WordPress Vulnerability Report � May 8, 2024

In this report, 219 vulnerabilities have been publicly disclosed. Security patches for 135 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 84 plugin and theme vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

WordPress Core

WordPress 6.5.3 was released on May 7, 2024, as a short-cycle maintenance release. This release features 12 bug fixes on Core and 9 bug fixes for the Block editor.

The next major release will be version 6.6 planned for July 2024.

WordPress Plugins � 129 Patched / 82 Unpatched

Plugin:: Gutenberg Blocks with AI by Kadence WP � Page Builder Features
Plugin Slug:: kadence-blocks
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-2273

Plugin:: All-in-One Video Gallery
Plugin Slug:: all-in-one-video-gallery
Installations: 20,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-4033

Plugin:: Xserver Migrator
Plugin Slug:: xserver-migrator
Installations: 20,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-33913

Plugin:: Booster Extension
Plugin Slug:: booster-extension
Installations: 10,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-2109

Plugin:: rtMedia for WordPress, BuddyPress and bbPress
Plugin Slug:: buddypress-media
Installations: 10,000+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High

Plugin:: Democracy Poll
Plugin Slug:: democracy-poll
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-33920

Plugin:: Responsive Contact Form Builder & Lead Generation Plugin
Plugin Slug:: lead-form-builder
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-3637

Plugin:: Login Logout Register Menu
Plugin Slug:: login-logout-register-menu
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-33932

Plugin:: Print-O-Matic
Plugin Slug:: print-o-matic
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-33936

Plugin:: All-in-One Addons for Elementor � WidgetKit
Plugin Slug:: widgetkit-for-elementor
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-33908

Plugin:: WP Post Author � Enhance Your Posts with the Author Bio, Co-Authors, Guest Authors, and Post Rating System, including User Registration Form Builder
Plugin Slug:: wp-post-author
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-34389

Plugin:: WP Post Author � Enhance Your Posts with the Author Bio, Co-Authors, Guest Authors, and Post Rating System, including User Registration Form Builder
Plugin Slug:: wp-post-author
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-34387

Plugin:: EventON
Plugin Slug:: eventon-lite
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-33940

Plugin:: Eleblog � Elementor Blog And Magazine Addons
Plugin Slug:: ele-blog
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-33945

Plugin:: Share This Image
Plugin Slug:: share-this-image
Installations: 2,000+
Vulnerability:: Open Redirection
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-33930

Plugin:: Simple Image Popup
Plugin Slug:: simple-image-popup
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-4433

Plugin:: Admin Page Spider
Plugin Slug:: admin-page-spider
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-2401

Plugin:: Post Grid Master � Custom Post Types, Taxonomies & Ajax Filter Everything with Infinite Scroll, Load More, Pagination & Shortcode Builder
Plugin Slug:: ajax-filter-posts
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-34390

Plugin:: Viet Nam Affiliate
Plugin Slug:: viet-nam-affiliate
Installations: 10+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-34417

Plugin:: 5280 Bootstrap Modal Contact Form
Plugin Slug:: 5280-bootstrap-modal-contact-form
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-0847

Plugin:: Print Barcode Labels for your WooCommerce products/orders
Plugin Slug:: a4-barcode-generator
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-1677

Plugin:: Print Barcode Labels for your WooCommerce products/orders
Plugin Slug:: a4-barcode-generator
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-1679

Plugin:: AA Cash Calculator
Plugin Slug:: aa-calculator
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-0848

Plugin:: ACF Front End Editor
Plugin Slug:: acf-front-end-editor
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-3072

Plugin:: ACF On-The-Go
Plugin Slug:: acf-on-the-go
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-3071

Plugin:: AJAX Login and Registration modal popup + inline form
Plugin Slug:: ajax-login-and-registration-modal-popup
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-33918

Plugin:: AnnounceKit
Plugin Slug:: announcekit
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-3023

Plugin:: Archives Calendar Widget
Plugin Slug:: archives-calendar-widget
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-33950

Plugin:: AWSOM News Announcement
Plugin Slug:: awsom-news-announcement
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-34428

Plugin:: BlogLentor
Plugin Slug:: bloglentor-for-elementor
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-34421

