Nexcess.com Servers.com LiquidWeb.com

Line illustration showing a black application window on a dark red gradient background overlaid with a large exclamation point alert icon and three bugs.

WordPress Vulnerability Report � June 5, 2024

In this report, 128 vulnerabilities have been publicly disclosed. Security patches for 79 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 49 plugin vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

WordPress Core

WordPress 6.6 Beta 1 was released on June 4, 2024. The scheduled final release date for WordPress 6.6 is�July 16, 2024. Your help testing Beta and RC versions over the next six weeks is vital to making sure the final release is everything it should be: stable, powerful, and intuitive.

WordPress Plugins � 78 Patched / 49 Unpatched

Plugin:: Brave � Create Popup, Optins, Lead Generation, Survey, Sticky Elements & Interactive Content
Plugin Slug:: brave-popup-builder
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-35655

Plugin:: List categories
Plugin Slug:: list-categories
Installations: 7,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-4356

Plugin:: Testimonial Carousel For Elementor
Plugin Slug:: testimonials-carousel-elementor
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-2253

Plugin:: Insert or Embed Articulate Content into WordPress
Plugin Slug:: insert-or-embed-articulate-content-into-wordpress
Installations: 3,000+
Vulnerability:: Content Injection
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-0756

Plugin:: Simple Spoiler
Plugin Slug:: simple-spoiler
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-35639

Plugin:: KiviCare � Clinic & Patient Management System (EHR)
Plugin Slug:: kivicare-clinic-management-system
Installations: 2,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-35659

Plugin:: Random Banner
Plugin Slug:: random-banner
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-35645

Plugin:: AffiEasy
Plugin Slug:: affieasy
Installations: 40+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-4218

Plugin:: Playlist for Youtube
Plugin Slug:: playlist-for-youtube
Installations: 30+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-3937

Plugin:: ActiveDEMAND
Plugin Slug:: activedemand
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-35638

Plugin:: Admin Notices Manager
Plugin Slug:: admin-notices-manager
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-1717

Plugin:: Authorize.net Payment Gateway For WooCommerce
Plugin Slug:: authorizenet-payment-gateway-for-woocommerce
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-2382

Plugin:: BuddyForms
Plugin Slug:: buddyforms
Vulnerability:: Bypass Vulnerability
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-5149

Plugin:: Comparison Slider
Plugin Slug:: comparison-slider
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-4422

Plugin:: Comparison Slider
Plugin Slug:: comparison-slider
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-4427

Plugin:: Comparison Slider
Plugin Slug:: comparison-slider
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-4426

Plugin:: Cowidgets � Elementor Addons
Plugin Slug:: cowidgets-elementor-addons
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-35782

Plugin:: Download Attachments
Plugin Slug:: download-attachments
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-3230

Plugin:: Essential Real Estate
Plugin Slug:: essential-real-estate
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-4273

Plugin:: Essential Real Estate
Plugin Slug:: essential-real-estate
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-4274

Plugin:: Fluid Notification Bar
Plugin Slug:: fluid-notification-bar
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-3031

Plugin:: Frontend Registration � Contact Form 7
Plugin Slug:: frontend-registration-contact-form-7
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-4870

Plugin:: FS Product Inquiry
Plugin Slug:: fs-product-inquiry
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-4857

Plugin:: FS Product Inquiry
Plugin Slug:: fs-product-inquiry
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-4856

Plugin:: Gianism
Plugin Slug:: gianism
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-3921

Plugin:: Global Notification Bar
Plugin Slug:: global-notification-bar
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-35647

Plugin:: Insert Post Ads
Plugin Slug:: insert-post-ads
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-35665

Plugin:: MJ Update History
Plugin Slug:: mj-update-history
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-35671

Plugin:: Nafeza Prayer Time
Plugin Slug:: nafeza-prayer-time
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-4462

Plugin:: Netgsm
Plugin Slug:: netgsm
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-35672

Plugin:: QQWorld Auto Save Images
Plugin Slug:: qqworld-auto-save-images
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-1324

Plugin:: Remote Content Shortcode
Plugin Slug:: remote-content-shortcode
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-2089

Plugin:: Simple COD Fees for WooCommerce
Plugin Slug:: simple-cod-fee-for-woocommerce
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-35662

Plugin:: Smartarget Message Bar
Plugin Slug:: smartarget-message-bar
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-35646

