• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

virusword.com

Learn Wordpress

  • Home
  • WordPress Shop
    • Fotopress
    • SEO Tool Kit
    • Social Contact
    • Tag Machine 2
    • Video Profits
  • Latest News
  • WordPress
    • Plugins
    • Themes
    • Tutorials
    • Videos
    • Woocommerce
  • About Us
  • Contact Us
    • Terms of Service
    • Privacy Policy
  • Show Search
Hide Search
Home/Woocommerce/WordPress Vulnerability Report — May 15, 2024

WordPress Vulnerability Report — May 15, 2024

In this report, 192 vulnerabilities have been publicly disclosed. Security patches for 145 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 47 plugin vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

window[“e516ebc3_cc22_4120_9024_74a02d8803fb”] = {“blockId”:”e516ebc3-cc22-4120-9024-74a02d8803fb”,”type”:”warning”,”content”:”

Along with poor user account security, vulnerable plugins and themes are among the top reasons why WordPress websites get hacked. Unfortunately, cyberattacks are increasing in volume and sophistication. They’re also increasingly aimed at small to mid-sized businesses.”,”className”:””};

Along with poor user account security, vulnerable plugins and themes are among the top reasons why WordPress websites get hacked. Unfortunately, cyberattacks are increasing in volume and sophistication. They’re also increasingly aimed at small to mid-sized businesses.

window[“255c72cf_b4e3_402c_9998_e11c0e137abc”] = {“blockId”:”255c72cf-b4e3-402c-9998-e11c0e137abc”,”className”:””,”isOpen”:true};

Table of Contents

  1. 1. WordPress Core
  2. 2. WordPress Plugins — 129 Patched / 47 Unpatched
    1. 2.1
      Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer
    2. 2.2
      Flo Forms – Easy Drag & Drop Form Builder
    3. 2.3
      WP Post Author – Enhance Your Posts with the Author Bio, Co-Authors, Guest Authors, and Post Rating System, including User Registration Form Builder
    4. 2.4
      WP Post Author – Enhance Your Posts with the Author Bio, Co-Authors, Guest Authors, and Post Rating System, including User Registration Form Builder
    5. 2.5
      140+ Widgets | Best Addons For Elementor – FREE
    6. 2.6
      JCH Optimize
    7. 2.7
      Post Grid Master – Custom Post Types, Taxonomies & Ajax Filter Everything with Infinite Scroll, Load More, Pagination & Shortcode Builder
    8. 2.8
      Kognetiks Chatbot for WordPress
    9. 2.9
      Netgsm
    10. 2.10
      Propovoice CRM – Best CRM & Invoicing Plugin to Manage Leads, Clients and Billings automation
    11. 2.11
      Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider
    12. 2.12
      WC Serial Numbers – Ultimate License Manager for Selling, Licensing & Securely Delivering Digital Content with WooCommerce
    13. 2.13
      WordPress Webinar Plugin – WebinarPress
    14. 2.14
      gee Search Plus, improved WordPress search
    15. 2.15
      Sticky Social Link
    16. 2.16
      DS Site Message
    17. 2.17
      Viet Nam Affiliate
    18. 2.18
      AWSOM News Announcement
    19. 2.19
      BlogLentor
    20. 2.20
      Brozzme Scroll Top
    21. 2.21
      canvasio3D Light
    22. 2.22
      Configure Login Timeout
    23. 2.23
      Corona Virus (COVID-19) Banner & Live Data
    24. 2.24
      Crelly Slider
    25. 2.25
      Debug Info
    26. 2.26
      EasyEvent
    27. 2.27
      Enter Addons
    28. 2.28
      Fancy Elementor Flipbox
    29. 2.29
      Fast Custom Social Share by CodeBard
    30. 2.30
      Featured Content Gallery
    31. 2.31
      Forty Four – 404 Plugin for WordPress
    32. 2.32
      GDPR Compliance
    33. 2.33
      Comments Evolved for WordPress
    34. 2.34
      LetterPress
    35. 2.35
      MF Gig Calendar
    36. 2.36
      Pk Favicon Manager
    37. 2.37
      Pootle Pagebuilder – WordPress Page builder
    38. 2.38
      Pure Chat
    39. 2.39
      QuickieBar
    40. 2.40
      Social Connect
    41. 2.41
      Swift Performance Lite
    42. 2.42
      Table Maker
    43. 2.43
      TT Custom Post Type Creator
    44. 2.44
      Viet Affiliate Link
    45. 2.45
      WP etracker
    46. 2.46
      WP Favorite Posts
    47. 2.47
      WPCS ( WordPress Custom Search )
    48. 2.48
      Yoast SEO
    49. 2.49
      Jetpack – WP Security, Backup, Speed, & Growth
    50. 2.50
      Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
    51. 2.51
      Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
    52. 2.52
      Starter Templates — Elementor, WordPress & Beaver Builder Templates
    53. 2.53
      Starter Templates — Elementor, WordPress & Beaver Builder Templates
    54. 2.54
      One Click Demo Import
    55. 2.55
      Gutenberg Blocks with AI by Kadence WP – Page Builder Features
    56. 2.56
      Translate Multilingual sites – TranslatePress
    57. 2.57
      Blocksy Companion
    58. 2.58
      FileBird – WordPress Media Library Folders & File Manager
    59. 2.59
      Unlimited Elements For Elementor (Free Widgets, Addons, Templates)
    60. 2.60
      Unlimited Elements For Elementor (Free Widgets, Addons, Templates)
    61. 2.61
      Unlimited Elements For Elementor (Free Widgets, Addons, Templates)
    62. 2.62
      White Label CMS
    63. 2.63
      Advanced Ads – Ad Manager & AdSense
    64. 2.64
      Advanced Ads – Ad Manager & AdSense
    65. 2.65
      Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider)
    66. 2.66
      Beaver Builder – WordPress Page Builder
    67. 2.67
      Beaver Builder – WordPress Page Builder
    68. 2.68
      Content Views – Post Grid & Filter, Recent Posts, Category Posts, & More (Gutenberg Blocks and Shortcode)
    69. 2.69
      HT Mega – Absolute Addons For Elementor
    70. 2.70
      Pods – Custom Content Types and Fields
    71. 2.71
      WP Job Manager
    72. 2.72
      XML Sitemap & Google News
    73. 2.73
      EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor
    74. 2.74
      LearnPress – WordPress LMS Plugin
    75. 2.75
      LearnPress – WordPress LMS Plugin
    76. 2.76
      LearnPress – WordPress LMS Plugin
    77. 2.77
      LearnPress – WordPress LMS Plugin
    78. 2.78
      Import and export users and customers
    79. 2.79
      Mesmerize Companion
    80. 2.80
      Sydney Toolbox
    81. 2.81
      AI Engine
    82. 2.82
      Custom Field Suite
    83. 2.83
      Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy)
    84. 2.84
      Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy)
    85. 2.85
      Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder
    86. 2.86
      Image Hover Effects – Elementor Addon
    87. 2.87
      Ditty – Responsive News Tickers, Sliders, and Lists
    88. 2.88
      Timber
    89. 2.89
      Visual Footer Credit Remover
    90. 2.90
      Social Sharing Plugin – Social Warfare
    91. 2.91
      Back In Stock Notifier for WooCommerce | WooCommerce Waitlist Pro
    92. 2.92
      Content Blocks (Custom Post Widget)
    93. 2.93
      Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers
    94. 2.94
      ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization
    95. 2.95
      ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization
    96. 2.96
      ClickCease Click Fraud Protection
    97. 2.97
      Easy Affiliate Links
    98. 2.98
      Envo’s Elementor Templates & Widgets for WooCommerce
    99. 2.99
      Graphina – Elementor Charts and Graphs
    100. 2.100
      HTML5 Audio Player- Best WordPress Audio Player Plugin
    101. 2.101
      Link Library
    102. 2.102
      Gallery Block (Meow Gallery)
    103. 2.103
      Hotel Booking Lite
    104. 2.104
      Shared Counts – Social Media Share Buttons
    105. 2.105
      Simple Basic Contact Form
    106. 2.106
      SportsPress – Sports Club & League Manager
    107. 2.107
      SSL Zen – Free Let’s Encrypt SSL Certificate & HTTPS/SSL Redirect WordPress Plugin
    108. 2.108
      Themify Shortcodes
    109. 2.109
      Thim Elementor Kit
    110. 2.110
      Thim Elementor Kit
    111. 2.111
      weMail – Email Marketing, Newsletter, Optin Forms, Subscribers WordPress Plugin
    112. 2.112
      All-in-One Addons for Elementor – WidgetKit
    113. 2.113
      Orders Tracking for WooCommerce
    114. 2.114
      WP Latest Posts
    115. 2.115
      WP Photo Album Plus
    116. 2.116
      YITH WooCommerce Gift Cards
    117. 2.117
      WP SMS – Messaging, SMS & MMS Notifications, 2FA & OTP for WordPress, WooCommerce, GravityForms, etc
    118. 2.118
      Gutenify – Visual Site Builder Blocks & Site Templates.
    119. 2.119
      If-So Dynamic Content Personalization
    120. 2.120
      WordPress Affiliates Plugin — SliceWP Affiliates
    121. 2.121
      Shipment Tracking, Tracking, and Order Tracking for WooCommerce – ParcelPanel (Free to install)
    122. 2.122
      WP Compress – Image Optimizer [All-In-One]
    123. 2.123
      WP Compress – Image Optimizer [All-In-One]
    124. 2.124
      Better Elementor Addons
    125. 2.125
      The Best WordPress Knowledgebase and Documentation Plugin – weDocs
    126. 2.126
      WOLF – WordPress Posts Bulk Editor and Manager Professional
    127. 2.127
      Edwiser Bridge – WordPress Moodle LMS Integration
    128. 2.128
      Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library )
    129. 2.129
      Shopping Cart & eCommerce Store
    130. 2.130
      Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler
    131. 2.131
      3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin
    132. 2.132
      Startklar Elementor Addons
    133. 2.133
      Startklar Elementor Addons
    134. 2.134
      Auto Affiliate Links
    135. 2.135
      All Bootstrap Blocks
    136. 2.136
      Mihdan: Yandex Turbo Feed
    137. 2.137
      Move Addons for Elementor
    138. 2.138
      Shared Files – Advanced File Sharing & Download Manager with Frontend Uploads & Lead Generation
    139. 2.139
      WooCommerce Wishlist (High customization, fast setup,Free Elementor Wishlist, most features)
    140. 2.140
      WooCommerce Wishlist (High customization, fast setup,Free Elementor Wishlist, most features)
    141. 2.141
      iPages Flipbook For WordPress
    142. 2.142
      ShopBuilder – Elementor WooCommerce Builder Addons
    143. 2.143
      Zotpress
    144. 2.144
      Academy LMS – eLearning and online course solution for WordPress
    145. 2.145
      Arigato Autoresponder and Newsletter
    146. 2.146
      Church Admin
    147. 2.147
      Contact List – Premium Staff Listing, Business Directory & Address Book
    148. 2.148
      Falang multilanguage for WordPress
    149. 2.149
      Ghost
    150. 2.150
      Gold Addons for Elementor
    151. 2.151
      Dynamics 365 Integration
    152. 2.152
      Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms
    153. 2.153
      SKT Addons for Elementor
    154. 2.154
      SKT Addons for Elementor
    155. 2.155
      Squelch Tabs and Accordions Shortcodes
    156. 2.156
      Counter Up – Animated Number Counter & Milestone Showcase
    157. 2.157
      WP Discourse
    158. 2.158
      WPCal.io – Easy Meeting Scheduler
    159. 2.159
      Barcode Scanner and Inventory manager. POS (Point of Sale) – scan barcodes & create orders with barcode reader.
    160. 2.160
      Barcode Scanner and Inventory manager. POS (Point of Sale) – scan barcodes & create orders with barcode reader.
    161. 2.161
      Sticky banner
    162. 2.162
      Joli FAQ SEO – WordPress FAQ Plugin
    163. 2.163
      Soccer Engine – Soccer Plugin for WordPress
    164. 2.164
      Hostel
    165. 2.165
      ADFO – Custom data in admin dashboard
    166. 2.166
      ADFO – Custom data in admin dashboard
    167. 2.167
      Z-Downloads
    168. 2.168
      Aiomatic
    169. 2.169
      Breakdance
    170. 2.170
      Divi Builder
    171. 2.171
      Fancy Product Designer
    172. 2.172
      Porto Theme – Functionality
    173. 2.173
      Spectra Pro
    174. 2.174
      Stockholm Core
    175. 2.175
      Stockholm Core
    176. 2.176
      Unyson
  3. 3. WordPress Themes — 16 Patched
    1. 3.1
      Consus
    2. 3.2
      EmpowerWP
    3. 3.3
      Himalayas
    4. 3.4
      Ketos
    5. 3.5
      Mindscape
    6. 3.6
      Niveau
    7. 3.7
      Oasis
    8. 3.8
      raindrops
    9. 3.9
      Skyline WP
    10. 3.10
      Zeka
    11. 3.11
      Divi
    12. 3.12
      Extra
    13. 3.13
      Porto
    14. 3.14
      Porto
    15. 3.15
      Stockholm
    16. 3.16
      Stockholm

