In this report, 192 vulnerabilities have been publicly disclosed. Security patches for 145 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.
Additionally, there are 47 plugin vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.
window[“e516ebc3_cc22_4120_9024_74a02d8803fb”] = {“blockId”:”e516ebc3-cc22-4120-9024-74a02d8803fb”,”type”:”warning”,”content”:”
Along with poor user account security, vulnerable plugins and themes are among the top reasons why WordPress websites get hacked. Unfortunately, cyberattacks are increasing in volume and sophistication. They’re also increasingly aimed at small to mid-sized businesses.”,”className”:””};
window[“255c72cf_b4e3_402c_9998_e11c0e137abc”] = {“blockId”:”255c72cf-b4e3-402c-9998-e11c0e137abc”,”className”:””,”isOpen”:true};
window[“d4016609_9a27_4a04_8b01_4cf71ac41793”] = {“blockId”:”d4016609-9a27-4a04-8b01-4cf71ac41793″,”type”:”notice”,”content”:”
WordPress Core
WordPress 6.5.3 was released on May 7, 2024, as a short-cycle maintenance release. This release features 12 bug fixes on Core and 9 bug fixes for the Block editor.
The next major release will be version 6.6 planned for July 2024.
window[“3ce27c10_4561_4878_bd60_5562a4dbf81c”] = {“blockId”:”3ce27c10-4561-4878-bd60-5562a4dbf81c”,”text”:”No new core vulnerabilities were disclosed this week.”,”className”:””};
WordPress Plugins — 129 Patched / 47 Unpatched
Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer
- Plugin Slug:
- clearfy
- Installations
- 80,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-34806
Flo Forms – Easy Drag & Drop Form Builder
- Plugin Slug:
- flo-forms
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-35174
WP Post Author – Enhance Your Posts with the Author Bio, Co-Authors, Guest Authors, and Post Rating System, including User Registration Form Builder
- Plugin Slug:
- wp-post-author
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-34389
WP Post Author – Enhance Your Posts with the Author Bio, Co-Authors, Guest Authors, and Post Rating System, including User Registration Form Builder
- Plugin Slug:
- wp-post-author
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-34387
140+ Widgets | Best Addons For Elementor – FREE
- Plugin Slug:
- xpro-elementor-addons
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-34570
JCH Optimize
- Plugin:
-
JCH Optimize
- Plugin Slug:
- jch-optimize
- Installations
- 6,000+
- Vulnerability:
- Path Traversal
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-34808
Post Grid Master – Custom Post Types, Taxonomies & Ajax Filter Everything with Infinite Scroll, Load More, Pagination & Shortcode Builder
- Plugin Slug:
- ajax-filter-posts
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-34390
Kognetiks Chatbot for WordPress
- Plugin:
-
Kognetiks Chatbot for WordPress
- Plugin Slug:
- chatbot-chatgpt
- Installations
- 1,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
-
2024-32700
Netgsm
Propovoice CRM – Best CRM & Invoicing Plugin to Manage Leads, Clients and Billings automation
- Plugin:
-
Propovoice CRM – Best CRM & Invoicing Plugin to Manage Leads, Clients and Billings automation
- Plugin Slug:
- propovoice
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-4747
Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider
- Plugin Slug:
- ultimate-store-kit
- Installations
- 1,000+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-4606
WC Serial Numbers – Ultimate License Manager for Selling, Licensing & Securely Delivering Digital Content with WooCommerce
- Plugin Slug:
- wc-serial-numbers
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-35173
WordPress Webinar Plugin – WebinarPress
- Plugin Slug:
- wp-webinarsystem
- Installations
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-34818
gee Search Plus, improved WordPress search
- Plugin Slug:
- gsearch-plus
- Installations
- 100+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-34560
Sticky Social Link
- Plugin:
-
Sticky Social Link
- Plugin Slug:
- sticky-social-link
- Installations
- 100+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-34546
DS Site Message
- Plugin:
-
DS Site Message
- Plugin Slug:
- ds-site-message
- Installations
- 10+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-34439
Viet Nam Affiliate
- Plugin:
-
Viet Nam Affiliate
- Plugin Slug:
- viet-nam-affiliate
- Installations
- 10+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-34417
AWSOM News Announcement
- Plugin:
-
AWSOM News Announcement
- Plugin Slug:
- awsom-news-announcement
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-34428
BlogLentor
- Plugin:
-
BlogLentor
- Plugin Slug:
- bloglentor-for-elementor
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-34421
Brozzme Scroll Top
- Plugin:
-
Brozzme Scroll Top
- Plugin Slug:
- brozzme-scroll-top
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-34426
canvasio3D Light
- Plugin:
-
canvasio3D Light
- Plugin Slug:
- canvasio3d-light
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
-
2024-34411
