Nexcess.com Servers.com LiquidWeb.com

Line illustration showing a black application window on a dark red gradient background overlaid with a large exclamation point alert icon and three bugs.

WordPress Vulnerability Report � November 20, 2024

In this report, 205 vulnerabilities have been publicly disclosed. Security patches for 86 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 119 plugin and theme vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

WordPress Core

WordPress 6.7, code-named �Rollins,� is out now, paying tribute to the legendary jazz saxophonist Sonny Rollins. WordPress 6.7 debuts the modern Twenty Twenty-Five theme, offering design flexibility for blogs.

WordPress Plugins � 84 Patched / 115 Unpatched

Plugin:: Disable Admin Notices individually
Plugin Slug:: disable-admin-notices
Installations: 100,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-52420

Plugin:: Master Addons � Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations
Plugin Slug:: master-addons
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-52387

Plugin:: Classified Listing � Classified ads & Business Directory Plugin
Plugin Slug:: classified-listing
Installations: 10,000+
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-52386

Plugin:: Copy Anything to Clipboard
Plugin Slug:: copy-the-code
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-52419

Plugin:: Popup by Supsystic
Plugin Slug:: popup-by-supsystic
Installations: 10,000+
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-52434

Plugin:: Weather Atlas Widget
Plugin Slug:: weather-atlas
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-52472

Plugin:: Team Member � Multi Language Supported Team Plugin
Plugin Slug:: team-showcase-supreme
Installations: 8,000+
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-52385

Plugin:: Themify Builder
Plugin Slug:: themify-builder
Installations: 7,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-52423

Plugin:: BuddyPress Builder for Elementor � BuddyBuilder
Plugin Slug:: stax-buddy-builder
Installations: 2,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-10778

Plugin:: Extensions for Elementor
Plugin Slug:: extensions-for-elementor
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-52471

Plugin:: Library Bookshelves
Plugin Slug:: library-bookshelves
Installations: 600+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-52453

Plugin:: Team Rosters
Plugin Slug:: team-rosters
Installations: 300+
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-52439

Plugin:: Buying Buddy IDX CRM
Plugin Slug:: buying-buddy-idx-crm
Installations: 200+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-52446

Plugin:: Post By Email
Plugin Slug:: post-by-email
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-52463

Plugin:: AI Responsive Gallery Album
Plugin Slug:: ai-responsive-gallery-album
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-52467

Plugin:: amr shortcodes
Plugin Slug:: amr-shortcodes
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-52464

Plugin:: WP Popup Window Maker
Plugin Slug:: easy-popup-lightbox-maker
Installations: 100+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-52421

Plugin:: LeadBoxer
Plugin Slug:: leadboxer
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-52468

Plugin:: LGPD Framework By Data443
Plugin Slug:: lgpd-framework
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-52465

Plugin:: NIX Anti-Spam Light
Plugin Slug:: nix-anti-spam-light
Installations: 100+
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-52432

Plugin:: TM Islamic Helper
Plugin Slug:: tm-islamic-helper
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-52458

Plugin:: Linear
Plugin Slug:: linear
Installations: 70+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-52426

Plugin:: Open edX LMS and WordPress integrator (LITE)
Plugin Slug:: edunext-openedx-integrator
Installations: 60+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-52452

Plugin:: Instant Image Generator (One Click Image Uploads from Pixabay, Pexels and OpenAI)
Plugin Slug:: ai-image
Installations: 50+
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-52377

Plugin:: Geolocator
Plugin Slug:: geolocator
Installations: 50+
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-52443

Plugin:: Infinite Slider
Plugin Slug:: infinite-slider
Installations: 50+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-52461

Plugin:: WooCommerce Price Alert
Plugin Slug:: price-alert-woocommerce
Installations: 50+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-52469

Plugin:: QRMenu Restaurant QR Menu Lite
Plugin Slug:: qrmenu-lite
Installations: 50+
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-52445

Plugin:: WP e-Commerce Style Email
Plugin Slug:: wp-e-commerce-style-email
Installations: 50+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-52462

Plugin:: de:branding
Plugin Slug:: debranding
Installations: 30+
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-52438

Plugin:: My Geo Posts Free
Plugin Slug:: my-geo-posts-free
Installations: 30+
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-52433

Plugin:: Awesome Studio
Plugin Slug:: awesome-studio
Installations: 20+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-52456

Plugin:: HTML5 Lyrics Karaoke Player
Plugin Slug:: html5-lyrics-karaoke-player
Installations: 20+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-52473

Plugin:: nBlocks � Responsive Gutenberg News Blocks
Plugin Slug:: nblocks
Installations: 20+
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-52450

Plugin:: Post Ideas
Plugin Slug:: post-ideas
Installations: 20+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-52451

Plugin:: Ultimate Classified Listings
Plugin Slug:: ultimate-classified-listings
Installations: 20+
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-52448

Plugin:: AtaraPay WooCommerce Payment Gateway
Plugin Slug:: atarapay-woocommerce
Installations: 10+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-52460

