WordPress Vulnerability Report � December 11, 2024

In this report, 231 vulnerabilities have been publicly disclosed. Security patches for 134 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 97 plugin and theme vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

WordPress Core

WordPress 6.7.1 is available! This minor release features 16 bug fixes throughout Core and the Block Editor.

WordPress Plugins � 128 Patched / 94 Unpatched

Plugin:: 140+ Widgets | Xpro Addons For Elementor � FREE
Plugin Slug:: xpro-elementor-addons
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-54253

Plugin:: s2Member � Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions
Plugin Slug:: s2member
Installations: 10,000+
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-51815

Plugin:: Login Widget With Shortcode
Plugin Slug:: login-sidebar-widget
Installations: 8,000+
Vulnerability:: Open Redirection
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-54255

Plugin:: WP Project Manager � Task, team, and project management plugin featuring kanban board and gantt charts
Plugin Slug:: wedevs-project-manager
Installations: 8,000+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-12015

Plugin:: Borderless � Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg
Plugin Slug:: borderless
Installations: 7,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-54211

Plugin:: Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library )
Plugin Slug:: magical-addons-for-elementor
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-54212

Plugin:: Pinpoint Booking System � #1 WordPress Booking Plugin
Plugin Slug:: booking-system
Installations: 4,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-54252

Plugin:: Minimum and Maximum Quantity for WooCommerce
Plugin Slug:: min-and-max-quantity-for-woocommerce
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-54227

Plugin:: Message Filter for Contact Form 7
Plugin Slug:: cf7-message-filter
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12027

Plugin:: News Kit Elementor Addons
Plugin Slug:: news-kit-elementor-addons
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-54260

Plugin:: WordPress Page Builder � Zion Builder
Plugin Slug:: zionbuilder
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-54213

Plugin:: ForumWP � Forum & Discussion Board
Plugin Slug:: forumwp
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-10879

Plugin:: Friends
Plugin Slug:: friends
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12028

Plugin:: DELUCKS SEO
Plugin Slug:: delucks-seo
Installations: 600+
Vulnerability:: Arbitrary File Download
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-54259

Plugin:: RRAddons for Elementor
Plugin Slug:: rrdevs-for-elementor
Installations: 300+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-54232

Plugin:: Import Export For WooCommerce
Plugin Slug:: import-export-for-woocommerce
Installations: 200+
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-54262

Plugin:: Shiptimize for WooCommerce
Plugin Slug:: shiptimize-for-woocommerce
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-54235

Plugin:: Limit Login Attempts (Spam Protection)
Plugin Slug:: wp-limit-failed-login-attempts
Installations: 200+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-54234

Plugin:: Comfino Payment Gateway
Plugin Slug:: comfino-payment-gateway
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-11329

Plugin:: Designer � Addons for Elementor
Plugin Slug:: designer
Installations: 100+
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-54225

Plugin:: Prodigy Commerce
Plugin Slug:: prodigy-commerce
Installations: 100+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-54251

Plugin:: Clients
Plugin Slug:: clients
Installations: 80+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-54245

Plugin:: Elite Notification � Sales Popup, Social Proof, FOMO & WooCommerce Notification
Plugin Slug:: elite-notification
Installations: 70+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-54241

Plugin:: Simple Notification
Plugin Slug:: simple-notification
Installations: 50+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-54242

Plugin:: Ni WooCommerce Order Export
Plugin Slug:: ni-woocommerce-order-export
Installations: 40+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-54231

Plugin:: Awesome Shortcodes
Plugin Slug:: awesome-shortcodes
Installations: 10+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-54209

Plugin:: Blaze Online eParcel for WooCommerce
Plugin Slug:: blaze-online-eparcel-for-woocommerce
Installations: 10+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-54240

Plugin:: Board Document Manager from CHUHPL
Plugin Slug:: board-document-manager-from-chuhpl
Installations: 10+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-54238

Plugin:: Easy Replace
Plugin Slug:: easy-replace
Installations: 10+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-54244

