WordPress Vulnerability Report � July 3, 2024

In this report, 223 vulnerabilities have been publicly disclosed. Security patches for 182 of these plugins, themes, and Core are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 41 plugin and theme vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

WordPress Core

WordPress 6.5.5 is now available! This release features three security fixes. Because this is a security release, it is recommended that you update your sites immediately. This minor release also includes 3 bug fixes in Core.

WordPress 6.6 RC2 is ready for download and testing! The target release date for WordPress 6.6 is July 16, 2024. Your help testing RC versions over the next few weeks is vital to ensuring the final release is everything it should be: stable, powerful, and intuitive.

Vulnerability:: Path Traversal
Patched in Version:: 6.5.5
Severity Score:: Medium
CVE:: 2024-32111

Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.5.5
Severity Score:: Medium
CVE:: 2024-31111

Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.5.5
Severity Score:: Medium

WordPress Plugins � 153 Patched / 32 Unpatched

Plugin:: SEO SIMPLE PACK
Plugin Slug:: seo-simple-pack
Installations: 100,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-2795

Plugin:: NextScripts: Social Networks Auto-Poster
Plugin Slug:: social-networks-auto-poster-facebook-twitter-g
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-37275

Plugin:: ARI Fancy Lightbox � WordPress Popup
Plugin Slug:: ari-fancy-lightbox
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-4367

Plugin:: BSK PDF Manager
Plugin Slug:: bsk-pdf-manager
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-4367

Plugin:: PDF Viewer
Plugin Slug:: pdf-viewer
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-4367

Plugin:: Logo Manager For Enamad
Plugin Slug:: logo-manager-for-enamad
Installations: 7,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-4757

Plugin:: WP Directory Kit
Plugin Slug:: wpdirectorykit
Installations: 3,000+
Vulnerability:: Content Injection
Patched in Version:: No Fix
Severity Score:: Low
CVE:: 2024-37253

Plugin:: Pagerank tools
Plugin Slug:: pagerank-tools
Installations: 20+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-5730

Plugin:: Animated AL List
Plugin Slug:: animated-al-list
Installations: 10+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-5728

Plugin:: Simple AL Slider
Plugin Slug:: simple-al-slider
Installations: 10+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-5729

Plugin:: Widget4Call
Plugin Slug:: widget4call
Installations: 10+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-5727

Plugin:: All In One Redirection
Plugin Slug:: all-in-one-redirection
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-37245

Plugin:: Auto Featured Image
Plugin Slug:: auto-featured-image
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-6054

Plugin:: Bible Text
Plugin Slug:: bible-text
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-5444

Plugin:: Bookster
Plugin Slug:: bookster
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-5071

Plugin:: ContentLock
Plugin Slug:: contentlock
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-6022

Plugin:: ContentLock
Plugin Slug:: contentlock
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-6023

Plugin:: ContentLock
Plugin Slug:: contentlock
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-6024

Plugin:: Floating Social Buttons
Plugin Slug:: floating-social-buttons
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-6405

Plugin:: Frontend Checklist
Plugin Slug:: frontend-checklist
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-4957

Plugin:: Gallery Slideshow
Plugin Slug:: gallery-slideshow
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-37246

Plugin:: jQuery T(-) Countdown Widget
Plugin Slug:: jquery-t-countdown-widget
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-37247

Plugin:: Mime Types Extended
Plugin Slug:: mime-types-extended
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-4759

Plugin:: Muslim Prayer Time BD
Plugin Slug:: muslim-prayer-time-bd
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-4758

Plugin:: Ninja Beaver Add-ons for Beaver Builder
Plugin Slug:: ninja-beaver-lite-addons-for-beaver-builder
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-37244

Plugin:: PDF Viewer for Elementor
Plugin Slug:: pdf-viewer-for-elementor
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-4367

Plugin:: Simple Photoswipe
Plugin Slug:: simple-photoswipe
Vulnerability:: Settings Change
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-5570

Plugin:: Simple Photoswipe
Plugin Slug:: simple-photoswipe
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-5473

Plugin:: Simply Show Hooks
Plugin Slug:: simply-show-hooks
Vulnerability:: Backdoor
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-6297

Plugin:: Spotify Play Button
Plugin Slug:: spotify-play-button
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-5199

Plugin:: Video Widget
Plugin Slug:: video-widget
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-5169

Plugin:: WebP & SVG Support
Plugin Slug:: webp-svg-support
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-3633

Plugin:: Contact Form 7
Plugin Slug:: contact-form-7
Installations: 10,000,000+
Vulnerability:: Open Redirection
Patched in Version:: 5.9.5
Severity Score:: Medium
CVE:: 2024-4704

Plugin:: Elementor Website Builder � More than Just a Page Builder
Plugin Slug:: elementor
Installations: 10,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.22.2
Severity Score:: Medium
CVE:: 2024-37437

