Nexcess.comServers.comLiquidWeb.com
Line illustration showing a black application window on a dark orange to black gradient background overlaid with a large exclamation point alert icon and three bugs.

WordPress Vulnerability Report � November 13, 2024

Sarah
Uncategorized

In this report, 323 vulnerabilities have been publicly disclosed. Security patches for 95 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 228 plugin and theme vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

WordPress Core

WordPress 6.7, code-named �Rollins,� is out now, paying tribute to the legendary jazz saxophonist Sonny Rollins. WordPress 6.7 debuts the modern Twenty Twenty-Five theme, offering design flexibility for blogs.

WordPress Plugins � 92 Patched / 226 Unpatched

Classified Listing � Classified ads & Business Directory Plugin

Plugin:

Classified Listing � Classified ads & Business Directory Plugin

Plugin Slug:
classified-listing

Installations
10,000+

Vulnerability:
Local File Inclusion

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-52386


The vulnerability has not been patched. You should deactivate the plugin.

Team Member � Multi Language Supported Team Plugin

Plugin:

Team Member � Multi Language Supported Team Plugin

Plugin Slug:
team-showcase-supreme

Installations
8,000+

Vulnerability:
Local File Inclusion

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-52385


The vulnerability has not been patched. You should deactivate the plugin.

Post From Frontend

Plugin:

Post From Frontend

Plugin Slug:
post-from-frontend

Installations
10+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-9689


The vulnerability has not been patched. You should deactivate the plugin.

AA Audio Player

Plugin:

AA Audio Player

Plugin Slug:
aa-audio-player

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-52348


The vulnerability has not been patched. You should deactivate the plugin.

Bing Search API Integration

Plugin:

Bing Search API Integration

Plugin Slug:
abbs-bing-search

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51692


The vulnerability has not been patched. You should deactivate the plugin.

AchillesTheme-shortcodes

Plugin:

AchillesTheme-shortcodes

Plugin Slug:
achilles-shortcodes

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51878


The vulnerability has not been patched. You should deactivate the plugin.

Add Ribbon Shortcode

Plugin:

Add Ribbon Shortcode

Plugin Slug:
add-ribbon

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51823


The vulnerability has not been patched. You should deactivate the plugin.

Advanced Video Player with Analytics

Plugin:

Advanced Video Player with Analytics

Plugin Slug:
advanced-video-player-with-analytics

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51824


The vulnerability has not been patched. You should deactivate the plugin.

Adventure Bucket List

Plugin:

Adventure Bucket List

Plugin Slug:
adventure-bucket-list

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51908


The vulnerability has not been patched. You should deactivate the plugin.

AgendaPress � Easily Publish Meeting Agendas and Programs on WordPress

Plugin:

AgendaPress � Easily Publish Meeting Agendas and Programs on WordPress

Plugin Slug:
agendapress

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51807


The vulnerability has not been patched. You should deactivate the plugin.

Sage AI: Chatbots, OpenAI GPT-4 Bulk Articles, Dalle-3 Image Generation

Plugin:

Sage AI: Chatbots, OpenAI GPT-4 Bulk Articles, Dalle-3 Image Generation

Plugin Slug:
ai-content-generator

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-52384


The vulnerability has not been patched. You should deactivate the plugin.

Instant Image Generator

Plugin:

Instant Image Generator

Plugin Slug:
ai-image

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-52377


The vulnerability has not been patched. You should deactivate the plugin.

Ajax Content Filter

Plugin:

Ajax Content Filter

Plugin Slug:
ajax-content-filter

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51717


The vulnerability has not been patched. You should deactivate the plugin.

Alert Me!

Plugin:

Alert Me!

Plugin Slug:
alert-me

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51825


The vulnerability has not been patched. You should deactivate the plugin.

EleForms

Plugin:

EleForms

Plugin Slug:
all-contact-form-integration-for-elementor

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-6626


The vulnerability has not been patched. You should deactivate the plugin.

Assist24 Help Desk

Plugin:

Assist24 Help Desk

Plugin Slug:
assist24it

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51910


The vulnerability has not been patched. You should deactivate the plugin.

Audio Record

Plugin:

Audio Record

Plugin Slug:
audio-record

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-51792


The vulnerability has not been patched. You should deactivate the plugin.

audioCase

Plugin:

audioCase

Plugin Slug:
audiocase

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51909


The vulnerability has not been patched. You should deactivate the plugin.

Awesome Fitness Testimonials

Plugin:

Awesome Fitness Testimonials

Plugin Slug:
awesome-fitness-testimonials

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51806


The vulnerability has not been patched. You should deactivate the plugin.

Awesome Tool Tip

Plugin:

Awesome Tool Tip

Plugin Slug:
awesome-tool-tip

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-52349


The vulnerability has not been patched. You should deactivate the plugin.

AzonBox

Plugin:

AzonBox

Plugin Slug:
azonbox

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51931


The vulnerability has not been patched. You should deactivate the plugin.

Bamboo Enquiries

Plugin:

Bamboo Enquiries

Plugin Slug:
bamboo-enquiries

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51859


The vulnerability has not been patched. You should deactivate the plugin.

Banner System

Plugin:

Banner System

Plugin Slug:
banner-system

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51816


The vulnerability has not been patched. You should deactivate the plugin.

Be Shortcodes

Plugin:

Be Shortcodes

Plugin Slug:
be-shortcodes

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51881


The vulnerability has not been patched. You should deactivate the plugin.

Beacon For Help Scout

Plugin:

Beacon For Help Scout

Plugin Slug:
beacon-for-helpscout

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51828


The vulnerability has not been patched. You should deactivate the plugin.

BeBetter Social Icons

Plugin:

BeBetter Social Icons

Plugin Slug:
bebetter-social-icons

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51880


The vulnerability has not been patched. You should deactivate the plugin.

best bootstrap widgets for elementor

Plugin:

best bootstrap widgets for elementor

Plugin Slug:
best-bootstrap-widgets-for-elementor

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51851


The vulnerability has not been patched. You should deactivate the plugin.

Bg Patriarchia BU

Plugin:

Bg Patriarchia BU

Plugin Slug:
bg-patriarchia-bu

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51799


The vulnerability has not been patched. You should deactivate the plugin.

Bitcoin Payments

Plugin:

Bitcoin Payments

Plugin Slug:
bitcoin-payments

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51826


The vulnerability has not been patched. You should deactivate the plugin.

Blocks Post Grid

Plugin:

Blocks Post Grid

Plugin Slug:
blocks-post-grid

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51928


The vulnerability has not been patched. You should deactivate the plugin.

Boat Rental Plugin for WordPress

Plugin:

Boat Rental Plugin for WordPress

Plugin Slug:
boat-rental-system

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-52376


The vulnerability has not been patched. You should deactivate the plugin.

Boombox Shortcode

Plugin:

Boombox Shortcode

Plugin Slug:
boombox-shortcode

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51827


The vulnerability has not been patched. You should deactivate the plugin.

Brand my Footer

Plugin:

Brand my Footer

Plugin Slug:
brand-my-footer

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51801


The vulnerability has not been patched. You should deactivate the plugin.

Bread & Butter

Plugin:

Bread & Butter

Plugin Slug:
bread-butter

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51802


The vulnerability has not been patched. You should deactivate the plugin.

Browsing History

Plugin:

Browsing History

Plugin Slug:
browsing-history

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51885


The vulnerability has not been patched. You should deactivate the plugin.

BU Slideshow

Plugin:

BU Slideshow

Plugin Slug:
bu-slideshow

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-52351


The vulnerability has not been patched. You should deactivate the plugin.

Buooy Sticky Header

Plugin:

Buooy Sticky Header

Plugin Slug:
buooy-sticky-header

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51699


The vulnerability has not been patched. You should deactivate the plugin.

CE21 Suite

Plugin:

CE21 Suite

Plugin Slug:
ce21-suite

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-10294


The vulnerability has not been patched. You should deactivate the plugin.

CE21 Suite

Plugin:

CE21 Suite

Plugin Slug:
ce21-suite

Vulnerability:
Sensitive Data Exposure

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-10285


The vulnerability has not been patched. You should deactivate the plugin.