Plugin:: Brozzme Scroll Top
Plugin Slug:: brozzme-scroll-top
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-34426

Plugin:: Calendar
Plugin Slug:: calendar
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-2831

Plugin:: canvasio3D Light
Plugin Slug:: canvasio3d-light
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-34411

Plugin:: Configure Login Timeout
Plugin Slug:: configure-login-timeout
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-34419

Plugin:: Corona Virus (COVID-19) Banner & Live Data
Plugin Slug:: corona-virus-covid-19-banner
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-34429

Plugin:: CPO Companion
Plugin Slug:: cpo-companion
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-33916

Plugin:: Crelly Slider
Plugin Slug:: crelly-slider
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-3752

Plugin:: Different Menu in Different Pages
Plugin Slug:: different-menus-in-different-pages
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-3206

Plugin:: Easy Restaurant Table Booking
Plugin Slug:: easy-table-booking
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-4083

Plugin:: Event Management Tickets Booking
Plugin Slug:: event-monster
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-1895

Plugin:: Fancy Elementor Flipbox
Plugin Slug:: fancy-elementor-flipbox
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-2349

Plugin:: Elementor ImageBox
Plugin Slug:: fd-elementor-imagebox
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-3074

Plugin:: Featured Content Gallery
Plugin Slug:: featured-content-gallery
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-34424

Plugin:: Forty Four � 404 Plugin for WordPress
Plugin Slug:: forty-four
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-34423

Plugin:: WP Front User Submit / Front Editor
Plugin Slug:: front-editor
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-2967

Plugin:: GDPR Compliance
Plugin Slug:: gdpr-compliance
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-34388

Plugin:: Giphypress
Plugin Slug:: giphypress
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-33927

Plugin:: Google Document Embedder
Plugin Slug:: google-document-embedder
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-0216

Plugin:: Google Typography
Plugin Slug:: google-typography
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-33942

Plugin:: Comments Evolved for WordPress
Plugin Slug:: gplus-comments
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-34420

Plugin:: GWP-Histats
Plugin Slug:: gwp-histats
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-33926

Plugin:: Inline Google Spreadsheet Viewer
Plugin Slug:: inline-google-spreadsheet-viewer
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-3674

Plugin:: MF Gig Calendar
Plugin Slug:: mf-gig-calendar
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-3755

Plugin:: Min and Max Purchase for WooCommerce
Plugin Slug:: min-and-max-purchase-for-woocommerce
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-33949

Plugin:: Mini Loops
Plugin Slug:: mini-loops
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-33934

Plugin:: Grid Gallery
Plugin Slug:: new-grid-gallery
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-1897

Plugin:: Photo Gallery � Responsive Photo Gallery
Plugin Slug:: new-photo-gallery
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-1896

Plugin:: CodeBard’s Patron Button and Widgets for Patreon
Plugin Slug:: patron-button-and-widgets-by-codebard
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-33928

Plugin:: PB MailCrypt
Plugin Slug:: pb-mailcrypt-antispam-email-encryption
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-33935

Plugin:: Perfect Pullquotes
Plugin Slug:: perfect-pullquotes
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-33951

Plugin:: Pk Favicon Manager
Plugin Slug:: phpsword-favicon-manager
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-34416

Plugin:: Progressive WordPress (PWA)
Plugin Slug:: progressive-wp
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-33937

Plugin:: QuickieBar
Plugin Slug:: quickiebar
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-34425

Plugin:: Realtyna Organic IDX plugin
Plugin Slug:: real-estate-listing-realtyna-wpl
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-33924

Plugin:: School Management Pro
Plugin Slug:: school-management-pro
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-33911

Plugin:: Sliding Widgets
Plugin Slug:: sliding-widgets
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-33938

Plugin:: Social Share Buttons by Supsystic
Plugin Slug:: social-share-buttons-by-supsystic
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-22303

Plugin:: SP Project & Document Manager
Plugin Slug:: sp-client-document-manager
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-33923

Plugin:: Subway � Private Site Option
Plugin Slug:: subway
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-1678

