WordPress Vulnerability Report — October 9, 2024

Since last week, 182 new vulnerabilities emerged in the WordPress ecosystem including 177 plugins and 5 themes. 45 of the vulnerable plugins remain unpatched, but Solid Security Pro users are protected by virtual patching from Patchstack.

Sarah

Published:Oct 9, 2024

Filed Under:WordPress Vulnerability Report

Reading Time:35 min.

In this report, 182 vulnerabilities have been publicly disclosed. Security patches for 137 of these plugins are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 45 plugin and theme vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

Along with poor user account security, vulnerable plugins and themes are among the top reasons why WordPress websites get hacked. Unfortunately, cyberattacks are increasing in volume and sophistication. They’re also increasingly aimed at small to mid-sized businesses.

1. WordPress Core
2. WordPress Plugins — 135 Patched / 42 Unpatched

2.1 Soumettre.fr
2.2 Loggedin – Limit Active Logins
2.3 BuddyPress Docs
2.4 DK PDF
2.5 Copyscape Premium
2.6 Keap Official Opt-in Forms
2.7 Online Booking & Scheduling Calendar for WordPress by vcita
2.8 Include Fussball.de Widgets
2.9 LH Copy Media File
2.10 Payflex Payment Gateway
2.11 RumbleTalk Live Group Chat – HTML5
2.12 VdoCipher: Secure Video Player and Hosting
2.13 Hello World
2.14 123.chat
2.15 Aggregator Advanced Settings
2.16 Auto Featured Image from Title
2.17 Captcha Bank
2.18 Confetti Fall Animation
2.19 Custom Banners
2.20 Display Medium Posts
2.21 Easy Load More
2.22 Elastik Page Builder
2.23 Gravity Forms Toolbar
2.24 Guten Post Layout
2.25 Iconize
2.26 KB Support
2.27 KB Support
2.28 LocateAndFilter
2.29 Login Logout Shortcode
2.30 Optin Hound
2.31 PDF Image Generator
2.32 R Animated Icon
2.33 Relogo
2.34 Spice Starter Sites
2.35 SVG Complete
2.36 Wechat Social login
2.37 Wechat Social login
2.38 WooCommerce – Store Exporter
2.39 WP Blocks Hub
2.40 WP Cleanup and Basic Functions
2.41 WP Easy Gallery
2.42 XO Slider
2.43 LiteSpeed Cache
2.44 LiteSpeed Cache
2.45 LiteSpeed Cache
2.46 Rank Math SEO – AI SEO Tools to Dominate SEO Rankings
2.47 Rank Math SEO – AI SEO Tools to Dominate SEO Rankings
2.48 Advanced Custom Fields (ACF)
2.49 Advanced Custom Fields (ACF)
2.50 Advanced Custom Fields (ACF)
2.51 Advanced Custom Fields (ACF)
2.52 Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder
2.53 Broken Link Checker
2.54 Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder
2.55 Happy Addons for Elementor
2.56 Royal Elementor Addons and Templates
2.57 Checkout Field Editor (Checkout Manager) for WooCommerce
2.58 Unlimited Elements For Elementor (Free Widgets, Addons, Templates)
2.59 SEOPress – On-site SEO
2.60 Jeg Elementor Kit
2.61 TinyPNG – JPEG, PNG & WebP image compression
2.62 Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin
2.63 Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin
2.64 Smart Custom 404 Error Page
2.65 Elementor Addon Elements
2.66 Elementor Addon Elements
2.67 Shortcodes and extra features for Phlox theme
2.68 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)
2.69 Slider & Popup Builder by Depicter – Add Image Slider, Carousel Slider, Exit Intent Popup, Popup Modal, Coupon Popup, Post Slider Carousel
2.70 Slider & Popup Builder by Depicter – Add Image Slider, Carousel Slider, Exit Intent Popup, Popup Modal, Coupon Popup, Post Slider Carousel
2.71 Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates
2.72 Strong Testimonials
2.73 The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid
2.74 WooCommerce Multilingual & Multicurrency with WPML
2.75 Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce
2.76 WP Bulk Delete
2.77 WordPress Infinite Scroll – Ajax Load More
2.78 Bold Page Builder
2.79 WP Booking Calendar
2.80 Photo Gallery, Images, Slider in Rbs Image Gallery
2.81 Ultimate Blocks – WordPress Blocks Plugin
2.82 Visual CSS Style Editor
2.83 DethemeKit For Elementor
2.84 Page-list
2.85 Starbox – the Author Box for Humans
2.86 YITH WooCommerce Ajax Search
2.87 Cost Calculator Builder
2.88 Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress
2.89 Ibtana – WordPress Website Builder
2.90 RomethemeKit For Elementor
2.91 Code Embed
2.92 Simple Membership After Login Redirection
2.93 Slider by 10Web – Responsive Image Slider
2.94 Advanced Woo Labels – Product Labels for WooCommerce
2.95 Auto Amazon Links – Amazon Associates Affiliate Plugin
2.96 BA Book Everything
2.97 Blockspare: Gutenberg Blocks & Patterns for Blogs, Magazines, Business Sites – Post Grids, Sliders, Carousels, Counters, Page Builder & Starter Site Imports, No Coding Needed
