Nexcess.com Servers.com LiquidWeb.com

Line illustration showing a black application window on a dark purple gradient background overlaid with a large exclamation point alert icon and three bugs.

WordPress Vulnerability Report � December 4, 2024

In this report, 200 vulnerabilities have been publicly disclosed. Security patches for 120 of these plugins are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 80 plugin vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

WordPress Core

WordPress 6.7.1 is available! This minor release features 16 bug fixes�throughout Core�and�the Block Editor.

WordPress Plugins � 120 Patched / 80 Unpatched

Plugin:: s2Member � Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions
Plugin Slug:: s2member
Installations: 10,000+
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-51815

Plugin:: WP Project Manager � Task, team, and project management plugin featuring kanban board and gantt charts
Plugin Slug:: wedevs-project-manager
Installations: 8,000+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-12015

Plugin:: Borderless � Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg
Plugin Slug:: borderless
Installations: 7,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-54211

Plugin:: Countdown Timer for Elementor
Plugin Slug:: countdown-timer-for-elementor
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-53743

Plugin:: Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library )
Plugin Slug:: magical-addons-for-elementor
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-54212

Plugin:: WordPress Portfolio Builder � Portfolio Gallery
Plugin Slug:: uber-grid
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-53788

Plugin:: Post Carousel Slider for Elementor
Plugin Slug:: post-carousel-slider-for-elementor
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-53749

Plugin:: Beds24 Online Booking
Plugin Slug:: beds24-online-booking
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-10177

Plugin:: Random Banner
Plugin Slug:: random-banner
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-53787

Plugin:: Video Player for WPBakery
Plugin Slug:: video-player-for-wpbakery
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-53747

Plugin:: WordPress Page Builder � Zion Builder
Plugin Slug:: zionbuilder
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-54213

Plugin:: Elementor Button Plus
Plugin Slug:: fd-elementor-button-plus
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-53746

Plugin:: Simple Popup Plugin
Plugin Slug:: simple-popup-plugin
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-53741

Plugin:: Elementor Image Gallery Plugin ( Masonry Gallery, Elementor Gallery Plugin With Captions, Elementor Portfolio Gallery Widget, Filterable Gallery )
Plugin Slug:: skyboot-portfolio-gallery
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-53744

Plugin:: Smart Marketing SMS and Newsletters Forms
Plugin Slug:: smart-marketing-for-wp
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-53784

Plugin:: WP Revisions Manager
Plugin Slug:: wp-revisions-manager
Installations: 800+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-53761

Plugin:: Ni WooCommerce Cost Of Goods
Plugin Slug:: ni-woocommerce-cost-of-goods
Installations: 500+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-53783

Plugin:: Softtemplates For Elementor
Plugin Slug:: softtemplates-for-elementor
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-53764

Plugin:: ArCa Payment Gateway
Plugin Slug:: arca-payment-gateway
Installations: 100+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-53759

Plugin:: Stripe Donation
Plugin Slug:: bin-stripe-donation
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-53752

Plugin:: Capitalize My Title WordPress Plugin
Plugin Slug:: capitalize-my-title
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-53760

Plugin:: CultBooking Hotel Booking Engine
Plugin Slug:: cultbooking-booking-engine
Installations: 100+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-53753

Plugin:: FastBook � Responsive Appointment Booking and Scheduling System
Plugin Slug:: fastbook-responsive-appointment-booking-and-scheduling-system
Installations: 100+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-53762

Plugin:: Load More Posts
Plugin Slug:: load-more-posts
Installations: 100+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-53780

Plugin:: Multilevel Referral Affiliate Plugin for WooCommerce
Plugin Slug:: multilevel-referral-plugin-for-woocommerce
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-53742

Plugin:: Out Of Stock Badge
Plugin Slug:: out-of-stock-badge
Installations: 100+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-53754

Plugin:: SpatialMatch IDX
Plugin Slug:: spatialmatch-free-lifestyle-search
Installations: 100+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-53781

Plugin:: Third Party Cookie Eraser
Plugin Slug:: third-party-cookie-eraser
Installations: 100+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-53755

Plugin:: Vertical Carousel
Plugin Slug:: vertical-carousel-slider
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-53756

Plugin:: WP Find Your Nearest
Plugin Slug:: wp-find-your-nearest
Installations: 80+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-53757

