virusword.com

Learn Wordpress

Home/Woocommerce/WordPress Vulnerability Report — July 24, 2024

WordPress Vulnerability Report — July 24, 2024

In this report, 93 vulnerabilities have been publicly disclosed. Security patches for 72 of these plugins are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 21 plugin and theme vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

window[“39c0d6cb_962d_43be_9ee9_c39c33aaaeaf”] = {“blockId”:”39c0d6cb-962d-43be-9ee9-c39c33aaaeaf”,”type”:”warning”,”content”:”

Along with poor user account security, vulnerable plugins and themes are among the top reasons why WordPress websites get hacked. Unfortunately, cyberattacks are increasing in volume and sophistication. They’re also increasingly aimed at small to mid-sized businesses.”,”className”:””};

Along with poor user account security, vulnerable plugins and themes are among the top reasons why WordPress websites get hacked. Unfortunately, cyberattacks are increasing in volume and sophistication. They’re also increasingly aimed at small to mid-sized businesses.

window[“9ae25210_70b9_4c53_b44d_05f51f78aba0”] = {“blockId”:”9ae25210-70b9-4c53-b44d-05f51f78aba0″,”className”:””,”isOpen”:true};

window[“1ce5aa33_66c0_4f0e_9fac_f33ef9ffddc9”] = {“blockId”:”1ce5aa33-66c0-4f0e-9fac-f33ef9ffddc9″,”type”:”notice”,”content”:”

Our WordPress Vulnerability Report\u00a0covers the latest emerging WordPress plugin, theme, and core vulnerabilities. Each vulnerability will have a severity rating of\u00a0Low,\u00a0Medium,\u00a0High, or\u00a0Critical. Responsible disclosure of vulnerabilities is essential to keeping the WordPress community safe. Please share this report to help spread the word and make WordPress \u2014 and the web \u2014 more secure.”,”className”:””};

Our WordPress Vulnerability Report covers the latest emerging WordPress plugin, theme, and core vulnerabilities. Each vulnerability will have a severity rating of LowMediumHigh, or Critical. Responsible disclosure of vulnerabilities is essential to keeping the WordPress community safe. Please share this report to help spread the word and make WordPress — and the web — more secure.

WordPress Core

WordPress 6.6.1 is now available! This minor release features 7 bug fixes in Core and 9 bug fixes for the Block Editor. You can review a summary of the maintenance updates in this release by reading the Release Candidate announcement.

window[“d2b829b5_b9f2_417a_92cb_a1351baeb96d”] = {“blockId”:”d2b829b5-b9f2-417a-92cb-a1351baeb96d”,”text”:”No new core vulnerabilities were disclosed this week.”,”className”:””};

No new core vulnerabilities were disclosed this week.

WordPress Plugins — 72 Patched / 15 Unpatched

Timetable and Event Schedule by MotoPress

Plugin:

Timetable and Event Schedule by MotoPress

Plugin Slug:
mp-timetable

Installations
30,000+

Vulnerability:
PHP Object Injection

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-39630

The vulnerability has not been patched. You should deactivate the plugin.

Smartsupp – live chat, chatbots, AI and lead generation

Plugin:

Smartsupp – live chat, chatbots, AI and lead generation

Plugin Slug:
smartsupp-live-chat

Installations
20,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-38790

The vulnerability has not been patched. You should deactivate the plugin.

Pretty Simple Popup Builder

Plugin:

Pretty Simple Popup Builder

Plugin Slug:
pretty-simple-popup-builder

Installations
100+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-39626

The vulnerability has not been patched. You should deactivate the plugin.

Booking Ultra Pro

Plugin:

Booking Ultra Pro

Plugin Slug:
booking-ultra-pro

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-6175

The vulnerability has not been patched. You should deactivate the plugin.

Easy Testimonials

Plugin:

Easy Testimonials

Plugin Slug:
easy-testimonials

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-2337

The vulnerability has not been patched. You should deactivate the plugin.

