In this report, 153 vulnerabilities have been publicly disclosed. Security patches for 119 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.
Additionally, there are 34 plugin and themes vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.
window[“587c405a_dfaa_41a6_88a0_cfee675cbc8b”] = {“blockId”:”587c405a-dfaa-41a6-88a0-cfee675cbc8b”,”type”:”warning”,”content”:”
Along with poor user account security, vulnerable plugins and themes are among the top reasons why WordPress websites get hacked. Unfortunately, cyberattacks are increasing in volume and sophistication. They’re also increasingly aimed at small to mid-sized businesses.”,”className”:””};
window[“11f6da05_c970_4d05_89f8_e32f555bf151”] = {“blockId”:”11f6da05-c970-4d05-89f8-e32f555bf151″,”className”:””,”isOpen”:true};
window[“df8d7e80_ec24_4a89_8904_30b2c3f63cb7”] = {“blockId”:”df8d7e80-ec24-4a89-8904-30b2c3f63cb7″,”type”:”notice”,”content”:”
WordPress Core
WordPress 6.5.3 was released on May 7, 2024, as a short-cycle maintenance release. This release features 12 bug fixes on Core and 9 bug fixes for the Block editor.
The next major release will be version 6.6 planned for July 2024.
window[“0307515b_74c4_4623_adaa_9f93addf5eb0”] = {“blockId”:”0307515b-74c4-4623-adaa-9f93addf5eb0″,”text”:”No new core vulnerabilities were disclosed this week.”,”className”:””};
WordPress Plugins — 109 Patched / 33 Unpatched
Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer
- Plugin Slug:
- clearfy
- Installations
- 80,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-34806
Tagembed: Embed Twitter Feed, Google Reviews, YouTube Videos, TikTok, RSS Feed & More Social Media Feeds
- Plugin Slug:
- tagembed-widget
- Installations
- 8,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-34804
Popup Maker – Responsive popup, Exit Intent Pop up, Email Optins, Autoresponder & More
- Plugin Slug:
- popup-maker-wp
- Installations
- 7,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-34770
reCAPTCHA Jetpack
- Plugin:
-
reCAPTCHA Jetpack
- Plugin Slug:
- recaptcha-jetpack
- Installations
- 700+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-3941
reCAPTCHA Jetpack
- Plugin:
-
reCAPTCHA Jetpack
- Plugin Slug:
- recaptcha-jetpack
- Installations
- 700+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-3940
UnGallery
Add Custom CSS and JS
- Plugin:
-
Add Custom CSS and JS
- Plugin Slug:
- add-custom-css-and-js
- Installations
- 10+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-3903
WP Stacker
- Plugin:
-
WP Stacker
- Plugin Slug:
- wp-stacker
- Installations
- 10+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-5003
AdFoxly – Ad Manager, AdSense Ads & Ads.txt
- Plugin:
-
AdFoxly – Ad Manager, AdSense Ads & Ads.txt
- Plugin Slug:
- adfoxly
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-34802
Base64 Encoder/Decoder
- Plugin:
-
Base64 Encoder/Decoder
- Plugin Slug:
- base64-encoderdecoder
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-3824
Base64 Encoder/Decoder
- Plugin:
-
Base64 Encoder/Decoder
- Plugin Slug:
- base64-encoderdecoder
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-3823
Base64 Encoder/Decoder
- Plugin:
-
Base64 Encoder/Decoder
- Plugin Slug:
- base64-encoderdecoder
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-3822
Crafthemes Demo Import
- Plugin:
-
Crafthemes Demo Import
- Plugin Slug:
- crafthemes-demo-import
- Vulnerability:
- Broken Access Control
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-34800
Dextaz Ping
- Plugin:
-
Dextaz Ping
- Plugin Slug:
- dextaz-ping
- Vulnerability:
- Remote Code Execution (RCE)
- Patched in Version:
- No Fix
- Severity Score:
- Critical
- CVE:
-
2024-34792
Elegant Blocks
- Plugin:
-
Elegant Blocks
- Plugin Slug:
- elegant-blocks
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-34769
Fast Custom Social Share by CodeBard
- Plugin:
-
Fast Custom Social Share by CodeBard
- Plugin Slug:
- fast-custom-social-share-by-codebard
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-34807
HL Twitter
- Plugin:
-
HL Twitter
- Plugin Slug:
- hl-twitter
