WordPress Vulnerability Report � October 9, 2024

In this report, 182 vulnerabilities have been publicly disclosed. Security patches for 137 of these plugins are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 45 plugin and theme vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

WordPress Core

WordPress 6.7 Beta 2 is ready for testing! This beta version of the WordPress software is under development. Don’t install, run, or test this version of WordPress on production or mission-critical websites. Instead, it is recommended you evaluate Beta 2 on a test server and site.

WordPress Plugins � 135 Patched / 42 Unpatched

Plugin:: Soumettre.fr
Plugin Slug:: soumettre-fr
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-8675

Plugin:: Loggedin � Limit Active Logins
Plugin Slug:: loggedin
Installations: 9,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-9228

Plugin:: BuddyPress Docs
Plugin Slug:: buddypress-docs
Installations: 8,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-9207

Plugin:: DK PDF
Plugin Slug:: dk-pdf
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-8727

Plugin:: Copyscape Premium
Plugin Slug:: copyscape-premium
Installations: 2,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-47644

Plugin:: Keap Official Opt-in Forms
Plugin Slug:: infusionsoft-official-opt-in-forms
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-47642

Plugin:: Online Booking & Scheduling Calendar for WordPress by vcita
Plugin Slug:: meeting-scheduler-by-vcita
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-47638

Plugin:: Include Fussball.de Widgets
Plugin Slug:: include-fussball-de-widgets
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-47643

Plugin:: LH Copy Media File
Plugin Slug:: lh-copy-media-file
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-9220

Plugin:: Payflex Payment Gateway
Plugin Slug:: payflex-payment-gateway
Installations: 1,000+
Vulnerability:: Open Redirection
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-47646

Plugin:: RumbleTalk Live Group Chat � HTML5
Plugin Slug:: rumbletalk-chat-a-chat-with-themes
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-8720

Plugin:: VdoCipher: Secure Video Player and Hosting
Plugin Slug:: vdocipher
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-47639

Plugin:: Hello World
Plugin Slug:: hello-world
Installations: 900+
Vulnerability:: Arbitrary File Download
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-9224

Plugin:: 123.chat
Plugin Slug:: 123-chat-videochat
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-7869

Plugin:: Aggregator Advanced Settings
Plugin Slug:: aggregator-advanced-settings
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-9368

Plugin:: Auto Featured Image from Title
Plugin Slug:: auto-featured-image-from-title
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-8786

Plugin:: Captcha Bank
Plugin Slug:: captcha-bank
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-9375

Plugin:: Confetti Fall Animation
Plugin Slug:: confetti-fall-animation
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-47641

Plugin:: Custom Banners
Plugin Slug:: custom-banners
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-8799

Plugin:: Display Medium Posts
Plugin Slug:: display-medium-posts
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-9445

Plugin:: Easy Load More
Plugin Slug:: easy-load-more
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-8728

Plugin:: Elastik Page Builder
Plugin Slug:: elastik-page-builder
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-9274

Plugin:: Gravity Forms Toolbar
Plugin Slug:: gravity-forms-toolbar
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-8718

Plugin:: Guten Post Layout
Plugin Slug:: guten-post-layout
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-8288

Plugin:: Iconize
Plugin Slug:: iconize
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-47649

Plugin:: KB Support
Plugin Slug:: kb-support
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-8632

Plugin:: KB Support
Plugin Slug:: kb-support
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-8548

Plugin:: LocateAndFilter
Plugin Slug:: locateandfilter
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-9304

Plugin:: Login Logout Shortcode
Plugin Slug:: login-logout-shortcode
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-9421

Plugin:: Optin Hound
Plugin Slug:: opt-in-hound
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-9267

Plugin:: PDF Image Generator
Plugin Slug:: pdf-image-generator
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-9241

Plugin:: R Animated Icon
Plugin Slug:: r-animated-icon
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-9272

Plugin:: Relogo
Plugin Slug:: relogo
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-9269

Plugin:: Spice Starter Sites
Plugin Slug:: spice-starter-sites
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-8430

Plugin:: SVG Complete
Plugin Slug:: svg-complete
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-9119

Plugin:: Wechat Social login
Plugin Slug:: wechat-social-login
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-9108

Plugin:: Wechat Social login
Plugin Slug:: wechat-social-login
Vulnerability:: Broken Authentication
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-9106

Plugin:: WooCommerce � Store Exporter
Plugin Slug:: woocommerce-exporter
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-8793