CF7 WOW Styler

Plugin:

CF7 WOW Styler

Plugin Slug:
cf7-styler

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51689


The vulnerability has not been patched. You should deactivate the plugin.

Charity Addon for Elementor

Plugin:

Charity Addon for Elementor

Plugin Slug:
charity-addon-for-elementor

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51938


The vulnerability has not been patched. You should deactivate the plugin.

codeSnips

Plugin:

codeSnips

Plugin Slug:
codesnips

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51808


The vulnerability has not been patched. You should deactivate the plugin.

Smooth Maps

Plugin:

Smooth Maps

Plugin Slug:
colour-smooth-maps

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51901


The vulnerability has not been patched. You should deactivate the plugin.

Combo WP Rewrite Slugs

Plugin:

Combo WP Rewrite Slugs

Plugin Slug:
combo-wp-rewrite-slugs

Vulnerability:
Settings Change

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51817


The vulnerability has not been patched. You should deactivate the plugin.

Community Yard Sale

Plugin:

Community Yard Sale

Plugin Slug:
community-yard-sale

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51846


The vulnerability has not been patched. You should deactivate the plugin.

Computer Repair Shop

Plugin:

Computer Repair Shop

Plugin Slug:
computer-repair-shop

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-51793


The vulnerability has not been patched. You should deactivate the plugin.

WP Virtual Room Configurator

Plugin:

WP Virtual Room Configurator

Plugin Slug:
configure-conference-room

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51907


The vulnerability has not been patched. You should deactivate the plugin.

Content Syndication Toolkit Reader

Plugin:

Content Syndication Toolkit Reader

Plugin Slug:
content-syndication-toolkit-reader

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51696


The vulnerability has not been patched. You should deactivate the plugin.

Conversion Helper

Plugin:

Conversion Helper

Plugin Slug:
conversion-helper

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-10676


The vulnerability has not been patched. You should deactivate the plugin.

Cowidgets � Elementor Addons

Plugin:

Cowidgets � Elementor Addons

Plugin Slug:
cowidgets-elementor-addons

Vulnerability:
Sensitive Data Exposure

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-10779


The vulnerability has not been patched. You should deactivate the plugin.

Cowidgets � Elementor Addons

Plugin:

Cowidgets � Elementor Addons

Plugin Slug:
cowidgets-elementor-addons

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-8960


The vulnerability has not been patched. You should deactivate the plugin.

Custom Dashboard Widget

Plugin:

Custom Dashboard Widget

Plugin Slug:
create-custom-dashboard-widget

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51860


The vulnerability has not been patched. You should deactivate the plugin.

Creative Blocks

Plugin:

Creative Blocks

Plugin Slug:
creative-blocks

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51822


The vulnerability has not been patched. You should deactivate the plugin.

CRM 2go

Plugin:

CRM 2go

Plugin Slug:
crm2go

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-52350


The vulnerability has not been patched. You should deactivate the plugin.

Custom URL Shortener

Plugin:

Custom URL Shortener

Plugin Slug:
custom-url-shorter

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51930


The vulnerability has not been patched. You should deactivate the plugin.

Daily Image

Plugin:

Daily Image

Plugin Slug:
daily-image

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51776


The vulnerability has not been patched. You should deactivate the plugin.

Dashing Memberships

Plugin:

Dashing Memberships

Plugin Slug:
dashing-memberships

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51760


The vulnerability has not been patched. You should deactivate the plugin.

Datasets Manager by Arttia Creative

Plugin:

Datasets Manager by Arttia Creative

Plugin Slug:
datasets-manager-by-arttia-creative

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-52375


The vulnerability has not been patched. You should deactivate the plugin.

Debug Tool

Plugin:

Debug Tool

Plugin Slug:
debug-tool

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-10586


The vulnerability has not been patched. You should deactivate the plugin.

Devexhub Gallery

Plugin:

Devexhub Gallery

Plugin Slug:
devexhub-gallery

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-52373


The vulnerability has not been patched. You should deactivate the plugin.

DigiPass

Plugin:

DigiPass

Plugin Slug:
digipass

Vulnerability:
Arbitrary File Download

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-52378


The vulnerability has not been patched. You should deactivate the plugin.

Do That Task

Plugin:

Do That Task

Plugin Slug:
do-that-task

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-52374


The vulnerability has not been patched. You should deactivate the plugin.

Don’t Break The Code

Plugin:

Don’t Break The Code

Plugin Slug:
dont-break-the-code

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51779


The vulnerability has not been patched. You should deactivate the plugin.

Doofinder

Plugin:

Doofinder

Plugin Slug:
doofinder

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51697


The vulnerability has not been patched. You should deactivate the plugin.

drop in image slideshow gallery

Plugin:

drop in image slideshow gallery

Plugin Slug:
drop-in-image-slideshow-gallery

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51914


The vulnerability has not been patched. You should deactivate the plugin.

DuoGeek Blocks

Plugin:

DuoGeek Blocks

Plugin Slug:
duogeek-blocks

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51868


The vulnerability has not been patched. You should deactivate the plugin.

Easy CSV Importer BETA

Plugin:

Easy CSV Importer BETA

Plugin Slug:
easy-csv-importer

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-52372


The vulnerability has not been patched. You should deactivate the plugin.

Easy Social Sharebar

Plugin:

Easy Social Sharebar

Plugin Slug:
easy-social-sharebar

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51833


The vulnerability has not been patched. You should deactivate the plugin.

eewee admin custom

Plugin:

eewee admin custom

Plugin Slug:
eewee-admincustom

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51780


The vulnerability has not been patched. You should deactivate the plugin.

Ekiline Block Collection

Plugin:

Ekiline Block Collection

Plugin Slug:
ekiline-block-collection

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51934


The vulnerability has not been patched. You should deactivate the plugin.

Embed documents shortcode

Plugin:

Embed documents shortcode

Plugin Slug:
embed-documents-shortcode

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51904


The vulnerability has not been patched. You should deactivate the plugin.

ESB Testimonials

Plugin:

ESB Testimonials

Plugin Slug:
esb-testimonials

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51936


The vulnerability has not been patched. You should deactivate the plugin.

Fabrica Synced Pattern Instances

Plugin:

Fabrica Synced Pattern Instances

Plugin Slug:
fabrica-reusable-block-instances

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51695


The vulnerability has not been patched. You should deactivate the plugin.

Faltu Testimonial Rotator

Plugin:

Faltu Testimonial Rotator

Plugin Slug:
faltu-testimonial-rotator

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51853


The vulnerability has not been patched. You should deactivate the plugin.

Fancy User List

Plugin:

Fancy User List

Plugin Slug:
fancy-user-listing

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51889


The vulnerability has not been patched. You should deactivate the plugin.

Fast Video and Image Display

Plugin:

Fast Video and Image Display

Plugin Slug:
fast-video-and-image-display

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51935


The vulnerability has not been patched. You should deactivate the plugin.

Featured product by category name

Plugin:

Featured product by category name

Plugin Slug:
featured-product-by-category-name

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51911


The vulnerability has not been patched. You should deactivate the plugin.

File Select Control For Elementor

Plugin:

File Select Control For Elementor

Plugin Slug:
file-select-control-for-elementor

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51841


The vulnerability has not been patched. You should deactivate the plugin.

Firework Shoppable Live Video

Plugin:

Firework Shoppable Live Video

Plugin Slug:
firework-videos

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51781


The vulnerability has not been patched. You should deactivate the plugin.

Forms: 3rd-Party Post Again

Plugin:

Forms: 3rd-Party Post Again

Plugin Slug:
forms-3rdparty-post-again

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51783


The vulnerability has not been patched. You should deactivate the plugin.

FriendStore for WooCommerce

Plugin:

FriendStore for WooCommerce

Plugin Slug:
friendstore-for-woocommerce

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51784


The vulnerability has not been patched. You should deactivate the plugin.

Horsemanager

Plugin:

Horsemanager

Plugin Slug:
fruitcake-horsemanager

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51843


The vulnerability has not been patched. You should deactivate the plugin.