Plugin:: WooCommerce
Plugin Slug:: woocommerce
Installations: 7,000,000+
Vulnerability:: Content Injection
Patched in Version:: 9.0.0
Severity Score:: Low
CVE:: 2024-35777

Plugin:: Elementor Header & Footer Builder
Plugin Slug:: header-footer-elementor
Installations: 2,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.36
Severity Score:: Medium
CVE:: 2024-33933

Plugin:: ElementsKit Elementor addons
Plugin Slug:: elementskit-lite
Installations: 1,000,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.2.0
Severity Score:: Medium
CVE:: 2024-37255

Plugin:: File Manager
Plugin Slug:: wp-file-manager
Installations: 1,000,000+
Vulnerability:: Broken Access Control
Patched in Version:: 7.2.8
Severity Score:: Medium
CVE:: 2024-37254

Plugin:: Easy Table of Contents
Plugin Slug:: easy-table-of-contents
Installations: 500,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.66
Severity Score:: Medium
CVE:: 2024-5573

Plugin:: SiteGuard WP Plugin
Plugin Slug:: siteguard
Installations: 500,000+
Vulnerability:: Bypass Vulnerability
Patched in Version:: 1.7.7
Severity Score:: Medium
CVE:: 2024-37881

Plugin:: Happy Addons for Elementor
Plugin Slug:: happy-elementor-addons
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.11.2
Severity Score:: Medium
CVE:: 2024-5790

Plugin:: Gutenberg Blocks with AI by Kadence WP � Page Builder Features
Plugin Slug:: kadence-blocks
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.46
Severity Score:: Medium
CVE:: 2024-5819

Plugin:: Gutenberg Blocks with AI by Kadence WP � Page Builder Features
Plugin Slug:: kadence-blocks
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.43
Severity Score:: Medium
CVE:: 2024-5289

Plugin:: PixelYourSite � Your smart PIXEL (TAG) & API Manager
Plugin Slug:: pixelyoursite
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 9.6.2
Severity Score:: Medium
CVE:: 2024-37447

Plugin:: PDF Embedder
Plugin Slug:: pdf-embedder
Installations: 300,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.8.0
Severity Score:: Medium
CVE:: 2024-4367

Plugin:: SEOPress � On-site SEO
Plugin Slug:: wp-seopress
Installations: 300,000+
Vulnerability:: Open Redirection
Patched in Version:: 7.8
Severity Score:: Medium
CVE:: 2024-4900

Plugin:: SEOPress � On-site SEO
Plugin Slug:: wp-seopress
Installations: 300,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.8
Severity Score:: Medium
CVE:: 2024-4899

Plugin:: Elementor Addon Elements
Plugin Slug:: addon-elements-for-elementor-page-builder
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.13.6
Severity Score:: Medium
CVE:: 2024-4569

Plugin:: Advanced File Manager
Plugin Slug:: file-manager-advanced
Installations: 100,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 5.2.5
Severity Score:: Medium
CVE:: 2024-5598

Plugin:: HT Mega � Absolute Addons For Elementor
Plugin Slug:: ht-mega-for-elementor
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.5.6
Severity Score:: Medium
CVE:: 2024-5215

Plugin:: Pods � Custom Content Types and Fields
Plugin Slug:: pods
Installations: 100,000+
Vulnerability:: Backdoor
Patched in Version:: 3.2.2
Severity Score:: Critical
CVE:: 2024-6297

Plugin:: Stackable � Page Builder Gutenberg Blocks
Plugin Slug:: stackable-ultimate-gutenberg-blocks
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.13.2
Severity Score:: Medium
CVE:: 2024-6296

Plugin:: The Plus Addons for Elementor � Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce
Plugin Slug:: the-plus-addons-for-elementor-page-builder
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.6.1
Severity Score:: Medium
CVE:: 2024-4983

Plugin:: WP Chat App
Plugin Slug:: wp-whatsapp
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.6.5
Severity Score:: Medium
CVE:: 2024-4664

Plugin:: Defender Security � Malware Scanner, Login Security & Firewall
Plugin Slug:: defender-security
Installations: 90,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.7.3
Severity Score:: Medium
CVE:: 2024-37444

Plugin:: Slider & Popup Builder by Depicter � Add Image Slider, Carousel Slider, Exit Intent Popup, Popup Modal, Coupon Popup, Post Slider Carousel
Plugin Slug:: depicter
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1.0
Severity Score:: Medium
CVE:: 2024-37414

Plugin:: Email Subscribers by Icegram Express � Email Marketing, Newsletters, Automation for WordPress & WooCommerce
Plugin Slug:: email-subscribers
Installations: 90,000+
Vulnerability:: SQL Injection
Patched in Version:: 5.7.26
Severity Score:: Critical
CVE:: 2024-37252

Plugin:: EmbedPress � Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor
Plugin Slug:: embedpress
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.0.3
Severity Score:: Medium
CVE:: 2024-4367

Plugin:: Events Manager � Calendar, Bookings, Tickets, and more!
Plugin Slug:: events-manager
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.4.9
Severity Score:: High
CVE:: 2024-5889

