WordPress Vulnerability Report � December 25, 2024

In this report, 212 vulnerabilities have been publicly disclosed. Security patches for 139 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 73 plugin and theme vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

WordPress Core

WordPress 6.7.1 is available! This minor release features 16 bug fixes throughout Core and the Block Editor.

WordPress Plugins � 134 Patched / 69 Unpatched

Plugin:: Custom Product tabs for WooCommerce
Plugin Slug:: wb-custom-product-tabs-for-woocommerce
Installations: 2,000+
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-12721

Plugin:: WP Menu Image
Plugin Slug:: wp-menu-image
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-52485

Plugin:: Page and Post Restriction
Plugin Slug:: page-and-post-restriction
Installations: 1,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-11297

Plugin:: One Click Upsell Funnel for WooCommerce � Funnel Builder for WordPress, Create WooCommerce Upsell, Post-Purchase Upsell & Cross Sell Offers that Boost Sales & Increase Profits with Sales Funnel Builder
Plugin Slug:: woo-one-click-upsell-funnel
Installations: 600+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-11938

Plugin:: Outdooractive Embed
Plugin Slug:: outdooractive-embed
Installations: 400+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-11774

Plugin:: Slope Widgets
Plugin Slug:: slope-widgets
Installations: 400+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-11902

Plugin:: Coupon Plugin
Plugin Slug:: coupon-lite
Installations: 300+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-56235

Plugin:: SaasPricing � Pricing Table, Price list, Comparison Table for Elementor
Plugin Slug:: saaspricing
Installations: 300+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-56231

Plugin:: NACC WordPress Plugin
Plugin Slug:: nacc-wordpress-plugin
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12506

Plugin:: Partners
Plugin Slug:: partners
Installations: 100+
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-56059

Plugin:: ??????? ??????? ??????? ???? ????
Plugin Slug:: isee-products-extractor
Installations: 60+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-11331

Plugin:: VRPConnector
Plugin Slug:: vrpconnector
Installations: 60+
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-56058

Plugin:: WP Nice Loader
Plugin Slug:: wp-nice-loader
Installations: 60+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-56232

Plugin:: SSL Wireless SMS Notification
Plugin Slug:: ssl-wireless-sms-notification
Installations: 50+
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-56220

Plugin:: 10CentMail
Plugin Slug:: 10centmail-subscription-management-and-analytics
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-56030

Plugin:: AdWork Media EZ Content Locker
Plugin Slug:: adwork-media-ez-content-locker
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-56025

Plugin:: Animated Counters
Plugin Slug:: animated-counters
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-11905

Plugin:: BU Section Editing
Plugin Slug:: bu-section-editing
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-56018

Plugin:: Category Post Shortcode
Plugin Slug:: category-post-shortcode
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-56021

Plugin:: Category Post Slider
Plugin Slug:: category-post-slider
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-11878

Plugin:: Custom Dashboard Widget
Plugin Slug:: create-custom-dashboard-widget
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-56024

Plugin:: Easy Language Switcher
Plugin Slug:: easy-language-switcher
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-56029

Plugin:: EditionGuard for WooCommerce � eBook Sales with DRM
Plugin Slug:: editionguard-for-woocommerce-ebook-sales-with-drm
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-56207

Plugin:: Embed Twine
Plugin Slug:: embed-twine
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12509

Plugin:: FAQs
Plugin Slug:: faqs
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-56033

Plugin:: Financial Calculator
Plugin Slug:: finance-calculator-with-application-form
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-11783

Plugin:: Full Screen Menu for Elementor
Plugin Slug:: full-screen-menu-for-elementor
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-10797

Plugin:: gap-hub-user-role
Plugin Slug:: gap-hub-user-role
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-56206

Plugin:: GTPayment Donations
Plugin Slug:: gtpayment-donation
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-11607

Plugin:: G Web Pro Store Locator
Plugin Slug:: gwebpro-store-locator
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-11682

Plugin:: Image Mapper
Plugin Slug:: image-mapper
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-56016

Plugin:: Inline Footnotes
Plugin Slug:: inline-footnotes
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-56019

Plugin:: Kintpv Wooconnect
Plugin Slug:: kintpv-connect
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-56233

Plugin:: LaTeX2HTML
Plugin Slug:: latex2html
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-11688

Plugin:: Leads CRM
Plugin Slug:: leads-crm
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-56027

Plugin:: Lemonade Social Networks Autoposter Pinterest
Plugin Slug:: lemonade-sna-pinterest-edition
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-56028