Plugin:: WP Blocks Hub
Plugin Slug:: wp-blocks-hub
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-9372

Plugin:: WP Cleanup and Basic Functions
Plugin Slug:: wp-cleanup-and-basic-functions
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-9455

Plugin:: WP Easy Gallery
Plugin Slug:: wp-easy-gallery
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-9018

Plugin:: XO Slider
Plugin Slug:: xo-liteslider
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-8324

Plugin:: LiteSpeed Cache
Plugin Slug:: litespeed-cache
Installations: 6,000,000+
Vulnerability:: Path Traversal
Patched in Version:: 6.5.1
Severity Score:: High
CVE:: 2024-47637

Plugin:: LiteSpeed Cache
Plugin Slug:: litespeed-cache
Installations: 6,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.5.1
Severity Score:: Medium
CVE:: 2024-47373

Plugin:: LiteSpeed Cache
Plugin Slug:: litespeed-cache
Installations: 6,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.5.1
Severity Score:: High
CVE:: 2024-47374

Plugin:: Rank Math SEO � AI SEO Tools to Dominate SEO Rankings
Plugin Slug:: seo-by-rank-math
Installations: 3,000,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.0.229
Severity Score:: Medium
CVE:: 2024-9161

Plugin:: Rank Math SEO � AI SEO Tools to Dominate SEO Rankings
Plugin Slug:: seo-by-rank-math
Installations: 3,000,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 1.0.229
Severity Score:: High
CVE:: 2024-9314

Plugin:: Advanced Custom Fields (ACF)
Plugin Slug:: advanced-custom-fields
Installations: 2,000,000+
Vulnerability:: Arbitrary Code Execution
Patched in Version:: 6.3.6.1
Severity Score:: Medium
CVE:: 2024-9529

Plugin:: Advanced Custom Fields (ACF)
Plugin Slug:: advanced-custom-fields
Installations: 2,000,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.11
Severity Score:: Medium
CVE:: 2021-20866

Plugin:: Advanced Custom Fields (ACF)
Plugin Slug:: advanced-custom-fields
Installations: 2,000,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.11
Severity Score:: Medium
CVE:: 2021-20865

Plugin:: Advanced Custom Fields (ACF)
Plugin Slug:: advanced-custom-fields
Installations: 2,000,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.11
Severity Score:: Medium
CVE:: 2021-20867

Plugin:: Popup Maker � Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder
Plugin Slug:: popup-maker
Installations: 700,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.20.0
Severity Score:: Medium
CVE:: 2024-47358

Plugin:: Broken Link Checker
Plugin Slug:: broken-link-checker
Installations: 600,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.1
Severity Score:: High
CVE:: 2024-8981

Plugin:: Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder
Plugin Slug:: fluentform
Installations: 500,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.1.20
Severity Score:: Medium
CVE:: 2024-9528

Plugin:: Happy Addons for Elementor
Plugin Slug:: happy-elementor-addons
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.12.1
Severity Score:: Medium
CVE:: 2024-47357

Plugin:: Royal Elementor Addons and Templates
Plugin Slug:: royal-elementor-addons
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.987
Severity Score:: Medium
CVE:: 2024-8482

Plugin:: Checkout Field Editor (Checkout Manager) for WooCommerce
Plugin Slug:: woo-checkout-field-editor-pro
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.4
Severity Score:: High
CVE:: 2024-8499

Plugin:: Unlimited Elements For Elementor (Free Widgets, Addons, Templates)
Plugin Slug:: unlimited-elements-for-elementor
Installations: 300,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.122
Severity Score:: High
CVE:: 2024-45454

Plugin:: SEOPress � On-site SEO
Plugin Slug:: wp-seopress
Installations: 300,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 8.2
Severity Score:: High
CVE:: 2024-9225

Plugin:: Jeg Elementor Kit
Plugin Slug:: jeg-elementor-kit
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.9
Severity Score:: Medium
CVE:: 2024-47390

Plugin:: TinyPNG � JPEG, PNG & WebP image compression
Plugin Slug:: tiny-compress-images
Installations: 200,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.4.4
Severity Score:: Medium
CVE:: 2024-47635

Plugin:: Ultimate Member � User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin
Plugin Slug:: ultimate-member
Installations: 200,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.8.7
Severity Score:: Medium
CVE:: 2024-8520

Plugin:: Ultimate Member � User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin
Plugin Slug:: ultimate-member
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.8.7
Severity Score:: Medium
CVE:: 2024-8519