Gboy Custom Google Map

Plugin:

Gboy Custom Google Map

Plugin Slug:
gboy-custom-google-map

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51882


The vulnerability has not been patched. You should deactivate the plugin.

Geoportail Shortcode

Plugin:

Geoportail Shortcode

Plugin Slug:
geoportail-shortcode

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51890


The vulnerability has not been patched. You should deactivate the plugin.

Geotagged Media

Plugin:

Geotagged Media

Plugin Slug:
geotagged-media

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51694


The vulnerability has not been patched. You should deactivate the plugin.

Global Gateway e4 | Payeezy Gateway |

Plugin:

Global Gateway e4 | Payeezy Gateway |

Plugin Slug:
globe-gateway-e4

Vulnerability:
Arbitrary File Deletion

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-52371


The vulnerability has not been patched. You should deactivate the plugin.

Google Visualization Charts

Plugin:

Google Visualization Charts

Plugin Slug:
google-visualization-charts

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51862


The vulnerability has not been patched. You should deactivate the plugin.

GreenCon

Plugin:

GreenCon

Plugin Slug:
greencon

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51926


The vulnerability has not been patched. You should deactivate the plugin.

WoW Guild Armory Roster

Plugin:

WoW Guild Armory Roster

Plugin Slug:
guild-armory-roster

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51850


The vulnerability has not been patched. You should deactivate the plugin.

Gutenium Blocks

Plugin:

Gutenium Blocks

Plugin Slug:
gutenium

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51869


The vulnerability has not been patched. You should deactivate the plugin.

Satisfaction Reports from Help Scout

Plugin:

Satisfaction Reports from Help Scout

Plugin Slug:
happiness-reports-for-help-scout

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51778


The vulnerability has not been patched. You should deactivate the plugin.

HB AUDIO GALLERY

Plugin:

HB AUDIO GALLERY

Plugin Slug:
hb-audio-gallery

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-51790


The vulnerability has not been patched. You should deactivate the plugin.

Hola Free Video Player

Plugin:

Hola Free Video Player

Plugin Slug:
hola-free-video-player

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51854


The vulnerability has not been patched. You should deactivate the plugin.

HQ60 Fidelity Card

Plugin:

HQ60 Fidelity Card

Plugin Slug:
hq60-fidelity-card

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51713


The vulnerability has not been patched. You should deactivate the plugin.

I Plant A Tree

Plugin:

I Plant A Tree

Plugin Slug:
i-plant-a-tree

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51883


The vulnerability has not been patched. You should deactivate the plugin.

IA Map Analytics Basic

Plugin:

IA Map Analytics Basic

Plugin Slug:
ia-map-analytics-basic

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51937


The vulnerability has not been patched. You should deactivate the plugin.

Icon Widget

Plugin:

Icon Widget

Plugin Slug:
icon-widget-with-links

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51929


The vulnerability has not been patched. You should deactivate the plugin.

Image Carousel Shortcode

Plugin:

Image Carousel Shortcode

Plugin Slug:
image-carousel-shortcode

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51842


The vulnerability has not been patched. You should deactivate the plugin.

Image Classify

Plugin:

Image Classify

Plugin Slug:
image-classify

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-51789


The vulnerability has not been patched. You should deactivate the plugin.

Inline Click To Tweet

Plugin:

Inline Click To Tweet

Plugin Slug:
inline-click-to-tweet

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51803


The vulnerability has not been patched. You should deactivate the plugin.

IntelliWidget Elements

Plugin:

IntelliWidget Elements

Plugin Slug:
intelliwidget-elements

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51912


The vulnerability has not been patched. You should deactivate the plugin.

Jigoshop � Store Toolkit

Plugin:

Jigoshop � Store Toolkit

Plugin Slug:
jigoshop-store-toolkit

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51712


The vulnerability has not been patched. You should deactivate the plugin.

KBucket

Plugin:

KBucket

Plugin Slug:
kbucket

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-52369


The vulnerability has not been patched. You should deactivate the plugin.

Keymaster Chord Notation Free

Plugin:

Keymaster Chord Notation Free

Plugin Slug:
keymaster-chord-notation-free

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51809


The vulnerability has not been patched. You should deactivate the plugin.

Kings Tab Slider

Plugin:

Kings Tab Slider

Plugin Slug:
kings-tab-slider

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51932


The vulnerability has not been patched. You should deactivate the plugin.

L Squared Hub WP

Plugin:

L Squared Hub WP

Plugin Slug:
l-squared-hub-wp-virtual-device

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51820


The vulnerability has not been patched. You should deactivate the plugin.

Lenxel Core for Lenxel(LNX) LMS

Plugin:

Lenxel Core for Lenxel(LNX) LMS

Plugin Slug:
lenxel-core

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-9270


The vulnerability has not been patched. You should deactivate the plugin.

Location Click Map

Plugin:

Location Click Map

Plugin Slug:
location-click-map

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51844


The vulnerability has not been patched. You should deactivate the plugin.

Loginplus

Plugin:

Loginplus

Plugin Slug:
loginplus

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51782


The vulnerability has not been patched. You should deactivate the plugin.

Luzuk Slider

Plugin:

Luzuk Slider

Plugin Slug:
luzuk-slider

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51834


The vulnerability has not been patched. You should deactivate the plugin.

Luzuk Team

Plugin:

Luzuk Team

Plugin Slug:
luzuk-team

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51871


The vulnerability has not been patched. You should deactivate the plugin.

Luzuk Testimonials

Plugin:

Luzuk Testimonials

Plugin Slug:
luzuk-testimonials

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51872


The vulnerability has not been patched. You should deactivate the plugin.

Mage Front End Forms

Plugin:

Mage Front End Forms

Plugin Slug:
mage-forms

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-52339


The vulnerability has not been patched. You should deactivate the plugin.

Magic Slider

Plugin:

Magic Slider

Plugin Slug:
magic-slider

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51896


The vulnerability has not been patched. You should deactivate the plugin.

Map Store Locator

Plugin:

Map Store Locator

Plugin Slug:
map-store-location

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51920


The vulnerability has not been patched. You should deactivate the plugin.

Mapme

Plugin:

Mapme

Plugin Slug:
mapme

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51913


The vulnerability has not been patched. You should deactivate the plugin.

Master Bar

Plugin:

Master Bar

Plugin Slug:
master-bar

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51698


The vulnerability has not been patched. You should deactivate the plugin.

MDC YouTube Downloader

Plugin:

MDC YouTube Downloader

Plugin Slug:
mdc-youtube-downloader

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51875


The vulnerability has not been patched. You should deactivate the plugin.

Matix Popup Builder

Plugin:

Matix Popup Builder

Plugin Slug:
medma-matix

Vulnerability:
Privilege Escalation

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-52382


The vulnerability has not been patched. You should deactivate the plugin.

mFolio Lite

Plugin:

mFolio Lite

Plugin Slug:
mfolio-lite

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-9307


The vulnerability has not been patched. You should deactivate the plugin.

MG Post Contributors

Plugin:

MG Post Contributors

Plugin Slug:
mg-post-contributors

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51701


The vulnerability has not been patched. You should deactivate the plugin.

Minical Hotel Booking Plugin

Plugin:

Minical Hotel Booking Plugin

Plugin Slug:
minical

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51895


The vulnerability has not been patched. You should deactivate the plugin.

Mobile Kiosk

Plugin:

Mobile Kiosk

Plugin Slug:
mobile-kiosk

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51829


The vulnerability has not been patched. You should deactivate the plugin.

Moka Get Posts Shortcode

Plugin:

Moka Get Posts Shortcode

Plugin Slug:
moka-get-posts

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51804


The vulnerability has not been patched. You should deactivate the plugin.

Moose Elementor Kit

Plugin:

Moose Elementor Kit

Plugin Slug:
moose-elementor-kit

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51856


The vulnerability has not been patched. You should deactivate the plugin.

Multi-day Booking Calendar

Plugin:

Multi-day Booking Calendar

Plugin Slug:
multi-day-booking-calendar

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51873


The vulnerability has not been patched. You should deactivate the plugin.