Plugin:: Ni CRM Lead
Plugin Slug:: ni-crm-lead
Installations: 10+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-54237

Plugin:: Ni CRM Lead
Plugin Slug:: ni-crm-lead
Installations: 10+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-54258

Plugin:: Ni WooCommerce Bulk Product Editor
Plugin Slug:: ni-woocommerce-product-editor
Installations: 10+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-54236

Plugin:: TAX SERVICE Electronic HDM
Plugin Slug:: virtual-hdm-for-taxservice-am
Installations: 10+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-54261

Plugin:: ABCBiz Addons and Templates for Elementor
Plugin Slug:: abcbiz-addons
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-54247

Plugin:: Advanced Control Manager for WordPress by ItalyStrap
Plugin Slug:: advanced-control-manager
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-54233

Plugin:: Advanced Options Editor
Plugin Slug:: advanced-options-editor
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-54249

Plugin:: AI Quiz
Plugin Slug:: ai-quiz
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-11323

Plugin:: AIO Contact
Plugin Slug:: aio-contact
Vulnerability:: Settings Change
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-54218

Plugin:: AIO Contact
Plugin Slug:: aio-contact
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-54219

Plugin:: Pulsating Chat Button
Plugin Slug:: amin-chat-button
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-11813

Plugin:: ARForms
Plugin Slug:: arforms
Vulnerability:: Path Traversal
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-54216

Plugin:: ARForms
Plugin Slug:: arforms
Vulnerability:: Settings Change
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-54217

Plugin:: Authors List
Plugin Slug:: authors-list
Vulnerability:: Arbitrary Code Execution
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-10952

Plugin:: Beautiful Taxonomy Filters
Plugin Slug:: beautiful-taxonomy-filters
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-12270

Plugin:: Block Controller
Plugin Slug:: block-controller
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-54208

Plugin:: BP Profile Shortcodes Extra
Plugin Slug:: bp-profile-shortcodes-extra
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-11732

Plugin:: Mollie for Contact Form 7
Plugin Slug:: cf7-mollie
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-12165

Plugin:: Charity Addon for Elementor
Plugin Slug:: charity-addon-for-elementor
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12062

Plugin:: Clickbank Storefront
Plugin Slug:: clickbank-storefront
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-11336

Plugin:: SMS for Lead Capture Forms
Plugin Slug:: clicksend-lead-capture-form
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-11353

Plugin:: CLUEVO LMS, E-Learning Platform
Plugin Slug:: cluevo-lms
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-11444

Plugin:: Cookielay
Plugin Slug:: cookielay
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-10320

Plugin:: Country Blocker
Plugin Slug:: country-blocker
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-54226

Plugin:: Advanced Element Bucket Addons for Elementor
Plugin Slug:: cs-element-bucket
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-54210

Plugin:: Easy Blocks pro
Plugin Slug:: easy-blocks-pro
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-54256

Plugin:: Easy Code Snippets
Plugin Slug:: easy-code-snippets
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-11464

Plugin:: Easy Social Feed Premium
Plugin Slug:: easy-facebook-likebox-premium
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-5020

Plugin:: Echoza
Plugin Slug:: echoza
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-54243

Plugin:: eewee admin custom
Plugin Slug:: eewee-admincustom
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-54248

Plugin:: Eleblog � Elementor Blog And Magazine Addons
Plugin Slug:: ele-blog
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-10663

Plugin:: FAQs
Plugin Slug:: faqs
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-54246

Plugin:: FAT Services Booking
Plugin Slug:: fat-services-booking
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-54220

Plugin:: FAT Services Booking
Plugin Slug:: fat-services-booking
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-54221

Plugin:: Folder Gallery
Plugin Slug:: folder-gallery
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-11823

Plugin:: Funnelforms Free
Plugin Slug:: funnelforms-free
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-10587

Plugin:: Gold Addons for Elementor
Plugin Slug:: gold-addons-for-elementor
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12110

