In this report, 176 vulnerabilities have been publicly disclosed. Security patches for 87 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.
Additionally, there are 89 plugin and theme vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.
WordPress Core
WordPress 6.7 Beta 2 is ready for testing! This beta version of the WordPress software is under development. Don’t install, run, or test this version of WordPress on production or mission-critical websites. Instead, it is recommended you evaluate Beta 2 on a test server and site.
WordPress Plugins — 87 Patched / 86 Unpatched
TI WooCommerce Wishlist
- Plugin:
- TI WooCommerce Wishlist
- Plugin Slug:
- ti-woocommerce-wishlist
- Installations
- 100,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2024-9156
BuddyPress Docs
- Plugin:
- BuddyPress Docs
- Plugin Slug:
- buddypress-docs
- Installations
- 8,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-9207
Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress
- Plugin:
- Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress
- Plugin Slug:
- youzify
- Installations
- 8,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-9067
Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress
- Plugin:
- Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress
- Plugin Slug:
- youzify
- Installations
- 8,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-8987
TS Poll – Survey, Versus Poll, Image Poll, Video Poll
- Plugin Slug:
- poll-wp
- Installations
- 5,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-9022
Linkz.ai – Automatic link previews on hover
- Plugin Slug:
- linkz-ai
- Installations
- 90+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-9587
Linkz.ai – Automatic link previews on hover
- Plugin Slug:
- linkz-ai
- Installations
- 90+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-9586
2D Tag Cloud
- Plugin:
- 2D Tag Cloud
- Plugin Slug:
- 2d-tag-cloud-widget-by-sujin
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-9670
AB Categories Search Widget
- Plugin:
- AB Categories Search Widget
- Plugin Slug:
- ab-categories-search-widget
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-49240
ACF Images Search And Insert
- Plugin:
- ACF Images Search And Insert
- Plugin Slug:
- acf-images-search-and-insert
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2024-48035
Add Categories Post Footer
- Plugin:
- Add Categories Post Footer
- Plugin Slug:
- add-categories-post-footer
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-49239
ADIF Log Search Widget
- Plugin:
- ADIF Log Search Widget
- Plugin Slug:
- adif-log-search-widget
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-49238
Advanced Blocks Pro
- Plugin:
- Advanced Blocks Pro
- Plugin Slug:
- advanced-blocks-pro
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-9074
Ahime Image Printer
- Plugin:
- Ahime Image Printer
- Plugin Slug:
- ahime-image-printer
- Vulnerability:
- Arbitrary File Download
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-49245
Ahmeti Wp Timeline
- Plugin:
- Ahmeti Wp Timeline
- Plugin Slug:
- ahmeti-wp-timeline
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-49237
Ajax Custom CSS/JS
- Plugin:
- Ajax Custom CSS/JS
- Plugin Slug:
- ajax-awesome-css
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-49230
ajax-extend
- Plugin:
- ajax-extend
- Plugin Slug:
- ajax-extend
- Vulnerability:
- Remote Code Execution (RCE)
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2024-49254
Ajax Rating with Custom Login
- Plugin:
- Ajax Rating with Custom Login
- Plugin Slug:
- ajax-rating-with-custom-login
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2024-49246
Analyse Uploads
- Plugin:
- Analyse Uploads
- Plugin Slug:
- analyse-uploads
- Vulnerability:
- Arbitrary File Deletion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-49253
Arkhe Blocks
- Plugin:
- Arkhe Blocks
- Plugin Slug:
- arkhe-blocks
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-49261
Azz Anonim Posting
- Plugin:
- Azz Anonim Posting
- Plugin Slug:
- azz-anonim-posting
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2024-49257
Better Author Bio
- Plugin:
- Better Author Bio
- Plugin Slug:
- better-author-bio
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-49229
BuddyPress Better Registration
- Plugin:
- BuddyPress Better Registration
- Plugin Slug:
- better-bp-registration