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-3630
HL Twitter
- Plugin:
-
HL Twitter
- Plugin Slug:
- hl-twitter
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-3629
LetterPress
- Plugin:
-
LetterPress
- Plugin Slug:
- letterpress
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-3590
Newsletter Popup
- Plugin:
-
Newsletter Popup
- Plugin Slug:
- newsletter-popup
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-3644
Popup4Phone
- Plugin:
-
Popup4Phone
- Plugin Slug:
- popup4phone
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-3580
Popup4Phone
- Plugin:
-
Popup4Phone
- Plugin Slug:
- popup4phone
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-3231
PopupAlly
- Plugin:
-
PopupAlly
- Plugin Slug:
- popupally
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-34796
Praison SEO WordPress
- Plugin:
-
Praison SEO WordPress
- Plugin Slug:
- seo-wordpress
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-34801
Simple Popup Manager
- Plugin:
-
Simple Popup Manager
- Plugin Slug:
- simple-popup-manager
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-34797
SP Project & Document Manager
- Plugin:
-
SP Project & Document Manager
- Plugin Slug:
- sp-client-document-manager
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-3748
SP Project & Document Manager
- Plugin:
-
SP Project & Document Manager
- Plugin Slug:
- sp-client-document-manager
- Vulnerability:
- Directory Traversal
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-1693
Tainacan
- Plugin:
-
Tainacan
- Plugin Slug:
- tainacan
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-34795
Tainacan
- Plugin:
-
Tainacan
- Plugin Slug:
- tainacan
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- High
- CVE:
-
2024-34794
WP Backpack
- Plugin:
-
WP Backpack
- Plugin Slug:
- wp-backpack
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-4756
WP Next Post Navi
- Plugin:
-
WP Next Post Navi
- Plugin Slug:
- wp-next-post-navi
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-34793
WP Prayer
- Plugin:
-
WP Prayer
- Plugin Slug:
- wp-prayer
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-3405
WPB Elementor Addons
- Plugin:
-
WPB Elementor Addons
- Plugin Slug:
- wpb-elementor-addons
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-34791
Elementor Website Builder – More than Just a Page Builder
- Plugin Slug:
- elementor
- Installations
- 5,000,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.21.6
- Severity Score:
- Medium
- CVE:
-
2024-4619
Yoast SEO
Jetpack – WP Security, Backup, Speed, & Growth
- Plugin Slug:
- jetpack
- Installations
- 4,000,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 13.4
- Severity Score:
- Medium
- CVE:
-
2024-4392
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
- Plugin:
-
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
- Plugin Slug:
- essential-addons-for-elementor-lite
- Installations
- 2,000,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.9.16
- Severity Score:
- Medium
- CVE:
-
2024-34764
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
- Plugin:
-
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
- Plugin Slug:
- essential-addons-for-elementor-lite
- Installations
- 2,000,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.9.21
- Severity Score:
- Medium
- CVE:
-
2024-4624
Rank Math SEO with AI Best SEO Tools
- Plugin Slug:
- seo-by-rank-math
- Installations
- 2,000,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.0.219-beta
- Severity Score:
- Medium
- CVE:
-
2024-4617
Elementor Header & Footer Builder
- Plugin Slug:
- header-footer-elementor
- Installations
- 1,000,000+
- Vulnerability:
- Content Injection
- Patched in Version:
- 1.6.27
- Severity Score:
- Medium
- CVE:
-
2024-2619
Elementor Header & Footer Builder
- Plugin Slug:
- header-footer-elementor
- Installations
- 1,000,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.6.29
- Severity Score:
- Medium
- CVE:
-
2024-4634
Page Builder by SiteOrigin
- Plugin:
-
Page Builder by SiteOrigin
- Plugin Slug:
- siteorigin-panels
- Installations
- 700,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.29.16