Plugin:: Maintenance & Coming Soon Redirect Animation
Plugin Slug:: maintenance-coming-soon-redirect-animation
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-9503

Plugin:: Multi-column Tag Map
Plugin Slug:: multi-column-tag-map
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-11196

Plugin:: AI Magic
Plugin Slug:: newsletter-page-redirects
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-56205

Plugin:: odPhotogallery
Plugin Slug:: od-photogallery-plugin
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-56036

Plugin:: Particle Background
Plugin Slug:: particle-background
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-11775

Plugin:: Pingmeter Uptime Monitoring
Plugin Slug:: pingmeter-uptime-monitoring
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-11808

Plugin:: Portfolio � Filterable Masonry Portfolio Gallery for Professionals
Plugin Slug:: portfolio-pro
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-11900

Plugin:: Preloader by WordPress Monsters
Plugin Slug:: preloader-sws
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-56022

Plugin:: Reactflow Visitor Recording and Heatmaps
Plugin Slug:: reactflow-session-replay-heatmap
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-11975

Plugin:: real.Kit
Plugin Slug:: real-kit
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12697

Plugin:: Saoshyant Element
Plugin Slug:: saoshyant-element
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-51646

Plugin:: SendSMS
Plugin Slug:: sendsms
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-56038

Plugin:: Services updates for customers
Plugin Slug:: service-updates-for-customers
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-56034

Plugin:: Simple Dashboard
Plugin Slug:: simple-dashboard
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-56071

Plugin:: Simple Proxy
Plugin Slug:: simple-proxy
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-56026

Plugin:: Sinking Dropdowns
Plugin Slug:: sinking-dropdowns
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-56204

Plugin:: Smart Shopify Product
Plugin Slug:: smart-shopify-product
Vulnerability:: Arbitrary Content Deletion
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-56031

Plugin:: Spoki � Chat Buttons and WooCommerce Notifications
Plugin Slug:: spoki
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-11893

Plugin:: Spotlightr
Plugin Slug:: spotlightr
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-11411

Plugin:: SvegliaT Buttons
Plugin Slug:: svegliat-buttons
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-56020

Plugin:: Tidy Up
Plugin Slug:: tidy-up
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-56015

Plugin:: TPG Get Posts
Plugin Slug:: tpg-get-posts
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-11906

Plugin:: Upload Scanner
Plugin Slug:: upload-scanner
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-56035

Plugin:: User Referral
Plugin Slug:: user-referral-free
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-56037

Plugin:: Userpro
Plugin Slug:: userpro
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-56210

Plugin:: Userpro
Plugin Slug:: userpro
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-56214

Plugin:: Userpro
Plugin Slug:: userpro
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-56211

Plugin:: Userpro
Plugin Slug:: userpro
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-56212

Plugin:: Wayne Audio Player
Plugin Slug:: wayne-audio-player
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-56203

Plugin:: WP eCommerce Quickpay
Plugin Slug:: wp-ecommerce-quickpay
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-56023

Plugin:: WP SHAPES
Plugin Slug:: wp-shapes
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-9619

Plugin:: Tithe.ly Giving Button
Plugin Slug:: wp-tithely
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-11841

Plugin:: Wtyczka SeoPilot dla WP
Plugin Slug:: wtyczka-seopilot-dla-wp
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-11812

Plugin:: Elementor Website Builder � More Than Just a Page Builder
Plugin Slug:: elementor
Installations: 10,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.25.10
Severity Score:: Medium
CVE:: 2024-10453

Plugin:: LiteSpeed Cache
Plugin Slug:: litespeed-cache
Installations: 6,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.5.3
Severity Score:: Medium
CVE:: 2024-51915

Plugin:: Essential Addons for Elementor � Popular Elementor Addon With Ready Templates, Advanced Widgets, Kits & WooCommerce Builders
Plugin Slug:: essential-addons-for-elementor-lite
Installations: 2,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.0.8
Severity Score:: Medium
CVE:: 2024-56063

Plugin:: Ultimate Addons for Elementor (Formerly Elementor Header & Footer Builder)
Plugin Slug:: header-footer-elementor
Installations: 2,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.47
Severity Score:: Medium
CVE:: 2024-11230

Plugin:: Premium Addons for Elementor
Plugin Slug:: premium-addons-for-elementor
Installations: 700,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.10.57
Severity Score:: Medium
CVE:: 2024-56225

Plugin:: The Events Calendar
Plugin Slug:: the-events-calendar
Installations: 700,000+
Vulnerability:: Broken Access Control
Patched in Version:: 6.8.2.1
Severity Score:: Medium
CVE:: 2024-5333

