Nexcess.comServers.comLiquidWeb.com
Line illustration showing a black application window on a blue gradient background overlaid with a large exclamation point alert icon and three bugs.

WordPress Vulnerability Report � October 23, 2024

Sarah
Uncategorized

In this report, 312 vulnerabilities have been publicly disclosed. Security patches for 131 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 181 plugin and theme vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

WordPress Core

WordPress 6.7 Beta 3 is available and ready for testing! This beta version of the WordPress software is under development. Please do not install, run, or test this version of WordPress on production or mission-critical websites. Instead, it is recommended you evaluate Beta 3 on a test server and site.

WordPress Plugins � 130 Patched / 176 Unpatched

Email Template Customizer for WooCommerce

Plugin:

Email Template Customizer for WooCommerce

Plugin Slug:
email-template-customizer-for-woo

Installations
30,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-49288


The vulnerability has not been patched. You should deactivate the plugin.

Custom Icons for Elementor

Plugin:

Custom Icons for Elementor

Plugin Slug:
custom-icons-for-elementor

Installations
20,000+

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-49676


The vulnerability has not been patched. You should deactivate the plugin.

G Meta Keywords

Plugin:

G Meta Keywords

Plugin Slug:
g-meta-keywords

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-49301


The vulnerability has not been patched. You should deactivate the plugin.

Surfer � WordPress Plugin

Plugin:

Surfer � WordPress Plugin

Plugin Slug:
surferseo

Installations
7,000+

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-49299


The vulnerability has not been patched. You should deactivate the plugin.

Edwiser Bridge � WordPress Moodle LMS Integration

Plugin:

Edwiser Bridge � WordPress Moodle LMS Integration

Plugin Slug:
edwiser-bridge

Installations
5,000+

Vulnerability:
Server Side Request Forgery (SSRF)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-49312


The vulnerability has not been patched. You should deactivate the plugin.

Edwiser Bridge � WordPress Moodle LMS Integration

Plugin:

Edwiser Bridge � WordPress Moodle LMS Integration

Plugin Slug:
edwiser-bridge

Installations
5,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-49311


The vulnerability has not been patched. You should deactivate the plugin.

Lightbox slider � Responsive Lightbox Gallery

Plugin:

Lightbox slider � Responsive Lightbox Gallery

Plugin Slug:
simple-lightbox-gallery

Installations
5,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-49280


The vulnerability has not been patched. You should deactivate the plugin.

WordPress Portfolio Builder � Portfolio Gallery

Plugin:

WordPress Portfolio Builder � Portfolio Gallery

Plugin Slug:
uber-grid

Installations
5,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-49302


The vulnerability has not been patched. You should deactivate the plugin.

Pinpoint Booking System � #1 WordPress Booking Plugin

Plugin:

Pinpoint Booking System � #1 WordPress Booking Plugin

Plugin Slug:
booking-system

Installations
4,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-49304


The vulnerability has not been patched. You should deactivate the plugin.

Custom Add to Cart Button Label and Link

Plugin:

Custom Add to Cart Button Label and Link

Plugin Slug:
woo-custom-cart-button

Installations
4,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-49296


The vulnerability has not been patched. You should deactivate the plugin.

Zoho CRM Lead Magnet

Plugin:

Zoho CRM Lead Magnet

Plugin Slug:
zoho-crm-forms

Installations
4,000+

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-49297


The vulnerability has not been patched. You should deactivate the plugin.

Hyperlink Group Block

Plugin:

Hyperlink Group Block

Plugin Slug:
hyperlink-group-block

Installations
3,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-49279


The vulnerability has not been patched. You should deactivate the plugin.

Animator � Scroll Triggered Animations

Plugin:

Animator � Scroll Triggered Animations

Plugin Slug:
scroll-triggered-animations

Installations
3,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-49308


The vulnerability has not been patched. You should deactivate the plugin.

DPD Baltic Shipping

Plugin:

DPD Baltic Shipping

Plugin Slug:
woo-shipping-dpd-baltic

Installations
2,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-9350


The vulnerability has not been patched. You should deactivate the plugin.

Omnipress

Plugin:

Omnipress

Plugin Slug:
omnipress

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-49278


The vulnerability has not been patched. You should deactivate the plugin.

UltraAddons � Elementor Addons (Header Footer Builder, Custom Font, Custom CSS,Woo Widget, Menu Builder, Anywhere Elementor Shortcode)

Plugin:

UltraAddons � Elementor Addons (Header Footer Builder, Custom Font, Custom CSS,Woo Widget, Menu Builder, Anywhere Elementor Shortcode)

Plugin Slug:
ultraaddons-elementor-lite

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-49277


The vulnerability has not been patched. You should deactivate the plugin.

WP SendFox

Plugin:

WP SendFox

Plugin Slug:
wp-sendfox

Installations
1,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-49284


The vulnerability has not been patched. You should deactivate the plugin.

Simple Testimonials Showcase

Plugin:

Simple Testimonials Showcase

Plugin Slug:
simple-testimonials-showcase

Installations
900+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-49295


The vulnerability has not been patched. You should deactivate the plugin.

TAKETIN To WP Membership

Plugin:

TAKETIN To WP Membership

Plugin Slug:
taketin-to-wp-membership

Installations
60+

Vulnerability:
PHP Object Injection

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-49226


The vulnerability has not been patched. You should deactivate the plugin.

Easy Addons for Elementor

Plugin:

Easy Addons for Elementor

Plugin Slug:
easy-addons-for-elementor

Installations
10+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-49631


The vulnerability has not been patched. You should deactivate the plugin.

UltimateAI

Plugin:

UltimateAI

Plugin Slug:
Ultimate_AI

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-9104


The vulnerability has not been patched. You should deactivate the plugin.

UltimateAI

Plugin:

UltimateAI

Plugin Slug:
Ultimate_AI

Vulnerability:
Broken Authentication

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-9105


The vulnerability has not been patched. You should deactivate the plugin.

AB Categories Search Widget

Plugin:

AB Categories Search Widget

Plugin Slug:
ab-categories-search-widget

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-49240


The vulnerability has not been patched. You should deactivate the plugin.

ACL Floating Cart for WooCommerce

Plugin:

ACL Floating Cart for WooCommerce

Plugin Slug:
acl-floating-cart-for-woocommerce

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-49640


The vulnerability has not been patched. You should deactivate the plugin.

Add Categories Post Footer

Plugin:

Add Categories Post Footer

Plugin Slug:
add-categories-post-footer

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-49239


The vulnerability has not been patched. You should deactivate the plugin.

ADIF Log Search Widget

Plugin:

ADIF Log Search Widget

Plugin Slug:
adif-log-search-widget

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-49238


The vulnerability has not been patched. You should deactivate the plugin.

Advanced Advertising System

Plugin:

Advanced Advertising System

Plugin Slug:
advanced-advertising-system

Vulnerability:
PHP Object Injection

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-49624


The vulnerability has not been patched. You should deactivate the plugin.

Affiliator

Plugin:

Affiliator

Plugin Slug:
affiliator-lite

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-49326


The vulnerability has not been patched. You should deactivate the plugin.

Agile Video Player Lite

Plugin:

Agile Video Player Lite

Plugin Slug:
agile-video-player

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-49636


The vulnerability has not been patched. You should deactivate the plugin.

Ahime Image Printer

Plugin:

Ahime Image Printer

Plugin Slug:
ahime-image-printer

Vulnerability:
Arbitrary File Download

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-49245


The vulnerability has not been patched. You should deactivate the plugin.

Ahmeti Wp Timeline

Plugin:

Ahmeti Wp Timeline

Plugin Slug:
ahmeti-wp-timeline

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-49237


The vulnerability has not been patched. You should deactivate the plugin.

AI Image Generator for Your Content & Featured Images � AI Postpix

Plugin:

AI Image Generator for Your Content & Featured Images � AI Postpix

Plugin Slug:
ai-postpix

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-49671


The vulnerability has not been patched. You should deactivate the plugin.

Ajax Custom CSS/JS

Plugin:

Ajax Custom CSS/JS

Plugin Slug:
ajax-awesome-css

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-49230


The vulnerability has not been patched. You should deactivate the plugin.

ajax-extend

Plugin:

ajax-extend

Plugin Slug:
ajax-extend

Vulnerability:
Remote Code Execution (RCE)

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-49254


The vulnerability has not been patched. You should deactivate the plugin.