Plugin:: Featured Image from URL (FIFU)
Plugin Slug:: featured-image-from-url
Installations: 90,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.8.2
Severity Score:: Medium
CVE:: 2024-37276

Plugin:: LearnPress � WordPress LMS Plugin
Plugin Slug:: learnpress
Installations: 90,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.2.6.8.2
Severity Score:: Medium
CVE:: 2024-6088

Plugin:: LearnPress � WordPress LMS Plugin
Plugin Slug:: learnpress
Installations: 90,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.2.6.8.2
Severity Score:: Medium
CVE:: 2024-6099

Plugin:: WP Mobile Menu � The Mobile-Friendly Responsive Menu
Plugin Slug:: mobile-menu
Installations: 90,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.8.4.4
Severity Score:: Medium
CVE:: 2024-37274

Plugin:: Paid Memberships Pro � Content Restriction, User Registration, & Paid Subscriptions
Plugin Slug:: paid-memberships-pro
Installations: 90,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 3.0.5
Severity Score:: High
CVE:: 2024-37277

Plugin:: Permalink Manager Lite
Plugin Slug:: permalink-manager
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.3.4
Severity Score:: High
CVE:: 2024-37257

Plugin:: The Post Grid � Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid
Plugin Slug:: the-post-grid
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.7.2
Severity Score:: Medium
CVE:: 2024-1427

Plugin:: Tutor LMS � eLearning and online course solution
Plugin Slug:: tutor
Installations: 90,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 2.7.2
Severity Score:: Medium
CVE:: 2024-37266

Plugin:: Tutor LMS � eLearning and online course solution
Plugin Slug:: tutor
Installations: 90,000+
Vulnerability:: SQL Injection
Patched in Version:: 2.7.2
Severity Score:: High
CVE:: 2024-37256

Plugin:: WP Maps � Display Google Maps Perfectly with Ease
Plugin Slug:: wp-google-map-plugin
Installations: 80,000+
Vulnerability:: SQL Injection
Patched in Version:: 4.6.2
Severity Score:: High
CVE:: 2024-2386

Plugin:: 3D FlipBook � PDF Flipbook WordPress
Plugin Slug:: interactive-3d-flipbook-powered-physics-engine
Installations: 70,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.15.6
Severity Score:: Medium
CVE:: 2024-4367

Plugin:: Media Library Assistant
Plugin Slug:: media-library-assistant
Installations: 70,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.18
Severity Score:: High
CVE:: 2024-5544

Plugin:: Page and Post Clone
Plugin Slug:: page-or-post-clone
Installations: 70,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 6.1
Severity Score:: Low
CVE:: 2024-5942

Plugin:: Exclusive Addons for Elementor
Plugin Slug:: exclusive-addons-for-elementor
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.9.9
Severity Score:: Medium
CVE:: 2024-5332

Plugin:: Form Maker by 10Web � Mobile-Friendly Drag & Drop Contact Form Builder
Plugin Slug:: form-maker
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.15.26
Severity Score:: Medium
CVE:: 2024-6130

Plugin:: Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates)
Plugin Slug:: sina-extension-for-elementor
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.5.6
Severity Score:: Medium
CVE:: 2024-5260

Plugin:: Ultimate Blocks � WordPress Blocks Plugin
Plugin Slug:: ultimate-blocks
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.0
Severity Score:: Medium
CVE:: 2024-37457

Plugin:: DethemeKit For Elementor
Plugin Slug:: dethemekit-for-elementor
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.6
Severity Score:: Medium
CVE:: 2024-6283

Plugin:: Interactive Content � H5P
Plugin Slug:: h5p
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.15.8
Severity Score:: Medium
CVE:: 2024-3111

Plugin:: PowerPress Podcasting plugin by Blubrry
Plugin Slug:: powerpress
Installations: 40,000+
Vulnerability:: Backdoor
Patched in Version:: 11.9.5
Severity Score:: Critical
CVE:: 2024-6297

Plugin:: Quiz and Survey Master (QSM) � Easy Quiz and Survey Maker
Plugin Slug:: quiz-master-next
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 9.0.2
Severity Score:: Medium
CVE:: 2024-4934

Plugin:: Void Contact Form 7 Widget For Elementor Page Builder
Plugin Slug:: cf7-widget-elementor
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.1
Severity Score:: Medium
CVE:: 2024-5419

Plugin:: Cost Calculator Builder
Plugin Slug:: cost-calculator-builder
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.13
Severity Score:: Medium
CVE:: 2024-6011

Plugin:: Cost Calculator Builder
Plugin Slug:: cost-calculator-builder
Installations: 30,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.2.13
Severity Score:: Medium
CVE:: 2024-6012

Plugin:: Easy Google Maps
Plugin Slug:: google-maps-easy
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.11.16
Severity Score:: Medium
CVE:: 2024-5219