2.98 Demo Importer Plus
2.99 Gallery Lightbox
2.100 FAQ / Accordion / Docs – Helpie WordPress FAQ Accordion plugin
2.101 LA-Studio Element Kit for Elementor
2.102 MC4WP: Mailchimp Top Bar
2.103 NEX-Forms – Ultimate Form Builder – Contact forms and much more
2.104 Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction
2.105 Popularis Extra
2.106 CartBounty – Save and recover abandoned carts for WooCommerce
2.107 YITH WooCommerce Product Add-Ons
2.108 YML for Yandex Market
2.109 Form plugin for WordPress – Zoho Forms
2.110 MaxSlider
2.111 Affiliate Program Suite — SliceWP Affiliates
2.112 Slideshow Gallery LITE
2.113 WP Hotel Booking
2.114 Themify Builder
2.115 WP Compress – Instant Performance & Speed Optimization
2.116 Author Avatars List/Block
2.117 Cozy Blocks – Page Builder for Gutenberg & Site Editor, Post Blocks, WooCommerce Blocks, Magazine Blocks, WordPress Gutenberg Blocks, Patterns and Templates Library
2.118 Survey Maker
2.119 ElementsReady Addons for Elementor
2.120 ElementInvader Addons for Elementor
2.121 Magazine Blocks – Blog Designer, Magazine & Newspaper Website Builder, Page Builder with Posts Blocks, Post Grid
2.122 Easy Mega Menu Plugin for WordPress – ThemeHunk
2.123 WPMobile.App — Android and iOS Mobile Application
2.124 EventPrime – Events Calendar, Bookings and Tickets
2.125 Geo Mashup
2.126 Quill Forms | The Best Typeform Alternative | Create Conversational Multi Step Form, Survey, Quiz, Cost Estimation or Donation Form on WordPress
2.127 RabbitLoader – Website Speed Optimization for improving Core Web Vital metrics with Cache, Image Optimization, and more
2.128 AVIF Uploader
2.129 Move Addons for Elementor
2.130 Robokassa payment gateway for Woocommerce
2.131 WP-Lister Lite for eBay
2.132 Automatically Hierarchic Categories in Menu
2.133 BSK Forms Blacklist
2.134 Hash Form – Drag & Drop Form Builder
2.135 PWA — easy way to Progressive Web App
2.136 Premium Blocks – Gutenberg Blocks for WordPress
2.137 Search Analytics for WP
2.138 Free Responsive Testimonials, Social Proof Reviews, and Customer Reviews – Stars Testimonials
2.139 The Pack Elementor addons (Header Footer & WooCommerce Builder, Template Library)
2.140 WP-WebAuthn
2.141 WPCOM Member
2.142 XLTab – Accordions and Tabs for Elementor Page Builder
2.143 Zotpress
2.144 Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC)
2.145 Enter Addons – Ultimate Template Builder for Elementor
2.146 Fish and Ships – Most flexible shipping table rate. A WooCommerce shipping rate
2.147 Memberful – Membership Plugin
2.148 Search Atlas SEO – Best SEO Plugin for One-Click WP Publishing & Integrated AI Optimization
2.149 TNC PDF viewer
2.150 Product Delivery Date for WooCommerce – Lite
2.151 Logo Carousel – Clients logo carousel for WP
2.152 BerqWP – Automated All-In-One PageSpeed Optimization for Core Web Vitals, Cache, CDN, Images, CSS, and JavaScript
2.153 Image Optimizer, Resizer and CDN – Sirv
2.154 Social Web Suite – Social Media Auto Post, Social Media Auto Publish
2.155 Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider
2.156 Quantity Dynamic Pricing & Bulk Discounts for WooCommerce
2.157 WP MyLinks
2.158 WP Travel Gutenberg Blocks
2.159 The Ultimate WordPress Toolkit – WP Extended
2.160 ShiftController Employee Shift Scheduling
2.161 QS Dark Mode Plugin
2.162 Web Directory Free
2.163 Limit Login Attempts (Spam Protection)
2.164 Top Bar – PopUps – by WPOptin
2.165 Easy Demo Importer – A Modern One-Click Demo Import Solution
2.166 Advanced Custom Fields PRO
2.167 Advanced Custom Fields PRO
2.168 Advanced Custom Fields PRO
2.169 LatePoint
2.170 LatePoint
2.171 Slider Revolution
2.172 Re:WP
2.173 Echo RSS Feed Post Generator Plugin for WordPress
2.174 Social Auto Poster
2.175 JobSearch
2.176 JobSearch
2.177 Affiliate Pro – Affiliate Program for WooCommerce & WordPress

3. WordPress Themes — 2 Patched / 3 Unpatched

3.1 Empowerment
3.2 UltraPress
3.3 Unseen Blog
3.4 Create
3.5 Full Frame

Our WordPress Vulnerability Report covers the latest emerging WordPress plugin, theme, and core vulnerabilities. Each vulnerability will have a severity rating of Low, Medium, High, or Critical. Responsible disclosure of vulnerabilities is essential to keeping the WordPress community safe. Please share this report to help spread the word and make WordPress — and the web — more secure.

WordPress Core

WordPress 6.7 Beta 2 is ready for testing! This beta version of the WordPress software is under development. Don’t install, run, or test this version of WordPress on production or mission-critical websites. Instead, it is recommended you evaluate Beta 2 on a test server and site.