window[“d4016609_9a27_4a04_8b01_4cf71ac41793”] = {“blockId”:”d4016609-9a27-4a04-8b01-4cf71ac41793″,”type”:”notice”,”content”:”

Our WordPress Vulnerability Report\u00a0covers the latest emerging WordPress plugin, theme, and core vulnerabilities. Each vulnerability will have a severity rating of\u00a0Low,\u00a0Medium,\u00a0High, or\u00a0Critical. Responsible disclosure of vulnerabilities is essential to keeping the WordPress community safe. Please share this report to help spread the word and make WordPress \u2014 and the web \u2014 more secure.”,”className”:””};

Our WordPress Vulnerability Report covers the latest emerging WordPress plugin, theme, and core vulnerabilities. Each vulnerability will have a severity rating of Low, Medium, High, or Critical. Responsible disclosure of vulnerabilities is essential to keeping the WordPress community safe. Please share this report to help spread the word and make WordPress — and the web — more secure.

WordPress Core

WordPress 6.5.3 was released on May 7, 2024, as a short-cycle maintenance release. This release features 12 bug fixes on Core and 9 bug fixes for the Block editor.

The next major release will be version 6.6 planned for July 2024.

window[“3ce27c10_4561_4878_bd60_5562a4dbf81c”] = {“blockId”:”3ce27c10-4561-4878-bd60-5562a4dbf81c”,”text”:”No new core vulnerabilities were disclosed this week.”,”className”:””};

No new core vulnerabilities were disclosed this week.

WordPress Plugins — 129 Patched / 47 Unpatched

Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer

Plugin:

Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer

Plugin Slug:
clearfy

Installations
80,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-34806

The vulnerability has not been patched. You should deactivate the plugin.

Flo Forms – Easy Drag & Drop Form Builder

Plugin:

Flo Forms – Easy Drag & Drop Form Builder

Plugin Slug:
flo-forms

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-35174

The vulnerability has not been patched. You should deactivate the plugin.

WP Post Author – Enhance Your Posts with the Author Bio, Co-Authors, Guest Authors, and Post Rating System, including User Registration Form Builder

Plugin:

WP Post Author – Enhance Your Posts with the Author Bio, Co-Authors, Guest Authors, and Post Rating System, including User Registration Form Builder

Plugin Slug:
wp-post-author

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-34389

The vulnerability has not been patched. You should deactivate the plugin.

WP Post Author – Enhance Your Posts with the Author Bio, Co-Authors, Guest Authors, and Post Rating System, including User Registration Form Builder

Plugin:

WP Post Author – Enhance Your Posts with the Author Bio, Co-Authors, Guest Authors, and Post Rating System, including User Registration Form Builder

Plugin Slug:
wp-post-author

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-34387

The vulnerability has not been patched. You should deactivate the plugin.

140+ Widgets | Best Addons For Elementor – FREE

Plugin:

140+ Widgets | Best Addons For Elementor – FREE

Plugin Slug:
xpro-elementor-addons

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-34570

The vulnerability has not been patched. You should deactivate the plugin.

JCH Optimize

Plugin:

JCH Optimize

Plugin Slug:
jch-optimize

Installations
6,000+

Vulnerability:
Path Traversal

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-34808

The vulnerability has not been patched. You should deactivate the plugin.

Post Grid Master – Custom Post Types, Taxonomies & Ajax Filter Everything with Infinite Scroll, Load More, Pagination & Shortcode Builder

Plugin:

Post Grid Master – Custom Post Types, Taxonomies & Ajax Filter Everything with Infinite Scroll, Load More, Pagination & Shortcode Builder

Plugin Slug:
ajax-filter-posts

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-34390

The vulnerability has not been patched. You should deactivate the plugin.

Kognetiks Chatbot for WordPress

Plugin:

Kognetiks Chatbot for WordPress

Plugin Slug:
chatbot-chatgpt

Installations
1,000+

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-32700

The vulnerability has not been patched. You should deactivate the plugin.

Netgsm

Plugin:

Netgsm

Plugin Slug:
netgsm

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-4746

The vulnerability has not been patched. You should deactivate the plugin.