Plugin:: PDF Poster � PDF Embedder Plugin
Plugin Slug:: pdf-poster
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.22
Severity Score:: Medium
CVE:: 2024-4367

Plugin:: Portfolio Gallery � Image Gallery Plugin
Plugin Slug:: portfolio-filter-gallery
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.5
Severity Score:: Medium
CVE:: 2024-6262

Plugin:: Rife Elementor Extensions & Templates
Plugin Slug:: rife-elementor-extensions
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.2
Severity Score:: Medium
CVE:: 2024-5504

Plugin:: Gallery Blocks with Lightbox. Image Gallery, (HTML5 video , YouTube, Vimeo) Video Gallery and Lightbox for native gallery
Plugin Slug:: simply-gallery-block
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.2
Severity Score:: Medium
CVE:: 2024-5424

Plugin:: Twenty20 Image Before-After
Plugin Slug:: twenty20
Installations: 30,000+
Vulnerability:: Backdoor
Patched in Version:: 1.6.4
Severity Score:: Critical
CVE:: 2024-6297

Plugin:: Ad Invalid Click Protector (AICP)
Plugin Slug:: ad-invalid-click-protector
Installations: 20,000+
Vulnerability:: Backdoor
Patched in Version:: 1.2.10
Severity Score:: Critical
CVE:: 2024-6297

Plugin:: Branda � White Label WordPress, Custom Login Page Customizer
Plugin Slug:: branda-white-labeling
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.4.18
Severity Score:: Medium
CVE:: 2024-37239

Plugin:: Conversios � Google Analytics 4 (GA4), Google Ads, Meta Pixel & more for WooCommerce
Plugin Slug:: enhanced-e-commerce-for-woocommerce-store
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.1.1
Severity Score:: High
CVE:: 2024-6288

Plugin:: Funnel Builder for WordPress by FunnelKit � Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One Click Upsells
Plugin Slug:: funnel-builder
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.4.0
Severity Score:: Medium
CVE:: 2024-5192

Plugin:: PDF.js Viewer
Plugin Slug:: pdfjs-viewer-shortcode
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2
Severity Score:: Medium
CVE:: 2024-4367

Plugin:: Quiz Maker
Plugin Slug:: quiz-maker
Installations: 20,000+
Vulnerability:: SQL Injection
Patched in Version:: 6.5.8.4
Severity Score:: Critical
CVE:: 2024-6028

Plugin:: Ultimate Post Kit Addons For Elementor � (Post Grid, Post Carousel, Post Slider, Category List, Post Tabs, Timeline, Post Ticker, Tag Cloud)
Plugin Slug:: ultimate-post-kit
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.11.8
Severity Score:: Medium
CVE:: 2024-5662

Plugin:: UsersWP � Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress
Plugin Slug:: userswp
Installations: 20,000+
Vulnerability:: SQL Injection
Patched in Version:: 1.2.11
Severity Score:: Critical
CVE:: 2024-6265

Plugin:: E2Pdf � Export To Pdf Tool for WordPress
Plugin Slug:: e2pdf
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.23.00
Severity Score:: Medium
CVE:: 2024-37415

Plugin:: E2Pdf � Export To Pdf Tool for WordPress
Plugin Slug:: e2pdf
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.25.01
Severity Score:: Medium
CVE:: 2024-4367

Plugin:: Easy Affiliate Links
Plugin Slug:: easy-affiliate-links
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.7.4
Severity Score:: Medium
CVE:: 2024-5864

Plugin:: Cookie Consent for WP � Cookie Consent, Consent Log, Cookie Scanner, Script Blocker (for GDPR, CCPA & ePrivacy)
Plugin Slug:: gdpr-cookie-consent
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.3.0
Severity Score:: High
CVE:: 2024-4869

Plugin:: AI Power: Complete AI Pack � Powered by GPT-4
Plugin Slug:: gpt3-ai-content-generator
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8.67
Severity Score:: Medium
CVE:: 2024-37465

Plugin:: HTML5 Audio Player- Audio Player Plugin
Plugin Slug:: html5-audio-player
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.24
Severity Score:: Medium
CVE:: 2024-37445

Plugin:: Mailster WordPress Newsletter Plugin
Plugin Slug:: mailster
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.0.10
Severity Score:: High
CVE:: 2024-37433

Plugin:: Mega Elements � Addons for Elementor
Plugin Slug:: mega-elements-addons-for-elementor
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.3
Severity Score:: Medium
CVE:: 2024-37466

Plugin:: Simple Newsletter Plugin � Noptin
Plugin Slug:: newsletter-optin-box
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.4.3
Severity Score:: Medium
CVE:: 2024-37456

Plugin:: All-in-One Addons for Elementor � WidgetKit
Plugin Slug:: widgetkit-for-elementor
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.5.1
Severity Score:: Medium
CVE:: 2024-37428

Plugin:: Wonder PDF Embed
Plugin Slug:: wonderplugin-pdf-embed
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.8
Severity Score:: Medium
CVE:: 2024-4367