Plugin:: User Role Editor
Plugin Slug:: user-role-editor
Installations: 700,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 4.64.4
Severity Score:: Critical
CVE:: 2024-12293

Plugin:: Royal Elementor Addons and Templates
Plugin Slug:: royal-elementor-addons
Installations: 500,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.7.1002
Severity Score:: High
CVE:: 2024-56226

Plugin:: Royal Elementor Addons and Templates
Plugin Slug:: royal-elementor-addons
Installations: 500,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.7.1002
Severity Score:: Medium
CVE:: 2024-56227

Plugin:: Royal Elementor Addons and Templates
Plugin Slug:: royal-elementor-addons
Installations: 500,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.7.1
Severity Score:: Medium
CVE:: 2024-56062

Plugin:: AMP for WP � Accelerated Mobile Pages
Plugin Slug:: accelerated-mobile-pages
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.2
Severity Score:: High
CVE:: 2024-11254

Plugin:: Advanced Google reCAPTCHA
Plugin Slug:: advanced-google-recaptcha
Installations: 100,000+
Vulnerability:: Other Vulnerability Type
Patched in Version:: 1.26
Severity Score:: Medium
CVE:: 2024-12034

Plugin:: Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows)
Plugin Slug:: bdthemes-element-pack-lite
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.10.13
Severity Score:: Medium
CVE:: 2024-11852

Plugin:: Contact Form 7 � Dynamic Text Extension
Plugin Slug:: contact-form-7-dynamic-text-extension
Installations: 100,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 5.0.2
Severity Score:: Medium
CVE:: 2024-56218

Plugin:: Download Manager
Plugin Slug:: download-manager
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.3.03
Severity Score:: Medium
CVE:: 2024-10706

Plugin:: Download Manager
Plugin Slug:: download-manager
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.3.04
Severity Score:: Medium
CVE:: 2024-56217

Plugin:: Download Manager
Plugin Slug:: download-manager
Installations: 100,000+
Vulnerability:: Arbitrary Code Execution
Patched in Version:: 3.3.04
Severity Score:: High
CVE:: 2024-11740

Plugin:: Download Manager
Plugin Slug:: download-manager
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.3.04
Severity Score:: Medium
CVE:: 2024-11768

Plugin:: Tracking Code Manager
Plugin Slug:: tracking-code-manager
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.0
Severity Score:: Medium
CVE:: 2024-8721

Plugin:: Widget Options � The #1 WordPress Widget & Block Control Plugin
Plugin Slug:: widget-options
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.0.8
Severity Score:: Medium
CVE:: 2024-56219

Plugin:: kk Star Ratings � Rate Post & Collect User Feedbacks
Plugin Slug:: kk-star-ratings
Installations: 90,000+
Vulnerability:: Arbitrary Code Execution
Patched in Version:: 5.4.10.1
Severity Score:: High
CVE:: 2024-11977

Plugin:: WordPress Button Plugin MaxButtons
Plugin Slug:: maxbuttons
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 9.8.1
Severity Score:: Medium
CVE:: 2024-10555

Plugin:: File Manager Pro � Filester
Plugin Slug:: filester
Installations: 80,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.8.7
Severity Score:: Medium
CVE:: 2024-12331

Plugin:: Calculated Fields Form
Plugin Slug:: calculated-fields-form
Installations: 50,000+
Vulnerability:: Denial of Service Attack
Patched in Version:: 5.2.64
Severity Score:: Medium
CVE:: 2024-12601

Plugin:: Easy Digital Downloads � eCommerce Payments and Subscriptions made easy
Plugin Slug:: easy-digital-downloads
Installations: 50,000+
Vulnerability:: Arbitrary File Download
Patched in Version:: 3.3.3
Severity Score:: Medium
CVE:: 2024-12875

Plugin:: Easy Digital Downloads � eCommerce Payments and Subscriptions made easy
Plugin Slug:: easy-digital-downloads
Installations: 50,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.3.5
Severity Score:: Low
CVE:: 2024-9654

Plugin:: Seraphinite Accelerator
Plugin Slug:: seraphinite-accelerator
Installations: 40,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.22.16
Severity Score:: Medium
CVE:: 2024-54222

Plugin:: Cost Calculator Builder
Plugin Slug:: cost-calculator-builder
Installations: 30,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.2.43
Severity Score:: Medium
CVE:: 2024-10892

Plugin:: PPWP � Password Protect Pages
Plugin Slug:: password-protect-page
Installations: 30,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.9.6
Severity Score:: Medium
CVE:: 2024-11280