Configure Login Timeout
- Plugin:
-
Configure Login Timeout
- Plugin Slug:
- configure-login-timeout
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-34419
Corona Virus (COVID-19) Banner & Live Data
- Plugin:
-
Corona Virus (COVID-19) Banner & Live Data
- Plugin Slug:
- corona-virus-covid-19-banner
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-34429
Crelly Slider
- Plugin:
-
Crelly Slider
- Plugin Slug:
- crelly-slider
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-3752
Debug Info
- Plugin:
-
Debug Info
- Plugin Slug:
- debug-info
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-34565
EasyEvent
- Plugin:
-
EasyEvent
- Plugin Slug:
- easyevent
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-3628
Enter Addons
- Plugin:
-
Enter Addons
- Plugin Slug:
- enteraddons
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-3831
Fancy Elementor Flipbox
- Plugin:
-
Fancy Elementor Flipbox
- Plugin Slug:
- fancy-elementor-flipbox
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-34572
Fast Custom Social Share by CodeBard
- Plugin:
-
Fast Custom Social Share by CodeBard
- Plugin Slug:
- fast-custom-social-share-by-codebard
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-34807
Featured Content Gallery
- Plugin:
-
Featured Content Gallery
- Plugin Slug:
- featured-content-gallery
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-34424
Forty Four – 404 Plugin for WordPress
- Plugin:
-
Forty Four – 404 Plugin for WordPress
- Plugin Slug:
- forty-four
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-34423
GDPR Compliance
- Plugin:
-
GDPR Compliance
- Plugin Slug:
- gdpr-compliance
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-34388
Comments Evolved for WordPress
- Plugin:
-
Comments Evolved for WordPress
- Plugin Slug:
- gplus-comments
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-34420
LetterPress
- Plugin:
-
LetterPress
- Plugin Slug:
- letterpress
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-34568
MF Gig Calendar
- Plugin:
-
MF Gig Calendar
- Plugin Slug:
- mf-gig-calendar
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-3755
Pk Favicon Manager
- Plugin:
-
Pk Favicon Manager
- Plugin Slug:
- phpsword-favicon-manager
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
-
2024-34416
Pootle Pagebuilder – WordPress Page builder
- Plugin:
-
Pootle Pagebuilder – WordPress Page builder
- Plugin Slug:
- pootle-page-builder
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-34573
Pure Chat
- Plugin:
-
Pure Chat
- Plugin Slug:
- pure-chat
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-3595
QuickieBar
- Plugin:
-
QuickieBar
- Plugin Slug:
- quickiebar
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-34425
Social Connect
- Plugin:
-
Social Connect
- Plugin Slug:
- social-connect
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
-
2024-4393
Swift Performance Lite
- Plugin:
-
Swift Performance Lite
- Plugin Slug:
- swift-performance-lite
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-3722
Table Maker
- Plugin:
-
Table Maker
- Plugin Slug:
- table-maker
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-34574
TT Custom Post Type Creator
- Plugin:
-
TT Custom Post Type Creator
- Plugin Slug:
- tt-custom-post-type-creator
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-34430
Viet Affiliate Link
- Plugin:
-
Viet Affiliate Link
- Plugin Slug:
- viet-affiliate-link
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-34422
WP etracker
- Plugin:
-
WP etracker
- Plugin Slug:
- wp-etracker
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-34431
WP Favorite Posts
- Plugin:
-
WP Favorite Posts
- Plugin Slug:
- wp-favorite-posts
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-34427
WPCS ( WordPress Custom Search )
- Plugin:
-
WPCS ( WordPress Custom Search )
- Plugin Slug:
- wpcs-wp-custom-search
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-34418
Yoast SEO
Jetpack – WP Security, Backup, Speed, & Growth
- Plugin Slug:
- jetpack
- Installations
- 4,000,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 13.4
- Severity Score:
- Medium
- CVE:
-
2024-4392
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
- Plugin:
-
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
- Plugin Slug:
- essential-addons-for-elementor-lite
- Installations
- 2,000,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.9.21
- Severity Score:
- Medium
- CVE:
-
2024-4624
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
- Plugin:
-
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
- Plugin Slug:
- essential-addons-for-elementor-lite
- Installations
- 2,000,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.9.20
- Severity Score:
- Medium
- CVE:
-
2024-4275
Starter Templates — Elementor, WordPress & Beaver Builder Templates
- Plugin Slug:
- astra-sites
- Installations
- 1,000,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.2.2
- Severity Score:
- Medium
- CVE:
-
2024-4630
Starter Templates — Elementor, WordPress & Beaver Builder Templates
