WordPress Vulnerability Report � August 14, 2024

In this report, 181 vulnerabilities have been publicly disclosed. Security patches for 118 of these plugins are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 63 plugin and theme vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

WordPress Core

WordPress 6.6.1 is available! This minor release features 7 bug fixes in Core and 9 bug fixes for the Block Editor. You can review a summary of the maintenance updates in this release by reading the Release Candidate announcement.

WordPress Plugins � 114 Patched / 58 Unpatched

Plugin:: PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer � DearFlip
Plugin Slug:: 3d-flipbook-dflip-lite
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-4367

Plugin:: Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)
Plugin Slug:: bdthemes-element-pack-lite
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-4360

Plugin:: Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)
Plugin Slug:: bdthemes-element-pack-lite
Installations: 100,000+
Vulnerability:: Arbitrary File Download
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-4359

Plugin:: Clearfy Cache � WordPress optimization plugin, Minify HTML, CSS & JS, Defer
Plugin Slug:: clearfy
Installations: 80,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43260

Plugin:: Form Maker by 10Web � Mobile-Friendly Drag & Drop Contact Form Builder
Plugin Slug:: form-maker
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-43220

Plugin:: Social Slider Feed
Plugin Slug:: instagram-slider-widget
Installations: 50,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43215

Plugin:: Analytify � Google Analytics Dashboard For WordPress (GA4 analytics made easy)
Plugin Slug:: wp-analytify
Installations: 30,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43265

Plugin:: WP Dashboard Notes
Plugin Slug:: wp-dashboard-notes
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43226

Plugin:: LA-Studio Element Kit for Elementor
Plugin Slug:: lastudio-element-kit
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43210

Plugin:: Mediavine Control Panel
Plugin Slug:: mediavine-control-panel
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43218

Plugin:: weMail � Email Marketing, Newsletter, Optin Forms, Subscribers WordPress Plugin
Plugin Slug:: wemail
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-43238

Plugin:: Backup and Restore WordPress � Backup Plugin
Plugin Slug:: wp-backitup
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43270

Plugin:: Backup and Restore WordPress � Backup Plugin
Plugin Slug:: wp-backitup
Installations: 10,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43269

Plugin:: Backup and Restore WordPress � Backup Plugin
Plugin Slug:: wp-backitup
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43268

Plugin:: YaMaps for WordPress Plugin
Plugin Slug:: yamaps
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43224

Plugin:: Create by Mediavine
Plugin Slug:: mediavine-create
Installations: 7,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43264

Plugin:: WP Job Portal � A Complete Recruitment System for Company or Job Board website
Plugin Slug:: wp-job-portal
Installations: 6,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43266

Plugin:: MultiVendorX Marketplace � WooCommerce MultiVendor Marketplace Solution
Plugin Slug:: dc-woocommerce-multi-vendor
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-43213

Plugin:: MailChimp Subscribe Form, Optin Builder, PopUp Builder, Form Builder
Plugin Slug:: mailchimp-subscribe-sm
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43211

Plugin:: Order Export for WooCommerce
Plugin Slug:: order-export-and-more-for-woocommerce
Installations: 3,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43259

Plugin:: Smart Online Order for Clover
Plugin Slug:: clover-online-orders
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43254

Plugin:: Smart Online Order for Clover
Plugin Slug:: clover-online-orders
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43253

Plugin:: Enter Addons � Ultimate Template Builder for Elementor
Plugin Slug:: enteraddons
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43225

Plugin:: Kodex Posts likes
Plugin Slug:: kodex-posts-likes
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-43217

Plugin:: WordPress Tour & Travel Booking Plugin for WooCommerce � WpTravelly
Plugin Slug:: tour-booking-manager
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-43212

Plugin:: Filr � Secure document library
Plugin Slug:: filr-protection
Installations: 900+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43216

Plugin:: Job Manager and Recruitment Board for Employers and Candidates � Crew HRM
Plugin Slug:: hr-management
Installations: 80+
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-43252

Plugin:: affiliate-toolkit
Plugin Slug:: affiliate-toolkit-starter
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-6562

Plugin:: Bit Form Pro
Plugin Slug:: bitformpro
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43251

Plugin:: Bit Form Pro
Plugin Slug:: bitformpro
Vulnerability:: Settings Change
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-43250

Plugin:: Bit Form Pro
Plugin Slug:: bitformpro
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-43249

Plugin:: Bit Form Pro
Plugin Slug:: bitformpro
Vulnerability:: Arbitrary File Deletion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-43248