WordPress Plugins — 135 Patched / 42 Unpatched

Plugin:: Soumettre.fr
Plugin Slug:: soumettre-fr
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-8675

Plugin:: Loggedin – Limit Active Logins
Plugin Slug:: loggedin
Installations: 9,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-9228

Plugin:: BuddyPress Docs
Plugin Slug:: buddypress-docs
Installations: 8,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-9207

Plugin:: DK PDF
Plugin Slug:: dk-pdf
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-8727

Plugin:: Copyscape Premium
Plugin Slug:: copyscape-premium
Installations: 2,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-47644

Plugin:: Keap Official Opt-in Forms
Plugin Slug:: infusionsoft-official-opt-in-forms
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-47642

Plugin:: Online Booking & Scheduling Calendar for WordPress by vcita
Plugin Slug:: meeting-scheduler-by-vcita
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-47638

Plugin:: Include Fussball.de Widgets
Plugin Slug:: include-fussball-de-widgets
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-47643

Plugin:: LH Copy Media File
Plugin Slug:: lh-copy-media-file
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-9220

Plugin:: Payflex Payment Gateway
Plugin Slug:: payflex-payment-gateway
Installations: 1,000+
Vulnerability:: Open Redirection
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-47646

Plugin:: RumbleTalk Live Group Chat – HTML5
Plugin Slug:: rumbletalk-chat-a-chat-with-themes
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-8720

Plugin:: VdoCipher: Secure Video Player and Hosting
Plugin Slug:: vdocipher
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-47639

Plugin:: Hello World
Plugin Slug:: hello-world
Installations: 900+
Vulnerability:: Arbitrary File Download
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-9224

Plugin:: 123.chat
Plugin Slug:: 123-chat-videochat
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-7869

Plugin:: Aggregator Advanced Settings
Plugin Slug:: aggregator-advanced-settings
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-9368

Plugin:: Auto Featured Image from Title
Plugin Slug:: auto-featured-image-from-title
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-8786

Plugin:: Captcha Bank
Plugin Slug:: captcha-bank
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-9375

Plugin:: Confetti Fall Animation
Plugin Slug:: confetti-fall-animation
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-47641

Plugin:: Custom Banners
Plugin Slug:: custom-banners
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-8799

Plugin:: Display Medium Posts
Plugin Slug:: display-medium-posts
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-9445

Plugin:: Easy Load More
Plugin Slug:: easy-load-more
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-8728

Plugin:: Elastik Page Builder
Plugin Slug:: elastik-page-builder
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-9274

Plugin:: Gravity Forms Toolbar
Plugin Slug:: gravity-forms-toolbar
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-8718

Plugin:: Guten Post Layout
Plugin Slug:: guten-post-layout
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-8288

Plugin:: Iconize
Plugin Slug:: iconize
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-47649

Plugin:: KB Support
Plugin Slug:: kb-support
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-8632

Plugin:: KB Support
Plugin Slug:: kb-support
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-8548

Plugin:: LocateAndFilter
Plugin Slug:: locateandfilter
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-9304

Plugin:: Login Logout Shortcode
Plugin Slug:: login-logout-shortcode
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-9421

Plugin:: Optin Hound
Plugin Slug:: opt-in-hound
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-9267

Plugin:: PDF Image Generator
Plugin Slug:: pdf-image-generator
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-9241

Plugin:: R Animated Icon
Plugin Slug:: r-animated-icon
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-9272

Plugin:: Relogo
Plugin Slug:: relogo
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-9269

Plugin:: Spice Starter Sites
Plugin Slug:: spice-starter-sites
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-8430

Plugin:: SVG Complete
Plugin Slug:: svg-complete
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-9119

Plugin:: Wechat Social login
Plugin Slug:: wechat-social-login
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-9108

Plugin:: Wechat Social login
Plugin Slug:: wechat-social-login
Vulnerability:: Broken Authentication
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-9106

Plugin:: WooCommerce – Store Exporter
Plugin Slug:: woocommerce-exporter
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-8793

Plugin:: WP Blocks Hub
Plugin Slug:: wp-blocks-hub
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-9372

Plugin:: WP Cleanup and Basic Functions
Plugin Slug:: wp-cleanup-and-basic-functions
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-9455

Plugin:: WP Easy Gallery
Plugin Slug:: wp-easy-gallery
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-9018

Plugin:: XO Slider
Plugin Slug:: xo-liteslider
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-8324

Plugin:: LiteSpeed Cache
Plugin Slug:: litespeed-cache
Installations: 6,000,000+
Vulnerability:: Path Traversal
Patched in Version:: 6.5.1
Severity Score:: High
CVE:: 2024-47637

Plugin:: LiteSpeed Cache
Plugin Slug:: litespeed-cache
Installations: 6,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.5.1
Severity Score:: Medium
CVE:: 2024-47373

Plugin:: LiteSpeed Cache
Plugin Slug:: litespeed-cache
Installations: 6,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.5.1
Severity Score:: High
CVE:: 2024-47374

Plugin:: Rank Math SEO – AI SEO Tools to Dominate SEO Rankings
Plugin Slug:: seo-by-rank-math
Installations: 3,000,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.0.229
Severity Score:: Medium
CVE:: 2024-9161

