In this report, 345 vulnerabilities have been publicly disclosed. Security patches for 164 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.
Additionally, there are 181 plugin and theme vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.
window[“bfaee0c7_200c_49d8_934f_54de478175cf”] = {“blockId”:”bfaee0c7-200c-49d8-934f-54de478175cf”,”type”:”warning”,”content”:”
Along with poor user account security, vulnerable plugins and themes are among the top reasons why WordPress websites get hacked. Unfortunately, cyberattacks are increasing in volume and sophistication. They’re also increasingly aimed at small to mid-sized businesses.”,”className”:””};
Along with poor user account security, vulnerable plugins and themes are among the top reasons why WordPress websites get hacked. Unfortunately, cyberattacks are increasing in volume and sophistication. They’re also increasingly aimed at small to mid-sized businesses.
window[“50c01be2_1674_45a2_adde_a8dc800635da”] = {“blockId”:”50c01be2-1674-45a2-adde-a8dc800635da”,”className”:””,”isOpen”:true};
window[“5692f671_f1b2_412a_a76c_ceb9a9396d4e”] = {“blockId”:”5692f671-f1b2-412a-a76c-ceb9a9396d4e”,”type”:”notice”,”content”:”
Our WordPress Vulnerability Report covers the latest emerging WordPress plugin, theme, and core vulnerabilities. Each vulnerability will have a severity rating of Low, Medium, High, or Critical. Responsible disclosure of vulnerabilities is essential to keeping the WordPress community safe. Please share this report to help spread the word and make WordPress — and the web — more secure.
WordPress Core
WordPress 6.7.1 is available! This minor release features 16 bug fixes throughout Core and the Block Editor.
window[“c8539d2c_4fc0_432d_8df0_94a80820d5df”] = {“blockId”:”c8539d2c-4fc0-432d-8df0-94a80820d5df”,”text”:”No new core vulnerabilities were disclosed this week.”,”className”:””};
WordPress Plugins — 156 Patched / 179 Unpatched
WP Mega Menu
- Plugin:
-
WP Mega Menu
- Plugin Slug:
- wp-megamenu
- Installations
- 10,000+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-54282
WPCargo Track & Trace
- Plugin:
-
WPCargo Track & Trace
- Plugin Slug:
- wpcargo
- Installations
- 10,000+
- Vulnerability:
- Settings Change
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-54271
Awesome Support – WordPress HelpDesk & Support Plugin
- Plugin Slug:
- awesome-support
- Installations
- 9,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-54289
Axeptio – Cookie Banner – GDPR Consent & Compliance with a friendly touch
- Plugin Slug:
- axeptio-sdk-integration
- Installations
- 7,000+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-54270
Radio Player – Live Shoutcast, Icecast and Any Audio Stream Player for WordPress
- Plugin Slug:
- radio-player
- Installations
- 6,000+
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-54385
EazyDocs – Most Powerful Knowledge base, wiki, Documentation Builder Plugin
- Plugin Slug:
- eazydocs
- Installations
- 2,000+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-54376
News Ticker for Elementor
- Plugin:
-
News Ticker for Elementor
- Plugin Slug:
- news-ticker-for-elementor
- Installations
- 2,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-54278
WP Menu Image
- Plugin:
-
WP Menu Image
- Plugin Slug:
- wp-menu-image
- Installations
- 2,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-52485
Smaily for WP
- Plugin:
-
Smaily for WP
- Plugin Slug:
- smaily-for-wp
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-54286
SQL Chart Builder
- Plugin:
-
SQL Chart Builder
- Plugin Slug:
- sql-chart-builder
- Installations
- 800+
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-11430
Job Board Manager
- Plugin:
-
Job Board Manager
- Plugin Slug:
- job-board-manager
- Installations
- 500+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-55993
SIP Calculator
- Plugin:
-
SIP Calculator
- Plugin Slug:
- sip-calculator
- Installations
- 300+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-12555
LDD Directory Lite
- Plugin:
-
LDD Directory Lite
- Plugin Slug:
- ldd-directory-lite
- Installations
- 200+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-54288
The Permalinker
- Plugin:
-
The Permalinker
- Plugin Slug:
- the-permalinker
- Installations
- 200+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-11894
Nias course | ???? ??? ????
- Plugin:
-
Nias course | ???? ??? ????
- Plugin Slug:
- nias-course
- Installations
- 100+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-54277
Role Includer
- Plugin:
-
Role Includer
- Plugin Slug:
- role-includer
- Installations
- 100+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-54290
Radius Blocks – WordPress Gutenberg Blocks
- Plugin Slug:
- radius-blocks
- Installations
- 70+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-54272
WordPress HelpDesk & Support Ticket System Plugin – Octrace Support
- Plugin Slug:
- octrace-support
- Installations
- 50+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-54274
WP Cookies Enabler
- Plugin:
-
WP Cookies Enabler
- Plugin Slug:
- wp-cookies-enabler
- Installations
- 30+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-54380
Advanced Blog Post Block
- Plugin:
-
Advanced Blog Post Block
- Plugin Slug:
- advanced-blog-post-block
- Installations
- 10+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-54287
Poll, Poll Forms – WordPress Poll plugin by Poll Builder
- Plugin Slug:
- poll-builder
- Installations
- 10+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-54276
Woocommerce Blocks – Woolook
- Plugin:
-
Woocommerce Blocks – Woolook
- Plugin Slug:
- woolook
- Installations
- 10+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-54375
WP-NERD Toolkit
- Plugin:
-
WP-NERD Toolkit
- Plugin Slug:
- wp-nerd-toolkit
- Installations
- 10+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-54279
3D Avatar User Profile
- Plugin:
-
3D Avatar User Profile
- Plugin Slug:
- 3d-avatar-user-profile
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-54358
Add image to Post
- Plugin:
-
Add image to Post
- Plugin Slug:
- add-image-to-post
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-54428
Advance Menu Manager
- Plugin:
-
Advance Menu Manager
- Plugin Slug:
- advance-menu-manager
- Vulnerability:
- Settings Change
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-54381
Advanced Data Table For Elementor
- Plugin:
-
Advanced Data Table For Elementor
- Plugin Slug:
- advanced-data-table-for-elementor
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-54443
Advanced Fancybox
- Plugin:
-
Advanced Fancybox
- Plugin Slug:
- advanced-fancybox
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-54401
Advanced What should we write next about
- Plugin:
-
Advanced What should we write next about
- Plugin Slug:
- advanced-what-should-we-write-about-next
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-55987
AI Post Generator | AutoWriter
- Plugin:
-
AI Post Generator | AutoWriter
- Plugin Slug:
- ai-post-generator
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-11709
Zita Site Builder
- Plugin:
-
Zita Site Builder
- Plugin Slug:
- ai-site-builder
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
-
2024-54369
Amazon Product Price
- Plugin:
-
Amazon Product Price
- Plugin Slug:
- amazon-product-price
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-54439
Animated Counters
- Plugin:
-
Animated Counters
- Plugin Slug:
- animated-counters
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-11905
Aphorismus
- Plugin:
-
Aphorismus
- Plugin Slug:
- aphorismus
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-54429
AppMaps
- Plugin:
-
AppMaps
- Plugin Slug:
- appmaps
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-54400
Appsplate
- Plugin:
-
Appsplate
- Plugin Slug:
- appsplate
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
-
2024-54292
Arabic Webfonts
- Plugin:
-
Arabic Webfonts
- Plugin Slug:
- arabic-webfonts
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-54402
Arena.IM – Live Blogging for real-time events
- Plugin:
-
Arena.IM – Live Blogging for real-time events
- Plugin Slug:
- arena-liveblog-and-chat-tool
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-12526
Arena.IM – Live Blogging for real-time events
- Plugin:
-
Arena.IM – Live Blogging for real-time events
- Plugin Slug:
- arena-liveblog-and-chat-tool
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-12463
Firebase OTP Authentication
- Plugin:
-
Firebase OTP Authentication
- Plugin Slug:
- authentication-via-otp-using-firebase
- Vulnerability:
- Broken Authentication
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
-
2024-54294
Banner System
- Plugin:
-
Banner System
- Plugin Slug:
- banner-system
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-54359
Bet sport Free
- Plugin:
-
Bet sport Free
- Plugin Slug:
- bet-sport-free
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-54396
Better WP Login Page
- Plugin:
-
Better WP Login Page
- Plugin Slug:
- better-wp-login-page
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-54442
Bootstrap Buttons
- Plugin:
-
Bootstrap Buttons
- Plugin Slug:
- bootstrap-buttons
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-49677
Buk
- Plugin:
-
Buk
- Plugin Slug:
- buk-appointments
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-11869
Caldera SMTP Mailer
- Plugin:
-
Caldera SMTP Mailer
- Plugin Slug:
- caldera-smtp-mailer
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-56003
Mollie for Contact Form 7
- Plugin:
-
Mollie for Contact Form 7
- Plugin Slug:
- cf7-mollie
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-55990
??????
