WordPress Vulnerability Report � May 15, 2024

In this report, 192 vulnerabilities have been publicly disclosed. Security patches for 145 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 47 plugin vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

WordPress Core

WordPress 6.5.3 was released on May 7, 2024, as a short-cycle maintenance release. This release features 12 bug fixes on Core and 9 bug fixes for the Block editor.

The next major release will be version 6.6 planned for July 2024.

WordPress Plugins � 129 Patched / 47 Unpatched

Plugin:: Clearfy Cache � WordPress optimization plugin, Minify HTML, CSS & JS, Defer
Plugin Slug:: clearfy
Installations: 80,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-34806

Plugin:: Flo Forms � Easy Drag & Drop Form Builder
Plugin Slug:: flo-forms
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-35174

Plugin:: WP Post Author � Enhance Your Posts with the Author Bio, Co-Authors, Guest Authors, and Post Rating System, including User Registration Form Builder
Plugin Slug:: wp-post-author
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-34389

Plugin:: WP Post Author � Enhance Your Posts with the Author Bio, Co-Authors, Guest Authors, and Post Rating System, including User Registration Form Builder
Plugin Slug:: wp-post-author
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-34387

Plugin:: 140+ Widgets | Best Addons For Elementor � FREE
Plugin Slug:: xpro-elementor-addons
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-34570

Plugin:: JCH Optimize
Plugin Slug:: jch-optimize
Installations: 6,000+
Vulnerability:: Path Traversal
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-34808

Plugin:: Post Grid Master � Custom Post Types, Taxonomies & Ajax Filter Everything with Infinite Scroll, Load More, Pagination & Shortcode Builder
Plugin Slug:: ajax-filter-posts
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-34390

Plugin:: Kognetiks Chatbot for WordPress
Plugin Slug:: chatbot-chatgpt
Installations: 1,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-32700

Plugin:: Netgsm
Plugin Slug:: netgsm
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-4746

Plugin:: Propovoice CRM � Best CRM & Invoicing Plugin to Manage Leads, Clients and Billings automation
Plugin Slug:: propovoice
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-4747

Plugin:: Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider
Plugin Slug:: ultimate-store-kit
Installations: 1,000+
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-4606

Plugin:: WC Serial Numbers � Ultimate License Manager for Selling, Licensing & Securely Delivering Digital Content with WooCommerce
Plugin Slug:: wc-serial-numbers
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-35173

Plugin:: WordPress Webinar Plugin � WebinarPress
Plugin Slug:: wp-webinarsystem
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-34818

Plugin:: gee Search Plus, improved WordPress search
Plugin Slug:: gsearch-plus
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-34560

Plugin:: Sticky Social Link
Plugin Slug:: sticky-social-link
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-34546

Plugin:: DS Site Message
Plugin Slug:: ds-site-message
Installations: 10+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-34439

Plugin:: Viet Nam Affiliate
Plugin Slug:: viet-nam-affiliate
Installations: 10+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-34417

Plugin:: AWSOM News Announcement
Plugin Slug:: awsom-news-announcement
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-34428

Plugin:: BlogLentor
Plugin Slug:: bloglentor-for-elementor
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-34421

Plugin:: Brozzme Scroll Top
Plugin Slug:: brozzme-scroll-top
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-34426

Plugin:: canvasio3D Light
Plugin Slug:: canvasio3d-light
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-34411

Plugin:: Configure Login Timeout
Plugin Slug:: configure-login-timeout
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-34419

Plugin:: Corona Virus (COVID-19) Banner & Live Data
Plugin Slug:: corona-virus-covid-19-banner
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-34429

Plugin:: Crelly Slider
Plugin Slug:: crelly-slider
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-3752

Plugin:: Debug Info
Plugin Slug:: debug-info
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-34565

Plugin:: EasyEvent
Plugin Slug:: easyevent
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-3628

Plugin:: Enter Addons
Plugin Slug:: enteraddons
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-3831

Plugin:: Fancy Elementor Flipbox
Plugin Slug:: fancy-elementor-flipbox
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-34572

