WordPress Vulnerability Report � June 12, 2024

In this report, 228 vulnerabilities have been publicly disclosed. Security patches for 168 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 60 plugin vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

WordPress Core

WordPress 6.6 Beta 2 was released on June 11, 2024. This beta version of the WordPress software is under development. The target release date for WordPress 6.6 is July 16, 2024. Your help testing Beta and RC versions over the next five weeks is vital to making sure the final release is everything it should be: stable, powerful, and intuitive.

WordPress Plugins � 157 Patched / 60 Unpatched

Plugin:: Woody code snippets � Insert Header Footer Code, AdSense Ads
Plugin Slug:: insert-php
Installations: 70,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-35751

Plugin:: Album and Image Gallery plus Lightbox
Plugin Slug:: album-and-image-gallery-plus-lightbox
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-4194

Plugin:: Insert or Embed Articulate Content into WordPress
Plugin Slug:: insert-or-embed-articulate-content-into-wordpress
Installations: 3,000+
Vulnerability:: Content Injection
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-0756

Plugin:: KiviCare � Clinic & Patient Management System (EHR)
Plugin Slug:: kivicare-clinic-management-system
Installations: 2,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-35659

Plugin:: Weather Widget Pro
Plugin Slug:: weather-in-any-city-widget
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-35755

Plugin:: Admin Notices Manager
Plugin Slug:: admin-notices-manager
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-1717

Plugin:: Authorize.net Payment Gateway For WooCommerce
Plugin Slug:: authorizenet-payment-gateway-for-woocommerce
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-2382

Plugin:: Boostify Header Footer Builder for Elementor
Plugin Slug:: boostify-header-footer-builder
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-4788

Plugin:: BuddyPress Cover
Plugin Slug:: bp-cover
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-35746

Plugin:: BuddyForms
Plugin Slug:: buddyforms
Vulnerability:: Bypass Vulnerability
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-5149

Plugin:: BuddyPress Members Only
Plugin Slug:: buddypress-members-only
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-0972

Plugin:: Clever Addons for Elementor
Plugin Slug:: cafe-lite
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-2350

Plugin:: Easy Social Like Box � Popup � Sidebar Widget
Plugin Slug:: cardoza-facebook-like-box
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-5224

Plugin:: Under Construction / Maintenance Mode from Acurax
Plugin Slug:: coming-soon-maintenance-mode-from-acurax
Vulnerability:: Bypass Vulnerability
Patched in Version:: No Fix
Severity Score:: Low
CVE:: 2024-35749

Plugin:: Contact Form Builder, Contact Widget
Plugin Slug:: contact-forms-builder
Vulnerability:: Bypass Vulnerability
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-35747

Plugin:: Cowidgets � Elementor Addons
Plugin Slug:: cowidgets-elementor-addons
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-35782

Plugin:: Custom Dash
Plugin Slug:: custom-dash
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-4942

Plugin:: Download Attachments
Plugin Slug:: download-attachments
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-3230

Plugin:: EasyAzon
Plugin Slug:: easyazon
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2023-6956

Plugin:: ElementsReady Addons for Elementor
Plugin Slug:: element-ready-lite
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-5152

Plugin:: Essential Real Estate
Plugin Slug:: essential-real-estate
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-4273

Plugin:: Essential Real Estate
Plugin Slug:: essential-real-estate
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-4274

Plugin:: Fluid Notification Bar
Plugin Slug:: fluid-notification-bar
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-3031

Plugin:: Frontend Registration � Contact Form 7
Plugin Slug:: frontend-registration-contact-form-7
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-4870

Plugin:: FS Product Inquiry
Plugin Slug:: fs-product-inquiry
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-4857

Plugin:: FS Product Inquiry
Plugin Slug:: fs-product-inquiry
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-4856

Plugin:: Responsive Image Gallery, Gallery Album
Plugin Slug:: gallery-album
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-35750

Plugin:: Google CSE
Plugin Slug:: google-cse
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-4755

Plugin:: Insert Post Ads
Plugin Slug:: insert-post-ads
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-35665

