Nexcess.com Servers.com LiquidWeb.com

Line illustration showing a black application window on a dark orange to black gradient background overlaid with a large exclamation point alert icon and three bugs.

WordPress Vulnerability Report � February 7, 2024

[email protected]

In this report, 158 vulnerabilities have been publicly disclosed, including 1 in WordPress core patched in the WordPress 6.4.3 update. Security patches for 120 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 37 plugin vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

WordPress Core

WordPress 6.4.3 was released on January 30, 2024, as a short-cycle maintenance and security release with five bug fixes in Core and 16 bug fixes for the Block Editor. It is recommended that you update your sites immediately.

The next major release will be version 6.5, planned for March 26, 2024.

Vulnerability:: Arbitrary File Upload
Patched in Version:: 6.4.3
Severity Score:: Medium
CVE:: 2018-14028

WordPress Plugins � 119 Patched / 37 Unpatched

Plugin:: MW WP Form
Plugin Slug:: mw-wp-form
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-24804

Plugin:: ACF Photo Gallery Field
Plugin Slug:: navz-photo-gallery
Installations: 50,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-23518

Plugin:: Form builder to get in touch with visitors, grow your email list and collect payments � Happyforms
Plugin Slug:: happyforms
Installations: 30,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-23521

Plugin:: Email Before Download
Plugin Slug:: email-before-download
Installations: 10,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-23519

Plugin:: Page Restrict
Plugin Slug:: pagerestrict
Installations: 10,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-24702

Plugin:: Load More Anything
Plugin Slug:: ajax-load-more-anything
Installations: 6,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-24704

Plugin:: MultiVendorX Marketplace � WooCommerce MultiVendor Marketplace Solution
Plugin Slug:: dc-woocommerce-multi-vendor
Installations: 6,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-24703

Plugin:: OWL Carousel � WordPress Owl Carousel Slider
Plugin Slug:: lgx-owl-carousel
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-24801

Plugin:: Debug
Plugin Slug:: debug
Installations: 3,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-24798

Plugin:: Don’t Muck My Markup
Plugin Slug:: dont-muck-my-markup
Installations: 3,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-23510

Plugin:: Ultra Companion � Companion plugin for WPoperation Themes
Plugin Slug:: ultra-companion
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-24803

Plugin:: Accessibility
Plugin Slug:: accessibility
Installations: 2,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-24705

Plugin:: PilotPress
Plugin Slug:: pilotpress
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-23524

Plugin:: Cincopa video and media plug-in
Plugin Slug:: video-playlist-and-gallery-plugin
Installations: 2,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-23515

Plugin:: Scheduling Plugin � Online Booking for WordPress
Plugin Slug:: calendar-booking
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-23517

Plugin:: CC BMI Calculator
Plugin Slug:: cc-bmi-calculator
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-23516

Plugin:: Click To Tweet
Plugin Slug:: click-to-tweet
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-23514

Plugin:: ERE Recently Viewed � Essential Real Estate Add-On
Plugin Slug:: ere-recently-viewed
Installations: 1,000+
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-24797

Plugin:: W3SPEEDSTER
Plugin Slug:: w3speedster-wp
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-24708

Plugin:: WP-CFM
Plugin Slug:: wp-cfm
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-24706

Plugin:: Wp-Adv-Quiz
Plugin Slug:: advanced-quiz
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2023-5956

Plugin:: A no-code page builder for beautiful performance-based content
Plugin Slug:: setka-editor
Installations: 200+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-24701

Plugin:: Autotitle for WordPress
Plugin Slug:: autotitle-for-wordpress
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2023-6946

Plugin:: CalculatorPro Calculators
Plugin Slug:: calculatorpro-calculators
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-24847

Plugin:: Coupon Referral Program
Plugin Slug:: coupon-referral-program
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-25100

Plugin:: Custom User CSS
Plugin Slug:: custom-user-css
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2023-6391

Plugin:: Scroll Triggered Box
Plugin Slug:: dreamgrow-scroll-triggered-box
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-24865

Plugin:: JTRT Responsive Tables
Plugin Slug:: jtrt-responsive-tables
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-24802

