WordPress Vulnerability Report � March 27, 2024

In this report, 209 vulnerabilities have been publicly disclosed. Security patches for 190 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 19 plugin and theme vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

WordPress Core

WordPress 6.4.3 was released on January 30, 2024, as a short-cycle maintenance and security release with five bug fixes in Core and 16 bug fixes for the Block Editor. It is recommended that you update your sites immediately.

WordPress Plugins � 182 Patched / 18 Unpatched

Plugin:: Create by Mediavine
Plugin Slug:: mediavine-create
Installations: 8,000+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-1711

Plugin:: Coming Soon & Maintenance Mode by Colorlib
Plugin Slug:: colorlib-coming-soon-maintenance
Installations: 7,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-1473

Plugin:: Travelpayouts: All Travel Brands in One Place
Plugin Slug:: travelpayouts
Installations: 7,000+
Vulnerability:: Open Redirection
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-0337

Plugin:: Advanced Social Feeds Widget & Shortcode
Plugin Slug:: advanced-facebook-twitter-widget
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-0951

Plugin:: Animated Headline
Plugin Slug:: animated-headline
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-2304

Plugin:: Easy Maintenance Mode
Plugin Slug:: easy-maintenance-mode-coming-soon
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-1477

Plugin:: Enjoy Social Feed plugin for WordPress website
Plugin Slug:: enjoy-instagram-instagram-responsive-images-gallery-and-carousel
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-0780

Plugin:: Enjoy Social Feed plugin for WordPress website
Plugin Slug:: enjoy-instagram-instagram-responsive-images-gallery-and-carousel
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-0779

Plugin:: Innovs HR
Plugin Slug:: innovs-hr-manager
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-0858

Plugin:: Network Summary
Plugin Slug:: network-summary
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-2804

Plugin:: Scalable Vector Graphics (SVG)
Plugin Slug:: scalable-vector-graphics-svg
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2023-7085

Plugin:: Social Media Share Buttons
Plugin Slug:: social-media-builder
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-2721

Plugin:: Standout Color Boxes and Buttons
Plugin Slug:: standout-color-boxes-and-buttons
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-2474

Plugin:: UX Flat
Plugin Slug:: ux-flat
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-2459

Plugin:: Website Article Monetization By MageNet
Plugin Slug:: website-article-monetization-by-magenet
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-1379

Plugin:: Management App for WooCommerce
Plugin Slug:: wemanage-app-worker
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-1205

Plugin:: Live Sales Notification for Woocommerce – Woomotiv
Plugin Slug:: woomotiv
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-1325

Plugin:: Youzify Buddypress Moderation
Plugin Slug:: youzify-moderation
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-2864

Plugin:: Essential Addons for Elementor � Best Elementor Templates, Widgets, Kits & WooCommerce Builders
Plugin Slug:: essential-addons-for-elementor-lite
Installations: 2,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.9.12
Severity Score:: Medium
CVE:: 2024-2623

Plugin:: Rank Math SEO with AI SEO Tools
Plugin Slug:: seo-by-rank-math
Installations: 2,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.215
Severity Score:: Medium
CVE:: 2024-2536

Plugin:: File Manager
Plugin Slug:: wp-file-manager
Installations: 1,000,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 7.2.5
Severity Score:: High
CVE:: 2024-1538

Plugin:: Popup Maker � Popup for opt-ins, lead gen, & more
Plugin Slug:: popup-maker
Installations: 700,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.18.3
Severity Score:: Medium
CVE:: 2024-2336

Plugin:: Page Builder by SiteOrigin
Plugin Slug:: siteorigin-panels
Installations: 700,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.29.7
Severity Score:: Medium
CVE:: 2024-2202

Plugin:: Forminator � Contact Form, Payment Form & Custom Form Builder
Plugin Slug:: forminator
Installations: 500,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.29.1
Severity Score:: High
CVE:: 2024-29777

