WordPress Vulnerability Report � July 17, 2024

In this report, 300 vulnerabilities have been publicly disclosed. Security patches for 168 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 132 plugin and theme vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

WordPress Core

Say hello to WordPress 6.6 �Dorsey,� named after the legendary American Big Band leader, Tommy Dorsey. Explore the new features and enhancements of WordPress 6.6.

WordPress Plugins � 167 Patched / 118 Unpatched

Plugin:: Genesis Blocks
Plugin Slug:: genesis-blocks
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-3563

Plugin:: Search & Replace
Plugin Slug:: search-and-replace
Installations: 100,000+
Vulnerability:: Deserialization of untrusted data
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-38759

Plugin:: VK All in One Expansion Unit
Plugin Slug:: vk-all-in-one-expansion-unit
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-37956

Plugin:: Titan Anti-spam & Security
Plugin Slug:: anti-spam
Installations: 90,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-38777

Plugin:: Matomo Analytics � Ethical Stats. Powerful Insights.
Plugin Slug:: matomo
Installations: 80,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-38766

Plugin:: Meks Smart Author Widget
Plugin Slug:: meks-smart-author-widget
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-37958

Plugin:: Packlink PRO shipping module
Plugin Slug:: packlink-pro-shipping
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-38740

Plugin:: ReCaptcha Integration for WordPress
Plugin Slug:: wp-recaptcha-integration
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-37946

Plugin:: Generate PDF using Contact Form 7
Plugin Slug:: generate-pdf-using-contact-form-7
Installations: 4,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-37555

Plugin:: Generate PDF using Contact Form 7
Plugin Slug:: generate-pdf-using-contact-form-7
Installations: 4,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-6317

Plugin:: Panda Video
Plugin Slug:: pandavideo
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-5457

Plugin:: Panda Video
Plugin Slug:: pandavideo
Installations: 4,000+
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-5456

Plugin:: Realtyna Organic IDX plugin + WPL Real Estate
Plugin Slug:: real-estate-listing-realtyna-wpl
Installations: 3,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-38736

Plugin:: Timeline Module for Beaver Builder
Plugin Slug:: timeline-for-beaver-builder
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-37919

Plugin:: WP User Switch
Plugin Slug:: wp-user-switch
Installations: 1,000+
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-37560

Plugin:: Admin Dashboard RSS Feed
Plugin Slug:: admin-dashboard-rss-feed
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-38725

Plugin:: Google Adsense & Banner Ads by AdsforWP
Plugin Slug:: ads-for-wp
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-38751

Plugin:: AdPush
Plugin Slug:: adsense-plugin
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-38672

Plugin:: Advanced AJAX Page Loader
Plugin Slug:: advanced-ajax-page-loader
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-6310

Plugin:: Advanced post slider
Plugin Slug:: advanced-post-slider
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-38750

Plugin:: EleForms
Plugin Slug:: all-contact-form-integration-for-elementor
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-38748

Plugin:: Amazing Hover Effects
Plugin Slug:: amazing-hover-effects
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-38741

Plugin:: Animated Typed JS Shortcode
Plugin Slug:: animated-typed-js-shortcode
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-38679

Plugin:: Appmaker � Convert WooCommerce to Android & iOS Native Mobile Apps
Plugin Slug:: appmaker-woocommerce-mobile-app-manager
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-38680

Plugin:: Arkhe Blocks
Plugin Slug:: arkhe-blocks
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-38675

Plugin:: Attachment File Icons
Plugin Slug:: attachment-file-icons
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-6309

Plugin:: Auto Featured Image (Auto Post Thumbnail)
Plugin Slug:: auto-post-thumbnail
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-38719

Plugin:: Booking Ultra Pro
Plugin Slug:: booking-ultra-pro
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-38717

Plugin:: Booking Ultra Pro
Plugin Slug:: booking-ultra-pro
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-38676

Plugin:: Caxton � Create Pro page layouts in Gutenberg
Plugin Slug:: caxton
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-37948

Plugin:: Cliengo � Chatbot
Plugin Slug:: cliengo
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-37923

Plugin:: Cliengo � Chatbot
Plugin Slug:: cliengo
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-5993

Plugin:: Cliengo � Chatbot
Plugin Slug:: cliengo
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-5992

Plugin:: CodePen Embedded Pens Shortcode
Plugin Slug:: codepen-embedded-pen-shortcode
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-37960

Plugin:: codoc
Plugin Slug:: codoc
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-37961

Plugin:: Comment Images Reloaded
Plugin Slug:: comment-images-reloaded
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-5856

Plugin:: Animated Rotating Words
Plugin Slug:: css3-rotating-words
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-38753

Plugin:: WPCS
Plugin Slug:: currency-switcher
Vulnerability:: Content Injection
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-38700

Plugin:: Default Thumbnail Plus
Plugin Slug:: default-thumbnail-plus
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-6161

Plugin:: DirectoryPress
Plugin Slug:: directorypress
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-38755

Plugin:: Download Button for Elementor
Plugin Slug:: download-button-for-elementor
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-38718

Plugin:: Easy Pixels
Plugin Slug:: easy-pixels-by-jevnet
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-5479

Plugin:: EazyDocs
Plugin Slug:: eazydocs
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-38721

Plugin:: EazyDocs
Plugin Slug:: eazydocs
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-38720

Plugin:: Pricing Table
Plugin Slug:: elfsight-pricing-table
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-4102

Plugin:: Pricing Table
Plugin Slug:: elfsight-pricing-table
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-4100

Plugin:: Power BI Embedded for WordPress
Plugin Slug:: embed-power-bi
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-37959

Plugin:: Event post
Plugin Slug:: event-post
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-1375

Plugin:: Event post
Plugin Slug:: event-post
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-38735

Plugin:: EventON
Plugin Slug:: eventon-lite
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-6180

Plugin:: Events Calendar for Google
Plugin Slug:: events-calendar-for-google
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-38716