Plugin:: MJ Update History
Plugin Slug:: mj-update-history
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-35671

Plugin:: Nafeza Prayer Time
Plugin Slug:: nafeza-prayer-time
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-4462

Plugin:: Netgsm
Plugin Slug:: netgsm
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-35672

Plugin:: Ovic Importer
Plugin Slug:: ovic-import-demo
Vulnerability:: Arbitrary File Download
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-35754

Plugin:: prettyPhoto
Plugin Slug:: prettyphoto
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-5162

Plugin:: Restrict for Elementor
Plugin Slug:: restrict-for-elementor
Vulnerability:: Bypass Vulnerability
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-0910

Plugin:: Rotating Tweets
Plugin Slug:: rotatingtweets
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-5141

Plugin:: SellKit
Plugin Slug:: sellkit
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-4608

Plugin:: Simple COD Fees for WooCommerce
Plugin Slug:: simple-cod-fee-for-woocommerce
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-35662

Plugin:: Simple Image Popup Shortcode
Plugin Slug:: simple-image-popup-shortcode
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-5342

Plugin:: Social Link Pages
Plugin Slug:: social-link-pages
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-3555

Plugin:: Social Login Lite For WooCommerce
Plugin Slug:: social-login-lite-for-woocommerce
Vulnerability:: Broken Authentication
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-4552

Plugin:: Startklar Elementor Addons
Plugin Slug:: startklar-elmentor-forms-extwidgets
Vulnerability:: Arbitrary File Deletion
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-5153

Plugin:: Stellissimo Text Box
Plugin Slug:: stellissimo-text-box
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-35752

Plugin:: Strategery Migrations
Plugin Slug:: strategery-migrations
Vulnerability:: Arbitrary File Download
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-35745

Plugin:: TemplatesNext OnePager
Plugin Slug:: templatesnext-onepager
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-35753

Plugin:: The Moneytizer
Plugin Slug:: the-moneytizer
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2023-6966

Plugin:: The Moneytizer
Plugin Slug:: the-moneytizer
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2023-6968

Plugin:: Themesflat Addons For Elementor
Plugin Slug:: themesflat-addons-for-elementor
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-35666

Plugin:: Tooltip CK
Plugin Slug:: tooltip-ck
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-35756

Plugin:: Upload Fields for WPForms
Plugin Slug:: upload-fields-for-wpforms
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-35661

Plugin:: Upunzipper
Plugin Slug:: upunzipper
Vulnerability:: Arbitrary File Deletion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-35744

Plugin:: Claudio Sanches
Plugin Slug:: woocommerce-checkout-cielo
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-1718

Plugin:: WooCommerce Dropshipping
Plugin Slug:: woocommerce-dropshipping
Vulnerability:: Content Spoofing
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-35748

Plugin:: WP-DB-Table-Editor
Plugin Slug:: wp-db-table-editor
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-2019

Plugin:: SC filechecker
Plugin Slug:: wp-file-checker
Vulnerability:: Arbitrary File Deletion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-35743

Plugin:: WP-Recall
Plugin Slug:: wp-recall
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-1175

Plugin:: WP-Recall
Plugin Slug:: wp-recall
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-35657

Plugin:: WP Translate
Plugin Slug:: wp-translate
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-35663

Plugin:: WPUpper Share Buttons
Plugin Slug:: wpupper-share-buttons
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-4997

Plugin:: Easy Forms for Mailchimp
Plugin Slug:: yikes-inc-easy-mailchimp-extender
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-35742

Plugin:: Advanced Custom Fields (ACF)
Plugin Slug:: advanced-custom-fields
Installations: 2,000,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 6.3
Severity Score:: Medium
CVE:: 2024-4565

Plugin:: Essential Addons for Elementor � Best Elementor Templates, Widgets, Kits & WooCommerce Builders
Plugin Slug:: essential-addons-for-elementor-lite
Installations: 2,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.9.23
Severity Score:: Medium
CVE:: 2024-5188