Plugin:: Page Builder Gutenberg Blocks � CoBlocks
Plugin Slug:: coblocks
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1.7
Severity Score:: Medium
CVE:: 2024-1049

Plugin:: Gutenberg Blocks by Kadence Blocks � Page Builder Features
Plugin Slug:: kadence-blocks
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.26
Severity Score:: Medium
CVE:: 2024-1999

Plugin:: WP Go Maps (formerly WP Google Maps)
Plugin Slug:: wp-google-maps
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 9.0.30
Severity Score:: High
CVE:: 2024-29931

Plugin:: Breeze � WordPress Cache Plugin
Plugin Slug:: breeze
Installations: 300,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.4
Severity Score:: Medium
CVE:: 2024-27188

Plugin:: PDF Embedder
Plugin Slug:: pdf-embedder
Installations: 300,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.7.1
Severity Score:: Medium
CVE:: 2024-29141

Plugin:: Pretty Links � Affiliate Links, Link Branding, Link Tracking & Marketing Plugin
Plugin Slug:: pretty-link
Installations: 300,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.6.4
Severity Score:: Medium
CVE:: 2024-2326

Plugin:: Pretty Links � Affiliate Links, Link Branding, Link Tracking & Marketing Plugin
Plugin Slug:: pretty-link
Installations: 300,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.6.3
Severity Score:: High
CVE:: 2024-29770

Plugin:: SEOPress � On-site SEO
Plugin Slug:: wp-seopress
Installations: 300,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.6
Severity Score:: Medium
CVE:: 2024-2165

Plugin:: Blocksy Companion
Plugin Slug:: blocksy-companion
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.32
Severity Score:: Medium
CVE:: 2024-2392

Plugin:: WooCommerce Checkout & Funnel Builder by CartFlows � Create High Converting Stores For WooCommerce
Plugin Slug:: cartflows
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.2
Severity Score:: Medium
CVE:: 2024-29813

Plugin:: Jeg Elementor Kit
Plugin Slug:: jeg-elementor-kit
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.3
Severity Score:: Medium
CVE:: 2024-1326

Plugin:: Page Builder: Pagelayer � Drag and Drop website builder
Plugin Slug:: pagelayer
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8.5
Severity Score:: Medium
CVE:: 2024-2504

Plugin:: Popup Builder � Create highly converting, mobile friendly marketing popups.
Plugin Slug:: popup-builder
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.2.7
Severity Score:: Medium
CVE:: 2024-30184

Plugin:: Unlimited Elements For Elementor (Free Widgets, Addons, Templates)
Plugin Slug:: unlimited-elements-for-elementor
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.94
Severity Score:: High
CVE:: 2024-29792

Plugin:: PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer � DearFlip
Plugin Slug:: 3d-flipbook-dflip-lite
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.27
Severity Score:: Medium
CVE:: 2024-29807

Plugin:: Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)
Plugin Slug:: bdthemes-element-pack-lite
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.5.4
Severity Score:: Medium
CVE:: 2024-30185

Plugin:: Prime Slider � Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider)
Plugin Slug:: bdthemes-prime-slider-lite
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.13.2
Severity Score:: Medium
CVE:: 2024-30186

Plugin:: Check & Log Email
Plugin Slug:: check-email
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.0.10
Severity Score:: High
CVE:: 2024-0866

Plugin:: GiveWP � Donation Plugin and Fundraising Platform
Plugin Slug:: give
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.6.0
Severity Score:: Medium
CVE:: 2024-1424

Plugin:: HT Mega � Absolute Addons For Elementor
Plugin Slug:: ht-mega-for-elementor
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.4
Severity Score:: Medium
CVE:: 2024-30182

Plugin:: Qi Addons For Elementor
Plugin Slug:: qi-addons-for-elementor
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.8
Severity Score:: Medium
CVE:: 2024-0826