Plugin:: Smart Custom 404 Error Page
Plugin Slug:: 404page
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 11.4.8
Severity Score:: High
CVE:: 2024-9204

Plugin:: Elementor Addon Elements
Plugin Slug:: addon-elements-for-elementor-page-builder
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.13.7
Severity Score:: Medium
CVE:: 2024-47366

Plugin:: Elementor Addon Elements
Plugin Slug:: addon-elements-for-elementor-page-builder
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.13.7
Severity Score:: Medium
CVE:: 2024-47361

Plugin:: Shortcodes and extra features for Phlox theme
Plugin Slug:: auxin-elements
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.16.4
Severity Score:: Medium
CVE:: 2024-8486

Plugin:: Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)
Plugin Slug:: bdthemes-element-pack-lite
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.7.6
Severity Score:: Medium
CVE:: 2024-47392

Plugin:: Slider & Popup Builder by Depicter � Add Image Slider, Carousel Slider, Exit Intent Popup, Popup Modal, Coupon Popup, Post Slider Carousel
Plugin Slug:: depicter
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.5.0
Severity Score:: Medium
CVE:: 2024-47381

Plugin:: Slider & Popup Builder by Depicter � Add Image Slider, Carousel Slider, Exit Intent Popup, Popup Modal, Coupon Popup, Post Slider Carousel
Plugin Slug:: depicter
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.5.0
Severity Score:: Medium
CVE:: 2024-47359

Plugin:: Essential Blocks � Page Builder Gutenberg Blocks, Patterns & Templates
Plugin Slug:: essential-blocks
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.9.0
Severity Score:: Medium
CVE:: 2024-47385

Plugin:: Strong Testimonials
Plugin Slug:: strong-testimonials
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.1.17
Severity Score:: Medium
CVE:: 2024-47362

Plugin:: The Post Grid � Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid
Plugin Slug:: the-post-grid
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.5.0
Severity Score:: Medium
CVE:: 2024-3635

Plugin:: WooCommerce Multilingual & Multicurrency with WPML
Plugin Slug:: woocommerce-multilingual
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.3.8
Severity Score:: High
CVE:: 2024-8629

Plugin:: Email Subscribers by Icegram Express � Email Marketing, Newsletters, Automation for WordPress & WooCommerce
Plugin Slug:: email-subscribers
Installations: 80,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.7.35
Severity Score:: Medium
CVE:: 2024-8254

Plugin:: WP Bulk Delete
Plugin Slug:: wp-bulk-delete
Installations: 70,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.2
Severity Score:: High
CVE:: 2024-47352

Plugin:: WordPress Infinite Scroll � Ajax Load More
Plugin Slug:: ajax-load-more
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.1.3
Severity Score:: Medium
CVE:: 2024-8505

Plugin:: Bold Page Builder
Plugin Slug:: bold-page-builder
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.1.1
Severity Score:: Medium
CVE:: 2024-47391

Plugin:: WP Booking Calendar
Plugin Slug:: booking
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 10.6.1
Severity Score:: Medium
CVE:: 2024-9306

Plugin:: Photo Gallery, Images, Slider in Rbs Image Gallery
Plugin Slug:: robo-gallery
Installations: 50,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.2.22
Severity Score:: Medium
CVE:: 2024-8431

Plugin:: Ultimate Blocks � WordPress Blocks Plugin
Plugin Slug:: ultimate-blocks
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.2
Severity Score:: Medium
CVE:: 2024-8536

Plugin:: Visual CSS Style Editor
Plugin Slug:: yellow-pencil-visual-theme-customizer
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.6.5
Severity Score:: High
CVE:: 2024-47348

Plugin:: DethemeKit For Elementor
Plugin Slug:: dethemekit-for-elementor
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.8
Severity Score:: Medium
CVE:: 2024-47632

Plugin:: Page-list
Plugin Slug:: page-list
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.7
Severity Score:: Medium
CVE:: 2024-47382

Plugin:: Starbox � the Author Box for Humans
Plugin Slug:: starbox
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.5.3
Severity Score:: Medium
CVE:: 2024-8239

Plugin:: YITH WooCommerce Ajax Search
Plugin Slug:: yith-woocommerce-ajax-search
Installations: 40,000+
Vulnerability:: SQL Injection
Patched in Version:: 2.8.1
Severity Score:: Critical
CVE:: 2024-47350

