WordPress Vulnerability Report

WordPress Vulnerability Report — November 6, 2024

Since last week, 285 new plugin vulnerabilities emerged in the WordPress ecosystem. 99 of the vulnerable plugins remain unpatched, but Solid Security Pro users are protected by virtual patching from Patchstack.

Sarah

Published:Nov 6, 2024

Filed Under:WordPress Vulnerability Report

Reading Time:49 min.

In this report, 285 vulnerabilities have been publicly disclosed. Security patches for 99 of these plugins are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 186 plugin vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

Along with poor user account security, vulnerable plugins and themes are among the top reasons why WordPress websites get hacked. Unfortunately, cyberattacks are increasing in volume and sophistication. They’re also increasingly aimed at small to mid-sized businesses.

Our WordPress Vulnerability Report covers the latest emerging WordPress plugin, theme, and core vulnerabilities. Each vulnerability will have a severity rating of LowMediumHigh, or Critical. Responsible disclosure of vulnerabilities is essential to keeping the WordPress community safe. Please share this report to help spread the word and make WordPress — and the web — more secure.

WordPress Core

WordPress 6.7 Beta 3 is available and ready for testing! This beta version of the WordPress software is under development. Please do not install, run, or test this version of WordPress on production or mission-critical websites. Instead, it is recommended you evaluate Beta 3 on a test server and site.

No new core vulnerabilities were disclosed this week.

WordPress Plugins — 99 Patched / 186 Unpatched

Countdown, Coming Soon, Maintenance – Countdown & Clock

Plugin:
Countdown, Coming Soon, Maintenance – Countdown & Clock
Plugin Slug:
countdown-builder
Installations
10,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-50516
The vulnerability has not been patched. You should deactivate the plugin.

WP Hotel Booking

Plugin:
WP Hotel Booking
Plugin Slug:
wp-hotel-booking
Installations
8,000+
Vulnerability:
Local File Inclusion
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51582
The vulnerability has not been patched. You should deactivate the plugin.

Administrator Z

Plugin:
Administrator Z
Plugin Slug:
administrator-z
Installations
400+
Vulnerability:
SQL Injection
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-50524
The vulnerability has not been patched. You should deactivate the plugin.

Simple Page Specific Sidebars

Plugin:
Simple Page Specific Sidebars
Plugin Slug:
page-specific-sidebars
Installations
100+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51633
The vulnerability has not been patched. You should deactivate the plugin.

Training – Courses

Plugin:
Training – Courses
Plugin Slug:
training
Installations
20+
Vulnerability:
Arbitrary File Upload
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2024-50529
The vulnerability has not been patched. You should deactivate the plugin.

All Post Contact Form

Plugin:
All Post Contact Form
Plugin Slug:
allpost-contactform
Installations
10+
Vulnerability:
Arbitrary File Upload
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2024-50523
The vulnerability has not been patched. You should deactivate the plugin.

Easy SVG Upload

Plugin:
Easy SVG Upload
Plugin Slug:
easy-svg-upload
Installations
10+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-9708
The vulnerability has not been patched. You should deactivate the plugin.

3D Presentation

Plugin:
3D Presentation
Plugin Slug:
3d-presentation
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51578
The vulnerability has not been patched. You should deactivate the plugin.

5 Stars Rating Funnel

Plugin:
5 Stars Rating Funnel
Plugin Slug:
5-stars-rating-funnel
Vulnerability:
SQL Injection
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51579
The vulnerability has not been patched. You should deactivate the plugin.

Aajoda Testimonials

Plugin:
Aajoda Testimonials
Plugin Slug:
aajoda-testimonials
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51614
The vulnerability has not been patched. You should deactivate the plugin.

Bing Search API Integration

Plugin:
Bing Search API Integration
Plugin Slug:
abbs-bing-search
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51692
The vulnerability has not been patched. You should deactivate the plugin.

Addressbook

Plugin:
Addressbook
Plugin Slug:
addressbook
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51644
The vulnerability has not been patched. You should deactivate the plugin.

Admin SMS Alert

Plugin:
Admin SMS Alert
Plugin Slug:
admin-sms-alert
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51637
The vulnerability has not been patched. You should deactivate the plugin.

Advanced Control Manager for WordPress by ItalyStrap

Plugin:
Advanced Control Manager for WordPress by ItalyStrap
Plugin Slug:
advanced-control-manager
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-50541
The vulnerability has not been patched. You should deactivate the plugin.

Advanced PDF Generator

Plugin:
Advanced PDF Generator
Plugin Slug:
advanced-pdf-generator
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51641
The vulnerability has not been patched. You should deactivate the plugin.

Ajax Content Filter

Plugin:
Ajax Content Filter
Plugin Slug:
ajax-content-filter
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51717
The vulnerability has not been patched. You should deactivate the plugin.

Alley Elementor Widget

Plugin:
Alley Elementor Widget
Plugin Slug:
alley-elementor-widget
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-50521
The vulnerability has not been patched. You should deactivate the plugin.

AmaDiscount

Plugin:
AmaDiscount
Plugin Slug:
amadiscount
Vulnerability:
SQL Injection
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51608
The vulnerability has not been patched. You should deactivate the plugin.

amazing neo icon font for elementor

Plugin:
amazing neo icon font for elementor
Plugin Slug:
amazing-neo-icon-font-for-elementor
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-50543
The vulnerability has not been patched. You should deactivate the plugin.

Amazon Associate Filter

Plugin:
Amazon Associate Filter
Plugin Slug:
amazon-associate-filter
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51643
The vulnerability has not been patched. You should deactivate the plugin.

AMP Img Shortcode

Plugin:
AMP Img Shortcode
Plugin Slug:
amp-img-shortcode
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51576
The vulnerability has not been patched. You should deactivate the plugin.

Ancient World Linked Data

Plugin:
Ancient World Linked Data
Plugin Slug:
ancient-world-linked-data-for-wordpress
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-50520
The vulnerability has not been patched. You should deactivate the plugin.

APK Downloader

Plugin:
APK Downloader
Plugin Slug:
apk-downloader
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51654
The vulnerability has not been patched. You should deactivate the plugin.

AR For Woocommerce

Plugin:
AR For Woocommerce
Plugin Slug:
ar-for-woocommerce
Vulnerability:
Arbitrary File Upload
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2024-50510
The vulnerability has not been patched. You should deactivate the plugin.

Custom Author URL

Plugin:
Custom Author URL
Plugin Slug:
author-slug
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51655
The vulnerability has not been patched. You should deactivate the plugin.

Awesome Progress Bar

Plugin:
Awesome Progress Bar
Plugin Slug:
awesome-progess-bar
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-50548
The vulnerability has not been patched. You should deactivate the plugin.

Awesome Shortcodes For Genesis

Plugin:
Awesome Shortcodes For Genesis
Plugin Slug:
awesome-shortcodes-for-genesis
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51638
The vulnerability has not been patched. You should deactivate the plugin.

AwesomePress

Plugin:
AwesomePress
Plugin Slug:
awesomepress
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51616
The vulnerability has not been patched. You should deactivate the plugin.

Bigmart Elements

Plugin:
Bigmart Elements
Plugin Slug:
bigmart-elements
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51589
The vulnerability has not been patched. You should deactivate the plugin.

Blrt WP Embed

Plugin:
Blrt WP Embed
Plugin Slug:
blrt-wp-embed
Vulnerability:
SQL Injection
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51606
The vulnerability has not been patched. You should deactivate the plugin.

Bonway Static Block Editor

Plugin:
Bonway Static Block Editor
Plugin Slug:
bonway-static-block-editor
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-50549
The vulnerability has not been patched. You should deactivate the plugin.

bpmn.io

Plugin:
bpmn.io
Plugin Slug:
bpmnio
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51577
The vulnerability has not been patched. You should deactivate the plugin.