Plugin:: Mighty Addons for Elementor
Plugin Slug:: mighty-addons
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-24846

Plugin:: Order Delivery Date for WP e-Commerce
Plugin Slug:: order-delivery-date
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-0678

Plugin:: Persian Fonts
Plugin Slug:: persian-fonts
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2023-7167

Plugin:: Popup More Popups
Plugin Slug:: popup-more
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-0844

Plugin:: Post Thumbnail Editor
Plugin Slug:: post-thumbnail-editor
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-24845

Plugin:: PT Sign Ups
Plugin Slug:: ptoffice-sign-ups
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-24848

Plugin:: Quicksand Post Filter jQuery Plugin
Plugin Slug:: quicksand-jquery-post-filter
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-24850

Plugin:: Quicksand Post Filter jQuery Plugin
Plugin Slug:: quicksand-jquery-post-filter
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-24849

Plugin:: WordPress Toolbar
Plugin Slug:: wordpress-toolbar
Vulnerability:: Open Redirection
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2023-6389

Plugin:: Essential Addons for Elementor � Best Elementor Templates, Widgets, Kits & WooCommerce Builders
Plugin Slug:: essential-addons-for-elementor-lite
Installations: 2,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.9.8
Severity Score:: Medium
CVE:: 2024-0954

Plugin:: Website Builder by SeedProd � Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode
Plugin Slug:: coming-soon
Installations: 900,000+
Vulnerability:: Broken Access Control
Patched in Version:: 6.15.22
Severity Score:: Medium
CVE:: 2024-1072

Plugin:: Ninja Forms Contact Form � The Drag and Drop Form Builder for WordPress
Plugin Slug:: ninja-forms
Installations: 800,000+
Vulnerability:: SQL Injection
Patched in Version:: 3.7.2
Severity Score:: Medium
CVE:: 2024-0685

Plugin:: TablePress � Tables in WordPress made easy
Plugin Slug:: tablepress
Installations: 800,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 2.2.5
Severity Score:: Low
CVE:: 2024-23825

Plugin:: Premium Addons for Elementor
Plugin Slug:: premium-addons-for-elementor
Installations: 700,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.10.17
Severity Score:: Medium
CVE:: 2024-24831

Plugin:: SiteOrigin Widgets Bundle
Plugin Slug:: so-widgets-bundle
Installations: 600,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.58.2
Severity Score:: Medium
CVE:: 2024-0961

Plugin:: Admin Menu Editor
Plugin Slug:: admin-menu-editor
Installations: 400,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.12.1
Severity Score:: Medium
CVE:: 2024-24876

Plugin:: Happy Addons for Elementor
Plugin Slug:: happy-elementor-addons
Installations: 400,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.10.2
Severity Score:: Medium
CVE:: 2024-24833

Plugin:: Formidable Forms � Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder
Plugin Slug:: formidable
Installations: 300,000+
Vulnerability:: Content Injection
Patched in Version:: 6.7.1
Severity Score:: Medium
CVE:: 2024-23522

Plugin:: Formidable Forms � Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder
Plugin Slug:: formidable
Installations: 300,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 6.8
Severity Score:: Medium
CVE:: 2024-0660

Plugin:: Backuply � Backup, Restore, Migrate and Clone
Plugin Slug:: backuply
Installations: 200,000+
Vulnerability:: Directory Traversal
Patched in Version:: 1.2.4
Severity Score:: Medium
CVE:: 2024-0697

Plugin:: Cloudflare
Plugin Slug:: cloudflare
Installations: 200,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 4.12.3
Severity Score:: Medium
CVE:: 2024-0212

Plugin:: Page Builder: Pagelayer � Drag and Drop website builder
Plugin Slug:: pagelayer
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8.0
Severity Score:: Medium
CVE:: 2023-5124

Plugin:: Page Builder: Pagelayer � Drag and Drop website builder
Plugin Slug:: pagelayer
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.7.9
Severity Score:: Medium
CVE:: 2023-6738