Plugin:: eDoc Easy Tables � Best WordPress Table Maker
Plugin Slug:: edoc-easy-tables
Installations: 60+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-53793

Plugin:: Simple Header and Footer
Plugin Slug:: simple-header-and-footer
Installations: 60+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-53777

Plugin:: Yahoo! WebPlayer
Plugin Slug:: yahoo-media-player
Installations: 60+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-53779

Plugin:: Essential Breadcrumbs
Plugin Slug:: essential-breadcrumbs
Installations: 50+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-53778

Plugin:: Z-Downloads
Plugin Slug:: z-downloads
Installations: 50+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-54206

Plugin:: Custom Post Type to Map Store
Plugin Slug:: cpt-to-map-store
Installations: 40+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-53769

Plugin:: SimpleSchema Free
Plugin Slug:: simpleschema-free
Installations: 40+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-53771

Plugin:: Mins To Read
Plugin Slug:: mins-to-read
Installations: 30+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-53765

Plugin:: RingCentral Communications Plugin � FREE
Plugin Slug:: rccp-free
Installations: 30+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-53770

Plugin:: Sparkle Elementor Kit
Plugin Slug:: sparkle-elementor-kit
Installations: 30+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-53774

Plugin:: Content Audit Exporter
Plugin Slug:: content-audit-exporter
Installations: 20+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-53768

Plugin:: Devnex Addons For Elementor
Plugin Slug:: devnex-addons-for-elementor
Installations: 20+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-53766

Plugin:: Donate Me
Plugin Slug:: donate-me
Installations: 20+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-53776

Plugin:: Newsletter, Email Marketing, Email Subscriber � Mail Picker
Plugin Slug:: mail-picker
Installations: 20+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-53772

Plugin:: Znajd? Prac? z Praca.pl
Plugin Slug:: znajdz-prace-z-pracapl
Installations: 20+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-53773

Plugin:: Awesome Shortcodes
Plugin Slug:: awesome-shortcodes
Installations: 10+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-54209

Plugin:: YaDisk Files
Plugin Slug:: wp-yadisk-files
Installations: 10+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-10710

Plugin:: YaDisk Files
Plugin Slug:: wp-yadisk-files
Installations: 10+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-10709

Plugin:: adBuddy+ (AdBlocker Detection)
Plugin Slug:: adbuddy-adblocker-detection
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-10510

Plugin:: Advanced What should we write next about
Plugin Slug:: advanced-what-should-we-write-about-next
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-53789

Plugin:: AIO Contact
Plugin Slug:: aio-contact
Vulnerability:: Settings Change
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-54218

Plugin:: AIO Contact
Plugin Slug:: aio-contact
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-54219

Plugin:: ARForms
Plugin Slug:: arforms
Vulnerability:: Path Traversal
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-54216

Plugin:: ARForms
Plugin Slug:: arforms
Vulnerability:: Settings Change
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-54217

Plugin:: Best Addons for Elementor
Plugin Slug:: best-addons-for-elementor
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-53763

Plugin:: Block Controller
Plugin Slug:: block-controller
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-54208

Plugin:: BP Profile Shortcodes Extra
Plugin Slug:: bp-profile-shortcodes-extra
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-11732

Plugin:: Build App Online
Plugin Slug:: build-app-online
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-53751

Plugin:: Charity Addon for Elementor
Plugin Slug:: charity-addon-for-elementor
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-12062

Plugin:: Chatter
Plugin Slug:: chatter
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-53785

Plugin:: ?? ?? ?? By ?????
Plugin Slug:: cosmosfarm-share-buttons
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-53745

Plugin:: Cowidgets � Elementor Addons
Plugin Slug:: cowidgets-elementor-addons
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-53786

Plugin:: Advanced Element Bucket Addons for Elementor
Plugin Slug:: cs-element-bucket
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-54210

Plugin:: DancePress (TRWA)
Plugin Slug:: dancepress-trwa
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-53775

Plugin:: FAT Services Booking
Plugin Slug:: fat-services-booking
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-54220

Plugin:: FAT Services Booking
Plugin Slug:: fat-services-booking
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-54221

Plugin:: Lenxel Core
Plugin Slug:: lenxel-core
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-53791

Plugin:: Lenxel Core
Plugin Slug:: lenxel-core
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-53790

Plugin:: PayPal Responder
Plugin Slug:: paypal-responder
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-53750