Bulk Change Role

Plugin:
Bulk Change Role
Plugin Slug:
bulk-role-change
Vulnerability:
Privilege Escalation
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-50504
The vulnerability has not been patched. You should deactivate the plugin.

Buooy Sticky Header

Plugin:
Buooy Sticky Header
Plugin Slug:
buooy-sticky-header
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51699
The vulnerability has not been patched. You should deactivate the plugin.

Business

Plugin:
Business
Plugin Slug:
business
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51596
The vulnerability has not been patched. You should deactivate the plugin.

Clever Addons for Elementor

Plugin:
Clever Addons for Elementor
Plugin Slug:
cafe-lite
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51580
The vulnerability has not been patched. You should deactivate the plugin.

Classy Addons for Elementor

Plugin:
Classy Addons for Elementor
Plugin Slug:
classy-addons-for-elementor
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-50553
The vulnerability has not been patched. You should deactivate the plugin.

Clyp

Plugin:
Clyp
Plugin Slug:
clyp
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51617
The vulnerability has not been patched. You should deactivate the plugin.

Code Explorer

Plugin:
Code Explorer
Plugin Slug:
code-explorer
Vulnerability:
Directory Traversal
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2023-5816
The vulnerability has not been patched. You should deactivate the plugin.

Content Syndication Toolkit Reader

Plugin:
Content Syndication Toolkit Reader
Plugin Slug:
content-syndication-toolkit-reader
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51696
The vulnerability has not been patched. You should deactivate the plugin.

Conversion Helper

Plugin:
Conversion Helper
Plugin Slug:
conversion-helper
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-10676
The vulnerability has not been patched. You should deactivate the plugin.

Crypto

Plugin:
Crypto
Plugin Slug:
crypto
Vulnerability:
Broken Authentication
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2024-9989
The vulnerability has not been patched. You should deactivate the plugin.

Crypto

Plugin:
Crypto
Plugin Slug:
crypto
Vulnerability:
Broken Authentication
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2024-9988
The vulnerability has not been patched. You should deactivate the plugin.

Crypto

Plugin:
Crypto
Plugin Slug:
crypto
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-9990
The vulnerability has not been patched. You should deactivate the plugin.

Custom Admin Menu

Plugin:
Custom Admin Menu
Plugin Slug:
custom-admin-menu
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51618
The vulnerability has not been patched. You should deactivate the plugin.

Daily Image

Plugin:
Daily Image
Plugin Slug:
daily-image
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51776
The vulnerability has not been patched. You should deactivate the plugin.

Dashing Memberships

Plugin:
Dashing Memberships
Plugin Slug:
dashing-memberships
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51760
The vulnerability has not been patched. You should deactivate the plugin.

DataMentor

Plugin:
DataMentor
Plugin Slug:
datamentor
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-50545
The vulnerability has not been patched. You should deactivate the plugin.

Definitive Addons for Elementor

Plugin:
Definitive Addons for Elementor
Plugin Slug:
definitive-addons-for-elementor
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51587
The vulnerability has not been patched. You should deactivate the plugin.

Display Terms Shortcode

Plugin:
Display Terms Shortcode
Plugin Slug:
display-terms-shortcode
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51610
The vulnerability has not been patched. You should deactivate the plugin.

Domain Sharding

Plugin:
Domain Sharding
Plugin Slug:
domain-sharding
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-50533
The vulnerability has not been patched. You should deactivate the plugin.

Don’t Break The Code

Plugin:
Don’t Break The Code
Plugin Slug:
dont-break-the-code
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51779
The vulnerability has not been patched. You should deactivate the plugin.

Doofinder

Plugin:
Doofinder
Plugin Slug:
doofinder
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51697
The vulnerability has not been patched. You should deactivate the plugin.

(dp) AddThis

Plugin:
(dp) AddThis
Plugin Slug:
dp-addthis
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-50540
The vulnerability has not been patched. You should deactivate the plugin.

DS.DownloadList

Plugin:
DS.DownloadList
Plugin Slug:
dsdownloadlist
Vulnerability:
PHP Object Injection
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2024-50507
The vulnerability has not been patched. You should deactivate the plugin.

e-shops

Plugin:
e-shops
Plugin Slug:
e-shops-cart2
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51648
The vulnerability has not been patched. You should deactivate the plugin.

eewee admin custom

Plugin:
eewee admin custom
Plugin Slug:
eewee-admincustom
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51780
The vulnerability has not been patched. You should deactivate the plugin.

Elementary Addons

Plugin:
Elementary Addons
Plugin Slug:
elementary-addons
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51586
The vulnerability has not been patched. You should deactivate the plugin.

Emoji Shortcode

Plugin:
Emoji Shortcode
Plugin Slug:
emoji-shortcode
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51609
The vulnerability has not been patched. You should deactivate the plugin.

Enable Shortcodes inside Widgets,Comments and Experts

Plugin:
Enable Shortcodes inside Widgets,Comments and Experts
Plugin Slug:
enable-shortcodes-inside-widgetscomments-and-experts
Vulnerability:
Arbitrary Code Execution
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-9846
The vulnerability has not been patched. You should deactivate the plugin.

EndomondoWP

Plugin:
EndomondoWP
Plugin Slug:
endomondowp
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-50551
The vulnerability has not been patched. You should deactivate the plugin.

Events Manager Pro – extended

Plugin:
Events Manager Pro – extended
Plugin Slug:
events-manager-pro-extended
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-50532
The vulnerability has not been patched. You should deactivate the plugin.

Extender All In One For Elementor

Plugin:
Extender All In One For Elementor
Plugin Slug:
extender-all-in-one-for-elementor
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51575
The vulnerability has not been patched. You should deactivate the plugin.

EzyOnlineBookings Online Booking System Widget

Plugin:
EzyOnlineBookings Online Booking System Widget
Plugin Slug:
ezyonlinebookings-online-booking-system
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51628
The vulnerability has not been patched. You should deactivate the plugin.

Fabrica Synced Pattern Instances

Plugin:
Fabrica Synced Pattern Instances
Plugin Slug:
fabrica-reusable-block-instances
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51695
The vulnerability has not been patched. You should deactivate the plugin.

Featured Posts Scroll

Plugin:
Featured Posts Scroll
Plugin Slug:
featured-posts-scroll
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
The vulnerability has not been patched. You should deactivate the plugin.

Firework Shoppable Live Video

Plugin:
Firework Shoppable Live Video
Plugin Slug:
firework-videos
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51781
The vulnerability has not been patched. You should deactivate the plugin.

Flash Show And Hide Box

Plugin:
Flash Show And Hide Box
Plugin Slug:
flash-show-and-hide-box
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51656
The vulnerability has not been patched. You should deactivate the plugin.

Forms: 3rd-Party Post Again

Plugin:
Forms: 3rd-Party Post Again
Plugin Slug:
forms-3rdparty-post-again
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51783
The vulnerability has not been patched. You should deactivate the plugin.

FriendStore for WooCommerce

Plugin:
FriendStore for WooCommerce
Plugin Slug:
friendstore-for-woocommerce
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51784
The vulnerability has not been patched. You should deactivate the plugin.

GDReseller

Plugin:
GDReseller
Plugin Slug:
gdreseller
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-50536
The vulnerability has not been patched. You should deactivate the plugin.

Genoo

Plugin:
Genoo
Plugin Slug:
genoo
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51605
The vulnerability has not been patched. You should deactivate the plugin.

Geotagged Media

Plugin:
Geotagged Media
Plugin Slug:
geotagged-media
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51694
The vulnerability has not been patched. You should deactivate the plugin.