Plugin:: SEO Plugin by Squirrly SEO
Plugin Slug:: squirrly-seo
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 12.3.16
Severity Score:: Medium
CVE:: 2024-0597

Plugin:: Orbit Fox by ThemeIsle
Plugin Slug:: themeisle-companion
Installations: 200,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.10.29
Severity Score:: Medium
CVE:: 2024-1047

Plugin:: Orbit Fox by ThemeIsle
Plugin Slug:: themeisle-companion
Installations: 200,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.10.230
Severity Score:: Medium
CVE:: 2024-1162

Plugin:: Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content � ProfilePress
Plugin Slug:: wp-user-avatar
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.14.4
Severity Score:: Medium
CVE:: 2024-1046

Plugin:: Elementor Addon Elements
Plugin Slug:: addon-elements-for-elementor-page-builder
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.12.12
Severity Score:: Medium
CVE:: 2024-0834

Plugin:: Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, Twitter Grid)
Plugin Slug:: bdthemes-element-pack-lite
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.4.12
Severity Score:: Medium
CVE:: 2024-24840

Plugin:: Prime Slider � Addons For Elementor (Revolution of a slider, Hero Slider, Media Slider, Drag Drop Slider, Video Slider, Product Slider, Ecommerce Slider)
Plugin Slug:: bdthemes-prime-slider-lite
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.11.11
Severity Score:: Medium
CVE:: 2024-24883

Plugin:: Instant Images � One Click Image Uploads from Unsplash, Openverse, Pixabay and Pexels
Plugin Slug:: instant-images
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 6.1.1
Severity Score:: High
CVE:: 2024-0869

Plugin:: Minimal Coming Soon � Coming Soon Page
Plugin Slug:: minimal-coming-soon-maintenance-mode
Installations: 100,000+
Vulnerability:: Bypass Vulnerability
Patched in Version:: 2.38
Severity Score:: Low
CVE:: 2024-1075

Plugin:: Relevanssi � A Better Search
Plugin Slug:: relevanssi
Installations: 100,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 4.22
Severity Score:: Medium

Plugin:: The Plus Addons for Elementor
Plugin Slug:: the-plus-addons-for-elementor-page-builder
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.3.4
Severity Score:: Medium
CVE:: 2024-23511

Plugin:: Cookie Information | Free GDPR Consent Solution
Plugin Slug:: wp-gdpr-compliance
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.0.23
Severity Score:: High
CVE:: 2023-6700

Plugin:: SlimStat Analytics
Plugin Slug:: wp-slimstat
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.1.4
Severity Score:: Medium
CVE:: 2024-1073

Plugin:: WP STAGING WordPress Backup Plugin � Migration Backup Restore
Plugin Slug:: wp-staging
Installations: 80,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 3.2.0
Severity Score:: Medium
CVE:: 2023-7204

Plugin:: Total Upkeep � WordPress Backup Plugin plus Restore & Migrate by BoldGrid
Plugin Slug:: boldgrid-backup
Installations: 70,000+
Vulnerability:: Arbitrary File Download
Patched in Version:: 1.15.9
Severity Score:: High
CVE:: 2024-24869

Plugin:: Advanced iFrame
Plugin Slug:: advanced-iframe
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2024.0
Severity Score:: Medium
CVE:: 2024-24870

Plugin:: Advanced iFrame
Plugin Slug:: advanced-iframe
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2024.0
Severity Score:: Medium
CVE:: 2023-7069

Plugin:: Calculated Fields Form
Plugin Slug:: calculated-fields-form
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.53
Severity Score:: Medium
CVE:: 2024-0963

Plugin:: Database for Contact Form 7, WPforms, Elementor forms
Plugin Slug:: contact-form-entries
Installations: 60,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 1.3.3
Severity Score:: High
CVE:: 2024-1069

Plugin:: Form Maker by 10Web � Mobile-Friendly Drag & Drop Contact Form Builder
Plugin Slug:: form-maker
Installations: 60,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.15.22
Severity Score:: Medium
CVE:: 2024-0667

Plugin:: Easy Digital Downloads � Sell Digital Files (eCommerce Store & Payments Made Easy)
Plugin Slug:: easy-digital-downloads
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.7
Severity Score:: Medium
CVE:: 2024-0659

