In this report, 231 vulnerabilities have been publicly disclosed. Security patches for 134 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.
Additionally, there are 97 plugin and theme vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.
window[“8adaf693_ce8a_4824_b682_b4b8390f4df7”] = {“blockId”:”8adaf693-ce8a-4824-b682-b4b8390f4df7″,”type”:”warning”,”content”:”
Along with poor user account security, vulnerable plugins and themes are among the top reasons why WordPress websites get hacked. Unfortunately, cyberattacks are increasing in volume and sophistication. They’re also increasingly aimed at small to mid-sized businesses.”,”className”:””};
Along with poor user account security, vulnerable plugins and themes are among the top reasons why WordPress websites get hacked. Unfortunately, cyberattacks are increasing in volume and sophistication. They’re also increasingly aimed at small to mid-sized businesses.
window[“5ae4c661_bb98_4654_994c_911b7c959dc7”] = {“blockId”:”5ae4c661-bb98-4654-994c-911b7c959dc7″,”className”:””,”isOpen”:true};
window[“ed3338e2_9837_4a5f_8863_6cb34907bb1b”] = {“blockId”:”ed3338e2-9837-4a5f-8863-6cb34907bb1b”,”type”:”notice”,”content”:”
Our WordPress Vulnerability Report covers the latest emerging WordPress plugin, theme, and core vulnerabilities. Each vulnerability will have a severity rating of Low, Medium, High, or Critical. Responsible disclosure of vulnerabilities is essential to keeping the WordPress community safe. Please share this report to help spread the word and make WordPress — and the web — more secure.
WordPress Core
WordPress 6.7.1 is available! This minor release features 16 bug fixes throughout Core and the Block Editor.
window[“f9d8667e_1be8_4596_a96c_488ad6b6a29d”] = {“blockId”:”f9d8667e-1be8-4596-a96c-488ad6b6a29d”,”text”:”No new core vulnerabilities were disclosed this week.”,”className”:””};
WordPress Plugins — 128 Patched / 94 Unpatched
140+ Widgets | Xpro Addons For Elementor – FREE
- Plugin Slug:
- xpro-elementor-addons
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-54253
s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions
- Plugin Slug:
- s2member
- Installations
- 10,000+
- Vulnerability:
- Remote Code Execution (RCE)
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
-
2024-51815
Login Widget With Shortcode
- Plugin:
-
Login Widget With Shortcode
- Plugin Slug:
- login-sidebar-widget
- Installations
- 8,000+
- Vulnerability:
- Open Redirection
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-54255
WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts
- Plugin Slug:
- wedevs-project-manager
- Installations
- 8,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-12015
Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg
- Plugin Slug:
- borderless
- Installations
- 7,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-54211
Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library )
- Plugin Slug:
- magical-addons-for-elementor
- Installations
- 5,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-54212
Pinpoint Booking System – #1 WordPress Booking Plugin
- Plugin Slug:
- booking-system
- Installations
- 4,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-54252
Minimum and Maximum Quantity for WooCommerce
- Plugin Slug:
- min-and-max-quantity-for-woocommerce
- Installations
- 3,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-54227
Message Filter for Contact Form 7
- Plugin Slug:
- cf7-message-filter
- Installations
- 2,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-12027
News Kit Elementor Addons
- Plugin:
-
News Kit Elementor Addons
- Plugin Slug:
- news-kit-elementor-addons
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-54260
WordPress Page Builder – Zion Builder
- Plugin Slug:
- zionbuilder
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-54213
ForumWP – Forum & Discussion Board
- Plugin Slug:
- forumwp
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-10879
Friends
- Plugin:
-
Friends
- Plugin Slug:
- friends
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-12028
DELUCKS SEO
- Plugin:
-
DELUCKS SEO
- Plugin Slug:
- delucks-seo
- Installations
- 600+
- Vulnerability:
- Arbitrary File Download
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-54259
RRAddons for Elementor
- Plugin:
-
RRAddons for Elementor
- Plugin Slug:
- rrdevs-for-elementor
- Installations
- 300+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-54232
Import Export For WooCommerce
- Plugin:
-
Import Export For WooCommerce
- Plugin Slug:
- import-export-for-woocommerce
- Installations
- 200+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
-
2024-54262
Shiptimize for WooCommerce
- Plugin:
-
Shiptimize for WooCommerce
- Plugin Slug:
- shiptimize-for-woocommerce
- Installations
- 200+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-54235
Limit Login Attempts (Spam Protection)
- Plugin Slug:
- wp-limit-failed-login-attempts
- Installations
- 200+
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
-
2024-54234
Comfino Payment Gateway
- Plugin:
-
Comfino Payment Gateway
- Plugin Slug:
- comfino-payment-gateway
- Installations
- 100+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-11329
Designer – Addons for Elementor
- Plugin:
-
Designer – Addons for Elementor
- Plugin Slug:
- designer
- Installations
- 100+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-54225
Prodigy Commerce
- Plugin:
-
Prodigy Commerce
- Plugin Slug:
- prodigy-commerce
- Installations
- 100+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-54251
Clients
- Plugin:
-
Clients
- Plugin Slug:
- clients
- Installations
- 80+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-54245
Elite Notification – Sales Popup, Social Proof, FOMO & WooCommerce Notification
- Plugin Slug:
- elite-notification
- Installations
- 70+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-54241
Simple Notification
- Plugin:
-
Simple Notification
- Plugin Slug:
- simple-notification
- Installations
- 50+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-54242
Ni WooCommerce Order Export
- Plugin:
-
Ni WooCommerce Order Export
- Plugin Slug:
- ni-woocommerce-order-export
- Installations
- 40+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-54231
Awesome Shortcodes
- Plugin:
-
Awesome Shortcodes
- Plugin Slug:
- awesome-shortcodes
- Installations
- 10+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-54209
