WordPress Vulnerability Report � August 28, 2024

In this report, 122 vulnerabilities have been publicly disclosed. Security patches for 73 of these plugins are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 49 plugin and theme vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

WordPress Core

WordPress 6.6.1 is available! This minor release features 7 bug fixes in Core and 9 bug fixes for the Block Editor. You can review a summary of the maintenance updates in this release by reading the Release Candidate announcement.

WordPress Plugins � 72 Patched / 46 Unpatched

Plugin:: TI WooCommerce Wishlist
Plugin Slug:: ti-woocommerce-wishlist
Installations: 100,000+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-43917

Plugin:: YARPP � Yet Another Related Posts Plugin
Plugin Slug:: yet-another-related-posts-plugin
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43919

Plugin:: WP Table Builder � WordPress Table Plugin
Plugin Slug:: wp-table-builder
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-3282

Plugin:: DSGVO All in one for WP
Plugin Slug:: dsgvo-all-in-one-for-wp
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43964

Plugin:: Maintenance & Coming Soon Redirect Animation
Plugin Slug:: maintenance-coming-soon-redirect-animation
Installations: 5,000+
Vulnerability:: Bypass Vulnerability
Patched in Version:: No Fix
Severity Score:: Low
CVE:: 2024-43944

Plugin:: Super Testimonials
Plugin Slug:: super-testimonial
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-43959

Plugin:: SKT Blocks � Gutenberg based Page Builder
Plugin Slug:: skt-blocks
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43946

Plugin:: Classic Addons � WPBakery Page Builder
Plugin Slug:: classic-addons-wpbakery-page-builder-addons
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43953

Plugin:: SendGrid for WordPress
Plugin Slug:: wp-sendgrid-mailer
Installations: 1,000+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-43965

Plugin:: Skitter Slideshow
Plugin Slug:: wp-skitter-slideshow
Installations: 500+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2022-1751

Plugin:: AdRotate
Plugin Slug:: adrotate1
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2022-1206

Plugin:: Animated Number Counters
Plugin Slug:: animated-number-counters
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43957

Plugin:: App Builder
Plugin Slug:: app-builder
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-7651

Plugin:: azurecurve Toggle Show/Hide
Plugin Slug:: azurecurve-toggle-showhide
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43961

Plugin:: Blog Introduction
Plugin Slug:: blogintroduction-wordpress-plugin
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-7862

Plugin:: Brickscore
Plugin Slug:: brickscore
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-43950

Plugin:: Smart Online Order for Clover
Plugin Slug:: clover-online-orders
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-7032

Plugin:: Droip
Plugin Slug:: droip
Vulnerability:: Arbitrary File Deletion
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-43955

Plugin:: Droip
Plugin Slug:: droip
Vulnerability:: Settings Change
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43954

Plugin:: GHActivity
Plugin Slug:: ghactivity
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43949

Plugin:: Gixaw Chat
Plugin Slug:: gixaw-chat
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-7816

Plugin:: Hide My Site
Plugin Slug:: hide-my-site
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-5880

Plugin:: ILC Thickbox
Plugin Slug:: ilc-thickbox
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-7820

Plugin:: LatePoint
Plugin Slug:: latepoint
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43945

Plugin:: LWS Affiliation
Plugin Slug:: lws-affiliation
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43962

Plugin:: Memberpress
Plugin Slug:: memberpress
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43956

Plugin:: Misiek Paypal
Plugin Slug:: misiek-paypal
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-7861

Plugin:: Misiek Photo Album
Plugin Slug:: misiek-photo-album
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-7818

Plugin:: Misiek Photo Album
Plugin Slug:: misiek-photo-album
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-7817

Plugin:: Music Request Manager
Plugin Slug:: music-request-manager
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-6018

Plugin:: Music Request Manager
Plugin Slug:: music-request-manager
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-6019

Plugin:: Music Request Manager
Plugin Slug:: music-request-manager
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-6017

Plugin:: OTA Sync Booking Engine Widget
Plugin Slug:: ota-sync-booking-engine-widget
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-7647

