Nexcess.com Servers.com LiquidWeb.com

Line illustration showing a black application window on a dark purple gradient background overlaid with a large exclamation point alert icon and three bugs.

WordPress Vulnerability Report � April 24, 2024

[email protected]

In this report, 358 vulnerabilities have been publicly disclosed. Security patches for 312 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 46 plugin and theme vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

WordPress Core

WordPress 6.5.2 was released on April 9, 2024, as a short-cycle security and maintenance release. This release features 2 bug fixes on Core, 12 bug fixes for the Block editor, and 1 security fix. Because this is a security release, it is recommended that you update your sites immediately.

The next major release will be version 6.6 planned for July 16, 2024.

WordPress Plugins � 310 Patched / 45 Unpatched

Plugin:: What’s New Generator
Plugin Slug:: whats-new-genarator
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-32548

Plugin:: Zero Spam for WordPress
Plugin Slug:: zero-spam
Installations: 30,000+
Vulnerability:: Bypass Vulnerability
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-32521

Plugin:: Responsive Contact Form Builder & Lead Generation Plugin
Plugin Slug:: lead-form-builder
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-1416

Plugin:: Responsive Contact Form Builder & Lead Generation Plugin
Plugin Slug:: lead-form-builder
Installations: 10,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-1415

Plugin:: PeproDev Ultimate Invoice
Plugin Slug:: pepro-ultimate-invoice
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-32518

Plugin:: Easy Textillate
Plugin Slug:: easy-textillate
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-32526

Plugin:: WP Poll Maker � Best WordPress Poll Plugin for Voting Contest
Plugin Slug:: epoll-wp-voting
Installations: 1,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-32514

Plugin:: Yoga Schedule Momoyoga
Plugin Slug:: momoyoga-integration
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-32529

Plugin:: QR Code Composer � Automatic QR code Generator
Plugin Slug:: qr-code-composer
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-32560

Plugin:: Simple Buttons Creator
Plugin Slug:: simple-buttons-creator
Installations: 30+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-2858

Plugin:: Simple Buttons Creator
Plugin Slug:: simple-buttons-creator
Installations: 30+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-2857

Plugin:: Access Category Password
Plugin Slug:: access-category-password
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-32535

Plugin:: Advanced Search
Plugin Slug:: advance-search
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-2739

Plugin:: Advanced Post Block – Post Grid for WordPress block editor
Plugin Slug:: advanced-post-block
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-0908

Plugin:: Shortcodes and extra features for Phlox theme
Plugin Slug:: auxin-elements
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2023-7064

Plugin:: Shortcodes and extra features for Phlox theme
Plugin Slug:: auxin-elements
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-3517

Plugin:: Bulk Block Converter
Plugin Slug:: bulk-block-converter
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-32542

Plugin:: Canva � Design beautiful blog graphics
Plugin Slug:: canva
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-32545

Plugin:: Custom Order Statuses for WooCommerce
Plugin Slug:: custom-order-statuses-for-woocommerce
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-32524

Plugin:: Delete Custom Fields
Plugin Slug:: delete-custom-fields
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-0613

Plugin:: Easy CountDowner
Plugin Slug:: easy-countdowner
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-32538

Plugin:: Flash Video Player
Plugin Slug:: flash-video-player
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-32537

Plugin:: Knight Lab Timeline
Plugin Slug:: knight-lab-timelinejs
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-32554

Plugin:: LoginPress Pro
Plugin Slug:: loginpress-pro
Vulnerability:: Settings Change
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-32677

Plugin:: LoginPress Pro
Plugin Slug:: loginpress-pro
Vulnerability:: Bypass Vulnerability
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-32676

Plugin:: Related Posts for WordPress
Plugin Slug:: microkids-related-posts
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-32549

Plugin:: MJ Update History
Plugin Slug:: mj-update-history
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-32543

Plugin:: Ovic Responsive WPBakery
Plugin Slug:: ovic-vc-addon
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-32142

Plugin:: PeproDev CF7 Database
Plugin Slug:: pepro-cf7-database
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2023-41864

Plugin:: Code Insert Manager (Q2W3 Inc Manager)
Plugin Slug:: q2w3-inc-manager
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-32547

Plugin:: Shopkeeper Extender
Plugin Slug:: shopkeeper-extender
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-2801

Plugin:: Shortcode Addons
Plugin Slug:: shortcode-addons
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High

Plugin:: Simple Testimonials Showcase
Plugin Slug:: simple-testimonials-showcase
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-32530

Plugin:: SP Project & Document Manager
Plugin Slug:: sp-client-document-manager
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-32551

Plugin:: Superfly Menu
Plugin Slug:: superfly-menu
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-32553

Plugin:: Tax Rate Upload
Plugin Slug:: tax-rate-upload
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-32546

Plugin:: Mega Addons For Elementor
Plugin Slug:: ultimate-addons-for-elementor
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-32515

Plugin:: WidgetKit
Plugin Slug:: widgetkit-for-elementor
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-2137

Plugin:: 2Checkout Payment Gateway for WooCommerce
Plugin Slug:: woocommerce-2checkout-payment
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-0629

Plugin:: Simple Registration for WooCommerce
Plugin Slug:: woocommerce-simple-registration
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-32511

Plugin:: WP-Cufon
Plugin Slug:: wp-cufon
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-32541

Plugin:: WP File Download Light
Plugin Slug:: wp-file-download-light
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-32539

Plugin:: WP TradingView
Plugin Slug:: wp-tradingview
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-32536

Plugin:: WP User Profile Avatar
Plugin Slug:: wp-user-profile-avatar
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2023-6067

Plugin:: Z Y N I T H
Plugin Slug:: zynith-seo
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-32562

Plugin:: Really Simple SSL
Plugin Slug:: really-simple-ssl
Installations: 5,000,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 8.0.0
Severity Score:: Medium
CVE:: 2024-31229

Plugin:: WooCommerce
Plugin Slug:: woocommerce
Installations: 5,000,000+
Vulnerability:: Broken Access Control
Patched in Version:: 8.6
Severity Score:: Medium
CVE:: 2024-1310

Plugin:: Essential Addons for Elementor � Best Elementor Templates, Widgets, Kits & WooCommerce Builders
Plugin Slug:: essential-addons-for-elementor-lite
Installations: 2,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.9.15
Severity Score:: Medium
CVE:: 2024-3333

Plugin:: Rank Math SEO with AI Best SEO Tools
Plugin Slug:: seo-by-rank-math
Installations: 2,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.217
Severity Score:: Medium
CVE:: 2024-3665

Plugin:: ElementsKit Elementor addons and Templates Library
Plugin Slug:: elementskit-lite
Installations: 1,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.0.7
Severity Score:: Medium
CVE:: 2024-32505

Plugin:: Speed Optimizer � The All-In-One WordPress Performance-Boosting Plugin
Plugin Slug:: sg-cachepress
Installations: 1,000,000+
Vulnerability:: Broken Access Control
Patched in Version:: 7.5.0
Severity Score:: Medium
CVE:: 2024-32532

Plugin:: Smart Slider 3
Plugin Slug:: smart-slider-3
Installations: 900,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.5.1.23
Severity Score:: Medium
CVE:: 2024-3027

Plugin:: Meta Box � WordPress Custom Fields Framework
Plugin Slug:: meta-box
Installations: 700,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.9.4
Severity Score:: Medium
CVE:: 2024-1204

Plugin:: Premium Addons for Elementor
Plugin Slug:: premium-addons-for-elementor
Installations: 700,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.10.26
Severity Score:: Medium
CVE:: 2024-32791

Plugin:: Slider, Gallery, and Carousel by MetaSlider � Responsive WordPress Slideshows
Plugin Slug:: ml-slider
Installations: 600,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.70.1
Severity Score:: Medium
CVE:: 2024-3285

Plugin:: WP Shortcodes Plugin � Shortcodes Ultimate
Plugin Slug:: shortcodes-ultimate
Installations: 600,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.0.5
Severity Score:: Medium
CVE:: 2024-2583

Plugin:: Click to Chat � HoliThemes
Plugin Slug:: click-to-chat-for-whatsapp
Installations: 500,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 4.0
Severity Score:: High
CVE:: 2024-3849

Plugin:: Happy Addons for Elementor
Plugin Slug:: happy-elementor-addons
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.10.6
Severity Score:: Medium
CVE:: 2024-3891