Blaze Online eParcel for WooCommerce
- Plugin Slug:
- blaze-online-eparcel-for-woocommerce
- Installations
- 10+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-54240
Board Document Manager from CHUHPL
- Plugin Slug:
- board-document-manager-from-chuhpl
- Installations
- 10+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-54238
Easy Replace
- Plugin:
-
Easy Replace
- Plugin Slug:
- easy-replace
- Installations
- 10+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-54244
Ni CRM Lead
- Plugin:
-
Ni CRM Lead
- Plugin Slug:
- ni-crm-lead
- Installations
- 10+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-54237
Ni CRM Lead
- Plugin:
-
Ni CRM Lead
- Plugin Slug:
- ni-crm-lead
- Installations
- 10+
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-54258
Ni WooCommerce Bulk Product Editor
- Plugin Slug:
- ni-woocommerce-product-editor
- Installations
- 10+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-54236
TAX SERVICE Electronic HDM
- Plugin:
-
TAX SERVICE Electronic HDM
- Plugin Slug:
- virtual-hdm-for-taxservice-am
- Installations
- 10+
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
-
2024-54261
ABCBiz Addons and Templates for Elementor
- Plugin:
-
ABCBiz Addons and Templates for Elementor
- Plugin Slug:
- abcbiz-addons
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-54247
Advanced Control Manager for WordPress by ItalyStrap
- Plugin:
-
Advanced Control Manager for WordPress by ItalyStrap
- Plugin Slug:
- advanced-control-manager
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-54233
Advanced Options Editor
- Plugin:
-
Advanced Options Editor
- Plugin Slug:
- advanced-options-editor
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-54249
AI Quiz
- Plugin:
-
AI Quiz
- Plugin Slug:
- ai-quiz
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-11323
AIO Contact
- Plugin:
-
AIO Contact
- Plugin Slug:
- aio-contact
- Vulnerability:
- Settings Change
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-54218
AIO Contact
- Plugin:
-
AIO Contact
- Plugin Slug:
- aio-contact
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-54219
Pulsating Chat Button
- Plugin:
-
Pulsating Chat Button
- Plugin Slug:
- amin-chat-button
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-11813
ARForms
- Plugin:
-
ARForms
- Plugin Slug:
- arforms
- Vulnerability:
- Path Traversal
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-54216
ARForms
- Plugin:
-
ARForms
- Plugin Slug:
- arforms
- Vulnerability:
- Settings Change
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-54217
Authors List
- Plugin:
-
Authors List
- Plugin Slug:
- authors-list
- Vulnerability:
- Arbitrary Code Execution
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-10952
Beautiful Taxonomy Filters
- Plugin:
-
Beautiful Taxonomy Filters
- Plugin Slug:
- beautiful-taxonomy-filters
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
-
2024-12270
Block Controller
- Plugin:
-
Block Controller
- Plugin Slug:
- block-controller
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-54208
BP Profile Shortcodes Extra
- Plugin:
-
BP Profile Shortcodes Extra
- Plugin Slug:
- bp-profile-shortcodes-extra
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-11732
Mollie for Contact Form 7
- Plugin:
-
Mollie for Contact Form 7
- Plugin Slug:
- cf7-mollie
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-12165
Charity Addon for Elementor
- Plugin:
-
Charity Addon for Elementor
- Plugin Slug:
- charity-addon-for-elementor
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-12062
Clickbank Storefront
- Plugin:
-
Clickbank Storefront
- Plugin Slug:
- clickbank-storefront
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-11336
SMS for Lead Capture Forms
- Plugin:
-
SMS for Lead Capture Forms
- Plugin Slug:
- clicksend-lead-capture-form
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-11353
CLUEVO LMS, E-Learning Platform
- Plugin:
-
CLUEVO LMS, E-Learning Platform
- Plugin Slug:
- cluevo-lms
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-11444
Cookielay
- Plugin:
-
Cookielay
- Plugin Slug:
- cookielay
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-10320
Country Blocker
- Plugin:
-
Country Blocker
- Plugin Slug:
- country-blocker
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-54226
Advanced Element Bucket Addons for Elementor
- Plugin Slug:
- cs-element-bucket
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-54210
Easy Blocks pro
- Plugin:
-
Easy Blocks pro
- Plugin Slug:
- easy-blocks-pro
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-54256
Easy Code Snippets
- Plugin:
-
Easy Code Snippets
- Plugin Slug:
- easy-code-snippets
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-11464
Easy Social Feed Premium
- Plugin:
-
Easy Social Feed Premium
- Plugin Slug:
- easy-facebook-likebox-premium
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-5020
Echoza
- Plugin:
-
Echoza
- Plugin Slug:
- echoza
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-54243
eewee admin custom
- Plugin:
-
eewee admin custom
- Plugin Slug:
- eewee-admincustom
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-54248
Eleblog – Elementor Blog And Magazine Addons
- Plugin:
-
Eleblog – Elementor Blog And Magazine Addons
- Plugin Slug:
- ele-blog
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-10663
FAQs
- Plugin:
-
FAQs
- Plugin Slug:
- faqs
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-54246
FAT Services Booking
- Plugin:
-
FAT Services Booking
- Plugin Slug:
- fat-services-booking
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-54220
FAT Services Booking
- Plugin:
-
FAT Services Booking
- Plugin Slug:
- fat-services-booking
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
-
2024-54221
Folder Gallery
- Plugin:
-
Folder Gallery
- Plugin Slug:
- folder-gallery
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-11823
Funnelforms Free
- Plugin:
-
Funnelforms Free
- Plugin Slug:
- funnelforms-free
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-10587
Gold Addons for Elementor
- Plugin:
-
Gold Addons for Elementor
- Plugin Slug:
- gold-addons-for-elementor
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-12110
Library Management System
- Plugin:
-
Library Management System
- Plugin Slug:
- library-management-system
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-8679
Contact Form, Survey & Form Builder – MightyForms
