WordPress Vulnerability Report � February 14, 2024

In this report, 146 vulnerabilities have been publicly disclosed. Security patches for 118 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 28 plugin and theme vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

WordPress Core

WordPress 6.4.3 was released on January 30, 2024, as a short-cycle maintenance and security release with five bug fixes in Core and 16 bug fixes for the Block Editor. It is recommended that you update your sites immediately.

The next major release will be version 6.5, planned for March 26, 2024.

WordPress Plugins � 117 Patched / 26 Unpatched

Plugin:: Malware Scanner
Plugin Slug:: miniorange-malware-protection
Installations: 10,000+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-25902

Plugin:: Multi Step Form
Plugin Slug:: multi-step-form
Installations: 10,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-25905

Plugin:: Comments Like Dislike
Plugin Slug:: comments-like-dislike
Installations: 9,000+
Vulnerability:: Bypass Vulnerability
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-25906

Plugin:: PJ News Ticker
Plugin Slug:: pj-news-ticker
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-25094

Plugin:: TinyMCE and TinyMCE Advanced Professsional Formats and Styles
Plugin Slug:: tinymce-and-tinymce-advanced-professsional-formats-and-styles
Installations: 3,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-25904

Plugin:: WP Contact Form
Plugin Slug:: wp-contact-form
Installations: 2,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-24929

Plugin:: Before After Image Slider WP
Plugin Slug:: before-after-image-slider
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-24931

Plugin:: Content Cards
Plugin Slug:: content-cards
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-24928

Plugin:: MyWaze
Plugin Slug:: my-waze
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-25594

Plugin:: PB oEmbed HTML5 Audio � with Cache Support
Plugin Slug:: pb-oembed-html5-audio-with-cache-support
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-25098

Plugin:: Canto
Plugin Slug:: canto
Installations: 100+
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-25096

Plugin:: Buttons Shortcode and Widget
Plugin Slug:: buttons-shortcode-and-widget
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-24930

Plugin:: Coupon Referral Program
Plugin Slug:: coupon-referral-program
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-25100

Plugin:: GigPress
Plugin Slug:: gigpress
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2023-7233

Plugin:: Honeypot for WP Comment
Plugin Slug:: honeypot-for-wp-comment
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-24933

Plugin:: Honeypot for WP Comment
Plugin Slug:: honeypot-for-wp-comment
Vulnerability:: Arbitrary File Deletion
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-1350

Plugin:: MoveTo
Plugin Slug:: moveto
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-25913

Plugin:: MoveTo
Plugin Slug:: moveto
Vulnerability:: Settings Change
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-25912

Plugin:: MoveTo
Plugin Slug:: moveto
Vulnerability:: Denial of Service Attack
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-25911

Plugin:: MoveTo
Plugin Slug:: moveto
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-25910

Plugin:: Payment Forms for Paystack
Plugin Slug:: payment-forms-for-paystack
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2023-5665

Plugin:: SMTP Mail
Plugin Slug:: smtp-mail
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-25914

Plugin:: VK Poster Group
Plugin Slug:: vk-poster-group
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-24932

Plugin:: Pexels: Free Stock Photos
Plugin Slug:: wp-pexels-free-stock-photos
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-25915

Plugin:: Basic Log Viewer
Plugin Slug:: wpsimpletools-log-viewer
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-24935

Plugin:: Easy Forms for Mailchimp
Plugin Slug:: yikes-inc-easy-mailchimp-extender
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-25095

Plugin:: Elementor Website Builder � More than Just a Page Builder
Plugin Slug:: elementor
Installations: 5,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.19.0
Severity Score:: Medium
CVE:: 2024-0506

Plugin:: Elementor Website Builder � More than Just a Page Builder
Plugin Slug:: elementor
Installations: 5,000,000+
Vulnerability:: Arbitrary File Deletion
Patched in Version:: 3.19.1
Severity Score:: High
CVE:: 2024-24934