Ajax Rating with Custom Login

Plugin:

Ajax Rating with Custom Login

Plugin Slug:
ajax-rating-with-custom-login

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-49246


The vulnerability has not been patched. You should deactivate the plugin.

Akismet htaccess writer

Plugin:

Akismet htaccess writer

Plugin Slug:
akismet-htaccess-writer

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-49316


The vulnerability has not been patched. You should deactivate the plugin.

All in One Slider

Plugin:

All in One Slider

Plugin Slug:
all-in-one-slider

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-49323


The vulnerability has not been patched. You should deactivate the plugin.

Analyse Uploads

Plugin:

Analyse Uploads

Plugin Slug:
analyse-uploads

Vulnerability:
Arbitrary File Deletion

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-49253


The vulnerability has not been patched. You should deactivate the plugin.

Apa Banner Slider

Plugin:

Apa Banner Slider

Plugin Slug:
apa-banner-slider

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-49622


The vulnerability has not been patched. You should deactivate the plugin.

APA Register Newsletter Form

Plugin:

APA Register Newsletter Form

Plugin Slug:
apa-register-newsletter-form

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-49621


The vulnerability has not been patched. You should deactivate the plugin.

Arkhe Blocks

Plugin:

Arkhe Blocks

Plugin Slug:
arkhe-blocks

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-49261


The vulnerability has not been patched. You should deactivate the plugin.

Author Discussion

Plugin:

Author Discussion

Plugin Slug:
author-discussion

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-49609


The vulnerability has not been patched. You should deactivate the plugin.

AVChat Video Chat

Plugin:

AVChat Video Chat

Plugin Slug:
avchat-3

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-49605


The vulnerability has not been patched. You should deactivate the plugin.

Azz Anonim Posting

Plugin:

Azz Anonim Posting

Plugin Slug:
azz-anonim-posting

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-49257


The vulnerability has not been patched. You should deactivate the plugin.

Back Link Tracker

Plugin:

Back Link Tracker

Plugin Slug:
back-link-tracker

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-49617


The vulnerability has not been patched. You should deactivate the plugin.

Banner Slider

Plugin:

Banner Slider

Plugin Slug:
banner-slider

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-49635


The vulnerability has not been patched. You should deactivate the plugin.

Bet WC 2018 Russia

Plugin:

Bet WC 2018 Russia

Plugin Slug:
bet-wc-2018-russia

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-49637


The vulnerability has not been patched. You should deactivate the plugin.

Better Author Bio

Plugin:

Better Author Bio

Plugin Slug:
better-author-bio

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-49229


The vulnerability has not been patched. You should deactivate the plugin.

BuddyPress Better Registration

Plugin:

BuddyPress Better Registration

Plugin Slug:
better-bp-registration

Vulnerability:
Broken Authentication

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-49247


The vulnerability has not been patched. You should deactivate the plugin.

Booking.com Banner Creator

Plugin:

Booking.com Banner Creator

Plugin Slug:
bookingcom-banner-creator

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-49265


The vulnerability has not been patched. You should deactivate the plugin.

BuddyPress Greeting Message

Plugin:

BuddyPress Greeting Message

Plugin Slug:
bp-greeting-message

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-49650


The vulnerability has not been patched. You should deactivate the plugin.

BP Member Type Manager

Plugin:

BP Member Type Manager

Plugin Slug:
bp-member-type-manager

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-49634


The vulnerability has not been patched. You should deactivate the plugin.

Branding

Plugin:

Branding

Plugin Slug:
branding

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-9452


The vulnerability has not been patched. You should deactivate the plugin.

Bulk images optimizer

Plugin:

Bulk images optimizer

Plugin Slug:
bulk-image-resizer

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-9361


The vulnerability has not been patched. You should deactivate the plugin.

bVerse Convert

Plugin:

bVerse Convert

Plugin Slug:
bverse-convert

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-49228


The vulnerability has not been patched. You should deactivate the plugin.

Campus Explorer Widget

Plugin:

Campus Explorer Widget

Plugin Slug:
campus-explorer-widget

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-49660


The vulnerability has not been patched. You should deactivate the plugin.

chatplusjp

Plugin:

chatplusjp

Plugin Slug:
chatplusjp

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-49664


The vulnerability has not been patched. You should deactivate the plugin.

CJ Change Howdy

Plugin:

CJ Change Howdy

Plugin Slug:
cj-change-howdy

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-49223


The vulnerability has not been patched. You should deactivate the plugin.

Client Power Tools Portal

Plugin:

Client Power Tools Portal

Plugin Slug:
client-power-tools

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-49670


The vulnerability has not been patched. You should deactivate the plugin.

Code Generate

Plugin:

Code Generate

Plugin Slug:
code-generator

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-49646


The vulnerability has not been patched. You should deactivate the plugin.

Cookie Scanner

Plugin:

Cookie Scanner

Plugin Slug:
cookie-scanner

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-49220


The vulnerability has not been patched. You should deactivate the plugin.

Coub

Plugin:

Coub

Plugin Slug:
coub

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-49659


The vulnerability has not been patched. You should deactivate the plugin.

Country Flags for Elementor

Plugin:

Country Flags for Elementor

Plugin Slug:
country-flags-for-elementor

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-49262


The vulnerability has not been patched. You should deactivate the plugin.

Crazy Call To Action Box

Plugin:

Crazy Call To Action Box

Plugin Slug:
crazy-call-to-action-box

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-49236


The vulnerability has not been patched. You should deactivate the plugin.

cSlider

Plugin:

cSlider

Plugin Slug:
cslider

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-49221


The vulnerability has not been patched. You should deactivate the plugin.

CSV Product Import Export for WooCommerce

Plugin:

CSV Product Import Export for WooCommerce

Plugin Slug:
csv-wc-product-import-export

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-49244


The vulnerability has not been patched. You should deactivate the plugin.

CWD 3D Image Gallery

Plugin:

CWD 3D Image Gallery

Plugin Slug:
cwd-3d-image-gallery

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-49632


The vulnerability has not been patched. You should deactivate the plugin.

Digital Lottery

Plugin:

Digital Lottery

Plugin Slug:
digital-lottery

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-49242


The vulnerability has not been patched. You should deactivate the plugin.

DocumentPress

Plugin:

DocumentPress

Plugin Slug:
documentpress-display-any-document-on-your-site

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-49656


The vulnerability has not been patched. You should deactivate the plugin.

Duplicate Title Validate

Plugin:

Duplicate Title Validate

Plugin Slug:
duplicate-title-validate

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-49623


The vulnerability has not been patched. You should deactivate the plugin.

Dynamic Elementor Addons

Plugin:

Dynamic Elementor Addons

Plugin Slug:
dynamic-elementor-addons

Vulnerability:
Local File Inclusion

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-49243


The vulnerability has not been patched. You should deactivate the plugin.

Easy Menu Manager

Plugin:

Easy Menu Manager

Plugin Slug:
easy-menu-manager-wpzest

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-9366


The vulnerability has not been patched. You should deactivate the plugin.

Easy Post Types

Plugin:

Easy Post Types

Plugin Slug:
easy-post-types

Vulnerability:
PHP Object Injection

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-10079


The vulnerability has not been patched. You should deactivate the plugin.

Easy Post Types

Plugin:

Easy Post Types

Plugin Slug:
easy-post-types

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-10078


The vulnerability has not been patched. You should deactivate the plugin.

Easy Post Types

Plugin:

Easy Post Types

Plugin Slug:
easy-post-types

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-10080


The vulnerability has not been patched. You should deactivate the plugin.

EKC Tournament Manager

Plugin:

EKC Tournament Manager

Plugin Slug:
ekc-tournament-manager

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-49674


The vulnerability has not been patched. You should deactivate the plugin.

Elemenda

Plugin:

Elemenda

Plugin Slug:
elemenda

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-9373


The vulnerability has not been patched. You should deactivate the plugin.

Extra Privacy for Elementor

Plugin:

Extra Privacy for Elementor

Plugin Slug:
extra-privacy-for-elementor

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-49654


The vulnerability has not been patched. You should deactivate the plugin.

Feed Comments Number

Plugin:

Feed Comments Number

Plugin Slug:
feed-comments-number

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-49216


The vulnerability has not been patched. You should deactivate the plugin.

FERMA.ru.net

Plugin:

FERMA.ru.net

Plugin Slug:
ferma-ru-net-checkout

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-49620


The vulnerability has not been patched. You should deactivate the plugin.