Keydatas

Plugin:

Keydatas

Plugin Slug:
keydatas

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-6220

The vulnerability has not been patched. You should deactivate the plugin.

Light Poll

Plugin:

Light Poll

Plugin Slug:
light-poll

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-6720

The vulnerability has not been patched. You should deactivate the plugin.

ListingPro

Plugin:

ListingPro

Plugin Slug:
listingpro-plugin

Vulnerability:
Local File Inclusion

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-39621

The vulnerability has not been patched. You should deactivate the plugin.

ListingPro

Plugin:

ListingPro

Plugin Slug:
listingpro-plugin

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-39620

The vulnerability has not been patched. You should deactivate the plugin.

ListingPro

Plugin:

ListingPro

Plugin Slug:
listingpro-plugin

Vulnerability:
Local File Inclusion

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-39619

The vulnerability has not been patched. You should deactivate the plugin.

ListingPro

Plugin:

ListingPro

Plugin Slug:
listingpro-plugin

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-38795

The vulnerability has not been patched. You should deactivate the plugin.

RegLevel

Plugin:

RegLevel

Plugin Slug:
reglevel

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-6705

The vulnerability has not been patched. You should deactivate the plugin.

SVG Support

Plugin:

SVG Support

Plugin Slug:
svg-support

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2023-6708

The vulnerability has not been patched. You should deactivate the plugin.

Telegram Bot & Channel

Plugin:

Telegram Bot & Channel

Plugin Slug:
telegram-bot

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-38789

The vulnerability has not been patched. You should deactivate the plugin.

Timeline Event History

Plugin:

Timeline Event History

Plugin Slug:
timeline-event-history

Vulnerability:
PHP Object Injection

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-5726

The vulnerability has not been patched. You should deactivate the plugin.

ElementsKit Elementor addons

Plugin:

ElementsKit Elementor addons

Plugin Slug:
elementskit-lite

Installations
1,000,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
3.2.1

Severity Score:
Medium

CVE:

2024-6455

The vulnerability has been patched, so you should update to version 3.2.1.

Redux Framework

Plugin:

Redux Framework

Plugin Slug:
redux-framework

Installations
1,000,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.4.18

Severity Score:
High

CVE:

2024-6828

The vulnerability has been patched, so you should update to version 4.4.18.

Security Optimizer – The All-In-One Protection Plugin

Plugin:

Security Optimizer – The All-In-One Protection Plugin

Plugin Slug:
sg-security

Installations
1,000,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.5.1

Severity Score:
Medium

CVE:

2024-38774

The vulnerability has been patched, so you should update to version 1.5.1.

WPS Hide Login

Plugin:

WPS Hide Login

Plugin Slug:
wps-hide-login

Installations
1,000,000+

Vulnerability:
Bypass Vulnerability

Patched in Version:
1.9.16.4

Severity Score:
Medium

CVE:

2024-6289

The vulnerability has been patched, so you should update to version 1.9.16.4.

Conditional Fields for Contact Form 7

Plugin:

Conditional Fields for Contact Form 7

Plugin Slug:
cf7-conditional-fields

Installations
100,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.4.14

Severity Score:
Medium

CVE:

2024-5804

The vulnerability has been patched, so you should update to version 2.4.14.

GiveWP – Donation Plugin and Fundraising Platform

Plugin:

GiveWP – Donation Plugin and Fundraising Platform

Plugin Slug:
give

Installations
100,000+

Vulnerability:
Insecure Direct Object References (IDOR)

Patched in Version:
3.14.0

Severity Score:
Medium

CVE:

2024-5977

The vulnerability has been patched, so you should update to version 3.14.0.

Schema & Structured Data for WP & AMP

Plugin:

Schema & Structured Data for WP & AMP

Plugin Slug:
schema-and-structured-data-for-wp

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.34.1

Severity Score:
Medium

CVE:

2024-5582

The vulnerability has been patched, so you should update to version 1.34.1.