Plugin:: Photo Video Store
Plugin Slug:: photo-video-store
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-53782

Plugin:: Pixobe Cartography
Plugin Slug:: pixobe-cartography
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-53767

Plugin:: Paloma Widget
Plugin Slug:: postman-widget
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-54205

Plugin:: Pricing Tables For WPBakery Page Builder
Plugin Slug:: pricing-tables-for-visual-composer
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-10175

Plugin:: Revy
Plugin Slug:: revy
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-54215

Plugin:: Revy
Plugin Slug:: revy
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-54214

Plugin:: WordPress Auction Plugin
Plugin Slug:: wp-auctions
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-51615

Plugin:: WordPress Auction Plugin
Plugin Slug:: wp-auctions
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-54207

Plugin:: Counter Up
Plugin Slug:: wp-counter-up
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-10895

Plugin:: WP MathJax
Plugin Slug:: wp-mathjax-plus
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-53758

Plugin:: WP Mermaid
Plugin Slug:: wp-mermaid
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-53748

Plugin:: Elementor Website Builder � More than Just a Page Builder
Plugin Slug:: elementor
Installations: 10,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.25.8
Severity Score:: Medium
CVE:: 2024-8236

Plugin:: WPForms � Easy Form Builder for WordPress � Contact Forms, Payment Forms, Surveys, & More
Plugin Slug:: wpforms-lite
Installations: 6,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.9.1.6
Severity Score:: Medium
CVE:: 2024-7056

Plugin:: Spectra � WordPress Gutenberg Blocks
Plugin Slug:: ultimate-addons-for-gutenberg
Installations: 1,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.16.3
Severity Score:: Medium
CVE:: 2024-10484

Plugin:: Photo Gallery, Sliders, Proofing and Themes � NextGEN Gallery
Plugin Slug:: nextgen-gallery
Installations: 500,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.59.5
Severity Score:: Medium
CVE:: 2024-6393

Plugin:: Royal Elementor Addons and Templates
Plugin Slug:: royal-elementor-addons
Installations: 500,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.7.1004
Severity Score:: Medium
CVE:: 2024-10798

Plugin:: Royal Elementor Addons and Templates
Plugin Slug:: royal-elementor-addons
Installations: 500,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.7.1002
Severity Score:: Medium
CVE:: 2024-9682

Plugin:: FluentSMTP � WP SMTP Plugin with Amazon SES, SendGrid, MailGun, Postmark, Google and Any SMTP Provider
Plugin Slug:: fluent-smtp
Installations: 300,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 2.2.83
Severity Score:: Critical
CVE:: 2024-9511

Plugin:: Otter Blocks � Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE
Plugin Slug:: otter-blocks
Installations: 300,000+
Vulnerability:: Path Traversal
Patched in Version:: 3.0.7
Severity Score:: Medium
CVE:: 2024-11219

Plugin:: Spam protection, Anti-Spam, FireWall by CleanTalk
Plugin Slug:: cleantalk-spam-protect
Installations: 200,000+
Vulnerability:: Broken Authentication
Patched in Version:: 6.45
Severity Score:: High
CVE:: 2024-10781

Plugin:: Spam protection, Anti-Spam, FireWall by CleanTalk
Plugin Slug:: cleantalk-spam-protect
Installations: 200,000+
Vulnerability:: Broken Authentication
Patched in Version:: 6.44
Severity Score:: Critical
CVE:: 2024-10542

Plugin:: FileBird � WordPress Media Library Folders & File Manager
Plugin Slug:: filebird
Installations: 200,000+
Vulnerability:: Broken Access Control
Patched in Version:: 6.3.4
Severity Score:: Medium
CVE:: 2024-53825

Plugin:: Jeg Elementor Kit
Plugin Slug:: jeg-elementor-kit
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.10
Severity Score:: Medium
CVE:: 2024-10308

Plugin:: Jeg Elementor Kit
Plugin Slug:: jeg-elementor-kit
Installations: 200,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.6.10
Severity Score:: Medium
CVE:: 2024-8899

Plugin:: Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content � ProfilePress
Plugin Slug:: wp-user-avatar
Installations: 200,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 4.15.19
Severity Score:: Medium
CVE:: 2024-11083

Plugin:: Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows)
Plugin Slug:: bdthemes-element-pack-lite
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.10.6
Severity Score:: Medium
CVE:: 2024-9058