Whitelist

Plugin:

Whitelist

Plugin Slug:
fifthsegment-whitelist

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-49643


The vulnerability has not been patched. You should deactivate the plugin.

Flat UI Button

Plugin:

Flat UI Button

Plugin Slug:
flat-ui-button

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-10014


The vulnerability has not been patched. You should deactivate the plugin.

FREE DOWNLOAD MANAGER

Plugin:

FREE DOWNLOAD MANAGER

Plugin Slug:
free-download-manager

Vulnerability:
Arbitrary File Deletion

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-49315


The vulnerability has not been patched. You should deactivate the plugin.

Free Stock Photos Foter

Plugin:

Free Stock Photos Foter

Plugin Slug:
free-stock-photos-foter

Vulnerability:
PHP Object Injection

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-49227


The vulnerability has not been patched. You should deactivate the plugin.

Gantry 4 Framework

Plugin:

Gantry 4 Framework

Plugin Slug:
gantry

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-9382


The vulnerability has not been patched. You should deactivate the plugin.

GERRYWORKS Post by Mail

Plugin:

GERRYWORKS Post by Mail

Plugin Slug:
gerryworks-post-by-mail

Vulnerability:
Privilege Escalation

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-49608


The vulnerability has not been patched. You should deactivate the plugin.

GetResponse Forms

Plugin:

GetResponse Forms

Plugin Slug:
getresponse

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-8740


The vulnerability has not been patched. You should deactivate the plugin.

Giveaway Boost

Plugin:

Giveaway Boost

Plugin Slug:
giveaway-boost

Vulnerability:
PHP Object Injection

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-49332


The vulnerability has not been patched. You should deactivate the plugin.

Google Docs RSVP

Plugin:

Google Docs RSVP

Plugin Slug:
google-docs-rsvp-guestlist

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-49672


The vulnerability has not been patched. You should deactivate the plugin.

Google Map Locations

Plugin:

Google Map Locations

Plugin Slug:
google-map-locations

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-49606


The vulnerability has not been patched. You should deactivate the plugin.

GoogleDrive folder list

Plugin:

GoogleDrive folder list

Plugin Slug:
googledrive-folder-list

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-49335


The vulnerability has not been patched. You should deactivate the plugin.

TeploBot – Telegram Bot for WP

Plugin:

TeploBot – Telegram Bot for WP

Plugin Slug:
green-wp-telegram-bot-by-teplitsa

Vulnerability:
Sensitive Data Exposure

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-9627


The vulnerability has not been patched. You should deactivate the plugin.

iBryl Switch User

Plugin:

iBryl Switch User

Plugin Slug:
ibryl-switch-user

Vulnerability:
Broken Authentication

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-49675


The vulnerability has not been patched. You should deactivate the plugin.

Infinite-Scroll

Plugin:

Infinite-Scroll

Plugin Slug:
infinite-scroll

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-10040


The vulnerability has not been patched. You should deactivate the plugin.

INK Official

Plugin:

INK Official

Plugin Slug:
ink-official

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-49669


The vulnerability has not been patched. You should deactivate the plugin.

Job Board Manager for WordPress

Plugin:

Job Board Manager for WordPress

Plugin Slug:
jemployee

Vulnerability:
Privilege Escalation

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-49322


The vulnerability has not been patched. You should deactivate the plugin.

JiangQie Free Mini Program

Plugin:

JiangQie Free Mini Program

Plugin Slug:
jiangqie-free-mini-program

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-49314


The vulnerability has not been patched. You should deactivate the plugin.

jLayer Parallax Slider

Plugin:

jLayer Parallax Slider

Plugin Slug:
jlayer-parallax-slider-wp

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-49334


The vulnerability has not been patched. You should deactivate the plugin.

Kento Post View Counter

Plugin:

Kento Post View Counter

Plugin Slug:
kento-post-view-counter

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2016-15040


The vulnerability has not been patched. You should deactivate the plugin.

LaTeX2HTML

Plugin:

LaTeX2HTML

Plugin Slug:
latex2html

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-49673


The vulnerability has not been patched. You should deactivate the plugin.

leenk.me

Plugin:

leenk.me

Plugin Slug:
leenkme

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-49661


The vulnerability has not been patched. You should deactivate the plugin.

WordPress Gallery Plugin � Limb Image Gallery

Plugin:

WordPress Gallery Plugin � Limb Image Gallery

Plugin Slug:
limb-gallery

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-49260


The vulnerability has not been patched. You should deactivate the plugin.

WordPress Gallery Plugin � Limb Image Gallery

Plugin:

WordPress Gallery Plugin � Limb Image Gallery

Plugin Slug:
limb-gallery

Vulnerability:
Arbitrary File Download

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-49258


The vulnerability has not been patched. You should deactivate the plugin.

Linked Variation for WooCommerce

Plugin:

Linked Variation for WooCommerce

Plugin Slug:
linked-variation-for-woocommerce

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-48047


The vulnerability has not been patched. You should deactivate the plugin.

Contact Forms, Live Support, CRM, Video Messages

Plugin:

Contact Forms, Live Support, CRM, Video Messages

Plugin Slug:
live-support-tickets

Vulnerability:
Sensitive Data Exposure

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-49235


The vulnerability has not been patched. You should deactivate the plugin.

Maan Addons For Elementor

Plugin:

Maan Addons For Elementor

Plugin Slug:
maan-elementor-addons

Vulnerability:
Local File Inclusion

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-49251


The vulnerability has not been patched. You should deactivate the plugin.

Local Business Addons For Elementor

Plugin:

Local Business Addons For Elementor

Plugin Slug:
map-addons-for-elementor-waze-map

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-49667


The vulnerability has not been patched. You should deactivate the plugin.

El mejor Cluster

Plugin:

El mejor Cluster

Plugin Slug:
mejorcluster

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-49232


The vulnerability has not been patched. You should deactivate the plugin.

Mighty Builder

Plugin:

Mighty Builder

Plugin Slug:
mighty-builder

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-48049


The vulnerability has not been patched. You should deactivate the plugin.

Mitm Bug Tracker

Plugin:

Mitm Bug Tracker

Plugin Slug:
mitm-bug-tracker

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-49224


The vulnerability has not been patched. You should deactivate the plugin.

Monitor.chat

Plugin:

Monitor.chat

Plugin Slug:
monitor-chat

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-49639


The vulnerability has not been patched. You should deactivate the plugin.

Movie Database

Plugin:

Movie Database

Plugin Slug:
movie-database

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-43300


The vulnerability has not been patched. You should deactivate the plugin.

My Reading Library

Plugin:

My Reading Library

Plugin Slug:
my-reading-library

Vulnerability:
PHP Object Injection

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-49318


The vulnerability has not been patched. You should deactivate the plugin.

MyTweetLinks

Plugin:

MyTweetLinks

Plugin Slug:
mytweetlinks

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-49618


The vulnerability has not been patched. You should deactivate the plugin.

Nice Backgrounds

Plugin:

Nice Backgrounds

Plugin Slug:
nicebackgrounds

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-49330


The vulnerability has not been patched. You should deactivate the plugin.

PDF-Rechnungsverwaltung

Plugin:

PDF-Rechnungsverwaltung

Plugin Slug:
pdf-rechnungsverwaltung

Vulnerability:
Local File Inclusion

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-49287


The vulnerability has not been patched. You should deactivate the plugin.

Photo Gallery Builder

Plugin:

Photo Gallery Builder

Plugin Slug:
photo-gallery-builder

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-49325


The vulnerability has not been patched. You should deactivate the plugin.

photokit

Plugin:

photokit

Plugin Slug:
photokit

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-49610


The vulnerability has not been patched. You should deactivate the plugin.

Property Lot Management System

Plugin:

Property Lot Management System

Plugin Slug:
plms

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-49331


The vulnerability has not been patched. You should deactivate the plugin.

Portfolleo

Plugin:

Portfolleo

Plugin Slug:
portfolleo

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-49653


The vulnerability has not been patched. You should deactivate the plugin.

Product Customizer Light

Plugin:

Product Customizer Light

Plugin Slug:
product-customizer-light

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-9848


The vulnerability has not been patched. You should deactivate the plugin.

Product Website Showcase

Plugin:

Product Website Showcase

Plugin Slug:
product-websites-showcase

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-49611


The vulnerability has not been patched. You should deactivate the plugin.

Rate Own Post

Plugin:

Rate Own Post

Plugin Slug:
rate-own-post

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-49616


The vulnerability has not been patched. You should deactivate the plugin.