Plugin:: SEO Plugin by Squirrly SEO
Plugin Slug:: squirrly-seo
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 12.3.17
Severity Score:: High
CVE:: 2024-29790

Plugin:: Tracking Code Manager
Plugin Slug:: tracking-code-manager
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.0
Severity Score:: Medium
CVE:: 2024-2579

Plugin:: VK All in One Expansion Unit
Plugin Slug:: vk-all-in-one-expansion-unit
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 9.97.0.0
Severity Score:: Medium
CVE:: 2024-2170

Plugin:: EmbedPress � Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor
Plugin Slug:: embedpress
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.9.13
Severity Score:: Medium
CVE:: 2024-2468

Plugin:: Widget for Social Page Feeds
Plugin Slug:: facebook-pagelike-widget
Installations: 80,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.4
Severity Score:: Medium
CVE:: 2024-0973

Plugin:: Permalink Manager Pro
Plugin Slug:: permalink-manager
Installations: 80,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.4.3.2
Severity Score:: Medium
CVE:: 2024-2543

Plugin:: Permalink Manager Pro
Plugin Slug:: permalink-manager
Installations: 80,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.3.2
Severity Score:: High
CVE:: 2024-2738

Plugin:: Permalink Manager Pro
Plugin Slug:: permalink-manager
Installations: 80,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.4.3.2
Severity Score:: Low
CVE:: 2024-2538

Plugin:: Real Media Library: Media Library Folder & File Manager
Plugin Slug:: real-media-library-lite
Installations: 80,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.22.8
Severity Score:: Medium
CVE:: 2024-2027

Plugin:: Media Library Assistant
Plugin Slug:: media-library-assistant
Installations: 70,000+
Vulnerability:: SQL Injection
Patched in Version:: 3.14
Severity Score:: High
CVE:: 2024-2871

Plugin:: Exclusive Addons for Elementor
Plugin Slug:: exclusive-addons-for-elementor
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.9
Severity Score:: Medium
CVE:: 2024-30177

Plugin:: Form Maker by 10Web � Mobile-Friendly Drag & Drop Contact Form Builder
Plugin Slug:: form-maker
Installations: 60,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.15.23
Severity Score:: Medium
CVE:: 2024-2112

Plugin:: Getwid � Gutenberg Blocks
Plugin Slug:: getwid
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.6
Severity Score:: Medium
CVE:: 2024-1948

Plugin:: Translate WordPress and go Multilingual � Weglot
Plugin Slug:: weglot
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.2.6
Severity Score:: Medium
CVE:: 2024-2124

Plugin:: Bold Page Builder
Plugin Slug:: bold-page-builder
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.7.7
Severity Score:: Medium
CVE:: 2024-30179

Plugin:: Calculated Fields Form
Plugin Slug:: calculated-fields-form
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.55
Severity Score:: High
CVE:: 2024-29759

Plugin:: Easy Social Feed � Social Photos Gallery � Post Feed � Like Box
Plugin Slug:: easy-facebook-likebox
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.5.4
Severity Score:: Medium
CVE:: 2024-30180

Plugin:: Image Hover Effects � Elementor Addon
Plugin Slug:: image-hover-effects-addon-for-elementor
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4.1
Severity Score:: Medium
CVE:: 2024-29936

Plugin:: WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels
Plugin Slug:: print-invoices-packing-slip-labels-for-woocommerce
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.4.2
Severity Score:: High
CVE:: 2024-0957

Plugin:: Smart Custom Fields
Plugin Slug:: smart-custom-fields
Installations: 50,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.0.0
Severity Score:: Medium
CVE:: 2024-1995

Plugin:: Booster for WooCommerce
Plugin Slug:: woocommerce-jetpack
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.1.8
Severity Score:: High
CVE:: 2024-29760

Plugin:: WPFront Notification Bar
Plugin Slug:: wpfront-notification-bar
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.4
Severity Score:: Medium
CVE:: 2024-29819

