WordPress Vulnerability Report

WordPress Vulnerability Report — October 23, 2024

Since last week, 312 new vulnerabilities emerged in the WordPress ecosystem including 306 plugins and 6 themes. 181 of the vulnerable plugins and themes remain unpatched, but Solid Security Pro users are protected by virtual patching from Patchstack.

Sarah

Published:Oct 23, 2024

Filed Under:WordPress Vulnerability Report

Reading Time:54 min.

In this report, 312 vulnerabilities have been publicly disclosed. Security patches for 131 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 181 plugin and theme vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

Along with poor user account security, vulnerable plugins and themes are among the top reasons why WordPress websites get hacked. Unfortunately, cyberattacks are increasing in volume and sophistication. They’re also increasingly aimed at small to mid-sized businesses.

Our WordPress Vulnerability Report covers the latest emerging WordPress plugin, theme, and core vulnerabilities. Each vulnerability will have a severity rating of LowMediumHigh, or Critical. Responsible disclosure of vulnerabilities is essential to keeping the WordPress community safe. Please share this report to help spread the word and make WordPress — and the web — more secure.

WordPress Core

WordPress 6.7 Beta 3 is available and ready for testing! This beta version of the WordPress software is under development. Please do not install, run, or test this version of WordPress on production or mission-critical websites. Instead, it is recommended you evaluate Beta 3 on a test server and site.

No new core vulnerabilities were disclosed this week.

WordPress Plugins — 130 Patched / 176 Unpatched

Email Template Customizer for WooCommerce

Plugin:
Email Template Customizer for WooCommerce
Plugin Slug:
email-template-customizer-for-woo
Installations
30,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-49288
The vulnerability has not been patched. You should deactivate the plugin.

Custom Icons for Elementor

Plugin:
Custom Icons for Elementor
Plugin Slug:
custom-icons-for-elementor
Installations
20,000+
Vulnerability:
Arbitrary File Upload
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-49676
The vulnerability has not been patched. You should deactivate the plugin.

G Meta Keywords

Plugin:
G Meta Keywords
Plugin Slug:
g-meta-keywords
Installations
10,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-49301
The vulnerability has not been patched. You should deactivate the plugin.

Surfer – WordPress Plugin

Plugin:
Surfer – WordPress Plugin
Plugin Slug:
surferseo
Installations
7,000+
Vulnerability:
SQL Injection
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-49299
The vulnerability has not been patched. You should deactivate the plugin.

Edwiser Bridge – WordPress Moodle LMS Integration

Plugin:
Edwiser Bridge – WordPress Moodle LMS Integration
Plugin Slug:
edwiser-bridge
Installations
5,000+
Vulnerability:
Server Side Request Forgery (SSRF)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-49312
The vulnerability has not been patched. You should deactivate the plugin.

Edwiser Bridge – WordPress Moodle LMS Integration

Plugin:
Edwiser Bridge – WordPress Moodle LMS Integration
Plugin Slug:
edwiser-bridge
Installations
5,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-49311
The vulnerability has not been patched. You should deactivate the plugin.

Lightbox slider – Responsive Lightbox Gallery

Plugin:
Lightbox slider – Responsive Lightbox Gallery
Plugin Slug:
simple-lightbox-gallery
Installations
5,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-49280
The vulnerability has not been patched. You should deactivate the plugin.

WordPress Portfolio Builder – Portfolio Gallery

Plugin:
WordPress Portfolio Builder – Portfolio Gallery
Plugin Slug:
uber-grid
Installations
5,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-49302
The vulnerability has not been patched. You should deactivate the plugin.

Pinpoint Booking System – #1 WordPress Booking Plugin

Plugin:
Pinpoint Booking System – #1 WordPress Booking Plugin
Plugin Slug:
booking-system
Installations
4,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-49304
The vulnerability has not been patched. You should deactivate the plugin.

Custom Add to Cart Button Label and Link

Plugin:
Custom Add to Cart Button Label and Link
Plugin Slug:
woo-custom-cart-button
Installations
4,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-49296
The vulnerability has not been patched. You should deactivate the plugin.

Zoho CRM Lead Magnet

Plugin:
Zoho CRM Lead Magnet
Plugin Slug:
zoho-crm-forms
Installations
4,000+
Vulnerability:
SQL Injection
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-49297
The vulnerability has not been patched. You should deactivate the plugin.

Hyperlink Group Block

Plugin:
Hyperlink Group Block
Plugin Slug:
hyperlink-group-block
Installations
3,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-49279
The vulnerability has not been patched. You should deactivate the plugin.

Animator – Scroll Triggered Animations

Plugin:
Animator – Scroll Triggered Animations
Plugin Slug:
scroll-triggered-animations
Installations
3,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-49308
The vulnerability has not been patched. You should deactivate the plugin.

DPD Baltic Shipping

Plugin:
DPD Baltic Shipping
Plugin Slug:
woo-shipping-dpd-baltic
Installations
2,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-9350
The vulnerability has not been patched. You should deactivate the plugin.

Omnipress

Plugin:
Omnipress
Plugin Slug:
omnipress
Installations
1,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-49278
The vulnerability has not been patched. You should deactivate the plugin.

UltraAddons – Elementor Addons (Header Footer Builder, Custom Font, Custom CSS,Woo Widget, Menu Builder, Anywhere Elementor Shortcode)

Plugin:
UltraAddons – Elementor Addons (Header Footer Builder, Custom Font, Custom CSS,Woo Widget, Menu Builder, Anywhere Elementor Shortcode)
Plugin Slug:
ultraaddons-elementor-lite
Installations
1,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-49277
The vulnerability has not been patched. You should deactivate the plugin.

WP SendFox

Plugin:
WP SendFox
Plugin Slug:
wp-sendfox
Installations
1,000+
Vulnerability:
Sensitive Data Exposure
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-49284
The vulnerability has not been patched. You should deactivate the plugin.

Simple Testimonials Showcase

Plugin:
Simple Testimonials Showcase
Plugin Slug:
simple-testimonials-showcase
Installations
900+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-49295
The vulnerability has not been patched. You should deactivate the plugin.

TAKETIN To WP Membership

Plugin:
TAKETIN To WP Membership
Plugin Slug:
taketin-to-wp-membership
Installations
60+
Vulnerability:
PHP Object Injection
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-49226
The vulnerability has not been patched. You should deactivate the plugin.

Easy Addons for Elementor

Plugin:
Easy Addons for Elementor
Plugin Slug:
easy-addons-for-elementor
Installations
10+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-49631
The vulnerability has not been patched. You should deactivate the plugin.

UltimateAI

Plugin:
UltimateAI
Plugin Slug:
Ultimate_AI
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-9104
The vulnerability has not been patched. You should deactivate the plugin.

UltimateAI

Plugin:
UltimateAI
Plugin Slug:
Ultimate_AI
Vulnerability:
Broken Authentication
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2024-9105
The vulnerability has not been patched. You should deactivate the plugin.

AB Categories Search Widget

Plugin:
AB Categories Search Widget
Plugin Slug:
ab-categories-search-widget
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-49240
The vulnerability has not been patched. You should deactivate the plugin.

ACL Floating Cart for WooCommerce

Plugin:
ACL Floating Cart for WooCommerce
Plugin Slug:
acl-floating-cart-for-woocommerce
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-49640
The vulnerability has not been patched. You should deactivate the plugin.

Add Categories Post Footer

Plugin:
Add Categories Post Footer
Plugin Slug:
add-categories-post-footer
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-49239
The vulnerability has not been patched. You should deactivate the plugin.

ADIF Log Search Widget

Plugin:
ADIF Log Search Widget
Plugin Slug:
adif-log-search-widget
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-49238
The vulnerability has not been patched. You should deactivate the plugin.

Advanced Advertising System

Plugin:
Advanced Advertising System
Plugin Slug:
advanced-advertising-system
Vulnerability:
PHP Object Injection
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2024-49624
The vulnerability has not been patched. You should deactivate the plugin.

Affiliator

Plugin:
Affiliator
Plugin Slug:
affiliator-lite
Vulnerability:
Arbitrary File Upload
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2024-49326
The vulnerability has not been patched. You should deactivate the plugin.

Agile Video Player Lite

Plugin:
Agile Video Player Lite
Plugin Slug:
agile-video-player
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-49636
The vulnerability has not been patched. You should deactivate the plugin.

Ahime Image Printer

Plugin:
Ahime Image Printer
Plugin Slug:
ahime-image-printer
Vulnerability:
Arbitrary File Download
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-49245
The vulnerability has not been patched. You should deactivate the plugin.

Ahmeti Wp Timeline

Plugin:
Ahmeti Wp Timeline
Plugin Slug:
ahmeti-wp-timeline
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-49237
The vulnerability has not been patched. You should deactivate the plugin.

AI Image Generator for Your Content & Featured Images – AI Postpix

Plugin:
AI Image Generator for Your Content & Featured Images – AI Postpix
Plugin Slug:
ai-postpix
Vulnerability:
Arbitrary File Upload
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2024-49671
The vulnerability has not been patched. You should deactivate the plugin.

