Nexcess.com Servers.com LiquidWeb.com

Line illustration showing a black application window on a blue gradient background overlaid with a large exclamation point alert icon and three bugs.

WordPress Vulnerability Report � December 18, 2024

In this report, 345 vulnerabilities have been publicly disclosed. Security patches for 164 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 181 plugin and theme vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

WordPress Core

WordPress 6.7.1 is available! This minor release features 16 bug fixes throughout Core and the Block Editor.

WordPress Plugins � 156 Patched / 179 Unpatched

Plugin:: WP Mega Menu
Plugin Slug:: wp-megamenu
Installations: 10,000+
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-54282

Plugin:: WPCargo Track & Trace
Plugin Slug:: wpcargo
Installations: 10,000+
Vulnerability:: Settings Change
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-54271

Plugin:: Awesome Support � WordPress HelpDesk & Support Plugin
Plugin Slug:: awesome-support
Installations: 9,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-54289

Plugin:: Axeptio � Cookie Banner � GDPR Consent & Compliance with a friendly touch
Plugin Slug:: axeptio-sdk-integration
Installations: 7,000+
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-54270

Plugin:: Radio Player � Live Shoutcast, Icecast and Any Audio Stream Player for WordPress
Plugin Slug:: radio-player
Installations: 6,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-54385

Plugin:: EazyDocs � Most Powerful Knowledge base, wiki, Documentation Builder Plugin
Plugin Slug:: eazydocs
Installations: 2,000+
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-54376

Plugin:: News Ticker for Elementor
Plugin Slug:: news-ticker-for-elementor
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-54278

Plugin:: WP Menu Image
Plugin Slug:: wp-menu-image
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-52485

Plugin:: Smaily for WP
Plugin Slug:: smaily-for-wp
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-54286

Plugin:: SQL Chart Builder
Plugin Slug:: sql-chart-builder
Installations: 800+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-11430

Plugin:: Job Board Manager
Plugin Slug:: job-board-manager
Installations: 500+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-55993

Plugin:: SIP Calculator
Plugin Slug:: sip-calculator
Installations: 300+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-12555

Plugin:: LDD Directory Lite
Plugin Slug:: ldd-directory-lite
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-54288

Plugin:: The Permalinker
Plugin Slug:: the-permalinker
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-11894

Plugin:: Nias course | ???? ??? ????
Plugin Slug:: nias-course
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-54277

Plugin:: Role Includer
Plugin Slug:: role-includer
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-54290

Plugin:: Radius Blocks � WordPress Gutenberg Blocks
Plugin Slug:: radius-blocks
Installations: 70+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-54272

Plugin:: WordPress HelpDesk & Support Ticket System Plugin � Octrace Support
Plugin Slug:: octrace-support
Installations: 50+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-54274

Plugin:: WP Cookies Enabler
Plugin Slug:: wp-cookies-enabler
Installations: 30+
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-54380

Plugin:: Advanced Blog Post Block
Plugin Slug:: advanced-blog-post-block
Installations: 10+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-54287

Plugin:: Poll, Poll Forms � WordPress Poll plugin by Poll Builder
Plugin Slug:: poll-builder
Installations: 10+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-54276

Plugin:: Woocommerce Blocks � Woolook
Plugin Slug:: woolook
Installations: 10+
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-54375

Plugin:: WP-NERD Toolkit
Plugin Slug:: wp-nerd-toolkit
Installations: 10+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-54279

Plugin:: 3D Avatar User Profile
Plugin Slug:: 3d-avatar-user-profile
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-54358

Plugin:: Add image to Post
Plugin Slug:: add-image-to-post
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-54428

Plugin:: Advance Menu Manager
Plugin Slug:: advance-menu-manager
Vulnerability:: Settings Change
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-54381

Plugin:: Advanced Data Table For Elementor
Plugin Slug:: advanced-data-table-for-elementor
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-54443

Plugin:: Advanced Fancybox
Plugin Slug:: advanced-fancybox
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-54401

Plugin:: Advanced What should we write next about
Plugin Slug:: advanced-what-should-we-write-about-next
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-55987

Plugin:: AI Post Generator | AutoWriter
Plugin Slug:: ai-post-generator
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-11709

Plugin:: Zita Site Builder
Plugin Slug:: ai-site-builder
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-54369

Plugin:: Amazon Product Price
Plugin Slug:: amazon-product-price
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-54439

Plugin:: Animated Counters
Plugin Slug:: animated-counters
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-11905

Plugin:: Aphorismus
Plugin Slug:: aphorismus
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-54429

Plugin:: AppMaps
Plugin Slug:: appmaps
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-54400

Plugin:: Appsplate
Plugin Slug:: appsplate
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-54292

Plugin:: Arabic Webfonts
Plugin Slug:: arabic-webfonts
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-54402

Plugin:: Arena.IM � Live Blogging for real-time events
Plugin Slug:: arena-liveblog-and-chat-tool
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12526

Plugin:: Arena.IM � Live Blogging for real-time events
Plugin Slug:: arena-liveblog-and-chat-tool
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12463

Plugin:: Firebase OTP Authentication
Plugin Slug:: authentication-via-otp-using-firebase
Vulnerability:: Broken Authentication
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-54294

Plugin:: Banner System
Plugin Slug:: banner-system
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-54359

Plugin:: Bet sport Free
Plugin Slug:: bet-sport-free
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-54396

Plugin:: Better WP Login Page
Plugin Slug:: better-wp-login-page
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-54442

Plugin:: Bootstrap Buttons
Plugin Slug:: bootstrap-buttons
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-49677

Plugin:: Buk
Plugin Slug:: buk-appointments
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-11869

Plugin:: Caldera SMTP Mailer
Plugin Slug:: caldera-smtp-mailer
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-56003

Plugin:: Mollie for Contact Form 7
Plugin Slug:: cf7-mollie
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-55990

Plugin:: ??????
Plugin Slug:: changyan
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-55994

Plugin:: CK and SyntaxHighlighter
Plugin Slug:: ck-and-syntaxhighlighter
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-54407

Plugin:: Code Generator Pro
Plugin Slug:: code-generator-pro
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-55978

Plugin:: Comments On Feed
Plugin Slug:: comments-on-feed
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-54406

Plugin:: Companion Portfolio
Plugin Slug:: companion-portfolio
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-11867

Plugin:: Connatix Video Embed
Plugin Slug:: connatix-video-embed
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-11883