Plugin:: Essential Addons for Elementor � Best Elementor Templates, Widgets, Kits & WooCommerce Builders
Plugin Slug:: essential-addons-for-elementor-lite
Installations: 2,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.9.9
Severity Score:: Medium
CVE:: 2024-1171

Plugin:: Essential Addons for Elementor � Best Elementor Templates, Widgets, Kits & WooCommerce Builders
Plugin Slug:: essential-addons-for-elementor-lite
Installations: 2,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.9.9
Severity Score:: Medium
CVE:: 2024-1172

Plugin:: Essential Addons for Elementor � Best Elementor Templates, Widgets, Kits & WooCommerce Builders
Plugin Slug:: essential-addons-for-elementor-lite
Installations: 2,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.9.9
Severity Score:: Medium
CVE:: 2024-1276

Plugin:: Essential Addons for Elementor � Best Elementor Templates, Widgets, Kits & WooCommerce Builders
Plugin Slug:: essential-addons-for-elementor-lite
Installations: 2,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.9.9
Severity Score:: Medium
CVE:: 2024-1236

Plugin:: All-In-One Security (AIOS) � Security and Firewall
Plugin Slug:: all-in-one-wp-security-and-firewall
Installations: 1,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.2.6
Severity Score:: High
CVE:: 2024-1037

Plugin:: Broken Link Checker
Plugin Slug:: broken-link-checker
Installations: 700,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.4
Severity Score:: Medium
CVE:: 2024-25592

Plugin:: Meta Box � WordPress Custom Fields Framework
Plugin Slug:: meta-box
Installations: 700,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.9.3
Severity Score:: Medium
CVE:: 2023-6526

Plugin:: WP Shortcodes Plugin � Shortcodes Ultimate
Plugin Slug:: shortcodes-ultimate
Installations: 600,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.0.2
Severity Score:: Medium
CVE:: 2024-0792

Plugin:: SiteOrigin Widgets Bundle
Plugin Slug:: so-widgets-bundle
Installations: 600,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.58.3
Severity Score:: Medium
CVE:: 2024-1070

Plugin:: SiteOrigin Widgets Bundle
Plugin Slug:: so-widgets-bundle
Installations: 600,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.58.4
Severity Score:: Medium
CVE:: 2024-1058

Plugin:: Admin Menu Editor
Plugin Slug:: admin-menu-editor
Installations: 400,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.12.1
Severity Score:: Medium
CVE:: 2024-24876

Plugin:: Royal Elementor Addons and Templates
Plugin Slug:: royal-elementor-addons
Installations: 300,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.88
Severity Score:: Medium
CVE:: 2024-0442

Plugin:: Royal Elementor Addons and Templates
Plugin Slug:: royal-elementor-addons
Installations: 300,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.3.88
Severity Score:: Medium
CVE:: 2024-0512

Plugin:: Royal Elementor Addons and Templates
Plugin Slug:: royal-elementor-addons
Installations: 300,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.3.88
Severity Score:: Medium
CVE:: 2024-0511

Plugin:: Royal Elementor Addons and Templates
Plugin Slug:: royal-elementor-addons
Installations: 300,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.3.81
Severity Score:: Medium
CVE:: 2023-5922

Plugin:: Backuply � Backup, Restore, Migrate and Clone
Plugin Slug:: backuply
Installations: 200,000+
Vulnerability:: Denial of Service Attack
Patched in Version:: 1.2.6
Severity Score:: High
CVE:: 2024-0842

Plugin:: InfiniteWP Client
Plugin Slug:: iwp-client
Installations: 200,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.12.3.1
Severity Score:: Medium
CVE:: 2023-6565

Plugin:: Popup Builder � Create highly converting, mobile friendly marketing popups.
Plugin Slug:: popup-builder
Installations: 200,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 4.2.6
Severity Score:: Medium
CVE:: 2023-6294

Plugin:: AMP for WP � Accelerated Mobile Pages
Plugin Slug:: accelerated-mobile-pages
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.0.93.2
Severity Score:: Medium
CVE:: 2024-1043