Multifox Plus

Plugin:

Multifox Plus

Plugin Slug:
multifox-plus

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51916


The vulnerability has not been patched. You should deactivate the plugin.

Multiple Votes in one page

Plugin:

Multiple Votes in one page

Plugin Slug:
multiple-votes-in-one-page

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51917


The vulnerability has not been patched. You should deactivate the plugin.

My Restaurant Menu

Plugin:

My Restaurant Menu

Plugin Slug:
my-restaurant-menu

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51849


The vulnerability has not been patched. You should deactivate the plugin.

WP Responsive Video

Plugin:

WP Responsive Video

Plugin Slug:
my-wp-responsive-video

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51940


The vulnerability has not been patched. You should deactivate the plugin.

Narnoo Commerce Manager

Plugin:

Narnoo Commerce Manager

Plugin Slug:
narnoo-commerce-manager

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51708


The vulnerability has not been patched. You should deactivate the plugin.

News Articles

Plugin:

News Articles

Plugin Slug:
news-articles

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51897


The vulnerability has not been patched. You should deactivate the plugin.

News Ticker

Plugin:

News Ticker

Plugin Slug:
newsticker

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51830


The vulnerability has not been patched. You should deactivate the plugin.

The Novel Design Store Directory

Plugin:

The Novel Design Store Directory

Plugin Slug:
noveldesign-store-directory

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-51788


The vulnerability has not been patched. You should deactivate the plugin.

NV Slider

Plugin:

NV Slider

Plugin Slug:
nv-slider

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51887


The vulnerability has not been patched. You should deactivate the plugin.

Official SalesWizard CRM Plugin

Plugin:

Official SalesWizard CRM Plugin

Plugin Slug:
official-saleswizard-crm

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51891


The vulnerability has not been patched. You should deactivate the plugin.

Olympus Shortcodes

Plugin:

Olympus Shortcodes

Plugin Slug:
olympus-shortcodes

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51857


The vulnerability has not been patched. You should deactivate the plugin.

OpenCart Product Display

Plugin:

OpenCart Product Display

Plugin Slug:
opencart-product-display

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51835


The vulnerability has not been patched. You should deactivate the plugin.

OS BXSlider

Plugin:

OS BXSlider

Plugin Slug:
os-bxslider

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-52342


The vulnerability has not been patched. You should deactivate the plugin.

OS Our Team

Plugin:

OS Our Team

Plugin Slug:
os-our-team

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-52341


The vulnerability has not been patched. You should deactivate the plugin.

OS Pricing Tables

Plugin:

OS Pricing Tables

Plugin Slug:
os-pricing-tables

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-52343


The vulnerability has not been patched. You should deactivate the plugin.

Parallaxer

Plugin:

Parallaxer

Plugin Slug:
parallaxer-lite-parallax-effects-on-images

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51848


The vulnerability has not been patched. You should deactivate the plugin.

ParOne Feeds

Plugin:

ParOne Feeds

Plugin Slug:
parone

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51874


The vulnerability has not been patched. You should deactivate the plugin.

Pay With Stripe

Plugin:

Pay With Stripe

Plugin Slug:
payments-stripe-gateway

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51918


The vulnerability has not been patched. You should deactivate the plugin.

Pdf Embedder Fay

Plugin:

Pdf Embedder Fay

Plugin Slug:
pdf-embedder-fay

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51795


The vulnerability has not been patched. You should deactivate the plugin.

Persian Nested Show/Hide Text

Plugin:

Persian Nested Show/Hide Text

Plugin Slug:
persian-nested-showhide-text

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51831


The vulnerability has not been patched. You should deactivate the plugin.

PF Timer

Plugin:

PF Timer

Plugin Slug:
pf-timer

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51863


The vulnerability has not been patched. You should deactivate the plugin.

Photographer Connections

Plugin:

Photographer Connections

Plugin Slug:
photographer-connections

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-52340


The vulnerability has not been patched. You should deactivate the plugin.

Picsmize

Plugin:

Picsmize

Plugin Slug:
picsmize

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-52380


The vulnerability has not been patched. You should deactivate the plugin.

Plenigo

Plugin:

Plenigo

Plugin Slug:
plenigo

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51832


The vulnerability has not been patched. You should deactivate the plugin.

Popup Image

Plugin:

Popup Image

Plugin Slug:
popup-image

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51811


The vulnerability has not been patched. You should deactivate the plugin.

Postcasa Shortcode

Plugin:

Postcasa Shortcode

Plugin Slug:
postcasa

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-52352


The vulnerability has not been patched. You should deactivate the plugin.

Postify: Post Layout For Elementor

Plugin:

Postify: Post Layout For Elementor

Plugin Slug:
postify-for-elementor

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51893


The vulnerability has not been patched. You should deactivate the plugin.

Posts Filter

Plugin:

Posts Filter

Plugin Slug:
posts-filter

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51886


The vulnerability has not been patched. You should deactivate the plugin.

Posts Search

Plugin:

Posts Search

Plugin Slug:
posts-search

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51884


The vulnerability has not been patched. You should deactivate the plugin.

PropertyShift

Plugin:

PropertyShift

Plugin Slug:
propertyshift

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51762


The vulnerability has not been patched. You should deactivate the plugin.

Provide Forex Signals

Plugin:

Provide Forex Signals

Plugin Slug:
provide-forex-signals

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-52344


The vulnerability has not been patched. You should deactivate the plugin.

Pull This

Plugin:

Pull This

Plugin Slug:
pull-this

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51838


The vulnerability has not been patched. You should deactivate the plugin.

ra_qrcode

Plugin:

ra_qrcode

Plugin Slug:
ra-qrcode

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-52345


The vulnerability has not been patched. You should deactivate the plugin.

Relais 2FA

Plugin:

Relais 2FA

Plugin Slug:
relais-2fa

Vulnerability:
Broken Authentication

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-10245


The vulnerability has not been patched. You should deactivate the plugin.

Responsive Data Table

Plugin:

Responsive Data Table

Plugin Slug:
responsive-data-table

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51710


The vulnerability has not been patched. You should deactivate the plugin.

Share Buttons � Social Media

Plugin:

Share Buttons � Social Media

Plugin Slug:
rich-web-share-button

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51845


The vulnerability has not been patched. You should deactivate the plugin.

Rig Elements For Elementor

Plugin:

Rig Elements For Elementor

Plugin Slug:
rig-elements

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51927


The vulnerability has not been patched. You should deactivate the plugin.

RSV 360 View

Plugin:

RSV 360 View

Plugin Slug:
rsv-360-view

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51906


The vulnerability has not been patched. You should deactivate the plugin.

RSV PDF Preview

Plugin:

RSV PDF Preview

Plugin Slug:
rsv-pdf-preview

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51905


The vulnerability has not been patched. You should deactivate the plugin.

Saragna

Plugin:

Saragna

Plugin Slug:
saragna-social-stream

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51711


The vulnerability has not been patched. You should deactivate the plugin.

scrollup

Plugin:

scrollup

Plugin Slug:
scrollup

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51921


The vulnerability has not been patched. You should deactivate the plugin.

Search order by product SKU for WooCommerce

Plugin:

Search order by product SKU for WooCommerce

Plugin Slug:
search-order-by-product-sku-for-woocommerce

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51693


The vulnerability has not been patched. You should deactivate the plugin.

Sell Media File with Stripe

Plugin:

Sell Media File with Stripe

Plugin Slug:
sell-media-file

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51892


The vulnerability has not been patched. You should deactivate the plugin.

Semantic Shortcode

Plugin:

Semantic Shortcode

Plugin Slug:
semantic-shortcode

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51898


The vulnerability has not been patched. You should deactivate the plugin.

Lewe Bootstrap Visuals

Plugin:

Lewe Bootstrap Visuals

Plugin Slug:
shortcode-bootstrap-visuals

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51810


The vulnerability has not been patched. You should deactivate the plugin.

Shortcode Collection

Plugin:

Shortcode Collection

Plugin Slug:
shortcode-collection

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51864


The vulnerability has not been patched. You should deactivate the plugin.

