Nexcess.com Servers.com LiquidWeb.com

Line illustration showing a black application window on a dark orange to black gradient background overlaid with a large exclamation point alert icon and three bugs.

WordPress Vulnerability Report � May 29, 2024

In this report, 119 vulnerabilities have been publicly disclosed. Security patches for 87 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 32 plugin vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

WordPress Core

WordPress 6.5.3 was released on May 7, 2024, as a short-cycle maintenance release. This release features 12 bug fixes on Core and 9 bug fixes for the Block editor.

WordPress Plugins � 86 Patched / 32 Unpatched

Plugin:: Photo Gallery by 10Web � Mobile-Friendly Image Gallery
Plugin Slug:: photo-gallery
Installations: 200,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-35628

Plugin:: Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms
Plugin Slug:: cf7-constant-contact
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-35632

Plugin:: Business Card
Plugin Slug:: business-card-by-esterox-100
Installations: 10+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-4529

Plugin:: KKProgressbar2 Free � advanced progress bars
Plugin Slug:: kkprogressbar
Installations: 10+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-4535

Plugin:: KKProgressbar2 Free � advanced progress bars
Plugin Slug:: kkprogressbar
Installations: 10+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-4534

Plugin:: KKProgressbar2 Free � advanced progress bars
Plugin Slug:: kkprogressbar
Installations: 10+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-4533

Plugin:: WP Stacker
Plugin Slug:: wp-stacker
Installations: 10+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-5003

Plugin:: AdFoxly � Ad Manager, AdSense Ads & Ads.txt
Plugin Slug:: adfoxly
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-34802

Plugin:: ApplyOnline � Application Form Builder and Manager
Plugin Slug:: apply-online
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-2036

Plugin:: Automatic Translator with Auto Translate
Plugin Slug:: auto-translate
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-0632

Plugin:: Button contact VR
Plugin Slug:: button-contact-vr
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-2220

Plugin:: Crafthemes Demo Import
Plugin Slug:: crafthemes-demo-import
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-34800

Plugin:: Dextaz Ping
Plugin Slug:: dextaz-ping
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-34792

Plugin:: Easy Digital Downloads � Recent Purchases
Plugin Slug:: edd-recent-purchases
Vulnerability:: Remote File Inclusion
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-35629

Plugin:: Elegant Addons for elementor
Plugin Slug:: elegant-addons-for-elementor
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-3066

Plugin:: Flattr
Plugin Slug:: flattr
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-3920

Plugin:: LuckyWP Table of Contents
Plugin Slug:: luckywp-table-of-contents
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2023-6487

Plugin:: LuckyWP Table of Contents
Plugin Slug:: luckywp-table-of-contents
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-2953

Plugin:: LuckyWP Table of Contents
Plugin Slug:: luckywp-table-of-contents
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-2119

Plugin:: Opal Estate Pro
Plugin Slug:: opal-estate-pro
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-3666

Plugin:: PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode
Plugin Slug:: paypal-pay-buy-donation-and-cart-buttons-shortcode
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-3065

Plugin:: Pet Manager
Plugin Slug:: pet-manager
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-3917

Plugin:: Sailthru Triggermail
Plugin Slug:: sailthru-triggermail
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-4290

Plugin:: Sailthru Triggermail
Plugin Slug:: sailthru-triggermail
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-4289

Plugin:: Praison SEO WordPress
Plugin Slug:: seo-wordpress
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-34801

Plugin:: Simple Popup Manager
Plugin Slug:: simple-popup-manager
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-34797

Plugin:: Toolbar Extras for Elementor & More
Plugin Slug:: toolbar-extras
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-3611

Plugin:: Woocommerce � Recent Purchases
Plugin Slug:: woo-recent-purchases
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-35634

Plugin:: WP Backpack
Plugin Slug:: wp-backpack
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-4756

Plugin:: WP Font Awesome Share Icons
Plugin Slug:: wp-font-awesome-share-icons
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-3198

Plugin:: WP Next Post Navi
Plugin Slug:: wp-next-post-navi
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-34793

Plugin:: WP Scraper
Plugin Slug:: wp-scraper
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-3663

