Nexcess.com Servers.com LiquidWeb.com

Line illustration showing a black application window on a dark orange to black gradient background overlaid with a large exclamation point alert icon and three bugs.

WordPress Vulnerability Report � April 3, 2024

[email protected]

In this report, 255 vulnerabilities have been publicly disclosed. Security patches for 178 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 77 plugin vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

WordPress Core

WordPress 6.5 “Regina” was released on April 2, 2024, as the first major release of 2024. With the new release, you can add and manage fonts across your site, get more from your revisions, play with enhanced background and shadow tools, discover new Data Views, and so much more.

Following a major release, you should not update live sites without first taking backups and testing the update in a non-production environment.

WordPress Plugins � 175 Patched / 77 Unpatched

Plugin:: Shortcodes and extra features for Phlox theme
Plugin Slug:: auxin-elements
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-31099

Plugin:: Easy Social Feed � Social Photos Gallery � Post Feed � Like Box
Plugin Slug:: easy-facebook-likebox
Installations: 50,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-30526

Plugin:: PDF Viewer for Elementor
Plugin Slug:: pdf-viewer-for-elementor
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-30524

Plugin:: GetResponse for WordPress
Plugin Slug:: getresponse-integration
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-31104

Plugin:: Better Elementor Addons
Plugin Slug:: better-elementor-addons
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-2280

Plugin:: Yoo Slider
Plugin Slug:: yoo-slider
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-31106

Plugin:: Responsive flipbook
Plugin Slug:: wppdf
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-30552

Plugin:: WP Twitter Mega Fan Box Widget
Plugin Slug:: wp-twitter-mega-fan-box
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-30553

Plugin:: Sponsors
Plugin Slug:: wp-sponsors
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-30483

Plugin:: WP-Eggdrop
Plugin Slug:: wp-eggdrop
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-2968

Plugin:: WP-Eggdrop
Plugin Slug:: wp-eggdrop
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-2969

Plugin:: Broken Images
Plugin Slug:: wp-broken-images
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-31093

Plugin:: Popup Cart Lite for WooCommerce
Plugin Slug:: woocommerce-woocart-popup-lite
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-31100

Plugin:: Woocommerce Social Media Share Buttons
Plugin Slug:: woocommerce-social-media-share-buttons
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-31109

Plugin:: WooCommerce Bookings Calendar
Plugin Slug:: woo-bookings-calendar
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-31117

Plugin:: Whizzy
Plugin Slug:: whizzy
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-30543

Plugin:: Whizzy
Plugin Slug:: whizzy
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-30544

Plugin:: Weekly Class Schedule
Plugin Slug:: weekly-class-schedule
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-31084

Plugin:: 10Web Map Builder for Google Maps
Plugin Slug:: wd-google-maps
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-31116

Plugin:: User Rights Access Manager
Plugin Slug:: user-rights-access-manager
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-31122

Plugin:: Ultimate Social Comments � Email Notification & Lazy Load
Plugin Slug:: ultimate-facebook-comments
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-30555

Plugin:: Sticky Anything
Plugin Slug:: toast-stick-anything
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-30551

Plugin:: Thumbs Rating
Plugin Slug:: thumbs-rating
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-31095

Plugin:: Tax Rate Upload
Plugin Slug:: tax-rate-upload
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-31105

Plugin:: Spin 360 deg and 3D Model Viewer
Plugin Slug:: spin360
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-30559

Plugin:: SpiderFAQ
Plugin Slug:: spider-faq
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-31123

Plugin:: Special Box for Content
Plugin Slug:: special-box-for-content
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-31119

Plugin:: SP Project & Document Manager
Plugin Slug:: sp-client-document-manager
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-31118

Plugin:: Social Author Bio
Plugin Slug:: social-autho-bio
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-30545

Plugin:: Lightbox slider � Responsive Lightbox Gallery
Plugin Slug:: simple-lightbox-gallery
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-1858

Plugin:: Shortcode Addons
Plugin Slug:: shortcode-addons
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-31114

Plugin:: SEO Title Tag
Plugin Slug:: seo-title-tag
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-31097

Plugin:: Prenotazioni
Plugin Slug:: prenotazioni
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-31102

Plugin:: Post-Plugin Library
Plugin Slug:: post-plugin-library
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-31085

Plugin:: Pocket News Generator
Plugin Slug:: pocket-news-generator
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-2963

Plugin:: Pocket News Generator
Plugin Slug:: pocket-news-generator
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-2964

Plugin:: Platinum SEO
Plugin Slug:: platinum-seo-pack
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-31089

Plugin:: pageMash > Page Management
Plugin Slug:: pagemash
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-31087

Plugin:: Oxygen Builder
Plugin Slug:: oxygen
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-31380

Plugin:: OpenID
Plugin Slug:: openid
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-31107

Plugin:: News Wall
Plugin Slug:: news-wall
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-2970

Plugin:: New Order Notification for Woocommerce
Plugin Slug:: new-order-notification-for-woocommerce
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-31098

Plugin:: Lordicon Animated Icons
Plugin Slug:: lordicon-interactive-icons
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-30519

Plugin:: Kanban Boards for WordPress
Plugin Slug:: kanban
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-31103

Plugin:: Mighty Classic Pros And Cons
Plugin Slug:: joomdev-wp-pros-cons
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-30556

Plugin:: IP Blocker Lite
Plugin Slug:: ip-address-blocker
Vulnerability:: Bypass Vulnerability
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-30479

Plugin:: iFlyChat � WordPress Chat
Plugin Slug:: iflychat
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-31108