Plugin:: Fast Custom Social Share by CodeBard
Plugin Slug:: fast-custom-social-share-by-codebard
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-34807

Plugin:: Featured Content Gallery
Plugin Slug:: featured-content-gallery
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-34424

Plugin:: Forty Four � 404 Plugin for WordPress
Plugin Slug:: forty-four
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-34423

Plugin:: GDPR Compliance
Plugin Slug:: gdpr-compliance
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-34388

Plugin:: Comments Evolved for WordPress
Plugin Slug:: gplus-comments
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-34420

Plugin:: LetterPress
Plugin Slug:: letterpress
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-34568

Plugin:: MF Gig Calendar
Plugin Slug:: mf-gig-calendar
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-3755

Plugin:: Pk Favicon Manager
Plugin Slug:: phpsword-favicon-manager
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-34416

Plugin:: Pootle Pagebuilder � WordPress Page builder
Plugin Slug:: pootle-page-builder
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-34573

Plugin:: Pure Chat
Plugin Slug:: pure-chat
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-3595

Plugin:: QuickieBar
Plugin Slug:: quickiebar
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-34425

Plugin:: Social Connect
Plugin Slug:: social-connect
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-4393

Plugin:: Swift Performance Lite
Plugin Slug:: swift-performance-lite
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-3722

Plugin:: Table Maker
Plugin Slug:: table-maker
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-34574

Plugin:: TT Custom Post Type Creator
Plugin Slug:: tt-custom-post-type-creator
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-34430

Plugin:: Viet Affiliate Link
Plugin Slug:: viet-affiliate-link
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-34422

Plugin:: WP etracker
Plugin Slug:: wp-etracker
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-34431

Plugin:: WP Favorite Posts
Plugin Slug:: wp-favorite-posts
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-34427

Plugin:: WPCS ( WordPress Custom Search )
Plugin Slug:: wpcs-wp-custom-search
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-34418

Plugin:: Yoast SEO
Plugin Slug:: wordpress-seo
Installations: 5,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 22.6
Severity Score:: High
CVE:: 2024-4041

Plugin:: Jetpack � WP Security, Backup, Speed, & Growth
Plugin Slug:: jetpack
Installations: 4,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 13.4
Severity Score:: Medium
CVE:: 2024-4392

Plugin:: Essential Addons for Elementor � Best Elementor Templates, Widgets, Kits & WooCommerce Builders
Plugin Slug:: essential-addons-for-elementor-lite
Installations: 2,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.9.21
Severity Score:: Medium
CVE:: 2024-4624

Plugin:: Essential Addons for Elementor � Best Elementor Templates, Widgets, Kits & WooCommerce Builders
Plugin Slug:: essential-addons-for-elementor-lite
Installations: 2,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.9.20
Severity Score:: Medium
CVE:: 2024-4275

Plugin:: Starter Templates � Elementor, WordPress & Beaver Builder Templates
Plugin Slug:: astra-sites
Installations: 1,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.2.2
Severity Score:: Medium
CVE:: 2024-4630

Plugin:: Starter Templates � Elementor, WordPress & Beaver Builder Templates
Plugin Slug:: astra-sites
Installations: 1,000,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 4.1.7
Severity Score:: Medium
CVE:: 2024-1467

Plugin:: One Click Demo Import
Plugin Slug:: one-click-demo-import
Installations: 1,000,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 3.2.1
Severity Score:: Medium
CVE:: 2024-34433

Plugin:: Gutenberg Blocks with AI by Kadence WP � Page Builder Features
Plugin Slug:: kadence-blocks
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.37
Severity Score:: Medium
CVE:: 2024-4481

Plugin:: Translate Multilingual sites � TranslatePress
Plugin Slug:: translatepress-multilingual
Installations: 300,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.7.6
Severity Score:: Medium
CVE:: 2024-34827

Plugin:: Blocksy Companion
Plugin Slug:: blocksy-companion
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.46
Severity Score:: Medium
CVE:: 2024-4487

Plugin:: FileBird � WordPress Media Library Folders & File Manager
Plugin Slug:: filebird
Installations: 200,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 5.6.4
Severity Score:: Medium
CVE:: 2024-35166