- Plugin:
-
Contact Form, Survey & Form Builder – MightyForms
- Plugin Slug:
- mightyforms
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-11897
Gallery
- Plugin:
-
Gallery
- Plugin Slug:
- multi-gallery
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-11501
Login With OTP
- Plugin:
-
Login With OTP
- Plugin Slug:
- otp-login
- Vulnerability:
- Broken Authentication
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-11178
Posti Shipping
- Plugin:
-
Posti Shipping
- Plugin Slug:
- posti-shipping
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-10832
Paloma Widget
- Plugin:
-
Paloma Widget
- Plugin Slug:
- postman-widget
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-54205
Responsive Videos
- Plugin:
-
Responsive Videos
- Plugin Slug:
- responsive-youtube-videos
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-11747
Revy
- Plugin:
-
Revy
- Plugin Slug:
- revy
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
-
2024-54215
Revy
- Plugin:
-
Revy
- Plugin Slug:
- revy
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
-
2024-54214
SG Helper
- Plugin:
-
SG Helper
- Plugin Slug:
- sg-helper
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-11093
Simple Ecommerce Shopping Cart
- Plugin:
-
Simple Ecommerce Shopping Cart
- Plugin Slug:
- simple-e-commerce-shopping-cart
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-12253
Simple Ecommerce Shopping Cart
- Plugin:
-
Simple Ecommerce Shopping Cart
- Plugin Slug:
- simple-e-commerce-shopping-cart
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-12128
Smart PopUp Blaster
- Plugin:
-
Smart PopUp Blaster
- Plugin Slug:
- smart-popup-blaster
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-11339
Smoove connector for Elementor forms
- Plugin:
-
Smoove connector for Elementor forms
- Plugin Slug:
- smoove-elementor
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-11367
Splash Sync
- Plugin:
-
Splash Sync
- Plugin Slug:
- splash-connector
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-11368
SV100 Companion
- Plugin:
-
SV100 Companion
- Plugin Slug:
- sv100-companion
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
-
2024-54229
TWChat
- Plugin:
-
TWChat
- Plugin Slug:
- twchat
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-11374
TwentyTwenty
- Plugin:
-
TwentyTwenty
- Plugin Slug:
- twentytwenty
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-11352
Shortcodes Blocks Creator Ultimate
- Plugin:
-
Shortcodes Blocks Creator Ultimate
- Plugin Slug:
- ultimate-shortcodes-creator
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-54264
Unlock Addons for Elementor
- Plugin:
-
Unlock Addons for Elementor
- Plugin Slug:
- unlock-addons-for-elementor
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-54230
Wot Elementor Widgets
- Plugin:
-
Wot Elementor Widgets
- Plugin Slug:
- wot-elementor-widgets
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-54228
WordPress Auction Plugin
- Plugin:
-
WordPress Auction Plugin
- Plugin Slug:
- wp-auctions
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
-
2024-51615
WordPress Auction Plugin
- Plugin:
-
WordPress Auction Plugin
- Plugin Slug:
- wp-auctions
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-54207
WP Media Optimizer
- Plugin:
-
WP Media Optimizer
- Plugin Slug:
- wp-media-optimizer-webp
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-12060
Mini Program API
- Plugin:
-
Mini Program API
- Plugin Slug:
- wp-mini-program
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-11380
WP Private Content Plus
- Plugin:
-
WP Private Content Plus
- Plugin Slug:
- wp-private-content-plus
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-11292
WP System
- Plugin:
-
WP System
- Plugin Slug:
- wp-system
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-12003
Zooom
- Plugin:
-
Zooom
- Plugin Slug:
- zooom
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-11451
WooCommerce
- Plugin:
-
WooCommerce
- Plugin Slug:
- woocommerce
- Installations
- 8,000,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 9.4.3
- Severity Score:
- Medium
WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More
- Plugin Slug:
- wpforms-lite
- Installations
- 6,000,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.9.2.2
- Severity Score:
- High
- CVE:
-
2024-11205
Spectra – WordPress Gutenberg Blocks
- Plugin Slug:
- ultimate-addons-for-gutenberg
- Installations
- 1,000,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.16.3
- Severity Score:
- Medium
- CVE:
-
2024-10484
Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder
- Plugin Slug:
- fluentform
- Installations
- 500,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.2.1
- Severity Score:
- Medium
- CVE:
-
2024-9651
Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery
- Plugin Slug:
- nextgen-gallery
- Installations
- 400,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.59.5
- Severity Score:
- Medium
- CVE:
-
2024-5020
Firelight Lightbox
- Plugin:
-
Firelight Lightbox
- Plugin Slug:
- easy-fancybox
- Installations
- 200,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.3.4
- Severity Score:
- Medium
- CVE:
-
2024-5020
FileBird – WordPress Media Library Folders & File Manager
- Plugin Slug:
- filebird
- Installations
- 200,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 6.3.4
- Severity Score:
- Medium
- CVE:
-
2024-53825
Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows)
- Plugin Slug:
- bdthemes-element-pack-lite
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.10.6
- Severity Score:
- Medium
- CVE:
-
2024-9058
Beaver Builder – WordPress Page Builder
- Plugin Slug:
- beaver-builder-lite-version
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.8.4.4
- Severity Score:
- Medium
- CVE:
-
2024-53797
Colibri Page Builder
- Plugin:
-
Colibri Page Builder
- Plugin Slug:
- colibri-page-builder
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.0.288
- Severity Score:
- Medium
- CVE:
-
2024-5020
Slider & Popup Builder by Depicter – Add Image Slider, Carousel Slider, Exit Intent Popup, Popup Modal, Coupon Popup, Post Slider Carousel
- Plugin Slug:
- depicter
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.2.2
- Severity Score:
- Medium
- CVE:
-
2024-4633
Gallery Plugin for WordPress – Envira Photo Gallery
- Plugin Slug:
- envira-gallery-lite
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.8.16
- Severity Score:
- Medium
- CVE:
-
2024-5020
Advanced File Manager
- Plugin:
-
Advanced File Manager
- Plugin Slug:
- file-manager-advanced
- Installations
- 100,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 5.2.11
- Severity Score:
- High
- CVE:
-
2024-11391
FileOrganizer – Manage WordPress and Website Files
- Plugin Slug:
- fileorganizer
- Installations
- 100,000+
- Vulnerability:
- Path Traversal
- Patched in Version:
- 1.1.5
- Severity Score:
- High
- CVE:
-
2024-11010
Responsive Lightbox & Gallery
- Plugin:
-
Responsive Lightbox & Gallery
- Plugin Slug:
- responsive-lightbox
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.4.9
- Severity Score:
- Medium
- CVE:
-
2024-5020
The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce
- Plugin:
-
The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce
- Plugin Slug:
- the-plus-addons-for-elementor-page-builder
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 6.0.1
- Severity Score:
- Medium
- CVE:
-
2024-53823
TI WooCommerce Wishlist
- Plugin:
-
TI WooCommerce Wishlist
- Plugin Slug:
- ti-woocommerce-wishlist
- Installations
- 100,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.9.2
- Severity Score:
- High
- CVE:
-
2024-10567
AnyWhere Elementor
- Plugin:
-
AnyWhere Elementor
- Plugin Slug:
- anywhere-elementor
- Installations
- 90,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.2.12
- Severity Score:
- Medium
- CVE:
-
2024-10777
PowerPack Elementor Addons (Free Widgets, Extensions and Templates)
- Plugin Slug:
- powerpack-lite-for-elementor
- Installations
- 90,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.8.2
- Severity Score:
- Medium
- CVE:
-
2024-10692
WPC Smart Quick View for WooCommerce
- Plugin Slug:
- woo-smart-quick-view
- Installations
- 80,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.1.2
- Severity Score:
- Medium
- CVE:
-
2024-5020
WP Hide & Security Enhancer
- Plugin:
-
WP Hide & Security Enhancer
- Plugin Slug:
- wp-hide-security-enhancer
- Installations
- 70,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.5.2
- Severity Score:
- High
- CVE:
-
2024-11585
Getwid – Gutenberg Blocks
- Plugin:
-
Getwid – Gutenberg Blocks
- Plugin Slug:
- getwid
- Installations
- 60,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.0.12
- Severity Score:
- Medium
- CVE:
-
2024-5020
If Menu – Visibility control for Menus
- Plugin Slug:
- if-menu
- Installations
- 60,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 0.19.2
- Severity Score:
- Medium
- CVE:
-
2024-7894
Visual Portfolio, Photo Gallery & Post Grid
- Plugin Slug:
- visual-portfolio
- Installations
- 60,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.3.10
- Severity Score:
- Medium
- CVE:
-
2024-5020
Carousel, Slider, Gallery by WP Carousel – Image Carousel with Lightbox & Photo Gallery, Video Slider, Post Carousel & Post Grid, Product Carousel & Product Grid
- Plugin Slug:
- wp-carousel-free
- Installations
- 60,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.6.9
- Severity Score:
- Medium
- CVE:
-
2024-5020
Bold Page Builder
- Plugin:
-
Bold Page Builder
- Plugin Slug:
- bold-page-builder
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.2.2
- Severity Score:
- Medium
- CVE:
-
2024-53801
Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder
- Plugin Slug:
- form-maker
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.15.28
- Severity Score:
- Medium
- CVE:
-
2024-5020
FancyBox for WordPress
- Plugin:
-
FancyBox for WordPress
- Plugin Slug:
- fancybox-for-wordpress
- Installations
- 40,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.3.5
- Severity Score:
- Medium
- CVE:
-
2024-5020
Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor
- Plugin Slug:
- gutentor
- Installations
- 40,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.4.0
- Severity Score:
- Medium
- CVE:
-
2024-10178
Themesflat Addons For Elementor
- Plugin:
-
Themesflat Addons For Elementor
- Plugin Slug:
- themesflat-addons-for-elementor
- Installations
- 40,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.2.3
- Severity Score:
- Medium
- CVE:
-
2024-53796
Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX
- Plugin Slug:
- ultimate-post
- Installations
- 40,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.1.16
- Severity Score:
- Medium
- CVE:
-
2024-53818
Tutor LMS Elementor Addons
- Plugin:
-
Tutor LMS Elementor Addons
- Plugin Slug:
- tutor-lms-elementor-addons
- Installations
- 30,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.1.6
- Severity Score:
- Medium
- CVE:
-
2024-53816
Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy)
- Plugin Slug:
- wp-analytify
- Installations
- 30,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 5.5.0
- Severity Score:
- Medium
- CVE:
-
2024-53814
WP Umbrella: Update Backup Restore & Monitoring
- Plugin Slug:
- wp-health
- Installations
- 30,000+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 2.17.1
- Severity Score:
- Critical
- CVE:
-
2024-12209
Maspik – Advanced Spam Protection
- Plugin Slug:
- contact-forms-anti-spam
- Installations
- 20,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.2.8
- Severity Score:
- Medium
- CVE:
-
2024-53806
Futurio Extra
- Plugin:
-
Futurio Extra
- Plugin Slug:
- futurio-extra
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.0.15
- Severity Score:
- Medium
- CVE:
-
2024-53802
FV Flowplayer Video Player
- Plugin:
-
FV Flowplayer Video Player
- Plugin Slug:
- fv-wordpress-flowplayer
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 7.5.48.7212
- Severity Score:
- Medium
- CVE:
-
2024-5020
Product Labels For Woocommerce (Sale Badges)
- Plugin Slug:
- aco-product-labels-for-woocommerce
- Installations
- 10,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 1.5.9
- Severity Score:
- High
- CVE:
-
2024-53817
Video Gallery – YouTube Gallery and Vimeo Gallery
- Plugin Slug:
- gallery-videos
- Installations
- 10,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 2.4.3
- Severity Score:
- High
- CVE:
-
2024-10247
Video Gallery – YouTube Gallery and Vimeo Gallery
- Plugin Slug:
- gallery-videos
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.4.2
- Severity Score:
- Medium
- CVE:
-
2024-9769
LA-Studio Element Kit for Elementor
- Plugin Slug:
- lastudio-element-kit
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.4.5
- Severity Score:
- Medium
- CVE:
-
2024-10787
myCred – Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program.
