WordPress Vulnerability Report � May 22, 2024

In this report, 153 vulnerabilities have been publicly disclosed. Security patches for 119 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 34 plugin and themes vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

WordPress Core

WordPress 6.5.3 was released on May 7, 2024, as a short-cycle maintenance release. This release features 12 bug fixes on Core and 9 bug fixes for the Block editor.

The next major release will be version 6.6 planned for July 2024.

WordPress Plugins � 109 Patched / 33 Unpatched

Plugin:: Clearfy Cache � WordPress optimization plugin, Minify HTML, CSS & JS, Defer
Plugin Slug:: clearfy
Installations: 80,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-34806

Plugin:: Tagembed: Embed Twitter Feed, Google Reviews, YouTube Videos, TikTok, RSS Feed & More Social Media Feeds
Plugin Slug:: tagembed-widget
Installations: 8,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-34804

Plugin:: Popup Maker � Responsive popup, Exit Intent Pop up, Email Optins, Autoresponder & More
Plugin Slug:: popup-maker-wp
Installations: 7,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-34770

Plugin:: reCAPTCHA Jetpack
Plugin Slug:: recaptcha-jetpack
Installations: 700+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-3941

Plugin:: reCAPTCHA Jetpack
Plugin Slug:: recaptcha-jetpack
Installations: 700+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-3940

Plugin:: UnGallery
Plugin Slug:: ungallery
Installations: 50+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-3582

Plugin:: Add Custom CSS and JS
Plugin Slug:: add-custom-css-and-js
Installations: 10+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-3903

Plugin:: WP Stacker
Plugin Slug:: wp-stacker
Installations: 10+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-5003

Plugin:: AdFoxly � Ad Manager, AdSense Ads & Ads.txt
Plugin Slug:: adfoxly
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-34802

Plugin:: Base64 Encoder/Decoder
Plugin Slug:: base64-encoderdecoder
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-3824

Plugin:: Base64 Encoder/Decoder
Plugin Slug:: base64-encoderdecoder
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-3823

Plugin:: Base64 Encoder/Decoder
Plugin Slug:: base64-encoderdecoder
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-3822

Plugin:: Crafthemes Demo Import
Plugin Slug:: crafthemes-demo-import
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-34800

Plugin:: Dextaz Ping
Plugin Slug:: dextaz-ping
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-34792

Plugin:: Elegant Blocks
Plugin Slug:: elegant-blocks
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-34769

Plugin:: Fast Custom Social Share by CodeBard
Plugin Slug:: fast-custom-social-share-by-codebard
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-34807

Plugin:: HL Twitter
Plugin Slug:: hl-twitter
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-3630

Plugin:: HL Twitter
Plugin Slug:: hl-twitter
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-3629

Plugin:: LetterPress
Plugin Slug:: letterpress
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-3590

Plugin:: Newsletter Popup
Plugin Slug:: newsletter-popup
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-3644

Plugin:: Popup4Phone
Plugin Slug:: popup4phone
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-3580

Plugin:: Popup4Phone
Plugin Slug:: popup4phone
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-3231

Plugin:: PopupAlly
Plugin Slug:: popupally
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-34796

Plugin:: Praison SEO WordPress
Plugin Slug:: seo-wordpress
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-34801

Plugin:: Simple Popup Manager
Plugin Slug:: simple-popup-manager
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-34797

Plugin:: SP Project & Document Manager
Plugin Slug:: sp-client-document-manager
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-3748

Plugin:: SP Project & Document Manager
Plugin Slug:: sp-client-document-manager
Vulnerability:: Directory Traversal
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-1693

Plugin:: Tainacan
Plugin Slug:: tainacan
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-34795

Plugin:: Tainacan
Plugin Slug:: tainacan
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-34794

Plugin:: WP Backpack
Plugin Slug:: wp-backpack
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-4756

Plugin:: WP Next Post Navi
Plugin Slug:: wp-next-post-navi
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-34793

Plugin:: WP Prayer
Plugin Slug:: wp-prayer
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-3405

Plugin:: WPB Elementor Addons
Plugin Slug:: wpb-elementor-addons
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-34791

Plugin:: Elementor Website Builder � More than Just a Page Builder
Plugin Slug:: elementor
Installations: 5,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.21.6
Severity Score:: Medium
CVE:: 2024-4619