- Plugin:
-
??????
- Plugin Slug:
- changyan
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-55994
CK and SyntaxHighlighter
- Plugin:
-
CK and SyntaxHighlighter
- Plugin Slug:
- ck-and-syntaxhighlighter
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-54407
Code Generator Pro
- Plugin:
-
Code Generator Pro
- Plugin Slug:
- code-generator-pro
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
-
2024-55978
Comments On Feed
- Plugin:
-
Comments On Feed
- Plugin Slug:
- comments-on-feed
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-54406
Companion Portfolio
- Plugin:
-
Companion Portfolio
- Plugin Slug:
- companion-portfolio
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-11867
Connatix Video Embed
- Plugin:
-
Connatix Video Embed
- Plugin Slug:
- connatix-video-embed
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-11883
CoSchool LMS
- Plugin:
-
CoSchool LMS
- Plugin Slug:
- coschool
- Vulnerability:
- Broken Authentication
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
-
2024-54296
Crafthemes Demo Import
- Plugin:
-
Crafthemes Demo Import
- Plugin Slug:
- crafthemes-demo-import
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
-
2024-9698
Cricket Live Score
- Plugin:
-
Cricket Live Score
- Plugin Slug:
- cricket-score
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-11877
Critical Site Intel
- Plugin:
-
Critical Site Intel
- Plugin Slug:
- critical-site-intel-stats
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
-
2024-55976
CRUDLab Google Plus Button
- Plugin:
-
CRUDLab Google Plus Button
- Plugin Slug:
- crudlab-google-plus
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-54399
CSV to html
- Plugin:
-
CSV to html
- Plugin Slug:
- csv-to-html
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-54275
Custom Skins Contact Form 7
- Plugin:
-
Custom Skins Contact Form 7
- Plugin Slug:
- custom-skins-contact-form-7
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-12341
Ultimate Endpoints With Rest Api
- Plugin:
-
Ultimate Endpoints With Rest Api
- Plugin Slug:
- custom-wp-rest-api
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-12260
Mimoos
- Plugin:
-
Mimoos
- Plugin Slug:
- devoluciones-packback
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-55974
Display Future Posts
- Plugin:
-
Display Future Posts
- Plugin Slug:
- display-future-posts
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-54413
Dr Affiliate
- Plugin:
-
Dr Affiliate
- Plugin Slug:
- dr-affiliate
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-55975
DTC Documents
- Plugin:
-
DTC Documents
- Plugin Slug:
- dtc-documents
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-54418
Easy Site Importer
- Plugin:
-
Easy Site Importer
- Plugin Slug:
- easy-site-importer
- Vulnerability:
- Settings Change
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-56004
ECT Product Carousel
- Plugin:
-
ECT Product Carousel
- Plugin Slug:
- ect-product-carousel
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-54412
ECT Social Share
- Plugin:
-
ECT Social Share
- Plugin Slug:
- ect-social-share
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-54405
EELV Newsletter
- Plugin:
-
EELV Newsletter
- Plugin Slug:
- eelv-newsletter
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-54430
Mandrill WP
- Plugin:
-
Mandrill WP
- Plugin Slug:
- email-form-under-post
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-54394
eTemplates
- Plugin:
-
eTemplates
- Plugin Slug:
- etemplates
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
-
2024-55972
Evernote Sync
- Plugin:
-
Evernote Sync
- Plugin Slug:
- evernote-sync
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-54422
Feedpress Generator
- Plugin:
-
Feedpress Generator
- Plugin Slug:
- feedpress-generator
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-54364
Flaming Forms
- Plugin:
-
Flaming Forms
- Plugin Slug:
- flaming-forms
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-54398
Flash News / Post (Responsive)
- Plugin:
-
Flash News / Post (Responsive)
- Plugin Slug:
- flashnews-fading-effect-pearlbells
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
-
2024-56012
Floating Video Player
- Plugin:
-
Floating Video Player
- Plugin Slug:
- floating-player
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-54421
Gaxx Keywords
- Plugin:
-
Gaxx Keywords
- Plugin Slug:
- gaxx-keywords
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-54438
Geoportail Shortcode
- Plugin:
-
Geoportail Shortcode
- Plugin Slug:
- geoportail-shortcode
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-54414
Get Post Content Shortcode
- Plugin:
-
Get Post Content Shortcode
- Plugin Slug:
- get-post-content-shortcode
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-12447
GitSync
- Plugin:
-
GitSync
- Plugin Slug:
- git-sync
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
-
2024-54368
glomex oEmbed
- Plugin:
-
glomex oEmbed
- Plugin Slug:
- glomex-oembed
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-11873
Go Animate
- Plugin:
-
Go Animate
- Plugin Slug:
- goanimate
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-54397
Grid Plus
- Plugin:
-
Grid Plus
- Plugin Slug:
- grid-plus
- Vulnerability:
- Arbitrary Code Execution
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-10910
Gutensee
- Plugin:
-
Gutensee
- Plugin Slug:
- gutensee
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-54360
Opt-In Downloads
- Plugin:
-
Opt-In Downloads
- Plugin Slug:
- halfdata-optin-downloads
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
-
2024-10590
Hello In All Languages
- Plugin:
-
Hello In All Languages
- Plugin Slug:
- hello-in-all-languages
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-12572
Horizontal scroll image slideshow
- Plugin:
-
Horizontal scroll image slideshow
- Plugin Slug:
- horizontal-scroll-image-slideshow
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-11442
HostFact bestelformulier integratie
- Plugin:
-
HostFact bestelformulier integratie
- Plugin Slug:
- hostfact-bestelformulier-integratie
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-11413
HQ Rental Software
- Plugin:
-
HQ Rental Software
- Plugin Slug:
- hq-rental-software
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-11689
IDer Login
- Plugin:
-
IDer Login
- Plugin Slug:
- ider-login
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-11888
Image Mapper
- Plugin:
-
Image Mapper
- Plugin Slug:
- image-mapper
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-56016
Increase Sociability
- Plugin:
-
Increase Sociability
- Plugin Slug:
- increase-sociability
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-54395
Insertify
- Plugin:
-
Insertify
- Plugin Slug:
- insertify
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
-
2024-54372
Instant Appointment
- Plugin:
-
Instant Appointment
- Plugin Slug:
- instant-appointment
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
-
2024-54361
jCarousel
- Plugin:
-
jCarousel
- Plugin Slug:
- jcarousel-for-wordpress
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-54437
Jet Footer Code
- Plugin:
-
Jet Footer Code
- Plugin Slug:
- jet-footer-code
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-54436
KH Easy User Settings
- Plugin:
-
KH Easy User Settings
- Plugin Slug:
- kh-easy-user-settings
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-54365
Kredeum NFTs
- Plugin:
-
Kredeum NFTs
- Plugin Slug:
- kredeum-nfts
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-11876
kvCORE IDX
- Plugin:
-
kvCORE IDX
- Plugin Slug:
- kvcore-idx
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-11723
LaunchPage.app Importer
- Plugin:
-
LaunchPage.app Importer
- Plugin Slug:
- launchpage-app-importer
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
-
2024-55977
Leader
- Plugin:
-
Leader
- Plugin Slug:
- leader
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-56007
LeaderBoard Plugin
- Plugin:
-
LeaderBoard Plugin
- Plugin Slug:
- leaderboard-lite
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-54426
Library Management System
- Plugin:
-
Library Management System
- Plugin Slug:
- library-management-system
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-12406
Like in Vk.com
- Plugin:
-
Like in Vk.com
- Plugin Slug:
- like-on-vkontakte
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-54424
Category of Posts
- Plugin:
-
Category of Posts
- Plugin Slug:
- list-one-category-of-posts
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-54427
ListApp Mobile Manager
- Plugin:
-
ListApp Mobile Manager
- Plugin Slug:
- listapp-mobile-manager
- Vulnerability:
- Broken Authentication
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
-
2024-54295
LionScripts: Site Maintenance & Noindex Nofollow Plugin
- Plugin:
-
LionScripts: Site Maintenance & Noindex Nofollow Plugin
- Plugin Slug:
- maintenance-and-noindex-nofollow
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-54425
MDC Comment Toolbar
- Plugin:
-
MDC Comment Toolbar
- Plugin Slug:
- mdc-comment-toolbar
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-54404
Metrika
- Plugin:
-
Metrika
- Plugin Slug:
- metrika
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-54420
Minterpress
- Plugin:
-
Minterpress