Plugin:: WPS Hide Login
Plugin Slug:: wps-hide-login
Installations: 1,000,000+
Vulnerability:: Bypass Vulnerability
Patched in Version:: 1.9.16
Severity Score:: Medium
CVE:: 2024-2473

Plugin:: TablePress � Tables in WordPress made easy
Plugin Slug:: tablepress
Installations: 800,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 2.3.2
Severity Score:: Medium
CVE:: 2024-4354

Plugin:: WP Shortcodes Plugin � Shortcodes Ultimate
Plugin Slug:: shortcodes-ultimate
Installations: 600,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.1.7
Severity Score:: Medium
CVE:: 2024-4821

Plugin:: SiteOrigin Widgets Bundle
Plugin Slug:: so-widgets-bundle
Installations: 600,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.62.0
Severity Score:: Medium
CVE:: 2024-5090

Plugin:: Newsletter � Send awesome emails from WordPress
Plugin Slug:: newsletter
Installations: 300,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 8.3.5
Severity Score:: High
CVE:: 2024-5317

Plugin:: Royal Elementor Addons and Templates
Plugin Slug:: royal-elementor-addons
Installations: 300,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.977
Severity Score:: Medium
CVE:: 2024-4489

Plugin:: Royal Elementor Addons and Templates
Plugin Slug:: royal-elementor-addons
Installations: 300,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.977
Severity Score:: Medium
CVE:: 2024-4488

Plugin:: WP Reset � Most Advanced WordPress Reset Tool
Plugin Slug:: wp-reset
Installations: 300,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.03
Severity Score:: Medium
CVE:: 2024-4661

Plugin:: Photo Gallery by 10Web � Mobile-Friendly Image Gallery
Plugin Slug:: photo-gallery
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8.24
Severity Score:: Medium
CVE:: 2024-5426

Plugin:: Photo Gallery by 10Web � Mobile-Friendly Image Gallery
Plugin Slug:: photo-gallery
Installations: 200,000+
Vulnerability:: Path Traversal
Patched in Version:: 1.8.24
Severity Score:: Medium
CVE:: 2024-5481

Plugin:: Qi Addons For Elementor
Plugin Slug:: qi-addons-for-elementor
Installations: 200,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 1.7.3
Severity Score:: High
CVE:: 2024-4887

Plugin:: Qi Addons For Elementor
Plugin Slug:: qi-addons-for-elementor
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.7.3
Severity Score:: Medium
CVE:: 2024-4364

Plugin:: Unlimited Elements For Elementor (Free Widgets, Addons, Templates)
Plugin Slug:: unlimited-elements-for-elementor
Installations: 200,000+
Vulnerability:: SQL Injection
Patched in Version:: 1.5.110
Severity Score:: High
CVE:: 2024-5329

Plugin:: Unlimited Elements For Elementor (Free Widgets, Addons, Templates)
Plugin Slug:: unlimited-elements-for-elementor
Installations: 200,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.5.110
Severity Score:: Medium
CVE:: 2024-35674

Plugin:: Prime Slider � Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider)
Plugin Slug:: bdthemes-prime-slider-lite
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.14.8
Severity Score:: Medium
CVE:: 2024-5640

Plugin:: Colibri Page Builder
Plugin Slug:: colibri-page-builder
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.277
Severity Score:: Medium
CVE:: 2024-5038

Plugin:: Download Manager
Plugin Slug:: download-manager
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.94
Severity Score:: Medium
CVE:: 2024-4001

Plugin:: GiveWP � Donation Plugin and Fundraising Platform
Plugin Slug:: give
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.12.1
Severity Score:: High
CVE:: 2024-35679

Plugin:: Newsletter, SMTP, Email marketing and Subscribe forms by Brevo (formely Sendinblue)
Plugin Slug:: mailin
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1.78
Severity Score:: High
CVE:: 2024-35668

Plugin:: Minimal Coming Soon � Coming Soon Page
Plugin Slug:: minimal-coming-soon-maintenance-mode
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.39
Severity Score:: Medium
CVE:: 2024-5087

Plugin:: WP Mobile Menu � The Mobile-Friendly Responsive Menu
Plugin Slug:: mobile-menu
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.8.4.3
Severity Score:: Medium
CVE:: 2024-3987

