WordPress Vulnerability Report � August 7, 2024

In this report, 108 vulnerabilities have been publicly disclosed. Security patches for 91 of these plugins are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 17 plugin and theme vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

WordPress Core

WordPress 6.6.1 is available! This minor release features 7 bug fixes in Core and 9 bug fixes for the Block Editor. You can review a summary of the maintenance updates in this release by reading the Release Candidate announcement.

WordPress Plugins � 91 Patched / 16 Unpatched

Plugin:: ?????? ?????? ??????
Plugin Slug:: pardakht-delkhah
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-6230

Plugin:: Blox Page Builder
Plugin Slug:: blox-page-builder
Installations: 500+
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-6315

Plugin:: Business Card
Plugin Slug:: business-card-by-esterox-100
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-5807

Plugin:: CZ Loan Management
Plugin Slug:: cz-loan-management
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-5975

Plugin:: Donation Block For PayPal
Plugin Slug:: donations-block
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-6021

Plugin:: Ebook Store
Plugin Slug:: ebook-store
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-6567

Plugin:: Remote Content Shortcode
Plugin Slug:: remote-content-shortcode
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-2090

Plugin:: Responsive Tabs
Plugin Slug:: responsive-tabs
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-4096

Plugin:: Send email only on Reply to My Comment
Plugin Slug:: send-email-only-on-reply-to-my-comment
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-6224

Plugin:: Send email only on Reply to My Comment
Plugin Slug:: send-email-only-on-reply-to-my-comment
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-6223

Plugin:: SpiderContacts
Plugin Slug:: spider-contacts
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-6272

Plugin:: Traffic Manager
Plugin Slug:: traffic-manager
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-7485

Plugin:: WP Ajax Contact Form
Plugin Slug:: wp-ajax-contact-form
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-5809

Plugin:: WP Ajax Contact Form
Plugin Slug:: wp-ajax-contact-form
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-5808

Plugin:: WpStickyBar
Plugin Slug:: wpstickybar-sticky-bar-sticky-header
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-6226

Plugin:: WpStickyBar
Plugin Slug:: wpstickybar-sticky-bar-sticky-header
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-5765

Plugin:: Essential Addons for Elementor � Best Elementor Templates, Widgets, Kits & WooCommerce Builders
Plugin Slug:: essential-addons-for-elementor-lite
Installations: 2,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.9.27
Severity Score:: Medium
CVE:: 2024-39649

Plugin:: SiteOrigin Widgets Bundle
Plugin Slug:: so-widgets-bundle
Installations: 600,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.62.3
Severity Score:: Medium
CVE:: 2024-5901

Plugin:: Forminator � Contact Form, Payment Form & Custom Form Builder
Plugin Slug:: forminator
Installations: 500,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.29.2
Severity Score:: Medium
CVE:: 2024-7389

Plugin:: Formidable Forms � Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder
Plugin Slug:: formidable
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.11.2
Severity Score:: Medium
CVE:: 2024-6725

Plugin:: Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)
Plugin Slug:: bdthemes-element-pack-lite
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.6.12
Severity Score:: Medium
CVE:: 2024-39667

Plugin:: Download Manager
Plugin Slug:: download-manager
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.98
Severity Score:: Medium
CVE:: 2024-6208

Plugin:: Essential Blocks � Page Builder Gutenberg Blocks, Patterns & Templates
Plugin Slug:: essential-blocks
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.7.0
Severity Score:: Medium
CVE:: 2024-5595

Plugin:: Inline Related Posts
Plugin Slug:: intelly-related-posts
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.8.0
Severity Score:: Medium
CVE:: 2024-6487

Plugin:: Floating Notification Bar, Sticky Menu on Scroll, Announcement Banner, and Sticky Header for Any Theme � My Sticky Bar (formerly myStickymenu)
Plugin Slug:: mystickymenu
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.7.2
Severity Score:: Medium
CVE:: 2024-4090

Plugin:: Email Encoder � Protect Email Addresses and Phone Numbers
Plugin Slug:: email-encoder-bundle
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.2
Severity Score:: Medium
CVE:: 2024-4483