Plugin:: Happy Addons for Elementor
Plugin Slug:: happy-elementor-addons
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.10.5
Severity Score:: Medium
CVE:: 2024-32698

Plugin:: Happy Addons for Elementor
Plugin Slug:: happy-elementor-addons
Installations: 400,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 3.10.5
Severity Score:: Medium
CVE:: 2024-1387

Plugin:: Migration, Backup, Staging � WPvivid
Plugin Slug:: wpvivid-backuprestore
Installations: 400,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 0.9.100
Severity Score:: Medium
CVE:: 2024-3054

Plugin:: Otter Blocks � Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE
Plugin Slug:: otter-blocks
Installations: 300,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.6
Severity Score:: Medium
CVE:: 2024-2729

Plugin:: Otter Blocks � Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE
Plugin Slug:: otter-blocks
Installations: 300,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.10
Severity Score:: Medium
CVE:: 2024-3725

Plugin:: Otter Blocks � Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE
Plugin Slug:: otter-blocks
Installations: 300,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.9
Severity Score:: Medium
CVE:: 2024-3343

Plugin:: Otter Blocks � Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE
Plugin Slug:: otter-blocks
Installations: 300,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.9
Severity Score:: Medium
CVE:: 2024-3344

Plugin:: Royal Elementor Addons and Templates
Plugin Slug:: royal-elementor-addons
Installations: 300,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.972
Severity Score:: Medium
CVE:: 2024-3675

Plugin:: Royal Elementor Addons and Templates
Plugin Slug:: royal-elementor-addons
Installations: 300,000+
Vulnerability:: Bypass Vulnerability
Patched in Version:: 1.3.95
Severity Score:: Medium
CVE:: 2024-32786

Plugin:: Royal Elementor Addons and Templates
Plugin Slug:: royal-elementor-addons
Installations: 300,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 1.3.95
Severity Score:: High
CVE:: 2024-1567

Plugin:: FileBird � WordPress Media Library Folders & File Manager
Plugin Slug:: filebird
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.6.4
Severity Score:: Medium
CVE:: 2024-2345

Plugin:: FileBird � WordPress Media Library Folders & File Manager
Plugin Slug:: filebird
Installations: 200,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 5.6.4
Severity Score:: Medium
CVE:: 2024-2346

Plugin:: Jeg Elementor Kit
Plugin Slug:: jeg-elementor-kit
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.4
Severity Score:: Medium
CVE:: 2024-32721

Plugin:: Photo Gallery by 10Web � Mobile-Friendly Image Gallery
Plugin Slug:: photo-gallery
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8.22
Severity Score:: High
CVE:: 2024-32583

Plugin:: Ultimate Member � User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin
Plugin Slug:: ultimate-member
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.8.5
Severity Score:: Medium
CVE:: 2024-2765

Plugin:: Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content � ProfilePress
Plugin Slug:: wp-user-avatar
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.15.5
Severity Score:: Medium
CVE:: 2024-2867

Plugin:: YITH WooCommerce Compare
Plugin Slug:: yith-woocommerce-compare
Installations: 200,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.38.0
Severity Score:: Medium
CVE:: 2024-32699

Plugin:: Ivory Search � WordPress Search Plugin
Plugin Slug:: add-search-to-menu
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.5.6
Severity Score:: Medium
CVE:: 2024-3233

Plugin:: Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)
Plugin Slug:: bdthemes-element-pack-lite
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.6.1
Severity Score:: Medium
CVE:: 2024-32572

Plugin:: Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)
Plugin Slug:: bdthemes-element-pack-lite
Installations: 100,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 5.6.0
Severity Score:: Medium
CVE:: 2024-2966

Plugin:: Prime Slider � Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider)
Plugin Slug:: bdthemes-prime-slider-lite
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.14.1
Severity Score:: Medium
CVE:: 2024-1730

Plugin:: Prime Slider � Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider)
Plugin Slug:: bdthemes-prime-slider-lite
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.13.3
Severity Score:: High
CVE:: 2024-32682

Plugin:: Prime Slider � Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider)
Plugin Slug:: bdthemes-prime-slider-lite
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.13.3
Severity Score:: Medium
CVE:: 2024-32681

Plugin:: Colibri Page Builder
Plugin Slug:: colibri-page-builder
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.264
Severity Score:: Medium
CVE:: 2024-3338

Plugin:: Colibri Page Builder
Plugin Slug:: colibri-page-builder
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.274
Severity Score:: Medium
CVE:: 2024-3340

Plugin:: Essential Blocks � Page Builder Gutenberg Blocks, Patterns & Templates
Plugin Slug:: essential-blocks
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.5.10
Severity Score:: Medium
CVE:: 2024-3818

Plugin:: Table Rate Shipping Method for WooCommerce by Flexible Shipping
Plugin Slug:: flexible-shipping
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.24.16
Severity Score:: Medium
CVE:: 2024-32828

Plugin:: GiveWP � Donation Plugin and Fundraising Platform
Plugin Slug:: give
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.7.0
Severity Score:: Medium
CVE:: 2024-1957

Plugin:: HT Mega � Absolute Addons For Elementor
Plugin Slug:: ht-mega-for-elementor
Installations: 100,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.4.8
Severity Score:: Medium
CVE:: 2024-32782

Plugin:: HT Mega � Absolute Addons For Elementor
Plugin Slug:: ht-mega-for-elementor
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.9
Severity Score:: Medium
CVE:: 2024-2790

Plugin:: HT Mega � Absolute Addons For Elementor
Plugin Slug:: ht-mega-for-elementor
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.7
Severity Score:: Medium
CVE:: 2024-2085

Plugin:: HT Mega � Absolute Addons For Elementor
Plugin Slug:: ht-mega-for-elementor
Installations: 100,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.4.7
Severity Score:: High
CVE:: 2023-6214

Plugin:: HT Mega � Absolute Addons For Elementor
Plugin Slug:: ht-mega-for-elementor
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.5.0
Severity Score:: Medium
CVE:: 2024-3307

Plugin:: Hummingbird � Optimize Speed, Enable Cache, Minify CSS & Defer Critical JS
Plugin Slug:: hummingbird-performance
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.7.4
Severity Score:: Medium
CVE:: 2024-32792

Plugin:: Inline Related Posts
Plugin Slug:: intelly-related-posts
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.6.0
Severity Score:: Medium
CVE:: 2023-6257

Plugin:: Schema & Structured Data for WP & AMP
Plugin Slug:: schema-and-structured-data-for-wp
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.30
Severity Score:: Medium
CVE:: 2024-3491

Plugin:: Social Media Share Buttons & Social Sharing Icons
Plugin Slug:: ultimate-social-media-icons
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.8.9
Severity Score:: Medium
CVE:: 2024-2118

Plugin:: WooCommerce Multilingual & Multicurrency with WPML
Plugin Slug:: woocommerce-multilingual
Installations: 100,000+
Vulnerability:: SQL Injection
Patched in Version:: 5.3.4
Severity Score:: High
CVE:: 2024-32602

Plugin:: HUSKY � Products Filter Professional for WooCommerce
Plugin Slug:: woocommerce-products-filter
Installations: 100,000+
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: 1.3.5.3
Severity Score:: High
CVE:: 2024-32680

Plugin:: ShopLentor � WooCommerce Builder for Elementor & Gutenberg +12 Modules � All in One Solution (formerly WooLentor)
Plugin Slug:: woolentor-addons
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.8.2
Severity Score:: Medium
CVE:: 2023-7067

Plugin:: Email Subscribers by Icegram Express � Email Marketing, Newsletters, Automation for WordPress & WooCommerce
Plugin Slug:: email-subscribers
Installations: 90,000+
Vulnerability:: SQL Injection
Patched in Version:: 5.7.15
Severity Score:: Critical
CVE:: 2024-2876

Plugin:: Enhanced Media Library
Plugin Slug:: enhanced-media-library
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.8.10
Severity Score:: Medium
CVE:: 2024-2840

Plugin:: LearnPress � WordPress LMS Plugin
Plugin Slug:: learnpress
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.2.6.5
Severity Score:: Medium
CVE:: 2024-3560

Plugin:: Master Slider � Responsive Touch Slider
Plugin Slug:: master-slider
Installations: 90,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 3.9.7
Severity Score:: High
CVE:: 2024-32600

Plugin:: Master Slider � Responsive Touch Slider
Plugin Slug:: master-slider
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.9.9
Severity Score:: Medium
CVE:: 2024-32580