Plugin:: Photo Gallery by Supsystic
Plugin Slug:: gallery-by-supsystic
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.15.17
Severity Score:: Medium
CVE:: 2024-29921

Plugin:: Master Addons � Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor
Plugin Slug:: master-addons
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.5.6
Severity Score:: Medium
CVE:: 2024-29911

Plugin:: Piotnet Addons For Elementor
Plugin Slug:: piotnet-addons-for-elementor
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.26
Severity Score:: Medium
CVE:: 2024-29934

Plugin:: Simply Static
Plugin Slug:: simply-static
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1.4
Severity Score:: Medium
CVE:: 2024-30178

Plugin:: Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates)
Plugin Slug:: sina-extension-for-elementor
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.5.1
Severity Score:: Medium
CVE:: 2024-29935

Plugin:: BetterDocs � Best Documentation, FAQ & Knowledge Base Plugin with AI Support & Instant Answer for Elementor & Gutenberg
Plugin Slug:: betterdocs
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.5.0
Severity Score:: Medium
CVE:: 2024-2845

Plugin:: Compact WP Audio Player
Plugin Slug:: compact-wp-audio-player
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.9.10
Severity Score:: Medium
CVE:: 2024-29917

Plugin:: OneClick Chat to Order
Plugin Slug:: oneclick-whatsapp-order
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.6
Severity Score:: Medium
CVE:: 2024-29789

Plugin:: Portfolio Gallery � Image Gallery Plugin
Plugin Slug:: portfolio-filter-gallery
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.7
Severity Score:: Medium
CVE:: 2024-29769

Plugin:: Appointment Booking Calendar � Simply Schedule Appointments Booking Plugin
Plugin Slug:: simply-schedule-appointments
Installations: 30,000+
Vulnerability:: SQL Injection
Patched in Version:: 1.6.7.9
Severity Score:: High
CVE:: 2024-2342

Plugin:: Appointment Booking Calendar � Simply Schedule Appointments Booking Plugin
Plugin Slug:: simply-schedule-appointments
Installations: 30,000+
Vulnerability:: SQL Injection
Patched in Version:: 1.6.7.9
Severity Score:: High
CVE:: 2024-2341

Plugin:: Stratum � Elementor Widgets
Plugin Slug:: stratum
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.16
Severity Score:: Medium
CVE:: 2024-29914

Plugin:: Team Members
Plugin Slug:: team-members
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.3.2
Severity Score:: Medium
CVE:: 2024-1331

Plugin:: Tutor LMS Elementor Addons
Plugin Slug:: tutor-lms-elementor-addons
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.4
Severity Score:: Medium
CVE:: 2024-29913

Plugin:: WCFM � Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible
Plugin Slug:: wc-frontend-manager
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.7.9
Severity Score:: Medium
CVE:: 2024-29929

Plugin:: Responsive Pricing Table
Plugin Slug:: dk-pricr-responsive-pricing-table
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.1.11
Severity Score:: Medium
CVE:: 2024-1333

Plugin:: Conversios � Google Analytics 4 (GA4), Meta Pixel & more Via Google Tag Manager For WooCommerce
Plugin Slug:: enhanced-e-commerce-for-woocommerce-store
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.0.0
Severity Score:: High
CVE:: 2024-29794

Plugin:: MailChimp Forms by MailMunch
Plugin Slug:: mailchimp-forms-by-mailmunch
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.3
Severity Score:: Medium
CVE:: 2024-29793

Plugin:: Restrict User Access � Ultimate Membership & Content Protection
Plugin Slug:: restrict-user-access
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6
Severity Score:: High
CVE:: 2024-29138

Plugin:: Video Conferencing with Zoom
Plugin Slug:: video-conferencing-with-zoom-api
Installations: 20,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 4.4.6
Severity Score:: Medium
CVE:: 2024-2033