Plugin:: Rank Math SEO – AI SEO Tools to Dominate SEO Rankings
Plugin Slug:: seo-by-rank-math
Installations: 3,000,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 1.0.229
Severity Score:: High
CVE:: 2024-9314

Plugin:: Advanced Custom Fields (ACF)
Plugin Slug:: advanced-custom-fields
Installations: 2,000,000+
Vulnerability:: Arbitrary Code Execution
Patched in Version:: 6.3.6.1
Severity Score:: Medium
CVE:: 2024-9529

Plugin:: Advanced Custom Fields (ACF)
Plugin Slug:: advanced-custom-fields
Installations: 2,000,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.11
Severity Score:: Medium
CVE:: 2021-20866

Plugin:: Advanced Custom Fields (ACF)
Plugin Slug:: advanced-custom-fields
Installations: 2,000,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.11
Severity Score:: Medium
CVE:: 2021-20865

Plugin:: Advanced Custom Fields (ACF)
Plugin Slug:: advanced-custom-fields
Installations: 2,000,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.11
Severity Score:: Medium
CVE:: 2021-20867

Plugin:: Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder
Plugin Slug:: popup-maker
Installations: 700,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.20.0
Severity Score:: Medium
CVE:: 2024-47358

Plugin:: Broken Link Checker
Plugin Slug:: broken-link-checker
Installations: 600,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.1
Severity Score:: High
CVE:: 2024-8981

Plugin:: Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder
Plugin Slug:: fluentform
Installations: 500,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.1.20
Severity Score:: Medium
CVE:: 2024-9528

Plugin:: Happy Addons for Elementor
Plugin Slug:: happy-elementor-addons
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.12.1
Severity Score:: Medium
CVE:: 2024-47357

Plugin:: Royal Elementor Addons and Templates
Plugin Slug:: royal-elementor-addons
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.987
Severity Score:: Medium
CVE:: 2024-8482

Plugin:: Checkout Field Editor (Checkout Manager) for WooCommerce
Plugin Slug:: woo-checkout-field-editor-pro
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.4
Severity Score:: High
CVE:: 2024-8499

Plugin:: Unlimited Elements For Elementor (Free Widgets, Addons, Templates)
Plugin Slug:: unlimited-elements-for-elementor
Installations: 300,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.122
Severity Score:: High
CVE:: 2024-45454

Plugin:: SEOPress – On-site SEO
Plugin Slug:: wp-seopress
Installations: 300,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 8.2
Severity Score:: High
CVE:: 2024-9225

Plugin:: Jeg Elementor Kit
Plugin Slug:: jeg-elementor-kit
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.9
Severity Score:: Medium
CVE:: 2024-47390

Plugin:: TinyPNG – JPEG, PNG & WebP image compression
Plugin Slug:: tiny-compress-images
Installations: 200,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.4.4
Severity Score:: Medium
CVE:: 2024-47635

Plugin:: Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin
Plugin Slug:: ultimate-member
Installations: 200,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.8.7
Severity Score:: Medium
CVE:: 2024-8520

Plugin:: Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin
Plugin Slug:: ultimate-member
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.8.7
Severity Score:: Medium
CVE:: 2024-8519

Plugin:: Smart Custom 404 Error Page
Plugin Slug:: 404page
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 11.4.8
Severity Score:: High
CVE:: 2024-9204

Plugin:: Elementor Addon Elements
Plugin Slug:: addon-elements-for-elementor-page-builder
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.13.7
Severity Score:: Medium
CVE:: 2024-47366

Plugin:: Elementor Addon Elements
Plugin Slug:: addon-elements-for-elementor-page-builder
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.13.7
Severity Score:: Medium
CVE:: 2024-47361

Plugin:: Shortcodes and extra features for Phlox theme
Plugin Slug:: auxin-elements
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.16.4
Severity Score:: Medium
CVE:: 2024-8486

Plugin:: Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)
Plugin Slug:: bdthemes-element-pack-lite
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.7.6
Severity Score:: Medium
CVE:: 2024-47392

Plugin:: Slider & Popup Builder by Depicter – Add Image Slider, Carousel Slider, Exit Intent Popup, Popup Modal, Coupon Popup, Post Slider Carousel
Plugin Slug:: depicter
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.5.0
Severity Score:: Medium
CVE:: 2024-47381

Plugin:: Slider & Popup Builder by Depicter – Add Image Slider, Carousel Slider, Exit Intent Popup, Popup Modal, Coupon Popup, Post Slider Carousel
Plugin Slug:: depicter
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.5.0
Severity Score:: Medium
CVE:: 2024-47359

Plugin:: Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates
Plugin Slug:: essential-blocks
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.9.0
Severity Score:: Medium
CVE:: 2024-47385

Plugin:: Strong Testimonials
Plugin Slug:: strong-testimonials
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.1.17
Severity Score:: Medium
CVE:: 2024-47362

Plugin:: The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid
Plugin Slug:: the-post-grid
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.5.0
Severity Score:: Medium
CVE:: 2024-3635

Plugin:: WooCommerce Multilingual & Multicurrency with WPML
Plugin Slug:: woocommerce-multilingual
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.3.8
Severity Score:: High
CVE:: 2024-8629