Plugin:: Paid Memberships Pro � Content Restriction, User Registration, & Paid Subscriptions
Plugin Slug:: paid-memberships-pro
Installations: 90,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.0
Severity Score:: Medium
CVE:: 2024-32794

Plugin:: Paid Memberships Pro � Content Restriction, User Registration, & Paid Subscriptions
Plugin Slug:: paid-memberships-pro
Installations: 90,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.0
Severity Score:: Medium
CVE:: 2024-32793

Plugin:: Paid Memberships Pro � Content Restriction, User Registration, & Paid Subscriptions
Plugin Slug:: paid-memberships-pro
Installations: 90,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.0.2
Severity Score:: Medium
CVE:: 2024-3215

Plugin:: VK Block Patterns
Plugin Slug:: vk-block-patterns
Installations: 90,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.31.1.1
Severity Score:: Medium
CVE:: 2024-32826

Plugin:: Product Feed PRO for WooCommerce by AdTribes � WooCommerce Product Feeds for Google, Facebook/Meta, Bing, & More
Plugin Slug:: woo-product-feed-pro
Installations: 90,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 13.3.2
Severity Score:: Medium
CVE:: 2024-32513

Plugin:: WP Show Posts
Plugin Slug:: wp-show-posts
Installations: 90,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.1.6
Severity Score:: Medium
CVE:: 2023-6731

Plugin:: WP STAGING WordPress Backup Plugin � Migration Backup Restore
Plugin Slug:: wp-staging
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.4.0
Severity Score:: Medium
CVE:: 2024-2309

Plugin:: Backup Migration
Plugin Slug:: backup-backup
Installations: 80,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.4.4
Severity Score:: Medium
CVE:: 2024-32686

Plugin:: Import and export users and customers
Plugin Slug:: import-users-from-csv-with-meta
Installations: 80,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 1.26.3
Severity Score:: Medium
CVE:: 2024-32817

Plugin:: WPZOOM Social Feed Widget & Block
Plugin Slug:: instagram-widget-by-wpzoom
Installations: 80,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.1.14
Severity Score:: Medium
CVE:: 2024-3662

Plugin:: Real Media Library: Media Library Folder & File Manager
Plugin Slug:: real-media-library-lite
Installations: 80,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.22.12
Severity Score:: Medium
CVE:: 2024-2328

Plugin:: Theme My Login
Plugin Slug:: theme-my-login
Installations: 80,000+
Vulnerability:: Broken Access Control
Patched in Version:: 7.1.7
Severity Score:: Medium
CVE:: 2024-32525

Plugin:: Comments � wpDiscuz
Plugin Slug:: wpdiscuz
Installations: 80,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.6.16
Severity Score:: Medium
CVE:: 2024-2477

Plugin:: Database for Contact Form 7, WPforms, Elementor forms
Plugin Slug:: contact-form-entries
Installations: 70,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.9
Severity Score:: High
CVE:: 2024-3715

Plugin:: User Registration � Custom Registration Form, Login Form, and User Profile WordPress Plugin
Plugin Slug:: user-registration
Installations: 70,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.2.0
Severity Score:: High
CVE:: 2024-2417

Plugin:: User Registration � Custom Registration Form, Login Form, and User Profile WordPress Plugin
Plugin Slug:: user-registration
Installations: 70,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.2.0
Severity Score:: Medium
CVE:: 2024-3295

Plugin:: Export and Import Users and Customers
Plugin Slug:: users-customers-import-export-for-wp-woocommerce
Installations: 70,000+
Vulnerability:: Deserialization of untrusted data
Patched in Version:: 2.5.4
Severity Score:: Medium
CVE:: 2024-32835

Plugin:: Cornerstone
Plugin Slug:: cornerstone
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 0.8.1
Severity Score:: High
CVE:: 2024-32570

Plugin:: Customer Reviews for WooCommerce
Plugin Slug:: customer-reviews-woocommerce
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.48.0
Severity Score:: High
CVE:: 2024-3731

Plugin:: Customer Reviews for WooCommerce
Plugin Slug:: customer-reviews-woocommerce
Installations: 60,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.47.0
Severity Score:: Medium
CVE:: 2024-3869

Plugin:: Customer Reviews for WooCommerce
Plugin Slug:: customer-reviews-woocommerce
Installations: 60,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.47.0
Severity Score:: Medium
CVE:: 2024-3243

Plugin:: Exclusive Addons for Elementor
Plugin Slug:: exclusive-addons-for-elementor
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.9.4
Severity Score:: Medium
CVE:: 2024-2750

Plugin:: Exclusive Addons for Elementor
Plugin Slug:: exclusive-addons-for-elementor
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.9.5
Severity Score:: Medium
CVE:: 2024-3489

Plugin:: Exclusive Addons for Elementor
Plugin Slug:: exclusive-addons-for-elementor
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.9.3
Severity Score:: Medium
CVE:: 2024-32557

Plugin:: WPC Smart Quick View for WooCommerce
Plugin Slug:: woo-smart-quick-view
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.0.3
Severity Score:: Medium
CVE:: 2023-6494

Plugin:: WP 2FA � Two-factor authentication for WordPress
Plugin Slug:: wp-2fa
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.3
Severity Score:: High
CVE:: 2024-32568

Plugin:: Easy Social Feed � Social Photos Gallery � Post Feed � Like Box
Plugin Slug:: easy-facebook-likebox
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.5.6
Severity Score:: Medium
CVE:: 2024-1219

Plugin:: RSS Aggregator by Feedzy � Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator
Plugin Slug:: feedzy-rss-feeds
Installations: 50,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 4.4.8
Severity Score:: Medium
CVE:: 2023-6805

Plugin:: Form Maker by 10Web � Mobile-Friendly Drag & Drop Contact Form Builder
Plugin Slug:: form-maker
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.15.24
Severity Score:: Medium
CVE:: 2024-32534

Plugin:: hCaptcha for WordPress
Plugin Slug:: hcaptcha-for-forms-and-more
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.0.1
Severity Score:: Medium
CVE:: 2024-4014

Plugin:: Popup Anything � Popup for opt-ins and Lead Generation Conversions
Plugin Slug:: popup-anything-on-click
Installations: 50,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.8.1
Severity Score:: Medium
CVE:: 2024-32601

Plugin:: Quick Featured Images
Plugin Slug:: quick-featured-images
Installations: 50,000+
Vulnerability:: Broken Access Control
Patched in Version:: 13.7.1
Severity Score:: Medium
CVE:: 2024-3664

Plugin:: Carousel Slider
Plugin Slug:: carousel-slider
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.7
Severity Score:: Medium
CVE:: 2024-1712

Plugin:: Carousel Slider
Plugin Slug:: carousel-slider
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.10
Severity Score:: Medium
CVE:: 2024-3703

Plugin:: Content Control � The Ultimate Content Restriction Plugin! Restrict Content, Create Conditional Blocks & More
Plugin Slug:: content-control
Installations: 40,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.2.0
Severity Score:: Medium
CVE:: 2024-0615

Plugin:: DethemeKit For Elementor
Plugin Slug:: dethemekit-for-elementor
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.0
Severity Score:: Medium
CVE:: 2024-32508

Plugin:: Ditty � Responsive News Tickers, Sliders, and Lists
Plugin Slug:: ditty-news-ticker
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1.32
Severity Score:: Medium
CVE:: 2024-32569

Plugin:: Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel � Combo Blocks
Plugin Slug:: post-grid
Installations: 40,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.2.79
Severity Score:: High
CVE:: 2024-32816

Plugin:: Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel � Combo Blocks
Plugin Slug:: post-grid
Installations: 40,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.2.76
Severity Score:: Medium
CVE:: 2024-0881

Plugin:: Simply Static
Plugin Slug:: simply-static
Installations: 40,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 3.1.4
Severity Score:: High
CVE:: 2024-32825

Plugin:: Post Grid Gutenberg Blocks and WordPress Blog Plugin � PostX
Plugin Slug:: ultimate-post
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.0.2
Severity Score:: Medium
CVE:: 2024-32564

Plugin:: WP 404 Auto Redirect to Similar Post
Plugin Slug:: wp-404-auto-redirect-to-similar-post
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.5
Severity Score:: High
CVE:: 2024-32559

Plugin:: Gutenberg Block Editor Toolkit � EditorsKit
Plugin Slug:: block-options
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.40.5
Severity Score:: Medium
CVE:: 2024-32586