- Vulnerability:
- Broken Authentication
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2024-49247
Booking.com Banner Creator
- Plugin:
- Booking.com Banner Creator
- Plugin Slug:
- bookingcom-banner-creator
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-49265
Bot for Telegram on WooCommerce
- Plugin:
- Bot for Telegram on WooCommerce
- Plugin Slug:
- bot-for-telegram-on-woocommerce
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-9821
bVerse Convert
- Plugin:
- bVerse Convert
- Plugin Slug:
- bverse-convert
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-49228
CJ Change Howdy
- Plugin:
- CJ Change Howdy
- Plugin Slug:
- cj-change-howdy
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-49223
Cookie Scanner
- Plugin:
- Cookie Scanner
- Plugin Slug:
- cookie-scanner
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-49220
Country Flags for Elementor
- Plugin:
- Country Flags for Elementor
- Plugin Slug:
- country-flags-for-elementor
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-49262
Crazy Call To Action Box
- Plugin:
- Crazy Call To Action Box
- Plugin Slug:
- crazy-call-to-action-box
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-49236
Creates 3D Flipbook, PDF Flipbook
- Plugin:
- Creates 3D Flipbook, PDF Flipbook
- Plugin Slug:
- create-flipbook-from-pdf
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2024-48034
cSlider
- Plugin:
- cSlider
- Plugin Slug:
- cslider
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-49221
WP Builder
- Plugin:
- WP Builder
- Plugin Slug:
- cssjockey-add-ons
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-9457
CSV Product Import Export for WooCommerce
- Plugin:
- CSV Product Import Export for WooCommerce
- Plugin Slug:
- csv-wc-product-import-export
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-49244
Curator.io
- Plugin:
- Curator.io
- Plugin Slug:
- curatorio
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-9057
Digital Lottery
- Plugin:
- Digital Lottery
- Plugin Slug:
- digital-lottery
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2024-49242
Disc Golf Manager
- Plugin:
- Disc Golf Manager
- Plugin Slug:
- disc-golf-manager
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2024-48026
Dynamic Elementor Addons
- Plugin:
- Dynamic Elementor Addons
- Plugin Slug:
- dynamic-elementor-addons
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-49243
Easy Social Share Buttons
- Plugin:
- Easy Social Share Buttons
- Plugin Slug:
- easy-social-share-buttons
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-8729
Events Addon for Elementor
- Plugin:
- Events Addon for Elementor
- Plugin Slug:
- events-addon-for-elementor
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-49264
External featured image from bing
- Plugin:
- External featured image from bing
- Plugin Slug:
- external-featured-image-from-bing
- Vulnerability:
- Remote Code Execution (RCE)
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2024-48027
Featured Posts with Multiple Custom Groups (FPMCG)
- Plugin:
- Featured Posts with Multiple Custom Groups (FPMCG)
- Plugin Slug:
- featured-posts-with-multiple-custom-groups-fpmcg
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-48032
Featured Posts with Multiple Custom Groups (FPMCG)
- Plugin:
- Featured Posts with Multiple Custom Groups (FPMCG)
- Plugin Slug:
- featured-posts-with-multiple-custom-groups-fpmcg
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-48031
Feed Comments Number
- Plugin:
- Feed Comments Number
- Plugin Slug:
- feed-comments-number
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2024-49216
Free Stock Photos Foter
- Plugin:
- Free Stock Photos Foter
- Plugin Slug:
- free-stock-photos-foter
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-49227
GDPR-Extensions-com
- Plugin:
- GDPR-Extensions-com
- Plugin Slug:
- gdpr-consent-manager
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-9072
Elementor Inline SVG
- Plugin:
- Elementor Inline SVG
- Plugin Slug:
- inline-svg-elementor
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-9064
IP Loc8
- Plugin:
- IP Loc8
- Plugin Slug:
- ip-loc8
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2024-48028
Keep Backup Daily
- Plugin:
- Keep Backup Daily
- Plugin Slug:
- keep-backup-daily
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-48024
WordPress Gallery Plugin – Limb Image Gallery
