Installations
- 100+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-11428
LeadBoxer
- Plugin:
- LeadBoxer
- Plugin Slug:
- leadboxer
- Installations
- 100+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-52468
LGPD Framework By Data443
- Plugin:
- LGPD Framework By Data443
- Plugin Slug:
- lgpd-framework
- Installations
- 100+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-52465
SP Blog Designer
- Plugin:
- SP Blog Designer
- Plugin Slug:
- sp-blog-designer
- Installations
- 100+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-52498
Tailored Tools
- Plugin:
- Tailored Tools
- Plugin Slug:
- tailored-tools
- Installations
- 100+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-52503
TM Islamic Helper
- Plugin:
- TM Islamic Helper
- Plugin Slug:
- tm-islamic-helper
- Installations
- 100+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-52458
Elementor Portfolio Builder
- Plugin:
- Elementor Portfolio Builder
- Plugin Slug:
- portfolio-builder-elementor
- Installations
- 80+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-52486
AI Quiz | Quiz Maker
- Plugin:
- AI Quiz | Quiz Maker
- Plugin Slug:
- ai-quiz
- Installations
- 70+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-53708
Open edX LMS and WordPress integrator (LITE)
- Plugin Slug:
- edunext-openedx-integrator
- Installations
- 60+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-52452
Geolocator
- Plugin:
- Geolocator
- Plugin Slug:
- geolocator
- Installations
- 50+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2024-52443
Infinite Slider
- Plugin:
- Infinite Slider
- Plugin Slug:
- infinite-slider
- Installations
- 50+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-52461
WooCommerce Price Alert
- Plugin:
- WooCommerce Price Alert
- Plugin Slug:
- price-alert-woocommerce
- Installations
- 50+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-52469
QRMenu Restaurant QR Menu Lite
- Plugin:
- QRMenu Restaurant QR Menu Lite
- Plugin Slug:
- qrmenu-lite
- Installations
- 50+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-52445
WP e-Commerce Style Email
- Plugin:
- WP e-Commerce Style Email
- Plugin Slug:
- wp-e-commerce-style-email
- Installations
- 50+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-52462
Office Locator
- Plugin:
- Office Locator
- Plugin Slug:
- office-locator
- Installations
- 40+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-52501
Advanced Event Manager
- Plugin:
- Advanced Event Manager
- Plugin Slug:
- advanced-event-manager
- Installations
- 30+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-53721
de:branding
- Plugin:
- de:branding
- Plugin Slug:
- debranding
- Installations
- 30+
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-52438
Fintelligence Calculator
- Plugin:
- Fintelligence Calculator
- Plugin Slug:
- fintelligence-calculator
- Installations
- 30+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-53731
ITERAS
- Plugin:
- ITERAS
- Plugin Slug:
- iteras
- Installations
- 30+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-53710
Awesome Studio
- Plugin:
- Awesome Studio
- Plugin Slug:
- awesome-studio
- Installations
- 20+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-52456
HTML5 Lyrics Karaoke Player
- Plugin:
- HTML5 Lyrics Karaoke Player
- Plugin Slug:
- html5-lyrics-karaoke-player
- Installations
- 20+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-52473
nBlocks – Responsive Gutenberg News Blocks
- Plugin Slug:
- nblocks
- Installations
- 20+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-52450
Post Ideas
- Plugin:
- Post Ideas
- Plugin Slug:
- post-ideas
- Installations
- 20+
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-52451
Ultimate Classified Listings
- Plugin:
- Ultimate Classified Listings
- Plugin Slug:
- ultimate-classified-listings
- Installations
- 20+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-52487
Ultimate Classified Listings
- Plugin:
- Ultimate Classified Listings
- Plugin Slug:
- ultimate-classified-listings
- Installations
- 20+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-52448
AtaraPay WooCommerce Payment Gateway
- Plugin Slug:
- atarapay-woocommerce
- Installations
- 10+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-52460
Chameleoni Jobs
- Plugin:
- Chameleoni Jobs
- Plugin Slug:
- chameleon-jobs
- Installations
- 10+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-52459
Explara Events
- Plugin:
- Explara Events
- Plugin Slug:
- explara-events
- Installations
- 10+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-52466
GoQMieruca
- Plugin:
- GoQMieruca
- Plugin Slug:
- goqmieruca
- Installations
- 10+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-52454
GoQSmile
- Plugin:
- GoQSmile
- Plugin Slug:
- goqsmile
- Installations
- 10+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-52455
Pathomation
- Plugin:
- Pathomation
- Plugin Slug:
- pathomation
- Installations
- 10+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2024-52490
Pricing table addon for elementor
- Plugin Slug:
- pricing-table-addon-for-elementor
- Installations
- 10+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-52499
YaDisk Files
- Plugin:
- YaDisk Files
- Plugin Slug:
- wp-yadisk-files
- Installations
- 10+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-10710
YaDisk Files
- Plugin:
- YaDisk Files
- Plugin Slug:
- wp-yadisk-files
- Installations
- 10+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-10709
Xpresslane Fast Checkout
- Plugin:
- Xpresslane Fast Checkout
- Plugin Slug:
- xpresslane-integration-for-woocommerce
- Installations
- 10+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2024-52440
Ahmeti Wp Güzel Sözler
- Plugin:
- Ahmeti Wp Güzel Sözler
- Plugin Slug:
- ahmeti-wp-guzel-sozler
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-53707
Alphabetical List
- Plugin:
- Alphabetical List
- Plugin Slug:
- alphabetical-list
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-8157
April’s Call Posts
- Plugin:
- April’s Call Posts
- Plugin Slug:
- aprils-call-posts
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-53730
Banner System
- Plugin:
- Banner System
- Plugin Slug:
- banner-system
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-52437
Contact Form 7 Email Add on
- Plugin:
- Contact Form 7 Email Add on
- Plugin Slug:
- cf7-email-add-on
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-10898
Contact Page With Google Map
- Plugin:
- Contact Page With Google Map
- Plugin Slug:
- contact-page-with-google-map
- Vulnerability:
- Arbitrary File Deletion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-52447