Ajax Custom CSS/JS

Plugin:
Ajax Custom CSS/JS
Plugin Slug:
ajax-awesome-css
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-49230
The vulnerability has not been patched. You should deactivate the plugin.

ajax-extend

Plugin:
ajax-extend
Plugin Slug:
ajax-extend
Vulnerability:
Remote Code Execution (RCE)
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2024-49254
The vulnerability has not been patched. You should deactivate the plugin.

Ajax Rating with Custom Login

Plugin:
Ajax Rating with Custom Login
Plugin Slug:
ajax-rating-with-custom-login
Vulnerability:
SQL Injection
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2024-49246
The vulnerability has not been patched. You should deactivate the plugin.

Akismet htaccess writer

Plugin:
Akismet htaccess writer
Plugin Slug:
akismet-htaccess-writer
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-49316
The vulnerability has not been patched. You should deactivate the plugin.

All in One Slider

Plugin:
All in One Slider
Plugin Slug:
all-in-one-slider
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-49323
The vulnerability has not been patched. You should deactivate the plugin.

Analyse Uploads

Plugin:
Analyse Uploads
Plugin Slug:
analyse-uploads
Vulnerability:
Arbitrary File Deletion
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-49253
The vulnerability has not been patched. You should deactivate the plugin.

Apa Banner Slider

Plugin:
Apa Banner Slider
Plugin Slug:
apa-banner-slider
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-49622
The vulnerability has not been patched. You should deactivate the plugin.

APA Register Newsletter Form

Plugin:
APA Register Newsletter Form
Plugin Slug:
apa-register-newsletter-form
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-49621
The vulnerability has not been patched. You should deactivate the plugin.

Arkhe Blocks

Plugin:
Arkhe Blocks
Plugin Slug:
arkhe-blocks
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-49261
The vulnerability has not been patched. You should deactivate the plugin.

Author Discussion

Plugin:
Author Discussion
Plugin Slug:
author-discussion
Vulnerability:
SQL Injection
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-49609
The vulnerability has not been patched. You should deactivate the plugin.

AVChat Video Chat

Plugin:
AVChat Video Chat
Plugin Slug:
avchat-3
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-49605
The vulnerability has not been patched. You should deactivate the plugin.

Azz Anonim Posting

Plugin:
Azz Anonim Posting
Plugin Slug:
azz-anonim-posting
Vulnerability:
Arbitrary File Upload
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2024-49257
The vulnerability has not been patched. You should deactivate the plugin.

Back Link Tracker

Plugin:
Back Link Tracker
Plugin Slug:
back-link-tracker
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-49617
The vulnerability has not been patched. You should deactivate the plugin.

Banner Slider

Plugin:
Banner Slider
Plugin Slug:
banner-slider
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-49635
The vulnerability has not been patched. You should deactivate the plugin.

Bet WC 2018 Russia

Plugin:
Bet WC 2018 Russia
Plugin Slug:
bet-wc-2018-russia
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-49637
The vulnerability has not been patched. You should deactivate the plugin.

Better Author Bio

Plugin:
Better Author Bio
Plugin Slug:
better-author-bio
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-49229
The vulnerability has not been patched. You should deactivate the plugin.

BuddyPress Better Registration

Plugin:
BuddyPress Better Registration
Plugin Slug:
better-bp-registration
Vulnerability:
Broken Authentication
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2024-49247
The vulnerability has not been patched. You should deactivate the plugin.

Booking.com Banner Creator

Plugin:
Booking.com Banner Creator
Plugin Slug:
bookingcom-banner-creator
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-49265
The vulnerability has not been patched. You should deactivate the plugin.

BuddyPress Greeting Message

Plugin:
BuddyPress Greeting Message
Plugin Slug:
bp-greeting-message
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-49650
The vulnerability has not been patched. You should deactivate the plugin.

BP Member Type Manager

Plugin:
BP Member Type Manager
Plugin Slug:
bp-member-type-manager
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-49634
The vulnerability has not been patched. You should deactivate the plugin.

Branding

Plugin:
Branding
Plugin Slug:
branding
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-9452
The vulnerability has not been patched. You should deactivate the plugin.

Bulk images optimizer

Plugin:
Bulk images optimizer
Plugin Slug:
bulk-image-resizer
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-9361
The vulnerability has not been patched. You should deactivate the plugin.

bVerse Convert

Plugin:
bVerse Convert
Plugin Slug:
bverse-convert
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-49228
The vulnerability has not been patched. You should deactivate the plugin.

Campus Explorer Widget

Plugin:
Campus Explorer Widget
Plugin Slug:
campus-explorer-widget
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-49660
The vulnerability has not been patched. You should deactivate the plugin.

chatplusjp

Plugin:
chatplusjp
Plugin Slug:
chatplusjp
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-49664
The vulnerability has not been patched. You should deactivate the plugin.

CJ Change Howdy

Plugin:
CJ Change Howdy
Plugin Slug:
cj-change-howdy
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-49223
The vulnerability has not been patched. You should deactivate the plugin.

Client Power Tools Portal

Plugin:
Client Power Tools Portal
Plugin Slug:
client-power-tools
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-49670
The vulnerability has not been patched. You should deactivate the plugin.

Code Generate

Plugin:
Code Generate
Plugin Slug:
code-generator
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-49646
The vulnerability has not been patched. You should deactivate the plugin.

Cookie Scanner

Plugin:
Cookie Scanner
Plugin Slug:
cookie-scanner
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-49220
The vulnerability has not been patched. You should deactivate the plugin.

Coub

Plugin:
Coub
Plugin Slug:
coub
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-49659
The vulnerability has not been patched. You should deactivate the plugin.

Country Flags for Elementor

Plugin:
Country Flags for Elementor
Plugin Slug:
country-flags-for-elementor
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-49262
The vulnerability has not been patched. You should deactivate the plugin.

Crazy Call To Action Box

Plugin:
Crazy Call To Action Box
Plugin Slug:
crazy-call-to-action-box
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-49236
The vulnerability has not been patched. You should deactivate the plugin.

cSlider

Plugin:
cSlider
Plugin Slug:
cslider
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-49221
The vulnerability has not been patched. You should deactivate the plugin.

CSV Product Import Export for WooCommerce

Plugin:
CSV Product Import Export for WooCommerce
Plugin Slug:
csv-wc-product-import-export
Vulnerability:
SQL Injection
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-49244
The vulnerability has not been patched. You should deactivate the plugin.

CWD 3D Image Gallery

Plugin:
CWD 3D Image Gallery
Plugin Slug:
cwd-3d-image-gallery
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-49632
The vulnerability has not been patched. You should deactivate the plugin.

Digital Lottery

Plugin:
Digital Lottery
Plugin Slug:
digital-lottery
Vulnerability:
Arbitrary File Upload
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2024-49242
The vulnerability has not been patched. You should deactivate the plugin.

DocumentPress

Plugin:
DocumentPress
Plugin Slug:
documentpress-display-any-document-on-your-site
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-49656
The vulnerability has not been patched. You should deactivate the plugin.

Duplicate Title Validate

Plugin:
Duplicate Title Validate
Plugin Slug:
duplicate-title-validate
Vulnerability:
SQL Injection
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-49623
The vulnerability has not been patched. You should deactivate the plugin.

Dynamic Elementor Addons

Plugin:
Dynamic Elementor Addons
Plugin Slug:
dynamic-elementor-addons
Vulnerability:
Local File Inclusion
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-49243
The vulnerability has not been patched. You should deactivate the plugin.

Easy Menu Manager

Plugin:
Easy Menu Manager
Plugin Slug:
easy-menu-manager-wpzest
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-9366
The vulnerability has not been patched. You should deactivate the plugin.

Easy Post Types

Plugin:
Easy Post Types
Plugin Slug:
easy-post-types
Vulnerability:
PHP Object Injection
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-10079
The vulnerability has not been patched. You should deactivate the plugin.

Easy Post Types

Plugin:
Easy Post Types
Plugin Slug:
easy-post-types
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-10078
The vulnerability has not been patched. You should deactivate the plugin.

Easy Post Types

Plugin:
Easy Post Types
Plugin Slug:
easy-post-types
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-10080
The vulnerability has not been patched. You should deactivate the plugin.

EKC Tournament Manager

Plugin:
EKC Tournament Manager
Plugin Slug:
ekc-tournament-manager
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2024-49674
The vulnerability has not been patched. You should deactivate the plugin.

Elemenda

Plugin:
Elemenda
Plugin Slug:
elemenda
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-9373
The vulnerability has not been patched. You should deactivate the plugin.

Extra Privacy for Elementor

Plugin:
Extra Privacy for Elementor
Plugin Slug:
extra-privacy-for-elementor
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-49654
The vulnerability has not been patched. You should deactivate the plugin.

Feed Comments Number

Plugin:
Feed Comments Number
Plugin Slug:
feed-comments-number
Vulnerability:
Arbitrary File Upload
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2024-49216
The vulnerability has not been patched. You should deactivate the plugin.