Plugin:: ExS Widgets
Plugin Slug:: exs-widgets
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-38715

Plugin:: Extensions for Elementor
Plugin Slug:: extensions-for-elementor
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-4868

Plugin:: XPlainer – WooCommerce Product FAQ
Plugin Slug:: faq-for-woocommerce
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-5704

Plugin:: XPlainer – WooCommerce Product FAQ
Plugin Slug:: faq-for-woocommerce
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-5669

Plugin:: File Manager Advanced Shortcode
Plugin Slug:: file-manager-advanced-shortcode
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2023-7061

Plugin:: WordPress Form Builder Plugin � Gutenberg Forms
Plugin Slug:: forms-gutenberg
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-6313

Plugin:: Fusion
Plugin Slug:: fusion
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-37962

Plugin:: SCSS Happy Compiler
Plugin Slug:: happy-scss-compiler
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-5600

Plugin:: HitPay Payment Gateway for WooCommerce
Plugin Slug:: hitpay-payment-gateway
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-38747

Plugin:: Import Spreadsheets from Microsoft Excel
Plugin Slug:: import-spreadsheets-from-microsoft-excel
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-38734

Plugin:: IQ Testimonials
Plugin Slug:: iq-testimonials
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-6314

Plugin:: WooCommerce Report
Plugin Slug:: ithemelandco-woo-report
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-38683

Plugin:: Job Board Manager
Plugin Slug:: job-board-manager
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-38722

Plugin:: Just Custom Fields
Plugin Slug:: just-custom-fields
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-6168

Plugin:: Just Custom Fields
Plugin Slug:: just-custom-fields
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-6167

Plugin:: Laposta
Plugin Slug:: laposta
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-6574

Plugin:: Light Poll
Plugin Slug:: light-poll
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-6720

Plugin:: Magical Addons For Elementor
Plugin Slug:: magical-addons-for-elementor
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-38730

Plugin:: Magical Addons For Elementor
Plugin Slug:: magical-addons-for-elementor
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-38681

Plugin:: Magical Posts Display � Elementor & Gutenberg Posts Blocks
Plugin Slug:: magical-posts-display
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-37951

Plugin:: MBE eShip
Plugin Slug:: mail-boxes-etc
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-38742

Plugin:: MBE eShip
Plugin Slug:: mail-boxes-etc
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-38729

Plugin:: MBE eShip
Plugin Slug:: mail-boxes-etc
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-37953

Plugin:: Master Popups
Plugin Slug:: master-popups-lite
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-37950

Plugin:: Meks Video Importer
Plugin Slug:: meks-video-importer
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-38733

Plugin:: URL Shortener by MyThemeShop
Plugin Slug:: mts-url-shortener
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-5802

Plugin:: Olive One Click Demo Import
Plugin Slug:: olive-one-click-demo-import
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-38749

Plugin:: OSM � OpenStreetMap
Plugin Slug:: osm
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-3604

Plugin:: Payflex Payment Gateway
Plugin Slug:: payflex-payment-gateway
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-0619

Plugin:: Pie Register
Plugin Slug:: pie-register
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-6069

Plugin:: Plugin Notes Plus
Plugin Slug:: plugin-notes-plus
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-37561

Plugin:: Post Layouts for Gutenberg
Plugin Slug:: post-layouts
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-38682

Plugin:: Product Designer
Plugin Slug:: product-designer
Vulnerability:: Arbitrary Content Deletion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-38726

Plugin:: Product Designer
Plugin Slug:: product-designer
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-3608

Plugin:: Plum: Spin Wheel & Email Pop-up
Plugin Slug:: qodeblock
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-38744

Plugin:: Plum: Spin Wheel & Email Pop-up
Plugin Slug:: qodeblock
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-38743

Plugin:: Coming Soon
Plugin Slug:: responsive-coming-soon-page
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-38756

Plugin:: REVIEWS.io
Plugin Slug:: reviewscouk-for-woocommerce
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-38677

Plugin:: ScrollTo Bottom
Plugin Slug:: scrollto-bottom
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-6321

Plugin:: ScrollTo Top
Plugin Slug:: scrollto-top
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-6320

Plugin:: Seraphinite Post .DOCX Source
Plugin Slug:: seraphinite-post-docx-source
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-38728

Plugin:: Seraphinite Post .DOCX Source
Plugin Slug:: seraphinite-post-docx-source
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-38727

Plugin:: Simple Alert Boxes
Plugin Slug:: simple-alert-boxes
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-5937

Plugin:: Simple Post Notes
Plugin Slug:: simple-post-notes
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-37562

Plugin:: Simple Responsive Slider
Plugin Slug:: simple-responsive-slider
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-37954

Plugin:: SKT Addons for Elementor
Plugin Slug:: skt-addons-for-elementor
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-38674

Plugin:: Sky Addons for Elementor
Plugin Slug:: sky-elementor-addons
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-38687

Plugin:: GutSlider � All in One Block Slider
Plugin Slug:: slider-blocks
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-37955

Plugin:: Tabs For WPBakery Page Builder
Plugin Slug:: tabs-for-visual-composer
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-37936

Plugin:: Taggbox
Plugin Slug:: taggbox-widget
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-38754

Plugin:: TOCHAT.BE
Plugin Slug:: tochat-be
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-37563

Plugin:: UltraAddons Elementor Lite
Plugin Slug:: ultraaddons-elementor-lite
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-4866

Plugin:: User Activity Log Pro
Plugin Slug:: user-activity-log-pro
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-37929

Plugin:: WappPress
Plugin Slug:: wapppress-builds-android-app-for-website
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-38758

Plugin:: Webico Slider Flatsome Addons
Plugin Slug:: webico-slider-flatsome-addons
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-5881

Plugin:: LearnDash LMS � Reports
Plugin Slug:: wisdm-reports-for-learndash
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-5648

Plugin:: Woocommerce OpenPos
Plugin Slug:: woocommerce-openpos
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-37935