Plugin:: Blox Page Builder
Plugin Slug:: blox-page-builder
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-6315

Plugin:: Compute Links
Plugin Slug:: compute-links
Vulnerability:: Remote File Inclusion
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-43261

Plugin:: House Manager
Plugin Slug:: house-manager
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-3973

Plugin:: Ultimate Membership Pro
Plugin Slug:: indeed-membership-pro
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-43242

Plugin:: Ultimate Membership Pro
Plugin Slug:: indeed-membership-pro
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-43241

Plugin:: Ultimate Membership Pro
Plugin Slug:: indeed-membership-pro
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-43240

Plugin:: Leopard – WordPress offload media
Plugin Slug:: leopard-wordpress-offload-media
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43257

Plugin:: Leopard – WordPress offload media
Plugin Slug:: leopard-wordpress-offload-media
Vulnerability:: Settings Change
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-43256

Plugin:: Linkify Text
Plugin Slug:: linkify-text
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-7382

Plugin:: My Custom CSS PHP & ADS
Plugin Slug:: my-custom-css
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-7410

Plugin:: MyBookTable Bookstore
Plugin Slug:: mybooktable
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-43255

Plugin:: No Update Nag
Plugin Slug:: no-update-nag
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-7412

Plugin:: Obfuscate Email
Plugin Slug:: obfuscate-email
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-7413

Plugin:: Opal Membership
Plugin Slug:: opal-membership
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-7649

Plugin:: Opal Membership
Plugin Slug:: opal-membership
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-7648

Plugin:: Reveal Template
Plugin Slug:: reveal-template
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-7416

Plugin:: Send Emails with Mandrill
Plugin Slug:: send-emails-with-mandrill
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43208

Plugin:: Store Locator Plus
Plugin Slug:: store-locator-le
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43258

Plugin:: Traffic Manager
Plugin Slug:: traffic-manager
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-7485

Plugin:: Mega Addons For Elementor
Plugin Slug:: ultimate-addons-for-elementor
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43267

Plugin:: Unite Gallery Lite
Plugin Slug:: unite-gallery-lite
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-43207

Plugin:: WHMpress
Plugin Slug:: whmpress
Vulnerability:: Settings Change
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-43247

Plugin:: WHMpress
Plugin Slug:: whmpress
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-43246

Plugin:: Woo Products Widgets For Elementor
Plugin Slug:: woo-products-widgets-for-elementor
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-43271

Plugin:: Bitly
Plugin Slug:: wp-bitly
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43209

Plugin:: JobSearch
Plugin Slug:: wp-jobsearch
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-43245

Plugin:: Essential Addons for Elementor � Best Elementor Templates, Widgets, Kits & WooCommerce Builders
Plugin Slug:: essential-addons-for-elementor-lite
Installations: 2,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.0.0
Severity Score:: Medium
CVE:: 2024-7092

Plugin:: Spectra � WordPress Gutenberg Blocks
Plugin Slug:: ultimate-addons-for-gutenberg
Installations: 900,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.15.1
Severity Score:: Medium
CVE:: 2024-7590

Plugin:: Premium Addons for Elementor
Plugin Slug:: premium-addons-for-elementor
Installations: 700,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.10.39
Severity Score:: Medium
CVE:: 2024-6824

Plugin:: Meta Box � WordPress Custom Fields Framework
Plugin Slug:: meta-box
Installations: 600,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.9.11
Severity Score:: High
CVE:: 2024-43235

Plugin:: Easy Table of Contents
Plugin Slug:: easy-table-of-contents
Installations: 500,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.68
Severity Score:: Medium
CVE:: 2024-7082

Plugin:: Gutenberg Blocks with AI by Kadence WP � Page Builder Features
Plugin Slug:: kadence-blocks
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.39
Severity Score:: Medium
CVE:: 2024-6884

Plugin:: AMP for WP � Accelerated Mobile Pages
Plugin Slug:: accelerated-mobile-pages
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.0.97
Severity Score:: Medium
CVE:: 2024-43146

Plugin:: Aruba HiSpeed Cache
Plugin Slug:: aruba-hispeed-cache
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.0.13
Severity Score:: Medium
CVE:: 2024-43119

Plugin:: Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)
Plugin Slug:: bdthemes-element-pack-lite
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.7.3
Severity Score:: Medium
CVE:: 2024-7247

