WordPress Vulnerability Report � August 21, 2024

In this report, 183 vulnerabilities have been publicly disclosed. Security patches for 129 of these plugins are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 53 plugin and theme vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

WordPress Core

WordPress 6.6.1 is available! This minor release features 7 bug fixes in Core and 9 bug fixes for the Block Editor. You can review a summary of the maintenance updates in this release by reading the Release Candidate announcement.

WordPress Plugins � 126 Patched / 47 Unpatched

Plugin:: Cookie Notice & Compliance for GDPR / CCPA
Plugin Slug:: cookie-notice
Installations: 1,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2022-3399

Plugin:: Clearfy Cache � WordPress optimization plugin, Minify HTML, CSS & JS, Defer
Plugin Slug:: clearfy
Installations: 70,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43260

Plugin:: Button contact VR
Plugin Slug:: button-contact-vr
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43347

Plugin:: Analytify � Google Analytics Dashboard For WordPress (GA4 analytics made easy)
Plugin Slug:: wp-analytify
Installations: 30,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43265

Plugin:: Backup and Restore WordPress � Backup Plugin
Plugin Slug:: wp-backitup
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43270

Plugin:: Backup and Restore WordPress � Backup Plugin
Plugin Slug:: wp-backitup
Installations: 10,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43269

Plugin:: Backup and Restore WordPress � Backup Plugin
Plugin Slug:: wp-backitup
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43268

Plugin:: WP User Manager � User Profile Builder & Membership
Plugin Slug:: wp-user-manager
Installations: 10,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43336

Plugin:: WP SMS � Ultimate SMS & MMS Notifications, 2FA, OTP, and Integrations with WooCommerce, GravityForms, and More
Plugin Slug:: wp-sms
Installations: 9,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43331

Plugin:: WP Job Portal � A Complete Recruitment System for Company or Job Board website
Plugin Slug:: wp-job-portal
Installations: 6,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43266

Plugin:: All Bootstrap Blocks
Plugin Slug:: all-bootstrap-blocks
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43349

Plugin:: Photo Engine (Media Organizer & Lightroom)
Plugin Slug:: wplr-sync
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43332

Plugin:: Propovoice: All-in-One Client Management System
Plugin Slug:: propovoice
Installations: 1,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43350

Plugin:: Skitter Slideshow
Plugin Slug:: wp-skitter-slideshow
Installations: 500+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2022-1751

Plugin:: Admission AppManager
Plugin Slug:: admission-appmanager
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2023-4507

Plugin:: AdRotate
Plugin Slug:: adrotate1
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2022-1206

Plugin:: Bit Form Pro
Plugin Slug:: bitformpro
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43251

Plugin:: Bit Form Pro
Plugin Slug:: bitformpro
Vulnerability:: Settings Change
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-43250

Plugin:: Bit Form Pro
Plugin Slug:: bitformpro
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-43249

Plugin:: Bit Form Pro
Plugin Slug:: bitformpro
Vulnerability:: Arbitrary File Deletion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-43248

Plugin:: Smart Online Order for Clover
Plugin Slug:: clover-online-orders
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43254

Plugin:: Smart Online Order for Clover
Plugin Slug:: clover-online-orders
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43253

Plugin:: Compute Links
Plugin Slug:: compute-links
Vulnerability:: Remote File Inclusion
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-43261

Plugin:: DL Robots.txt
Plugin Slug:: dl-robotstxt
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-6797

Plugin:: Simple Share
Plugin Slug:: dts-simple-share
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-7556

Plugin:: Ultimate Membership Pro
Plugin Slug:: indeed-membership-pro
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-43242

Plugin:: Ultimate Membership Pro
Plugin Slug:: indeed-membership-pro
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-43241

Plugin:: Ultimate Membership Pro
Plugin Slug:: indeed-membership-pro
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-43240

Plugin:: Leopard – WordPress offload media
Plugin Slug:: leopard-wordpress-offload-media
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43257

Plugin:: Leopard – WordPress offload media
Plugin Slug:: leopard-wordpress-offload-media
Vulnerability:: Settings Change
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-43256

Plugin:: LOGIN AND REGISTRATION ATTEMPTS LIMIT
Plugin Slug:: login-attempts-limit-wp
Vulnerability:: Bypass Vulnerability
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2022-4532