FERMA.ru.net

Plugin:
FERMA.ru.net
Plugin Slug:
ferma-ru-net-checkout
Vulnerability:
SQL Injection
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-49620
The vulnerability has not been patched. You should deactivate the plugin.

Whitelist

Plugin:
Whitelist
Plugin Slug:
fifthsegment-whitelist
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-49643
The vulnerability has not been patched. You should deactivate the plugin.

Flat UI Button

Plugin:
Flat UI Button
Plugin Slug:
flat-ui-button
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-10014
The vulnerability has not been patched. You should deactivate the plugin.

FREE DOWNLOAD MANAGER

Plugin:
FREE DOWNLOAD MANAGER
Plugin Slug:
free-download-manager
Vulnerability:
Arbitrary File Deletion
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-49315
The vulnerability has not been patched. You should deactivate the plugin.

Free Stock Photos Foter

Plugin:
Free Stock Photos Foter
Plugin Slug:
free-stock-photos-foter
Vulnerability:
PHP Object Injection
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-49227
The vulnerability has not been patched. You should deactivate the plugin.

Gantry 4 Framework

Plugin:
Gantry 4 Framework
Plugin Slug:
gantry
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-9382
The vulnerability has not been patched. You should deactivate the plugin.

GERRYWORKS Post by Mail

Plugin:
GERRYWORKS Post by Mail
Plugin Slug:
gerryworks-post-by-mail
Vulnerability:
Privilege Escalation
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-49608
The vulnerability has not been patched. You should deactivate the plugin.

GetResponse Forms

Plugin:
GetResponse Forms
Plugin Slug:
getresponse
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-8740
The vulnerability has not been patched. You should deactivate the plugin.

Giveaway Boost

Plugin:
Giveaway Boost
Plugin Slug:
giveaway-boost
Vulnerability:
PHP Object Injection
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2024-49332
The vulnerability has not been patched. You should deactivate the plugin.

Google Docs RSVP

Plugin:
Google Docs RSVP
Plugin Slug:
google-docs-rsvp-guestlist
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-49672
The vulnerability has not been patched. You should deactivate the plugin.

Google Map Locations

Plugin:
Google Map Locations
Plugin Slug:
google-map-locations
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-49606
The vulnerability has not been patched. You should deactivate the plugin.

GoogleDrive folder list

Plugin:
GoogleDrive folder list
Plugin Slug:
googledrive-folder-list
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-49335
The vulnerability has not been patched. You should deactivate the plugin.

TeploBot – Telegram Bot for WP

Plugin:
TeploBot – Telegram Bot for WP
Plugin Slug:
green-wp-telegram-bot-by-teplitsa
Vulnerability:
Sensitive Data Exposure
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-9627
The vulnerability has not been patched. You should deactivate the plugin.

iBryl Switch User

Plugin:
iBryl Switch User
Plugin Slug:
ibryl-switch-user
Vulnerability:
Broken Authentication
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-49675
The vulnerability has not been patched. You should deactivate the plugin.

Infinite-Scroll

Plugin:
Infinite-Scroll
Plugin Slug:
infinite-scroll
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-10040
The vulnerability has not been patched. You should deactivate the plugin.

INK Official

Plugin:
INK Official
Plugin Slug:
ink-official
Vulnerability:
Arbitrary File Upload
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2024-49669
The vulnerability has not been patched. You should deactivate the plugin.

Job Board Manager for WordPress

Plugin:
Job Board Manager for WordPress
Plugin Slug:
jemployee
Vulnerability:
Privilege Escalation
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2024-49322
The vulnerability has not been patched. You should deactivate the plugin.

JiangQie Free Mini Program

Plugin:
JiangQie Free Mini Program
Plugin Slug:
jiangqie-free-mini-program
Vulnerability:
Arbitrary File Upload
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2024-49314
The vulnerability has not been patched. You should deactivate the plugin.

jLayer Parallax Slider

Plugin:
jLayer Parallax Slider
Plugin Slug:
jlayer-parallax-slider-wp
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-49334
The vulnerability has not been patched. You should deactivate the plugin.

Kento Post View Counter

Plugin:
Kento Post View Counter
Plugin Slug:
kento-post-view-counter
Vulnerability:
SQL Injection
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2016-15040
The vulnerability has not been patched. You should deactivate the plugin.

LaTeX2HTML

Plugin:
LaTeX2HTML
Plugin Slug:
latex2html
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-49673
The vulnerability has not been patched. You should deactivate the plugin.

leenk.me

Plugin:
leenk.me
Plugin Slug:
leenkme
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-49661
The vulnerability has not been patched. You should deactivate the plugin.

WordPress Gallery Plugin – Limb Image Gallery

Plugin:
WordPress Gallery Plugin – Limb Image Gallery
Plugin Slug:
limb-gallery
Vulnerability:
Arbitrary File Upload
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2024-49260
The vulnerability has not been patched. You should deactivate the plugin.

WordPress Gallery Plugin – Limb Image Gallery

Plugin:
WordPress Gallery Plugin – Limb Image Gallery
Plugin Slug:
limb-gallery
Vulnerability:
Arbitrary File Download
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-49258
The vulnerability has not been patched. You should deactivate the plugin.

Linked Variation for WooCommerce

Plugin:
Linked Variation for WooCommerce
Plugin Slug:
linked-variation-for-woocommerce
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-48047
The vulnerability has not been patched. You should deactivate the plugin.

Contact Forms, Live Support, CRM, Video Messages

Plugin:
Contact Forms, Live Support, CRM, Video Messages
Plugin Slug:
live-support-tickets
Vulnerability:
Sensitive Data Exposure
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-49235
The vulnerability has not been patched. You should deactivate the plugin.

Maan Addons For Elementor

Plugin:
Maan Addons For Elementor
Plugin Slug:
maan-elementor-addons
Vulnerability:
Local File Inclusion
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-49251
The vulnerability has not been patched. You should deactivate the plugin.

Local Business Addons For Elementor

Plugin:
Local Business Addons For Elementor
Plugin Slug:
map-addons-for-elementor-waze-map
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-49667
The vulnerability has not been patched. You should deactivate the plugin.

El mejor Cluster

Plugin:
El mejor Cluster
Plugin Slug:
mejorcluster
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-49232
The vulnerability has not been patched. You should deactivate the plugin.

Mighty Builder

Plugin:
Mighty Builder
Plugin Slug:
mighty-builder
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-48049
The vulnerability has not been patched. You should deactivate the plugin.

Mitm Bug Tracker

Plugin:
Mitm Bug Tracker
Plugin Slug:
mitm-bug-tracker
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-49224
The vulnerability has not been patched. You should deactivate the plugin.

Monitor.chat

Plugin:
Monitor.chat
Plugin Slug:
monitor-chat
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-49639
The vulnerability has not been patched. You should deactivate the plugin.

Movie Database

Plugin:
Movie Database
Plugin Slug:
movie-database
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-43300
The vulnerability has not been patched. You should deactivate the plugin.

My Reading Library

Plugin:
My Reading Library
Plugin Slug:
my-reading-library
Vulnerability:
PHP Object Injection
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2024-49318
The vulnerability has not been patched. You should deactivate the plugin.

MyTweetLinks

Plugin:
MyTweetLinks
Plugin Slug:
mytweetlinks
Vulnerability:
SQL Injection
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-49618
The vulnerability has not been patched. You should deactivate the plugin.

Nice Backgrounds

Plugin:
Nice Backgrounds
Plugin Slug:
nicebackgrounds
Vulnerability:
Arbitrary File Upload
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2024-49330
The vulnerability has not been patched. You should deactivate the plugin.

PDF-Rechnungsverwaltung

Plugin:
PDF-Rechnungsverwaltung
Plugin Slug:
pdf-rechnungsverwaltung
Vulnerability:
Local File Inclusion
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-49287
The vulnerability has not been patched. You should deactivate the plugin.

Photo Gallery Builder

Plugin:
Photo Gallery Builder
Plugin Slug:
photo-gallery-builder
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-49325
The vulnerability has not been patched. You should deactivate the plugin.

photokit

Plugin:
photokit
Plugin Slug:
photokit
Vulnerability:
Arbitrary File Upload
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2024-49610
The vulnerability has not been patched. You should deactivate the plugin.

Property Lot Management System

Plugin:
Property Lot Management System
Plugin Slug:
plms
Vulnerability:
Arbitrary File Upload
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2024-49331
The vulnerability has not been patched. You should deactivate the plugin.

Portfolleo

Plugin:
Portfolleo
Plugin Slug:
portfolleo
Vulnerability:
Arbitrary File Upload
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2024-49653
The vulnerability has not been patched. You should deactivate the plugin.

Product Customizer Light

Plugin:
Product Customizer Light
Plugin Slug:
product-customizer-light
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-9848
The vulnerability has not been patched. You should deactivate the plugin.

Product Website Showcase

Plugin:
Product Website Showcase
Plugin Slug:
product-websites-showcase
Vulnerability:
Arbitrary File Upload
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2024-49611
The vulnerability has not been patched. You should deactivate the plugin.