Plugin:: Slider & Popup Builder by Depicter � Add Image Slider, Carousel Slider, Exit Intent Popup, Popup Modal, Coupon Popup, Post Slider Carousel
Plugin Slug:: depicter
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.0
Severity Score:: Medium
CVE:: 2024-43161

Plugin:: Lightbox & Modal Popup WordPress Plugin � FooBox
Plugin Slug:: foobox-image-lightbox
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.7.32
Severity Score:: Medium
CVE:: 2024-5668

Plugin:: GiveWP � Donation Plugin and Fundraising Platform
Plugin Slug:: give
Installations: 100,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 3.14.2
Severity Score:: Critical
CVE:: 2024-37099

Plugin:: Hummingbird Performance � Cache & Page Speed Optimization for Core Web Vitals | Critical CSS | Minify CSS | Defer CSS Javascript | CDN
Plugin Slug:: hummingbird-performance
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.9.2
Severity Score:: Medium
CVE:: 2024-43118

Plugin:: Hummingbird Performance � Cache & Page Speed Optimization for Core Web Vitals | Critical CSS | Minify CSS | Defer CSS Javascript | CDN
Plugin Slug:: hummingbird-performance
Installations: 100,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.9.2
Severity Score:: Medium
CVE:: 2024-43117

Plugin:: Robin image optimizer � save money on image compression
Plugin Slug:: robin-image-optimizer
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.7.0
Severity Score:: Medium
CVE:: 2024-43122

Plugin:: Simple Local Avatars
Plugin Slug:: simple-local-avatars
Installations: 100,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.7.11
Severity Score:: Medium
CVE:: 2024-43116

Plugin:: HUSKY � Products Filter Professional for WooCommerce
Plugin Slug:: woocommerce-products-filter
Installations: 100,000+
Vulnerability:: Privilege Escalation
Patched in Version:: 1.3.6.2
Severity Score:: Critical
CVE:: 2024-43121

Plugin:: TypeSquare Webfonts for ????????
Plugin Slug:: xserver-typesquare-webfonts
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.0.8
Severity Score:: Medium
CVE:: 2024-43120

Plugin:: LearnPress � WordPress LMS Plugin
Plugin Slug:: learnpress
Installations: 90,000+
Vulnerability:: SQL Injection
Patched in Version:: 4.2.6.9.4
Severity Score:: High
CVE:: 2024-7548

Plugin:: MainWP Child Reports
Plugin Slug:: mainwp-child-reports
Installations: 90,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.2.1
Severity Score:: High
CVE:: 2024-7492

Plugin:: ??????? ?????
Plugin Slug:: persian-woocommerce
Installations: 90,000+
Vulnerability:: Broken Access Control
Patched in Version:: 9.0.0
Severity Score:: Medium
CVE:: 2024-43219

Plugin:: Tutor LMS � eLearning and online course solution
Plugin Slug:: tutor
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.7.4
Severity Score:: Medium
CVE:: 2024-43231

Plugin:: Tutor LMS � eLearning and online course solution
Plugin Slug:: tutor
Installations: 90,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.7.4
Severity Score:: Medium
CVE:: 2024-43142

Plugin:: Ajax Search Lite
Plugin Slug:: ajax-search-lite
Installations: 80,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.12.1
Severity Score:: Medium
CVE:: 2024-7084

Plugin:: Brizy � Page Builder
Plugin Slug:: brizy
Installations: 80,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.5.2
Severity Score:: Medium
CVE:: 2024-6254

Plugin:: Folders � Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager
Plugin Slug:: folders
Installations: 80,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.0.4
Severity Score:: Medium
CVE:: 2024-7317

Plugin:: Import and export users and customers
Plugin Slug:: import-users-from-csv-with-meta
Installations: 80,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.26.9
Severity Score:: High
CVE:: 2024-38787

Plugin:: Booking for Appointments and Events Calendar � Amelia
Plugin Slug:: ameliabooking
Installations: 70,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.2.1
Severity Score:: Medium
CVE:: 2024-6552

Plugin:: 3D FlipBook � PDF Flipbook WordPress
Plugin Slug:: interactive-3d-flipbook-powered-physics-engine
Installations: 70,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.15.7
Severity Score:: Medium
CVE:: 2024-43152

Plugin:: Media Library Assistant
Plugin Slug:: media-library-assistant
Installations: 70,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 3.19
Severity Score:: Critical
CVE:: 2024-6823

Plugin:: WP Table Builder � WordPress Table Plugin
Plugin Slug:: wp-table-builder
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.0
Severity Score:: Medium
CVE:: 2024-43125