Plugin:: SVS Pricing Tables
Plugin Slug:: svs-pricing-tables
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-2958

Plugin:: SVS Pricing Tables
Plugin Slug:: svs-pricing-tables
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-2959

Plugin:: Swift Framework
Plugin Slug:: swift-framework
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-3916

Plugin:: Swift Framework
Plugin Slug:: swift-framework
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-3915

Plugin:: TT Custom Post Type Creator
Plugin Slug:: tt-custom-post-type-creator
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-34430

Plugin:: TweetScroll Widget
Plugin Slug:: tweetscroll-widget
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-33948

Plugin:: Viet Affiliate Link
Plugin Slug:: viet-affiliate-link
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-34422

Plugin:: Woo Total Sales
Plugin Slug:: woo-total-sales
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-1688

Plugin:: WP etracker
Plugin Slug:: wp-etracker
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-34431

Plugin:: WP Favorite Posts
Plugin Slug:: wp-favorite-posts
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-34427

Plugin:: WPCS ( WordPress Custom Search )
Plugin Slug:: wpcs-wp-custom-search
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-34418

Plugin:: WTI Like Post
Plugin Slug:: wti-like-post
Vulnerability:: Bypass Vulnerability
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-33917

Plugin:: ZD YouTube FLV Player
Plugin Slug:: zd-youtube-flv-player
Vulnerability:: Server Side Request Forgery (SSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-2663

Plugin:: Yoast SEO
Plugin Slug:: wordpress-seo
Installations: 5,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 22.6
Severity Score:: High
CVE:: 2024-4041

Plugin:: Contact Form by WPForms � Drag & Drop Form Builder for WordPress
Plugin Slug:: wpforms-lite
Installations: 5,000,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.8.8.2
Severity Score:: Medium
CVE:: 2024-3649

Plugin:: All in One SEO � Best WordPress SEO Plugin � Easily Improve SEO Rankings & Increase Traffic
Plugin Slug:: all-in-one-seo-pack
Installations: 3,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.6.1.1
Severity Score:: Medium
CVE:: 2024-3554

Plugin:: Essential Addons for Elementor � Best Elementor Templates, Widgets, Kits & WooCommerce Builders
Plugin Slug:: essential-addons-for-elementor-lite
Installations: 2,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.9.18
Severity Score:: Medium
CVE:: 2024-4156

Plugin:: Rank Math SEO with AI Best SEO Tools
Plugin Slug:: seo-by-rank-math
Installations: 2,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.218
Severity Score:: Medium
CVE:: 2024-4335

Plugin:: ElementsKit Elementor addons and Templates Library
Plugin Slug:: elementskit-lite
Installations: 1,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1.3
Severity Score:: Medium
CVE:: 2024-3650

Plugin:: Premium Addons for Elementor
Plugin Slug:: premium-addons-for-elementor
Installations: 700,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.10.31
Severity Score:: Medium
CVE:: 2024-4203

Plugin:: Spectra � WordPress Gutenberg Blocks
Plugin Slug:: ultimate-addons-for-gutenberg
Installations: 700,000+
Vulnerability:: Path Traversal
Patched in Version:: 2.12.7
Severity Score:: Medium
CVE:: 2024-3107

Plugin:: Contact Form 7 Database Addon � CFDB7
Plugin Slug:: contact-form-cfdb7
Installations: 600,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.2.7
Severity Score:: Medium
CVE:: 2024-3870

Plugin:: WP Shortcodes Plugin � Shortcodes Ultimate
Plugin Slug:: shortcodes-ultimate
Installations: 600,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.1.3
Severity Score:: Medium
CVE:: 2024-3550

Plugin:: SEOPress � On-site SEO
Plugin Slug:: wp-seopress
Installations: 300,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 7.7
Severity Score:: Medium
CVE:: 2024-34383

Plugin:: Jeg Elementor Kit
Plugin Slug:: jeg-elementor-kit
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.5
Severity Score:: Medium
CVE:: 2024-3819

Plugin:: Qi Addons For Elementor
Plugin Slug:: qi-addons-for-elementor
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.7.1
Severity Score:: Medium
CVE:: 2024-3309