Plugin:: Social Link Pages
Plugin Slug:: social-link-pages
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-3555

Plugin:: Social Login Lite For WooCommerce
Plugin Slug:: social-login-lite-for-woocommerce
Vulnerability:: Broken Authentication
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-4552

Plugin:: StopBadBots
Plugin Slug:: stopbadbots
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-4355

Plugin:: Themesflat Addons For Elementor
Plugin Slug:: themesflat-addons-for-elementor
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-35666

Plugin:: Upload Fields for WPForms
Plugin Slug:: upload-fields-for-wpforms
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-35661

Plugin:: Uploadcare File Uploader and Adaptive Delivery (beta)
Plugin Slug:: uploadcare
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-35636

Plugin:: Claudio Sanches
Plugin Slug:: woocommerce-checkout-cielo
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-1718

Plugin:: WP Back Button
Plugin Slug:: wp-back-button
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-35643

Plugin:: WP-DB-Table-Editor
Plugin Slug:: wp-db-table-editor
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-2019

Plugin:: WP-Recall
Plugin Slug:: wp-recall
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-35657

Plugin:: WP To Do
Plugin Slug:: wp-todo
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-3946

Plugin:: WP To Do
Plugin Slug:: wp-todo
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-3943

Plugin:: WP Translate
Plugin Slug:: wp-translate
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-35663

Plugin:: WPUpper Share Buttons
Plugin Slug:: wpupper-share-buttons
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-4997

Plugin:: Yumpu ePaper publishing
Plugin Slug:: yumpu-epaper-publishing
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-3277

Plugin:: Advanced Custom Fields (ACF)
Plugin Slug:: advanced-custom-fields
Installations: 2,000,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 6.3
Severity Score:: Medium
CVE:: 2024-4565

Plugin:: Essential Addons for Elementor � Best Elementor Templates, Widgets, Kits & WooCommerce Builders
Plugin Slug:: essential-addons-for-elementor-lite
Installations: 2,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.9.22
Severity Score:: Medium
CVE:: 2024-5073

Plugin:: YITH WooCommerce Wishlist
Plugin Slug:: yith-woocommerce-wishlist
Installations: 900,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.33.0
Severity Score:: Medium
CVE:: 2024-34385

Plugin:: Premium Addons for Elementor
Plugin Slug:: premium-addons-for-elementor
Installations: 700,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.10.32
Severity Score:: Medium
CVE:: 2024-4205

Plugin:: WP Shortcodes Plugin � Shortcodes Ultimate
Plugin Slug:: shortcodes-ultimate
Installations: 600,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.1.7
Severity Score:: Medium
CVE:: 2024-4821

Plugin:: Page Builder Gutenberg Blocks � CoBlocks
Plugin Slug:: coblocks
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1.10
Severity Score:: Medium
CVE:: 2024-2933

Plugin:: Happy Addons for Elementor
Plugin Slug:: happy-elementor-addons
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.11.0
Severity Score:: Medium
CVE:: 2024-5347

Plugin:: Post SMTP � WP SMTP Plugin with Email Logs & Mobile App for Failure Alerts � Any SMTP Plus Gmail SMTP, Office 365, Brevo, Mailgun, Amazon SES, Postmark
Plugin Slug:: post-smtp
Installations: 400,000+
Vulnerability:: SQL Injection
Patched in Version:: 2.9.4
Severity Score:: High
CVE:: 2024-5207

Plugin:: Newsletter � Send awesome emails from WordPress
Plugin Slug:: newsletter
Installations: 300,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 8.3.5
Severity Score:: High
CVE:: 2024-5317

Plugin:: Royal Elementor Addons and Templates
Plugin Slug:: royal-elementor-addons
Installations: 300,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.976
Severity Score:: Medium
CVE:: 2024-4342

Plugin:: Blocksy Companion
Plugin Slug:: blocksy-companion
Installations: 200,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 2.0.43
Severity Score:: Medium
CVE:: 2024-35633

Plugin:: Popup Builder � Create highly converting, mobile friendly marketing popups.
Plugin Slug:: popup-builder
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.3.0
Severity Score:: Medium
CVE:: 2024-2506