Plugin:: Cost Calculator Builder
Plugin Slug:: cost-calculator-builder
Installations: 30,000+
Vulnerability:: SQL Injection
Patched in Version:: 3.2.29
Severity Score:: High
CVE:: 2024-8379

Plugin:: Bit File Manager � 100% Free & Open Source File Manager and Code Editor for WordPress
Plugin Slug:: file-manager
Installations: 20,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 6.5.8
Severity Score:: Medium
CVE:: 2024-8743

Plugin:: Ibtana � WordPress Website Builder
Plugin Slug:: ibtana-visual-editor
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.4.5
Severity Score:: Medium
CVE:: 2024-8282

Plugin:: RomethemeKit For Elementor
Plugin Slug:: rometheme-for-elementor
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.1
Severity Score:: Medium
CVE:: 2024-47626

Plugin:: Code Embed
Plugin Slug:: simple-embed-code
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.5
Severity Score:: Medium
CVE:: 2024-8804

Plugin:: Simple Membership After Login Redirection
Plugin Slug:: simple-membership-after-login-redirection
Installations: 20,000+
Vulnerability:: Open Redirection
Patched in Version:: 1.7
Severity Score:: Medium
CVE:: 2024-47354

Plugin:: Slider by 10Web � Responsive Image Slider
Plugin Slug:: slider-wd
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.59
Severity Score:: Medium
CVE:: 2024-8283

Plugin:: Advanced Woo Labels � Product Labels for WooCommerce
Plugin Slug:: advanced-woo-labels
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.02
Severity Score:: Medium
CVE:: 2024-47622

Plugin:: Auto Amazon Links � Amazon Associates Affiliate Plugin
Plugin Slug:: amazon-auto-links
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.4.3
Severity Score:: High
CVE:: 2024-9349

Plugin:: BA Book Everything
Plugin Slug:: ba-book-everything
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.21
Severity Score:: High
CVE:: 2024-47360

Plugin:: Blockspare: Gutenberg Blocks & Patterns for Blogs, Magazines, Business Sites � Post Grids, Sliders, Carousels, Counters, Page Builder & Starter Site Imports, No Coding Needed
Plugin Slug:: blockspare
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.5
Severity Score:: Medium
CVE:: 2024-47363

Plugin:: Demo Importer Plus
Plugin Slug:: demo-importer-plus
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.2
Severity Score:: Medium
CVE:: 2024-9172

Plugin:: Gallery Lightbox
Plugin Slug:: gallery-lightbox-slider
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.0.41
Severity Score:: Medium
CVE:: 2024-47623

Plugin:: FAQ / Accordion / Docs � Helpie WordPress FAQ Accordion plugin
Plugin Slug:: helpie-faq
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.28
Severity Score:: Medium
CVE:: 2024-47647

Plugin:: LA-Studio Element Kit for Elementor
Plugin Slug:: lastudio-element-kit
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.9.7
Severity Score:: Medium
CVE:: 2024-47628

Plugin:: MC4WP: Mailchimp Top Bar
Plugin Slug:: mailchimp-top-bar
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.1
Severity Score:: High
CVE:: 2024-9210

Plugin:: NEX-Forms � Ultimate Form Builder � Contact forms and much more
Plugin Slug:: nex-forms-express-wp-form-builder
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 8.7.4
Severity Score:: High
CVE:: 2024-47389

Plugin:: Paid Membership Subscriptions � Effortless Memberships, Recurring Payments & Content Restriction
Plugin Slug:: paid-member-subscriptions
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.12.9
Severity Score:: High
CVE:: 2024-9222

Plugin:: Popularis Extra
Plugin Slug:: popularis-extra
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.7
Severity Score:: High
CVE:: 2024-9353

Plugin:: CartBounty � Save and recover abandoned carts for WooCommerce
Plugin Slug:: woo-save-abandoned-carts
Installations: 10,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 8.2.1
Severity Score:: Medium
CVE:: 2024-47634

Plugin:: YITH WooCommerce Product Add-Ons
Plugin Slug:: yith-woocommerce-product-add-ons
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.13.1
Severity Score:: High
CVE:: 2024-47367

Plugin:: YML for Yandex Market
Plugin Slug:: yml-for-yandex-market
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.7.3
Severity Score:: High
CVE:: 2024-9378

Plugin:: Form plugin for WordPress � Zoho Forms
Plugin Slug:: zoho-forms
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.0.1
Severity Score:: Medium
CVE:: 2024-47633