Plugin:: Woocommerce OpenPos
Plugin Slug:: woocommerce-openpos
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-37933

Plugin:: Woocommerce OpenPos
Plugin Slug:: woocommerce-openpos
Vulnerability:: Arbitrary File Deletion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-37932

Plugin:: WooCommerce Predictive Search
Plugin Slug:: woocommerce-predictive-search
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-38669

Plugin:: Change From Email
Plugin Slug:: wp-from-email
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-38738

Plugin:: WP GoToWebinar
Plugin Slug:: wp-gotowebinar
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-38671

Plugin:: Multisite Content Copier/Updater
Plugin Slug:: wp-multisite-content-copier
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-38673

Plugin:: WP2Speed Faster
Plugin Slug:: wp2speed
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-37924

Plugin:: WP2Speed Faster
Plugin Slug:: wp2speed
Vulnerability:: Broken Authentication
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-5810

Plugin:: Recipe Maker For Your Food Blog from Zip Recipes
Plugin Slug:: zip-recipes
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-38688

Plugin:: Zoho Campaigns
Plugin Slug:: zoho-campaigns
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-38752

Plugin:: Duplicator � Migration & Backup Plugin
Plugin Slug:: duplicator
Installations: 1,000,000+
Vulnerability:: Full Path Disclosure (FPD)
Patched in Version:: 1.5.10
Severity Score:: Medium
CVE:: 2024-6210

Plugin:: WPS Hide Login
Plugin Slug:: wps-hide-login
Installations: 1,000,000+
Vulnerability:: Bypass Vulnerability
Patched in Version:: 1.9.16.4
Severity Score:: Medium
CVE:: 2024-6289

Plugin:: Premium Addons for Elementor
Plugin Slug:: premium-addons-for-elementor
Installations: 700,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.10.37
Severity Score:: Medium
CVE:: 2024-6495

Plugin:: Premium Addons for Elementor
Plugin Slug:: premium-addons-for-elementor
Installations: 700,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.10.35
Severity Score:: Medium
CVE:: 2024-37922

Plugin:: Easy Table of Contents
Plugin Slug:: easy-table-of-contents
Installations: 500,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.67.1
Severity Score:: Medium
CVE:: 2024-6334

Plugin:: Photo Gallery, Sliders, Proofing and Themes � NextGEN Gallery
Plugin Slug:: nextgen-gallery
Installations: 500,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.59.3
Severity Score:: Medium
CVE:: 2024-5442

Plugin:: SEOPress � On-site SEO
Plugin Slug:: wp-seopress
Installations: 300,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 7.9
Severity Score:: High
CVE:: 2024-5488

Plugin:: Unlimited Elements For Elementor (Free Widgets, Addons, Templates)
Plugin Slug:: unlimited-elements-for-elementor
Installations: 200,000+
Vulnerability:: Bypass Vulnerability
Patched in Version:: 1.5.113
Severity Score:: Medium
CVE:: 2024-6171

Plugin:: Unlimited Elements For Elementor (Free Widgets, Addons, Templates)
Plugin Slug:: unlimited-elements-for-elementor
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.113
Severity Score:: Medium
CVE:: 2024-6169

Plugin:: Unlimited Elements For Elementor (Free Widgets, Addons, Templates)
Plugin Slug:: unlimited-elements-for-elementor
Installations: 200,000+
Vulnerability:: SQL Injection
Patched in Version:: 1.5.113
Severity Score:: High
CVE:: 2024-6166

Plugin:: User Feedback � Create Interactive Feedback Form, User Surveys, and Polls in Seconds
Plugin Slug:: userfeedback-lite
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.16
Severity Score:: High
CVE:: 2024-5902

Plugin:: Feeds for YouTube (YouTube video, channel, and gallery plugin)
Plugin Slug:: feeds-for-youtube
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.2
Severity Score:: Medium
CVE:: 2024-6256

Plugin:: HT Mega � Absolute Addons For Elementor
Plugin Slug:: ht-mega-for-elementor
Installations: 100,000+
Vulnerability:: Path Traversal
Patched in Version:: 2.5.8
Severity Score:: Medium
CVE:: 2024-38706

Plugin:: Inline Related Posts
Plugin Slug:: intelly-related-posts
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.7.0
Severity Score:: High
CVE:: 2024-5626

Plugin:: WordPress Button Plugin MaxButtons
Plugin Slug:: maxbuttons
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 9.7.8
Severity Score:: Medium
CVE:: 2024-3026

Plugin:: HUSKY � Products Filter Professional for WooCommerce
Plugin Slug:: woocommerce-products-filter
Installations: 100,000+
Vulnerability:: SQL Injection
Patched in Version:: 1.3.6.1
Severity Score:: Critical
CVE:: 2024-6457

Plugin:: EmbedPress � Embed PDF, PDF 3D FlipBook, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor
Plugin Slug:: embedpress
Installations: 90,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.0.5
Severity Score:: Medium
CVE:: 2024-38707

Plugin:: Event Tickets and Registration
Plugin Slug:: event-tickets
Installations: 90,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 5.11.0.5
Severity Score:: Medium
CVE:: 2024-38762

Plugin:: Tutor LMS � eLearning and online course solution
Plugin Slug:: tutor
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.7.3
Severity Score:: Medium
CVE:: 2024-37947

Plugin:: Brizy � Page Builder
Plugin Slug:: brizy
Installations: 80,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.4.45
Severity Score:: High
CVE:: 2024-1937

Plugin:: YITH WooCommerce Ajax Product Filter
Plugin Slug:: yith-woocommerce-ajax-navigation
Installations: 80,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.2.0
Severity Score:: Medium
CVE:: 2024-37943

Plugin:: Premium Portfolio Features for Phlox theme
Plugin Slug:: auxin-portfolio
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.3.3
Severity Score:: Medium
CVE:: 2024-3587