Plugin:: Elementor Addon Elements
Plugin Slug:: addon-elements-for-elementor-page-builder
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.12.12
Severity Score:: Medium
CVE:: 2024-0834

Plugin:: Advanced Database Cleaner
Plugin Slug:: advanced-database-cleaner
Installations: 100,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 3.1.4
Severity Score:: Medium
CVE:: 2024-0668

Plugin:: Prime Slider � Addons For Elementor (Revolution of a slider, Hero Slider, Media Slider, Drag Drop Slider, Video Slider, Product Slider, Ecommerce Slider)
Plugin Slug:: bdthemes-prime-slider-lite
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.11.11
Severity Score:: Medium
CVE:: 2024-24883

Plugin:: Content Views � Post Grid, Slider, Accordion (Gutenberg Blocks and Shortcode)
Plugin Slug:: content-views-query-and-display-post-page
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.6.3
Severity Score:: Medium
CVE:: 2024-0612

Plugin:: Custom Twitter Feeds � A Tweets Widget or X Feed Widget
Plugin Slug:: custom-twitter-feeds
Installations: 100,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.2.2
Severity Score:: Medium
CVE:: 2024-0379

Plugin:: Insert PHP Code Snippet
Plugin Slug:: insert-php-code-snippet
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.5
Severity Score:: Medium
CVE:: 2024-0658

Plugin:: Login Lockdown � Protect Login Form
Plugin Slug:: login-lockdown
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.09
Severity Score:: Medium
CVE:: 2024-1340

Plugin:: Minimal Coming Soon � Coming Soon Page
Plugin Slug:: minimal-coming-soon-maintenance-mode
Installations: 100,000+
Vulnerability:: Bypass Vulnerability
Patched in Version:: 2.38
Severity Score:: Low
CVE:: 2024-1075

Plugin:: PowerPack Addons for Elementor (Free Widgets, Extensions and Templates)
Plugin Slug:: powerpack-lite-for-elementor
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.7.15
Severity Score:: Medium
CVE:: 2024-1055

Plugin:: Defender Security � Malware Scanner, Login Security & Firewall
Plugin Slug:: defender-security
Installations: 90,000+
Vulnerability:: Bypass Vulnerability
Patched in Version:: 4.4.2
Severity Score:: Medium
CVE:: 2024-25595

Plugin:: Paid Memberships Pro � Content Restriction, User Registration, & Paid Subscriptions
Plugin Slug:: paid-memberships-pro
Installations: 90,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.12.9
Severity Score:: Medium

Plugin:: Matomo Analytics � Ethical Stats. Powerful Insights.
Plugin Slug:: matomo
Installations: 80,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.0.1
Severity Score:: High
CVE:: 2023-6923

Plugin:: Elementor Addons by Livemesh
Plugin Slug:: addons-for-elementor
Installations: 70,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 8.3.1
Severity Score:: Medium
CVE:: 2024-25598

Plugin:: Elementor Addons by Livemesh
Plugin Slug:: addons-for-elementor
Installations: 70,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 8.3.3
Severity Score:: Medium
CVE:: 2024-1235

Plugin:: WP Booking Calendar
Plugin Slug:: booking
Installations: 60,000+
Vulnerability:: SQL Injection
Patched in Version:: 9.9.1
Severity Score:: Critical
CVE:: 2024-1207

Plugin:: Customer Reviews for WooCommerce
Plugin Slug:: customer-reviews-woocommerce
Installations: 60,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.39.0
Severity Score:: Medium
CVE:: 2024-1044

Plugin:: Timeline Widget For Elementor (Elementor Timeline, Vertical & Horizontal Timeline)
Plugin Slug:: timeline-widget-addon-for-elementor
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.4
Severity Score:: Medium
CVE:: 2024-0977

Plugin:: RSS Aggregator � RSS Import, News Feeds, Feed to Post, and Autoblogging
Plugin Slug:: wp-rss-aggregator
Installations: 60,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 4.23.6
Severity Score:: Low
CVE:: 2024-0628