- Severity Score:
- Medium
- CVE:
-
2024-4361
The Events Calendar
- Plugin:
-
The Events Calendar
- Plugin Slug:
- the-events-calendar
- Installations
- 700,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 6.4.0.1
- Severity Score:
- High
- CVE:
-
2024-4180
WP Shortcodes Plugin — Shortcodes Ultimate
- Plugin Slug:
- shortcodes-ultimate
- Installations
- 600,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 7.1.6
- Severity Score:
- Medium
- CVE:
-
2024-4553
WP Shortcodes Plugin — Shortcodes Ultimate
- Plugin Slug:
- shortcodes-ultimate
- Installations
- 600,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 7.1.2
- Severity Score:
- Medium
- CVE:
-
2024-3548
NextGEN Gallery – Create an Amazing Photo Gallery in Seconds
- Plugin Slug:
- nextgen-gallery
- Installations
- 500,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.59.1
- Severity Score:
- Medium
- CVE:
-
2024-2744
Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder
- Plugin Slug:
- fluentform
- Installations
- 400,000+
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 5.1.17
- Severity Score:
- Critical
- CVE:
-
2024-2771
Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder
- Plugin Slug:
- fluentform
- Installations
- 400,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 5.1.17
- Severity Score:
- High
- CVE:
-
2024-2782
Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder
- Plugin Slug:
- fluentform
- Installations
- 400,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.1.14
- Severity Score:
- Medium
- CVE:
-
2024-2772
Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder
- Plugin Slug:
- fluentform
- Installations
- 400,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.1.17
- Severity Score:
- Medium
- CVE:
-
2024-4709
Happy Addons for Elementor
- Plugin:
-
Happy Addons for Elementor
- Plugin Slug:
- happy-elementor-addons
- Installations
- 400,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.10.9
- Severity Score:
- Medium
- CVE:
-
2024-4865
Happy Addons for Elementor
- Plugin:
-
Happy Addons for Elementor
- Plugin Slug:
- happy-elementor-addons
- Installations
- 400,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.10.8
- Severity Score:
- Medium
- CVE:
-
2024-4478
Gutenberg Blocks with AI by Kadence WP – Page Builder Features
- Plugin Slug:
- kadence-blocks
- Installations
- 400,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.2.37
- Severity Score:
- Medium
- CVE:
-
2024-4057
Gutenberg Blocks with AI by Kadence WP – Page Builder Features
- Plugin Slug:
- kadence-blocks
- Installations
- 400,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.2.38
- Severity Score:
- Medium
- CVE:
-
2024-3189
Password Protected – Ultimate Plugin to Protect WordPress Site, Pages & WooCommerce Store
- Plugin Slug:
- password-protected
- Installations
- 400,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.6.7
- Severity Score:
- Medium
- CVE:
-
2024-0437
Royal Elementor Addons and Templates
- Plugin Slug:
- royal-elementor-addons
- Installations
- 300,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.3.975
- Severity Score:
- Medium
- CVE:
-
2024-3887
Menu Icons by ThemeIsle
- Plugin:
-
Menu Icons by ThemeIsle
- Plugin Slug:
- menu-icons
- Installations
- 200,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 0.13.14
- Severity Score:
- Medium
- CVE:
-
2024-4635
Image Optimization by Optimole – Lazy Load, CDN, Convert WebP & AVIF
- Plugin Slug:
- optimole-wp
- Installations
- 200,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.13.0
- Severity Score:
- Medium
- CVE:
-
2024-4636
Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates
- Plugin Slug:
- essential-blocks
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.5.13
- Severity Score:
- Medium
- CVE:
-
2024-4891
GiveWP – Donation Plugin and Fundraising Platform
- Plugin Slug:
- give
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.11.0
- Severity Score:
- Medium
- CVE:
-
2024-3714
HT Mega – Absolute Addons For Elementor
- Plugin Slug:
- ht-mega-for-elementor
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.5.3