Plugin:: Image Hover Effects � Elementor Addon
Plugin Slug:: image-hover-effects-addon-for-elementor
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4.4
Severity Score:: Medium
CVE:: 2024-4780

Plugin:: Internal Link Juicer: SEO Auto Linker for WordPress
Plugin Slug:: internal-links
Installations: 50,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.24.4
Severity Score:: Medium
CVE:: 2024-37941

Plugin:: Ultimate Blocks � WordPress Blocks Plugin
Plugin Slug:: ultimate-blocks
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1.9
Severity Score:: Medium
CVE:: 2024-4655

Plugin:: RSS Aggregator � RSS Import, News Feeds, Feed to Post, and Autoblogging
Plugin Slug:: wp-rss-aggregator
Installations: 50,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.23.12
Severity Score:: Medium
CVE:: 2024-6621

Plugin:: Ditty � Responsive News Tickers, Sliders, and Lists
Plugin Slug:: ditty-news-ticker
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1.43
Severity Score:: Medium
CVE:: 2024-5575

Plugin:: PowerPress Podcasting plugin by Blubrry
Plugin Slug:: powerpress
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 11.9.11
Severity Score:: Medium
CVE:: 2024-6588

Plugin:: Qi Blocks
Plugin Slug:: qi-blocks
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.1
Severity Score:: Medium
CVE:: 2024-38712

Plugin:: Quiz and Survey Master (QSM) � Easy Quiz and Survey Maker
Plugin Slug:: quiz-master-next
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 9.0.5
Severity Score:: Medium
CVE:: 2024-6025

Plugin:: Social Media Widget
Plugin Slug:: social-media-widget
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.0.9
Severity Score:: Medium
CVE:: 2024-0974

Plugin:: FULL � Cliente
Plugin Slug:: full-customer
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1.13
Severity Score:: High
CVE:: 2024-6447

Plugin:: Index WP MySQL For Speed
Plugin Slug:: index-wp-mysql-for-speed
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4.18
Severity Score:: High
CVE:: 2024-4977

Plugin:: Master Addons � Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor
Plugin Slug:: master-addons
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.6.3
Severity Score:: Medium
CVE:: 2024-38710

Plugin:: Seriously Simple Podcasting
Plugin Slug:: seriously-simple-podcasting
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.3.0
Severity Score:: Medium
CVE:: 2024-3751

Plugin:: Team Members
Plugin Slug:: team-members
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.3.4
Severity Score:: Medium
CVE:: 2024-38670

Plugin:: WP Popups � WordPress Popup builder
Plugin Slug:: wp-popups-lite
Installations: 30,000+
Vulnerability:: Full Path Disclosure (FPD)
Patched in Version:: 2.2.0.2
Severity Score:: Medium
CVE:: 2024-6555

Plugin:: Login by Auth0
Plugin Slug:: auth0
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.6.1
Severity Score:: High
CVE:: 2023-6813

Plugin:: Branda � White Label WordPress, Custom Login Page Customizer
Plugin Slug:: branda-white-labeling
Installations: 20,000+
Vulnerability:: Full Path Disclosure (FPD)
Patched in Version:: 3.4.19
Severity Score:: Medium
CVE:: 2024-6554

Plugin:: Image Photo Gallery Final Tiles Grid
Plugin Slug:: final-tiles-grid-gallery-lite
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.6.0
Severity Score:: Medium
CVE:: 2024-3710

Plugin:: Form Vibes � Database Manager for Forms
Plugin Slug:: form-vibes
Installations: 20,000+
Vulnerability:: SQL Injection
Patched in Version:: 1.4.11
Severity Score:: High
CVE:: 2024-5325

Plugin:: MP3 Audio Player � Music Player, Podcast Player & Radio by Sonaar
Plugin Slug:: mp3-music-player-by-sonaar
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.6
Severity Score:: Medium
CVE:: 2024-5664

Plugin:: Giveaways and Contests by RafflePress � Get More Website Traffic, Email Subscribers, and Social Followers
Plugin Slug:: rafflepress
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.12.14
Severity Score:: Medium
CVE:: 2024-3963

Plugin:: Secure Copy Content Protection and Content Locking
Plugin Slug:: secure-copy-content-protection
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.0.9
Severity Score:: Medium
CVE:: 2024-6138

Plugin:: Slider by 10Web � Responsive Image Slider
Plugin Slug:: slider-wd
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.56
Severity Score:: Medium
CVE:: 2024-6026

Plugin:: SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer
Plugin Slug:: smartcrawl-seo
Installations: 20,000+
Vulnerability:: Full Path Disclosure (FPD)
Patched in Version:: 3.10.9
Severity Score:: Medium
CVE:: 2024-6556

Plugin:: User Submitted Posts � Enable Users to Submit Posts from the Front End
Plugin Slug:: user-submitted-posts
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 20240516
Severity Score:: Medium
CVE:: 2024-5002

Plugin:: Wallet for WooCommerce
Plugin Slug:: woo-wallet
Installations: 20,000+
Vulnerability:: SQL Injection
Patched in Version:: 1.5.5
Severity Score:: High
CVE:: 2024-6353

Plugin:: Wholesale Suite � WooCommerce Wholesale Prices, B2B, Catalog Mode, Order Form, Wholesale User Roles, Dynamic Pricing & More
Plugin Slug:: woocommerce-wholesale-prices
Installations: 20,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.2.0
Severity Score:: Medium
CVE:: 2024-38745

Plugin:: WP Accessibility Helper (WAH)
Plugin Slug:: wp-accessibility-helper
Installations: 20,000+
Vulnerability:: Broken Access Control
Patched in Version:: 0.6.3
Severity Score:: Medium
CVE:: 2024-37926

Plugin:: WP Event Manager � Events Calendar, Registrations, Sell Tickets with WooCommerce
Plugin Slug:: wp-event-manager
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1.44
Severity Score:: Medium
CVE:: 2024-2691

