Nexcess.com Servers.com LiquidWeb.com

Line illustration showing a black application window on a dark blue gradient background overlaid with a large exclamation point alert icon and three bugs.

WordPress Vulnerability Report � October 2, 2024

In this report, 302 vulnerabilities have been publicly disclosed. Security patches for 216 of these plugins are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 86 plugin and theme vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

WordPress Core

WordPress 6.7 Beta 1 is ready for download and testing! This beta version of the WordPress software is under development. Please do not install, run, or test this version of WordPress on production or mission-critical websites. Instead, set up a test environment or a local site to explore the new features.

WordPress Plugins � 213 Patched / 83 Unpatched

Plugin:: Crowdsignal Dashboard � Polls, Surveys & more
Plugin Slug:: polldaddy
Installations: 100,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43338

Plugin:: Contact Form to Any API
Plugin Slug:: contact-form-to-any-api
Installations: 8,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-7617

Plugin:: EventPrime � Events Calendar, Bookings and Tickets
Plugin Slug:: eventprime-event-calendar-management
Installations: 4,000+
Vulnerability:: Open Redirection
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-47648

Plugin:: Premium Packages � Sell Digital Products Securely
Plugin Slug:: wpdm-premium-packages
Installations: 4,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-7386

Plugin:: Community by PeepSo � Social Network, Membership, Registration, User Profiles, Premium � Mobile App
Plugin Slug:: peepso-core
Installations: 3,000+
Vulnerability:: Full Path Disclosure (FPD)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-7426

Plugin:: Copyscape Premium
Plugin Slug:: copyscape-premium
Installations: 2,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-47644

Plugin:: Keap Official Opt-in Forms
Plugin Slug:: infusionsoft-official-opt-in-forms
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-47642

Plugin:: Online Booking & Scheduling Calendar for WordPress by vcita
Plugin Slug:: meeting-scheduler-by-vcita
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-47638

Plugin:: Include Fussball.de Widgets
Plugin Slug:: include-fussball-de-widgets
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-47643

Plugin:: Payflex Payment Gateway
Plugin Slug:: payflex-payment-gateway
Installations: 1,000+
Vulnerability:: Open Redirection
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-47646

Plugin:: Terms descriptions
Plugin Slug:: terms-descriptions
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-47336

Plugin:: Review & testimonial widgets
Plugin Slug:: trustmary
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-44022

Plugin:: VdoCipher: Secure Video Player and Hosting
Plugin Slug:: vdocipher
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-47639

Plugin:: WPExperts Square For GiveWP
Plugin Slug:: wpexperts-square-for-give
Installations: 200+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-47338

Plugin:: Multipurpose Ticket Booking Manager (Bus/Train/Ferry/Boat/Shuttle) | WordPress Plugin
Plugin Slug:: bus-booking-manager
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-44037

Plugin:: 012 PS Multi Languages
Plugin Slug:: 012-ps-multi-languages
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-8723

Plugin:: 123.chat
Plugin Slug:: 123-chat-videochat
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-7869

Plugin:: ABCApp Creator
Plugin Slug:: abcapp-creator
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-44023

Plugin:: adstxt
Plugin Slug:: adstxt
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-7892

Plugin:: Thanh To�n Qu�t M� QR Code T? ??ng
Plugin Slug:: bck-tu-dong-xac-nhan-thanh-toan-chuyen-khoan-ngan-hang
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-8914

Plugin:: Charity Addon for Elementor
Plugin Slug:: charity-addon-for-elementor
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-44026

Plugin:: Common Tools for Site
Plugin Slug:: common-tools-for-site
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-9115

Plugin:: Confetti Fall Animation
Plugin Slug:: confetti-fall-animation
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-47641

Plugin:: Contact Form 7 Campaign Monitor Extension
Plugin Slug:: contact-form-7-campaign-monitor-extension
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-44019

Plugin:: Custom Banners
Plugin Slug:: custom-banners
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-8799

Plugin:: DK PDF
Plugin Slug:: dk-pdf
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-8727

Plugin:: Contact Form 7 Math Captcha
Plugin Slug:: ds-cf7-math-captcha
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-6517

Plugin:: Easy Load More
Plugin Slug:: easy-load-more
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-8728

Plugin:: Elastik Page Builder
Plugin Slug:: elastik-page-builder
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-9274

Plugin:: GF Custom Style
Plugin Slug:: gf-custom-style
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-9173

Plugin:: Graphicsly
Plugin Slug:: graphicsly
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-9069

Plugin:: Gravity Forms Toolbar
Plugin Slug:: gravity-forms-toolbar
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-8718

Plugin:: GutenGeek Free Gutenberg Blocks for WordPress
Plugin Slug:: gtg-advanced-blocks
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-9073

Plugin:: Hello World
Plugin Slug:: hello-world
Vulnerability:: Arbitrary File Download
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-9224

Plugin:: Iconize
Plugin Slug:: iconize
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-47649

Plugin:: Instant Chat Floating Button for WordPress Websites
Plugin Slug:: instant-chat-wp
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-44018

Plugin:: Joy Of Text Lite
Plugin Slug:: joy-of-text
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-47337

Plugin:: KB Support
Plugin Slug:: kb-support
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-8632

Plugin:: KB Support
Plugin Slug:: kb-support
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-8548

Plugin:: king_IE
Plugin Slug:: king-ie
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-9125

Plugin:: Kodex Posts likes
Plugin Slug:: kodex-posts-likes
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-8713

Plugin:: Kodex Posts likes
Plugin Slug:: kodex-posts-likes
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-44036

Plugin:: LH Copy Media File
Plugin Slug:: lh-copy-media-file
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-9220

Plugin:: LocateAndFilter
Plugin Slug:: locateandfilter
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-9304

Plugin:: Loggedin
Plugin Slug:: loggedin
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-9228

Plugin:: Mapplic Lite
Plugin Slug:: mapplic-lite
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-9117

Plugin:: Material Design Icons
Plugin Slug:: material-design-icons
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-9024

Plugin:: Medical Addon for Elementor
Plugin Slug:: medical-addon-for-elementor
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-44024

Plugin:: MH Board
Plugin Slug:: mh-board
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-44017

Plugin:: nm-visitors
Plugin Slug:: nm-visitors
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2022-4541

Plugin:: OneElements � Best Elementor Addons
Plugin Slug:: oneelements-ultimate-addons-for-elementor
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-9068

Plugin:: Optin Hound
Plugin Slug:: opt-in-hound
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-9267