Plugin:: CoSchool LMS
Plugin Slug:: coschool
Vulnerability:: Broken Authentication
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-54296

Plugin:: Crafthemes Demo Import
Plugin Slug:: crafthemes-demo-import
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-9698

Plugin:: Cricket Live Score
Plugin Slug:: cricket-score
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-11877

Plugin:: Critical Site Intel
Plugin Slug:: critical-site-intel-stats
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-55976

Plugin:: CRUDLab Google Plus Button
Plugin Slug:: crudlab-google-plus
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-54399

Plugin:: CSV to html
Plugin Slug:: csv-to-html
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-54275

Plugin:: Custom Skins Contact Form 7
Plugin Slug:: custom-skins-contact-form-7
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12341

Plugin:: Ultimate Endpoints With Rest Api
Plugin Slug:: custom-wp-rest-api
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-12260

Plugin:: Mimoos
Plugin Slug:: devoluciones-packback
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-55974

Plugin:: Display Future Posts
Plugin Slug:: display-future-posts
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-54413

Plugin:: Dr Affiliate
Plugin Slug:: dr-affiliate
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-55975

Plugin:: DTC Documents
Plugin Slug:: dtc-documents
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-54418

Plugin:: Easy Site Importer
Plugin Slug:: easy-site-importer
Vulnerability:: Settings Change
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-56004

Plugin:: ECT Product Carousel
Plugin Slug:: ect-product-carousel
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-54412

Plugin:: ECT Social Share
Plugin Slug:: ect-social-share
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-54405

Plugin:: EELV Newsletter
Plugin Slug:: eelv-newsletter
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-54430

Plugin:: Mandrill WP
Plugin Slug:: email-form-under-post
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-54394

Plugin:: eTemplates
Plugin Slug:: etemplates
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-55972

Plugin:: Evernote Sync
Plugin Slug:: evernote-sync
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-54422

Plugin:: Feedpress Generator
Plugin Slug:: feedpress-generator
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-54364

Plugin:: Flaming Forms
Plugin Slug:: flaming-forms
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-54398

Plugin:: Flash News / Post (Responsive)
Plugin Slug:: flashnews-fading-effect-pearlbells
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-56012

Plugin:: Floating Video Player
Plugin Slug:: floating-player
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-54421

Plugin:: Gaxx Keywords
Plugin Slug:: gaxx-keywords
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-54438

Plugin:: Geoportail Shortcode
Plugin Slug:: geoportail-shortcode
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-54414

Plugin:: Get Post Content Shortcode
Plugin Slug:: get-post-content-shortcode
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12447

Plugin:: GitSync
Plugin Slug:: git-sync
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-54368

Plugin:: glomex oEmbed
Plugin Slug:: glomex-oembed
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-11873

Plugin:: Go Animate
Plugin Slug:: goanimate
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-54397

Plugin:: Grid Plus
Plugin Slug:: grid-plus
Vulnerability:: Arbitrary Code Execution
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-10910

Plugin:: Gutensee
Plugin Slug:: gutensee
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-54360

Plugin:: Opt-In Downloads
Plugin Slug:: halfdata-optin-downloads
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-10590

Plugin:: Hello In All Languages
Plugin Slug:: hello-in-all-languages
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-12572

Plugin:: Horizontal scroll image slideshow
Plugin Slug:: horizontal-scroll-image-slideshow
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-11442

Plugin:: HostFact bestelformulier integratie
Plugin Slug:: hostfact-bestelformulier-integratie
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-11413

Plugin:: HQ Rental Software
Plugin Slug:: hq-rental-software
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-11689

Plugin:: IDer Login
Plugin Slug:: ider-login
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-11888

Plugin:: Image Mapper
Plugin Slug:: image-mapper
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-56016

Plugin:: Increase Sociability
Plugin Slug:: increase-sociability
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-54395

Plugin:: Insertify
Plugin Slug:: insertify
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-54372

Plugin:: Instant Appointment
Plugin Slug:: instant-appointment
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-54361

Plugin:: jCarousel
Plugin Slug:: jcarousel-for-wordpress
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-54437

Plugin:: Jet Footer Code
Plugin Slug:: jet-footer-code
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-54436

Plugin:: KH Easy User Settings
Plugin Slug:: kh-easy-user-settings
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-54365

Plugin:: Kredeum NFTs
Plugin Slug:: kredeum-nfts
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-11876

Plugin:: kvCORE IDX
Plugin Slug:: kvcore-idx
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-11723

Plugin:: LaunchPage.app Importer
Plugin Slug:: launchpage-app-importer
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-55977

Plugin:: Leader
Plugin Slug:: leader
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-56007

Plugin:: LeaderBoard Plugin
Plugin Slug:: leaderboard-lite
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-54426

Plugin:: Library Management System
Plugin Slug:: library-management-system
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-12406

Plugin:: Like in Vk.com
Plugin Slug:: like-on-vkontakte
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-54424

Plugin:: Category of Posts
Plugin Slug:: list-one-category-of-posts
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-54427

Plugin:: ListApp Mobile Manager
Plugin Slug:: listapp-mobile-manager
Vulnerability:: Broken Authentication
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-54295

Plugin:: LionScripts: Site Maintenance & Noindex Nofollow Plugin
Plugin Slug:: maintenance-and-noindex-nofollow
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-54425

Plugin:: MDC Comment Toolbar
Plugin Slug:: mdc-comment-toolbar
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-54404

Plugin:: Metrika
Plugin Slug:: metrika
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-54420

Plugin:: Minterpress
Plugin Slug:: minterpress
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-54379

Plugin:: Multiple Admin Emails
Plugin Slug:: multiple-admin-emails
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-54388

Plugin:: My IDX Home Search
Plugin Slug:: my-idx-home-search
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12502

Plugin:: addWeather
Plugin Slug:: myweather
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-54389

Plugin:: Nabz Image Gallery
Plugin Slug:: nabz-image-gallery
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-55981

Plugin:: Navayan CSV Export
Plugin Slug:: navayan-csv-export
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-55988

Plugin:: Newsletter Subscriptions
Plugin Slug:: newsletter-subscriptions
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-11683

Plugin:: Onlywire Multi Autosubmitter
Plugin Slug:: onlywire-multi-autosubmitter
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-54435

Plugin:: Order Delivery & Pickup Location Date Time
Plugin Slug:: order-delivery-pickup-location-date-time-free-version
Vulnerability:: Settings Change
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-55997

Plugin:: phZoom
Plugin Slug:: phzoom
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-54434