Propovoice CRM – Best CRM & Invoicing Plugin to Manage Leads, Clients and Billings automation

Plugin:

Propovoice CRM – Best CRM & Invoicing Plugin to Manage Leads, Clients and Billings automation

Plugin Slug:
propovoice

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-4747

The vulnerability has not been patched. You should deactivate the plugin.

Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider

Plugin:

Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider

Plugin Slug:
ultimate-store-kit

Installations
1,000+

Vulnerability:
PHP Object Injection

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-4606

The vulnerability has not been patched. You should deactivate the plugin.

WC Serial Numbers – Ultimate License Manager for Selling, Licensing & Securely Delivering Digital Content with WooCommerce

Plugin:

WC Serial Numbers – Ultimate License Manager for Selling, Licensing & Securely Delivering Digital Content with WooCommerce

Plugin Slug:
wc-serial-numbers

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-35173

The vulnerability has not been patched. You should deactivate the plugin.

WordPress Webinar Plugin – WebinarPress

Plugin:

WordPress Webinar Plugin – WebinarPress

Plugin Slug:
wp-webinarsystem

Installations
1,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-34818

The vulnerability has not been patched. You should deactivate the plugin.

gee Search Plus, improved WordPress search

Plugin:

gee Search Plus, improved WordPress search

Plugin Slug:
gsearch-plus

Installations
100+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-34560

The vulnerability has not been patched. You should deactivate the plugin.

Sticky Social Link

Plugin:

Sticky Social Link

Plugin Slug:
sticky-social-link

Installations
100+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-34546

The vulnerability has not been patched. You should deactivate the plugin.

DS Site Message

Plugin:

DS Site Message

Plugin Slug:
ds-site-message

Installations
10+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-34439

The vulnerability has not been patched. You should deactivate the plugin.

Viet Nam Affiliate

Plugin:

Viet Nam Affiliate

Plugin Slug:
viet-nam-affiliate

Installations
10+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-34417

The vulnerability has not been patched. You should deactivate the plugin.

AWSOM News Announcement

Plugin:

AWSOM News Announcement

Plugin Slug:
awsom-news-announcement

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-34428

The vulnerability has not been patched. You should deactivate the plugin.

BlogLentor

Plugin:

BlogLentor

Plugin Slug:
bloglentor-for-elementor

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-34421

The vulnerability has not been patched. You should deactivate the plugin.

Brozzme Scroll Top

Plugin:

Brozzme Scroll Top

Plugin Slug:
brozzme-scroll-top

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-34426

The vulnerability has not been patched. You should deactivate the plugin.

canvasio3D Light

Plugin:

canvasio3D Light

Plugin Slug:
canvasio3d-light

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-34411

The vulnerability has not been patched. You should deactivate the plugin.

Configure Login Timeout

Plugin:

Configure Login Timeout

Plugin Slug:
configure-login-timeout

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-34419

The vulnerability has not been patched. You should deactivate the plugin.

Corona Virus (COVID-19) Banner & Live Data

Plugin:

Corona Virus (COVID-19) Banner & Live Data

Plugin Slug:
corona-virus-covid-19-banner

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-34429

The vulnerability has not been patched. You should deactivate the plugin.

Crelly Slider

Plugin:

Crelly Slider

Plugin Slug:
crelly-slider

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-3752

The vulnerability has not been patched. You should deactivate the plugin.

Debug Info

Plugin:

Debug Info

Plugin Slug:
debug-info

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-34565

The vulnerability has not been patched. You should deactivate the plugin.

EasyEvent

Plugin:

EasyEvent

Plugin Slug:
easyevent

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-3628

The vulnerability has not been patched. You should deactivate the plugin.

Enter Addons

Plugin:

Enter Addons

Plugin Slug:
enteraddons

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-3831

The vulnerability has not been patched. You should deactivate the plugin.

Fancy Elementor Flipbox

Plugin:

Fancy Elementor Flipbox

Plugin Slug:
fancy-elementor-flipbox

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-34572

The vulnerability has not been patched. You should deactivate the plugin.

Fast Custom Social Share by CodeBard

Plugin:

Fast Custom Social Share by CodeBard

Plugin Slug:
fast-custom-social-share-by-codebard

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-34807

The vulnerability has not been patched. You should deactivate the plugin.

Featured Content Gallery

Plugin:

Featured Content Gallery

Plugin Slug:
featured-content-gallery

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-34424

The vulnerability has not been patched. You should deactivate the plugin.

Forty Four – 404 Plugin for WordPress

Plugin:

Forty Four – 404 Plugin for WordPress

Plugin Slug:
forty-four

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-34423

The vulnerability has not been patched. You should deactivate the plugin.

GDPR Compliance

Plugin:

GDPR Compliance

Plugin Slug:
gdpr-compliance

Vulnerability:
Sensitive Data Exposure

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-34388

The vulnerability has not been patched. You should deactivate the plugin.

Comments Evolved for WordPress

Plugin:

Comments Evolved for WordPress

Plugin Slug:
gplus-comments

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-34420

The vulnerability has not been patched. You should deactivate the plugin.

LetterPress

Plugin:

LetterPress

Plugin Slug:
letterpress

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-34568

The vulnerability has not been patched. You should deactivate the plugin.

MF Gig Calendar

Plugin:

MF Gig Calendar

Plugin Slug:
mf-gig-calendar

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-3755

The vulnerability has not been patched. You should deactivate the plugin.

Pk Favicon Manager

Plugin:

Pk Favicon Manager

Plugin Slug:
phpsword-favicon-manager

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-34416

The vulnerability has not been patched. You should deactivate the plugin.

Pootle Pagebuilder – WordPress Page builder

Plugin:

Pootle Pagebuilder – WordPress Page builder

Plugin Slug:
pootle-page-builder

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-34573

The vulnerability has not been patched. You should deactivate the plugin.

Pure Chat

Plugin:

Pure Chat

Plugin Slug:
pure-chat

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-3595

The vulnerability has not been patched. You should deactivate the plugin.

QuickieBar

Plugin:

QuickieBar

Plugin Slug:
quickiebar

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-34425

The vulnerability has not been patched. You should deactivate the plugin.

Social Connect

Plugin:

Social Connect

Plugin Slug:
social-connect

Vulnerability:
Privilege Escalation

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-4393

The vulnerability has not been patched. You should deactivate the plugin.

Swift Performance Lite

Plugin:

Swift Performance Lite

Plugin Slug:
swift-performance-lite

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-3722

The vulnerability has not been patched. You should deactivate the plugin.

Table Maker

Plugin:

Table Maker

Plugin Slug:
table-maker

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-34574

The vulnerability has not been patched. You should deactivate the plugin.

TT Custom Post Type Creator

Plugin:

TT Custom Post Type Creator

Plugin Slug:
tt-custom-post-type-creator

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-34430

The vulnerability has not been patched. You should deactivate the plugin.

Viet Affiliate Link

Plugin:

Viet Affiliate Link

Plugin Slug:
viet-affiliate-link

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-34422

The vulnerability has not been patched. You should deactivate the plugin.

WP etracker

Plugin:

WP etracker

Plugin Slug:
wp-etracker

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-34431

The vulnerability has not been patched. You should deactivate the plugin.

WP Favorite Posts

Plugin:

WP Favorite Posts

Plugin Slug:
wp-favorite-posts

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-34427

The vulnerability has not been patched. You should deactivate the plugin.

WPCS ( WordPress Custom Search )

Plugin:

WPCS ( WordPress Custom Search )

Plugin Slug:
wpcs-wp-custom-search

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-34418

The vulnerability has not been patched. You should deactivate the plugin.

Yoast SEO

Plugin:

Yoast SEO

Plugin Slug:
wordpress-seo

Installations
5,000,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
22.6

Severity Score:
High

CVE:

2024-4041

The vulnerability has been patched, so you should update to version 22.6.

Jetpack – WP Security, Backup, Speed, & Growth

Plugin:

Jetpack – WP Security, Backup, Speed, & Growth

Plugin Slug:
jetpack

Installations
4,000,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
13.4

Severity Score:
Medium

CVE:

2024-4392

The vulnerability has been patched, so you should update to version 13.4.

Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders

Plugin:

Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders

Plugin Slug:
essential-addons-for-elementor-lite

Installations
2,000,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
5.9.21

Severity Score:
Medium

CVE:

2024-4624

The vulnerability has been patched, so you should update to version 5.9.21.

Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders

Plugin:

Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders

Plugin Slug:
essential-addons-for-elementor-lite

Installations
2,000,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
5.9.20

Severity Score:
Medium

CVE:

2024-4275

The vulnerability has been patched, so you should update to version 5.9.20.