Plugin:: Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce
Plugin Slug:: email-subscribers
Installations: 80,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.7.35
Severity Score:: Medium
CVE:: 2024-8254

Plugin:: WP Bulk Delete
Plugin Slug:: wp-bulk-delete
Installations: 70,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.2
Severity Score:: High
CVE:: 2024-47352

Plugin:: WordPress Infinite Scroll – Ajax Load More
Plugin Slug:: ajax-load-more
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.1.3
Severity Score:: Medium
CVE:: 2024-8505

Plugin:: Bold Page Builder
Plugin Slug:: bold-page-builder
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.1.1
Severity Score:: Medium
CVE:: 2024-47391

Plugin:: WP Booking Calendar
Plugin Slug:: booking
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 10.6.1
Severity Score:: Medium
CVE:: 2024-9306

Plugin:: Photo Gallery, Images, Slider in Rbs Image Gallery
Plugin Slug:: robo-gallery
Installations: 50,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.2.22
Severity Score:: Medium
CVE:: 2024-8431

Plugin:: Ultimate Blocks – WordPress Blocks Plugin
Plugin Slug:: ultimate-blocks
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.2
Severity Score:: Medium
CVE:: 2024-8536

Plugin:: Visual CSS Style Editor
Plugin Slug:: yellow-pencil-visual-theme-customizer
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.6.5
Severity Score:: High
CVE:: 2024-47348

Plugin:: DethemeKit For Elementor
Plugin Slug:: dethemekit-for-elementor
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.8
Severity Score:: Medium
CVE:: 2024-47632

Plugin:: Page-list
Plugin Slug:: page-list
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.7
Severity Score:: Medium
CVE:: 2024-47382

Plugin:: Starbox – the Author Box for Humans
Plugin Slug:: starbox
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.5.3
Severity Score:: Medium
CVE:: 2024-8239

Plugin:: YITH WooCommerce Ajax Search
Plugin Slug:: yith-woocommerce-ajax-search
Installations: 40,000+
Vulnerability:: SQL Injection
Patched in Version:: 2.8.1
Severity Score:: Critical
CVE:: 2024-47350

Plugin:: Cost Calculator Builder
Plugin Slug:: cost-calculator-builder
Installations: 30,000+
Vulnerability:: SQL Injection
Patched in Version:: 3.2.29
Severity Score:: High
CVE:: 2024-8379

Plugin:: Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress
Plugin Slug:: file-manager
Installations: 20,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 6.5.8
Severity Score:: Medium
CVE:: 2024-8743

Plugin:: Ibtana – WordPress Website Builder
Plugin Slug:: ibtana-visual-editor
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.4.5
Severity Score:: Medium
CVE:: 2024-8282

Plugin:: RomethemeKit For Elementor
Plugin Slug:: rometheme-for-elementor
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.1
Severity Score:: Medium
CVE:: 2024-47626

Plugin:: Code Embed
Plugin Slug:: simple-embed-code
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.5
Severity Score:: Medium
CVE:: 2024-8804

Plugin:: Simple Membership After Login Redirection
Plugin Slug:: simple-membership-after-login-redirection
Installations: 20,000+
Vulnerability:: Open Redirection
Patched in Version:: 1.7
Severity Score:: Medium
CVE:: 2024-47354

Plugin:: Slider by 10Web – Responsive Image Slider
Plugin Slug:: slider-wd
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.59
Severity Score:: Medium
CVE:: 2024-8283

Plugin:: Advanced Woo Labels – Product Labels for WooCommerce
Plugin Slug:: advanced-woo-labels
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.02
Severity Score:: Medium
CVE:: 2024-47622

Plugin:: Auto Amazon Links – Amazon Associates Affiliate Plugin
Plugin Slug:: amazon-auto-links
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.4.3
Severity Score:: High
CVE:: 2024-9349

Plugin:: BA Book Everything
Plugin Slug:: ba-book-everything
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.21
Severity Score:: High
CVE:: 2024-47360

Plugin:: Blockspare: Gutenberg Blocks & Patterns for Blogs, Magazines, Business Sites – Post Grids, Sliders, Carousels, Counters, Page Builder & Starter Site Imports, No Coding Needed
Plugin Slug:: blockspare
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.5
Severity Score:: Medium
CVE:: 2024-47363

Plugin:: Demo Importer Plus
Plugin Slug:: demo-importer-plus
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.2
Severity Score:: Medium
CVE:: 2024-9172

Plugin:: Gallery Lightbox
Plugin Slug:: gallery-lightbox-slider
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.0.41
Severity Score:: Medium
CVE:: 2024-47623

Plugin:: FAQ / Accordion / Docs – Helpie WordPress FAQ Accordion plugin
Plugin Slug:: helpie-faq
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.28
Severity Score:: Medium
CVE:: 2024-47647

Plugin:: LA-Studio Element Kit for Elementor
Plugin Slug:: lastudio-element-kit
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.9.7
Severity Score:: Medium
CVE:: 2024-47628

Plugin:: MC4WP: Mailchimp Top Bar
Plugin Slug:: mailchimp-top-bar
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.1
Severity Score:: High
CVE:: 2024-9210

Plugin:: NEX-Forms – Ultimate Form Builder – Contact forms and much more
Plugin Slug:: nex-forms-express-wp-form-builder
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 8.7.4
Severity Score:: High
CVE:: 2024-47389