Plugin:: PixProof
Plugin Slug:: pixproof
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-54417

Plugin:: Popup Surveys & Polls for WordPress (Mare.io)
Plugin Slug:: popup-surveys
Vulnerability:: Settings Change
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-55998

Plugin:: Portfolio � Filterable Masonry Portfolio Gallery for Professionals
Plugin Slug:: portfolio-pro
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-11900

Plugin:: Post Carousel & Slider
Plugin Slug:: post-types-carousel-slider
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-11770

Plugin:: Posts and Products Views for WooCommerce
Plugin Slug:: posts-and-products-views
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12448

Plugin:: Posts Date Ranges
Plugin Slug:: posts-date-ranges
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-54387

Plugin:: PowerFormBuilder
Plugin Slug:: power-forms-builder
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-55983

Plugin:: Push Monkey Pro � Web Push Notifications and WooCommerce Abandoned Cart
Plugin Slug:: push-monkey-desktop-push-notifications
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-54386

Plugin:: Quietly Insights
Plugin Slug:: quietly-insights
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-54378

Plugin:: Share Buttons � Social Media
Plugin Slug:: rich-web-share-button
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-55982

Plugin:: Saksh Escrow System
Plugin Slug:: saksh-escrow-system
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-55984

Plugin:: Saoshyant Element
Plugin Slug:: saoshyant-element
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-51646

Plugin:: SeedProd Pro
Plugin Slug:: seedprod-coming-soon-pro-5
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-54285

Plugin:: SeedProd Pro
Plugin Slug:: seedprod-coming-soon-pro-5
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-54284

Plugin:: SeedProd Pro
Plugin Slug:: seedprod-coming-soon-pro-5
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-54283

Plugin:: Service
Plugin Slug:: service
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-55986

Plugin:: Sign In With Google
Plugin Slug:: sign-in-with-google
Vulnerability:: Broken Authentication
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-11015

Plugin:: Simple Booking Widget
Plugin Slug:: simple-booking-widget
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-54433

Plugin:: Slope Widgets
Plugin Slug:: slope-widgets
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-11902

Plugin:: Social Media Sharing
Plugin Slug:: social-media-sharing
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-54423

Plugin:: SOPA Blackout
Plugin Slug:: sopa-blackout
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-54410

Plugin:: WP Simple Pay Lite Manager
Plugin Slug:: stripe-manager
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-55989

Plugin:: Surbma | SalesAutopilot Shortcode
Plugin Slug:: surbma-salesautopilot-shortcode
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-11433

Plugin:: SVG Shortcode
Plugin Slug:: svg-shortcode
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-12574

Plugin:: TagGator
Plugin Slug:: taggator
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-54390

Plugin:: TCBD Popover
Plugin Slug:: tcbd-popover
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-11751

Plugin:: Tidy Up
Plugin Slug:: tidy-up
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-56015

Plugin:: TPG Get Posts
Plugin Slug:: tpg-get-posts
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-11906

Plugin:: TSB Occasion Editor
Plugin Slug:: tsb-occasion-editor
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-55973

Plugin:: Ui Slider Filter By Price
Plugin Slug:: ui-slider-filter-by-price
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-54419

Plugin:: Utech World Time
Plugin Slug:: utech-world-time-for-wp
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-54441

Plugin:: vBSSO-lite
Plugin Slug:: vbsso-lite
Vulnerability:: Broken Authentication
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-54297

Plugin:: Visual Recent Posts
Plugin Slug:: visual-recent-posts
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-54403

Plugin:: Visualmodo Elements
Plugin Slug:: visualmodo-elements
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-11095

Plugin:: Website Toolbox Community
Plugin Slug:: website-toolbox-forums
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-12338

Plugin:: WooCommerce Cart Count Shortcode
Plugin Slug:: woo-cart-count-shortcode
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12517

Plugin:: WooCommerce Basic Ordernumbers
Plugin Slug:: woocommerce-basic-ordernumbers
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-55992

Plugin:: WordPress Filter
Plugin Slug:: wordpress-filter
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-54391

Plugin:: Wovax IDX
Plugin Slug:: wovax-idx
Vulnerability:: Broken Authentication
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-56013

Plugin:: WP-Ban-User
Plugin Slug:: wp-ban-user
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-54440

Plugin:: WP Fiddle
Plugin Slug:: wp-fiddle
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-54393

Plugin:: WP Flipkart Importer
Plugin Slug:: wp-flipkart-importer
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-54432

Plugin:: WP-HideThat
Plugin Slug:: wp-hide-that
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-54415

Plugin:: Wp Login with Ajax
Plugin Slug:: wp-login-with-ajax
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-54416

Plugin:: WP Controller
Plugin Slug:: wp-management-controller
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-54411

Plugin:: Wp NssUser Register
Plugin Slug:: wp-nssuser-register
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-54363

Plugin:: Wp photo text slider 50
Plugin Slug:: wp-photo-text-slider-50
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-11884

Plugin:: WP Service Payment Form With Authorize.net
Plugin Slug:: wp-service-payment-form-with-authorizenet
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-12258

Plugin:: Tithe.ly Giving Button
Plugin Slug:: wp-tithely
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-11841

Plugin:: WP?????
Plugin Slug:: wp-weixin-robot
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-54392

Plugin:: WPBookit
Plugin Slug:: wpbookit
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-54280

Plugin:: Admin Customization
Plugin Slug:: wpp-customization
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-54431

Plugin:: Wr Age Verification
Plugin Slug:: wr-age-verification
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-55979

Plugin:: Wr Age Verification
Plugin Slug:: wr-age-verification
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-55980

Plugin:: XML Multilanguage Sitemap Generator
Plugin Slug:: xml-multilanguage-sitemap-generator
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-55999

Plugin:: XPD Reduce Image Filesize
Plugin Slug:: xpd-reduce-image-filesize
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-54409

Plugin:: YDS Support Ticket System
Plugin Slug:: yds-support-ticket-system
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-55985

Plugin:: States Map US
Plugin Slug:: ymc-states-map
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12523

Plugin:: YooBar
Plugin Slug:: yoo-bar
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-11410

Plugin:: Youtube Video Grid
Plugin Slug:: youmax-channel-embeds-for-youtube-businesses
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-54408

Plugin:: WPForms � Easy Form Builder for WordPress � Contact Forms, Payment Forms, Surveys, & More
Plugin Slug:: wpforms-lite
Installations: 6,000,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.9.2.2
Severity Score:: High
CVE:: 2024-11205