Get Quote For Woocommerce

Plugin:
Get Quote For Woocommerce
Plugin Slug:
get-a-quote-for-woocommerce
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-9430
The vulnerability has not been patched. You should deactivate the plugin.

Gmap Point List

Plugin:
Gmap Point List
Plugin Slug:
gmap-point-list
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51594
The vulnerability has not been patched. You should deactivate the plugin.

GMO Social Connection

Plugin:
GMO Social Connection
Plugin Slug:
gmo-social-connection
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51636
The vulnerability has not been patched. You should deactivate the plugin.

Golf Tracker

Plugin:
Golf Tracker
Plugin Slug:
golf-tracker
Vulnerability:
SQL Injection
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51607
The vulnerability has not been patched. You should deactivate the plugin.

Satisfaction Reports from Help Scout

Plugin:
Satisfaction Reports from Help Scout
Plugin Slug:
happiness-reports-for-help-scout
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51778
The vulnerability has not been patched. You should deactivate the plugin.

Header Footer Composer for Elementor

Plugin:
Header Footer Composer for Elementor
Plugin Slug:
header-footer-composer
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51629
The vulnerability has not been patched. You should deactivate the plugin.

Plug your WooCommerce into the largest catalog of customized print products from Helloprint

Plugin:
Plug your WooCommerce into the largest catalog of customized print products from Helloprint
Plugin Slug:
helloprint
Vulnerability:
Arbitrary File Upload
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2024-50525
The vulnerability has not been patched. You should deactivate the plugin.

Hoo Addons for Elementor

Plugin:
Hoo Addons for Elementor
Plugin Slug:
hoo-addons-for-elementor
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51590
The vulnerability has not been patched. You should deactivate the plugin.

Hover Video Preview

Plugin:
Hover Video Preview
Plugin Slug:
hover-video-preview
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-50552
The vulnerability has not been patched. You should deactivate the plugin.

HQ60 Fidelity Card

Plugin:
HQ60 Fidelity Card
Plugin Slug:
hq60-fidelity-card
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51713
The vulnerability has not been patched. You should deactivate the plugin.

ID-SK Toolkit

Plugin:
ID-SK Toolkit
Plugin Slug:
idsk-toolkit
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-50517
The vulnerability has not been patched. You should deactivate the plugin.

Jigoshop – Store Exporter

Plugin:
Jigoshop – Store Exporter
Plugin Slug:
jigoshop-exporter
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-50519
The vulnerability has not been patched. You should deactivate the plugin.

Jigoshop – Store Toolkit

Plugin:
Jigoshop – Store Toolkit
Plugin Slug:
jigoshop-store-toolkit
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51712
The vulnerability has not been patched. You should deactivate the plugin.

Kento Ads Rotator

Plugin:
Kento Ads Rotator
Plugin Slug:
kento-ads-rotator
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51583
The vulnerability has not been patched. You should deactivate the plugin.

LH QR Codes

Plugin:
LH QR Codes
Plugin Slug:
lh-qr-codes
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51572
The vulnerability has not been patched. You should deactivate the plugin.

Lodgix.com Vacation Rental Website Builder

Plugin:
Lodgix.com Vacation Rental Website Builder
Plugin Slug:
lodgixcom-vacation-rental-listing-management-booking-plugin
Vulnerability:
SQL Injection
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-50539
The vulnerability has not been patched. You should deactivate the plugin.

Loginplus

Plugin:
Loginplus
Plugin Slug:
loginplus
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51782
The vulnerability has not been patched. You should deactivate the plugin.

Market 360 Viewer

Plugin:
Market 360 Viewer
Plugin Slug:
market-360-viewer
Vulnerability:
SQL Injection
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51619
The vulnerability has not been patched. You should deactivate the plugin.

Marketing Automation by AZEXO

Plugin:
Marketing Automation by AZEXO
Plugin Slug:
marketing-automation-by-azexo
Vulnerability:
Privilege Escalation
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-50506
The vulnerability has not been patched. You should deactivate the plugin.

Marquee Elementor with Posts

Plugin:
Marquee Elementor with Posts
Plugin Slug:
marquee-elementor
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51584
The vulnerability has not been patched. You should deactivate the plugin.

Master Bar

Plugin:
Master Bar
Plugin Slug:
master-bar
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51698
The vulnerability has not been patched. You should deactivate the plugin.

MasterBip para Elementor

Plugin:
MasterBip para Elementor
Plugin Slug:
masterbip-for-elementor
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51571
The vulnerability has not been patched. You should deactivate the plugin.

MDR Webmaster Tools

Plugin:
MDR Webmaster Tools
Plugin Slug:
mdr-webmaster-tools
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51640
The vulnerability has not been patched. You should deactivate the plugin.

Media Modal

Plugin:
Media Modal
Plugin Slug:
media-modal
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51604
The vulnerability has not been patched. You should deactivate the plugin.

Meta Store Elements

Plugin:
Meta Store Elements
Plugin Slug:
meta-store-elements
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51592
The vulnerability has not been patched. You should deactivate the plugin.

MG Post Contributors

Plugin:
MG Post Contributors
Plugin Slug:
mg-post-contributors
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51701
The vulnerability has not been patched. You should deactivate the plugin.

ML Responsive Audio player with playlist Shortcode

Plugin:
ML Responsive Audio player with playlist Shortcode
Plugin Slug:
mlr-audio
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51573
The vulnerability has not been patched. You should deactivate the plugin.

Mobilize

Plugin:
Mobilize
Plugin Slug:
mobilize
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51649
The vulnerability has not been patched. You should deactivate the plugin.

Multi Purpose Mail Form

Plugin:
Multi Purpose Mail Form
Plugin Slug:
multi-purpose-mail-form
Vulnerability:
Arbitrary File Upload
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2024-50526
The vulnerability has not been patched. You should deactivate the plugin.

MyOrderDesk

Plugin:
MyOrderDesk
Plugin Slug:
myorderdesk
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-50546
The vulnerability has not been patched. You should deactivate the plugin.

Narnoo Commerce Manager

Plugin:
Narnoo Commerce Manager
Plugin Slug:
narnoo-commerce-manager
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51708
The vulnerability has not been patched. You should deactivate the plugin.

Naver Blog

Plugin:
Naver Blog
Plugin Slug:
naver-blog-api
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51639
The vulnerability has not been patched. You should deactivate the plugin.

NMR Strava activities

Plugin:
NMR Strava activities
Plugin Slug:
nmr-strava-activities
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51603
The vulnerability has not been patched. You should deactivate the plugin.

Porsline

Plugin:
Porsline
Plugin Slug:
porsline
Vulnerability:
SQL Injection
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51620
The vulnerability has not been patched. You should deactivate the plugin.

Website price calculator

Plugin:
Website price calculator
Plugin Slug:
price-calculator-to-your-website
Vulnerability:
SQL Injection
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51601
The vulnerability has not been patched. You should deactivate the plugin.

Pricer Ninja

Plugin:
Pricer Ninja
Plugin Slug:
pricer-ninja-pricing-tables
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-50518
The vulnerability has not been patched. You should deactivate the plugin.

PropertyShift

Plugin:
PropertyShift
Plugin Slug:
propertyshift
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51762
The vulnerability has not been patched. You should deactivate the plugin.

Quran Shortcode

Plugin:
Quran Shortcode
Plugin Slug:
quran-shortcode
Vulnerability:
SQL Injection
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51625
The vulnerability has not been patched. You should deactivate the plugin.

Random Featured Post

Plugin:
Random Featured Post
Plugin Slug:
random-featured-post-plugin
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51650
The vulnerability has not been patched. You should deactivate the plugin.