Starter Templates — Elementor, WordPress & Beaver Builder Templates

Plugin:

Starter Templates — Elementor, WordPress & Beaver Builder Templates

Plugin Slug:
astra-sites

Installations
1,000,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.2.2

Severity Score:
Medium

CVE:

2024-4630

The vulnerability has been patched, so you should update to version 4.2.2.

Starter Templates — Elementor, WordPress & Beaver Builder Templates

Plugin:

Starter Templates — Elementor, WordPress & Beaver Builder Templates

Plugin Slug:
astra-sites

Installations
1,000,000+

Vulnerability:
Server Side Request Forgery (SSRF)

Patched in Version:
4.1.7

Severity Score:
Medium

CVE:

2024-1467

The vulnerability has been patched, so you should update to version 4.1.7.

One Click Demo Import

Plugin:

One Click Demo Import

Plugin Slug:
one-click-demo-import

Installations
1,000,000+

Vulnerability:
PHP Object Injection

Patched in Version:
3.2.1

Severity Score:
Medium

CVE:

2024-34433

The vulnerability has been patched, so you should update to version 3.2.1.

Gutenberg Blocks with AI by Kadence WP – Page Builder Features

Plugin:

Gutenberg Blocks with AI by Kadence WP – Page Builder Features

Plugin Slug:
kadence-blocks

Installations
400,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.2.37

Severity Score:
Medium

CVE:

2024-4481

The vulnerability has been patched, so you should update to version 3.2.37.

Translate Multilingual sites – TranslatePress

Plugin:

Translate Multilingual sites – TranslatePress

Plugin Slug:
translatepress-multilingual

Installations
300,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.7.6

Severity Score:
Medium

CVE:

2024-34827

The vulnerability has been patched, so you should update to version 2.7.6.

Blocksy Companion

Plugin:

Blocksy Companion

Plugin Slug:
blocksy-companion

Installations
200,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.0.46

Severity Score:
Medium

CVE:

2024-4487

The vulnerability has been patched, so you should update to version 2.0.46.

FileBird – WordPress Media Library Folders & File Manager

Plugin:

FileBird – WordPress Media Library Folders & File Manager

Plugin Slug:
filebird

Installations
200,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
5.6.4

Severity Score:
Medium

CVE:

2024-35166

The vulnerability has been patched, so you should update to version 5.6.4.

Unlimited Elements For Elementor (Free Widgets, Addons, Templates)

Plugin:

Unlimited Elements For Elementor (Free Widgets, Addons, Templates)

Plugin Slug:
unlimited-elements-for-elementor

Installations
200,000+

Vulnerability:
SQL Injection

Patched in Version:
1.5.105

Severity Score:
High

CVE:

2024-3055

The vulnerability has been patched, so you should update to version 1.5.105.

Unlimited Elements For Elementor (Free Widgets, Addons, Templates)

Plugin:

Unlimited Elements For Elementor (Free Widgets, Addons, Templates)

Plugin Slug:
unlimited-elements-for-elementor

Installations
200,000+

Vulnerability:
Remote Code Execution (RCE)

Patched in Version:
1.5.103

Severity Score:
High

CVE:

2024-2662

The vulnerability has been patched, so you should update to version 1.5.103.

Unlimited Elements For Elementor (Free Widgets, Addons, Templates)

Plugin:

Unlimited Elements For Elementor (Free Widgets, Addons, Templates)

Plugin Slug:
unlimited-elements-for-elementor

Installations
200,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.5.103

Severity Score:
High

CVE:

2024-3547

The vulnerability has been patched, so you should update to version 1.5.103.

White Label CMS

Plugin:

White Label CMS

Plugin Slug:
white-label-cms

Installations
200,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.7.4

Severity Score:
Medium

CVE:

2024-4280

The vulnerability has been patched, so you should update to version 2.7.4.

Advanced Ads – Ad Manager & AdSense

Plugin:

Advanced Ads – Ad Manager & AdSense

Plugin Slug:
advanced-ads

Installations
100,000+

Vulnerability:
PHP Object Injection

Patched in Version:
1.52.2

Severity Score:
Medium

CVE:

2024-2290

The vulnerability has been patched, so you should update to version 1.52.2.

Advanced Ads – Ad Manager & AdSense

Plugin:

Advanced Ads – Ad Manager & AdSense

Plugin Slug:
advanced-ads

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.52.2

Severity Score:
Medium

CVE:

2024-3952

The vulnerability has been patched, so you should update to version 1.52.2.

Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider)

Plugin:

Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider)

Plugin Slug:
bdthemes-prime-slider-lite

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.14.4

Severity Score:
Medium

CVE:

2024-4339

The vulnerability has been patched, so you should update to version 3.14.4.

Beaver Builder – WordPress Page Builder

Plugin:

Beaver Builder – WordPress Page Builder

Plugin Slug:
beaver-builder-lite-version

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.8.1.3

Severity Score:
Medium

CVE:

2024-4430

The vulnerability has been patched, so you should update to version 2.8.1.3.

Beaver Builder – WordPress Page Builder

Plugin:

Beaver Builder – WordPress Page Builder

Plugin Slug:
beaver-builder-lite-version

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.8.1.2

Severity Score:
Medium

CVE:

2024-3923

The vulnerability has been patched, so you should update to version 2.8.1.2.

Content Views – Post Grid & Filter, Recent Posts, Category Posts, & More (Gutenberg Blocks and Shortcode)

Plugin:

Content Views – Post Grid & Filter, Recent Posts, Category Posts, & More (Gutenberg Blocks and Shortcode)

Plugin Slug:
content-views-query-and-display-post-page

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.7.2

Severity Score:
Medium

CVE:

2024-4446

The vulnerability has been patched, so you should update to version 3.7.2.

HT Mega – Absolute Addons For Elementor

Plugin:

HT Mega – Absolute Addons For Elementor

Plugin Slug:
ht-mega-for-elementor

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.5.1

Severity Score:
Medium

CVE:

2024-3990

The vulnerability has been patched, so you should update to version 2.5.1.

Pods – Custom Content Types and Fields

Plugin:

Pods – Custom Content Types and Fields

Plugin Slug:
pods

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.2.1.1

Severity Score:
Medium

CVE:

2024-3956

The vulnerability has been patched, so you should update to version 3.2.1.1.

WP Job Manager

Plugin:

WP Job Manager

Plugin Slug:
wp-job-manager

Installations
100,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
2.3.0

Severity Score:
Medium

CVE:

2024-34549

The vulnerability has been patched, so you should update to version 2.3.0.

XML Sitemap & Google News

Plugin:

XML Sitemap & Google News

Plugin Slug:
xml-sitemap-feed

Installations
100,000+

Vulnerability:
Local File Inclusion

Patched in Version:
5.4.9

Severity Score:
High

CVE:

2024-4441

The vulnerability has been patched, so you should update to version 5.4.9.

EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor

Plugin:

EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor

Plugin Slug:
embedpress

Installations
90,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.9.17

Severity Score:
Medium

CVE:

2024-4316

The vulnerability has been patched, so you should update to version 3.9.17.

LearnPress – WordPress LMS Plugin

Plugin:

LearnPress – WordPress LMS Plugin

Plugin Slug:
learnpress

Installations
90,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.2.6.6

Severity Score:
Medium

CVE:

2024-4277

The vulnerability has been patched, so you should update to version 4.2.6.6.

LearnPress – WordPress LMS Plugin

Plugin:

LearnPress – WordPress LMS Plugin

Plugin Slug:
learnpress

Installations
90,000+

Vulnerability:
Broken Access Control

Patched in Version:
4.2.6.6

Severity Score:
Medium

CVE:

2024-4444

The vulnerability has been patched, so you should update to version 4.2.6.6.

LearnPress – WordPress LMS Plugin

Plugin:

LearnPress – WordPress LMS Plugin

Plugin Slug:
learnpress

Installations
90,000+

Vulnerability:
SQL Injection

Patched in Version:
4.2.6.6

Severity Score:
Critical

CVE:

2024-4434

The vulnerability has been patched, so you should update to version 4.2.6.6.

LearnPress – WordPress LMS Plugin

Plugin:

LearnPress – WordPress LMS Plugin

Plugin Slug:
learnpress

Installations
90,000+

Vulnerability:
Arbitrary File Upload

Patched in Version:
4.2.6.6

Severity Score:
Critical

CVE:

2024-4397

The vulnerability has been patched, so you should update to version 4.2.6.6.

Import and export users and customers

Plugin:

Import and export users and customers

Plugin Slug:
import-users-from-csv-with-meta

Installations
80,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.26.6

Severity Score:
Medium

CVE:

2024-34815

The vulnerability has been patched, so you should update to version 1.26.6.