Plugin:: Beaver Builder � WordPress Page Builder
Plugin Slug:: beaver-builder-lite-version
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.8.4.4
Severity Score:: Medium
CVE:: 2024-53797

Plugin:: EmbedPress � Embed PDF, PDF 3D FlipBook, Instagram Social Feeds, Google Docs, Vimeo, Wistia, YouTube Videos, Maps & Upload PDF Documents
Plugin Slug:: embedpress
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.1.4
Severity Score:: Medium
CVE:: 2024-11203

Plugin:: Everest Forms � Build Contact Forms, Surveys, Polls, Quizzes, Newsletter & Application Forms, and Many More with Ease!
Plugin Slug:: everest-forms
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.0.4.2
Severity Score:: Medium
CVE:: 2024-10471

Plugin:: Advanced File Manager
Plugin Slug:: file-manager-advanced
Installations: 100,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 5.2.11
Severity Score:: High
CVE:: 2024-11391

Plugin:: Social Sharing Plugin � Sassy Social Share
Plugin Slug:: sassy-social-share
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.3.70
Severity Score:: High
CVE:: 2024-11252

Plugin:: The Plus Addons for Elementor � Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce
Plugin Slug:: the-plus-addons-for-elementor-page-builder
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.0.1
Severity Score:: Medium
CVE:: 2024-53823

Plugin:: Widget Options � The #1 WordPress Widget & Block Control Plugin
Plugin Slug:: widget-options
Installations: 100,000+
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: 4.0.8
Severity Score:: Critical
CVE:: 2024-8672

Plugin:: Hustle � Email Marketing, Lead Generation, Optins, Popups
Plugin Slug:: wordpress-popup
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 7.8.6
Severity Score:: Medium
CVE:: 2024-10580

Plugin:: Hustle � Email Marketing, Lead Generation, Optins, Popups
Plugin Slug:: wordpress-popup
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 7.8.6
Severity Score:: Medium
CVE:: 2024-10579

Plugin:: Asset CleanUp: Page Speed Booster
Plugin Slug:: wp-asset-clean-up
Installations: 100,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 1.3.9.9
Severity Score:: Medium
CVE:: 2024-53738

Plugin:: Parsi Date
Plugin Slug:: wp-parsidate
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.1.2
Severity Score:: High
CVE:: 2024-11032

Plugin:: Total Upkeep � WordPress Backup Plugin plus Restore & Migrate by BoldGrid
Plugin Slug:: boldgrid-backup
Installations: 70,000+
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: 1.16.7
Severity Score:: Critical
CVE:: 2024-9461

Plugin:: File Manager Pro � Filester
Plugin Slug:: filester
Installations: 70,000+
Vulnerability:: Path Traversal
Patched in Version:: 1.8.6
Severity Score:: High
CVE:: 2024-9669

Plugin:: File Manager Pro � Filester
Plugin Slug:: filester
Installations: 70,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 1.8.5
Severity Score:: High
CVE:: 2024-8066

Plugin:: FOX � Currency Switcher Professional for WooCommerce
Plugin Slug:: woocommerce-currency-switcher
Installations: 60,000+
Vulnerability:: Arbitrary Code Execution
Patched in Version:: 1.4.2.3
Severity Score:: High
CVE:: 2024-10640

Plugin:: Bold Page Builder
Plugin Slug:: bold-page-builder
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.2.2
Severity Score:: Medium
CVE:: 2024-53801

Plugin:: Themesflat Addons For Elementor
Plugin Slug:: themesflat-addons-for-elementor
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.3
Severity Score:: Medium
CVE:: 2024-53796

Plugin:: Post Grid Gutenberg Blocks and WordPress Blog Plugin � PostX
Plugin Slug:: ultimate-post
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.1.16
Severity Score:: Medium
CVE:: 2024-53818

Plugin:: Booster for WooCommerce
Plugin Slug:: woocommerce-jetpack
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.2.4
Severity Score:: Medium
CVE:: 2024-9170

Plugin:: Security & Malware scan by CleanTalk
Plugin Slug:: security-malware-firewall
Installations: 30,000+
Vulnerability:: SQL Injection
Patched in Version:: 2.145.1
Severity Score:: Critical
CVE:: 2024-10570