Plugin:: Library Management System
Plugin Slug:: library-management-system
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-8679

Plugin:: Contact Form, Survey & Form Builder � MightyForms
Plugin Slug:: mightyforms
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-11897

Plugin:: Gallery
Plugin Slug:: multi-gallery
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-11501

Plugin:: Login With OTP
Plugin Slug:: otp-login
Vulnerability:: Broken Authentication
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-11178

Plugin:: Posti Shipping
Plugin Slug:: posti-shipping
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-10832

Plugin:: Paloma Widget
Plugin Slug:: postman-widget
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-54205

Plugin:: Responsive Videos
Plugin Slug:: responsive-youtube-videos
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-11747

Plugin:: Revy
Plugin Slug:: revy
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-54215

Plugin:: Revy
Plugin Slug:: revy
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-54214

Plugin:: SG Helper
Plugin Slug:: sg-helper
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-11093

Plugin:: Simple Ecommerce Shopping Cart
Plugin Slug:: simple-e-commerce-shopping-cart
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12253

Plugin:: Simple Ecommerce Shopping Cart
Plugin Slug:: simple-e-commerce-shopping-cart
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-12128

Plugin:: Smart PopUp Blaster
Plugin Slug:: smart-popup-blaster
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-11339

Plugin:: Smoove connector for Elementor forms
Plugin Slug:: smoove-elementor
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-11367

Plugin:: Splash Sync
Plugin Slug:: splash-connector
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-11368

Plugin:: SV100 Companion
Plugin Slug:: sv100-companion
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-54229

Plugin:: TWChat
Plugin Slug:: twchat
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-11374

Plugin:: TwentyTwenty
Plugin Slug:: twentytwenty
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-11352

Plugin:: Shortcodes Blocks Creator Ultimate
Plugin Slug:: ultimate-shortcodes-creator
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-54264

Plugin:: Unlock Addons for Elementor
Plugin Slug:: unlock-addons-for-elementor
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-54230

Plugin:: Wot Elementor Widgets
Plugin Slug:: wot-elementor-widgets
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-54228

Plugin:: WordPress Auction Plugin
Plugin Slug:: wp-auctions
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-51615

Plugin:: WordPress Auction Plugin
Plugin Slug:: wp-auctions
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-54207

Plugin:: WP Media Optimizer
Plugin Slug:: wp-media-optimizer-webp
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-12060

Plugin:: Mini Program API
Plugin Slug:: wp-mini-program
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-11380

Plugin:: WP Private Content Plus
Plugin Slug:: wp-private-content-plus
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-11292

Plugin:: WP System
Plugin Slug:: wp-system
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-12003

Plugin:: Zooom
Plugin Slug:: zooom
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-11451

Plugin:: WooCommerce
Plugin Slug:: woocommerce
Installations: 8,000,000+
Vulnerability:: Broken Access Control
Patched in Version:: 9.4.3
Severity Score:: Medium

Plugin:: WPForms � Easy Form Builder for WordPress � Contact Forms, Payment Forms, Surveys, & More
Plugin Slug:: wpforms-lite
Installations: 6,000,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.9.2.2
Severity Score:: High
CVE:: 2024-11205

Plugin:: Spectra � WordPress Gutenberg Blocks
Plugin Slug:: ultimate-addons-for-gutenberg
Installations: 1,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.16.3
Severity Score:: Medium
CVE:: 2024-10484

Plugin:: Fluent Forms � Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder
Plugin Slug:: fluentform
Installations: 500,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.2.1
Severity Score:: Medium
CVE:: 2024-9651

Plugin:: Photo Gallery, Sliders, Proofing and Themes � NextGEN Gallery
Plugin Slug:: nextgen-gallery
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.59.5
Severity Score:: Medium
CVE:: 2024-5020

Plugin:: Firelight Lightbox
Plugin Slug:: easy-fancybox
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.3.4
Severity Score:: Medium
CVE:: 2024-5020