- Plugin:
-
myCred – Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program.
- Plugin Slug:
- mycred
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.7.6
- Severity Score:
- Medium
- CVE:
-
2024-11201
NEX-Forms – Ultimate Form Builder – Contact forms and much more
- Plugin Slug:
- nex-forms-express-wp-form-builder
- Installations
- 10,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 8.7.9
- Severity Score:
- High
- CVE:
-
2024-53808
Simple Side Tab
- Plugin:
-
Simple Side Tab
- Plugin Slug:
- simple-side-tab
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.2.0
- Severity Score:
- Medium
- CVE:
-
2024-11183
Swift Performance Lite
- Plugin:
-
Swift Performance Lite
- Plugin Slug:
- swift-performance-lite
- Installations
- 10,000+
- Vulnerability:
- Path Traversal
- Patched in Version:
- 2.3.7.2
- Severity Score:
- High
- CVE:
-
2024-10516
ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup
- Plugin:
-
ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup
- Plugin Slug:
- armember-membership
- Installations
- 9,000+
- Vulnerability:
- Arbitrary Code Execution
- Patched in Version:
- 4.0.52
- Severity Score:
- Medium
- CVE:
-
2024-10681
Pojo Forms
- Plugin:
-
Pojo Forms
- Plugin Slug:
- pojo-forms
- Installations
- 7,000+
- Vulnerability:
- Arbitrary Code Execution
- Patched in Version:
- 1.4.8
- Severity Score:
- Medium
- CVE:
-
2024-10909
Poll Maker – Versus Polls, Anonymous Polls, Image Polls
- Plugin Slug:
- poll-maker
- Installations
- 7,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 5.5.5
- Severity Score:
- Medium
- CVE:
-
2024-12115
WDesignKit – Elementor & Gutenberg Starter Templates, Patterns, Cloud Workspace & Widget Builder
- Plugin:
-
WDesignKit – Elementor & Gutenberg Starter Templates, Patterns, Cloud Workspace & Widget Builder
- Plugin Slug:
- wdesignkit
- Installations
- 7,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 1.1.0
- Severity Score:
- Medium
- CVE:
-
2024-53811
Related Posts, Inline Related Posts, Contextual Related Posts, Related Content By PickPlugins
- Plugin:
-
Related Posts, Inline Related Posts, Contextual Related Posts, Related Content By PickPlugins
- Plugin Slug:
- related-post
- Installations
- 5,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 2.0.59
- Severity Score:
- Medium
- CVE:
-
2024-10937
WP Travel – Ultimate Travel Booking System, Tour Management Engine
- Plugin Slug:
- wp-travel
- Installations
- 5,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 9.7.0
- Severity Score:
- Medium
- CVE:
-
2024-53813
All Bootstrap Blocks
- Plugin:
-
All Bootstrap Blocks
- Plugin Slug:
- all-bootstrap-blocks
- Installations
- 4,000+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 1.3.20
- Severity Score:
- High
- CVE:
-
2024-53824
Arkhe Blocks
- Plugin:
-
Arkhe Blocks
- Plugin Slug:
- arkhe-blocks
- Installations
- 4,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.27.1
- Severity Score:
- Medium
- CVE:
-
2024-53794
Pinpoint Booking System – #1 WordPress Booking Plugin
- Plugin Slug:
- booking-system
- Installations
- 4,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 2.9.9.5.2
- Severity Score:
- High
- CVE:
-
2024-53815
ElementsReady Addons for Elementor
- Plugin Slug:
- element-ready-lite
- Installations
- 4,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 6.4.8
- Severity Score:
- Medium
- CVE:
-
2024-54224
Contact Form, Survey, Quiz & Popup Form Builder – ARForms
- Plugin Slug:
- arforms-form-builder
- Installations
- 3,000+
- Vulnerability:
- Content Injection
- Patched in Version:
- 1.7.2
- Severity Score:
- Medium
- CVE:
-
2024-54223
WP Job Manager – Company Profiles
- Plugin Slug:
- wp-job-manager-companies
- Installations
- 3,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.8
- Severity Score:
- High
- CVE:
-
2023-6978
Accordion Slider
- Plugin:
-
Accordion Slider
- Plugin Slug:
- accordion-slider
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.9.13
- Severity Score:
- Medium
- CVE:
-
2024-5020
Knowledge Base documentation & wiki plugin – BasePress Docs
- Plugin Slug:
- basepress
- Installations
- 2,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.16.3.4
- Severity Score:
- Medium
- CVE:
-
2024-10664
Message Filter for Contact Form 7
- Plugin Slug:
- cf7-message-filter
- Installations
- 2,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.6.3
- Severity Score:
- Medium
- CVE:
-
2024-54254
KiviCare – Clinic & Patient Management System (EHR)
- Plugin Slug:
- kivicare-clinic-management-system
- Installations
- 2,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 3.6.5
- Severity Score:
- High
- CVE:
-
2024-11730
KiviCare – Clinic & Patient Management System (EHR)
- Plugin Slug:
- kivicare-clinic-management-system
- Installations
- 2,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 3.6.5
- Severity Score:
- High
- CVE:
-
2024-11729
KiviCare – Clinic & Patient Management System (EHR)
- Plugin Slug:
- kivicare-clinic-management-system
- Installations
- 2,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 3.6.5
- Severity Score:
- Critical
- CVE:
-
2024-11728
Online Booking & Scheduling Calendar for WordPress by vcita
- Plugin Slug:
- meeting-scheduler-by-vcita
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.5.2
- Severity Score:
- Medium
- CVE:
-
2024-9872
Plugin Check (PCP)
- Plugin:
-
Plugin Check (PCP)
- Plugin Slug:
- plugin-check
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.3.1
- Severity Score:
- Medium