Mesmerize Companion

Plugin:

Mesmerize Companion

Plugin Slug:
mesmerize-companion

Installations
80,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.6.149

Severity Score:
Medium

CVE:

2024-3494

The vulnerability has been patched, so you should update to version 1.6.149.

Sydney Toolbox

Plugin:

Sydney Toolbox

Plugin Slug:
sydney-toolbox

Installations
80,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.32

Severity Score:
Medium

CVE:

2024-4473

The vulnerability has been patched, so you should update to version 1.32.

AI Engine

Plugin:

AI Engine

Plugin Slug:
ai-engine

Installations
70,000+

Vulnerability:
Arbitrary File Upload

Patched in Version:
2.2.70

Severity Score:
Critical

CVE:

2024-34440

The vulnerability has been patched, so you should update to version 2.2.70.

Custom Field Suite

Plugin:

Custom Field Suite

Plugin Slug:
custom-field-suite

Installations
50,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.6.6

Severity Score:
Medium

CVE:

2024-3068

The vulnerability has been patched, so you should update to version 2.6.6.

Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy)

Plugin:

Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy)

Plugin Slug:
easy-digital-downloads

Installations
50,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
3.2.12

Severity Score:
Medium

CVE:

2024-32100

The vulnerability has been patched, so you should update to version 3.2.12.

Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy)

Plugin:

Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy)

Plugin Slug:
easy-digital-downloads

Installations
50,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
3.2.12

Severity Score:
Medium

CVE:

2024-31113

The vulnerability has been patched, so you should update to version 3.2.12.

Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder

Plugin:

Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder

Plugin Slug:
form-maker

Installations
50,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.15.25

Severity Score:
Medium

CVE:

2024-34437

The vulnerability has been patched, so you should update to version 1.15.25.

Image Hover Effects – Elementor Addon

Plugin:

Image Hover Effects – Elementor Addon

Plugin Slug:
image-hover-effects-addon-for-elementor

Installations
50,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.4.2

Severity Score:
Medium

CVE:

2024-1166

The vulnerability has been patched, so you should update to version 1.4.2.

Ditty – Responsive News Tickers, Sliders, and Lists

Plugin:

Ditty – Responsive News Tickers, Sliders, and Lists

Plugin Slug:
ditty-news-ticker

Installations
40,000+

Vulnerability:
PHP Object Injection

Patched in Version:
3.1.39

Severity Score:
High

CVE:

2024-3954

The vulnerability has been patched, so you should update to version 3.1.39.

Timber

Plugin:

Timber

Plugin Slug:
timber-library

Installations
40,000+

Vulnerability:
Deserialization of untrusted data

Patched in Version:
1.23.1

Severity Score:
High

CVE:

2024-29800

The vulnerability has been patched, so you should update to version 1.23.1.

Visual Footer Credit Remover

Plugin:

Visual Footer Credit Remover

Plugin Slug:
visual-footer-credit-remover

Installations
40,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.3

Severity Score:
Medium

CVE:

2024-2846

The vulnerability has been patched, so you should update to version 1.3.

Social Sharing Plugin – Social Warfare

Plugin:

Social Sharing Plugin – Social Warfare

Plugin Slug:
social-warfare

Installations
30,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
4.4.6

Severity Score:
Medium

CVE:

2024-34825

The vulnerability has been patched, so you should update to version 4.4.6.

Back In Stock Notifier for WooCommerce | WooCommerce Waitlist Pro

Plugin:

Back In Stock Notifier for WooCommerce | WooCommerce Waitlist Pro

Plugin Slug:
back-in-stock-notifier-for-woocommerce

Installations
20,000+

Vulnerability:
Broken Access Control

Patched in Version:
5.3.2

Severity Score:
Medium

CVE:

2024-4038

The vulnerability has been patched, so you should update to version 5.3.2.

Content Blocks (Custom Post Widget)

Plugin:

Content Blocks (Custom Post Widget)

Plugin Slug:
custom-post-widget

Installations
20,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.3.1

Severity Score:
Medium

CVE:

2024-34566

The vulnerability has been patched, so you should update to version 3.3.1.

Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers

Plugin:

Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers

Plugin Slug:
rafflepress

Installations
20,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.12.5

Severity Score:
Medium

CVE:

2024-4745

The vulnerability has been patched, so you should update to version 1.12.5.

ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization

Plugin:

ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization

Plugin Slug:
shortpixel-adaptive-images

Installations
20,000+

Vulnerability:
Server Side Request Forgery (SSRF)

Patched in Version:
3.8.4

Severity Score:
Medium

CVE:

2024-35172

The vulnerability has been patched, so you should update to version 3.8.4.

ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization

Plugin:

ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization

Plugin Slug:
shortpixel-adaptive-images

Installations
20,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
3.8.4

Severity Score:
Medium

CVE:

2024-4689

The vulnerability has been patched, so you should update to version 3.8.4.

ClickCease Click Fraud Protection

Plugin:

ClickCease Click Fraud Protection

Plugin Slug:
clickcease-click-fraud-protection

Installations
10,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
3.2.5

Severity Score:
Medium

CVE:

2023-6810

The vulnerability has been patched, so you should update to version 3.2.5.

Easy Affiliate Links

Plugin:

Easy Affiliate Links

Plugin Slug:
easy-affiliate-links

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.7.3

Severity Score:
Medium

CVE:

2024-34441

The vulnerability has been patched, so you should update to version 3.7.3.

Envo’s Elementor Templates & Widgets for WooCommerce

Plugin:

Envo’s Elementor Templates & Widgets for WooCommerce

Plugin Slug:
envo-elementor-for-woocommerce

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.4.9

Severity Score:
Medium

CVE:

2024-35167

The vulnerability has been patched, so you should update to version 1.4.9.

Graphina – Elementor Charts and Graphs

Plugin:

Graphina – Elementor Charts and Graphs

Plugin Slug:
graphina-elementor-charts-and-graphs

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.8.10

Severity Score:
Medium

CVE:

2024-4574

The vulnerability has been patched, so you should update to version 1.8.10.

HTML5 Audio Player- Best WordPress Audio Player Plugin

Plugin:

HTML5 Audio Player- Best WordPress Audio Player Plugin

Plugin Slug:
html5-audio-player

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.2.22

Severity Score:
Medium

CVE:

2024-4398

The vulnerability has been patched, so you should update to version 2.2.22.

Link Library

Plugin:

Link Library

Plugin Slug:
link-library

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
7.7

Severity Score:
Medium

CVE:

2024-4281

The vulnerability has been patched, so you should update to version 7.7.

Gallery Block (Meow Gallery)

Plugin:

Gallery Block (Meow Gallery)

Plugin Slug:
meow-gallery

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
5.1.4

Severity Score:
Medium

CVE:

2024-4386

The vulnerability has been patched, so you should update to version 5.1.4.

Hotel Booking Lite

Plugin:

Hotel Booking Lite

Plugin Slug:
motopress-hotel-booking-lite

Installations
10,000+

Vulnerability:
PHP Object Injection

Patched in Version:
4.11.2

Severity Score:
Critical

CVE:

2024-4413

The vulnerability has been patched, so you should update to version 4.11.2.

Shared Counts – Social Media Share Buttons

Plugin:

Shared Counts – Social Media Share Buttons

Plugin Slug:
shared-counts

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.5.0

Severity Score:
Medium

The vulnerability has been patched, so you should update to version 1.5.0.

Simple Basic Contact Form

Plugin:

Simple Basic Contact Form

Plugin Slug:
simple-basic-contact-form

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
20240511

Severity Score:
Medium

CVE:

2024-4144

The vulnerability has been patched, so you should update to version 20240511.

SportsPress – Sports Club & League Manager

Plugin:

SportsPress – Sports Club & League Manager

Plugin Slug:
sportspress

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.7.21

Severity Score:
Medium

CVE:

2024-34824

The vulnerability has been patched, so you should update to version 2.7.21.

SSL Zen – Free Let’s Encrypt SSL Certificate & HTTPS/SSL Redirect WordPress Plugin

Plugin:

SSL Zen – Free Let’s Encrypt SSL Certificate & HTTPS/SSL Redirect WordPress Plugin

Plugin Slug:
ssl-zen

Installations
10,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
4.6.0

Severity Score:
Medium

CVE:

2024-1076

The vulnerability has been patched, so you should update to version 4.6.0.

Themify Shortcodes

Plugin:

Themify Shortcodes

Plugin Slug:
themify-shortcodes

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.1.0

Severity Score:
Medium

CVE:

2024-4567

The vulnerability has been patched, so you should update to version 2.1.0.

Thim Elementor Kit

Plugin:

Thim Elementor Kit

Plugin Slug:
thim-elementor-kit

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.1.9.1

Severity Score:
Medium

CVE:

2024-4329

The vulnerability has been patched, so you should update to version 1.1.9.1.