Plugin:: MainWP Child � Securely Connects to the MainWP Dashboard to Manage Multiple Sites
Plugin Slug:: mainwp-child
Installations: 700,000+
Vulnerability:: Privilege Escalation
Patched in Version:: 5.3
Severity Score:: High
CVE:: 2024-10783

Plugin:: Ninja Forms � The Contact Form Builder That Grows With You
Plugin Slug:: ninja-forms
Installations: 700,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.8.20
Severity Score:: High
CVE:: 2024-11052

Plugin:: The Events Calendar
Plugin Slug:: the-events-calendar
Installations: 700,000+
Vulnerability:: Broken Access Control
Patched in Version:: 6.8.2.1
Severity Score:: Medium
CVE:: 2024-5333

Plugin:: User Role Editor
Plugin Slug:: user-role-editor
Installations: 700,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 4.64.4
Severity Score:: Critical
CVE:: 2024-12293

Plugin:: Fluent Forms � Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder
Plugin Slug:: fluentform
Installations: 500,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.2.7
Severity Score:: High
CVE:: 2024-10646

Plugin:: Fluent Forms � Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder
Plugin Slug:: fluentform
Installations: 500,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.2.1
Severity Score:: Medium
CVE:: 2024-9651

Plugin:: SiteOrigin Widgets Bundle
Plugin Slug:: so-widgets-bundle
Installations: 500,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.64.1
Severity Score:: Medium
CVE:: 2024-54268

Plugin:: Gutenberg Blocks with AI by Kadence WP � Page Builder Features
Plugin Slug:: kadence-blocks
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.54
Severity Score:: Medium
CVE:: 2024-10637

Plugin:: Members � Membership & User Role Editor Plugin
Plugin Slug:: members
Installations: 300,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 3.2.11
Severity Score:: Medium
CVE:: 2024-11008

Plugin:: Popup Builder � Create highly converting, mobile friendly marketing popups.
Plugin Slug:: popup-builder
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.3.5
Severity Score:: Medium
CVE:: 2024-9428

Plugin:: Unlimited Elements For Elementor (Free Widgets, Addons, Templates)
Plugin Slug:: unlimited-elements-for-elementor
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.127
Severity Score:: Medium
CVE:: 2024-10784

Plugin:: Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content � ProfilePress
Plugin Slug:: wp-user-avatar
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.15.15
Severity Score:: Medium
CVE:: 2024-10517

Plugin:: Beaver Builder � WordPress Page Builder
Plugin Slug:: beaver-builder-lite-version
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.8.5.3
Severity Score:: Medium
CVE:: 2024-11832

Plugin:: Image Widget
Plugin Slug:: image-widget
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.4.11
Severity Score:: Medium
CVE:: 2024-10939

Plugin:: LuckyWP Table of Contents
Plugin Slug:: luckywp-table-of-contents
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.7
Severity Score:: Medium
CVE:: 2024-9641

Plugin:: Web Stories
Plugin Slug:: web-stories
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.38.0
Severity Score:: Medium
CVE:: 2024-54317

Plugin:: LearnPress � WordPress LMS Plugin
Plugin Slug:: learnpress
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.2.7.2
Severity Score:: Medium
CVE:: 2024-10010

Plugin:: LearnPress � WordPress LMS Plugin
Plugin Slug:: learnpress
Installations: 90,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 4.2.7.4
Severity Score:: Medium
CVE:: 2024-11868

Plugin:: AI Engine
Plugin Slug:: ai-engine
Installations: 80,000+
Vulnerability:: SQL Injection
Patched in Version:: 2.6.5
Severity Score:: High
CVE:: 2024-10499

Plugin:: Ajax Search Lite � Live Search & Filter
Plugin Slug:: ajax-search-lite
Installations: 80,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.12.4
Severity Score:: Medium
CVE:: 2024-10568

Plugin:: Bold Page Builder
Plugin Slug:: bold-page-builder
Installations: 50,000+
Vulnerability:: Path Traversal
Patched in Version:: 5.1.6
Severity Score:: Medium
CVE:: 2024-54382

Plugin:: Calculated Fields Form
Plugin Slug:: calculated-fields-form
Installations: 50,000+
Vulnerability:: Denial of Service Attack
Patched in Version:: 5.2.64
Severity Score:: Medium
CVE:: 2024-12601

Plugin:: Easy Digital Downloads � eCommerce Payments and Subscriptions made easy
Plugin Slug:: easy-digital-downloads
Installations: 50,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.3.5
Severity Score:: Low
CVE:: 2024-9654

Plugin:: Ultimate Blocks � WordPress Blocks Plugin
Plugin Slug:: ultimate-blocks
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.4
Severity Score:: Medium
CVE:: 2024-10678

Plugin:: Greenshift � animation and page builder blocks
Plugin Slug:: greenshift-animation-and-page-builder-blocks
Installations: 40,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 9.9.9.4
Severity Score:: Medium
CVE:: 2024-11181

Plugin:: ?????? ????? ??????? Persian WooCommerce SMS
Plugin Slug:: persian-woocommerce-sms
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.0.6
Severity Score:: High
CVE:: 2024-54312

Plugin:: FULL � Cliente
Plugin Slug:: full-customer
Installations: 30,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 3.1.26
Severity Score:: Medium
CVE:: 2024-54313

Plugin:: NotificationX � Live Sales Notification, WooCommerce Sales Popup, FOMO, Social Proof, Announcement Banner & Floating Notification Top Bar
Plugin Slug:: notificationx
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.9.4
Severity Score:: Medium
CVE:: 2024-11727

Plugin:: PPWP � Password Protect Pages
Plugin Slug:: password-protect-page
Installations: 30,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.9.6
Severity Score:: Medium
CVE:: 2024-11280

Plugin:: New User Approve
Plugin Slug:: new-user-approve
Installations: 20,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.6.4
Severity Score:: Medium
CVE:: 2024-54323

Plugin:: Rate My Post � Star Rating Plugin by FeedbackWP
Plugin Slug:: rate-my-post
Installations: 20,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.2.5
Severity Score:: Medium
CVE:: 2024-12309

Plugin:: Minify HTML
Plugin Slug:: minify-html-markup
Installations: 10,000+
Vulnerability:: Denial of Service Attack
Patched in Version:: 2.1.11
Severity Score:: High
CVE:: 2024-12579

Plugin:: s2Member � Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions
Plugin Slug:: s2member
Installations: 10,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 241216
Severity Score:: High
CVE:: 2024-8326