Plugin:: Strong Testimonials
Plugin Slug:: strong-testimonials
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.1.13
Severity Score:: Medium
CVE:: 2023-6491

Plugin:: The Plus Addons for Elementor � Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce
Plugin Slug:: the-plus-addons-for-elementor-page-builder
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.5.5
Severity Score:: Medium
CVE:: 2024-35709

Plugin:: GDPR/CCPA Cookie Consent Banner
Plugin Slug:: uk-cookie-consent
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.2.1
Severity Score:: Medium
CVE:: 2024-35692

Plugin:: Widget Options � The #1 WordPress Widget & Block Control Plugin
Plugin Slug:: widget-options
Installations: 100,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 4.0.2
Severity Score:: Medium
CVE:: 2024-35690

Plugin:: Widget Options � The #1 WordPress Widget & Block Control Plugin
Plugin Slug:: widget-options
Installations: 100,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 4.0.2
Severity Score:: Medium
CVE:: 2024-35690

Plugin:: WP Force SSL & HTTPS SSL Redirect
Plugin Slug:: wp-force-ssl
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.67
Severity Score:: Medium
CVE:: 2024-5770

Plugin:: Email Subscribers by Icegram Express � Email Marketing, Newsletters, Automation for WordPress & WooCommerce
Plugin Slug:: email-subscribers
Installations: 90,000+
Vulnerability:: SQL Injection
Patched in Version:: 5.7.21
Severity Score:: Critical
CVE:: 2024-4295

Plugin:: EmbedPress � Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor
Plugin Slug:: embedpress
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.0.2
Severity Score:: Medium
CVE:: 2024-5571

Plugin:: LearnPress � WordPress LMS Plugin
Plugin Slug:: learnpress
Installations: 90,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 4.2.6.8.1
Severity Score:: Medium
CVE:: 2024-5483

Plugin:: The Post Grid � Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid
Plugin Slug:: the-post-grid
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.7.2
Severity Score:: Medium
CVE:: 2024-35739

Plugin:: Brizy � Page Builder
Plugin Slug:: brizy
Installations: 80,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.44
Severity Score:: Medium
CVE:: 2024-3667

Plugin:: Brizy � Page Builder
Plugin Slug:: brizy
Installations: 80,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.44
Severity Score:: High
CVE:: 2024-2087

Plugin:: Tutor LMS � eLearning and online course solution
Plugin Slug:: tutor
Installations: 80,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 2.7.2
Severity Score:: Medium
CVE:: 2024-5438

Plugin:: Comments � wpDiscuz
Plugin Slug:: wpdiscuz
Installations: 80,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.6.19
Severity Score:: Medium
CVE:: 2024-35681

Plugin:: Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode & Coming Soon Pages
Plugin Slug:: visualcomposer
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 45.9.0
Severity Score:: Medium
CVE:: 2024-35653

Plugin:: Clever Fox
Plugin Slug:: clever-fox
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 25.2.1
Severity Score:: Medium
CVE:: 2024-1768

Plugin:: Clever Fox
Plugin Slug:: clever-fox
Installations: 50,000+
Vulnerability:: Broken Access Control
Patched in Version:: 25.2.1
Severity Score:: Medium
CVE:: 2023-6876

Plugin:: Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates)
Plugin Slug:: sina-extension-for-elementor
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.5.4
Severity Score:: Medium
CVE:: 2024-35703

Plugin:: CF7 Google Sheets Connector
Plugin Slug:: cf7-google-sheets-connector
Installations: 40,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.0.10
Severity Score:: Medium
CVE:: 2024-5654

Plugin:: Custom Field Template
Plugin Slug:: custom-field-template
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.2
Severity Score:: Medium
CVE:: 2024-0627

Plugin:: Custom Field Template
Plugin Slug:: custom-field-template
Installations: 40,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.6.2
Severity Score:: Medium
CVE:: 2023-6748

Plugin:: Custom Field Template
Plugin Slug:: custom-field-template
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.2
Severity Score:: Medium
CVE:: 2023-6745