Plugin:: Unlimited Elements For Elementor (Free Widgets, Addons, Templates)
Plugin Slug:: unlimited-elements-for-elementor
Installations: 200,000+
Vulnerability:: SQL Injection
Patched in Version:: 1.5.105
Severity Score:: High
CVE:: 2024-3055

Plugin:: Unlimited Elements For Elementor (Free Widgets, Addons, Templates)
Plugin Slug:: unlimited-elements-for-elementor
Installations: 200,000+
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: 1.5.103
Severity Score:: High
CVE:: 2024-2662

Plugin:: Unlimited Elements For Elementor (Free Widgets, Addons, Templates)
Plugin Slug:: unlimited-elements-for-elementor
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.103
Severity Score:: High
CVE:: 2024-3547

Plugin:: White Label CMS
Plugin Slug:: white-label-cms
Installations: 200,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.7.4
Severity Score:: Medium
CVE:: 2024-4280

Plugin:: Advanced Ads ��Ad Manager & AdSense
Plugin Slug:: advanced-ads
Installations: 100,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 1.52.2
Severity Score:: Medium
CVE:: 2024-2290

Plugin:: Advanced Ads ��Ad Manager & AdSense
Plugin Slug:: advanced-ads
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.52.2
Severity Score:: Medium
CVE:: 2024-3952

Plugin:: Prime Slider � Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider)
Plugin Slug:: bdthemes-prime-slider-lite
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.14.4
Severity Score:: Medium
CVE:: 2024-4339

Plugin:: Beaver Builder � WordPress Page Builder
Plugin Slug:: beaver-builder-lite-version
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.8.1.3
Severity Score:: Medium
CVE:: 2024-4430

Plugin:: Beaver Builder � WordPress Page Builder
Plugin Slug:: beaver-builder-lite-version
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.8.1.2
Severity Score:: Medium
CVE:: 2024-3923

Plugin:: Content Views � Post Grid & Filter, Recent Posts, Category Posts, & More (Gutenberg Blocks and Shortcode)
Plugin Slug:: content-views-query-and-display-post-page
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.7.2
Severity Score:: Medium
CVE:: 2024-4446

Plugin:: HT Mega � Absolute Addons For Elementor
Plugin Slug:: ht-mega-for-elementor
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.5.1
Severity Score:: Medium
CVE:: 2024-3990

Plugin:: Pods � Custom Content Types and Fields
Plugin Slug:: pods
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.1.1
Severity Score:: Medium
CVE:: 2024-3956

Plugin:: WP Job Manager
Plugin Slug:: wp-job-manager
Installations: 100,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.3.0
Severity Score:: Medium
CVE:: 2024-34549

Plugin:: XML Sitemap & Google News
Plugin Slug:: xml-sitemap-feed
Installations: 100,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 5.4.9
Severity Score:: High
CVE:: 2024-4441

Plugin:: EmbedPress � Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor
Plugin Slug:: embedpress
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.9.17
Severity Score:: Medium
CVE:: 2024-4316

Plugin:: LearnPress � WordPress LMS Plugin
Plugin Slug:: learnpress
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.2.6.6
Severity Score:: Medium
CVE:: 2024-4277

Plugin:: LearnPress � WordPress LMS Plugin
Plugin Slug:: learnpress
Installations: 90,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.2.6.6
Severity Score:: Medium
CVE:: 2024-4444

Plugin:: LearnPress � WordPress LMS Plugin
Plugin Slug:: learnpress
Installations: 90,000+
Vulnerability:: SQL Injection
Patched in Version:: 4.2.6.6
Severity Score:: Critical
CVE:: 2024-4434

Plugin:: LearnPress � WordPress LMS Plugin
Plugin Slug:: learnpress
Installations: 90,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 4.2.6.6
Severity Score:: Critical
CVE:: 2024-4397

Plugin:: Import and export users and customers
Plugin Slug:: import-users-from-csv-with-meta
Installations: 80,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.26.6
Severity Score:: Medium
CVE:: 2024-34815