- Plugin Slug:
- astra-sites
- Installations
- 1,000,000+
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- 4.1.7
- Severity Score:
- Medium
- CVE:
-
2024-1467
One Click Demo Import
- Plugin:
-
One Click Demo Import
- Plugin Slug:
- one-click-demo-import
- Installations
- 1,000,000+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 3.2.1
- Severity Score:
- Medium
- CVE:
-
2024-34433
Gutenberg Blocks with AI by Kadence WP – Page Builder Features
- Plugin Slug:
- kadence-blocks
- Installations
- 400,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.2.37
- Severity Score:
- Medium
- CVE:
-
2024-4481
Translate Multilingual sites – TranslatePress
- Plugin Slug:
- translatepress-multilingual
- Installations
- 300,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.7.6
- Severity Score:
- Medium
- CVE:
-
2024-34827
Blocksy Companion
- Plugin:
-
Blocksy Companion
- Plugin Slug:
- blocksy-companion
- Installations
- 200,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.0.46
- Severity Score:
- Medium
- CVE:
-
2024-4487
FileBird – WordPress Media Library Folders & File Manager
- Plugin Slug:
- filebird
- Installations
- 200,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 5.6.4
- Severity Score:
- Medium
- CVE:
-
2024-35166
Unlimited Elements For Elementor (Free Widgets, Addons, Templates)
- Plugin Slug:
- unlimited-elements-for-elementor
- Installations
- 200,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 1.5.105
- Severity Score:
- High
- CVE:
-
2024-3055
Unlimited Elements For Elementor (Free Widgets, Addons, Templates)
- Plugin Slug:
- unlimited-elements-for-elementor
- Installations
- 200,000+
- Vulnerability:
- Remote Code Execution (RCE)
- Patched in Version:
- 1.5.103
- Severity Score:
- High
- CVE:
-
2024-2662
Unlimited Elements For Elementor (Free Widgets, Addons, Templates)
- Plugin Slug:
- unlimited-elements-for-elementor
- Installations
- 200,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.5.103
- Severity Score:
- High
- CVE:
-
2024-3547
White Label CMS
- Plugin:
-
White Label CMS
- Plugin Slug:
- white-label-cms
- Installations
- 200,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.7.4
- Severity Score:
- Medium
- CVE:
-
2024-4280
Advanced Ads – Ad Manager & AdSense
- Plugin Slug:
- advanced-ads
- Installations
- 100,000+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 1.52.2
- Severity Score:
- Medium
- CVE:
-
2024-2290
Advanced Ads – Ad Manager & AdSense
- Plugin Slug:
- advanced-ads
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.52.2
- Severity Score:
- Medium
- CVE:
-
2024-3952
Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider)
- Plugin Slug:
- bdthemes-prime-slider-lite
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.14.4
- Severity Score:
- Medium
- CVE:
-
2024-4339
Beaver Builder – WordPress Page Builder
- Plugin Slug:
- beaver-builder-lite-version
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.8.1.3
- Severity Score:
- Medium
- CVE:
-
2024-4430
Beaver Builder – WordPress Page Builder
- Plugin Slug:
- beaver-builder-lite-version
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.8.1.2
- Severity Score:
- Medium
- CVE:
-
2024-3923
Content Views – Post Grid & Filter, Recent Posts, Category Posts, & More (Gutenberg Blocks and Shortcode)
- Plugin Slug:
- content-views-query-and-display-post-page
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.7.2
- Severity Score:
- Medium
- CVE:
-
2024-4446
HT Mega – Absolute Addons For Elementor
- Plugin Slug:
- ht-mega-for-elementor
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.5.1
- Severity Score:
- Medium
- CVE:
-
2024-3990
Pods – Custom Content Types and Fields
- Plugin Slug:
- pods
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.2.1.1
- Severity Score:
- Medium
- CVE:
-
2024-3956
WP Job Manager
- Plugin:
-
WP Job Manager
- Plugin Slug:
- wp-job-manager
- Installations
- 100,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 2.3.0
- Severity Score:
- Medium
- CVE:
-
2024-34549
XML Sitemap & Google News
- Plugin:
-
XML Sitemap & Google News
- Plugin Slug:
- xml-sitemap-feed
- Installations
- 100,000+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 5.4.9
- Severity Score:
- High
- CVE:
-
2024-4441
EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor
- Plugin Slug:
- embedpress
- Installations
- 90,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.9.17
- Severity Score:
- Medium
- CVE:
-
2024-4316
LearnPress – WordPress LMS Plugin
- Plugin Slug:
- learnpress
- Installations
- 90,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.2.6.6
- Severity Score:
- Medium
- CVE:
-
2024-4277
LearnPress – WordPress LMS Plugin
- Plugin Slug:
- learnpress
- Installations
- 90,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.2.6.6
- Severity Score:
- Medium
- CVE:
-
2024-4444
LearnPress – WordPress LMS Plugin
- Plugin Slug:
- learnpress
- Installations
- 90,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 4.2.6.6
- Severity Score:
- Critical
- CVE:
-
2024-4434
LearnPress – WordPress LMS Plugin
- Plugin Slug:
- learnpress
- Installations
- 90,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 4.2.6.6
- Severity Score:
- Critical
- CVE:
-
2024-4397
Import and export users and customers
- Plugin Slug:
- import-users-from-csv-with-meta
- Installations
- 80,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.26.6
- Severity Score:
- Medium
- CVE:
-
2024-34815
Mesmerize Companion
- Plugin:
-
Mesmerize Companion
- Plugin Slug:
- mesmerize-companion
- Installations
- 80,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.6.149
- Severity Score:
- Medium
- CVE:
-
2024-3494
Sydney Toolbox
- Plugin:
-
Sydney Toolbox
- Plugin Slug:
- sydney-toolbox
- Installations
- 80,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.32
- Severity Score:
- Medium
- CVE:
-
2024-4473
AI Engine
- Plugin:
-
AI Engine
- Plugin Slug:
- ai-engine
- Installations
- 70,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 2.2.70
- Severity Score:
- Critical
- CVE:
-
2024-34440
Custom Field Suite
- Plugin:
-
Custom Field Suite
- Plugin Slug:
- custom-field-suite
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.6.6
- Severity Score:
- Medium
- CVE:
-
2024-3068
Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy)
- Plugin:
-
Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy)
- Plugin Slug:
- easy-digital-downloads
- Installations
- 50,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 3.2.12
- Severity Score:
- Medium
- CVE:
-
2024-32100
Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy)
- Plugin:
-
Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy)
- Plugin Slug:
- easy-digital-downloads
- Installations
- 50,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 3.2.12
- Severity Score:
- Medium
- CVE:
-
2024-31113
Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder
- Plugin Slug:
- form-maker
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.15.25
- Severity Score:
- Medium
- CVE:
-
2024-34437
Image Hover Effects – Elementor Addon
- Plugin Slug:
- image-hover-effects-addon-for-elementor
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.4.2
- Severity Score:
- Medium
- CVE:
-
2024-1166
Ditty – Responsive News Tickers, Sliders, and Lists
- Plugin Slug:
- ditty-news-ticker
- Installations
- 40,000+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 3.1.39
- Severity Score:
- High
- CVE:
-
2024-3954
Timber
- Plugin:
-
Timber
- Plugin Slug:
- timber-library
- Installations
- 40,000+
- Vulnerability:
- Deserialization of untrusted data
- Patched in Version:
- 1.23.1
- Severity Score:
- High
- CVE:
-
2024-29800
Visual Footer Credit Remover
- Plugin:
-
Visual Footer Credit Remover
- Plugin Slug:
- visual-footer-credit-remover
- Installations
- 40,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.3
- Severity Score:
- Medium
- CVE:
-
2024-2846
Social Sharing Plugin – Social Warfare
- Plugin Slug:
- social-warfare
- Installations
- 30,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 4.4.6
- Severity Score:
- Medium
- CVE:
-
2024-34825
Back In Stock Notifier for WooCommerce | WooCommerce Waitlist Pro
- Plugin Slug:
- back-in-stock-notifier-for-woocommerce
- Installations
- 20,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 5.3.2
- Severity Score:
- Medium
- CVE:
-
2024-4038
Content Blocks (Custom Post Widget)
- Plugin Slug:
- custom-post-widget
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.3.1
- Severity Score:
- Medium
- CVE:
-
2024-34566
Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers
- Plugin Slug:
- rafflepress
- Installations
- 20,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.12.5
- Severity Score:
- Medium
- CVE:
-
2024-4745
ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization
- Plugin Slug:
- shortpixel-adaptive-images
- Installations
- 20,000+
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- 3.8.4
- Severity Score:
- Medium
- CVE:
-
2024-35172
ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization
- Plugin Slug:
- shortpixel-adaptive-images
- Installations
- 20,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 3.8.4
- Severity Score:
- Medium
- CVE:
-
2024-4689
ClickCease Click Fraud Protection
- Plugin Slug:
- clickcease-click-fraud-protection
- Installations
- 10,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 3.2.5
- Severity Score:
- Medium
- CVE:
-
2023-6810
Easy Affiliate Links
- Plugin:
-
Easy Affiliate Links
- Plugin Slug:
- easy-affiliate-links
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.7.3
- Severity Score:
- Medium
- CVE:
-
2024-34441
Envo’s Elementor Templates & Widgets for WooCommerce
- Plugin Slug:
- envo-elementor-for-woocommerce
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.4.9
- Severity Score:
- Medium
- CVE:
-
2024-35167
Graphina – Elementor Charts and Graphs
- Plugin Slug:
- graphina-elementor-charts-and-graphs
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.8.10
- Severity Score:
- Medium
- CVE:
-
2024-4574