Redirecter

Plugin:

Redirecter

Plugin Slug:
shortcode-for-redirection

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51855


The vulnerability has not been patched. You should deactivate the plugin.

Simple Pricing Table

Plugin:

Simple Pricing Table

Plugin Slug:
simple-pricing-table

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51899


The vulnerability has not been patched. You should deactivate the plugin.

Simple Social Share Block

Plugin:

Simple Social Share Block

Plugin Slug:
simple-social-share-block

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51865


The vulnerability has not been patched. You should deactivate the plugin.

SimpleGMaps

Plugin:

SimpleGMaps

Plugin Slug:
simplegmaps

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-52346


The vulnerability has not been patched. You should deactivate the plugin.

Simple Modal

Plugin:

Simple Modal

Plugin Slug:
simplemodal

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51718


The vulnerability has not been patched. You should deactivate the plugin.

Simplistic SEO

Plugin:

Simplistic SEO

Plugin Slug:
simplistic-seo

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51719


The vulnerability has not been patched. You should deactivate the plugin.

Simpul Events by Esotech

Plugin:

Simpul Events by Esotech

Plugin Slug:
simpul-events-by-esotech

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51867


The vulnerability has not been patched. You should deactivate the plugin.

Social button

Plugin:

Social button

Plugin Slug:
social-button

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51866


The vulnerability has not been patched. You should deactivate the plugin.

Social Locker

Plugin:

Social Locker

Plugin Slug:
social-locker-content

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51858


The vulnerability has not been patched. You should deactivate the plugin.

Stylish Internal Links

Plugin:

Stylish Internal Links

Plugin Slug:
stylish-internal-links

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51939


The vulnerability has not been patched. You should deactivate the plugin.

Surbma | Font Awesome

Plugin:

Surbma | Font Awesome

Plugin Slug:
surbma-font-awesome

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51798


The vulnerability has not been patched. You should deactivate the plugin.

SV Forms

Plugin:

SV Forms

Plugin Slug:
sv-forms

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51877


The vulnerability has not been patched. You should deactivate the plugin.

SVT Simple

Plugin:

SVT Simple

Plugin Slug:
svt-simple

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51759


The vulnerability has not been patched. You should deactivate the plugin.

Table of Contents Plus

Plugin:

Table of Contents Plus

Plugin Slug:
table-of-contents-plus

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-5578


The vulnerability has not been patched. You should deactivate the plugin.

Team Showcase and Slider � Team Members Builder

Plugin:

Team Showcase and Slider � Team Members Builder

Plugin Slug:
team-showcase-ultimate

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51763


The vulnerability has not been patched. You should deactivate the plugin.

TeleAdmin

Plugin:

TeleAdmin

Plugin Slug:
teleadmin

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51709


The vulnerability has not been patched. You should deactivate the plugin.

Testimonial Slider Shortcode

Plugin:

Testimonial Slider Shortcode

Plugin Slug:
testimonial-slider-shortcode

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51925


The vulnerability has not been patched. You should deactivate the plugin.

Text Advertisements

Plugin:

Text Advertisements

Plugin Slug:
text-advertisements

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51879


The vulnerability has not been patched. You should deactivate the plugin.

Tigris Flexplatform

Plugin:

Tigris Flexplatform

Plugin Slug:
tigris-flexplatform

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51819


The vulnerability has not been patched. You should deactivate the plugin.

TinyCode

Plugin:

TinyCode

Plugin Slug:
tinycode

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51902


The vulnerability has not been patched. You should deactivate the plugin.

Topbar ID for Elementor

Plugin:

Topbar ID for Elementor

Plugin Slug:
topbar-id-for-elementor

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51894


The vulnerability has not been patched. You should deactivate the plugin.

Trendy Restaurant Menu

Plugin:

Trendy Restaurant Menu

Plugin Slug:
trendy-restaurant-menu

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51796


The vulnerability has not been patched. You should deactivate the plugin.

SrcSet Responsive Images for WordPress

Plugin:

SrcSet Responsive Images for WordPress

Plugin Slug:
truenorth-srcset

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51702


The vulnerability has not been patched. You should deactivate the plugin.

Twitter real time search scrolling

Plugin:

Twitter real time search scrolling

Plugin Slug:
twitter-real-time-search-scrolling

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51716


The vulnerability has not been patched. You should deactivate the plugin.

Ultimate Accordion

Plugin:

Ultimate Accordion

Plugin Slug:
ultimate-accordion

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51797


The vulnerability has not been patched. You should deactivate the plugin.

User Meta

Plugin:

User Meta

Plugin Slug:
user-meta

Vulnerability:
Sensitive Data Exposure

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-9262


The vulnerability has not been patched. You should deactivate the plugin.

User Password Reset

Plugin:

User Password Reset

Plugin Slug:
user-password-reset

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51714


The vulnerability has not been patched. You should deactivate the plugin.

Utech Spinning Earth

Plugin:

Utech Spinning Earth

Plugin Slug:
utech-spinning-earth

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51839


The vulnerability has not been patched. You should deactivate the plugin.

UW Freelancer

Plugin:

UW Freelancer

Plugin Slug:
uw-freelancer

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51706


The vulnerability has not been patched. You should deactivate the plugin.

VP Sitemap

Plugin:

VP Sitemap

Plugin Slug:
vp-sitemap

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51922


The vulnerability has not been patched. You should deactivate the plugin.

Wd-image-magnifier-xoss

Plugin:

Wd-image-magnifier-xoss

Plugin Slug:
wd-image-magnifier-xoss

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51840


The vulnerability has not been patched. You should deactivate the plugin.

WE � Client Logo Carousel

Plugin:

WE � Client Logo Carousel

Plugin Slug:
we-client-logo-carousel

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51821


The vulnerability has not been patched. You should deactivate the plugin.

Websand Subscription Form

Plugin:

Websand Subscription Form

Plugin Slug:
websand-subscription-form

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51923


The vulnerability has not been patched. You should deactivate the plugin.

Wezido

Plugin:

Wezido

Plugin Slug:
wezido-elementor-addon-based-on-easy-digital-downloads

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51836


The vulnerability has not been patched. You should deactivate the plugin.

WP Agenda

Plugin:

WP Agenda

Plugin Slug:
wp-agenda

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51924


The vulnerability has not been patched. You should deactivate the plugin.

wp_automatic_widget

Plugin:

wp_automatic_widget

Plugin Slug:
wp-automatic-widget

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51876


The vulnerability has not been patched. You should deactivate the plugin.

WP-Basics

Plugin:

WP-Basics

Plugin Slug:
wp-basics

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51703


The vulnerability has not been patched. You should deactivate the plugin.

WP Contest

Plugin:

WP Contest

Plugin Slug:
wp-contest

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51837


The vulnerability has not been patched. You should deactivate the plugin.

EventPress

Plugin:

EventPress

Plugin Slug:
wp-eventpress

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51861


The vulnerability has not been patched. You should deactivate the plugin.

Wp-ImageZoom

Plugin:

Wp-ImageZoom

Plugin Slug:
wp-imagezoom

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-9934


The vulnerability has not been patched. You should deactivate the plugin.

imPress

Plugin:

imPress

Plugin Slug:
wp-js-impress

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51704


The vulnerability has not been patched. You should deactivate the plugin.

WP Listings Pro

Plugin:

WP Listings Pro

Plugin Slug:
wp-listings-pro

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51903


The vulnerability has not been patched. You should deactivate the plugin.

WP MMenu Lite

Plugin:

WP MMenu Lite

Plugin Slug:
wp-mmenu-lite

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51705


The vulnerability has not been patched. You should deactivate the plugin.

WP PagSeguro Payments

Plugin:

WP PagSeguro Payments

Plugin Slug:
wp-pagseguro-payments

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51847


The vulnerability has not been patched. You should deactivate the plugin.

Wp Slide Categorywise

Plugin:

Wp Slide Categorywise

Plugin Slug:
wp-slide-categorywise

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51690


The vulnerability has not been patched. You should deactivate the plugin.