Plugin:: WPBakery Page Builder Addons by Livemesh
Plugin Slug:: addons-for-visual-composer
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.8
Severity Score:: Medium
CVE:: 2024-30183

Plugin:: Advanced Form Integration � Connect WooCommerce and Contact Form 7 to Google Sheets and other platforms
Plugin Slug:: advanced-form-integration
Installations: 10,000+
Vulnerability:: SQL Injection
Patched in Version:: 1.82.6
Severity Score:: High
CVE:: 2024-2387

Plugin:: Coming Soon, Under Construction & Maintenance Mode By Dazzler
Plugin Slug:: coming-soon-wp
Installations: 10,000+
Vulnerability:: Bypass Vulnerability
Patched in Version:: 2.1.3
Severity Score:: Medium
CVE:: 2024-1181

Plugin:: FlatPM � Ad Manager, AdSense and Custom Code
Plugin Slug:: flatpm-wp
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1.05
Severity Score:: Medium
CVE:: 2024-29803

Plugin:: GamiPress � The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress
Plugin Slug:: gamipress
Installations: 10,000+
Vulnerability:: SQL Injection
Patched in Version:: 6.8.7
Severity Score:: High
CVE:: 2024-1799

Plugin:: JetWidgets For Elementor
Plugin Slug:: jetwidgets-for-elementor
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.17
Severity Score:: Medium
CVE:: 2024-2507

Plugin:: Jobs for WordPress
Plugin Slug:: job-postings
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.7.4
Severity Score:: Medium
CVE:: 2024-0820

Plugin:: Lightweight Accordion
Plugin Slug:: lightweight-accordion
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.17
Severity Score:: Medium
CVE:: 2024-2436

Plugin:: Modal Window � create popup modal window
Plugin Slug:: modal-window
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.3.9
Severity Score:: Medium
CVE:: 2024-2457

Plugin:: Author Box, Guest Author and Co-Authors for Your Posts � Molongui
Plugin Slug:: molongui-authorship
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.7.8
Severity Score:: Medium
CVE:: 2024-29764

Plugin:: ReviewX � Multi-criteria Rating & Reviews for WooCommerce
Plugin Slug:: reviewx
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.23
Severity Score:: Medium
CVE:: 2024-29812

Plugin:: s2Member � Best Membership Plugin for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions
Plugin Slug:: s2member
Installations: 10,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 240315
Severity Score:: Medium
CVE:: 2024-0899

Plugin:: WP Coder � Powerful HTML, CSS, JS and PHP Injection
Plugin Slug:: wp-coder
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.5.1
Severity Score:: Medium
CVE:: 2024-2578

Plugin:: Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit
Plugin Slug:: wp-marketing-automations
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.8.3
Severity Score:: Medium
CVE:: 2024-2580

Plugin:: PowerPack Lite for Beaver Builder
Plugin Slug:: powerpack-addon-for-beaver-builder
Installations: 9,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.0.1
Severity Score:: Medium
CVE:: 2024-2289

Plugin:: RevivePress � Keep your Old Content Evergreen
Plugin Slug:: wp-auto-republish
Installations: 9,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.5.6.1
Severity Score:: Medium
CVE:: 2024-1844

Plugin:: Gum Elementor Addon
Plugin Slug:: gum-elementor-addon
Installations: 8,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.3
Severity Score:: Medium
CVE:: 2024-2348

Plugin:: Media Cloud for Bunny CDN, Amazon S3, Cloudflare R2, Google Cloud Storage, DigitalOcean and more
Plugin Slug:: ilab-media-tools
Installations: 8,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.5.25
Severity Score:: Medium
CVE:: 2024-29795

Plugin:: Better Search � Relevant search results for WordPress
Plugin Slug:: better-search
Installations: 7,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.3.1
Severity Score:: High
CVE:: 2024-29142

Plugin:: WooCommerce POS � Point of Sale (POS)
Plugin Slug:: woocommerce-pos
Installations: 7,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.4.12
Severity Score:: Medium
CVE:: 2024-2384