Plugin:: Create by Mediavine
Plugin Slug:: mediavine-create
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43264

Plugin:: MyBookTable Bookstore
Plugin Slug:: mybooktable
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-43255

Plugin:: Opti Marketing
Plugin Slug:: opti-marketing
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-6928

Plugin:: Order Export for WooCommerce
Plugin Slug:: order-export-and-more-for-woocommerce
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43259

Plugin:: Snapshot Backup
Plugin Slug:: snapshot-backup
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-7689

Plugin:: Store Locator Plus
Plugin Slug:: store-locator-le
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43258

Plugin:: TrueBooker
Plugin Slug:: truebooker-appointment-booking
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-6924

Plugin:: TrueBooker
Plugin Slug:: truebooker-appointment-booking
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-6925

Plugin:: Mega Addons For Elementor
Plugin Slug:: ultimate-addons-for-elementor
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43267

Plugin:: WHMpress
Plugin Slug:: whmpress
Vulnerability:: Settings Change
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-43247

Plugin:: WHMpress
Plugin Slug:: whmpress
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-43246

Plugin:: InPost for WooCommerce
Plugin Slug:: woo-inpost
Vulnerability:: Arbitrary File Deletion
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-6500

Plugin:: Woo Products Widgets For Elementor
Plugin Slug:: woo-products-widgets-for-elementor
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-43271

Plugin:: JobSearch
Plugin Slug:: wp-jobsearch
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-43245

Plugin:: WP MultiTasking
Plugin Slug:: wp-multitasking
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-6859

Plugin:: WP MultiTasking
Plugin Slug:: wp-multitasking
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-6856

Plugin:: WooCommerce
Plugin Slug:: woocommerce
Installations: 7,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 9.1.3
Severity Score:: Medium
CVE:: 2024-39666

Plugin:: LiteSpeed Cache
Plugin Slug:: litespeed-cache
Installations: 5,000,000+
Vulnerability:: Privilege Escalation
Patched in Version:: 6.4
Severity Score:: Critical
CVE:: 2024-28000

Plugin:: Essential Addons for Elementor � Best Elementor Templates, Widgets, Kits & WooCommerce Builders
Plugin Slug:: essential-addons-for-elementor-lite
Installations: 2,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.0.0
Severity Score:: Medium
CVE:: 2024-7092

Plugin:: Popup Maker � Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder
Plugin Slug:: popup-maker
Installations: 700,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.19.1
Severity Score:: Medium
CVE:: 2024-7054

Plugin:: MetForm � Contact Form, Survey, Quiz, & Custom Form Builder for Elementor
Plugin Slug:: metform
Installations: 400,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 3.3.0
Severity Score:: Critical
CVE:: 2023-0714

Plugin:: Fonts Plugin | Use Google Fonts, Adobe Fonts or Upload Fonts
Plugin Slug:: olympus-google-fonts
Installations: 200,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.7.8
Severity Score:: Medium
CVE:: 2024-43302

Plugin:: Fonts Plugin | Use Google Fonts, Adobe Fonts or Upload Fonts
Plugin Slug:: olympus-google-fonts
Installations: 200,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.7.8
Severity Score:: High
CVE:: 2024-43301

Plugin:: SpeedyCache � Cache, Optimization, Performance
Plugin Slug:: speedycache
Installations: 200,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.1.9
Severity Score:: Medium
CVE:: 2024-43299

Plugin:: White Label CMS
Plugin Slug:: white-label-cms
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.7.5
Severity Score:: High
CVE:: 2024-43303

Plugin:: PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer � DearFlip
Plugin Slug:: 3d-flipbook-dflip-lite
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.56
Severity Score:: Medium
CVE:: 2024-4367

Plugin:: Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)
Plugin Slug:: bdthemes-element-pack-lite
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.7.3
Severity Score:: Medium
CVE:: 2024-7247

Plugin:: Stripe Payments For WooCommerce by Checkout Plugins
Plugin Slug:: checkout-plugins-stripe-woo
Installations: 100,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.9.2
Severity Score:: Medium
CVE:: 2024-43316

Plugin:: Stripe Payments For WooCommerce by Checkout Plugins
Plugin Slug:: checkout-plugins-stripe-woo
Installations: 100,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 1.9.2
Severity Score:: High
CVE:: 2024-43315