Plugin:: Supreme Modules Lite � Divi Theme, Extra Theme and Divi Builder
Plugin Slug:: supreme-modules-for-divi
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.5.4
Severity Score:: Medium
CVE:: 2024-4334

Plugin:: Elementor Addon Elements
Plugin Slug:: addon-elements-for-elementor-page-builder
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.13.4
Severity Score:: Medium
CVE:: 2024-3743

Plugin:: BackUpWordPress
Plugin Slug:: backupwordpress
Installations: 100,000+
Vulnerability:: Directory Traversal
Patched in Version:: 3.14
Severity Score:: Low
CVE:: 2024-3034

Plugin:: BuddyPress
Plugin Slug:: buddypress
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 12.4.1
Severity Score:: Medium
CVE:: 2024-3974

Plugin:: Content Views � Post Grid & Filter, Recent Posts, Category Posts, & More (Gutenberg Blocks and Shortcode)
Plugin Slug:: content-views-query-and-display-post-page
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.7.2
Severity Score:: Medium
CVE:: 2024-4446

Plugin:: The Plus Addons for Elementor � Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce
Plugin Slug:: the-plus-addons-for-elementor-page-builder
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.5.0
Severity Score:: Medium
CVE:: 2024-34373

Plugin:: ShopLentor � WooCommerce Builder for Elementor & Gutenberg +12 Modules � All in One Solution (formerly WooLentor)
Plugin Slug:: woolentor-addons
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.8.8
Severity Score:: Medium
CVE:: 2023-6327

Plugin:: ShopLentor � WooCommerce Builder for Elementor & Gutenberg +12 Modules � All in One Solution (formerly WooLentor)
Plugin Slug:: woolentor-addons
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.8.8
Severity Score:: Medium
CVE:: 2024-3991

Plugin:: The Post Grid � Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid
Plugin Slug:: the-post-grid
Installations: 90,000+
Vulnerability:: Broken Access Control
Patched in Version:: 7.7.0
Severity Score:: Medium
CVE:: 2024-3936

Plugin:: MailerLite � Signup forms (official)
Plugin Slug:: official-mailerlite-sign-up-forms
Installations: 80,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.7.7
Severity Score:: Medium
CVE:: 2024-1386

Plugin:: MailerLite � Signup forms (official)
Plugin Slug:: official-mailerlite-sign-up-forms
Installations: 80,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.7.7
Severity Score:: Medium
CVE:: 2024-2797

Plugin:: Sydney Toolbox
Plugin Slug:: sydney-toolbox
Installations: 80,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.31
Severity Score:: Medium
CVE:: 2024-4036

Plugin:: Tutor LMS � eLearning and online course solution
Plugin Slug:: tutor
Installations: 80,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.7.0
Severity Score:: Medium
CVE:: 2024-3553

Plugin:: WP ULike � Most Advanced WordPress Marketing Toolkit
Plugin Slug:: wp-ulike
Installations: 80,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.7.0
Severity Score:: Medium
CVE:: 2024-1572

Plugin:: WP ULike � Most Advanced WordPress Marketing Toolkit
Plugin Slug:: wp-ulike
Installations: 80,000+
Vulnerability:: SQL Injection
Patched in Version:: 4.7.0
Severity Score:: High
CVE:: 2024-1797

Plugin:: WP ULike � Most Advanced WordPress Marketing Toolkit
Plugin Slug:: wp-ulike
Installations: 80,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.7.0
Severity Score:: Medium
CVE:: 2024-1759

Plugin:: Folders � Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager
Plugin Slug:: folders
Installations: 70,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.0.3
Severity Score:: Medium
CVE:: 2024-3868

Plugin:: 3D FlipBook � PDF Flipbook WordPress
Plugin Slug:: interactive-3d-flipbook-powered-physics-engine
Installations: 70,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.15.5
Severity Score:: Medium
CVE:: 2024-3883

Plugin:: Media Cleaner: Clean your WordPress!
Plugin Slug:: media-cleaner
Installations: 70,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 6.7.3
Severity Score:: Medium
CVE:: 2024-33922