Recently

Plugin:

Recently

Plugin Slug:
recently-viewed-most-viewed-and-sold-products-for-woocommerce

Vulnerability:
PHP Object Injection

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-49218


The vulnerability has not been patched. You should deactivate the plugin.

3D Work In Progress

Plugin:

3D Work In Progress

Plugin Slug:
renee-work-in-progress

Vulnerability:
Arbitrary File Deletion

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-49657


The vulnerability has not been patched. You should deactivate the plugin.

3D Work In Progress

Plugin:

3D Work In Progress

Plugin Slug:
renee-work-in-progress

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-49652


The vulnerability has not been patched. You should deactivate the plugin.

WP REST API FNS

Plugin:

WP REST API FNS

Plugin Slug:
rest-api-fns

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-49329


The vulnerability has not been patched. You should deactivate the plugin.

WP REST API FNS

Plugin:

WP REST API FNS

Plugin Slug:
rest-api-fns

Vulnerability:
Privilege Escalation

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-49328


The vulnerability has not been patched. You should deactivate the plugin.

Risk Warning Bar

Plugin:

Risk Warning Bar

Plugin Slug:
risk-warning-bar

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-49638


The vulnerability has not been patched. You should deactivate the plugin.

RS-Members

Plugin:

RS-Members

Plugin Slug:
rs-members

Vulnerability:
Privilege Escalation

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-49219


The vulnerability has not been patched. You should deactivate the plugin.

SafetyForms

Plugin:

SafetyForms

Plugin Slug:
safetymails-forms

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-49615


The vulnerability has not been patched. You should deactivate the plugin.

SEO Manager

Plugin:

SEO Manager

Plugin Slug:
seo-manager

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-9521


The vulnerability has not been patched. You should deactivate the plugin.

SermonAudio Widgets

Plugin:

SermonAudio Widgets

Plugin Slug:
sermonaudio-widgets

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-49614


The vulnerability has not been patched. You should deactivate the plugin.

Shipyaari Shipping Management

Plugin:

Shipyaari Shipping Management

Plugin Slug:
shipyaari-shipping-managment

Vulnerability:
PHP Object Injection

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-49626


The vulnerability has not been patched. You should deactivate the plugin.

Simple Code Insert Shortcode

Plugin:

Simple Code Insert Shortcode

Plugin Slug:
simple-code-insert-shortcode

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-49613


The vulnerability has not been patched. You should deactivate the plugin.

Simple Custom Admin

Plugin:

Simple Custom Admin

Plugin Slug:
simple-custom-admin

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-49647


The vulnerability has not been patched. You should deactivate the plugin.

Simple Load More

Plugin:

Simple Load More

Plugin Slug:
simple-load-more

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-49662


The vulnerability has not been patched. You should deactivate the plugin.

SiteBuilder Dynamic Components

Plugin:

SiteBuilder Dynamic Components

Plugin Slug:
sitebuilder-dynamic-components

Vulnerability:
PHP Object Injection

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-49625


The vulnerability has not been patched. You should deactivate the plugin.

Affiliate Platform

Plugin:

Affiliate Platform

Plugin Slug:
smdp-affiliate-platform

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-49645


The vulnerability has not been patched. You should deactivate the plugin.

Social Link Groups

Plugin:

Social Link Groups

Plugin Slug:
social-link-groups

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-49619


The vulnerability has not been patched. You should deactivate the plugin.

Social Share With Floating Bar

Plugin:

Social Share With Floating Bar

Plugin Slug:
social-share-with-floating-bar

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-8790


The vulnerability has not been patched. You should deactivate the plugin.

Sovratec Case Management

Plugin:

Sovratec Case Management

Plugin Slug:
sovratec-case-management

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-49324


The vulnerability has not been patched. You should deactivate the plugin.

SSV Events

Plugin:

SSV Events

Plugin Slug:
ssv-events

Vulnerability:
Local File Inclusion

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-49286


The vulnerability has not been patched. You should deactivate the plugin.

SSV MailChimp

Plugin:

SSV MailChimp

Plugin Slug:
ssv-mailchimp

Vulnerability:
Local File Inclusion

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-49285


The vulnerability has not been patched. You should deactivate the plugin.

Suki Sites Import

Plugin:

Suki Sites Import

Plugin Slug:
suki-sites-import

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-8916


The vulnerability has not been patched. You should deactivate the plugin.

SVG Captcha

Plugin:

SVG Captcha

Plugin Slug:
svg-captcha

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-49648


The vulnerability has not been patched. You should deactivate the plugin.

SW Contact Form

Plugin:

SW Contact Form

Plugin Slug:
sw-contact-form

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-49612


The vulnerability has not been patched. You should deactivate the plugin.

Table of Contents Plus

Plugin:

Table of Contents Plus

Plugin Slug:
table-of-contents-plus

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-49250


The vulnerability has not been patched. You should deactivate the plugin.

Tida URL Screenshot

Plugin:

Tida URL Screenshot

Plugin Slug:
tida-url-screenshot

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-49641


The vulnerability has not been patched. You should deactivate the plugin.

Tito

Plugin:

Tito

Plugin Slug:
tito

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-49241


The vulnerability has not been patched. You should deactivate the plugin.

Todo Custom Field

Plugin:

Todo Custom Field

Plugin Slug:
todo-custom-field

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-49642


The vulnerability has not been patched. You should deactivate the plugin.

uCAT � Next Story

Plugin:

uCAT � Next Story

Plugin Slug:
ucat-next-story

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-49663


The vulnerability has not been patched. You should deactivate the plugin.

Unlimited Addon For Elementor

Plugin:

Unlimited Addon For Elementor

Plugin Slug:
unlimited-addon-for-elementor

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-49267


The vulnerability has not been patched. You should deactivate the plugin.

Adding drop down roles in registration

Plugin:

Adding drop down roles in registration

Plugin Slug:
user-drop-down-roles-in-registration

Vulnerability:
Privilege Escalation

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-49217


The vulnerability has not been patched. You should deactivate the plugin.

Verbalize WP

Plugin:

Verbalize WP

Plugin Slug:
verbalize-wp

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-49668


The vulnerability has not been patched. You should deactivate the plugin.

VKontakte Wall Post

Plugin:

VKontakte Wall Post

Plugin Slug:
vkontakte-wall-post

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-49313


The vulnerability has not been patched. You should deactivate the plugin.

Web Bricks Addons for Elementor

Plugin:

Web Bricks Addons for Elementor

Plugin Slug:
webbricks-addons

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-49665


The vulnerability has not been patched. You should deactivate the plugin.

Woocommerce Custom Profile Picture

Plugin:

Woocommerce Custom Profile Picture

Plugin Slug:
woo-custom-profile-picture

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-49658


The vulnerability has not been patched. You should deactivate the plugin.

Edit WooCommerce Templates

Plugin:

Edit WooCommerce Templates

Plugin Slug:
woo-edit-templates

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-10049


The vulnerability has not been patched. You should deactivate the plugin.

Woo Manage Fraud Orders

Plugin:

Woo Manage Fraud Orders

Plugin Slug:
woo-manage-fraud-orders

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-9937


The vulnerability has not been patched. You should deactivate the plugin.

Parcel Pro

Plugin:

Parcel Pro

Plugin Slug:
woo-parcel-pro

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-9383


The vulnerability has not been patched. You should deactivate the plugin.

WooCommerce Maintenance Mode

Plugin:

WooCommerce Maintenance Mode

Plugin Slug:
woocommerce-maintenance-mode

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-49651


The vulnerability has not been patched. You should deactivate the plugin.

Woostagram Connect

Plugin:

Woostagram Connect

Plugin Slug:
woostagram-connect

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-49327


The vulnerability has not been patched. You should deactivate the plugin.

WordPress Video

Plugin:

WordPress Video

Plugin Slug:
wordpress-video

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-49231


The vulnerability has not been patched. You should deactivate the plugin.

Category and Taxonomy Image

Plugin:

Category and Taxonomy Image

Plugin Slug:
wp-custom-taxonomy-image

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-9591


The vulnerability has not been patched. You should deactivate the plugin.

Category and Taxonomy Meta Fields

Plugin:

Category and Taxonomy Meta Fields

Plugin Slug:
wp-custom-taxonomy-meta

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-9588


The vulnerability has not been patched. You should deactivate the plugin.