Plugin:: Slider & Popup Builder by Depicter � Add Image Slider, Carousel Slider, Exit Intent Popup, Popup Modal, Coupon Popup, Post Slider Carousel
Plugin Slug:: depicter
Installations: 100,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 3.1.2
Severity Score:: Critical
CVE:: 2024-4389

Plugin:: EmbedPress � Embed PDF, PDF 3D FlipBook, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor
Plugin Slug:: embedpress
Installations: 100,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 4.0.10
Severity Score:: High
CVE:: 2024-43328

Plugin:: GiveWP � Donation Plugin and Fundraising Platform
Plugin Slug:: give
Installations: 100,000+
Vulnerability:: Arbitrary File Deletion
Patched in Version:: 3.14.2
Severity Score:: Medium
CVE:: 2024-5941

Plugin:: GiveWP � Donation Plugin and Fundraising Platform
Plugin Slug:: give
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.14.0
Severity Score:: Medium
CVE:: 2024-5940

Plugin:: GiveWP � Donation Plugin and Fundraising Platform
Plugin Slug:: give
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.14.0
Severity Score:: Medium
CVE:: 2024-5939

Plugin:: GiveWP � Donation Plugin and Fundraising Platform
Plugin Slug:: give
Installations: 100,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 3.14.2
Severity Score:: Critical
CVE:: 2024-5932

Plugin:: Insert PHP Code Snippet
Plugin Slug:: insert-php-code-snippet
Installations: 100,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.3.7
Severity Score:: Medium
CVE:: 2024-43275

Plugin:: Newsletter, SMTP, Email marketing and Subscribe forms by Brevo (formely Sendinblue)
Plugin Slug:: mailin
Installations: 100,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.1.83
Severity Score:: Medium
CVE:: 2024-43287

Plugin:: The Ultimate Video Player For WordPress � by Presto Player
Plugin Slug:: presto-player
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.0.3
Severity Score:: Medium
CVE:: 2024-43285

Plugin:: Relevanssi � A Better Search
Plugin Slug:: relevanssi
Installations: 100,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 4.23.0
Severity Score:: Medium
CVE:: 2024-7630

Plugin:: SEO Plugin by Squirrly SEO
Plugin Slug:: squirrly-seo
Installations: 100,000+
Vulnerability:: SQL Injection
Patched in Version:: 12.3.20
Severity Score:: High
CVE:: 2024-43286

Plugin:: The Plus Addons for Elementor � Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce
Plugin Slug:: the-plus-addons-for-elementor-page-builder
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.6.3
Severity Score:: Medium
CVE:: 2024-5763

Plugin:: Asset CleanUp: Page Speed Booster
Plugin Slug:: wp-asset-clean-up
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.3.9.4
Severity Score:: Medium
CVE:: 2024-43314

Plugin:: Tutor LMS � eLearning and online course solution
Plugin Slug:: tutor
Installations: 90,000+
Vulnerability:: SQL Injection
Patched in Version:: 2.7.3
Severity Score:: High
CVE:: 2024-43282

Plugin:: Theme My Login
Plugin Slug:: theme-my-login
Installations: 80,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 7.1.8
Severity Score:: Medium
CVE:: 2024-7422

Plugin:: AI Engine
Plugin Slug:: ai-engine
Installations: 70,000+
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: 2.5.1
Severity Score:: Critical
CVE:: 2024-6451

Plugin:: Media Library Assistant
Plugin Slug:: media-library-assistant
Installations: 70,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 3.19
Severity Score:: Critical
CVE:: 2024-6823

Plugin:: Clone
Plugin Slug:: wp-clone-by-wp-academy
Installations: 70,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.4.6
Severity Score:: Medium
CVE:: 2024-43298

Plugin:: FOX � Currency Switcher Professional for WooCommerce
Plugin Slug:: woocommerce-currency-switcher
Installations: 60,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.4.2.1
Severity Score:: Medium
CVE:: 2024-43297

Plugin:: Category Posts Widget
Plugin Slug:: category-posts
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.9.17
Severity Score:: Medium
CVE:: 2024-6158

Plugin:: Download Plugins and Themes in ZIP from Dashboard
Plugin Slug:: download-plugins-dashboard
Installations: 40,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.8.8
Severity Score:: Medium
CVE:: 2024-7501