- Severity Score:
- Medium
- CVE:
-
2024-4876
HT Mega – Absolute Addons For Elementor
- Plugin Slug:
- ht-mega-for-elementor
- Installations
- 100,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.5.3
- Severity Score:
- Medium
- CVE:
-
2024-4875
ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor)
- Plugin Slug:
- woolentor-addons
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.8.9
- Severity Score:
- Medium
- CVE:
-
2024-3345
ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor)
- Plugin Slug:
- woolentor-addons
- Installations
- 100,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.8.9
- Severity Score:
- High
- CVE:
-
2024-4566
ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor)
- Plugin Slug:
- woolentor-addons
- Installations
- 100,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.8.8
- Severity Score:
- Medium
- CVE:
-
2024-34767
Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce
- Plugin Slug:
- email-subscribers
- Installations
- 90,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 5.7.20
- Severity Score:
- High
- CVE:
-
2024-4010
iframe
- Plugin:
-
iframe
- Plugin Slug:
- iframe
- Installations
- 90,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 5.1
- Severity Score:
- Medium
- CVE:
-
2024-34805
Master Slider – Responsive Touch Slider
- Plugin Slug:
- master-slider
- Installations
- 90,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.9.10
- Severity Score:
- Medium
- CVE:
-
2024-4470
Import and export users and customers
- Plugin Slug:
- import-users-from-csv-with-meta
- Installations
- 80,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.26.7
- Severity Score:
- Medium
- CVE:
-
2024-4656
Post and Page Builder by BoldGrid – Visual Drag and Drop Editor
- Plugin Slug:
- post-and-page-builder
- Installations
- 80,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.26.5
- Severity Score:
- Medium
- CVE:
-
2024-4400
Sydney Toolbox
- Plugin:
-
Sydney Toolbox
- Plugin Slug:
- sydney-toolbox
- Installations
- 80,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.32
- Severity Score:
- Medium
- CVE:
-
2024-4473
Tutor LMS – eLearning and online course solution
- Plugin Slug:
- tutor
- Installations
- 80,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.7.1
- Severity Score:
- High
- CVE:
-
2024-4223
Tutor LMS – eLearning and online course solution
- Plugin Slug:
- tutor
- Installations
- 80,000+
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- 2.7.1
- Severity Score:
- Medium
- CVE:
-
2024-4279
Tutor LMS – eLearning and online course solution
- Plugin Slug:
- tutor
- Installations
- 80,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 2.7.1
- Severity Score:
- High
- CVE:
-
2024-4318
Visual Portfolio, Photo Gallery & Post Grid
- Plugin Slug:
- visual-portfolio
- Installations
- 70,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.3.3
- Severity Score:
- Medium
- CVE:
-
2024-4363
Exclusive Addons for Elementor
- Plugin:
-
Exclusive Addons for Elementor
- Plugin Slug:
- exclusive-addons-for-elementor
- Installations
- 60,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.6.9.7
- Severity Score:
- Medium
- CVE:
-
2024-4618
WP Table Builder – WordPress Table Plugin
- Plugin Slug:
- wp-table-builder
- Installations
- 60,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.4.15
- Severity Score:
- Medium
- CVE:
-
2024-4700
Order Export & Order Import for WooCommerce
- Plugin Slug:
- order-import-export-for-woocommerce
- Installations
- 50,000+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 2.5.0
- Severity Score:
- Medium
- CVE:
-
2024-34751
Ultimate Blocks – WordPress Blocks Plugin
- Plugin Slug:
- ultimate-blocks
- Installations
- 50,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.1.7
- Severity Score:
- Medium
- CVE:
-
2024-3241
DethemeKit For Elementor
- Plugin:
-
DethemeKit For Elementor
- Plugin Slug:
- dethemekit-for-elementor
- Installations
- 40,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.1.4
- Severity Score:
- Medium
- CVE:
-
2024-4374
DethemeKit For Elementor
- Plugin:
-
DethemeKit For Elementor
- Plugin Slug:
- dethemekit-for-elementor
- Installations
- 40,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.1.3
- Severity Score:
- Medium
- CVE:
-
2024-34575
Piotnet Addons For Elementor
- Plugin:
-
Piotnet Addons For Elementor
- Plugin Slug:
- piotnet-addons-for-elementor
- Installations
- 40,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.4.28
- Severity Score:
- Medium
- CVE:
-
2024-4432
Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks
- Plugin:
-
Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks
- Plugin Slug:
- post-grid
- Installations
- 40,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.2.81
- Severity Score:
- Medium
- CVE:
-
2024-3155
Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor
- Plugin Slug:
- master-addons
- Installations
- 30,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.0.6.1
- Severity Score:
- Medium
- CVE:
-
2024-3134
Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin
- Plugin Slug:
- simply-schedule-appointments
- Installations
- 30,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.6.7.18
- Severity Score:
- Medium
- CVE:
-
2024-4288
Visualizer: Tables and Charts Manager for WordPress
- Plugin Slug:
- visualizer
- Installations
- 30,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 3.11.0
- Severity Score:
- High
- CVE:
-
2024-3750
All-in-One Video Gallery
- Plugin:
-
All-in-One Video Gallery
- Plugin Slug:
- all-in-one-video-gallery
- Installations
- 20,000+
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 3.7.0
- Severity Score:
- High
- CVE:
-
2024-4670
Envo Extra
- Plugin:
-
Envo Extra
- Plugin Slug:
- envo-extra
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.8.17
- Severity Score:
- Medium
- CVE:
-
2024-4385
Logo Slider – Logo Carousel, Logo Showcase & Client Logo Slider WordPress Plugin
- Plugin Slug:
- logo-slider-wp
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 4.0.0
- Severity Score:
- Medium
- CVE:
-
2024-3288
Post Grid Elementor Addon
- Plugin:
-
Post Grid Elementor Addon
- Plugin Slug:
- post-grid-elementor-addon
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.0.17
- Severity Score:
- Medium
- CVE:
-
2024-34789
WPZOOM Addons for Elementor (Templates, Widgets)
- Plugin Slug:
- wpzoom-elementor-addons
- Installations
- 20,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.1.37
- Severity Score:
- Medium
- CVE:
-
2024-4370
BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin
- Plugin Slug:
- bookingpress-appointment-booking
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.0.83
- Severity Score:
- Medium
- CVE:
-
2024-34799
Mega Elements – Addons for Elementor
- Plugin Slug:
- mega-elements-addons-for-elementor
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.2.2
- Severity Score:
- Medium
- CVE:
-
2024-4702
Landing Page Builder – Coming Soon page, Maintenance Mode, Lead Page, WordPress Landing Pages
- Plugin:
-
Landing Page Builder – Coming Soon page, Maintenance Mode, Lead Page, WordPress Landing Pages
- Plugin Slug:
- page-builder-add
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.5.1.9
- Severity Score:
- High
- CVE:
-
2024-34752
ReviewX – Multi-criteria Rating & Reviews for WooCommerce
- Plugin Slug:
- reviewx
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.6.28
- Severity Score:
- Medium
- CVE:
-
2024-3609
Simple Basic Contact Form
- Plugin:
-
Simple Basic Contact Form
- Plugin Slug:
- simple-basic-contact-form
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 20240511
- Severity Score:
- Medium
- CVE:
-
2024-4144
140+ Widgets | Best Addons For Elementor – FREE
- Plugin Slug:
- xpro-elementor-addons
- Installations
- 10,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.4.3.1
- Severity Score:
- Medium
- CVE:
-
2024-4440
YITH WooCommerce Gift Cards
- Plugin:
-
YITH WooCommerce Gift Cards
- Plugin Slug:
- yith-woocommerce-gift-cards
- Installations
- 10,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.13.0
- Severity Score:
- Medium
- CVE:
-
2024-0870
Alt Text AI – Automatically generate image alt text for SEO and accessibility
- Plugin Slug:
- alttext-ai
- Installations
