WordPress Vulnerability Report

WordPress Vulnerability Report — October 2, 2024

Since last week, 302 new vulnerabilities emerged in the WordPress ecosystem including 296 plugins and 6 themes. 86 of the vulnerable plugins remain unpatched, but Solid Security Pro users are protected by virtual patching from Patchstack.

Sarah

Published:Oct 2, 2024

Filed Under:WordPress Vulnerability Report

Reading Time:56 min.

In this report, 302 vulnerabilities have been publicly disclosed. Security patches for 216 of these plugins are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 86 plugin and theme vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

Along with poor user account security, vulnerable plugins and themes are among the top reasons why WordPress websites get hacked. Unfortunately, cyberattacks are increasing in volume and sophistication. They’re also increasingly aimed at small to mid-sized businesses.

Our WordPress Vulnerability Report covers the latest emerging WordPress plugin, theme, and core vulnerabilities. Each vulnerability will have a severity rating of LowMediumHigh, or Critical. Responsible disclosure of vulnerabilities is essential to keeping the WordPress community safe. Please share this report to help spread the word and make WordPress — and the web — more secure.

WordPress Core

WordPress 6.7 Beta 1 is ready for download and testing! This beta version of the WordPress software is under development. Please do not install, run, or test this version of WordPress on production or mission-critical websites. Instead, set up a test environment or a local site to explore the new features.

No new core vulnerabilities were disclosed this week.

WordPress Plugins — 213 Patched / 83 Unpatched

Crowdsignal Dashboard – Polls, Surveys & more

Plugin:
Crowdsignal Dashboard – Polls, Surveys & more
Plugin Slug:
polldaddy
Installations
100,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-43338
The vulnerability has not been patched. You should deactivate the plugin.

Contact Form to Any API

Plugin:
Contact Form to Any API
Plugin Slug:
contact-form-to-any-api
Installations
8,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-7617
The vulnerability has not been patched. You should deactivate the plugin.

EventPrime – Events Calendar, Bookings and Tickets

Plugin:
EventPrime – Events Calendar, Bookings and Tickets
Plugin Slug:
eventprime-event-calendar-management
Installations
4,000+
Vulnerability:
Open Redirection
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-47648
The vulnerability has not been patched. You should deactivate the plugin.

Premium Packages – Sell Digital Products Securely

Plugin:
Premium Packages – Sell Digital Products Securely
Plugin Slug:
wpdm-premium-packages
Installations
4,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-7386
The vulnerability has not been patched. You should deactivate the plugin.

Copyscape Premium

Plugin:
Copyscape Premium
Plugin Slug:
copyscape-premium
Installations
2,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-47644
The vulnerability has not been patched. You should deactivate the plugin.

Keap Official Opt-in Forms

Plugin:
Keap Official Opt-in Forms
Plugin Slug:
infusionsoft-official-opt-in-forms
Installations
2,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-47642
The vulnerability has not been patched. You should deactivate the plugin.

Online Booking & Scheduling Calendar for WordPress by vcita

Plugin:
Online Booking & Scheduling Calendar for WordPress by vcita
Plugin Slug:
meeting-scheduler-by-vcita
Installations
2,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-47638
The vulnerability has not been patched. You should deactivate the plugin.

Include Fussball.de Widgets

Plugin:
Include Fussball.de Widgets
Plugin Slug:
include-fussball-de-widgets
Installations
1,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-47643
The vulnerability has not been patched. You should deactivate the plugin.

Payflex Payment Gateway

Plugin:
Payflex Payment Gateway
Plugin Slug:
payflex-payment-gateway
Installations
1,000+
Vulnerability:
Open Redirection
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-47646
The vulnerability has not been patched. You should deactivate the plugin.

Terms descriptions

Plugin:
Terms descriptions
Plugin Slug:
terms-descriptions
Installations
1,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-47336
The vulnerability has not been patched. You should deactivate the plugin.

Review & testimonial widgets

Plugin:
Review & testimonial widgets
Plugin Slug:
trustmary
Installations
1,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-44022
The vulnerability has not been patched. You should deactivate the plugin.

VdoCipher: Secure Video Player and Hosting

Plugin:
VdoCipher: Secure Video Player and Hosting
Plugin Slug:
vdocipher
Installations
1,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-47639
The vulnerability has not been patched. You should deactivate the plugin.

WPExperts Square For GiveWP

Plugin:
WPExperts Square For GiveWP
Plugin Slug:
wpexperts-square-for-give
Installations
200+
Vulnerability:
SQL Injection
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-47338
The vulnerability has not been patched. You should deactivate the plugin.

012 PS Multi Languages

Plugin:
012 PS Multi Languages
Plugin Slug:
012-ps-multi-languages
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-8723
The vulnerability has not been patched. You should deactivate the plugin.

123.chat

Plugin:
123.chat
Plugin Slug:
123-chat-videochat
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-7869
The vulnerability has not been patched. You should deactivate the plugin.

ABCApp Creator

Plugin:
ABCApp Creator
Plugin Slug:
abcapp-creator
Vulnerability:
Local File Inclusion
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-44023
The vulnerability has not been patched. You should deactivate the plugin.

adstxt

Plugin:
adstxt
Plugin Slug:
adstxt
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-7892
The vulnerability has not been patched. You should deactivate the plugin.

Thanh Toán Quét Mã QR Code T? ??ng

Plugin:
Thanh Toán Quét Mã QR Code T? ??ng
Plugin Slug:
bck-tu-dong-xac-nhan-thanh-toan-chuyen-khoan-ngan-hang
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-8914
The vulnerability has not been patched. You should deactivate the plugin.

Charity Addon for Elementor

Plugin:
Charity Addon for Elementor
Plugin Slug:
charity-addon-for-elementor
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-44026
The vulnerability has not been patched. You should deactivate the plugin.

Common Tools for Site

Plugin:
Common Tools for Site
Plugin Slug:
common-tools-for-site
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-9115
The vulnerability has not been patched. You should deactivate the plugin.

Confetti Fall Animation

Plugin:
Confetti Fall Animation
Plugin Slug:
confetti-fall-animation
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-47641
The vulnerability has not been patched. You should deactivate the plugin.

Contact Form 7 Campaign Monitor Extension

Plugin:
Contact Form 7 Campaign Monitor Extension
Plugin Slug:
contact-form-7-campaign-monitor-extension
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-44019
The vulnerability has not been patched. You should deactivate the plugin.

Custom Banners

Plugin:
Custom Banners
Plugin Slug:
custom-banners
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-8799
The vulnerability has not been patched. You should deactivate the plugin.

DK PDF

Plugin:
DK PDF
Plugin Slug:
dk-pdf
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-8727
The vulnerability has not been patched. You should deactivate the plugin.

Contact Form 7 Math Captcha

Plugin:
Contact Form 7 Math Captcha
Plugin Slug:
ds-cf7-math-captcha
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-6517
The vulnerability has not been patched. You should deactivate the plugin.

Easy Load More

Plugin:
Easy Load More
Plugin Slug:
easy-load-more
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-8728
The vulnerability has not been patched. You should deactivate the plugin.

Elastik Page Builder

Plugin:
Elastik Page Builder
Plugin Slug:
elastik-page-builder
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-9274
The vulnerability has not been patched. You should deactivate the plugin.

GF Custom Style

Plugin:
GF Custom Style
Plugin Slug:
gf-custom-style
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-9173
The vulnerability has not been patched. You should deactivate the plugin.

Graphicsly

Plugin:
Graphicsly
Plugin Slug:
graphicsly
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-9069
The vulnerability has not been patched. You should deactivate the plugin.

Gravity Forms Toolbar

Plugin:
Gravity Forms Toolbar
Plugin Slug:
gravity-forms-toolbar
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-8718
The vulnerability has not been patched. You should deactivate the plugin.

GutenGeek Free Gutenberg Blocks for WordPress

Plugin:
GutenGeek Free Gutenberg Blocks for WordPress
Plugin Slug:
gtg-advanced-blocks
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-9073
The vulnerability has not been patched. You should deactivate the plugin.

Hello World

Plugin:
Hello World
Plugin Slug:
hello-world
Vulnerability:
Arbitrary File Download
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-9224
The vulnerability has not been patched. You should deactivate the plugin.

Iconize

Plugin:
Iconize
Plugin Slug:
iconize
Vulnerability:
Remote Code Execution (RCE)
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2024-47649
The vulnerability has not been patched. You should deactivate the plugin.

Instant Chat Floating Button for WordPress Websites

Plugin:
Instant Chat Floating Button for WordPress Websites
Plugin Slug:
instant-chat-wp
Vulnerability:
Local File Inclusion
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-44018
The vulnerability has not been patched. You should deactivate the plugin.

Joy Of Text Lite

Plugin:
Joy Of Text Lite
Plugin Slug:
joy-of-text
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-47337
The vulnerability has not been patched. You should deactivate the plugin.

KB Support

Plugin:
KB Support
Plugin Slug:
kb-support
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-8632
The vulnerability has not been patched. You should deactivate the plugin.

KB Support

Plugin:
KB Support
Plugin Slug:
kb-support
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-8548
The vulnerability has not been patched. You should deactivate the plugin.

king_IE

Plugin:
king_IE
Plugin Slug:
king-ie
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-9125
The vulnerability has not been patched. You should deactivate the plugin.