Plugin:: FileBird � WordPress Media Library Folders & File Manager
Plugin Slug:: filebird
Installations: 200,000+
Vulnerability:: Broken Access Control
Patched in Version:: 6.3.4
Severity Score:: Medium
CVE:: 2024-53825

Plugin:: Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows)
Plugin Slug:: bdthemes-element-pack-lite
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.10.6
Severity Score:: Medium
CVE:: 2024-9058

Plugin:: Beaver Builder � WordPress Page Builder
Plugin Slug:: beaver-builder-lite-version
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.8.4.4
Severity Score:: Medium
CVE:: 2024-53797

Plugin:: Colibri Page Builder
Plugin Slug:: colibri-page-builder
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.288
Severity Score:: Medium
CVE:: 2024-5020

Plugin:: Slider & Popup Builder by Depicter � Add Image Slider, Carousel Slider, Exit Intent Popup, Popup Modal, Coupon Popup, Post Slider Carousel
Plugin Slug:: depicter
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.2
Severity Score:: Medium
CVE:: 2024-4633

Plugin:: Gallery Plugin for WordPress � Envira Photo Gallery
Plugin Slug:: envira-gallery-lite
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8.16
Severity Score:: Medium
CVE:: 2024-5020

Plugin:: Advanced File Manager
Plugin Slug:: file-manager-advanced
Installations: 100,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 5.2.11
Severity Score:: High
CVE:: 2024-11391

Plugin:: FileOrganizer � Manage WordPress and Website Files
Plugin Slug:: fileorganizer
Installations: 100,000+
Vulnerability:: Path Traversal
Patched in Version:: 1.1.5
Severity Score:: High
CVE:: 2024-11010

Plugin:: Responsive Lightbox & Gallery
Plugin Slug:: responsive-lightbox
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.9
Severity Score:: Medium
CVE:: 2024-5020

Plugin:: The Plus Addons for Elementor � Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce
Plugin Slug:: the-plus-addons-for-elementor-page-builder
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.0.1
Severity Score:: Medium
CVE:: 2024-53823

Plugin:: TI WooCommerce Wishlist
Plugin Slug:: ti-woocommerce-wishlist
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.9.2
Severity Score:: High
CVE:: 2024-10567

Plugin:: AnyWhere Elementor
Plugin Slug:: anywhere-elementor
Installations: 90,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.2.12
Severity Score:: Medium
CVE:: 2024-10777

Plugin:: PowerPack Elementor Addons (Free Widgets, Extensions and Templates)
Plugin Slug:: powerpack-lite-for-elementor
Installations: 90,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.8.2
Severity Score:: Medium
CVE:: 2024-10692

Plugin:: WPC Smart Quick View for WooCommerce
Plugin Slug:: woo-smart-quick-view
Installations: 80,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.1.2
Severity Score:: Medium
CVE:: 2024-5020

Plugin:: WP Hide & Security Enhancer
Plugin Slug:: wp-hide-security-enhancer
Installations: 70,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.5.2
Severity Score:: High
CVE:: 2024-11585

Plugin:: Getwid � Gutenberg Blocks
Plugin Slug:: getwid
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.12
Severity Score:: Medium
CVE:: 2024-5020

Plugin:: If Menu � Visibility control for Menus
Plugin Slug:: if-menu
Installations: 60,000+
Vulnerability:: Broken Access Control
Patched in Version:: 0.19.2
Severity Score:: Medium
CVE:: 2024-7894

Plugin:: Visual Portfolio, Photo Gallery & Post Grid
Plugin Slug:: visual-portfolio
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.3.10
Severity Score:: Medium
CVE:: 2024-5020

Plugin:: Carousel, Slider, Gallery by WP Carousel � Image Carousel with Lightbox & Photo Gallery, Video Slider, Post Carousel & Post Grid, Product Carousel & Product Grid
Plugin Slug:: wp-carousel-free
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.9
Severity Score:: Medium
CVE:: 2024-5020