Plugin:: WP Photo Album Plus
Plugin Slug:: wp-photo-album-plus
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 8.8.00.003
Severity Score:: High
CVE:: 2024-37416

Plugin:: WP Server Health Stats
Plugin Slug:: wp-server-stats
Installations: 10,000+
Vulnerability:: Backdoor
Patched in Version:: 1.7.7
Severity Score:: Critical
CVE:: 2024-6297

Plugin:: Motors � Car Dealer, Classifieds & Listing
Plugin Slug:: motors-car-dealership-classified-listings
Installations: 9,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.4.11
Severity Score:: Medium
CVE:: 2024-5545

Plugin:: PowerPack Lite for Beaver Builder
Plugin Slug:: powerpack-addon-for-beaver-builder
Installations: 9,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 1.3.0.4
Severity Score:: Medium
CVE:: 2024-37410

Plugin:: PowerPack Lite for Beaver Builder
Plugin Slug:: powerpack-addon-for-beaver-builder
Installations: 9,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.0.5
Severity Score:: Medium
CVE:: 2024-37409

Plugin:: Create by Mediavine
Plugin Slug:: mediavine-create
Installations: 7,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.9.8
Severity Score:: Medium
CVE:: 2024-5601

Plugin:: ProfileGrid � User Profiles, Groups and Communities
Plugin Slug:: profilegrid-user-profiles-groups-and-communities
Installations: 7,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.8.8
Severity Score:: Medium
CVE:: 2024-37453

Plugin:: Print My Blog � Print, PDF, & eBook Converter WordPress Plugin
Plugin Slug:: print-my-blog
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.27.1
Severity Score:: Medium
CVE:: 2024-37271

Plugin:: Ultimate Bootstrap Elements for Elementor
Plugin Slug:: ultimate-bootstrap-elements-for-elementor
Installations: 6,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 1.4.3
Severity Score:: High
CVE:: 2024-37462

Plugin:: WPCafe � Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce
Plugin Slug:: wp-cafe
Installations: 6,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 2.2.26
Severity Score:: Medium
CVE:: 2024-5431

Plugin:: Beaver Builder Addons by WPZOOM
Plugin Slug:: wpzoom-addons-for-beaver-builder
Installations: 6,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 1.3.6
Severity Score:: Medium
CVE:: 2024-37464

Plugin:: Easy Image Collage
Plugin Slug:: easy-image-collage
Installations: 5,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.13.6
Severity Score:: Medium
CVE:: 2024-5863

Plugin:: AWSM Team � Team Showcase Plugin
Plugin Slug:: awsm-team
Installations: 4,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 1.3.2
Severity Score:: Medium
CVE:: 2024-37454

Plugin:: Patreon WordPress
Plugin Slug:: patreon-connect
Installations: 4,000+
Vulnerability:: Bypass Vulnerability
Patched in Version:: 1.9.1
Severity Score:: Medium
CVE:: 2024-37430

Plugin:: Social Rocket � Social Sharing Plugin
Plugin Slug:: social-rocket
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.4
Severity Score:: High
CVE:: 2024-37258

Plugin:: Stock Ticker
Plugin Slug:: stock-ticker
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.24.6
Severity Score:: Medium
CVE:: 2024-6363

Plugin:: Visual Website Collaboration, Feedback & Project Management � Atarim
Plugin Slug:: atarim-visual-collaboration
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.32
Severity Score:: Medium
CVE:: 2024-37434

Plugin:: Cards for Beaver Builder
Plugin Slug:: bb-bootstrap-cards
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.5
Severity Score:: Medium
CVE:: 2024-37278

Plugin:: Chained Quiz
Plugin Slug:: chained-quiz
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.2.9
Severity Score:: Medium
CVE:: 2024-37446

Plugin:: Cowidgets � Elementor Addons
Plugin Slug:: cowidgets-elementor-addons
Installations: 2,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 1.2.0
Severity Score:: High
CVE:: 2024-37419

Plugin:: CRM Perks Forms � WordPress Form Builder
Plugin Slug:: crm-perks-forms
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.1.6
Severity Score:: Medium
CVE:: 2024-37463

Plugin:: WordPress CRM, Email & Marketing Automation for WordPress | Award Winner � Groundhogg
Plugin Slug:: groundhogg
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.4.3
Severity Score:: High
CVE:: 2024-37264

Plugin:: Online Booking & Scheduling Calendar for WordPress by vcita
Plugin Slug:: meeting-scheduler-by-vcita
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.4.3
Severity Score:: High
CVE:: 2024-37262

Plugin:: WP Secure Maintenance
Plugin Slug:: wp-secure-maintainance
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.7
Severity Score:: Medium
CVE:: 2024-4753

Plugin:: Church Admin
Plugin Slug:: church-admin
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.4.5
Severity Score:: Medium
CVE:: 2024-37440