Plugin:: Gutentor � Gutenberg Blocks � Page Builder for Gutenberg Editor
Plugin Slug:: gutentor
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.3.6
Severity Score:: Medium
CVE:: 2024-43308

Plugin:: Post Grid and Gutenberg Blocks
Plugin Slug:: post-grid
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.88
Severity Score:: Medium
CVE:: 2024-7588

Plugin:: Structured Content (JSON-LD) #wpsc
Plugin Slug:: structured-content
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.3
Severity Score:: Medium
CVE:: 2024-43307

Plugin:: WP Last Modified Info
Plugin Slug:: wp-last-modified-info
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.9.1
Severity Score:: Medium
CVE:: 2024-6864

Plugin:: HTML5 Video Player � mp4 Video Player Plugin and Block
Plugin Slug:: html5-video-player
Installations: 30,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.5.32
Severity Score:: Medium
CVE:: 2024-43319

Plugin:: HTML5 Video Player � mp4 Video Player Plugin and Block
Plugin Slug:: html5-video-player
Installations: 30,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.5.31
Severity Score:: Medium
CVE:: 2024-43296

Plugin:: Brave � Create Popup, Optins, Lead Generation, Survey, Sticky Elements & Interactive Content
Plugin Slug:: brave-popup-builder
Installations: 20,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 0.7.1
Severity Score:: Medium
CVE:: 2024-43337

Plugin:: Void Contact Form 7 Widget For Elementor Page Builder
Plugin Slug:: cf7-widget-elementor
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.2
Severity Score:: Medium
CVE:: 2024-43291

Plugin:: Icegram Engage � Ultimate WP Popup Builder, Lead Generation, Optins, and CTA
Plugin Slug:: icegram
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1.26
Severity Score:: Medium
CVE:: 2024-43344

Plugin:: Icegram Engage � Ultimate WP Popup Builder, Lead Generation, Optins, and CTA
Plugin Slug:: icegram
Installations: 20,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.1.25
Severity Score:: Medium
CVE:: 2024-43272

Plugin:: Child Theme Creator by Orbisius
Plugin Slug:: orbisius-child-theme-creator
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.5
Severity Score:: High
CVE:: 2024-43276

Plugin:: UsersWP � Front-end login form, User Registration, User Profile & Members Directory plugin for WP
Plugin Slug:: userswp
Installations: 20,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.2.16
Severity Score:: Medium
CVE:: 2024-43277

Plugin:: WordPress File Upload
Plugin Slug:: wp-file-upload
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.24.9
Severity Score:: High
CVE:: 2024-7301

Plugin:: wpForo Forum
Plugin Slug:: wpforo
Installations: 20,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.3.5
Severity Score:: High
CVE:: 2024-43289

Plugin:: wpForo Forum
Plugin Slug:: wpforo
Installations: 20,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 2.3.5
Severity Score:: Medium
CVE:: 2024-43288

Plugin:: WPBakery Page Builder Addons by Livemesh
Plugin Slug:: addons-for-visual-composer
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.9.1
Severity Score:: Medium
CVE:: 2024-43320

Plugin:: AFI � The Easiest Integration Plugin
Plugin Slug:: advanced-form-integration
Installations: 10,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.89.6
Severity Score:: Medium
CVE:: 2024-43340

Plugin:: Bold Timeline Lite
Plugin Slug:: bold-timeline-lite
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.1
Severity Score:: Medium
CVE:: 2024-43294

Plugin:: Cryptocurrency Widgets � Price Ticker & Coins List
Plugin Slug:: cryptocurrency-price-ticker-widget
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.8.1
Severity Score:: High
CVE:: 2024-43304

Plugin:: RegistrationMagic � User Registration Plugin with Custom Registration Forms
Plugin Slug:: custom-registration-form-builder-with-submission-manager
Installations: 10,000+
Vulnerability:: Content Injection
Patched in Version:: 6.0.1.1
Severity Score:: Medium
CVE:: 2024-43317

Plugin:: E2Pdf � Export Pdf Tool for WordPress
Plugin Slug:: e2pdf
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.25.11
Severity Score:: Medium
CVE:: 2024-43318

Plugin:: Envo’s Elementor Templates & Widgets for WooCommerce
Plugin Slug:: envo-elementor-for-woocommerce
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4.17
Severity Score:: Medium
CVE:: 2024-43292