Plugin:: Bold Page Builder
Plugin Slug:: bold-page-builder
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.2.2
Severity Score:: Medium
CVE:: 2024-53801

Plugin:: Form Maker by 10Web � Mobile-Friendly Drag & Drop Contact Form Builder
Plugin Slug:: form-maker
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.15.28
Severity Score:: Medium
CVE:: 2024-5020

Plugin:: FancyBox for WordPress
Plugin Slug:: fancybox-for-wordpress
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.3.5
Severity Score:: Medium
CVE:: 2024-5020

Plugin:: Gutentor � Gutenberg Blocks � Page Builder for Gutenberg Editor
Plugin Slug:: gutentor
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.4.0
Severity Score:: Medium
CVE:: 2024-10178

Plugin:: Themesflat Addons For Elementor
Plugin Slug:: themesflat-addons-for-elementor
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.3
Severity Score:: Medium
CVE:: 2024-53796

Plugin:: Post Grid Gutenberg Blocks and WordPress Blog Plugin � PostX
Plugin Slug:: ultimate-post
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.1.16
Severity Score:: Medium
CVE:: 2024-53818

Plugin:: Tutor LMS Elementor Addons
Plugin Slug:: tutor-lms-elementor-addons
Installations: 30,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.1.6
Severity Score:: Medium
CVE:: 2024-53816

Plugin:: Analytify � Google Analytics Dashboard For WordPress (GA4 analytics made easy)
Plugin Slug:: wp-analytify
Installations: 30,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.5.0
Severity Score:: Medium
CVE:: 2024-53814

Plugin:: WP Umbrella: Update Backup Restore & Monitoring
Plugin Slug:: wp-health
Installations: 30,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 2.17.1
Severity Score:: Critical
CVE:: 2024-12209

Plugin:: Maspik � Advanced Spam Protection
Plugin Slug:: contact-forms-anti-spam
Installations: 20,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.2.8
Severity Score:: Medium
CVE:: 2024-53806

Plugin:: Futurio Extra
Plugin Slug:: futurio-extra
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.15
Severity Score:: Medium
CVE:: 2024-53802

Plugin:: FV Flowplayer Video Player
Plugin Slug:: fv-wordpress-flowplayer
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.5.48.7212
Severity Score:: Medium
CVE:: 2024-5020

Plugin:: Product Labels For Woocommerce (Sale Badges)
Plugin Slug:: aco-product-labels-for-woocommerce
Installations: 10,000+
Vulnerability:: SQL Injection
Patched in Version:: 1.5.9
Severity Score:: High
CVE:: 2024-53817

Plugin:: Video Gallery � YouTube Gallery and Vimeo Gallery
Plugin Slug:: gallery-videos
Installations: 10,000+
Vulnerability:: SQL Injection
Patched in Version:: 2.4.3
Severity Score:: High
CVE:: 2024-10247

Plugin:: Video Gallery � YouTube Gallery and Vimeo Gallery
Plugin Slug:: gallery-videos
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.2
Severity Score:: Medium
CVE:: 2024-9769

Plugin:: LA-Studio Element Kit for Elementor
Plugin Slug:: lastudio-element-kit
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.4.5
Severity Score:: Medium
CVE:: 2024-10787

Plugin:: myCred � Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program.
Plugin Slug:: mycred
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.7.6
Severity Score:: Medium
CVE:: 2024-11201

Plugin:: NEX-Forms � Ultimate Form Builder � Contact forms and much more
Plugin Slug:: nex-forms-express-wp-form-builder
Installations: 10,000+
Vulnerability:: SQL Injection
Patched in Version:: 8.7.9
Severity Score:: High
CVE:: 2024-53808

Plugin:: Simple Side Tab
Plugin Slug:: simple-side-tab
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.0
Severity Score:: Medium
CVE:: 2024-11183

Plugin:: Swift Performance Lite
Plugin Slug:: swift-performance-lite
Installations: 10,000+
Vulnerability:: Path Traversal
Patched in Version:: 2.3.7.2
Severity Score:: High
CVE:: 2024-10516