Continue Shopping From Cart
- Plugin:
- Continue Shopping From Cart
- Plugin Slug:
- continue-shopping-from-cart-page
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-53714
Control horas
- Plugin:
- Control horas
- Plugin Slug:
- control-horas
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-11381
Custom Shortcode Sidebars
- Plugin:
- Custom Shortcode Sidebars
- Plugin Slug:
- custom-shortcode-sidebars
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-53736
Dynamic URL SEO
- Plugin:
- Dynamic URL SEO
- Plugin Slug:
- dynamic-url-seo
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-52470
Easy Twitter Feed
- Plugin:
- Easy Twitter Feed
- Plugin Slug:
- easy-twitter-feeds
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-10666
F4 Improvements
- Plugin:
- F4 Improvements
- Plugin Slug:
- f4-improvements
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-9442
Favicon My Blog
- Plugin:
- Favicon My Blog
- Plugin Slug:
- favicon-my-blog
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-53722
Fence URL
- Plugin:
- Fence URL
- Plugin Slug:
- fence-url
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-53733
Footer Flyout Widget
- Plugin:
- Footer Flyout Widget
- Plugin Slug:
- footer-flyout-widget
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-53732
Google Plus Share and +1 Button
- Plugin:
- Google Plus Share and +1 Button
- Plugin Slug:
- google-plus-share-and-plusone-button
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-53723
Grey Owl Lightbox
- Plugin:
- Grey Owl Lightbox
- Plugin Slug:
- grey-owl-lightbox
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-11440
Grid View Gallery
- Plugin:
- Grid View Gallery
- Plugin Slug:
- grid-view-gallery
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-11409
WordPress Brute Force Protection – Stop Brute Force Attacks
- Plugin:
- WordPress Brute Force Protection – Stop Brute Force Attacks
- Plugin Slug:
- guardgiant
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-10869
Hotlink2Watermark
- Plugin:
- Hotlink2Watermark
- Plugin Slug:
- hotlink2watermark
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-53711
IceStats
- Plugin:
- IceStats
- Plugin Slug:
- icestats
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-53724
Idealien Category Enhancements
- Plugin:
- Idealien Category Enhancements
- Plugin Slug:
- idealien-category-enhancements
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-53734
Image horizontal reel scroll slideshow
- Plugin:
- Image horizontal reel scroll slideshow
- Plugin Slug:
- image-horizontal-reel-scroll-slideshow
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-52492
ImbaChat
- Plugin:
- ImbaChat
- Plugin Slug:
- imbachat-widget
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-52502
iPhone Webclip Manager
- Plugin:
- iPhone Webclip Manager
- Plugin Slug:
- iphone-webclip-manager
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-53735
Kevin’s
- Plugin:
- Kevin’s
- Plugin Slug:
- kevins-plugin
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-53712
LeanPress
- Plugin:
- LeanPress
- Plugin Slug:
- leanpress
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-52483
LinkLaunder SEO
- Plugin:
- LinkLaunder SEO
- Plugin Slug:
- linklaunder-seo-plugin
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-53727
Lock User Account
- Plugin:
- Lock User Account
- Plugin Slug:
- lock-user-account
- Vulnerability:
- Broken Authentication
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-11197
Multi Feed Reader
- Plugin:
- Multi Feed Reader
- Plugin Slug:
- multi-feed-reader
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-53718
Social Login
- Plugin:
- Social Login
- Plugin Slug:
- oa-social-login
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2024-10961
Community by PeepSo
- Plugin:
- Community by PeepSo
- Plugin Slug:
- peepso-core
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-11447
Product Designer
- Plugin:
- Product Designer
- Plugin Slug:
- product-designer
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-9111
Protect Your Content
- Plugin:
- Protect Your Content
- Plugin Slug:
- protect-your-content
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-53728
Pure CSS Circle Progress Bar
- Plugin:
- Pure CSS Circle Progress Bar
- Plugin Slug:
- pure-css-circle-progress-bar
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-11385
Quick Learn
- Plugin:
- Quick Learn
- Plugin Slug:
- quick-learn
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2024-52441
Quotes llama
- Plugin:
- Quotes llama
- Plugin Slug:
- quotes-llama
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-10874
RealtyCandy IDX Broker Extended
- Plugin:
- RealtyCandy IDX Broker Extended
- Plugin Slug:
- realtycandy-idx-broker-extended
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-53726
RecipePress Reloaded
- Plugin:
- RecipePress Reloaded
- Plugin Slug:
- recipepress-reloaded
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-11414
salavat counter
- Plugin:
- salavat counter
- Plugin Slug:
- salavat-counter
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-11435
Crypto and DeFi Widgets
- Plugin:
- Crypto and DeFi Widgets
- Plugin Slug:
- security-force
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-11365
Shine PDF Embeder
- Plugin:
- Shine PDF Embeder
- Plugin Slug:
- shine-pdf
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-11412
Simple Travel Map
- Plugin:
- Simple Travel Map
- Plugin Slug:
- simple-travel-map
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-53715
Slick Sitemap
- Plugin:
- Slick Sitemap
- Plugin Slug:
- slick-sitemap
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-11424
Silverlight Video Player
- Plugin:
- Silverlight Video Player
- Plugin Slug:
- smooth-streaming-player
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-53713
Sticky Social Icons
- Plugin:
- Sticky Social Icons
- Plugin Slug:
- sticky-social-icons
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-52491
LSX Tour Operator
- Plugin:
- LSX Tour Operator
- Plugin Slug:
- tour-operator
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-9851
Tribute Testimonials
- Plugin:
- Tribute Testimonials
- Plugin Slug:
- tribute-testimonial-gridslider
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-10886
Ultimate YouTube Video & Shorts Player With Vimeo
- Plugin:
- Ultimate YouTube Video & Shorts Player With Vimeo
- Plugin Slug:
- ultimate-youtube-video-player
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-11355
Ultimate YouTube Video & Shorts Player With Vimeo
- Plugin:
- Ultimate YouTube Video & Shorts Player With Vimeo
- Plugin Slug:
- ultimate-youtube-video-player
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-11354
UltraAddons Elementor Lite
- Plugin:
- UltraAddons Elementor Lite
- Plugin Slug:
- ultraaddons-elementor-lite
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-10696
UserPlus
- Plugin:
- UserPlus
- Plugin Slug:
- userplus
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2024-52442
WPBakery Visual Composer WHMCS Elements
- Plugin:
- WPBakery Visual Composer WHMCS Elements
- Plugin Slug:
- void-visual-whmcs-element
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-10172
Wc Recently viewed products
- Plugin:
- Wc Recently viewed products
- Plugin Slug:
- wc-recently-viewed-products
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-52484
wp auto top
- Plugin:
- wp auto top
- Plugin Slug:
- wp-auto-top
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-53716
WP-ISPConfig 3
- Plugin:
- WP-ISPConfig 3
- Plugin Slug:
- wp-ispconfig3
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-53720
WPDash Notes
- Plugin:
- WPDash Notes
- Plugin Slug:
- wpdash-notes
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-9223
Youneeq Recommendations
- Plugin:
- Youneeq Recommendations
- Plugin Slug:
- youneeq-panel
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-52457
yPHPlista
- Plugin:
- yPHPlista
- Plugin Slug:
- yphplista
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-53717
Zajax – Ajax Navigation
- Plugin:
- Zajax – Ajax Navigation
- Plugin Slug:
- zajax-ajax-navigation
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-53719
WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More
- Plugin Slug:
- wpforms-lite
- Installations
- 6,000,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.9.1.6
- Severity Score:
- Medium
- CVE:
- 2024-7056
Rank Math SEO – AI SEO Tools to Dominate SEO Rankings
- Plugin Slug:
- seo-by-rank-math
- Installations
- 3,000,000+
- Vulnerability:
- Remote Code Execution (RCE)
- Patched in Version:
- 1.0.232
- Severity Score:
- High
- CVE:
- 2024-11620
Google for WooCommerce
- Plugin:
- Google for WooCommerce
- Plugin Slug:
- google-listings-and-ads
- Installations
- 900,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 2.8.7
- Severity Score:
- Medium
- CVE:
- 2024-10486
MailPoet – Newsletters, Email Marketing, and Automation
- Plugin Slug:
- mailpoet
- Installations
- 600,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.3.2
- Severity Score:
- Medium
- CVE:
- 2024-10103
Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery
- Plugin Slug:
- nextgen-gallery
- Installations
- 500,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.59.5
- Severity Score:
- Medium
- CVE:
- 2024-6393
Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder
- Plugin:
- Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder
- Plugin Slug:
- formidable
- Installations
- 400,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 6.16.2
- Severity Score:
- High
- CVE:
- 2024-11188
Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder
- Plugin:
- Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder
- Plugin Slug:
- formidable
- Installations
- 400,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 6.14.1
- Severity Score:
- Medium
- CVE:
- 2024-9768
Gutenberg Blocks with AI by Kadence WP – Page Builder Features
- Plugin Slug:
- kadence-blocks
- Installations
- 400,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.3.4
- Severity Score:
- Medium
- CVE:
- 2024-10785
Royal Elementor Addons and Templates
- Plugin Slug:
- royal-elementor-addons
- Installations
- 400,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.7.1002
- Severity Score:
- Medium
- CVE:
- 2024-9682
Activity Log – Monitor & Record User Changes
- Plugin Slug:
- aryo-activity-log
- Installations
- 300,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.11.2
- Severity Score:
- High
- CVE:
- 2024-10788
FluentSMTP – WP SMTP Plugin with Amazon SES, SendGrid, MailGun, Postmark, Google and Any SMTP Provider
- Plugin Slug:
- fluent-smtp
- Installations
- 300,000+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 2.2.83
- Severity Score:
- Critical
- CVE:
- 2024-9511
Spam protection, Anti-Spam, FireWall by CleanTalk
- Plugin Slug:
- cleantalk-spam-protect
- Installations
- 200,000+
- Vulnerability:
- Broken Authentication
- Patched in Version:
- 6.45
- Severity Score:
- High
- CVE:
- 2024-10781
Spam protection, Anti-Spam, FireWall by CleanTalk
- Plugin Slug:
- cleantalk-spam-protect
- Installations
- 200,000+
- Vulnerability:
- Broken Authentication
- Patched in Version:
- 6.44
- Severity Score:
- Critical
- CVE:
- 2024-10542
Jeg Elementor Kit
- Plugin:
- Jeg Elementor Kit
- Plugin Slug:
- jeg-elementor-kit
- Installations
- 200,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.6.10
- Severity Score:
- Medium
- CVE:
- 2024-10308
Jeg Elementor Kit
- Plugin:
- Jeg Elementor Kit
- Plugin Slug:
- jeg-elementor-kit
- Installations
- 200,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 2.6.10
- Severity Score:
- Medium
- CVE:
- 2024-8899
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin
- Plugin Slug:
- ultimate-member
- Installations
- 200,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.9.0
- Severity Score:
- Medium
- CVE:
- 2024-10528
SEO Plugin by Squirrly SEO
- Plugin:
- SEO Plugin by Squirrly SEO
- Plugin Slug:
- squirrly-seo
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 12.3.21
- Severity Score:
- Medium
- CVE:
- 2024-10515
The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce
- Plugin:
- The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce
- Plugin Slug:
- the-plus-addons-for-elementor-page-builder
- Installations
- 100,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 6.0.4
- Severity Score:
- Medium
- CVE:
- 2024-10365
HUSKY – Products Filter Professional for WooCommerce
- Plugin Slug:
- woocommerce-products-filter
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.3.6.4
- Severity Score:
- High
- CVE:
- 2024-11400
Hustle – Email Marketing, Lead Generation, Optins, Popups
- Plugin Slug:
- wordpress-popup
- Installations
- 100,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 7.8.6
- Severity Score:
- Medium
- CVE:
- 2024-10579
Parsi Date
- Plugin:
- Parsi Date
- Plugin Slug:
- wp-parsidate
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.1.2
- Severity Score:
- High
- CVE:
- 2024-11032
Tutor LMS – eLearning and online course solution
- Plugin Slug:
- tutor
- Installations
- 90,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 2.7.7
- Severity Score:
- Critical
- CVE:
- 2024-10400
Tutor LMS – eLearning and online course solution
- Plugin Slug:
- tutor
- Installations