Active Products Tables for WooCommerce. Use constructor to create tables
- Plugin Slug:
- profit-products-tables-for-woocommerce
- Installations
- 2,000+
- Vulnerability:
- Arbitrary Code Execution
- Patched in Version:
- 1.0.6.6
- Severity Score:
- High
- CVE:
-
2024-10959
Client Invoicing by Sprout Invoices – Easy Estimates and Invoices for WordPress
- Plugin Slug:
- sprout-invoices
- Installations
- 2,000+
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- 20.8.1
- Severity Score:
- Medium
- CVE:
-
2024-53819
Free Responsive Testimonials, Social Proof Reviews, and Customer Reviews – Stars Testimonials
- Plugin:
-
Free Responsive Testimonials, Social Proof Reviews, and Customer Reviews – Stars Testimonials
- Plugin Slug:
- stars-testimonials-with-slider-and-masonry-grid
- Installations
- 2,000+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 3.3.4
- Severity Score:
- High
- CVE:
-
2024-11429
WPBITS Addons For Elementor Page Builder
- Plugin Slug:
- wpbits-addons-for-elementor
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.6
- Severity Score:
- Medium
- CVE:
-
2024-8962
XLTab – Accordions and Tabs for Elementor Page Builder
- Plugin Slug:
- xl-tab
- Installations
- 2,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.5
- Severity Score:
- Medium
- CVE:
-
2024-10689
Captivate Sync
- Plugin:
-
Captivate Sync
- Plugin Slug:
- captivatesync-trade
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.0.26
- Severity Score:
- Medium
- CVE:
-
2024-53820
Contact Form Builder by vcita
- Plugin:
-
Contact Form Builder by vcita
- Plugin Slug:
- contact-form-with-a-meeting-scheduler-by-vcita
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.10.5
- Severity Score:
- Medium
- CVE:
-
2024-10056
Event Tickets with Ticket Scanner
- Plugin Slug:
- event-tickets-with-ticket-scanner
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.4.4
- Severity Score:
- Medium
- CVE:
-
2024-9866
Listdom – Business Directory and Classified Ads Listings WordPress Plugin
- Plugin Slug:
- listdom
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.7.1
- Severity Score:
- Medium
- CVE:
-
2024-11854
????? ?? ???? – ???? ?? ????
- Plugin:
-
????? ?? ???? – ???? ?? ????
- Plugin Slug:
- pgall-for-woocommerce
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.2.3
- Severity Score:
- High
- CVE:
-
2024-11943
SearchIQ – The Search Solution
- Plugin:
-
SearchIQ – The Search Solution
- Plugin Slug:
- searchiq
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.7
- Severity Score:
- Medium
- CVE:
-
2024-10885
Simple Restrict
- Plugin:
-
Simple Restrict
- Plugin Slug:
- simple-restrict
- Installations
- 1,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 1.2.8
- Severity Score:
- Medium
- CVE:
-
2024-11106
Broadcast
- Plugin:
-
Broadcast
- Plugin Slug:
- threewp-broadcast
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 51.02
- Severity Score:
- High
- CVE:
-
2024-11379
WPCasa
- Plugin:
-
WPCasa
- Plugin Slug:
- wpcasa
- Installations
- 1,000+
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- 1.3.0
- Severity Score:
- Medium
- CVE:
-
2024-53826
Church Admin
- Plugin:
-
Church Admin
- Plugin Slug:
- church-admin
- Installations
- 900+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 5.0.9
- Severity Score:
- Medium
- CVE:
-
2024-53795
3DPrint Lite
- Plugin:
-
3DPrint Lite
- Plugin Slug:
- 3dprint-lite
- Installations
- 800+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.1
- Severity Score:
- Medium
- CVE:
-
2024-10480
Email Address Obfuscation
- Plugin:
-
Email Address Obfuscation
- Plugin Slug:
- email-address-obfuscation
- Installations
- 800+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.1.0
- Severity Score:
- Medium
- CVE:
-
2024-11935
Property Hive Mortgage Calculator
- Plugin Slug:
- property-hive-mortgage-calculator
- Installations
- 800+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.0.7
- Severity Score:
- Medium
- CVE:
-
2024-11940
Quran multilanguage Text & Audio
- Plugin:
-
Quran multilanguage Text & Audio
- Plugin Slug:
- quran-text-multilanguage
- Installations
- 700+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.3.22
- Severity Score:
- High
- CVE:
-
2024-11973
jAlbum Bridge
- Plugin:
-
jAlbum Bridge
- Plugin Slug:
- jalbum-bridge
- Installations
- 600+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.0.16
- Severity Score:
- Medium
- CVE:
-
2024-11853
My auctions allegro
- Plugin:
-
My auctions allegro
- Plugin Slug:
- my-auctions-allegro-free-edition
- Installations
- 600+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.6.18
- Severity Score:
- High
- CVE:
-
2024-11707
Additional Custom Order Status for WooCommerce
- Plugin Slug:
- order-status-for-woocommerce
- Installations
- 600+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.6.1
- Severity Score:
- High
- CVE:
-
2024-11814
Accounting for WooCommerce
- Plugin:
-
Accounting for WooCommerce
- Plugin Slug:
- accounting-for-woocommerce
- Installations
- 500+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.6.7
- Severity Score:
- High
- CVE:
-
2024-11324
AWeber Forms by Optin Cat
- Plugin:
-
AWeber Forms by Optin Cat
- Plugin Slug:
- aweber-wp
- Installations
- 500+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.5.8
- Severity Score:
- High
- CVE:
-
2024-11325
iChart – Easy Charts and Graphs
- Plugin:
-
iChart – Easy Charts and Graphs
- Plugin Slug:
- ichart
- Installations
- 500+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.1.4
- Severity Score:
- Medium
- CVE:
-
2024-11928
???? ???