Plugin:: Enter Addons � Ultimate Template Builder for Elementor
Plugin Slug:: enteraddons
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.7
Severity Score:: Medium
CVE:: 2024-37263

Plugin:: Extensions for Elementor
Plugin Slug:: extensions-for-elementor
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.31
Severity Score:: Medium
CVE:: 2024-5666

Plugin:: Photo Gallery by Ays � Responsive Image Gallery
Plugin Slug:: gallery-photo-gallery
Installations: 1,000+
Vulnerability:: Content Injection
Patched in Version:: 5.7.1
Severity Score:: Low
CVE:: 2024-37442

Plugin:: IdeaPush
Plugin Slug:: ideapush
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 8.66
Severity Score:: High
CVE:: 2024-37461

Plugin:: IdeaPush
Plugin Slug:: ideapush
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 8.61
Severity Score:: Medium
CVE:: 2024-37265

Plugin:: Login with phone number
Plugin Slug:: login-with-phone-number
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.7.36
Severity Score:: Medium
CVE:: 2024-37429

Plugin:: Newspack Newsletters
Plugin Slug:: newspack-newsletters
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.13.3
Severity Score:: Medium
CVE:: 2024-37475

Plugin:: PayPlus Payment Gateway
Plugin Slug:: payplus-payment-gateway
Installations: 1,000+
Vulnerability:: SQL Injection
Patched in Version:: 6.6.9
Severity Score:: Critical
CVE:: 2024-6205

Plugin:: PayPlus Payment Gateway
Plugin Slug:: payplus-payment-gateway
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.6.9
Severity Score:: High
CVE:: 2024-37459

Plugin:: Post Meta Data Manager
Plugin Slug:: post-meta-data-manager
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.0
Severity Score:: Medium
CVE:: 2024-6264

Plugin:: SuperSaaS � online appointment scheduling
Plugin Slug:: supersaas-appointment-scheduling
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.10
Severity Score:: Medium
CVE:: 2024-37460

Plugin:: Tainacan
Plugin Slug:: tainacan
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 0.21.6
Severity Score:: Medium
CVE:: 2024-4367

Plugin:: WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin
Plugin Slug:: timetics
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.0.22
Severity Score:: Medium
CVE:: 2024-37427

Plugin:: WP-Lister Lite for Amazon
Plugin Slug:: wp-lister-for-amazon
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.17
Severity Score:: High
CVE:: 2024-37261

Plugin:: The Ultimate WordPress Toolkit � WP Extended
Plugin Slug:: wpextended
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.0.0
Severity Score:: High
CVE:: 2024-37259

Plugin:: Zita Elementor Site Library
Plugin Slug:: zita-site-library
Installations: 1,000+
Vulnerability:: Arbitrary Code Execution
Patched in Version:: 1.6.2
Severity Score:: Critical
CVE:: 2024-37420

Plugin:: Zita Elementor Site Library
Plugin Slug:: zita-site-library
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.6.3
Severity Score:: Medium
CVE:: 2024-3249

Plugin:: Progress Planner
Plugin Slug:: progress-planner
Installations: 30+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 0.9.3
Severity Score:: Medium
CVE:: 2024-37422

Plugin:: Progress Planner
Plugin Slug:: progress-planner
Installations: 30+
Vulnerability:: Broken Access Control
Patched in Version:: 0.9.2
Severity Score:: Medium
CVE:: 2024-37411

Plugin:: Advanced Custom Fields PRO
Plugin Slug:: advanced-custom-fields-pro
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 6.3.2
Severity Score:: Medium
CVE:: 2024-37251

Plugin:: Advanced Custom Fields PRO
Plugin Slug:: advanced-custom-fields-pro
Vulnerability:: Broken Access Control
Patched in Version:: 6.3.2
Severity Score:: Medium
CVE:: 2024-37250

Plugin:: Advanced Custom Fields PRO
Plugin Slug:: advanced-custom-fields-pro
Vulnerability:: Broken Access Control
Patched in Version:: 6.3.2
Severity Score:: Medium
CVE:: 2024-37249

Plugin:: ARMember Premium
Plugin Slug:: armember
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 6.7.1
Severity Score:: Medium
CVE:: 2022-47424

Plugin:: BLAZE Retail Widget
Plugin Slug:: blaze-widget
Vulnerability:: Backdoor
Patched in Version:: 2.5.4
Severity Score:: Critical
CVE:: 2024-6297

Plugin:: Bricks Builder (Premium)
Plugin Slug:: bricksbuilder
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 1.9.9
Severity Score:: Medium
CVE:: 2024-4874

Plugin:: Contact Form 7 Multi-Step Addon
Plugin Slug:: contact-form-7-multi-step-addon
Vulnerability:: Backdoor
Patched in Version:: 1.0.7
Severity Score:: Critical
CVE:: 2024-6297

Plugin:: Elementor Pro
Plugin Slug:: elementor-pro
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.21.3
Severity Score:: High
CVE:: 2024-35656