Plugin:: Exclusive Addons for Elementor
Plugin Slug:: exclusive-addons-for-elementor
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.9
Severity Score:: Medium
CVE:: 2024-0823

Plugin:: Exclusive Addons for Elementor
Plugin Slug:: exclusive-addons-for-elementor
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.9
Severity Score:: Medium
CVE:: 2024-0824

Plugin:: RSS Aggregator by Feedzy � Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator
Plugin Slug:: feedzy-rss-feeds
Installations: 50,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.4.2
Severity Score:: Medium
CVE:: 2024-1092

Plugin:: MapPress Maps for WordPress
Plugin Slug:: mappress-google-maps-for-wordpress
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.88.17
Severity Score:: Medium
CVE:: 2023-7225

Plugin:: Shariff Wrapper
Plugin Slug:: shariff
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.6.10
Severity Score:: Medium
CVE:: 2024-1106

Plugin:: Starbox � the Author Box for Humans
Plugin Slug:: starbox
Installations: 50,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 3.4.8
Severity Score:: Medium
CVE:: 2024-0366

Plugin:: Shield Security � Smart Bot Blocking & Intrusion Prevention Security
Plugin Slug:: wp-simple-firewall
Installations: 50,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 18.5.10
Severity Score:: High
CVE:: 2023-6989

Plugin:: WooCommerce Conversion Tracking
Plugin Slug:: woocommerce-conversion-tracking
Installations: 40,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.0.12
Severity Score:: Medium
CVE:: 2024-24711

Plugin:: WP 404 Auto Redirect to Similar Post
Plugin Slug:: wp-404-auto-redirect-to-similar-post
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.4
Severity Score:: High
CVE:: 2024-0509

Plugin:: Apollo13 Framework Extensions
Plugin Slug:: apollo13-framework-extensions
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.9.3
Severity Score:: Medium
CVE:: 2024-24880

Plugin:: Feed Them Social � Page, Post, Video, and Photo Galleries
Plugin Slug:: feed-them-social
Installations: 30,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.2.1
Severity Score:: Medium
CVE:: 2024-24710

Plugin:: Html5 Video Player � mp4 player, Video Player for WordPress
Plugin Slug:: html5-video-player
Installations: 30,000+
Vulnerability:: SQL Injection
Patched in Version:: 2.5.25
Severity Score:: Critical
CVE:: 2024-1061

Plugin:: Professional Social Sharing Buttons, Icons & Related Posts � Shareaholic
Plugin Slug:: shareaholic
Installations: 30,000+
Vulnerability:: Broken Access Control
Patched in Version:: 9.7.12
Severity Score:: Medium
CVE:: 2024-24709

Plugin:: Structured Content (JSON-LD) #wpsc
Plugin Slug:: structured-content
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.2
Severity Score:: Medium
CVE:: 2024-24839

Plugin:: BEAR � Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net
Plugin Slug:: woo-bulk-editor
Installations: 30,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.1.4.1
Severity Score:: Medium
CVE:: 2024-24835

Plugin:: BEAR � Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net
Plugin Slug:: woo-bulk-editor
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.4.1
Severity Score:: Medium
CVE:: 2024-24834

Plugin:: WP Dashboard Notes
Plugin Slug:: wp-dashboard-notes
Installations: 30,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.0.11
Severity Score:: Medium
CVE:: 2023-7239

Plugin:: Meks Smart Social Widget
Plugin Slug:: meks-smart-social-widget
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.4
Severity Score:: Medium
CVE:: 2024-0664

Plugin:: WordPress Simple Shopping Cart
Plugin Slug:: wordpress-simple-paypal-shopping-cart
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.7.2
Severity Score:: Medium
CVE:: 2023-6497

Plugin:: WP Visitor Statistics (Real Time Traffic)
Plugin Slug:: wp-stats-manager
Installations: 20,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 6.9.5
Severity Score:: Medium
CVE:: 2024-24867

Plugin:: Affiliates Manager
Plugin Slug:: affiliates-manager
Installations: 10,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.9.35
Severity Score:: Medium
CVE:: 2024-0859