Category and Taxonomy Meta Fields

Plugin:

Category and Taxonomy Meta Fields

Plugin Slug:
wp-custom-taxonomy-meta

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-9590


The vulnerability has not been patched. You should deactivate the plugin.

Category and Taxonomy Meta Fields

Plugin:

Category and Taxonomy Meta Fields

Plugin Slug:
wp-custom-taxonomy-meta

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-9589


The vulnerability has not been patched. You should deactivate the plugin.

WP Dropbox Dropins

Plugin:

WP Dropbox Dropins

Plugin Slug:
wp-dropbox-dropins

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-49607


The vulnerability has not been patched. You should deactivate the plugin.

WordPress Image SEO

Plugin:

WordPress Image SEO

Plugin Slug:
wp-post-459182 wp-image-seo

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-49627


The vulnerability has not been patched. You should deactivate the plugin.

Simple User Registration

Plugin:

Simple User Registration

Plugin Slug:
wp-registration

Vulnerability:
Broken Authentication

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-49604


The vulnerability has not been patched. You should deactivate the plugin.

SendGrid for WordPress

Plugin:

SendGrid for WordPress

Plugin Slug:
wp-sendgrid-mailer

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-9364


The vulnerability has not been patched. You should deactivate the plugin.

WP-Spreadplugin

Plugin:

WP-Spreadplugin

Plugin Slug:
wp-spreadplugin

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-49266


The vulnerability has not been patched. You should deactivate the plugin.

wpPricing Builder

Plugin:

wpPricing Builder

Plugin Slug:
wppricing-builder-lite-responsive-pricing-table-builder

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-49225


The vulnerability has not been patched. You should deactivate the plugin.

Wsify Widget

Plugin:

Wsify Widget

Plugin Slug:
wsify-widget

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-48048


The vulnerability has not been patched. You should deactivate the plugin.

WooCommerce

Plugin:

WooCommerce

Plugin Slug:
woocommerce

Installations
8,000,000+

Vulnerability:
Content Injection

Patched in Version:
9.1.0

Severity Score:
Medium

CVE:

2024-9944


The vulnerability has been patched, so you should update to version 9.1.0.

All-in-One WP Migration and Backup

Plugin:

All-in-One WP Migration and Backup

Plugin Slug:
all-in-one-wp-migration

Installations
5,000,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
7.87

Severity Score:
Medium

CVE:

2024-8852


The vulnerability has been patched, so you should update to version 7.87.

Jetpack � WP Security, Backup, Speed, & Growth

Plugin:

Jetpack � WP Security, Backup, Speed, & Growth

Plugin Slug:
jetpack

Installations
4,000,000+

Vulnerability:
Broken Access Control

Patched in Version:
13.9.1

Severity Score:
Medium

CVE:

2024-9926


The vulnerability has been patched, so you should update to version 13.9.1.

Secure Custom Fields

Plugin:

Secure Custom Fields

Plugin Slug:
advanced-custom-fields

Installations
2,000,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
6.3.6.3

Severity Score:
Medium


The vulnerability has been patched, so you should update to version 6.3.6.3.

Royal Elementor Addons and Templates

Plugin:

Royal Elementor Addons and Templates

Plugin Slug:
royal-elementor-addons

Installations
400,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
1.3.987

Severity Score:
Medium

CVE:

2024-7417


The vulnerability has been patched, so you should update to version 1.3.987.

Ad Inserter � Ad Manager & AdSense Ads

Plugin:

Ad Inserter � Ad Manager & AdSense Ads

Plugin Slug:
ad-inserter

Installations
300,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.7.38

Severity Score:
High

CVE:

2024-49248


The vulnerability has been patched, so you should update to version 2.7.38.

Simple Custom Post Order

Plugin:

Simple Custom Post Order

Plugin Slug:
simple-custom-post-order

Installations
300,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.5.8

Severity Score:
Medium

CVE:

2024-49321


The vulnerability has been patched, so you should update to version 2.5.8.

Responsive Lightbox & Gallery

Plugin:

Responsive Lightbox & Gallery

Plugin Slug:
responsive-lightbox

Installations
200,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.4.9

Severity Score:
Medium

CVE:

2024-49282


The vulnerability has been patched, so you should update to version 2.4.9.

Custom Twitter Feeds � A Tweets Widget or X Feed Widget

Plugin:

Custom Twitter Feeds � A Tweets Widget or X Feed Widget

Plugin Slug:
custom-twitter-feeds

Installations
100,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.2.4

Severity Score:
Medium

CVE:

2024-49685


The vulnerability has been patched, so you should update to version 2.2.4.

GiveWP � Donation Plugin and Fundraising Platform

Plugin:

GiveWP � Donation Plugin and Fundraising Platform

Plugin Slug:
give

Installations
100,000+

Vulnerability:
PHP Object Injection

Patched in Version:
3.16.4

Severity Score:
Critical

CVE:

2024-9634


The vulnerability has been patched, so you should update to version 3.16.4.

Translate WordPress � Google Language Translator

Plugin:

Translate WordPress � Google Language Translator

Plugin Slug:
google-language-translator

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
6.0.10

Severity Score:
Medium

CVE:

2021-4452


The vulnerability has been patched, so you should update to version 6.0.10.

Schema & Structured Data for WP & AMP

Plugin:

Schema & Structured Data for WP & AMP

Plugin Slug:
schema-and-structured-data-for-wp

Installations
100,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
1.36

Severity Score:
Medium

CVE:

2024-49683


The vulnerability has been patched, so you should update to version 1.36.

WP Content Copy Protection & No Right Click

Plugin:

WP Content Copy Protection & No Right Click

Plugin Slug:
wp-content-copy-protector

Installations
100,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
3.6.1

Severity Score:
Medium

CVE:

2024-49306


The vulnerability has been patched, so you should update to version 3.6.1.

SlimStat Analytics

Plugin:

SlimStat Analytics

Plugin Slug:
wp-slimstat

Installations
90,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
5.2.7

Severity Score:
High

CVE:

2024-9548


The vulnerability has been patched, so you should update to version 5.2.7.

WP ULike � All-in-One Engagement Toolkit

Plugin:

WP ULike � All-in-One Engagement Toolkit

Plugin Slug:
wp-ulike

Installations
80,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
4.7.5

Severity Score:
Medium

CVE:

2024-9649


The vulnerability has been patched, so you should update to version 4.7.5.

Exclusive Addons for Elementor

Plugin:

Exclusive Addons for Elementor

Plugin Slug:
exclusive-addons-for-elementor

Installations
60,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.7.2

Severity Score:
Medium

CVE:

2024-49292


The vulnerability has been patched, so you should update to version 2.7.2.

WP-Members Membership Plugin

Plugin:

WP-Members Membership Plugin

Plugin Slug:
wp-members

Installations
60,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.4.9.6

Severity Score:
High

CVE:

2024-9231


The vulnerability has been patched, so you should update to version 3.4.9.6.

Calculated Fields Form

Plugin:

Calculated Fields Form

Plugin Slug:
calculated-fields-form

Installations
50,000+

Vulnerability:
Content Injection

Patched in Version:
5.2.46

Severity Score:
Medium

CVE:

2024-9940


The vulnerability has been patched, so you should update to version 5.2.46.

Qi Blocks

Plugin:

Qi Blocks

Plugin Slug:
qi-blocks

Installations
50,000+

Vulnerability:
Local File Inclusion

Patched in Version:
1.3.3

Severity Score:
High

CVE:

2024-49690


The vulnerability has been patched, so you should update to version 1.3.3.

Photo Gallery, Images, Slider in Rbs Image Gallery

Plugin:

Photo Gallery, Images, Slider in Rbs Image Gallery

Plugin Slug:
robo-gallery

Installations
50,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.2.22

Severity Score:
Medium

CVE:

2024-49696


The vulnerability has been patched, so you should update to version 3.2.22.

Simple Membership

Plugin:

Simple Membership

Plugin Slug:
simple-membership

Installations
50,000+

Vulnerability:
Open Redirection

Patched in Version:
4.5.4

Severity Score:
Medium

CVE:

2024-49682


The vulnerability has been patched, so you should update to version 4.5.4.

Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates)

Plugin:

Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates)

Plugin Slug:
sina-extension-for-elementor

Installations
50,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
3.5.8

Severity Score:
Medium

CVE:

2024-9540


The vulnerability has been patched, so you should update to version 3.5.8.