Rate Own Post

Plugin:
Rate Own Post
Plugin Slug:
rate-own-post
Vulnerability:
SQL Injection
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-49616
The vulnerability has not been patched. You should deactivate the plugin.

Recently

Plugin:
Recently
Plugin Slug:
recently-viewed-most-viewed-and-sold-products-for-woocommerce
Vulnerability:
PHP Object Injection
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2024-49218
The vulnerability has not been patched. You should deactivate the plugin.

3D Work In Progress

Plugin:
3D Work In Progress
Plugin Slug:
renee-work-in-progress
Vulnerability:
Arbitrary File Deletion
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-49657
The vulnerability has not been patched. You should deactivate the plugin.

3D Work In Progress

Plugin:
3D Work In Progress
Plugin Slug:
renee-work-in-progress
Vulnerability:
Arbitrary File Upload
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2024-49652
The vulnerability has not been patched. You should deactivate the plugin.

WP REST API FNS

Plugin:
WP REST API FNS
Plugin Slug:
rest-api-fns
Vulnerability:
Arbitrary File Upload
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2024-49329
The vulnerability has not been patched. You should deactivate the plugin.

WP REST API FNS

Plugin:
WP REST API FNS
Plugin Slug:
rest-api-fns
Vulnerability:
Privilege Escalation
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2024-49328
The vulnerability has not been patched. You should deactivate the plugin.

Risk Warning Bar

Plugin:
Risk Warning Bar
Plugin Slug:
risk-warning-bar
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-49638
The vulnerability has not been patched. You should deactivate the plugin.

RS-Members

Plugin:
RS-Members
Plugin Slug:
rs-members
Vulnerability:
Privilege Escalation
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-49219
The vulnerability has not been patched. You should deactivate the plugin.

SafetyForms

Plugin:
SafetyForms
Plugin Slug:
safetymails-forms
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-49615
The vulnerability has not been patched. You should deactivate the plugin.

SEO Manager

Plugin:
SEO Manager
Plugin Slug:
seo-manager
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-9521
The vulnerability has not been patched. You should deactivate the plugin.

SermonAudio Widgets

Plugin:
SermonAudio Widgets
Plugin Slug:
sermonaudio-widgets
Vulnerability:
SQL Injection
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-49614
The vulnerability has not been patched. You should deactivate the plugin.

Shipyaari Shipping Management

Plugin:
Shipyaari Shipping Management
Plugin Slug:
shipyaari-shipping-managment
Vulnerability:
PHP Object Injection
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2024-49626
The vulnerability has not been patched. You should deactivate the plugin.

Simple Code Insert Shortcode

Plugin:
Simple Code Insert Shortcode
Plugin Slug:
simple-code-insert-shortcode
Vulnerability:
SQL Injection
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-49613
The vulnerability has not been patched. You should deactivate the plugin.

Simple Custom Admin

Plugin:
Simple Custom Admin
Plugin Slug:
simple-custom-admin
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-49647
The vulnerability has not been patched. You should deactivate the plugin.

Simple Load More

Plugin:
Simple Load More
Plugin Slug:
simple-load-more
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-49662
The vulnerability has not been patched. You should deactivate the plugin.

SiteBuilder Dynamic Components

Plugin:
SiteBuilder Dynamic Components
Plugin Slug:
sitebuilder-dynamic-components
Vulnerability:
PHP Object Injection
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2024-49625
The vulnerability has not been patched. You should deactivate the plugin.

Affiliate Platform

Plugin:
Affiliate Platform
Plugin Slug:
smdp-affiliate-platform
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-49645
The vulnerability has not been patched. You should deactivate the plugin.

Social Link Groups

Plugin:
Social Link Groups
Plugin Slug:
social-link-groups
Vulnerability:
SQL Injection
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-49619
The vulnerability has not been patched. You should deactivate the plugin.

Social Share With Floating Bar

Plugin:
Social Share With Floating Bar
Plugin Slug:
social-share-with-floating-bar
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-8790
The vulnerability has not been patched. You should deactivate the plugin.

Sovratec Case Management

Plugin:
Sovratec Case Management
Plugin Slug:
sovratec-case-management
Vulnerability:
Arbitrary File Upload
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2024-49324
The vulnerability has not been patched. You should deactivate the plugin.

SSV Events

Plugin:
SSV Events
Plugin Slug:
ssv-events
Vulnerability:
Local File Inclusion
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2024-49286
The vulnerability has not been patched. You should deactivate the plugin.

SSV MailChimp

Plugin:
SSV MailChimp
Plugin Slug:
ssv-mailchimp
Vulnerability:
Local File Inclusion
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-49285
The vulnerability has not been patched. You should deactivate the plugin.

Suki Sites Import

Plugin:
Suki Sites Import
Plugin Slug:
suki-sites-import
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-8916
The vulnerability has not been patched. You should deactivate the plugin.

SVG Captcha

Plugin:
SVG Captcha
Plugin Slug:
svg-captcha
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-49648
The vulnerability has not been patched. You should deactivate the plugin.

SW Contact Form

Plugin:
SW Contact Form
Plugin Slug:
sw-contact-form
Vulnerability:
SQL Injection
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-49612
The vulnerability has not been patched. You should deactivate the plugin.

Table of Contents Plus

Plugin:
Table of Contents Plus
Plugin Slug:
table-of-contents-plus
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-49250
The vulnerability has not been patched. You should deactivate the plugin.

Tida URL Screenshot

Plugin:
Tida URL Screenshot
Plugin Slug:
tida-url-screenshot
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-49641
The vulnerability has not been patched. You should deactivate the plugin.

Tito

Plugin:
Tito
Plugin Slug:
tito
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-49241
The vulnerability has not been patched. You should deactivate the plugin.

Todo Custom Field

Plugin:
Todo Custom Field
Plugin Slug:
todo-custom-field
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-49642
The vulnerability has not been patched. You should deactivate the plugin.

uCAT – Next Story

Plugin:
uCAT – Next Story
Plugin Slug:
ucat-next-story
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-49663
The vulnerability has not been patched. You should deactivate the plugin.

Unlimited Addon For Elementor

Plugin:
Unlimited Addon For Elementor
Plugin Slug:
unlimited-addon-for-elementor
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-49267
The vulnerability has not been patched. You should deactivate the plugin.

Adding drop down roles in registration

Plugin:
Adding drop down roles in registration
Plugin Slug:
user-drop-down-roles-in-registration
Vulnerability:
Privilege Escalation
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2024-49217
The vulnerability has not been patched. You should deactivate the plugin.

Verbalize WP

Plugin:
Verbalize WP
Plugin Slug:
verbalize-wp
Vulnerability:
Arbitrary File Upload
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2024-49668
The vulnerability has not been patched. You should deactivate the plugin.

VKontakte Wall Post

Plugin:
VKontakte Wall Post
Plugin Slug:
vkontakte-wall-post
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-49313
The vulnerability has not been patched. You should deactivate the plugin.

Web Bricks Addons for Elementor

Plugin:
Web Bricks Addons for Elementor
Plugin Slug:
webbricks-addons
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-49665
The vulnerability has not been patched. You should deactivate the plugin.

Woocommerce Custom Profile Picture

Plugin:
Woocommerce Custom Profile Picture
Plugin Slug:
woo-custom-profile-picture
Vulnerability:
Arbitrary File Upload
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2024-49658
The vulnerability has not been patched. You should deactivate the plugin.

Edit WooCommerce Templates

Plugin:
Edit WooCommerce Templates
Plugin Slug:
woo-edit-templates
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-10049
The vulnerability has not been patched. You should deactivate the plugin.

Woo Manage Fraud Orders

Plugin:
Woo Manage Fraud Orders
Plugin Slug:
woo-manage-fraud-orders
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-9937
The vulnerability has not been patched. You should deactivate the plugin.

Parcel Pro

Plugin:
Parcel Pro
Plugin Slug:
woo-parcel-pro
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-9383
The vulnerability has not been patched. You should deactivate the plugin.

WooCommerce Maintenance Mode

Plugin:
WooCommerce Maintenance Mode
Plugin Slug:
woocommerce-maintenance-mode
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-49651
The vulnerability has not been patched. You should deactivate the plugin.

Woostagram Connect

Plugin:
Woostagram Connect
Plugin Slug:
woostagram-connect
Vulnerability:
Arbitrary File Upload
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2024-49327
The vulnerability has not been patched. You should deactivate the plugin.

WordPress Video

Plugin:
WordPress Video
Plugin Slug:
wordpress-video
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-49231
The vulnerability has not been patched. You should deactivate the plugin.

Category and Taxonomy Image

Plugin:
Category and Taxonomy Image
Plugin Slug:
wp-custom-taxonomy-image
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-9591
The vulnerability has not been patched. You should deactivate the plugin.

Category and Taxonomy Meta Fields

Plugin:
Category and Taxonomy Meta Fields
Plugin Slug:
wp-custom-taxonomy-meta
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-9588
The vulnerability has not been patched. You should deactivate the plugin.

Category and Taxonomy Meta Fields

Plugin:
Category and Taxonomy Meta Fields
Plugin Slug:
wp-custom-taxonomy-meta
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-9590
The vulnerability has not been patched. You should deactivate the plugin.