Plugin:: FV Flowplayer Video Player
Plugin Slug:: fv-wordpress-flowplayer
Installations: 30,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 7.5.45.7212
Severity Score:: Medium
CVE:: 2024-32955

Plugin:: Slider by 10Web � Responsive Image Slider
Plugin Slug:: slider-wd
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.55
Severity Score:: High
CVE:: 2024-32578

Plugin:: Social Sharing Plugin � Social Warfare
Plugin Slug:: social-warfare
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.4.6.2
Severity Score:: Medium
CVE:: 2024-1959

Plugin:: Social Share, Social Login and Social Comments Plugin � Super Socializer
Plugin Slug:: super-socializer
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.13.64
Severity Score:: Medium
CVE:: 2024-2836

Plugin:: Testimonial Slider
Plugin Slug:: testimonial-slider-and-showcase
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.3.8
Severity Score:: Medium
CVE:: 2024-1746

Plugin:: WP Customer Reviews
Plugin Slug:: wp-customer-reviews
Installations: 30,000+
Vulnerability:: Unvalidated Redirects and Forwards
Patched in Version:: 3.7.1
Severity Score:: Medium
CVE:: 2024-1849

Plugin:: Appointment Hour Booking � WordPress Booking Plugin
Plugin Slug:: appointment-hour-booking
Installations: 20,000+
Vulnerability:: Other Vulnerability Type
Patched in Version:: 1.4.57
Severity Score:: Medium
CVE:: 2024-32720

Plugin:: Data Tables Generator by Supsystic
Plugin Slug:: data-tables-generator-by-supsystic
Installations: 20,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.10.32
Severity Score:: Medium
CVE:: 2024-32829

Plugin:: Jotform Online Forms � Drag & Drop Form Builder, Securely Embed Contact Forms
Plugin Slug:: embed-form
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.2
Severity Score:: Medium
CVE:: 2024-32527

Plugin:: Envo Extra
Plugin Slug:: envo-extra
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8.12
Severity Score:: Medium
CVE:: 2024-32456

Plugin:: HurryTimer � An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce
Plugin Slug:: hurrytimer
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.10.0
Severity Score:: Medium
CVE:: 2024-32556

Plugin:: Pricing Table by Supsystic
Plugin Slug:: pricing-table-by-supsystic
Installations: 20,000+
Vulnerability:: Content Injection
Patched in Version:: 1.9.13
Severity Score:: Medium
CVE:: 2024-32790

Plugin:: Giveaways and Contests by RafflePress � Get More Website Traffic, Email Subscribers, and Social Followers
Plugin Slug:: rafflepress
Installations: 20,000+
Vulnerability:: Bypass Vulnerability
Patched in Version:: 1.12.11
Severity Score:: Medium
CVE:: 2024-32827

Plugin:: Rate My Post � Star Rating Plugin by FeedbackWP
Plugin Slug:: rate-my-post
Installations: 20,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 3.4.5
Severity Score:: Medium
CVE:: 2024-32823

Plugin:: Secure Copy Content Protection and Content Locking
Plugin Slug:: secure-copy-content-protection
Installations: 20,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.7.2
Severity Score:: Medium
CVE:: 2024-32787

Plugin:: SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer
Plugin Slug:: smartcrawl-seo
Installations: 20,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.10.3
Severity Score:: Medium
CVE:: 2024-3287

Plugin:: Top Bar
Plugin Slug:: top-bar
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.0.5
Severity Score:: Medium
CVE:: 2024-1660

Plugin:: Social Share Icons & Social Share Buttons
Plugin Slug:: ultimate-social-media-plus
Installations: 20,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.6.3
Severity Score:: Medium
CVE:: 2024-32820

Plugin:: weForms � Easy Drag & Drop Contact Form Builder For WordPress
Plugin Slug:: weforms
Installations: 20,000+
Vulnerability:: Bypass Vulnerability
Patched in Version:: 1.6.21
Severity Score:: Medium
CVE:: 2024-32512

Plugin:: TeraWallet � Best WooCommerce Wallet System With Cashback Rewards, Partial Payment, Wallet Refunds
Plugin Slug:: woo-wallet
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.1
Severity Score:: Medium
CVE:: 2024-32584

Plugin:: Brevo for WooCommerce
Plugin Slug:: woocommerce-sendinblue-newsletter-subscription
Installations: 20,000+
Vulnerability:: Arbitrary File Download
Patched in Version:: 4.0.18
Severity Score:: High
CVE:: 2024-32807

Plugin:: WP Meta SEO
Plugin Slug:: wp-meta-seo
Installations: 20,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 4.5.13
Severity Score:: Medium
CVE:: 2023-6962

Plugin:: WP Meta SEO
Plugin Slug:: wp-meta-seo
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.5.13
Severity Score:: High
CVE:: 2023-6961

Plugin:: Advanced Floating Content Lite
Plugin Slug:: advanced-floating-content-lite
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.6
Severity Score:: Medium
CVE:: 2024-32723

Plugin:: BA Book Everything
Plugin Slug:: ba-book-everything
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.9
Severity Score:: Medium
CVE:: 2024-32598

Plugin:: BA Book Everything
Plugin Slug:: ba-book-everything
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.9
Severity Score:: Medium
CVE:: 2024-32576

Plugin:: Better Messages � Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss
Plugin Slug:: bp-better-messages
Installations: 10,000+
Vulnerability:: Broken Authentication
Patched in Version:: 2.4.33
Severity Score:: Medium
CVE:: 2024-32802

Plugin:: rtMedia for WordPress, BuddyPress and bbPress
Plugin Slug:: buddypress-media
Installations: 10,000+
Vulnerability:: SQL Injection
Patched in Version:: 4.6.19
Severity Score:: High
CVE:: 2024-3293

Plugin:: Language Translate Widget for WordPress � ConveyThis
Plugin Slug:: conveythis-translate
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 224
Severity Score:: High
CVE:: 2023-6811

Plugin:: EAN for WooCommerce
Plugin Slug:: ean-for-woocommerce
Installations: 10,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 4.9.3
Severity Score:: Medium
CVE:: 2023-6897

Plugin:: EAN for WooCommerce
Plugin Slug:: ean-for-woocommerce
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.9.3
Severity Score:: Medium
CVE:: 2023-6892

Plugin:: Easy Custom Auto Excerpt
Plugin Slug:: easy-custom-auto-excerpt
Installations: 10,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.5.0
Severity Score:: Medium
CVE:: 2024-3312

Plugin:: eCommerce Product Catalog Plugin for WordPress
Plugin Slug:: ecommerce-product-catalog
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.3.33
Severity Score:: High
CVE:: 2024-32558

Plugin:: Elespare � Blog, Magazine and Newspaper Addons for Elementor with Templates, Widgets, Kits, and Header/Footer Builder. One Click Import: No Coding Required!
Plugin Slug:: elespare
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.1.3
Severity Score:: Medium
CVE:: 2024-0900

Plugin:: Email Customizer for WooCommerce | Drag and Drop Email Templates Builder
Plugin Slug:: email-customizer-for-woocommerce
Installations: 10,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.6.1
Severity Score:: High
CVE:: 2024-32781

Plugin:: eRoom � Zoom Meetings & Webinars
Plugin Slug:: eroom-zoom-meetings-webinar
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.4.19
Severity Score:: Medium
CVE:: 2024-3275

Plugin:: GeoDirectory � WordPress Business Directory Plugin, or Classified Directory
Plugin Slug:: geodirectory
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.3.49
Severity Score:: Medium
CVE:: 2024-3732

Plugin:: List Custom Taxonomy Widget
Plugin Slug:: list-custom-taxonomy-widget
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.2
Severity Score:: Medium
CVE:: 2024-32833

Plugin:: Mailster WordPress Newsletter Plugin Compatibility Tester
Plugin Slug:: mailster
Installations: 10,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 4.0.7
Severity Score:: High
CVE:: 2024-32523

Plugin:: Mega Elements � Addons for Elementor
Plugin Slug:: mega-elements-addons-for-elementor
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.0
Severity Score:: Medium
CVE:: 2024-32575

Plugin:: Restaurant Menu � Food Ordering System � Table Reservation
Plugin Slug:: menu-ordering-reservations
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.2
Severity Score:: Medium
CVE:: 2024-32579