Plugin:: Generate Images � Magic Post Thumbnail
Plugin Slug:: magic-post-thumbnail
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.2.8
Severity Score:: Medium
CVE:: 2024-6724

Plugin:: Modal Window � create popup modal window
Plugin Slug:: modal-window
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.0.4
Severity Score:: Medium
CVE:: 2024-43346

Plugin:: myCred � Loyalty Points and Rewards plugin for WordPress and WooCommerce � Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification
Plugin Slug:: mycred
Installations: 10,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 2.7.3
Severity Score:: Critical
CVE:: 2024-43354

Plugin:: myCred � Loyalty Points and Rewards plugin for WordPress and WooCommerce � Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification
Plugin Slug:: mycred
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.7.3
Severity Score:: Medium
CVE:: 2024-43353

Plugin:: Landing Page Builder � Coming Soon page, Maintenance Mode, Lead Page, WordPress Landing Pages
Plugin Slug:: page-builder-add
Installations: 10,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 1.5.2.1
Severity Score:: High
CVE:: 2024-43345

Plugin:: Recipe Card Blocks for Gutenberg & Elementor � Best WordPress Recipe Plugin
Plugin Slug:: recipe-card-blocks-by-wpzoom
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.3.2
Severity Score:: Medium
CVE:: 2024-43293

Plugin:: ReviewX � Multi-criteria Rating & Reviews for WooCommerce
Plugin Slug:: reviewx
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.6.29
Severity Score:: Medium
CVE:: 2024-43323

Plugin:: weMail � Email Marketing, Newsletter, Optin Forms, Subscribers WordPress Plugin
Plugin Slug:: wemail
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.14.6
Severity Score:: High
CVE:: 2024-43238

Plugin:: WPC Frequently Bought Together for WooCommerce
Plugin Slug:: woo-bought-together
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 7.2.0
Severity Score:: Medium
CVE:: 2024-43312

Plugin:: WP Data Access � WordPress App, Table and Form Builder plugin
Plugin Slug:: wp-data-access
Installations: 10,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 5.5.9
Severity Score:: Medium
CVE:: 2024-43295

Plugin:: BP Profile Search
Plugin Slug:: bp-profile-search
Installations: 9,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 5.8
Severity Score:: High
CVE:: 2024-7850

Plugin:: ARMember � Membership Plugin, Content Restriction, Member Levels, User Profile & User signup
Plugin Slug:: armember-membership
Installations: 8,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.0.38
Severity Score:: Medium
CVE:: 2024-7703

Plugin:: Plugin Notes Plus
Plugin Slug:: plugin-notes-plus
Installations: 8,000+
Vulnerability:: Arbitrary Content Deletion
Patched in Version:: 1.2.8
Severity Score:: Medium
CVE:: 2024-43326

Plugin:: InPost PL
Plugin Slug:: inpost-for-woocommerce
Installations: 7,000+
Vulnerability:: Arbitrary File Deletion
Patched in Version:: 1.4.5
Severity Score:: Critical
CVE:: 2024-6500

Plugin:: Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder
Plugin Slug:: bit-form
Installations: 6,000+
Vulnerability:: Arbitrary File Download
Patched in Version:: 2.13.10
Severity Score:: High
CVE:: 2024-7777

Plugin:: Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder
Plugin Slug:: bit-form
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.13.10
Severity Score:: Medium
CVE:: 2024-7775

Plugin:: Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder
Plugin Slug:: bit-form
Installations: 6,000+
Vulnerability:: SQL Injection
Patched in Version:: 2.13.10
Severity Score:: High
CVE:: 2024-7702

Plugin:: Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder
Plugin Slug:: bit-form
Installations: 6,000+
Vulnerability:: Arbitrary File Deletion
Patched in Version:: 2.13.5
Severity Score:: Medium
CVE:: 2024-7782

Plugin:: Custom Layouts � Post + Product grids made easy
Plugin Slug:: custom-layouts
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4.12
Severity Score:: Medium
CVE:: 2024-43305

Plugin:: GEO my WP
Plugin Slug:: geo-my-wp
Installations: 5,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 4.5.0.2
Severity Score:: High
CVE:: 2024-6330