Plugin:: Print Invoice & Delivery Notes for WooCommerce
Plugin Slug:: woocommerce-delivery-notes
Installations: 30,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.4.1
Severity Score:: Medium
CVE:: 2024-12210

Plugin:: Appointment Booking Calendar Plugin and Scheduling Plugin � BookingPress
Plugin Slug:: bookingpress-appointment-booking
Installations: 20,000+
Vulnerability:: SQL Injection
Patched in Version:: 1.1.22
Severity Score:: High
CVE:: 2024-11726

Plugin:: Serious Slider
Plugin Slug:: cryout-serious-slider
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.7
Severity Score:: Medium
CVE:: 2024-11108

Plugin:: Embed PDF Viewer
Plugin Slug:: embed-pdf-viewer
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.0
Severity Score:: Medium
CVE:: 2024-56256

Plugin:: HTML Forms � Simple WordPress Forms Plugin
Plugin Slug:: html-forms
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4.2
Severity Score:: High
CVE:: 2024-56060

Plugin:: LifterLMS � WP LMS for eLearning, Online Courses, & Quizzes
Plugin Slug:: lifterlms
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 7.8.6
Severity Score:: Medium
CVE:: 2024-12596

Plugin:: Paid Membership Subscriptions � Effortless Memberships, Recurring Payments & Content Restriction
Plugin Slug:: paid-member-subscriptions
Installations: 10,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.13.5
Severity Score:: Medium
CVE:: 2024-11291

Plugin:: s2Member � Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions
Plugin Slug:: s2member
Installations: 10,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 241216
Severity Score:: High
CVE:: 2024-8326

Plugin:: WordPress Simple Shopping Cart
Plugin Slug:: wordpress-simple-paypal-shopping-cart
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.0.8
Severity Score:: Medium
CVE:: 2024-12622

Plugin:: Event Manager, Events Calendar, Tickets, Registrations � Eventin
Plugin Slug:: wp-event-solution
Installations: 10,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 4.0.9
Severity Score:: Medium
CVE:: 2024-56213

Plugin:: Frontend Admin by DynamiApps
Plugin Slug:: acf-frontend-form-element
Installations: 9,000+
Vulnerability:: SQL Injection
Patched in Version:: 3.25.2
Severity Score:: Critical
CVE:: 2024-11722

Plugin:: eCommerce Product Catalog Plugin for WordPress
Plugin Slug:: ecommerce-product-catalog
Installations: 9,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.3.44
Severity Score:: Medium
CVE:: 2024-12771

Plugin:: Affiliate Program Suite � SliceWP Affiliates
Plugin Slug:: slicewp
Installations: 9,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.24
Severity Score:: High
CVE:: 2024-12454

Plugin:: WP Datepicker
Plugin Slug:: wp-datepicker
Installations: 9,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.5
Severity Score:: High
CVE:: 2024-12468

Plugin:: AutomatorWP � Automator plugin for no-code automations, webhooks & custom integrations in WordPress
Plugin Slug:: automatorwp
Installations: 8,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.1.0
Severity Score:: High
CVE:: 2024-12626

Plugin:: Events Addon for Elementor
Plugin Slug:: events-addon-for-elementor
Installations: 8,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.2.4
Severity Score:: Medium
CVE:: 2024-12061

Plugin:: PowerPack Lite for Beaver Builder
Plugin Slug:: powerpack-addon-for-beaver-builder
Installations: 8,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.1
Severity Score:: High
CVE:: 2024-12239

Plugin:: WP Project Manager � Task, team, and project management plugin featuring kanban board and gantt charts
Plugin Slug:: wedevs-project-manager
Installations: 8,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.6.16
Severity Score:: Medium
CVE:: 2024-10548

Plugin:: Themify Builder
Plugin Slug:: themify-builder
Installations: 6,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 7.6.5
Severity Score:: Medium
CVE:: 2024-56216

Plugin:: Animation Addons for Elementor
Plugin Slug:: animation-addons-for-elementor
Installations: 5,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.1.7
Severity Score:: Medium
CVE:: 2024-12340

Plugin:: Collapsing Categories
Plugin Slug:: collapsing-categories
Installations: 5,000+
Vulnerability:: SQL Injection
Patched in Version:: 3.0.9
Severity Score:: Critical
CVE:: 2024-12025

Plugin:: Simple Page Access Restriction
Plugin Slug:: simple-page-access-restriction
Installations: 5,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.0.30
Severity Score:: Medium
CVE:: 2024-11295