Plugin:: Custom Field Template
Plugin Slug:: custom-field-template
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.2
Severity Score:: Medium
CVE:: 2024-0653

Plugin:: Login/Signup Popup ( Inline Form + Woocommerce )
Plugin Slug:: easy-login-woocommerce
Installations: 40,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.7.3
Severity Score:: Medium
CVE:: 2024-5665

Plugin:: Login/Signup Popup ( Inline Form + Woocommerce )
Plugin Slug:: easy-login-woocommerce
Installations: 40,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.7.3
Severity Score:: High
CVE:: 2024-5324

Plugin:: Qi Blocks
Plugin Slug:: qi-blocks
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.0
Severity Score:: Medium
CVE:: 2024-5221

Plugin:: Quiz and Survey Master (QSM) � Easy Quiz and Survey Maker
Plugin Slug:: quiz-master-next
Installations: 40,000+
Vulnerability:: SQL Injection
Patched in Version:: 9.0.2
Severity Score:: High
CVE:: 2024-3592

Plugin:: Analytify � Google Analytics Dashboard For WordPress (GA4 analytics made easy)
Plugin Slug:: wp-analytify
Installations: 40,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 5.2.4
Severity Score:: Medium
CVE:: 2024-35689

Plugin:: WP jQuery Lightbox
Plugin Slug:: wp-jquery-lightbox
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.5
Severity Score:: Medium
CVE:: 2024-5425

Plugin:: Master Addons � Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor
Plugin Slug:: master-addons
Installations: 30,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.0.6.2
Severity Score:: Medium
CVE:: 2024-5382

Plugin:: Master Addons � Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor
Plugin Slug:: master-addons
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.6.1
Severity Score:: Medium
CVE:: 2024-35702

Plugin:: Master Addons � Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor
Plugin Slug:: master-addons
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.6.0
Severity Score:: Medium
CVE:: 2024-35688

Plugin:: Master Addons � Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor
Plugin Slug:: master-addons
Installations: 30,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.0.5.6
Severity Score:: Medium
CVE:: 2024-35660

Plugin:: SureTriggers � Connect All Your Plugins, Apps, Tools & Automate Everything!
Plugin Slug:: suretriggers
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.48
Severity Score:: Medium
CVE:: 2024-5485

Plugin:: Visualizer: Tables and Charts Manager for WordPress
Plugin Slug:: visualizer
Installations: 30,000+
Vulnerability:: SQL Injection
Patched in Version:: 3.11.2
Severity Score:: High
CVE:: 2024-35736

Plugin:: WooCommerce Tools
Plugin Slug:: woo-tools
Installations: 30,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.2.10
Severity Score:: Medium
CVE:: 2024-1689

Plugin:: YITH WooCommerce Tab Manager
Plugin Slug:: yith-woocommerce-tab-manager
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.35.1
Severity Score:: Medium
CVE:: 2024-35698

Plugin:: Bosa Elementor Addons and Templates for WooCommerce
Plugin Slug:: bosa-elementor-for-woocommerce
Installations: 20,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.0.13
Severity Score:: Medium
CVE:: 2024-35724

Plugin:: Brave � Create Popup, Optins, Lead Generation, Survey, Sticky Elements & Interactive Content
Plugin Slug:: brave-popup-builder
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.0.0
Severity Score:: Medium
CVE:: 2024-35655

Plugin:: Envo Extra
Plugin Slug:: envo-extra
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8.25
Severity Score:: Medium
CVE:: 2024-5645

Plugin:: One Page Express Companion
Plugin Slug:: one-page-express-companion
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.38
Severity Score:: Medium
CVE:: 2024-4703

Plugin:: Responsive Addons � Starter Templates, Advanced Features and Customizer Settings for Responsive Theme.
Plugin Slug:: responsive-add-ons
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.0.6
Severity Score:: Medium
CVE:: 2024-5222

Plugin:: Product Addons & Fields for WooCommerce
Plugin Slug:: woocommerce-product-addon
Installations: 20,000+
Vulnerability:: Content Injection
Patched in Version:: 32.0.21
Severity Score:: Medium
CVE:: 2024-35728