Plugin:: AI Engine
Plugin Slug:: ai-engine
Installations: 50,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 2.1.5
Severity Score:: Medium
CVE:: 2024-0699

Plugin:: Bold Page Builder
Plugin Slug:: bold-page-builder
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.8.1
Severity Score:: Medium
CVE:: 2024-1160

Plugin:: Bold Page Builder
Plugin Slug:: bold-page-builder
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.8.1
Severity Score:: Medium
CVE:: 2024-1157

Plugin:: Easy Digital Downloads � Sell Digital Files (eCommerce Store & Payments Made Easy)
Plugin Slug:: easy-digital-downloads
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.7
Severity Score:: Medium
CVE:: 2024-0659

Plugin:: RSS Aggregator by Feedzy � Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator
Plugin Slug:: feedzy-rss-feeds
Installations: 50,000+
Vulnerability:: SQL Injection
Patched in Version:: 4.4.3
Severity Score:: High
CVE:: 2024-1317

Plugin:: RSS Aggregator by Feedzy � Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator
Plugin Slug:: feedzy-rss-feeds
Installations: 50,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.4.3
Severity Score:: Medium
CVE:: 2024-1318

Plugin:: RSS Aggregator by Feedzy � Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator
Plugin Slug:: feedzy-rss-feeds
Installations: 50,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.4.2
Severity Score:: Medium
CVE:: 2024-1092

Plugin:: Internal Link Juicer: SEO Auto Linker for WordPress
Plugin Slug:: internal-links
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.23.5
Severity Score:: Medium
CVE:: 2024-0657

Plugin:: MapPress Maps for WordPress
Plugin Slug:: mappress-google-maps-for-wordpress
Installations: 50,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.88.16
Severity Score:: Medium
CVE:: 2024-0421

Plugin:: MapPress Maps for WordPress
Plugin Slug:: mappress-google-maps-for-wordpress
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.88.15
Severity Score:: Medium
CVE:: 2024-0420

Plugin:: Shariff Wrapper
Plugin Slug:: shariff
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.6.10
Severity Score:: Medium
CVE:: 2024-1106

Plugin:: Booster for WooCommerce
Plugin Slug:: woocommerce-jetpack
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.1.7
Severity Score:: Medium
CVE:: 2024-1054

Plugin:: WP Recipe Maker
Plugin Slug:: wp-recipe-maker
Installations: 50,000+
Vulnerability:: Broken Access Control
Patched in Version:: 9.2.0
Severity Score:: High
CVE:: 2024-1206

Plugin:: Shield Security � Smart Bot Blocking & Intrusion Prevention Security
Plugin Slug:: wp-simple-firewall
Installations: 50,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 18.5.10
Severity Score:: High
CVE:: 2023-6989

Plugin:: Starbox � the Author Box for Humans
Plugin Slug:: starbox
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.5.0
Severity Score:: Medium
CVE:: 2024-0256

Plugin:: Starbox � the Author Box for Humans
Plugin Slug:: starbox
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.5.0
Severity Score:: Medium
CVE:: 2023-6806

Plugin:: WP 404 Auto Redirect to Similar Post
Plugin Slug:: wp-404-auto-redirect-to-similar-post
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.4
Severity Score:: High
CVE:: 2024-0509

Plugin:: WP Editor
Plugin Slug:: wp-editor
Installations: 40,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.2.8
Severity Score:: Medium
CVE:: 2024-25591

Plugin:: Apollo13 Framework Extensions
Plugin Slug:: apollo13-framework-extensions
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.9.3
Severity Score:: Medium
CVE:: 2024-24880

Plugin:: Gutenberg Block Editor Toolkit � EditorsKit
Plugin Slug:: block-options
Installations: 30,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 1.40.4
Severity Score:: High
CVE:: 2023-6635

Plugin:: PPWP � Password Protect Pages
Plugin Slug:: password-protect-page
Installations: 30,000+
Vulnerability:: Bypass Vulnerability
Patched in Version:: 1.9.0
Severity Score:: Medium
CVE:: 2024-0620