Plugin:: Drag and Drop Multiple File Upload � Contact Form 7
Plugin Slug:: drag-and-drop-multiple-file-upload-contact-form-7
Installations: 60,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.3.7.8
Severity Score:: Medium
CVE:: 2024-3717

Plugin:: Exclusive Addons for Elementor
Plugin Slug:: exclusive-addons-for-elementor
Installations: 60,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.6.9.2
Severity Score:: Medium
CVE:: 2024-33914

Plugin:: Getwid � Gutenberg Blocks
Plugin Slug:: getwid
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.8
Severity Score:: Medium
CVE:: 2024-3588

Plugin:: Form Maker by 10Web � Mobile-Friendly Drag & Drop Contact Form Builder
Plugin Slug:: form-maker
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.15.25
Severity Score:: Medium
CVE:: 2024-2258

Plugin:: Image Hover Effects � Elementor Addon
Plugin Slug:: image-hover-effects-addon-for-elementor
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4.2
Severity Score:: Medium
CVE:: 2024-1166

Plugin:: Photo Gallery, Images, Slider in Rbs Image Gallery
Plugin Slug:: robo-gallery
Installations: 50,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 3.2.19
Severity Score:: Medium
CVE:: 2024-34382

Plugin:: Simple Membership
Plugin Slug:: simple-membership
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.4.6
Severity Score:: Medium
CVE:: 2024-4383

Plugin:: Anti-Spam: Spam Protection | Block Spam Users, Comments, Forms
Plugin Slug:: stop-spammer-registrations-plugin
Installations: 50,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2024.5
Severity Score:: Medium
CVE:: 2023-7065

Plugin:: Booster for WooCommerce
Plugin Slug:: woocommerce-jetpack
Installations: 50,000+
Vulnerability:: Broken Access Control
Patched in Version:: 7.1.9
Severity Score:: Medium
CVE:: 2024-3957

Plugin:: WP Recipe Maker
Plugin Slug:: wp-recipe-maker
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 9.4.0
Severity Score:: Medium
CVE:: 2024-3490

Plugin:: Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates)
Plugin Slug:: sina-extension-for-elementor
Installations: 40,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 3.5.2
Severity Score:: Medium
CVE:: 2024-34384

Plugin:: Analytify � Google Analytics Dashboard For WordPress (GA4 analytics made easy)
Plugin Slug:: wp-analytify
Installations: 40,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.2.4
Severity Score:: Medium
CVE:: 2024-1809

Plugin:: Analytify � Google Analytics Dashboard For WordPress (GA4 analytics made easy)
Plugin Slug:: wp-analytify
Installations: 40,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.2.4
Severity Score:: Medium
CVE:: 2024-1584

Plugin:: WP Video Lightbox
Plugin Slug:: wp-post-459161 wp-video-lightbox
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.9.11
Severity Score:: Medium
CVE:: 2024-4324

Plugin:: Popup Box � Best WordPress Popup Plugin
Plugin Slug:: ays-popup-box
Installations: 30,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 4.1.3
Severity Score:: High
CVE:: 2024-34367

Plugin:: Float menu � awesome floating side menu
Plugin Slug:: float-menu
Installations: 30,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 6.0.1
Severity Score:: Medium
CVE:: 2024-2405

Plugin:: Gutenverse � Gutenberg Blocks � Page Builder for Site Editor
Plugin Slug:: gutenverse
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.9.1
Severity Score:: Medium
CVE:: 2024-3692

Plugin:: Master Addons � Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor
Plugin Slug:: master-addons
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.6.0
Severity Score:: Medium
CVE:: 2024-4265

Plugin:: Timetable and Event Schedule by MotoPress
Plugin Slug:: mp-timetable
Installations: 30,000+
Vulnerability:: SQL Injection
Patched in Version:: 2.4.12
Severity Score:: High
CVE:: 2024-3342

Plugin:: LeadConnector
Plugin Slug:: leadconnector
Installations: 20,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.8
Severity Score:: High
CVE:: 2024-34378

Plugin:: LeadConnector
Plugin Slug:: leadconnector
Installations: 20,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.8
Severity Score:: Medium
CVE:: 2024-1371