CTX Feed – WooCommerce Product Feed Manager Plugin

Plugin:

CTX Feed – WooCommerce Product Feed Manager Plugin

Plugin Slug:
webappick-product-feed-for-woocommerce

Installations
100,000+

Vulnerability:
Privilege Escalation

Patched in Version:
6.5.7

Severity Score:
High

CVE:

2024-38775

The vulnerability has been patched, so you should update to version 6.5.7.

Mercado Pago payments for WooCommerce

Plugin:

Mercado Pago payments for WooCommerce

Plugin Slug:
woocommerce-mercadopago

Installations
100,000+

Vulnerability:
Arbitrary File Download

Patched in Version:
7.6.2

Severity Score:
Medium

CVE:

2024-3934

The vulnerability has been patched, so you should update to version 7.6.2.

HUSKY – Products Filter Professional for WooCommerce

Plugin:

HUSKY – Products Filter Professional for WooCommerce

Plugin Slug:
woocommerce-products-filter

Installations
100,000+

Vulnerability:
SQL Injection

Patched in Version:
1.3.6.1

Severity Score:
Critical

CVE:

2024-6457

The vulnerability has been patched, so you should update to version 1.3.6.1.

Brizy – Page Builder

Plugin:

Brizy – Page Builder

Plugin Slug:
brizy

Installations
80,000+

Vulnerability:
Arbitrary File Upload

Patched in Version:
2.4.45

Severity Score:
Critical

CVE:

2024-3242

The vulnerability has been patched, so you should update to version 2.4.45.

Brizy – Page Builder

Plugin:

Brizy – Page Builder

Plugin Slug:
brizy

Installations
80,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.4.45

Severity Score:
High

CVE:

2024-1937

The vulnerability has been patched, so you should update to version 2.4.45.

AI Engine

Plugin:

AI Engine

Plugin Slug:
ai-engine

Installations
70,000+

Vulnerability:
Server Side Request Forgery (SSRF)

Patched in Version:
2.4.8

Severity Score:
Medium

CVE:

2024-38791

The vulnerability has been patched, so you should update to version 2.4.8.

Premium Portfolio Features for Phlox theme

Plugin:

Premium Portfolio Features for Phlox theme

Plugin Slug:
auxin-portfolio

Installations
50,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.3.3

Severity Score:
Medium

CVE:

2024-3587

The vulnerability has been patched, so you should update to version 2.3.3.

Getwid – Gutenberg Blocks

Plugin:

Getwid – Gutenberg Blocks

Plugin Slug:
getwid

Installations
50,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.0.11

Severity Score:
Medium

CVE:

2024-6491

The vulnerability has been patched, so you should update to version 2.0.11.

Image Hover Effects – Elementor Addon

Plugin:

Image Hover Effects – Elementor Addon

Plugin Slug:
image-hover-effects-addon-for-elementor

Installations
50,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.4.4

Severity Score:
Medium

CVE:

2024-4780

The vulnerability has been patched, so you should update to version 1.4.4.

FV Flowplayer Video Player

Plugin:

FV Flowplayer Video Player

Plugin Slug:
fv-wordpress-flowplayer

Installations
20,000+

Vulnerability:
SQL Injection

Patched in Version:
7.5.47.7212

Severity Score:
High

CVE:

2024-6338

The vulnerability has been patched, so you should update to version 7.5.47.7212.

WordPress File Upload

Plugin:

WordPress File Upload

Plugin Slug:
wp-file-upload

Installations
20,000+

Vulnerability:
Directory Traversal

Patched in Version:
4.24.8

Severity Score:
Medium

CVE:

2024-5852

The vulnerability has been patched, so you should update to version 4.24.8.

BSK PDF Manager

Plugin:

BSK PDF Manager

Plugin Slug:
bsk-pdf-manager

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.6.1

Severity Score:
Medium

CVE:

2024-38767

The vulnerability has been patched, so you should update to version 3.6.1.

CM Popup Plugin for WordPress – Popup Maker

Plugin:

CM Popup Plugin for WordPress – Popup Maker

Plugin Slug:
cm-pop-up-banners

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.6.6

Severity Score:
Medium

CVE:

2024-5004

The vulnerability has been patched, so you should update to version 1.6.6.