- Plugin Slug:
- minterpress
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-54379
Multiple Admin Emails
- Plugin:
-
Multiple Admin Emails
- Plugin Slug:
- multiple-admin-emails
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-54388
My IDX Home Search
- Plugin:
-
My IDX Home Search
- Plugin Slug:
- my-idx-home-search
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-12502
addWeather
- Plugin:
-
addWeather
- Plugin Slug:
- myweather
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-54389
Nabz Image Gallery
- Plugin:
-
Nabz Image Gallery
- Plugin Slug:
- nabz-image-gallery
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
-
2024-55981
Navayan CSV Export
- Plugin:
-
Navayan CSV Export
- Plugin Slug:
- navayan-csv-export
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
-
2024-55988
Newsletter Subscriptions
- Plugin:
-
Newsletter Subscriptions
- Plugin Slug:
- newsletter-subscriptions
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-11683
Onlywire Multi Autosubmitter
- Plugin:
-
Onlywire Multi Autosubmitter
- Plugin Slug:
- onlywire-multi-autosubmitter
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-54435
Order Delivery & Pickup Location Date Time
- Plugin:
-
Order Delivery & Pickup Location Date Time
- Plugin Slug:
- order-delivery-pickup-location-date-time-free-version
- Vulnerability:
- Settings Change
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-55997
phZoom
- Plugin:
-
phZoom
- Plugin Slug:
- phzoom
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-54434
PixProof
- Plugin:
-
PixProof
- Plugin Slug:
- pixproof
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-54417
Popup Surveys & Polls for WordPress (Mare.io)
- Plugin:
-
Popup Surveys & Polls for WordPress (Mare.io)
- Plugin Slug:
- popup-surveys
- Vulnerability:
- Settings Change
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-55998
Portfolio – Filterable Masonry Portfolio Gallery for Professionals
- Plugin:
-
Portfolio – Filterable Masonry Portfolio Gallery for Professionals
- Plugin Slug:
- portfolio-pro
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-11900
Post Carousel & Slider
- Plugin:
-
Post Carousel & Slider
- Plugin Slug:
- post-types-carousel-slider
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-11770
Posts and Products Views for WooCommerce
- Plugin:
-
Posts and Products Views for WooCommerce
- Plugin Slug:
- posts-and-products-views
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-12448
Posts Date Ranges
- Plugin:
-
Posts Date Ranges
- Plugin Slug:
- posts-date-ranges
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-54387
PowerFormBuilder
- Plugin:
-
PowerFormBuilder
- Plugin Slug:
- power-forms-builder
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-55983
Push Monkey Pro – Web Push Notifications and WooCommerce Abandoned Cart
- Plugin:
-
Push Monkey Pro – Web Push Notifications and WooCommerce Abandoned Cart
- Plugin Slug:
- push-monkey-desktop-push-notifications
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-54386
Quietly Insights
- Plugin:
-
Quietly Insights
- Plugin Slug:
- quietly-insights
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-54378
Share Buttons – Social Media
- Plugin:
-
Share Buttons – Social Media
- Plugin Slug:
- rich-web-share-button
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
-
2024-55982
Saksh Escrow System
- Plugin:
-
Saksh Escrow System
- Plugin Slug:
- saksh-escrow-system
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-55984
Saoshyant Element
- Plugin:
-
Saoshyant Element
- Plugin Slug:
- saoshyant-element
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-51646
SeedProd Pro
- Plugin:
-
SeedProd Pro
- Plugin Slug:
- seedprod-coming-soon-pro-5
- Vulnerability:
- Remote Code Execution (RCE)
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
-
2024-54285
SeedProd Pro
- Plugin:
-
SeedProd Pro
- Plugin Slug:
- seedprod-coming-soon-pro-5
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-54284
SeedProd Pro
- Plugin:
-
SeedProd Pro
- Plugin Slug:
- seedprod-coming-soon-pro-5
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-54283
Service
- Plugin:
-
Service
- Plugin Slug:
- service
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-55986
Sign In With Google
- Plugin:
-
Sign In With Google
- Plugin Slug:
- sign-in-with-google
- Vulnerability:
- Broken Authentication
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
-
2024-11015
Simple Booking Widget
- Plugin:
-
Simple Booking Widget
- Plugin Slug:
- simple-booking-widget
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-54433
Slope Widgets
- Plugin:
-
Slope Widgets
- Plugin Slug:
- slope-widgets
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-11902
Social Media Sharing
- Plugin:
-
Social Media Sharing
- Plugin Slug:
- social-media-sharing
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-54423
SOPA Blackout
- Plugin:
-
SOPA Blackout
- Plugin Slug:
- sopa-blackout
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-54410
WP Simple Pay Lite Manager
- Plugin:
-
WP Simple Pay Lite Manager
- Plugin Slug:
- stripe-manager
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-55989
Surbma | SalesAutopilot Shortcode
- Plugin:
-
Surbma | SalesAutopilot Shortcode
- Plugin Slug:
- surbma-salesautopilot-shortcode
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-11433
SVG Shortcode
- Plugin:
-
SVG Shortcode
- Plugin Slug:
- svg-shortcode
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-12574
TagGator
- Plugin:
-
TagGator
- Plugin Slug:
- taggator
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-54390
TCBD Popover
- Plugin:
-
TCBD Popover
- Plugin Slug:
- tcbd-popover
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-11751
Tidy Up
- Plugin:
-
Tidy Up
- Plugin Slug:
- tidy-up
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-56015
TPG Get Posts
- Plugin:
-
TPG Get Posts
- Plugin Slug:
- tpg-get-posts
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-11906
TSB Occasion Editor
- Plugin:
-
TSB Occasion Editor
- Plugin Slug:
- tsb-occasion-editor
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-55973
Ui Slider Filter By Price
- Plugin:
-
Ui Slider Filter By Price
- Plugin Slug:
- ui-slider-filter-by-price
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-54419
Utech World Time
- Plugin:
-
Utech World Time
- Plugin Slug:
- utech-world-time-for-wp
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-54441
vBSSO-lite
- Plugin:
-
vBSSO-lite
- Plugin Slug:
- vbsso-lite
- Vulnerability:
- Broken Authentication
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
-
2024-54297
Visual Recent Posts
- Plugin:
-
Visual Recent Posts
- Plugin Slug:
- visual-recent-posts
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-54403
Visualmodo Elements
- Plugin:
-
Visualmodo Elements
- Plugin Slug:
- visualmodo-elements
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-11095
Website Toolbox Community
- Plugin:
-
Website Toolbox Community
- Plugin Slug:
- website-toolbox-forums
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-12338
WooCommerce Cart Count Shortcode
- Plugin:
-
WooCommerce Cart Count Shortcode
- Plugin Slug:
- woo-cart-count-shortcode
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-12517
WooCommerce Basic Ordernumbers
- Plugin:
-
WooCommerce Basic Ordernumbers
- Plugin Slug:
- woocommerce-basic-ordernumbers
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-55992
WordPress Filter
- Plugin:
-
WordPress Filter
- Plugin Slug:
- wordpress-filter
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-54391
Wovax IDX
- Plugin:
-
Wovax IDX
- Plugin Slug:
- wovax-idx
- Vulnerability:
- Broken Authentication
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-56013
WP-Ban-User
- Plugin:
-
WP-Ban-User
- Plugin Slug:
- wp-ban-user
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-54440
WP Fiddle
- Plugin:
-
WP Fiddle
- Plugin Slug:
- wp-fiddle
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-54393
WP Flipkart Importer
- Plugin:
-
WP Flipkart Importer
- Plugin Slug:
- wp-flipkart-importer
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-54432
WP-HideThat
- Plugin:
-
WP-HideThat
- Plugin Slug:
- wp-hide-that
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-54415
Wp Login with Ajax
- Plugin:
-
Wp Login with Ajax
- Plugin Slug:
- wp-login-with-ajax
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-54416
WP Controller
- Plugin:
-
WP Controller
- Plugin Slug:
- wp-management-controller
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-54411
Wp NssUser Register
- Plugin:
-
Wp NssUser Register
- Plugin Slug:
- wp-nssuser-register
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
-
2024-54363
Wp photo text slider 50
- Plugin:
-
Wp photo text slider 50
- Plugin Slug:
- wp-photo-text-slider-50
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-11884
WP Service Payment Form With Authorize.net
- Plugin:
-
WP Service Payment Form With Authorize.net
- Plugin Slug:
- wp-service-payment-form-with-authorizenet
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-12258
Tithe.ly Giving Button
- Plugin:
-
Tithe.ly Giving Button
- Plugin Slug:
- wp-tithely
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-11841
WP?????