Kodex Posts likes

Plugin:
Kodex Posts likes
Plugin Slug:
kodex-posts-likes
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-8713
The vulnerability has not been patched. You should deactivate the plugin.

Kodex Posts likes

Plugin:
Kodex Posts likes
Plugin Slug:
kodex-posts-likes
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-44036
The vulnerability has not been patched. You should deactivate the plugin.

LH Copy Media File

Plugin:
LH Copy Media File
Plugin Slug:
lh-copy-media-file
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-9220
The vulnerability has not been patched. You should deactivate the plugin.

LocateAndFilter

Plugin:
LocateAndFilter
Plugin Slug:
locateandfilter
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-9304
The vulnerability has not been patched. You should deactivate the plugin.

Loggedin

Plugin:
Loggedin
Plugin Slug:
loggedin
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-9228
The vulnerability has not been patched. You should deactivate the plugin.

Mapplic Lite

Plugin:
Mapplic Lite
Plugin Slug:
mapplic-lite
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-9117
The vulnerability has not been patched. You should deactivate the plugin.

Material Design Icons

Plugin:
Material Design Icons
Plugin Slug:
material-design-icons
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-9024
The vulnerability has not been patched. You should deactivate the plugin.

Medical Addon for Elementor

Plugin:
Medical Addon for Elementor
Plugin Slug:
medical-addon-for-elementor
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-44024
The vulnerability has not been patched. You should deactivate the plugin.

MH Board

Plugin:
MH Board
Plugin Slug:
mh-board
Vulnerability:
Local File Inclusion
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-44017
The vulnerability has not been patched. You should deactivate the plugin.

nm-visitors

Plugin:
nm-visitors
Plugin Slug:
nm-visitors
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2022-4541
The vulnerability has not been patched. You should deactivate the plugin.

OneElements – Best Elementor Addons

Plugin:
OneElements – Best Elementor Addons
Plugin Slug:
oneelements-ultimate-addons-for-elementor
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-9068
The vulnerability has not been patched. You should deactivate the plugin.

Optin Hound

Plugin:
Optin Hound
Plugin Slug:
opt-in-hound
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-9267
The vulnerability has not been patched. You should deactivate the plugin.

PDF Image Generator

Plugin:
PDF Image Generator
Plugin Slug:
pdf-image-generator
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-9241
The vulnerability has not been patched. You should deactivate the plugin.

Podiant

Plugin:
Podiant
Plugin Slug:
podiant
Vulnerability:
Local File Inclusion
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-44016
The vulnerability has not been patched. You should deactivate the plugin.

R Animated Icon

Plugin:
R Animated Icon
Plugin Slug:
r-animated-icon
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-9272
The vulnerability has not been patched. You should deactivate the plugin.
Plugin:
Relogo
Plugin Slug:
relogo
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-9269
The vulnerability has not been patched. You should deactivate the plugin.

REST API TO MiniProgram

Plugin:
REST API TO MiniProgram
Plugin Slug:
rest-api-to-miniprogram
Vulnerability:
SQL Injection
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2024-8484
The vulnerability has not been patched. You should deactivate the plugin.

REST API TO MiniProgram

Plugin:
REST API TO MiniProgram
Plugin Slug:
rest-api-to-miniprogram
Vulnerability:
Privilege Escalation
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2024-8485
The vulnerability has not been patched. You should deactivate the plugin.

RumbleTalk Live Group Chat

Plugin:
RumbleTalk Live Group Chat
Plugin Slug:
rumbletalk-chat-a-chat-with-themes
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-8720
The vulnerability has not been patched. You should deactivate the plugin.

WP Search Analytics

Plugin:
WP Search Analytics
Plugin Slug:
search-analytics
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-9209
The vulnerability has not been patched. You should deactivate the plugin.

Super Testimonials

Plugin:
Super Testimonials
Plugin Slug:
sola-testimonials
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-9127
The vulnerability has not been patched. You should deactivate the plugin.

SVG Complete

Plugin:
SVG Complete
Plugin Slug:
svg-complete
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-9119
The vulnerability has not been patched. You should deactivate the plugin.

Themesflat Addons For Elementor

Plugin:
Themesflat Addons For Elementor
Plugin Slug:
themesflat-addons-for-elementor
Vulnerability:
Sensitive Data Exposure
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-8516
The vulnerability has not been patched. You should deactivate the plugin.

Themesflat Addons For Elementor

Plugin:
Themesflat Addons For Elementor
Plugin Slug:
themesflat-addons-for-elementor
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-8515
The vulnerability has not been patched. You should deactivate the plugin.

Truepush

Plugin:
Truepush
Plugin Slug:
truepush-free-web-push-notifications
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-44021
The vulnerability has not been patched. You should deactivate the plugin.

Users Control

Plugin:
Users Control
Plugin Slug:
users-control
Vulnerability:
Local File Inclusion
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-44015
The vulnerability has not been patched. You should deactivate the plugin.

Vmax Project Manager

Plugin:
Vmax Project Manager
Plugin Slug:
vmax-project-manager
Vulnerability:
Local File Inclusion
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2024-44014
The vulnerability has not been patched. You should deactivate the plugin.

Wechat Social login

Plugin:
Wechat Social login
Plugin Slug:
wechat-social-login
Vulnerability:
Arbitrary File Upload
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2024-9108
The vulnerability has not been patched. You should deactivate the plugin.

Wechat Social login

Plugin:
Wechat Social login
Plugin Slug:
wechat-social-login
Vulnerability:
Broken Authentication
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2024-9106
The vulnerability has not been patched. You should deactivate the plugin.

WooCommerce – Store Exporter

Plugin:
WooCommerce – Store Exporter
Plugin Slug:
woocommerce-exporter
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-8793
The vulnerability has not been patched. You should deactivate the plugin.

WP Category Dropdown

Plugin:
WP Category Dropdown
Plugin Slug:
wp-category-dropdown
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-8103
The vulnerability has not been patched. You should deactivate the plugin.

WP Easy Gallery

Plugin:
WP Easy Gallery
Plugin Slug:
wp-easy-gallery
Vulnerability:
SQL Injection
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-9018
The vulnerability has not been patched. You should deactivate the plugin.

WP Easy Gallery

Plugin:
WP Easy Gallery
Plugin Slug:
wp-easy-gallery
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-8437
The vulnerability has not been patched. You should deactivate the plugin.

WP Easy Gallery

Plugin:
WP Easy Gallery
Plugin Slug:
wp-easy-gallery
Vulnerability:
SQL Injection
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-8436
The vulnerability has not been patched. You should deactivate the plugin.

WP Free SSL – Free SSL Certificate for WordPress and force HTTPS

Plugin:
WP Free SSL – Free SSL Certificate for WordPress and force HTTPS
Plugin Slug:
wp-free-ssl
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-44020
The vulnerability has not been patched. You should deactivate the plugin.

WP GPX Map

Plugin:
WP GPX Map
Plugin Slug:
wp-gpx-maps
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-9028
The vulnerability has not been patched. You should deactivate the plugin.

WP Newsletter Subscription

Plugin:
WP Newsletter Subscription
Plugin Slug:
wp-newsletter-subscription
Vulnerability:
Local File Inclusion
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-44012
The vulnerability has not been patched. You should deactivate the plugin.

Special Text Boxes

Plugin:
Special Text Boxes
Plugin Slug:
wp-special-textboxes
Vulnerability:
Bypass Vulnerability
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-8481
The vulnerability has not been patched. You should deactivate the plugin.

WP Ticket Ultra Help Desk & Support Plugin

Plugin:
WP Ticket Ultra Help Desk & Support Plugin
Plugin Slug:
wp-ticket-ultra
Vulnerability:
Local File Inclusion
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-44011
The vulnerability has not been patched. You should deactivate the plugin.

WP-WebAuthn

Plugin:
WP-WebAuthn
Plugin Slug:
wp-webauthn
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-47650
The vulnerability has not been patched. You should deactivate the plugin.

Spreadsheet Integration – Automate Google Sheets With WordPress, WooCommerce & Most Popular Form Plugins.

Plugin:
Spreadsheet Integration – Automate Google Sheets With WordPress, WooCommerce & Most Popular Form Plugins.
Plugin Slug:
wpgsi
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-6590
The vulnerability has not been patched. You should deactivate the plugin.

WPSPX

Plugin:
WPSPX
Plugin Slug:
wpspx
Vulnerability:
Local File Inclusion
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-44034
The vulnerability has not been patched. You should deactivate the plugin.

WPZOOM Shortcodes

Plugin:
WPZOOM Shortcodes
Plugin Slug:
wpzoom-shortcodes
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-9027
The vulnerability has not been patched. You should deactivate the plugin.

LiteSpeed Cache

Plugin:
LiteSpeed Cache
Plugin Slug:
litespeed-cache
Installations
6,000,000+
Vulnerability:
Path Traversal
Patched in Version:
6.5.1
Severity Score:
High
CVE:
2024-47637
The vulnerability has been patched, so you should update to version 6.5.1.

LiteSpeed Cache

Plugin:
LiteSpeed Cache
Plugin Slug:
litespeed-cache
Installations
6,000,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
6.5.1
Severity Score:
Medium
CVE:
2024-47373
The vulnerability has been patched, so you should update to version 6.5.1.