Plugin:: All 404 Pages Redirect to Homepage
Plugin Slug:: all-404-pages-redirect-to-homepage
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0
Severity Score:: Medium
CVE:: 2024-24889

Plugin:: Maspik � Spam Blacklist
Plugin Slug:: contact-forms-anti-spam
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 0.10.7
Severity Score:: Medium
CVE:: 2024-25101

Plugin:: Quiz Maker
Plugin Slug:: quiz-maker
Installations: 20,000+
Vulnerability:: Broken Access Control
Patched in Version:: 6.5.2.5
Severity Score:: Medium
CVE:: 2024-1078

Plugin:: Quiz Maker
Plugin Slug:: quiz-maker
Installations: 20,000+
Vulnerability:: Broken Access Control
Patched in Version:: 6.5.2.5
Severity Score:: Medium
CVE:: 2024-1079

Plugin:: NextMove Lite � Thank You Page for WooCommerce
Plugin Slug:: woo-thank-you-page-nextmove-lite
Installations: 20,000+
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: 2.18.0
Severity Score:: High
CVE:: 2024-25092

Plugin:: Awesome Support � WordPress HelpDesk & Support Plugin
Plugin Slug:: awesome-support
Installations: 10,000+
Vulnerability:: SQL Injection
Patched in Version:: 6.1.8
Severity Score:: High
CVE:: 2024-0594

Plugin:: Passster � Password Protect Pages and Content
Plugin Slug:: content-protector
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.2.6.3
Severity Score:: Medium
CVE:: 2024-0616

Plugin:: Directorist � WordPress Business Directory Plugin with Classified Ads Listings
Plugin Slug:: directorist
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 7.8.5
Severity Score:: Medium
CVE:: 2024-1322

Plugin:: Link Library
Plugin Slug:: link-library
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.6
Severity Score:: High
CVE:: 2024-24879

Plugin:: Link Library
Plugin Slug:: link-library
Installations: 10,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 7.6
Severity Score:: Medium
CVE:: 2024-24875

Plugin:: NEX-Forms � Ultimate Form Builder � Contact forms and much more
Plugin Slug:: nex-forms-express-wp-form-builder
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 8.5.6
Severity Score:: Medium
CVE:: 2024-25593

Plugin:: Smart Manager � WooCommerce Bulk Edit Products, Orders, Coupons, Any WordPress Post Type (Advanced)
Plugin Slug:: smart-manager-for-wp-e-commerce
Installations: 10,000+
Vulnerability:: SQL Injection
Patched in Version:: 8.28.0
Severity Score:: High
CVE:: 2024-0566

Plugin:: Wonder Slider Lite
Plugin Slug:: wonderplugin-slider-lite
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 14.0
Severity Score:: High
CVE:: 2024-24877

Plugin:: Woocommerce Vietnam Checkout
Plugin Slug:: woo-vietnam-checkout
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.8
Severity Score:: Medium
CVE:: 2024-24885

Plugin:: Event Manager, Events Calendar, Events Tickets for WooCommerce � Eventin
Plugin Slug:: wp-event-solution
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.3.51
Severity Score:: Medium
CVE:: 2024-1122

Plugin:: Product Labels For Woocommerce (Sale Badges)
Plugin Slug:: aco-product-labels-for-woocommerce
Installations: 9,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.4
Severity Score:: Medium
CVE:: 2024-24886

Plugin:: Analytics Insights � Google Analytics Dashboard for WordPress
Plugin Slug:: analytics-insights
Installations: 9,000+
Vulnerability:: Open Redirection
Patched in Version:: 6.3
Severity Score:: Medium
CVE:: 2024-0250

Plugin:: WP SMS � Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc
Plugin Slug:: wp-sms
Installations: 9,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.5.3
Severity Score:: High
CVE:: 2024-24881

Plugin:: Themify Builder
Plugin Slug:: themify-builder
Installations: 7,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 7.0.6
Severity Score:: Medium
CVE:: 2024-24872