- 90,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.7.7
- Severity Score:
- Medium
- CVE:
- 2024-10393
Customer Reviews for WooCommerce
- Plugin:
- Customer Reviews for WooCommerce
- Plugin Slug:
- customer-reviews-woocommerce
- Installations
- 70,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 5.62.0
- Severity Score:
- Medium
- CVE:
- 2024-10614
Clone
- Plugin:
- Clone
- Plugin Slug:
- wp-clone-by-wp-academy
- Installations
- 70,000+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 2.4.7
- Severity Score:
- High
- CVE:
- 2024-10913
Increase Maximum Upload File Size | Increase Execution Time
- Plugin Slug:
- wp-maximum-upload-file-size
- Installations
- 70,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 1.1.4
- Severity Score:
- Medium
- CVE:
- 2024-11265
Getwid – Gutenberg Blocks
- Plugin:
- Getwid – Gutenberg Blocks
- Plugin Slug:
- getwid
- Installations
- 60,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.0.13
- Severity Score:
- Medium
- CVE:
- 2024-10872
FOX – Currency Switcher Professional for WooCommerce
- Plugin Slug:
- woocommerce-currency-switcher
- Installations
- 60,000+
- Vulnerability:
- Arbitrary Code Execution
- Patched in Version:
- 1.4.2.3
- Severity Score:
- High
- CVE:
- 2024-10640
Booster for WooCommerce
- Plugin:
- Booster for WooCommerce
- Plugin Slug:
- woocommerce-jetpack
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 7.2.4
- Severity Score:
- Medium
- CVE:
- 2024-9170
Booster for WooCommerce
- Plugin:
- Booster for WooCommerce
- Plugin Slug:
- woocommerce-jetpack
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 7.2.4
- Severity Score:
- High
- CVE:
- 2024-9239
Ditty – Responsive News Tickers, Sliders, and Lists
- Plugin Slug:
- ditty-news-ticker
- Installations
- 40,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.1.47
- Severity Score:
- Medium
- CVE:
- 2024-9600
Simple Membership
- Plugin:
- Simple Membership
- Plugin Slug:
- simple-membership
- Installations
- 40,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 4.5.6
- Severity Score:
- Medium
- CVE:
- 2024-11088
Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX
- Plugin Slug:
- ultimate-post
- Installations
- 40,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.1.17
- Severity Score:
- High
- CVE:
- 2024-10728
Security & Malware scan by CleanTalk
- Plugin Slug:
- security-malware-firewall
- Installations
- 30,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 2.145.1
- Severity Score:
- Critical
- CVE:
- 2024-10570
Gallery Blocks with Lightbox. Image Gallery, (HTML5 video , YouTube, Vimeo) Video Gallery and Lightbox for native gallery
- Plugin Slug:
- simply-gallery-block
- Installations
- 30,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.2.4.3
- Severity Score:
- Medium
- CVE:
- 2024-10034
Stratum – Elementor Widgets
- Plugin:
- Stratum – Elementor Widgets
- Plugin Slug:
- stratum
- Installations
- 30,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 1.4.5
- Severity Score:
- Medium
- CVE:
- 2024-10316
Branda – Branda – White Label & Branding, Custom Login Page Customizer
- Plugin Slug:
- branda-white-labeling
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.4.22
- Severity Score:
- High
- CVE:
- 2024-9371
MailChimp Forms by MailMunch
- Plugin:
- MailChimp Forms by MailMunch
- Plugin Slug:
- mailchimp-forms-by-mailmunch
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.2.4
- Severity Score:
- High
- CVE:
- 2024-8726
MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar
- Plugin Slug:
- mp3-music-player-by-sonaar
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.9
- Severity Score:
- Medium
- CVE:
- 2024-10268
Backup and Staging by WP Time Capsule
- Plugin Slug:
- wp-time-capsule
- Installations
- 20,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 1.22.22
- Severity Score:
- Critical
- CVE:
- 2024-8856
404 Solution
- Plugin:
- 404 Solution
- Plugin Slug:
- 404-solution
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.35.20
- Severity Score:
- High
- CVE:
- 2024-11277
Classified Listing – Classified ads & Business Directory Plugin
- Plugin Slug:
- classified-listing
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.1.16
- Severity Score:
- High
- CVE:
- 2024-11194
CM Pop-Up Banners for WordPress
- Plugin:
- CM Pop-Up Banners for WordPress
- Plugin Slug:
- cm-pop-up-banners
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.7.6
- Severity Score:
- High
- CVE:
- 2024-11202
RegistrationMagic – User Registration Plugin with Custom Registration Forms
- Plugin Slug:
- custom-registration-form-builder-with-submission-manager
- Installations
- 10,000+
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 6.0.2.7
- Severity Score:
- Critical
- CVE:
- 2024-10508
GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress
- Plugin Slug:
- gamipress
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 7.1.6
- Severity Score:
- Medium
- CVE:
- 2024-11036
LA-Studio Element Kit for Elementor
- Plugin Slug:
- lastudio-element-kit
- Installations
- 10,000+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 1.4.3
- Severity Score:
- High
- CVE:
- 2024-10873
Restaurant Menu – Food Ordering System – Table Reservation
- Plugin Slug:
- menu-ordering-reservations
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.4.3
- Severity Score:
- High
- CVE:
- 2024-9653
Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction
- Plugin:
- Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction
- Plugin Slug:
- paid-member-subscriptions
- Installations
- 10,000+
- Vulnerability:
- Arbitrary Code Execution
- Patched in Version:
- 2.13.1
- Severity Score:
- High
- CVE:
- 2024-10261
PublishPress Revisions: Duplicate Posts, Submit, Approve and Schedule Content Changes
- Plugin Slug:
- revisionary
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.5.16
- Severity Score:
- Medium
- CVE:
- 2024-11154
Simple Side Tab
- Plugin:
- Simple Side Tab
- Plugin Slug:
- simple-side-tab
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.2.0
- Severity Score:
- Medium
- CVE:
- 2024-10551
WooCommerce Product Table Lite
- Plugin:
- WooCommerce Product Table Lite
- Plugin Slug:
- wc-product-table-lite
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.8.7
- Severity Score:
- High
- CVE:
- 2024-10899
WP Travel Engine – Tour Booking Plugin – Tour Operator Software
- Plugin Slug:
- wp-travel-engine
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 6.2.2
- Severity Score:
- Medium
- CVE:
- 2024-10606
WP User Manager – User Profile Builder & Membership
- Plugin Slug:
- wp-user-manager
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.9.12
- Severity Score:
- Medium
- CVE:
- 2024-10537
WP User Manager – User Profile Builder & Membership
- Plugin Slug:
- wp-user-manager
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.9.12
- Severity Score:
- Medium
- CVE:
- 2024-10216
Category Ajax Filter
- Plugin:
- Category Ajax Filter
- Plugin Slug:
- category-ajax-filter
- Installations
- 8,000+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 2.8.3
- Severity Score:
- High
- CVE:
- 2024-10871
CM Tooltip Glossary
- Plugin:
- CM Tooltip Glossary
- Plugin Slug:
- enhanced-tooltipglossary
- Installations
- 8,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.3.12
- Severity Score:
- High
- CVE:
- 2024-11202
GD bbPress Attachments
- Plugin:
- GD bbPress Attachments
- Plugin Slug:
- gd-bbpress-attachments
- Installations
- 8,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.7.3
- Severity Score:
- High
- CVE:
- 2024-11278
If-So Dynamic Content Personalization
- Plugin Slug:
- if-so
- Installations
- 8,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.9.2.2
- Severity Score:
- Medium
- CVE:
- 2024-10796
MailMunch – Grow your Email List
- Plugin:
- MailMunch – Grow your Email List
- Plugin Slug:
- mailmunch
- Installations
- 8,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.2.0
- Severity Score:
- High
- CVE:
- 2024-8735
WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts
- Plugin Slug:
- wedevs-project-manager
- Installations
- 8,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.6.15
- Severity Score:
- Medium
- CVE:
- 2024-10520
Easiest Funnel Builder For WordPress & WooCommerce by WPFunnels
- Plugin Slug:
- wpfunnels
- Installations
- 8,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.5.6
- Severity Score:
- High
- CVE:
- 2024-10792
ProfileGrid – User Profiles, Groups and Communities
- Plugin Slug:
- profilegrid-user-profiles-groups-and-communities
- Installations
- 7,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 5.9.3.7
- Severity Score:
- Medium
- CVE:
- 2024-10900
Product Table for WooCommerce by CodeAstrology (wooproducttable.com)
- Plugin Slug:
- woo-product-table
- Installations
- 7,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 3.5.2
- Severity Score:
- Medium
- CVE:
- 2024-10813
WPB Popup for Contact Form 7 – Showing The Contact Form 7 Popup on Button Click – CF7 Popup
- Plugin Slug:
- wpb-popup-for-contact-form-7
- Installations
- 7,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.7.6
- Severity Score:
- Medium
- CVE:
- 2024-11038
Product Input Fields for WooCommerce
- Plugin Slug:
- product-input-fields-for-woocommerce
- Installations
- 6,000+
- Vulnerability:
- Path Traversal
- Patched in Version:
- 2.0
- Severity Score:
- Medium
- CVE:
- 2024-10857
WPAdverts – Classifieds Plugin
- Plugin:
- WPAdverts – Classifieds Plugin
- Plugin Slug:
- wpadverts
- Installations
- 6,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.1.8
- Severity Score:
- High
- CVE:
- 2024-10890
GEO my WP
Request a Quote for WooCommerce and Elementor – Get a Quote Button – Product Enquiry Form Popup – Product Quotation
- Plugin Slug:
- get-a-quote-button-for-woocommerce
- Installations
- 5,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.5
- Severity Score:
- Medium
- CVE:
- 2024-11034
Booking calendar, Appointment Booking System
- Plugin Slug:
- booking-calendar
- Installations
- 4,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.2.16
- Severity Score:
- High
- CVE:
- 2024-9504
Button Block – Get fully customizable & multi-functional buttons
- Plugin Slug:
- button-block
- Installations
- 4,000+
- Vulnerability:
- Broken Authentication
- Patched in Version:
- 1.1.5
- Severity Score:
- Medium
- CVE:
- 2024-10671
CM WordPress Search And Replace Plugin
- Plugin Slug:
- cm-on-demand-search-and-replace
- Installations
- 4,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.4.3
- Severity Score:
- High
- CVE:
- 2024-11202
MStore API – Create Native Android & iOS Apps On The Cloud
- Plugin Slug:
- mstore-api
- Installations
- 4,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 4.15.8
- Severity Score:
- High
- CVE:
- 2024-11179
Sp*tify Play Button for WordPress
- Plugin Slug:
- spotify-play-button-for-wordpress
- Installations
- 4,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.12
- Severity Score:
- Medium
- CVE:
- 2024-11192
Premium Packages – Sell Digital Products Securely
- Plugin Slug:
- wpdm-premium-packages
- Installations
- 4,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.9.4
- Severity Score:
- High
- CVE:
- 2024-11225
Add Chat App Button
- Plugin:
- Add Chat App Button
- Plugin Slug:
- add-whatsapp-button
- Installations
- 3,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.1.8
- Severity Score:
- Medium
- CVE:
- 2024-52489
Parallax Image
- Plugin:
- Parallax Image
- Plugin Slug:
- parallax-image
- Installations
- 3,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.9.1
- Severity Score:
- Medium
- CVE:
- 2024-11224
Additional Order Filters for WooCommerce
- Plugin Slug:
- additional-order-filters-for-woocommerce
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.22
- Severity Score:
- High
- CVE:
- 2024-11418
affiliate-toolkit – WP Affiliate Plugin with Amazon
- Plugin Slug:
- affiliate-toolkit-starter
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.6.8
- Severity Score:
- High
- CVE:
- 2024-10675
Email Subscription Popup
- Plugin:
- Email Subscription Popup
- Plugin Slug:
- email-subscribe
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.2.23
- Severity Score:
- Medium
- CVE:
- 2024-11195
Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blog, Video Gallery)
- Plugin Slug:
- sky-elementor-addons
- Installations
- 2,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 2.6.2
- Severity Score:
- Medium
- CVE:
- 2024-9542
Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blog, Video Gallery)
- Plugin Slug:
- sky-elementor-addons
- Installations
- 2,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.6.3
- Severity Score:
- High
- CVE:
- 2024-11104
Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blog, Video Gallery)
- Plugin Slug:
- sky-elementor-addons
- Installations
- 2,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.6.2
- Severity Score:
- Medium
- CVE:
- 2024-11601
SVG Block
- Plugin:
- SVG Block
- Plugin Slug:
- svg-block
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.1.25
- Severity Score:
- Medium
- CVE:
- 2024-11098
Theme Builder For Elementor
- Plugin:
- Theme Builder For Elementor
- Plugin Slug:
- theme-builder-for-elementor
- Installations
- 2,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.2.3
- Severity Score:
- Medium
- CVE:
- 2024-10782
Checkout with Cash App on WooCommerce
- Plugin Slug:
- wc-cashapp
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 6.0.3
- Severity Score:
- High
- CVE:
- 2024-9635
What Would Seth Godin Do
- Plugin:
- What Would Seth Godin Do
- Plugin Slug:
- what-would-seth-godin-do
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.1.2
- Severity Score:
- Medium
- CVE:
- 2024-51900
Anonymous Restricted Content
- Plugin:
- Anonymous Restricted Content
- Plugin Slug:
- anonymous-restricted-content
- Installations
- 1,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 1.6.6
- Severity Score:
- Medium
- CVE:
- 2024-11089
AppPresser – Mobile App Framework
- Plugin Slug:
- apppresser
- Installations
- 1,000+
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 4.4.7
- Severity Score:
- Critical
- CVE:
- 2024-11024
Attesa Extra
- Plugin:
- Attesa Extra
- Plugin Slug:
- attesa-extra
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.4.3
- Severity Score:
- Medium
- CVE:
- 2024-10688
BNE Gallery Extended
- Plugin:
- BNE Gallery Extended
- Plugin Slug:
- bne-gallery-extended
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.2.2
- Severity Score:
- Medium
- CVE:
- 2024-11119
Name: CM E-Mail Registration Blacklist
- Plugin Slug:
- cm-email-blacklist
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.5.4
- Severity Score:
- High
- CVE:
- 2024-11202
CM Header & Footer Script Loader – Insert Script Plugin
- Plugin Slug:
- cm-header-footer-script-loader
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.2.2
- Severity Score:
- High
- CVE:
- 2024-11202
Co-marquage service-public.fr
- Plugin:
- Co-marquage service-public.fr
- Plugin Slug:
- co-marquage-service-public
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 0.5.77
- Severity Score:
- High
- CVE:
- 2024-10522
Enter Addons – Ultimate Template Builder for Elementor
- Plugin Slug:
- enteraddons
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.2.0
- Severity Score:
- Medium
- CVE:
- 2024-10868
Friendly Functions for Welcart
- Plugin:
- Friendly Functions for Welcart
- Plugin Slug:
- friendly-functions-for-welcart
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.2.5
- Severity Score:
- High
- CVE:
- 2024-10726
GD Rating System
- Plugin:
- GD Rating System
- Plugin Slug:
- gd-rating-system
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.6.2
- Severity Score:
- Medium
- CVE:
- 2024-11198
InPost Gallery
- Plugin:
- InPost Gallery
- Plugin Slug:
- inpost-gallery
- Installations
- 1,000+
- Vulnerability:
- Arbitrary Code Execution
- Patched in Version:
- 2.1.4.3
- Severity Score:
- Medium
- CVE:
- 2024-11002
JobBoardWP – Job Board Listings and Submissions
- Plugin Slug:
- jobboardwp
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.3.1
- Severity Score:
- High
- CVE:
- 2024-10880
NiceJob
- Plugin:
- NiceJob
- Plugin Slug:
- nicejob
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.7.2
- Severity Score:
- Medium
- CVE:
- 2024-10887
????? ?? ???? – ???? ?? ????
- Plugin:
- ????? ?? ???? – ???? ?? ????
- Plugin Slug:
- pgall-for-woocommerce
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.2.0
- Severity Score:
- Medium
- CVE:
- 2024-11228
Rescue Shortcodes
- Plugin:
- Rescue Shortcodes
- Plugin Slug:
- rescue-shortcodes
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.0
- Severity Score:
- Medium
- CVE:
- 2024-11199
Save as PDF Plugin by Pdfcrowd
- Plugin:
- Save as PDF Plugin by Pdfcrowd
- Plugin Slug:
- save-as-pdf-by-pdfcrowd
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.2.2
- Severity Score:
- Medium
- CVE:
- 2024-10891
Image Optimizer, Resizer and CDN – Sirv
- Plugin Slug:
- sirv
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 7.3.1
- Severity Score:
- High
- CVE:
- 2024-10855
Bard Extra
- Plugin:
- Bard Extra
- Plugin Slug:
- bard-extra
- Installations
- 900+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.2.8
- Severity Score:
- Medium
- CVE:
- 2024-10532
Include Mastodon Feed
- Plugin:
- Include Mastodon Feed
- Plugin Slug:
- include-mastodon-feed
- Installations
- 800+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.9.6
- Severity Score:
- Medium
- CVE:
- 2024-11455
System Dashboard
- Plugin:
- System Dashboard
- Plugin Slug:
- system-dashboard
- Installations
- 800+
- Vulnerability:
- Path Traversal
- Patched in Version:
- 2.8.15
- Severity Score:
- Medium
- CVE:
- 2024-10708
System Dashboard
- Plugin:
- System Dashboard
- Plugin Slug:
- system-dashboard
- Installations
- 800+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.8.15
- Severity Score:
- High
- CVE:
- 2024-11107
Taskbuilder – WordPress Project & Task Management plugin
- Plugin Slug:
- taskbuilder
- Installations
- 800+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 3.0.5
- Severity Score:
- High
- CVE:
- 2024-9828
Payments Plugin and Checkout Plugin for WooCommerce: Stripe, PayPal, Square, Authorize.net
- Plugin Slug:
- peachpay-for-woocommerce
- Installations
- 700+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.113.0
- Severity Score:
- High
- CVE:
- 2024-11362
StreamWeasels Online Status Bar
- Plugin:
- StreamWeasels Online Status Bar
- Plugin Slug:
- stream-status-for-twitch
- Installations
- 700+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.1.10
- Severity Score:
- Medium
- CVE:
- 2024-11438
Theater for WordPress
- Plugin:
- Theater for WordPress
- Plugin Slug:
- theatre
- Installations
- 700+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 0.18.7
- Severity Score:
- High
- CVE:
- 2024-11371
Block Editor Bootstrap Blocks
- Plugin:
- Block Editor Bootstrap Blocks
- Plugin Slug:
- block-editor-bootstrap-blocks
- Installations
- 600+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 6.6.2
- Severity Score:
- High
- CVE:
- 2024-11402
Media File Rename, Find Unused File, Add Alt text, Caption, Desc For Image SEO – Media Library Tools
- Plugin:
- Media File Rename, Find Unused File, Add Alt text, Caption, Desc For Image SEO – Media Library Tools
- Plugin Slug:
- media-library-tools
- Installations
- 600+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.5.0
- Severity Score:
- Medium
- CVE:
- 2024-10482
Memberlite Shortcodes
- Plugin:
- Memberlite Shortcodes
- Plugin Slug:
- memberlite-shortcodes
- Installations
- 600+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.4
- Severity Score:
- Medium
- CVE:
- 2024-11227
Wawp OTP Verification, Order Notifications, and Country Code Selector for WooCommerce
- Plugin Slug:
- automation-web-platform
- Installations
- 500+
- Vulnerability:
- Broken Authentication
- Patched in Version:
- 3.0.18
- Severity Score:
- Critical
- CVE:
- 2024-52475
???? ???