Plugin:: WP Dark Mode � WordPress Dark Mode Plugin for Improved Accessibility, Dark Theme, Night Mode, and Social Sharing
Plugin Slug:: wp-dark-mode
Installations: 20,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.0.5
Severity Score:: Medium
CVE:: 2024-5449

Plugin:: Advanced Woo Labels � Product Labels for WooCommerce
Plugin Slug:: advanced-woo-labels
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.94
Severity Score:: Medium
CVE:: 2024-35675

Plugin:: Awesome Support � WordPress HelpDesk & Support Plugin
Plugin Slug:: awesome-support
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 6.1.8
Severity Score:: Medium
CVE:: 2024-35741

Plugin:: Countdown, Coming Soon, Maintenance � Countdown & Clock
Plugin Slug:: countdown-builder
Installations: 10,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 2.7.8.1
Severity Score:: Medium
CVE:: 2024-2017

Plugin:: LA-Studio Element Kit for Elementor
Plugin Slug:: lastudio-element-kit
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.3.7.4
Severity Score:: Medium
CVE:: 2024-35725

Plugin:: LifterLMS � WP LMS for eLearning, Online Courses, & Quizzes
Plugin Slug:: lifterlms
Installations: 10,000+
Vulnerability:: SQL Injection
Patched in Version:: 7.6.3
Severity Score:: High
CVE:: 2024-4743

Plugin:: Link Library
Plugin Slug:: link-library
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.6.4
Severity Score:: High
CVE:: 2024-35687

Plugin:: Open Graph
Plugin Slug:: opengraph
Installations: 10,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.11.3
Severity Score:: Medium
CVE:: 2024-5615

Plugin:: Sensei LMS � Online Courses, Quizzes, & Learning
Plugin Slug:: sensei-lms
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.24.0
Severity Score:: Medium
CVE:: 2024-35686

Plugin:: Weaver Xtreme Theme Support
Plugin Slug:: weaverx-theme-support
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.5
Severity Score:: Medium
CVE:: 2024-4939

Plugin:: YITH WooCommerce Product Add-Ons
Plugin Slug:: yith-woocommerce-product-add-ons
Installations: 10,000+
Vulnerability:: Content Injection
Patched in Version:: 4.9.3
Severity Score:: Medium
CVE:: 2024-35680

Plugin:: BlockArt Blocks � Gutenberg Blocks, Page Builder Blocks ,WordPress Block Plugin, Sections & Template Library
Plugin Slug:: blockart-blocks
Installations: 9,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.6
Severity Score:: Medium
CVE:: 2024-35704

Plugin:: Database Cleaner: Clean, Optimize & Repair
Plugin Slug:: database-cleaner
Installations: 9,000+
Vulnerability:: Directory Traversal
Patched in Version:: 1.0.6
Severity Score:: Medium
CVE:: 2024-35712

Plugin:: Materialis Companion
Plugin Slug:: materialis-companion
Installations: 9,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.42
Severity Score:: Medium
CVE:: 2024-4707

Plugin:: ElasticPress
Plugin Slug:: elasticpress
Installations: 8,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 5.1.2
Severity Score:: Medium
CVE:: 2024-35684

Plugin:: YITH Custom Login
Plugin Slug:: yith-custom-login
Installations: 8,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.7.1
Severity Score:: Medium
CVE:: 2024-35732

Plugin:: Five Star Restaurant Menu and Food Ordering
Plugin Slug:: food-and-drink-menu
Installations: 7,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.4.17
Severity Score:: Medium
CVE:: 2024-5459

Plugin:: ProfileGrid � User Profiles, Groups and Communities
Plugin Slug:: profilegrid-user-profiles-groups-and-communities
Installations: 7,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.8.7
Severity Score:: Medium
CVE:: 2024-5453

Plugin:: WS Form LITE � Drag & Drop Contact Form Builder for WordPress
Plugin Slug:: ws-form
Installations: 7,000+
Vulnerability:: CSV Injection
Patched in Version:: 1.9.218
Severity Score:: Medium
CVE:: 2023-5424