Plugin:: Tutor LMS Elementor Addons
Plugin Slug:: tutor-lms-elementor-addons
Installations: 30,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.1.6
Severity Score:: Medium
CVE:: 2024-53816

Plugin:: Analytify � Google Analytics Dashboard For WordPress (GA4 analytics made easy)
Plugin Slug:: wp-analytify
Installations: 30,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.5.0
Severity Score:: Medium
CVE:: 2024-53814

Plugin:: Maspik � Advanced Spam Protection
Plugin Slug:: contact-forms-anti-spam
Installations: 20,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.2.8
Severity Score:: Medium
CVE:: 2024-53806

Plugin:: Futurio Extra
Plugin Slug:: futurio-extra
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.15
Severity Score:: Medium
CVE:: 2024-53802

Plugin:: Logo Slider � Logo Carousel, Logo Showcase & Client Logo Slider Plugin
Plugin Slug:: logo-slider-wp
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.5.0
Severity Score:: Medium
CVE:: 2024-10896

Plugin:: Logo Slider � Logo Carousel, Logo Showcase & Client Logo Slider Plugin
Plugin Slug:: logo-slider-wp
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.5.0
Severity Score:: Medium
CVE:: 2024-10473

Plugin:: Wallet for WooCommerce
Plugin Slug:: woo-wallet
Installations: 20,000+
Vulnerability:: Other Vulnerability Type
Patched in Version:: 1.5.7
Severity Score:: Medium
CVE:: 2024-7747

Plugin:: Product Labels For Woocommerce (Sale Badges)
Plugin Slug:: aco-product-labels-for-woocommerce
Installations: 10,000+
Vulnerability:: SQL Injection
Patched in Version:: 1.5.9
Severity Score:: High
CVE:: 2024-53817

Plugin:: CM Pop-Up Banners for WordPress
Plugin Slug:: cm-pop-up-banners
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.7.6
Severity Score:: High
CVE:: 2024-11202

Plugin:: RegistrationMagic � User Registration Plugin with Custom Registration Forms
Plugin Slug:: custom-registration-form-builder-with-submission-manager
Installations: 10,000+
Vulnerability:: Privilege Escalation
Patched in Version:: 6.0.2.7
Severity Score:: Critical
CVE:: 2024-10508

Plugin:: NEX-Forms � Ultimate Form Builder � Contact forms and much more
Plugin Slug:: nex-forms-express-wp-form-builder
Installations: 10,000+
Vulnerability:: SQL Injection
Patched in Version:: 8.7.9
Severity Score:: High
CVE:: 2024-53808

Plugin:: Paid Membership Subscriptions � Effortless Memberships, Recurring Payments & Content Restriction
Plugin Slug:: paid-member-subscriptions
Installations: 10,000+
Vulnerability:: Arbitrary Code Execution
Patched in Version:: 2.13.1
Severity Score:: High
CVE:: 2024-10261

Plugin:: Simple Side Tab
Plugin Slug:: simple-side-tab
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.0
Severity Score:: Medium
CVE:: 2024-10551

Plugin:: Primary Addon for Elementor
Plugin Slug:: primary-addon-for-elementor
Installations: 8,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.6.3
Severity Score:: Medium
CVE:: 2024-10670

Plugin:: Category Ajax Filter
Plugin Slug:: category-ajax-filter
Installations: 7,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 2.8.3
Severity Score:: High
CVE:: 2024-10871

Plugin:: CM Tooltip Glossary
Plugin Slug:: enhanced-tooltipglossary
Installations: 7,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.3.12
Severity Score:: High
CVE:: 2024-11202

Plugin:: WDesignKit � Elementor & Gutenberg Starter Templates, Patterns, Cloud Workspace & Widget Builder
Plugin Slug:: wdesignkit
Installations: 7,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 1.1.0
Severity Score:: Medium
CVE:: 2024-53811

Plugin:: Product Input Fields for WooCommerce
Plugin Slug:: product-input-fields-for-woocommerce
Installations: 6,000+
Vulnerability:: Path Traversal
Patched in Version:: 2.0
Severity Score:: Medium
CVE:: 2024-10857

Plugin:: WP Travel � Ultimate Travel Booking System, Tour Management Engine
Plugin Slug:: wp-travel
Installations: 5,000+
Vulnerability:: Broken Access Control
Patched in Version:: 9.7.0
Severity Score:: Medium
CVE:: 2024-53813