Plugin:: Supreme Modules Lite � Divi Theme, Extra Theme and Divi Builder
Plugin Slug:: supreme-modules-for-divi
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.5.52
Severity Score:: Medium
CVE:: 2024-5501

Plugin:: Unlimited Elements For Elementor (Free Widgets, Addons, Templates)
Plugin Slug:: unlimited-elements-for-elementor
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.108
Severity Score:: Medium
CVE:: 2024-3190

Plugin:: Download Manager
Plugin Slug:: download-manager
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.94
Severity Score:: Medium
CVE:: 2024-4001

Plugin:: Download Manager
Plugin Slug:: download-manager
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.91
Severity Score:: Medium
CVE:: 2024-4160

Plugin:: Download Monitor
Plugin Slug:: download-monitor
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.9.14
Severity Score:: Medium
CVE:: 2024-3269

Plugin:: Newsletter, SMTP, Email marketing and Subscribe forms by Brevo (formely Sendinblue)
Plugin Slug:: mailin
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1.78
Severity Score:: High
CVE:: 2024-35668

Plugin:: PowerPack Addons for Elementor (Free Widgets, Extensions and Templates)
Plugin Slug:: powerpack-lite-for-elementor
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.7.20
Severity Score:: Medium
CVE:: 2024-5327

Plugin:: WP STAGING WordPress Backup Plugin � Migration Backup Restore
Plugin Slug:: wp-staging
Installations: 100,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 3.5.0
Severity Score:: Medium
CVE:: 2024-4469

Plugin:: Email Subscribers by Icegram Express � Email Marketing, Newsletters, Automation for WordPress & WooCommerce
Plugin Slug:: email-subscribers
Installations: 90,000+
Vulnerability:: SQL Injection
Patched in Version:: 5.7.21
Severity Score:: Critical
CVE:: 2024-4295

Plugin:: EmbedPress � Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor
Plugin Slug:: embedpress
Installations: 90,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.0.2
Severity Score:: Medium
CVE:: 2024-5571

Plugin:: LearnPress � WordPress LMS Plugin
Plugin Slug:: learnpress
Installations: 90,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 4.2.6.8.1
Severity Score:: Medium
CVE:: 2024-5483

Plugin:: Brizy � Page Builder
Plugin Slug:: brizy
Installations: 80,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.44
Severity Score:: Medium
CVE:: 2024-3667

Plugin:: Brizy � Page Builder
Plugin Slug:: brizy
Installations: 80,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.44
Severity Score:: High
CVE:: 2024-2087

Plugin:: Ninja Tables � Easiest Data Table Builder
Plugin Slug:: ninja-tables
Installations: 80,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 5.0.10
Severity Score:: Medium
CVE:: 2024-35635

Plugin:: User Registration � Custom Registration Form, Login Form, and User Profile WordPress Plugin
Plugin Slug:: user-registration
Installations: 70,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.2.1
Severity Score:: High
CVE:: 2024-4958

Plugin:: wpDataTables � WordPress Data Table, Dynamic Tables & Table Charts Plugin
Plugin Slug:: wpdatatables
Installations: 70,000+
Vulnerability:: Broken Access Control
Patched in Version:: 6.4
Severity Score:: High
CVE:: 2024-3821

Plugin:: wpDataTables � WordPress Data Table, Dynamic Tables & Table Charts Plugin
Plugin Slug:: wpdatatables
Installations: 70,000+
Vulnerability:: SQL Injection
Patched in Version:: 6.3.2
Severity Score:: Critical
CVE:: 2024-3820

Plugin:: Site Reviews
Plugin Slug:: site-reviews
Installations: 60,000+
Vulnerability:: Bypass Vulnerability
Patched in Version:: 7.0.0
Severity Score:: Medium
CVE:: 2024-3050

Plugin:: Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode & Coming Soon Pages
Plugin Slug:: visualcomposer
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 45.9.0
Severity Score:: Medium
CVE:: 2024-35653

Plugin:: WordPress Infinite Scroll � Ajax Load More
Plugin Slug:: ajax-load-more
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.1.2
Severity Score:: Medium
CVE:: 2024-4711

Plugin:: Shield Security � Smart Bot Blocking & Intrusion Prevention Security
Plugin Slug:: wp-simple-firewall
Installations: 50,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 19.1.11
Severity Score:: Medium
CVE:: 2024-4344