Plugin:: Podlove Podcast Publisher
Plugin Slug:: podlove-podcasting-plugin-for-wordpress
Installations: 6,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.0.12
Severity Score:: Medium
CVE:: 2024-1109

Plugin:: Podlove Podcast Publisher
Plugin Slug:: podlove-podcasting-plugin-for-wordpress
Installations: 6,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.0.12
Severity Score:: Medium
CVE:: 2024-1110

Plugin:: Contact Form 7 Connector
Plugin Slug:: ari-cf7-connector
Installations: 5,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.2.3
Severity Score:: Medium
CVE:: 2024-24884

Plugin:: Advanced Forms for ACF
Plugin Slug:: advanced-forms
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.9.3.3
Severity Score:: Medium
CVE:: 2024-1121

Plugin:: Paytium: Mollie payment forms & donations
Plugin Slug:: paytium
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.4.3
Severity Score:: Medium
CVE:: 2024-25099

Plugin:: Podlove Subscribe button
Plugin Slug:: podlove-subscribe-button
Installations: 3,000+
Vulnerability:: SQL Injection
Patched in Version:: 1.3.11
Severity Score:: High
CVE:: 2024-1118

Plugin:: SKT Page Builder
Plugin Slug:: skt-builder
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.2
Severity Score:: Medium
CVE:: 2024-1337

Plugin:: Doofinder WP & WooCommerce Search
Plugin Slug:: doofinder-for-woocommerce
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.9
Severity Score:: Medium
CVE:: 2024-25596

Plugin:: EazyDocs � Most Powerful Knowledge base, wiki, Documentation Builder Plugin (easy docs, knowledgebase)
Plugin Slug:: eazydocs
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.4.0
Severity Score:: Medium
CVE:: 2024-0248

Plugin:: ImageRecycle pdf & image compression
Plugin Slug:: imagerecycle-pdf-image-compression
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.1.14
Severity Score:: Medium
CVE:: 2024-1089

Plugin:: ImageRecycle pdf & image compression
Plugin Slug:: imagerecycle-pdf-image-compression
Installations: 2,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.1.14
Severity Score:: Medium
CVE:: 2024-1339

Plugin:: ImageRecycle pdf & image compression
Plugin Slug:: imagerecycle-pdf-image-compression
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.1.14
Severity Score:: Medium
CVE:: 2024-1091

Plugin:: ImageRecycle pdf & image compression
Plugin Slug:: imagerecycle-pdf-image-compression
Installations: 2,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.1.14
Severity Score:: Medium
CVE:: 2024-1338

Plugin:: ImageRecycle pdf & image compression
Plugin Slug:: imagerecycle-pdf-image-compression
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.1.14
Severity Score:: Medium
CVE:: 2024-1090

Plugin:: ImageRecycle pdf & image compression
Plugin Slug:: imagerecycle-pdf-image-compression
Installations: 2,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.1.14
Severity Score:: Medium
CVE:: 2024-1336

Plugin:: ImageRecycle pdf & image compression
Plugin Slug:: imagerecycle-pdf-image-compression
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.1.14
Severity Score:: Medium
CVE:: 2024-0984

Plugin:: ImageRecycle pdf & image compression
Plugin Slug:: imagerecycle-pdf-image-compression
Installations: 2,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.1.14
Severity Score:: Medium
CVE:: 2024-1335

Plugin:: ImageRecycle pdf & image compression
Plugin Slug:: imagerecycle-pdf-image-compression
Installations: 2,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.1.14
Severity Score:: Medium
CVE:: 2024-1334

Plugin:: ImageRecycle pdf & image compression
Plugin Slug:: imagerecycle-pdf-image-compression
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.1.14
Severity Score:: Medium
CVE:: 2024-0983

Plugin:: Simple Page Access Restriction
Plugin Slug:: simple-page-access-restriction
Installations: 2,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.0.23
Severity Score:: Medium
CVE:: 2024-0965