Plugin:: PDF Image Generator
Plugin Slug:: pdf-image-generator
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-9241

Plugin:: Podiant
Plugin Slug:: podiant
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-44016

Plugin:: R Animated Icon
Plugin Slug:: r-animated-icon
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-9272

Plugin:: Relogo
Plugin Slug:: relogo
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-9269

Plugin:: REST API TO MiniProgram
Plugin Slug:: rest-api-to-miniprogram
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-8484

Plugin:: REST API TO MiniProgram
Plugin Slug:: rest-api-to-miniprogram
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-8485

Plugin:: RumbleTalk Live Group Chat
Plugin Slug:: rumbletalk-chat-a-chat-with-themes
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-8720

Plugin:: WP Search Analytics
Plugin Slug:: search-analytics
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-9209

Plugin:: Super Testimonials
Plugin Slug:: sola-testimonials
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-9127

Plugin:: SVG Complete
Plugin Slug:: svg-complete
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-9119

Plugin:: Themesflat Addons For Elementor
Plugin Slug:: themesflat-addons-for-elementor
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-8516

Plugin:: Themesflat Addons For Elementor
Plugin Slug:: themesflat-addons-for-elementor
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-8515

Plugin:: Truepush
Plugin Slug:: truepush-free-web-push-notifications
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-44021

Plugin:: Users Control
Plugin Slug:: users-control
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-44015

Plugin:: Vmax Project Manager
Plugin Slug:: vmax-project-manager
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-44014

Plugin:: Wechat Social login
Plugin Slug:: wechat-social-login
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-9108

Plugin:: Wechat Social login
Plugin Slug:: wechat-social-login
Vulnerability:: Broken Authentication
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-9106

Plugin:: WooCommerce � Store Exporter
Plugin Slug:: woocommerce-exporter
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-8793

Plugin:: WP Category Dropdown
Plugin Slug:: wp-category-dropdown
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-8103

Plugin:: WP Easy Gallery
Plugin Slug:: wp-easy-gallery
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-9018

Plugin:: WP Easy Gallery
Plugin Slug:: wp-easy-gallery
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-8437

Plugin:: WP Easy Gallery
Plugin Slug:: wp-easy-gallery
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-8436

Plugin:: WP Free SSL � Free SSL Certificate for WordPress and force HTTPS
Plugin Slug:: wp-free-ssl
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-44020

Plugin:: WP GPX Map
Plugin Slug:: wp-gpx-maps
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-9028

Plugin:: WP Newsletter Subscription
Plugin Slug:: wp-newsletter-subscription
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-44012

Plugin:: Special Text Boxes
Plugin Slug:: wp-special-textboxes
Vulnerability:: Bypass Vulnerability
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-8481

Plugin:: WP Ticket Ultra Help Desk & Support Plugin
Plugin Slug:: wp-ticket-ultra
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-44011

Plugin:: WP-WebAuthn
Plugin Slug:: wp-webauthn
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-47650

Plugin:: Spreadsheet Integration � Automate Google Sheets With WordPress, WooCommerce & Most Popular Form Plugins.
Plugin Slug:: wpgsi
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-6590

Plugin:: WPSPX
Plugin Slug:: wpspx
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-44034

Plugin:: WPZOOM Shortcodes
Plugin Slug:: wpzoom-shortcodes
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-9027

Plugin:: LiteSpeed Cache
Plugin Slug:: litespeed-cache
Installations: 6,000,000+
Vulnerability:: Path Traversal
Patched in Version:: 6.5.1
Severity Score:: High
CVE:: 2024-47637

Plugin:: LiteSpeed Cache
Plugin Slug:: litespeed-cache
Installations: 6,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.5.1
Severity Score:: Medium
CVE:: 2024-47373

Plugin:: LiteSpeed Cache
Plugin Slug:: litespeed-cache
Installations: 6,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.5.1
Severity Score:: High
CVE:: 2024-47374

Plugin:: LiteSpeed Cache
Plugin Slug:: litespeed-cache
Installations: 6,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.5
Severity Score:: Medium
CVE:: 2024-9169

Plugin:: MC4WP: Mailchimp for WordPress
Plugin Slug:: mailchimp-for-wp
Installations: 2,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.9.17
Severity Score:: Medium
CVE:: 2024-8680

Plugin:: Starter Templates � Elementor, WordPress & Beaver Builder Templates
Plugin Slug:: astra-sites
Installations: 1,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.4.1
Severity Score:: Medium
CVE:: 2024-47345

Plugin:: ElementsKit Elementor addons
Plugin Slug:: elementskit-lite
Installations: 1,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.8
Severity Score:: Medium
CVE:: 2024-8546

Plugin:: W3 Total Cache
Plugin Slug:: w3-total-cache
Installations: 1,000,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.7.6
Severity Score:: Low
CVE:: 2023-5359

Plugin:: Website Builder by SeedProd � Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode
Plugin Slug:: coming-soon
Installations: 900,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.18.4
Severity Score:: Medium
CVE:: 2024-47299

Plugin:: Ninja Forms � The Contact Form Builder That Grows With You
Plugin Slug:: ninja-forms
Installations: 800,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.8.16
Severity Score:: High
CVE:: 2024-3866

Plugin:: Popup Maker � Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder
Plugin Slug:: popup-maker
Installations: 700,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.20.0
Severity Score:: Medium
CVE:: 2024-47358

Plugin:: Premium Addons for Elementor
Plugin Slug:: premium-addons-for-elementor
Installations: 700,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.10.53
Severity Score:: Medium
CVE:: 2024-8681

Plugin:: The Events Calendar
Plugin Slug:: the-events-calendar
Installations: 700,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.6.4
Severity Score:: High
CVE:: 2024-6931

Plugin:: The Events Calendar
Plugin Slug:: the-events-calendar
Installations: 700,000+
Vulnerability:: SQL Injection
Patched in Version:: 6.6.4.1
Severity Score:: Critical
CVE:: 2024-8275

Plugin:: Happy Addons for Elementor
Plugin Slug:: happy-elementor-addons
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.12.1
Severity Score:: Medium
CVE:: 2024-47357

Plugin:: Happy Addons for Elementor
Plugin Slug:: happy-elementor-addons
Installations: 400,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 3.12.3
Severity Score:: Medium
CVE:: 2024-8801