Plugin:: HeartThis
Plugin Slug:: heart-this
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-31121

Plugin:: Header Image Slider
Plugin Slug:: header-image-slider
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-30547

Plugin:: Responsive Image Gallery, Gallery Album
Plugin Slug:: gallery-album
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-30550

Plugin:: Responsive Image Gallery, Gallery Album
Plugin Slug:: gallery-album
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-31120

Plugin:: Filter Custom Fields & Taxonomies Light
Plugin Slug:: filter-custom-fields-taxonomies-light
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-31094

Plugin:: WP ERP
Plugin Slug:: erp
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-0956

Plugin:: WP ERP
Plugin Slug:: erp
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-0608

Plugin:: WP ERP
Plugin Slug:: erp
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-0609

Plugin:: Env�aloSimple
Plugin Slug:: envialosimple-email-marketing-y-newsletters-gratis
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-2125

Plugin:: DX-Watermark
Plugin Slug:: dx-watermark
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-30560

Plugin:: Hacklog Down As PDF
Plugin Slug:: down-as-pdf
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-31090

Plugin:: DD Rating
Plugin Slug:: dd-rating
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-30554

Plugin:: Custom Field Bulk Editor
Plugin Slug:: custom-field-bulk-editor
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-31091

Plugin:: Convert Post Types
Plugin Slug:: convert-post-types
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-31112

Plugin:: Contact Forms by Cimatti
Plugin Slug:: contact-forms
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-30549

Plugin:: Contact Form 7 Newsletter
Plugin Slug:: contact-form-7-newsletter
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-31110

Plugin:: Comic Easel
Plugin Slug:: comic-easel
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-31092

Plugin:: Christmas Greetings
Plugin Slug:: christmas-greetings
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-2116

Plugin:: Chauffeur Taxi Booking System for WordPress
Plugin Slug:: chauffeur-booking-system
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-31115

Plugin:: Change default login logo,url and title
Plugin Slug:: change-default-login-logo-url-and-title
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-31086

Plugin:: CGC Maintenance Mode
Plugin Slug:: cgc-maintenance-mode
Vulnerability:: Bypass Vulnerability
Patched in Version:: No Fix
Severity Score:: Low
CVE:: 2024-30480

Plugin:: Carousel Anything For WPBakery Page Builder
Plugin Slug:: carousel-anything
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-30520

Plugin:: Button
Plugin Slug:: button
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-1872

Plugin:: Breakdance
Plugin Slug:: breakdance
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-31390

Plugin:: Appointment Calendar
Plugin Slug:: appointment-calendar
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-30561

Plugin:: All In One Redirection
Plugin Slug:: all-in-one-redirection-404-pages-list
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-30506

Plugin:: AI Twitter Feeds (Twitter widget & shortcode)
Plugin Slug:: ai-twitter-feeds
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-31101

Plugin:: Aesop Story Engine
Plugin Slug:: aesop-story-engine
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-30557

Plugin:: AdsPlace’r � Ad Manager, Inserter, AdSense Ads
Plugin Slug:: adsplacer
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-31088

Plugin:: Add Shortcodes Actions And Filters
Plugin Slug:: add-actions-and-filters
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-30558

Plugin:: Essential Addons for Elementor � Best Elementor Templates, Widgets, Kits & WooCommerce Builders
Plugin Slug:: essential-addons-for-elementor-lite
Installations: 2,000,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 5.9.14
Severity Score:: High
CVE:: 2024-3018

Plugin:: Essential Addons for Elementor � Best Elementor Templates, Widgets, Kits & WooCommerce Builders
Plugin Slug:: essential-addons-for-elementor-lite
Installations: 2,000,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 5.9.14
Severity Score:: Medium
CVE:: 2024-2974

Plugin:: All-In-One Security (AIOS) � Security and Firewall
Plugin Slug:: all-in-one-wp-security-and-firewall
Installations: 1,000,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 5.2.7
Severity Score:: Medium
CVE:: 2024-30468

Plugin:: ElementsKit Elementor addons
Plugin Slug:: elementskit-lite
Installations: 1,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.0.7
Severity Score:: Medium
CVE:: 2024-1238

Plugin:: ElementsKit Elementor addons
Plugin Slug:: elementskit-lite
Installations: 1,000,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 3.0.7
Severity Score:: High
CVE:: 2024-2047

Plugin:: Ninja Forms Contact Form � The Drag and Drop Form Builder for WordPress
Plugin Slug:: ninja-forms
Installations: 800,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.8.1
Severity Score:: Medium
CVE:: 2024-2113

Plugin:: Ninja Forms Contact Form � The Drag and Drop Form Builder for WordPress
Plugin Slug:: ninja-forms
Installations: 800,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.8.1
Severity Score:: Medium
CVE:: 2024-2108

Plugin:: Forminator � Contact Form, Payment Form & Custom Form Builder
Plugin Slug:: forminator
Installations: 500,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.29.1
Severity Score:: High
CVE:: 2024-1794

Plugin:: Page Builder Gutenberg Blocks � CoBlocks
Plugin Slug:: coblocks
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1.7
Severity Score:: Medium
CVE:: 2024-2369

Plugin:: Gutenberg Blocks by Kadence Blocks � Page Builder Features
Plugin Slug:: kadence-blocks
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.18
Severity Score:: Medium
CVE:: 2024-0598

Plugin:: Gutenberg Blocks by Kadence Blocks � Page Builder Features
Plugin Slug:: kadence-blocks
Installations: 400,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 3.2.26
Severity Score:: Medium
CVE:: 2024-24888