Plugin:: WordPress File Upload
Plugin Slug:: wp-file-upload
Installations: 20,000+
Vulnerability:: Directory Traversal
Patched in Version:: 4.24.8
Severity Score:: Medium
CVE:: 2024-5852

Plugin:: Backup and Staging by WP Time Capsule
Plugin Slug:: wp-time-capsule
Installations: 20,000+
Vulnerability:: Privilege Escalation
Patched in Version:: 1.22.21
Severity Score:: Critical
CVE:: 2024-38770

Plugin:: Goftino
Plugin Slug:: goftino
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.7
Severity Score:: Medium
CVE:: 2024-38697

Plugin:: Gum Elementor Addon
Plugin Slug:: gum-elementor-addon
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.6
Severity Score:: Medium
CVE:: 2024-37565

Plugin:: Link Library
Plugin Slug:: link-library
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.7.2
Severity Score:: High
CVE:: 2024-38711

Plugin:: Metorik � Reports & Email Automation for WooCommerce
Plugin Slug:: metorik-helper
Installations: 10,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.7.2
Severity Score:: Medium
CVE:: 2024-38691

Plugin:: Product Enquiry for WooCommerce
Plugin Slug:: product-enquiry-for-woocommerce
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1.8
Severity Score:: Medium
CVE:: 2024-3964

Plugin:: WP Photo Album Plus
Plugin Slug:: wp-photo-album-plus
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 8.8.02.003
Severity Score:: Medium
CVE:: 2024-38713

Plugin:: SchedulePress � Auto Post & Publish, Auto Social Share, Schedule Posts with Editorial Calendar & Missed Schedule Post Publisher
Plugin Slug:: wp-scheduled-posts
Installations: 10,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 5.1.4
Severity Score:: Medium
CVE:: 2024-6557

Plugin:: WP Travel Engine � Tour Booking Plugin � Tour Operator Software
Plugin Slug:: wp-travel-engine
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.9.2
Severity Score:: Medium
CVE:: 2024-37944

Plugin:: Backup, Restore and Migrate WordPress Sites With the XCloner Plugin
Plugin Slug:: xcloner-backup-and-restore
Installations: 10,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 4.7.4
Severity Score:: Medium
CVE:: 2024-6559

Plugin:: WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting
Plugin Slug:: erp
Installations: 8,000+
Vulnerability:: SQL Injection
Patched in Version:: 1.13.1
Severity Score:: High
CVE:: 2024-6666

Plugin:: If-So Dynamic Content Personalization
Plugin Slug:: if-so
Installations: 8,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8.0.4
Severity Score:: Medium
CVE:: 2024-6070

Plugin:: If-So Dynamic Content Personalization
Plugin Slug:: if-so
Installations: 8,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8.0.4
Severity Score:: High
CVE:: 2024-5713

Plugin:: Get Use APIs � JSON Content Importer
Plugin Slug:: json-content-importer
Installations: 8,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 1.6.0
Severity Score:: Medium
CVE:: 2024-38723

Plugin:: iPanorama 360 � WordPress Virtual Tour Builder
Plugin Slug:: ipanorama-360-virtual-tour-builder-lite
Installations: 7,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.8.4
Severity Score:: Medium
CVE:: 2024-38690

Plugin:: Social Sharing Plugin � Kiwi
Plugin Slug:: kiwi-social-share
Installations: 7,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.1.8
Severity Score:: Medium
CVE:: 2024-3228

Plugin:: ProfileGrid � User Profiles, Groups and Communities
Plugin Slug:: profilegrid-user-profiles-groups-and-communities
Installations: 7,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 5.9.0
Severity Score:: Medium
CVE:: 2024-6410

Plugin:: ProfileGrid � User Profiles, Groups and Communities
Plugin Slug:: profilegrid-user-profiles-groups-and-communities
Installations: 7,000+
Vulnerability:: Privilege Escalation
Patched in Version:: 5.9.0
Severity Score:: High
CVE:: 2024-6411

Plugin:: Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder
Plugin Slug:: bit-form
Installations: 6,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 2.13.4
Severity Score:: Critical
CVE:: 2024-6123

Plugin:: InstaWP Connect � 1-click WP Staging & Migration
Plugin Slug:: instawp-connect
Installations: 5,000+
Vulnerability:: Privilege Escalation
Patched in Version:: 0.1.0.45
Severity Score:: Critical
CVE:: 2024-6397

Plugin:: Send Users Email
Plugin Slug:: send-users-email
Installations: 5,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.5.2
Severity Score:: Medium
CVE:: 2024-38760

Plugin:: WP Links Page
Plugin Slug:: wp-links-page
Installations: 5,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.9.6
Severity Score:: Medium
CVE:: 2024-6465

Plugin:: WP QuickLaTeX
Plugin Slug:: wp-quicklatex
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.8.7
Severity Score:: Medium
CVE:: 2024-5472

Plugin:: CM WordPress Search And Replace Plugin
Plugin Slug:: cm-on-demand-search-and-replace
Installations: 4,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.3.9
Severity Score:: Medium
CVE:: 2024-5028

Plugin:: ElementInvader Addons for Elementor
Plugin Slug:: elementinvader-addons-for-elementor
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.5
Severity Score:: Medium
CVE:: 2024-38705

Plugin:: MStore API � Create Native Android & iOS Apps On The Cloud
Plugin Slug:: mstore-api
Installations: 4,000+
Vulnerability:: Broken Authentication
Patched in Version:: 4.15.0
Severity Score:: Critical
CVE:: 2024-6328

Plugin:: Typebot | Create advanced chat experiences without coding
Plugin Slug:: typebot
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.6.1
Severity Score:: Medium
CVE:: 2024-38757

Plugin:: VikRentCar Car Rental Management System
Plugin Slug:: vikrentcar
Installations: 4,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.3.2
Severity Score:: Medium
CVE:: 2024-1845