Plugin:: Templately � Elementor & Gutenberg Template Library: 5000+ Free & Pro Ready Templates & Cloud!
Plugin Slug:: templately
Installations: 300,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.1.3
Severity Score:: Medium
CVE:: 2024-47308

Plugin:: Unlimited Elements For Elementor (Free Widgets, Addons, Templates)
Plugin Slug:: unlimited-elements-for-elementor
Installations: 300,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.122
Severity Score:: High
CVE:: 2024-45454

Plugin:: Jeg Elementor Kit
Plugin Slug:: jeg-elementor-kit
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.9
Severity Score:: Medium
CVE:: 2024-47390

Plugin:: Photo Gallery by 10Web � Mobile-Friendly Image Gallery
Plugin Slug:: photo-gallery
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8.28
Severity Score:: Medium
CVE:: 2024-44043

Plugin:: TinyPNG � JPEG, PNG & WebP image compression
Plugin Slug:: tiny-compress-images
Installations: 200,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.4.4
Severity Score:: Medium
CVE:: 2024-47635

Plugin:: Use Any Font | Custom Font Uploader
Plugin Slug:: use-any-font
Installations: 200,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 6.3.09
Severity Score:: Medium
CVE:: 2024-47305

Plugin:: Elementor Addon Elements
Plugin Slug:: addon-elements-for-elementor-page-builder
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.13.7
Severity Score:: Medium
CVE:: 2024-47366

Plugin:: Elementor Addon Elements
Plugin Slug:: addon-elements-for-elementor-page-builder
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.13.7
Severity Score:: Medium
CVE:: 2024-47361

Plugin:: Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)
Plugin Slug:: bdthemes-element-pack-lite
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.7.6
Severity Score:: Medium
CVE:: 2024-47392

Plugin:: Beaver Builder � WordPress Page Builder
Plugin Slug:: beaver-builder-lite-version
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.8.3.7
Severity Score:: Medium
CVE:: 2024-9049

Plugin:: Slider & Popup Builder by Depicter � Add Image Slider, Carousel Slider, Exit Intent Popup, Popup Modal, Coupon Popup, Post Slider Carousel
Plugin Slug:: depicter
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.5.0
Severity Score:: Medium
CVE:: 2024-47381

Plugin:: Slider & Popup Builder by Depicter � Add Image Slider, Carousel Slider, Exit Intent Popup, Popup Modal, Coupon Popup, Post Slider Carousel
Plugin Slug:: depicter
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.5.0
Severity Score:: Medium
CVE:: 2024-47359

Plugin:: Essential Blocks � Page Builder Gutenberg Blocks, Patterns & Templates
Plugin Slug:: essential-blocks
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.9.0
Severity Score:: Medium
CVE:: 2024-47385

Plugin:: Advanced File Manager
Plugin Slug:: file-manager-advanced
Installations: 100,000+
Vulnerability:: Path Traversal
Patched in Version:: 5.2.9
Severity Score:: High
CVE:: 2024-8704

Plugin:: Advanced File Manager
Plugin Slug:: file-manager-advanced
Installations: 100,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 5.2.9
Severity Score:: High
CVE:: 2024-8126

Plugin:: Advanced File Manager
Plugin Slug:: file-manager-advanced
Installations: 100,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 5.2.9
Severity Score:: Medium
CVE:: 2024-8725

Plugin:: GiveWP � Donation Plugin and Fundraising Platform
Plugin Slug:: give
Installations: 100,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 3.16.2
Severity Score:: Critical
CVE:: 2024-8353

Plugin:: GiveWP � Donation Plugin and Fundraising Platform
Plugin Slug:: give
Installations: 100,000+
Vulnerability:: SQL Injection
Patched in Version:: 3.16.2
Severity Score:: High
CVE:: 2024-9130

Plugin:: GiveWP � Donation Plugin and Fundraising Platform
Plugin Slug:: give
Installations: 100,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.16.0
Severity Score:: Medium
CVE:: 2024-47315

Plugin:: Strong Testimonials
Plugin Slug:: strong-testimonials
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.1.17
Severity Score:: Medium
CVE:: 2024-47362

Plugin:: The Post Grid � Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid
Plugin Slug:: the-post-grid
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.5.0
Severity Score:: Medium
CVE:: 2024-3635

Plugin:: HUSKY � Products Filter Professional for WooCommerce
Plugin Slug:: woocommerce-products-filter
Installations: 100,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 1.3.6.2
Severity Score:: Medium
CVE:: 2024-7491

Plugin:: ShopLentor � WooCommerce Builder for Elementor & Gutenberg +12 Modules � All in One Solution (formerly WooLentor)
Plugin Slug:: woolentor-addons
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.9.8
Severity Score:: Medium
CVE:: 2024-8668

Plugin:: Download Monitor
Plugin Slug:: download-monitor
Installations: 90,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.0.10
Severity Score:: Medium
CVE:: 2024-8552

Plugin:: HT Mega � Absolute Addons For Elementor
Plugin Slug:: ht-mega-for-elementor
Installations: 90,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.6.6
Severity Score:: Medium
CVE:: 2024-8910

Plugin:: Jupiter X Core
Plugin Slug:: jupiterx-core
Installations: 90,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 4.6.6
Severity Score:: Critical
CVE:: 2024-7772

Plugin:: Jupiter X Core
Plugin Slug:: jupiterx-core
Installations: 90,000+
Vulnerability:: Broken Authentication
Patched in Version:: 4.7.8
Severity Score:: High
CVE:: 2024-7781

Plugin:: Email Subscribers by Icegram Express � Email Marketing, Newsletters, Automation for WordPress & WooCommerce
Plugin Slug:: email-subscribers
Installations: 80,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.7.35
Severity Score:: Medium
CVE:: 2024-8771

Plugin:: WP ULike � The Ultimate Engagement Toolkit for Websites
Plugin Slug:: wp-ulike
Installations: 80,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.7.4
Severity Score:: Medium
CVE:: 2024-7878

Plugin:: WP Bulk Delete
Plugin Slug:: wp-bulk-delete
Installations: 70,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.2
Severity Score:: High
CVE:: 2024-47352

Plugin:: Elementor Addons by Livemesh
Plugin Slug:: addons-for-elementor
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 8.5.1
Severity Score:: Medium
CVE:: 2024-8858

Plugin:: Elementor Addons by Livemesh
Plugin Slug:: addons-for-elementor
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 8.5.1
Severity Score:: Medium
CVE:: 2024-47303

Plugin:: Simple Calendar � Google Calendar Plugin
Plugin Slug:: google-calendar-events
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.4.3
Severity Score:: High
CVE:: 2024-8549