Reftagger Shortcode

Plugin:
Reftagger Shortcode
Plugin Slug:
reftagger-shortcode
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51612
The vulnerability has not been patched. You should deactivate the plugin.

Responsive Data Table

Plugin:
Responsive Data Table
Plugin Slug:
responsive-data-table
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51710
The vulnerability has not been patched. You should deactivate the plugin.

Responsive Flickr Gallery

Plugin:
Responsive Flickr Gallery
Plugin Slug:
responsive-flickr-gallery
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51630
The vulnerability has not been patched. You should deactivate the plugin.

RSVP ME

Plugin:
RSVP ME
Plugin Slug:
rsvp-me
Vulnerability:
SQL Injection
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-50544
The vulnerability has not been patched. You should deactivate the plugin.

Sales Page Addon – Elementor & Beaver Builder

Plugin:
Sales Page Addon – Elementor & Beaver Builder
Plugin Slug:
sales-page-addon
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51585
The vulnerability has not been patched. You should deactivate the plugin.

Saragna

Plugin:
Saragna
Plugin Slug:
saragna-social-stream
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51711
The vulnerability has not been patched. You should deactivate the plugin.

Search order by product SKU for WooCommerce

Plugin:
Search order by product SKU for WooCommerce
Plugin Slug:
search-order-by-product-sku-for-woocommerce
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51693
The vulnerability has not been patched. You should deactivate the plugin.

Selar.co Widget

Plugin:
Selar.co Widget
Plugin Slug:
selar-co-widget
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51598
The vulnerability has not been patched. You should deactivate the plugin.

Seo Free

Plugin:
Seo Free
Plugin Slug:
seo-free
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51642
The vulnerability has not been patched. You should deactivate the plugin.

SH Slideshow

Plugin:
SH Slideshow
Plugin Slug:
sh-slideshow
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51632
The vulnerability has not been patched. You should deactivate the plugin.

Show Visitor IP Address

Plugin:
Show Visitor IP Address
Plugin Slug:
show-visitor-ip-address
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-50538
The vulnerability has not been patched. You should deactivate the plugin.

Sided

Plugin:
Sided
Plugin Slug:
sided
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-50554
The vulnerability has not been patched. You should deactivate the plugin.

Simple Business Manager

Plugin:
Simple Business Manager
Plugin Slug:
simple-business-manager
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51599
The vulnerability has not been patched. You should deactivate the plugin.

Easy Gallery

Plugin:
Easy Gallery
Plugin Slug:
simple-gallery-odihost
Vulnerability:
SQL Injection
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51570
The vulnerability has not been patched. You should deactivate the plugin.

Simple Goods

Plugin:
Simple Goods
Plugin Slug:
simple-goods
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51574
The vulnerability has not been patched. You should deactivate the plugin.

Simple Job Manager

Plugin:
Simple Job Manager
Plugin Slug:
simple-job-manager
Vulnerability:
SQL Injection
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51602
The vulnerability has not been patched. You should deactivate the plugin.

Simple Modal

Plugin:
Simple Modal
Plugin Slug:
simplemodal
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51718
The vulnerability has not been patched. You should deactivate the plugin.

Simplistic SEO

Plugin:
Simplistic SEO
Plugin Slug:
simplistic-seo
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51719
The vulnerability has not been patched. You should deactivate the plugin.

SIP Reviews Shortcode for WooCommerce

Plugin:
SIP Reviews Shortcode for WooCommerce
Plugin Slug:
sip-reviews-shortcode-woocommerce
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-6480
The vulnerability has not been patched. You should deactivate the plugin.

SIP Reviews Shortcode for WooCommerce

Plugin:
SIP Reviews Shortcode for WooCommerce
Plugin Slug:
sip-reviews-shortcode-woocommerce
Vulnerability:
SQL Injection
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-6479
The vulnerability has not been patched. You should deactivate the plugin.

Skip To

Plugin:
Skip To
Plugin Slug:
skip-to
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51652
The vulnerability has not been patched. You should deactivate the plugin.

SKSDEV Toolkit

Plugin:
SKSDEV Toolkit
Plugin Slug:
sksdev-toolkit
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51595
The vulnerability has not been patched. You should deactivate the plugin.

Slicko

Plugin:
Slicko
Plugin Slug:
slicko-for-elementor
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51591
The vulnerability has not been patched. You should deactivate the plugin.

Smart Mockups

Plugin:
Smart Mockups
Plugin Slug:
smart-mockups
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-50537
The vulnerability has not been patched. You should deactivate the plugin.

Stacks Mobile App Builder

Plugin:
Stacks Mobile App Builder
Plugin Slug:
stacks-mobile-app-builder
Vulnerability:
Sensitive Data Exposure
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-50528
The vulnerability has not been patched. You should deactivate the plugin.

Stacks Mobile App Builder

Plugin:
Stacks Mobile App Builder
Plugin Slug:
stacks-mobile-app-builder
Vulnerability:
Arbitrary File Upload
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2024-50527
The vulnerability has not been patched. You should deactivate the plugin.

Stars SMTP Mailer

Plugin:
Stars SMTP Mailer
Plugin Slug:
stars-smtp-mailer
Vulnerability:
Arbitrary File Upload
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2024-50530
The vulnerability has not been patched. You should deactivate the plugin.

Step by Step

Plugin:
Step by Step
Plugin Slug:
step-by-step
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-50535
The vulnerability has not been patched. You should deactivate the plugin.

Sticky Social Bar

Plugin:
Sticky Social Bar
Plugin Slug:
sticky-social-bar
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51631
The vulnerability has not been patched. You should deactivate the plugin.

Super Addons for Elementor

Plugin:
Super Addons for Elementor
Plugin Slug:
super-addons-for-elementor
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51588
The vulnerability has not been patched. You should deactivate the plugin.

SVT Simple

Plugin:
SVT Simple
Plugin Slug:
svt-simple
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51759
The vulnerability has not been patched. You should deactivate the plugin.

T(-) Countdown

Plugin:
T(-) Countdown
Plugin Slug:
t-countdown
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-9884
The vulnerability has not been patched. You should deactivate the plugin.

Team Showcase and Slider – Team Members Builder

Plugin:
Team Showcase and Slider – Team Members Builder
Plugin Slug:
team-showcase-ultimate
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51763
The vulnerability has not been patched. You should deactivate the plugin.

TeleAdmin

Plugin:
TeleAdmin
Plugin Slug:
teleadmin
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51709
The vulnerability has not been patched. You should deactivate the plugin.

Themedy Toolbox

Plugin:
Themedy Toolbox
Plugin Slug:
themedy-toolbox
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-50547
The vulnerability has not been patched. You should deactivate the plugin.

ThemeFuse Maintenance Mode

Plugin:
ThemeFuse Maintenance Mode
Plugin Slug:
themefuse-maintenance-mode
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51645
The vulnerability has not been patched. You should deactivate the plugin.

ThemeShark Templates & Widgets for Elementor

Plugin:
ThemeShark Templates & Widgets for Elementor
Plugin Slug:
themeshark-elementor
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51597
The vulnerability has not been patched. You should deactivate the plugin.

TradeMe widgets

Plugin:
TradeMe widgets
Plugin Slug:
trademe-widget
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51613
The vulnerability has not been patched. You should deactivate the plugin.

SrcSet Responsive Images for WordPress

Plugin:
SrcSet Responsive Images for WordPress
Plugin Slug:
truenorth-srcset
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51702
The vulnerability has not been patched. You should deactivate the plugin.

Twitter @Anywhere Plus

Plugin:
Twitter @Anywhere Plus
Plugin Slug:
twitter-anywhere-plus
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51659
The vulnerability has not been patched. You should deactivate the plugin.