Language Translate Widget for WP – ConveyThis

Plugin:

Language Translate Widget for WP – ConveyThis

Plugin Slug:
conveythis-translate

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
235

Severity Score:
Medium

CVE:

2024-38792

The vulnerability has been patched, so you should update to version 235.

JetWidgets for Elementor and WooCommerce

Plugin:

JetWidgets for Elementor and WooCommerce

Plugin Slug:
jetwoo-widgets-for-elementor

Installations
10,000+

Vulnerability:
Local File Inclusion

Patched in Version:
1.1.8

Severity Score:
Medium

CVE:

2024-38772

The vulnerability has been patched, so you should update to version 1.1.8.

Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps)

Plugin:

Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps)

Plugin Slug:
leaflet-maps-marker

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.12.10

Severity Score:
Medium

CVE:

2024-38782

The vulnerability has been patched, so you should update to version 3.12.10.

SchedulePress – Auto Post & Publish, Auto Social Share, Schedule Posts with Editorial Calendar & Missed Schedule Post Publisher

Plugin:

SchedulePress – Auto Post & Publish, Auto Social Share, Schedule Posts with Editorial Calendar & Missed Schedule Post Publisher

Plugin Slug:
wp-scheduled-posts

Installations
10,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
5.1.4

Severity Score:
Medium

CVE:

2024-6557

The vulnerability has been patched, so you should update to version 5.1.4.

Arconix FAQ

Plugin:

Arconix FAQ

Plugin Slug:
arconix-faq

Installations
9,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.9.5

Severity Score:
Medium

CVE:

2024-38783

The vulnerability has been patched, so you should update to version 1.9.5.

HTML Forms – Simple WordPress Forms Plugin

Plugin:

HTML Forms – Simple WordPress Forms Plugin

Plugin Slug:
html-forms

Installations
9,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.3.33

Severity Score:
Medium

CVE:

2024-6243

The vulnerability has been patched, so you should update to version 1.3.33.

YITH Essential Kit for WooCommerce #1

Plugin:

YITH Essential Kit for WooCommerce #1

Plugin Slug:
yith-essential-kit-for-woocommerce-1

Installations
7,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.35.0

Severity Score:
Medium

CVE:

2024-6799

The vulnerability has been patched, so you should update to version 2.35.0.

Arconix Shortcodes

Plugin:

Arconix Shortcodes

Plugin Slug:
arconix-shortcodes

Installations
5,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.1.12

Severity Score:
Medium

CVE:

2024-38769

The vulnerability has been patched, so you should update to version 2.1.12.

AI ChatBot for WordPress – WPBot

Plugin:

AI ChatBot for WordPress – WPBot

Plugin Slug:
chatbot

Installations
5,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
5.5.8

Severity Score:
Medium

CVE:

2024-6669

The vulnerability has been patched, so you should update to version 5.5.8.

WP QuickLaTeX

Plugin:

WP QuickLaTeX

Plugin Slug:
wp-quicklatex

Installations
5,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.8.8

Severity Score:
Medium

CVE:

2024-5529

The vulnerability has been patched, so you should update to version 3.8.8.

Livemesh Addons for Beaver Builder

Plugin:

Livemesh Addons for Beaver Builder

Plugin Slug:
addons-for-beaver-builder

Installations
4,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.7

Severity Score:
Medium

CVE:

2024-38784

The vulnerability has been patched, so you should update to version 3.7.

Cooked – Recipe Management

Plugin:

Cooked – Recipe Management

Plugin Slug:
cooked

Installations
4,000+

Vulnerability:
Content Injection

Patched in Version:
1.8.0

Severity Score:
Medium

The vulnerability has been patched, so you should update to version 1.8.0.

Cooked – Recipe Management

Plugin:

Cooked – Recipe Management

Plugin Slug:
cooked

Installations
4,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.8.0

Severity Score:
Medium

The vulnerability has been patched, so you should update to version 1.8.0.