Category and Taxonomy Meta Fields

Plugin:
Category and Taxonomy Meta Fields
Plugin Slug:
wp-custom-taxonomy-meta
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-9589
The vulnerability has not been patched. You should deactivate the plugin.

WP Dropbox Dropins

Plugin:
WP Dropbox Dropins
Plugin Slug:
wp-dropbox-dropins
Vulnerability:
Arbitrary File Upload
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2024-49607
The vulnerability has not been patched. You should deactivate the plugin.

WordPress Image SEO

Plugin:
WordPress Image SEO
Plugin Slug:
wp-image-seo
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-49627
The vulnerability has not been patched. You should deactivate the plugin.

Simple User Registration

Plugin:
Simple User Registration
Plugin Slug:
wp-registration
Vulnerability:
Broken Authentication
Patched in Version:
No Fix
Severity Score:
Critical
CVE:
2024-49604
The vulnerability has not been patched. You should deactivate the plugin.

SendGrid for WordPress

Plugin:
SendGrid for WordPress
Plugin Slug:
wp-sendgrid-mailer
Vulnerability:
Broken Access Control
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-9364
The vulnerability has not been patched. You should deactivate the plugin.

WP-Spreadplugin

Plugin:
WP-Spreadplugin
Plugin Slug:
wp-spreadplugin
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-49266
The vulnerability has not been patched. You should deactivate the plugin.

wpPricing Builder

Plugin:
wpPricing Builder
Plugin Slug:
wppricing-builder-lite-responsive-pricing-table-builder
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
Medium
CVE:
2024-49225
The vulnerability has not been patched. You should deactivate the plugin.

Wsify Widget

Plugin:
Wsify Widget
Plugin Slug:
wsify-widget
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-48048
The vulnerability has not been patched. You should deactivate the plugin.

WooCommerce

Plugin:
WooCommerce
Plugin Slug:
woocommerce
Installations
8,000,000+
Vulnerability:
Content Injection
Patched in Version:
9.1.0
Severity Score:
Medium
CVE:
2024-9944
The vulnerability has been patched, so you should update to version 9.1.0.

All-in-One WP Migration and Backup

Plugin:
All-in-One WP Migration and Backup
Plugin Slug:
all-in-one-wp-migration
Installations
5,000,000+
Vulnerability:
Sensitive Data Exposure
Patched in Version:
7.87
Severity Score:
Medium
CVE:
2024-8852
The vulnerability has been patched, so you should update to version 7.87.

Jetpack – WP Security, Backup, Speed, & Growth

Plugin:
Jetpack – WP Security, Backup, Speed, & Growth
Plugin Slug:
jetpack
Installations
4,000,000+
Vulnerability:
Broken Access Control
Patched in Version:
13.9.1
Severity Score:
Medium
CVE:
2024-9926
The vulnerability has been patched, so you should update to version 13.9.1.

Secure Custom Fields

Plugin:
Secure Custom Fields
Plugin Slug:
advanced-custom-fields
Installations
2,000,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
6.3.6.3
Severity Score:
Medium
The vulnerability has been patched, so you should update to version 6.3.6.3.

Royal Elementor Addons and Templates

Plugin:
Royal Elementor Addons and Templates
Plugin Slug:
royal-elementor-addons
Installations
400,000+
Vulnerability:
Sensitive Data Exposure
Patched in Version:
1.3.987
Severity Score:
Medium
CVE:
2024-7417
The vulnerability has been patched, so you should update to version 1.3.987.

Ad Inserter – Ad Manager & AdSense Ads

Plugin:
Ad Inserter – Ad Manager & AdSense Ads
Plugin Slug:
ad-inserter
Installations
300,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.7.38
Severity Score:
High
CVE:
2024-49248
The vulnerability has been patched, so you should update to version 2.7.38.

Simple Custom Post Order

Plugin:
Simple Custom Post Order
Plugin Slug:
simple-custom-post-order
Installations
300,000+
Vulnerability:
Broken Access Control
Patched in Version:
2.5.8
Severity Score:
Medium
CVE:
2024-49321
The vulnerability has been patched, so you should update to version 2.5.8.

Unlimited Elements For Elementor (Free Widgets, Addons, Templates)

Plugin:
Unlimited Elements For Elementor (Free Widgets, Addons, Templates)
Plugin Slug:
unlimited-elements-for-elementor
Installations
300,000+
Vulnerability:
Remote Code Execution (RCE)
Patched in Version:
1.5.122
Severity Score:
Critical
CVE:
2024-49271
The vulnerability has been patched, so you should update to version 1.5.122.

Responsive Lightbox & Gallery

Plugin:
Responsive Lightbox & Gallery
Plugin Slug:
responsive-lightbox
Installations
200,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.4.9
Severity Score:
Medium
CVE:
2024-49282
The vulnerability has been patched, so you should update to version 2.4.9.

Custom Twitter Feeds – A Tweets Widget or X Feed Widget

Plugin:
Custom Twitter Feeds – A Tweets Widget or X Feed Widget
Plugin Slug:
custom-twitter-feeds
Installations
100,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
2.2.4
Severity Score:
Medium
CVE:
2024-49685
The vulnerability has been patched, so you should update to version 2.2.4.

GiveWP – Donation Plugin and Fundraising Platform

Plugin:
GiveWP – Donation Plugin and Fundraising Platform
Plugin Slug:
give
Installations
100,000+
Vulnerability:
PHP Object Injection
Patched in Version:
3.16.4
Severity Score:
Critical
CVE:
2024-9634
The vulnerability has been patched, so you should update to version 3.16.4.

Translate WordPress – Google Language Translator

Plugin:
Translate WordPress – Google Language Translator
Plugin Slug:
google-language-translator
Installations
100,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
6.0.10
Severity Score:
Medium
CVE:
2021-4452
The vulnerability has been patched, so you should update to version 6.0.10.

Schema & Structured Data for WP & AMP

Plugin:
Schema & Structured Data for WP & AMP
Plugin Slug:
schema-and-structured-data-for-wp
Installations
100,000+
Vulnerability:
Sensitive Data Exposure
Patched in Version:
1.36
Severity Score:
Medium
CVE:
2024-49683
The vulnerability has been patched, so you should update to version 1.36.

WP Content Copy Protection & No Right Click

Plugin:
WP Content Copy Protection & No Right Click
Plugin Slug:
wp-content-copy-protector
Installations
100,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
3.6.1
Severity Score:
Medium
CVE:
2024-49306
The vulnerability has been patched, so you should update to version 3.6.1.

SlimStat Analytics

Plugin:
SlimStat Analytics
Plugin Slug:
wp-slimstat
Installations
90,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
5.2.7
Severity Score:
High
CVE:
2024-9548
The vulnerability has been patched, so you should update to version 5.2.7.

WP ULike – All-in-One Engagement Toolkit

Plugin:
WP ULike – All-in-One Engagement Toolkit
Plugin Slug:
wp-ulike
Installations
80,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
4.7.5
Severity Score:
Medium
CVE:
2024-9649
The vulnerability has been patched, so you should update to version 4.7.5.

Exclusive Addons for Elementor

Plugin:
Exclusive Addons for Elementor
Plugin Slug:
exclusive-addons-for-elementor
Installations
60,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.7.2
Severity Score:
Medium
CVE:
2024-49292
The vulnerability has been patched, so you should update to version 2.7.2.

WP-Members Membership Plugin

Plugin:
WP-Members Membership Plugin
Plugin Slug:
wp-members
Installations
60,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
3.4.9.6
Severity Score:
High
CVE:
2024-9231
The vulnerability has been patched, so you should update to version 3.4.9.6.

Calculated Fields Form

Plugin:
Calculated Fields Form
Plugin Slug:
calculated-fields-form
Installations
50,000+
Vulnerability:
Content Injection
Patched in Version:
5.2.46
Severity Score:
Medium
CVE:
2024-9940
The vulnerability has been patched, so you should update to version 5.2.46.

Qi Blocks

Plugin:
Qi Blocks
Plugin Slug:
qi-blocks
Installations
50,000+
Vulnerability:
Local File Inclusion
Patched in Version:
1.3.3
Severity Score:
High
CVE:
2024-49690
The vulnerability has been patched, so you should update to version 1.3.3.

Photo Gallery, Images, Slider in Rbs Image Gallery

Plugin:
Photo Gallery, Images, Slider in Rbs Image Gallery
Plugin Slug:
robo-gallery
Installations
50,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
3.2.22
Severity Score:
Medium
CVE:
2024-49696
The vulnerability has been patched, so you should update to version 3.2.22.

Simple Membership

Plugin:
Simple Membership
Plugin Slug:
simple-membership
Installations
50,000+
Vulnerability:
Open Redirection
Patched in Version:
4.5.4
Severity Score:
Medium
CVE:
2024-49682
The vulnerability has been patched, so you should update to version 4.5.4.

Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates)

Plugin:
Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates)
Plugin Slug:
sina-extension-for-elementor
Installations
50,000+
Vulnerability:
Sensitive Data Exposure
Patched in Version:
3.5.8
Severity Score:
Medium
CVE:
2024-9540
The vulnerability has been patched, so you should update to version 3.5.8.

Product Filter by WBW

Plugin:
Product Filter by WBW
Plugin Slug:
woo-product-filter
Installations
50,000+
Vulnerability:
SQL Injection
Patched in Version:
2.7.1
Severity Score:
High
CVE:
2024-49691
The vulnerability has been patched, so you should update to version 2.7.1.

Themesflat Addons For Elementor

Plugin:
Themesflat Addons For Elementor
Plugin Slug:
themesflat-addons-for-elementor
Installations
40,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.2.2
Severity Score:
Medium
CVE:
2024-49310
The vulnerability has been patched, so you should update to version 2.2.2.

WPIDE – File Manager & Code Editor

Plugin:
WPIDE – File Manager & Code Editor
Plugin Slug:
wpide
Installations
40,000+
Vulnerability:
Full Path Disclosure (FPD)
Patched in Version:
3.5.0
Severity Score:
Medium
CVE:
2024-9546
The vulnerability has been patched, so you should update to version 3.5.0.

Timetable and Event Schedule by MotoPress

Plugin:
Timetable and Event Schedule by MotoPress
Plugin Slug:
mp-timetable
Installations
30,000+
Vulnerability:
Broken Access Control
Patched in Version:
2.3.9
Severity Score:
High
CVE:
2020-36840
The vulnerability has been patched, so you should update to version 2.3.9.

?????? ????? ??????? Persian WooCommerce SMS

Plugin:
?????? ????? ??????? Persian WooCommerce SMS
Plugin Slug:
persian-woocommerce-sms
Installations
30,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
7.0.3
Severity Score:
High
CVE:
2024-9213
The vulnerability has been patched, so you should update to version 7.0.3.

VOD Infomaniak

Plugin:
VOD Infomaniak
Plugin Slug:
vod-infomaniak
Installations
30,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
1.5.8
Severity Score:
Medium
CVE:
2024-49274
The vulnerability has been patched, so you should update to version 1.5.8.

Backup and Staging by WP Time Capsule

Plugin:
Backup and Staging by WP Time Capsule
Plugin Slug:
wp-time-capsule
Installations
20,000+
Vulnerability:
PHP Object Injection
Patched in Version:
1.22.22
Severity Score:
High
CVE:
2024-49684
The vulnerability has been patched, so you should update to version 1.22.22.

Mega Elements – Addons for Elementor

Plugin:
Mega Elements – Addons for Elementor
Plugin Slug:
mega-elements-addons-for-elementor
Installations
10,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.2.7
Severity Score:
Medium
CVE:
2024-49693
The vulnerability has been patched, so you should update to version 1.2.7.

Multiline files upload for contact form 7

Plugin:
Multiline files upload for contact form 7
Plugin Slug:
multiline-files-for-contact-form-7
Installations
10,000+
Vulnerability:
Broken Access Control
Patched in Version:
2.9
Severity Score:
Medium
CVE:
2024-9891
The vulnerability has been patched, so you should update to version 2.9.

WP Photo Album Plus

Plugin:
WP Photo Album Plus
Plugin Slug:
wp-photo-album-plus
Installations
10,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
8.8.07.004
Severity Score:
High
CVE:
2024-9951
The vulnerability has been patched, so you should update to version 8.8.07.004.

Add Widget After Content

Plugin:
Add Widget After Content
Plugin Slug:
add-widget-after-content
Installations
9,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.5
Severity Score:
Medium
CVE:
2024-9892
The vulnerability has been patched, so you should update to version 2.5.

Contact Form by Supsystic

Plugin:
Contact Form by Supsystic
Plugin Slug:
contact-form-by-supsystic
Installations
9,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.7.29
Severity Score:
Medium
CVE:
2024-48046
The vulnerability has been patched, so you should update to version 1.7.29.

Awesome Contact Form7 for Elementor

Plugin:
Awesome Contact Form7 for Elementor
Plugin Slug:
awesome-contact-form7-for-elementor
Installations
8,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
3.1
Severity Score:
Medium
CVE:
2024-49319
The vulnerability has been patched, so you should update to version 3.1.

Events Addon for Elementor

Plugin:
Events Addon for Elementor
Plugin Slug:
events-addon-for-elementor
Installations
8,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.2.1
Severity Score:
Medium
CVE:
2024-49264
The vulnerability has been patched, so you should update to version 2.2.1.

Primary Addon for Elementor

Plugin:
Primary Addon for Elementor
Plugin Slug:
primary-addon-for-elementor
Installations
8,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.5.9
Severity Score:
Medium
CVE:
2024-49259
The vulnerability has been patched, so you should update to version 1.5.9.

Admin Management Xtended

Plugin:
Admin Management Xtended
Plugin Slug:
admin-management-xtended
Installations
7,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.4.7
Severity Score:
Medium
CVE:
2024-49307
The vulnerability has been patched, so you should update to version 2.4.7.

Customer Email Verification for WooCommerce

Plugin:
Customer Email Verification for WooCommerce
Plugin Slug:
emails-verification-for-woocommerce
Installations
7,000+
Vulnerability:
SQL Injection
Patched in Version:
2.9.0
Severity Score:
Critical
CVE:
2024-49305
The vulnerability has been patched, so you should update to version 2.9.0.

ProfileGrid – User Profiles, Groups and Communities

Plugin:
ProfileGrid – User Profiles, Groups and Communities
Plugin Slug:
profilegrid-user-profiles-groups-and-communities
Installations
7,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
5.9.3.1
Severity Score:
Medium
CVE:
2024-49273
The vulnerability has been patched, so you should update to version 5.9.3.1.

Kama SpamBlock

Plugin:
Kama SpamBlock
Plugin Slug:
kama-spamblock
Installations
6,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.8.3
Severity Score:
High
CVE:
2024-9647
The vulnerability has been patched, so you should update to version 1.8.3.

Arconix Shortcodes

Plugin:
Arconix Shortcodes
Plugin Slug:
arconix-shortcodes
Installations
5,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.1.13
Severity Score:
Medium
CVE:
2024-9703
The vulnerability has been patched, so you should update to version 2.1.13.

ElementsReady Addons for Elementor

Plugin:
ElementsReady Addons for Elementor
Plugin Slug:
element-ready-lite
Installations
5,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
6.4.4
Severity Score:
Medium
CVE:
2024-9444
The vulnerability has been patched, so you should update to version 6.4.4.

ElementInvader Addons for Elementor

Plugin:
ElementInvader Addons for Elementor
Plugin Slug:
elementinvader-addons-for-elementor
Installations
5,000+
Vulnerability:
Sensitive Data Exposure
Patched in Version:
1.3.0
Severity Score:
Medium
CVE:
2024-9889
The vulnerability has been patched, so you should update to version 1.3.0.

ElementInvader Addons for Elementor

Plugin:
ElementInvader Addons for Elementor
Plugin Slug:
elementinvader-addons-for-elementor
Installations
5,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.2.9
Severity Score:
Medium
CVE:
2024-9888
The vulnerability has been patched, so you should update to version 1.2.9.

WPKoi Templates for Elementor

Plugin:
WPKoi Templates for Elementor
Plugin Slug:
wpkoi-templates-for-elementor
Installations
5,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
3.1.1
Severity Score:
Medium
CVE:
2024-49679
The vulnerability has been patched, so you should update to version 3.1.1.

PeproDev Ultimate Invoice

Plugin:
PeproDev Ultimate Invoice
Plugin Slug:
pepro-ultimate-invoice
Installations
4,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.0.7
Severity Score:
Medium
CVE:
2024-49298
The vulnerability has been patched, so you should update to version 2.0.7.

Fonto – Custom Web Fonts Manager

Plugin:
Fonto – Custom Web Fonts Manager
Plugin Slug:
fonto
Installations
3,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.2.2
Severity Score:
Medium
CVE:
2024-8920
The vulnerability has been patched, so you should update to version 1.2.2.

Parallax Image

Plugin:
Parallax Image
Plugin Slug:
parallax-image
Installations
3,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.9
Severity Score:
Medium
CVE:
2024-9898
The vulnerability has been patched, so you should update to version 1.9.

RSS Feed Widget

Plugin:
RSS Feed Widget
Plugin Slug:
rss-feed-widget
Installations
3,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
3.0.0
Severity Score:
Medium
CVE:
2024-10057
The vulnerability has been patched, so you should update to version 3.0.0.

Accordion Slider

Plugin:
Accordion Slider
Plugin Slug:
accordion-slider
Installations
2,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.9.12
Severity Score:
Medium
CVE:
2024-9582
The vulnerability has been patched, so you should update to version 1.9.12.

Anchor Episodes Index (Spotify for Podcasters)

Plugin:
Anchor Episodes Index (Spotify for Podcasters)
Plugin Slug:
anchor-episodes-index
Installations
2,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.1.11
Severity Score:
Medium
CVE:
2024-10189
The vulnerability has been patched, so you should update to version 2.1.11.