Plugin:: Bold Page Builder
Plugin Slug:: bold-page-builder
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.1.1
Severity Score:: Medium
CVE:: 2024-47391

Plugin:: Bold Page Builder
Plugin Slug:: bold-page-builder
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.1.2
Severity Score:: Medium
CVE:: 2024-47298

Plugin:: Easy Digital Downloads � eCommerce Payments and Subscriptions made easy
Plugin Slug:: easy-digital-downloads
Installations: 50,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 3.3.4
Severity Score:: Medium
CVE:: 2022-2439

Plugin:: Pixel Cat � Conversion Pixel Manager
Plugin Slug:: facebook-conversion-pixel
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.0.6
Severity Score:: High
CVE:: 2024-8544

Plugin:: Form Maker by 10Web � Mobile-Friendly Drag & Drop Contact Form Builder
Plugin Slug:: form-maker
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.15.28
Severity Score:: Medium
CVE:: 2024-8633

Plugin:: Ultimate Blocks � WordPress Blocks Plugin
Plugin Slug:: ultimate-blocks
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.2
Severity Score:: Medium
CVE:: 2024-8536

Plugin:: Visual CSS Style Editor
Plugin Slug:: yellow-pencil-visual-theme-customizer
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.6.5
Severity Score:: High
CVE:: 2024-47348

Plugin:: DethemeKit For Elementor
Plugin Slug:: dethemekit-for-elementor
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.8
Severity Score:: Medium
CVE:: 2024-47632

Plugin:: Koko Analytics
Plugin Slug:: koko-analytics
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.13
Severity Score:: High
CVE:: 2024-8662

Plugin:: Page-list
Plugin Slug:: page-list
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.7
Severity Score:: Medium
CVE:: 2024-47382

Plugin:: Post Grid and Gutenberg Blocks
Plugin Slug:: post-grid
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.90
Severity Score:: Medium
CVE:: 2024-47340

Plugin:: Quiz and Survey Master (QSM) � Easy Quiz and Survey Maker
Plugin Slug:: quiz-master-next
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 9.1.3
Severity Score:: Medium
CVE:: 2024-8758

Plugin:: YITH WooCommerce Ajax Search
Plugin Slug:: yith-woocommerce-ajax-search
Installations: 40,000+
Vulnerability:: SQL Injection
Patched in Version:: 2.8.1
Severity Score:: Critical
CVE:: 2024-47350

Plugin:: Cost Calculator Builder
Plugin Slug:: cost-calculator-builder
Installations: 30,000+
Vulnerability:: SQL Injection
Patched in Version:: 3.2.29
Severity Score:: High
CVE:: 2024-8379

Plugin:: Ads by WPQuads � Adsense Ads, Banner Ads, Popup Ads
Plugin Slug:: quick-adsense-reloaded
Installations: 30,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.0.85
Severity Score:: Medium
CVE:: 2024-47317

Plugin:: Starbox � the Author Box for Humans
Plugin Slug:: starbox
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.5.3
Severity Score:: Medium
CVE:: 2024-8239

Plugin:: Themify � WooCommerce Product Filter
Plugin Slug:: themify-wc-product-filter
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.2
Severity Score:: Medium
CVE:: 2024-44046

Plugin:: Accordion
Plugin Slug:: accordions
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.100
Severity Score:: Medium
CVE:: 2024-47342

Plugin:: Popup, Optin Form & Email Newsletters for Mailchimp, HubSpot, AWeber � MailOptin
Plugin Slug:: mailoptin
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.70.4
Severity Score:: Medium
CVE:: 2024-8628

Plugin:: MAS Static Content
Plugin Slug:: mas-static-content
Installations: 20,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.0.9
Severity Score:: Medium
CVE:: 2024-8483

Plugin:: PWA for WP & AMP
Plugin Slug:: pwa-for-wp
Installations: 20,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.7.73
Severity Score:: Medium
CVE:: 2024-47318

Plugin:: Simple Membership After Login Redirection
Plugin Slug:: simple-membership-after-login-redirection
Installations: 20,000+
Vulnerability:: Open Redirection
Patched in Version:: 1.7
Severity Score:: Medium
CVE:: 2024-47354

Plugin:: Slider by 10Web � Responsive Image Slider
Plugin Slug:: slider-wd
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.59
Severity Score:: Medium
CVE:: 2024-8283

Plugin:: WCFM � Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible
Plugin Slug:: wc-frontend-manager
Installations: 20,000+
Vulnerability:: Privilege Escalation
Patched in Version:: 6.7.13
Severity Score:: High
CVE:: 2024-8290

Plugin:: Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit
Plugin Slug:: wp-marketing-automations
Installations: 20,000+
Vulnerability:: SQL Injection
Patched in Version:: 3.2.0
Severity Score:: High
CVE:: 2024-47328

Plugin:: Advanced Woo Labels � Product Labels for WooCommerce
Plugin Slug:: advanced-woo-labels
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.02
Severity Score:: Medium
CVE:: 2024-47622

Plugin:: ARI Fancy Lightbox � Popup for WordPress
Plugin Slug:: ari-fancy-lightbox
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.18
Severity Score:: Medium
CVE:: 2024-47310

Plugin:: BA Book Everything
Plugin Slug:: ba-book-everything
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.21
Severity Score:: High
CVE:: 2024-47360

Plugin:: BA Book Everything
Plugin Slug:: ba-book-everything
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.6.21
Severity Score:: Medium
CVE:: 2024-8794

Plugin:: BA Book Everything
Plugin Slug:: ba-book-everything
Installations: 10,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.6.21
Severity Score:: High
CVE:: 2024-8795

Plugin:: Blockspare: Gutenberg Blocks & Patterns for Blogs, Magazines, Business Sites � Post Grids, Sliders, Carousels, Counters, Page Builder & Starter Site Imports, No Coding Needed
Plugin Slug:: blockspare
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.5
Severity Score:: Medium
CVE:: 2024-47363

Plugin:: Multi Step for Contact Form 7
Plugin Slug:: cf7-multi-step
Installations: 10,000+
Vulnerability:: SQL Injection
Patched in Version:: 2.7.8
Severity Score:: Critical
CVE:: 2024-47331

Plugin:: Charitable � Donation Plugin for WordPress � Fundraising with Recurring Donations & More
Plugin Slug:: charitable
Installations: 10,000+
Vulnerability:: Privilege Escalation
Patched in Version:: 1.8.1.15
Severity Score:: Critical
CVE:: 2024-8791