- Plugin:
- WordPress Gallery Plugin – Limb Image Gallery
- Plugin Slug:
- limb-gallery
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2024-49260
WordPress Gallery Plugin – Limb Image Gallery
- Plugin:
- WordPress Gallery Plugin – Limb Image Gallery
- Plugin Slug:
- limb-gallery
- Vulnerability:
- Arbitrary File Download
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-49258
Linked Variation for WooCommerce
- Plugin:
- Linked Variation for WooCommerce
- Plugin Slug:
- linked-variation-for-woocommerce
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-48047
Contact Forms, Live Support, CRM, Video Messages
- Plugin:
- Contact Forms, Live Support, CRM, Video Messages
- Plugin Slug:
- live-support-tickets
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-49235
Maan Addons For Elementor
- Plugin:
- Maan Addons For Elementor
- Plugin Slug:
- maan-elementor-addons
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-49251
Forms for Mailchimp by Optin Cat
- Plugin:
- Forms for Mailchimp by Optin Cat
- Plugin Slug:
- mailchimp-wp
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-7489
Marketing and SEO Booster
- Plugin:
- Marketing and SEO Booster
- Plugin Slug:
- marketing-and-seo-booster
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-9066
MAS Elementor
- Plugin:
- MAS Elementor
- Plugin Slug:
- mas-addons-for-elementor
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-49233
El mejor Cluster
- Plugin:
- El mejor Cluster
- Plugin Slug:
- mejorcluster
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-49232
Mighty Builder
- Plugin:
- Mighty Builder
- Plugin Slug:
- mighty-builder
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-48049
Mitm Bug Tracker
- Plugin:
- Mitm Bug Tracker
- Plugin Slug:
- mitm-bug-tracker
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-49224
My Favorites
- Plugin:
- My Favorites
- Plugin Slug:
- my-favorites
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-49263
Mynx Page Builder
- Plugin:
- Mynx Page Builder
- Plugin Slug:
- mynx-page-builder
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-9656
Easy PayPal Gift Certificate
- Plugin:
- Easy PayPal Gift Certificate
- Plugin Slug:
- paypal-gift-certificate
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-9592
Pedalo Connector
- Plugin:
- Pedalo Connector
- Plugin Slug:
- pedalo-connector
- Vulnerability:
- Broken Authentication
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2024-9822
Plexx Elementor Extension
- Plugin:
- Plexx Elementor Extension
- Plugin Slug:
- plexx-elementor-extension
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-49234
QA Analytics
- Plugin:
- QA Analytics
- Plugin Slug:
- qa-heatmap-analytics
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-8513
Read more By Adam
- Plugin:
- Read more By Adam
- Plugin Slug:
- read-more
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-9187
Recently
- Plugin:
- Recently
- Plugin Slug:
- recently-viewed-most-viewed-and-sold-products-for-woocommerce
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2024-49218
Restaurant Reservations Widget
- Plugin:
- Restaurant Reservations Widget
- Plugin Slug:
- restaurantconnect-reswidget
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-48023
RS-Members
- Plugin:
- RS-Members
- Plugin Slug:
- rs-members
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-49219
Shortcode For Elementor Templates
- Plugin:
- Shortcode For Elementor Templates
- Plugin Slug:
- shortcode-support-for-elementor-templates
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-48022
Shortcodes AnyWhere
- Plugin:
- Shortcodes AnyWhere
- Plugin Slug:
- shortcodes-anywhere
- Vulnerability:
- Content Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-9581
Simple Baseball Scoreboard
- Plugin:
- Simple Baseball Scoreboard
- Plugin Slug:
- simple-baseball-scoreboard
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-48025
Table of Contents Plus
- Plugin:
- Table of Contents Plus
- Plugin Slug:
- table-of-contents-plus
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-49250
TAKETIN To WP Membership
- Plugin:
- TAKETIN To WP Membership
- Plugin Slug:
- taketin-to-wp-membership
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-49226
Talkback
- Plugin:
- Talkback
- Plugin Slug:
- talkback-secure-linkback-protocol
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2024-48033