Plugin:: Watu Quiz
Plugin Slug:: watu
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.4.1.2
Severity Score:: Medium
CVE:: 2024-2640

Plugin:: Zoho CRM Lead Magnet
Plugin Slug:: zoho-crm-forms
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.7.8.9
Severity Score:: High
CVE:: 2024-38696

Plugin:: AForms � Form Builder for Price Calculator & Cost Estimation
Plugin Slug:: aforms-form-builder-for-price-calculator-cost-estimation
Installations: 3,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.2.7
Severity Score:: Medium
CVE:: 2024-6565

Plugin:: Contact Form, Survey & Popup Form Plugin for WordPress � ARForms Form Builder
Plugin Slug:: arforms-form-builder
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.8
Severity Score:: High
CVE:: 2024-37920

Plugin:: ConeBlog � Elementor Blog Widgets
Plugin Slug:: coneblog-widgets
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4.9
Severity Score:: Medium
CVE:: 2024-37918

Plugin:: Insert or Embed Articulate Content into WordPress
Plugin Slug:: insert-or-embed-articulate-content-into-wordpress
Installations: 3,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 4.3000000024
Severity Score:: Critical
CVE:: 2024-5630

Plugin:: oik
Plugin Slug:: oik
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.12.0
Severity Score:: Medium
CVE:: 2024-6391

Plugin:: Spiffy Calendar
Plugin Slug:: spiffy-calendar
Installations: 3,000+
Vulnerability:: SQL Injection
Patched in Version:: 4.9.12
Severity Score:: High
CVE:: 2024-38692

Plugin:: Wallet System for WooCommerce � Wallet, Digital Wallet, Cashback, Recharge User Wallets, Partial Payments, Wallet restriction, Refunds
Plugin Slug:: wallet-system-for-woocommerce
Installations: 3,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.5.14
Severity Score:: High
CVE:: 2024-38699

Plugin:: Chained Quiz
Plugin Slug:: chained-quiz
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.3.2.9
Severity Score:: Medium
CVE:: 2024-37921

Plugin:: Featured Image Generator
Plugin Slug:: featured-image-generator
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.3.3
Severity Score:: Medium
CVE:: 2024-5677

Plugin:: Glossary
Plugin Slug:: glossary-by-codeat
Installations: 2,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.2.27
Severity Score:: Medium
CVE:: 2024-6570

Plugin:: JSON API User
Plugin Slug:: json-api-user
Installations: 2,000+
Vulnerability:: Privilege Escalation
Patched in Version:: 3.9.4
Severity Score:: Critical
CVE:: 2024-6624

Plugin:: MakeStories (for Google Web Stories)
Plugin Slug:: makestories-helper
Installations: 2,000+
Vulnerability:: Arbitrary File Download
Patched in Version:: 3.0.4
Severity Score:: High
CVE:: 2024-38746

Plugin:: Media Hygiene: Remove or Delete Unused Images and More!
Plugin Slug:: media-hygiene
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.0.2
Severity Score:: Medium
CVE:: 2024-5855

Plugin:: Product Delivery Date for WooCommerce � Lite
Plugin Slug:: product-delivery-date-for-woocommerce-lite
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.7.3
Severity Score:: Medium
CVE:: 2024-38702

Plugin:: Simple Popup Plugin
Plugin Slug:: simple-popup-plugin
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.5
Severity Score:: Medium
CVE:: 2024-38689

Plugin:: SKT Skill Bar
Plugin Slug:: skt-skill-bar
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1
Severity Score:: Medium
CVE:: 2024-38698

Plugin:: SlingBlocks � Gutenberg Blocks by FunnelKit (Formerly WooFunnels)
Plugin Slug:: slingblocks
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.0
Severity Score:: Medium
CVE:: 2024-38684

Plugin:: SVG Block
Plugin Slug:: svg-block
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.20
Severity Score:: Medium
CVE:: 2024-4269

Plugin:: Web and WooCommerce Addons for WPBakery Builder
Plugin Slug:: vc-addons-by-bit14
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.4.6
Severity Score:: Medium
CVE:: 2024-6579

Plugin:: Product Table by WBW
Plugin Slug:: woo-product-tables
Installations: 2,000+
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: 2.0.2
Severity Score:: Critical
CVE:: 2024-6365

Plugin:: WP Event Aggregator: Import Eventbrite events, Meetup events, social events and any iCal Events into WordPress
Plugin Slug:: wp-event-aggregator
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8.0
Severity Score:: Medium
CVE:: 2024-38703

Plugin:: Academy LMS � eLearning and online course solution for WordPress
Plugin Slug:: academy
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.0.5
Severity Score:: Medium
CVE:: 2024-38701

Plugin:: Blog, Posts and Category Filter for Elementor
Plugin Slug:: blog-posts-and-category-for-elementor
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.0
Severity Score:: Medium
CVE:: 2024-4667

Plugin:: Bradmax Player
Plugin Slug:: bradmax-player
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.28
Severity Score:: Medium
CVE:: 2024-37957

Plugin:: CM Email Registration Blacklist and Whitelist
Plugin Slug:: cm-email-blacklist
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.4.9
Severity Score:: Medium
CVE:: 2024-5167

Plugin:: WP Fast Total Search � The Power of Indexed Search
Plugin Slug:: fulltext-search
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.69.234
Severity Score:: Medium
CVE:: 2024-38714

Plugin:: GD Rating System
Plugin Slug:: gd-rating-system
Installations: 1,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 3.6.1
Severity Score:: Medium
CVE:: 2024-38709

Plugin:: Gravity Forms: Multiple Form Instances
Plugin Slug:: gravity-forms-multiple-form-instances
Installations: 1,000+
Vulnerability:: Full Path Disclosure (FPD)
Patched in Version:: 1.1.2
Severity Score:: Medium
CVE:: 2024-6550

Plugin:: FancyPost � Best Ultimate Post Block, Post Grid, Layouts, Carousel, Slider For Gutenberg & Elementor
Plugin Slug:: post-block
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.3.2
Severity Score:: Medium
CVE:: 2024-38686