Plugin:: All Bootstrap Blocks
Plugin Slug:: all-bootstrap-blocks
Installations: 4,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 1.3.20
Severity Score:: High
CVE:: 2024-53824

Plugin:: Arkhe Blocks
Plugin Slug:: arkhe-blocks
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.27.1
Severity Score:: Medium
CVE:: 2024-53794

Plugin:: Booking calendar, Appointment Booking System
Plugin Slug:: booking-calendar
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.16
Severity Score:: High
CVE:: 2024-9504

Plugin:: Pinpoint Booking System � #1 WordPress Booking Plugin
Plugin Slug:: booking-system
Installations: 4,000+
Vulnerability:: SQL Injection
Patched in Version:: 2.9.9.5.2
Severity Score:: High
CVE:: 2024-53815

Plugin:: CM WordPress Search And Replace Plugin
Plugin Slug:: cm-on-demand-search-and-replace
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4.3
Severity Score:: High
CVE:: 2024-11202

Plugin:: Image Alt Text
Plugin Slug:: image-alt-text
Installations: 4,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.0.0
Severity Score:: Medium
CVE:: 2024-11918

Plugin:: Sp*tify Play Button for WordPress
Plugin Slug:: spotify-play-button-for-wordpress
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.12
Severity Score:: Medium
CVE:: 2024-11192

Plugin:: Watu Quiz
Plugin Slug:: watu
Installations: 4,000+
Vulnerability:: SQL Injection
Patched in Version:: 3.4.1.3
Severity Score:: High
CVE:: 2024-53792

Plugin:: Additional Order Filters for WooCommerce
Plugin Slug:: additional-order-filters-for-woocommerce
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.22
Severity Score:: High
CVE:: 2024-11418

Plugin:: Cryptocurrency Widgets For Elementor
Plugin Slug:: cryptocurrency-widgets-for-elementor
Installations: 2,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 1.6.5
Severity Score:: High
CVE:: 2024-53739

Plugin:: Restaurant & Cafe Addon for Elementor
Plugin Slug:: restaurant-cafe-addon-for-elementor
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.6.0
Severity Score:: Medium
CVE:: 2024-10780

Plugin:: Client Invoicing by Sprout Invoices � Easy Estimates and Invoices for WordPress
Plugin Slug:: sprout-invoices
Installations: 2,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 20.8.1
Severity Score:: Medium
CVE:: 2024-53819

Plugin:: Sugar Calendar � Event Calendar, Event Tickets, and Event Management Platform
Plugin Slug:: sugar-calendar-lite
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.4.0
Severity Score:: High
CVE:: 2024-10878

Plugin:: AppPresser � Mobile App Framework
Plugin Slug:: apppresser
Installations: 1,000+
Vulnerability:: Privilege Escalation
Patched in Version:: 4.4.7
Severity Score:: Critical
CVE:: 2024-11024

Plugin:: Attesa Extra
Plugin Slug:: attesa-extra
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.4.3
Severity Score:: Medium
CVE:: 2024-10688

Plugin:: Internal Linking for SEO traffic & Ranking � Auto internal links (100% automatic)
Plugin Slug:: automatic-internal-links-for-seo
Installations: 1,000+
Vulnerability:: SQL Injection
Patched in Version:: 1.2.2
Severity Score:: High
CVE:: 2024-11009

Plugin:: BNE Gallery Extended
Plugin Slug:: bne-gallery-extended
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.2
Severity Score:: Medium
CVE:: 2024-11119

Plugin:: Captivate Sync
Plugin Slug:: captivatesync-trade
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.26
Severity Score:: Medium
CVE:: 2024-53820

Plugin:: Church Admin
Plugin Slug:: church-admin
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.0.9
Severity Score:: Medium
CVE:: 2024-53795

Plugin:: Name: CM E-Mail Registration Blacklist
Plugin Slug:: cm-email-blacklist
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.4
Severity Score:: High
CVE:: 2024-11202

Plugin:: CM Header & Footer Script Loader � Insert Script Plugin
Plugin Slug:: cm-header-footer-script-loader
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.2
Severity Score:: High
CVE:: 2024-11202

Plugin:: WordPress Contact Forms by Cimatti
Plugin Slug:: contact-forms
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.9.3
Severity Score:: Medium
CVE:: 2024-10521