Plugin:: Propovoice Pro
Plugin Slug:: propovoice-pro
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-43941

Plugin:: Responsive Video
Plugin Slug:: responsive-video
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-7629

Plugin:: RT Easy Builder � Advanced addons for Elementor
Plugin Slug:: rt-easy-builder-advanced-addons-for-elementor
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-2254

Plugin:: Simple Headline Rotator
Plugin Slug:: simple-headline-rotator
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-7860

Plugin:: Snapshot Backup
Plugin Slug:: snapshot-backup
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-7689

Plugin:: Web and WooCommerce Addons for WPBakery Builder
Plugin Slug:: vc-addons-by-bit14
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43960

Plugin:: Woo Inquiry
Plugin Slug:: woo-inquiry
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-7854

Plugin:: WordSurvey
Plugin Slug:: wordsurvey
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-6767

Plugin:: WP Testimonial Widget
Plugin Slug:: wp-testimonial-widget
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43967

Plugin:: WP Testimonial Widget
Plugin Slug:: wp-testimonial-widget
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-43966

Plugin:: WP Testimonial Widget
Plugin Slug:: wp-testimonial-widget
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-7390

Plugin:: Z Y N I T H
Plugin Slug:: zynith-seo
Vulnerability:: Settings Change
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43940

Plugin:: Z Y N I T H
Plugin Slug:: zynith-seo
Vulnerability:: Settings Change
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-43939

Plugin:: LiteSpeed Cache
Plugin Slug:: litespeed-cache
Installations: 5,000,000+
Vulnerability:: Privilege Escalation
Patched in Version:: 6.4
Severity Score:: Critical
CVE:: 2024-28000

Plugin:: Popup Maker � Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder
Plugin Slug:: popup-maker
Installations: 700,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.19.1
Severity Score:: Medium
CVE:: 2024-7054

Plugin:: Jeg Elementor Kit
Plugin Slug:: jeg-elementor-kit
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.8
Severity Score:: Medium
CVE:: 2024-6804

Plugin:: Responsive Lightbox & Gallery
Plugin Slug:: responsive-lightbox
Installations: 200,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.4.8
Severity Score:: Medium
CVE:: 2024-43924

Plugin:: Responsive Lightbox & Gallery
Plugin Slug:: responsive-lightbox
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.8
Severity Score:: Medium
CVE:: 2024-6870

Plugin:: Orbit Fox by ThemeIsle
Plugin Slug:: themeisle-companion
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.10.37
Severity Score:: Medium
CVE:: 2024-7778

Plugin:: Beaver Builder � WordPress Page Builder
Plugin Slug:: beaver-builder-lite-version
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.8.3.4
Severity Score:: High
CVE:: 2024-43926

Plugin:: Custom Permalinks
Plugin Slug:: custom-permalinks
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.7.0
Severity Score:: Medium
CVE:: 2023-0926

Plugin:: Email Address Encoder
Plugin Slug:: email-address-encoder
Installations: 100,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.0.24
Severity Score:: Medium
CVE:: 2024-43927

Plugin:: EmbedPress � Embed PDF, 3D Flipbook, Social Feeds, Google Docs, Vimeo, Wistia, YouTube Videos, Audios, Google Maps in Gutenberg Block & Elementor
Plugin Slug:: embedpress
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.0.9
Severity Score:: Medium
CVE:: 2024-43936

Plugin:: Gallery Plugin for WordPress � Envira Photo Gallery
Plugin Slug:: envira-gallery-lite
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.8.15
Severity Score:: Medium
CVE:: 2024-43925

Plugin:: GiveWP � Donation Plugin and Fundraising Platform
Plugin Slug:: give
Installations: 100,000+
Vulnerability:: Arbitrary File Deletion
Patched in Version:: 3.14.2
Severity Score:: Medium
CVE:: 2024-5941

Plugin:: GiveWP � Donation Plugin and Fundraising Platform
Plugin Slug:: give
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.14.0
Severity Score:: Medium
CVE:: 2024-5940