Plugin:: Simple Side Tab
Plugin Slug:: simple-side-tab
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.0
Severity Score:: Medium
CVE:: 2024-11183

Plugin:: Essential Real Estate
Plugin Slug:: essential-real-estate
Installations: 9,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.1.7
Severity Score:: Medium
CVE:: 2024-12329

Plugin:: Cookie Consent, Consent Log, Cookie Scanner, Script Blocker (for GDPR, CCPA & ePrivacy) : WP Cookie Consent
Plugin Slug:: gdpr-cookie-consent
Installations: 9,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.6.6
Severity Score:: Medium
CVE:: 2024-11724

Plugin:: MyParcel
Plugin Slug:: woocommerce-myparcel
Installations: 9,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.24.2
Severity Score:: High
CVE:: 2024-9608

Plugin:: Events Addon for Elementor
Plugin Slug:: events-addon-for-elementor
Installations: 8,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.3
Severity Score:: Medium
CVE:: 2024-54315

Plugin:: PowerPack Lite for Beaver Builder
Plugin Slug:: powerpack-addon-for-beaver-builder
Installations: 8,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.1
Severity Score:: High
CVE:: 2024-12239

Plugin:: Primary Addon for Elementor
Plugin Slug:: primary-addon-for-elementor
Installations: 8,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.2
Severity Score:: Medium
CVE:: 2024-54314

Plugin:: Notibar � Notification Bar for WordPress
Plugin Slug:: notibar
Installations: 7,000+
Vulnerability:: Arbitrary Code Execution
Patched in Version:: 2.1.5
Severity Score:: Medium
CVE:: 2024-11012

Plugin:: Notibar � Notification Bar for WordPress
Plugin Slug:: notibar
Installations: 7,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.1.5
Severity Score:: Medium
CVE:: 2024-54269

Plugin:: Vimeography: Vimeo Video Gallery WordPress Plugin
Plugin Slug:: vimeography
Installations: 7,000+
Vulnerability:: Full Path Disclosure (FPD)
Patched in Version:: 2.4.5
Severity Score:: Medium
CVE:: 2024-54366

Plugin:: OAuth Single Sign On � SSO (OAuth Client)
Plugin Slug:: miniorange-login-with-eve-online-google-facebook
Installations: 6,000+
Vulnerability:: Broken Authentication
Patched in Version:: 6.26.4
Severity Score:: High
CVE:: 2024-10111

Plugin:: Coupon Affiliates � Affiliate Plugin for WooCommerce
Plugin Slug:: woo-coupon-usage
Installations: 5,000+
Vulnerability:: Arbitrary Code Execution
Patched in Version:: 5.16.7.2
Severity Score:: Medium
CVE:: 2024-12421

Plugin:: WPMobile.App � Android and iOS Mobile Application
Plugin Slug:: wpappninja
Installations: 5,000+
Vulnerability:: Arbitrary Code Execution
Patched in Version:: 11.53
Severity Score:: Medium
CVE:: 2024-12420

Plugin:: ElementsReady Addons for Elementor
Plugin Slug:: element-ready-lite
Installations: 4,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 6.4.9
Severity Score:: Medium
CVE:: 2024-10356

Plugin:: EventPrime � Events Calendar, Bookings and Tickets
Plugin Slug:: eventprime-event-calendar-management
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.0.6.0
Severity Score:: High
CVE:: 2024-12024

Plugin:: GEO my WP
Plugin Slug:: geo-my-wp
Installations: 4,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.5.1
Severity Score:: Medium
CVE:: 2024-54326

Plugin:: MStore API � Create Native Android & iOS Apps On The Cloud
Plugin Slug:: mstore-api
Installations: 4,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 4.16.5
Severity Score:: Medium
CVE:: 2024-12042

Plugin:: WP Crowdfunding
Plugin Slug:: wp-crowdfunding
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.13
Severity Score:: Medium
CVE:: 2024-11910

Plugin:: WP Crowdfunding
Plugin Slug:: wp-crowdfunding
Installations: 4,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.1.13
Severity Score:: Medium
CVE:: 2024-11911

Plugin:: Hash Form � Drag & Drop Form Builder
Plugin Slug:: hash-form
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.2.2
Severity Score:: Medium
CVE:: 2024-12201

Plugin:: Cognito Forms
Plugin Slug:: cognito-forms
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.8
Severity Score:: Medium
CVE:: 2024-10182

Plugin:: Falcon � WordPress Optimizations & Tweaks
Plugin Slug:: falcon
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.8.4
Severity Score:: Medium
CVE:: 2024-54384

Plugin:: Online Booking & Scheduling Calendar for WordPress by vcita
Plugin Slug:: meeting-scheduler-by-vcita
Installations: 2,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 4.5.2
Severity Score:: Medium
CVE:: 2024-54356

Plugin:: Active Products Tables for WooCommerce. Use constructor to create tables�
Plugin Slug:: profit-products-tables-for-woocommerce
Installations: 2,000+
Vulnerability:: Arbitrary Code Execution
Patched in Version:: 1.0.6.6
Severity Score:: High
CVE:: 2024-10959

Plugin:: Responsive Filterable Portfolio
Plugin Slug:: responsive-filterable-portfolio
Installations: 2,000+
Vulnerability:: SQL Injection
Patched in Version:: 1.0.9
Severity Score:: Critical
CVE:: 2019-25221

Plugin:: Restaurant & Cafe Addon for Elementor
Plugin Slug:: restaurant-cafe-addon-for-elementor
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.9
Severity Score:: Medium
CVE:: 2024-54316

Plugin:: Restrict � membership, site, content and user access restrictions for WordPress
Plugin Slug:: restricted-content
Installations: 2,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.2.9
Severity Score:: Medium
CVE:: 2024-11351

Plugin:: Simple Link Directory
Plugin Slug:: simple-link-directory
Installations: 2,000+
Vulnerability:: Arbitrary Code Execution
Patched in Version:: 8.4.1
Severity Score:: Medium
CVE:: 2024-12417

Plugin:: WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin
Plugin Slug:: timetics
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.0.28
Severity Score:: Medium
CVE:: 2024-11275

Plugin:: 360 Javascript Viewer
Plugin Slug:: 360deg-javascript-viewer
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.7.30
Severity Score:: Medium
CVE:: 2024-12271