Plugin:: Awesome Support � WordPress HelpDesk & Support Plugin
Plugin Slug:: awesome-support
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 6.1.7
Severity Score:: Medium
CVE:: 2024-24716

Plugin:: Booking Calendar | Appointment Booking | BookIt
Plugin Slug:: bookit
Installations: 10,000+
Vulnerability:: Bypass Vulnerability
Patched in Version:: 2.4.2
Severity Score:: Medium
CVE:: 2024-24715

Plugin:: Knowledge Base for Documentation, FAQs with AI Assistance
Plugin Slug:: echo-knowledge-base
Installations: 10,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 11.31.0
Severity Score:: High
CVE:: 2024-24842

Plugin:: Link Library
Plugin Slug:: link-library
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.6
Severity Score:: High
CVE:: 2024-24879

Plugin:: Link Library
Plugin Slug:: link-library
Installations: 10,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 7.6
Severity Score:: Medium
CVE:: 2024-24875

Plugin:: NEX-Forms � Ultimate Form Builder � Contact forms and much more
Plugin Slug:: nex-forms-express-wp-form-builder
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 8.5.7
Severity Score:: Medium
CVE:: 2024-1130

Plugin:: WordPress Review & Structure Data Schema Plugin � Review Schema
Plugin Slug:: review-schema
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.2.0
Severity Score:: Medium
CVE:: 2024-0836

Plugin:: Wonder Slider Lite
Plugin Slug:: wonderplugin-slider-lite
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 14.0
Severity Score:: High
CVE:: 2024-24877

Plugin:: Woocommerce Vietnam Checkout
Plugin Slug:: woo-vietnam-checkout
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.8
Severity Score:: Medium
CVE:: 2024-24885

Plugin:: Woostify Sites Library
Plugin Slug:: woostify-sites-library
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.4.8
Severity Score:: High
CVE:: 2023-6279

Plugin:: Product Labels For Woocommerce (Sale Badges)
Plugin Slug:: aco-product-labels-for-woocommerce
Installations: 9,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.4
Severity Score:: Medium
CVE:: 2024-24886

Plugin:: FG Joomla to WordPress
Plugin Slug:: fg-joomla-to-wordpress
Installations: 9,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 4.17.0
Severity Score:: Medium
CVE:: 2024-24837

Plugin:: WP SMS � Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc
Plugin Slug:: wp-sms
Installations: 9,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.5.3
Severity Score:: High
CVE:: 2024-24881

Plugin:: Event Manager and Tickets Selling Plugin for WooCommerce � WpEvently � WordPress Plugin
Plugin Slug:: mage-eventpress
Installations: 8,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 4.1.2
Severity Score:: High
CVE:: 2024-24796

Plugin:: Fatal Error Notify
Plugin Slug:: fatal-error-notify
Installations: 7,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.5.3
Severity Score:: Medium
CVE:: 2023-7202

Plugin:: GDPR Data Request Form
Plugin Slug:: gdpr-data-request-form
Installations: 7,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.7
Severity Score:: Medium
CVE:: 2024-24836

Plugin:: Themify Builder
Plugin Slug:: themify-builder
Installations: 7,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 7.0.6
Severity Score:: Medium
CVE:: 2024-24872

Plugin:: ARMember � Membership Plugin, Content Restriction, Member Levels, User Profile & User signup
Plugin Slug:: armember-membership
Installations: 6,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 4.0.25
Severity Score:: Medium
CVE:: 2024-0969

Plugin:: Contact Form 7 Connector
Plugin Slug:: ari-cf7-connector
Installations: 5,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.2.3
Severity Score:: Medium
CVE:: 2024-24884

Plugin:: WOLF � WordPress Posts Bulk Editor and Manager Professional
Plugin Slug:: bulk-editor
Installations: 5,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.0.8.2
Severity Score:: Medium
CVE:: 2024-0791

Plugin:: WOLF � WordPress Posts Bulk Editor and Manager Professional
Plugin Slug:: bulk-editor
Installations: 5,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.0.8.2
Severity Score:: Medium
CVE:: 2024-0790