- Plugin:
-
WP?????
- Plugin Slug:
- wp-weixin-robot
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-54392
WPBookit
- Plugin:
-
WPBookit
- Plugin Slug:
- wpbookit
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
-
2024-54280
Admin Customization
- Plugin:
-
Admin Customization
- Plugin Slug:
- wpp-customization
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-54431
Wr Age Verification
- Plugin:
-
Wr Age Verification
- Plugin Slug:
- wr-age-verification
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-55979
Wr Age Verification
- Plugin:
-
Wr Age Verification
- Plugin Slug:
- wr-age-verification
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
-
2024-55980
XML Multilanguage Sitemap Generator
- Plugin:
-
XML Multilanguage Sitemap Generator
- Plugin Slug:
- xml-multilanguage-sitemap-generator
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-55999
XPD Reduce Image Filesize
- Plugin:
-
XPD Reduce Image Filesize
- Plugin Slug:
- xpd-reduce-image-filesize
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-54409
YDS Support Ticket System
- Plugin:
-
YDS Support Ticket System
- Plugin Slug:
- yds-support-ticket-system
- Vulnerability:
- SQL Injection
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-55985
States Map US
- Plugin:
-
States Map US
- Plugin Slug:
- ymc-states-map
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-12523
YooBar
- Plugin:
-
YooBar
- Plugin Slug:
- yoo-bar
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-11410
Youtube Video Grid
- Plugin:
-
Youtube Video Grid
- Plugin Slug:
- youmax-channel-embeds-for-youtube-businesses
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-54408
WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More
- Plugin Slug:
- wpforms-lite
- Installations
- 6,000,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.9.2.2
- Severity Score:
- High
- CVE:
-
2024-11205
MainWP Child – Securely Connects to the MainWP Dashboard to Manage Multiple Sites
- Plugin Slug:
- mainwp-child
- Installations
- 700,000+
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 5.3
- Severity Score:
- High
- CVE:
-
2024-10783
Ninja Forms – The Contact Form Builder That Grows With You
- Plugin Slug:
- ninja-forms
- Installations
- 700,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.8.20
- Severity Score:
- High
- CVE:
-
2024-11052
The Events Calendar
- Plugin:
-
The Events Calendar
- Plugin Slug:
- the-events-calendar
- Installations
- 700,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 6.8.2.1
- Severity Score:
- Medium
- CVE:
-
2024-5333
User Role Editor
- Plugin:
-
User Role Editor
- Plugin Slug:
- user-role-editor
- Installations
- 700,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 4.64.4
- Severity Score:
- Critical
- CVE:
-
2024-12293
Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder
- Plugin Slug:
- fluentform
- Installations
- 500,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.2.7
- Severity Score:
- High
- CVE:
-
2024-10646
Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder
- Plugin Slug:
- fluentform
- Installations
- 500,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.2.1
- Severity Score:
- Medium
- CVE:
-
2024-9651
SiteOrigin Widgets Bundle
- Plugin:
-
SiteOrigin Widgets Bundle
- Plugin Slug:
- so-widgets-bundle
- Installations
- 500,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.64.1
- Severity Score:
- Medium
- CVE:
-
2024-54268
Gutenberg Blocks with AI by Kadence WP – Page Builder Features
- Plugin Slug:
- kadence-blocks
- Installations
- 400,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.2.54
- Severity Score:
- Medium
- CVE:
-
2024-10637
Members – Membership & User Role Editor Plugin
- Plugin Slug:
- members
- Installations
- 300,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 3.2.11
- Severity Score:
- Medium
- CVE:
-
2024-11008
Popup Builder – Create highly converting, mobile friendly marketing popups.
- Plugin Slug:
- popup-builder
- Installations
- 200,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.3.5
- Severity Score:
- Medium
- CVE:
-
2024-9428
Unlimited Elements For Elementor (Free Widgets, Addons, Templates)
- Plugin Slug:
- unlimited-elements-for-elementor
- Installations
- 200,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.5.127
- Severity Score:
- Medium
- CVE:
-
2024-10784
Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress
- Plugin Slug:
- wp-user-avatar
- Installations
- 200,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.15.15
- Severity Score:
- Medium
- CVE:
-
2024-10517
Beaver Builder – WordPress Page Builder
- Plugin Slug:
- beaver-builder-lite-version
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.8.5.3
- Severity Score:
- Medium
- CVE:
-
2024-11832
Image Widget
- Plugin:
-
Image Widget
- Plugin Slug:
- image-widget
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.4.11
- Severity Score:
- Medium
- CVE:
-
2024-10939
LuckyWP Table of Contents
- Plugin:
-
LuckyWP Table of Contents
- Plugin Slug:
- luckywp-table-of-contents
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.1.7
- Severity Score:
- Medium
- CVE:
-
2024-9641
Web Stories
- Plugin:
-
Web Stories
- Plugin Slug:
- web-stories
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.38.0
- Severity Score:
- Medium
- CVE:
-
2024-54317
LearnPress – WordPress LMS Plugin
- Plugin Slug:
- learnpress
- Installations
- 90,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.2.7.2
- Severity Score:
- Medium
- CVE:
-
2024-10010
LearnPress – WordPress LMS Plugin
- Plugin Slug:
- learnpress
- Installations
- 90,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 4.2.7.4
- Severity Score:
- Medium
- CVE:
-
2024-11868
AI Engine
- Plugin:
-
AI Engine
- Plugin Slug:
- ai-engine
- Installations
- 80,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 2.6.5
- Severity Score:
- High
- CVE:
-
2024-10499
Ajax Search Lite – Live Search & Filter
- Plugin Slug:
- ajax-search-lite
- Installations
- 80,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.12.4
- Severity Score:
- Medium
- CVE:
-
2024-10568
Bold Page Builder
- Plugin:
-
Bold Page Builder
- Plugin Slug:
- bold-page-builder
- Installations
- 50,000+
- Vulnerability:
- Path Traversal
- Patched in Version:
- 5.1.6
- Severity Score:
- Medium
- CVE:
-
2024-54382
Calculated Fields Form
- Plugin:
-
Calculated Fields Form
- Plugin Slug:
- calculated-fields-form
- Installations
- 50,000+
- Vulnerability:
- Denial of Service Attack
- Patched in Version:
- 5.2.64
- Severity Score:
- Medium
- CVE:
-
2024-12601
Easy Digital Downloads – eCommerce Payments and Subscriptions made easy
- Plugin Slug:
- easy-digital-downloads
- Installations
- 50,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.3.5
- Severity Score:
- Low
- CVE:
-
2024-9654
Ultimate Blocks – WordPress Blocks Plugin
- Plugin Slug:
- ultimate-blocks
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.2.4
- Severity Score:
- Medium
- CVE:
-
2024-10678
Greenshift – animation and page builder blocks
- Plugin Slug:
- greenshift-animation-and-page-builder-blocks
- Installations
- 40,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 9.9.9.4
- Severity Score:
- Medium
- CVE:
-
2024-11181
?????? ????? ??????? Persian WooCommerce SMS
- Plugin Slug:
- persian-woocommerce-sms
- Installations
- 40,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 7.0.6
- Severity Score:
- High
- CVE:
-
2024-54312
FULL – Cliente
- Plugin:
-
FULL – Cliente
- Plugin Slug:
- full-customer
- Installations
- 30,000+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 3.1.26
- Severity Score:
- Medium
- CVE:
-
2024-54313
NotificationX – Live Sales Notification, WooCommerce Sales Popup, FOMO, Social Proof, Announcement Banner & Floating Notification Top Bar