Plugin:: Barcode Scanner and Inventory manager. POS (Point of Sale) � scan barcodes & create orders with barcode reader.
Plugin Slug:: barcode-scanner-lite-pos-to-manage-products-inventory-and-orders
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.7
Severity Score:: High
CVE:: 2024-54265

Plugin:: FormFacade � WordPress plugin for Google Forms
Plugin Slug:: formfacade
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.7
Severity Score:: High
CVE:: 2024-54301

Plugin:: ForumWP � Forum & Discussion Board
Plugin Slug:: forumwp
Installations: 1,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 2.1.1
Severity Score:: Critical
CVE:: 2024-54367

Plugin:: ImageRecycle pdf & image compression
Plugin Slug:: imagerecycle-pdf-image-compression
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1.17
Severity Score:: High
CVE:: 2024-54266

Plugin:: Memberful � Membership Plugin
Plugin Slug:: memberful-wp
Installations: 1,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.74.0
Severity Score:: Medium
CVE:: 2024-11294

Plugin:: Posti Shipping
Plugin Slug:: posti-shipping
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.10.4
Severity Score:: Medium
CVE:: 2024-56005

Plugin:: Simple Restrict
Plugin Slug:: simple-restrict
Installations: 1,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.2.8
Severity Score:: Medium
CVE:: 2024-11106

Plugin:: RapidLoad � Optimize Web Vitals Automatically
Plugin Slug:: unusedcss
Installations: 1,000+
Vulnerability:: SQL Injection
Patched in Version:: 2.4.3
Severity Score:: High
CVE:: 2024-11840

Plugin:: NiceJob
Plugin Slug:: nicejob
Installations: 900+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.7.2
Severity Score:: Medium
CVE:: 2024-54318

Plugin:: Property Hive Mortgage Calculator
Plugin Slug:: property-hive-mortgage-calculator
Installations: 800+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.7
Severity Score:: Medium
CVE:: 2024-11940

Plugin:: Property Hive Stamp Duty Calculator
Plugin Slug:: property-hive-stamp-duty-calculator
Installations: 800+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.23
Severity Score:: Medium
CVE:: 2024-12465

Plugin:: WPC Order Notes for WooCommerce
Plugin Slug:: woo-order-notes
Installations: 800+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.3
Severity Score:: High
CVE:: 2024-12004

Plugin:: Quran multilanguage Text & Audio
Plugin Slug:: quran-text-multilanguage
Installations: 700+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.3.22
Severity Score:: High
CVE:: 2024-11973

Plugin:: Waymark
Plugin Slug:: waymark
Installations: 700+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4.2
Severity Score:: High
CVE:: 2024-12325

Plugin:: WP Pipes
Plugin Slug:: wp-pipes
Installations: 700+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4.2
Severity Score:: High
CVE:: 2024-12283

Plugin:: AR for WordPress
Plugin Slug:: ar-for-wordpress
Installations: 600+
Vulnerability:: Broken Access Control
Patched in Version:: 7.4
Severity Score:: Low
CVE:: 2024-12300

Plugin:: Car Dealer (Dealership) and Vehicle sales
Plugin Slug:: cardealer
Installations: 600+
Vulnerability:: Broken Access Control
Patched in Version:: 4.48
Severity Score:: Medium
CVE:: 2024-54298

Plugin:: Device Detector
Plugin Slug:: device-detector
Installations: 600+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.2.1
Severity Score:: High
CVE:: 2024-56010

Plugin:: Last Viewed Posts by WPBeginner
Plugin Slug:: last-viewed-posts
Installations: 600+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.0.2
Severity Score:: Medium
CVE:: 2024-12294

Plugin:: Out of the Block: OpenStreetMap
Plugin Slug:: ootb-openstreetmap
Installations: 600+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.8.4
Severity Score:: Medium
CVE:: 2024-11827

Plugin:: AIcomments � ??????????? ? ?????? ChatGPT
Plugin Slug:: aicomments
Installations: 500+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.4.2
Severity Score:: Medium
CVE:: 2024-54307

Plugin:: CM Answers � Powerful WordPress Forum Plugin
Plugin Slug:: cm-answers
Installations: 500+
Vulnerability:: Broken Access Control
Patched in Version:: 3.2.7
Severity Score:: Medium
CVE:: 2024-54267

Plugin:: Cryptocurrency Price Widget
Plugin Slug:: cryptocurrency-price-widget
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.4
Severity Score:: Medium
CVE:: 2024-54308

Plugin:: iChart � Easy Charts and Graphs
Plugin Slug:: ichart
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.4
Severity Score:: Medium
CVE:: 2024-11928

Plugin:: Mark New Posts
Plugin Slug:: mark-new-posts
Installations: 500+
Vulnerability:: Broken Access Control
Patched in Version:: 7.6
Severity Score:: Medium
CVE:: 2024-54311

Plugin:: WP Email Log � PostBox
Plugin Slug:: postbox-email-logs
Installations: 500+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.0.5
Severity Score:: Medium
CVE:: 2024-54309

Plugin:: Spreadr Woocommerce Plugin � Amazon Importer for Dropshipping and Affiliate
Plugin Slug:: spreadr-for-woocomerce
Installations: 500+
Vulnerability:: Arbitrary Content Deletion
Patched in Version:: 1.0.5
Severity Score:: High
CVE:: 2024-56008

Plugin:: Spreadr Woocommerce Plugin � Amazon Importer for Dropshipping and Affiliate
Plugin Slug:: spreadr-for-woocomerce
Installations: 500+
Vulnerability:: Broken Access Control
Patched in Version:: 1.0.5
Severity Score:: Medium
CVE:: 2024-56009

Plugin:: Themify Store Locator
Plugin Slug:: themify-store-locator
Installations: 500+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.2.0
Severity Score:: Medium
CVE:: 2024-12414

Plugin:: WooCommerce Additional Fees On Checkout (Free)
Plugin Slug:: woo-additional-fees-on-checkout-wordpress
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4.8
Severity Score:: High
CVE:: 2024-12395

Plugin:: Gutenberg Blocks and Page Layouts � Attire Blocks
Plugin Slug:: attire-blocks
Installations: 400+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.9.6
Severity Score:: Medium
CVE:: 2024-11914

Plugin:: Projectopia � WordPress Project Management
Plugin Slug:: projectopia-core
Installations: 400+
Vulnerability:: Broken Authentication
Patched in Version:: 5.1.8
Severity Score:: High
CVE:: 2024-54336