Plugin:: PopupAlly
Plugin Slug:: popupally
Installations: 5,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.1.1
Severity Score:: Medium
CVE:: 2024-23520

Plugin:: ProductX � WooCommerce Builder & Gutenberg WooCommerce Blocks
Plugin Slug:: product-blocks
Installations: 4,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 3.1.5
Severity Score:: High
CVE:: 2024-23512

Plugin:: WP Dummy Content Generator
Plugin Slug:: wp-dummy-content-generator
Installations: 4,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.1.3
Severity Score:: Medium
CVE:: 2024-24805

Plugin:: Advanced Forms for ACF
Plugin Slug:: advanced-forms
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.9.3.3
Severity Score:: Medium
CVE:: 2024-1121

Plugin:: Auto Listings � Car Listings & Car Dealership Plugin for WordPress
Plugin Slug:: auto-listings
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.6
Severity Score:: Medium
CVE:: 2024-24713

Plugin:: (Simply) Guest Author Name
Plugin Slug:: guest-author-name
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.35
Severity Score:: Medium
CVE:: 2024-0254

Plugin:: Beds24 Online Booking
Plugin Slug:: beds24-online-booking
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.24
Severity Score:: Medium
CVE:: 2024-24717

Plugin:: EventPrime � Events Calendar, Bookings and Tickets
Plugin Slug:: eventprime-event-calendar-management
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.4.0
Severity Score:: High
CVE:: 2024-24832

Plugin:: Active Products Tables for WooCommerce. Professional products tables for WooCommerce store�
Plugin Slug:: profit-products-tables-for-woocommerce
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.0.6.2
Severity Score:: Medium
CVE:: 2024-0797

Plugin:: Active Products Tables for WooCommerce. Professional products tables for WooCommerce store�
Plugin Slug:: profit-products-tables-for-woocommerce
Installations: 2,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.0.6.2
Severity Score:: Medium
CVE:: 2024-0796

Plugin:: PropertyHive
Plugin Slug:: propertyhive
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.0.7
Severity Score:: Medium
CVE:: 2024-24718

Plugin:: PropertyHive
Plugin Slug:: propertyhive
Installations: 2,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 2.0.6
Severity Score:: High
CVE:: 2024-23513

Plugin:: SP Project & Document Manager
Plugin Slug:: sp-client-document-manager
Installations: 2,000+
Vulnerability:: SQL Injection
Patched in Version:: 4.70
Severity Score:: High
CVE:: 2024-24868

Plugin:: Add Customer for WooCommerce
Plugin Slug:: add-customer-for-woocommerce
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.7.1
Severity Score:: Medium
CVE:: 2024-24841

Plugin:: Anonymous Restricted Content
Plugin Slug:: anonymous-restricted-content
Installations: 1,000+
Vulnerability:: Bypass Vulnerability
Patched in Version:: 1.6.3
Severity Score:: Medium
CVE:: 2024-0909

Plugin:: Biteship: Plugin Ongkos Kirim Kurir Instant, Reguler, Kargo
Plugin Slug:: biteship
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.25
Severity Score:: High
CVE:: 2024-24866

Plugin:: Photos and Files Contest Gallery � Contact Form, Upload Form, Social Share and Voting Plugin for WordPress
Plugin Slug:: contest-gallery
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 21.2.9
Severity Score:: Medium
CVE:: 2024-24887

Plugin:: Polls CP
Plugin Slug:: cp-polls
Installations: 1,000+
Vulnerability:: Content Injection
Patched in Version:: 1.0.72
Severity Score:: Medium
CVE:: 2024-24874

Plugin:: Polls CP
Plugin Slug:: cp-polls
Installations: 1,000+
Vulnerability:: Bypass Vulnerability
Patched in Version:: 1.0.72
Severity Score:: Medium
CVE:: 2024-24873

Plugin:: FG Drupal to WordPress
Plugin Slug:: fg-drupal-to-wp
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.68.0
Severity Score:: Medium
CVE:: 2024-24837