Telecash Ricaricaweb
- Plugin:
- Telecash Ricaricaweb
- Plugin Slug:
- telecash-ricaricaweb
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2024-48030
Tito
- Plugin:
- Tito
- Plugin Slug:
- tito
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-49241
Unlimited Addon For Elementor
- Plugin:
- Unlimited Addon For Elementor
- Plugin Slug:
- unlimited-addon-for-elementor
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-49267
Adding drop down roles in registration
- Plugin:
- Adding drop down roles in registration
- Plugin Slug:
- user-drop-down-roles-in-registration
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
- 2024-49217
UserPlus
- Plugin:
- UserPlus
- Plugin Slug:
- userplus
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-9519
WordPress Video
- Plugin:
- WordPress Video
- Plugin Slug:
- wordpress-video
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-49231
WP-Spreadplugin
- Plugin:
- WP-Spreadplugin
- Plugin Slug:
- wp-spreadplugin
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-49266
WP Users Masquerade
- Plugin:
- WP Users Masquerade
- Plugin Slug:
- wp-users-masquerade
- Vulnerability:
- Broken Authentication
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-9522
wpPricing Builder
- Plugin:
- wpPricing Builder
- Plugin Slug:
- wppricing-builder-lite-responsive-pricing-table-builder
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
- 2024-49225
Wsify Widget
- Plugin:
- Wsify Widget
- Plugin Slug:
- wsify-widget
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-48048
Elementor Website Builder – More than Just a Page Builder
- Plugin Slug:
- elementor
- Installations
- 10,000,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 3.24.6
- Severity Score:
- Medium
- CVE:
- 2024-6757
WooCommerce
- Plugin:
- WooCommerce
- Plugin Slug:
- woocommerce
- Installations
- 7,000,000+
- Vulnerability:
- Content Injection
- Patched in Version:
- 9.1.0
- Severity Score:
- Medium
- CVE:
- 2024-9944
Jetpack – WP Security, Backup, Speed, & Growth
- Plugin Slug:
- jetpack
- Installations
- 4,000,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 13.9.1
- Severity Score:
- Medium
- CVE:
- 2024-9926
Secure Custom Fields
- Plugin:
- Secure Custom Fields
- Plugin Slug:
- advanced-custom-fields
- Installations
- 2,000,000+
- Vulnerability:
- Arbitrary Code Execution
- Patched in Version:
- 6.3.6.1
- Severity Score:
- Medium
- CVE:
- 2024-9529
TablePress – Tables in WordPress made easy
- Plugin Slug:
- tablepress
- Installations
- 700,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.4.3
- Severity Score:
- Medium
- CVE:
- 2024-9595
Happy Addons for Elementor
- Plugin:
- Happy Addons for Elementor
- Plugin Slug:
- happy-elementor-addons
- Installations
- 400,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.12.4
- Severity Score:
- Medium
- CVE:
- 2024-48045
Royal Elementor Addons and Templates
- Plugin Slug:
- royal-elementor-addons
- Installations
- 400,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.3.987
- Severity Score:
- Medium
- CVE:
- 2024-8482
Ad Inserter – Ad Manager & AdSense Ads
- Plugin Slug:
- ad-inserter
- Installations
- 300,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.7.38
- Severity Score:
- High
- CVE:
- 2024-49248
ShortPixel Image Optimizer – Optimize Images, Convert WebP & AVIF
- Plugin Slug:
- shortpixel-image-optimiser
- Installations
- 300,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 5.6.4
- Severity Score:
- Medium
- CVE:
- 2024-48044
ShortPixel Image Optimizer – Optimize Images, Convert WebP & AVIF
- Plugin Slug:
- shortpixel-image-optimiser
- Installations
- 300,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 5.6.4
- Severity Score:
- High
- CVE:
- 2024-48043
Unlimited Elements For Elementor (Free Widgets, Addons, Templates)
- Plugin Slug:
- unlimited-elements-for-elementor
- Installations
- 300,000+
- Vulnerability:
- Remote Code Execution (RCE)
- Patched in Version:
- 1.5.122
- Severity Score:
- Critical
- CVE:
- 2024-49271
Photo Gallery by 10Web – Mobile-Friendly Image Gallery
- Plugin Slug:
- photo-gallery
- Installations
- 200,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.8.28
- Severity Score:
- Medium
- CVE:
- 2024-5968
Elementor Addon Elements
- Plugin:
- Elementor Addon Elements
- Plugin Slug:
- addon-elements-for-elementor-page-builder
- Installations