Smart Online Order for Clover

Plugin:
Smart Online Order for Clover
Plugin Slug:
clover-online-orders
Installations
2,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.5.8
Severity Score:
High
CVE:
2024-8787
The vulnerability has been patched, so you should update to version 1.5.8.

Smart Online Order for Clover

Plugin:
Smart Online Order for Clover
Plugin Slug:
clover-online-orders
Installations
2,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.5.8
Severity Score:
Medium
CVE:
2024-9895
The vulnerability has been patched, so you should update to version 1.5.8.

Flexmls® IDX Plugin

Plugin:
Flexmls® IDX Plugin
Plugin Slug:
flexmls-idx
Installations
2,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
3.14.23
Severity Score:
High
CVE:
2024-8719
The vulnerability has been patched, so you should update to version 3.14.23.

Leyka

Plugin:
Leyka
Plugin Slug:
leyka
Installations
2,000+
Vulnerability:
Full Path Disclosure (FPD)
Patched in Version:
3.31.7
Severity Score:
Medium
CVE:
2024-49252
The vulnerability has been patched, so you should update to version 3.31.7.

MAS Companies For WP Job Manager

Plugin:
MAS Companies For WP Job Manager
Plugin Slug:
mas-wp-job-manager-company
Installations
2,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.0.14
Severity Score:
High
CVE:
2024-9206
The vulnerability has been patched, so you should update to version 1.0.14.

My Wp Brand – Hide menu & Hide Plugin

Plugin:
My Wp Brand – Hide menu & Hide Plugin
Plugin Slug:
my-wp-brand
Installations
2,000+
Vulnerability:
Broken Access Control
Patched in Version:
1.1.3
Severity Score:
Medium
CVE:
2024-49694
The vulnerability has been patched, so you should update to version 1.1.3.

Smart Blocks

Plugin:
Smart Blocks
Plugin Slug:
smart-blocks
Installations
2,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.1
Severity Score:
Medium
CVE:
2024-49270
The vulnerability has been patched, so you should update to version 2.1.

Advanced Category and Custom Taxonomy Image

Plugin:
Advanced Category and Custom Taxonomy Image
Plugin Slug:
advanced-category-and-custom-taxonomy-image
Installations
1,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.1.0
Severity Score:
Medium
CVE:
2024-9425
The vulnerability has been patched, so you should update to version 1.1.0.

AppPresser – Mobile App Framework

Plugin:
AppPresser – Mobile App Framework
Plugin Slug:
apppresser
Installations
1,000+
Vulnerability:
Privilege Escalation
Patched in Version:
4.4.5
Severity Score:
High
CVE:
2024-9305
The vulnerability has been patched, so you should update to version 4.4.5.

Great Restaurant Menu WP

Plugin:
Great Restaurant Menu WP
Plugin Slug:
best-restaurant-menu-by-pricelisto
Installations
1,000+
Vulnerability:
Broken Access Control
Patched in Version:
1.4.3
Severity Score:
Medium
CVE:
2024-49698
The vulnerability has been patched, so you should update to version 1.4.3.

Clio Grow Form

Plugin:
Clio Grow Form
Plugin Slug:
clio-grow-form
Installations
1,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.0.3
Severity Score:
High
CVE:
2024-49276
The vulnerability has been patched, so you should update to version 1.0.3.

Encyclopedia / Glossary / Wiki

Plugin:
Encyclopedia / Glossary / Wiki
Plugin Slug:
encyclopedia-lexicon-glossary-wiki-dictionary
Installations
1,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.7.61
Severity Score:
High
CVE:
2024-49320
The vulnerability has been patched, so you should update to version 1.7.61.

HD Quiz – Save Results Light

Plugin:
HD Quiz – Save Results Light
Plugin Slug:
hd-quiz-save-results-light
Installations
1,000+
Vulnerability:
Broken Access Control
Patched in Version:
0.6
Severity Score:
Medium
CVE:
2024-49689
The vulnerability has been patched, so you should update to version 0.6.

IdeaPush

Plugin:
IdeaPush
Plugin Slug:
ideapush
Installations
1,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
8.71
Severity Score:
Medium
CVE:
2024-49275
The vulnerability has been patched, so you should update to version 8.71.

Locatoraid Store Locator

Plugin:
Locatoraid Store Locator
Plugin Slug:
locatoraid
Installations
1,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
3.9.48
Severity Score:
High
CVE:
2024-9652
The vulnerability has been patched, so you should update to version 3.9.48.

Most And Least Read Posts Widget

Plugin:
Most And Least Read Posts Widget
Plugin Slug:
most-and-least-read-posts-widget
Installations
1,000+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
2.5.19
Severity Score:
Medium
CVE:
2024-49628
The vulnerability has been patched, so you should update to version 2.5.19.

My Favorites

Plugin:
My Favorites
Plugin Slug:
my-favorites
Installations
1,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.4.3
Severity Score:
Medium
CVE:
2024-49263
The vulnerability has been patched, so you should update to version 1.4.3.

myCred Elementor

Plugin:
myCred Elementor
Plugin Slug:
mycred-for-elementor
Installations
1,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.2.7
Severity Score:
Medium
CVE:
2024-49702
The vulnerability has been patched, so you should update to version 1.2.7.

News Kit Elementor Addons

Plugin:
News Kit Elementor Addons
Plugin Slug:
news-kit-elementor-addons
Installations
1,000+
Vulnerability:
Sensitive Data Exposure
Patched in Version:
1.2.2
Severity Score:
Medium
CVE:
2024-9541
The vulnerability has been patched, so you should update to version 1.2.2.

ReDi Restaurant Reservation

Plugin:
ReDi Restaurant Reservation
Plugin Slug:
redi-restaurant-reservation
Installations
1,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
24.1015
Severity Score:
High
CVE:
2024-9240
The vulnerability has been patched, so you should update to version 24.1015.

WordPress Social Share Buttons

Plugin:
WordPress Social Share Buttons
Plugin Slug:
share-button
Installations
1,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.20
Severity Score:
High
CVE:
2024-9219
The vulnerability has been patched, so you should update to version 1.20.

StreamWeasels Twitch Integration

Plugin:
StreamWeasels Twitch Integration
Plugin Slug:
streamweasels-twitch-integration
Installations
1,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.8.7
Severity Score:
Medium
CVE:
2024-9897
The vulnerability has been patched, so you should update to version 1.8.7.

Click to Chat – WP Support All-in-One Floating Widget

Plugin:
Click to Chat – WP Support All-in-One Floating Widget
Plugin Slug:
support-chat
Installations
1,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.3.4
Severity Score:
Medium
CVE:
2024-10055
The vulnerability has been patched, so you should update to version 2.3.4.

Click to Chat – WP Support All-in-One Floating Widget

Plugin:
Click to Chat – WP Support All-in-One Floating Widget
Plugin Slug:
support-chat
Installations
1,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
2.3.4
Severity Score:
Medium
CVE:
2024-49281
The vulnerability has been patched, so you should update to version 2.3.4.

WP Flow Plus

Plugin:
WP Flow Plus
Plugin Slug:
wp-imageflow2
Installations
1,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
5.2.4
Severity Score:
Medium
CVE:
2024-49695
The vulnerability has been patched, so you should update to version 5.2.4.

Photo Gallery Slideshow & Masonry Tiled Gallery

Plugin:
Photo Gallery Slideshow & Masonry Tiled Gallery
Plugin Slug:
wp-responsive-photo-gallery
Installations
1,000+
Vulnerability:
SQL Injection
Patched in Version:
1.0.4
Severity Score:
High
CVE:
2019-25218
The vulnerability has been patched, so you should update to version 1.0.4.

The Ultimate WordPress Toolkit – WP Extended

Plugin:
The Ultimate WordPress Toolkit – WP Extended
Plugin Slug:
wpextended
Installations
1,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
3.0.10
Severity Score:
High
CVE:
2024-9347
The vulnerability has been patched, so you should update to version 3.0.10.

Zita Elementor Site Library

Plugin:
Zita Elementor Site Library
Plugin Slug:
zita-site-library
Installations
1,000+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.6.4
Severity Score:
Medium
CVE:
2024-8921
The vulnerability has been patched, so you should update to version 1.6.4.

SendPulse Free Web Push

Plugin:
SendPulse Free Web Push
Plugin Slug:
sendpulse-web-push
Installations
900+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.3.7
Severity Score:
High
CVE:
2024-9184
The vulnerability has been patched, so you should update to version 1.3.7.

MAS Elementor

Plugin:
MAS Elementor
Plugin Slug:
mas-addons-for-elementor
Installations
700+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.1.7
Severity Score:
Medium
CVE:
2024-49233
The vulnerability has been patched, so you should update to version 1.1.7.

WP Sessions Time Monitoring Full Automatic

Plugin:
WP Sessions Time Monitoring Full Automatic
Plugin Slug:
activitytime
Installations
500+
Vulnerability:
SQL Injection
Patched in Version:
1.1.0
Severity Score:
Critical
CVE:
2024-49681
The vulnerability has been patched, so you should update to version 1.1.0.