Plugin:: Yoast SEO
Plugin Slug:: wordpress-seo
Installations: 5,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 22.7
Severity Score:: Medium
CVE:: 2024-4984

Plugin:: Jetpack � WP Security, Backup, Speed, & Growth
Plugin Slug:: jetpack
Installations: 4,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 13.4
Severity Score:: Medium
CVE:: 2024-4392

Plugin:: Essential Addons for Elementor � Best Elementor Templates, Widgets, Kits & WooCommerce Builders
Plugin Slug:: essential-addons-for-elementor-lite
Installations: 2,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.9.16
Severity Score:: Medium
CVE:: 2024-34764

Plugin:: Essential Addons for Elementor � Best Elementor Templates, Widgets, Kits & WooCommerce Builders
Plugin Slug:: essential-addons-for-elementor-lite
Installations: 2,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.9.21
Severity Score:: Medium
CVE:: 2024-4624

Plugin:: Rank Math SEO with AI Best SEO Tools
Plugin Slug:: seo-by-rank-math
Installations: 2,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.219-beta
Severity Score:: Medium
CVE:: 2024-4617

Plugin:: Elementor Header & Footer Builder
Plugin Slug:: header-footer-elementor
Installations: 1,000,000+
Vulnerability:: Content Injection
Patched in Version:: 1.6.27
Severity Score:: Medium
CVE:: 2024-2619

Plugin:: Elementor Header & Footer Builder
Plugin Slug:: header-footer-elementor
Installations: 1,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.29
Severity Score:: Medium
CVE:: 2024-4634

Plugin:: Page Builder by SiteOrigin
Plugin Slug:: siteorigin-panels
Installations: 700,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.29.16
Severity Score:: Medium
CVE:: 2024-4361

Plugin:: The Events Calendar
Plugin Slug:: the-events-calendar
Installations: 700,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.4.0.1
Severity Score:: High
CVE:: 2024-4180

Plugin:: WP Shortcodes Plugin � Shortcodes Ultimate
Plugin Slug:: shortcodes-ultimate
Installations: 600,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.1.6
Severity Score:: Medium
CVE:: 2024-4553

Plugin:: WP Shortcodes Plugin � Shortcodes Ultimate
Plugin Slug:: shortcodes-ultimate
Installations: 600,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.1.2
Severity Score:: Medium
CVE:: 2024-3548

Plugin:: NextGEN Gallery � Create an Amazing Photo Gallery in Seconds
Plugin Slug:: nextgen-gallery
Installations: 500,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.59.1
Severity Score:: Medium
CVE:: 2024-2744

Plugin:: Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder
Plugin Slug:: fluentform
Installations: 400,000+
Vulnerability:: Privilege Escalation
Patched in Version:: 5.1.17
Severity Score:: Critical
CVE:: 2024-2771

Plugin:: Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder
Plugin Slug:: fluentform
Installations: 400,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.1.17
Severity Score:: High
CVE:: 2024-2782

Plugin:: Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder
Plugin Slug:: fluentform
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.1.14
Severity Score:: Medium
CVE:: 2024-2772

Plugin:: Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder
Plugin Slug:: fluentform
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.1.17
Severity Score:: Medium
CVE:: 2024-4709

Plugin:: Happy Addons for Elementor
Plugin Slug:: happy-elementor-addons
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.10.9
Severity Score:: Medium
CVE:: 2024-4865

Plugin:: Happy Addons for Elementor
Plugin Slug:: happy-elementor-addons
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.10.8
Severity Score:: Medium
CVE:: 2024-4478

Plugin:: Gutenberg Blocks with AI by Kadence WP � Page Builder Features
Plugin Slug:: kadence-blocks
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.37
Severity Score:: Medium
CVE:: 2024-4057

Plugin:: Gutenberg Blocks with AI by Kadence WP � Page Builder Features
Plugin Slug:: kadence-blocks
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.38
Severity Score:: Medium
CVE:: 2024-3189

Plugin:: Password Protected � Ultimate Plugin to Protect WordPress Site, Pages & WooCommerce Store
Plugin Slug:: password-protected
Installations: 400,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.6.7
Severity Score:: Medium
CVE:: 2024-0437

Plugin:: Royal Elementor Addons and Templates
Plugin Slug:: royal-elementor-addons
Installations: 300,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.975
Severity Score:: Medium
CVE:: 2024-3887