Plugin:: MetForm � Contact Form, Survey, Quiz, & Custom Form Builder for Elementor
Plugin Slug:: metform
Installations: 300,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.8.6
Severity Score:: Medium
CVE:: 2024-2791

Plugin:: Newsletter � Send awesome emails from WordPress
Plugin Slug:: newsletter
Installations: 300,000+
Vulnerability:: Bypass Vulnerability
Patched in Version:: 8.2.1
Severity Score:: Medium
CVE:: 2024-30522

Plugin:: Otter Blocks � Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE
Plugin Slug:: otter-blocks
Installations: 300,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.6
Severity Score:: Medium
CVE:: 2024-2841

Plugin:: CMP � Coming Soon & Maintenance Plugin by NiteoThemes
Plugin Slug:: cmp-coming-soon-maintenance
Installations: 200,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 4.1.11
Severity Score:: Medium
CVE:: 2023-50374

Plugin:: Jeg Elementor Kit
Plugin Slug:: jeg-elementor-kit
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.4
Severity Score:: Medium
CVE:: 2024-1327

Plugin:: Unlimited Elements For Elementor (Free Widgets, Addons, Templates)
Plugin Slug:: unlimited-elements-for-elementor
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.97
Severity Score:: Medium
CVE:: 2024-0367

Plugin:: WooCommerce Cart Abandonment Recovery
Plugin Slug:: woo-cart-abandonment-recovery
Installations: 200,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.2.27
Severity Score:: Medium
CVE:: 2024-2322

Plugin:: Elementor Addon Elements
Plugin Slug:: addon-elements-for-elementor-page-builder
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.13.2
Severity Score:: Medium
CVE:: 2024-30422

Plugin:: Elementor Addon Elements
Plugin Slug:: addon-elements-for-elementor-page-builder
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.13.3
Severity Score:: Medium
CVE:: 2024-2792

Plugin:: Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)
Plugin Slug:: bdthemes-element-pack-lite
Installations: 100,000+
Vulnerability:: SQL Injection
Patched in Version:: 5.5.4
Severity Score:: High
CVE:: 2024-30496

Plugin:: Beaver Builder � WordPress Page Builder
Plugin Slug:: beaver-builder-lite-version
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.8.0.7
Severity Score:: Medium
CVE:: 2024-2925

Plugin:: Beaver Builder � WordPress Page Builder
Plugin Slug:: beaver-builder-lite-version
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.7.4.5
Severity Score:: Medium
CVE:: 2024-30425

Plugin:: Colibri Page Builder
Plugin Slug:: colibri-page-builder
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.270
Severity Score:: Medium
CVE:: 2024-2839

Plugin:: Download Monitor
Plugin Slug:: download-monitor
Installations: 100,000+
Vulnerability:: SQL Injection
Patched in Version:: 4.9.5
Severity Score:: High
CVE:: 2024-30501

Plugin:: Essential Blocks � Page Builder Gutenberg Blocks, Patterns & Templates
Plugin Slug:: essential-blocks
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.4.10
Severity Score:: Medium
CVE:: 2024-30467

Plugin:: Genesis Blocks
Plugin Slug:: genesis-blocks
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1.3
Severity Score:: Medium
CVE:: 2024-1946

Plugin:: List category posts
Plugin Slug:: list-category-posts
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 0.89.7
Severity Score:: Medium
CVE:: 2024-1051

Plugin:: Meta Tag Manager
Plugin Slug:: meta-tag-manager
Installations: 100,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 3.1
Severity Score:: High
CVE:: 2024-1770

Plugin:: Page Builder: Pagelayer � Drag and Drop website builder
Plugin Slug:: pagelayer
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.8.2
Severity Score:: Medium
CVE:: 2024-30465

Plugin:: Pods � Custom Content Types and Fields
Plugin Slug:: pods
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.0.10.2
Severity Score:: Medium
CVE:: 2023-6965

Plugin:: Pods � Custom Content Types and Fields
Plugin Slug:: pods
Installations: 100,000+
Vulnerability:: SQL Injection
Patched in Version:: 3.0.10.2
Severity Score:: High
CVE:: 2023-6967

Plugin:: Pods � Custom Content Types and Fields
Plugin Slug:: pods
Installations: 100,000+
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: 3.0.10.2
Severity Score:: Critical
CVE:: 2023-6999

Plugin:: PowerPack Addons for Elementor (Free Widgets, Extensions and Templates)
Plugin Slug:: powerpack-lite-for-elementor
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.7.18
Severity Score:: Medium
CVE:: 2024-2491

Plugin:: PowerPack Addons for Elementor (Free Widgets, Extensions and Templates)
Plugin Slug:: powerpack-lite-for-elementor
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.7.19
Severity Score:: Medium
CVE:: 2024-2492

Plugin:: Social Icons Widget & Block by WPZOOM
Plugin Slug:: social-icons-widget-by-wpzoom
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.2.16
Severity Score:: Medium
CVE:: 2024-30464

Plugin:: Stackable � Page Builder Gutenberg Blocks
Plugin Slug:: stackable-ultimate-gutenberg-blocks
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.12.12
Severity Score:: Medium
CVE:: 2024-2039

Plugin:: Template Kit � Import
Plugin Slug:: template-kit-import
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.15
Severity Score:: Medium
CVE:: 2024-2334

Plugin:: WooCommerce Multilingual & Multicurrency with WPML
Plugin Slug:: woocommerce-multilingual
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.3.5
Severity Score:: Medium
CVE:: 2024-30466

Plugin:: HUSKY � Products Filter Professional for WooCommerce
Plugin Slug:: woocommerce-products-filter
Installations: 100,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 1.3.5.3
Severity Score:: Medium
CVE:: 2024-3061