- 100,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 1.13.9
- Severity Score:
- Medium
- CVE:
- 2024-8902
Custom Twitter Feeds – A Tweets Widget or X Feed Widget
- Plugin Slug:
- custom-twitter-feeds
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.2.3
- Severity Score:
- Medium
- CVE:
- 2024-8983
Newsletter, SMTP, Email marketing and Subscribe forms by Brevo (formely Sendinblue)
- Plugin Slug:
- mailin
- Installations
- 100,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 3.1.88
- Severity Score:
- Medium
- CVE:
- 2024-8477
Relevanssi – A Better Search
- Plugin:
- Relevanssi – A Better Search
- Plugin Slug:
- relevanssi
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.23.1
- Severity Score:
- Medium
- CVE:
- 2024-9021
Stackable – Page Builder Gutenberg Blocks
- Plugin Slug:
- stackable-ultimate-gutenberg-blocks
- Installations
- 100,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.13.7
- Severity Score:
- Medium
- CVE:
- 2024-8760
The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce
- Plugin:
- The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce
- Plugin Slug:
- the-plus-addons-for-elementor-page-builder
- Installations
- 100,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 5.6.12
- Severity Score:
- Medium
- CVE:
- 2024-8913
WooCommerce Multilingual & Multicurrency with WPML
- Plugin Slug:
- woocommerce-multilingual
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.3.8
- Severity Score:
- High
- CVE:
- 2024-8629
ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor)
- Plugin Slug:
- woolentor-addons
- Installations
- 100,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 2.9.9
- Severity Score:
- Medium
- CVE:
- 2024-9538
SlimStat Analytics
- Plugin:
- SlimStat Analytics
- Plugin Slug:
- wp-slimstat
- Installations
- 90,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.2.7
- Severity Score:
- High
- CVE:
- 2024-9548
Photo Gallery, Images, Slider in Rbs Image Gallery
- Plugin Slug:
- robo-gallery
- Installations
- 50,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.2.22
- Severity Score:
- Medium
- CVE:
- 2024-8431
Download Plugins and Themes in ZIP from Dashboard
- Plugin Slug:
- download-plugins-dashboard
- Installations
- 40,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.9.2
- Severity Score:
- High
- CVE:
- 2024-9232
WPIDE – File Manager & Code Editor
- Plugin Slug:
- wpide
- Installations
- 40,000+
- Vulnerability:
- Full Path Disclosure (FPD)
- Patched in Version:
- 3.5.0
- Severity Score:
- Medium
- CVE:
- 2024-9546
FULL – Cliente
- Plugin:
- FULL – Cliente
- Plugin Slug:
- full-customer
- Installations
- 30,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.1.23
- Severity Score:
- High
- CVE:
- 2024-9211
PowerPress Podcasting plugin by Blubrry
- Plugin Slug:
- powerpress
- Installations
- 30,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 11.9.19
- Severity Score:
- Medium
- CVE:
- 2024-9543
VOD Infomaniak
- Plugin:
- VOD Infomaniak
- Plugin Slug:
- vod-infomaniak
- Installations
- 30,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.5.8
- Severity Score:
- Medium
- CVE:
- 2024-49274
Embed PDF Viewer
- Plugin:
- Embed PDF Viewer
- Plugin Slug:
- embed-pdf-viewer
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.4.5
- Severity Score:
- Medium
- CVE:
- 2024-9451
Smart Post Show – Post Grid, Post Carousel, Post Slider, Post Timeline, Post Table, and List Category Posts, Latest Posts, Recent Posts, Popular Posts and More
- Plugin Slug:
- post-carousel
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.0.1
- Severity Score:
- Medium
- CVE:
- 2024-8187
WordPress File Upload
- Plugin:
- WordPress File Upload
- Plugin Slug:
- wp-file-upload
- Installations
- 20,000+
- Vulnerability:
- Path Traversal
- Patched in Version:
- 4.24.12
- Severity Score:
- Critical
- CVE:
- 2024-9047
Backup and Staging by WP Time Capsule
- Plugin Slug:
- wp-time-capsule
- Installations
- 20,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 1.22.22
- Severity Score:
- High
- CVE:
- 2024-48020
Contact Form 7 – PayPal & Stripe Add-on
- Plugin Slug:
- contact-form-7-paypal-add-on
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.3.1
- Severity Score:
- High
- CVE:
- 2024-48021
Hunk Companion
- Plugin:
- Hunk Companion
- Plugin Slug:
- hunk-companion
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.8.5
- Severity Score:
- High
- CVE:
- 2024-9707
PublishPress Revisions: Duplicate Posts, Submit, Approve and Schedule Content Changes
- Plugin Slug:
- revisionary
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.5.15
- Severity Score:
- High
- CVE:
- 2024-9436
WP Post Author – Boost Your Blog’s Engagement with Author Box, Social Links, Co-Authors, Guest Authors, Post Rating System, and Custom User Registration Form Builder
- Plugin Slug:
- wp-post-author
- Installations
- 10,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 3.8.2
- Severity Score:
- High
- CVE:
- 2024-8757
Contact Form by Supsystic
- Plugin:
- Contact Form by Supsystic
- Plugin Slug:
- contact-form-by-supsystic
- Installations
- 9,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.7.29
- Severity Score:
- Medium
- CVE:
- 2024-48046
Contact Form by Supsystic
- Plugin:
- Contact Form by Supsystic
- Plugin Slug:
- contact-form-by-supsystic
- Installations
- 9,000+
- Vulnerability:
- Remote Code Execution (RCE)
- Patched in Version:
- 1.7.29
- Severity Score:
- Critical
- CVE:
- 2024-48042
GutenKit – Page Builder Blocks, Patterns, and Templates for Gutenberg Block Editor
- Plugin Slug:
- gutenkit-blocks-addon
- Installations
- 9,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 2.1.1
- Severity Score:
- Critical
- CVE:
- 2024-9234
CM Tooltip Glossary
- Plugin:
- CM Tooltip Glossary
- Plugin Slug:
- enhanced-tooltipglossary
- Installations
- 8,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.3.11
- Severity Score:
- Medium
- CVE:
- 2024-48041
Primary Addon for Elementor
- Plugin:
- Primary Addon for Elementor
- Plugin Slug:
- primary-addon-for-elementor
- Installations
- 8,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.5.9
- Severity Score:
- Medium
- CVE:
- 2024-49259
Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder
- Plugin Slug:
- bit-form
- Installations
- 7,000+
- Vulnerability:
- Arbitrary File Download
- Patched in Version:
- 2.15.3
- Severity Score:
- Medium
- CVE:
- 2024-9507
ProfileGrid – User Profiles, Groups and Communities
- Plugin Slug:
- profilegrid-user-profiles-groups-and-communities
- Installations
- 7,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 5.9.3.1
- Severity Score:
- Medium
- CVE:
- 2024-49273
Survey Maker
- Plugin:
- Survey Maker
- Plugin Slug:
- survey-maker
- Installations
- 6,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.9.6
- Severity Score:
- Medium
- CVE:
- 2024-8488
Auto iFrame
- Plugin:
- Auto iFrame
- Plugin Slug:
- auto-iframe
- Installations
- 5,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.8
- Severity Score:
- Medium
- CVE:
- 2024-9449
Easy Mega Menu Plugin for WordPress – ThemeHunk
- Plugin Slug:
- themehunk-megamenu-plus
- Installations
- 5,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.1.1
- Severity Score:
- Medium
- CVE:
- 2024-8433
WP Ultimate Post Grid
- Plugin:
- WP Ultimate Post Grid
- Plugin Slug:
- wp-ultimate-post-grid
- Installations
- 5,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.0.0
- Severity Score:
- Medium
- CVE:
- 2024-9051
CubeWP – All-in-One Dynamic Content Framework
- Plugin Slug:
- cubewp-framework
- Installations
- 4,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.1.16
- Severity Score:
- Medium
- CVE:
- 2024-48039
Social Sharing (by Danny)
- Plugin:
- Social Sharing (by Danny)
- Plugin Slug:
- dvk-social-sharing
- Installations
- 4,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.3.8
- Severity Score:
- Medium
- CVE:
- 2024-9704
Category Icon
- Plugin:
- Category Icon
- Plugin Slug:
- category-icon
- Installations
- 3,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.0.1
- Severity Score:
- Medium
- CVE:
- 2024-8915
WordPress Comments Import & Export
- Plugin Slug:
- comments-import-export-woocommerce
- Installations
- 3,000+
- Vulnerability:
- Directory Traversal
- Patched in Version:
- 2.3.9
- Severity Score:
- Medium
- CVE:
- 2024-7514
Products, Order & Customers Export for WooCommerce
- Plugin Slug:
- export-woocommerce
- Installations
- 3,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.1.0
- Severity Score:
- High
- CVE:
- 2024-9377
Htaccess File Editor – Easily Edit, Backup, Restore .htaccess file
- Plugin Slug:
- htaccess-file-editor
- Installations
- 3,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.0.19
- Severity Score:
- Medium
- CVE:
- 2024-49256
Notification for Telegram