Twitter real time search scrolling

Plugin:
Twitter real time search scrolling
Plugin Slug:
twitter-real-time-search-scrolling
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51716
The vulnerability has not been patched. You should deactivate the plugin.

???? ????? UAH

Plugin:
???? ????? UAH
Plugin Slug:
ukrainian-currency
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51593
The vulnerability has not been patched. You should deactivate the plugin.

TinyMCE

Plugin:
TinyMCE
Plugin Slug:
ultimate-tinymce
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-8627
The vulnerability has not been patched. You should deactivate the plugin.

UPDATE NOTIFICATIONS

Plugin:
UPDATE NOTIFICATIONS
Plugin Slug:
update-notifications
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51653
The vulnerability has not been patched. You should deactivate the plugin.

User Password Reset

Plugin:
User Password Reset
Plugin Slug:
user-password-reset
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51714
The vulnerability has not been patched. You should deactivate the plugin.

UW Freelancer

Plugin:
UW Freelancer
Plugin Slug:
uw-freelancer
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51706
The vulnerability has not been patched. You should deactivate the plugin.

Webriti Custom Login

Plugin:
Webriti Custom Login
Plugin Slug:
webriti-custom-login-page
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51634
The vulnerability has not been patched. You should deactivate the plugin.

WeChat Subscribers Lite

Plugin:
WeChat Subscribers Lite
Plugin Slug:
wechat-subscribers-lite
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-50522
The vulnerability has not been patched. You should deactivate the plugin.

While Loading

Plugin:
While Loading
Plugin Slug:
while-it-is-loading
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51635
The vulnerability has not been patched. You should deactivate the plugin.

Widget or Sidebar Shortcode

Plugin:
Widget or Sidebar Shortcode
Plugin Slug:
widget-or-sidebar-per-shortcode
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-9885
The vulnerability has not been patched. You should deactivate the plugin.

WM Zoom

Plugin:
WM Zoom
Plugin Slug:
wm-zoom
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-50556
The vulnerability has not been patched. You should deactivate the plugin.

Woo Manage Fraud Orders

Plugin:
Woo Manage Fraud Orders
Plugin Slug:
woo-manage-fraud-orders
Vulnerability:
Sensitive Data Exposure
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-10544
The vulnerability has not been patched. You should deactivate the plugin.

Woocommerce Product Design

Plugin:
Woocommerce Product Design
Plugin Slug:
woo-product-design
Vulnerability:
Arbitrary File Deletion
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-50509
The vulnerability has not been patched. You should deactivate the plugin.

Woocommerce Product Design

Plugin:
Woocommerce Product Design
Plugin Slug:
woo-product-design
Vulnerability:
Arbitrary File Download
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-50508
The vulnerability has not been patched. You should deactivate the plugin.

Woocommerce Quote Calculator

Plugin:
Woocommerce Quote Calculator
Plugin Slug:
woo-quote-calculator-order
Vulnerability:
SQL Injection
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51626
The vulnerability has not been patched. You should deactivate the plugin.

World Prayer Time

Plugin:
World Prayer Time
Plugin Slug:
world-prayer-time
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-50534
The vulnerability has not been patched. You should deactivate the plugin.

WP Baidu Map

Plugin:
WP Baidu Map
Plugin Slug:
wp-baidu-map
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-9886
The vulnerability has not been patched. You should deactivate the plugin.

WP-Basics

Plugin:
WP-Basics
Plugin Slug:
wp-basics
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51703
The vulnerability has not been patched. You should deactivate the plugin.

WP Course Manager

Plugin:
WP Course Manager
Plugin Slug:
wp-course-manager
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51658
The vulnerability has not been patched. You should deactivate the plugin.

WP donimedia carousel

Plugin:
WP donimedia carousel
Plugin Slug:
wp-donimedia-carousel
Vulnerability:
Arbitrary File Upload
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2024-50511
The vulnerability has not been patched. You should deactivate the plugin.

Download-Mirror-Counter

Plugin:
Download-Mirror-Counter
Plugin Slug:
wp-download-mirror-counter
Vulnerability:
SQL Injection
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51621
The vulnerability has not been patched. You should deactivate the plugin.

WP EASY RECIPE

Plugin:
WP EASY RECIPE
Plugin Slug:
wp-easy-recipe
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51622
The vulnerability has not been patched. You should deactivate the plugin.

WP EIS

Plugin:
WP EIS
Plugin Slug:
wp-eis
Vulnerability:
SQL Injection
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51623
The vulnerability has not been patched. You should deactivate the plugin.

WP Feature Box

Plugin:
WP Feature Box
Plugin Slug:
wp-feature-box
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-51611
The vulnerability has not been patched. You should deactivate the plugin.

imPress

Plugin:
imPress
Plugin Slug:
wp-js-impress
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51704
The vulnerability has not been patched. You should deactivate the plugin.

WP MMenu Lite

Plugin:
WP MMenu Lite
Plugin Slug:
wp-mmenu-lite
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51705
The vulnerability has not been patched. You should deactivate the plugin.

WP Simple Anchors Links

Plugin:
WP Simple Anchors Links
Plugin Slug:
wp-simple-anchors-links
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-9446
The vulnerability has not been patched. You should deactivate the plugin.

Wp Slide Categorywise

Plugin:
Wp Slide Categorywise
Plugin Slug:
wp-slide-categorywise
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51690
The vulnerability has not been patched. You should deactivate the plugin.

WP Visual Adverts

Plugin:
WP Visual Adverts
Plugin Slug:
wp-visual-adverts
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51707
The vulnerability has not been patched. You should deactivate the plugin.

WPGlobus Translate Options

Plugin:
WPGlobus Translate Options
Plugin Slug:
wpglobus-translate-options
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-9434
The vulnerability has not been patched. You should deactivate the plugin.

WPHelpful

Plugin:
WPHelpful
Plugin Slug:
wphelpful
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51761
The vulnerability has not been patched. You should deactivate the plugin.

Admin Amplify

Plugin:
Admin Amplify
Plugin Slug:
wpr-admin-amplify
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-51691
The vulnerability has not been patched. You should deactivate the plugin.

LiteSpeed Cache

Plugin:
LiteSpeed Cache
Plugin Slug:
litespeed-cache
Installations
6,000,000+
Vulnerability:
Privilege Escalation
Patched in Version:
6.5.2
Severity Score:
High
CVE:
2024-50550
The vulnerability has been patched, so you should update to version 6.5.2.

All-in-One WP Migration and Backup

Plugin:
All-in-One WP Migration and Backup
Plugin Slug:
all-in-one-wp-migration
Installations
5,000,000+
Vulnerability:
PHP Object Injection
Patched in Version:
7.87
Severity Score:
High
CVE:
2024-9162
The vulnerability has been patched, so you should update to version 7.87.

Loginizer

Plugin:
Loginizer
Plugin Slug:
loginizer
Installations
1,000,000+
Vulnerability:
Broken Authentication
Patched in Version:
1.9.3
Severity Score:
High
CVE:
2024-10097
The vulnerability has been patched, so you should update to version 1.9.3.

Premium Addons for Elementor

Plugin:
Premium Addons for Elementor
Plugin Slug:
premium-addons-for-elementor
Installations
700,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
4.10.61
Severity Score:
Medium
CVE:
2024-10266
The vulnerability has been patched, so you should update to version 4.10.61.

Photo Gallery by 10Web – Mobile-Friendly Image Gallery

Plugin:
Photo Gallery by 10Web – Mobile-Friendly Image Gallery
Plugin Slug:
photo-gallery
Installations
200,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.8.31
Severity Score:
Medium
CVE:
2024-9878
The vulnerability has been patched, so you should update to version 1.8.31.