Plugin:: myCred � Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin
Plugin Slug:: mycred
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.4
Severity Score:: Medium
CVE:: 2024-32711

Plugin:: Paid Membership Subscriptions � Effortless Memberships, Recurring Payments & Content Restriction
Plugin Slug:: paid-member-subscriptions
Installations: 10,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.11.1
Severity Score:: Medium
CVE:: 2024-32728

Plugin:: RomethemeKit For Elementor
Plugin Slug:: rometheme-for-elementor
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4.2
Severity Score:: Medium
CVE:: 2024-32956

Plugin:: Social Share Buttons, Social Sharing Icons, Click to Tweet � Social Media Plugin by Social Snap
Plugin Slug:: socialsnap
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.3.6
Severity Score:: Medium
CVE:: 2024-32805

Plugin:: WPC Frequently Bought Together for WooCommerce
Plugin Slug:: woo-bought-together
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 7.0.4
Severity Score:: Medium
CVE:: 2024-32687

Plugin:: WooCommerce Google Feed Manager
Plugin Slug:: wp-product-feed-manager
Installations: 10,000+
Vulnerability:: SQL Injection
Patched in Version:: 2.6.0
Severity Score:: High
CVE:: 2024-3067

Plugin:: SchedulePress � Best Editorial Calendar, Missed Schedule & Auto Social Share
Plugin Slug:: wp-scheduled-posts
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.0.9
Severity Score:: Medium
CVE:: 2024-32717

Plugin:: WP Travel Engine � Best Travel Booking WordPress Plugin
Plugin Slug:: wp-travel-engine
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.8.1
Severity Score:: High
CVE:: 2024-32798

Plugin:: WP Ultimate Review
Plugin Slug:: wp-ultimate-review
Installations: 10,000+
Vulnerability:: Bypass Vulnerability
Patched in Version:: 2.3.0
Severity Score:: Medium
CVE:: 2024-32685

Plugin:: WP Ultimate Review
Plugin Slug:: wp-ultimate-review
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.3.0
Severity Score:: Medium
CVE:: 2024-32684

Plugin:: WP Ultimate Review
Plugin Slug:: wp-ultimate-review
Installations: 10,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 2.3.0
Severity Score:: Medium
CVE:: 2024-32683

Plugin:: Frontend Admin by DynamiApps
Plugin Slug:: acf-frontend-form-element
Installations: 9,000+
Vulnerability:: Privilege Escalation
Patched in Version:: 3.19.5
Severity Score:: Critical
CVE:: 2024-3729

Plugin:: Elements Plus!
Plugin Slug:: elements-plus
Installations: 9,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.16.4
Severity Score:: Medium
CVE:: 2024-32457

Plugin:: FG Joomla to WordPress
Plugin Slug:: fg-joomla-to-wordpress
Installations: 9,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 4.21.0
Severity Score:: Medium
CVE:: 2024-32788

Plugin:: WP Cookie Consent ( for GDPR, CCPA & ePrivacy )
Plugin Slug:: gdpr-cookie-consent
Installations: 9,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.1.0
Severity Score:: Medium
CVE:: 2024-3599

Plugin:: Media Library Folders
Plugin Slug:: media-library-plus
Installations: 9,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 8.2.1
Severity Score:: High
CVE:: 2024-3615

Plugin:: RomethemeForm For Elementor
Plugin Slug:: romethemeform
Installations: 9,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.1.3
Severity Score:: Medium
CVE:: 2024-32727

Plugin:: Smart Forms � when you need more than just a contact form
Plugin Slug:: smart-forms
Installations: 9,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.6.94
Severity Score:: Medium
CVE:: 2024-1307

Plugin:: Smart Forms � when you need more than just a contact form
Plugin Slug:: smart-forms
Installations: 9,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.6.94
Severity Score:: Medium
CVE:: 2024-1306

Plugin:: WP LinkedIn Auto Publish
Plugin Slug:: wp-linkedin-auto-publish
Installations: 9,000+
Vulnerability:: Broken Access Control
Patched in Version:: 8.12
Severity Score:: Medium
CVE:: 2024-32797

Plugin:: WordPress Backup & Migration
Plugin Slug:: wp-migration-duplicator
Installations: 9,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.4.9
Severity Score:: Medium
CVE:: 2024-3546

Plugin:: WP Social Comments
Plugin Slug:: gs-facebook-comments
Installations: 8,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.7.4
Severity Score:: Medium
CVE:: 2024-32689

Plugin:: Maintenance Mode
Plugin Slug:: hkdev-maintenance-mode
Installations: 8,000+
Vulnerability:: Bypass Vulnerability
Patched in Version:: 3.0.2
Severity Score:: Low
CVE:: 2024-32708

Plugin:: LearnPress Export Import � WordPress extension for LearnPress
Plugin Slug:: learnpress-import-export
Installations: 8,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.0.4
Severity Score:: High
CVE:: 2024-32588

Plugin:: Tagembed: Embed Twitter Feed, Google Reviews, YouTube Videos, TikTok, RSS Feed & More Social Media Feeds
Plugin Slug:: tagembed-widget
Installations: 8,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.9
Severity Score:: Medium
CVE:: 2024-32561

Plugin:: VikBooking Hotel Booking Engine & PMS
Plugin Slug:: vikbooking
Installations: 8,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.8
Severity Score:: High
CVE:: 2024-32563

Plugin:: ARMember � Membership Plugin, Content Restriction, Member Levels, User Profile & User signup
Plugin Slug:: armember-membership
Installations: 7,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.0.29
Severity Score:: Critical
CVE:: 2024-32948

Plugin:: Icon Widget
Plugin Slug:: icon-widget
Installations: 7,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4.0
Severity Score:: Medium
CVE:: 2024-1993

Plugin:: ProfileGrid � User Profiles, Memberships, Groups and Communities
Plugin Slug:: profilegrid-user-profiles-groups-and-communities
Installations: 7,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 5.8.0
Severity Score:: Medium
CVE:: 2024-32808

Plugin:: ProfileGrid � User Profiles, Memberships, Groups and Communities
Plugin Slug:: profilegrid-user-profiles-groups-and-communities
Installations: 7,000+
Vulnerability:: Bypass Vulnerability
Patched in Version:: 5.8.3
Severity Score:: Medium
CVE:: 2024-32774

Plugin:: ProfileGrid � User Profiles, Memberships, Groups and Communities
Plugin Slug:: profilegrid-user-profiles-groups-and-communities
Installations: 7,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 5.8.0
Severity Score:: Medium
CVE:: 2024-32772

Plugin:: ProfileGrid � User Profiles, Memberships, Groups and Communities
Plugin Slug:: profilegrid-user-profiles-groups-and-communities
Installations: 7,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.8.4
Severity Score:: Medium
CVE:: 2024-3606

Plugin:: Country State City Dropdown CF7
Plugin Slug:: country-state-city-auto-dropdown
Installations: 6,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.7.2
Severity Score:: Medium
CVE:: 2024-3520

Plugin:: Easy Property Listings
Plugin Slug:: easy-property-listings
Installations: 6,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.5.4
Severity Score:: Medium
CVE:: 2024-32799

Plugin:: Env�aloSimple: Email Marketing y Newsletters
Plugin Slug:: envialosimple-email-marketing-y-newsletters-gratis
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.3
Severity Score:: Medium
CVE:: 2024-32587

Plugin:: Image Slider
Plugin Slug:: image-slider-widget
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.127
Severity Score:: Medium
CVE:: 2024-32707

Plugin:: Poll Maker � Best WordPress Poll Plugin
Plugin Slug:: poll-maker
Installations: 6,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.1.9
Severity Score:: Medium
CVE:: 2024-3601

Plugin:: Poll Maker � Best WordPress Poll Plugin
Plugin Slug:: poll-maker
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.1.9
Severity Score:: High
CVE:: 2024-3600

Plugin:: Radio Player � Live Shoutcast, Icecast and Any Audio Stream Player for WordPress
Plugin Slug:: radio-player
Installations: 6,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.0.74
Severity Score:: Medium
CVE:: 2024-32506

Plugin:: Responsive Tabs
Plugin Slug:: responsive-tabs
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.0.7
Severity Score:: Medium
CVE:: 2024-1846

Plugin:: Podlove Podcast Publisher
Plugin Slug:: podlove-podcasting-plugin-for-wordpress
Installations: 5,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 4.0.12
Severity Score:: Medium
CVE:: 2024-32812