- Plugin:
- Notification for Telegram
- Plugin Slug:
- notification-for-telegram
- Installations
- 3,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.3.2
- Severity Score:
- Medium
- CVE:
- 2024-9685
Embed videos and respect privacy
- Plugin:
- Embed videos and respect privacy
- Plugin Slug:
- video-embed-privacy
- Installations
- 3,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.3
- Severity Score:
- High
- CVE:
- 2024-9346
BlockMeister – Block Pattern Builder
- Plugin Slug:
- blockmeister
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.1.11
- Severity Score:
- High
- CVE:
- 2024-9616
Smart Online Order for Clover
- Plugin:
- Smart Online Order for Clover
- Plugin Slug:
- clover-online-orders
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.5.8
- Severity Score:
- Medium
- CVE:
- 2024-9895
Leyka
- Plugin:
- Leyka
- Plugin Slug:
- leyka
- Installations
- 2,000+
- Vulnerability:
- Full Path Disclosure (FPD)
- Patched in Version:
- 3.31.7
- Severity Score:
- Medium
- CVE:
- 2024-49252
SKT Blocks – Gutenberg based Page Builder
- Plugin Slug:
- skt-blocks
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.7
- Severity Score:
- Medium
- CVE:
- 2024-48036
Smart Blocks
- Plugin:
- Smart Blocks
- Plugin Slug:
- smart-blocks
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.1
- Severity Score:
- Medium
- CVE:
- 2024-49270
IdeaPush
- Plugin:
- IdeaPush
- Plugin Slug:
- ideapush
- Installations
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 8.71
- Severity Score:
- Medium
- CVE:
- 2024-49275
Increase upload file size & Maximum Execution Time limit
- Plugin Slug:
- increase-upload-file-size-maximum-execution-time-limit
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.0
- Severity Score:
- High
- CVE:
- 2024-9611
Language Switcher
- Plugin:
- Language Switcher
- Plugin Slug:
- language-switcher
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.8.0
- Severity Score:
- High
- CVE:
- 2024-9610
Maximum Products per User for WooCommerce
- Plugin Slug:
- maximum-products-per-user-for-woocommerce
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.2.9
- Severity Score:
- High
- CVE:
- 2024-9205
Contact Form Widget – Contact Query, Contact Page, Form Maker, Query Table
- Plugin Slug:
- new-contact-form-widget
- Installations
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.4.3
- Severity Score:
- Medium
- CVE:
- 2024-48037
Order Attachments for WooCommerce
- Plugin Slug:
- order-attachments-for-woocommerce
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.5.0
- Severity Score:
- Medium
- CVE:
- 2024-9756
Rescue Shortcodes
- Plugin:
- Rescue Shortcodes
- Plugin Slug:
- rescue-shortcodes
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.9
- Severity Score:
- Medium
- CVE:
- 2024-9696
Image Optimizer, Resizer and CDN – Sirv
- Plugin Slug:
- sirv
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 7.3.0
- Severity Score:
- Medium
- CVE:
- 2024-8964
Tainacan
Tainacan
- Plugin:
- Tainacan
- Plugin Slug:
- tainacan
- Installations
- 1,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 0.21.9
- Severity Score:
- High
- CVE:
- 2024-48040
wp-Monalisa
- Plugin:
- wp-Monalisa
- Plugin Slug:
- wp-monalisa
- Installations
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 6.5
- Severity Score:
- Medium
- CVE:
- 2024-48038
WordPress WP-Advanced-Search
- Plugin:
- WordPress WP-Advanced-Search
- Plugin Slug:
- wp-advanced-search
- Installations
- 600+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 3.3.9.2
- Severity Score:
- Critical
- CVE:
- 2024-9796
AADMY – Add Auto Date Month Year Into Posts
- Plugin Slug:
- auto-date-year-month
- Installations
- 300+
- Vulnerability:
- Content Injection
- Patched in Version:
- 2.0.2
- Severity Score:
- Medium
- CVE:
- 2024-9837
Da Reactions
- Plugin:
- Da Reactions
- Plugin Slug:
- da-reactions
- Installations
- 200+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.2.0
- Severity Score:
- Medium
- CVE:
- 2024-49255
Limit Login Attempts (Spam Protection)
- Plugin Slug:
- wp-limit-failed-login-attempts
- Installations
- 200+
- Vulnerability:
- Bypass Vulnerability
- Patched in Version:
- 5.4
- Severity Score:
- Medium
- CVE:
- 2022-4534
ImagePress – Image Gallery
- Plugin:
- ImagePress – Image Gallery
- Plugin Slug:
- image-gallery
- Installations
- 100+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.3.0
- Severity Score:
- Medium
- CVE:
- 2024-9778
ImagePress – Image Gallery
- Plugin:
- ImagePress – Image Gallery
- Plugin Slug:
- image-gallery
- Installations
- 100+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.3.0
- Severity Score:
- Medium
- CVE:
- 2024-9824
ImagePress – Image Gallery
- Plugin:
- ImagePress – Image Gallery
- Plugin Slug:
- image-gallery
- Installations
- 100+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.3.0
- Severity Score:
- Medium
- CVE:
- 2024-9776
pretix widget
- Plugin:
- pretix widget
- Plugin Slug:
- pretix-widget
- Installations
- 100+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 1.0.6
- Severity Score:
- High
- CVE:
- 2024-9575
WP 2FA with Telegram
- Plugin:
- WP 2FA with Telegram
- Plugin Slug:
- two-factor-login-telegram
- Installations
- 100+
- Vulnerability:
- Broken Authentication
- Patched in Version:
- 3.1
- Severity Score:
- High
- CVE:
- 2024-9687
WP 2FA with Telegram
- Plugin:
- WP 2FA with Telegram
- Plugin Slug:
- two-factor-login-telegram
- Installations
- 100+
- Vulnerability:
- Bypass Vulnerability
- Patched in Version:
- 3.1
- Severity Score:
- Medium
- CVE:
- 2024-9820
SB Random Posts Widget
- Plugin:
- SB Random Posts Widget
- Plugin Slug:
- sb-random-posts-widget
- Installations
- 10+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 1.1
- Severity Score:
- High
- CVE:
- 2024-48029
Advanced Custom Fields PRO
- Plugin:
- Advanced Custom Fields PRO
- Plugin Slug:
- advanced-custom-fields-pro
- Vulnerability:
- Arbitrary Code Execution
- Patched in Version:
- 6.3.8
- Severity Score:
- Medium
- CVE:
- 2024-9529
Bridge Core
- Plugin:
- Bridge Core
- Plugin Slug:
- bridge-core
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.3.1
- Severity Score:
- Medium
- CVE:
- 2024-9860
CMSMasters Content Composer
- Plugin:
- CMSMasters Content Composer
- Plugin Slug:
- cmsmasters-content-composer
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.9.0
- Severity Score:
- Medium
- CVE:
- 2024-7963
LatePoint
- Plugin:
- LatePoint
- Plugin Slug:
- latepoint
- Vulnerability:
- Broken Authentication
- Patched in Version:
- 5.0.13
- Severity Score:
- Critical
- CVE:
- 2024-8943
LatePoint
- Plugin:
- LatePoint
- Plugin Slug:
- latepoint
- Vulnerability:
- SQL Injection
- Patched in Version:
- 5.0.12
- Severity Score:
- Critical
- CVE:
- 2024-8911
Social Auto Poster
- Plugin:
- Social Auto Poster
- Plugin Slug:
- social-auto-poster
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 5.3.16
- Severity Score:
- Medium
- CVE:
- 2024-49272
WordPress Themes — 0 Patched / 3 Unpatched
disconnected
- Theme:
- disconnected
- Theme Slug:
- disconnected
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-49268
my flatonica
- Theme:
- my flatonica
- Theme Slug:
- my-flatonica
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-49269
my wooden under construction
- Theme:
- my wooden under construction
- Theme Slug:
- my-wooden-under-construction
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
- 2024-49269
Solid Security is part of Solid Suite — The best foundation for WordPress websites.
Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!
Join us for the next Solid Academy Webinar!
Free weekly webinars that will help you master WordPress and increase your business's bottom line.
What is a WordPress Phishing Attack?
Learn how to identify and prevent phishing attacks on WordPress websites.
Kiki SheldonWebsite Protection: 5 Ways to Keep Your Website Safe
Robust website protection is the shield that stands between your business and relentless cyber attacks. Prioritizing website protection enables businesses to fortify defenses to safeguard their online presence and preserve the trust of their customers in the face of ever-evolving cybersecurity threats.
Kiki Sheldon23 Ideas To Grow Your WordPress Business in 2023
WordPress is the most popular website-building platform worldwide, trusted by numerous brands. WordPress enables you to build a user-friendly and highly reliable site, together with tools and plugins to enhance your marketing and work like a lead magnet. All these features make WordPress the platform chosen by more than 43% of businesses globally.
SolidWP Editorial TeamSign up now — Get SolidWP updates and valuable content straight to your inbox
Sign up
Placeholder text
Placeholder text
Get started with confidence — risk free, guaranteed