Plugin:: MultiVendorX Marketplace � WooCommerce MultiVendor Marketplace Solution
Plugin Slug:: dc-woocommerce-multi-vendor
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.1.12
Severity Score:: Medium
CVE:: 2024-5259

Plugin:: Integrate Google Drive � Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files into Your WordPress Site
Plugin Slug:: integrate-google-drive
Installations: 6,000+
Vulnerability:: Broken Authentication
Patched in Version:: 1.3.94
Severity Score:: Medium
CVE:: 2024-35670

Plugin:: Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library )
Plugin Slug:: magical-addons-for-elementor
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.40
Severity Score:: Medium
CVE:: 2024-5161

Plugin:: Pure Chat � Live Chat & More!
Plugin Slug:: pure-chat
Installations: 6,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.3
Severity Score:: Medium
CVE:: 2024-35673

Plugin:: Testimonial Carousel For Elementor
Plugin Slug:: testimonials-carousel-elementor
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 10.2.0
Severity Score:: Medium
CVE:: 2024-35713

Plugin:: Wbcom Designs � Custom Font Uploader
Plugin Slug:: custom-font-uploader
Installations: 5,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.4.0
Severity Score:: Medium
CVE:: 2024-5489

Plugin:: Album Gallery � WordPress Gallery
Plugin Slug:: new-album-gallery
Installations: 5,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.5.8
Severity Score:: Medium
CVE:: 2024-35720

Plugin:: Image Gallery � Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery
Plugin Slug:: new-image-gallery
Installations: 5,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.4.6
Severity Score:: Medium
CVE:: 2024-35721

Plugin:: Podlove Web Player
Plugin Slug:: podlove-web-player
Installations: 5,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 5.7.4
Severity Score:: Medium
CVE:: 2024-35710

Plugin:: Salon Booking System
Plugin Slug:: salon-booking-system
Installations: 5,000+
Vulnerability:: Broken Access Control
Patched in Version:: 10.0
Severity Score:: Medium
CVE:: 2024-4468

Plugin:: Shopping Cart & eCommerce Store
Plugin Slug:: wp-easycart
Installations: 5,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.6.0
Severity Score:: Medium
CVE:: 2024-35667

Plugin:: WPMobile.App � Android and iOS Mobile Application
Plugin Slug:: wpappninja
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 11.42
Severity Score:: High
CVE:: 2024-35694

Plugin:: Debug Log Manager
Plugin Slug:: debug-log-manager
Installations: 4,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.3.2
Severity Score:: Medium
CVE:: 2024-35669

Plugin:: Kenta Blocks � Responsive Blocks and block templates library
Plugin Slug:: kenta-blocks
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4.0
Severity Score:: Medium
CVE:: 2024-35731

Plugin:: Tickera � WordPress Event Ticketing
Plugin Slug:: tickera-event-ticketing-system
Installations: 4,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.5.2.7
Severity Score:: Medium
CVE:: 2024-35729

Plugin:: Auto Coupons for WooCommerce
Plugin Slug:: woo-auto-coupons
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.0.15
Severity Score:: High
CVE:: 2024-35733

Plugin:: Media Slider � Photo Slider, Video Slider, Link Slider, Carousal Slideshow
Plugin Slug:: media-slider
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.4.0
Severity Score:: Medium
CVE:: 2024-35717

Plugin:: Mollie Forms
Plugin Slug:: mollie-forms
Installations: 3,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.6.14
Severity Score:: Medium
CVE:: 2024-2368

Plugin:: Newsletters
Plugin Slug:: newsletters-lite
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.9.6
Severity Score:: High
CVE:: 2024-35718

Plugin:: PropertyHive
Plugin Slug:: propertyhive
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.14
Severity Score:: Medium
CVE:: 2024-35701

Plugin:: Simple Ajax Chat � Add a Fast, Secure Chat Box
Plugin Slug:: simple-ajax-chat
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 20240412
Severity Score:: Medium
CVE:: 2024-2470