Plugin:: ARMember � Membership Plugin, Content Restriction, Member Levels, User Profile & User signup
Plugin Slug:: armember-membership
Installations: 9,000+
Vulnerability:: Arbitrary Code Execution
Patched in Version:: 4.0.52
Severity Score:: Medium
CVE:: 2024-10681

Plugin:: Pojo Forms
Plugin Slug:: pojo-forms
Installations: 7,000+
Vulnerability:: Arbitrary Code Execution
Patched in Version:: 1.4.8
Severity Score:: Medium
CVE:: 2024-10909

Plugin:: Poll Maker � Versus Polls, Anonymous Polls, Image Polls
Plugin Slug:: poll-maker
Installations: 7,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 5.5.5
Severity Score:: Medium
CVE:: 2024-12115

Plugin:: WDesignKit � Elementor & Gutenberg Starter Templates, Patterns, Cloud Workspace & Widget Builder
Plugin Slug:: wdesignkit
Installations: 7,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 1.1.0
Severity Score:: Medium
CVE:: 2024-53811

Plugin:: Related Posts, Inline Related Posts, Contextual Related Posts, Related Content By PickPlugins
Plugin Slug:: related-post
Installations: 5,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.0.59
Severity Score:: Medium
CVE:: 2024-10937

Plugin:: WP Travel � Ultimate Travel Booking System, Tour Management Engine
Plugin Slug:: wp-travel
Installations: 5,000+
Vulnerability:: Broken Access Control
Patched in Version:: 9.7.0
Severity Score:: Medium
CVE:: 2024-53813

Plugin:: All Bootstrap Blocks
Plugin Slug:: all-bootstrap-blocks
Installations: 4,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 1.3.20
Severity Score:: High
CVE:: 2024-53824

Plugin:: Arkhe Blocks
Plugin Slug:: arkhe-blocks
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.27.1
Severity Score:: Medium
CVE:: 2024-53794

Plugin:: Pinpoint Booking System � #1 WordPress Booking Plugin
Plugin Slug:: booking-system
Installations: 4,000+
Vulnerability:: SQL Injection
Patched in Version:: 2.9.9.5.2
Severity Score:: High
CVE:: 2024-53815

Plugin:: ElementsReady Addons for Elementor
Plugin Slug:: element-ready-lite
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.4.8
Severity Score:: Medium
CVE:: 2024-54224

Plugin:: Contact Form, Survey, Quiz & Popup Form Builder � ARForms
Plugin Slug:: arforms-form-builder
Installations: 3,000+
Vulnerability:: Content Injection
Patched in Version:: 1.7.2
Severity Score:: Medium
CVE:: 2024-54223

Plugin:: WP Job Manager � Company Profiles
Plugin Slug:: wp-job-manager-companies
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8
Severity Score:: High
CVE:: 2023-6978

Plugin:: Accordion Slider
Plugin Slug:: accordion-slider
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.9.13
Severity Score:: Medium
CVE:: 2024-5020

Plugin:: Knowledge Base documentation & wiki plugin � BasePress Docs
Plugin Slug:: basepress
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.16.3.4
Severity Score:: Medium
CVE:: 2024-10664

Plugin:: Message Filter for Contact Form 7
Plugin Slug:: cf7-message-filter
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.6.3
Severity Score:: Medium
CVE:: 2024-54254

Plugin:: KiviCare � Clinic & Patient Management System (EHR)
Plugin Slug:: kivicare-clinic-management-system
Installations: 2,000+
Vulnerability:: SQL Injection
Patched in Version:: 3.6.5
Severity Score:: High
CVE:: 2024-11730

Plugin:: KiviCare � Clinic & Patient Management System (EHR)
Plugin Slug:: kivicare-clinic-management-system
Installations: 2,000+
Vulnerability:: SQL Injection
Patched in Version:: 3.6.5
Severity Score:: High
CVE:: 2024-11729