AForms — Form Builder for Price Calculator & Cost Estimation

Plugin:

AForms — Form Builder for Price Calculator & Cost Estimation

Plugin Slug:
aforms-form-builder-for-price-calculator-cost-estimation

Installations
3,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
2.2.7

Severity Score:
Medium

CVE:

2024-6565

The vulnerability has been patched, so you should update to version 2.2.7.

Insert or Embed Articulate Content into WordPress

Plugin:

Insert or Embed Articulate Content into WordPress

Plugin Slug:
insert-or-embed-articulate-content-into-wordpress

Installations
3,000+

Vulnerability:
Arbitrary File Upload

Patched in Version:
4.3000000024

Severity Score:
Critical

CVE:

2024-5630

The vulnerability has been patched, so you should update to version 4.3000000024.

Addonify – Quick View For WooCommerce

Plugin:

Addonify – Quick View For WooCommerce

Plugin Slug:
addonify-quick-view

Installations
2,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
1.2.17

Severity Score:
Medium

CVE:

2024-6560

The vulnerability has been patched, so you should update to version 1.2.17.

Glossary

Plugin:

Glossary

Plugin Slug:
glossary-by-codeat

Installations
2,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
2.2.27

Severity Score:
Medium

CVE:

2024-6570

The vulnerability has been patched, so you should update to version 2.2.27.

Web and WooCommerce Addons for WPBakery Builder

Plugin:

Web and WooCommerce Addons for WPBakery Builder

Plugin Slug:
vc-addons-by-bit14

Installations
2,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.4.6

Severity Score:
Medium

CVE:

2024-6579

The vulnerability has been patched, so you should update to version 1.4.6.

Great Restaurant Menu WP

Plugin:

Great Restaurant Menu WP

Plugin Slug:
best-restaurant-menu-by-pricelisto

Installations
1,000+

Vulnerability:
SQL Injection

Patched in Version:
1.4.2

Severity Score:
High

CVE:

2024-38793

The vulnerability has been patched, so you should update to version 1.4.2.

WP Fast Total Search – The Power of Indexed Search

Plugin:

WP Fast Total Search – The Power of Indexed Search

Plugin Slug:
fulltext-search

Installations
1,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.70.236

Severity Score:
Medium

CVE:

2024-38778

The vulnerability has been patched, so you should update to version 1.70.236.

Custom Query Blocks

Plugin:

Custom Query Blocks

Plugin Slug:
post-type-archive-mapping

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
5.3.0

Severity Score:
Medium

CVE:

2024-38794

The vulnerability has been patched, so you should update to version 5.3.0.

Filter & Grids

Plugin:

Filter & Grids

Plugin Slug:
ymc-smart-filter

Installations
1,000+

Vulnerability:
Local File Inclusion

Patched in Version:
2.8.33

Severity Score:
High

CVE:

2024-6164

The vulnerability has been patched, so you should update to version 2.8.33.

FormLift for Infusionsoft Web Forms

Plugin:

FormLift for Infusionsoft Web Forms

Plugin Slug:
formlift

Installations
800+

Vulnerability:
SQL Injection

Patched in Version:
7.5.18

Severity Score:
Critical

CVE:

2024-38773

The vulnerability has been patched, so you should update to version 7.5.18.

ArtPlacer Widget

Plugin:

ArtPlacer Widget

Plugin Slug:
artplacer-widget

Installations
200+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.21.2

Severity Score:
High

CVE:

2023-7269

The vulnerability has been patched, so you should update to version 2.21.2.

ArtPlacer Widget

Plugin:

ArtPlacer Widget

Plugin Slug:
artplacer-widget

Installations
200+

Vulnerability:
Broken Access Control

Patched in Version:
2.21.2

Severity Score:
Medium

CVE:

2023-7268

The vulnerability has been patched, so you should update to version 2.21.2.

Bug Library

Plugin:

Bug Library

Plugin Slug:
bug-library

Installations
100+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.1.2

Severity Score:
Medium

CVE:

2024-5604

The vulnerability has been patched, so you should update to version 2.1.2.