Plugin:: ClickCease Click Fraud Protection
Plugin Slug:: clickcease-click-fraud-protection
Installations: 10,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 3.2.5
Severity Score:: Medium
CVE:: 2023-6810

Plugin:: RegistrationMagic � User Registration Plugin with Custom Registration Forms
Plugin Slug:: custom-registration-form-builder-with-submission-manager
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.3.2.1
Severity Score:: High
CVE:: 2024-33947

Plugin:: Directorist � WordPress Business Directory Plugin with Classified Ads Listings
Plugin Slug:: directorist
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 7.9.0
Severity Score:: Medium
CVE:: 2024-33929

Plugin:: EAN for WooCommerce
Plugin Slug:: ean-for-woocommerce
Installations: 10,000+
Vulnerability:: Privilege Escalation
Patched in Version:: 4.9.0
Severity Score:: High
CVE:: 2024-34370

Plugin:: GamiPress � The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress
Plugin Slug:: gamipress
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 6.8.9
Severity Score:: Low
CVE:: 2024-2505

Plugin:: LA-Studio Element Kit for Elementor
Plugin Slug:: lastudio-element-kit
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.7.6
Severity Score:: Medium
CVE:: 2024-3005

Plugin:: Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps)
Plugin Slug:: leaflet-maps-marker
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.12.9
Severity Score:: Medium
CVE:: 2024-3670

Plugin:: MasterStudy LMS WordPress Plugin � for Online Courses and Education
Plugin Slug:: masterstudy-lms-learning-management-system
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.3.9
Severity Score:: Medium
CVE:: 2024-3942

Plugin:: Modal Window � create popup modal window
Plugin Slug:: modal-window
Installations: 10,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 5.3.10
Severity Score:: Medium
CVE:: 2024-3472

Plugin:: WordPress Header Builder Plugin � Pearl
Plugin Slug:: pearl-header-builder
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.7
Severity Score:: Medium
CVE:: 2024-4000

Plugin:: ReviewX � Multi-criteria Rating & Reviews for WooCommerce
Plugin Slug:: reviewx
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.6.22
Severity Score:: Medium
CVE:: 2024-33921

Plugin:: RomethemeKit For Elementor
Plugin Slug:: rometheme-for-elementor
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.4.2
Severity Score:: Medium
CVE:: 2024-33919

Plugin:: Simple Basic Contact Form
Plugin Slug:: simple-basic-contact-form
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 20240502
Severity Score:: High
CVE:: 2024-4150

Plugin:: Thim Elementor Kit
Plugin Slug:: thim-elementor-kit
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.9
Severity Score:: Medium
CVE:: 2024-34415

Plugin:: Web Push Notifications � Webpushr
Plugin Slug:: webpushr-web-push-notifications
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.36.0
Severity Score:: High
CVE:: 2024-34369

Plugin:: Alt Text AI � Automatically generate image alt text for SEO and accessibility
Plugin Slug:: alttext-ai
Installations: 9,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.5
Severity Score:: Medium
CVE:: 2024-34366

Plugin:: Smart Forms � when you need more than just a contact form
Plugin Slug:: smart-forms
Installations: 9,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.96
Severity Score:: Medium
CVE:: 2024-1905

Plugin:: ARMember � Membership Plugin, Content Restriction, Member Levels, User Profile & User signup
Plugin Slug:: armember-membership
Installations: 8,000+
Vulnerability:: Open Redirection
Patched in Version:: 4.0.31
Severity Score:: Medium
CVE:: 2024-4133

Plugin:: Embed Google Fonts
Plugin Slug:: embed-google-fonts
Installations: 8,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.1.1
Severity Score:: Medium
CVE:: 2024-33925

Plugin:: WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting
Plugin Slug:: erp
Installations: 8,000+
Vulnerability:: SQL Injection
Patched in Version:: 1.13.2
Severity Score:: High
CVE:: 2024-1173

Plugin:: WordPress Affiliates Plugin � SliceWP Affiliates
Plugin Slug:: slicewp
Installations: 8,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.11
Severity Score:: Medium
CVE:: 2024-34413