Plugin:: Social Feed Gallery
Plugin Slug:: insta-gallery
Installations: 90,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.4.0
Severity Score:: Medium
CVE:: 2024-39640

Plugin:: LearnPress � WordPress LMS Plugin
Plugin Slug:: learnpress
Installations: 90,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 4.2.6.9
Severity Score:: Medium
CVE:: 2024-39642

Plugin:: LearnPress � WordPress LMS Plugin
Plugin Slug:: learnpress
Installations: 90,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 4.2.6.9
Severity Score:: Medium
CVE:: 2024-39641

Plugin:: WP Mobile Menu � The Mobile-Friendly Responsive Menu
Plugin Slug:: mobile-menu
Installations: 90,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.8.5
Severity Score:: Medium
CVE:: 2024-2508

Plugin:: Tutor LMS � eLearning and online course solution
Plugin Slug:: tutor
Installations: 90,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.7.3
Severity Score:: Medium
CVE:: 2024-39645

Plugin:: Folders � Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager
Plugin Slug:: folders
Installations: 80,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.0.4
Severity Score:: Medium
CVE:: 2024-7317

Plugin:: Comments � wpDiscuz
Plugin Slug:: wpdiscuz
Installations: 80,000+
Vulnerability:: Content Injection
Patched in Version:: 7.6.22
Severity Score:: Medium
CVE:: 2024-6704

Plugin:: Blog2Social: Social Media Auto Post & Scheduler
Plugin Slug:: blog2social
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.5.5
Severity Score:: Medium
CVE:: 2024-7302

Plugin:: File Manager Pro � Filester
Plugin Slug:: filester
Installations: 60,000+
Vulnerability:: Settings Change
Patched in Version:: 1.8.3
Severity Score:: High
CVE:: 2024-7031

Plugin:: JetFormBuilder � Dynamic Blocks Form Builder
Plugin Slug:: jetformbuilder
Installations: 60,000+
Vulnerability:: Privilege Escalation
Patched in Version:: 3.3.4.2
Severity Score:: High
CVE:: 2024-7291

Plugin:: Bold Page Builder
Plugin Slug:: bold-page-builder
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.0.3
Severity Score:: Medium
CVE:: 2024-7100

Plugin:: Easy Digital Downloads � eCommerce Payments and Subscriptions made easy
Plugin Slug:: easy-digital-downloads
Installations: 50,000+
Vulnerability:: SQL Injection
Patched in Version:: 3.3.1
Severity Score:: Critical
CVE:: 2024-5057

Plugin:: User Profile Builder � Beautiful User Registration Forms, User Profiles & User Role Editor
Plugin Slug:: profile-builder
Installations: 50,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.11.8
Severity Score:: Medium
CVE:: 2024-6366

Plugin:: Better Find and Replace
Plugin Slug:: real-time-auto-find-and-replace
Installations: 50,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 1.6.2
Severity Score:: High
CVE:: 2024-39636

Plugin:: Ditty � Responsive News Tickers, Sliders, and Lists
Plugin Slug:: ditty-news-ticker
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1.45
Severity Score:: Medium
CVE:: 2024-6710

Plugin:: Kubio AI Page Builder
Plugin Slug:: kubio
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.5
Severity Score:: Medium
CVE:: 2024-39661

Plugin:: Gutenberg Blocks, Page Builder � ComboBlocks
Plugin Slug:: post-grid
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.86
Severity Score:: Medium
CVE:: 2024-6346

Plugin:: Quiz and Survey Master (QSM) � Easy Quiz and Survey Maker
Plugin Slug:: quiz-master-next
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 9.1.0
Severity Score:: Medium
CVE:: 2024-6390

Plugin:: WP-PostRatings
Plugin Slug:: wp-postratings
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.91.2
Severity Score:: Medium
CVE:: 2024-39659

Plugin:: Slider by 10Web � Responsive Image Slider
Plugin Slug:: slider-wd
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.57
Severity Score:: Medium
CVE:: 2024-6408