Plugin:: KiviCare � Clinic & Patient Management System (EHR)
Plugin Slug:: kivicare-clinic-management-system
Installations: 2,000+
Vulnerability:: SQL Injection
Patched in Version:: 3.6.5
Severity Score:: Critical
CVE:: 2024-11728

Plugin:: Online Booking & Scheduling Calendar for WordPress by vcita
Plugin Slug:: meeting-scheduler-by-vcita
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.5.2
Severity Score:: Medium
CVE:: 2024-9872

Plugin:: Plugin Check (PCP)
Plugin Slug:: plugin-check
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.1
Severity Score:: Medium

Plugin:: Active Products Tables for WooCommerce. Use constructor to create tables�
Plugin Slug:: profit-products-tables-for-woocommerce
Installations: 2,000+
Vulnerability:: Arbitrary Code Execution
Patched in Version:: 1.0.6.6
Severity Score:: High
CVE:: 2024-10959

Plugin:: Client Invoicing by Sprout Invoices � Easy Estimates and Invoices for WordPress
Plugin Slug:: sprout-invoices
Installations: 2,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 20.8.1
Severity Score:: Medium
CVE:: 2024-53819

Plugin:: Free Responsive Testimonials, Social Proof Reviews, and Customer Reviews � Stars Testimonials
Plugin Slug:: stars-testimonials-with-slider-and-masonry-grid
Installations: 2,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 3.3.4
Severity Score:: High
CVE:: 2024-11429

Plugin:: WPBITS Addons For Elementor Page Builder
Plugin Slug:: wpbits-addons-for-elementor
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6
Severity Score:: Medium
CVE:: 2024-8962

Plugin:: XLTab � Accordions and Tabs for Elementor Page Builder
Plugin Slug:: xl-tab
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.5
Severity Score:: Medium
CVE:: 2024-10689

Plugin:: Captivate Sync
Plugin Slug:: captivatesync-trade
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.26
Severity Score:: Medium
CVE:: 2024-53820

Plugin:: Contact Form Builder by vcita
Plugin Slug:: contact-form-with-a-meeting-scheduler-by-vcita
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.10.5
Severity Score:: Medium
CVE:: 2024-10056

Plugin:: Event Tickets with Ticket Scanner
Plugin Slug:: event-tickets-with-ticket-scanner
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.4
Severity Score:: Medium
CVE:: 2024-9866

Plugin:: Listdom � Business Directory and Classified Ads Listings WordPress Plugin
Plugin Slug:: listdom
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.7.1
Severity Score:: Medium
CVE:: 2024-11854

Plugin:: ????? ?? ???? � ???? ?? ????
Plugin Slug:: pgall-for-woocommerce
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.2.3
Severity Score:: High
CVE:: 2024-11943

Plugin:: SearchIQ � The Search Solution
Plugin Slug:: searchiq
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.7
Severity Score:: Medium
CVE:: 2024-10885

Plugin:: Simple Restrict
Plugin Slug:: simple-restrict
Installations: 1,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.2.8
Severity Score:: Medium
CVE:: 2024-11106

Plugin:: Broadcast
Plugin Slug:: threewp-broadcast
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 51.02
Severity Score:: High
CVE:: 2024-11379

Plugin:: WPCasa
Plugin Slug:: wpcasa
Installations: 1,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 1.3.0
Severity Score:: Medium
CVE:: 2024-53826

Plugin:: Church Admin
Plugin Slug:: church-admin
Installations: 900+
Vulnerability:: Broken Access Control
Patched in Version:: 5.0.9
Severity Score:: Medium
CVE:: 2024-53795

Plugin:: 3DPrint Lite
Plugin Slug:: 3dprint-lite
Installations: 800+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.1
Severity Score:: Medium
CVE:: 2024-10480

Plugin:: Email Address Obfuscation
Plugin Slug:: email-address-obfuscation
Installations: 800+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.0
Severity Score:: Medium
CVE:: 2024-11935