Plugin:: Category Posts Widget
Plugin Slug:: category-posts
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.9.17
Severity Score:: Medium
CVE:: 2024-6158

Plugin:: Easy Digital Downloads � eCommerce Payments and Subscriptions made easy
Plugin Slug:: easy-digital-downloads
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.3.3
Severity Score:: Medium
CVE:: 2024-6692

Plugin:: Easy Digital Downloads � eCommerce Payments and Subscriptions made easy
Plugin Slug:: easy-digital-downloads
Installations: 50,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.3.1
Severity Score:: Medium
CVE:: 2024-43162

Plugin:: Ditty � Responsive News Tickers, Sliders, and Lists
Plugin Slug:: ditty-news-ticker
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1.45
Severity Score:: Medium
CVE:: 2024-6710

Plugin:: Gutenberg Blocks, Page Builder � ComboBlocks
Plugin Slug:: post-grid
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.87
Severity Score:: Medium
CVE:: 2024-43155

Plugin:: Slider by Soliloquy � Responsive Image Slider for WordPress
Plugin Slug:: soliloquy-lite
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.7.7
Severity Score:: Medium
CVE:: 2024-35775

Plugin:: Advanced Cron Manager � debug & control
Plugin Slug:: advanced-cron-manager
Installations: 30,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.5.10
Severity Score:: Medium
CVE:: 2024-43154

Plugin:: BetterDocs � Best Documentation, FAQ & Knowledge Base Plugin with AI Support & Instant Answer for Elementor & Gutenberg
Plugin Slug:: betterdocs
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.5.9
Severity Score:: Medium
CVE:: 2024-43227

Plugin:: BetterDocs � Best Documentation, FAQ & Knowledge Base Plugin with AI Support & Instant Answer for Elementor & Gutenberg
Plugin Slug:: betterdocs
Installations: 30,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 3.5.9
Severity Score:: Medium
CVE:: 2024-43129

Plugin:: Cost Calculator Builder
Plugin Slug:: cost-calculator-builder
Installations: 30,000+
Vulnerability:: SQL Injection
Patched in Version:: 3.2.16
Severity Score:: Critical
CVE:: 2024-43144

Plugin:: Accept Stripe Payments
Plugin Slug:: stripe-payments
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.87
Severity Score:: Medium
CVE:: 2024-7353

Plugin:: Ultimate Addons for Beaver Builder � Lite
Plugin Slug:: ultimate-addons-for-beaver-builder-lite
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.10
Severity Score:: Medium
CVE:: 2024-43151

Plugin:: Fuse Social Floating Sidebar
Plugin Slug:: fuse-social-floating-sidebar
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.4.11
Severity Score:: Medium
CVE:: 2024-5226

Plugin:: Icegram Engage � Ultimate WP Popup Builder, Lead Generation, Optins, and CTA
Plugin Slug:: icegram
Installations: 20,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.1.25
Severity Score:: Medium
CVE:: 2024-43272

Plugin:: Slider by 10Web � Responsive Image Slider
Plugin Slug:: slider-wd
Installations: 20,000+
Vulnerability:: SQL Injection
Patched in Version:: 1.2.58
Severity Score:: High
CVE:: 2024-7150

Plugin:: Easy PayPal & Stripe Buy Now Button
Plugin Slug:: wp-ecommerce-paypal
Installations: 20,000+
Vulnerability:: Open Redirection
Patched in Version:: 1.9.1
Severity Score:: Medium
CVE:: 2024-43236

Plugin:: WordPress File Upload
Plugin Slug:: wp-file-upload
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.24.8
Severity Score:: High
CVE:: 2024-6494

Plugin:: WordPress File Upload
Plugin Slug:: wp-file-upload
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.24.8
Severity Score:: High
CVE:: 2024-6651

Plugin:: 140+ Widgets | Xpro Addons For Elementor � FREE
Plugin Slug:: xpro-elementor-addons
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4.4.3
Severity Score:: Medium
CVE:: 2024-43150

Plugin:: Gutenberg Page Builder Blocks & Ready-Made Patterns Library for Blogs, Magazines, Newspapers, and Business Websites. Easy One-Click Import, No Coding Needed! � Blockspare
Plugin Slug:: blockspare
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.1
Severity Score:: Medium
CVE:: 2024-43164

Plugin:: Appointment Booking Calendar Plugin and Scheduling Plugin � BookingPress
Plugin Slug:: bookingpress-appointment-booking
Installations: 10,000+
Vulnerability:: Broken Authentication
Patched in Version:: 1.1.8
Severity Score:: Critical
CVE:: 2024-7350