Plugin:: UsersWP � Front-end login form, User Registration, User Profile & Members Directory plugin for WP
Plugin Slug:: userswp
Installations: 20,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.2.12
Severity Score:: High
CVE:: 2024-6477

Plugin:: WordPress File Upload
Plugin Slug:: wp-file-upload
Installations: 20,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.24.8
Severity Score:: Medium
CVE:: 2024-39639

Plugin:: Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submission � WP User Frontend
Plugin Slug:: wp-user-frontend
Installations: 20,000+
Vulnerability:: SQL Injection
Patched in Version:: 4.0.8
Severity Score:: High
CVE:: 2024-38693

Plugin:: Custom 404 Pro
Plugin Slug:: custom-404-pro
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.11.2
Severity Score:: High
CVE:: 2024-39646

Plugin:: RegistrationMagic � User Registration Plugin with Custom Registration Forms
Plugin Slug:: custom-registration-form-builder-with-submission-manager
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.0.0.2
Severity Score:: Medium
CVE:: 2024-39643

Plugin:: Horizontal scrolling announcements
Plugin Slug:: horizontal-scrolling-announcements
Installations: 10,000+
Vulnerability:: SQL Injection
Patched in Version:: 2.5
Severity Score:: High
CVE:: 2023-5000

Plugin:: Registrations for the Events Calendar � Event Registration Plugin
Plugin Slug:: registrations-for-the-events-calendar
Installations: 10,000+
Vulnerability:: SQL Injection
Patched in Version:: 2.12.3
Severity Score:: High
CVE:: 2024-39638

Plugin:: SportsPress � Sports Club & League Manager
Plugin Slug:: sportspress
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.7.22
Severity Score:: Medium
CVE:: 2024-3986

Plugin:: Event Manager, Events Calendar, Tickets, Registrations � Eventin
Plugin Slug:: wp-event-solution
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.0.6
Severity Score:: Medium
CVE:: 2024-39648

Plugin:: HTML Forms � Simple WordPress Forms Plugin
Plugin Slug:: html-forms
Installations: 9,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.3.34
Severity Score:: Medium
CVE:: 2024-6412

Plugin:: Chatbot for WordPress by Collect.chat ??
Plugin Slug:: collectchat
Installations: 8,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.4
Severity Score:: Medium
CVE:: 2024-6498

Plugin:: Salon Booking System
Plugin Slug:: salon-booking-system
Installations: 5,000+
Vulnerability:: SQL Injection
Patched in Version:: 10.8
Severity Score:: High
CVE:: 2024-39658

Plugin:: Pinpoint Booking System � #1 WordPress Booking Plugin
Plugin Slug:: booking-system
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.9.9.4.8
Severity Score:: Medium
CVE:: 2024-3636

Plugin:: Cooked � Recipe Management
Plugin Slug:: cooked
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8.1
Severity Score:: Medium
CVE:: 2024-41816

Plugin:: TemplateSpare: Quick & Easy WordPress Site Builder � 475+ Ready-Made Demos for News, Blogs, eCommerce, and More. One-Click Import, No Coding Needed
Plugin Slug:: templatespare
Installations: 4,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.4.3
Severity Score:: Medium
CVE:: 2024-6872

Plugin:: VikRentCar Car Rental Management System
Plugin Slug:: vikrentcar
Installations: 4,000+
Vulnerability:: SQL Injection
Patched in Version:: 1.4.1
Severity Score:: Critical
CVE:: 2024-39653

Plugin:: Sender � Newsletter, SMS and Email Marketing Automation for WooCommerce
Plugin Slug:: sender-net-automated-emails
Installations: 3,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.6.19
Severity Score:: Medium
CVE:: 2024-39657

Plugin:: Sync Post With Other Site
Plugin Slug:: sync-post-with-other-site
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.7
Severity Score:: Medium
CVE:: 2024-6709

Plugin:: Photo Engine (Media Organizer & Lightroom)
Plugin Slug:: wplr-sync
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.3.2
Severity Score:: Medium
CVE:: 2024-39660