- Plugin Slug:
- notificationx
- Installations
- 30,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.9.4
- Severity Score:
- Medium
- CVE:
-
2024-11727
PPWP – Password Protect Pages
- Plugin:
-
PPWP – Password Protect Pages
- Plugin Slug:
- password-protect-page
- Installations
- 30,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 1.9.6
- Severity Score:
- Medium
- CVE:
-
2024-11280
New User Approve
- Plugin:
-
New User Approve
- Plugin Slug:
- new-user-approve
- Installations
- 20,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.6.4
- Severity Score:
- Medium
- CVE:
-
2024-54323
Rate My Post – Star Rating Plugin by FeedbackWP
- Plugin Slug:
- rate-my-post
- Installations
- 20,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.2.5
- Severity Score:
- Medium
- CVE:
-
2024-12309
Minify HTML
- Plugin:
-
Minify HTML
- Plugin Slug:
- minify-html-markup
- Installations
- 10,000+
- Vulnerability:
- Denial of Service Attack
- Patched in Version:
- 2.1.11
- Severity Score:
- High
- CVE:
-
2024-12579
s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions
- Plugin Slug:
- s2member
- Installations
- 10,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 241216
- Severity Score:
- High
- CVE:
-
2024-8326
Simple Side Tab
- Plugin:
-
Simple Side Tab
- Plugin Slug:
- simple-side-tab
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.2.0
- Severity Score:
- Medium
- CVE:
-
2024-11183
Essential Real Estate
- Plugin:
-
Essential Real Estate
- Plugin Slug:
- essential-real-estate
- Installations
- 9,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 5.1.7
- Severity Score:
- Medium
- CVE:
-
2024-12329
Cookie Consent, Consent Log, Cookie Scanner, Script Blocker (for GDPR, CCPA & ePrivacy) : WP Cookie Consent
- Plugin Slug:
- gdpr-cookie-consent
- Installations
- 9,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.6.6
- Severity Score:
- Medium
- CVE:
-
2024-11724
MyParcel
Events Addon for Elementor
- Plugin:
-
Events Addon for Elementor
- Plugin Slug:
- events-addon-for-elementor
- Installations
- 8,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.2.3
- Severity Score:
- Medium
- CVE:
-
2024-54315
PowerPack Lite for Beaver Builder
- Plugin Slug:
- powerpack-addon-for-beaver-builder
- Installations
- 8,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.3.1
- Severity Score:
- High
- CVE:
-
2024-12239
Primary Addon for Elementor
- Plugin:
-
Primary Addon for Elementor
- Plugin Slug:
- primary-addon-for-elementor
- Installations
- 8,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.6.2
- Severity Score:
- Medium
- CVE:
-
2024-54314
Notibar – Notification Bar for WordPress
- Plugin Slug:
- notibar
- Installations
- 7,000+
- Vulnerability:
- Arbitrary Code Execution
- Patched in Version:
- 2.1.5
- Severity Score:
- Medium
- CVE:
-
2024-11012
Notibar – Notification Bar for WordPress
- Plugin Slug:
- notibar
- Installations
- 7,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.1.5
- Severity Score:
- Medium
- CVE:
-
2024-54269
Vimeography: Vimeo Video Gallery WordPress Plugin
- Plugin Slug:
- vimeography
- Installations
- 7,000+
- Vulnerability:
- Full Path Disclosure (FPD)
- Patched in Version:
- 2.4.5
- Severity Score:
- Medium
- CVE:
-
2024-54366
OAuth Single Sign On – SSO (OAuth Client)
- Plugin Slug:
- miniorange-login-with-eve-online-google-facebook
- Installations
- 6,000+
- Vulnerability:
- Broken Authentication
- Patched in Version:
- 6.26.4
- Severity Score:
- High
- CVE:
-
2024-10111
Coupon Affiliates – Affiliate Plugin for WooCommerce
- Plugin Slug:
- woo-coupon-usage
- Installations
- 5,000+
- Vulnerability:
- Arbitrary Code Execution
- Patched in Version:
- 5.16.7.2
- Severity Score:
- Medium
- CVE:
-
2024-12421
WPMobile.App — Android and iOS Mobile Application
- Plugin Slug:
- wpappninja
- Installations
- 5,000+
- Vulnerability:
- Arbitrary Code Execution
- Patched in Version:
- 11.53
- Severity Score:
- Medium
- CVE:
-
2024-12420
ElementsReady Addons for Elementor
- Plugin Slug:
- element-ready-lite
- Installations
- 4,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 6.4.9
- Severity Score:
- Medium
- CVE:
-
2024-10356
EventPrime – Events Calendar, Bookings and Tickets
- Plugin Slug:
- eventprime-event-calendar-management
- Installations
- 4,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.0.6.0
- Severity Score:
- High
- CVE:
-
2024-12024
GEO my WP
- Plugin:
-
GEO my WP
- Plugin Slug:
- geo-my-wp
- Installations
- 4,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.5.1
- Severity Score:
- Medium
- CVE:
-
2024-54326
MStore API – Create Native Android & iOS Apps On The Cloud
- Plugin Slug:
- mstore-api
- Installations
- 4,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 4.16.5
- Severity Score:
- Medium
- CVE:
-
2024-12042
WP Crowdfunding
- Plugin:
-
WP Crowdfunding
- Plugin Slug:
- wp-crowdfunding
- Installations
- 4,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.1.13
- Severity Score:
- Medium
- CVE:
-
2024-11910
WP Crowdfunding
- Plugin:
-
WP Crowdfunding
- Plugin Slug:
- wp-crowdfunding
- Installations
- 4,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.1.13
- Severity Score:
- Medium
- CVE:
-
2024-11911
Hash Form – Drag & Drop Form Builder
- Plugin Slug:
- hash-form
- Installations
- 3,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.2.2
- Severity Score:
- Medium
- CVE:
-
2024-12201
Cognito Forms
- Plugin:
-
Cognito Forms
- Plugin Slug:
- cognito-forms
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.0.8
- Severity Score:
- Medium
- CVE:
-
2024-10182
Falcon – WordPress Optimizations & Tweaks
- Plugin Slug:
- falcon
- Installations
- 2,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.8.4
- Severity Score:
- Medium
- CVE:
-
2024-54384
Online Booking & Scheduling Calendar for WordPress by vcita
- Plugin Slug:
- meeting-scheduler-by-vcita
- Installations
- 2,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 4.5.2
- Severity Score:
- Medium
- CVE:
-
2024-54356
Active Products Tables for WooCommerce. Use constructor to create tables
- Plugin Slug:
- profit-products-tables-for-woocommerce
- Installations
- 2,000+
- Vulnerability:
- Arbitrary Code Execution
- Patched in Version:
- 1.0.6.6
- Severity Score:
- High
- CVE:
-
2024-10959
Responsive Filterable Portfolio
- Plugin:
-
Responsive Filterable Portfolio
- Plugin Slug:
- responsive-filterable-portfolio
- Installations
- 2,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 1.0.9
- Severity Score:
- Critical
- CVE:
-
2019-25221
Restaurant & Cafe Addon for Elementor
- Plugin Slug:
- restaurant-cafe-addon-for-elementor
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.5.9
- Severity Score:
- Medium
- CVE:
-
2024-54316
Restrict – membership, site, content and user access restrictions for WordPress
- Plugin Slug:
- restricted-content
- Installations
- 2,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 2.2.9
- Severity Score:
- Medium
- CVE:
-
2024-11351
Simple Link Directory
- Plugin:
-
Simple Link Directory
- Plugin Slug:
- simple-link-directory
- Installations
- 2,000+
- Vulnerability:
- Arbitrary Code Execution
- Patched in Version:
- 8.4.1
- Severity Score:
- Medium
- CVE:
-
2024-12417
WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin
- Plugin Slug:
- timetics
- Installations
- 2,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.0.28
- Severity Score:
- Medium
- CVE:
-
2024-11275
360 Javascript Viewer
- Plugin:
-
360 Javascript Viewer
- Plugin Slug:
- 360deg-javascript-viewer
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.7.30
- Severity Score:
- Medium
- CVE:
-
2024-12271
Barcode Scanner and Inventory manager. POS (Point of Sale) – scan barcodes & create orders with barcode reader.