Plexx Elementor Extension

Plugin:
Plexx Elementor Extension
Plugin Slug:
plexx-elementor-extension
Installations
400+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.3.7
Severity Score:
Medium
CVE:
2024-49234
The vulnerability has been patched, so you should update to version 1.3.7.

AADMY – Add Auto Date Month Year Into Posts

Plugin:
AADMY – Add Auto Date Month Year Into Posts
Plugin Slug:
auto-date-year-month
Installations
300+
Vulnerability:
Content Injection
Patched in Version:
2.0.2
Severity Score:
Medium
CVE:
2024-9837
The vulnerability has been patched, so you should update to version 2.0.2.

Rover IDX

Plugin:
Rover IDX
Plugin Slug:
rover-idx
Installations
300+
Vulnerability:
Privilege Escalation
Patched in Version:
3.0.0.2906
Severity Score:
High
CVE:
2024-10002
The vulnerability has been patched, so you should update to version 3.0.0.2906.

Rover IDX

Plugin:
Rover IDX
Plugin Slug:
rover-idx
Installations
300+
Vulnerability:
Broken Access Control
Patched in Version:
3.0.0.2905
Severity Score:
Medium
CVE:
2024-10003
The vulnerability has been patched, so you should update to version 3.0.0.2905.

Da Reactions

Plugin:
Da Reactions
Plugin Slug:
da-reactions
Installations
200+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
5.2.0
Severity Score:
Medium
CVE:
2024-49255
The vulnerability has been patched, so you should update to version 5.2.0.

Point Maker

Plugin:
Point Maker
Plugin Slug:
point-maker
Installations
200+
Vulnerability:
Local File Inclusion
Patched in Version:
0.1.5
Severity Score:
High
CVE:
2024-49317
The vulnerability has been patched, so you should update to version 0.1.5.

Endless Posts Navigation

Plugin:
Endless Posts Navigation
Plugin Slug:
endless-posts-navigation
Installations
100+
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
2.2.8
Severity Score:
High
CVE:
2024-49629
The vulnerability has been patched, so you should update to version 2.2.8.

Miniorange OTP Verification with Firebase

Plugin:
Miniorange OTP Verification with Firebase
Plugin Slug:
miniorange-firebase-sms-otp-verification
Installations
100+
Vulnerability:
Broken Authentication
Patched in Version:
3.6.1
Severity Score:
High
CVE:
2024-9861
The vulnerability has been patched, so you should update to version 3.6.1.

Miniorange OTP Verification with Firebase

Plugin:
Miniorange OTP Verification with Firebase
Plugin Slug:
miniorange-firebase-sms-otp-verification
Installations
100+
Vulnerability:
Broken Authentication
Patched in Version:
3.6.1
Severity Score:
Critical
CVE:
2024-9862
The vulnerability has been patched, so you should update to version 3.6.1.

Miniorange OTP Verification with Firebase

Plugin:
Miniorange OTP Verification with Firebase
Plugin Slug:
miniorange-firebase-sms-otp-verification
Installations
100+
Vulnerability:
Privilege Escalation
Patched in Version:
3.6.1
Severity Score:
Critical
CVE:
2024-9863
The vulnerability has been patched, so you should update to version 3.6.1.

WP 2FA with Telegram

Plugin:
WP 2FA with Telegram
Plugin Slug:
two-factor-login-telegram
Installations
100+
Vulnerability:
Broken Authentication
Patched in Version:
3.1
Severity Score:
High
CVE:
2024-9687
The vulnerability has been patched, so you should update to version 3.1.

WP 2FA with Telegram

Plugin:
WP 2FA with Telegram
Plugin Slug:
two-factor-login-telegram
Installations
100+
Vulnerability:
Bypass Vulnerability
Patched in Version:
3.1
Severity Score:
Medium
CVE:
2024-9820
The vulnerability has been patched, so you should update to version 3.1.

Debrandify · Remove or Replace WordPress Branding

Plugin:
Debrandify · Remove or Replace WordPress Branding
Plugin Slug:
debrandify
Installations
60+
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.1.3
Severity Score:
Medium
CVE:
2024-9674
The vulnerability has been patched, so you should update to version 1.1.3.

Advanced Custom Fields PRO

Plugin:
Advanced Custom Fields PRO
Plugin Slug:
advanced-custom-fields-pro
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
6.3.9
Severity Score:
Medium
The vulnerability has been patched, so you should update to version 6.3.9.

Cooked Pro

Plugin:
Cooked Pro
Plugin Slug:
cooked-pro
Vulnerability:
Arbitrary File Upload
Patched in Version:
1.8.0
Severity Score:
Critical
CVE:
2024-49291
The vulnerability has been patched, so you should update to version 1.8.0.

Cooked Pro

Plugin:
Cooked Pro
Plugin Slug:
cooked-pro
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
1.8.0
Severity Score:
Medium
CVE:
2024-49290
The vulnerability has been patched, so you should update to version 1.8.0.

Cooked Pro

Plugin:
Cooked Pro
Plugin Slug:
cooked-pro
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
1.8.0
Severity Score:
Medium
CVE:
2024-49289
The vulnerability has been patched, so you should update to version 1.8.0.

EventON Pro

Plugin:
EventON Pro
Plugin Slug:
eventon-wordpress-event-calendar-plugin
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
4.7
Severity Score:
Medium
CVE:
2023-6243
The vulnerability has been patched, so you should update to version 4.7.

Nextend Social Login Pro

Plugin:
Nextend Social Login Pro
Plugin Slug:
nextend-social-login-pro
Vulnerability:
Broken Authentication
Patched in Version:
3.1.15
Severity Score:
Critical
CVE:
2024-9893
The vulnerability has been patched, so you should update to version 3.1.15.

Social Auto Poster

Plugin:
Social Auto Poster
Plugin Slug:
social-auto-poster
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
5.3.16
Severity Score:
Medium
CVE:
2024-49272
The vulnerability has been patched, so you should update to version 5.3.16.

Time Clock Pro

Plugin:
Time Clock Pro
Plugin Slug:
time-clock-pro
Vulnerability:
Remote Code Execution (RCE)
Patched in Version:
1.1.5
Severity Score:
High
CVE:
2024-9593
The vulnerability has been patched, so you should update to version 1.1.5.

File Manager Pro

Plugin:
File Manager Pro
Plugin Slug:
wp-file-manager-pro
Vulnerability:
Arbitrary File Upload
Patched in Version:
8.3.10
Severity Score:
High
CVE:
2024-8918
The vulnerability has been patched, so you should update to version 8.3.10.

File Manager Pro

Plugin:
File Manager Pro
Plugin Slug:
wp-file-manager-pro
Vulnerability:
Broken Access Control
Patched in Version:
8.3.10
Severity Score:
High
CVE:
2024-8746
The vulnerability has been patched, so you should update to version 8.3.10.

File Manager Pro

Plugin:
File Manager Pro
Plugin Slug:
wp-file-manager-pro
Vulnerability:
Cross Site Request Forgery (CSRF)
Patched in Version:
8.3.10
Severity Score:
High
CVE:
2024-8507
The vulnerability has been patched, so you should update to version 8.3.10.

WordPress Themes — 1 Patched / 5 Unpatched

Digitally

Theme:
Digitally
Theme Slug:
digitally
Downloads
8,046
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-49309
The vulnerability has not been patched. You should switch themes.

disconnected

Theme:
disconnected
Theme Slug:
disconnected
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-49268
The vulnerability has not been patched. You should switch themes.

js paper

Theme:
js paper
Theme Slug:
js-paper
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-49678
The vulnerability has not been patched. You should switch themes.

my flatonica

Theme:
my flatonica
Theme Slug:
my-flatonica
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-49269
The vulnerability has not been patched. You should switch themes.

my wooden under construction

Theme:
my wooden under construction
Theme Slug:
my-wooden-under-construction
Vulnerability:
Cross Site Scripting (XSS)
Patched in Version:
No Fix
Severity Score:
High
CVE:
2024-49269
The vulnerability has not been patched. You should switch themes.

Mags

Theme:
Mags
Theme Slug:
mags
Downloads
25,887
Vulnerability:
Local File Inclusion
Patched in Version:
1.1.7
Severity Score:
High
CVE:
2024-49701
The vulnerability has been patched, so you should update to version 1.1.7.

Solid Security is part of Solid Suite — The best foundation for WordPress websites.

Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!

Get Solid Security

Author:

Sarah

Sarah has been with StellarWP since 2024. As our marketing generalist, she spends her day writing content and completing projects for SolidWP, LearnDash, and The Events Calendar. In her free time, Sarah can be found playing pickleball, enjoying coffee at a local coffee shop, and spending time with her husband.

Browse all of Sarah's articles

Author:

Sarah

Sarah has been with StellarWP since 2024. As our marketing generalist, she spends her day writing content and completing projects for SolidWP, LearnDash, and The Events Calendar. In her free time, Sarah can be found playing pickleball, enjoying coffee at a local coffee shop, and spending time with her husband.

Browse all of Sarah's articles