Plugin:: Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery � Upload, Vote, Sell via PayPal, Social Share Buttons
Plugin Slug:: contest-gallery
Installations: 1,000+
Vulnerability:: Privilege Escalation
Patched in Version:: 24.0.8
Severity Score:: Critical
CVE:: 2024-11103

Plugin:: InPost Gallery
Plugin Slug:: inpost-gallery
Installations: 1,000+
Vulnerability:: Arbitrary Code Execution
Patched in Version:: 2.1.4.3
Severity Score:: Medium
CVE:: 2024-11002

Plugin:: Tumult Hype Animations
Plugin Slug:: tumult-hype-animations
Installations: 1,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 1.9.16
Severity Score:: Critical
CVE:: 2024-11082

Plugin:: WPCasa
Plugin Slug:: wpcasa
Installations: 1,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 1.3.0
Severity Score:: Medium
CVE:: 2024-53826

Plugin:: Login with Vipps and MobilePay
Plugin Slug:: login-with-vipps
Installations: 900+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.4
Severity Score:: Medium
CVE:: 2024-11786

Plugin:: NiceJob
Plugin Slug:: nicejob
Installations: 900+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.7.2
Severity Score:: Medium
CVE:: 2024-10887

Plugin:: StreamWeasels YouTube Integration
Plugin Slug:: streamweasels-youtube-integration
Installations: 900+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.7
Severity Score:: Medium
CVE:: 2024-11788

Plugin:: jAlbum Bridge
Plugin Slug:: jalbum-bridge
Installations: 600+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.16
Severity Score:: Medium
CVE:: 2024-11853

Plugin:: AWeber Forms by Optin Cat
Plugin Slug:: aweber-wp
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.5.8
Severity Score:: High
CVE:: 2024-11325

Plugin:: My auctions allegro
Plugin Slug:: my-auctions-allegro-free-edition
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.6.18
Severity Score:: High
CVE:: 2024-11707

Plugin:: Namaste! LMS
Plugin Slug:: namaste-lms
Installations: 500+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.6.5
Severity Score:: Medium
CVE:: 2024-53809

Plugin:: WP Mailster
Plugin Slug:: wp-mailster
Installations: 400+
Vulnerability:: Broken Access Control
Patched in Version:: 1.8.17.0
Severity Score:: Medium
CVE:: 2024-53803

Plugin:: WP Mailster
Plugin Slug:: wp-mailster
Installations: 400+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.8.17.0
Severity Score:: High
CVE:: 2024-53804

Plugin:: WP Mailster
Plugin Slug:: wp-mailster
Installations: 400+
Vulnerability:: Broken Access Control
Patched in Version:: 1.8.17.0
Severity Score:: High
CVE:: 2024-53805

Plugin:: WP Mailster
Plugin Slug:: wp-mailster
Installations: 400+
Vulnerability:: SQL Injection
Patched in Version:: 1.8.17.0
Severity Score:: High
CVE:: 2024-53807

Plugin:: Simple User Registration
Plugin Slug:: wp-registration
Installations: 400+
Vulnerability:: Broken Access Control
Patched in Version:: 6.0
Severity Score:: Critical
CVE:: 2024-53810

Plugin:: Campaign Monitor Forms by Optin Cat
Plugin Slug:: campaign-monitor-wp
Installations: 300+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.5.8
Severity Score:: High
CVE:: 2024-11326

Plugin:: LegalWeb Cloud
Plugin Slug:: legalweb-cloud
Installations: 300+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.3
Severity Score:: Medium
CVE:: 2024-11761

Plugin:: Scratch & Win � Giveaways and Contests. Boost subscribers, traffic, repeat visits, referrals, sales and more
Plugin Slug:: scratch-win-giveaways-for-website-facebook
Installations: 300+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.7.0
Severity Score:: Medium
CVE:: 2024-11898

Plugin:: Form Data Collector
Plugin Slug:: form-data-collector
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.4
Severity Score:: High
CVE:: 2024-11461

Plugin:: HLS Player
Plugin Slug:: hls-player
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.11
Severity Score:: Medium
CVE:: 2024-11333

Plugin:: Slotti Ajanvaraus
Plugin Slug:: slotti-ajanvaraus
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.1
Severity Score:: Medium
CVE:: 2024-11408

Plugin:: WP GeoNames
Plugin Slug:: wp-geonames
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.9
Severity Score:: High
CVE:: 2024-53812