Plugin:: Payment Gateway Per Product for WooCommerce
Plugin Slug:: woocommerce-product-payments
Installations: 400+
Vulnerability:: Broken Access Control
Patched in Version:: 3.5.9
Severity Score:: Medium
CVE:: 2024-55996

Plugin:: Check Pincode For Woocommerce
Plugin Slug:: check-pincode-for-woocommerce
Installations: 300+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2
Severity Score:: High
CVE:: 2024-54333

Plugin:: Currency Converter Widget ? PRO
Plugin Slug:: currency-converter-widget-pro
Installations: 300+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.7
Severity Score:: Medium
CVE:: 2024-11760

Plugin:: NewsmanApp
Plugin Slug:: newsmanapp
Installations: 300+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.7.7
Severity Score:: Medium
CVE:: 2024-11767

Plugin:: Print Science Designer
Plugin Slug:: print-science-designer
Installations: 300+
Vulnerability:: PHP Object Injection
Patched in Version:: 1.3.153
Severity Score:: Critical
CVE:: 2024-12312

Plugin:: Stop Registration Spam
Plugin Slug:: stop-registration-spam
Installations: 300+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.24
Severity Score:: High
CVE:: 2024-56017

Plugin:: WP BASE Booking of Appointments, Services and Events
Plugin Slug:: wp-base-booking-of-appointments-services-and-events
Installations: 300+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.9.2
Severity Score:: High
CVE:: 2024-12469

Plugin:: WP Mailster
Plugin Slug:: wp-mailster
Installations: 300+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.8.18.0
Severity Score:: Medium
CVE:: 2024-54355

Plugin:: AutoWP � AI Content Writer & Rewriter
Plugin Slug:: autowp-ai-content-writer-rewriter
Installations: 200+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.0.9
Severity Score:: Medium
CVE:: 2024-54300

Plugin:: Booking System Trafft
Plugin Slug:: booking-system-trafft
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.7
Severity Score:: Medium
CVE:: 2024-11754

Plugin:: dejure.org Vernetzungsfunktion
Plugin Slug:: dejureorg-vernetzungsfunktion
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.98.0
Severity Score:: High
CVE:: 2024-11417

Plugin:: Email Reminders
Plugin Slug:: email-reminders
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.5
Severity Score:: Medium
CVE:: 2024-11945

Plugin:: J&T Express Malaysia
Plugin Slug:: jt-express
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.15
Severity Score:: High
CVE:: 2024-54305

Plugin:: Revi.io � Customer & Products Reviews
Plugin Slug:: revi-io-customer-and-product-reviews
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.8.0
Severity Score:: High
CVE:: 2024-54299

Plugin:: WordPress Post Grid Layouts with Pagination � Sogrid
Plugin Slug:: sogrid
Installations: 200+
Vulnerability:: Local File Inclusion
Patched in Version:: 1.5.7
Severity Score:: High
CVE:: 2024-54374

Plugin:: WordPress Post Grid Layouts with Pagination � Sogrid
Plugin Slug:: sogrid
Installations: 200+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.5.5
Severity Score:: High
CVE:: 2024-54352

Plugin:: Staggs � Product Configurator Toolkit
Plugin Slug:: staggs
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.0
Severity Score:: High
CVE:: 2024-54342

Plugin:: Lifetime free Drag & Drop Contact Form Builder for WordPress VForm
Plugin Slug:: v-form
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.0.1
Severity Score:: High
CVE:: 2024-54302

Plugin:: Video & Photo Gallery for Ultimate Member
Plugin Slug:: gallery-for-ultimate-member
Installations: 100+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 1.1.1
Severity Score:: Critical
CVE:: 2024-54370

Plugin:: Gou Manage My Account Menu � User Roles
Plugin Slug:: gou-wc-account-tabs
Installations: 100+
Vulnerability:: Broken Access Control
Patched in Version:: 1.0.1.9
Severity Score:: Medium
CVE:: 2024-54310

Plugin:: ICDSoft Reseller Store
Plugin Slug:: icdsoft-reseller-store
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.5.0
Severity Score:: High
CVE:: 2024-54320

Plugin:: Ksher
Plugin Slug:: ksher-payment
Installations: 100+
Vulnerability:: Settings Change
Patched in Version:: 1.1.2
Severity Score:: Medium
CVE:: 2024-56001

Plugin:: Media Downloader
Plugin Slug:: media-downloader
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 0.4.7.5
Severity Score:: High
CVE:: 2024-54322

Plugin:: CRM Perks � WordPress HelpDesk Integration � Zendesk, Freshdesk, HelpScout
Plugin Slug:: support-x
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.7
Severity Score:: Medium
CVE:: 2024-12443

Plugin:: Invoice Payment for WooCommerce
Plugin Slug:: invoice-payment-for-woocommerce
Installations: 90+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.0
Severity Score:: High
CVE:: 2024-54328

Plugin:: Seraphinite Bulk Discounts for WooCommerce
Plugin Slug:: seraphinite-discount-for-woocommerce
Installations: 90+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.7
Severity Score:: High
CVE:: 2024-12160

Plugin:: Hurrakify
Plugin Slug:: hurrakify
Installations: 80+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 8.0.1
Severity Score:: High
CVE:: 2024-54330

Plugin:: SMS for WooCommerce
Plugin Slug:: wc-sms
Installations: 80+
Vulnerability:: Broken Access Control
Patched in Version:: 2.8.1.1
Severity Score:: High
CVE:: 2024-12220

Plugin:: Hive Support | AI-Powered Help Desk, Live Chat & AI Chat Bot Plugin for WordPress
Plugin Slug:: hive-support
Installations: 70+
Vulnerability:: SQL Injection
Patched in Version:: 1.1.3
Severity Score:: High
CVE:: 2024-54304

Plugin:: Hive Support | AI-Powered Help Desk, Live Chat & AI Chat Bot Plugin for WordPress
Plugin Slug:: hive-support
Installations: 70+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.1.3
Severity Score:: Medium
CVE:: 2024-54321

Plugin:: AIKCT Engine Chatbot, ChatGPT, Gemini, GPT-4o Best AI Chatbot
Plugin Slug:: ai-seo-translator
Installations: 60+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.6.3
Severity Score:: Medium
CVE:: 2024-54306

Plugin:: LabelGrid Tools
Plugin Slug:: label-grid-tools
Installations: 60+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.59
Severity Score:: High
CVE:: 2024-54341

Plugin:: Simple Payment
Plugin Slug:: simple-payment
Installations: 60+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.3.8
Severity Score:: High
CVE:: 2024-54303