WP Visual Adverts

Plugin:

WP Visual Adverts

Plugin Slug:
wp-visual-adverts

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51707


The vulnerability has not been patched. You should deactivate the plugin.

Website remote Install vor Gravity, WPForms, Formidable, Ninja, Caldera

Plugin:

Website remote Install vor Gravity, WPForms, Formidable, Ninja, Caldera

Plugin Slug:
wp-website-creator

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-52347


The vulnerability has not been patched. You should deactivate the plugin.

WPHelpful

Plugin:

WPHelpful

Plugin Slug:
wphelpful

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51761


The vulnerability has not been patched. You should deactivate the plugin.

Admin Amplify

Plugin:

Admin Amplify

Plugin Slug:
wpr-admin-amplify

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51691


The vulnerability has not been patched. You should deactivate the plugin.

yPHPlista

Plugin:

yPHPlista

Plugin Slug:
yphplista

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51805


The vulnerability has not been patched. You should deactivate the plugin.

????????

Plugin:

????????

Plugin Slug:
yr-activity-link

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51814


The vulnerability has not been patched. You should deactivate the plugin.

Cookie Nonsense for YT

Plugin:

Cookie Nonsense for YT

Plugin Slug:
yt-cookie-nonsense

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51933


The vulnerability has not been patched. You should deactivate the plugin.

ZIJ KART

Plugin:

ZIJ KART

Plugin Slug:
zij-kart

Vulnerability:
Local File Inclusion

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-52381


The vulnerability has not been patched. You should deactivate the plugin.

Elementor Header & Footer Builder

Plugin:

Elementor Header & Footer Builder

Plugin Slug:
header-footer-elementor

Installations
2,000,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.6.46

Severity Score:
Medium

CVE:

2024-10325


The vulnerability has been patched, so you should update to version 1.6.46.

Loginizer

Plugin:

Loginizer

Plugin Slug:
loginizer

Installations
1,000,000+

Vulnerability:
Broken Authentication

Patched in Version:
1.9.3

Severity Score:
High

CVE:

2024-10097


The vulnerability has been patched, so you should update to version 1.9.3.

Safe SVG

Plugin:

Safe SVG

Plugin Slug:
safe-svg

Installations
1,000,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.2.6

Severity Score:
Medium

CVE:

2024-8378


The vulnerability has been patched, so you should update to version 2.2.6.

Happy Addons for Elementor

Plugin:

Happy Addons for Elementor

Plugin Slug:
happy-elementor-addons

Installations
400,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.12.6

Severity Score:
Medium

CVE:

2024-10538


The vulnerability has been patched, so you should update to version 3.12.6.

Admin and Site Enhancements (ASE)

Plugin:

Admin and Site Enhancements (ASE)

Plugin Slug:
admin-site-enhancements

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
7.5.2

Severity Score:
Medium

CVE:

2024-10790


The vulnerability has been patched, so you should update to version 7.5.2.

Contact Form 7 � Dynamic Text Extension

Plugin:

Contact Form 7 � Dynamic Text Extension

Plugin Slug:
contact-form-7-dynamic-text-extension

Installations
100,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
4.5.1

Severity Score:
Medium

CVE:

2024-10084


The vulnerability has been patched, so you should update to version 4.5.1.

Pods � Custom Content Types and Fields

Plugin:

Pods � Custom Content Types and Fields

Plugin Slug:
pods

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.2.7.1

Severity Score:
Medium

CVE:

2024-9883


The vulnerability has been patched, so you should update to version 3.2.7.1.

WP ULike � All-in-One Engagement Toolkit

Plugin:

WP ULike � All-in-One Engagement Toolkit

Plugin Slug:
wp-ulike

Installations
80,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.7.5

Severity Score:
Medium

CVE:

2024-7879


The vulnerability has been patched, so you should update to version 4.7.5.

WP Booking Calendar

Plugin:

WP Booking Calendar

Plugin Slug:
booking

Installations
50,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
10.6.3

Severity Score:
Medium

CVE:

2024-10027


The vulnerability has been patched, so you should update to version 10.6.3.

MapPress Maps for WordPress

Plugin:

MapPress Maps for WordPress

Plugin Slug:
mappress-google-maps-for-wordpress

Installations
40,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.94.2

Severity Score:
Medium

CVE:

2024-10715


The vulnerability has been patched, so you should update to version 2.94.2.

Easy SVG Support

Plugin:

Easy SVG Support

Plugin Slug:
easy-svg

Installations
30,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.8

Severity Score:
Medium

CVE:

2024-10269


The vulnerability has been patched, so you should update to version 3.8.

Envo Extra

Plugin:

Envo Extra

Plugin Slug:
envo-extra

Installations
30,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
1.9.4

Severity Score:
Medium

CVE:

2024-10770


The vulnerability has been patched, so you should update to version 1.9.4.

Seriously Simple Podcasting

Plugin:

Seriously Simple Podcasting

Plugin Slug:
seriously-simple-podcasting

Installations
30,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.6.0

Severity Score:
High

CVE:

2024-9667


The vulnerability has been patched, so you should update to version 3.6.0.

Futurio Extra

Plugin:

Futurio Extra

Plugin Slug:
futurio-extra

Installations
20,000+

Vulnerability:
Broken Access Control

Patched in Version:
2.0.14

Severity Score:
Medium

CVE:

2024-10695


The vulnerability has been patched, so you should update to version 2.0.14.

Code Embed

Plugin:

Code Embed

Plugin Slug:
simple-embed-code

Installations
20,000+

Vulnerability:
Server Side Request Forgery (SSRF)

Patched in Version:
2.5.1

Severity Score:
Medium

CVE:

2024-10814


The vulnerability has been patched, so you should update to version 2.5.1.

140+ Widgets | Xpro Addons For Elementor � FREE

Plugin:

140+ Widgets | Xpro Addons For Elementor � FREE

Plugin Slug:
xpro-elementor-addons

Installations
20,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
1.4.6.1

Severity Score:
Medium

CVE:

2024-10319


The vulnerability has been patched, so you should update to version 1.4.6.1.

Contact Form 7 � PayPal & Stripe Add-on

Plugin:

Contact Form 7 � PayPal & Stripe Add-on

Plugin Slug:
contact-form-7-paypal-add-on

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.3.2

Severity Score:
High

CVE:

2024-10683


The vulnerability has been patched, so you should update to version 2.3.2.

SysBasics Customize My Account for WooCommerce

Plugin:

SysBasics Customize My Account for WooCommerce

Plugin Slug:
customize-my-account-for-woocommerce

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.7.30

Severity Score:
High

CVE:

2024-10837


The vulnerability has been patched, so you should update to version 2.7.30.

Pricing Tables WordPress Plugin � Easy Pricing Tables

Plugin:

Pricing Tables WordPress Plugin � Easy Pricing Tables

Plugin Slug:
easy-pricing-tables

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.2.7

Severity Score:
Medium

CVE:

2024-8323


The vulnerability has been patched, so you should update to version 3.2.7.

JetWidgets For Elementor

Plugin:

JetWidgets For Elementor

Plugin Slug:
jetwidgets-for-elementor

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.0.19

Severity Score:
Medium

CVE:

2024-10323


The vulnerability has been patched, so you should update to version 1.0.19.

myCred � Loyalty Points and Rewards plugin for WordPress and WooCommerce � Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification

Plugin:

myCred � Loyalty Points and Rewards plugin for WordPress and WooCommerce � Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification

Plugin Slug:
mycred

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.7.5

Severity Score:
Medium

CVE:

2024-10187


The vulnerability has been patched, so you should update to version 2.7.5.

OSM � OpenStreetMap

Plugin:

OSM � OpenStreetMap

Plugin Slug:
osm

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
6.1.3

Severity Score:
Medium

CVE:

2024-52355


The vulnerability has been patched, so you should update to version 6.1.3.

WP Photo Album Plus

Plugin:

WP Photo Album Plus

Plugin Slug:
wp-photo-album-plus

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
8.9.01.001

Severity Score:
Medium

CVE:

2024-10958


The vulnerability has been patched, so you should update to version 8.9.01.001.