Plugin:: Message Filter for Contact Form 7
Plugin Slug:: cf7-message-filter
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.2
Severity Score:: High
CVE:: 2024-39647

Plugin:: CRM Perks Forms � WordPress Form Builder
Plugin Slug:: crm-perks-forms
Installations: 2,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 1.1.4
Severity Score:: Critical
CVE:: 2024-7484

Plugin:: FundEngine � Donation and Crowdfunding Platform
Plugin Slug:: wp-fundraising-donation
Installations: 2,000+
Vulnerability:: Privilege Escalation
Patched in Version:: 1.7.1
Severity Score:: High
CVE:: 2024-6698

Plugin:: Black Widgets For Elementor
Plugin Slug:: black-widgets
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.6
Severity Score:: Medium
CVE:: 2024-39662

Plugin:: Black Widgets For Elementor
Plugin Slug:: black-widgets
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.6
Severity Score:: Medium
CVE:: 2024-39644

Plugin:: Extensions for Elementor
Plugin Slug:: extensions-for-elementor
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.32
Severity Score:: Medium
CVE:: 2024-39668

Plugin:: WP Fast Total Search � The Power of Indexed Search
Plugin Slug:: fulltext-search
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.69.234
Severity Score:: High
CVE:: 2024-39663

Plugin:: Sign-up Sheets
Plugin Slug:: sign-up-sheets
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.2.13
Severity Score:: Medium
CVE:: 2024-39654

Plugin:: Tainacan
Plugin Slug:: tainacan
Installations: 1,000+
Vulnerability:: Arbitrary File Download
Patched in Version:: 0.21.8
Severity Score:: Medium
CVE:: 2024-7135

Plugin:: LiquidPoll � Polls, Surveys, NPS and Feedback Reviews
Plugin Slug:: wp-poll
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.3.78
Severity Score:: Medium
CVE:: 2024-39655

Plugin:: YayExtra � WooCommerce Extra Product Options
Plugin Slug:: yayextra
Installations: 1,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 1.3.8
Severity Score:: Critical
CVE:: 2024-7257

Plugin:: Filter & Grids
Plugin Slug:: ymc-smart-filter
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.9.3
Severity Score:: Medium
CVE:: 2024-39665

Plugin:: Filter & Grids
Plugin Slug:: ymc-smart-filter
Installations: 1,000+
Vulnerability:: Broken Authentication
Patched in Version:: 2.8.34
Severity Score:: High
CVE:: 2024-39664

Plugin:: Zephyr Project Manager
Plugin Slug:: zephyr-project-manager
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.3.101
Severity Score:: Medium
CVE:: 2024-7356

Plugin:: Zephyr Project Manager
Plugin Slug:: zephyr-project-manager
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.3.99
Severity Score:: Medium
CVE:: 2024-6536

Plugin:: WANotifier � Send Message Notifications Using WhatsApp API
Plugin Slug:: notifier
Installations: 800+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.1
Severity Score:: Medium
CVE:: 2024-6165

Plugin:: Web Directory Free
Plugin Slug:: web-directory-free
Installations: 600+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.7.2
Severity Score:: High
CVE:: 2024-3669

Plugin:: CTT Expresso para WooCommerce
Plugin Slug:: ctt-expresso-para-woocommerce
Installations: 100+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 3.2.13
Severity Score:: Medium
CVE:: 2024-6687

Plugin:: News Element Elementor Blog Magazine
Plugin Slug:: news-element
Installations: 100+
Vulnerability:: Local File Inclusion
Patched in Version:: 1.0.6
Severity Score:: High
CVE:: 2024-6459

Plugin:: Lifetime free Drag & Drop Contact Form Builder for WordPress VForm
Plugin Slug:: v-form
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.6
Severity Score:: High
CVE:: 2024-6770

Plugin:: Community Events
Plugin Slug:: community-events
Installations: 40+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.1
Severity Score:: Medium
CVE:: 2024-6270

Plugin:: Ultimate Classified Listings
Plugin Slug:: ultimate-classified-listings
Installations: 30+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4
Severity Score:: High
CVE:: 2024-6529