Beaver Builder – WordPress Page Builder

Plugin:
Beaver Builder – WordPress Page Builder
Plugin Slug:
beaver-builder-lite-version
Installations
100,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.8.4.3
Severity Score:
Medium
CVE:
2024-9505
The vulnerability has been patched, so you should update to version 2.8.4.3.

Download Manager

Plugin:
Download Manager
Plugin Slug:
download-manager
Installations
100,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
3.3.00
Severity Score:
Medium
CVE:
2024-8444
The vulnerability has been patched, so you should update to version 3.3.00.

FileOrganizer – Manage WordPress and Website Files

Plugin:
FileOrganizer – Manage WordPress and Website Files
Plugin Slug:
fileorganizer
Installations
100,000+
Vulnerability:
Arbitrary File Upload
Patched in Version:
1.1.0
Severity Score:
High
CVE:
2024-7985
The vulnerability has been patched, so you should update to version 1.1.0.

Download Monitor

Plugin:
Download Monitor
Plugin Slug:
download-monitor
Installations
90,000+
Vulnerability:
Broken Access Control
Patched in Version:
5.0.14
Severity Score:
Medium
CVE:
2024-10399
The vulnerability has been patched, so you should update to version 5.0.14.

Media Library Assistant

Plugin:
Media Library Assistant
Plugin Slug:
media-library-assistant
Installations
70,000+
Vulnerability:
Remote Code Execution (RCE)
Patched in Version:
3.20
Severity Score:
Critical
CVE:
2024-51661
The vulnerability has been patched, so you should update to version 3.20.

Exclusive Addons for Elementor

Plugin:
Exclusive Addons for Elementor
Plugin Slug:
exclusive-addons-for-elementor
Installations
60,000+
Vulnerability:
Sensitive Data Exposure
Patched in Version:
2.7.5
Severity Score:
Medium
CVE:
2024-10312
The vulnerability has been patched, so you should update to version 2.7.5.

Seriously Simple Podcasting

Plugin:
Seriously Simple Podcasting
Plugin Slug:
seriously-simple-podcasting
Installations
30,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
3.6.0
Severity Score:
High
CVE:
2024-9667
The vulnerability has been patched, so you should update to version 3.6.0.

Subscribe to Comments

Plugin:
Subscribe to Comments
Plugin Slug:
subscribe-to-comments
Installations
30,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.3.1
Severity Score:
High
CVE:
2024-8792
The vulnerability has been patched, so you should update to version 2.3.1.

Dynamic Widgets

Plugin:
Dynamic Widgets
Plugin Slug:
dynamic-widgets
Installations
20,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
1.6.5
Severity Score:
Medium
CVE:
2024-51669
The vulnerability has been patched, so you should update to version 1.6.5.

Wp Social Login and Register Social Counter

Plugin:
Wp Social Login and Register Social Counter
Plugin Slug:
wp-social
Installations
20,000+
Vulnerability:
Broken Authentication
Patched in Version:
3.0.8
Severity Score:
Critical
CVE:
2024-9501
The vulnerability has been patched, so you should update to version 3.0.8.

140+ Widgets | Xpro Addons For Elementor – FREE

Plugin:
140+ Widgets | Xpro Addons For Elementor – FREE
Plugin Slug:
xpro-elementor-addons
Installations
20,000+
Vulnerability:
Sensitive Data Exposure
Patched in Version:
1.4.6.1
Severity Score:
Medium
CVE:
2024-10319
The vulnerability has been patched, so you should update to version 1.4.6.1.

Contact Form 7 + Telegram

Plugin:
Contact Form 7 + Telegram
Plugin Slug:
cf7-telegram
Installations
10,000+
Vulnerability:
Broken Access Control
Patched in Version:
0.8.6
Severity Score:
Medium
CVE:
2024-9629
The vulnerability has been patched, so you should update to version 0.8.6.

Pricing Tables WordPress Plugin – Easy Pricing Tables

Plugin:
Pricing Tables WordPress Plugin – Easy Pricing Tables
Plugin Slug:
easy-pricing-tables
Installations
10,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
3.2.6
Severity Score:
High
CVE:
2024-8871
The vulnerability has been patched, so you should update to version 3.2.6.

AI Power: Complete AI Pack

Plugin:
AI Power: Complete AI Pack
Plugin Slug:
gpt3-ai-content-generator
Installations
10,000+
Vulnerability:
Arbitrary File Upload
Patched in Version:
1.8.90
Severity Score:
Critical
CVE:
2024-10392
The vulnerability has been patched, so you should update to version 1.8.90.

ReCaptcha Integration for WordPress

Plugin:
ReCaptcha Integration for WordPress
Plugin Slug:
wp-recaptcha-integration
Installations
10,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.2.6
Severity Score:
High
CVE:
2024-8739
The vulnerability has been patched, so you should update to version 1.2.6.

Bricksable for Bricks Builder

Plugin:
Bricksable for Bricks Builder
Plugin Slug:
bricksable
Installations
7,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.6.60
Severity Score:
Medium
CVE:
2024-51663
The vulnerability has been patched, so you should update to version 1.6.60.

Ultimate Bootstrap Elements for Elementor

Plugin:
Ultimate Bootstrap Elements for Elementor
Plugin Slug:
ultimate-bootstrap-elements-for-elementor
Installations
7,000+
Vulnerability:
Sensitive Data Exposure
Patched in Version:
1.4.7
Severity Score:
Medium
CVE:
2024-10329
The vulnerability has been patched, so you should update to version 1.4.7.

XT Floating Cart for WooCommerce

Plugin:
XT Floating Cart for WooCommerce
Plugin Slug:
woo-floating-cart-lite
Installations
6,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.8.3
Severity Score:
Medium
CVE:
2024-9178
The vulnerability has been patched, so you should update to version 2.8.3.

WPAdverts – Classifieds Plugin

Plugin:
WPAdverts – Classifieds Plugin
Plugin Slug:
wpadverts
Installations
6,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.1.7
Severity Score:
High
CVE:
2024-10108
The vulnerability has been patched, so you should update to version 2.1.7.

Arconix Shortcodes

Plugin:
Arconix Shortcodes
Plugin Slug:
arconix-shortcodes
Installations
5,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.1.14
Severity Score:
Medium
CVE:
2024-10226
The vulnerability has been patched, so you should update to version 2.1.14.

ElementsReady Addons for Elementor

Plugin:
ElementsReady Addons for Elementor
Plugin Slug:
element-ready-lite
Installations
5,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
6.4.4
Severity Score:
Medium
CVE:
2024-51787
The vulnerability has been patched, so you should update to version 6.4.4.

JS Help Desk – The Ultimate Help Desk & Support Plugin

Plugin:
JS Help Desk – The Ultimate Help Desk & Support Plugin
Plugin Slug:
js-support-ticket
Installations
5,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.8.8
Severity Score:
Medium
CVE:
2024-51670
The vulnerability has been patched, so you should update to version 2.8.8.

SMS Alert Order Notifications – WooCommerce

Plugin:
SMS Alert Order Notifications – WooCommerce
Plugin Slug:
sms-alert
Installations
5,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
3.7.6
Severity Score:
Medium
CVE:
2024-10233
The vulnerability has been patched, so you should update to version 3.7.6.

Easy Accordion Gutenberg Block

Plugin:
Easy Accordion Gutenberg Block
Plugin Slug:
easy-accordion-block
Installations
4,000+
Vulnerability:
Broken Access Control
Patched in Version:
1.2.5
Severity Score:
Medium
CVE:
2024-51660
The vulnerability has been patched, so you should update to version 1.2.5.