Plugin:: DethemeKit For Elementor
Plugin Slug:: dethemekit-for-elementor
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.5
Severity Score:: Medium
CVE:: 2024-5418

Plugin:: Post Grid Gutenberg Blocks and WordPress Blog Plugin � PostX
Plugin Slug:: ultimate-post
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.1.2
Severity Score:: Medium
CVE:: 2024-5223

Plugin:: HTML5 Video Player � Best WordPress Video Player Plugin and Block
Plugin Slug:: html5-video-player
Installations: 30,000+
Vulnerability:: SQL Injection
Patched in Version:: 2.5.27
Severity Score:: Critical
CVE:: 2024-5522

Plugin:: Master Addons � Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor
Plugin Slug:: master-addons
Installations: 30,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.0.5.6
Severity Score:: Medium
CVE:: 2024-35660

Plugin:: SureTriggers � Connect All Your Plugins, Apps, Tools & Automate Everything!
Plugin Slug:: suretriggers
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.48
Severity Score:: Medium
CVE:: 2024-5485

Plugin:: Content Blocks (Custom Post Widget)
Plugin Slug:: custom-post-widget
Installations: 20,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 3.3.1
Severity Score:: High
CVE:: 2024-3564

Plugin:: Responsive Addons � Starter Templates, Advanced Features and Customizer Settings for Responsive Theme.
Plugin Slug:: responsive-add-ons
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.0.6
Severity Score:: Medium
CVE:: 2024-5222

Plugin:: wpForo Forum
Plugin Slug:: wpforo
Installations: 20,000+
Vulnerability:: SQL Injection
Patched in Version:: 2.3.4
Severity Score:: High
CVE:: 2024-3200

Plugin:: Gum Elementor Addon
Plugin Slug:: gum-elementor-addon
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.5
Severity Score:: Medium
CVE:: 2024-4668

Plugin:: LifterLMS � WordPress LMS for eLearning
Plugin Slug:: lifterlms
Installations: 10,000+
Vulnerability:: SQL Injection
Patched in Version:: 7.6.3
Severity Score:: High
CVE:: 2024-4743

Plugin:: Elements For Elementor
Plugin Slug:: nd-elements
Installations: 10,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 2.2
Severity Score:: High
CVE:: 2024-5348

Plugin:: Simple Like Page Plugin
Plugin Slug:: simple-facebook-plugin
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.3
Severity Score:: Medium
CVE:: 2024-3583

Plugin:: Weaver Xtreme Theme Support
Plugin Slug:: weaverx-theme-support
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.5
Severity Score:: Medium
CVE:: 2024-4939

Plugin:: Five Star Restaurant Menu and Food Ordering
Plugin Slug:: food-and-drink-menu
Installations: 7,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.4.17
Severity Score:: Medium
CVE:: 2024-5459

Plugin:: ProfileGrid � User Profiles, Groups and Communities
Plugin Slug:: profilegrid-user-profiles-groups-and-communities
Installations: 7,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.8.7
Severity Score:: Medium
CVE:: 2024-5453

Plugin:: Integrate Google Drive � Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files into Your WordPress Site
Plugin Slug:: integrate-google-drive
Installations: 6,000+
Vulnerability:: Broken Authentication
Patched in Version:: 1.3.94
Severity Score:: Medium
CVE:: 2024-35670

Plugin:: WPCafe � Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce
Plugin Slug:: wp-cafe
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.26
Severity Score:: Medium
CVE:: 2024-5427

Plugin:: Shopping Cart & eCommerce Store
Plugin Slug:: wp-easycart
Installations: 5,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.6.0
Severity Score:: Medium
CVE:: 2024-35667

Plugin:: Debug Log Manager
Plugin Slug:: debug-log-manager
Installations: 4,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.3.2
Severity Score:: Medium
CVE:: 2024-35669

Plugin:: Responsive Owl Carousel for Elementor
Plugin Slug:: responsive-owl-carousel-elementor
Installations: 4,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 1.2.1
Severity Score:: High
CVE:: 2024-5345

Plugin:: Mollie Forms
Plugin Slug:: mollie-forms
Installations: 3,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.6.14
Severity Score:: Medium
CVE:: 2024-2368

Plugin:: Preferred Languages
Plugin Slug:: preferred-languages
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.3.0
Severity Score:: Medium
CVE:: 2024-35644