Thim Elementor Kit

Plugin:

Thim Elementor Kit

Plugin Slug:
thim-elementor-kit

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.1.9

Severity Score:
Medium

CVE:

2024-34415

The vulnerability has been patched, so you should update to version 1.1.9.

weMail – Email Marketing, Newsletter, Optin Forms, Subscribers WordPress Plugin

Plugin:

weMail – Email Marketing, Newsletter, Optin Forms, Subscribers WordPress Plugin

Plugin Slug:
wemail

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.14.3

Severity Score:
Medium

CVE:

2024-34822

The vulnerability has been patched, so you should update to version 1.14.3.

All-in-One Addons for Elementor – WidgetKit

Plugin:

All-in-One Addons for Elementor – WidgetKit

Plugin Slug:
widgetkit-for-elementor

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.5.0

Severity Score:
Medium

CVE:

2024-34548

The vulnerability has been patched, so you should update to version 2.5.0.

Orders Tracking for WooCommerce

Plugin:

Orders Tracking for WooCommerce

Plugin Slug:
woo-orders-tracking

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.2.11

Severity Score:
Medium

CVE:

2024-4039

The vulnerability has been patched, so you should update to version 1.2.11.

WP Latest Posts

Plugin:

WP Latest Posts

Plugin Slug:
wp-latest-posts

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
5.0.8

Severity Score:
Medium

CVE:

2024-4135

The vulnerability has been patched, so you should update to version 5.0.8.

WP Photo Album Plus

Plugin:

WP Photo Album Plus

Plugin Slug:
wp-photo-album-plus

Installations
10,000+

Vulnerability:
Arbitrary File Upload

Patched in Version:
8.7.01.002

Severity Score:
Critical

CVE:

2024-31377

The vulnerability has been patched, so you should update to version 8.7.01.002.

YITH WooCommerce Gift Cards

Plugin:

YITH WooCommerce Gift Cards

Plugin Slug:
yith-woocommerce-gift-cards

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
4.13.0

Severity Score:
Medium

CVE:

2024-0870

The vulnerability has been patched, so you should update to version 4.13.0.

WP SMS – Messaging, SMS & MMS Notifications, 2FA & OTP for WordPress, WooCommerce, GravityForms, etc

Plugin:

WP SMS – Messaging, SMS & MMS Notifications, 2FA & OTP for WordPress, WooCommerce, GravityForms, etc

Plugin Slug:
wp-sms

Installations
9,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
6.5.2

Severity Score:
Medium

CVE:

2024-34811

The vulnerability has been patched, so you should update to version 6.5.2.

Gutenify – Visual Site Builder Blocks & Site Templates.

Plugin:

Gutenify – Visual Site Builder Blocks & Site Templates.

Plugin Slug:
gutenify

Installations
8,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
1.4.1

Severity Score:
Medium

CVE:

2024-35165

The vulnerability has been patched, so you should update to version 1.4.1.

If-So Dynamic Content Personalization

Plugin:

If-So Dynamic Content Personalization

Plugin Slug:
if-so

Installations
8,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.7.1.1

Severity Score:
Medium

CVE:

2024-34820

The vulnerability has been patched, so you should update to version 1.7.1.1.

WordPress Affiliates Plugin — SliceWP Affiliates

Plugin:

WordPress Affiliates Plugin — SliceWP Affiliates

Plugin Slug:
slicewp

Installations
8,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.1.11

Severity Score:
Medium

CVE:

2024-34413

The vulnerability has been patched, so you should update to version 1.1.11.

Shipment Tracking, Tracking, and Order Tracking for WooCommerce – ParcelPanel (Free to install)

Plugin:

Shipment Tracking, Tracking, and Order Tracking for WooCommerce – ParcelPanel (Free to install)

Plugin Slug:
parcelpanel

Installations
7,000+

Vulnerability:
SQL Injection

Patched in Version:
3.9.0

Severity Score:
High

CVE:

2024-34412

The vulnerability has been patched, so you should update to version 3.9.0.

WP Compress – Image Optimizer [All-In-One]

Plugin:

WP Compress – Image Optimizer [All-In-One]

Plugin Slug:
wp-compress-image-optimizer

Installations
7,000+

Vulnerability:
Broken Access Control

Patched in Version:
6.20.02

Severity Score:
Medium

CVE:

2024-4445

The vulnerability has been patched, so you should update to version 6.20.02.

WP Compress – Image Optimizer [All-In-One]

Plugin:

WP Compress – Image Optimizer [All-In-One]

Plugin Slug:
wp-compress-image-optimizer

Installations
7,000+

Vulnerability:
Open Redirection

Patched in Version:
6.20.02

Severity Score:
Medium

CVE:

2023-6812

The vulnerability has been patched, so you should update to version 6.20.02.

Better Elementor Addons

Plugin:

Better Elementor Addons

Plugin Slug:
better-elementor-addons

Installations
6,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.4.5

Severity Score:
Medium

CVE:

2024-34432

The vulnerability has been patched, so you should update to version 1.4.5.

The Best WordPress Knowledgebase and Documentation Plugin – weDocs

Plugin:

The Best WordPress Knowledgebase and Documentation Plugin – weDocs

Plugin Slug:
wedocs

Installations
6,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.1.5

Severity Score:
Medium

CVE:

2024-34442

The vulnerability has been patched, so you should update to version 2.1.5.

WOLF – WordPress Posts Bulk Editor and Manager Professional

Plugin:

WOLF – WordPress Posts Bulk Editor and Manager Professional

Plugin Slug:
bulk-editor

Installations
5,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.0.8.3

Severity Score:
Medium

CVE:

2024-34558

The vulnerability has been patched, so you should update to version 1.0.8.3.

Edwiser Bridge – WordPress Moodle LMS Integration

Plugin:

Edwiser Bridge – WordPress Moodle LMS Integration

Plugin Slug:
edwiser-bridge

Installations
5,000+

Vulnerability:
Privilege Escalation

Patched in Version:
3.0.6

Severity Score:
Critical

CVE:

2024-4186

The vulnerability has been patched, so you should update to version 3.0.6.

Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library )

Plugin:

Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library )

Plugin Slug:
magical-addons-for-elementor

Installations
5,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.1.35

Severity Score:
Medium

CVE:

2024-34547

The vulnerability has been patched, so you should update to version 1.1.35.

Shopping Cart & eCommerce Store

Plugin:

Shopping Cart & eCommerce Store

Plugin Slug:
wp-easycart

Installations
5,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
5.6.5

Severity Score:
Medium

CVE:

2024-4213

The vulnerability has been patched, so you should update to version 5.6.5.

Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler

Plugin:

Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler

Plugin Slug:
cf7-styler

Installations
4,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.6.5

Severity Score:
Medium

CVE:

2024-34826

The vulnerability has been patched, so you should update to version 1.6.5.

3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin

Plugin:

3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin

Plugin Slug:
real3d-flipbook-lite

Installations
4,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.72

Severity Score:
Medium

CVE:

2024-34561

The vulnerability has been patched, so you should update to version 3.72.

Startklar Elementor Addons

Plugin:

Startklar Elementor Addons

Plugin Slug:
startklar-elmentor-forms-extwidgets

Installations
4,000+

Vulnerability:
Arbitrary File Deletion

Patched in Version:
1.7.14

Severity Score:
High

CVE:

2024-4346

The vulnerability has been patched, so you should update to version 1.7.14.

Startklar Elementor Addons

Plugin:

Startklar Elementor Addons

Plugin Slug:
startklar-elmentor-forms-extwidgets

Installations
4,000+

Vulnerability:
Arbitrary File Upload

Patched in Version:
1.7.14

Severity Score:
Critical

CVE:

2024-4345

The vulnerability has been patched, so you should update to version 1.7.14.

Auto Affiliate Links

Plugin:

Auto Affiliate Links

Plugin Slug:
wp-auto-affiliate-links

Installations
4,000+

Vulnerability:
SQL Injection

Patched in Version:
6.4.4

Severity Score:
High

CVE:

2024-34386

The vulnerability has been patched, so you should update to version 6.4.4.

All Bootstrap Blocks

Plugin:

All Bootstrap Blocks

Plugin Slug:
all-bootstrap-blocks

Installations
3,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.3.16

Severity Score:
Medium

CVE:

2024-35169

The vulnerability has been patched, so you should update to version 1.3.16.

Mihdan: Yandex Turbo Feed

Plugin:

Mihdan: Yandex Turbo Feed

Plugin Slug:
mihdan-yandex-turbo-feed

Installations
3,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.6.6

Severity Score:
Medium

CVE:

2024-4411

The vulnerability has been patched, so you should update to version 1.6.6.