LiteSpeed Cache

Plugin:
LiteSpeed Cache
Plugin Slug:
litespeed-cache
Installations
6,000,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
6.5.1
Severity Score:
High
CVE:
2024-47374
The vulnerability has been patched, so you should update to version 6.5.1.

LiteSpeed Cache

Plugin:
LiteSpeed Cache
Plugin Slug:
litespeed-cache
Installations
6,000,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
6.5
Severity Score:
Medium
CVE:
2024-9169
The vulnerability has been patched, so you should update to version 6.5.

MC4WP: Mailchimp for WordPress

Plugin:
MC4WP: Mailchimp for WordPress
Plugin Slug:
mailchimp-for-wp
Installations
2,000,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
4.9.17
Severity Score:
Medium
CVE:
2024-8680
The vulnerability has been patched, so you should update to version 4.9.17.

ElementsKit Elementor addons

Plugin:
ElementsKit Elementor addons
Plugin Slug:
elementskit-lite
Installations
1,000,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
3.2.8
Severity Score:
Medium
CVE:
2024-8546
The vulnerability has been patched, so you should update to version 3.2.8.

W3 Total Cache

Plugin:
W3 Total Cache
Plugin Slug:
w3-total-cache
Installations
1,000,000+
Vulnerability:
Sensitive Data Exposure
Patched in Version:
2.7.6
Severity Score:
Low
CVE:
2023-5359
The vulnerability has been patched, so you should update to version 2.7.6.

Premium Addons for Elementor

Plugin:
Premium Addons for Elementor
Plugin Slug:
premium-addons-for-elementor
Installations
700,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
4.10.53
Severity Score:
Medium
CVE:
2024-8681
The vulnerability has been patched, so you should update to version 4.10.53.

The Events Calendar

Plugin:
The Events Calendar
Plugin Slug:
the-events-calendar
Installations
700,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
6.6.4
Severity Score:
High
CVE:
2024-6931
The vulnerability has been patched, so you should update to version 6.6.4.

The Events Calendar

Plugin:
The Events Calendar
Plugin Slug:
the-events-calendar
Installations
700,000+
Vulnerability:
SQL Injection
Patched in Version:
6.6.4.1
Severity Score:
Critical
CVE:
2024-8275
The vulnerability has been patched, so you should update to version 6.6.4.1.

Happy Addons for Elementor

Plugin:
Happy Addons for Elementor
Plugin Slug:
happy-elementor-addons
Installations
400,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
3.12.1
Severity Score:
Medium
CVE:
2024-47357
The vulnerability has been patched, so you should update to version 3.12.1.

Happy Addons for Elementor

Plugin:
Happy Addons for Elementor
Plugin Slug:
happy-elementor-addons
Installations
400,000+
Vulnerability:
Sensitive Data Exposure
Patched in Version:
3.12.3
Severity Score:
Medium
CVE:
2024-8801
The vulnerability has been patched, so you should update to version 3.12.3.

Jeg Elementor Kit

Plugin:
Jeg Elementor Kit
Plugin Slug:
jeg-elementor-kit
Installations
200,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.6.9
Severity Score:
Medium
CVE:
2024-47390
The vulnerability has been patched, so you should update to version 2.6.9.

Photo Gallery by 10Web – Mobile-Friendly Image Gallery

Plugin:
Photo Gallery by 10Web – Mobile-Friendly Image Gallery
Plugin Slug:
photo-gallery
Installations
200,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.8.28
Severity Score:
Medium
CVE:
2024-44043
The vulnerability has been patched, so you should update to version 1.8.28.

TinyPNG – JPEG, PNG & WebP image compression

Plugin:
TinyPNG – JPEG, PNG & WebP image compression
Plugin Slug:
tiny-compress-images
Installations
200,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
3.4.4
Severity Score:
Medium
CVE:
2024-47635
The vulnerability has been patched, so you should update to version 3.4.4.

Use Any Font | Custom Font Uploader

Plugin:
Use Any Font | Custom Font Uploader
Plugin Slug:
use-any-font
Installations
200,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
6.3.09
Severity Score:
Medium
CVE:
2024-47305
The vulnerability has been patched, so you should update to version 6.3.09.

Elementor Addon Elements

Plugin:
Elementor Addon Elements
Plugin Slug:
addon-elements-for-elementor-page-builder
Installations
100,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.13.7
Severity Score:
Medium
CVE:
2024-47366
The vulnerability has been patched, so you should update to version 1.13.7.

Elementor Addon Elements

Plugin:
Elementor Addon Elements
Plugin Slug:
addon-elements-for-elementor-page-builder
Installations
100,000+
Vulnerability:
Broken Access Control
Patched in Version:
1.13.7
Severity Score:
Medium
CVE:
2024-47361
The vulnerability has been patched, so you should update to version 1.13.7.

Beaver Builder – WordPress Page Builder

Plugin:
Beaver Builder – WordPress Page Builder
Plugin Slug:
beaver-builder-lite-version
Installations
100,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.8.3.7
Severity Score:
Medium
CVE:
2024-9049
The vulnerability has been patched, so you should update to version 2.8.3.7.

Slider & Popup Builder by Depicter – Add Image Slider, Carousel Slider, Exit Intent Popup, Popup Modal, Coupon Popup, Post Slider Carousel

Plugin:
Slider & Popup Builder by Depicter – Add Image Slider, Carousel Slider, Exit Intent Popup, Popup Modal, Coupon Popup, Post Slider Carousel
Plugin Slug:
depicter
Installations
100,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
3.5.0
Severity Score:
Medium
CVE:
2024-47381
The vulnerability has been patched, so you should update to version 3.5.0.

Slider & Popup Builder by Depicter – Add Image Slider, Carousel Slider, Exit Intent Popup, Popup Modal, Coupon Popup, Post Slider Carousel

Plugin:
Slider & Popup Builder by Depicter – Add Image Slider, Carousel Slider, Exit Intent Popup, Popup Modal, Coupon Popup, Post Slider Carousel
Plugin Slug:
depicter
Installations
100,000+
Vulnerability:
Broken Access Control
Patched in Version:
3.5.0
Severity Score:
Medium
CVE:
2024-47359
The vulnerability has been patched, so you should update to version 3.5.0.

Advanced File Manager

Plugin:
Advanced File Manager
Plugin Slug:
file-manager-advanced
Installations
100,000+
Vulnerability:
Path Traversal
Patched in Version:
5.2.9
Severity Score:
High
CVE:
2024-8704
The vulnerability has been patched, so you should update to version 5.2.9.

Advanced File Manager

Plugin:
Advanced File Manager
Plugin Slug:
file-manager-advanced
Installations
100,000+
Vulnerability:
Arbitrary File Upload
Patched in Version:
5.2.9
Severity Score:
High
CVE:
2024-8126
The vulnerability has been patched, so you should update to version 5.2.9.

Advanced File Manager

Plugin:
Advanced File Manager
Plugin Slug:
file-manager-advanced
Installations
100,000+
Vulnerability:
Arbitrary File Upload
Patched in Version:
5.2.9
Severity Score:
Medium
CVE:
2024-8725
The vulnerability has been patched, so you should update to version 5.2.9.

GiveWP – Donation Plugin and Fundraising Platform

Plugin:
GiveWP – Donation Plugin and Fundraising Platform
Plugin Slug:
give
Installations
100,000+
Vulnerability:
PHP Object Injection
Patched in Version:
3.16.2
Severity Score:
Critical
CVE:
2024-8353
The vulnerability has been patched, so you should update to version 3.16.2.

GiveWP – Donation Plugin and Fundraising Platform

Plugin:
GiveWP – Donation Plugin and Fundraising Platform
Plugin Slug:
give
Installations
100,000+
Vulnerability:
SQL Injection
Patched in Version:
3.16.2
Severity Score:
High
CVE:
2024-9130
The vulnerability has been patched, so you should update to version 3.16.2.

GiveWP – Donation Plugin and Fundraising Platform

Plugin:
GiveWP – Donation Plugin and Fundraising Platform
Plugin Slug:
give
Installations
100,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
3.16.0
Severity Score:
Medium
CVE:
2024-47315
The vulnerability has been patched, so you should update to version 3.16.0.

Strong Testimonials

Plugin:
Strong Testimonials
Plugin Slug:
strong-testimonials
Installations
100,000+
Vulnerability:
Broken Access Control
Patched in Version:
3.1.17
Severity Score:
Medium
CVE:
2024-47362
The vulnerability has been patched, so you should update to version 3.1.17.

HUSKY – Products Filter Professional for WooCommerce

Plugin:
HUSKY – Products Filter Professional for WooCommerce
Plugin Slug:
woocommerce-products-filter
Installations
100,000+
Vulnerability:
Insecure Direct Object References (IDOR)
Patched in Version:
1.3.6.2
Severity Score:
Medium
CVE:
2024-7491
The vulnerability has been patched, so you should update to version 1.3.6.2.

Download Monitor

Plugin:
Download Monitor
Plugin Slug:
download-monitor
Installations
90,000+
Vulnerability:
Broken Access Control
Patched in Version:
5.0.10
Severity Score:
Medium
CVE:
2024-8552
The vulnerability has been patched, so you should update to version 5.0.10.