Plugin:: Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction
Plugin Slug:: paid-member-subscriptions
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.12.9
Severity Score:: High
CVE:: 2024-9222

Plugin:: Popularis Extra
Plugin Slug:: popularis-extra
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.7
Severity Score:: High
CVE:: 2024-9353

Plugin:: CartBounty – Save and recover abandoned carts for WooCommerce
Plugin Slug:: woo-save-abandoned-carts
Installations: 10,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 8.2.1
Severity Score:: Medium
CVE:: 2024-47634

Plugin:: YITH WooCommerce Product Add-Ons
Plugin Slug:: yith-woocommerce-product-add-ons
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.13.1
Severity Score:: High
CVE:: 2024-47367

Plugin:: YML for Yandex Market
Plugin Slug:: yml-for-yandex-market
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.7.3
Severity Score:: High
CVE:: 2024-9378

Plugin:: Form plugin for WordPress – Zoho Forms
Plugin Slug:: zoho-forms
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.0.1
Severity Score:: Medium
CVE:: 2024-47633

Plugin:: MaxSlider
Plugin Slug:: maxslider
Installations: 9,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 1.2.4
Severity Score:: High
CVE:: 2024-47351

Plugin:: Affiliate Program Suite — SliceWP Affiliates
Plugin Slug:: slicewp
Installations: 9,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.19
Severity Score:: High
CVE:: 2024-47388

Plugin:: Slideshow Gallery LITE
Plugin Slug:: slideshow-gallery
Installations: 8,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8.4
Severity Score:: Medium
CVE:: 2024-47376

Plugin:: WP Hotel Booking
Plugin Slug:: wp-hotel-booking
Installations: 8,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 2.1.3
Severity Score:: Critical
CVE:: 2024-7855

Plugin:: Themify Builder
Plugin Slug:: themify-builder
Installations: 7,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.6.3
Severity Score:: High
CVE:: 2024-9385

Plugin:: WP Compress – Instant Performance & Speed Optimization
Plugin Slug:: wp-compress-image-optimizer
Installations: 7,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.21.01
Severity Score:: High
CVE:: 2024-47384

Plugin:: Author Avatars List/Block
Plugin Slug:: author-avatars
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.22
Severity Score:: Medium
CVE:: 2024-47370

Plugin:: Cozy Blocks – Page Builder for Gutenberg & Site Editor, Post Blocks, WooCommerce Blocks, Magazine Blocks, WordPress Gutenberg Blocks, Patterns and Templates Library
Plugin Slug:: cozy-addons
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.12
Severity Score:: Medium
CVE:: 2024-47355

Plugin:: Survey Maker
Plugin Slug:: survey-maker
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.9.6
Severity Score:: Medium
CVE:: 2024-8488

Plugin:: ElementsReady Addons for Elementor
Plugin Slug:: element-ready-lite
Installations: 5,000+
Vulnerability:: Open Redirection
Patched in Version:: 6.4.3
Severity Score:: Medium
CVE:: 2024-47353

Plugin:: ElementInvader Addons for Elementor
Plugin Slug:: elementinvader-addons-for-elementor
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.8
Severity Score:: Medium
CVE:: 2024-47630

Plugin:: Magazine Blocks – Blog Designer, Magazine & Newspaper Website Builder, Page Builder with Posts Blocks, Post Grid
Plugin Slug:: magazine-blocks
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.15
Severity Score:: High
CVE:: 2024-9218

Plugin:: Easy Mega Menu Plugin for WordPress – ThemeHunk
Plugin Slug:: themehunk-megamenu-plus
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.1
Severity Score:: Medium
CVE:: 2024-8433

Plugin:: WPMobile.App — Android and iOS Mobile Application
Plugin Slug:: wpappninja
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 11.51
Severity Score:: High
CVE:: 2024-47349

Plugin:: EventPrime – Events Calendar, Bookings and Tickets
Plugin Slug:: eventprime-event-calendar-management
Installations: 4,000+
Vulnerability:: Open Redirection
Patched in Version:: 4.0.4.6
Severity Score:: Medium
CVE:: 2024-47648

Plugin:: Geo Mashup
Plugin Slug:: geo-mashup
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.13.14
Severity Score:: Medium
CVE:: 2024-8990

Plugin:: Quill Forms | The Best Typeform Alternative | Create Conversational Multi Step Form, Survey, Quiz, Cost Estimation or Donation Form on WordPress
Plugin Slug:: quillforms
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.8.0
Severity Score:: Medium
CVE:: 2024-47393

Plugin:: RabbitLoader – Website Speed Optimization for improving Core Web Vital metrics with Cache, Image Optimization, and more
Plugin Slug:: rabbit-loader
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.21.1
Severity Score:: High
CVE:: 2024-8800

Plugin:: AVIF Uploader
Plugin Slug:: avif-support
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.1
Severity Score:: Medium
CVE:: 2024-9060

Plugin:: Move Addons for Elementor
Plugin Slug:: move-addons
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.5
Severity Score:: Medium
CVE:: 2024-47364

Plugin:: Robokassa payment gateway for Woocommerce
Plugin Slug:: robokassa
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.2
Severity Score:: High
CVE:: 2024-47395