Plugin:: Elementor Website Builder � More than Just a Page Builder
Plugin Slug:: elementor
Installations: 10,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.21.6
Severity Score:: Medium
CVE:: 2024-4619

Plugin:: Elementor Header & Footer Builder
Plugin Slug:: header-footer-elementor
Installations: 1,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.26.1
Severity Score:: Medium
CVE:: 2024-2618

Plugin:: Popup Builder by OptinMonster � WordPress Popups for Optins, Email Newsletters and Lead Generation
Plugin Slug:: optinmonster
Installations: 1,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.16.2
Severity Score:: Medium
CVE:: 2024-4045

Plugin:: WP Fastest Cache
Plugin Slug:: wp-fastest-cache
Installations: 1,000,000+
Vulnerability:: Arbitrary File Deletion
Patched in Version:: 1.2.7
Severity Score:: High
CVE:: 2024-4347

Plugin:: Premium Addons for Elementor
Plugin Slug:: premium-addons-for-elementor
Installations: 700,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.10.32
Severity Score:: Medium
CVE:: 2024-4378

Plugin:: Page Builder by SiteOrigin
Plugin Slug:: siteorigin-panels
Installations: 700,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.29.16
Severity Score:: Medium
CVE:: 2024-4361

Plugin:: Spectra � WordPress Gutenberg Blocks
Plugin Slug:: ultimate-addons-for-gutenberg
Installations: 700,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.13.1
Severity Score:: Medium
CVE:: 2024-4366

Plugin:: Spectra � WordPress Gutenberg Blocks
Plugin Slug:: ultimate-addons-for-gutenberg
Installations: 700,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.12.9
Severity Score:: Medium
CVE:: 2024-1814

Plugin:: WP Shortcodes Plugin � Shortcodes Ultimate
Plugin Slug:: shortcodes-ultimate
Installations: 600,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.1.6
Severity Score:: Medium
CVE:: 2024-4553

Plugin:: SiteOrigin Widgets Bundle
Plugin Slug:: so-widgets-bundle
Installations: 600,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.61.0
Severity Score:: Medium
CVE:: 2024-4362

Plugin:: Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder
Plugin Slug:: fluentform
Installations: 400,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 5.1.16
Severity Score:: High
CVE:: 2024-4157

Plugin:: WP Go Maps (formerly WP Google Maps)
Plugin Slug:: wp-google-maps
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 9.0.37
Severity Score:: Medium
CVE:: 2024-3557

Plugin:: Unlimited Elements For Elementor (Free Widgets, Addons, Templates)
Plugin Slug:: unlimited-elements-for-elementor
Installations: 200,000+
Vulnerability:: SQL Injection
Patched in Version:: 1.5.108
Severity Score:: High
CVE:: 2024-4779

Plugin:: Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content � ProfilePress
Plugin Slug:: wp-user-avatar
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.15.9
Severity Score:: Medium
CVE:: 2024-2861

Plugin:: Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)
Plugin Slug:: bdthemes-element-pack-lite
Installations: 100,000+
Vulnerability:: Bypass Vulnerability
Patched in Version:: 5.6.4
Severity Score:: Medium
CVE:: 2024-3927

Plugin:: Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)
Plugin Slug:: bdthemes-element-pack-lite
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.6.2
Severity Score:: Medium
CVE:: 2024-3926

Plugin:: HT Mega � Absolute Addons For Elementor
Plugin Slug:: ht-mega-for-elementor
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.5.3
Severity Score:: Medium
CVE:: 2024-4876

Plugin:: HT Mega � Absolute Addons For Elementor
Plugin Slug:: ht-mega-for-elementor
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.5.3
Severity Score:: Medium
CVE:: 2024-4875

Plugin:: Social Icons Widget & Block by WPZOOM
Plugin Slug:: social-icons-widget-by-wpzoom
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.2.18
Severity Score:: Medium
CVE:: 2024-2189

Plugin:: The Plus Addons for Elementor � Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce
Plugin Slug:: the-plus-addons-for-elementor-page-builder
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.5.5
Severity Score:: Medium
CVE:: 2024-3718

Plugin:: ShopLentor � WooCommerce Builder for Elementor & Gutenberg +12 Modules � All in One Solution (formerly WooLentor)
Plugin Slug:: woolentor-addons
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.8.9
Severity Score:: Medium
CVE:: 2024-3345