Product Filter by WBW

Plugin:

Product Filter by WBW

Plugin Slug:
woo-product-filter

Installations
50,000+

Vulnerability:
SQL Injection

Patched in Version:
2.7.1

Severity Score:
High

CVE:

2024-49691


The vulnerability has been patched, so you should update to version 2.7.1.

Themesflat Addons For Elementor

Plugin:

Themesflat Addons For Elementor

Plugin Slug:
themesflat-addons-for-elementor

Installations
40,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.2.2

Severity Score:
Medium

CVE:

2024-49310


The vulnerability has been patched, so you should update to version 2.2.2.

WPIDE � File Manager & Code Editor

Plugin:

WPIDE � File Manager & Code Editor

Plugin Slug:
wpide

Installations
40,000+

Vulnerability:
Full Path Disclosure (FPD)

Patched in Version:
3.5.0

Severity Score:
Medium

CVE:

2024-9546


The vulnerability has been patched, so you should update to version 3.5.0.

Timetable and Event Schedule by MotoPress

Plugin:

Timetable and Event Schedule by MotoPress

Plugin Slug:
mp-timetable

Installations
30,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.3.9

Severity Score:
High

CVE:

2020-36840


The vulnerability has been patched, so you should update to version 2.3.9.

?????? ????? ??????? Persian WooCommerce SMS

Plugin:

?????? ????? ??????? Persian WooCommerce SMS

Plugin Slug:
persian-woocommerce-sms

Installations
30,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
7.0.3

Severity Score:
High

CVE:

2024-9213


The vulnerability has been patched, so you should update to version 7.0.3.

VOD Infomaniak

Plugin:

VOD Infomaniak

Plugin Slug:
vod-infomaniak

Installations
30,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.5.8

Severity Score:
Medium

CVE:

2024-49274


The vulnerability has been patched, so you should update to version 1.5.8.

Backup and Staging by WP Time Capsule

Plugin:

Backup and Staging by WP Time Capsule

Plugin Slug:
wp-time-capsule

Installations
20,000+

Vulnerability:
PHP Object Injection

Patched in Version:
1.22.22

Severity Score:
High

CVE:

2024-49684


The vulnerability has been patched, so you should update to version 1.22.22.

Mega Elements � Addons for Elementor

Plugin:

Mega Elements � Addons for Elementor

Plugin Slug:
mega-elements-addons-for-elementor

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.2.7

Severity Score:
Medium

CVE:

2024-49693


The vulnerability has been patched, so you should update to version 1.2.7.

Multiline files upload for contact form 7

Plugin:

Multiline files upload for contact form 7

Plugin Slug:
multiline-files-for-contact-form-7

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.9

Severity Score:
Medium

CVE:

2024-9891


The vulnerability has been patched, so you should update to version 2.9.

WP Photo Album Plus

Plugin:

WP Photo Album Plus

Plugin Slug:
wp-photo-album-plus

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
8.8.07.004

Severity Score:
High

CVE:

2024-9951


The vulnerability has been patched, so you should update to version 8.8.07.004.

Add Widget After Content

Plugin:

Add Widget After Content

Plugin Slug:
add-widget-after-content

Installations
9,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.5

Severity Score:
Medium

CVE:

2024-9892


The vulnerability has been patched, so you should update to version 2.5.

Contact Form by Supsystic

Plugin:

Contact Form by Supsystic

Plugin Slug:
contact-form-by-supsystic

Installations
9,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.7.29

Severity Score:
Medium

CVE:

2024-48046


The vulnerability has been patched, so you should update to version 1.7.29.

Awesome Contact Form7 for Elementor

Plugin:

Awesome Contact Form7 for Elementor

Plugin Slug:
awesome-contact-form7-for-elementor

Installations
8,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.1

Severity Score:
Medium

CVE:

2024-49319


The vulnerability has been patched, so you should update to version 3.1.

Events Addon for Elementor

Plugin:

Events Addon for Elementor

Plugin Slug:
events-addon-for-elementor

Installations
8,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.2.1

Severity Score:
Medium

CVE:

2024-49264


The vulnerability has been patched, so you should update to version 2.2.1.

Primary Addon for Elementor

Plugin:

Primary Addon for Elementor

Plugin Slug:
primary-addon-for-elementor

Installations
8,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.5.9

Severity Score:
Medium

CVE:

2024-49259


The vulnerability has been patched, so you should update to version 1.5.9.

Admin Management Xtended

Plugin:

Admin Management Xtended

Plugin Slug:
admin-management-xtended

Installations
7,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.4.7

Severity Score:
Medium

CVE:

2024-49307


The vulnerability has been patched, so you should update to version 2.4.7.

Customer Email Verification for WooCommerce

Plugin:

Customer Email Verification for WooCommerce

Plugin Slug:
emails-verification-for-woocommerce

Installations
7,000+

Vulnerability:
SQL Injection

Patched in Version:
2.9.0

Severity Score:
Critical

CVE:

2024-49305


The vulnerability has been patched, so you should update to version 2.9.0.

ProfileGrid � User Profiles, Groups and Communities

Plugin:

ProfileGrid � User Profiles, Groups and Communities

Plugin Slug:
profilegrid-user-profiles-groups-and-communities

Installations
7,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
5.9.3.1

Severity Score:
Medium

CVE:

2024-49273


The vulnerability has been patched, so you should update to version 5.9.3.1.

Kama SpamBlock

Plugin:

Kama SpamBlock

Plugin Slug:
kama-spamblock

Installations
6,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.8.3

Severity Score:
High

CVE:

2024-9647


The vulnerability has been patched, so you should update to version 1.8.3.

Arconix Shortcodes

Plugin:

Arconix Shortcodes

Plugin Slug:
arconix-shortcodes

Installations
5,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.1.13

Severity Score:
Medium

CVE:

2024-9703


The vulnerability has been patched, so you should update to version 2.1.13.

ElementsReady Addons for Elementor

Plugin:

ElementsReady Addons for Elementor

Plugin Slug:
element-ready-lite

Installations
5,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
6.4.4

Severity Score:
Medium

CVE:

2024-9444


The vulnerability has been patched, so you should update to version 6.4.4.

ElementInvader Addons for Elementor

Plugin:

ElementInvader Addons for Elementor

Plugin Slug:
elementinvader-addons-for-elementor

Installations
5,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
1.3.0

Severity Score:
Medium

CVE:

2024-9889


The vulnerability has been patched, so you should update to version 1.3.0.

ElementInvader Addons for Elementor

Plugin:

ElementInvader Addons for Elementor

Plugin Slug:
elementinvader-addons-for-elementor

Installations
5,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.2.9

Severity Score:
Medium

CVE:

2024-9888


The vulnerability has been patched, so you should update to version 1.2.9.

WPKoi Templates for Elementor

Plugin:

WPKoi Templates for Elementor

Plugin Slug:
wpkoi-templates-for-elementor

Installations
5,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.1.1

Severity Score:
Medium

CVE:

2024-49679


The vulnerability has been patched, so you should update to version 3.1.1.

PeproDev Ultimate Invoice

Plugin:

PeproDev Ultimate Invoice

Plugin Slug:
pepro-ultimate-invoice

Installations
4,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.0.7

Severity Score:
Medium

CVE:

2024-49298


The vulnerability has been patched, so you should update to version 2.0.7.

Fonto � Custom Web Fonts Manager

Plugin:

Fonto � Custom Web Fonts Manager

Plugin Slug:
fonto

Installations
3,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.2.2

Severity Score:
Medium

CVE:

2024-8920


The vulnerability has been patched, so you should update to version 1.2.2.

Parallax Image

Plugin:

Parallax Image

Plugin Slug:
parallax-image

Installations
3,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.9

Severity Score:
Medium

CVE:

2024-9898


The vulnerability has been patched, so you should update to version 1.9.

RSS Feed Widget

Plugin:

RSS Feed Widget

Plugin Slug:
rss-feed-widget

Installations
3,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.0.0

Severity Score:
Medium

CVE:

2024-10057


The vulnerability has been patched, so you should update to version 3.0.0.

Accordion Slider

Plugin:

Accordion Slider

Plugin Slug:
accordion-slider

Installations
2,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.9.12

Severity Score:
Medium

CVE:

2024-9582


The vulnerability has been patched, so you should update to version 1.9.12.

Anchor Episodes Index (Spotify for Podcasters)

Plugin:

Anchor Episodes Index (Spotify for Podcasters)

Plugin Slug:
anchor-episodes-index

Installations
2,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.1.11

Severity Score:
Medium

CVE:

2024-10189


The vulnerability has been patched, so you should update to version 2.1.11.