Plugin:: Classic Editor and Classic Widgets
Plugin Slug:: classic-editor-and-classic-widgets
Installations: 10,000+
Vulnerability:: SQL Injection
Patched in Version:: 1.4.2
Severity Score:: High
CVE:: 2024-47312

Plugin:: Gallery Lightbox
Plugin Slug:: gallery-lightbox-slider
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.0.41
Severity Score:: Medium
CVE:: 2024-47623

Plugin:: Prisna GWT � Google Website Translator
Plugin Slug:: google-website-translator
Installations: 10,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 1.4.12
Severity Score:: High
CVE:: 2024-8514

Plugin:: Gum Elementor Addon
Plugin Slug:: gum-elementor-addon
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.7
Severity Score:: Medium
CVE:: 2024-44027

Plugin:: Gum Elementor Addon
Plugin Slug:: gum-elementor-addon
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.8
Severity Score:: Medium
CVE:: 2024-44035

Plugin:: FAQ / Accordion / Docs � Helpie WordPress FAQ Accordion plugin
Plugin Slug:: helpie-faq
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.28
Severity Score:: Medium
CVE:: 2024-47647

Plugin:: LA-Studio Element Kit for Elementor
Plugin Slug:: lastudio-element-kit
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.9.7
Severity Score:: Medium
CVE:: 2024-47628

Plugin:: Mega Elements � Addons for Elementor
Plugin Slug:: mega-elements-addons-for-elementor
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.5
Severity Score:: Medium
CVE:: 2024-47343

Plugin:: myCred � Loyalty Points and Rewards plugin for WordPress and WooCommerce � Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification
Plugin Slug:: mycred
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.7.4
Severity Score:: Medium
CVE:: 2024-8658

Plugin:: NEX-Forms � Ultimate Form Builder � Contact forms and much more
Plugin Slug:: nex-forms-express-wp-form-builder
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 8.7.4
Severity Score:: High
CVE:: 2024-47389

Plugin:: OSM � OpenStreetMap
Plugin Slug:: osm
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.1.1
Severity Score:: Medium
CVE:: 2024-8991

Plugin:: RomethemeKit For Elementor
Plugin Slug:: rometheme-for-elementor
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.1
Severity Score:: Medium
CVE:: 2024-47626

Plugin:: CartBounty � Save and recover abandoned carts for WooCommerce
Plugin Slug:: woo-save-abandoned-carts
Installations: 10,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 8.2.1
Severity Score:: Medium
CVE:: 2024-47634

Plugin:: WP Datepicker
Plugin Slug:: wp-datepicker
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.1.2
Severity Score:: Medium
CVE:: 2024-47321

Plugin:: WP Datepicker
Plugin Slug:: wp-datepicker
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.2
Severity Score:: Medium
CVE:: 2024-44042

Plugin:: Mail logging � WP Mail Catcher
Plugin Slug:: wp-mail-catcher
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.10
Severity Score:: High
CVE:: 2024-47339

Plugin:: YITH WooCommerce Product Add-Ons
Plugin Slug:: yith-woocommerce-product-add-ons
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.13.1
Severity Score:: High
CVE:: 2024-47367

Plugin:: Form plugin for WordPress � Zoho Forms
Plugin Slug:: zoho-forms
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.0.1
Severity Score:: Medium
CVE:: 2024-47633

Plugin:: Absolute Reviews
Plugin Slug:: absolute-reviews
Installations: 9,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.4
Severity Score:: Medium
CVE:: 2024-8965

Plugin:: MaxSlider
Plugin Slug:: maxslider
Installations: 9,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 1.2.4
Severity Score:: High
CVE:: 2024-47351

Plugin:: Affiliate Program Suite � SliceWP Affiliates
Plugin Slug:: slicewp
Installations: 9,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.19
Severity Score:: High
CVE:: 2024-47388

Plugin:: Fluent Support � Helpdesk & Customer Support Ticket System
Plugin Slug:: fluent-support
Installations: 8,000+
Vulnerability:: SQL Injection
Patched in Version:: 1.8.1
Severity Score:: High
CVE:: 2024-47304

Plugin:: Fluent Support � Helpdesk & Customer Support Ticket System
Plugin Slug:: fluent-support
Installations: 8,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.8.1
Severity Score:: Medium
CVE:: 2024-47302

Plugin:: Primary Addon for Elementor
Plugin Slug:: primary-addon-for-elementor
Installations: 8,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.8
Severity Score:: Medium
CVE:: 2024-44033

Plugin:: Slideshow Gallery LITE
Plugin Slug:: slideshow-gallery
Installations: 8,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8.4
Severity Score:: Medium
CVE:: 2024-47376

Plugin:: WS Form LITE � Drag & Drop Contact Form Builder for WordPress
Plugin Slug:: ws-form
Installations: 8,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.9.244
Severity Score:: High
CVE:: 2024-47320

Plugin:: Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder
Plugin Slug:: bit-form
Installations: 7,000+
Vulnerability:: SQL Injection
Patched in Version:: 2.13.12
Severity Score:: High
CVE:: 2024-47335

Plugin:: Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder
Plugin Slug:: bit-form
Installations: 7,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 2.13.11
Severity Score:: High
CVE:: 2024-47319

Plugin:: Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder
Plugin Slug:: bit-form
Installations: 7,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.13.11
Severity Score:: High
CVE:: 2024-47301

Plugin:: ProfileGrid � User Profiles, Groups and Communities
Plugin Slug:: profilegrid-user-profiles-groups-and-communities
Installations: 7,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.9.3.3
Severity Score:: Medium
CVE:: 2024-8861

Plugin:: WP Compress � Instant Performance & Speed Optimization
Plugin Slug:: wp-compress-image-optimizer
Installations: 7,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.21.01
Severity Score:: High
CVE:: 2024-47384

Plugin:: Author Avatars List/Block
Plugin Slug:: author-avatars
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.22
Severity Score:: Medium
CVE:: 2024-47370

Plugin:: Cozy Blocks � Page Builder for Gutenberg & Site Editor, Post Blocks, WooCommerce Blocks, Magazine Blocks, WordPress Gutenberg Blocks, Patterns and Templates Library
Plugin Slug:: cozy-addons
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.12
Severity Score:: Medium
CVE:: 2024-47355