Algori PDF Viewer

Plugin:

Algori PDF Viewer

Plugin Slug:
algori-pdf-viewer

Installations
8,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.0.8

Severity Score:
Medium

CVE:

2018-5158


The vulnerability has been patched, so you should update to version 1.0.8.

Contact Form 7 Redirect & Thank You Page

Plugin:

Contact Form 7 Redirect & Thank You Page

Plugin Slug:
cf7-redirect-thank-you-page

Installations
7,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.0.7

Severity Score:
High

CVE:

2024-10685


The vulnerability has been patched, so you should update to version 1.0.7.

Ultimate Bootstrap Elements for Elementor

Plugin:

Ultimate Bootstrap Elements for Elementor

Plugin Slug:
ultimate-bootstrap-elements-for-elementor

Installations
7,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
1.4.7

Severity Score:
Medium

CVE:

2024-10329


The vulnerability has been patched, so you should update to version 1.4.7.

XT Floating Cart for WooCommerce

Plugin:

XT Floating Cart for WooCommerce

Plugin Slug:
woo-floating-cart-lite

Installations
6,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.8.3

Severity Score:
Medium

CVE:

2024-9178


The vulnerability has been patched, so you should update to version 2.8.3.

ElementsReady Addons for Elementor

Plugin:

ElementsReady Addons for Elementor

Plugin Slug:
element-ready-lite

Installations
5,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
6.4.4

Severity Score:
Medium

CVE:

2024-51787


The vulnerability has been patched, so you should update to version 6.4.4.

Podlove Podcast Publisher

Plugin:

Podlove Podcast Publisher

Plugin Slug:
podlove-podcasting-plugin-for-wordpress

Installations
5,000+

Vulnerability:
Remote Code Execution (RCE)

Patched in Version:
4.1.17

Severity Score:
Critical

CVE:

2024-52393


The vulnerability has been patched, so you should update to version 4.1.17.

Simple Shortcode for Google Maps

Plugin:

Simple Shortcode for Google Maps

Plugin Slug:
simple-google-maps-short-code

Installations
5,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.6

Severity Score:
Medium

CVE:

2024-10621


The vulnerability has been patched, so you should update to version 1.6.

LIQUID BLOCKS � Slider, Carousel, Accordion

Plugin:

LIQUID BLOCKS � Slider, Carousel, Accordion

Plugin Slug:
liquid-blocks

Installations
4,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.3.0

Severity Score:
Medium

CVE:

2024-52357


The vulnerability has been patched, so you should update to version 1.3.0.

Content Slider Block

Plugin:

Content Slider Block

Plugin Slug:
content-slider-block

Installations
3,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
3.1.6

Severity Score:
Medium

CVE:

2024-10667


The vulnerability has been patched, so you should update to version 3.1.6.

Multiple Page Generator Plugin � MPG

Plugin:

Multiple Page Generator Plugin � MPG

Plugin Slug:
multiple-pages-generator-by-porthas

Installations
3,000+

Vulnerability:
Path Traversal

Patched in Version:
4.0.3

Severity Score:
Low

CVE:

2024-10672


The vulnerability has been patched, so you should update to version 4.0.3.

Tickera � WordPress Event Ticketing

Plugin:

Tickera � WordPress Event Ticketing

Plugin Slug:
tickera-event-ticketing-system

Installations
3,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.5.4.6

Severity Score:
Medium

CVE:

2024-10263


The vulnerability has been patched, so you should update to version 3.5.4.6.

Responsive Filterable Portfolio

Plugin:

Responsive Filterable Portfolio

Plugin Slug:
responsive-filterable-portfolio

Installations
2,000+

Vulnerability:
Server Side Request Forgery (SSRF)

Patched in Version:
1.0.23

Severity Score:
Medium

CVE:

2024-51785


The vulnerability has been patched, so you should update to version 1.0.23.

Slickstream: Engagement and Conversions

Plugin:

Slickstream: Engagement and Conversions

Plugin Slug:
slick-engagement

Installations
2,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.0.0

Severity Score:
Medium

CVE:

2024-10179


The vulnerability has been patched, so you should update to version 2.0.0.

Zotpress

Plugin:

Zotpress

Plugin Slug:
zotpress

Installations
2,000+

Vulnerability:
Broken Access Control

Patched in Version:
7.3.13

Severity Score:
Medium

CVE:

2024-7429


The vulnerability has been patched, so you should update to version 7.3.13.

Event post

Plugin:

Event post

Plugin Slug:
event-post

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
5.9.7

Severity Score:
Medium

CVE:

2024-10186


The vulnerability has been patched, so you should update to version 5.9.7.

Event post

Plugin:

Event post

Plugin Slug:
event-post

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
5.9.7

Severity Score:
Medium

CVE:

2024-10186


The vulnerability has been patched, so you should update to version 5.9.7.

Heateor Social Login WordPress

Plugin:

Heateor Social Login WordPress

Plugin Slug:
heateor-social-login

Installations
1,000+

Vulnerability:
Broken Authentication

Patched in Version:
1.1.36

Severity Score:
High

CVE:

2024-10020


The vulnerability has been patched, so you should update to version 1.1.36.

WooCommerce Report

Plugin:

WooCommerce Report

Plugin Slug:
ithemelandco-woo-report

Installations
1,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.5.2

Severity Score:
High

CVE:

2024-10711


The vulnerability has been patched, so you should update to version 1.5.2.

Web Stories Widgets For Elementor

Plugin:

Web Stories Widgets For Elementor

Plugin Slug:
shortcodes-for-amp-web-stories-and-elementor-widget

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.1.1

Severity Score:
Medium

CVE:

2024-52354


The vulnerability has been patched, so you should update to version 1.1.1.

SKT Addons for Elementor

Plugin:

SKT Addons for Elementor

Plugin Slug:
skt-addons-for-elementor

Installations
1,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
3.4

Severity Score:
Medium

CVE:

2024-10693


The vulnerability has been patched, so you should update to version 3.4.

Tumult Hype Animations

Plugin:

Tumult Hype Animations

Plugin Slug:
tumult-hype-animations

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.9.15

Severity Score:
Medium

CVE:

2024-10543


The vulnerability has been patched, so you should update to version 1.9.15.

Video Gallery for WooCommerce

Plugin:

Video Gallery for WooCommerce

Plugin Slug:
video-wc-gallery

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.32

Severity Score:
Medium

CVE:

2024-10535


The vulnerability has been patched, so you should update to version 1.32.

W3SPEEDSTER

Plugin:

W3SPEEDSTER

Plugin Slug:
w3speedster-wp

Installations
1,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
7.27

Severity Score:
Medium

CVE:

2024-52392


The vulnerability has been patched, so you should update to version 7.27.

xili-tidy-tags

Plugin:

xili-tidy-tags

Plugin Slug:
xili-tidy-tags

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.12.05

Severity Score:
High

CVE:

2024-9357


The vulnerability has been patched, so you should update to version 1.12.05.

CYAN Backup

Plugin:

CYAN Backup

Plugin Slug:
cyan-backup

Installations
500+

Vulnerability:
Arbitrary File Download

Patched in Version:
2.5.4

Severity Score:
Medium

CVE:

2024-52390


The vulnerability has been patched, so you should update to version 2.5.4.

Shortcodes Blocks Creator Ultimate

Plugin:

Shortcodes Blocks Creator Ultimate

Plugin Slug:
ultimate-shortcodes-creator

Installations
300+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.2.0

Severity Score:
Medium

CVE:

2024-10340


The vulnerability has been patched, so you should update to version 2.2.0.

Basticom Framework

Plugin:

Basticom Framework

Plugin Slug:
basticom-framework

Installations
100+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.5.1

Severity Score:
Medium

CVE:

2024-9443


The vulnerability has been patched, so you should update to version 1.5.1.

Forms

Plugin:

Forms

Plugin Slug:
forms-by-made-it

Installations
100+

Vulnerability:
Arbitrary File Upload

Patched in Version:
2.8.1

Severity Score:
Critical

CVE:

2024-51791


The vulnerability has been patched, so you should update to version 2.8.1.