Smart Online Order for Clover

Plugin:

Smart Online Order for Clover

Plugin Slug:
clover-online-orders

Installations
2,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.5.8

Severity Score:
High

CVE:

2024-8787


The vulnerability has been patched, so you should update to version 1.5.8.

Smart Online Order for Clover

Plugin:

Smart Online Order for Clover

Plugin Slug:
clover-online-orders

Installations
2,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.5.8

Severity Score:
Medium

CVE:

2024-9895


The vulnerability has been patched, so you should update to version 1.5.8.

Flexmls� IDX Plugin

Plugin:

Flexmls� IDX Plugin

Plugin Slug:
flexmls-idx

Installations
2,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.14.23

Severity Score:
High

CVE:

2024-8719


The vulnerability has been patched, so you should update to version 3.14.23.

Leyka

Plugin:

Leyka

Plugin Slug:
leyka

Installations
2,000+

Vulnerability:
Full Path Disclosure (FPD)

Patched in Version:
3.31.7

Severity Score:
Medium

CVE:

2024-49252


The vulnerability has been patched, so you should update to version 3.31.7.

MAS Companies For WP Job Manager

Plugin:

MAS Companies For WP Job Manager

Plugin Slug:
mas-wp-job-manager-company

Installations
2,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.0.14

Severity Score:
High

CVE:

2024-9206


The vulnerability has been patched, so you should update to version 1.0.14.

My Wp Brand � Hide menu & Hide Plugin

Plugin:

My Wp Brand � Hide menu & Hide Plugin

Plugin Slug:
my-wp-brand

Installations
2,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.1.3

Severity Score:
Medium

CVE:

2024-49694


The vulnerability has been patched, so you should update to version 1.1.3.

Smart Blocks

Plugin:

Smart Blocks

Plugin Slug:
smart-blocks

Installations
2,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.1

Severity Score:
Medium

CVE:

2024-49270


The vulnerability has been patched, so you should update to version 2.1.

Advanced Category and Custom Taxonomy Image

Plugin:

Advanced Category and Custom Taxonomy Image

Plugin Slug:
advanced-category-and-custom-taxonomy-image

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.1.0

Severity Score:
Medium

CVE:

2024-9425


The vulnerability has been patched, so you should update to version 1.1.0.

AppPresser � Mobile App Framework

Plugin:

AppPresser � Mobile App Framework

Plugin Slug:
apppresser

Installations
1,000+

Vulnerability:
Privilege Escalation

Patched in Version:
4.4.5

Severity Score:
High

CVE:

2024-9305


The vulnerability has been patched, so you should update to version 4.4.5.

Great Restaurant Menu WP

Plugin:

Great Restaurant Menu WP

Plugin Slug:
best-restaurant-menu-by-pricelisto

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.4.3

Severity Score:
Medium

CVE:

2024-49698


The vulnerability has been patched, so you should update to version 1.4.3.

Clio Grow Form

Plugin:

Clio Grow Form

Plugin Slug:
clio-grow-form

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.0.3

Severity Score:
High

CVE:

2024-49276


The vulnerability has been patched, so you should update to version 1.0.3.

Encyclopedia / Glossary / Wiki

Plugin:

Encyclopedia / Glossary / Wiki

Plugin Slug:
encyclopedia-lexicon-glossary-wiki-dictionary

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.7.61

Severity Score:
High

CVE:

2024-49320


The vulnerability has been patched, so you should update to version 1.7.61.

HD Quiz � Save Results Light

Plugin:

HD Quiz � Save Results Light

Plugin Slug:
hd-quiz-save-results-light

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
0.6

Severity Score:
Medium

CVE:

2024-49689


The vulnerability has been patched, so you should update to version 0.6.

IdeaPush

Plugin:

IdeaPush

Plugin Slug:
ideapush

Installations
1,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
8.71

Severity Score:
Medium

CVE:

2024-49275


The vulnerability has been patched, so you should update to version 8.71.

Locatoraid Store Locator

Plugin:

Locatoraid Store Locator

Plugin Slug:
locatoraid

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.9.48

Severity Score:
High

CVE:

2024-9652


The vulnerability has been patched, so you should update to version 3.9.48.

Most And Least Read Posts Widget

Plugin:

Most And Least Read Posts Widget

Plugin Slug:
most-and-least-read-posts-widget

Installations
1,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.5.19

Severity Score:
Medium

CVE:

2024-49628


The vulnerability has been patched, so you should update to version 2.5.19.

My Favorites

Plugin:

My Favorites

Plugin Slug:
my-favorites

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.4.3

Severity Score:
Medium

CVE:

2024-49263


The vulnerability has been patched, so you should update to version 1.4.3.

myCred Elementor

Plugin:

myCred Elementor

Plugin Slug:
mycred-for-elementor

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.2.7

Severity Score:
Medium

CVE:

2024-49702


The vulnerability has been patched, so you should update to version 1.2.7.

News Kit Elementor Addons

Plugin:

News Kit Elementor Addons

Plugin Slug:
news-kit-elementor-addons

Installations
1,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
1.2.2

Severity Score:
Medium

CVE:

2024-9541


The vulnerability has been patched, so you should update to version 1.2.2.

ReDi Restaurant Reservation

Plugin:

ReDi Restaurant Reservation

Plugin Slug:
redi-restaurant-reservation

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
24.1015

Severity Score:
High

CVE:

2024-9240


The vulnerability has been patched, so you should update to version 24.1015.

WordPress Social Share Buttons

Plugin:

WordPress Social Share Buttons

Plugin Slug:
share-button

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.20

Severity Score:
High

CVE:

2024-9219


The vulnerability has been patched, so you should update to version 1.20.

StreamWeasels Twitch Integration

Plugin:

StreamWeasels Twitch Integration

Plugin Slug:
streamweasels-twitch-integration

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.8.7

Severity Score:
Medium

CVE:

2024-9897


The vulnerability has been patched, so you should update to version 1.8.7.

WP Flow Plus

Plugin:

WP Flow Plus

Plugin Slug:
wp-imageflow2

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
5.2.4

Severity Score:
Medium

CVE:

2024-49695


The vulnerability has been patched, so you should update to version 5.2.4.

Photo Gallery Slideshow & Masonry Tiled Gallery

Plugin:

Photo Gallery Slideshow & Masonry Tiled Gallery

Plugin Slug:
wp-responsive-photo-gallery

Installations
1,000+

Vulnerability:
SQL Injection

Patched in Version:
1.0.4

Severity Score:
High

CVE:

2019-25218


The vulnerability has been patched, so you should update to version 1.0.4.

The Ultimate WordPress Toolkit � WP Extended

Plugin:

The Ultimate WordPress Toolkit � WP Extended

Plugin Slug:
wpextended

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.0.10

Severity Score:
High

CVE:

2024-9347


The vulnerability has been patched, so you should update to version 3.0.10.

Zita Elementor Site Library

Plugin:

Zita Elementor Site Library

Plugin Slug:
zita-site-library

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.6.4

Severity Score:
Medium

CVE:

2024-8921


The vulnerability has been patched, so you should update to version 1.6.4.

SendPulse Free Web Push

Plugin:

SendPulse Free Web Push

Plugin Slug:
sendpulse-web-push

Installations
900+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.3.7

Severity Score:
High

CVE:

2024-9184


The vulnerability has been patched, so you should update to version 1.3.7.

MAS Elementor

Plugin:

MAS Elementor

Plugin Slug:
mas-addons-for-elementor

Installations
700+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.1.7

Severity Score:
Medium

CVE:

2024-49233


The vulnerability has been patched, so you should update to version 1.1.7.

WP Sessions Time Monitoring Full Automatic

Plugin:

WP Sessions Time Monitoring Full Automatic

Plugin Slug:
activitytime

Installations
500+

Vulnerability:
SQL Injection

Patched in Version:
1.1.0

Severity Score:
Critical

CVE:

2024-49681


The vulnerability has been patched, so you should update to version 1.1.0.

Plexx Elementor Extension

Plugin:

Plexx Elementor Extension

Plugin Slug:
plexx-elementor-extension

Installations
400+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.3.7

Severity Score:
Medium

CVE:

2024-49234


The vulnerability has been patched, so you should update to version 1.3.7.