Plugin:: ShopLentor � WooCommerce Builder for Elementor & Gutenberg +12 Modules � All in One Solution (formerly WooLentor)
Plugin Slug:: woolentor-addons
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.8.9
Severity Score:: High
CVE:: 2024-4566

Plugin:: EmbedPress � Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor
Plugin Slug:: embedpress
Installations: 90,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.9.13
Severity Score:: Medium
CVE:: 2024-1803

Plugin:: LearnPress � WordPress LMS Plugin
Plugin Slug:: learnpress
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.2.6.7
Severity Score:: Medium
CVE:: 2024-4971

Plugin:: Master Slider � Responsive Touch Slider
Plugin Slug:: master-slider
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.9.10
Severity Score:: Medium
CVE:: 2024-4470

Plugin:: Brizy � Page Builder
Plugin Slug:: brizy
Installations: 80,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.4.44
Severity Score:: Medium
CVE:: 2024-3711

Plugin:: Email Log
Plugin Slug:: email-log
Installations: 80,000+
Vulnerability:: Other Vulnerability Type
Patched in Version:: 2.4.9
Severity Score:: High
CVE:: 2024-0867

Plugin:: Media Library Assistant
Plugin Slug:: media-library-assistant
Installations: 70,000+
Vulnerability:: SQL Injection
Patched in Version:: 3.16
Severity Score:: High
CVE:: 2024-3518

Plugin:: Media Library Assistant
Plugin Slug:: media-library-assistant
Installations: 70,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.16
Severity Score:: High
CVE:: 2024-3519

Plugin:: wpDataTables � WordPress Data Table, Dynamic Tables & Table Charts Plugin
Plugin Slug:: wpdatatables
Installations: 70,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.4.2.14
Severity Score:: High
CVE:: 2024-4895

Plugin:: YITH WooCommerce Ajax Search
Plugin Slug:: yith-woocommerce-ajax-search
Installations: 70,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.1
Severity Score:: High
CVE:: 2024-4455

Plugin:: Advanced iFrame
Plugin Slug:: advanced-iframe
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2024.4
Severity Score:: Medium
CVE:: 2024-4365

Plugin:: WP Table Builder � WordPress Table Plugin
Plugin Slug:: wp-table-builder
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4.15
Severity Score:: Medium
CVE:: 2024-4700

Plugin:: Carousel Slider
Plugin Slug:: carousel-slider
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.11
Severity Score:: Medium
CVE:: 2024-4372

Plugin:: Ditty � Responsive News Tickers, Sliders, and Lists
Plugin Slug:: ditty-news-ticker
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1.36
Severity Score:: Medium
CVE:: 2024-3939

Plugin:: Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel � Combo Blocks
Plugin Slug:: post-grid
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.81
Severity Score:: Medium
CVE:: 2024-3155

Plugin:: FV Flowplayer Video Player
Plugin Slug:: fv-wordpress-flowplayer
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.5.46.7212
Severity Score:: High
CVE:: 2024-35631

Plugin:: Reviews and Rating � Google Reviews
Plugin Slug:: g-business-reviews-rating
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.3
Severity Score:: Medium
CVE:: 2024-5218

Plugin:: Logo Slider � Logo Carousel, Logo Showcase & Client Logo Slider WordPress Plugin
Plugin Slug:: logo-slider-wp
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.0.0
Severity Score:: Medium
CVE:: 2024-3288

Plugin:: ND Shortcodes
Plugin Slug:: nd-shortcodes
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.6
Severity Score:: Medium
CVE:: 2024-5220

Plugin:: WP DSGVO Tools (GDPR)
Plugin Slug:: shapepress-dsgvo
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1.33
Severity Score:: Medium
CVE:: 2024-3201

Plugin:: ShareThis Share Buttons
Plugin Slug:: sharethis-share-buttons
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.3.1
Severity Score:: Medium
CVE:: 2024-3648

Plugin:: WPZOOM Addons for Elementor (Templates, Widgets)
Plugin Slug:: wpzoom-elementor-addons
Installations: 20,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 1.1.38
Severity Score:: Critical
CVE:: 2024-5147