HT Mega – Absolute Addons For Elementor

Plugin:
HT Mega – Absolute Addons For Elementor
Plugin Slug:
ht-mega-for-elementor
Installations
90,000+
Vulnerability:
Sensitive Data Exposure
Patched in Version:
2.6.6
Severity Score:
Medium
CVE:
2024-8910
The vulnerability has been patched, so you should update to version 2.6.6.

Jupiter X Core

Plugin:
Jupiter X Core
Plugin Slug:
jupiterx-core
Installations
90,000+
Vulnerability:
Arbitrary File Upload
Patched in Version:
4.6.6
Severity Score:
Critical
CVE:
2024-7772
The vulnerability has been patched, so you should update to version 4.6.6.

Jupiter X Core

Plugin:
Jupiter X Core
Plugin Slug:
jupiterx-core
Installations
90,000+
Vulnerability:
Broken Authentication
Patched in Version:
4.7.8
Severity Score:
High
CVE:
2024-7781
The vulnerability has been patched, so you should update to version 4.7.8.

WP ULike – The Ultimate Engagement Toolkit for Websites

Plugin:
WP ULike – The Ultimate Engagement Toolkit for Websites
Plugin Slug:
wp-ulike
Installations
80,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
4.7.4
Severity Score:
Medium
CVE:
2024-7878
The vulnerability has been patched, so you should update to version 4.7.4.

WP Bulk Delete

Plugin:
WP Bulk Delete
Plugin Slug:
wp-bulk-delete
Installations
70,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.3.2
Severity Score:
High
CVE:
2024-47352
The vulnerability has been patched, so you should update to version 1.3.2.

Elementor Addons by Livemesh

Plugin:
Elementor Addons by Livemesh
Plugin Slug:
addons-for-elementor
Installations
60,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
8.5.1
Severity Score:
Medium
CVE:
2024-8858
The vulnerability has been patched, so you should update to version 8.5.1.

Elementor Addons by Livemesh

Plugin:
Elementor Addons by Livemesh
Plugin Slug:
addons-for-elementor
Installations
60,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
8.5.1
Severity Score:
Medium
CVE:
2024-47303
The vulnerability has been patched, so you should update to version 8.5.1.

Simple Calendar – Google Calendar Plugin

Plugin:
Simple Calendar – Google Calendar Plugin
Plugin Slug:
google-calendar-events
Installations
60,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
3.4.3
Severity Score:
High
CVE:
2024-8549
The vulnerability has been patched, so you should update to version 3.4.3.

Bold Page Builder

Plugin:
Bold Page Builder
Plugin Slug:
bold-page-builder
Installations
50,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
5.1.1
Severity Score:
Medium
CVE:
2024-47391
The vulnerability has been patched, so you should update to version 5.1.1.

Bold Page Builder

Plugin:
Bold Page Builder
Plugin Slug:
bold-page-builder
Installations
50,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
5.1.2
Severity Score:
Medium
CVE:
2024-47298
The vulnerability has been patched, so you should update to version 5.1.2.

Pixel Cat – Conversion Pixel Manager

Plugin:
Pixel Cat – Conversion Pixel Manager
Plugin Slug:
facebook-conversion-pixel
Installations
50,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
3.0.6
Severity Score:
High
CVE:
2024-8544
The vulnerability has been patched, so you should update to version 3.0.6.

Ultimate Blocks – WordPress Blocks Plugin

Plugin:
Ultimate Blocks – WordPress Blocks Plugin
Plugin Slug:
ultimate-blocks
Installations
50,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
3.2.2
Severity Score:
Medium
CVE:
2024-8536
The vulnerability has been patched, so you should update to version 3.2.2.

Visual CSS Style Editor

Plugin:
Visual CSS Style Editor
Plugin Slug:
yellow-pencil-visual-theme-customizer
Installations
50,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
7.6.5
Severity Score:
High
CVE:
2024-47348
The vulnerability has been patched, so you should update to version 7.6.5.

DethemeKit For Elementor

Plugin:
DethemeKit For Elementor
Plugin Slug:
dethemekit-for-elementor
Installations
40,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.1.8
Severity Score:
Medium
CVE:
2024-47632
The vulnerability has been patched, so you should update to version 2.1.8.

Koko Analytics

Plugin:
Koko Analytics
Plugin Slug:
koko-analytics
Installations
40,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.3.13
Severity Score:
High
CVE:
2024-8662
The vulnerability has been patched, so you should update to version 1.3.13.

Page-list

Plugin:
Page-list
Plugin Slug:
page-list
Installations
40,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
5.7
Severity Score:
Medium
CVE:
2024-47382
The vulnerability has been patched, so you should update to version 5.7.

Post Grid and Gutenberg Blocks

Plugin:
Post Grid and Gutenberg Blocks
Plugin Slug:
post-grid
Installations
40,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.2.90
Severity Score:
Medium
CVE:
2024-47340
The vulnerability has been patched, so you should update to version 2.2.90.

Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker

Plugin:
Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker
Plugin Slug:
quiz-master-next
Installations
40,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
9.1.3
Severity Score:
Medium
CVE:
2024-8758
The vulnerability has been patched, so you should update to version 9.1.3.

YITH WooCommerce Ajax Search

Plugin:
YITH WooCommerce Ajax Search
Plugin Slug:
yith-woocommerce-ajax-search
Installations
40,000+
Vulnerability:
SQL Injection
Patched in Version:
2.8.1
Severity Score:
Critical
CVE:
2024-47350
The vulnerability has been patched, so you should update to version 2.8.1.

Cost Calculator Builder

Plugin:
Cost Calculator Builder
Plugin Slug:
cost-calculator-builder
Installations
30,000+
Vulnerability:
SQL Injection
Patched in Version:
3.2.29
Severity Score:
High
CVE:
2024-8379
The vulnerability has been patched, so you should update to version 3.2.29.

Ads by WPQuads – Adsense Ads, Banner Ads, Popup Ads

Plugin:
Ads by WPQuads – Adsense Ads, Banner Ads, Popup Ads
Plugin Slug:
quick-adsense-reloaded
Installations
30,000+
Vulnerability:
Broken Access Control
Patched in Version:
2.0.85
Severity Score:
Medium
CVE:
2024-47317
The vulnerability has been patched, so you should update to version 2.0.85.

Starbox – the Author Box for Humans

Plugin:
Starbox – the Author Box for Humans
Plugin Slug:
starbox
Installations
30,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
3.5.3
Severity Score:
Medium
CVE:
2024-8239
The vulnerability has been patched, so you should update to version 3.5.3.

Themify – WooCommerce Product Filter

Plugin:
Themify – WooCommerce Product Filter
Plugin Slug:
themify-wc-product-filter
Installations
30,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.5.2
Severity Score:
Medium
CVE:
2024-44046
The vulnerability has been patched, so you should update to version 1.5.2.

Accordion

Plugin:
Accordion
Plugin Slug:
accordions
Installations
20,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.2.100
Severity Score:
Medium
CVE:
2024-47342
The vulnerability has been patched, so you should update to version 2.2.100.

MAS Static Content

Plugin:
MAS Static Content
Plugin Slug:
mas-static-content
Installations
20,000+
Vulnerability:
Sensitive Data Exposure
Patched in Version:
1.0.9
Severity Score:
Medium
CVE:
2024-8483
The vulnerability has been patched, so you should update to version 1.0.9.

PWA for WP & AMP

Plugin:
PWA for WP & AMP
Plugin Slug:
pwa-for-wp
Installations
20,000+
Vulnerability:
Broken Access Control
Patched in Version:
1.7.73
Severity Score:
Medium
CVE:
2024-47318
The vulnerability has been patched, so you should update to version 1.7.73.

Simple Membership After Login Redirection

Plugin:
Simple Membership After Login Redirection
Plugin Slug:
simple-membership-after-login-redirection
Installations
20,000+
Vulnerability:
Open Redirection
Patched in Version:
1.7
Severity Score:
Medium
CVE:
2024-47354
The vulnerability has been patched, so you should update to version 1.7.

Slider by 10Web – Responsive Image Slider

Plugin:
Slider by 10Web – Responsive Image Slider
Plugin Slug:
slider-wd
Installations
20,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.2.59
Severity Score:
Medium
CVE:
2024-8283
The vulnerability has been patched, so you should update to version 1.2.59.

Advanced Woo Labels – Product Labels for WooCommerce

Plugin:
Advanced Woo Labels – Product Labels for WooCommerce
Plugin Slug:
advanced-woo-labels
Installations
10,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.02
Severity Score:
Medium
CVE:
2024-47622
The vulnerability has been patched, so you should update to version 2.02.

ARI Fancy Lightbox – Popup for WordPress

Plugin:
ARI Fancy Lightbox – Popup for WordPress
Plugin Slug:
ari-fancy-lightbox
Installations
10,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.3.18
Severity Score:
Medium
CVE:
2024-47310
The vulnerability has been patched, so you should update to version 1.3.18.

BA Book Everything

Plugin:
BA Book Everything
Plugin Slug:
ba-book-everything
Installations
10,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.6.21
Severity Score:
High
CVE:
2024-47360
The vulnerability has been patched, so you should update to version 1.6.21.

BA Book Everything

Plugin:
BA Book Everything
Plugin Slug:
ba-book-everything
Installations
10,000+
Vulnerability:
Broken Access Control
Patched in Version:
1.6.21
Severity Score:
Medium
CVE:
2024-8794
The vulnerability has been patched, so you should update to version 1.6.21.