Plugin:: GiveWP � Donation Plugin and Fundraising Platform
Plugin Slug:: give
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.14.0
Severity Score:: Medium
CVE:: 2024-5939

Plugin:: WordPress Button Plugin MaxButtons
Plugin Slug:: maxbuttons
Installations: 100,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 9.8.0
Severity Score:: Medium
CVE:: 2024-6499

Plugin:: NitroPack � Caching & Speed Optimization for Core Web Vitals, Defer CSS & JS, Lazy load Images and CDN
Plugin Slug:: nitropack
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.16.8
Severity Score:: Medium
CVE:: 2024-43922

Plugin:: String locator
Plugin Slug:: string-locator
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.6
Severity Score:: High
CVE:: 2023-6987

Plugin:: The Plus Addons for Elementor � Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce
Plugin Slug:: the-plus-addons-for-elementor-page-builder
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.6.3
Severity Score:: Medium
CVE:: 2024-43932

Plugin:: The Plus Addons for Elementor � Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce
Plugin Slug:: the-plus-addons-for-elementor-page-builder
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.6.3
Severity Score:: Medium
CVE:: 2024-5763

Plugin:: Ninja Tables � Easiest Data Table Builder
Plugin Slug:: ninja-tables
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.0.13
Severity Score:: Medium
CVE:: 2024-7304

Plugin:: AI Engine
Plugin Slug:: ai-engine
Installations: 70,000+
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: 2.5.1
Severity Score:: Critical
CVE:: 2024-6451

Plugin:: Shield Security � Smart Bot Blocking & Intrusion Prevention Security
Plugin Slug:: wp-simple-firewall
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 20.0.6
Severity Score:: High
CVE:: 2024-7313

Plugin:: Visual CSS Style Editor
Plugin Slug:: yellow-pencil-visual-theme-customizer
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.6.4
Severity Score:: High
CVE:: 2024-43963

Plugin:: Piotnet Addons For Elementor
Plugin Slug:: piotnet-addons-for-elementor
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.31
Severity Score:: Medium
CVE:: 2024-5502

Plugin:: Quiz and Survey Master (QSM) � Easy Quiz and Survey Maker
Plugin Slug:: quiz-master-next
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 9.1.1
Severity Score:: Medium
CVE:: 2024-6879

Plugin:: WP Last Modified Info
Plugin Slug:: wp-last-modified-info
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.9.1
Severity Score:: Medium
CVE:: 2024-6864

Plugin:: Image Hotspot by DevVN
Plugin Slug:: devvn-image-hotspot
Installations: 30,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 1.2.6
Severity Score:: High
CVE:: 2024-7656

Plugin:: Gutenverse � Blocks and Website Builder for Site Editor
Plugin Slug:: gutenverse
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.0
Severity Score:: Medium
CVE:: 2024-43920

Plugin:: Simple Job Board
Plugin Slug:: simple-job-board
Installations: 20,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 2.12.4
Severity Score:: High
CVE:: 2024-7351

Plugin:: 140+ Widgets | Xpro Addons For Elementor � FREE
Plugin Slug:: xpro-elementor-addons
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4.4.4
Severity Score:: Medium
CVE:: 2024-7791

Plugin:: Generate Images � Magic Post Thumbnail
Plugin Slug:: magic-post-thumbnail
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.2.10
Severity Score:: High
CVE:: 2024-43921

Plugin:: WooCommerce Google Feed Manager
Plugin Slug:: wp-product-feed-manager
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.9.0
Severity Score:: Medium

Plugin:: WooCommerce Google Feed Manager
Plugin Slug:: wp-product-feed-manager
Installations: 10,000+
Vulnerability:: Arbitrary File Deletion
Patched in Version:: 2.9.0
Severity Score:: High
CVE:: 2024-7258

Plugin:: BP Profile Search
Plugin Slug:: bp-profile-search
Installations: 8,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 5.8
Severity Score:: High
CVE:: 2024-7850