Plugin:: WPC Composite Products for WooCommerce
Plugin Slug:: wpc-composite-products
Installations: 8,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.2.8
Severity Score:: Medium
CVE:: 2024-2838

Plugin:: Customer Email Verification for WooCommerce
Plugin Slug:: emails-verification-for-woocommerce
Installations: 7,000+
Vulnerability:: Bypass Vulnerability
Patched in Version:: 2.7.5
Severity Score:: Medium
CVE:: 2024-4185

Plugin:: iPanorama 360 � WordPress Virtual Tour Builder
Plugin Slug:: ipanorama-360-virtual-tour-builder-lite
Installations: 7,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.8.2
Severity Score:: Medium
CVE:: 2024-33941

Plugin:: Shipment Tracking, Tracking, and Order Tracking for WooCommerce � ParcelPanel (Free to install)
Plugin Slug:: parcelpanel
Installations: 7,000+
Vulnerability:: SQL Injection
Patched in Version:: 3.9.0
Severity Score:: High
CVE:: 2024-34412

Plugin:: Sticky Buttons � floating buttons builder
Plugin Slug:: sticky-buttons
Installations: 7,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.2.4
Severity Score:: Medium
CVE:: 2024-3475

Plugin:: Button Generator � easily Button Builder
Plugin Slug:: button-generation
Installations: 6,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 3.0
Severity Score:: Medium
CVE:: 2024-3471

Plugin:: Print My Blog � Print, PDF, & eBook Converter WordPress Plugin
Plugin Slug:: print-my-blog
Installations: 6,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.26.3
Severity Score:: Medium
CVE:: 2024-33907

Plugin:: Side Menu Lite � add sticky fixed buttons
Plugin Slug:: side-menu-lite
Installations: 6,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 4.2.1
Severity Score:: Medium
CVE:: 2024-3476

Plugin:: Edwiser Bridge � WordPress Moodle LMS Integration
Plugin Slug:: edwiser-bridge
Installations: 5,000+
Vulnerability:: Privilege Escalation
Patched in Version:: 3.0.6
Severity Score:: Critical
CVE:: 2024-4186

Plugin:: ElementsReady Addons for Elementor
Plugin Slug:: element-ready-lite
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.9.0
Severity Score:: Medium
CVE:: 2024-34374

Plugin:: Testimonial Slider
Plugin Slug:: testimonial-slider
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.3
Severity Score:: Medium
CVE:: 2024-4193

Plugin:: WPify Woo Czech
Plugin Slug:: wpify-woo
Installations: 5,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.0.11
Severity Score:: High
CVE:: 2024-33946

Plugin:: Popup Box � new WordPress popup plugin
Plugin Slug:: popup-box
Installations: 4,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.2.7
Severity Score:: Medium
CVE:: 2024-3477

Plugin:: Startklar Elementor Addons
Plugin Slug:: startklar-elmentor-forms-extwidgets
Installations: 4,000+
Vulnerability:: Arbitrary File Deletion
Patched in Version:: 1.7.14
Severity Score:: High
CVE:: 2024-4346

Plugin:: Startklar Elementor Addons
Plugin Slug:: startklar-elmentor-forms-extwidgets
Installations: 4,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 1.7.14
Severity Score:: Critical
CVE:: 2024-4345

Plugin:: Auto Affiliate Links
Plugin Slug:: wp-auto-affiliate-links
Installations: 4,000+
Vulnerability:: SQL Injection
Patched in Version:: 6.4.4
Severity Score:: High
CVE:: 2024-34386

Plugin:: Custom WooCommerce Checkout Fields Editor
Plugin Slug:: add-fields-to-checkout-page-woocommerce
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.3.2
Severity Score:: Medium
CVE:: 2024-33956

Plugin:: Debug Log Manager
Plugin Slug:: debug-log-manager
Installations: 3,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.3.2
Severity Score:: Medium
CVE:: 2024-33915

Plugin:: Mihdan: Yandex Turbo Feed
Plugin Slug:: mihdan-yandex-turbo-feed
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.6.6
Severity Score:: Medium
CVE:: 2024-4411

Plugin:: Herd Effects � fake notifications and social proof plugin
Plugin Slug:: mwp-herd-effect
Installations: 3,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 5.2.7
Severity Score:: Medium
CVE:: 2024-3478