Plugin:: Booking calendar, Appointment Booking System
Plugin Slug:: booking-calendar
Installations: 4,000+
Vulnerability:: SQL Injection
Patched in Version:: 3.2.20
Severity Score:: High
CVE:: 2024-10856

Plugin:: Broken Link Checker | Finder
Plugin Slug:: broken-link-finder
Installations: 4,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 2.5.1
Severity Score:: Medium
CVE:: 2024-12121

Plugin:: Button Block � Get fully customizable & multi-functional buttons
Plugin Slug:: button-block
Installations: 4,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.1.6
Severity Score:: Medium
CVE:: 2024-12560

Plugin:: ElementsReady Addons for Elementor
Plugin Slug:: element-ready-lite
Installations: 4,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 6.4.9
Severity Score:: Medium
CVE:: 2024-10356

Plugin:: EventPrime � Events Calendar, Bookings and Tickets
Plugin Slug:: eventprime-event-calendar-management
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.0.6.0
Severity Score:: High
CVE:: 2024-12024

Plugin:: Custom Login Page Styler � Limit Login Attempts � Restrict Content With Login � Redirect After Login � Change Login Url
Plugin Slug:: login-page-styler
Installations: 4,000+
Vulnerability:: Privilege Escalation
Patched in Version:: 7.1.2
Severity Score:: High
CVE:: 2024-12594

Plugin:: Responsive Blocks � WordPress Gutenberg Blocks
Plugin Slug:: responsive-block-editor-addons
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.9.8
Severity Score:: Medium
CVE:: 2024-12268

Plugin:: Wishlist for WooCommerce: Multi Wishlists Per Customer
Plugin Slug:: wish-list-for-woocommerce
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1.3
Severity Score:: High
CVE:: 2024-56228

Plugin:: WP-Appbox
Plugin Slug:: wp-appbox
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.5.4
Severity Score:: High
CVE:: 2024-12710

Plugin:: WC Price History for Omnibus
Plugin Slug:: wc-price-history
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.1.4
Severity Score:: Medium
CVE:: 2024-12617

Plugin:: DirectoryPress � Business Directory And Classified Ad Listing
Plugin Slug:: directorypress
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.6.17
Severity Score:: Medium
CVE:: 2024-10584

Plugin:: ELEX WooCommerce Dynamic Pricing and Discounts
Plugin Slug:: elex-woocommerce-dynamic-pricing-and-discounts
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.1.8
Severity Score:: Medium
CVE:: 2024-12266

Plugin:: Memberful � Membership Plugin
Plugin Slug:: memberful-wp
Installations: 1,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.74.0
Severity Score:: Medium
CVE:: 2024-11294

Plugin:: PlugVersions � Easily rollback to previous versions of your plugins
Plugin Slug:: plugversions
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 0.0.8
Severity Score:: High
CVE:: 2024-12881

Plugin:: SearchIQ � The Search Solution
Plugin Slug:: searchiq
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 4.7
Severity Score:: Medium
CVE:: 2024-56229

Plugin:: WP Docs
Plugin Slug:: wp-docs
Installations: 1,000+
Vulnerability:: SQL Injection
Patched in Version:: 2.2.1
Severity Score:: High
CVE:: 2024-12635

Plugin:: TicketSource Ticket Shop
Plugin Slug:: ticketsource-events
Installations: 800+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1.0
Severity Score:: Medium
CVE:: 2024-11784

Plugin:: Loan Comparison
Plugin Slug:: loan-comparison
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.1
Severity Score:: Medium
CVE:: 2024-12814

Plugin:: WooCommerce Additional Fees On Checkout (Free)
Plugin Slug:: woo-additional-fees-on-checkout-wordpress
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4.8
Severity Score:: High
CVE:: 2024-12395

Plugin:: CRM WordPress Plugin � RepairBuddy
Plugin Slug:: computer-repair-shop
Installations: 400+
Vulnerability:: Privilege Escalation
Patched in Version:: 3.8120
Severity Score:: High
CVE:: 2024-56061

Plugin:: CRM WordPress Plugin � RepairBuddy
Plugin Slug:: computer-repair-shop
Installations: 400+
Vulnerability:: Broken Access Control
Patched in Version:: 3.8122
Severity Score:: High
CVE:: 2024-12259

Plugin:: MagicPost � WordPress??????????
Plugin Slug:: magicpost
Installations: 400+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.2
Severity Score:: Medium
CVE:: 2024-12591

Plugin:: Member Directory and Contact Form
Plugin Slug:: pta-member-directory
Installations: 400+
Vulnerability:: Broken Access Control
Patched in Version:: 1.8.0
Severity Score:: Medium
CVE:: 2024-56215