Plugin:: FAQ Builder AYS
Plugin Slug:: faq-builder-ays
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.7.2
Severity Score:: High
CVE:: 2024-11458

Plugin:: Kudos Donations � Easy donations and payments with Mollie
Plugin Slug:: kudos-donations
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.3.0
Severity Score:: High
CVE:: 2024-11684

Plugin:: SEO Landing Page Generator
Plugin Slug:: seo-landing-page-generator
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.66.3
Severity Score:: High
CVE:: 2024-11366

Plugin:: Skt NURCaptcha
Plugin Slug:: skt-nurcaptcha
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.6.0
Severity Score:: High
CVE:: 2024-11342

Plugin:: Ragic Shortcode
Plugin Slug:: ragic-shortcode
Installations: 90+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3
Severity Score:: Medium
CVE:: 2024-11431

Plugin:: Video Lessons Manager � WordPress LMS Plugin
Plugin Slug:: cm-video-lesson-manager
Installations: 70+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8.3
Severity Score:: High
CVE:: 2024-11202

Plugin:: CM Business Directory Plugin � Business Listing Directory
Plugin Slug:: cm-business-directory
Installations: 60+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4.2
Severity Score:: High
CVE:: 2024-11202

Plugin:: BMLT Tabbed Map
Plugin Slug:: bmlt-tabbed-map
Installations: 40+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.0
Severity Score:: Medium
CVE:: 2024-11866

Plugin:: Quick License Manager � WooCommerce Plugin
Plugin Slug:: quick-license-manager
Installations: 40+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.18
Severity Score:: High
CVE:: 2024-11805

Plugin:: Support SVG � Upload svg files in wordpress without hassle
Plugin Slug:: support-svg
Installations: 30+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.1
Severity Score:: Medium
CVE:: 2024-11091

Plugin:: FloristPress � Customize your Woo store for your Florist
Plugin Slug:: bakkbone-florist-companion
Installations: 10+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 7.4.0
Severity Score:: Medium
CVE:: 2024-53799

Plugin:: FloristPress � Customize your Woo store for your Florist
Plugin Slug:: bakkbone-florist-companion
Installations: 10+
Vulnerability:: Arbitrary Content Deletion
Patched in Version:: 7.4.0
Severity Score:: Medium
CVE:: 2024-53798

Plugin:: CMSMasters Elementor Addon
Plugin Slug:: cmsmasters-elementor-addon
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.15.0
Severity Score:: Medium
CVE:: 2024-9694

Plugin:: MP3 Sticky Player
Plugin Slug:: fwdmsp
Vulnerability:: Path Traversal
Patched in Version:: 8.1
Severity Score:: High
CVE:: 2024-10803

Plugin:: WPGYM
Plugin Slug:: gym-management
Vulnerability:: Broken Access Control
Patched in Version:: 67.2.0
Severity Score:: Critical
CVE:: 2024-9941

Plugin:: Leopard – WordPress offload media
Plugin Slug:: leopard-wordpress-offload-media
Vulnerability:: Broken Access Control
Patched in Version:: 3.1.2
Severity Score:: High
CVE:: 2024-10589

Plugin:: Pie Register Premium
Plugin Slug:: pie-register-premium
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.8.3.3
Severity Score:: High
CVE:: 2024-53821

Plugin:: Pie Register Premium
Plugin Slug:: pie-register-premium
Vulnerability:: Arbitrary File Upload
Patched in Version:: 3.8.3.3
Severity Score:: Critical
CVE:: 2024-53822

Plugin:: Booking & Appointment Plugin for WooCommerce
Plugin Slug:: woocommerce-booking
Vulnerability:: Broken Access Control
Patched in Version:: 6.10.0
Severity Score:: High
CVE:: 2024-10729

Plugin:: WooCommerce Ultimate Gift Card – Create, Sell and Manage Gift Cards with Customized Email Templates
Plugin Slug:: woocommerce-ultimate-gift-card
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.9.1
Severity Score:: High
CVE:: 2024-53740

Plugin:: JobSearch
Plugin Slug:: wp-jobsearch
Vulnerability:: Privilege Escalation
Patched in Version:: 2.6.8
Severity Score:: Critical
CVE:: 2024-11925

WordPress Themes � 0 Patched / 0 Unpatched