Plugin:: Mesmerize Companion
Plugin Slug:: mesmerize-companion
Installations: 80,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.149
Severity Score:: Medium
CVE:: 2024-3494

Plugin:: Sydney Toolbox
Plugin Slug:: sydney-toolbox
Installations: 80,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.32
Severity Score:: Medium
CVE:: 2024-4473

Plugin:: AI Engine
Plugin Slug:: ai-engine
Installations: 70,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 2.2.70
Severity Score:: Critical
CVE:: 2024-34440

Plugin:: Custom Field Suite
Plugin Slug:: custom-field-suite
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.6
Severity Score:: Medium
CVE:: 2024-3068

Plugin:: Easy Digital Downloads � Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy)
Plugin Slug:: easy-digital-downloads
Installations: 50,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 3.2.12
Severity Score:: Medium
CVE:: 2024-32100

Plugin:: Easy Digital Downloads � Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy)
Plugin Slug:: easy-digital-downloads
Installations: 50,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.2.12
Severity Score:: Medium
CVE:: 2024-31113

Plugin:: Form Maker by 10Web � Mobile-Friendly Drag & Drop Contact Form Builder
Plugin Slug:: form-maker
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.15.25
Severity Score:: Medium
CVE:: 2024-34437

Plugin:: Image Hover Effects � Elementor Addon
Plugin Slug:: image-hover-effects-addon-for-elementor
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4.2
Severity Score:: Medium
CVE:: 2024-1166

Plugin:: Ditty � Responsive News Tickers, Sliders, and Lists
Plugin Slug:: ditty-news-ticker
Installations: 40,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 3.1.39
Severity Score:: High
CVE:: 2024-3954

Plugin:: Timber
Plugin Slug:: timber-library
Installations: 40,000+
Vulnerability:: Deserialization of untrusted data
Patched in Version:: 1.23.1
Severity Score:: High
CVE:: 2024-29800

Plugin:: Visual Footer Credit Remover
Plugin Slug:: visual-footer-credit-remover
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3
Severity Score:: Medium
CVE:: 2024-2846

Plugin:: Social Sharing Plugin � Social Warfare
Plugin Slug:: social-warfare
Installations: 30,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 4.4.6
Severity Score:: Medium
CVE:: 2024-34825

Plugin:: Back In Stock Notifier for WooCommerce | WooCommerce Waitlist Pro
Plugin Slug:: back-in-stock-notifier-for-woocommerce
Installations: 20,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.3.2
Severity Score:: Medium
CVE:: 2024-4038

Plugin:: Content Blocks (Custom Post Widget)
Plugin Slug:: custom-post-widget
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.3.1
Severity Score:: Medium
CVE:: 2024-34566

Plugin:: Giveaways and Contests by RafflePress � Get More Website Traffic, Email Subscribers, and Social Followers
Plugin Slug:: rafflepress
Installations: 20,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.12.5
Severity Score:: Medium
CVE:: 2024-4745

Plugin:: ShortPixel Adaptive Images � WebP, AVIF, CDN, Image Optimization
Plugin Slug:: shortpixel-adaptive-images
Installations: 20,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 3.8.4
Severity Score:: Medium
CVE:: 2024-35172

Plugin:: ShortPixel Adaptive Images � WebP, AVIF, CDN, Image Optimization
Plugin Slug:: shortpixel-adaptive-images
Installations: 20,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.8.4
Severity Score:: Medium
CVE:: 2024-4689

Plugin:: ClickCease Click Fraud Protection
Plugin Slug:: clickcease-click-fraud-protection
Installations: 10,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 3.2.5
Severity Score:: Medium
CVE:: 2023-6810

Plugin:: Easy Affiliate Links
Plugin Slug:: easy-affiliate-links
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.7.3
Severity Score:: Medium
CVE:: 2024-34441

Plugin:: Envo’s Elementor Templates & Widgets for WooCommerce
Plugin Slug:: envo-elementor-for-woocommerce
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4.9
Severity Score:: Medium
CVE:: 2024-35167