Pro Addons For Elementor

Plugin:

Pro Addons For Elementor

Plugin Slug:
pro-addons-for-elementor

Installations
80+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.6.0

Severity Score:
Medium

CVE:

2024-51812


The vulnerability has been patched, so you should update to version 1.6.0.

Print PDF Generator and Publisher

Plugin:

Print PDF Generator and Publisher

Plugin Slug:
nopeamedia

Installations
50+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.2.0

Severity Score:
Medium

CVE:

2024-52394


The vulnerability has been patched, so you should update to version 1.2.0.

Anant Addons for Elementor

Plugin:

Anant Addons for Elementor

Plugin Slug:
anant-addons-for-elementor

Installations
20+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.0.6

Severity Score:
Medium

CVE:

2024-51813


The vulnerability has been patched, so you should update to version 1.0.6.

Realty by BestWebSoft

Plugin:

Realty by BestWebSoft

Plugin Slug:
realty

Installations
20+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.1.6

Severity Score:
Medium

CVE:

2024-51786


The vulnerability has been patched, so you should update to version 1.1.6.

Christian Science Bible Lesson Subjects

Plugin:

Christian Science Bible Lesson Subjects

Plugin Slug:
christian-science-bible-lesson-subjects

Installations
10+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.1

Severity Score:
Medium

CVE:

2024-52353


The vulnerability has been patched, so you should update to version 2.1.

Hebrew Dates

Plugin:

Hebrew Dates

Plugin Slug:
hebrewdates

Installations
10+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
2.3.0

Severity Score:
High

CVE:

2024-52388


The vulnerability has been patched, so you should update to version 2.3.0.

Floating Buttons for WooCommerce

Plugin:

Floating Buttons for WooCommerce

Plugin Slug:
shop-assistant-for-woocommerce-jarvis

Installations
10+

Vulnerability:
Broken Access Control

Patched in Version:
2.9.2

Severity Score:
Medium

CVE:

2024-52395


The vulnerability has been patched, so you should update to version 2.9.2.

Ultimate Flipbox Addon for Elementor

Plugin:

Ultimate Flipbox Addon for Elementor

Plugin Slug:
ultimate-flipbox-addon-for-elementor

Installations
10+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.0.5

Severity Score:
Medium

CVE:

2024-51870


The vulnerability has been patched, so you should update to version 1.0.5.

Dynamic Post Grid Elementor Addon

Plugin:

Dynamic Post Grid Elementor Addon

Plugin Slug:
dynamic-post-grid-elementor-addon

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.0.7

Severity Score:
Medium

CVE:

2024-51852


The vulnerability has been patched, so you should update to version 1.0.7.

Hive Support � WordPress Help Desk

Plugin:

Hive Support � WordPress Help Desk

Plugin Slug:
hive-support

Vulnerability:
Arbitrary File Upload

Patched in Version:
1.1.2

Severity Score:
Critical

CVE:

2024-52370


The vulnerability has been patched, so you should update to version 1.1.2.

kineticPay for WooCommerce

Plugin:

kineticPay for WooCommerce

Plugin Slug:
kineticpay-for-woocommerce

Vulnerability:
Arbitrary File Upload

Patched in Version:
3.0

Severity Score:
Critical

CVE:

2024-52379


The vulnerability has been patched, so you should update to version 3.0.

Loginizer Security

Plugin:

Loginizer Security

Plugin Slug:
loginizer-security

Vulnerability:
Broken Authentication

Patched in Version:
1.9.3

Severity Score:
High

CVE:

2024-10097


The vulnerability has been patched, so you should update to version 1.9.3.

Pie Register Premium

Plugin:

Pie Register Premium

Plugin Slug:
pie-register-premium

Vulnerability:
Broken Access Control

Patched in Version:
3.8.3.3

Severity Score:
Medium

CVE:

2024-52391


The vulnerability has been patched, so you should update to version 3.8.3.3.

Quform

Plugin:

Quform

Plugin Slug:
quform

Vulnerability:
Sensitive Data Exposure

Patched in Version:
2.21.0

Severity Score:
Medium

CVE:

2024-8756


The vulnerability has been patched, so you should update to version 2.21.0.

WooCommerce Social Login

Plugin:

WooCommerce Social Login

Plugin Slug:
woo-social-login

Vulnerability:
Broken Authentication

Patched in Version:
2.7.8

Severity Score:
High

CVE:

2024-10114


The vulnerability has been patched, so you should update to version 2.7.8.

WooCommerce Support Ticket System

Plugin:

WooCommerce Support Ticket System

Plugin Slug:
woocommerce-support-ticket-system

Vulnerability:
Arbitrary File Upload

Patched in Version:
17.8

Severity Score:
Critical

CVE:

2024-10627


The vulnerability has been patched, so you should update to version 17.8.

WooCommerce Support Ticket System

Plugin:

WooCommerce Support Ticket System

Plugin Slug:
woocommerce-support-ticket-system

Vulnerability:
Arbitrary File Deletion

Patched in Version:
17.8

Severity Score:
High

CVE:

2024-10625


The vulnerability has been patched, so you should update to version 17.8.

JobSearch

Plugin:

JobSearch

Plugin Slug:
wp-jobsearch

Vulnerability:
Arbitrary File Upload

Patched in Version:
2.6.8

Severity Score:
Critical

CVE:

2024-8614


The vulnerability has been patched, so you should update to version 2.6.8.

JobSearch

Plugin:

JobSearch

Plugin Slug:
wp-jobsearch

Vulnerability:
Arbitrary File Upload

Patched in Version:
2.6.8

Severity Score:
Critical

CVE:

2024-8615


The vulnerability has been patched, so you should update to version 2.6.8.

WP Membership

Plugin:

WP Membership

Plugin Slug:
wp-membership

Vulnerability:
Arbitrary File Upload

Patched in Version:
1.6.3

Severity Score:
Critical

CVE:

2024-10547


The vulnerability has been patched, so you should update to version 1.6.3.

User Extra Fields

Plugin:

User Extra Fields

Plugin Slug:
wp-user-extra-fields

Vulnerability:
Arbitrary File Upload

Patched in Version:
16.6

Severity Score:
Critical

CVE:

2024-10801


The vulnerability has been patched, so you should update to version 16.6.

WordPress Themes � 3 Patched / 2 Unpatched

Storely

Theme:

Storely

Theme Slug:
storely

Downloads
435,857

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51794


The vulnerability has not been patched. You should switch themes.

Anih

Theme:

Anih

Theme Slug:
anih

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-9775


The vulnerability has not been patched. You should switch themes.

Th Shop Mania

Theme:

Th Shop Mania

Theme Slug:
th-shop-mania

Downloads
35,161

Vulnerability:
Arbitrary Code Execution

Patched in Version:
1.5.0

Severity Score:
Medium

CVE:

2024-10674


The vulnerability has been patched, so you should update to version 1.5.0.

Top Store

Theme:

Top Store

Theme Slug:
top-store

Downloads
198,806

Vulnerability:
Arbitrary Code Execution

Patched in Version:
1.5.5

Severity Score:
Medium

CVE:

2024-10673


The vulnerability has been patched, so you should update to version 1.5.5.

WPLMS

Theme:

WPLMS

Theme Slug:
wplms

Vulnerability:
Path Traversal

Patched in Version:
4.963

Severity Score:
Critical

CVE:

2024-10470


The vulnerability has been patched, so you should update to version 4.963.

Related articles

Uncategorized
10 Benefits of Using ELearning Justin Ferriman
Uncategorized
WordPress Vulnerability Report: May 2021, Part 1 SolidWP Editorial Team
Uncategorized
What Makes Great Landing Pages? 16 Things You Need to Know SolidWP Editorial Team
Uncategorized
How Much Can You Make Selling Courses? Expert Insights Jaime Marchwinski
Uncategorized
WordPress Vulnerability Report � August 13, 2025 [email protected]
Uncategorized
WordPress Vulnerability Report � August 14, 2024 Sarah

Wait! Get exclusive hosting insights

Subscribe to our newsletter and stay ahead of the competition with expert advice from our hosting pros.

Loading form…