Plugin:: WP Compress � Image Optimizer [All-In-One]
Plugin Slug:: wp-compress-image-optimizer
Installations: 7,000+
Vulnerability:: Broken Access Control
Patched in Version:: 6.11.11
Severity Score:: High
CVE:: 2024-1934

Plugin:: Easy Property Listings
Plugin Slug:: easy-property-listings
Installations: 6,000+
Vulnerability:: SQL Injection
Patched in Version:: 3.5.3
Severity Score:: High
CVE:: 2024-1893

Plugin:: Podlove Podcast Publisher
Plugin Slug:: podlove-podcasting-plugin-for-wordpress
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.0.10
Severity Score:: High
CVE:: 2024-29915

Plugin:: Woo Viet � WooCommerce for Vietnam
Plugin Slug:: woo-viet
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.3
Severity Score:: Medium
CVE:: 2024-29816

Plugin:: WP Change Email Sender
Plugin Slug:: wp-change-email-sender
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.0
Severity Score:: Medium
CVE:: 2024-29815

Plugin:: Doneren met Mollie
Plugin Slug:: doneren-met-mollie
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.10.3
Severity Score:: High
CVE:: 2024-29767

Plugin:: Error Log Viewer by BestWebSoft
Plugin Slug:: error-log-viewer
Installations: 5,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.1.3
Severity Score:: High
CVE:: 2023-6821

Plugin:: Podlove Web Player
Plugin Slug:: podlove-web-player
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.7.3
Severity Score:: Medium
CVE:: 2024-29788

Plugin:: Radio Player � Live Shoutcast, Icecast and Any Audio Stream Player for WordPress
Plugin Slug:: radio-player
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.74
Severity Score:: Medium
CVE:: 2024-29811

Plugin:: Survey Maker � Best WordPress Survey Plugin
Plugin Slug:: survey-maker
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.0.7
Severity Score:: High
CVE:: 2024-29918

Plugin:: Fancy Comments WordPress
Plugin Slug:: fancy-facebook-comments
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.15
Severity Score:: Medium
CVE:: 2024-29804

Plugin:: Slider Hero with Animation, Video Background
Plugin Slug:: slider-hero
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 8.7.0
Severity Score:: Medium
CVE:: 2024-29922

Plugin:: Premium Packages � Sell Digital Products Securely
Plugin Slug:: wpdm-premium-packages
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.8.3
Severity Score:: High
CVE:: 2024-29924

Plugin:: Custom WooCommerce Checkout Fields Editor
Plugin Slug:: add-fields-to-checkout-page-woocommerce
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.2
Severity Score:: Medium
CVE:: 2024-1697

Plugin:: Advanced Classifieds & Directory Pro
Plugin Slug:: advanced-classifieds-and-directory-pro
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.1.2
Severity Score:: Medium
CVE:: 2024-2222

Plugin:: EventPrime � Events Calendar, Bookings and Tickets
Plugin Slug:: eventprime-event-calendar-management
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.4.0
Severity Score:: Medium
CVE:: 2024-29776

Plugin:: Hot Random Image
Plugin Slug:: hot-random-image
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8.2
Severity Score:: Medium
CVE:: 2024-29796

Plugin:: Move Addons for Elementor
Plugin Slug:: move-addons
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.0
Severity Score:: Medium
CVE:: 2024-29920

Plugin:: Move Addons for Elementor
Plugin Slug:: move-addons
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.0
Severity Score:: Medium
CVE:: 2024-2131

Plugin:: Order Tip for WooCommerce
Plugin Slug:: order-tip-woo
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.4.0
Severity Score:: Medium
CVE:: 2024-1119

Plugin:: PropertyHive
Plugin Slug:: propertyhive
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.9
Severity Score:: High
CVE:: 2024-29923