- 9,000+
- Vulnerability:
- SQL Injection
- Patched in Version:
- 1.5.0
- Severity Score:
- High
- CVE:
-
2024-4847
WP SMS – Messaging, SMS & MMS Notifications, 2FA & OTP for WordPress, WooCommerce, GravityForms, etc
- Plugin:
-
WP SMS – Messaging, SMS & MMS Notifications, 2FA & OTP for WordPress, WooCommerce, GravityForms, etc
- Plugin Slug:
- wp-sms
- Installations
- 9,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 6.5.2
- Severity Score:
- Medium
- CVE:
-
2024-34811
VikBooking Hotel Booking Engine & PMS
- Plugin Slug:
- vikbooking
- Installations
- 8,000+
- Vulnerability:
- Insecure Direct Object References (IDOR)
- Patched in Version:
- 1.6.8
- Severity Score:
- Medium
- CVE:
-
2024-2441
Integration for HubSpot and Contact Form 7, WPForms, Elementor, Ninja Forms
- Plugin Slug:
- cf7-hubspot
- Installations
- 7,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.3.2
- Severity Score:
- Medium
- CVE:
-
2024-34756
WP Compress – Image Optimizer [All-In-One]
- Plugin Slug:
- wp-compress-image-optimizer
- Installations
- 7,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 6.20.02
- Severity Score:
- Medium
- CVE:
-
2024-4445
WP Compress – Image Optimizer [All-In-One]
- Plugin Slug:
- wp-compress-image-optimizer
- Installations
- 7,000+
- Vulnerability:
- Open Redirection
- Patched in Version:
- 6.20.02
- Severity Score:
- Medium
- CVE:
-
2023-6812
Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg
- Plugin Slug:
- borderless
- Installations
- 6,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.5.4
- Severity Score:
- Medium
- CVE:
-
2024-34757
Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg
- Plugin Slug:
- borderless
- Installations
- 6,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.5.4
- Severity Score:
- Medium
- CVE:
-
2024-4666
JCH Optimize
- Plugin:
-
JCH Optimize
- Plugin Slug:
- jch-optimize
- Installations
- 6,000+
- Vulnerability:
- Path Traversal
- Patched in Version:
- 4.2.1
- Severity Score:
- Medium
- CVE:
-
2024-34808
Radio Player – Live Shoutcast, Icecast and Any Audio Stream Player for WordPress
- Plugin Slug:
- radio-player
- Installations
- 6,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.0.74
- Severity Score:
- Medium
- CVE:
-
2024-34753
Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library )
- Plugin Slug:
- magical-addons-for-elementor
- Installations
- 5,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.1.38
- Severity Score:
- Medium
- CVE:
-
2024-2923
Magazine Blocks – Blog Designer, Magazine & Newspaper Website Builder, Page Builder with Posts Blocks, Post Grid
- Plugin Slug:
- magazine-blocks
- Installations
- 4,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.3.7
- Severity Score:
- Medium
- CVE:
-
2024-34760
Move Addons for Elementor
- Plugin:
-
Move Addons for Elementor
- Plugin Slug:
- move-addons
- Installations
- 3,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.3.2
- Severity Score:
- Medium
- CVE:
-
2024-4695
YouTube Video Gallery by YouTube Showcase – Video Gallery Plugin for WordPress
- Plugin Slug:
- youtube-showcase
- Installations
- 3,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 3.4.0
- Severity Score:
- Medium
- CVE:
-
2024-3268
Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms
- Plugin Slug:
- cf7-salesforce
- Installations
- 2,000+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.4.0
- Severity Score:
- Medium
- CVE:
-
2024-34755
Debug Log – Manger Tool
- Plugin:
-
Debug Log – Manger Tool
- Plugin Slug:
- debug-log-config-tool
- Installations
- 2,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 1.5
- Severity Score:
- Medium
- CVE:
-
2024-34798
FundEngine – Donation and Crowdfunding Platform
- Plugin Slug:
- wp-fundraising-donation
- Installations
- 2,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.7.0
- Severity Score:
- Medium
- CVE:
-
2024-34758
Kognetiks Chatbot for WordPress
- Plugin:
-
Kognetiks Chatbot for WordPress
- Plugin Slug:
- chatbot-chatgpt
- Installations
- 1,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 2.0.1
- Severity Score:
- Critical
- CVE:
-
2024-32700