Plugin:: Quotes and Tips by BestWebSoft
Plugin Slug:: quotes-and-tips
Installations: 1,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 1.45
Severity Score:: Critical
CVE:: 2024-3112

Plugin:: Image Optimizer, Resizer and CDN � Sirv
Plugin Slug:: sirv
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 7.2.8
Severity Score:: Medium
CVE:: 2024-6392

Plugin:: Squelch Tabs and Accordions Shortcodes
Plugin Slug:: squelch-tabs-and-accordions-shortcodes
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 0.4.9
Severity Score:: Medium
CVE:: 2024-5946

Plugin:: Team Manager � WordPress Showcase Team Members
Plugin Slug:: wp-team-manager
Installations: 1,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 2.1.13
Severity Score:: Medium
CVE:: 2024-38704

Plugin:: WPBITS Addons For Elementor Page Builder
Plugin Slug:: wpbits-addons-for-elementor
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.1
Severity Score:: Medium
CVE:: 2024-37945

Plugin:: WPBITS Addons For Elementor Page Builder
Plugin Slug:: wpbits-addons-for-elementor
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.1
Severity Score:: Medium
CVE:: 2024-4862

Plugin:: BerqWP � Automated All-In-One PageSpeed Optimization Plugin for Core Web Vitals, Cache, CDN, Images, CSS, and JavaScript
Plugin Slug:: searchpro
Installations: 900+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 1.7.6
Severity Score:: High
CVE:: 2024-37942

Plugin:: Barcode Scanner and Inventory manager. POS (Point of Sale) � scan barcodes & create orders with barcode reader.
Plugin Slug:: barcode-scanner-lite-pos-to-manage-products-inventory-and-orders
Installations: 800+
Vulnerability:: SQL Injection
Patched in Version:: 1.6.2
Severity Score:: High
CVE:: 2024-38708

Plugin:: DN Footer Contacts
Plugin Slug:: dn-footer-contacts
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.3
Severity Score:: Medium
CVE:: 2024-3410

Plugin:: Smart Image Gallery
Plugin Slug:: photoshow
Installations: 200+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.0.19
Severity Score:: Medium
CVE:: 2024-3632

Plugin:: Tournamatch
Plugin Slug:: tournamatch
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.6.1
Severity Score:: Medium
CVE:: 2024-5644

Plugin:: Tournamatch
Plugin Slug:: tournamatch
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.6.1
Severity Score:: Medium
CVE:: 2024-5627

Plugin:: Bug Library
Plugin Slug:: bug-library
Installations: 100+
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: 2.1.1
Severity Score:: Critical
CVE:: 2024-5450

Plugin:: Embed Peertube Playlist
Plugin Slug:: embed-peertube-playlist
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.10
Severity Score:: Medium
CVE:: 2024-4602

Plugin:: Website Content in Page or Post
Plugin Slug:: show-website-content-in-wordpress-page-or-post
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2024.04.09
Severity Score:: Medium
CVE:: 2024-2430

Plugin:: Hostel
Plugin Slug:: hostel
Installations: 70+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.5.3
Severity Score:: High
CVE:: 2024-3753

Plugin:: WP Announcement | Dynamic Announcement, Banner, & Countdown Timer for Effective Promotions
Plugin Slug:: sp-announcement
Installations: 60+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.9
Severity Score:: Medium
CVE:: 2024-38685

Plugin:: OpenPGP Form Encryption for WordPress
Plugin Slug:: openpgp-form-encryption
Installations: 50+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.1
Severity Score:: Medium
CVE:: 2024-3919

Plugin:: WP Total Branding � Complete branding solution for WordPress
Plugin Slug:: wp-total-branding
Installations: 50+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3
Severity Score:: Medium
CVE:: 2024-6625

Plugin:: SULly
Plugin Slug:: sully
Installations: 30+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.3.1
Severity Score:: Medium
CVE:: 2024-5151

Plugin:: SULly
Plugin Slug:: sully
Installations: 30+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 4.3.1
Severity Score:: Medium
CVE:: 2024-5034

Plugin:: SULly
Plugin Slug:: sully
Installations: 30+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 4.3.1
Severity Score:: High
CVE:: 2024-5033

Plugin:: SULly
Plugin Slug:: sully
Installations: 30+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.3.1
Severity Score:: High
CVE:: 2024-5032

Plugin:: Simple Video Directory
Plugin Slug:: simple-media-directory
Installations: 10+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4.4
Severity Score:: Medium
CVE:: 2024-5811

Plugin:: Support SVG � Upload svg files in wordpress without hassle
Plugin Slug:: support-svg
Installations: 10+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.0
Severity Score:: Medium
CVE:: 2024-4272

Plugin:: BSK PDF Manager
Plugin Slug:: bsk-pdf-manager
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.6.1
Severity Score:: Medium
CVE:: 2024-38767

Plugin:: Contact Form 7 Summary and Print
Plugin Slug:: cf7-summary-and-print
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.2.6
Severity Score:: High
CVE:: 2024-38724

Plugin:: EventON
Plugin Slug:: eventon-lite
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.15
Severity Score:: Medium
CVE:: 2024-4752

Plugin:: File Manager Advanced Shortcode
Plugin Slug:: file-manager-advanced-shortcode
Vulnerability:: Directory Traversal
Patched in Version:: 2.4.1
Severity Score:: High
CVE:: 2023-7062

Plugin:: Houzez CRM
Plugin Slug:: houzez-crm
Vulnerability:: SQL Injection
Patched in Version:: 1.4.3
Severity Score:: High
CVE:: 2024-5792

Plugin:: Houzez Theme – Functionality
Plugin Slug:: houzez-theme-functionality
Vulnerability:: SQL Injection
Patched in Version:: 3.2.3
Severity Score:: High
CVE:: 2024-5793