Plugin:: Graphina � Elementor Charts and Graphs
Plugin Slug:: graphina-elementor-charts-and-graphs
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8.10
Severity Score:: Medium
CVE:: 2024-4574

Plugin:: HTML5 Audio Player- Best WordPress Audio Player Plugin
Plugin Slug:: html5-audio-player
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.22
Severity Score:: Medium
CVE:: 2024-4398

Plugin:: Link Library
Plugin Slug:: link-library
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.7
Severity Score:: Medium
CVE:: 2024-4281

Plugin:: Gallery Block (Meow Gallery)
Plugin Slug:: meow-gallery
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.1.4
Severity Score:: Medium
CVE:: 2024-4386

Plugin:: Hotel Booking Lite
Plugin Slug:: motopress-hotel-booking-lite
Installations: 10,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 4.11.2
Severity Score:: Critical
CVE:: 2024-4413

Plugin:: Shared Counts � Social Media Share Buttons
Plugin Slug:: shared-counts
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.5.0
Severity Score:: Medium

Plugin:: Simple Basic Contact Form
Plugin Slug:: simple-basic-contact-form
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 20240511
Severity Score:: Medium
CVE:: 2024-4144

Plugin:: SportsPress � Sports Club & League Manager
Plugin Slug:: sportspress
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.7.21
Severity Score:: Medium
CVE:: 2024-34824

Plugin:: SSL Zen � Free Let’s Encrypt SSL Certificate & HTTPS/SSL Redirect WordPress Plugin
Plugin Slug:: ssl-zen
Installations: 10,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 4.6.0
Severity Score:: Medium
CVE:: 2024-1076

Plugin:: Themify Shortcodes
Plugin Slug:: themify-shortcodes
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.0
Severity Score:: Medium
CVE:: 2024-4567

Plugin:: Thim Elementor Kit
Plugin Slug:: thim-elementor-kit
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.9.1
Severity Score:: Medium
CVE:: 2024-4329

Plugin:: Thim Elementor Kit
Plugin Slug:: thim-elementor-kit
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.9
Severity Score:: Medium
CVE:: 2024-34415

Plugin:: weMail � Email Marketing, Newsletter, Optin Forms, Subscribers WordPress Plugin
Plugin Slug:: wemail
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.14.3
Severity Score:: Medium
CVE:: 2024-34822

Plugin:: All-in-One Addons for Elementor � WidgetKit
Plugin Slug:: widgetkit-for-elementor
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.5.0
Severity Score:: Medium
CVE:: 2024-34548

Plugin:: Orders Tracking for WooCommerce
Plugin Slug:: woo-orders-tracking
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.2.11
Severity Score:: Medium
CVE:: 2024-4039

Plugin:: WP Latest Posts
Plugin Slug:: wp-latest-posts
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.0.8
Severity Score:: Medium
CVE:: 2024-4135

Plugin:: WP Photo Album Plus
Plugin Slug:: wp-photo-album-plus
Installations: 10,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 8.7.01.002
Severity Score:: Critical
CVE:: 2024-31377

Plugin:: YITH WooCommerce Gift Cards
Plugin Slug:: yith-woocommerce-gift-cards
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.13.0
Severity Score:: Medium
CVE:: 2024-0870

Plugin:: WP SMS � Messaging, SMS & MMS Notifications, 2FA & OTP for WordPress, WooCommerce, GravityForms, etc
Plugin Slug:: wp-sms
Installations: 9,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.5.2
Severity Score:: Medium
CVE:: 2024-34811

Plugin:: Gutenify � Visual Site Builder Blocks & Site Templates.
Plugin Slug:: gutenify
Installations: 8,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.4.1
Severity Score:: Medium
CVE:: 2024-35165

Plugin:: If-So Dynamic Content Personalization
Plugin Slug:: if-so
Installations: 8,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.7.1.1
Severity Score:: Medium
CVE:: 2024-34820

Plugin:: WordPress Affiliates Plugin � SliceWP Affiliates
Plugin Slug:: slicewp
Installations: 8,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.11
Severity Score:: Medium
CVE:: 2024-34413