Plugin:: HUSKY � Products Filter Professional for WooCommerce
Plugin Slug:: woocommerce-products-filter
Installations: 100,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.3.5.2
Severity Score:: Medium
CVE:: 2024-30462

Plugin:: WP Chat App
Plugin Slug:: wp-whatsapp
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.6.3
Severity Score:: Medium
CVE:: 2024-2513

Plugin:: Events Manager � Calendar, Bookings, Tickets, and more!
Plugin Slug:: events-manager
Installations: 90,000+
Vulnerability:: Broken Access Control
Patched in Version:: 6.4.7
Severity Score:: Medium
CVE:: 2024-30515

Plugin:: Events Manager � Calendar, Bookings, Tickets, and more!
Plugin Slug:: events-manager
Installations: 90,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 6.4.7.2
Severity Score:: Medium
CVE:: 2024-30421

Plugin:: Events Manager � Calendar, Bookings, Tickets, and more!
Plugin Slug:: events-manager
Installations: 90,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 6.4.7.2
Severity Score:: Medium
CVE:: 2024-2110

Plugin:: Events Manager � Calendar, Bookings, Tickets, and more!
Plugin Slug:: events-manager
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.4.7.2
Severity Score:: Medium
CVE:: 2024-2111

Plugin:: Sydney Toolbox
Plugin Slug:: sydney-toolbox
Installations: 80,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.27
Severity Score:: Medium
CVE:: 2024-2936

Plugin:: BoldGrid Easy SEO � Simple and Effective SEO
Plugin Slug:: boldgrid-easy-seo
Installations: 70,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.14
Severity Score:: Medium
CVE:: 2024-1692

Plugin:: Media Library Assistant
Plugin Slug:: media-library-assistant
Installations: 70,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.14
Severity Score:: Medium
CVE:: 2024-2475

Plugin:: Export and Import Users and Customers
Plugin Slug:: users-customers-import-export-for-wp-woocommerce
Installations: 70,000+
Vulnerability:: Path Traversal
Patched in Version:: 2.5.3
Severity Score:: Medium
CVE:: 2024-30492

Plugin:: underConstruction
Plugin Slug:: underconstruction
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.22
Severity Score:: Medium
CVE:: 2024-30548

Plugin:: FOX � Currency Switcher Professional for WooCommerce
Plugin Slug:: woocommerce-currency-switcher
Installations: 60,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.4.1.8
Severity Score:: Medium
CVE:: 2024-30458

Plugin:: WP-Members Membership Plugin
Plugin Slug:: wp-members
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.4.9.3
Severity Score:: High
CVE:: 2024-1852

Plugin:: WordPress Infinite Scroll � Ajax Load More
Plugin Slug:: ajax-load-more
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.0.2
Severity Score:: Medium

Plugin:: Bold Page Builder
Plugin Slug:: bold-page-builder
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.8.1
Severity Score:: Medium
CVE:: 2024-30442

Plugin:: Hubbub Lite � Fast, Reliable Social Sharing Buttons
Plugin Slug:: social-pug
Installations: 50,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.33.1
Severity Score:: Medium
CVE:: 2024-1526

Plugin:: Hubbub Lite � Fast, Reliable Social Sharing Buttons
Plugin Slug:: social-pug
Installations: 50,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 1.33.2
Severity Score:: High
CVE:: 2024-2501

Plugin:: WPFront User Role Editor
Plugin Slug:: wpfront-user-role-editor
Installations: 50,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 4.1.0
Severity Score:: Medium
CVE:: 2024-2931

Plugin:: Email Newsletter, Marketing, Email Automation and CRM Plugin for WordPress by FluentCRM
Plugin Slug:: fluent-crm
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.8.45
Severity Score:: Medium
CVE:: 2024-30430

Plugin:: Klarna Payments for WooCommerce
Plugin Slug:: klarna-payments-for-woocommerce
Installations: 40,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.3.0
Severity Score:: Medium
CVE:: 2024-30477

Plugin:: Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel � Combo Blocks
Plugin Slug:: post-grid
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.76
Severity Score:: High
CVE:: 2024-30441

Plugin:: SecuPress Free � WordPress Security
Plugin Slug:: secupress
Installations: 40,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.2.5.2
Severity Score:: Medium
CVE:: 2024-1504

Plugin:: Pz-LinkCard
Plugin Slug:: pz-linkcard
Installations: 30,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 2.5.3
Severity Score:: Medium
CVE:: 2024-0677

Plugin:: Pz-LinkCard
Plugin Slug:: pz-linkcard
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.5.3
Severity Score:: Medium
CVE:: 2024-0673

Plugin:: Themify � WooCommerce Product Filter
Plugin Slug:: themify-wc-product-filter
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4.4
Severity Score:: Medium
CVE:: 2024-2278

Plugin:: Themify � WooCommerce Product Filter
Plugin Slug:: themify-wc-product-filter
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4.4
Severity Score:: High
CVE:: 2024-2263

Plugin:: Themify � WooCommerce Product Filter
Plugin Slug:: themify-wc-product-filter
Installations: 30,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.4.4
Severity Score:: Medium
CVE:: 2024-2262

Plugin:: Ultimate Addons for Beaver Builder � Lite
Plugin Slug:: ultimate-addons-for-beaver-builder-lite
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.8
Severity Score:: Medium
CVE:: 2024-2141

Plugin:: BEAR � Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net
Plugin Slug:: woo-bulk-editor
Installations: 30,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.1.4.4
Severity Score:: Medium
CVE:: 2024-30463