Community Events

Plugin:

Community Events

Plugin Slug:
community-events

Installations
40+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.5

Severity Score:
Medium

CVE:

2024-6271

The vulnerability has been patched, so you should update to version 1.5.

PZ Frontend Manager

Plugin:

PZ Frontend Manager

Plugin Slug:
pz-frontend-manager

Installations
10+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.0.6

Severity Score:
Medium

CVE:

2024-6244

The vulnerability has been patched, so you should update to version 1.0.6.

Ultimate Addons for WPBakery Page Builder

Plugin:

Ultimate Addons for WPBakery Page Builder

Plugin Slug:
ultimate_vc_addons

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.19.20.1

Severity Score:
Medium

CVE:

2024-5251

The vulnerability has been patched, so you should update to version 3.19.20.1.

WP eStore

Plugin:

WP eStore

Plugin Slug:
wp-cart-for-digital-products

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
8.5.5

Severity Score:
Medium

CVE:

2024-6075

The vulnerability has been patched, so you should update to version 8.5.5.

WP eStore

Plugin:

WP eStore

Plugin Slug:
wp-cart-for-digital-products

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
8.5.5

Severity Score:
High

CVE:

2024-6072

The vulnerability has been patched, so you should update to version 8.5.5.

CopySafe Web Protection

Plugin:

CopySafe Web Protection

Plugin Slug:
wp-copysafe-web

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.0

Severity Score:
High

CVE:

2024-38781

The vulnerability has been patched, so you should update to version 4.0.

WP GoToWebinar

Plugin:

WP GoToWebinar

Plugin Slug:
wp-gotowebinar

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
15.8

Severity Score:
High

CVE:

2024-38776

The vulnerability has been patched, so you should update to version 15.8.

WPForms User Registration

Plugin:

WPForms User Registration

Plugin Slug:
wpforms-user-registration

Vulnerability:
Privilege Escalation

Patched in Version:
2.1.2

Severity Score:
High

CVE:

2023-52209

The vulnerability has been patched, so you should update to version 2.1.2.

WordPress Themes — 0 Patched / 6 Unpatched

CoziPress

Theme:

CoziPress

Theme Slug:
cozipress

Downloads
144,938

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-38786

The vulnerability has not been patched. You should switch themes.

Himalayas

Theme:

Himalayas

Theme Slug:
himalayas

Downloads
334,322

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-39629

The vulnerability has not been patched. You should switch themes.

ListingPro

Theme:

ListingPro

Theme Slug:
listingpro

Vulnerability:
Local File Inclusion

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-39624

The vulnerability has not been patched. You should switch themes.

ListingPro

Theme:

ListingPro

Theme Slug:
listingpro

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-39623

The vulnerability has not been patched. You should switch themes.

ListingPro

Theme:

ListingPro

Theme Slug:
listingpro

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-39622

The vulnerability has not been patched. You should switch themes.

Zenon Lite

Theme:

Zenon Lite

Theme Slug:
zenon-lite

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-5964

The vulnerability has not been patched. You should switch themes.

window[“ea1c4c97_fbb2_4c04_a9d2_2e6d4dcee038”] = {“blockId”:”ea1c4c97-fbb2-4c04-a9d2-2e6d4dcee038″,”className”:””,”heading”:”Solid Security is part of Solid Suite \u2014 The best foundation for WordPress websites.”,”text”:”Every WordPress site needs security, backups, and management tools. That\u2019s Solid Suite \u2014 an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy\u2019s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!”,”buttonText”:”Get Solid Security”,”buttonLink”:”\/pricing”,”buttonTarget”:”_self”,”buttonRel”:””};

Solid Security is part of Solid Suite — The best foundation for WordPress websites.

Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!

Get Solid Security

The post WordPress Vulnerability Report — July 24, 2024 appeared first on SolidWP.

Source link

Explore more

Get our Wordpress Guide Get Plugins Get Connected