Plugin:: Anonymous Restricted Content
Plugin Slug:: anonymous-restricted-content
Installations: 1,000+
Vulnerability:: Bypass Vulnerability
Patched in Version:: 1.6.3
Severity Score:: Medium
CVE:: 2024-0909

Plugin:: Photos and Files Contest Gallery � Contact Form, Upload Form, Social Share and Voting Plugin for WordPress
Plugin Slug:: contest-gallery
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 21.2.9
Severity Score:: Medium
CVE:: 2024-24887

Plugin:: Polls CP
Plugin Slug:: cp-polls
Installations: 1,000+
Vulnerability:: Content Injection
Patched in Version:: 1.0.72
Severity Score:: Medium
CVE:: 2024-24874

Plugin:: Polls CP
Plugin Slug:: cp-polls
Installations: 1,000+
Vulnerability:: Bypass Vulnerability
Patched in Version:: 1.0.72
Severity Score:: Medium
CVE:: 2024-24873

Plugin:: GD Rating System
Plugin Slug:: gd-rating-system
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.5.1
Severity Score:: High
CVE:: 2024-25093

Plugin:: Frontend File Manager Plugin
Plugin Slug:: nmedia-user-file-uploader
Installations: 1,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 22.8
Severity Score:: Medium
CVE:: 2024-25903

Plugin:: TNC PDF viewer
Plugin Slug:: pdf-viewer-by-themencode
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.9.0
Severity Score:: Medium
CVE:: 2024-25097

Plugin:: Sunshine Photo Cart: Free Client Galleries for Photographers
Plugin Slug:: sunshine-photo-cart
Installations: 1,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 3.1
Severity Score:: Medium
CVE:: 2024-1294

Plugin:: WP Club Manager � WordPress Sports Club Plugin
Plugin Slug:: wp-club-manager
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.2.11
Severity Score:: Medium
CVE:: 2024-1177

Plugin:: Ultimate Reviews
Plugin Slug:: ultimate-reviews
Installations: 900+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.9
Severity Score:: High
CVE:: 2024-25597

Plugin:: Portugal CTT Tracking for WooCommerce
Plugin Slug:: portugal-ctt-tracking-woocommerce
Installations: 700+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2
Severity Score:: High
CVE:: 2024-24878

Plugin:: Web3 � Crypto wallet Login & NFT token gating
Plugin Slug:: web3-authentication
Installations: 200+
Vulnerability:: Broken Authentication
Patched in Version:: 3.0.0
Severity Score:: Critical
CVE:: 2023-6036

Plugin:: LearnDash LMS
Plugin Slug:: sfwd-lms
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 4.10.3
Severity Score:: Medium
CVE:: 2024-1208

Plugin:: LearnDash LMS
Plugin Slug:: sfwd-lms
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 4.10.2
Severity Score:: Medium
CVE:: 2024-1210

Plugin:: LearnDash LMS
Plugin Slug:: sfwd-lms
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 4.10.2
Severity Score:: Medium
CVE:: 2024-1209

Plugin:: WP Media folder
Plugin Slug:: wp-media-folder
Vulnerability:: Arbitrary File Upload
Patched in Version:: 5.7.3
Severity Score:: Critical
CVE:: 2024-25909

Plugin:: WP Media folder
Plugin Slug:: wp-media-folder
Vulnerability:: Settings Change
Patched in Version:: 5.7.3
Severity Score:: Medium
CVE:: 2024-25908

Plugin:: WP Media folder
Plugin Slug:: wp-media-folder
Vulnerability:: Settings Change
Patched in Version:: 5.7.3
Severity Score:: Medium
CVE:: 2024-25907

WordPress Themes � 1 Patched / 2 Unpatched

Theme:: Brooklyn
Theme Slug:: brooklyn
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-24927

Theme:: Brooklyn
Theme Slug:: brooklyn
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-24926

Theme:: Blocksy
Theme Slug:: blocksy
Downloads: 2,812,211
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.20
Severity Score:: Medium
CVE:: 2024-24871