BA Book Everything

Plugin:
BA Book Everything
Plugin Slug:
ba-book-everything
Installations
10,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
1.6.21
Severity Score:
High
CVE:
2024-8795
The vulnerability has been patched, so you should update to version 1.6.21.

Blockspare: Gutenberg Blocks & Patterns for Blogs, Magazines, Business Sites – Post Grids, Sliders, Carousels, Counters, Page Builder & Starter Site Imports, No Coding Needed

Plugin:
Blockspare: Gutenberg Blocks & Patterns for Blogs, Magazines, Business Sites – Post Grids, Sliders, Carousels, Counters, Page Builder & Starter Site Imports, No Coding Needed
Plugin Slug:
blockspare
Installations
10,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
3.2.5
Severity Score:
Medium
CVE:
2024-47363
The vulnerability has been patched, so you should update to version 3.2.5.

Multi Step for Contact Form 7

Plugin:
Multi Step for Contact Form 7
Plugin Slug:
cf7-multi-step
Installations
10,000+
Vulnerability:
SQL Injection
Patched in Version:
2.7.8
Severity Score:
Critical
CVE:
2024-47331
The vulnerability has been patched, so you should update to version 2.7.8.

Classic Editor and Classic Widgets

Plugin:
Classic Editor and Classic Widgets
Plugin Slug:
classic-editor-and-classic-widgets
Installations
10,000+
Vulnerability:
SQL Injection
Patched in Version:
1.4.2
Severity Score:
High
CVE:
2024-47312
The vulnerability has been patched, so you should update to version 1.4.2.

Gallery Lightbox

Plugin:
Gallery Lightbox
Plugin Slug:
gallery-lightbox-slider
Installations
10,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.0.0.41
Severity Score:
Medium
CVE:
2024-47623
The vulnerability has been patched, so you should update to version 1.0.0.41.

Prisna GWT – Google Website Translator

Plugin:
Prisna GWT – Google Website Translator
Plugin Slug:
google-website-translator
Installations
10,000+
Vulnerability:
PHP Object Injection
Patched in Version:
1.4.12
Severity Score:
High
CVE:
2024-8514
The vulnerability has been patched, so you should update to version 1.4.12.

Gum Elementor Addon

Plugin:
Gum Elementor Addon
Plugin Slug:
gum-elementor-addon
Installations
10,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.3.7
Severity Score:
Medium
CVE:
2024-44027
The vulnerability has been patched, so you should update to version 1.3.7.

Gum Elementor Addon

Plugin:
Gum Elementor Addon
Plugin Slug:
gum-elementor-addon
Installations
10,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.3.8
Severity Score:
Medium
CVE:
2024-44035
The vulnerability has been patched, so you should update to version 1.3.8.

LA-Studio Element Kit for Elementor

Plugin:
LA-Studio Element Kit for Elementor
Plugin Slug:
lastudio-element-kit
Installations
10,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.3.9.7
Severity Score:
Medium
CVE:
2024-47628
The vulnerability has been patched, so you should update to version 1.3.9.7.

Mega Elements – Addons for Elementor

Plugin:
Mega Elements – Addons for Elementor
Plugin Slug:
mega-elements-addons-for-elementor
Installations
10,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.2.5
Severity Score:
Medium
CVE:
2024-47343
The vulnerability has been patched, so you should update to version 1.2.5.

myCred – Loyalty Points and Rewards plugin for WordPress and WooCommerce – Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification

Plugin:
myCred – Loyalty Points and Rewards plugin for WordPress and WooCommerce – Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification
Plugin Slug:
mycred
Installations
10,000+
Vulnerability:
Broken Access Control
Patched in Version:
2.7.4
Severity Score:
Medium
CVE:
2024-8658
The vulnerability has been patched, so you should update to version 2.7.4.

OSM – OpenStreetMap

Plugin:
OSM – OpenStreetMap
Plugin Slug:
osm
Installations
10,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
6.1.1
Severity Score:
Medium
CVE:
2024-8991
The vulnerability has been patched, so you should update to version 6.1.1.

RomethemeKit For Elementor

Plugin:
RomethemeKit For Elementor
Plugin Slug:
rometheme-for-elementor
Installations
10,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.5.1
Severity Score:
Medium
CVE:
2024-47626
The vulnerability has been patched, so you should update to version 1.5.1.

CartBounty – Save and recover abandoned carts for WooCommerce

Plugin:
CartBounty – Save and recover abandoned carts for WooCommerce
Plugin Slug:
woo-save-abandoned-carts
Installations
10,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
8.2.1
Severity Score:
Medium
CVE:
2024-47634
The vulnerability has been patched, so you should update to version 8.2.1.

WP Datepicker

Plugin:
WP Datepicker
Plugin Slug:
wp-datepicker
Installations
10,000+
Vulnerability:
Broken Access Control
Patched in Version:
2.1.2
Severity Score:
Medium
CVE:
2024-47321
The vulnerability has been patched, so you should update to version 2.1.2.

WP Datepicker

Plugin:
WP Datepicker
Plugin Slug:
wp-datepicker
Installations
10,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.1.2
Severity Score:
Medium
CVE:
2024-44042
The vulnerability has been patched, so you should update to version 2.1.2.

Mail logging – WP Mail Catcher

Plugin:
Mail logging – WP Mail Catcher
Plugin Slug:
wp-mail-catcher
Installations
10,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.1.10
Severity Score:
High
CVE:
2024-47339
The vulnerability has been patched, so you should update to version 2.1.10.

YITH WooCommerce Product Add-Ons

Plugin:
YITH WooCommerce Product Add-Ons
Plugin Slug:
yith-woocommerce-product-add-ons
Installations
10,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
4.13.1
Severity Score:
High
CVE:
2024-47367
The vulnerability has been patched, so you should update to version 4.13.1.

Form plugin for WordPress – Zoho Forms

Plugin:
Form plugin for WordPress – Zoho Forms
Plugin Slug:
zoho-forms
Installations
10,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
4.0.1
Severity Score:
Medium
CVE:
2024-47633
The vulnerability has been patched, so you should update to version 4.0.1.

Absolute Reviews

Plugin:
Absolute Reviews
Plugin Slug:
absolute-reviews
Installations
9,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.1.4
Severity Score:
Medium
CVE:
2024-8965
The vulnerability has been patched, so you should update to version 1.1.4.

MaxSlider

Plugin:
MaxSlider
Plugin Slug:
maxslider
Installations
9,000+
Vulnerability:
Local File Inclusion
Patched in Version:
1.2.4
Severity Score:
High
CVE:
2024-47351
The vulnerability has been patched, so you should update to version 1.2.4.

Affiliate Program Suite — SliceWP Affiliates

Plugin:
Affiliate Program Suite — SliceWP Affiliates
Plugin Slug:
slicewp
Installations
9,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.1.19
Severity Score:
High
CVE:
2024-47388
The vulnerability has been patched, so you should update to version 1.1.19.

Primary Addon for Elementor

Plugin:
Primary Addon for Elementor
Plugin Slug:
primary-addon-for-elementor
Installations
8,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.5.8
Severity Score:
Medium
CVE:
2024-44033
The vulnerability has been patched, so you should update to version 1.5.8.

Slideshow Gallery LITE

Plugin:
Slideshow Gallery LITE
Plugin Slug:
slideshow-gallery
Installations
8,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.8.4
Severity Score:
Medium
CVE:
2024-47376
The vulnerability has been patched, so you should update to version 1.8.4.

ProfileGrid – User Profiles, Groups and Communities

Plugin:
ProfileGrid – User Profiles, Groups and Communities
Plugin Slug:
profilegrid-user-profiles-groups-and-communities
Installations
7,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
5.9.3.3
Severity Score:
Medium
CVE:
2024-8861
The vulnerability has been patched, so you should update to version 5.9.3.3.

WP Compress – Instant Performance & Speed Optimization

Plugin:
WP Compress – Instant Performance & Speed Optimization
Plugin Slug:
wp-compress-image-optimizer
Installations
7,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
6.21.01
Severity Score:
High
CVE:
2024-47384
The vulnerability has been patched, so you should update to version 6.21.01.

Author Avatars List/Block

Plugin:
Author Avatars List/Block
Plugin Slug:
author-avatars
Installations
6,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.1.22
Severity Score:
Medium
CVE:
2024-47370
The vulnerability has been patched, so you should update to version 2.1.22.

Cozy Blocks – Page Builder for Gutenberg & Site Editor, Post Blocks, WooCommerce Blocks, Magazine Blocks, WordPress Gutenberg Blocks, Patterns and Templates Library

Plugin:
Cozy Blocks – Page Builder for Gutenberg & Site Editor, Post Blocks, WooCommerce Blocks, Magazine Blocks, WordPress Gutenberg Blocks, Patterns and Templates Library
Plugin Slug:
cozy-addons
Installations
6,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.0.12
Severity Score:
Medium
CVE:
2024-47355
The vulnerability has been patched, so you should update to version 2.0.12.

Meta Slider and Carousel with Lightbox

Plugin:
Meta Slider and Carousel with Lightbox
Plugin Slug:
meta-slider-and-carousel-with-lightbox
Installations
6,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.0.2
Severity Score:
Medium
CVE:
2024-47307
The vulnerability has been patched, so you should update to version 2.0.2.