Copymatic – AI Content Writer & Generator
- Plugin Slug:
- copymatic
- Installations
- 1,000+
- Vulnerability:
- Arbitrary File Upload
- Patched in Version:
- 1.7
- Severity Score:
- Critical
- CVE:
-
2024-31351
Custom Post Type Attachment
- Plugin:
-
Custom Post Type Attachment
- Plugin Slug:
- custom-post-type-pdf-attachment
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.4.6
- Severity Score:
- Medium
- CVE:
-
2024-4546
Fastly
- Plugin:
-
Fastly
- Plugin Slug:
- fastly
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.2.26
- Severity Score:
- Medium
- CVE:
-
2024-34803
Fastly
- Plugin:
-
Fastly
- Plugin Slug:
- fastly
- Installations
- 1,000+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.2.26
- Severity Score:
- Medium
- CVE:
-
2024-34768
Contact Form Widget – Contact Query, Contact Page, Form Maker, Query Table
- Plugin Slug:
- new-contact-form-widget
- Installations
- 1,000+
- Vulnerability:
- Sensitive Data Exposure
- Patched in Version:
- 1.4.0
- Severity Score:
- Medium
- CVE:
-
2024-34754
Save as PDF Plugin by Pdfcrowd
- Plugin:
-
Save as PDF Plugin by Pdfcrowd
- Plugin Slug:
- save-as-pdf-by-pdfcrowd
- Installations
- 1,000+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.2.0
- Severity Score:
- Medium
- CVE:
-
2023-5971
ShiftController Employee Shift Scheduling
- Plugin Slug:
- shiftcontroller
- Installations
- 1,000+
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 4.9.58
- Severity Score:
- High
- CVE:
-
2024-4733
Popup Builder
- Plugin:
-
Popup Builder
- Plugin Slug:
- easy-notify-lite
- Installations
- 700+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.1.30
- Severity Score:
- Medium
- CVE:
-
2024-34567
Picture Gallery – Frontend Image Uploads, AJAX Photo List
- Plugin Slug:
- picture-gallery
- Installations
- 400+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.5.12
- Severity Score:
- Medium
- CVE:
-
2024-34759
Popup – Popup More Popups
- Plugin:
-
Popup – Popup More Popups
- Plugin Slug:
- popup-more
- Installations
- 400+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.3.3
- Severity Score:
- Medium
- CVE:
-
2024-32800
Builder for WooCommerce product reviews shortcodes – ReviewShort
- Plugin Slug:
- woo-product-reviews-shortcode
- Installations
- 300+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 1.01.6
- Severity Score:
- Medium
- CVE:
-
2024-34763
Bulk Posts Editing For WordPress
- Plugin:
-
Bulk Posts Editing For WordPress
- Plugin Slug:
- ithemeland-bulk-posts-editing-lite
- Installations
- 200+
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 4.2.4
- Severity Score:
- Medium
- CVE:
-
2024-4204
Bulk Posts Editing For WordPress
- Plugin:
-
Bulk Posts Editing For WordPress
- Plugin Slug:
- ithemeland-bulk-posts-editing-lite
- Installations
- 200+
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 4.2.4
- Severity Score:
- Medium
- CVE:
-
2024-4199
month name translation benaceur
- Plugin:
-
month name translation benaceur
- Plugin Slug:
- month-name-translation-benaceur
- Installations
- 200+
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2.3.8
- Severity Score:
- Medium
- CVE:
-
2024-3634
Advanced Custom Fields PRO
- Plugin:
-
Advanced Custom Fields PRO
- Plugin Slug:
- advanced-custom-fields-pro
- Vulnerability:
- Arbitrary Code Execution
- Patched in Version:
- 6.2.10
- Severity Score:
- High
- CVE:
-
2024-34761
Advanced Custom Fields PRO
- Plugin:
-
Advanced Custom Fields PRO
- Plugin Slug:
- advanced-custom-fields-pro
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 6.2.10
- Severity Score:
- Critical
- CVE:
-
2024-34762
ConvertPlus
- Plugin:
-
ConvertPlus
- Plugin Slug:
- convertplug
- Vulnerability:
- PHP Object Injection
- Patched in Version:
- 3.5.26.1
- Severity Score:
- High
- CVE:
-
2024-4838
Cost Calculator Builder Pro
- Plugin:
-
Cost Calculator Builder Pro
- Plugin Slug:
- cost-calculator-builder-pro
- Vulnerability:
- Server Side Request Forgery (SSRF)
- Patched in Version:
- 3.1.73
- Severity Score:
- Medium
- CVE:
-
2024-4789
ElementsKit Pro
- Plugin:
-
ElementsKit Pro
- Plugin Slug:
- elementskit