Plugin:: MaxSlider
Plugin Slug:: maxslider
Installations: 9,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 1.2.4
Severity Score:: High
CVE:: 2024-47351

Plugin:: Affiliate Program Suite � SliceWP Affiliates
Plugin Slug:: slicewp
Installations: 9,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.19
Severity Score:: High
CVE:: 2024-47388

Plugin:: Slideshow Gallery LITE
Plugin Slug:: slideshow-gallery
Installations: 8,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8.4
Severity Score:: Medium
CVE:: 2024-47376

Plugin:: WP Hotel Booking
Plugin Slug:: wp-hotel-booking
Installations: 8,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 2.1.3
Severity Score:: Critical
CVE:: 2024-7855

Plugin:: Themify Builder
Plugin Slug:: themify-builder
Installations: 7,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.6.3
Severity Score:: High
CVE:: 2024-9385

Plugin:: WP Compress � Instant Performance & Speed Optimization
Plugin Slug:: wp-compress-image-optimizer
Installations: 7,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.21.01
Severity Score:: High
CVE:: 2024-47384

Plugin:: Author Avatars List/Block
Plugin Slug:: author-avatars
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.22
Severity Score:: Medium
CVE:: 2024-47370

Plugin:: Cozy Blocks � Page Builder for Gutenberg & Site Editor, Post Blocks, WooCommerce Blocks, Magazine Blocks, WordPress Gutenberg Blocks, Patterns and Templates Library
Plugin Slug:: cozy-addons
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.12
Severity Score:: Medium
CVE:: 2024-47355

Plugin:: Survey Maker
Plugin Slug:: survey-maker
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.9.6
Severity Score:: Medium
CVE:: 2024-8488

Plugin:: ElementsReady Addons for Elementor
Plugin Slug:: element-ready-lite
Installations: 5,000+
Vulnerability:: Open Redirection
Patched in Version:: 6.4.3
Severity Score:: Medium
CVE:: 2024-47353

Plugin:: ElementInvader Addons for Elementor
Plugin Slug:: elementinvader-addons-for-elementor
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.8
Severity Score:: Medium
CVE:: 2024-47630

Plugin:: Magazine Blocks � Blog Designer, Magazine & Newspaper Website Builder, Page Builder with Posts Blocks, Post Grid
Plugin Slug:: magazine-blocks
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.15
Severity Score:: High
CVE:: 2024-9218

Plugin:: Easy Mega Menu Plugin for WordPress � ThemeHunk
Plugin Slug:: themehunk-megamenu-plus
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.1
Severity Score:: Medium
CVE:: 2024-8433

Plugin:: WPMobile.App � Android and iOS Mobile Application
Plugin Slug:: wpappninja
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 11.51
Severity Score:: High
CVE:: 2024-47349

Plugin:: EventPrime � Events Calendar, Bookings and Tickets
Plugin Slug:: eventprime-event-calendar-management
Installations: 4,000+
Vulnerability:: Open Redirection
Patched in Version:: 4.0.4.6
Severity Score:: Medium
CVE:: 2024-47648

Plugin:: Geo Mashup
Plugin Slug:: geo-mashup
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.13.14
Severity Score:: Medium
CVE:: 2024-8990

Plugin:: Quill Forms | The Best Typeform Alternative | Create Conversational Multi Step Form, Survey, Quiz, Cost Estimation or Donation Form on WordPress
Plugin Slug:: quillforms
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.8.0
Severity Score:: Medium
CVE:: 2024-47393

Plugin:: RabbitLoader � Website Speed Optimization for improving Core Web Vital metrics with Cache, Image Optimization, and more
Plugin Slug:: rabbit-loader
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.21.1
Severity Score:: High
CVE:: 2024-8800

Plugin:: AVIF Uploader
Plugin Slug:: avif-support
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.1
Severity Score:: Medium
CVE:: 2024-9060

Plugin:: Move Addons for Elementor
Plugin Slug:: move-addons
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.5
Severity Score:: Medium
CVE:: 2024-47364

Plugin:: Robokassa payment gateway for Woocommerce
Plugin Slug:: robokassa
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.2
Severity Score:: High
CVE:: 2024-47395

Plugin:: WP-Lister Lite for eBay
Plugin Slug:: wp-lister-for-ebay
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.6.5
Severity Score:: High
CVE:: 2024-47380