Seriously Simple Stats

Plugin:
Seriously Simple Stats
Plugin Slug:
seriously-simple-stats
Installations
6,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.7.0
Severity Score:
High
CVE:
2024-8738
The vulnerability has been patched, so you should update to version 1.7.0.

ElementsReady Addons for Elementor

Plugin:
ElementsReady Addons for Elementor
Plugin Slug:
element-ready-lite
Installations
5,000+
Vulnerability:
Open Redirection
Patched in Version:
6.4.3
Severity Score:
Medium
CVE:
2024-47353
The vulnerability has been patched, so you should update to version 6.4.3.

ElementsReady Addons for Elementor

Plugin:
ElementsReady Addons for Elementor
Plugin Slug:
element-ready-lite
Installations
5,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
6.4.1
Severity Score:
Medium
CVE:
2024-47329
The vulnerability has been patched, so you should update to version 6.4.1.

ElementInvader Addons for Elementor

Plugin:
ElementInvader Addons for Elementor
Plugin Slug:
elementinvader-addons-for-elementor
Installations
5,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.2.8
Severity Score:
Medium
CVE:
2024-47630
The vulnerability has been patched, so you should update to version 1.2.8.

Garden Gnome Package

Plugin:
Garden Gnome Package
Plugin Slug:
garden-gnome-package
Installations
5,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.3.0
Severity Score:
Medium
CVE:
2024-8657
The vulnerability has been patched, so you should update to version 2.3.0.

Geo Mashup

Plugin:
Geo Mashup
Plugin Slug:
geo-mashup
Installations
5,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.13.14
Severity Score:
Medium
CVE:
2024-8990
The vulnerability has been patched, so you should update to version 1.13.14.

GEO my WP

Plugin:
GEO my WP
Plugin Slug:
geo-my-wp
Installations
5,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
4.5.0.4
Severity Score:
High
CVE:
2024-47327
The vulnerability has been patched, so you should update to version 4.5.0.4.

Revolut Gateway for WooCommerce

Plugin:
Revolut Gateway for WooCommerce
Plugin Slug:
revolut-gateway-for-woocommerce
Installations
5,000+
Vulnerability:
Broken Access Control
Patched in Version:
4.17.4
Severity Score:
Medium
CVE:
2024-8678
The vulnerability has been patched, so you should update to version 4.17.4.

Salon Booking System

Plugin:
Salon Booking System
Plugin Slug:
salon-booking-system
Installations
5,000+
Vulnerability:
Insecure Direct Object References (IDOR)
Patched in Version:
10.9.1
Severity Score:
Medium
CVE:
2024-47316
The vulnerability has been patched, so you should update to version 10.9.1.

Easy Mega Menu Plugin for WordPress – ThemeHunk

Plugin:
Easy Mega Menu Plugin for WordPress – ThemeHunk
Plugin Slug:
themehunk-megamenu-plus
Installations
5,000+
Vulnerability:
Broken Access Control
Patched in Version:
1.1.0
Severity Score:
Medium
CVE:
2024-8434
The vulnerability has been patched, so you should update to version 1.1.0.

WPMobile.App — Android and iOS Mobile Application

Plugin:
WPMobile.App — Android and iOS Mobile Application
Plugin Slug:
wpappninja
Installations
5,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
11.51
Severity Score:
High
CVE:
2024-47349
The vulnerability has been patched, so you should update to version 11.51.

Cities Shipping Zones for WooCommerce

Plugin:
Cities Shipping Zones for WooCommerce
Plugin Slug:
cities-shipping-zones-for-woocommerce
Installations
4,000+
Vulnerability:
Local File Inclusion
Patched in Version:
1.2.8
Severity Score:
Medium
CVE:
2024-47309
The vulnerability has been patched, so you should update to version 1.2.8.

CubeWP Forms – All-in-One Form Builder

Plugin:
CubeWP Forms – All-in-One Form Builder
Plugin Slug:
cubewp-forms
Installations
4,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.1.2
Severity Score:
High
CVE:
2024-47300
The vulnerability has been patched, so you should update to version 1.1.2.

EU/UK VAT Manager for WooCommerce

Plugin:
EU/UK VAT Manager for WooCommerce
Plugin Slug:
eu-vat-for-woocommerce
Installations
4,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.12.14
Severity Score:
High
CVE:
2024-8788
The vulnerability has been patched, so you should update to version 2.12.14.

EU/UK VAT Manager for WooCommerce

Plugin:
EU/UK VAT Manager for WooCommerce
Plugin Slug:
eu-vat-for-woocommerce
Installations
4,000+
Vulnerability:
Broken Access Control
Patched in Version:
2.12.14
Severity Score:
Medium
CVE:
2024-9189
The vulnerability has been patched, so you should update to version 2.12.14.

GTM Server Side

Plugin:
GTM Server Side
Plugin Slug:
gtm-server-side
Installations
4,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.1.20
Severity Score:
High
CVE:
2024-8712
The vulnerability has been patched, so you should update to version 2.1.20.

Quill Forms | The Best Typeform Alternative | Create Conversational Multi Step Form, Survey, Quiz, Cost Estimation or Donation Form on WordPress

Plugin:
Quill Forms | The Best Typeform Alternative | Create Conversational Multi Step Form, Survey, Quiz, Cost Estimation or Donation Form on WordPress
Plugin Slug:
quillforms
Installations
4,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
3.8.0
Severity Score:
Medium
CVE:
2024-47393
The vulnerability has been patched, so you should update to version 3.8.0.

Sight – Professional Image Gallery and Portfolio

Plugin:
Sight – Professional Image Gallery and Portfolio
Plugin Slug:
sight
Installations
4,000+
Vulnerability:
Broken Access Control
Patched in Version:
1.1.3
Severity Score:
Medium
CVE:
2024-9025
The vulnerability has been patched, so you should update to version 1.1.3.

WP-DownloadManager

Plugin:
WP-DownloadManager
Plugin Slug:
wp-downloadmanager
Installations
4,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.68.9
Severity Score:
High
CVE:
2024-47341
The vulnerability has been patched, so you should update to version 1.68.9.

AVIF Uploader

Plugin:
AVIF Uploader
Plugin Slug:
avif-support
Installations
3,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.1.1
Severity Score:
Medium
CVE:
2024-9060
The vulnerability has been patched, so you should update to version 1.1.1.

Move Addons for Elementor

Plugin:
Move Addons for Elementor
Plugin Slug:
move-addons
Installations
3,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.3.5
Severity Score:
Medium
CVE:
2024-47364
The vulnerability has been patched, so you should update to version 1.3.5.

Move Addons for Elementor

Plugin:
Move Addons for Elementor
Plugin Slug:
move-addons
Installations
3,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.3.4
Severity Score:
Medium
CVE:
2024-47396
The vulnerability has been patched, so you should update to version 1.3.4.

Multiple Page Generator Plugin – MPG

Plugin:
Multiple Page Generator Plugin – MPG
Plugin Slug:
multiple-pages-generator-by-porthas
Installations
3,000+
Vulnerability:
SQL Injection
Patched in Version:
3.4.8
Severity Score:
High
CVE:
2024-47325
The vulnerability has been patched, so you should update to version 3.4.8.

Newsletters

Plugin:
Newsletters
Plugin Slug:
newsletters-lite
Installations
3,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
4.9.9.2
Severity Score:
High
CVE:
2024-47346
The vulnerability has been patched, so you should update to version 4.9.9.2.

Store Hours for WooCommerce

Plugin:
Store Hours for WooCommerce
Plugin Slug:
order-hours-scheduler-for-woocommerce
Installations
3,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
4.3.22
Severity Score:
High
CVE:
2024-8872
The vulnerability has been patched, so you should update to version 4.3.22.

Robokassa payment gateway for Woocommerce

Plugin:
Robokassa payment gateway for Woocommerce
Plugin Slug:
robokassa
Installations
3,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.6.2
Severity Score:
High
CVE:
2024-47395
The vulnerability has been patched, so you should update to version 1.6.2.

WP-Lister Lite for eBay

Plugin:
WP-Lister Lite for eBay
Plugin Slug:
wp-lister-for-ebay
Installations
3,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
3.6.5
Severity Score:
High
CVE:
2024-47380
The vulnerability has been patched, so you should update to version 3.6.5.

Zoho Flow for WordPress

Plugin:
Zoho Flow for WordPress
Plugin Slug:
zoho-flow
Installations
3,000+
Vulnerability:
SQL Injection
Patched in Version:
2.8.1
Severity Score:
High
CVE:
2024-47334
The vulnerability has been patched, so you should update to version 2.8.1.

Automatically Hierarchic Categories in Menu

Plugin:
Automatically Hierarchic Categories in Menu
Plugin Slug:
automatically-hierarchic-categories-in-menu
Installations
2,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.0.6
Severity Score:
Medium
CVE:
2024-47365
The vulnerability has been patched, so you should update to version 2.0.6.

Beam me up Scotty – Back to Top Button

Plugin:
Beam me up Scotty – Back to Top Button
Plugin Slug:
beam-me-up-scotty
Installations
2,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.0.22
Severity Score:
High
CVE:
2024-8741
The vulnerability has been patched, so you should update to version 1.0.22.