Plugin:: Brave � Create Popup, Optins, Lead Generation, Survey, Sticky Elements & Interactive Content
Plugin Slug:: brave-popup-builder
Installations: 20,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 0.6.6
Severity Score:: Medium
CVE:: 2024-30453

Plugin:: Easy Appointments
Plugin Slug:: easy-appointments
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.11.19
Severity Score:: Medium
CVE:: 2024-2842

Plugin:: Easy Appointments
Plugin Slug:: easy-appointments
Installations: 20,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.11.19
Severity Score:: Medium
CVE:: 2024-2844

Plugin:: Ecwid Ecommerce Shopping Cart
Plugin Slug:: ecwid-shopping-cart
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.12.11
Severity Score:: Medium
CVE:: 2024-2456

Plugin:: MP3 Audio Player for Music, Radio & Podcast by Sonaar
Plugin Slug:: mp3-music-player-by-sonaar
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.1.1
Severity Score:: Medium
CVE:: 2024-30530

Plugin:: MP3 Audio Player for Music, Radio & Podcast by Sonaar
Plugin Slug:: mp3-music-player-by-sonaar
Installations: 20,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.1.1
Severity Score:: High
CVE:: 2024-30487

Plugin:: My Calendar
Plugin Slug:: my-calendar
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.4.24
Severity Score:: Medium
CVE:: 2024-1274

Plugin:: ShortPixel Adaptive Images � WebP, AVIF, CDN, Image Optimization
Plugin Slug:: shortpixel-adaptive-images
Installations: 20,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.8.3
Severity Score:: Medium
CVE:: 2024-31230

Plugin:: weForms � Easy Drag & Drop Contact Form Builder For WordPress
Plugin Slug:: weforms
Installations: 20,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.6.21
Severity Score:: Low
CVE:: 2024-30512

Plugin:: WordPress File Upload
Plugin Slug:: wp-file-upload
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.24.6
Severity Score:: Medium
CVE:: 2024-2847

Plugin:: Awesome Support � WordPress HelpDesk & Support Plugin
Plugin Slug:: awesome-support
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 6.1.8
Severity Score:: Medium
CVE:: 2024-30539

Plugin:: Booking Package
Plugin Slug:: booking-package
Installations: 10,000+
Vulnerability:: Other Vulnerability Type
Patched in Version:: 1.6.29
Severity Score:: High
CVE:: 2024-30516

Plugin:: Favorites
Plugin Slug:: favorites
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.3.4
Severity Score:: Medium
CVE:: 2024-2948

Plugin:: GamiPress � The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress
Plugin Slug:: gamipress
Installations: 10,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 6.8.6
Severity Score:: Medium
CVE:: 2024-30455

Plugin:: GamiPress � The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress
Plugin Slug:: gamipress
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.9.1
Severity Score:: Medium
CVE:: 2024-2783

Plugin:: LWS Optimize
Plugin Slug:: lws-optimize
Installations: 10,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.0
Severity Score:: Medium
CVE:: 2024-30541

Plugin:: Mailster WordPress Newsletter Plugin Compatibility Tester
Plugin Slug:: mailster
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.0.7
Severity Score:: High
CVE:: 2024-30503

Plugin:: Mang Board WP
Plugin Slug:: mangboard
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8.1
Severity Score:: High
CVE:: 2024-30431

Plugin:: MasterStudy LMS WordPress Plugin � for Online Courses and Education
Plugin Slug:: masterstudy-lms-learning-management-system
Installations: 10,000+
Vulnerability:: Privilege Escalation
Patched in Version:: 3.3.2
Severity Score:: Critical
CVE:: 2024-2409

Plugin:: MasterStudy LMS WordPress Plugin � for Online Courses and Education
Plugin Slug:: masterstudy-lms-learning-management-system
Installations: 10,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 3.3.1
Severity Score:: Critical
CVE:: 2024-2411

Plugin:: Author Box, Guest Author and Co-Authors for Your Posts � Molongui
Plugin Slug:: molongui-authorship
Installations: 10,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 4.7.8
Severity Score:: Low
CVE:: 2024-30507

Plugin:: Landing Page Builder � Coming Soon page, Maintenance Mode, Lead Page, WordPress Landing Pages
Plugin Slug:: page-builder-add
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.1.8
Severity Score:: Medium
CVE:: 2024-30452

Plugin:: SellKit � Funnel builder and checkout optimizer for WooCommerce to sell more, faster
Plugin Slug:: sellkit
Installations: 10,000+
Vulnerability:: Arbitrary File Download
Patched in Version:: 1.8.3
Severity Score:: Medium
CVE:: 2024-30509

Plugin:: Simple Revisions Delete
Plugin Slug:: simple-revisions-delete
Installations: 10,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.5.4
Severity Score:: Medium
CVE:: 2024-30482

Plugin:: VS Contact Form
Plugin Slug:: very-simple-contact-form
Installations: 10,000+
Vulnerability:: Bypass Vulnerability
Patched in Version:: 14.8
Severity Score:: Medium
CVE:: 2024-30540

Plugin:: WP Travel Engine � Best Travel Booking WordPress Plugin
Plugin Slug:: wp-travel-engine
Installations: 10,000+
Vulnerability:: SQL Injection
Patched in Version:: 5.8.0
Severity Score:: High
CVE:: 2024-30504

Plugin:: WP Travel Engine � Best Travel Booking WordPress Plugin
Plugin Slug:: wp-travel-engine
Installations: 10,000+
Vulnerability:: SQL Injection
Patched in Version:: 5.8.0
Severity Score:: Critical
CVE:: 2024-30502