Plugin:: Meta Slider and Carousel with Lightbox
Plugin Slug:: meta-slider-and-carousel-with-lightbox
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.2
Severity Score:: Medium
CVE:: 2024-47307

Plugin:: Radio Player � Live Shoutcast, Icecast and Any Audio Stream Player for WordPress
Plugin Slug:: radio-player
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.79
Severity Score:: Medium
CVE:: 2024-8267

Plugin:: Seriously Simple Stats
Plugin Slug:: seriously-simple-stats
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.7.0
Severity Score:: High
CVE:: 2024-8738

Plugin:: WP Travel � Ultimate Travel Booking System, Tour Management Engine
Plugin Slug:: wp-travel
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 9.4.0
Severity Score:: Medium
CVE:: 2024-44039

Plugin:: ElementsReady Addons for Elementor
Plugin Slug:: element-ready-lite
Installations: 5,000+
Vulnerability:: Open Redirection
Patched in Version:: 6.4.3
Severity Score:: Medium
CVE:: 2024-47353

Plugin:: ElementsReady Addons for Elementor
Plugin Slug:: element-ready-lite
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.4.1
Severity Score:: Medium
CVE:: 2024-47329

Plugin:: ElementInvader Addons for Elementor
Plugin Slug:: elementinvader-addons-for-elementor
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.8
Severity Score:: Medium
CVE:: 2024-47630

Plugin:: Garden Gnome Package
Plugin Slug:: garden-gnome-package
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.3.0
Severity Score:: Medium
CVE:: 2024-8657

Plugin:: Geo Mashup
Plugin Slug:: geo-mashup
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.13.14
Severity Score:: Medium
CVE:: 2024-8990

Plugin:: GEO my WP
Plugin Slug:: geo-my-wp
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.5.0.4
Severity Score:: High
CVE:: 2024-47327

Plugin:: Revolut Gateway for WooCommerce
Plugin Slug:: revolut-gateway-for-woocommerce
Installations: 5,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.17.4
Severity Score:: Medium
CVE:: 2024-8678

Plugin:: Salon Booking System
Plugin Slug:: salon-booking-system
Installations: 5,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 10.9.1
Severity Score:: Medium
CVE:: 2024-47316

Plugin:: Easy Mega Menu Plugin for WordPress � ThemeHunk
Plugin Slug:: themehunk-megamenu-plus
Installations: 5,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.1.0
Severity Score:: Medium
CVE:: 2024-8434

Plugin:: WPMobile.App � Android and iOS Mobile Application
Plugin Slug:: wpappninja
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 11.51
Severity Score:: High
CVE:: 2024-47349

Plugin:: Cities Shipping Zones for WooCommerce
Plugin Slug:: cities-shipping-zones-for-woocommerce
Installations: 4,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 1.2.8
Severity Score:: Medium
CVE:: 2024-47309

Plugin:: CubeWP Forms � All-in-One Form Builder
Plugin Slug:: cubewp-forms
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.2
Severity Score:: High
CVE:: 2024-47300

Plugin:: EU/UK VAT Manager for WooCommerce
Plugin Slug:: eu-vat-for-woocommerce
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.12.14
Severity Score:: High
CVE:: 2024-8788

Plugin:: EU/UK VAT Manager for WooCommerce
Plugin Slug:: eu-vat-for-woocommerce
Installations: 4,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.12.14
Severity Score:: Medium
CVE:: 2024-9189

Plugin:: GTM Server Side
Plugin Slug:: gtm-server-side
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.20
Severity Score:: High
CVE:: 2024-8712

Plugin:: Quill Forms | The Best Typeform Alternative | Create Conversational Multi Step Form, Survey, Quiz, Cost Estimation or Donation Form on WordPress
Plugin Slug:: quillforms
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.8.0
Severity Score:: Medium
CVE:: 2024-47393

Plugin:: Sight � Professional Image Gallery and Portfolio
Plugin Slug:: sight
Installations: 4,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.1.3
Severity Score:: Medium
CVE:: 2024-9025

Plugin:: Wheel of Life: Coaching and Assessment Tool for Life Coach
Plugin Slug:: wheel-of-life
Installations: 4,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.1.9
Severity Score:: Medium
CVE:: 2024-47311

Plugin:: WP-DownloadManager
Plugin Slug:: wp-downloadmanager
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.68.9
Severity Score:: High
CVE:: 2024-47341

Plugin:: AVIF Uploader
Plugin Slug:: avif-support
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.1
Severity Score:: Medium
CVE:: 2024-9060

Plugin:: Move Addons for Elementor
Plugin Slug:: move-addons
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.5
Severity Score:: Medium
CVE:: 2024-47364

Plugin:: Move Addons for Elementor
Plugin Slug:: move-addons
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.4
Severity Score:: Medium
CVE:: 2024-47396

Plugin:: Multiple Page Generator Plugin � MPG
Plugin Slug:: multiple-pages-generator-by-porthas
Installations: 3,000+
Vulnerability:: SQL Injection
Patched in Version:: 3.4.8
Severity Score:: High
CVE:: 2024-47325

Plugin:: Newsletters
Plugin Slug:: newsletters-lite
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.9.9.2
Severity Score:: High
CVE:: 2024-47346

Plugin:: Store Hours for WooCommerce
Plugin Slug:: order-hours-scheduler-for-woocommerce
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.3.22
Severity Score:: High
CVE:: 2024-8872

Plugin:: Robokassa payment gateway for Woocommerce
Plugin Slug:: robokassa
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.2
Severity Score:: High
CVE:: 2024-47395

Plugin:: Appointment & Event Booking Calendar Plugin � Webba Booking
Plugin Slug:: webba-booking-lite
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.0.50
Severity Score:: Medium
CVE:: 2024-8432

Plugin:: WP-Lister Lite for eBay
Plugin Slug:: wp-lister-for-ebay
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.6.5
Severity Score:: High
CVE:: 2024-47380

Plugin:: Zoho Flow for WordPress
Plugin Slug:: zoho-flow
Installations: 3,000+
Vulnerability:: SQL Injection
Patched in Version:: 2.8.1
Severity Score:: High
CVE:: 2024-47334

Plugin:: Automatically Hierarchic Categories in Menu
Plugin Slug:: automatically-hierarchic-categories-in-menu
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.6
Severity Score:: Medium
CVE:: 2024-47365

Plugin:: Beam me up Scotty � Back to Top Button
Plugin Slug:: beam-me-up-scotty
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.22
Severity Score:: High
CVE:: 2024-8741