- Plugin:
- ???? ???
- Plugin Slug:
- mshop-naver-talktalk
- Installations
- 500+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.2.0
- Severity Score:
- Medium
- CVE:
- 2024-11229
WP Mailster
- Plugin:
- WP Mailster
- Plugin Slug:
- wp-mailster
- Installations
- 500+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.8.17.0
- Severity Score:
- Medium
- CVE:
- 2024-53737
CM Table Of Contents – WordPress TOC Plugin
- Plugin Slug:
- cm-table-of-content
- Installations
- 400+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.2.4
- Severity Score:
- High
- CVE:
- 2024-5029
CM Table Of Contents – WordPress TOC Plugin
- Plugin Slug:
- cm-table-of-content
- Installations
- 400+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.2.3
- Severity Score:
- Medium
- CVE:
- 2024-5030
???? ?????
- Plugin:
- ???? ?????
- Plugin Slug:
- mshop-npay
- Installations
- 400+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.4.0
- Severity Score:
- Medium
- CVE:
- 2024-11231
Custom CSS, JS & PHP
- Plugin:
- Custom CSS, JS & PHP
- Plugin Slug:
- custom-css
- Installations
- 300+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.4.0
- Severity Score:
- High
- CVE:
- 2024-11330
FireCask’s Twitter Follow Button
- Plugin:
- FireCask’s Twitter Follow Button
- Plugin Slug:
- twitter-follow
- Installations
- 300+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 0.3
- Severity Score:
- Medium
- CVE:
- 2024-10116
Dino Game – Embed Google Chrome Dinosaur Game in your website
- Plugin Slug:
- dino-game
- Installations
- 200+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.2.0
- Severity Score:
- Medium
- CVE:
- 2024-11388
Easy Liveblogs
- Plugin:
- Easy Liveblogs
- Plugin Slug:
- easy-liveblogs
- Installations
- 200+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.3.6
- Severity Score:
- Medium
- CVE:
- 2024-11387
Opal Woo Custom Product Variation
- Plugin Slug:
- opal-woo-custom-product-variation
- Installations
- 200+
- Vulnerability:
- Arbitrary File Deletion
- Patched in Version:
- 1.1.4
- Severity Score:
- High
- CVE:
- 2024-52444
Slotti Ajanvaraus
- Plugin:
- Slotti Ajanvaraus
- Plugin Slug:
- slotti-ajanvaraus
- Installations
- 200+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.3.1
- Severity Score:
- Medium
- CVE:
- 2024-11408
WIP Incoming Lite
- Plugin:
- WIP Incoming Lite
- Plugin Slug:
- wip-incoming-lite
- Installations
- 200+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.1.2
- Severity Score:
- High
- CVE:
- 2024-11416
WP-Orphanage Extended
- Plugin:
- WP-Orphanage Extended
- Plugin Slug:
- wp-orphanage-extended
- Installations
- 200+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.3
- Severity Score:
- Critical
- CVE:
- 2024-11415
Chessgame Shizzle
- Plugin:
- Chessgame Shizzle
- Plugin Slug:
- chessgame-shizzle
- Installations
- 100+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.3.1
- Severity Score:
- High
- CVE:
- 2024-11446
Run Contests, Raffles, and Giveaways with ContestsWP
- Plugin Slug:
- contest-code-checker
- Installations
- 100+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.0.4
- Severity Score:
- High
- CVE:
- 2024-11456
HIPAA Compliant Forms with Drag’n’Drop HIPAA Form Builder. Sign HIPAA documents
- Plugin Slug:
- hipaatizer
- Installations
- 100+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.3.5
- Severity Score:
- Medium
- CVE:
- 2024-11332
My Contador lesr
- Plugin:
- My Contador lesr
- Plugin Slug:
- my-contador-wp
- Installations
- 100+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.1
- Severity Score:
- Medium
- CVE:
- 2024-11334
Skt NURCaptcha
- Plugin:
- Skt NURCaptcha
- Plugin Slug:
- skt-nurcaptcha
- Installations
- 100+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.6.0
- Severity Score:
- High
- CVE:
- 2024-11342
Ortto
- Plugin:
- Ortto
- Plugin Slug:
- autopilot
- Installations
- 90+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.0.21
- Severity Score:
- High
- CVE:
- 2024-52482
AutoListicle: Automatically Update Numbered List Articles
- Plugin Slug:
- autolisticle-automatically-update-numbered-list-articles
- Installations
- 70+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.2.4
- Severity Score:
- Medium
- CVE:
- 2024-11426
CM Business Directory Plugin – Business Listing Directory
- Plugin Slug:
- cm-business-directory
- Installations
- 70+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.4.2
- Severity Score:
- High
- CVE:
- 2024-11202
Video Lessons Manager – WordPress LMS Plugin
- Plugin Slug:
- cm-video-lesson-manager
- Installations
- 70+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.8.3
- Severity Score:
- High
- CVE:
- 2024-11202
PDF Invoices & Packing Slips Generator for WooCommerce
- Plugin Slug:
- pdf-invoicing-for-woocommerce
- Installations
- 70+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.2.2
- Severity Score:
- High
- CVE:
- 2024-11361
Page Parts
- Plugin:
- Page Parts
- Plugin Slug:
- page-parts
- Installations
- 60+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.4.4
- Severity Score:
- High
- CVE:
- 2024-11360
Fediverse Embeds
- Plugin:
- Fediverse Embeds
- Plugin Slug:
- fediverse-embeds
- Installations
- 40+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 1.5.4
- Severity Score:
- Critical
- CVE:
- 2024-52476
WordPress Bootscraper
- Plugin:
- WordPress Bootscraper
- Plugin Slug:
- wp-bootscraper
- Installations
- 40+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 4.0.0
- Severity Score:
- High
- CVE:
- 2024-52449
Support SVG – Upload svg files in wordpress without hassle
- Plugin Slug:
- support-svg
- Installations
- 30+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.1.1
- Severity Score:
- Medium
- CVE:
- 2024-11091
???????? ??????? ????????? ??????