Plugin:: GeoDirectory � WP Business Directory Plugin and Classified Listings Directory
Plugin Slug:: geodirectory
Installations: 10,000+
Vulnerability:: SQL Injection
Patched in Version:: 2.3.62
Severity Score:: High
CVE:: 2024-43145

Plugin:: Graphina � Elementor Charts and Graphs
Plugin Slug:: graphina-elementor-charts-and-graphs
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.0
Severity Score:: Medium
CVE:: 2024-43124

Plugin:: Horizontal scrolling announcements
Plugin Slug:: horizontal-scrolling-announcements
Installations: 10,000+
Vulnerability:: SQL Injection
Patched in Version:: 2.5
Severity Score:: High
CVE:: 2023-5000

Plugin:: myCred � Loyalty Points and Rewards plugin for WordPress and WooCommerce � Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification
Plugin Slug:: mycred
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.7.3
Severity Score:: Medium
CVE:: 2024-43214

Plugin:: Registrations for the Events Calendar � Event Registration Plugin
Plugin Slug:: registrations-for-the-events-calendar
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.12.2
Severity Score:: Medium
CVE:: 2024-43143

Plugin:: WooCommerce Product Table Lite
Plugin Slug:: wc-product-table-lite
Installations: 10,000+
Vulnerability:: Content Injection
Patched in Version:: 3.8.6
Severity Score:: Medium
CVE:: 2024-43128

Plugin:: Participants Database
Plugin Slug:: participants-database
Installations: 9,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 2.5.9.3
Severity Score:: Critical
CVE:: 2024-43141

Plugin:: Selection Lite
Plugin Slug:: selection-lite
Installations: 9,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.12
Severity Score:: Medium
CVE:: 2024-43147

Plugin:: Themify Shortcodes
Plugin Slug:: themify-shortcodes
Installations: 9,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.2
Severity Score:: Medium
CVE:: 2024-43133

Plugin:: Chatbot for WordPress by Collect.chat ??
Plugin Slug:: collectchat
Installations: 8,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.4
Severity Score:: Medium
CVE:: 2024-6498

Plugin:: CM Tooltip Glossary
Plugin Slug:: enhanced-tooltipglossary
Installations: 8,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.3.9
Severity Score:: Medium
CVE:: 2024-43149

Plugin:: Event Manager and Tickets Selling Plugin for WooCommerce � WpEvently � WordPress Plugin
Plugin Slug:: mage-eventpress
Installations: 8,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 4.2.2
Severity Score:: Medium
CVE:: 2024-43138

Plugin:: ParcelPanel (Free to install) � Shipment Tracking, Tracking, and Order Tracking for WooCommerce
Plugin Slug:: parcelpanel
Installations: 7,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.3.3
Severity Score:: High
CVE:: 2024-43163

Plugin:: Ultimate Bootstrap Elements for Elementor
Plugin Slug:: ultimate-bootstrap-elements-for-elementor
Installations: 7,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 1.4.5
Severity Score:: High
CVE:: 2024-43140

Plugin:: JetGridBuilder � Grid Builder for Elementor and Gutenberg
Plugin Slug:: jetgridbuilder
Installations: 6,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 1.1.3
Severity Score:: High
CVE:: 2024-43221

Plugin:: Timeline and History slider
Plugin Slug:: timeline-and-history-slider
Installations: 6,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 2.4
Severity Score:: High
CVE:: 2024-43232

Plugin:: WPCafe � Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce
Plugin Slug:: wp-cafe
Installations: 6,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 2.2.29
Severity Score:: High
CVE:: 2024-43135

Plugin:: JS Help Desk � The Ultimate Help Desk & Support Plugin
Plugin Slug:: js-support-ticket
Installations: 5,000+
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: 2.8.7
Severity Score:: Critical
CVE:: 2024-7094

Plugin:: JS Help Desk � The Ultimate Help Desk & Support Plugin
Plugin Slug:: js-support-ticket
Installations: 5,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.8.7
Severity Score:: Medium
CVE:: 2024-43274

Plugin:: Organization chart
Plugin Slug:: organization-chart
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.1
Severity Score:: Medium
CVE:: 2024-7355

Plugin:: Pinpoint Booking System � #1 WordPress Booking Plugin
Plugin Slug:: booking-system
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.9.9.4.8
Severity Score:: Medium
CVE:: 2024-3636