BSK Forms Blacklist

Plugin:
BSK Forms Blacklist
Plugin Slug:
bsk-gravityforms-blacklist
Installations
2,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
3.9
Severity Score:
High
CVE:
2024-47624
The vulnerability has been patched, so you should update to version 3.9.

Bulk NoIndex & NoFollow Toolkit

Plugin:
Bulk NoIndex & NoFollow Toolkit
Plugin Slug:
bulk-noindex-nofollow-toolkit-by-mad-fish
Installations
2,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.16
Severity Score:
High
CVE:
2024-8803
The vulnerability has been patched, so you should update to version 2.16.

Chartify – WordPress Chart Plugin

Plugin:
Chartify – WordPress Chart Plugin
Plugin Slug:
chart-builder
Installations
2,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.7.7
Severity Score:
High
CVE:
2024-47347
The vulnerability has been patched, so you should update to version 2.7.7.

Premium Blocks – Gutenberg Blocks for WordPress

Plugin:
Premium Blocks – Gutenberg Blocks for WordPress
Plugin Slug:
premium-blocks-for-gutenberg
Installations
2,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.1.34
Severity Score:
Medium
CVE:
2024-47368
The vulnerability has been patched, so you should update to version 2.1.34.

Restaurant & Cafe Addon for Elementor

Plugin:
Restaurant & Cafe Addon for Elementor
Plugin Slug:
restaurant-cafe-addon-for-elementor
Installations
2,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.5.6
Severity Score:
Medium
CVE:
2024-44032
The vulnerability has been patched, so you should update to version 1.5.6.

Share This Image

Plugin:
Share This Image
Plugin Slug:
share-this-image
Installations
2,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.02
Severity Score:
High
CVE:
2024-47326
The vulnerability has been patched, so you should update to version 2.02.

Simple LDAP Login

Plugin:
Simple LDAP Login
Plugin Slug:
simple-ldap-login
Installations
2,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.6.1
Severity Score:
High
CVE:
2024-8715
The vulnerability has been patched, so you should update to version 1.6.1.

Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blogs)

Plugin:
Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blogs)
Plugin Slug:
sky-elementor-addons
Installations
2,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.5.12
Severity Score:
Medium
CVE:
2024-47332
The vulnerability has been patched, so you should update to version 2.5.12.

Loops & Logic

Plugin:
Loops & Logic
Plugin Slug:
tangible-loops-and-logic
Installations
2,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
4.1.5
Severity Score:
High
CVE:
2024-47333
The vulnerability has been patched, so you should update to version 4.1.5.

Directory Listings WordPress plugin – uListing

Plugin:
Directory Listings WordPress plugin – uListing
Plugin Slug:
ulisting
Installations
2,000+
Vulnerability:
Sensitive Data Exposure
Patched in Version:
2.1.6
Severity Score:
Medium
CVE:
2024-47344
The vulnerability has been patched, so you should update to version 2.1.6.

WordPress Simple HTML Sitemap

Plugin:
WordPress Simple HTML Sitemap
Plugin Slug:
wp-simple-html-sitemap
Installations
2,000+
Vulnerability:
SQL Injection
Patched in Version:
3.2
Severity Score:
High
CVE:
2024-7385
The vulnerability has been patched, so you should update to version 3.2.

WPCOM Member

Plugin:
WPCOM Member
Plugin Slug:
wpcom-member
Installations
2,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.5.4.1
Severity Score:
High
CVE:
2024-47378
The vulnerability has been patched, so you should update to version 1.5.4.1.

Zotpress

Plugin:
Zotpress
Plugin Slug:
zotpress
Installations
2,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
7.3.11
Severity Score:
Medium
CVE:
2024-47621
The vulnerability has been patched, so you should update to version 7.3.11.

Polls CP

Plugin:
Polls CP
Plugin Slug:
cp-polls
Installations
1,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.0.75
Severity Score:
High
CVE:
2024-47297
The vulnerability has been patched, so you should update to version 1.0.75.

Daily Prayer Time

Plugin:
Daily Prayer Time
Plugin Slug:
daily-prayer-time-for-mosques
Installations
1,000+
Vulnerability:
SQL Injection
Patched in Version:
2024.09.14
Severity Score:
High
CVE:
2024-8621
The vulnerability has been patched, so you should update to version 2024.09.14.

Easy PayPal Events

Plugin:
Easy PayPal Events
Plugin Slug:
easy-paypal-events-tickets
Installations
1,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
1.2.2
Severity Score:
Medium
CVE:
2024-8476
The vulnerability has been patched, so you should update to version 1.2.2.

Product Enquiry for WooCommerce, WooCommerce product catalog

Plugin:
Product Enquiry for WooCommerce, WooCommerce product catalog
Plugin Slug:
enquiry-quotation-for-woocommerce
Installations
1,000+
Vulnerability:
PHP Object Injection
Patched in Version:
2.2.33.34
Severity Score:
High
CVE:
2024-8922
The vulnerability has been patched, so you should update to version 2.2.33.34.

Enter Addons – Ultimate Template Builder for Elementor

Plugin:
Enter Addons – Ultimate Template Builder for Elementor
Plugin Slug:
enteraddons
Installations
1,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.1.9
Severity Score:
Medium
CVE:
2024-47625
The vulnerability has been patched, so you should update to version 2.1.9.

AnWP Football Leagues

Plugin:
AnWP Football Leagues
Plugin Slug:
football-leagues-by-anwppro
Installations
1,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
0.16.8
Severity Score:
Medium
CVE:
2024-8917
The vulnerability has been patched, so you should update to version 0.16.8.

IdeaPush

Plugin:
IdeaPush
Plugin Slug:
ideapush
Installations
1,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
8.69
Severity Score:
Medium
CVE:
2024-44041
The vulnerability has been patched, so you should update to version 8.69.

JoomSport – for Sports: Team & League, Football, Hockey & more

Plugin:
JoomSport – for Sports: Team & League, Football, Hockey & more
Plugin Slug:
joomsport-sports-league-results-management
Installations
1,000+
Vulnerability:
Broken Access Control
Patched in Version:
5.6.4
Severity Score:
Medium
CVE:
2024-44031
The vulnerability has been patched, so you should update to version 5.6.4.

NiceJob

Plugin:
NiceJob
Plugin Slug:
nicejob
Installations
1,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
3.6.5
Severity Score:
High
CVE:
2024-44028
The vulnerability has been patched, so you should update to version 3.6.5.

NiceJob

Plugin:
NiceJob
Plugin Slug:
nicejob
Installations
1,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
3.6.5
Severity Score:
Medium
CVE:
2024-44025
The vulnerability has been patched, so you should update to version 3.6.5.

TNC PDF viewer

Plugin:
TNC PDF viewer
Plugin Slug:
pdf-viewer-by-themencode
Installations
1,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
3.2.0
Severity Score:
Medium
CVE:
2024-47372
The vulnerability has been patched, so you should update to version 3.2.0.

Logo Carousel – Clients logo carousel for WP

Plugin:
Logo Carousel – Clients logo carousel for WP
Plugin Slug:
responsive-client-logo-carousel-slider
Installations
1,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.3.0
Severity Score:
Medium
CVE:
2024-47631
The vulnerability has been patched, so you should update to version 1.3.0.

ShiftController Employee Shift Scheduling

Plugin:
ShiftController Employee Shift Scheduling
Plugin Slug:
shiftcontroller
Installations
1,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
4.9.65
Severity Score:
Medium
CVE:
2024-44040
The vulnerability has been patched, so you should update to version 4.9.65.

Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider

Plugin:
Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider
Plugin Slug:
ultimate-store-kit
Installations
1,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.0.6
Severity Score:
Medium
CVE:
2024-47629
The vulnerability has been patched, so you should update to version 2.0.6.

MDTF – Meta Data and Taxonomies Filter

Plugin:
MDTF – Meta Data and Taxonomies Filter
Plugin Slug:
wp-meta-data-filter-and-taxonomy-filter
Installations
1,000+
Vulnerability:
SQL Injection
Patched in Version:
1.3.3.4
Severity Score:
High
CVE:
2024-8624
The vulnerability has been patched, so you should update to version 1.3.3.4.

MDTF – Meta Data and Taxonomies Filter

Plugin:
MDTF – Meta Data and Taxonomies Filter
Plugin Slug:
wp-meta-data-filter-and-taxonomy-filter
Installations
1,000+
Vulnerability:
Broken Access Control
Patched in Version:
1.3.3.4
Severity Score:
Medium
CVE:
2024-8623
The vulnerability has been patched, so you should update to version 1.3.3.4.

WP MyLinks

Plugin:
WP MyLinks
Plugin Slug:
wp-mylinks
Installations
1,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.0.7
Severity Score:
Medium
CVE:
2024-47371
The vulnerability has been patched, so you should update to version 1.0.7.

WP Travel Gutenberg Blocks

Plugin:
WP Travel Gutenberg Blocks
Plugin Slug:
wp-travel-blocks
Installations
1,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
3.7.0
Severity Score:
Medium
CVE:
2024-47627
The vulnerability has been patched, so you should update to version 3.7.0.

The Ultimate WordPress Toolkit – WP Extended

Plugin:
The Ultimate WordPress Toolkit – WP Extended
Plugin Slug:
wpextended
Installations
1,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
3.0.9
Severity Score:
High
CVE:
2024-47386
The vulnerability has been patched, so you should update to version 3.0.9.