- Plugin Slug:
- barcode-scanner-lite-pos-to-manage-products-inventory-and-orders
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.6.7
- Severity Score:
- High
- CVE:
-
2024-54265
FormFacade – WordPress plugin for Google Forms
- Plugin Slug:
- formfacade
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.3.7
- Severity Score:
- High
- CVE:
-
2024-54301
ForumWP – Forum & Discussion Board
- Plugin Slug:
- forumwp
- Installations
- 1,000+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 2.1.1
- Severity Score:
- Critical
- CVE:
-
2024-54367
ImageRecycle pdf & image compression
- Plugin Slug:
- imagerecycle-pdf-image-compression
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.1.17
- Severity Score:
- High
- CVE:
-
2024-54266
Memberful – Membership Plugin
- Plugin:
-
Memberful – Membership Plugin
- Plugin Slug:
- memberful-wp
- Installations
- 1,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 1.74.0
- Severity Score:
- Medium
- CVE:
-
2024-11294
Posti Shipping
- Plugin:
-
Posti Shipping
- Plugin Slug:
- posti-shipping
- Installations
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 3.10.4
- Severity Score:
- Medium
- CVE:
-
2024-56005
Simple Restrict
- Plugin:
-
Simple Restrict
- Plugin Slug:
- simple-restrict
- Installations
- 1,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 1.2.8
- Severity Score:
- Medium
- CVE:
-
2024-11106
RapidLoad – Optimize Web Vitals Automatically
- Plugin Slug:
- unusedcss
- Installations
- 1,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 2.4.3
- Severity Score:
- High
- CVE:
-
2024-11840
NiceJob
- Plugin:
-
NiceJob
- Plugin Slug:
- nicejob
- Installations
- 900+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.7.2
- Severity Score:
- Medium
- CVE:
-
2024-54318
Property Hive Mortgage Calculator
- Plugin Slug:
- property-hive-mortgage-calculator
- Installations
- 800+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.0.7
- Severity Score:
- Medium
- CVE:
-
2024-11940
Property Hive Stamp Duty Calculator
- Plugin Slug:
- property-hive-stamp-duty-calculator
- Installations
- 800+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.0.23
- Severity Score:
- Medium
- CVE:
-
2024-12465
WPC Order Notes for WooCommerce
- Plugin:
-
WPC Order Notes for WooCommerce
- Plugin Slug:
- woo-order-notes
- Installations
- 800+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.5.3
- Severity Score:
- High
- CVE:
-
2024-12004
Quran multilanguage Text & Audio
- Plugin:
-
Quran multilanguage Text & Audio
- Plugin Slug:
- quran-text-multilanguage
- Installations
- 700+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.3.22
- Severity Score:
- High
- CVE:
-
2024-11973
Waymark
- Plugin:
-
Waymark
- Plugin Slug:
- waymark
- Installations
- 700+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.4.2
- Severity Score:
- High
- CVE:
-
2024-12325
WP Pipes
- Plugin:
-
WP Pipes
- Plugin Slug:
- wp-pipes
- Installations
- 700+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.4.2
- Severity Score:
- High
- CVE:
-
2024-12283
AR for WordPress
- Plugin:
-
AR for WordPress
- Plugin Slug:
- ar-for-wordpress
- Installations
- 600+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 7.4
- Severity Score:
- Low
- CVE:
-
2024-12300
Car Dealer (Dealership) and Vehicle sales
- Plugin Slug:
- cardealer
- Installations
- 600+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.48
- Severity Score:
- Medium
- CVE:
-
2024-54298
Device Detector
- Plugin:
-
Device Detector
- Plugin Slug:
- device-detector
- Installations
- 600+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.2.1
- Severity Score:
- High
- CVE:
-
2024-56010
Last Viewed Posts by WPBeginner
- Plugin:
-
Last Viewed Posts by WPBeginner
- Plugin Slug:
- last-viewed-posts
- Installations
- 600+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 1.0.2
- Severity Score:
- Medium
- CVE:
-
2024-12294
Out of the Block: OpenStreetMap
- Plugin:
-
Out of the Block: OpenStreetMap
- Plugin Slug:
- ootb-openstreetmap
- Installations
- 600+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.8.4
- Severity Score:
- Medium
- CVE:
-
2024-11827
AIcomments – ??????????? ? ?????? ChatGPT
- Plugin Slug:
- aicomments
- Installations
- 500+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.4.2
- Severity Score:
- Medium
- CVE:
-
2024-54307
CM Answers – Powerful WordPress Forum Plugin
- Plugin Slug:
- cm-answers
- Installations
- 500+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.2.7
- Severity Score:
- Medium
- CVE:
-
2024-54267
Cryptocurrency Price Widget
- Plugin:
-
Cryptocurrency Price Widget
- Plugin Slug:
- cryptocurrency-price-widget
- Installations
- 500+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.2.4
- Severity Score:
- Medium
- CVE:
-
2024-54308
iChart – Easy Charts and Graphs
- Plugin:
-
iChart – Easy Charts and Graphs
- Plugin Slug:
- ichart
- Installations
- 500+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.1.4
- Severity Score:
- Medium
- CVE:
-
2024-11928
Mark New Posts
- Plugin:
-
Mark New Posts
- Plugin Slug:
- mark-new-posts
- Installations
- 500+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 7.6
- Severity Score:
- Medium
- CVE:
-
2024-54311
WP Email Log – PostBox
- Plugin:
-
WP Email Log – PostBox
- Plugin Slug:
- postbox-email-logs
- Installations
- 500+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 1.0.5
- Severity Score:
- Medium
- CVE:
-
2024-54309
Spreadr Woocommerce Plugin – Amazon Importer for Dropshipping and Affiliate
- Plugin Slug:
- spreadr-for-woocomerce
- Installations
- 500+
- Vulnerability:
- Arbitrary Content Deletion
- Patched in Version:
- 1.0.5
- Severity Score:
- High
- CVE:
-
2024-56008
Spreadr Woocommerce Plugin – Amazon Importer for Dropshipping and Affiliate
- Plugin Slug:
- spreadr-for-woocomerce
- Installations
- 500+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.0.5
- Severity Score:
- Medium
- CVE:
-
2024-56009
Themify Store Locator
- Plugin:
-
Themify Store Locator
- Plugin Slug:
- themify-store-locator
- Installations
- 500+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.2.0
- Severity Score:
- Medium
- CVE:
-
2024-12414
WooCommerce Additional Fees On Checkout (Free)
- Plugin Slug:
- woo-additional-fees-on-checkout-wordpress
- Installations
- 500+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.4.8
- Severity Score:
- High
- CVE:
-
2024-12395
Gutenberg Blocks and Page Layouts – Attire Blocks
- Plugin Slug:
- attire-blocks
- Installations
- 400+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.9.6
- Severity Score:
- Medium
- CVE:
-
2024-11914
Projectopia – WordPress Project Management
- Plugin Slug:
- projectopia-core
- Installations
- 400+
- Vulnerability:
- Broken Authentication
- Patched in Version:
- 5.1.8
- Severity Score:
- High
- CVE:
-
2024-54336
Payment Gateway Per Product for WooCommerce
- Plugin Slug:
- woocommerce-product-payments
- Installations
- 400+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.5.9
- Severity Score:
- Medium
- CVE:
-
2024-55996
Check Pincode For Woocommerce
- Plugin:
-
Check Pincode For Woocommerce
- Plugin Slug:
- check-pincode-for-woocommerce
- Installations
- 300+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.2
- Severity Score:
- High
- CVE:
-
2024-54333
Currency Converter Widget ? PRO