Plugin:: Shipment Tracking, Tracking, and Order Tracking for WooCommerce � ParcelPanel (Free to install)
Plugin Slug:: parcelpanel
Installations: 7,000+
Vulnerability:: SQL Injection
Patched in Version:: 3.9.0
Severity Score:: High
CVE:: 2024-34412

Plugin:: WP Compress � Image Optimizer [All-In-One]
Plugin Slug:: wp-compress-image-optimizer
Installations: 7,000+
Vulnerability:: Broken Access Control
Patched in Version:: 6.20.02
Severity Score:: Medium
CVE:: 2024-4445

Plugin:: WP Compress � Image Optimizer [All-In-One]
Plugin Slug:: wp-compress-image-optimizer
Installations: 7,000+
Vulnerability:: Open Redirection
Patched in Version:: 6.20.02
Severity Score:: Medium
CVE:: 2023-6812

Plugin:: Better Elementor Addons
Plugin Slug:: better-elementor-addons
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4.5
Severity Score:: Medium
CVE:: 2024-34432

Plugin:: The Best WordPress Knowledgebase and Documentation Plugin � weDocs
Plugin Slug:: wedocs
Installations: 6,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.1.5
Severity Score:: Medium
CVE:: 2024-34442

Plugin:: WOLF � WordPress Posts Bulk Editor and Manager Professional
Plugin Slug:: bulk-editor
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.8.3
Severity Score:: Medium
CVE:: 2024-34558

Plugin:: Edwiser Bridge � WordPress Moodle LMS Integration
Plugin Slug:: edwiser-bridge
Installations: 5,000+
Vulnerability:: Privilege Escalation
Patched in Version:: 3.0.6
Severity Score:: Critical
CVE:: 2024-4186

Plugin:: Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library )
Plugin Slug:: magical-addons-for-elementor
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.35
Severity Score:: Medium
CVE:: 2024-34547

Plugin:: Shopping Cart & eCommerce Store
Plugin Slug:: wp-easycart
Installations: 5,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 5.6.5
Severity Score:: Medium
CVE:: 2024-4213

Plugin:: Design for Contact Form 7 Style WordPress Plugin � CF7 WOW Styler
Plugin Slug:: cf7-styler
Installations: 4,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.6.5
Severity Score:: Medium
CVE:: 2024-34826

Plugin:: 3D FlipBook, PDF Viewer, PDF Embedder � Real 3D FlipBook WordPress Plugin
Plugin Slug:: real3d-flipbook-lite
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.72
Severity Score:: Medium
CVE:: 2024-34561

Plugin:: Startklar Elementor Addons
Plugin Slug:: startklar-elmentor-forms-extwidgets
Installations: 4,000+
Vulnerability:: Arbitrary File Deletion
Patched in Version:: 1.7.14
Severity Score:: High
CVE:: 2024-4346

Plugin:: Startklar Elementor Addons
Plugin Slug:: startklar-elmentor-forms-extwidgets
Installations: 4,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 1.7.14
Severity Score:: Critical
CVE:: 2024-4345

Plugin:: Auto Affiliate Links
Plugin Slug:: wp-auto-affiliate-links
Installations: 4,000+
Vulnerability:: SQL Injection
Patched in Version:: 6.4.4
Severity Score:: High
CVE:: 2024-34386

Plugin:: All Bootstrap Blocks
Plugin Slug:: all-bootstrap-blocks
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.16
Severity Score:: Medium
CVE:: 2024-35169

Plugin:: Mihdan: Yandex Turbo Feed
Plugin Slug:: mihdan-yandex-turbo-feed
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.6
Severity Score:: Medium
CVE:: 2024-4411

Plugin:: Move Addons for Elementor
Plugin Slug:: move-addons
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.1
Severity Score:: Medium
CVE:: 2024-34562

Plugin:: Shared Files � Advanced File Sharing & Download Manager with Frontend Uploads & Lead Generation
Plugin Slug:: shared-files
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.7.20
Severity Score:: Medium
CVE:: 2024-34438

Plugin:: WooCommerce Wishlist (High customization, fast setup,Free Elementor Wishlist, most features)
Plugin Slug:: smart-wishlist-for-more-convert
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.7.9
Severity Score:: Medium
CVE:: 2024-34813