AADMY � Add Auto Date Month Year Into Posts

Plugin:

AADMY � Add Auto Date Month Year Into Posts

Plugin Slug:
auto-date-year-month

Installations
300+

Vulnerability:
Content Injection

Patched in Version:
2.0.2

Severity Score:
Medium

CVE:

2024-9837


The vulnerability has been patched, so you should update to version 2.0.2.

Rover IDX

Plugin:

Rover IDX

Plugin Slug:
rover-idx

Installations
300+

Vulnerability:
Privilege Escalation

Patched in Version:
3.0.0.2906

Severity Score:
High

CVE:

2024-10002


The vulnerability has been patched, so you should update to version 3.0.0.2906.

Rover IDX

Plugin:

Rover IDX

Plugin Slug:
rover-idx

Installations
300+

Vulnerability:
Broken Access Control

Patched in Version:
3.0.0.2905

Severity Score:
Medium

CVE:

2024-10003


The vulnerability has been patched, so you should update to version 3.0.0.2905.

Da Reactions

Plugin:

Da Reactions

Plugin Slug:
da-reactions

Installations
200+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
5.2.0

Severity Score:
Medium

CVE:

2024-49255


The vulnerability has been patched, so you should update to version 5.2.0.

Point Maker

Plugin:

Point Maker

Plugin Slug:
point-maker

Installations
200+

Vulnerability:
Local File Inclusion

Patched in Version:
0.1.5

Severity Score:
High

CVE:

2024-49317


The vulnerability has been patched, so you should update to version 0.1.5.

Endless Posts Navigation

Plugin:

Endless Posts Navigation

Plugin Slug:
endless-posts-navigation

Installations
100+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.2.8

Severity Score:
High

CVE:

2024-49629


The vulnerability has been patched, so you should update to version 2.2.8.

Miniorange OTP Verification with Firebase

Plugin:

Miniorange OTP Verification with Firebase

Plugin Slug:
miniorange-firebase-sms-otp-verification

Installations
100+

Vulnerability:
Broken Authentication

Patched in Version:
3.6.1

Severity Score:
High

CVE:

2024-9861


The vulnerability has been patched, so you should update to version 3.6.1.

Miniorange OTP Verification with Firebase

Plugin:

Miniorange OTP Verification with Firebase

Plugin Slug:
miniorange-firebase-sms-otp-verification

Installations
100+

Vulnerability:
Broken Authentication

Patched in Version:
3.6.1

Severity Score:
Critical

CVE:

2024-9862


The vulnerability has been patched, so you should update to version 3.6.1.

Miniorange OTP Verification with Firebase

Plugin:

Miniorange OTP Verification with Firebase

Plugin Slug:
miniorange-firebase-sms-otp-verification

Installations
100+

Vulnerability:
Privilege Escalation

Patched in Version:
3.6.1

Severity Score:
Critical

CVE:

2024-9863


The vulnerability has been patched, so you should update to version 3.6.1.

WP 2FA with Telegram

Plugin:

WP 2FA with Telegram

Plugin Slug:
two-factor-login-telegram

Installations
100+

Vulnerability:
Broken Authentication

Patched in Version:
3.1

Severity Score:
High

CVE:

2024-9687


The vulnerability has been patched, so you should update to version 3.1.

WP 2FA with Telegram

Plugin:

WP 2FA with Telegram

Plugin Slug:
two-factor-login-telegram

Installations
100+

Vulnerability:
Bypass Vulnerability

Patched in Version:
3.1

Severity Score:
Medium

CVE:

2024-9820


The vulnerability has been patched, so you should update to version 3.1.

Debrandify � Remove or Replace WordPress Branding

Plugin:

Debrandify � Remove or Replace WordPress Branding

Plugin Slug:
debrandify

Installations
60+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.1.3

Severity Score:
Medium

CVE:

2024-9674


The vulnerability has been patched, so you should update to version 1.1.3.

Advanced Custom Fields PRO

Plugin:

Advanced Custom Fields PRO

Plugin Slug:
advanced-custom-fields-pro

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
6.3.9

Severity Score:
Medium


The vulnerability has been patched, so you should update to version 6.3.9.

Cooked Pro

Plugin:

Cooked Pro

Plugin Slug:
cooked-pro

Vulnerability:
Arbitrary File Upload

Patched in Version:
1.8.0

Severity Score:
Critical

CVE:

2024-49291


The vulnerability has been patched, so you should update to version 1.8.0.

Cooked Pro

Plugin:

Cooked Pro

Plugin Slug:
cooked-pro

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.8.0

Severity Score:
Medium

CVE:

2024-49290


The vulnerability has been patched, so you should update to version 1.8.0.

Cooked Pro

Plugin:

Cooked Pro

Plugin Slug:
cooked-pro

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.8.0

Severity Score:
Medium

CVE:

2024-49289


The vulnerability has been patched, so you should update to version 1.8.0.

EventON Pro

Plugin:

EventON Pro

Plugin Slug:
eventon-wordpress-event-calendar-plugin

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
4.7

Severity Score:
Medium

CVE:

2023-6243


The vulnerability has been patched, so you should update to version 4.7.

Nextend Social Login Pro

Plugin:

Nextend Social Login Pro

Plugin Slug:
nextend-social-login-pro

Vulnerability:
Broken Authentication

Patched in Version:
3.1.15

Severity Score:
Critical

CVE:

2024-9893


The vulnerability has been patched, so you should update to version 3.1.15.

Social Auto Poster

Plugin:

Social Auto Poster

Plugin Slug:
social-auto-poster

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
5.3.16

Severity Score:
Medium

CVE:

2024-49272


The vulnerability has been patched, so you should update to version 5.3.16.

Time Clock Pro

Plugin:

Time Clock Pro

Plugin Slug:
time-clock-pro

Vulnerability:
Remote Code Execution (RCE)

Patched in Version:
1.1.5

Severity Score:
High

CVE:

2024-9593


The vulnerability has been patched, so you should update to version 1.1.5.

File Manager Pro

Plugin:

File Manager Pro

Plugin Slug:
wp-file-manager-pro

Vulnerability:
Arbitrary File Upload

Patched in Version:
8.3.10

Severity Score:
High

CVE:

2024-8918


The vulnerability has been patched, so you should update to version 8.3.10.

File Manager Pro

Plugin:

File Manager Pro

Plugin Slug:
wp-file-manager-pro

Vulnerability:
Broken Access Control

Patched in Version:
8.3.10

Severity Score:
High

CVE:

2024-8746


The vulnerability has been patched, so you should update to version 8.3.10.

File Manager Pro

Plugin:

File Manager Pro

Plugin Slug:
wp-file-manager-pro

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
8.3.10

Severity Score:
High

CVE:

2024-8507


The vulnerability has been patched, so you should update to version 8.3.10.

WordPress Themes � 1 Patched / 5 Unpatched

Digitally

Theme:

Digitally

Theme Slug:
digitally

Downloads
8,046

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-49309


The vulnerability has not been patched. You should switch themes.

disconnected

Theme:

disconnected

Theme Slug:
disconnected

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-49268


The vulnerability has not been patched. You should switch themes.

js paper

Theme:

js paper

Theme Slug:
js-paper

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-49678


The vulnerability has not been patched. You should switch themes.

my flatonica

Theme:

my flatonica

Theme Slug:
my-flatonica

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-49269


The vulnerability has not been patched. You should switch themes.

my wooden under construction

Theme:

my wooden under construction

Theme Slug:
my-wooden-under-construction

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-49269


The vulnerability has not been patched. You should switch themes.

Mags

Theme:

Mags

Theme Slug:
mags

Downloads
25,887

Vulnerability:
Local File Inclusion

Patched in Version:
1.1.7

Severity Score:
High

CVE:

2024-49701


The vulnerability has been patched, so you should update to version 1.1.7.

Related articles

Uncategorized
WordPress Vulnerability Report � February 28, 2024 [email protected]
Uncategorized
WordPress Vulnerability Roundup: June 2019, Part 2 SolidWP Editorial Team
Uncategorized
12 Email Templates for Giving Tuesday to Boost Your Donations Taylor Waldon
Uncategorized
LearnDash vs LearnPress Karmen Kendrick
Uncategorized
The Gutenberg WordPress Editor: 10 Things You Need to Know SolidWP Editorial Team
Uncategorized
How to Build a School Website Using WordPress Jaime Marchwinski

Wait! Get exclusive hosting insights

Subscribe to our newsletter and stay ahead of the competition with expert advice from our hosting pros.

Loading form…