Plugin:: Slider Responsive Slideshow � Image slider, Gallery slideshow
Plugin Slug:: slider-responsive-slideshow
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.4.2
Severity Score:: Medium
CVE:: 2024-35722

Plugin:: Cards for Beaver Builder
Plugin Slug:: bb-bootstrap-cards
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.4
Severity Score:: Medium
CVE:: 2024-5663

Plugin:: Leyka
Plugin Slug:: leyka
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.31.2
Severity Score:: Medium
CVE:: 2024-35683

Plugin:: GDPR CCPA Compliance & Cookie Consent Banner
Plugin Slug:: ninja-gdpr-compliance
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.7.1
Severity Score:: Medium
CVE:: 2024-5607

Plugin:: Active Products Tables for WooCommerce. Use constructor to create tables�
Plugin Slug:: profit-products-tables-for-woocommerce
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.6.4
Severity Score:: High
CVE:: 2024-35730

Plugin:: RestroPress � Online Food Ordering System
Plugin Slug:: restropress
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1.2.2
Severity Score:: Medium
CVE:: 2024-35719

Plugin:: Block for Font Awesome
Plugin Slug:: block-for-font-awesome
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4.5
Severity Score:: Medium
CVE:: 2024-35705

Plugin:: Kognetiks Chatbot for WordPress
Plugin Slug:: chatbot-chatgpt
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.9.9
Severity Score:: Medium
CVE:: 2024-35738

Plugin:: Contact Form to DB by BestWebSoft � Messages Database Plugin For WordPress
Plugin Slug:: contact-form-to-db
Installations: 1,000+
Vulnerability:: SQL Injection
Patched in Version:: 1.7.3
Severity Score:: High
CVE:: 2024-35678

Plugin:: Copymatic � AI Content Writer & Generator
Plugin Slug:: copymatic
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.0
Severity Score:: Medium
CVE:: 2024-35716

Plugin:: Dashboard To-Do List
Plugin Slug:: dashboard-to-do-list
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.3.0
Severity Score:: Medium
CVE:: 2024-35723

Plugin:: Emergency Password Reset
Plugin Slug:: emergency-password-reset
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 9.0
Severity Score:: Medium
CVE:: 2024-35648

Plugin:: Event Tickets with Ticket Scanner
Plugin Slug:: event-tickets-with-ticket-scanner
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.3.2
Severity Score:: High
CVE:: 2024-35652

Plugin:: Extra Product Options for WooCommerce
Plugin Slug:: extra-product-options-for-woocommerce
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.0.7
Severity Score:: Medium
CVE:: 2024-35727

Plugin:: GamiPress � Link
Plugin Slug:: gamipress-link
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.5
Severity Score:: Medium
CVE:: 2024-5536

Plugin:: Heateor Social Login WordPress
Plugin Slug:: heateor-social-login
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.33
Severity Score:: Medium
CVE:: 2024-35707

Plugin:: Heateor Social Login WordPress
Plugin Slug:: heateor-social-login
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.33
Severity Score:: High
CVE:: 2024-35706

Plugin:: HT Feed
Plugin Slug:: ht-instagram
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.9
Severity Score:: Medium
CVE:: 2024-35699

Plugin:: Market Exporter
Plugin Slug:: market-exporter
Installations: 1,000+
Vulnerability:: Arbitrary File Deletion
Patched in Version:: 2.0.20
Severity Score:: High
CVE:: 2024-5637

Plugin:: Recurring PayPal Donations
Plugin Slug:: recurring-donation
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8
Severity Score:: Medium
CVE:: 2024-35676

Plugin:: Save as PDF Plugin by Pdfcrowd
Plugin Slug:: save-as-pdf-by-pdfcrowd
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.3.0
Severity Score:: Medium
CVE:: 2024-35649

Plugin:: SKT Addons for Elementor
Plugin Slug:: skt-addons-for-elementor
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1
Severity Score:: Medium
CVE:: 2024-5091

Plugin:: BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages
Plugin Slug:: wc4bp
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.4.20
Severity Score:: Medium
CVE:: 2024-35726