Plugin:: BookingPress � Appointment Booking Calendar Plugin and Online Scheduling Plugin
Plugin Slug:: bookingpress-appointment-booking
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.0.83
Severity Score:: Medium
CVE:: 2024-34799

Plugin:: Business Directory Plugin � Easy Listing Directories for WordPress
Plugin Slug:: business-directory-plugin
Installations: 10,000+
Vulnerability:: SQL Injection
Patched in Version:: 6.4.3
Severity Score:: Critical
CVE:: 2024-4443

Plugin:: LA-Studio Element Kit for Elementor
Plugin Slug:: lastudio-element-kit
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.8
Severity Score:: Medium
CVE:: 2024-4431

Plugin:: WP Photo Album Plus
Plugin Slug:: wp-photo-album-plus
Installations: 10,000+
Vulnerability:: Content Injection
Patched in Version:: 8.7.00.004
Severity Score:: Medium
CVE:: 2024-4037

Plugin:: WP TripAdvisor Review Slider
Plugin Slug:: wp-tripadvisor-review-slider
Installations: 10,000+
Vulnerability:: SQL Injection
Patched in Version:: 12.7
Severity Score:: High
CVE:: 2024-35630

Plugin:: WordPress + Microsoft Office 365 / Azure AD | LOGIN
Plugin Slug:: wpo365-login
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 28.0
Severity Score:: Medium
CVE:: 2024-4706

Plugin:: 140+ Widgets | Best Addons For Elementor � FREE
Plugin Slug:: xpro-elementor-addons
Installations: 10,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 1.4.3.2
Severity Score:: High
CVE:: 2024-4471

Plugin:: Videojs HTML5 Player
Plugin Slug:: videojs-html5-player
Installations: 9,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.12
Severity Score:: Medium
CVE:: 2024-5205

Plugin:: Awesome Contact Form7 for Elementor
Plugin Slug:: awesome-contact-form7-for-elementor
Installations: 8,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.0
Severity Score:: Medium
CVE:: 2024-4486

Plugin:: Primary Addon for Elementor
Plugin Slug:: primary-addon-for-elementor
Installations: 8,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.6
Severity Score:: Medium
CVE:: 2024-5229

Plugin:: Hash Elements
Plugin Slug:: hash-elements
Installations: 7,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.9
Severity Score:: Medium
CVE:: 2024-5177

Plugin:: Survey Maker � Best WordPress Survey Plugin
Plugin Slug:: survey-maker
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.2.9
Severity Score:: Medium
CVE:: 2024-4061

Plugin:: Testimonial Carousel For Elementor
Plugin Slug:: testimonials-carousel-elementor
Installations: 6,000+
Vulnerability:: Broken Access Control
Patched in Version:: 10.2.1
Severity Score:: Medium
CVE:: 2024-4858

Plugin:: WPCafe � Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce
Plugin Slug:: wp-cafe
Installations: 6,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 2.2.24
Severity Score:: High
CVE:: 2024-1855

Plugin:: WPKoi Templates for Elementor
Plugin Slug:: wpkoi-templates-for-elementor
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.5.11
Severity Score:: Medium
CVE:: 2024-4980

Plugin:: AI ChatBot for WordPress � WPBot
Plugin Slug:: chatbot
Installations: 5,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.3.6
Severity Score:: Medium
CVE:: 2024-0452

Plugin:: WP Ultimate Post Grid
Plugin Slug:: wp-ultimate-post-grid
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.9.2
Severity Score:: Medium
CVE:: 2024-4043

Plugin:: PopupAlly
Plugin Slug:: popupally
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.2
Severity Score:: Medium
CVE:: 2024-34796

Plugin:: Move Addons for Elementor
Plugin Slug:: move-addons
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.2
Severity Score:: Medium
CVE:: 2024-4695

Plugin:: YouTube Video Gallery by YouTube Showcase � Video Gallery Plugin for WordPress
Plugin Slug:: youtube-showcase
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.4.0
Severity Score:: Medium
CVE:: 2024-3268

Plugin:: Debug Log � Manger Tool
Plugin Slug:: debug-log-config-tool
Installations: 2,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.5
Severity Score:: Medium
CVE:: 2024-34798