Plugin:: Menu Icons by ThemeIsle
Plugin Slug:: menu-icons
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 0.13.14
Severity Score:: Medium
CVE:: 2024-4635

Plugin:: Image Optimization by Optimole � Lazy Load, CDN, Convert WebP & AVIF
Plugin Slug:: optimole-wp
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.13.0
Severity Score:: Medium
CVE:: 2024-4636

Plugin:: Essential Blocks � Page Builder Gutenberg Blocks, Patterns & Templates
Plugin Slug:: essential-blocks
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.5.13
Severity Score:: Medium
CVE:: 2024-4891

Plugin:: GiveWP � Donation Plugin and Fundraising Platform
Plugin Slug:: give
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.11.0
Severity Score:: Medium
CVE:: 2024-3714

Plugin:: HT Mega � Absolute Addons For Elementor
Plugin Slug:: ht-mega-for-elementor
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.5.3
Severity Score:: Medium
CVE:: 2024-4876

Plugin:: HT Mega � Absolute Addons For Elementor
Plugin Slug:: ht-mega-for-elementor
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.5.3
Severity Score:: Medium
CVE:: 2024-4875

Plugin:: ShopLentor � WooCommerce Builder for Elementor & Gutenberg +12 Modules � All in One Solution (formerly WooLentor)
Plugin Slug:: woolentor-addons
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.8.9
Severity Score:: Medium
CVE:: 2024-3345

Plugin:: ShopLentor � WooCommerce Builder for Elementor & Gutenberg +12 Modules � All in One Solution (formerly WooLentor)
Plugin Slug:: woolentor-addons
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.8.9
Severity Score:: High
CVE:: 2024-4566

Plugin:: ShopLentor � WooCommerce Builder for Elementor & Gutenberg +12 Modules � All in One Solution (formerly WooLentor)
Plugin Slug:: woolentor-addons
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.8.8
Severity Score:: Medium
CVE:: 2024-34767

Plugin:: Email Subscribers by Icegram Express � Email Marketing, Newsletters, Automation for WordPress & WooCommerce
Plugin Slug:: email-subscribers
Installations: 90,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.7.20
Severity Score:: High
CVE:: 2024-4010

Plugin:: iframe
Plugin Slug:: iframe
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.1
Severity Score:: Medium
CVE:: 2024-34805

Plugin:: Master Slider � Responsive Touch Slider
Plugin Slug:: master-slider
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.9.10
Severity Score:: Medium
CVE:: 2024-4470

Plugin:: Import and export users and customers
Plugin Slug:: import-users-from-csv-with-meta
Installations: 80,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.26.7
Severity Score:: Medium
CVE:: 2024-4656

Plugin:: Post and Page Builder by BoldGrid � Visual Drag and Drop Editor
Plugin Slug:: post-and-page-builder
Installations: 80,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.26.5
Severity Score:: Medium
CVE:: 2024-4400

Plugin:: Sydney Toolbox
Plugin Slug:: sydney-toolbox
Installations: 80,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.32
Severity Score:: Medium
CVE:: 2024-4473

Plugin:: Tutor LMS � eLearning and online course solution
Plugin Slug:: tutor
Installations: 80,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.7.1
Severity Score:: High
CVE:: 2024-4223

Plugin:: Tutor LMS � eLearning and online course solution
Plugin Slug:: tutor
Installations: 80,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 2.7.1
Severity Score:: Medium
CVE:: 2024-4279

Plugin:: Tutor LMS � eLearning and online course solution
Plugin Slug:: tutor
Installations: 80,000+
Vulnerability:: SQL Injection
Patched in Version:: 2.7.1
Severity Score:: High
CVE:: 2024-4318

Plugin:: Visual Portfolio, Photo Gallery & Post Grid
Plugin Slug:: visual-portfolio
Installations: 70,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.3.3
Severity Score:: Medium
CVE:: 2024-4363

Plugin:: Exclusive Addons for Elementor
Plugin Slug:: exclusive-addons-for-elementor
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.9.7
Severity Score:: Medium
CVE:: 2024-4618

Plugin:: WP Table Builder � WordPress Table Plugin
Plugin Slug:: wp-table-builder
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4.15
Severity Score:: Medium
CVE:: 2024-4700