Plugin:: WP-Lister Lite for eBay
Plugin Slug:: wp-lister-for-ebay
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.6.5
Severity Score:: High
CVE:: 2024-47380

Plugin:: Automatically Hierarchic Categories in Menu
Plugin Slug:: automatically-hierarchic-categories-in-menu
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.6
Severity Score:: Medium
CVE:: 2024-47365

Plugin:: BSK Forms Blacklist
Plugin Slug:: bsk-gravityforms-blacklist
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.9
Severity Score:: High
CVE:: 2024-47624

Plugin:: Hash Form – Drag & Drop Form Builder
Plugin Slug:: hash-form
Installations: 2,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 1.2.0
Severity Score:: Medium
CVE:: 2024-9417

Plugin:: PWA — easy way to Progressive Web App
Plugin Slug:: iworks-pwa
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.4
Severity Score:: Medium
CVE:: 2024-8967

Plugin:: Premium Blocks – Gutenberg Blocks for WordPress
Plugin Slug:: premium-blocks-for-gutenberg
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.34
Severity Score:: Medium
CVE:: 2024-47368

Plugin:: Search Analytics for WP
Plugin Slug:: search-analytics
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4.11
Severity Score:: High
CVE:: 2024-9209

Plugin:: Free Responsive Testimonials, Social Proof Reviews, and Customer Reviews – Stars Testimonials
Plugin Slug:: stars-testimonials-with-slider-and-masonry-grid
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.3.2
Severity Score:: Medium
CVE:: 2024-8989

Plugin:: The Pack Elementor addons (Header Footer & WooCommerce Builder, Template Library)
Plugin Slug:: the-pack-addon
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.9
Severity Score:: Medium
CVE:: 2024-47383

Plugin:: WP-WebAuthn
Plugin Slug:: wp-webauthn
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.2
Severity Score:: Medium
CVE:: 2024-47650

Plugin:: WPCOM Member
Plugin Slug:: wpcom-member
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.4.1
Severity Score:: High
CVE:: 2024-47378

Plugin:: XLTab – Accordions and Tabs for Elementor Page Builder
Plugin Slug:: xl-tab
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4
Severity Score:: Medium
CVE:: 2024-47375

Plugin:: Zotpress
Plugin Slug:: zotpress
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.3.11
Severity Score:: Medium
CVE:: 2024-47621

Plugin:: Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC)
Plugin Slug:: buddyforms
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.8.13
Severity Score:: Medium
CVE:: 2024-47377

Plugin:: Enter Addons – Ultimate Template Builder for Elementor
Plugin Slug:: enteraddons
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.9
Severity Score:: Medium
CVE:: 2024-47625

Plugin:: Fish and Ships – Most flexible shipping table rate. A WooCommerce shipping rate
Plugin Slug:: fish-and-ships
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6
Severity Score:: High
CVE:: 2024-9237

Plugin:: Memberful – Membership Plugin
Plugin Slug:: memberful-wp
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.73.8
Severity Score:: Medium
CVE:: 2024-9242

Plugin:: Search Atlas SEO – Best SEO Plugin for One-Click WP Publishing & Integrated AI Optimization
Plugin Slug:: metasync
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8.3
Severity Score:: Medium
CVE:: 2024-47387

Plugin:: TNC PDF viewer
Plugin Slug:: pdf-viewer-by-themencode
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.0
Severity Score:: Medium
CVE:: 2024-47372

Plugin:: Product Delivery Date for WooCommerce – Lite
Plugin Slug:: product-delivery-date-for-woocommerce-lite
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.7.4
Severity Score:: High
CVE:: 2024-9345

Plugin:: Logo Carousel – Clients logo carousel for WP
Plugin Slug:: responsive-client-logo-carousel-slider
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.0
Severity Score:: Medium
CVE:: 2024-47631

Plugin:: BerqWP – Automated All-In-One PageSpeed Optimization for Core Web Vitals, Cache, CDN, Images, CSS, and JavaScript
Plugin Slug:: searchpro
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.2
Severity Score:: High
CVE:: 2024-9344

Plugin:: Image Optimizer, Resizer and CDN – Sirv
Plugin Slug:: sirv
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.3.0
Severity Score:: Medium
CVE:: 2024-8964

Plugin:: Social Web Suite – Social Media Auto Post, Social Media Auto Publish
Plugin Slug:: social-web-suite
Installations: 1,000+
Vulnerability:: Arbitrary File Download
Patched in Version:: 4.1.12
Severity Score:: High
CVE:: 2024-8352

Plugin:: Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider
Plugin Slug:: ultimate-store-kit
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.6
Severity Score:: Medium
CVE:: 2024-47629

Plugin:: Quantity Dynamic Pricing & Bulk Discounts for WooCommerce
Plugin Slug:: wholesale-pricing-woocommerce
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.8.1
Severity Score:: High
CVE:: 2024-9384

Plugin:: WP MyLinks
Plugin Slug:: wp-mylinks
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.7
Severity Score:: Medium
CVE:: 2024-47371

Plugin:: WP Travel Gutenberg Blocks
Plugin Slug:: wp-travel-blocks
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.7.0
Severity Score:: Medium
CVE:: 2024-47627

Plugin:: The Ultimate WordPress Toolkit – WP Extended
Plugin Slug:: wpextended
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.0.9
Severity Score:: High
CVE:: 2024-47386