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.6.2
- Severity Score:
- Medium
- CVE:
-
2024-4452
Penci Soledad Data Migrator
- Plugin:
-
Penci Soledad Data Migrator
- Plugin Slug:
- penci-data-migrator
- Vulnerability:
- Local File Inclusion
- Patched in Version:
- 1.3.1
- Severity Score:
- Critical
- CVE:
-
2024-3551
Swift Framework Page Builder
- Plugin:
-
Swift Framework Page Builder
- Plugin Slug:
- socialdriver-framework
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 2024.0.0
- Severity Score:
- Medium
- CVE:
-
2024-2697
Tutor LMS Pro
- Plugin:
-
Tutor LMS Pro
- Plugin Slug:
- tutor-pro
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.7.1
- Severity Score:
- High
- CVE:
-
2024-4352
Tutor LMS Pro
- Plugin:
-
Tutor LMS Pro
- Plugin Slug:
- tutor-pro
- Vulnerability:
- Broken Access Control
- Patched in Version:
- 2.7.1
- Severity Score:
- High
- CVE:
-
2024-4222
Tutor LMS Pro
- Plugin:
-
Tutor LMS Pro
- Plugin Slug:
- tutor-pro
- Vulnerability:
- Privilege Escalation
- Patched in Version:
- 2.7.1
- Severity Score:
- High
- CVE:
-
2024-4351
Uber Menu
- Plugin:
-
Uber Menu
- Plugin Slug:
- ubermenu
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.8.3
- Severity Score:
- Medium
- CVE:
-
2024-4710
Automatic
- Plugin:
-
Automatic
- Plugin Slug:
- wp-automatic
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 3.95.0
- Severity Score:
- Medium
- CVE:
-
2024-4849
WordPress Themes — 10 Patched / 1 Unpatched
ImageMagick Sharpen Resized Images
- Theme:
-
ImageMagick Sharpen Resized Images
- Theme Slug:
- imagemagick-sharpen-resized-images
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- No Fix
- Severity Score:
- Medium
- CVE:
-
2024-34790
Blocksy
ChaosTheory
- Theme:
-
ChaosTheory
- Theme Slug:
- chaostheory
- Downloads
- 441,334
- Vulnerability:
- Cross Site Scripting (XSS)
- Patched in Version:
- 1.3.2
- Severity Score:
- Medium
- CVE:
-
2024-34766
Consus
- Theme:
-
Consus
- Theme Slug:
- consus
- Downloads
- 16,413
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.0.7
- Severity Score:
- Medium
- CVE:
-
2024-34810
EmpowerWP
- Theme:
-
EmpowerWP
- Theme Slug:
- empowerwp
- Downloads
- 219,617
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.0.22
- Severity Score:
- Medium
- CVE:
-
2024-34809
Ketos
- Theme:
-
Ketos
- Theme Slug:
- ketos
- Downloads
- 28,821
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.0.6
- Severity Score:
- Medium
- CVE:
-
2024-34810
Mindscape
- Theme:
-
Mindscape
- Theme Slug:
- mindscape
- Downloads
- 42,404
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.0.23
- Severity Score:
- Medium
- CVE:
-
2024-34810
Niveau
- Theme:
-
Niveau
- Theme Slug:
- niveau
- Downloads
- 16,949
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.0.9
- Severity Score:
- Medium
- CVE:
-
2024-34810
Oasis
- Theme:
-
Oasis
- Theme Slug:
- oasis
- Downloads
- 69,561
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.0.13
- Severity Score:
- Medium
- CVE:
-
2024-34810
Skyline WP
- Theme:
-
Skyline WP
- Theme Slug:
- skyline-wp
- Downloads
- 169,826
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.0.11
- Severity Score:
- Medium
- CVE:
-
2024-34810
Zeka
- Theme:
-
Zeka
- Theme Slug:
- zeka
- Downloads
- 20,361
- Vulnerability:
- Cross Site Request Forgery (CSRF)
- Patched in Version:
- 1.0.10
- Severity Score:
- Medium
- CVE:
-
2024-34810
window[“98929d30_4e56_4573_ada9_2473c5bdf5a9”] = {“blockId”:”98929d30-4e56-4573-ada9-2473c5bdf5a9″,”className”:””,”heading”:”Solid Security is part of Solid Suite \u2014 The best foundation for WordPress websites.”,”text”:”Every WordPress site needs security, backups, and management tools. That\u2019s Solid Suite \u2014 an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy\u2019s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!”,”buttonText”:”Get Solid Security”,”buttonLink”:”\/pricing”,”buttonTarget”:”_self”,”buttonRel”:””};
Solid Security is part of Solid Suite — The best foundation for WordPress websites.
Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!
The post WordPress Vulnerability Report — May 22, 2024 appeared first on SolidWP.