Plugin:: JS Help Desk � The Ultimate Help Desk & Support Plugin
Plugin Slug:: js-support-ticket
Installations: 5,000+
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: 2.8.7
Severity Score:: Critical
CVE:: 2024-7094

Plugin:: JS Help Desk � The Ultimate Help Desk & Support Plugin
Plugin Slug:: js-support-ticket
Installations: 5,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.8.7
Severity Score:: Medium
CVE:: 2024-43274

Plugin:: Salon Booking System
Plugin Slug:: salon-booking-system
Installations: 5,000+
Vulnerability:: Open Redirection
Patched in Version:: 10.9
Severity Score:: Medium
CVE:: 2024-43280

Plugin:: Void Elementor Post Grid Addon for Elementor Page builder
Plugin Slug:: void-elementor-post-grid-addon-for-elementor-page-builder
Installations: 5,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 2.4
Severity Score:: Medium
CVE:: 2024-43281

Plugin:: Shopping Cart & eCommerce Store
Plugin Slug:: wp-easycart
Installations: 5,000+
Vulnerability:: SQL Injection
Patched in Version:: 5.7.3
Severity Score:: High
CVE:: 2024-7827

Plugin:: WP Telegram Widget and Join Link
Plugin Slug:: wptelegram-widget
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.28
Severity Score:: Medium
CVE:: 2024-43309

Plugin:: Clever Addons for Elementor
Plugin Slug:: cafe-lite
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.1
Severity Score:: Medium
CVE:: 2024-43324

Plugin:: Meta Field Block
Plugin Slug:: display-a-meta-field-as-block
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.14
Severity Score:: Medium
CVE:: 2024-43278

Plugin:: Icegram Collect � Easy Form, Lead Collection and Subscription plugin
Plugin Slug:: icegram-rainmaker
Installations: 4,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.3.15
Severity Score:: Medium
CVE:: 2024-43273

Plugin:: MStore API � Create Native Android & iOS Apps On The Cloud
Plugin Slug:: mstore-api
Installations: 4,000+
Vulnerability:: Broken Authentication
Patched in Version:: 4.15.3
Severity Score:: High
CVE:: 2024-7628

Plugin:: Order Tracking � WordPress Status Tracking Plugin
Plugin Slug:: order-tracking
Installations: 4,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.3.13
Severity Score:: Medium
CVE:: 2024-43343

Plugin:: Dark Mode for WP Dashboard
Plugin Slug:: dark-mode-for-wp-dashboard
Installations: 3,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.2.4
Severity Score:: Medium
CVE:: 2024-43325

Plugin:: Newsletters
Plugin Slug:: newsletters-lite
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.9.9
Severity Score:: High
CVE:: 2024-43279

Plugin:: Newsletters
Plugin Slug:: newsletters-lite
Installations: 3,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 4.9.9.1
Severity Score:: Medium
CVE:: 2024-7411

Plugin:: oik
Plugin Slug:: oik
Installations: 3,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 4.12.1
Severity Score:: Medium
CVE:: 2024-43356

Plugin:: Responsive Blocks � WordPress Gutenberg Blocks
Plugin Slug:: responsive-block-editor-addons
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8.9
Severity Score:: Medium
CVE:: 2024-43335

Plugin:: WP-Lister Lite for eBay
Plugin Slug:: wp-lister-for-ebay
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.6.1
Severity Score:: High
CVE:: 2024-43306

Plugin:: Visual Website Collaboration, Feedback & Project Management � Atarim
Plugin Slug:: atarim-visual-collaboration
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.0.2
Severity Score:: Medium
CVE:: 2024-43290

Plugin:: JoomSport � for Sports: Team & League, Football, Hockey & more
Plugin Slug:: joomsport-sports-league-results-management
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.5.7
Severity Score:: Medium
CVE:: 2024-43355

Plugin:: Masteriyo LMS � eLearning and Online Course Builder for WordPress
Plugin Slug:: learning-management-system
Installations: 2,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 1.11.5
Severity Score:: Medium
CVE:: 2024-43239

Plugin:: Team Showcase
Plugin Slug:: team
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.22.24
Severity Score:: Medium
CVE:: 2024-43321

Plugin:: Print Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce
Plugin Slug:: a4-barcode-generator
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.4.10
Severity Score:: Medium
CVE:: 2024-43310