- Plugin Slug:
- express-pay
- Installations
- 20+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 1.1.9
- Severity Score:
- Critical
- CVE:
- 2024-52474
Document & Data Automation
- Plugin:
- Document & Data Automation
- Plugin Slug:
- document-data-automation
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.6.2
- Severity Score:
- High
- CVE:
- 2024-52477
MP3 Sticky Player
- Plugin:
- MP3 Sticky Player
- Plugin Slug:
- fwdmsp
- Vulnerability:
- Path Traversal
- Patched in Version:
- 8.1
- Severity Score:
- High
- CVE:
- 2024-10803
WPGYM
- Plugin:
- WPGYM
- Plugin Slug:
- gym-management
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 67.2.0
- Severity Score:
- Critical
- CVE:
- 2024-9941
WPGYM
- Plugin:
- WPGYM
- Plugin Slug:
- gym-management
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 67.2.0
- Severity Score:
- Critical
- CVE:
- 2024-9942
Leopard – WordPress offload media
- Plugin:
- Leopard – WordPress offload media
- Plugin Slug:
- leopard-wordpress-offload-media
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.1.2
- Severity Score:
- High
- CVE:
- 2024-10589
School Management
- Plugin:
- School Management
- Plugin Slug:
- school-management
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 92.0.0
- Severity Score:
- Critical
- CVE:
- 2024-9659
Wishlist for WooCommerce Pro
- Plugin:
- Wishlist for WooCommerce Pro
- Plugin Slug:
- wish-list-for-woocommerce-pro
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.1.3
- Severity Score:
- High
- CVE:
- 2024-10519
Booking & Appointment Plugin for WooCommerce
- Plugin:
- Booking & Appointment Plugin for WooCommerce
- Plugin Slug:
- woocommerce-booking
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 6.10.0
- Severity Score:
- High
- CVE:
- 2024-10729
WordPress GDPR & CCPA
- Plugin:
- WordPress GDPR & CCPA
- Plugin Slug:
- wordpress-gdpr
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.0.3
- Severity Score:
- Medium
- CVE:
- 2024-11069
WordPress GDPR & CCPA
- Plugin:
- WordPress GDPR & CCPA
- Plugin Slug:
- wordpress-gdpr
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.0.3
- Severity Score:
- High
- CVE:
- 2024-10388
WordPress Themes — 3 Patched / 6 Unpatched
Grip
- Theme:
- Grip
- Theme Slug:
- grip
- Downloads
- 27,482
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2024-52488
AccessPress Staple
- Theme:
- AccessPress Staple
- Theme Slug:
- accesspress-staple
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2024-52488
Jobify – Job Board WordPress Theme
- Theme:
- Jobify – Job Board WordPress Theme
- Theme Slug:
- jobify
- Vulnerability:
- Arbitrary File Download
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-52481
Jobify – Job Board WordPress Theme
- Theme:
- Jobify – Job Board WordPress Theme
- Theme Slug:
- jobify
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-52480
Jobify – Job Board WordPress Theme
- Theme:
- Jobify – Job Board WordPress Theme
- Theme Slug:
- jobify
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-52479
Jobify – Job Board WordPress Theme
- Theme:
- Jobify – Job Board WordPress Theme
- Theme Slug:
- jobify
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-52478
Ashe
Bard
ForumEngine
- Theme:
- ForumEngine
- Theme Slug:
- forumengine
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.9
- Severity Score:
- High
- CVE:
- 2024-10623
Solid Security is part of Solid Suite — The best foundation for WordPress websites.
Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!
Join us for the next Solid Academy Webinar!
Free weekly webinars that will help you master WordPress and increase your business's bottom line.
What is a WordPress Phishing Attack?
Learn how to identify and prevent phishing attacks on WordPress websites.
Kiki SheldonWebsite Protection: 5 Ways to Keep Your Website Safe
Robust website protection is the shield that stands between your business and relentless cyber attacks. Prioritizing website protection enables businesses to fortify defenses to safeguard their online presence and preserve the trust of their customers in the face of ever-evolving cybersecurity threats.
Kiki Sheldon23 Ideas To Grow Your WordPress Business in 2023
WordPress is the most popular website-building platform worldwide, trusted by numerous brands. WordPress enables you to build a user-friendly and highly reliable site, together with tools and plugins to enhance your marketing and work like a lead magnet. All these features make WordPress the platform chosen by more than 43% of businesses globally.
SolidWP Editorial TeamSign up now — Get SolidWP updates and valuable content straight to your inbox
Sign up
Placeholder text
Placeholder text
Get started with confidence — risk free, guaranteed