Plugin:: CarDealerPress
Plugin Slug:: cardealerpress
Installations: 50+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.7.2411.00
Severity Score:: High
CVE:: 2024-54325

Plugin:: CE21 Suite
Plugin Slug:: ce21-suite
Installations: 30+
Vulnerability:: Privilege Escalation
Patched in Version:: 2.2.1
Severity Score:: Critical
CVE:: 2024-54293

Plugin:: EduAdmin Booking
Plugin Slug:: eduadmin-booking
Installations: 30+
Vulnerability:: Local File Inclusion
Patched in Version:: 5.3.0
Severity Score:: High
CVE:: 2024-54373

Plugin:: Hack-Info
Plugin Slug:: hack-info
Installations: 30+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.18
Severity Score:: High
CVE:: 2024-54353

Plugin:: FloristPress � Customize your Woo store for your Florist
Plugin Slug:: bakkbone-florist-companion
Installations: 10+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.3.0
Severity Score:: High
CVE:: 2024-54347

Plugin:: CleverNode Related Content
Plugin Slug:: clevernode-related-content
Installations: 10+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.6
Severity Score:: High
CVE:: 2024-54329

Plugin:: Connect Contact Form 7 to Constant Contact V3
Plugin Slug:: connect-contact-form-7-to-constant-contact-v3
Installations: 10+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5
Severity Score:: High
CVE:: 2024-54343

Plugin:: Fancy Roller Scroller
Plugin Slug:: fancy-roller-scroller
Installations: 10+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.4.1
Severity Score:: High
CVE:: 2024-54351

Plugin:: I Plant A Tree
Plugin Slug:: i-plant-a-tree
Installations: 10+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.7.4
Severity Score:: High
CVE:: 2024-54331

Plugin:: ImmoToolBox Connect
Plugin Slug:: immotoolbox-connect
Installations: 10+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4.0
Severity Score:: High
CVE:: 2024-54335

Plugin:: Newsletter, Email Marketing, Email Subscriber � Mail Picker
Plugin Slug:: mail-picker
Installations: 10+
Vulnerability:: PHP Object Injection
Patched in Version:: 1.0.15
Severity Score:: Critical
CVE:: 2024-54273

Plugin:: Simple Presenter
Plugin Slug:: simple-presenter
Installations: 10+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.2
Severity Score:: High
CVE:: 2024-54340

Plugin:: SMSify
Plugin Slug:: smsify
Installations: 10+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.1.0
Severity Score:: High
CVE:: 2024-54324

Plugin:: UNIVERSAM
Plugin Slug:: universam-demo
Installations: 10+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 8.59
Severity Score:: High
CVE:: 2024-54327

Plugin:: WP Currency Exchange Rates
Plugin Slug:: wp-currency-exchange-rates
Installations: 10+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.3.0
Severity Score:: High
CVE:: 2024-54332

Plugin:: WP Quick Shop
Plugin Slug:: wp-quick-shop
Installations: 10+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.2
Severity Score:: High
CVE:: 2024-54344

Plugin:: DX Dark Site
Plugin Slug:: devrix-dark-site
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.1.1
Severity Score:: High
CVE:: 2024-54337

Plugin:: FooGallery Premium
Plugin Slug:: foogallery-premium
Vulnerability:: Directory Traversal
Patched in Version:: 2.4.27
Severity Score:: High
CVE:: 2023-6947

Plugin:: GeoFlickr
Plugin Slug:: geoflickr
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4
Severity Score:: High
CVE:: 2024-54339

Plugin:: Hello Event Widgets For Elementor
Plugin Slug:: hello-event-widgets-for-elementor
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.0
Severity Score:: Medium
CVE:: 2024-54338

Plugin:: WP SuperBackup
Plugin Slug:: indeed-wp-superbackup
Vulnerability:: Arbitrary File Upload
Patched in Version:: 2.4
Severity Score:: Critical
CVE:: 2024-9290

Plugin:: Kundgenerator
Plugin Slug:: kundgenerator
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.7
Severity Score:: High
CVE:: 2024-54319

Plugin:: Quran Phrases About Most People Shortcodes
Plugin Slug:: quran-phrases-about-most-people-shortcodes
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5
Severity Score:: Medium
CVE:: 2024-54334

Plugin:: Responsive Google Maps | by imbaa
Plugin Slug:: responsive-google-maps
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.7
Severity Score:: Medium
CVE:: 2024-56011

Plugin:: Termin-Kalender
Plugin Slug:: termin-kalender
Vulnerability:: Broken Access Control
Patched in Version:: 1.00.04
Severity Score:: Medium
CVE:: 2024-54354

Plugin:: WooCommerce PDF Vouchers
Plugin Slug:: woocommerce-pdf-vouchers
Vulnerability:: Privilege Escalation
Patched in Version:: 4.9.9
Severity Score:: Critical
CVE:: 2024-54383

Plugin:: WP All Import Pro
Plugin Slug:: wp-all-import-pro
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 4.9.4
Severity Score:: Medium
CVE:: 2024-9624

WordPress Themes � 8 Patched / 2 Unpatched

Theme:: Olivia
Theme Slug:: olivia
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-56014

Theme:: Zerif Lite
Theme Slug:: zerif-lite
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High

Theme:: Barter
Theme Slug:: barter
Downloads: 7,610
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.7
Severity Score:: Medium
CVE:: 2024-54346

Theme:: Bicycleshop
Theme Slug:: bicycleshop
Downloads: 9,127
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6
Severity Score:: Medium
CVE:: 2024-54345

Theme:: Brand
Theme Slug:: brand
Downloads: 32,921
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.7
Severity Score:: Medium
CVE:: 2024-54348

Theme:: hmd
Theme Slug:: hmd
Downloads: 892
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2
Severity Score:: High
CVE:: 2024-54350

Theme:: Plain Post
Theme Slug:: plain-post
Downloads: 1,459
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.4
Severity Score:: Medium
CVE:: 2024-54349

Theme:: Avada
Theme Slug:: avada
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 7.11.11
Severity Score:: Medium
CVE:: 2024-54357

Theme:: Woffice
Theme Slug:: woffice
Vulnerability:: Broken Authentication
Patched in Version:: 5.4.15
Severity Score:: Critical
CVE:: 2024-43234

Theme:: WoodMart
Theme Slug:: woodmart
Vulnerability:: Arbitrary Code Execution
Patched in Version:: 8.0.4
Severity Score:: Medium
CVE:: 2024-12333