Plugin:: Podlove Podcast Publisher
Plugin Slug:: podlove-podcasting-plugin-for-wordpress
Installations: 5,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.0.15
Severity Score:: High
CVE:: 2024-32712

Plugin:: Salon booking system
Plugin Slug:: salon-booking-system
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 9.6.3
Severity Score:: High
CVE:: 2024-2101

Plugin:: TrackShip for WooCommerce
Plugin Slug:: trackship-for-woocommerce
Installations: 5,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.7.6
Severity Score:: Medium
CVE:: 2024-32678

Plugin:: Ultimate 410 Gone Status Code
Plugin Slug:: ultimate-410
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.5
Severity Score:: Medium
CVE:: 2024-3677

Plugin:: MyRewards � Loyalty Points and Rewards for WooCommerce � Reward orders, referrals, product reviews and more
Plugin Slug:: woorewards
Installations: 5,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.3.1
Severity Score:: Medium
CVE:: 2024-32688

Plugin:: Shopping Cart & eCommerce Store
Plugin Slug:: wp-easycart
Installations: 5,000+
Vulnerability:: SQL Injection
Patched in Version:: 5.6.4
Severity Score:: High
CVE:: 2024-3211

Plugin:: Advanced Local Pickup for WooCommerce
Plugin Slug:: advanced-local-pickup-for-woocommerce
Installations: 4,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.6.2
Severity Score:: Medium
CVE:: 2024-32814

Plugin:: Embed Google Photos album
Plugin Slug:: embed-google-photos-album-easily
Installations: 4,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 2.2.1
Severity Score:: Medium
CVE:: 2024-32775

Plugin:: Everest Backup � WordPress Cloud Backup, Migration, Restore & Cloning Plugin
Plugin Slug:: everest-backup
Installations: 4,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 2.2.5
Severity Score:: Critical
CVE:: 2023-7201

Plugin:: 3D FlipBook, PDF Viewer, PDF Embedder � Real 3D FlipBook WordPress Plugin
Plugin Slug:: real3d-flipbook-lite
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.63
Severity Score:: High
CVE:: 2024-32694

Plugin:: RSS Feed Widget
Plugin Slug:: rss-feed-widget
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.9.8
Severity Score:: Medium
CVE:: 2024-32690

Plugin:: Tickera � WordPress Event Ticketing
Plugin Slug:: tickera-event-ticketing-system
Installations: 4,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 3.5.2.5
Severity Score:: Medium
CVE:: 2023-7252

Plugin:: VikRentCar Car Rental Management System
Plugin Slug:: vikrentcar
Installations: 4,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.3.3
Severity Score:: Medium
CVE:: 2024-32780

Plugin:: WP ADA Compliance Check Basic � Most Comprehensive Web Accessibility Solution for WordPress
Plugin Slug:: wp-ada-compliance-check-basic
Installations: 4,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.1.4
Severity Score:: Medium
CVE:: 2024-32947

Plugin:: WP Dummy Content Generator
Plugin Slug:: wp-dummy-content-generator
Installations: 4,000+
Vulnerability:: Arbitrary Code Execution
Patched in Version:: 3.3.0
Severity Score:: Critical
CVE:: 2024-32599

Plugin:: WP Fusion Lite � Marketing Automation and CRM Integration for WordPress
Plugin Slug:: wp-fusion-lite
Installations: 4,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 3.43.0
Severity Score:: Medium
CVE:: 2024-32796

Plugin:: WPC Grouped Product for WooCommerce
Plugin Slug:: wpc-grouped-product
Installations: 4,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.4.3
Severity Score:: Medium
CVE:: 2024-32520

Plugin:: Coupon & Discount Code Reveal Button
Plugin Slug:: coupon-reveal-button
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.6
Severity Score:: Medium
CVE:: 2024-32722

Plugin:: Debug Log Manager
Plugin Slug:: debug-log-manager
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.3.2
Severity Score:: High
CVE:: 2024-32582

Plugin:: WP-FormAssembly
Plugin Slug:: formassembly-web-forms
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.11
Severity Score:: Medium
CVE:: 2023-49768

Plugin:: HelloAsso
Plugin Slug:: helloasso
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.6
Severity Score:: Medium
CVE:: 2024-32697

Plugin:: MaxGalleria
Plugin Slug:: maxgalleria
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: 6.4.3
Severity Score:: Medium
CVE:: 2024-3581

Plugin:: Navigation menu as Dropdown Widget
Plugin Slug:: navigation-menu-as-dropdown-widget
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.5
Severity Score:: Medium
CVE:: 2024-32126

Plugin:: Newsletters
Plugin Slug:: newsletters-lite
Installations: 3,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 4.9.6
Severity Score:: Critical
CVE:: 2024-32954

Plugin:: Newsletters
Plugin Slug:: newsletters-lite
Installations: 3,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 4.9.6
Severity Score:: High
CVE:: 2024-32953

Plugin:: Shared Files � Advanced File Sharing & Download Manager with Frontend Uploads & Lead Generation
Plugin Slug:: shared-files
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.7.17
Severity Score:: Medium
CVE:: 2024-32679

Plugin:: Vision � Image Map Builder
Plugin Slug:: vision
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.7.2
Severity Score:: Medium
CVE:: 2024-32779

Plugin:: Widget Post Slider
Plugin Slug:: widget-post-slider
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.6
Severity Score:: Medium
CVE:: 2024-32801

Plugin:: WP-Lister Lite for eBay
Plugin Slug:: wp-lister-for-ebay
Installations: 3,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 3.6.0
Severity Score:: Critical
CVE:: 2024-32836

Plugin:: WP-Lister Lite for eBay
Plugin Slug:: wp-lister-for-ebay
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.6.0
Severity Score:: Medium
CVE:: 2024-32573

Plugin:: WP-Recall � Registration, Profile, Commerce & More
Plugin Slug:: wp-recall
Installations: 3,000+
Vulnerability:: SQL Injection
Patched in Version:: 16.26.6
Severity Score:: High
CVE:: 2024-32710

Plugin:: WP-Recall � Registration, Profile, Commerce & More
Plugin Slug:: wp-recall
Installations: 3,000+
Vulnerability:: SQL Injection
Patched in Version:: 16.26.6
Severity Score:: Critical
CVE:: 2024-32709

Plugin:: WP-Recall � Registration, Profile, Commerce & More
Plugin Slug:: wp-recall
Installations: 3,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 16.26.6
Severity Score:: Medium
CVE:: 2024-32604

Plugin:: WP Stripe Checkout
Plugin Slug:: wp-stripe-checkout
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.2.42
Severity Score:: Medium
CVE:: 2024-32571

Plugin:: Accessibility Widget
Plugin Slug:: accessibility-widget
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.1
Severity Score:: Medium
CVE:: 2024-32831

Plugin:: Advanced Testimonial Carousel for Elementor
Plugin Slug:: advanced-testimonial-carousel-for-elementor
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.0.1
Severity Score:: Medium
CVE:: 2024-32783

Plugin:: All-in-one Like Widget
Plugin Slug:: all-in-one-facebook-like-widget
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.8
Severity Score:: Medium
CVE:: 2024-32815

Plugin:: Custom Thank You Page Customize For WooCommerce by Binary Carpenter
Plugin Slug:: bc-woo-custom-thank-you-pages
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.4.14
Severity Score:: Medium
CVE:: 2024-32517

Plugin:: CookieHub � Cookie Consent Banner (DSGVO, CCPA, RGPD and GDPR compliance)
Plugin Slug:: cookiehub
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.1.1
Severity Score:: Medium
CVE:: 2024-32784

Plugin:: GG Woo Feed for WooCommerce Shopping Feed on Google Facebook and Other Channels
Plugin Slug:: gg-woo-feed
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.2.7
Severity Score:: Medium
CVE:: 2024-32519

Plugin:: InstaWP Connect � 1-click WP Staging & Migration
Plugin Slug:: instawp-connect
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 0.1.0.25
Severity Score:: Medium
CVE:: 2024-32701

Plugin:: Kattene
Plugin Slug:: kattene
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8
Severity Score:: Medium
CVE:: 2024-32590

Plugin:: LH Add Media From Url
Plugin Slug:: lh-add-media-from-url
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.23
Severity Score:: High
CVE:: 2024-32533