Plugin:: Order Export & Order Import for WooCommerce
Plugin Slug:: order-import-export-for-woocommerce
Installations: 50,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 2.5.0
Severity Score:: Medium
CVE:: 2024-34751

Plugin:: Ultimate Blocks � WordPress Blocks Plugin
Plugin Slug:: ultimate-blocks
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1.7
Severity Score:: Medium
CVE:: 2024-3241

Plugin:: DethemeKit For Elementor
Plugin Slug:: dethemekit-for-elementor
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.4
Severity Score:: Medium
CVE:: 2024-4374

Plugin:: DethemeKit For Elementor
Plugin Slug:: dethemekit-for-elementor
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.3
Severity Score:: Medium
CVE:: 2024-34575

Plugin:: Piotnet Addons For Elementor
Plugin Slug:: piotnet-addons-for-elementor
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.28
Severity Score:: Medium
CVE:: 2024-4432

Plugin:: Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel � Combo Blocks
Plugin Slug:: post-grid
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.81
Severity Score:: Medium
CVE:: 2024-3155

Plugin:: Master Addons � Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor
Plugin Slug:: master-addons
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.6.1
Severity Score:: Medium
CVE:: 2024-3134

Plugin:: Appointment Booking Calendar � Simply Schedule Appointments Booking Plugin
Plugin Slug:: simply-schedule-appointments
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.7.18
Severity Score:: Medium
CVE:: 2024-4288

Plugin:: Visualizer: Tables and Charts Manager for WordPress
Plugin Slug:: visualizer
Installations: 30,000+
Vulnerability:: SQL Injection
Patched in Version:: 3.11.0
Severity Score:: High
CVE:: 2024-3750

Plugin:: All-in-One Video Gallery
Plugin Slug:: all-in-one-video-gallery
Installations: 20,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 3.7.0
Severity Score:: High
CVE:: 2024-4670

Plugin:: Envo Extra
Plugin Slug:: envo-extra
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8.17
Severity Score:: Medium
CVE:: 2024-4385

Plugin:: Logo Slider � Logo Carousel, Logo Showcase & Client Logo Slider WordPress Plugin
Plugin Slug:: logo-slider-wp
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.0.0
Severity Score:: Medium
CVE:: 2024-3288

Plugin:: Post Grid Elementor Addon
Plugin Slug:: post-grid-elementor-addon
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.17
Severity Score:: Medium
CVE:: 2024-34789

Plugin:: WPZOOM Addons for Elementor (Templates, Widgets)
Plugin Slug:: wpzoom-elementor-addons
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.37
Severity Score:: Medium
CVE:: 2024-4370

Plugin:: BookingPress � Appointment Booking Calendar Plugin and Online Scheduling Plugin
Plugin Slug:: bookingpress-appointment-booking
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.0.83
Severity Score:: Medium
CVE:: 2024-34799

Plugin:: Mega Elements � Addons for Elementor
Plugin Slug:: mega-elements-addons-for-elementor
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.2
Severity Score:: Medium
CVE:: 2024-4702

Plugin:: Landing Page Builder � Coming Soon page, Maintenance Mode, Lead Page, WordPress Landing Pages
Plugin Slug:: page-builder-add
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.1.9
Severity Score:: High
CVE:: 2024-34752

Plugin:: ReviewX � Multi-criteria Rating & Reviews for WooCommerce
Plugin Slug:: reviewx
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.6.28
Severity Score:: Medium
CVE:: 2024-3609

Plugin:: Simple Basic Contact Form
Plugin Slug:: simple-basic-contact-form
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 20240511
Severity Score:: Medium
CVE:: 2024-4144

Plugin:: 140+ Widgets | Best Addons For Elementor � FREE
Plugin Slug:: xpro-elementor-addons
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4.3.1
Severity Score:: Medium
CVE:: 2024-4440

Plugin:: YITH WooCommerce Gift Cards
Plugin Slug:: yith-woocommerce-gift-cards
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.13.0
Severity Score:: Medium
CVE:: 2024-0870

Plugin:: Alt Text AI � Automatically generate image alt text for SEO and accessibility
Plugin Slug:: alttext-ai
Installations: 9,000+
Vulnerability:: SQL Injection
Patched in Version:: 1.5.0
Severity Score:: High
CVE:: 2024-4847