- Plugin:
-
???? ???
- Plugin Slug:
- mshop-naver-talktalk
- Installations
- 500+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.2.1
- Severity Score:
- Medium
- CVE:
-
2024-11904
Namaste! LMS
- Plugin:
-
Namaste! LMS
- Plugin Slug:
- namaste-lms
- Installations
- 500+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.6.5
- Severity Score:
- Medium
- CVE:
-
2024-53809
Flower Delivery by Florist One
- Plugin:
-
Flower Delivery by Florist One
- Plugin Slug:
- flower-delivery-by-florist-one
- Installations
- 400+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.9.1
- Severity Score:
- Medium
- CVE:
-
2024-11769
WIP WooCarousel Lite
- Plugin:
-
WIP WooCarousel Lite
- Plugin Slug:
- wip-woocarousel-lite
- Installations
- 400+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.1.7
- Severity Score:
- Medium
- CVE:
-
2024-11779
WP eCards
- Plugin:
-
WP eCards
- Plugin Slug:
- wp-ecards-invites
- Installations
- 400+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.3.905
- Severity Score:
- Medium
- CVE:
-
2024-11903
WP Mailster
- Plugin:
-
WP Mailster
- Plugin Slug:
- wp-mailster
- Installations
- 400+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.8.17.0
- Severity Score:
- Medium
- CVE:
-
2024-53803
WP Mailster
- Plugin:
-
WP Mailster
- Plugin Slug:
- wp-mailster
- Installations
- 400+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 1.8.17.0
- Severity Score:
- High
- CVE:
-
2024-53804
WP Mailster
- Plugin:
-
WP Mailster
- Plugin Slug:
- wp-mailster
- Installations
- 400+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.8.17.0
- Severity Score:
- High
- CVE:
-
2024-53805
WP Mailster
- Plugin:
-
WP Mailster
- Plugin Slug:
- wp-mailster
- Installations
- 400+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 1.8.17.0
- Severity Score:
- High
- CVE:
-
2024-53807
Simple User Registration
- Plugin:
-
Simple User Registration
- Plugin Slug:
- wp-registration
- Installations
- 400+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 6.0
- Severity Score:
- Critical
- CVE:
-
2024-53810
Campaign Monitor Forms by Optin Cat
- Plugin Slug:
- campaign-monitor-wp
- Installations
- 300+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.5.8
- Severity Score:
- High
- CVE:
-
2024-11326
CardGate Payments for WooCommerce
- Plugin Slug:
- cardgate
- Installations
- 300+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.2.2
- Severity Score:
- High
- CVE:
-
2024-12257
Scratch & Win – Giveaways and Contests. Boost subscribers, traffic, repeat visits, referrals, sales and more
- Plugin Slug:
- scratch-win-giveaways-for-website-facebook
- Installations
- 300+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.7.0
- Severity Score:
- Medium
- CVE:
-
2024-11898
Simple Redirection
- Plugin:
-
Simple Redirection
- Plugin Slug:
- eelv-redirection
- Installations
- 200+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.5.1
- Severity Score:
- Medium
- CVE:
-
2024-11341
Email Reminders
- Plugin:
-
Email Reminders
- Plugin Slug:
- email-reminders
- Installations
- 200+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.0.5
- Severity Score:
- Medium
- CVE:
-
2024-11945
Form Data Collector
- Plugin:
-
Form Data Collector
- Plugin Slug:
- form-data-collector
- Installations
- 200+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.2.4
- Severity Score:
- High
- CVE:
-
2024-11461
Next-Cart Store to WooCommerce Migration
- Plugin Slug:
- nextcart-woocommerce-migration
- Installations
- 200+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.9.4
- Severity Score:
- High
- CVE:
-
2024-11687
WP GeoNames
- Plugin:
-
WP GeoNames
- Plugin Slug:
- wp-geonames
- Installations
- 200+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.9
- Severity Score:
- High
- CVE:
-
2024-53812
B Testimonial – Testimonial plugin for WP
- Plugin Slug:
- b-testimonial
- Installations
- 100+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.2.3
- Severity Score:
- Medium
- CVE:
-
2024-11880
ONLYOFFICE Docs
- Plugin:
-
ONLYOFFICE Docs
- Plugin Slug:
- onlyoffice
- Installations
- 100+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.2.0
- Severity Score:
- Medium
- CVE:
-
2024-11450
Drag & Drop Builder, Human Face Detector, Pre-built Templates, Spam Protection, User Email Notifications & more!