Plugin:: 140+ Widgets | Best Addons For Elementor � FREE
Plugin Slug:: xpro-elementor-addons
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4.3
Severity Score:: Medium
CVE:: 2024-2250

Plugin:: Media Library Folders
Plugin Slug:: media-library-plus
Installations: 9,000+
Vulnerability:: SQL Injection
Patched in Version:: 8.1.8
Severity Score:: High
CVE:: 2024-30486

Plugin:: WP Hotel Booking
Plugin Slug:: wp-hotel-booking
Installations: 9,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.0.9.3
Severity Score:: Medium
CVE:: 2024-30508

Plugin:: WP SMS � Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc
Plugin Slug:: wp-sms
Installations: 9,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 6.6.3
Severity Score:: Medium
CVE:: 2024-30454

Plugin:: Collect.chat � Chatbot ??
Plugin Slug:: collectchat
Installations: 8,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.2
Severity Score:: Medium
CVE:: 2024-30436

Plugin:: Finale Lite � Sales Countdown Timer & Discount for WooCommerce
Plugin Slug:: finale-woocommerce-sales-countdown-timer-discount
Installations: 7,000+
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: 2.18.1
Severity Score:: High
CVE:: 2024-30485

Plugin:: Hash Elements
Plugin Slug:: hash-elements
Installations: 7,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.4
Severity Score:: Medium
CVE:: 2024-30426

Plugin:: ProfileGrid � User Profiles, Memberships, Groups and Communities
Plugin Slug:: profilegrid-user-profiles-groups-and-communities
Installations: 7,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 5.7.3
Severity Score:: Medium
CVE:: 2024-30513

Plugin:: ProfileGrid � User Profiles, Memberships, Groups and Communities
Plugin Slug:: profilegrid-user-profiles-groups-and-communities
Installations: 7,000+
Vulnerability:: SQL Injection
Patched in Version:: 5.7.9
Severity Score:: High
CVE:: 2024-30491

Plugin:: ProfileGrid � User Profiles, Memberships, Groups and Communities
Plugin Slug:: profilegrid-user-profiles-groups-and-communities
Installations: 7,000+
Vulnerability:: SQL Injection
Patched in Version:: 5.7.9
Severity Score:: Critical
CVE:: 2024-30490

Plugin:: The Plus Blocks for Block Editor | Gutenberg
Plugin Slug:: the-plus-addons-for-block-editor
Installations: 7,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.6
Severity Score:: High
CVE:: 2024-30435

Plugin:: wp-forecast
Plugin Slug:: wp-forecast
Installations: 7,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 9.3
Severity Score:: Medium
CVE:: 2024-30429

Plugin:: Announce from the Dashboard
Plugin Slug:: announce-from-the-dashboard
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.3
Severity Score:: Medium
CVE:: 2024-3030

Plugin:: Better Elementor Addons
Plugin Slug:: better-elementor-addons
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.8
Severity Score:: Medium
CVE:: 2024-30423

Plugin:: MultiVendorX Marketplace � WooCommerce MultiVendor Marketplace Solution
Plugin Slug:: dc-woocommerce-multi-vendor
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.1.4
Severity Score:: Medium
CVE:: 2024-30433

Plugin:: JCH Optimize
Plugin Slug:: jch-optimize
Installations: 6,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.0.1
Severity Score:: Medium
CVE:: 2024-30481

Plugin:: Nelio Content � Best Editorial Calendar & Social Media Scheduling
Plugin Slug:: nelio-content
Installations: 6,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 3.2.1
Severity Score:: Medium
CVE:: 2024-30531

Plugin:: Salon booking system
Plugin Slug:: salon-booking-system
Installations: 6,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 9.5.1
Severity Score:: Critical
CVE:: 2024-30510

Plugin:: Sliced Invoices � WordPress Invoice Plugin
Plugin Slug:: sliced-invoices
Installations: 6,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.9.3
Severity Score:: Medium
CVE:: 2024-30517

Plugin:: Beaver Builder Addons by WPZOOM
Plugin Slug:: wpzoom-addons-for-beaver-builder
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.5
Severity Score:: Medium
CVE:: 2024-30424

Plugin:: Booking Activities
Plugin Slug:: booking-activities
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.15.20
Severity Score:: High
CVE:: 2024-30449

Plugin:: Paid Memberships Pro � Mailchimp Add On
Plugin Slug:: pmpro-mailchimp
Installations: 5,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.3.5
Severity Score:: Medium
CVE:: 2024-30523

Plugin:: B Slider � Slider for your block editor
Plugin Slug:: b-slider
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.13
Severity Score:: Medium
CVE:: 2024-30432

Plugin:: Slugs Manager: Delete Old Permalinks from WordPress Database
Plugin Slug:: remove-old-slugspermalinks
Installations: 4,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.7.0
Severity Score:: Medium
CVE:: 2024-30536

Plugin:: Custom WooCommerce Checkout Fields Editor
Plugin Slug:: add-fields-to-checkout-page-woocommerce
Installations: 3,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.3.1
Severity Score:: Medium
CVE:: 2024-30518

Plugin:: Builderall Builder for WordPress
Plugin Slug:: builderall-cheetah-for-wp
Installations: 3,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 2.0.2
Severity Score:: Medium
CVE:: 2024-30532

Plugin:: CubeWP � All-in-One Dynamic Content Framework
Plugin Slug:: cubewp-framework
Installations: 3,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 1.1.13
Severity Score:: Critical
CVE:: 2024-30500