Plugin:: WP on AWS
Plugin Slug:: wp-migrate-2-aws
Installations: 400+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.2.2
Severity Score:: High
CVE:: 2024-12408

Plugin:: Text Prompter � Unlimited chatgpt text prompts for openai tasks
Plugin Slug:: ai-content
Installations: 300+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.8
Severity Score:: Medium
CVE:: 2024-11896

Plugin:: Content No Cache | Serve uncached partial content even when you add it to a page that is fully cached.
Plugin Slug:: content-no-cache
Installations: 300+
Vulnerability:: Broken Access Control
Patched in Version:: 0.1.3
Severity Score:: Medium
CVE:: 2024-12103

Plugin:: PCRecruiter Extensions
Plugin Slug:: pcrecruiter-extensions
Installations: 300+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4.23
Severity Score:: Medium
CVE:: 2024-11776

Plugin:: Peter�s Custom Anti-Spam
Plugin Slug:: peters-custom-anti-spam-image
Installations: 300+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.2.4
Severity Score:: Medium
CVE:: 2024-12554

Plugin:: Stop Registration Spam
Plugin Slug:: stop-registration-spam
Installations: 300+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.24
Severity Score:: High
CVE:: 2024-56017

Plugin:: WP BASE Booking of Appointments, Services and Events
Plugin Slug:: wp-base-booking-of-appointments-services-and-events
Installations: 300+
Vulnerability:: Broken Access Control
Patched in Version:: 5.0.0
Severity Score:: Medium
CVE:: 2024-12558

Plugin:: WP BASE Booking of Appointments, Services and Events
Plugin Slug:: wp-base-booking-of-appointments-services-and-events
Installations: 300+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.9.2
Severity Score:: High
CVE:: 2024-12469

Plugin:: WPC Shop as a Customer for WooCommerce
Plugin Slug:: wpc-shop-as-customer
Installations: 300+
Vulnerability:: Broken Access Control
Patched in Version:: 1.2.9
Severity Score:: High
CVE:: 2024-12432

Plugin:: Dynamic Product Category Grid, Slider for WooCommerce
Plugin Slug:: dynamic-product-categories-design
Installations: 200+
Vulnerability:: Local File Inclusion
Patched in Version:: 1.1.4
Severity Score:: High
CVE:: 2024-56230

Plugin:: Export Customers Data
Plugin Slug:: export-customers-data
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.4
Severity Score:: High
CVE:: 2024-12405

Plugin:: NinjaTeam Chat for Telegram
Plugin Slug:: ninjateam-telegram
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1
Severity Score:: Medium
CVE:: 2024-11885

Plugin:: Feedify � Web Push Notifications
Plugin Slug:: push-notification-by-feedify
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.3
Severity Score:: High
CVE:: 2024-11811

Plugin:: ShMapper by Teplitsa
Plugin Slug:: shmapper-by-teplitsa
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.0
Severity Score:: Medium
CVE:: 2024-12518

Plugin:: Accept Authorize.NET Payments Using Contact Form 7
Plugin Slug:: accept-authorize-net-payments-using-contact-form-7
Installations: 100+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.3
Severity Score:: Medium
CVE:: 2024-12250

Plugin:: Agency Toolkit
Plugin Slug:: agency-toolkit
Installations: 100+
Vulnerability:: Privilege Escalation
Patched in Version:: 1.0.24
Severity Score:: Critical
CVE:: 2024-56066

Plugin:: Bitcoin Lightning Publisher for WordPress
Plugin Slug:: bitcoin-lightning-publisher
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4.2
Severity Score:: High
CVE:: 2024-12100

Plugin:: Database Backup and check Tables Automated With Scheduler 2024
Plugin Slug:: database-backup
Installations: 100+
Vulnerability:: Path Traversal
Patched in Version:: 2.33
Severity Score:: Medium
CVE:: 2024-12850

Plugin:: Gulri Slider
Plugin Slug:: gulri-slider
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.5.9
Severity Score:: High
CVE:: 2024-56223

Plugin:: CRM Perks � WordPress HelpDesk Integration � Zendesk, Freshdesk, HelpScout
Plugin Slug:: support-x
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.7
Severity Score:: Medium
CVE:: 2024-12443

Plugin:: Video Share VOD � Turnkey Video Site Builder Script
Plugin Slug:: video-share-vod
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.31
Severity Score:: Medium
CVE:: 2024-12449