- Plugin:
-
Currency Converter Widget ? PRO
- Plugin Slug:
- currency-converter-widget-pro
- Installations
- 300+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.0.7
- Severity Score:
- Medium
- CVE:
-
2024-11760
NewsmanApp
- Plugin:
-
NewsmanApp
- Plugin Slug:
- newsmanapp
- Installations
- 300+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.7.7
- Severity Score:
- Medium
- CVE:
-
2024-11767
Print Science Designer
- Plugin:
-
Print Science Designer
- Plugin Slug:
- print-science-designer
- Installations
- 300+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 1.3.153
- Severity Score:
- Critical
- CVE:
-
2024-12312
Stop Registration Spam
- Plugin:
-
Stop Registration Spam
- Plugin Slug:
- stop-registration-spam
- Installations
- 300+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.24
- Severity Score:
- High
- CVE:
-
2024-56017
WP BASE Booking of Appointments, Services and Events
- Plugin Slug:
- wp-base-booking-of-appointments-services-and-events
- Installations
- 300+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.9.2
- Severity Score:
- High
- CVE:
-
2024-12469
WP Mailster
- Plugin:
-
WP Mailster
- Plugin Slug:
- wp-mailster
- Installations
- 300+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.8.18.0
- Severity Score:
- Medium
- CVE:
-
2024-54355
AutoWP – AI Content Writer & Rewriter
- Plugin Slug:
- autowp-ai-content-writer-rewriter
- Installations
- 200+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.0.9
- Severity Score:
- Medium
- CVE:
-
2024-54300
Booking System Trafft
- Plugin:
-
Booking System Trafft
- Plugin Slug:
- booking-system-trafft
- Installations
- 200+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.0.7
- Severity Score:
- Medium
- CVE:
-
2024-11754
dejure.org Vernetzungsfunktion
- Plugin:
-
dejure.org Vernetzungsfunktion
- Plugin Slug:
- dejureorg-vernetzungsfunktion
- Installations
- 200+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.98.0
- Severity Score:
- High
- CVE:
-
2024-11417
Email Reminders
- Plugin:
-
Email Reminders
- Plugin Slug:
- email-reminders
- Installations
- 200+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.0.5
- Severity Score:
- Medium
- CVE:
-
2024-11945
J&T Express Malaysia
- Plugin:
-
J&T Express Malaysia
- Plugin Slug:
- jt-express
- Installations
- 200+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.0.15
- Severity Score:
- High
- CVE:
-
2024-54305
Revi.io – Customer & Products Reviews
- Plugin Slug:
- revi-io-customer-and-product-reviews
- Installations
- 200+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.8.0
- Severity Score:
- High
- CVE:
-
2024-54299
WordPress Post Grid Layouts with Pagination – Sogrid
- Plugin Slug:
- sogrid
- Installations
- 200+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 1.5.7
- Severity Score:
- High
- CVE:
-
2024-54374
WordPress Post Grid Layouts with Pagination – Sogrid
- Plugin Slug:
- sogrid
- Installations
- 200+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.5.5
- Severity Score:
- High
- CVE:
-
2024-54352
Staggs – Product Configurator Toolkit
- Plugin Slug:
- staggs
- Installations
- 200+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.1.0
- Severity Score:
- High
- CVE:
-
2024-54342
Lifetime free Drag & Drop Contact Form Builder for WordPress VForm
- Plugin Slug:
- v-form
- Installations
- 200+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.0.1
- Severity Score:
- High
- CVE:
-
2024-54302
Video & Photo Gallery for Ultimate Member
- Plugin Slug:
- gallery-for-ultimate-member
- Installations
- 100+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 1.1.1
- Severity Score:
- Critical
- CVE:
-
2024-54370
Gou Manage My Account Menu – User Roles
- Plugin Slug:
- gou-wc-account-tabs
- Installations
- 100+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.0.1.9
- Severity Score:
- Medium
- CVE:
-
2024-54310
ICDSoft Reseller Store
- Plugin:
-
ICDSoft Reseller Store
- Plugin Slug:
- icdsoft-reseller-store
- Installations
- 100+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.5.0
- Severity Score:
- High
- CVE:
-
2024-54320
Ksher
- Plugin:
-
Ksher
- Plugin Slug:
- ksher-payment
- Installations
- 100+
- Vulnerability:
- Settings Change
- Patched in Version:
- 1.1.2
- Severity Score:
- Medium
- CVE:
-
2024-56001
Media Downloader
- Plugin:
-
Media Downloader
- Plugin Slug:
- media-downloader
- Installations
- 100+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 0.4.7.5
- Severity Score:
- High
- CVE:
-
2024-54322
CRM Perks – WordPress HelpDesk Integration – Zendesk, Freshdesk, HelpScout
- Plugin Slug:
- support-x
- Installations
- 100+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.1.7
- Severity Score:
- Medium
- CVE:
-
2024-12443
Invoice Payment for WooCommerce
- Plugin:
-
Invoice Payment for WooCommerce
- Plugin Slug:
- invoice-payment-for-woocommerce
- Installations
- 90+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.0.0
- Severity Score:
- High
- CVE:
-
2024-54328
Seraphinite Bulk Discounts for WooCommerce
- Plugin Slug:
- seraphinite-discount-for-woocommerce
- Installations
- 90+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.4.7
- Severity Score:
- High
- CVE:
-
2024-12160
Hurrakify
- Plugin:
-
Hurrakify
- Plugin Slug:
- hurrakify
- Installations
- 80+
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- 8.0.1
- Severity Score:
- High
- CVE:
-
2024-54330
SMS for WooCommerce
- Plugin:
-
SMS for WooCommerce
- Plugin Slug:
- wc-sms
- Installations
- 80+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.8.1.1
- Severity Score:
- High
- CVE:
-
2024-12220
Hive Support | AI-Powered Help Desk, Live Chat & AI Chat Bot Plugin for WordPress
- Plugin Slug:
- hive-support
- Installations
- 70+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 1.1.3
- Severity Score:
- High
- CVE:
-
2024-54304
Hive Support | AI-Powered Help Desk, Live Chat & AI Chat Bot Plugin for WordPress
- Plugin Slug:
- hive-support
- Installations
- 70+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.1.3
- Severity Score:
- Medium
- CVE:
-
2024-54321
AIKCT Engine Chatbot, ChatGPT, Gemini, GPT-4o Best AI Chatbot
- Plugin Slug:
- ai-seo-translator
- Installations
- 60+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.6.3
- Severity Score:
- Medium
- CVE:
-
2024-54306
LabelGrid Tools
- Plugin:
-
LabelGrid Tools
- Plugin Slug:
- label-grid-tools
- Installations
- 60+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.3.59
- Severity Score:
- High
- CVE:
-
2024-54341
Simple Payment
- Plugin:
-
Simple Payment
- Plugin Slug:
- simple-payment
- Installations
- 60+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.3.8
- Severity Score:
- High
- CVE:
-
2024-54303
CarDealerPress
- Plugin:
-
CarDealerPress
- Plugin Slug:
- cardealerpress
- Installations
- 50+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 6.7.2411.00
- Severity Score:
- High
- CVE:
-
2024-54325
CE21 Suite
- Plugin:
-
CE21 Suite
- Plugin Slug:
- ce21-suite
- Installations
- 30+
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 2.2.1
- Severity Score:
- Critical
- CVE:
-
2024-54293
EduAdmin Booking
- Plugin:
-
EduAdmin Booking
- Plugin Slug:
- eduadmin-booking
- Installations
- 30+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 5.3.0
- Severity Score:
- High