Plugin:: Landingi Landing Pages
Plugin Slug:: landingi-landing-pages
Installations: 3,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.1.2
Severity Score:: Medium
CVE:: 2024-30521

Plugin:: Move Addons for Elementor
Plugin Slug:: move-addons
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.3.0
Severity Score:: Medium
CVE:: 2024-30525

Plugin:: Spiffy Calendar
Plugin Slug:: spiffy-calendar
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.9.11
Severity Score:: Medium
CVE:: 2024-30528

Plugin:: Spiffy Calendar
Plugin Slug:: spiffy-calendar
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.9.10
Severity Score:: Medium
CVE:: 2024-30427

Plugin:: Themify Event Post
Plugin Slug:: themify-event-post
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.8
Severity Score:: Medium
CVE:: 2024-30440

Plugin:: Product Sort and Display for WooCommerce
Plugin Slug:: woocommerce-product-sort-and-display
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.4.2
Severity Score:: Medium
CVE:: 2024-1807

Plugin:: CRM Perks Forms � WordPress Form Builder
Plugin Slug:: crm-perks-forms
Installations: 2,000+
Vulnerability:: SQL Injection
Patched in Version:: 1.1.5
Severity Score:: High
CVE:: 2024-30499

Plugin:: CRM Perks Forms � WordPress Form Builder
Plugin Slug:: crm-perks-forms
Installations: 2,000+
Vulnerability:: SQL Injection
Patched in Version:: 1.1.5
Severity Score:: Critical
CVE:: 2024-30498

Plugin:: CRM Perks Forms � WordPress Form Builder
Plugin Slug:: crm-perks-forms
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.5
Severity Score:: Medium
CVE:: 2024-30446

Plugin:: Layouts for Elementor
Plugin Slug:: layouts-for-elementor
Installations: 2,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 1.8
Severity Score:: High
CVE:: 2024-30533

Plugin:: WP Responsive Tabs horizontal vertical and accordion Tabs
Plugin Slug:: responsive-horizontal-vertical-and-accordion-tabs
Installations: 2,000+
Vulnerability:: SQL Injection
Patched in Version:: 1.1.18
Severity Score:: High
CVE:: 2024-30497

Plugin:: RT Easy Builder � Advanced addons for Elementor
Plugin Slug:: rt-easy-builder-advanced-addons-for-elementor
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.1
Severity Score:: Medium
CVE:: 2024-30484

Plugin:: WP Express Checkout (Accept PayPal Payments Easily)
Plugin Slug:: wp-express-checkout
Installations: 2,000+
Vulnerability:: Other Vulnerability Type
Patched in Version:: 2.3.8
Severity Score:: High
CVE:: 2024-30527

Plugin:: WPC Badge Management for WooCommerce
Plugin Slug:: wpc-badge-management
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.4.1
Severity Score:: Medium
CVE:: 2024-30537

Plugin:: WordPress Page Builder � Zion Builder
Plugin Slug:: zionbuilder
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.6.10
Severity Score:: Medium
CVE:: 2024-30444

Plugin:: Zotpress
Plugin Slug:: zotpress
Installations: 2,000+
Vulnerability:: SQL Injection
Patched in Version:: 7.3.8
Severity Score:: High
CVE:: 2024-30488

Plugin:: AI WP Writer � ?????????????? ????? ChatGPT 3.5, GPT 4 ? ????????????? ?????? ??????????
Plugin Slug:: ai-wp-writer
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.6.5.6
Severity Score:: Medium
CVE:: 2024-30459

Plugin:: Announcement & Notification Banner � Bulletin
Plugin Slug:: bulletin-announcements
Installations: 1,000+
Vulnerability:: SQL Injection
Patched in Version:: 3.9.0
Severity Score:: High
CVE:: 2024-30478

Plugin:: Geo Controller
Plugin Slug:: cf-geoplugin
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 8.6.5
Severity Score:: Medium
CVE:: 2024-30451

Plugin:: Church Admin
Plugin Slug:: church-admin
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.1.19
Severity Score:: Medium
CVE:: 2024-30505

Plugin:: Church Admin
Plugin Slug:: church-admin
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 4.1.8
Severity Score:: Medium
CVE:: 2024-30493

Plugin:: Photos and Files Contest Gallery � Contact Form, Upload Form, Social Share and Voting Competition Plugin for WordPress
Plugin Slug:: contest-gallery
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 21.3.6
Severity Score:: High
CVE:: 2024-30428

Plugin:: Creative Addons for Elementor
Plugin Slug:: creative-addons-for-elementor
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.0
Severity Score:: Medium
CVE:: 2024-2924

Plugin:: WPCS � WordPress Currency Switcher Professional
Plugin Slug:: currency-switcher
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.2.0.2
Severity Score:: Medium
CVE:: 2024-30456

Plugin:: Easy Form Builder
Plugin Slug:: easy-form-builder
Installations: 1,000+
Vulnerability:: SQL Injection
Patched in Version:: 3.7.5
Severity Score:: High
CVE:: 2024-30535

Plugin:: Falang multilanguage for WordPress
Plugin Slug:: falang
Installations: 1,000+
Vulnerability:: SQL Injection
Patched in Version:: 1.3.48
Severity Score:: High
CVE:: 2024-30495

Plugin:: FG PrestaShop to WooCommerce
Plugin Slug:: fg-prestashop-to-woocommerce
Installations: 1,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 4.47.0
Severity Score:: Medium
CVE:: 2024-30511

Plugin:: A WordPress Testimonial Plugin to Showcase Testimonial Slider, Testimonial Grid and More: Solid Testimonials
Plugin Slug:: gs-testimonial
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1.5
Severity Score:: Medium
CVE:: 2024-30443