Plugin:: Chameleoni Jobs
Plugin Slug:: chameleon-jobs
Installations: 10+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-52459

Plugin:: Explara Events
Plugin Slug:: explara-events
Installations: 10+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-52466

Plugin:: GoQMieruca
Plugin Slug:: goqmieruca
Installations: 10+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-52454

Plugin:: GoQSmile
Plugin Slug:: goqsmile
Installations: 10+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-52455

Plugin:: Xpresslane Fast Checkout
Plugin Slug:: xpresslane-integration-for-woocommerce
Installations: 10+
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-52440

Plugin:: 404 Error Monitor
Plugin Slug:: 404-error-monitor
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-11118

Plugin:: Sage AI: Chatbots, OpenAI GPT-4 Bulk Articles, Dalle-3 Image Generation
Plugin Slug:: ai-content-generator
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-52384

Plugin:: AJAX Login and Registration modal popup + inline form
Plugin Slug:: ajax-login-and-registration-modal-popup
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-8874

Plugin:: AJAX Random Posts
Plugin Slug:: ajax-random-posts
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-52409

Plugin:: EleForms
Plugin Slug:: all-contact-form-integration-for-elementor
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-6628

Plugin:: Aqua SVG Sprite
Plugin Slug:: aqua-svg-sprite
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-9426

Plugin:: B-Banner Slider
Plugin Slug:: b-banner-slider
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-52405

Plugin:: Banner System
Plugin Slug:: banner-system
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-52437

Plugin:: BasePress Migration Tools
Plugin Slug:: basepress-migration-tools
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-52407

Plugin:: Blogger 301 Redirect
Plugin Slug:: blogger-301-redirect
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-10645

Plugin:: Boat Rental Plugin for WordPress
Plugin Slug:: boat-rental-system
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-52376

Plugin:: Bounce Handler MailPoet 3
Plugin Slug:: bounce-handler-mailpoet
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-9938

Plugin:: BulkPress
Plugin Slug:: bulkpress
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-9615

Plugin:: Buy one click WooCommerce
Plugin Slug:: buy-one-click-woocommerce
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-10852

Plugin:: SVG Case Study
Plugin Slug:: case-study
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-9850

Plugin:: CF7 Reply Manager
Plugin Slug:: cf7-reply-manager
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-52404

Plugin:: Constant Contact Forms by MailMunch
Plugin Slug:: constant-contact-forms-by-mailmunch
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-9614

Plugin:: Contact Page With Google Map
Plugin Slug:: contact-page-with-google-map
Vulnerability:: Arbitrary File Deletion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-52447

Plugin:: Convert Docx2post
Plugin Slug:: convert-docx2post
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-52397

Plugin:: CSV to html
Plugin Slug:: csv-to-html
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-52406

Plugin:: Datasets Manager by Arttia Creative
Plugin Slug:: datasets-manager-by-arttia-creative
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-52375

Plugin:: Debug Tool
Plugin Slug:: debug-tool
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-52416

Plugin:: Devexhub Gallery
Plugin Slug:: devexhub-gallery
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-52373

Plugin:: DigiPass
Plugin Slug:: digipass
Vulnerability:: Arbitrary File Download
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-52378

Plugin:: Do That Task
Plugin Slug:: do-that-task
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-52374

Plugin:: Drop Shadow Boxes
Plugin Slug:: drop-shadow-boxes
Vulnerability:: Arbitrary Code Execution
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-10262

Plugin:: Drozd � Addons for Elementor
Plugin Slug:: drozd-addons-for-elementor
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-52425

Plugin:: Dynamic URL SEO
Plugin Slug:: dynamic-url-seo
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-52470

Plugin:: Easy CSV Importer BETA
Plugin Slug:: easy-csv-importer
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-52372

Plugin:: Elfsight Telegram Chat CC
Plugin Slug:: elfsight-telegram-chat-cc
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-10390

Plugin:: Exclusive Content Password Protect
Plugin Slug:: exclusive-content-password-protect
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-52402

Plugin:: Exclusive Divi
Plugin Slug:: exclusive-divi
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-9386

Plugin:: External Database Based Actions
Plugin Slug:: external-database-based-actions
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-10311

Plugin:: Fancy Gallery
Plugin Slug:: fancy-gallery
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-10875

Plugin:: Fat Rat Collect
Plugin Slug:: fat-rat-collect
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-10577

Plugin:: Ads Booster by Ads Pro
Plugin Slug:: free-wp-booster-by-ads-pro
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-52428

Plugin:: Gallerio
Plugin Slug:: gallerio
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-52400

Plugin:: Global Gateway e4 | Payeezy Gateway |
Plugin Slug:: globe-gateway-e4
Vulnerability:: Arbitrary File Deletion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-52371

Plugin:: Hacklog DownloadManager
Plugin Slug:: hacklog-downloadmanager
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-52401

Plugin:: Hide Links
Plugin Slug:: hide-links
Vulnerability:: Broken Authentication
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-9578

Plugin:: KBucket
Plugin Slug:: kbucket
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-52369