Plugin:: Mortgage Calculators WP
Plugin Slug:: mortgage-calculators-wp
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.60
Severity Score:: Medium
CVE:: 2024-32581

Plugin:: Active Products Tables for WooCommerce. Use constructor to create tables�
Plugin Slug:: profit-products-tables-for-woocommerce
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.0.6.3
Severity Score:: Medium
CVE:: 2024-32691

Plugin:: The Pack Elementor addons (Header Footer & WooCommerce Builder, Template Library)
Plugin Slug:: the-pack-addon
Installations: 2,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.0.8.4
Severity Score:: High
CVE:: 2024-32785

Plugin:: The Pack Elementor addons (Header Footer & WooCommerce Builder, Template Library)
Plugin Slug:: the-pack-addon
Installations: 2,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 2.0.8.3
Severity Score:: Medium
CVE:: 2024-32718

Plugin:: Open Close WooCommerce Store � Best Business Schedules Manager
Plugin Slug:: woc-open-close
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.9.2
Severity Score:: Medium
CVE:: 2024-32522

Plugin:: SuperFaktura WooCommerce
Plugin Slug:: woocommerce-superfaktura
Installations: 2,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 1.40.4
Severity Score:: Medium
CVE:: 2024-32803

Plugin:: WP Helper Premium
Plugin Slug:: wp-helper-lite
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.6.0
Severity Score:: High
CVE:: 2024-32595

Plugin:: Academy LMS � eLearning and online course solution for WordPress
Plugin Slug:: academy
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.9.17
Severity Score:: Medium
CVE:: 2024-32714

Plugin:: ActiveDEMAND
Plugin Slug:: activedemand
Installations: 1,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 0.2.42
Severity Score:: Critical
CVE:: 2024-32809

Plugin:: AI Post Generator | AutoWriter
Plugin Slug:: ai-post-generator
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.4
Severity Score:: Medium
CVE:: 2024-32713

Plugin:: EleForms � All In One Form Integration including DB for Elementor
Plugin Slug:: all-contact-form-integration-for-elementor
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.9.9.8
Severity Score:: Medium
CVE:: 2024-2043

Plugin:: EleForms � All In One Form Integration including DB for Elementor
Plugin Slug:: all-contact-form-integration-for-elementor
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.9.9.8
Severity Score:: High
CVE:: 2024-2082

Plugin:: App Builder � Create Native Android & iOS Apps On The Flight
Plugin Slug:: app-builder
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.8.9
Severity Score:: Medium
CVE:: 2024-32565

Plugin:: AppPresser � Mobile App Framework
Plugin Slug:: apppresser
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.3.1
Severity Score:: Medium
CVE:: 2024-32776

Plugin:: Attesa Extra
Plugin Slug:: attesa-extra
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4.0
Severity Score:: Medium
CVE:: 2024-32594

Plugin:: Backend Designer
Plugin Slug:: backend-designer
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4
Severity Score:: Medium
CVE:: 2024-32591

Plugin:: Post Form � Registration Form � Profile Form for User Profiles � Frontend Content Forms for User Submissions (UGC)
Plugin Slug:: buddyforms
Installations: 1,000+
Vulnerability:: Arbitrary File Download
Patched in Version:: 2.8.9
Severity Score:: High
CVE:: 2024-32830

Plugin:: Import Content in WordPress & WooCommerce with Excel
Plugin Slug:: content-excel-importer
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.3
Severity Score:: Medium
CVE:: 2024-32585

Plugin:: Photos and Files Contest Gallery � Contact Form, Upload Form, Social Share and Voting Competition Plugin for WordPress
Plugin Slug:: contest-gallery
Installations: 1,000+
Vulnerability:: Arbitrary File Deletion
Patched in Version:: 21.3.5
Severity Score:: High
CVE:: 2024-32778

Plugin:: Culqi
Plugin Slug:: culqi-checkout
Installations: 1,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 3.0.15
Severity Score:: Medium
CVE:: 2024-32819

Plugin:: DirectoryPress � Business Directory And Classified Ad Listing
Plugin Slug:: directorypress
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.6.8
Severity Score:: High
CVE:: 2024-32567

Plugin:: DSGVO Youtube
Plugin Slug:: dsgvo-youtube
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4.6
Severity Score:: Medium
CVE:: 2024-32596

Plugin:: USPS Shipping for WooCommerce � Live Rates
Plugin Slug:: flexible-shipping-usps
Installations: 1,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.10.0
Severity Score:: Medium
CVE:: 2024-32811

Plugin:: Headline Analyzer
Plugin Slug:: headline-analyzer
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.3.4
Severity Score:: Medium
CVE:: 2024-32806

Plugin:: AI Infographic Maker
Plugin Slug:: infographic-and-list-builder-ilist
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.6.8
Severity Score:: Medium
CVE:: 2024-32696

Plugin:: Login with phone number
Plugin Slug:: login-with-phone-number
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.6.94
Severity Score:: Critical
CVE:: 2024-32832

Plugin:: Login with phone number
Plugin Slug:: login-with-phone-number
Installations: 1,000+
Vulnerability:: Privilege Escalation
Patched in Version:: 1.7.17
Severity Score:: High
CVE:: 2024-32507

Plugin:: Netgsm
Plugin Slug:: netgsm
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.9
Severity Score:: High
CVE:: 2024-32544

Plugin:: BizPrint � Print WooCommerce Order Receipts, Invoices, Labels & More.
Plugin Slug:: print-google-cloud-print-gcp-woocommerce
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.5.4
Severity Score:: High
CVE:: 2024-32777

Plugin:: Reviews Plus
Plugin Slug:: reviews-plus
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.3.5
Severity Score:: Medium
CVE:: 2024-32822

Plugin:: Seers | GDPR & CCPA Cookie Consent & Compliance
Plugin Slug:: seers-cookie-consent-banner-privacy-policy
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 8.1.1
Severity Score:: High
CVE:: 2024-32789

Plugin:: WooCommerce Shipping Label
Plugin Slug:: shipping-labels-for-woo
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.3.9
Severity Score:: Medium
CVE:: 2024-32834

Plugin:: StreamWeasels Twitch Integration
Plugin Slug:: streamweasels-twitch-integration
Installations: 1,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.8.0
Severity Score:: Medium
CVE:: 2024-32716

Plugin:: Tagbox � UGC Galleries, Social Media Widgets, User Reviews & Analytics
Plugin Slug:: taggbox-widget
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.3
Severity Score:: Medium
CVE:: 2024-32552

Plugin:: Poll | Vote | Contest � Best Poll Plugin for WordPress
Plugin Slug:: totalpoll-lite
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.10.0
Severity Score:: Medium
CVE:: 2024-32821

Plugin:: Void Elementor WHMCS Elements For Elementor Page Builder
Plugin Slug:: void-elementor-whmcs-elements
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.1
Severity Score:: Medium
CVE:: 2024-32592

Plugin:: Multi Currency For WooCommerce
Plugin Slug:: wc-multi-currency
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.5.6
Severity Score:: Medium
CVE:: 2024-32516

Plugin:: Order Limit for WooCommerce
Plugin Slug:: wc-order-limit-lite
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.0.1
Severity Score:: Medium
CVE:: 2024-32675

Plugin:: BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages
Plugin Slug:: wc4bp
Installations: 1,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 3.4.21
Severity Score:: High
CVE:: 2024-32603

Plugin:: SharkDropship and Affiliate for AliExpress, eBay, Amazon, Etsy
Plugin Slug:: woo-aliexpress-dropshipping
Installations: 1,000+
Vulnerability:: Arbitrary Content Deletion
Patched in Version:: 2.1.2
Severity Score:: High
CVE:: 2024-32724

Plugin:: WP Club Manager � WordPress Sports Club Plugin
Plugin Slug:: wp-club-manager
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.2.12
Severity Score:: Medium
CVE:: 2024-32719

Plugin:: WP Club Manager � WordPress Sports Club Plugin
Plugin Slug:: wp-club-manager
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.12
Severity Score:: Medium
CVE:: 2024-32566

Plugin:: WP Dynamic Keywords Injector
Plugin Slug:: wp-dynamic-keywords-injector
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.3.22
Severity Score:: High
CVE:: 2024-32528

Plugin:: WP GoToWebinar
Plugin Slug:: wp-gotowebinar
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 15.1
Severity Score:: Medium
CVE:: 2024-32804