Plugin:: ShiftController Employee Shift Scheduling
Plugin Slug:: shiftcontroller
Installations: 900+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.9.67
Severity Score:: High
CVE:: 2024-9435

Plugin:: QS Dark Mode Plugin
Plugin Slug:: qs-dark-mode
Installations: 700+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.0
Severity Score:: Medium
CVE:: 2024-9118

Plugin:: Web Directory Free
Plugin Slug:: web-directory-free
Installations: 600+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.7.4
Severity Score:: High
CVE:: 2024-47379

Plugin:: Limit Login Attempts (Spam Protection)
Plugin Slug:: wp-limit-failed-login-attempts
Installations: 200+
Vulnerability:: Bypass Vulnerability
Patched in Version:: 5.4
Severity Score:: Medium
CVE:: 2022-4534

Plugin:: Top Bar – PopUps – by WPOptin
Plugin Slug:: wpoptin
Installations: 90+
Vulnerability:: Local File Inclusion
Patched in Version:: 2.0.2
Severity Score:: High
CVE:: 2024-47645

Plugin:: Easy Demo Importer – A Modern One-Click Demo Import Solution
Plugin Slug:: easy-demo-importer
Installations: 20+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.3
Severity Score:: Medium
CVE:: 2024-9071

Plugin:: Advanced Custom Fields PRO
Plugin Slug:: advanced-custom-fields-pro
Vulnerability:: Broken Access Control
Patched in Version:: 5.11
Severity Score:: Medium
CVE:: 2021-20866

Plugin:: Advanced Custom Fields PRO
Plugin Slug:: advanced-custom-fields-pro
Vulnerability:: Broken Access Control
Patched in Version:: 5.11
Severity Score:: Medium
CVE:: 2021-20865

Plugin:: Advanced Custom Fields PRO
Plugin Slug:: advanced-custom-fields-pro
Vulnerability:: Broken Access Control
Patched in Version:: 5.11
Severity Score:: Medium
CVE:: 2021-20867

Plugin:: LatePoint
Plugin Slug:: latepoint
Vulnerability:: Broken Authentication
Patched in Version:: 5.0.13
Severity Score:: Critical
CVE:: 2024-8943

Plugin:: LatePoint
Plugin Slug:: latepoint
Vulnerability:: SQL Injection
Patched in Version:: 5.0.12
Severity Score:: Critical
CVE:: 2024-8911

Plugin:: Slider Revolution
Plugin Slug:: revslider
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.7.19
Severity Score:: Medium
CVE:: 2024-8107

Plugin:: Re:WP
Plugin Slug:: rewp
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.2
Severity Score:: Medium
CVE:: 2024-9271

Plugin:: Echo RSS Feed Post Generator Plugin for WordPress
Plugin Slug:: rss-feed-post-generator-echo
Vulnerability:: Privilege Escalation
Patched in Version:: 5.4.7
Severity Score:: Critical
CVE:: 2024-9265

Plugin:: Social Auto Poster
Plugin Slug:: social-auto-poster
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.3.16
Severity Score:: High
CVE:: 2024-47369

Plugin:: JobSearch
Plugin Slug:: wp-jobsearch
Vulnerability:: PHP Object Injection
Patched in Version:: 2.6.1
Severity Score:: Critical
CVE:: 2024-47636

Plugin:: JobSearch
Plugin Slug:: wp-jobsearch
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.1
Severity Score:: High
CVE:: 2024-47394

Plugin:: Affiliate Pro – Affiliate Program for WooCommerce & WordPress
Plugin Slug:: wp-wc-affiliate-program
Vulnerability:: Privilege Escalation
Patched in Version:: 8.5.0
Severity Score:: Critical
CVE:: 2024-9289

WordPress Themes — 2 Patched / 3 Unpatched

Theme:: Empowerment
Theme Slug:: empowerment
Downloads: 3,400
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-7433

Theme:: UltraPress
Theme Slug:: ultrapress
Downloads: 15,922
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-7434

Theme:: Unseen Blog
Theme Slug:: unseen-blog
Downloads: 2,338
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-7432

Theme:: Create
Theme Slug:: create
Downloads: 64,027
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.9.2
Severity Score:: Medium
CVE:: 2024-47356

Theme:: Full Frame
Theme Slug:: full-frame
Downloads: 199,864
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.7.3
Severity Score:: Medium
CVE:: 2024-44010

Solid Security is part of Solid Suite — The best foundation for WordPress websites.

Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!

Get Solid Security

Author:

Sarah

Sarah has been with StellarWP since 2024. As our marketing generalist, she spends her day writing content and completing projects for SolidWP, LearnDash, and The Events Calendar. In her free time, Sarah can be found playing pickleball, enjoying coffee at a local coffee shop, and spending time with her husband.

Browse all of Sarah's articles

Sign up

Placeholder text

Thanks

Oops something went wrong, please try submitting again

Solid Suite

Protect

Repair

Manage

Free Plugins

Solid Suite

Academy

Solid Academy

Guides

Livestreams

Tutorials Academy

Resources

Blog

Vulnerability Report

Support

Documentation

Table of Contents

WordPress Core

WordPress Plugins — 135 Patched / 42 Unpatched