HTML5 Audio Player- Best WordPress Audio Player Plugin
- Plugin Slug:
- html5-audio-player
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.2.22
- Severity Score:
- Medium
- CVE:
-
2024-4398
Link Library
- Plugin:
-
Link Library
- Plugin Slug:
- link-library
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 7.7
- Severity Score:
- Medium
- CVE:
-
2024-4281
Gallery Block (Meow Gallery)
- Plugin:
-
Gallery Block (Meow Gallery)
- Plugin Slug:
- meow-gallery
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.1.4
- Severity Score:
- Medium
- CVE:
-
2024-4386
Hotel Booking Lite
- Plugin:
-
Hotel Booking Lite
- Plugin Slug:
- motopress-hotel-booking-lite
- Installations
- 10,000+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 4.11.2
- Severity Score:
- Critical
- CVE:
-
2024-4413
Shared Counts – Social Media Share Buttons
- Plugin Slug:
- shared-counts
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.5.0
- Severity Score:
- Medium
Simple Basic Contact Form
- Plugin:
-
Simple Basic Contact Form
- Plugin Slug:
- simple-basic-contact-form
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 20240511
- Severity Score:
- Medium
- CVE:
-
2024-4144
SportsPress – Sports Club & League Manager
- Plugin Slug:
- sportspress
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.7.21
- Severity Score:
- Medium
- CVE:
-
2024-34824
SSL Zen – Free Let’s Encrypt SSL Certificate & HTTPS/SSL Redirect WordPress Plugin
- Plugin Slug:
- ssl-zen
- Installations
- 10,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 4.6.0
- Severity Score:
- Medium
- CVE:
-
2024-1076
Themify Shortcodes
- Plugin:
-
Themify Shortcodes
- Plugin Slug:
- themify-shortcodes
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.1.0
- Severity Score:
- Medium
- CVE:
-
2024-4567
Thim Elementor Kit
- Plugin:
-
Thim Elementor Kit
- Plugin Slug:
- thim-elementor-kit
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.1.9.1
- Severity Score:
- Medium
- CVE:
-
2024-4329
Thim Elementor Kit
- Plugin:
-
Thim Elementor Kit
- Plugin Slug:
- thim-elementor-kit
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.1.9
- Severity Score:
- Medium
- CVE:
-
2024-34415
weMail – Email Marketing, Newsletter, Optin Forms, Subscribers WordPress Plugin
- Plugin Slug:
- wemail
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.14.3
- Severity Score:
- Medium
- CVE:
-
2024-34822
All-in-One Addons for Elementor – WidgetKit
- Plugin Slug:
- widgetkit-for-elementor
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.5.0
- Severity Score:
- Medium
- CVE:
-
2024-34548
Orders Tracking for WooCommerce
- Plugin:
-
Orders Tracking for WooCommerce
- Plugin Slug:
- woo-orders-tracking
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.2.11
- Severity Score:
- Medium
- CVE:
-
2024-4039
WP Latest Posts
- Plugin:
-
WP Latest Posts
- Plugin Slug:
- wp-latest-posts
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 5.0.8
- Severity Score:
- Medium
- CVE:
-
2024-4135
WP Photo Album Plus
- Plugin:
-
WP Photo Album Plus
- Plugin Slug:
- wp-photo-album-plus
- Installations
- 10,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 8.7.01.002
- Severity Score:
- Critical
- CVE:
-
2024-31377
YITH WooCommerce Gift Cards
- Plugin:
-
YITH WooCommerce Gift Cards
- Plugin Slug:
- yith-woocommerce-gift-cards
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.13.0
- Severity Score:
- Medium
- CVE:
-
2024-0870
WP SMS – Messaging, SMS & MMS Notifications, 2FA & OTP for WordPress, WooCommerce, GravityForms, etc
- Plugin:
-
WP SMS – Messaging, SMS & MMS Notifications, 2FA & OTP for WordPress, WooCommerce, GravityForms, etc
- Plugin Slug:
- wp-sms
- Installations
- 9,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 6.5.2
- Severity Score:
- Medium
- CVE:
-
2024-34811
Gutenify – Visual Site Builder Blocks & Site Templates.
- Plugin Slug:
- gutenify
- Installations
- 8,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 1.4.1
- Severity Score:
- Medium
- CVE:
-
2024-35165
If-So Dynamic Content Personalization
- Plugin Slug:
- if-so
- Installations
- 8,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.7.1.1
- Severity Score:
- Medium
- CVE:
-
2024-34820
WordPress Affiliates Plugin — SliceWP Affiliates
- Plugin Slug:
- slicewp
- Installations
- 8,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.1.11
- Severity Score:
- Medium
- CVE:
-
2024-34413
Shipment Tracking, Tracking, and Order Tracking for WooCommerce – ParcelPanel (Free to install)
- Plugin:
-
Shipment Tracking, Tracking, and Order Tracking for WooCommerce – ParcelPanel (Free to install)
- Plugin Slug:
- parcelpanel
- Installations
- 7,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 3.9.0
- Severity Score:
- High
- CVE:
-
2024-34412
WP Compress – Image Optimizer [All-In-One]
- Plugin Slug:
- wp-compress-image-optimizer
- Installations
- 7,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 6.20.02
- Severity Score:
- Medium
- CVE:
-
2024-4445
WP Compress – Image Optimizer [All-In-One]
- Plugin Slug:
- wp-compress-image-optimizer