Plugin:: MDTF � Meta Data and Taxonomies Filter
Plugin Slug:: wp-meta-data-filter-and-taxonomy-filter
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.3.3.1
Severity Score:: Medium
CVE:: 2024-32818

Plugin:: WordPress Simple HTML Sitemap
Plugin Slug:: wp-simple-html-sitemap
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.9
Severity Score:: High
CVE:: 2024-32574

Plugin:: WP Smart Import : Import any XML File to WordPress
Plugin Slug:: wp-smart-import
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.0
Severity Score:: Medium
CVE:: 2024-32597

Plugin:: WPBITS Addons For Elementor Page Builder
Plugin Slug:: wpbits-addons-for-elementor
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4
Severity Score:: Medium
CVE:: 2024-32593

Plugin:: WPCal.io � Easy Meeting Scheduler
Plugin Slug:: wpcal
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 0.9.5.9
Severity Score:: Medium
CVE:: 2024-32795

Plugin:: Frontend Dashboard
Plugin Slug:: frontend-dashboard
Installations: 900+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.2.4
Severity Score:: High
CVE:: 2024-32726

Plugin:: Olive One Click Demo Import
Plugin Slug:: olive-one-click-demo-import
Installations: 900+
Vulnerability:: Arbitrary File Download
Patched in Version:: 1.1.2
Severity Score:: High
CVE:: 2024-32715

Plugin:: Language Switcher for Transposh
Plugin Slug:: language-switcher-for-transposh
Installations: 800+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.0
Severity Score:: High
CVE:: 2024-32695

Plugin:: BMI Adult & Kid Calculator
Plugin Slug:: bmi-adultkid-calculator
Installations: 700+
Vulnerability:: Broken Access Control
Patched in Version:: 1.2.2
Severity Score:: High
CVE:: 2024-32550

Plugin:: ShortPixel Critical CSS
Plugin Slug:: shortpixel-critical-css
Installations: 700+
Vulnerability:: Broken Access Control
Patched in Version:: 1.0.3
Severity Score:: High
CVE:: 2024-32810

Plugin:: Support Genix � Support Tickets Managing System & Helpdesk Plugin for WordPress and WooCommerce
Plugin Slug:: support-genix-lite
Installations: 400+
Vulnerability:: Broken Access Control
Patched in Version:: 1.2.4
Severity Score:: Critical
CVE:: 2023-49742

Plugin:: Evergreen Content Poster � Auto Post and Schedule Your Best Content to Social Media
Plugin Slug:: evergreen-content-poster
Installations: 100+
Vulnerability:: Broken Access Control
Patched in Version:: 1.4.3
Severity Score:: Medium
CVE:: 2024-32824

Plugin:: Fixed HTML Toolbar
Plugin Slug:: fixed-html-toolbar
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.8
Severity Score:: Medium
CVE:: 2024-32540

Plugin:: NPS computy
Plugin Slug:: nps-computy
Installations: 90+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.7.6
Severity Score:: Medium
CVE:: 2024-1755

Plugin:: NPS computy
Plugin Slug:: nps-computy
Installations: 90+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.7.6
Severity Score:: Medium
CVE:: 2024-1754

Plugin:: 5 star review funnel for Google Reviews, Trustpilot, ProvenExpert and more | RRatingg
Plugin Slug:: 5-stars-rating-funnel
Installations: 40+
Vulnerability:: Broken Access Control
Patched in Version:: 1.3.02
Severity Score:: Medium
CVE:: 2024-32725

Plugin:: ARForms
Plugin Slug:: arforms
Vulnerability:: SQL Injection
Patched in Version:: 6.4.1
Severity Score:: High
CVE:: 2024-32706

Plugin:: ARForms
Plugin Slug:: arforms
Vulnerability:: Settings Change
Patched in Version:: 6.4.1
Severity Score:: High
CVE:: 2024-32705

Plugin:: ARForms
Plugin Slug:: arforms
Vulnerability:: Settings Change
Patched in Version:: 6.4.1
Severity Score:: High
CVE:: 2024-32704

Plugin:: ARForms
Plugin Slug:: arforms
Vulnerability:: Arbitrary File Deletion
Patched in Version:: 6.4.1
Severity Score:: High
CVE:: 2024-32703

Plugin:: ARForms
Plugin Slug:: arforms
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.4.1
Severity Score:: High
CVE:: 2024-32702

Plugin:: Barcode Scanner with Inventory & Order Manager
Plugin Slug:: barcode-scanner-lite-pos-to-manage-products-inventory-and-orders
Vulnerability:: Broken Access Control
Patched in Version:: 1.5.4
Severity Score:: High
CVE:: 2024-32589

Plugin:: CBX Bookmark & Favorite
Plugin Slug:: cbxwpbookmark
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.7.22
Severity Score:: Medium
CVE:: 2024-32577

Plugin:: Chauffeur Taxi Booking System for WordPress
Plugin Slug:: chauffeur-booking-system
Vulnerability:: Broken Authentication
Patched in Version:: 7.0
Severity Score:: High
CVE:: 2024-32692

Plugin:: Conversational Forms for ChatBot
Plugin Slug:: conversational-forms
Vulnerability:: Arbitrary File Download
Patched in Version:: 1.2.0
Severity Score:: High
CVE:: 2024-32729

Plugin:: ElementsKit Pro
Plugin Slug:: elementskit
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.6.1
Severity Score:: Medium
CVE:: 2024-3598

Plugin:: Essential Addons for Elementor Pro
Plugin Slug:: essential-addons-elementor
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.8.12
Severity Score:: Medium
CVE:: 2024-3645

Plugin:: Fancy Product Designer
Plugin Slug:: fancy-product-designer
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.1.81
Severity Score:: Medium
CVE:: 2024-0902

Plugin:: Integrate Google Drive
Plugin Slug:: integrate-google-drive
Vulnerability:: Broken Access Control
Patched in Version:: 1.3.91
Severity Score:: High
CVE:: 2024-32949

Plugin:: Integrate Google Drive
Plugin Slug:: integrate-google-drive
Vulnerability:: Broken Access Control
Patched in Version:: 1.3.91
Severity Score:: Medium
CVE:: 2024-32813

Plugin:: WPBakery Page Builder
Plugin Slug:: js_composer
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.6
Severity Score:: Medium
CVE:: 2024-1840

Plugin:: WPBakery Page Builder
Plugin Slug:: js_composer
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.6
Severity Score:: Medium
CVE:: 2024-1805

Plugin:: Max Addons Pro for Bricks
Plugin Slug:: max-addons-pro-bricks
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.2
Severity Score:: High
CVE:: 2024-32952

Plugin:: Max Addons Pro for Bricks
Plugin Slug:: max-addons-pro-bricks
Vulnerability:: Settings Change
Patched in Version:: 1.6.2
Severity Score:: Medium
CVE:: 2024-32951

Plugin:: WooCommerce Customers Manager
Plugin Slug:: woocommerce-customers-manager
Vulnerability:: SQL Injection
Patched in Version:: 29.7
Severity Score:: High
CVE:: 2024-0399

Plugin:: Automatic
Plugin Slug:: wp-automatic
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.93.0
Severity Score:: High
CVE:: 2024-32693

Plugin:: WP Cost Estimation & Payment Forms Builder
Plugin Slug:: wp-estimation-form
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 10.1.76
Severity Score:: High
CVE:: 2024-32510

Plugin:: WP Cost Estimation & Payment Forms Builder
Plugin Slug:: wp-estimation-form
Vulnerability:: Broken Access Control
Patched in Version:: 10.1.77
Severity Score:: Medium
CVE:: 2024-32509

Plugin:: WP Media Category Management
Plugin Slug:: wp-media-category-management
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.3.0
Severity Score:: High
CVE:: 2024-32950

Plugin:: Wp Staging Pro
Plugin Slug:: wp-staging-pro
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.4.0
Severity Score:: Medium
CVE:: 2024-2309

WordPress Themes � 2 Patched / 1 Unpatched

Theme:: GuCherry Blog
Theme Slug:: gucherry-blog
Downloads: 137,149
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-32531

Theme:: Royal Elementor Kit
Theme Slug:: royal-elementor-kit
Downloads: 457,475
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.0.117
Severity Score:: Medium
CVE:: 2024-32773

Theme:: Tainacan Interface
Theme Slug:: tainacan-interface
Downloads: 16,620
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.7.2
Severity Score:: High
CVE:: 2024-3867