Plugin:: Blocks Pro
Plugin Slug:: kadence-blocks-pro
Vulnerability:: Broken Access Control
Patched in Version:: 2.3.8
Severity Score:: Medium
CVE:: 2024-1330

Plugin:: Masterstudy Elementor Widgets
Plugin Slug:: masterstudy-elementor-widgets
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: 1.2.3
Severity Score:: Critical
CVE:: 2024-37091

Plugin:: Masterstudy Elementor Widgets
Plugin Slug:: masterstudy-elementor-widgets
Vulnerability:: SQL Injection
Patched in Version:: 1.2.3
Severity Score:: High
CVE:: 2024-37090

Plugin:: Masterstudy Elementor Widgets
Plugin Slug:: masterstudy-elementor-widgets
Vulnerability:: Broken Access Control
Patched in Version:: 1.2.3
Severity Score:: Medium
CVE:: 2024-37269

Plugin:: Newspack Ads
Plugin Slug:: newspack-ads
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.47.2
Severity Score:: Medium
CVE:: 2024-37474

Plugin:: Newspack Blocks
Plugin Slug:: newspack-blocks
Vulnerability:: Broken Access Control
Patched in Version:: 3.0.9
Severity Score:: Medium
CVE:: 2024-37425

Plugin:: Newspack Blocks
Plugin Slug:: newspack-blocks
Vulnerability:: Arbitrary File Upload
Patched in Version:: 3.0.9
Severity Score:: Critical
CVE:: 2024-37424

Plugin:: Newspack Blocks
Plugin Slug:: newspack-blocks
Vulnerability:: Arbitrary File Deletion
Patched in Version:: 3.0.9
Severity Score:: High
CVE:: 2024-37423

Plugin:: Newspack Content Converter
Plugin Slug:: newspack-content-converter
Vulnerability:: Broken Access Control
Patched in Version:: 1.0.0
Severity Score:: Medium
CVE:: 2024-37477

Plugin:: Newspack Campaigns
Plugin Slug:: newspack-popups
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.31.2
Severity Score:: Medium
CVE:: 2024-37476

Plugin:: Slider Revolution
Plugin Slug:: revslider
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.7.14
Severity Score:: Medium
CVE:: 2024-37449

Plugin:: Seo Optimized Images
Plugin Slug:: seo-optimized-images
Vulnerability:: Backdoor
Patched in Version:: 2.1.4
Severity Score:: Critical
CVE:: 2024-6297

Plugin:: Social Warfare
Plugin Slug:: social-warfare
Vulnerability:: Backdoor
Patched in Version:: 4.4.7.3
Severity Score:: Critical
CVE:: 2024-6297

Plugin:: Uber Menu
Plugin Slug:: ubermenu
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.8.4
Severity Score:: Medium
CVE:: 2024-3593

Plugin:: Ultimate Addons for Elementor
Plugin Slug:: ultimate-elementor
Vulnerability:: Privilege Escalation
Patched in Version:: 1.36.32
Severity Score:: High
CVE:: 2024-37455

Plugin:: Uncanny Automator Pro
Plugin Slug:: uncanny-automator-pro
Vulnerability:: Settings Change
Patched in Version:: 5.3.0.1
Severity Score:: Medium
CVE:: 2024-37119

Plugin:: Uncanny Automator Pro
Plugin Slug:: uncanny-automator-pro
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 5.3.0.1
Severity Score:: Medium
CVE:: 2024-37118

Plugin:: Uncanny Toolkit Pro for LearnDash
Plugin Slug:: uncanny-toolkit-pro
Vulnerability:: Other Vulnerability Type
Patched in Version:: 4.1.4.1
Severity Score:: Medium
CVE:: 2024-37439

Plugin:: Uncanny Toolkit Pro for LearnDash
Plugin Slug:: uncanny-toolkit-pro
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 4.1.4.1
Severity Score:: Medium
CVE:: 2024-37438

Plugin:: Uncanny Toolkit Pro for LearnDash
Plugin Slug:: uncanny-toolkit-pro
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.1.4.1
Severity Score:: High
CVE:: 2024-37436

Plugin:: TrustedLogin Vendor
Plugin Slug:: vendor
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.1.1
Severity Score:: Medium
CVE:: 2024-37270

Plugin:: Woffice Core
Plugin Slug:: woffice-core
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.4.9
Severity Score:: High
CVE:: 2024-37471

Plugin:: Woffice Core
Plugin Slug:: woffice-core
Vulnerability:: Broken Access Control
Patched in Version:: 5.4.9
Severity Score:: High
CVE:: 2024-37470

Plugin:: WP Job Manager – Resume Manager
Plugin Slug:: wp-job-manager-resumes
Vulnerability:: Broken Access Control
Patched in Version:: 2.2.0
Severity Score:: Medium
CVE:: 2024-37443

Plugin:: Wrapper Link Elementor
Plugin Slug:: wrapper-link-elementor
Vulnerability:: Backdoor
Patched in Version:: 1.0.5
Severity Score:: Critical
CVE:: 2024-6297