Plugin:: AcyMailing � An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress
Plugin Slug:: acymailing
Installations: 7,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 9.8.0
Severity Score:: High
CVE:: 2024-7384

Plugin:: Themify Builder
Plugin Slug:: themify-builder
Installations: 7,000+
Vulnerability:: Broken Access Control
Patched in Version:: 7.6.2
Severity Score:: Medium
CVE:: 2024-7836

Plugin:: Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder
Plugin Slug:: bit-form
Installations: 6,000+
Vulnerability:: Arbitrary File Download
Patched in Version:: 2.13.10
Severity Score:: High
CVE:: 2024-7777

Plugin:: Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder
Plugin Slug:: bit-form
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.13.10
Severity Score:: Medium
CVE:: 2024-7775

Plugin:: Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder
Plugin Slug:: bit-form
Installations: 6,000+
Vulnerability:: SQL Injection
Patched in Version:: 2.13.10
Severity Score:: High
CVE:: 2024-7702

Plugin:: Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder
Plugin Slug:: bit-form
Installations: 6,000+
Vulnerability:: Arbitrary File Deletion
Patched in Version:: 2.13.5
Severity Score:: Medium
CVE:: 2024-7782

Plugin:: WP Delicious � Recipe Plugin for Food Bloggers (formerly Delicious Recipes)
Plugin Slug:: delicious-recipes
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.8
Severity Score:: Medium
CVE:: 2024-43935

Plugin:: GEO my WP
Plugin Slug:: geo-my-wp
Installations: 5,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 4.5.0.2
Severity Score:: High
CVE:: 2024-6330

Plugin:: Logo Showcase Ultimate � Logo Carousel, Logo Slider & Logo Grid
Plugin Slug:: logo-showcase-ultimate
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4.2
Severity Score:: Medium
CVE:: 2024-8046

Plugin:: Shopping Cart & eCommerce Store
Plugin Slug:: wp-easycart
Installations: 5,000+
Vulnerability:: SQL Injection
Patched in Version:: 5.7.3
Severity Score:: High
CVE:: 2024-7827

Plugin:: WPMobile.App � Android and iOS Mobile Application
Plugin Slug:: wpappninja
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 11.49
Severity Score:: Medium
CVE:: 2024-43933

Plugin:: WP Crowdfunding
Plugin Slug:: wp-crowdfunding
Installations: 4,000+
Vulnerability:: Settings Change
Patched in Version:: 2.1.11
Severity Score:: Medium
CVE:: 2024-43937

Plugin:: Collapsing Archives
Plugin Slug:: collapsing-archives
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.0.6
Severity Score:: Medium
CVE:: 2024-43934

Plugin:: Name Directory
Plugin Slug:: name-directory
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.29.1
Severity Score:: Medium
CVE:: 2024-43938

Plugin:: LH Add Media From Url
Plugin Slug:: lh-add-media-from-url
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.30
Severity Score:: High
CVE:: 2024-7090

Plugin:: WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin
Plugin Slug:: timetics
Installations: 2,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.0.24
Severity Score:: Medium
CVE:: 2024-43923

Plugin:: Event Espresso � Event Registration & Ticketing Sales
Plugin Slug:: event-espresso-decaf
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.0.22.decaf
Severity Score:: Medium
CVE:: 2024-6883

Plugin:: ImageRecycle pdf & image compression
Plugin Slug:: imagerecycle-pdf-image-compression
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.1.15
Severity Score:: Medium
CVE:: 2024-8120

Plugin:: ImageRecycle pdf & image compression
Plugin Slug:: imagerecycle-pdf-image-compression
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.1.15
Severity Score:: Medium
CVE:: 2024-6631

Plugin:: Image Optimizer, Resizer and CDN � Sirv
Plugin Slug:: sirv
Installations: 1,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 7.2.8
Severity Score:: Critical

Plugin:: User Private Files � Upload and Share Files with Secure WordPress File Manager
Plugin Slug:: user-private-files
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.1.1
Severity Score:: Medium
CVE:: 2024-7848