Plugin:: Card Elements for Elementor
Plugin Slug:: card-elements-for-elementor
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.3
Severity Score:: Medium
CVE:: 2024-43123

Plugin:: Cooked � Recipe Management
Plugin Slug:: cooked
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8.1
Severity Score:: Medium
CVE:: 2024-41816

Plugin:: FormCraft � Form Builder
Plugin Slug:: formcraft-form-builder
Installations: 4,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.2.11
Severity Score:: Medium
CVE:: 2024-43157

Plugin:: Icegram Collect � Easy Form, Lead Collection and Subscription plugin
Plugin Slug:: icegram-rainmaker
Installations: 4,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.3.15
Severity Score:: Medium
CVE:: 2024-43273

Plugin:: Waitlist Woocommerce ( Back in stock notifier )
Plugin Slug:: waitlist-woocommerce
Installations: 4,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.6.1
Severity Score:: Medium
CVE:: 2024-43134

Plugin:: EventPrime � Events Calendar, Bookings and Tickets
Plugin Slug:: eventprime-event-calendar-management
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.0.4.0
Severity Score:: Medium
CVE:: 2024-43223

Plugin:: Products, Order & Customers Export for WooCommerce
Plugin Slug:: export-woocommerce
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.12
Severity Score:: High
CVE:: 2024-43127

Plugin:: Sender � Newsletter, SMS and Email Marketing Automation for WooCommerce
Plugin Slug:: sender-net-automated-emails
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.16
Severity Score:: High
CVE:: 2024-43126

Plugin:: Shared Files � Frontend File Upload Form & Secure File Sharing
Plugin Slug:: shared-files
Installations: 3,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.7.29
Severity Score:: Medium
CVE:: 2024-43230

Plugin:: Visual Website Collaboration, Feedback & Project Management � Atarim
Plugin Slug:: atarim-visual-collaboration
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.0.3
Severity Score:: Medium
CVE:: 2024-7621

Plugin:: BSK Forms Blacklist
Plugin Slug:: bsk-gravityforms-blacklist
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.8.1
Severity Score:: High
CVE:: 2024-43233

Plugin:: CRM Perks Forms � WordPress Form Builder
Plugin Slug:: crm-perks-forms
Installations: 2,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 1.1.4
Severity Score:: Critical
CVE:: 2024-7484

Plugin:: Masteriyo LMS � eLearning and Online Course Builder for WordPress
Plugin Slug:: learning-management-system
Installations: 2,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 1.11.5
Severity Score:: Medium
CVE:: 2024-43239

Plugin:: Masteriyo LMS � eLearning and Online Course Builder for WordPress
Plugin Slug:: learning-management-system
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.12.0
Severity Score:: Medium
CVE:: 2024-43159

Plugin:: Masteriyo LMS � eLearning and Online Course Builder for WordPress
Plugin Slug:: learning-management-system
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.11.5
Severity Score:: High
CVE:: 2024-43158

Plugin:: WP Search Analytics
Plugin Slug:: search-analytics
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.4.10
Severity Score:: Medium
CVE:: 2024-43229

Plugin:: Post Grid Master � Custom Post Types, Taxonomies & Ajax Filter Everything with Infinite Scroll, Load More, Pagination & Shortcode Builder
Plugin Slug:: ajax-filter-posts
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.4.11
Severity Score:: High
CVE:: 2024-43156

Plugin:: Christmasify!
Plugin Slug:: christmasify
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.5.6
Severity Score:: High
CVE:: 2024-7574

Plugin:: Falang multilanguage for WordPress
Plugin Slug:: falang
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.3.53
Severity Score:: Medium
CVE:: 2024-6869

Plugin:: Football Pool
Plugin Slug:: football-pool
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.11.10
Severity Score:: Medium
CVE:: 2024-43139

Plugin:: Football Pool
Plugin Slug:: football-pool
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.12.1
Severity Score:: Medium
CVE:: 2024-43130

Plugin:: StreamCast � Radio Player for WordPress
Plugin Slug:: streamcast
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.4
Severity Score:: Medium
CVE:: 2024-43148

Plugin:: Sunshine Photo Cart: Free Client Photo Galleries for Photographers
Plugin Slug:: sunshine-photo-cart
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.2.2
Severity Score:: Medium
CVE:: 2024-43136

Plugin:: WappPress � Create Mobile App for any WordPress site with our Mobile App Builder in just 1 minute
Plugin Slug:: wapppress-builds-android-app-for-website
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.0.5
Severity Score:: Medium
CVE:: 2024-43137