- Plugin Slug:
- pie-forms-for-wp
- Installations
- 100+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.5
- Severity Score:
- High
- CVE:
-
2024-11436
Prodigy Commerce
- Plugin:
-
Prodigy Commerce
- Plugin Slug:
- prodigy-commerce
- Installations
- 100+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.0.9
- Severity Score:
- Medium
- CVE:
-
2024-54250
NPS computy
- Plugin:
-
NPS computy
- Plugin Slug:
- nps-computy
- Installations
- 90+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.8.1
- Severity Score:
- High
- CVE:
-
2024-11807
Verowa Connect
- Plugin:
-
Verowa Connect
- Plugin Slug:
- verowa-connect
- Installations
- 90+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 3.0.2
- Severity Score:
- Critical
- CVE:
-
2024-11460
Dollie Hub – Build Your Own WordPress Cloud Platform
- Plugin Slug:
- dollie
- Installations
- 80+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 6.2.1
- Severity Score:
- Medium
- CVE:
-
2024-12099
Z-Downloads
- Plugin:
-
Z-Downloads
- Plugin Slug:
- z-downloads
- Installations
- 50+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.11.8
- Severity Score:
- Medium
- CVE:
-
2024-54206
BMLT Tabbed Map
- Plugin:
-
BMLT Tabbed Map
- Plugin Slug:
- bmlt-tabbed-map
- Installations
- 40+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.2.0
- Severity Score:
- Medium
- CVE:
-
2024-11866
Quick License Manager – WooCommerce Plugin
- Plugin Slug:
- quick-license-manager
- Installations
- 40+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.4.18
- Severity Score:
- High
- CVE:
-
2024-11805
FloristPress – Customize your Woo store for your Florist
- Plugin Slug:
- bakkbone-florist-companion
- Installations
- 10+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 7.4.0
- Severity Score:
- Medium
- CVE:
-
2024-53799
FloristPress – Customize your Woo store for your Florist
- Plugin Slug:
- bakkbone-florist-companion
- Installations
- 10+
- Vulnerability:
- Arbitrary Content Deletion
- Patched in Version:
- 7.4.0
- Severity Score:
- Medium
- CVE:
-
2024-53798
CMSMasters Elementor Addon
- Plugin:
-
CMSMasters Elementor Addon
- Plugin Slug:
- cmsmasters-elementor-addon
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.15.0
- Severity Score:
- Medium
- CVE:
-
2024-9694
Eyewear prescription form
- Plugin:
-
Eyewear prescription form
- Plugin Slug:
- eyewear-prescription-form
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 4.0.19
- Severity Score:
- Critical
- CVE:
-
2024-54239
FooGallery Premium
- Plugin:
-
FooGallery Premium
- Plugin Slug:
- foogallery-premium
- Vulnerability:
- Directory Traversal
- Patched in Version:
- 2.4.27
- Severity Score:
- High
- CVE:
-
2023-6947
Goodlayers Core
- Plugin:
-
Goodlayers Core
- Plugin Slug:
- goodlayers-core
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.0.8
- Severity Score:
- High
- CVE:
-
2024-11200
Luna Web Radio Player
- Plugin:
-
Luna Web Radio Player
- Plugin Slug:
- lu-radioplayer
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 6.24.11.15
- Severity Score:
- Medium
- CVE:
-
2024-10881
Pie Register Premium
- Plugin:
-
Pie Register Premium
- Plugin Slug:
- pie-register-premium
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.8.3.3
- Severity Score:
- High
- CVE:
-
2024-53821
Pie Register Premium
- Plugin:
-
Pie Register Premium
- Plugin Slug:
- pie-register-premium
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 3.8.3.3
- Severity Score:
- Critical
- CVE:
-
2024-53822
Pie Register (Add on) – Social Sites Login
- Plugin:
-
Pie Register (Add on) – Social Sites Login
- Plugin Slug:
- pie-register-social-site
- Vulnerability:
- Broken Authentication
- Patched in Version:
- 1.8
- Severity Score:
- High
- CVE:
-
2024-11293
WordPress Themes — 6 Patched / 3 Unpatched
Gaga Lite
- Theme:
-
Gaga Lite
- Theme Slug:
- gaga-lite
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
-
2024-52488
One Paze
- Theme:
-
One Paze
- Theme Slug:
- one-paze
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
-
2024-52488
tydskrif
- Theme:
-
tydskrif
- Theme Slug:
- tydskrif
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-54257
Blocksy
- Theme:
-
Blocksy
- Theme Slug:
- blocksy
- Downloads
- 3,976,858
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.0.78
- Severity Score:
- Medium
- CVE:
-
2024-11420
Flixita
- Theme:
-
Flixita
- Theme Slug:
- flixita
- Downloads
- 110,003
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.0.83
- Severity Score:
- High
- CVE:
-
2024-10836
NewsMunch
- Theme:
-
NewsMunch
- Theme Slug:
- newsmunch
- Downloads
- 60,837
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.0.36
- Severity Score:
- Medium
- CVE:
-
2024-10848
Pubnews
- Theme:
-
Pubnews
- Theme Slug:
- pubnews
- Downloads
- 12,310
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.0.8
- Severity Score:
- High
- CVE:
-
2024-10578
Soledad
- Theme:
-
Soledad
- Theme Slug:
- soledad
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 8.6.0
- Severity Score:
- High
- CVE:
-
2024-11289
Sweet Date
- Theme:
-
Sweet Date
- Theme Slug:
- sweetdate
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 3.8.0
- Severity Score:
- Critical
- CVE:
-
2024-43222
window[“e5233563_db64_4dd4_bf41_df19623a472c”] = {“blockId”:”e5233563-db64-4dd4-bf41-df19623a472c”,”className”:””,”heading”:”Solid Security is part of Solid Suite \u2014 The best foundation for WordPress websites.”,”text”:”Every WordPress site needs security, backups, and management tools. That\u2019s Solid Suite \u2014 an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy\u2019s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!”,”buttonText”:”Get Solid Security”,”buttonLink”:”\/pricing”,”buttonTarget”:”_self”,”buttonRel”:””};
Solid Security is part of Solid Suite — The best foundation for WordPress websites.
Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!
The post WordPress Vulnerability Report — December 11, 2024 appeared first on SolidWP.