Plugin:: Property Hive Mortgage Calculator
Plugin Slug:: property-hive-mortgage-calculator
Installations: 800+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.7
Severity Score:: Medium
CVE:: 2024-11940

Plugin:: Quran multilanguage Text & Audio
Plugin Slug:: quran-text-multilanguage
Installations: 700+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.3.22
Severity Score:: High
CVE:: 2024-11973

Plugin:: jAlbum Bridge
Plugin Slug:: jalbum-bridge
Installations: 600+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.16
Severity Score:: Medium
CVE:: 2024-11853

Plugin:: My auctions allegro
Plugin Slug:: my-auctions-allegro-free-edition
Installations: 600+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.6.18
Severity Score:: High
CVE:: 2024-11707

Plugin:: Additional Custom Order Status for WooCommerce
Plugin Slug:: order-status-for-woocommerce
Installations: 600+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.1
Severity Score:: High
CVE:: 2024-11814

Plugin:: Accounting for WooCommerce
Plugin Slug:: accounting-for-woocommerce
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.7
Severity Score:: High
CVE:: 2024-11324

Plugin:: AWeber Forms by Optin Cat
Plugin Slug:: aweber-wp
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.5.8
Severity Score:: High
CVE:: 2024-11325

Plugin:: iChart � Easy Charts and Graphs
Plugin Slug:: ichart
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.4
Severity Score:: Medium
CVE:: 2024-11928

Plugin:: ???? ???
Plugin Slug:: mshop-naver-talktalk
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.1
Severity Score:: Medium
CVE:: 2024-11904

Plugin:: Namaste! LMS
Plugin Slug:: namaste-lms
Installations: 500+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.6.5
Severity Score:: Medium
CVE:: 2024-53809

Plugin:: Flower Delivery by Florist One
Plugin Slug:: flower-delivery-by-florist-one
Installations: 400+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.9.1
Severity Score:: Medium
CVE:: 2024-11769

Plugin:: WIP WooCarousel Lite
Plugin Slug:: wip-woocarousel-lite
Installations: 400+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.7
Severity Score:: Medium
CVE:: 2024-11779

Plugin:: WP eCards
Plugin Slug:: wp-ecards-invites
Installations: 400+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.905
Severity Score:: Medium
CVE:: 2024-11903

Plugin:: WP Mailster
Plugin Slug:: wp-mailster
Installations: 400+
Vulnerability:: Broken Access Control
Patched in Version:: 1.8.17.0
Severity Score:: Medium
CVE:: 2024-53803

Plugin:: WP Mailster
Plugin Slug:: wp-mailster
Installations: 400+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.8.17.0
Severity Score:: High
CVE:: 2024-53804

Plugin:: WP Mailster
Plugin Slug:: wp-mailster
Installations: 400+
Vulnerability:: Broken Access Control
Patched in Version:: 1.8.17.0
Severity Score:: High
CVE:: 2024-53805

Plugin:: WP Mailster
Plugin Slug:: wp-mailster
Installations: 400+
Vulnerability:: SQL Injection
Patched in Version:: 1.8.17.0
Severity Score:: High
CVE:: 2024-53807

Plugin:: Simple User Registration
Plugin Slug:: wp-registration
Installations: 400+
Vulnerability:: Broken Access Control
Patched in Version:: 6.0
Severity Score:: Critical
CVE:: 2024-53810

Plugin:: Campaign Monitor Forms by Optin Cat
Plugin Slug:: campaign-monitor-wp
Installations: 300+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.5.8
Severity Score:: High
CVE:: 2024-11326

Plugin:: CardGate Payments for WooCommerce
Plugin Slug:: cardgate
Installations: 300+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.2
Severity Score:: High
CVE:: 2024-12257

Plugin:: Scratch & Win � Giveaways and Contests. Boost subscribers, traffic, repeat visits, referrals, sales and more
Plugin Slug:: scratch-win-giveaways-for-website-facebook
Installations: 300+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.7.0
Severity Score:: Medium
CVE:: 2024-11898