- Installations
- 7,000+
- Vulnerability:
- Open Redirection
- Patched in Version:
- 6.20.02
- Severity Score:
- Medium
- CVE:
-
2023-6812
Better Elementor Addons
- Plugin:
-
Better Elementor Addons
- Plugin Slug:
- better-elementor-addons
- Installations
- 6,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.4.5
- Severity Score:
- Medium
- CVE:
-
2024-34432
The Best WordPress Knowledgebase and Documentation Plugin – weDocs
- Plugin Slug:
- wedocs
- Installations
- 6,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.1.5
- Severity Score:
- Medium
- CVE:
-
2024-34442
WOLF – WordPress Posts Bulk Editor and Manager Professional
- Plugin Slug:
- bulk-editor
- Installations
- 5,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.0.8.3
- Severity Score:
- Medium
- CVE:
-
2024-34558
Edwiser Bridge – WordPress Moodle LMS Integration
- Plugin Slug:
- edwiser-bridge
- Installations
- 5,000+
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 3.0.6
- Severity Score:
- Critical
- CVE:
-
2024-4186
Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library )
- Plugin Slug:
- magical-addons-for-elementor
- Installations
- 5,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.1.35
- Severity Score:
- Medium
- CVE:
-
2024-34547
Shopping Cart & eCommerce Store
- Plugin:
-
Shopping Cart & eCommerce Store
- Plugin Slug:
- wp-easycart
- Installations
- 5,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 5.6.5
- Severity Score:
- Medium
- CVE:
-
2024-4213
Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler
- Plugin Slug:
- cf7-styler
- Installations
- 4,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.6.5
- Severity Score:
- Medium
- CVE:
-
2024-34826
3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin
- Plugin Slug:
- real3d-flipbook-lite
- Installations
- 4,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.72
- Severity Score:
- Medium
- CVE:
-
2024-34561
Startklar Elementor Addons
- Plugin:
-
Startklar Elementor Addons
- Plugin Slug:
- startklar-elmentor-forms-extwidgets
- Installations
- 4,000+
- Vulnerability:
- Arbitrary File Deletion
- Patched in Version:
- 1.7.14
- Severity Score:
- High
- CVE:
-
2024-4346
Startklar Elementor Addons
- Plugin:
-
Startklar Elementor Addons
- Plugin Slug:
- startklar-elmentor-forms-extwidgets
- Installations
- 4,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 1.7.14
- Severity Score:
- Critical
- CVE:
-
2024-4345
Auto Affiliate Links
- Plugin:
-
Auto Affiliate Links
- Plugin Slug:
- wp-auto-affiliate-links
- Installations
- 4,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 6.4.4
- Severity Score:
- High
- CVE:
-
2024-34386
All Bootstrap Blocks
- Plugin:
-
All Bootstrap Blocks
- Plugin Slug:
- all-bootstrap-blocks
- Installations
- 3,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.3.16
- Severity Score:
- Medium
- CVE:
-
2024-35169
Mihdan: Yandex Turbo Feed
- Plugin:
-
Mihdan: Yandex Turbo Feed
- Plugin Slug:
- mihdan-yandex-turbo-feed
- Installations
- 3,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.6.6
- Severity Score:
- Medium
- CVE:
-
2024-4411
Move Addons for Elementor
- Plugin:
-
Move Addons for Elementor
- Plugin Slug:
- move-addons
- Installations
- 3,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.3.1
- Severity Score:
- Medium
- CVE:
-
2024-34562
Shared Files – Advanced File Sharing & Download Manager with Frontend Uploads & Lead Generation
- Plugin:
-
Shared Files – Advanced File Sharing & Download Manager with Frontend Uploads & Lead Generation
- Plugin Slug:
- shared-files
- Installations
- 3,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.7.20
- Severity Score:
- Medium
- CVE:
-
2024-34438
WooCommerce Wishlist (High customization, fast setup,Free Elementor Wishlist, most features)
- Plugin:
-
WooCommerce Wishlist (High customization, fast setup,Free Elementor Wishlist, most features)
- Plugin Slug:
- smart-wishlist-for-more-convert
- Installations
- 3,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.7.9
- Severity Score:
- Medium
- CVE:
-
2024-34813
WooCommerce Wishlist (High customization, fast setup,Free Elementor Wishlist, most features)
- Plugin:
-
WooCommerce Wishlist (High customization, fast setup,Free Elementor Wishlist, most features)
- Plugin Slug:
- smart-wishlist-for-more-convert
- Installations
- 3,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.7.3
- Severity Score:
- Medium
- CVE:
-
2024-34819
iPages Flipbook For WordPress
- Plugin:
-
iPages Flipbook For WordPress
- Plugin Slug:
- ipages-flipbook
- Installations
- 2,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.5.2
- Severity Score:
- Medium
- CVE:
-
2024-4744
ShopBuilder – Elementor WooCommerce Builder Addons
- Plugin Slug:
- shopbuilder
- Installations
- 2,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 2.1.9
- Severity Score:
- Medium
- CVE:
-
2024-34812
Zotpress
- Plugin:
-
Zotpress
- Plugin Slug:
- zotpress
- Installations
- 2,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 7.3.10
- Severity Score:
- Medium
- CVE:
-
2024-34569
Academy LMS – eLearning and online course solution for WordPress
- Plugin Slug:
- academy
- Installations
- 1,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 1.9.26
- Severity Score:
- Medium
- CVE:
-
2024-35171
Arigato Autoresponder and Newsletter
- Plugin Slug:
- bft-autoresponder
- Installations
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.7.2.4
- Severity Score:
- Medium
- CVE:
-
2024-34823
Church Admin
- Plugin:
-
Church Admin
- Plugin Slug:
- church-admin
- Installations
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 4.2.0
- Severity Score:
- Medium
- CVE:
-
2024-34828
Contact List – Premium Staff Listing, Business Directory & Address Book
- Plugin Slug:
- contact-list
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.9.88
- Severity Score:
- Medium
- CVE:
-
2024-34821
Falang multilanguage for WordPress
- Plugin Slug:
- falang
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.3.50
- Severity Score:
- Medium
- CVE:
-
2024-4417
Ghost
- Plugin:
-
Ghost
- Plugin Slug:
- ghost
- Installations
- 1,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 1.5.0
- Severity Score:
- High
- CVE:
-
2024-34559
Gold Addons for Elementor
- Plugin:
-
Gold Addons for Elementor
- Plugin Slug:
- gold-addons-for-elementor
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.3.0
- Severity Score:
- Medium
- CVE:
-
2024-34563
Dynamics 365 Integration
- Plugin:
-
Dynamics 365 Integration
- Plugin Slug:
- integration-dynamics
- Installations
- 1,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 1.3.18
- Severity Score:
- Medium
- CVE:
-
2024-34550
Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms
- Plugin Slug:
- integration-for-contact-form-7-and-pipedrive
- Installations
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.2.1
- Severity Score:
- Medium
- CVE:
-
2024-34817
SKT Addons for Elementor
- Plugin:
-
SKT Addons for Elementor
- Plugin Slug:
- skt-addons-for-elementor
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.9
- Severity Score:
- Medium
- CVE:
-
2024-34445
SKT Addons for Elementor
- Plugin:
-
SKT Addons for Elementor
- Plugin Slug:
- skt-addons-for-elementor
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.9
- Severity Score:
- Medium
- CVE:
-
2024-34436
Squelch Tabs and Accordions Shortcodes
- Plugin Slug:
- squelch-tabs-and-accordions-shortcodes
- Installations
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 0.4.8
- Severity Score:
- Medium
- CVE:
-
2024-4463
Counter Up – Animated Number Counter & Milestone Showcase
- Plugin Slug:
- wp-counter-up
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.3.0
- Severity Score:
- Medium
- CVE:
-
2024-34564
WP Discourse
- Plugin:
-
WP Discourse
- Plugin Slug:
- wp-discourse
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.5.2
- Severity Score:
- Medium
- CVE:
-
2024-35168
WPCal.io – Easy Meeting Scheduler
- Plugin Slug:
- wpcal
- Installations
- 1,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 0.9.5.9
- Severity Score:
- Medium
- CVE:
-
2024-34816
Barcode Scanner and Inventory manager. POS (Point of Sale) – scan barcodes & create orders with barcode reader.
- Plugin Slug:
- barcode-scanner-lite-pos-to-manage-products-inventory-and-orders
- Installations
- 800+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.5.5
- Severity Score:
- Medium
- CVE:
-
2024-34557
Barcode Scanner and Inventory manager. POS (Point of Sale) – scan barcodes & create orders with barcode reader.
- Plugin Slug:
- barcode-scanner-lite-pos-to-manage-products-inventory-and-orders
- Installations
- 800+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 1.5.5
- Severity Score:
- Medium
- CVE:
-
2024-34556
Sticky banner
- Plugin:
-
Sticky banner
- Plugin Slug:
- sticky-banner
- Installations
- 600+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.3.0
- Severity Score:
- Medium
- CVE:
-
2024-35170
Joli FAQ SEO – WordPress FAQ Plugin
- Plugin Slug:
- joli-faq-seo
- Installations
- 400+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.3.3
- Severity Score:
- Medium
- CVE:
-
2024-4082
Soccer Engine – Soccer Plugin for WordPress
- Plugin Slug:
- soccer-engine-lite
- Installations
- 90+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.13
- Severity Score:
- Medium
- CVE:
-
2024-4312
Hostel
ADFO – Custom data in admin dashboard
- Plugin Slug:
- admin-form
- Installations
- 60+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.9.1
- Severity Score:
- Medium
- CVE:
-
2024-4103
ADFO – Custom data in admin dashboard
- Plugin Slug:
- admin-form
- Installations
- 60+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.9.1
- Severity Score:
- High
- CVE:
-
2024-4104
Z-Downloads
- Plugin:
-
Z-Downloads
- Plugin Slug:
- z-downloads
- Installations
- 60+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 1.11.4
- Severity Score:
- Critical
- CVE:
-
2024-34555
Aiomatic
- Plugin:
-
Aiomatic
- Plugin Slug:
- aiomatic-automatic-ai-content-writer
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.9.4