Plugin:: Ultimate Classified Listings
Plugin Slug:: ultimate-classified-listings
Installations: 30+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3
Severity Score:: High
CVE:: 2024-5883

Plugin:: Ultimate Classified Listings
Plugin Slug:: ultimate-classified-listings
Installations: 30+
Vulnerability:: Local File Inclusion
Patched in Version:: 1.3
Severity Score:: High
CVE:: 2024-5882

Plugin:: Element Pack Pro
Plugin Slug:: bdthemes-element-pack
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.9.1
Severity Score:: Medium
CVE:: 2024-2455

Plugin:: Breakdance
Plugin Slug:: breakdance
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.0
Severity Score:: Medium
CVE:: 2024-5330

Plugin:: Breakdance
Plugin Slug:: breakdance
Vulnerability:: Broken Access Control
Patched in Version:: 2.0.0
Severity Score:: Medium
CVE:: 2024-5331

Plugin:: WPBakery Page Builder
Plugin Slug:: js_composer
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.8
Severity Score:: Medium
CVE:: 2024-5708

Plugin:: WPBakery Page Builder
Plugin Slug:: js_composer
Vulnerability:: Local File Inclusion
Patched in Version:: 7.8
Severity Score:: Medium
CVE:: 2024-5709

Plugin:: Paid Memberships Pro – Member Directory Add On
Plugin Slug:: pmpro-member-directory
Vulnerability:: SQL Injection
Patched in Version:: 1.2.6
Severity Score:: High
CVE:: 2024-1287

Plugin:: Pmpro Membership Maps
Plugin Slug:: pmpro-membership-maps
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 0.7
Severity Score:: Medium
CVE:: 2024-1286

Plugin:: Swift Framework Page Builder
Plugin Slug:: socialdriver-framework
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2024.04.30
Severity Score:: Medium
CVE:: 2024-2872

Plugin:: Spectra Pro
Plugin Slug:: spectra-pro
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.5
Severity Score:: Medium
CVE:: 2024-3827

Plugin:: Superfly Menu
Plugin Slug:: superfly-menu
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 5.0.30
Severity Score:: High
CVE:: 2024-3238

Plugin:: Tin Canny Reporting for LearnDash
Plugin Slug:: tin-canny-learndash-reporting
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.3.0.8
Severity Score:: High
CVE:: 2024-39656

Plugin:: WooCommerce Customers Manager
Plugin Slug:: woocommerce-customers-manager
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 30.1
Severity Score:: Medium
CVE:: 2024-2843

Plugin:: WooCommerce Customers Manager
Plugin Slug:: woocommerce-customers-manager
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 30.2
Severity Score:: Medium
CVE:: 2024-1747

Plugin:: WooCommerce PDF Vouchers
Plugin Slug:: woocommerce-pdf-vouchers
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.9.5
Severity Score:: High
CVE:: 2024-39652

Plugin:: WooCommerce PDF Vouchers
Plugin Slug:: woocommerce-pdf-vouchers
Vulnerability:: Arbitrary File Deletion
Patched in Version:: 4.9.5
Severity Score:: High
CVE:: 2024-39651

Plugin:: WooCommerce PDF Vouchers
Plugin Slug:: woocommerce-pdf-vouchers
Vulnerability:: Multiple Vulnerabilities
Patched in Version:: 4.9.5
Severity Score:: High
CVE:: 2024-39650

Plugin:: Affiliate Manager
Plugin Slug:: wp-affiliate-platform
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 6.5.2
Severity Score:: Medium
CVE:: 2024-5285

Plugin:: WP eMember
Plugin Slug:: wp-eMember
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 10.7.0
Severity Score:: High
CVE:: 2024-5081

WordPress Themes � 0 Patched / 1 Unpatched

Theme:: Edubin
Theme Slug:: edubin
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-39637

WordPress Vulnerability Report � August 7, 2024

WordPress Core

WordPress Plugins � 91 Patched / 16 Unpatched

WordPress Themes � 0 Patched / 1 Unpatched

Related articles

Wait! Get exclusive hosting insights