Plugin:: Web Icons
Plugin Slug:: icon
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.0.11
Severity Score:: Medium
CVE:: 2024-30445

Plugin:: OSS Aliyun
Plugin Slug:: oss-aliyun
Installations: 1,000+
Vulnerability:: SQL Injection
Patched in Version:: 1.4.11
Severity Score:: High
CVE:: 2024-30494

Plugin:: Paid Memberships Pro � Payfast Gateway Add On
Plugin Slug:: pmpro-payfast
Installations: 1,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.4.2
Severity Score:: Medium
CVE:: 2024-30514

Plugin:: Print Page block � Print the entire page or Section.
Plugin Slug:: print-page
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.9
Severity Score:: Medium
CVE:: 2024-30438

Plugin:: OpenStreetMap for Gutenberg and WPBakery Page Builder (formerly Visual Composer)
Plugin Slug:: stepbyteservice-openstreetmap
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.2
Severity Score:: Medium
CVE:: 2024-30450

Plugin:: Tainacan
Plugin Slug:: tainacan
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 0.20.8
Severity Score:: Medium
CVE:: 2024-30529

Plugin:: Tumult Hype Animations
Plugin Slug:: tumult-hype-animations
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.9.12
Severity Score:: High
CVE:: 2024-30461

Plugin:: Tumult Hype Animations
Plugin Slug:: tumult-hype-animations
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.9.12
Severity Score:: Medium
CVE:: 2024-30460

Plugin:: Webinar and Video Conference with Jitsi Meet � Create Branded Webinars for WordPress, Meetings & Livestreaming
Plugin Slug:: webinar-and-video-conference-with-jitsi-meet
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.4
Severity Score:: Medium
CVE:: 2024-30437

Plugin:: WholesaleX � WooCommerce Wholesale Plugin (Wholesale Prices, Dynamic Pricing, Tiered Pricing)
Plugin Slug:: wholesalex
Installations: 1,000+
Vulnerability:: Privilege Escalation
Patched in Version:: 1.3.3
Severity Score:: Critical
CVE:: 2024-30542

Plugin:: Sharkdropship Dropshipping & Affiliate for for AliExpress
Plugin Slug:: wooshark-aliexpress-importer
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.2.5
Severity Score:: Medium
CVE:: 2024-1732

Plugin:: WordPress CRM Plugin � WP-CRM System
Plugin Slug:: wp-crm-system
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.9.1
Severity Score:: Medium
CVE:: 2024-30434

Plugin:: MDTF � Meta Data and Taxonomies Filter
Plugin Slug:: wp-meta-data-filter-and-taxonomy-filter
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.3.3.2
Severity Score:: Medium
CVE:: 2024-30457

Plugin:: DELUCKS SEO
Plugin Slug:: delucks-seo
Installations: 600+
Vulnerability:: Broken Access Control
Patched in Version:: 2.5.5
Severity Score:: Medium
CVE:: 2024-30538

Plugin:: Creative Image Slider � Responsive Slider Plugin
Plugin Slug:: creative-image-slider
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.5.0
Severity Score:: High
CVE:: 2024-30447

Plugin:: YITH WooCommerce Account Funds Premium
Plugin Slug:: yith-woocommerce-account-funds-premium
Vulnerability:: Broken Access Control
Patched in Version:: 1.34.0
Severity Score:: Medium
CVE:: 2024-30470

Plugin:: WP Cost Estimation & Payment Forms Builder
Plugin Slug:: wp-estimation-form
Vulnerability:: SQL Injection
Patched in Version:: 10.1.76
Severity Score:: High
CVE:: 2024-30489

Plugin:: Wholesale For WooCommerce
Plugin Slug:: woocommerce-wholesale-pricing
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.3.1
Severity Score:: Medium
CVE:: 2024-30469

Plugin:: Slider by Supsystic
Plugin Slug:: slider-by-supsystic
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8.11
Severity Score:: Medium
CVE:: 2024-30448

Plugin:: REHub Framework
Plugin Slug:: rehub-framework
Vulnerability:: SQL Injection
Patched in Version:: 19.6.2
Severity Score:: High
CVE:: 2024-31234

Plugin:: Limit Attempts by BestWebSoft
Plugin Slug:: limit-attempts
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.0
Severity Score:: High
CVE:: 2024-30439

Plugin:: LayerSlider
Plugin Slug:: layerslider
Vulnerability:: SQL Injection
Patched in Version:: 7.10.1
Severity Score:: Critical
CVE:: 2024-2879

Plugin:: WP ERP
Plugin Slug:: erp
Vulnerability:: SQL Injection
Patched in Version:: 1.30.0
Severity Score:: High
CVE:: 2024-0952

Plugin:: Calendarista Basic Edition
Plugin Slug:: calendarista-basic-edition
Vulnerability:: Broken Access Control
Patched in Version:: 3.0.6
Severity Score:: Medium
CVE:: 2024-30534

WordPress Themes � 3 Patched / 0 Unpatched

Theme:: Rehub
Theme Slug:: rehub-theme
Vulnerability:: SQL Injection
Patched in Version:: 19.6.2
Severity Score:: High
CVE:: 2024-31233

Theme:: Rehub
Theme Slug:: rehub-theme
Vulnerability:: Local File Inclusion
Patched in Version:: 19.6.2
Severity Score:: High
CVE:: 2024-31232

Theme:: Rehub
Theme Slug:: rehub-theme
Vulnerability:: Local File Inclusion
Patched in Version:: 19.6.2
Severity Score:: Critical
CVE:: 2024-31231