Plugin:: BSK Forms Blacklist
Plugin Slug:: bsk-gravityforms-blacklist
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.9
Severity Score:: High
CVE:: 2024-47624

Plugin:: Bulk NoIndex & NoFollow Toolkit
Plugin Slug:: bulk-noindex-nofollow-toolkit-by-mad-fish
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.16
Severity Score:: High
CVE:: 2024-8803

Plugin:: Chartify � WordPress Chart Plugin
Plugin Slug:: chart-builder
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.7.7
Severity Score:: High
CVE:: 2024-47347

Plugin:: Premium Blocks � Gutenberg Blocks for WordPress
Plugin Slug:: premium-blocks-for-gutenberg
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.34
Severity Score:: Medium
CVE:: 2024-47368

Plugin:: Restaurant & Cafe Addon for Elementor
Plugin Slug:: restaurant-cafe-addon-for-elementor
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.6
Severity Score:: Medium
CVE:: 2024-44032

Plugin:: Share This Image
Plugin Slug:: share-this-image
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.02
Severity Score:: High
CVE:: 2024-47326

Plugin:: Simple LDAP Login
Plugin Slug:: simple-ldap-login
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.1
Severity Score:: High
CVE:: 2024-8715

Plugin:: Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blogs)
Plugin Slug:: sky-elementor-addons
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.5.12
Severity Score:: Medium
CVE:: 2024-47332

Plugin:: Free Responsive Testimonials, Social Proof Reviews, and Customer Reviews � Stars Testimonials
Plugin Slug:: stars-testimonials-with-slider-and-masonry-grid
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.3.2
Severity Score:: Medium
CVE:: 2024-8989

Plugin:: Loops & Logic
Plugin Slug:: tangible-loops-and-logic
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.1.5
Severity Score:: High
CVE:: 2024-47333

Plugin:: The Pack Elementor addons (Header Footer & WooCommerce Builder, Template Library)
Plugin Slug:: the-pack-addon
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.9
Severity Score:: Medium
CVE:: 2024-47383

Plugin:: Directory Listings WordPress plugin � uListing
Plugin Slug:: ulisting
Installations: 2,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.1.6
Severity Score:: Medium
CVE:: 2024-47344

Plugin:: WordPress Simple HTML Sitemap
Plugin Slug:: wp-simple-html-sitemap
Installations: 2,000+
Vulnerability:: SQL Injection
Patched in Version:: 3.2
Severity Score:: High
CVE:: 2024-7385

Plugin:: WPCOM Member
Plugin Slug:: wpcom-member
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.4.1
Severity Score:: High
CVE:: 2024-47378

Plugin:: XLTab � Accordions and Tabs for Elementor Page Builder
Plugin Slug:: xl-tab
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4
Severity Score:: Medium
CVE:: 2024-47375

Plugin:: Zotpress
Plugin Slug:: zotpress
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.3.11
Severity Score:: Medium
CVE:: 2024-47621

Plugin:: Post Form � Registration Form � Profile Form for User Profiles � Frontend Content Forms for User Submissions (UGC)
Plugin Slug:: buddyforms
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.8.13
Severity Score:: Medium
CVE:: 2024-47377

Plugin:: Polls CP
Plugin Slug:: cp-polls
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.75
Severity Score:: High
CVE:: 2024-47297

Plugin:: Daily Prayer Time
Plugin Slug:: daily-prayer-time-for-mosques
Installations: 1,000+
Vulnerability:: SQL Injection
Patched in Version:: 2024.09.14
Severity Score:: High
CVE:: 2024-8621

Plugin:: Easy PayPal Events
Plugin Slug:: easy-paypal-events-tickets
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.2.2
Severity Score:: Medium
CVE:: 2024-8476

Plugin:: Product Enquiry for WooCommerce, WooCommerce product catalog
Plugin Slug:: enquiry-quotation-for-woocommerce
Installations: 1,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 2.2.33.34
Severity Score:: High
CVE:: 2024-8922

Plugin:: Enter Addons � Ultimate Template Builder for Elementor
Plugin Slug:: enteraddons
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.9
Severity Score:: Medium
CVE:: 2024-47625

Plugin:: AnWP Football Leagues
Plugin Slug:: football-leagues-by-anwppro
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 0.16.8
Severity Score:: Medium
CVE:: 2024-8917

Plugin:: IdeaPush
Plugin Slug:: ideapush
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 8.69
Severity Score:: Medium
CVE:: 2024-44041

Plugin:: JoomSport � for Sports: Team & League, Football, Hockey & more
Plugin Slug:: joomsport-sports-league-results-management
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.6.4
Severity Score:: Medium
CVE:: 2024-44031

Plugin:: Search Atlas SEO � Best SEO Plugin for One-Click WP Publishing & Integrated AI Optimization
Plugin Slug:: metasync
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8.3
Severity Score:: Medium
CVE:: 2024-47387

Plugin:: NiceJob
Plugin Slug:: nicejob
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.6.5
Severity Score:: High
CVE:: 2024-44028

Plugin:: NiceJob
Plugin Slug:: nicejob
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.6.5
Severity Score:: Medium
CVE:: 2024-44025

Plugin:: TNC PDF viewer
Plugin Slug:: pdf-viewer-by-themencode
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.0
Severity Score:: Medium
CVE:: 2024-47372

Plugin:: Logo Carousel � Clients logo carousel for WP
Plugin Slug:: responsive-client-logo-carousel-slider
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.0
Severity Score:: Medium
CVE:: 2024-47631

Plugin:: ShiftController Employee Shift Scheduling
Plugin Slug:: shiftcontroller
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.9.65
Severity Score:: Medium
CVE:: 2024-44040

Plugin:: Sunshine Photo Cart: Free Client Photo Galleries for Photographers
Plugin Slug:: sunshine-photo-cart
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.2.9
Severity Score:: High
CVE:: 2024-47314

Plugin:: Sunshine Photo Cart: Free Client Photo Galleries for Photographers
Plugin Slug:: sunshine-photo-cart
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.2.10
Severity Score:: Medium
CVE:: 2024-44038

Plugin:: Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider
Plugin Slug:: ultimate-store-kit
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.6
Severity Score:: Medium
CVE:: 2024-47629

Plugin:: MDTF � Meta Data and Taxonomies Filter
Plugin Slug:: wp-meta-data-filter-and-taxonomy-filter
Installations: 1,000+
Vulnerability:: SQL Injection
Patched in Version:: 1.3.3.4
Severity Score:: High
CVE:: 2024-8624