Plugin:: FG PrestaShop to WooCommerce
Plugin Slug:: fg-prestashop-to-woocommerce
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 4.45.0
Severity Score:: Medium
CVE:: 2024-24837

Plugin:: Five Star Restaurant Reviews
Plugin Slug:: good-reviews-wp
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.3.6
Severity Score:: Medium
CVE:: 2024-24838

Plugin:: Heateor Social Login WordPress
Plugin Slug:: heateor-social-login
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.31
Severity Score:: Medium
CVE:: 2024-24712

Plugin:: Icons Font Loader
Plugin Slug:: icons-font-loader
Installations: 1,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 1.1.5
Severity Score:: High
CVE:: 2024-24714

Plugin:: Kikote � Location Picker at Checkout & Google Address AutoFill Plugin for WooCommerce
Plugin Slug:: map-location-picker-at-checkout-for-woocommerce
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.9.0
Severity Score:: Medium
CVE:: 2024-24719

Plugin:: Restrict Usernames Emails Characters
Plugin Slug:: restrict-usernames-emails-characters
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1.4
Severity Score:: Medium
CVE:: 2023-6165

Plugin:: WP Club Manager � WordPress Sports Club Plugin
Plugin Slug:: wp-club-manager
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.2.11
Severity Score:: Medium
CVE:: 2024-1177

Plugin:: Chartify � WordPress Chart Plugin
Plugin Slug:: chart-builder
Installations: 700+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.7
Severity Score:: Medium
CVE:: 2023-47526

Plugin:: Portugal CTT Tracking for WooCommerce
Plugin Slug:: portugal-ctt-tracking-woocommerce
Installations: 700+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2
Severity Score:: High
CVE:: 2024-24878

Plugin:: Wp-Adv-Quiz
Plugin Slug:: advanced-quiz
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.3
Severity Score:: Medium
CVE:: 2023-5943

Plugin:: Allow SVG
Plugin Slug:: allow-svg
Installations: 10+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.0
Severity Score:: Medium
CVE:: 2023-6541

Plugin:: coreActivity: Activity Logging plugin for WordPress
Plugin Slug:: coreactivity
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8.1
Severity Score:: High
CVE:: 2024-0852

Plugin:: EventON Pro
Plugin Slug:: eventon-wordpress-event-calendar-plugin
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.4.1
Severity Score:: High
CVE:: 2023-7200

Plugin:: PowerPack Pro for Elementor
Plugin Slug:: powerpack-elements
Vulnerability:: Settings Change
Patched in Version:: 2.10.8
Severity Score:: High
CVE:: 2024-24844

Plugin:: PowerPack Pro for Elementor
Plugin Slug:: powerpack-elements
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.10.8
Severity Score:: High
CVE:: 2024-24843

Plugin:: Relevanssi Premium
Plugin Slug:: relevanssi-premium
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.25
Severity Score:: Medium

Plugin:: LearnDash LMS
Plugin Slug:: sfwd-lms
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 4.10.3
Severity Score:: Medium
CVE:: 2024-1208

Plugin:: LearnDash LMS
Plugin Slug:: sfwd-lms
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 4.10.2
Severity Score:: Medium
CVE:: 2024-1210

Plugin:: LearnDash LMS
Plugin Slug:: sfwd-lms
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 4.10.2
Severity Score:: Medium
CVE:: 2024-1209

Plugin:: Userpro
Plugin Slug:: userpro
Vulnerability:: Bypass Vulnerability
Patched in Version:: 5.1.7
Severity Score:: Medium
CVE:: 2024-0701

Plugin:: Userpro
Plugin Slug:: userpro
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.1.6
Severity Score:: Medium
CVE:: 2023-2439

Plugin:: WooCommerce Box Office
Plugin Slug:: woocommerce-box-office
Vulnerability:: Broken Access Control
Patched in Version:: 1.2.3
Severity Score:: Medium
CVE:: 2024-24799

WordPress Themes � 1 Patched / 0 Unpatched

Theme:: Blocksy
Theme Slug:: blocksy
Downloads: 2,786,039
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.20
Severity Score:: Medium
CVE:: 2024-24871