Move Addons for Elementor

Plugin:
Move Addons for Elementor
Plugin Slug:
move-addons
Installations
3,000+
Vulnerability:
Sensitive Data Exposure
Patched in Version:
1.3.6
Severity Score:
Medium
CVE:
2024-10360
The vulnerability has been patched, so you should update to version 1.3.6.

Multiple Page Generator Plugin – MPG

Plugin:
Multiple Page Generator Plugin – MPG
Plugin Slug:
multiple-pages-generator-by-porthas
Installations
3,000+
Vulnerability:
Broken Access Control
Patched in Version:
4.0.2
Severity Score:
Medium
CVE:
2024-7424
The vulnerability has been patched, so you should update to version 4.0.2.

Newsletters

Plugin:
Newsletters
Plugin Slug:
newsletters-lite
Installations
3,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
4.9.9.5
Severity Score:
Medium
CVE:
2024-10181
The vulnerability has been patched, so you should update to version 4.9.9.5.

Paytium: Mollie payment forms & donations

Plugin:
Paytium: Mollie payment forms & donations
Plugin Slug:
paytium
Installations
3,000+
Vulnerability:
Broken Access Control
Patched in Version:
4.4.11
Severity Score:
Medium
CVE:
2024-51667
The vulnerability has been patched, so you should update to version 4.4.11.

Tickera – WordPress Event Ticketing

Plugin:
Tickera – WordPress Event Ticketing
Plugin Slug:
tickera-event-ticketing-system
Installations
3,000+
Vulnerability:
Broken Access Control
Patched in Version:
3.5.4.6
Severity Score:
Medium
CVE:
2024-10263
The vulnerability has been patched, so you should update to version 3.5.4.6.

affiliate-toolkit

Plugin:
affiliate-toolkit
Plugin Slug:
affiliate-toolkit-starter
Installations
2,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
3.6.6
Severity Score:
Medium
CVE:
2024-10227
The vulnerability has been patched, so you should update to version 3.6.6.

Beds24 Online Booking

Plugin:
Beds24 Online Booking
Plugin Slug:
beds24-online-booking
Installations
2,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.0.26
Severity Score:
Medium
CVE:
2024-51664
The vulnerability has been patched, so you should update to version 2.0.26.

Responsive Filterable Portfolio

Plugin:
Responsive Filterable Portfolio
Plugin Slug:
responsive-filterable-portfolio
Installations
2,000+
Vulnerability:
Server Side Request Forgery (SSRF)
Patched in Version:
1.0.23
Severity Score:
Medium
CVE:
2024-51785
The vulnerability has been patched, so you should update to version 1.0.23.

Restaurant & Cafe Addon for Elementor

Plugin:
Restaurant & Cafe Addon for Elementor
Plugin Slug:
restaurant-cafe-addon-for-elementor
Installations
2,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.5.7
Severity Score:
Medium
CVE:
2024-51581
The vulnerability has been patched, so you should update to version 1.5.7.

Zotpress

Plugin:
Zotpress
Plugin Slug:
zotpress
Installations
2,000+
Vulnerability:
Broken Access Control
Patched in Version:
7.3.13
Severity Score:
Medium
CVE:
2024-7429
The vulnerability has been patched, so you should update to version 7.3.13.

aThemes Addons for Elementor

Plugin:
aThemes Addons for Elementor
Plugin Slug:
athemes-addons-for-elementor-lite
Installations
1,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.0.8
Severity Score:
Medium
CVE:
2024-51675
The vulnerability has been patched, so you should update to version 1.0.8.

Black Widgets For Elementor

Plugin:
Black Widgets For Elementor
Plugin Slug:
black-widgets
Installations
1,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.3.7
Severity Score:
Medium
CVE:
2024-51662
The vulnerability has been patched, so you should update to version 1.3.7.

Black Widgets For Elementor

Plugin:
Black Widgets For Elementor
Plugin Slug:
black-widgets
Installations
1,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.3.8
Severity Score:
Medium
CVE:
2024-9388
The vulnerability has been patched, so you should update to version 1.3.8.

WooCommerce Report

Plugin:
WooCommerce Report
Plugin Slug:
ithemelandco-woo-report
Installations
1,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
1.5.2
Severity Score:
High
CVE:
2024-10711
The vulnerability has been patched, so you should update to version 1.5.2.

Manage User Columns

Plugin:
Manage User Columns
Plugin Slug:
manage-user-columns
Installations
1,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
1.0.6
Severity Score:
Medium
CVE:
2024-51686
The vulnerability has been patched, so you should update to version 1.0.6.

MyCurator Content Curation

Plugin:
MyCurator Content Curation
Plugin Slug:
mycurator
Installations
1,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
3.79
Severity Score:
Medium
CVE:
2024-51668
The vulnerability has been patched, so you should update to version 3.79.

Post Status Notifier Lite

Plugin:
Post Status Notifier Lite
Plugin Slug:
post-status-notifier-lite
Installations
1,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.11.7
Severity Score:
High
CVE:
2024-10048
The vulnerability has been patched, so you should update to version 1.11.7.

Posti Shipping

Plugin:
Posti Shipping
Plugin Slug:
posti-shipping
Installations
1,000+
Vulnerability:
Full Path Disclosure (FPD)
Patched in Version:
3.10.3
Severity Score:
Medium
CVE:
2024-50512
The vulnerability has been patched, so you should update to version 3.10.3.

SEUR Oficial

Plugin:
SEUR Oficial
Plugin Slug:
seur
Installations
1,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.2.12
Severity Score:
High
CVE:
2024-9438
The vulnerability has been patched, so you should update to version 2.2.12.

W3SPEEDSTER

Plugin:
W3SPEEDSTER
Plugin Slug:
w3speedster-wp
Installations
1,000+
Vulnerability:
Remote Code Execution (RCE)
Patched in Version:
7.27
Severity Score:
Critical
CVE:
2024-8512
The vulnerability has been patched, so you should update to version 7.27.

WPC Smart Messages for WooCommerce

Plugin:
WPC Smart Messages for WooCommerce
Plugin Slug:
wpc-smart-messages
Installations
1,000+
Vulnerability:
Broken Access Control
Patched in Version:
4.2.2
Severity Score:
Medium
CVE:
2024-10437
The vulnerability has been patched, so you should update to version 4.2.2.

WPC Smart Messages for WooCommerce

Plugin:
WPC Smart Messages for WooCommerce
Plugin Slug:
wpc-smart-messages
Installations
1,000+
Vulnerability:
Local File Inclusion
Patched in Version:
4.2.2
Severity Score:
High
CVE:
2024-10436
The vulnerability has been patched, so you should update to version 4.2.2.

Group Chat & Video Chat by AtomChat

Plugin:
Group Chat & Video Chat by AtomChat
Plugin Slug:
atomchat
Installations
900+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.1.6
Severity Score:
Medium
CVE:
2024-10232
The vulnerability has been patched, so you should update to version 1.1.6.

StreamWeasels YouTube Integration

Plugin:
StreamWeasels YouTube Integration
Plugin Slug:
streamweasels-youtube-integration
Installations
900+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.3.3
Severity Score:
Medium
CVE:
2024-10185
The vulnerability has been patched, so you should update to version 1.3.3.

WP Team – WordPress Team Member Plugin

Plugin:
WP Team – WordPress Team Member Plugin
Plugin Slug:
ht-team-member
Installations
800+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.1.5
Severity Score:
Medium
CVE:
2024-10223
The vulnerability has been patched, so you should update to version 1.1.5.