Plugin:: MDTF � Meta Data and Taxonomies Filter
Plugin Slug:: wp-meta-data-filter-and-taxonomy-filter
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.3.3.4
Severity Score:: Medium
CVE:: 2024-8623

Plugin:: WP MyLinks
Plugin Slug:: wp-mylinks
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.7
Severity Score:: Medium
CVE:: 2024-47371

Plugin:: WP Travel Gutenberg Blocks
Plugin Slug:: wp-travel-blocks
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.7.0
Severity Score:: Medium
CVE:: 2024-47627

Plugin:: The Ultimate WordPress Toolkit � WP Extended
Plugin Slug:: wpextended
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.0.9
Severity Score:: High
CVE:: 2024-47386

Plugin:: XT Ajax Add To Cart for WooCommerce
Plugin Slug:: xt-woo-ajax-add-to-cart
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.3
Severity Score:: High
CVE:: 2024-8716

Plugin:: Themedy Toolbox
Plugin Slug:: themedy-toolbox
Installations: 900+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.16
Severity Score:: Medium
CVE:: 2024-9177

Plugin:: VR Calendar
Plugin Slug:: vr-calendar-sync
Installations: 800+
Vulnerability:: Local File Inclusion
Patched in Version:: 2.4.5
Severity Score:: High
CVE:: 2024-44013

Plugin:: Checkout Mestres do WP for WooCommerce
Plugin Slug:: checkout-mestres-wp
Installations: 700+
Vulnerability:: Local File Inclusion
Patched in Version:: 8.6.1
Severity Score:: High
CVE:: 2024-44030

Plugin:: QS Dark Mode Plugin
Plugin Slug:: qs-dark-mode
Installations: 700+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.0
Severity Score:: Medium
CVE:: 2024-9118

Plugin:: Web Directory Free
Plugin Slug:: web-directory-free
Installations: 600+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.7.4
Severity Score:: High
CVE:: 2024-47379

Plugin:: WP Abstracts
Plugin Slug:: wp-abstracts-manuscripts-manager
Installations: 400+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.7.0
Severity Score:: Medium
CVE:: 2024-44045

Plugin:: AI ChatBot with ChatGPT and Content Generator by AYS
Plugin Slug:: ays-chatgpt-assistant
Installations: 300+
Vulnerability:: Broken Access Control
Patched in Version:: 2.1.0
Severity Score:: Medium
CVE:: 2024-7714

Plugin:: AI ChatBot with ChatGPT and Content Generator by AYS
Plugin Slug:: ays-chatgpt-assistant
Installations: 300+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.1.0
Severity Score:: Medium
CVE:: 2024-7713

Plugin:: CSS JS Files
Plugin Slug:: css-js-files
Installations: 200+
Vulnerability:: Directory Traversal
Patched in Version:: 1.5.1
Severity Score:: Medium
CVE:: 2024-9146

Plugin:: Top Bar � PopUps � by WPOptin
Plugin Slug:: wpoptin
Installations: 90+
Vulnerability:: Local File Inclusion
Patched in Version:: 2.0.2
Severity Score:: High
CVE:: 2024-47645

Plugin:: Chatbot with ChatGPT WordPress
Plugin Slug:: smartsearchwp
Installations: 50+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.4.6
Severity Score:: Medium
CVE:: 2024-6845

Plugin:: Slider Revolution
Plugin Slug:: revslider
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.7.19
Severity Score:: Medium
CVE:: 2024-8107

Plugin:: Secure Copy Content Protection and Content Locking
Plugin Slug:: secure-copy-content-protection-subscribe-to-view
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.2.4
Severity Score:: High
CVE:: 2024-47306

Plugin:: Social Auto Poster
Plugin Slug:: social-auto-poster
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.3.16
Severity Score:: High
CVE:: 2024-47369

Plugin:: Uncanny Groups for LearnDash
Plugin Slug:: uncanny-learndash-groups
Vulnerability:: Privilege Escalation
Patched in Version:: 6.1.1
Severity Score:: High
CVE:: 2024-8349

Plugin:: Uncanny Groups for LearnDash
Plugin Slug:: uncanny-learndash-groups
Vulnerability:: Broken Access Control
Patched in Version:: 6.1.1
Severity Score:: Low
CVE:: 2024-8350

Plugin:: WooEvents
Plugin Slug:: woo-events
Vulnerability:: Arbitrary File Deletion
Patched in Version:: 4.1.3
Severity Score:: Critical
CVE:: 2024-8671

Plugin:: JobSearch
Plugin Slug:: wp-jobsearch
Vulnerability:: PHP Object Injection
Patched in Version:: 2.6.1
Severity Score:: Critical
CVE:: 2024-47636

Plugin:: JobSearch
Plugin Slug:: wp-jobsearch
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.1
Severity Score:: High
CVE:: 2024-47394

Plugin:: WP MultiTasking
Plugin Slug:: wp-multitasking
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 0.1.18
Severity Score:: Medium
CVE:: 2024-8189

Plugin:: WP Timeline � Vertical and Horizontal timeline plugin
Plugin Slug:: wp-timelines
Vulnerability:: Local File Inclusion
Patched in Version:: 3.6.8
Severity Score:: High
CVE:: 2024-47324

Plugin:: WP Timeline � Vertical and Horizontal timeline plugin
Plugin Slug:: wp-timelines
Vulnerability:: Local File Inclusion
Patched in Version:: 3.6.8
Severity Score:: High
CVE:: 2024-47323

Plugin:: WP Timeline � Vertical and Horizontal timeline plugin
Plugin Slug:: wp-timelines
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.6.8
Severity Score:: High
CVE:: 2024-47322

WordPress Themes � 3 Patched / 3 Unpatched

Theme:: UltraPress
Theme Slug:: ultrapress
Downloads: 15,920
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-7434

Theme:: Unseen Blog
Theme Slug:: unseen-blog
Downloads: 2,335
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-7432

Theme:: viala
Theme Slug:: viala
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-44029

Theme:: Catch Base
Theme Slug:: catch-base
Downloads: 203,923
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.4.7
Severity Score:: Medium
CVE:: 2024-47313

Theme:: Create
Theme Slug:: create
Downloads: 64,003
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.9.2
Severity Score:: Medium
CVE:: 2024-47356

Theme:: Full Frame
Theme Slug:: full-frame
Downloads: 199,800
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.7.3
Severity Score:: Medium
CVE:: 2024-44010