WordPress Themes � 26 Patched / 9 Unpatched

Theme:: Anima
Theme Slug:: anima
Downloads: 168,999
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-37248

Theme:: Infinite Photography
Theme Slug:: infinite-photography
Downloads: 107,414
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-5796

Theme:: Boot Store
Theme Slug:: boot-store
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-5938

Theme:: Grey Opaque
Theme Slug:: grey-opaque
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-5966

Theme:: Mosaic
Theme Slug:: mosaic
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-5965

Theme:: Schema Lite
Theme Slug:: schema-lite
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-37452

Theme:: Scylla lite
Theme Slug:: scylla-lite
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-5922

Theme:: Silesia
Theme Slug:: silesia
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-5788

Theme:: Theron Lite
Theme Slug:: theron-lite
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-5925

Theme:: Ashe
Theme Slug:: ashe
Downloads: 1,957,104
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.234
Severity Score:: Medium
CVE:: 2024-37478

Theme:: Benevolent
Theme Slug:: benevolent
Downloads: 160,655
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.3.5
Severity Score:: Medium
CVE:: 2024-37450

Theme:: Blocksy
Theme Slug:: blocksy
Downloads: 3,336,053
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.0.23
Severity Score:: Medium
CVE:: 2024-37469

Theme:: Blossom Shop
Theme Slug:: blossom-shop
Downloads: 150,907
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.1.8
Severity Score:: Medium
CVE:: 2024-37412

Theme:: Coachify
Theme Slug:: coachify
Downloads: 28,532
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.0.8
Severity Score:: Medium
CVE:: 2024-37417

Theme:: Elegant Pink
Theme Slug:: elegant-pink
Downloads: 196,614
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.3.1
Severity Score:: Medium
CVE:: 2024-37426

Theme:: Esteem
Theme Slug:: esteem
Downloads: 354,167
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.1
Severity Score:: Medium
CVE:: 2024-37432

Theme:: Hestia
Theme Slug:: hestia
Downloads: 4,062,876
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.1.3
Severity Score:: Medium
CVE:: 2024-37467

Theme:: Highlight
Theme Slug:: highlight
Downloads: 435,589
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.0.30
Severity Score:: Medium
CVE:: 2024-37458

Theme:: JobScout
Theme Slug:: jobscout
Downloads: 91,924
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.1.5
Severity Score:: Medium
CVE:: 2024-37421

Theme:: Mesmerize
Theme Slug:: mesmerize
Downloads: 1,557,420
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.6.124
Severity Score:: Medium
CVE:: 2024-37431

Theme:: NewsMash
Theme Slug:: newsmash
Downloads: 64,856
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.0.35
Severity Score:: Medium
CVE:: 2024-37441

Theme:: Newsmatic
Theme Slug:: newsmatic
Downloads: 213,444
Vulnerability:: Broken Access Control
Patched in Version:: 1.3.3
Severity Score:: Medium
CVE:: 2024-37468

Theme:: OnePress
Theme Slug:: onepress
Downloads: 2,262,614
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.3.7
Severity Score:: Medium
CVE:: 2024-37448

Theme:: Perfect Portfolio
Theme Slug:: perfect-portfolio
Downloads: 251,932
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.2.1
Severity Score:: Medium
CVE:: 2024-37435

Theme:: Preschool and Kindergarten
Theme Slug:: preschool-and-kindergarten
Downloads: 120,182
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.2.2
Severity Score:: Medium
CVE:: 2024-37413

Theme:: Travel Agency
Theme Slug:: travel-agency
Downloads: 289,086
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.5.0
Severity Score:: Medium
CVE:: 2024-37451

Theme:: Travel Monster
Theme Slug:: travel-monster
Downloads: 28,852
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.1.3
Severity Score:: Medium
CVE:: 2024-37272

Theme:: Trendy News
Theme Slug:: trendy-news
Downloads: 24,678
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.0.16
Severity Score:: Medium
CVE:: 2024-37473

Theme:: Basil
Theme Slug:: basil
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.5
Severity Score:: Medium
CVE:: 2024-39310

Theme:: The7
Theme Slug:: dt-the7
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 11.14.0
Severity Score:: Medium
CVE:: 2024-5451

Theme:: Foxiz
Theme Slug:: foxiz
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 2.3.6
Severity Score:: High
CVE:: 2024-37260

Theme:: Goya
Theme Slug:: goya
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.8.8
Severity Score:: High
CVE:: 2023-4017

Theme:: Striking
Theme Slug:: striking-r
Vulnerability:: Local File Inclusion
Patched in Version:: 2.3.5
Severity Score:: High
CVE:: 2024-37268

Theme:: Striking
Theme Slug:: striking-r
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.3.5
Severity Score:: High
CVE:: 2024-37267

Theme:: Woffice
Theme Slug:: woffice
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.4.9
Severity Score:: High
CVE:: 2024-37472