Plugin:: Contests by Rewards Fuel
Plugin Slug:: contests-from-rewards-fuel
Installations: 90+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.66
Severity Score:: Medium
CVE:: 2024-12513

Plugin:: Easy Waveform Player
Plugin Slug:: easy-waveform-player
Installations: 90+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.1
Severity Score:: Medium
CVE:: 2024-11881

Plugin:: FV Descriptions
Plugin Slug:: fv-descriptions
Installations: 80+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5
Severity Score:: High
CVE:: 2024-56032

Plugin:: ScanCircle
Plugin Slug:: scancircle
Installations: 80+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.9.3
Severity Score:: Medium
CVE:: 2024-11439

Plugin:: Optio Dentistry
Plugin Slug:: optio-dentistry
Installations: 70+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2
Severity Score:: Medium
CVE:: 2024-12507

Plugin:: Philantro � Donations and Donor Management
Plugin Slug:: philantro
Installations: 70+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.3
Severity Score:: Medium
CVE:: 2024-12500

Plugin:: SMS for WooCommerce
Plugin Slug:: wc-sms
Installations: 70+
Vulnerability:: Broken Access Control
Patched in Version:: 2.8.1.1
Severity Score:: High
CVE:: 2024-12220

Plugin:: Taeggie Feed
Plugin Slug:: taeggie-feed
Installations: 60+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 0.1.10
Severity Score:: Medium
CVE:: 2024-11748

Plugin:: Ledenbeheer
Plugin Slug:: ledenbeheer-external-connection
Installations: 20+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.1
Severity Score:: Medium
CVE:: 2024-56224

Plugin:: CodeBard Help Desk
Plugin Slug:: codebard-help-desk
Installations: 10+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.1.2
Severity Score:: Medium
CVE:: 2024-56222

Plugin:: WPMozo Addons Lite for Elementor
Plugin Slug:: wpmozo-addons-lite-for-elementor
Installations: 10+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.0
Severity Score:: Medium
CVE:: 2024-56221

Plugin:: Advanced Floating Content
Plugin Slug:: advanced-floating-content
Vulnerability:: SQL Injection
Patched in Version:: 3.8.3
Severity Score:: High
CVE:: 2024-12031

Plugin:: Biagiotti Membership
Plugin Slug:: biagiotti-membership
Vulnerability:: Privilege Escalation
Patched in Version:: 1.1
Severity Score:: Critical
CVE:: 2024-12287

Plugin:: WP SuperBackup
Plugin Slug:: indeed-wp-superbackup
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4
Severity Score:: High
CVE:: 2024-56069

Plugin:: WP SuperBackup
Plugin Slug:: indeed-wp-superbackup
Vulnerability:: Broken Access Control
Patched in Version:: 2.4
Severity Score:: High
CVE:: 2024-56070

Plugin:: WP SuperBackup
Plugin Slug:: indeed-wp-superbackup
Vulnerability:: Arbitrary File Upload
Patched in Version:: 2.4
Severity Score:: Critical
CVE:: 2024-56064

Plugin:: WP SuperBackup
Plugin Slug:: indeed-wp-superbackup
Vulnerability:: PHP Object Injection
Patched in Version:: 2.4
Severity Score:: High
CVE:: 2024-56068

Plugin:: WP SuperBackup
Plugin Slug:: indeed-wp-superbackup
Vulnerability:: Arbitrary File Download
Patched in Version:: 2.4
Severity Score:: High
CVE:: 2024-56067

Plugin:: Seraphinite Accelerator (Full, premium)
Plugin Slug:: seraphinite-accelerator-ext
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.22.16
Severity Score:: Medium
CVE:: 2024-54222

Plugin:: VibeBP
Plugin Slug:: vibebp
Vulnerability:: SQL Injection
Patched in Version:: 1.9.9.5.1
Severity Score:: High
CVE:: 2024-56041

Plugin:: VibeBP
Plugin Slug:: vibebp
Vulnerability:: SQL Injection
Patched in Version:: 1.9.9.7.7
Severity Score:: Critical
CVE:: 2024-56039

Plugin:: VibeBP
Plugin Slug:: vibebp
Vulnerability:: Privilege Escalation
Patched in Version:: 1.9.9.5
Severity Score:: Critical
CVE:: 2024-56040

Plugin:: WooCommerce PDF Vouchers
Plugin Slug:: woocommerce-pdf-vouchers
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.9.9
Severity Score:: High
CVE:: 2024-56265

Plugin:: WP All Import Pro
Plugin Slug:: wp-all-import-pro
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 4.9.4
Severity Score:: Medium
CVE:: 2024-9624