Plugin:: Simple Ajax Chat � Add a Fast, Secure Chat Box
Plugin Slug:: simple-ajax-chat
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 20240223
Severity Score:: High
CVE:: 2024-1983

Plugin:: WP Directory Kit
Plugin Slug:: wpdirectorykit
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.0
Severity Score:: High
CVE:: 2024-29774

Plugin:: affiliate-toolkit � WordPress Affiliate Plugin
Plugin Slug:: affiliate-toolkit-starter
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.4.6
Severity Score:: Medium
CVE:: 2024-29817

Plugin:: Appointment Booking Calendar
Plugin Slug:: appointment-booking-calendar
Installations: 2,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.3.83
Severity Score:: Medium
CVE:: 2024-0856

Plugin:: Cards for Beaver Builder
Plugin Slug:: bb-bootstrap-cards
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.3
Severity Score:: Medium
CVE:: 2024-2305

Plugin:: Crypto Converter ? Widget
Plugin Slug:: crypto-converter-widget
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.9.0
Severity Score:: Medium
CVE:: 2024-29930

Plugin:: WP Poll Maker � Best WordPress Poll Plugin for Voting Contest
Plugin Slug:: epoll-wp-voting
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.4
Severity Score:: Medium
CVE:: 2024-29818

Plugin:: Grid Shortcodes
Plugin Slug:: grid-shortcodes
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.1
Severity Score:: Medium
CVE:: 2024-29797

Plugin:: WordPress Pinterest Plugin � Make a Popup, User Profile, Masonry and Gallery Layout
Plugin Slug:: gs-pinterest-portfolio
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8.3
Severity Score:: Medium
CVE:: 2024-30192

Plugin:: MyBookTable Bookstore by Stormhill Media
Plugin Slug:: mybooktable
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.3.8
Severity Score:: Medium
CVE:: 2024-29772

Plugin:: Aparat for WordPress
Plugin Slug:: wp-aparat
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.1
Severity Score:: Medium
CVE:: 2024-29765

Plugin:: 360 Javascript Viewer
Plugin Slug:: 360deg-javascript-viewer
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.7.13
Severity Score:: Medium
CVE:: 2024-1637

Plugin:: Advanced Sermons
Plugin Slug:: advanced-sermons
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2
Severity Score:: High
CVE:: 2024-29928

Plugin:: Bulk NoIndex & NoFollow Toolkit
Plugin Slug:: bulk-noindex-nofollow-toolkit-by-mad-fish
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.10
Severity Score:: High
CVE:: 2024-29791

Plugin:: Church Admin
Plugin Slug:: church-admin
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.0.27
Severity Score:: Medium
CVE:: 2024-30197

Plugin:: Church Admin
Plugin Slug:: church-admin
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.1.18
Severity Score:: Medium
CVE:: 2024-30193

Plugin:: Co-marquage service-public.fr
Plugin Slug:: co-marquage-service-public
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 0.5.72
Severity Score:: Medium
CVE:: 2024-29908

Plugin:: Co-marquage service-public.fr
Plugin Slug:: co-marquage-service-public
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 0.5.73
Severity Score:: High
CVE:: 2024-29758

Plugin:: Dracula Dark Mode � Enhanced Accessibility, Dark Mode & Reading Mode for WordPress
Plugin Slug:: dracula-dark-mode
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.9
Severity Score:: Medium
CVE:: 2024-29771

Plugin:: Dropdown multisite selector
Plugin Slug:: dropdown-multisite-selector
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 0.9.2.1
Severity Score:: Medium
CVE:: 2024-29910

Plugin:: Exchange Rates Widget
Plugin Slug:: exchange-rates-widget
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4.1
Severity Score:: Medium
CVE:: 2024-29814

Plugin:: Football Pool
Plugin Slug:: football-pool
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.11.4
Severity Score:: Medium
CVE:: 2024-29802