Plugin:: WooCommerce Wishlist (High customization, fast setup,Free Elementor Wishlist, most features)
Plugin Slug:: smart-wishlist-for-more-convert
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.7.3
Severity Score:: Medium
CVE:: 2024-34819

Plugin:: iPages Flipbook For WordPress
Plugin Slug:: ipages-flipbook
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.5.2
Severity Score:: Medium
CVE:: 2024-4744

Plugin:: ShopBuilder � Elementor WooCommerce Builder Addons
Plugin Slug:: shopbuilder
Installations: 2,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.1.9
Severity Score:: Medium
CVE:: 2024-34812

Plugin:: Zotpress
Plugin Slug:: zotpress
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.3.10
Severity Score:: Medium
CVE:: 2024-34569

Plugin:: Academy LMS � eLearning and online course solution for WordPress
Plugin Slug:: academy
Installations: 1,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.9.26
Severity Score:: Medium
CVE:: 2024-35171

Plugin:: Arigato Autoresponder and Newsletter
Plugin Slug:: bft-autoresponder
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.7.2.4
Severity Score:: Medium
CVE:: 2024-34823

Plugin:: Church Admin
Plugin Slug:: church-admin
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 4.2.0
Severity Score:: Medium
CVE:: 2024-34828

Plugin:: Contact List � Premium Staff Listing, Business Directory & Address Book
Plugin Slug:: contact-list
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.9.88
Severity Score:: Medium
CVE:: 2024-34821

Plugin:: Falang multilanguage for WordPress
Plugin Slug:: falang
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.50
Severity Score:: Medium
CVE:: 2024-4417

Plugin:: Ghost
Plugin Slug:: ghost
Installations: 1,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.5.0
Severity Score:: High
CVE:: 2024-34559

Plugin:: Gold Addons for Elementor
Plugin Slug:: gold-addons-for-elementor
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.0
Severity Score:: Medium
CVE:: 2024-34563

Plugin:: Dynamics 365 Integration
Plugin Slug:: integration-dynamics
Installations: 1,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.3.18
Severity Score:: Medium
CVE:: 2024-34550

Plugin:: Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms
Plugin Slug:: integration-for-contact-form-7-and-pipedrive
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.2.1
Severity Score:: Medium
CVE:: 2024-34817

Plugin:: SKT Addons for Elementor
Plugin Slug:: skt-addons-for-elementor
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.9
Severity Score:: Medium
CVE:: 2024-34445

Plugin:: SKT Addons for Elementor
Plugin Slug:: skt-addons-for-elementor
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.9
Severity Score:: Medium
CVE:: 2024-34436

Plugin:: Squelch Tabs and Accordions Shortcodes
Plugin Slug:: squelch-tabs-and-accordions-shortcodes
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 0.4.8
Severity Score:: Medium
CVE:: 2024-4463

Plugin:: Counter Up � Animated Number Counter & Milestone Showcase
Plugin Slug:: wp-counter-up
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.3.0
Severity Score:: Medium
CVE:: 2024-34564

Plugin:: WP Discourse
Plugin Slug:: wp-discourse
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.5.2
Severity Score:: Medium
CVE:: 2024-35168

Plugin:: WPCal.io � Easy Meeting Scheduler
Plugin Slug:: wpcal
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 0.9.5.9
Severity Score:: Medium
CVE:: 2024-34816

Plugin:: Barcode Scanner and Inventory manager. POS (Point of Sale) � scan barcodes & create orders with barcode reader.
Plugin Slug:: barcode-scanner-lite-pos-to-manage-products-inventory-and-orders
Installations: 800+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.5.5
Severity Score:: Medium
CVE:: 2024-34557

Plugin:: Barcode Scanner and Inventory manager. POS (Point of Sale) � scan barcodes & create orders with barcode reader.
Plugin Slug:: barcode-scanner-lite-pos-to-manage-products-inventory-and-orders
Installations: 800+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.5.5
Severity Score:: Medium
CVE:: 2024-34556