Plugin:: PropertyHive
Plugin Slug:: propertyhive
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.11
Severity Score:: Medium
CVE:: 2024-34381

Plugin:: iPages Flipbook For WordPress
Plugin Slug:: ipages-flipbook
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.5.2
Severity Score:: Medium
CVE:: 2024-33909

Plugin:: JW Player for WordPress
Plugin Slug:: jw-player-7-for-wp
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.3.4
Severity Score:: Medium
CVE:: 2024-33931

Plugin:: Masteriyo LMS � eLearning and Online Course Builder for WordPress
Plugin Slug:: learning-management-system
Installations: 2,000+
Vulnerability:: Broken Authentication
Patched in Version:: 1.7.4
Severity Score:: Medium
CVE:: 2024-33939

Plugin:: Video Gallery � Api Gallery, YouTube and Vimeo, Link Gallery
Plugin Slug:: new-video-gallery
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.5.4
Severity Score:: Medium
CVE:: 2024-34377

Plugin:: Table Plugin for WordPress with Google Sheets Integration � Sheets to WP Table Live Sync
Plugin Slug:: sheets-to-wp-table-live-sync
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.7.1
Severity Score:: Medium
CVE:: 2024-34375

Plugin:: Ultimate Under Construction
Plugin Slug:: ultimate-under-construction
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.9.4
Severity Score:: Medium
CVE:: 2024-33943

Plugin:: Where Did You Hear About Us Checkout Field for WooCommerce
Plugin Slug:: wc-customer-source
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.2
Severity Score:: Medium
CVE:: 2024-2752

Plugin:: Follow Us Badges
Plugin Slug:: wpsite-follow-us-badges
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1.11
Severity Score:: Medium
CVE:: 2024-3280

Plugin:: Academy LMS � eLearning and online course solution for WordPress
Plugin Slug:: academy
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.9.17
Severity Score:: High
CVE:: 2024-33912

Plugin:: Admin Bar Editor � Hide Toolbar by User Roles
Plugin Slug:: admin-bar
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.0.23
Severity Score:: Medium
CVE:: 2024-1716

Plugin:: Post Grid Master � Custom Post Types, Taxonomies & Ajax Filter Everything with Infinite Scroll, Load More, Pagination & Shortcode Builder
Plugin Slug:: ajax-filter-posts
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.4.8
Severity Score:: Medium
CVE:: 2024-34372

Plugin:: ChatBot Conversational Forms
Plugin Slug:: conversational-forms
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.0
Severity Score:: Medium
CVE:: 2024-34380

Plugin:: Counter Box � WordPress plugin for countdown, timer, counter
Plugin Slug:: counter-box
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.2.4
Severity Score:: Medium
CVE:: 2024-3481

Plugin:: Login with phone number
Plugin Slug:: login-with-phone-number
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.7.20
Severity Score:: Medium
CVE:: 2024-34371

Plugin:: Mooberry Book Manager
Plugin Slug:: mooberry-book-manager
Installations: 1,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 4.15.13
Severity Score:: Medium
CVE:: 2024-34368

Plugin:: SimpleShop
Plugin Slug:: simpleshop-cz
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.10.3
Severity Score:: Medium
CVE:: 2024-1229

Plugin:: SimpleShop
Plugin Slug:: simpleshop-cz
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.10.1
Severity Score:: Medium
CVE:: 2024-1230

Plugin:: MDTF � Meta Data and Taxonomies Filter
Plugin Slug:: wp-meta-data-filter-and-taxonomy-filter
Installations: 1,000+
Vulnerability:: Content Injection
Patched in Version:: 1.3.3.3
Severity Score:: Medium
CVE:: 2024-34434

Plugin:: Barcode Scanner and Inventory manager. POS (Point of Sale) � scan barcodes & create orders with barcode reader.
Plugin Slug:: barcode-scanner-lite-pos-to-manage-products-inventory-and-orders
Installations: 800+
Vulnerability:: SQL Injection
Patched in Version:: 1.5.5
Severity Score:: High
CVE:: 2024-2661