Plugin:: Automatically Hierarchic Categories in Menu
Plugin Slug:: automatically-hierarchic-categories-in-menu
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.6
Severity Score:: Medium
CVE:: 2024-47365

Plugin:: BSK Forms Blacklist
Plugin Slug:: bsk-gravityforms-blacklist
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.9
Severity Score:: High
CVE:: 2024-47624

Plugin:: Hash Form � Drag & Drop Form Builder
Plugin Slug:: hash-form
Installations: 2,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 1.2.0
Severity Score:: Medium
CVE:: 2024-9417

Plugin:: PWA � easy way to Progressive Web App
Plugin Slug:: iworks-pwa
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.4
Severity Score:: Medium
CVE:: 2024-8967

Plugin:: Premium Blocks � Gutenberg Blocks for WordPress
Plugin Slug:: premium-blocks-for-gutenberg
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.34
Severity Score:: Medium
CVE:: 2024-47368

Plugin:: Search Analytics for WP
Plugin Slug:: search-analytics
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4.11
Severity Score:: High
CVE:: 2024-9209

Plugin:: Free Responsive Testimonials, Social Proof Reviews, and Customer Reviews � Stars Testimonials
Plugin Slug:: stars-testimonials-with-slider-and-masonry-grid
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.3.2
Severity Score:: Medium
CVE:: 2024-8989

Plugin:: The Pack Elementor addons (Header Footer & WooCommerce Builder, Template Library)
Plugin Slug:: the-pack-addon
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.9
Severity Score:: Medium
CVE:: 2024-47383

Plugin:: WP-WebAuthn
Plugin Slug:: wp-webauthn
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.2
Severity Score:: Medium
CVE:: 2024-47650

Plugin:: WPCOM Member
Plugin Slug:: wpcom-member
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.4.1
Severity Score:: High
CVE:: 2024-47378

Plugin:: XLTab � Accordions and Tabs for Elementor Page Builder
Plugin Slug:: xl-tab
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4
Severity Score:: Medium
CVE:: 2024-47375

Plugin:: Zotpress
Plugin Slug:: zotpress
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.3.11
Severity Score:: Medium
CVE:: 2024-47621

Plugin:: Post Form � Registration Form � Profile Form for User Profiles � Frontend Content Forms for User Submissions (UGC)
Plugin Slug:: buddyforms
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.8.13
Severity Score:: Medium
CVE:: 2024-47377

Plugin:: Enter Addons � Ultimate Template Builder for Elementor
Plugin Slug:: enteraddons
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.9
Severity Score:: Medium
CVE:: 2024-47625

Plugin:: Fish and Ships � Most flexible shipping table rate. A WooCommerce shipping rate
Plugin Slug:: fish-and-ships
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6
Severity Score:: High
CVE:: 2024-9237

Plugin:: Memberful � Membership Plugin
Plugin Slug:: memberful-wp
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.73.8
Severity Score:: Medium
CVE:: 2024-9242

Plugin:: Search Atlas SEO � Best SEO Plugin for One-Click WP Publishing & Integrated AI Optimization
Plugin Slug:: metasync
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8.3
Severity Score:: Medium
CVE:: 2024-47387

Plugin:: TNC PDF viewer
Plugin Slug:: pdf-viewer-by-themencode
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.0
Severity Score:: Medium
CVE:: 2024-47372

Plugin:: Product Delivery Date for WooCommerce � Lite
Plugin Slug:: product-delivery-date-for-woocommerce-lite
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.7.4
Severity Score:: High
CVE:: 2024-9345

Plugin:: Logo Carousel � Clients logo carousel for WP
Plugin Slug:: responsive-client-logo-carousel-slider
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.0
Severity Score:: Medium
CVE:: 2024-47631

Plugin:: BerqWP � Automated All-In-One PageSpeed Optimization for Core Web Vitals, Cache, CDN, Images, CSS, and JavaScript
Plugin Slug:: searchpro
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.2
Severity Score:: High
CVE:: 2024-9344

Plugin:: Image Optimizer, Resizer and CDN � Sirv
Plugin Slug:: sirv
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.3.0
Severity Score:: Medium
CVE:: 2024-8964

Plugin:: Social Web Suite � Social Media Auto Post, Social Media Auto Publish
Plugin Slug:: social-web-suite
Installations: 1,000+
Vulnerability:: Arbitrary File Download
Patched in Version:: 4.1.12
Severity Score:: High
CVE:: 2024-8352