Plugin:: Calendar.online / Kalender.digital
Plugin Slug:: kalender-digital
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.9
Severity Score:: Medium
CVE:: 2024-38678

Plugin:: Modern Events Calendar
Plugin Slug:: modern-events-calendar
Vulnerability:: Arbitrary File Upload
Patched in Version:: 7.12.0
Severity Score:: High
CVE:: 2024-5441

Plugin:: Modern Events Calendar Lite
Plugin Slug:: modern-events-calendar-lite
Vulnerability:: Arbitrary File Upload
Patched in Version:: 7.12.0
Severity Score:: High
CVE:: 2024-5441

Plugin:: Moloni
Plugin Slug:: moloni
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.8.0
Severity Score:: High
CVE:: 2024-38694

Plugin:: PayPlus Payment Gateway
Plugin Slug:: payplus-payment-gateway
Vulnerability:: SQL Injection
Patched in Version:: 7.0.8
Severity Score:: High
CVE:: 2024-37564

Plugin:: ReDi Restaurant Reservation
Plugin Slug:: redi-restaurant-reservation
Vulnerability:: Broken Access Control
Patched in Version:: 24.0712
Severity Score:: Medium
CVE:: 2024-38737

Plugin:: Seraphinite Accelerator (Full, premium)
Plugin Slug:: seraphinite-accelerator-ext
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.21.13.1
Severity Score:: High
CVE:: 2024-37940

Plugin:: Shortcodes Ultimate Pro
Plugin Slug:: shortcodes-ultimate-pro
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.1.5
Severity Score:: Medium
CVE:: 2024-4217

Plugin:: FormFlow: WhatsApp & Social Form Builder for Leads
Plugin Slug:: simple-form
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.12.2
Severity Score:: Medium
CVE:: 2024-3113

Plugin:: Swift Framework Page Builder
Plugin Slug:: socialdriver-framework
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2024.04.30
Severity Score:: High
CVE:: 2024-2870

Plugin:: Swift Framework Page Builder
Plugin Slug:: socialdriver-framework
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2024.04.30
Severity Score:: Medium
CVE:: 2024-2696

Plugin:: Uncanny Automator Pro
Plugin Slug:: uncanny-automator-pro
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.3.0.1
Severity Score:: High
CVE:: 2024-37117

Plugin:: Affiliate Manager
Plugin Slug:: wp-affiliate-platform
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 6.5.1
Severity Score:: Medium
CVE:: 2024-5287

Plugin:: Affiliate Manager
Plugin Slug:: wp-affiliate-platform
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 6.5.1
Severity Score:: High
CVE:: 2024-5284

Plugin:: Affiliate Manager
Plugin Slug:: wp-affiliate-platform
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.5.1
Severity Score:: High
CVE:: 2024-5280

Plugin:: WP eStore
Plugin Slug:: wp-cart-for-digital-products
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 8.5.5
Severity Score:: Medium
CVE:: 2024-6075

Plugin:: WP eStore
Plugin Slug:: wp-cart-for-digital-products
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 8.5.5
Severity Score:: High
CVE:: 2024-6072

Plugin:: WP eMember
Plugin Slug:: wp-eMember
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 10.6.7
Severity Score:: High
CVE:: 2024-5715

Plugin:: WP eMember
Plugin Slug:: wp-eMember
Vulnerability:: Arbitrary File Upload
Patched in Version:: 10.6.6
Severity Score:: Medium
CVE:: 2024-5080

Plugin:: WP eMember
Plugin Slug:: wp-eMember
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 10.6.7
Severity Score:: High
CVE:: 2024-5079

Plugin:: WP eMember
Plugin Slug:: wp-eMember
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 10.6.6
Severity Score:: High
CVE:: 2024-5077

Plugin:: WP eMember
Plugin Slug:: wp-eMember
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 10.6.6
Severity Score:: Medium
CVE:: 2024-5076

Plugin:: WP eMember
Plugin Slug:: wp-eMember
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 10.6.6
Severity Score:: High
CVE:: 2024-5074

Plugin:: WP GoToWebinar
Plugin Slug:: wp-gotowebinar
Vulnerability:: Broken Access Control
Patched in Version:: 15.7
Severity Score:: Medium
CVE:: 2024-38695

Plugin:: Zephyr Project Manager
Plugin Slug:: zephyr-project-manager
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 3.3.100
Severity Score:: High
CVE:: 2024-38761

WordPress Themes � 1 Patched / 14 Unpatched

Theme:: Oceanic
Theme Slug:: oceanic
Downloads: 88,451
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-38765

Theme:: OnePress
Theme Slug:: onepress
Downloads: 2,266,939
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-38739

Theme:: Popularis Verse
Theme Slug:: popularis-verse
Downloads: 22,912
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-38763

Theme:: Responsive Mobile
Theme Slug:: responsive-mobile
Downloads: 240,681
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-37949

Theme:: counterpoint
Theme Slug:: counterpoint
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-37559

Theme:: i-amaze
Theme Slug:: i-amaze
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-38731

Theme:: i-transform
Theme Slug:: i-transform
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-38764

Theme:: Jobmonster
Theme Slug:: noo-jobmonster
Vulnerability:: Arbitrary File Deletion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-37928

Theme:: Jobmonster
Theme Slug:: noo-jobmonster
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-37927

Theme:: Patricia Blog
Theme Slug:: patricia-blog
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-38732

Theme:: Patricia Lite
Theme Slug:: patricia-lite
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-37939

Theme:: Point
Theme Slug:: point
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-37931

Theme:: SmartMag
Theme Slug:: smartmag-responsive-retina-wordpress-magazine
Vulnerability:: Multiple Vulnerabilities
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-37930

Theme:: SociallyViral
Theme Slug:: sociallyviral
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-37938

Theme:: BuddyBoss Theme
Theme Slug:: buddyboss-theme
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.5.01
Severity Score:: Medium
CVE:: 2024-37925