- CVE:
-
2024-54373
Hack-Info
- Plugin:
-
Hack-Info
- Plugin Slug:
- hack-info
- Installations
- 30+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 3.18
- Severity Score:
- High
- CVE:
-
2024-54353
FloristPress – Customize your Woo store for your Florist
- Plugin Slug:
- bakkbone-florist-companion
- Installations
- 10+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 7.3.0
- Severity Score:
- High
- CVE:
-
2024-54347
CleverNode Related Content
- Plugin:
-
CleverNode Related Content
- Plugin Slug:
- clevernode-related-content
- Installations
- 10+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.1.6
- Severity Score:
- High
- CVE:
-
2024-54329
Connect Contact Form 7 to Constant Contact V3
- Plugin Slug:
- connect-contact-form-7-to-constant-contact-v3
- Installations
- 10+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.5
- Severity Score:
- High
- CVE:
-
2024-54343
Fancy Roller Scroller
- Plugin:
-
Fancy Roller Scroller
- Plugin Slug:
- fancy-roller-scroller
- Installations
- 10+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.4.1
- Severity Score:
- High
- CVE:
-
2024-54351
I Plant A Tree
- Plugin:
-
I Plant A Tree
- Plugin Slug:
- i-plant-a-tree
- Installations
- 10+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.7.4
- Severity Score:
- High
- CVE:
-
2024-54331
ImmoToolBox Connect
- Plugin:
-
ImmoToolBox Connect
- Plugin Slug:
- immotoolbox-connect
- Installations
- 10+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.4.0
- Severity Score:
- High
- CVE:
-
2024-54335
Newsletter, Email Marketing, Email Subscriber – Mail Picker
- Plugin Slug:
- mail-picker
- Installations
- 10+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 1.0.15
- Severity Score:
- Critical
- CVE:
-
2024-54273
Simple Presenter
- Plugin:
-
Simple Presenter
- Plugin Slug:
- simple-presenter
- Installations
- 10+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.5.2
- Severity Score:
- High
- CVE:
-
2024-54340
SMSify
- Plugin:
-
SMSify
- Plugin Slug:
- smsify
- Installations
- 10+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 6.1.0
- Severity Score:
- High
- CVE:
-
2024-54324
UNIVERSAM
- Plugin:
-
UNIVERSAM
- Plugin Slug:
- universam-demo
- Installations
- 10+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 8.59
- Severity Score:
- High
- CVE:
-
2024-54327
WP Currency Exchange Rates
- Plugin:
-
WP Currency Exchange Rates
- Plugin Slug:
- wp-currency-exchange-rates
- Installations
- 10+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.3.0
- Severity Score:
- High
- CVE:
-
2024-54332
WP Quick Shop
- Plugin:
-
WP Quick Shop
- Plugin Slug:
- wp-quick-shop
- Installations
- 10+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.3.2
- Severity Score:
- High
- CVE:
-
2024-54344
DX Dark Site
- Plugin:
-
DX Dark Site
- Plugin Slug:
- devrix-dark-site
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.1.1
- Severity Score:
- High
- CVE:
-
2024-54337
FooGallery Premium
- Plugin:
-
FooGallery Premium
- Plugin Slug:
- foogallery-premium
- Vulnerability:
- Directory Traversal
- Patched in Version:
- 2.4.27
- Severity Score:
- High
- CVE:
-
2023-6947
GeoFlickr
- Plugin:
-
GeoFlickr
- Plugin Slug:
- geoflickr
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.4
- Severity Score:
- High
- CVE:
-
2024-54339
Hello Event Widgets For Elementor
- Plugin Slug:
- hello-event-widgets-for-elementor
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.1.0
- Severity Score:
- Medium
- CVE:
-
2024-54338
WP SuperBackup
- Plugin:
-
WP SuperBackup
- Plugin Slug:
- indeed-wp-superbackup
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 2.4
- Severity Score:
- Critical
- CVE:
-
2024-9290
Kundgenerator
- Plugin:
-
Kundgenerator
- Plugin Slug:
- kundgenerator
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.0.7
- Severity Score:
- High
- CVE:
-
2024-54319
Quran Phrases About Most People Shortcodes
- Plugin Slug:
- quran-phrases-about-most-people-shortcodes
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.5
- Severity Score:
- Medium
- CVE:
-
2024-54334
Responsive Google Maps | by imbaa
- Plugin:
-
Responsive Google Maps | by imbaa
- Plugin Slug:
- responsive-google-maps
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.2.7
- Severity Score:
- Medium
- CVE:
-
2024-56011
Termin-Kalender
- Plugin:
-
Termin-Kalender
- Plugin Slug:
- termin-kalender
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.00.04
- Severity Score:
- Medium
- CVE:
-
2024-54354
WooCommerce PDF Vouchers
- Plugin:
-
WooCommerce PDF Vouchers
- Plugin Slug:
- woocommerce-pdf-vouchers
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 4.9.9
- Severity Score:
- Critical
- CVE:
-
2024-54383
WP All Import Pro
- Plugin:
-
WP All Import Pro
- Plugin Slug:
- wp-all-import-pro
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- 4.9.4
- Severity Score:
- Medium
- CVE:
-
2024-9624
WordPress Themes — 8 Patched / 2 Unpatched
Olivia
- Theme:
-
Olivia
- Theme Slug:
- olivia
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-56014
Zerif Lite
- Theme:
-
Zerif Lite
- Theme Slug:
- zerif-lite
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
Barter
- Theme:
-
Barter
- Theme Slug:
- barter
- Downloads
- 7,610
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.7
- Severity Score:
- Medium
- CVE:
-
2024-54346
Bicycleshop
- Theme:
-
Bicycleshop
- Theme Slug:
- bicycleshop
- Downloads
- 9,127
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.6
- Severity Score:
- Medium
- CVE:
-
2024-54345
Brand
- Theme:
-
Brand
- Theme Slug:
- brand
- Downloads
- 32,921
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.1.7
- Severity Score:
- Medium
- CVE:
-
2024-54348
hmd
- Theme:
-
hmd
- Theme Slug:
- hmd
- Downloads
- 892
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.2
- Severity Score:
- High
- CVE:
-
2024-54350
Plain Post
- Theme:
-
Plain Post
- Theme Slug:
- plain-post
- Downloads
- 1,459
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.0.4
- Severity Score:
- Medium
- CVE:
-
2024-54349
Avada
- Theme:
-
Avada
- Theme Slug:
- avada
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 7.11.11
- Severity Score:
- Medium
- CVE:
-
2024-54357
Woffice
- Theme:
-
Woffice
- Theme Slug:
- woffice
- Vulnerability:
- Broken Authentication
- Patched in Version:
- 5.4.15
- Severity Score:
- Critical
- CVE:
-
2024-43234
WoodMart
- Theme:
-
WoodMart
- Theme Slug:
- woodmart
- Vulnerability:
- Arbitrary Code Execution
- Patched in Version:
- 8.0.4
- Severity Score:
- Medium
- CVE:
-
2024-12333
window[“91949fd6_d510_43bc_8fec_16f2a437a0ed”] = {“blockId”:”91949fd6-d510-43bc-8fec-16f2a437a0ed”,”className”:””,”heading”:”Solid Security is part of Solid Suite \u2014 The best foundation for WordPress websites.”,”text”:”Every WordPress site needs security, backups, and management tools. That\u2019s Solid Suite \u2014 an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy\u2019s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!”,”buttonText”:”Get Solid Security”,”buttonLink”:”\/pricing”,”buttonTarget”:”_self”,”buttonRel”:””};
Solid Security is part of Solid Suite — The best foundation for WordPress websites.
Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!
The post WordPress Vulnerability Report — December 18, 2024 appeared first on SolidWP.