XT Ajax Add To Cart for WooCommerce

Plugin:
XT Ajax Add To Cart for WooCommerce
Plugin Slug:
xt-woo-ajax-add-to-cart
Installations
1,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.1.3
Severity Score:
High
CVE:
2024-8716
The vulnerability has been patched, so you should update to version 1.1.3.

Themedy Toolbox

Plugin:
Themedy Toolbox
Plugin Slug:
themedy-toolbox
Installations
900+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.0.16
Severity Score:
Medium
CVE:
2024-9177
The vulnerability has been patched, so you should update to version 1.0.16.

VR Calendar

Plugin:
VR Calendar
Plugin Slug:
vr-calendar-sync
Installations
800+
Vulnerability:
Local File Inclusion
Patched in Version:
2.4.5
Severity Score:
High
CVE:
2024-44013
The vulnerability has been patched, so you should update to version 2.4.5.

Checkout Mestres do WP for WooCommerce

Plugin:
Checkout Mestres do WP for WooCommerce
Plugin Slug:
checkout-mestres-wp
Installations
700+
Vulnerability:
Local File Inclusion
Patched in Version:
8.6.1
Severity Score:
High
CVE:
2024-44030
The vulnerability has been patched, so you should update to version 8.6.1.

QS Dark Mode Plugin

Plugin:
QS Dark Mode Plugin
Plugin Slug:
qs-dark-mode
Installations
700+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
3.0
Severity Score:
Medium
CVE:
2024-9118
The vulnerability has been patched, so you should update to version 3.0.

Web Directory Free

Plugin:
Web Directory Free
Plugin Slug:
web-directory-free
Installations
600+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.7.4
Severity Score:
High
CVE:
2024-47379
The vulnerability has been patched, so you should update to version 1.7.4.

WP Abstracts

Plugin:
WP Abstracts
Plugin Slug:
wp-abstracts-manuscripts-manager
Installations
400+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.7.0
Severity Score:
Medium
CVE:
2024-44045
The vulnerability has been patched, so you should update to version 2.7.0.

AI ChatBot with ChatGPT and Content Generator by AYS

Plugin:
AI ChatBot with ChatGPT and Content Generator by AYS
Plugin Slug:
ays-chatgpt-assistant
Installations
300+
Vulnerability:
Broken Access Control
Patched in Version:
2.1.0
Severity Score:
Medium
CVE:
2024-7714
The vulnerability has been patched, so you should update to version 2.1.0.

AI ChatBot with ChatGPT and Content Generator by AYS

Plugin:
AI ChatBot with ChatGPT and Content Generator by AYS
Plugin Slug:
ays-chatgpt-assistant
Installations
300+
Vulnerability:
Sensitive Data Exposure
Patched in Version:
2.1.0
Severity Score:
Medium
CVE:
2024-7713
The vulnerability has been patched, so you should update to version 2.1.0.

CSS JS Files

Plugin:
CSS JS Files
Plugin Slug:
css-js-files
Installations
200+
Vulnerability:
Directory Traversal
Patched in Version:
1.5.1
Severity Score:
Medium
CVE:
2024-9146
The vulnerability has been patched, so you should update to version 1.5.1.

Top Bar – PopUps – by WPOptin

Plugin:
Top Bar – PopUps – by WPOptin
Plugin Slug:
wpoptin
Installations
90+
Vulnerability:
Local File Inclusion
Patched in Version:
2.0.2
Severity Score:
High
CVE:
2024-47645
The vulnerability has been patched, so you should update to version 2.0.2.

Chatbot with ChatGPT WordPress

Plugin:
Chatbot with ChatGPT WordPress
Plugin Slug:
smartsearchwp
Installations
50+
Vulnerability:
Sensitive Data Exposure
Patched in Version:
2.4.6
Severity Score:
Medium
CVE:
2024-6845
The vulnerability has been patched, so you should update to version 2.4.6.

Slider Revolution

Plugin:
Slider Revolution
Plugin Slug:
revslider
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
6.7.19
Severity Score:
Medium
CVE:
2024-8107
The vulnerability has been patched, so you should update to version 6.7.19.

Secure Copy Content Protection and Content Locking

Plugin:
Secure Copy Content Protection and Content Locking
Plugin Slug:
secure-copy-content-protection-subscribe-to-view
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
4.2.4
Severity Score:
High
CVE:
2024-47306
The vulnerability has been patched, so you should update to version 4.2.4.

Social Auto Poster

Plugin:
Social Auto Poster
Plugin Slug:
social-auto-poster
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
5.3.16
Severity Score:
High
CVE:
2024-47369
The vulnerability has been patched, so you should update to version 5.3.16.

Uncanny Groups for LearnDash

Plugin:
Uncanny Groups for LearnDash
Plugin Slug:
uncanny-learndash-groups
Vulnerability:
Privilege Escalation
Patched in Version:
6.1.1
Severity Score:
High
CVE:
2024-8349
The vulnerability has been patched, so you should update to version 6.1.1.

Uncanny Groups for LearnDash

Plugin:
Uncanny Groups for LearnDash
Plugin Slug:
uncanny-learndash-groups
Vulnerability:
Broken Access Control
Patched in Version:
6.1.1
Severity Score:
Low
CVE:
2024-8350
The vulnerability has been patched, so you should update to version 6.1.1.

WooEvents

Plugin:
WooEvents
Plugin Slug:
woo-events
Vulnerability:
Arbitrary File Deletion
Patched in Version:
4.1.3
Severity Score:
Critical
CVE:
2024-8671
The vulnerability has been patched, so you should update to version 4.1.3.

JobSearch

Plugin:
JobSearch
Plugin Slug:
wp-jobsearch
Vulnerability:
PHP Object Injection
Patched in Version:
2.6.1
Severity Score:
Critical
CVE:
2024-47636
The vulnerability has been patched, so you should update to version 2.6.1.

JobSearch

Plugin:
JobSearch
Plugin Slug:
wp-jobsearch
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.6.1
Severity Score:
High
CVE:
2024-47394
The vulnerability has been patched, so you should update to version 2.6.1.

WP MultiTasking

Plugin:
WP MultiTasking
Plugin Slug:
wp-multitasking
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
0.1.18
Severity Score:
Medium
CVE:
2024-8189
The vulnerability has been patched, so you should update to version 0.1.18.

WP Timeline – Vertical and Horizontal timeline plugin

Plugin:
WP Timeline – Vertical and Horizontal timeline plugin
Plugin Slug:
wp-timelines
Vulnerability:
Local File Inclusion
Patched in Version:
3.6.8
Severity Score:
High
CVE:
2024-47324
The vulnerability has been patched, so you should update to version 3.6.8.

WP Timeline – Vertical and Horizontal timeline plugin

Plugin:
WP Timeline – Vertical and Horizontal timeline plugin
Plugin Slug:
wp-timelines
Vulnerability:
Local File Inclusion
Patched in Version:
3.6.8
Severity Score:
High
CVE:
2024-47323
The vulnerability has been patched, so you should update to version 3.6.8.

WP Timeline – Vertical and Horizontal timeline plugin

Plugin:
WP Timeline – Vertical and Horizontal timeline plugin
Plugin Slug:
wp-timelines
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
3.6.8
Severity Score:
High
CVE:
2024-47322
The vulnerability has been patched, so you should update to version 3.6.8.

WordPress Themes — 3 Patched / 3 Unpatched

UltraPress

Theme:
UltraPress
Theme Slug:
ultrapress
Downloads
15,920
Vulnerability:
PHP Object Injection
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-7434
The vulnerability has not been patched. You should switch themes.

Unseen Blog

Theme:
Unseen Blog
Theme Slug:
unseen-blog
Downloads
2,335
Vulnerability:
PHP Object Injection
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-7432
The vulnerability has not been patched. You should switch themes.

viala

Theme:
viala
Theme Slug:
viala
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-44029
The vulnerability has not been patched. You should switch themes.

Catch Base

Theme:
Catch Base
Theme Slug:
catch-base
Downloads
203,923
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
3.4.7
Severity Score:
Medium
CVE:
2024-47313
The vulnerability has been patched, so you should update to version 3.4.7.

Create

Theme:
Create
Theme Slug:
create
Downloads
64,003
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.9.2
Severity Score:
Medium
CVE:
2024-47356
The vulnerability has been patched, so you should update to version 2.9.2.

Full Frame

Theme:
Full Frame
Theme Slug:
full-frame
Downloads
199,800
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.7.3
Severity Score:
Medium
CVE:
2024-44010
The vulnerability has been patched, so you should update to version 2.7.3.

Solid Security is part of Solid Suite — The best foundation for WordPress websites.

Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!

Get Solid Security

Author:

Sarah

Sarah has been with StellarWP since 2024. As our marketing generalist, she spends her day writing content and completing projects for SolidWP, LearnDash, and The Events Calendar. In her free time, Sarah can be found playing pickleball, enjoying coffee at a local coffee shop, and spending time with her husband.

Browse all of Sarah's articles

Author:

Sarah

Sarah has been with StellarWP since 2024. As our marketing generalist, she spends her day writing content and completing projects for SolidWP, LearnDash, and The Events Calendar. In her free time, Sarah can be found playing pickleball, enjoying coffee at a local coffee shop, and spending time with her husband.

Browse all of Sarah's articles