HT Builder – WordPress Theme Builder for Elementor

Plugin:
HT Builder – WordPress Theme Builder for Elementor
Plugin Slug:
ht-builder
Installations
600+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.3.1
Severity Score:
Medium
CVE:
2024-51682
The vulnerability has been patched, so you should update to version 1.3.1.

Custom post type templates for Elementor

Plugin:
Custom post type templates for Elementor
Plugin Slug:
custom-post-type-templates-for-elementor
Installations
500+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.1.12
Severity Score:
Medium
CVE:
2024-51683
The vulnerability has been patched, so you should update to version 1.1.12.

HT Politic – For Political WordPress Themes / Website

Plugin:
HT Politic – For Political WordPress Themes / Website
Plugin Slug:
wp-politic
Installations
400+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.4.5
Severity Score:
Medium
CVE:
2024-51673
The vulnerability has been patched, so you should update to version 2.4.5.

Delisho – Recipe Widgets and Blocks

Plugin:
Delisho – Recipe Widgets and Blocks
Plugin Slug:
dr-widgets-blocks
Installations
300+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.0.7
Severity Score:
Medium
CVE:
2024-51676
The vulnerability has been patched, so you should update to version 1.0.7.

Shortcodes Blocks Creator Ultimate

Plugin:
Shortcodes Blocks Creator Ultimate
Plugin Slug:
ultimate-shortcodes-creator
Installations
300+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.2.0
Severity Score:
Medium
CVE:
2024-10340
The vulnerability has been patched, so you should update to version 2.2.0.

Appointmind

Plugin:
Appointmind
Plugin Slug:
appointmind
Installations
100+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
4.1.0
Severity Score:
High
CVE:
2024-51679
The vulnerability has been patched, so you should update to version 4.1.0.

Basticom Framework

Plugin:
Basticom Framework
Plugin Slug:
basticom-framework
Installations
100+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.5.1
Severity Score:
Medium
CVE:
2024-9443
The vulnerability has been patched, so you should update to version 1.5.1.

Knowledge Base

Plugin:
Knowledge Base
Plugin Slug:
knowledgebase
Installations
100+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.2.1
Severity Score:
Medium
CVE:
2024-51677
The vulnerability has been patched, so you should update to version 2.2.1.

RLM Elementor Widgets Pack

Plugin:
RLM Elementor Widgets Pack
Plugin Slug:
rlm-elementor-widgets-pack
Installations
100+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.4.0
Severity Score:
Medium
CVE:
2024-50542
The vulnerability has been patched, so you should update to version 1.4.0.

StreamWeasels Kick Integration

Plugin:
StreamWeasels Kick Integration
Plugin Slug:
streamweasels-kick-integration
Installations
100+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.1.2
Severity Score:
Medium
CVE:
2024-10184
The vulnerability has been patched, so you should update to version 1.1.2.

User Toolkit

Plugin:
User Toolkit
Plugin Slug:
user-toolkit
Installations
100+
Vulnerability:
Privilege Escalation
Patched in Version:
1.2.4
Severity Score:
Critical
CVE:
2024-50503
The vulnerability has been patched, so you should update to version 1.2.4.

WP Pocket URLs

Plugin:
WP Pocket URLs
Plugin Slug:
wp-pocket-urls
Installations
70+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.0.4
Severity Score:
Medium
CVE:
2024-51681
The vulnerability has been patched, so you should update to version 1.0.4.

Elo Rating Shortcode

Plugin:
Elo Rating Shortcode
Plugin Slug:
elo-rating-shortcode
Installations
60+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.0.4
Severity Score:
Medium
CVE:
2024-51678
The vulnerability has been patched, so you should update to version 1.0.4.

W3P SEO

Plugin:
W3P SEO
Plugin Slug:
wp-perfect-plugin
Installations
50+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
1.8.6
Severity Score:
High
CVE:
2024-51684
The vulnerability has been patched, so you should update to version 1.8.6.

SmartLink Dynamic URLs

Plugin:
SmartLink Dynamic URLs
Plugin Slug:
smartlink-dinamic-urls
Installations
40+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
1.1.1
Severity Score:
High
CVE:
2024-51657
The vulnerability has been patched, so you should update to version 1.1.1.

Platform.ly Official

Plugin:
Platform.ly Official
Plugin Slug:
platformly
Installations
30+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
1.14
Severity Score:
High
CVE:
2024-51687
The vulnerability has been patched, so you should update to version 1.14.

Realty by BestWebSoft

Plugin:
Realty by BestWebSoft
Plugin Slug:
realty
Installations
20+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.1.6
Severity Score:
Medium
CVE:
2024-51786
The vulnerability has been patched, so you should update to version 1.1.6.

Accordion title for Elementor

Plugin:
Accordion title for Elementor
Plugin Slug:
accordion-title-for-elementor
Installations
10+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.2.2
Severity Score:
Medium
CVE:
2024-51685
The vulnerability has been patched, so you should update to version 1.2.2.

Cresta Addons for Elementor

Plugin:
Cresta Addons for Elementor
Plugin Slug:
cresta-addons-for-elementor
Installations
10+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.1.0
Severity Score:
Medium
CVE:
2024-51680
The vulnerability has been patched, so you should update to version 1.1.0.

FraudLabs Pro SMS Verification

Plugin:
FraudLabs Pro SMS Verification
Plugin Slug:
fraudlabs-pro-sms-verification
Installations
10+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
1.10.2
Severity Score:
High
CVE:
2024-51688
The vulnerability has been patched, so you should update to version 1.10.2.

RSVPMaker for Toastmasters

Plugin:
RSVPMaker for Toastmasters
Plugin Slug:
rsvpmaker-for-toastmasters
Installations
10+
Vulnerability:
Arbitrary File Upload
Patched in Version:
6.2.5
Severity Score:
Critical
CVE:
2024-50531
The vulnerability has been patched, so you should update to version 6.2.5.

Audio Comparison Lite

Plugin:
Audio Comparison Lite
Plugin Slug:
audio-comparison-lite
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
3.5
Severity Score:
Medium
CVE:
2024-51627
The vulnerability has been patched, so you should update to version 3.5.

Loginizer Security

Plugin:
Loginizer Security
Plugin Slug:
loginizer-security
Vulnerability:
Broken Authentication
Patched in Version:
1.9.3
Severity Score:
High
CVE:
2024-10097
The vulnerability has been patched, so you should update to version 1.9.3.

Post Status Notifier Premium

Plugin:
Post Status Notifier Premium
Plugin Slug:
post-status-notifier
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.11.7
Severity Score:
High
CVE:
2024-10048
The vulnerability has been patched, so you should update to version 1.11.7.

WooCommerce Social Login

Plugin:
WooCommerce Social Login
Plugin Slug:
woo-social-login
Vulnerability:
Broken Authentication
Patched in Version:
2.7.8
Severity Score:
High
CVE:
2024-10114
The vulnerability has been patched, so you should update to version 2.7.8.

WordPress Themes — 0 Patched / 0 Unpatched

No new theme vulnerabilities were disclosed this week.

Solid Security is part of Solid Suite — The best foundation for WordPress websites.

Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!

Get Solid Security

Author:

Sarah

Sarah has been with StellarWP since 2024. As our marketing generalist, she spends her day writing content and completing projects for SolidWP, LearnDash, and The Events Calendar. In her free time, Sarah can be found playing pickleball, enjoying coffee at a local coffee shop, and spending time with her husband.

Browse all of Sarah's articles

Author:

Sarah

Sarah has been with StellarWP since 2024. As our marketing generalist, she spends her day writing content and completing projects for SolidWP, LearnDash, and The Events Calendar. In her free time, Sarah can be found playing pickleball, enjoying coffee at a local coffee shop, and spending time with her husband.

Browse all of Sarah's articles