Plugin:: WP SMS � Messaging, SMS & MMS Notifications, 2FA & OTP for WordPress, WooCommerce, GravityForms, etc
Plugin Slug:: wp-sms
Installations: 9,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.5.2
Severity Score:: Medium
CVE:: 2024-34811

Plugin:: VikBooking Hotel Booking Engine & PMS
Plugin Slug:: vikbooking
Installations: 8,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 1.6.8
Severity Score:: Medium
CVE:: 2024-2441

Plugin:: Integration for HubSpot and Contact Form 7, WPForms, Elementor, Ninja Forms
Plugin Slug:: cf7-hubspot
Installations: 7,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.3.2
Severity Score:: Medium
CVE:: 2024-34756

Plugin:: WP Compress � Image Optimizer [All-In-One]
Plugin Slug:: wp-compress-image-optimizer
Installations: 7,000+
Vulnerability:: Broken Access Control
Patched in Version:: 6.20.02
Severity Score:: Medium
CVE:: 2024-4445

Plugin:: WP Compress � Image Optimizer [All-In-One]
Plugin Slug:: wp-compress-image-optimizer
Installations: 7,000+
Vulnerability:: Open Redirection
Patched in Version:: 6.20.02
Severity Score:: Medium
CVE:: 2023-6812

Plugin:: Borderless � Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg
Plugin Slug:: borderless
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.4
Severity Score:: Medium
CVE:: 2024-34757

Plugin:: Borderless � Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg
Plugin Slug:: borderless
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.4
Severity Score:: Medium
CVE:: 2024-4666

Plugin:: JCH Optimize
Plugin Slug:: jch-optimize
Installations: 6,000+
Vulnerability:: Path Traversal
Patched in Version:: 4.2.1
Severity Score:: Medium
CVE:: 2024-34808

Plugin:: Radio Player � Live Shoutcast, Icecast and Any Audio Stream Player for WordPress
Plugin Slug:: radio-player
Installations: 6,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.0.74
Severity Score:: Medium
CVE:: 2024-34753

Plugin:: Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library )
Plugin Slug:: magical-addons-for-elementor
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.38
Severity Score:: Medium
CVE:: 2024-2923

Plugin:: Magazine Blocks � Blog Designer, Magazine & Newspaper Website Builder, Page Builder with Posts Blocks, Post Grid
Plugin Slug:: magazine-blocks
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.7
Severity Score:: Medium
CVE:: 2024-34760

Plugin:: Move Addons for Elementor
Plugin Slug:: move-addons
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.2
Severity Score:: Medium
CVE:: 2024-4695

Plugin:: YouTube Video Gallery by YouTube Showcase � Video Gallery Plugin for WordPress
Plugin Slug:: youtube-showcase
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.4.0
Severity Score:: Medium
CVE:: 2024-3268

Plugin:: Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms
Plugin Slug:: cf7-salesforce
Installations: 2,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.4.0
Severity Score:: Medium
CVE:: 2024-34755

Plugin:: Debug Log � Manger Tool
Plugin Slug:: debug-log-config-tool
Installations: 2,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.5
Severity Score:: Medium
CVE:: 2024-34798

Plugin:: FundEngine � Donation and Crowdfunding Platform
Plugin Slug:: wp-fundraising-donation
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.7.0
Severity Score:: Medium
CVE:: 2024-34758

Plugin:: Kognetiks Chatbot for WordPress
Plugin Slug:: chatbot-chatgpt
Installations: 1,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 2.0.1
Severity Score:: Critical
CVE:: 2024-32700

Plugin:: Copymatic � AI Content Writer & Generator
Plugin Slug:: copymatic
Installations: 1,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 1.7
Severity Score:: Critical
CVE:: 2024-31351

Plugin:: Custom Post Type Attachment
Plugin Slug:: custom-post-type-pdf-attachment
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.4.6
Severity Score:: Medium
CVE:: 2024-4546

Plugin:: Fastly
Plugin Slug:: fastly
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.2.26
Severity Score:: Medium
CVE:: 2024-34803

Plugin:: Fastly
Plugin Slug:: fastly
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.2.26
Severity Score:: Medium
CVE:: 2024-34768

Plugin:: Contact Form Widget � Contact Query, Contact Page, Form Maker, Query Table
Plugin Slug:: new-contact-form-widget
Installations: 1,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.4.0
Severity Score:: Medium
CVE:: 2024-34754