Move Addons for Elementor

Plugin:

Move Addons for Elementor

Plugin Slug:
move-addons

Installations
3,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.3.1

Severity Score:
Medium

CVE:

2024-34562

The vulnerability has been patched, so you should update to version 1.3.1.

Shared Files – Advanced File Sharing & Download Manager with Frontend Uploads & Lead Generation

Plugin:

Shared Files – Advanced File Sharing & Download Manager with Frontend Uploads & Lead Generation

Plugin Slug:
shared-files

Installations
3,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.7.20

Severity Score:
Medium

CVE:

2024-34438

The vulnerability has been patched, so you should update to version 1.7.20.

WooCommerce Wishlist (High customization, fast setup,Free Elementor Wishlist, most features)

Plugin:

WooCommerce Wishlist (High customization, fast setup,Free Elementor Wishlist, most features)

Plugin Slug:
smart-wishlist-for-more-convert

Installations
3,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.7.9

Severity Score:
Medium

CVE:

2024-34813

The vulnerability has been patched, so you should update to version 1.7.9.

WooCommerce Wishlist (High customization, fast setup,Free Elementor Wishlist, most features)

Plugin:

WooCommerce Wishlist (High customization, fast setup,Free Elementor Wishlist, most features)

Plugin Slug:
smart-wishlist-for-more-convert

Installations
3,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.7.3

Severity Score:
Medium

CVE:

2024-34819

The vulnerability has been patched, so you should update to version 1.7.3.

iPages Flipbook For WordPress

Plugin:

iPages Flipbook For WordPress

Plugin Slug:
ipages-flipbook

Installations
2,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.5.2

Severity Score:
Medium

CVE:

2024-4744

The vulnerability has been patched, so you should update to version 1.5.2.

ShopBuilder – Elementor WooCommerce Builder Addons

Plugin:

ShopBuilder – Elementor WooCommerce Builder Addons

Plugin Slug:
shopbuilder

Installations
2,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
2.1.9

Severity Score:
Medium

CVE:

2024-34812

The vulnerability has been patched, so you should update to version 2.1.9.

Zotpress

Plugin:

Zotpress

Plugin Slug:
zotpress

Installations
2,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
7.3.10

Severity Score:
Medium

CVE:

2024-34569

The vulnerability has been patched, so you should update to version 7.3.10.

Academy LMS – eLearning and online course solution for WordPress

Plugin:

Academy LMS – eLearning and online course solution for WordPress

Plugin Slug:
academy

Installations
1,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
1.9.26

Severity Score:
Medium

CVE:

2024-35171

The vulnerability has been patched, so you should update to version 1.9.26.

Arigato Autoresponder and Newsletter

Plugin:

Arigato Autoresponder and Newsletter

Plugin Slug:
bft-autoresponder

Installations
1,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.7.2.4

Severity Score:
Medium

CVE:

2024-34823

The vulnerability has been patched, so you should update to version 2.7.2.4.

Church Admin

Plugin:

Church Admin

Plugin Slug:
church-admin

Installations
1,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
4.2.0

Severity Score:
Medium

CVE:

2024-34828

The vulnerability has been patched, so you should update to version 4.2.0.

Contact List – Premium Staff Listing, Business Directory & Address Book

Plugin:

Contact List – Premium Staff Listing, Business Directory & Address Book

Plugin Slug:
contact-list

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.9.88

Severity Score:
Medium

CVE:

2024-34821

The vulnerability has been patched, so you should update to version 2.9.88.

Falang multilanguage for WordPress

Plugin:

Falang multilanguage for WordPress

Plugin Slug:
falang

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.3.50

Severity Score:
Medium

CVE:

2024-4417

The vulnerability has been patched, so you should update to version 1.3.50.

Ghost

Plugin:

Ghost

Plugin Slug:
ghost

Installations
1,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
1.5.0

Severity Score:
High

CVE:

2024-34559

The vulnerability has been patched, so you should update to version 1.5.0.

Gold Addons for Elementor

Plugin:

Gold Addons for Elementor

Plugin Slug:
gold-addons-for-elementor

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.3.0

Severity Score:
Medium

CVE:

2024-34563

The vulnerability has been patched, so you should update to version 1.3.0.

Dynamics 365 Integration

Plugin:

Dynamics 365 Integration

Plugin Slug:
integration-dynamics

Installations
1,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
1.3.18

Severity Score:
Medium

CVE:

2024-34550

The vulnerability has been patched, so you should update to version 1.3.18.

Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms

Plugin:

Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms

Plugin Slug:
integration-for-contact-form-7-and-pipedrive

Installations
1,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.2.1

Severity Score:
Medium

CVE:

2024-34817

The vulnerability has been patched, so you should update to version 1.2.1.

SKT Addons for Elementor

Plugin:

SKT Addons for Elementor

Plugin Slug:
skt-addons-for-elementor

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.9

Severity Score:
Medium

CVE:

2024-34445

The vulnerability has been patched, so you should update to version 1.9.

SKT Addons for Elementor

Plugin:

SKT Addons for Elementor

Plugin Slug:
skt-addons-for-elementor

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.9

Severity Score:
Medium

CVE:

2024-34436

The vulnerability has been patched, so you should update to version 1.9.

Squelch Tabs and Accordions Shortcodes

Plugin:

Squelch Tabs and Accordions Shortcodes

Plugin Slug:
squelch-tabs-and-accordions-shortcodes

Installations
1,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
0.4.8

Severity Score:
Medium

CVE:

2024-4463

The vulnerability has been patched, so you should update to version 0.4.8.

Counter Up – Animated Number Counter & Milestone Showcase

Plugin:

Counter Up – Animated Number Counter & Milestone Showcase

Plugin Slug:
wp-counter-up

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.3.0

Severity Score:
Medium

CVE:

2024-34564

The vulnerability has been patched, so you should update to version 2.3.0.

WP Discourse

Plugin:

WP Discourse

Plugin Slug:
wp-discourse

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.5.2

Severity Score:
Medium

CVE:

2024-35168

The vulnerability has been patched, so you should update to version 2.5.2.

WPCal.io – Easy Meeting Scheduler

Plugin:

WPCal.io – Easy Meeting Scheduler

Plugin Slug:
wpcal

Installations
1,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
0.9.5.9

Severity Score:
Medium

CVE:

2024-34816

The vulnerability has been patched, so you should update to version 0.9.5.9.

Barcode Scanner and Inventory manager. POS (Point of Sale) – scan barcodes & create orders with barcode reader.

Plugin:

Barcode Scanner and Inventory manager. POS (Point of Sale) – scan barcodes & create orders with barcode reader.

Plugin Slug:
barcode-scanner-lite-pos-to-manage-products-inventory-and-orders

Installations
800+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.5.5

Severity Score:
Medium

CVE:

2024-34557

The vulnerability has been patched, so you should update to version 1.5.5.

Barcode Scanner and Inventory manager. POS (Point of Sale) – scan barcodes & create orders with barcode reader.

Plugin:

Barcode Scanner and Inventory manager. POS (Point of Sale) – scan barcodes & create orders with barcode reader.

Plugin Slug:
barcode-scanner-lite-pos-to-manage-products-inventory-and-orders

Installations
800+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
1.5.5

Severity Score:
Medium

CVE:

2024-34556

The vulnerability has been patched, so you should update to version 1.5.5.

Sticky banner

Plugin:

Sticky banner

Plugin Slug:
sticky-banner

Installations
600+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.3.0

Severity Score:
Medium

CVE:

2024-35170

The vulnerability has been patched, so you should update to version 1.3.0.

Joli FAQ SEO – WordPress FAQ Plugin

Plugin:

Joli FAQ SEO – WordPress FAQ Plugin

Plugin Slug:
joli-faq-seo

Installations
400+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.3.3

Severity Score:
Medium

CVE:

2024-4082

The vulnerability has been patched, so you should update to version 1.3.3.

Soccer Engine – Soccer Plugin for WordPress

Plugin:

Soccer Engine – Soccer Plugin for WordPress

Plugin Slug:
soccer-engine-lite

Installations
90+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.13

Severity Score:
Medium

CVE:

2024-4312

The vulnerability has been patched, so you should update to version 1.13.

Hostel

Plugin:

Hostel

Plugin Slug:
hostel

Installations
70+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.1.5.4

Severity Score:
Medium

CVE:

2024-4314

The vulnerability has been patched, so you should update to version 1.1.5.4.

ADFO – Custom data in admin dashboard

Plugin:

ADFO – Custom data in admin dashboard

Plugin Slug:
admin-form

Installations
60+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.9.1

Severity Score:
Medium

CVE:

2024-4103

The vulnerability has been patched, so you should update to version 1.9.1.