Plugin:: Fullscreen Galleria
Plugin Slug:: fullscreen-galleria
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.12
Severity Score:: Medium
CVE:: 2024-29801

Plugin:: WP Fast Total Search � The Power of Indexed Search
Plugin Slug:: fulltext-search
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.60.213
Severity Score:: Medium
CVE:: 2024-29799

Plugin:: Photo Gallery by Ays � Responsive Image Gallery
Plugin Slug:: gallery-photo-gallery
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.5.3
Severity Score:: High
CVE:: 2024-29919

Plugin:: GamiPress � Button
Plugin Slug:: gamipress-button
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.8
Severity Score:: Medium
CVE:: 2024-2460

Plugin:: Gratisfaction- Loyalty, Rewards , Referral, Birthday and Giveaway Program
Plugin Slug:: gratisfaction-all-in-one-loyalty-contests-referral-program-for-woocommerce
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.3.5
Severity Score:: Medium
CVE:: 2024-29798

Plugin:: iCalendrier
Plugin Slug:: icalendrier
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.81
Severity Score:: Medium
CVE:: 2024-29912

Plugin:: Web Icons
Plugin Slug:: icon
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.0.11
Severity Score:: Medium
CVE:: 2024-29933

Plugin:: Locatoraid Store Locator
Plugin Slug:: locatoraid
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.9.31
Severity Score:: Medium
CVE:: 2024-30181

Plugin:: MyCurator Content Curation
Plugin Slug:: mycurator
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.77
Severity Score:: High
CVE:: 2024-29139

Plugin:: Off-Canvas Sidebars & Menus (Slidebars)
Plugin Slug:: off-canvas-sidebars
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 0.5.8.2
Severity Score:: Medium
CVE:: 2024-29762

Plugin:: Passwordless Login
Plugin Slug:: passwordless-login
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.3
Severity Score:: Medium
CVE:: 2024-29143

Plugin:: PDF Builder for WPForms
Plugin Slug:: pdf-builder-for-wpforms
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.89
Severity Score:: Medium
CVE:: 2024-29820

Plugin:: Post Grid, Slider & Carousel Ultimate � with Shortcode, Gutenberg Block & Elementor Widget
Plugin Slug:: post-grid-carousel-ultimate
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.7
Severity Score:: Medium
CVE:: 2024-29925

Plugin:: BizPrint � Print WooCommerce Order Receipts, Invoices, Labels & More.
Plugin Slug:: print-google-cloud-print-gcp-woocommerce
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 4.5.6
Severity Score:: High
CVE:: 2024-29773

Plugin:: ReDi Restaurant Reservation
Plugin Slug:: redi-restaurant-reservation
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 24.0303
Severity Score:: High
CVE:: 2024-29806

Plugin:: SEO Backlink Monitor
Plugin Slug:: seo-backlink-monitor
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.0
Severity Score:: High
CVE:: 2024-29907

Plugin:: StreamWeasels Twitch Integration
Plugin Slug:: streamweasels-twitch-integration
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.7.6
Severity Score:: Medium
CVE:: 2024-29766

Plugin:: Sunshine Photo Cart: Free Client Galleries for Photographers
Plugin Slug:: sunshine-photo-cart
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1.2
Severity Score:: High
CVE:: 2024-30194

Plugin:: Travelers’ Map
Plugin Slug:: travelers-map
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.1
Severity Score:: Medium
CVE:: 2024-29909

Plugin:: WC Builder � WooCommerce Page Builder for WPBakery
Plugin Slug:: wc-builder
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.19
Severity Score:: Medium
CVE:: 2024-29926

Plugin:: Shipping with Venipak for WooCommerce
Plugin Slug:: wc-venipak-shipping
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.19.6
Severity Score:: High
CVE:: 2024-29805

Plugin:: BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages
Plugin Slug:: wc4bp
Installations: 1,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 3.4.21
Severity Score:: High
CVE:: 2024-2025