Plugin:: WPLMS
Plugin Slug:: wplms-plugin
Vulnerability:: Arbitrary File Deletion
Patched in Version:: 1.9.9.5.2
Severity Score:: High
CVE:: 2024-56055

Plugin:: WPLMS
Plugin Slug:: wplms-plugin
Vulnerability:: Arbitrary File Upload
Patched in Version:: 1.9.9.5.2
Severity Score:: Critical
CVE:: 2024-56054

Plugin:: WPLMS
Plugin Slug:: wplms-plugin
Vulnerability:: Arbitrary File Upload
Patched in Version:: 1.9.9.5.2
Severity Score:: Critical
CVE:: 2024-56057

Plugin:: WPLMS
Plugin Slug:: wplms-plugin
Vulnerability:: SQL Injection
Patched in Version:: 1.9.9.5.3
Severity Score:: High
CVE:: 2024-56047

Plugin:: WPLMS
Plugin Slug:: wplms-plugin
Vulnerability:: SQL Injection
Patched in Version:: 1.9.9.5.3
Severity Score:: Critical
CVE:: 2024-56042

Plugin:: WPLMS
Plugin Slug:: wplms-plugin
Vulnerability:: Arbitrary File Deletion
Patched in Version:: 1.9.9.5.2
Severity Score:: High
CVE:: 2024-56049

Plugin:: WPLMS
Plugin Slug:: wplms-plugin
Vulnerability:: Arbitrary File Upload
Patched in Version:: 1.9.9.1
Severity Score:: Critical
CVE:: 2024-56046

Plugin:: WPLMS
Plugin Slug:: wplms-plugin
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: 1.9.9.5
Severity Score:: High
CVE:: 2024-56051

Plugin:: WPLMS
Plugin Slug:: wplms-plugin
Vulnerability:: Privilege Escalation
Patched in Version:: 1.9.9.1
Severity Score:: High
CVE:: 2024-56048

Plugin:: WPLMS
Plugin Slug:: wplms-plugin
Vulnerability:: Arbitrary File Deletion
Patched in Version:: 1.9.9.5
Severity Score:: Critical
CVE:: 2024-56045

Plugin:: WPLMS
Plugin Slug:: wplms-plugin
Vulnerability:: Privilege Escalation
Patched in Version:: 1.9.9.1
Severity Score:: Critical
CVE:: 2024-56043

Plugin:: WPLMS
Plugin Slug:: wplms-plugin
Vulnerability:: Privilege Escalation
Patched in Version:: 1.9.9.1
Severity Score:: Critical
CVE:: 2024-56044

Plugin:: WPLMS
Plugin Slug:: wplms-plugin
Vulnerability:: Arbitrary File Upload
Patched in Version:: 1.9.9.5.3
Severity Score:: Critical
CVE:: 2024-56050

Plugin:: WPLMS
Plugin Slug:: wplms-plugin
Vulnerability:: Arbitrary File Upload
Patched in Version:: 1.9.9.5.2
Severity Score:: Critical
CVE:: 2024-56052

Plugin:: WPLMS
Plugin Slug:: wplms-plugin
Vulnerability:: SQL Injection
Patched in Version:: 1.9.9.5.3
Severity Score:: High
CVE:: 2024-56053

WordPress Themes � 5 Patched / 4 Unpatched

Theme:: NewsDaily
Theme Slug:: newsdaily
Downloads: 44,342
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-56208

Theme:: VW Automobile Lite
Theme Slug:: vw-automobile-lite
Downloads: 188,505
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-56234

Theme:: Olivia
Theme Slug:: olivia
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-56014

Theme:: Zerif Lite
Theme Slug:: zerif-lite
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High

Theme:: NewsMash
Theme Slug:: newsmash
Downloads: 100,124
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.72
Severity Score:: Medium
CVE:: 2024-56208

Theme:: AdForest
Theme Slug:: adforest
Vulnerability:: Broken Access Control
Patched in Version:: 5.1.7
Severity Score:: Critical
CVE:: 2024-11349

Theme:: Kleo
Theme Slug:: kleo
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.4.4
Severity Score:: High
CVE:: 2024-56209

Theme:: Traveler
Theme Slug:: traveler
Vulnerability:: Broken Access Control
Patched in Version:: 3.1.7
Severity Score:: Medium
CVE:: 2024-11926

Theme:: Traveler
Theme Slug:: traveler
Vulnerability:: SQL Injection
Patched in Version:: 3.1.7
Severity Score:: Critical
CVE:: 2024-11912