- Severity Score:
- Medium
- CVE:
-
2024-34435
Breakdance
- Plugin:
-
Breakdance
- Plugin Slug:
- breakdance
- Vulnerability:
- Remote Code Execution (RCE)
- Patched in Version:
- 1.7.2
- Severity Score:
- High
- CVE:
-
2024-4605
Divi Builder
- Plugin:
-
Divi Builder
- Plugin Slug:
- divi-builder
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.25.1
- Severity Score:
- Medium
- CVE:
-
2024-4490
Fancy Product Designer
- Plugin:
-
Fancy Product Designer
- Plugin Slug:
- fancy-product-designer
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 6.1.81
- Severity Score:
- Medium
- CVE:
-
2024-0904
Porto Theme – Functionality
- Plugin:
-
Porto Theme – Functionality
- Plugin Slug:
- porto-functionality
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 3.1.1
- Severity Score:
- Medium
- CVE:
-
2024-3808
Spectra Pro
- Plugin:
-
Spectra Pro
- Plugin Slug:
- spectra-pro
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 1.1.6
- Severity Score:
- High
- CVE:
-
2024-3828
Stockholm Core
- Plugin:
-
Stockholm Core
- Plugin Slug:
- stockholm-core
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 2.4.2
- Severity Score:
- High
- CVE:
-
2024-34554
Stockholm Core
- Plugin:
-
Stockholm Core
- Plugin Slug:
- stockholm-core
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.4.2
- Severity Score:
- High
- CVE:
-
2024-34553
Unyson
- Plugin:
-
Unyson
- Plugin Slug:
- unyson
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 2.7.31
- Severity Score:
- Medium
- CVE:
-
2024-34814
WordPress Themes — 16 Patched
Consus
- Theme:
-
Consus
- Theme Slug:
- consus
- Downloads
- 16,364
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.0.7
- Severity Score:
- Medium
- CVE:
-
2024-34810
EmpowerWP
- Theme:
-
EmpowerWP
- Theme Slug:
- empowerwp
- Downloads
- 219,376
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.0.22
- Severity Score:
- Medium
- CVE:
-
2024-34809
Himalayas
- Theme:
-
Himalayas
- Theme Slug:
- himalayas
- Downloads
- 332,940
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.3.1
- Severity Score:
- Medium
- CVE:
-
2024-34571
Ketos
- Theme:
-
Ketos
- Theme Slug:
- ketos
- Downloads
- 28,703
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.0.6
- Severity Score:
- Medium
- CVE:
-
2024-34810
Mindscape
- Theme:
-
Mindscape
- Theme Slug:
- mindscape
- Downloads
- 41,737
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.0.23
- Severity Score:
- Medium
- CVE:
-
2024-34810
Niveau
- Theme:
-
Niveau
- Theme Slug:
- niveau
- Downloads
- 16,831
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.0.9
- Severity Score:
- Medium
- CVE:
-
2024-34810
Oasis
- Theme:
-
Oasis
- Theme Slug:
- oasis
- Downloads
- 69,511
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.0.13
- Severity Score:
- Medium
- CVE:
-
2024-34810
raindrops
- Theme:
-
raindrops
- Theme Slug:
- raindrops
- Downloads
- 716,615
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.700
- Severity Score:
- Medium
- CVE:
-
2024-34414
Skyline WP
- Theme:
-
Skyline WP
- Theme Slug:
- skyline-wp
- Downloads
- 169,635
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.0.11
- Severity Score:
- Medium
- CVE:
-
2024-34810
Zeka
- Theme:
-
Zeka
- Theme Slug:
- zeka
- Downloads
- 20,249
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.0.10
- Severity Score:
- Medium
- CVE:
-
2024-34810
Divi
- Theme:
-
Divi
- Theme Slug:
- divi
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.25.1
- Severity Score:
- Medium
- CVE:
-
2024-4490
Extra
- Theme:
-
Extra
- Theme Slug:
- extra
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.25.1
- Severity Score:
- Medium
- CVE:
-
2024-4490
Porto
- Theme:
-
Porto
- Theme Slug:
- porto
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 7.1.1
- Severity Score:
- High
- CVE:
-
2024-3806
Porto
- Theme:
-
Porto
- Theme Slug:
- porto
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 7.1.1
- Severity Score:
- Medium
- CVE:
-
2024-3807
Stockholm
- Theme:
-
Stockholm
- Theme Slug:
- stockholm
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 9.7
- Severity Score:
- High
- CVE:
-
2024-34552
Stockholm
- Theme:
-
Stockholm
- Theme Slug:
- stockholm
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 9.7
- Severity Score:
- Critical
- CVE:
-
2024-34551
window[“27011011_8965_4393_8beb_65720bd4bc69”] = {“blockId”:”27011011-8965-4393-8beb-65720bd4bc69″,”className”:””,”heading”:”Solid Security is part of Solid Suite \u2014 The best foundation for WordPress websites.”,”text”:”Every WordPress site needs security, backups, and management tools. That\u2019s Solid Suite \u2014 an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy\u2019s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!”,”buttonText”:”Get Solid Security”,”buttonLink”:”\/pricing”,”buttonTarget”:”_self”,”buttonRel”:””};
Solid Security is part of Solid Suite — The best foundation for WordPress websites.
Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!
The post WordPress Vulnerability Report — May 15, 2024 appeared first on SolidWP.