Plugin:: LottieFiles � JSON Based Animation Lottie & Bodymovin for Elementor
Plugin Slug:: include-lottie-animation-for-elementor
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.10.10
Severity Score:: Medium
CVE:: 2024-5060

Plugin:: Event post
Plugin Slug:: event-post
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.9.5
Severity Score:: Medium
CVE:: 2024-1376

Plugin:: Fastly
Plugin Slug:: fastly
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.2.26
Severity Score:: Medium
CVE:: 2024-34803

Plugin:: Hash Form � Drag & Drop Form Builder
Plugin Slug:: hash-form
Installations: 1,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 1.1.1
Severity Score:: Medium
CVE:: 2024-5085

Plugin:: Hash Form � Drag & Drop Form Builder
Plugin Slug:: hash-form
Installations: 1,000+
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: 1.1.1
Severity Score:: Critical
CVE:: 2024-5084

Plugin:: Tainacan
Plugin Slug:: tainacan
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 0.21.4
Severity Score:: Medium
CVE:: 2024-34795

Plugin:: Tainacan
Plugin Slug:: tainacan
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 0.21.4
Severity Score:: High
CVE:: 2024-34794

Plugin:: Web Directory Free
Plugin Slug:: web-directory-free
Installations: 600+
Vulnerability:: SQL Injection
Patched in Version:: 1.7.0
Severity Score:: Critical
CVE:: 2024-3552

Plugin:: WP-ViperGB
Plugin Slug:: wp-vipergb
Installations: 600+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.6.2
Severity Score:: Medium
CVE:: 2024-4409

Plugin:: Atarim
Plugin Slug:: atarim-visual-collaboration
Vulnerability:: Other Vulnerability Type
Patched in Version:: 3.30
Severity Score:: High
CVE:: 2024-2038

Plugin:: Country State City Dropdown CF7
Plugin Slug:: country-state-city-auto-dropdown
Vulnerability:: SQL Injection
Patched in Version:: 2.7.3
Severity Score:: Critical
CVE:: 2024-3495

Plugin:: ElementsKit Pro
Plugin Slug:: elementskit
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.6.2
Severity Score:: Medium
CVE:: 2024-4452

Plugin:: LayerSlider
Plugin Slug:: layerslider
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.11.1
Severity Score:: Medium
CVE:: 2024-4575

Plugin:: Contact Form & Lead Form Elementor Builder
Plugin Slug:: lead-form-builder
Vulnerability:: Content Injection
Patched in Version:: 1.9.2
Severity Score:: Medium
CVE:: 2024-4261

Plugin:: Memberpress
Plugin Slug:: memberpress
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.11.30
Severity Score:: Medium
CVE:: 2024-5025

Plugin:: Memberpress
Plugin Slug:: memberpress
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 1.11.30
Severity Score:: Medium
CVE:: 2024-5031

Plugin:: Pie Register (Add on) – Social Sites Login
Plugin Slug:: pie-register-social-site
Vulnerability:: Broken Authentication
Patched in Version:: 1.7.8
Severity Score:: Critical
CVE:: 2024-4544

Plugin:: NextScripts
Plugin Slug:: social-networks-auto-poster-facebook-twitter-g
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 4.4.4
Severity Score:: High
CVE:: 2024-2088

Plugin:: NextScripts
Plugin Slug:: social-networks-auto-poster-facebook-twitter-g
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 4.4.4
Severity Score:: Medium
CVE:: 2024-1446

Plugin:: NextScripts
Plugin Slug:: social-networks-auto-poster-facebook-twitter-g
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.4.4
Severity Score:: High
CVE:: 2024-1762

Plugin:: Uber Menu
Plugin Slug:: ubermenu
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.8.3
Severity Score:: Medium
CVE:: 2024-4710

Plugin:: Userpro
Plugin Slug:: userpro
Vulnerability:: Privilege Escalation
Patched in Version:: 5.1.9
Severity Score:: Critical
CVE:: 2024-35700

WordPress Themes � 1 Patched / 0 Unpatched

Theme:: Blocksy
Theme Slug:: blocksy
Downloads: 3,232,407
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.47
Severity Score:: Medium
CVE:: 2024-4943