ADFO – Custom data in admin dashboard

Plugin:

ADFO – Custom data in admin dashboard

Plugin Slug:
admin-form

Installations
60+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.9.1

Severity Score:
High

CVE:

2024-4104

The vulnerability has been patched, so you should update to version 1.9.1.

Z-Downloads

Plugin:

Z-Downloads

Plugin Slug:
z-downloads

Installations
60+

Vulnerability:
Arbitrary File Upload

Patched in Version:
1.11.4

Severity Score:
Critical

CVE:

2024-34555

The vulnerability has been patched, so you should update to version 1.11.4.

Aiomatic

Plugin:

Aiomatic

Plugin Slug:
aiomatic-automatic-ai-content-writer

Vulnerability:
Broken Access Control

Patched in Version:
1.9.4

Severity Score:
Medium

CVE:

2024-34435

The vulnerability has been patched, so you should update to version 1.9.4.

Breakdance

Plugin:

Breakdance

Plugin Slug:
breakdance

Vulnerability:
Remote Code Execution (RCE)

Patched in Version:
1.7.2

Severity Score:
High

CVE:

2024-4605

The vulnerability has been patched, so you should update to version 1.7.2.

Divi Builder

Plugin:

Divi Builder

Plugin Slug:
divi-builder

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.25.1

Severity Score:
Medium

CVE:

2024-4490

The vulnerability has been patched, so you should update to version 4.25.1.

Fancy Product Designer

Plugin:

Fancy Product Designer

Plugin Slug:
fancy-product-designer

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
6.1.81

Severity Score:
Medium

CVE:

2024-0904

The vulnerability has been patched, so you should update to version 6.1.81.

Porto Theme – Functionality

Plugin:

Porto Theme – Functionality

Plugin Slug:
porto-functionality

Vulnerability:
Local File Inclusion

Patched in Version:
3.1.1

Severity Score:
Medium

CVE:

2024-3808

The vulnerability has been patched, so you should update to version 3.1.1.

Spectra Pro

Plugin:

Spectra Pro

Plugin Slug:
spectra-pro

Vulnerability:
Privilege Escalation

Patched in Version:
1.1.6

Severity Score:
High

CVE:

2024-3828

The vulnerability has been patched, so you should update to version 1.1.6.

Stockholm Core

Plugin:

Stockholm Core

Plugin Slug:
stockholm-core

Vulnerability:
Local File Inclusion

Patched in Version:
2.4.2

Severity Score:
High

CVE:

2024-34554

The vulnerability has been patched, so you should update to version 2.4.2.

Stockholm Core

Plugin:

Stockholm Core

Plugin Slug:
stockholm-core

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.4.2

Severity Score:
High

CVE:

2024-34553

The vulnerability has been patched, so you should update to version 2.4.2.

Unyson

Plugin:

Unyson

Plugin Slug:
unyson

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.7.31

Severity Score:
Medium

CVE:

2024-34814

The vulnerability has been patched, so you should update to version 2.7.31.

WordPress Themes — 16 Patched

Consus

Theme:

Consus

Theme Slug:
consus

Downloads
16,364

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.0.7

Severity Score:
Medium

CVE:

2024-34810

The vulnerability has been patched, so you should update to version 1.0.7.

EmpowerWP

Theme:

EmpowerWP

Theme Slug:
empowerwp

Downloads
219,376

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.0.22

Severity Score:
Medium

CVE:

2024-34809

The vulnerability has been patched, so you should update to version 1.0.22.

Himalayas

Theme:

Himalayas

Theme Slug:
himalayas

Downloads
332,940

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.3.1

Severity Score:
Medium

CVE:

2024-34571

The vulnerability has been patched, so you should update to version 1.3.1.

Ketos

Theme:

Ketos

Theme Slug:
ketos

Downloads
28,703

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.0.6

Severity Score:
Medium

CVE:

2024-34810

The vulnerability has been patched, so you should update to version 1.0.6.

Mindscape

Theme:

Mindscape

Theme Slug:
mindscape

Downloads
41,737

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.0.23

Severity Score:
Medium

CVE:

2024-34810

The vulnerability has been patched, so you should update to version 1.0.23.

Niveau

Theme:

Niveau

Theme Slug:
niveau

Downloads
16,831

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.0.9

Severity Score:
Medium

CVE:

2024-34810

The vulnerability has been patched, so you should update to version 1.0.9.

Oasis

Theme:

Oasis

Theme Slug:
oasis

Downloads
69,511

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.0.13

Severity Score:
Medium

CVE:

2024-34810

The vulnerability has been patched, so you should update to version 1.0.13.

raindrops

Theme:

raindrops

Theme Slug:
raindrops

Downloads
716,615

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.700

Severity Score:
Medium

CVE:

2024-34414

The vulnerability has been patched, so you should update to version 1.700.

Skyline WP

Theme:

Skyline WP

Theme Slug:
skyline-wp

Downloads
169,635

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.0.11

Severity Score:
Medium

CVE:

2024-34810

The vulnerability has been patched, so you should update to version 1.0.11.

Zeka

Theme:

Zeka

Theme Slug:
zeka

Downloads
20,249

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.0.10

Severity Score:
Medium

CVE:

2024-34810

The vulnerability has been patched, so you should update to version 1.0.10.

Divi

Theme:

Divi

Theme Slug:
divi

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.25.1

Severity Score:
Medium

CVE:

2024-4490

The vulnerability has been patched, so you should update to version 4.25.1.

Extra

Theme:

Extra

Theme Slug:
extra

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.25.1

Severity Score:
Medium

CVE:

2024-4490

The vulnerability has been patched, so you should update to version 4.25.1.

Porto

Theme:

Porto

Theme Slug:
porto

Vulnerability:
Local File Inclusion

Patched in Version:
7.1.1

Severity Score:
High

CVE:

2024-3806

The vulnerability has been patched, so you should update to version 7.1.1.

Porto

Theme:

Porto

Theme Slug:
porto

Vulnerability:
Local File Inclusion

Patched in Version:
7.1.1

Severity Score:
Medium

CVE:

2024-3807

The vulnerability has been patched, so you should update to version 7.1.1.

Stockholm

Theme:

Stockholm

Theme Slug:
stockholm

Vulnerability:
Local File Inclusion

Patched in Version:
9.7

Severity Score:
High

CVE:

2024-34552

The vulnerability has been patched, so you should update to version 9.7.

Stockholm

Theme:

Stockholm

Theme Slug:
stockholm

Vulnerability:
Local File Inclusion

Patched in Version:
9.7

Severity Score:
Critical

CVE:

2024-34551

The vulnerability has been patched, so you should update to version 9.7.

window[“27011011_8965_4393_8beb_65720bd4bc69”] = {“blockId”:”27011011-8965-4393-8beb-65720bd4bc69″,”className”:””,”heading”:”Solid Security is part of Solid Suite \u2014 The best foundation for WordPress websites.”,”text”:”Every WordPress site needs security, backups, and management tools. That\u2019s Solid Suite \u2014 an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy\u2019s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!”,”buttonText”:”Get Solid Security”,”buttonLink”:”\/pricing”,”buttonTarget”:”_self”,”buttonRel”:””};

Solid Security is part of Solid Suite — The best foundation for WordPress websites.

Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!

Get Solid Security

The post WordPress Vulnerability Report — May 15, 2024 appeared first on SolidWP.

Source link

Written by:
Abdul Wahid
Published on:
May 17, 2024

Categories: Woocommerce

Primary Sidebar

Wordpress

  • Content Management Systems (2)
  • Digital Marketing (4)
  • Internet Marketing (6)
  • Latest News (458)
  • Online Business (2)
  • Plugins (519)
  • Themes (521)
  • Videos (1,350)
  • Website Development (1)
  • Woocommerce (589)
  • WordPress (6)

Recent Articles

Unlock Your Internet Marketing Success with WordPress: The Ultimate CMS for Achieving Online Goals

WordPress: A Powerhouse for Achieving Internet …

Continue Reading about Unlock Your Internet Marketing Success with WordPress: The Ultimate CMS for Achieving Online Goals

Unlock Your Internet Marketing Potential with WordPress: A Comprehensive Guide

How to Use WordPress to Achieve Your Internet …

Continue Reading about Unlock Your Internet Marketing Potential with WordPress: A Comprehensive Guide

Search our site

Explore more

Get our Wordpress Guide Get Plugins Get Connected

Footer

VirusWord by Promaps, Inc.

Barnes Place
Colombo 7, Western 00700

Copyright © 2025 · Promaps, Inc.

Keep In Touch

  • Email
  • Facebook
  • Instagram
  • Pinterest
  • Twitter