Plugin:: Simple Ajax Chat � Add a Fast, Secure Chat Box
Plugin Slug:: simple-ajax-chat
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 20240412
Severity Score:: Medium
CVE:: 2024-2470

Plugin:: Site Favicon
Plugin Slug:: site-favicon
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 0.3
Severity Score:: Medium
CVE:: 2024-35642

Plugin:: Visual Website Collaboration, Feedback & Project Management � Atarim
Plugin Slug:: atarim-visual-collaboration
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.31
Severity Score:: High
CVE:: 2024-2793

Plugin:: Church Admin
Plugin Slug:: church-admin
Installations: 1,000+
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: 4.4.0
Severity Score:: Medium
CVE:: 2024-35637

Plugin:: Emergency Password Reset
Plugin Slug:: emergency-password-reset
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 9.0
Severity Score:: Medium
CVE:: 2024-35648

Plugin:: Event Tickets with Ticket Scanner
Plugin Slug:: event-tickets-with-ticket-scanner
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.3.2
Severity Score:: High
CVE:: 2024-35652

Plugin:: GamiPress � Link
Plugin Slug:: gamipress-link
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.5
Severity Score:: Medium
CVE:: 2024-5536

Plugin:: Safety Exit
Plugin Slug:: safety-exit
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.7.1
Severity Score:: Medium
CVE:: 2024-35640

Plugin:: Save as PDF Plugin by Pdfcrowd
Plugin Slug:: save-as-pdf-by-pdfcrowd
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.3.0
Severity Score:: Medium
CVE:: 2024-35649

Plugin:: WP Flow Plus
Plugin Slug:: wp-imageflow2
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.2.3
Severity Score:: Medium
CVE:: 2024-35651

Plugin:: MelaPress Login Security
Plugin Slug:: melapress-login-security
Installations: 600+
Vulnerability:: Local File Inclusion
Patched in Version:: 1.3.1
Severity Score:: Medium
CVE:: 2024-35650

Plugin:: Gutenberg Blocks and Page Layouts � Attire Blocks
Plugin Slug:: attire-blocks
Installations: 400+
Vulnerability:: Broken Access Control
Patched in Version:: 1.9.3
Severity Score:: Medium
CVE:: 2024-4088

Plugin:: Just Writing Statistics
Plugin Slug:: just-writing-statistics
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.6
Severity Score:: Medium
CVE:: 2024-35641

Plugin:: Advanced Custom Fields PRO
Plugin Slug:: advanced-custom-fields-pro
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 6.3
Severity Score:: Medium
CVE:: 2024-4565

Plugin:: Boostify Header Footer Builder for Elementor
Plugin Slug:: boostify-header-footer-builder
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.3
Severity Score:: Medium
CVE:: 2024-5006

Plugin:: Buddyboss Platform
Plugin Slug:: buddyboss-platform
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 2.6.0
Severity Score:: Medium
CVE:: 2024-4750

Plugin:: Contact Form Manager
Plugin Slug:: contact-form-manager
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.1
Severity Score:: Medium
CVE:: 2024-2295

Plugin:: GP Premium
Plugin Slug:: gp-premium
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.1
Severity Score:: High
CVE:: 2024-3469

Plugin:: tagDiv Composer
Plugin Slug:: td-composer
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.9
Severity Score:: Medium
CVE:: 2024-3888

Plugin:: The Plus Addons for Elementor Pro
Plugin Slug:: theplus_elementor_addon
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.5.5
Severity Score:: Medium
CVE:: 2024-5341

Plugin:: Checkout Field Editor for WooCommerce (Pro)
Plugin Slug:: woocommerce-checkout-field-editor-pro
Vulnerability:: Arbitrary File Deletion
Patched in Version:: 3.6.3
Severity Score:: High
CVE:: 2024-35658

Plugin:: WP eMember
Plugin Slug:: wp-eMember
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 10.3.9
Severity Score:: High
CVE:: 2024-4749

Plugin:: WPvivid Backup for MainWP
Plugin Slug:: wpvivid-backup-mainw
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 0.9.33
Severity Score:: High
CVE:: 2024-35664

WordPress Themes � 1 Patched / 0 Unpatched

Theme:: Responsive
Theme Slug:: responsive
Downloads: 4,502,287
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.0.3.1
Severity Score:: Medium
CVE:: 2024-35654