Plugin:: Lis Video Gallery
Plugin Slug:: lis-video-gallery
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-52430

Plugin:: Matix Popup Builder
Plugin Slug:: medma-matix
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-52382

Plugin:: Advanced Personalization
Plugin Slug:: personalization-by-flowcraft
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-52411

Plugin:: Picsmize
Plugin Slug:: picsmize
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-52380

Plugin:: PJW Mime Config
Plugin Slug:: pjw-mime-config
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-10017

Plugin:: Push Notifications for WordPress by PushAssist
Plugin Slug:: push-notification-for-wp-by-pushassist
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-52408

Plugin:: Quick Learn
Plugin Slug:: quick-learn
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-52441

Plugin:: Razorpay Payment Button
Plugin Slug:: razorpay-payment-button
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-10851

Plugin:: Referrer Detector
Plugin Slug:: referrer-detector
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-52410

Plugin:: Relais 2FA
Plugin Slug:: relais-2fa
Vulnerability:: Broken Authentication
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-10245

Plugin:: SimpleForm
Plugin Slug:: simpleform
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-10883

Plugin:: SimpleForm Contact Form Submissions
Plugin Slug:: simpleform-contact-form-submissions
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-10884

Plugin:: SK WP Settings Backup
Plugin Slug:: sk-wp-settings-backup
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-52415

Plugin:: Social Proof (Testimonial) Slider
Plugin Slug:: social-proof-testimonials-slider
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-8985

Plugin:: Steel
Plugin Slug:: steel
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-10147

Plugin:: Styler for Ninja Forms
Plugin Slug:: styler-for-ninja-forms-lite
Vulnerability:: Settings Change
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-10717

Plugin:: SVGPlus
Plugin Slug:: svgplus
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-11092

Plugin:: Uix Slideshow
Plugin Slug:: uix-slideshow
Vulnerability:: Arbitrary Code Execution
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-9839

Plugin:: User Management
Plugin Slug:: user-management
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-52403

Plugin:: UserPlus
Plugin Slug:: userplus
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-52442

Plugin:: WDES Responsive Mobile Menu
Plugin Slug:: wdes-responsive-mobile-menu
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-52414

Plugin:: WP Githuber MD
Plugin Slug:: wp-githuber-md
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-52422

Plugin:: WP Log Viewer
Plugin Slug:: wp-log-viewer
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-11085

Plugin:: wp-login customizer
Plugin Slug:: wp-login-customizer
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-52424

Plugin:: WP Quick Setup
Plugin Slug:: wp-quick-setup
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-52429

Plugin:: WP-Strava
Plugin Slug:: wp-strava
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-10038

Plugin:: WordPress Video Robot – The Ultimate Video Importer
Plugin Slug:: wp-post-459190 wp-video-robot
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-9192

Plugin:: WordPress Video Robot – The Ultimate Video Importer
Plugin Slug:: wp-post-459190 wp-video-robot
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-52431

Plugin:: Premium Packages
Plugin Slug:: wpdm-premium-packages
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-52435

Plugin:: Writer Helper
Plugin Slug:: writer-helper
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-52399

Plugin:: Youneeq Recommendations
Plugin Slug:: youneeq-panel
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-52457

Plugin:: ZIJ KART
Plugin Slug:: zij-kart
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-52381

Plugin:: WPForms � Easy Form Builder for WordPress � Contact Forms, Payment Forms, Surveys, & More
Plugin Slug:: wpforms-lite
Installations: 6,000,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.9.2.1
Severity Score:: Medium
CVE:: 2024-10593

Plugin:: Really Simple Security � Simple and Performant Security (formerly Really Simple SSL)
Plugin Slug:: really-simple-ssl
Installations: 4,000,000+
Vulnerability:: Broken Authentication
Patched in Version:: 9.1.2
Severity Score:: Critical
CVE:: 2024-10924

Plugin:: Essential Addons for Elementor � Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders
Plugin Slug:: essential-addons-for-elementor-lite
Installations: 2,000,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 6.0.10
Severity Score:: Medium
CVE:: 2024-8979

Plugin:: Essential Addons for Elementor � Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders
Plugin Slug:: essential-addons-for-elementor-lite
Installations: 2,000,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 6.0.10
Severity Score:: Medium
CVE:: 2024-8978

Plugin:: Essential Addons for Elementor � Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders
Plugin Slug:: essential-addons-for-elementor-lite
Installations: 2,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.0.8
Severity Score:: Medium
CVE:: 2024-8961

Plugin:: Google for WooCommerce
Plugin Slug:: google-listings-and-ads
Installations: 900,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.8.7
Severity Score:: Medium
CVE:: 2024-10486

Plugin:: Migration, Backup, Staging � WPvivid Backup & Migration
Plugin Slug:: wpvivid-backuprestore
Installations: 600,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 0.9.108
Severity Score:: Critical
CVE:: 2024-10962

Plugin:: Happy Addons for Elementor
Plugin Slug:: happy-elementor-addons
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.12.6
Severity Score:: Medium
CVE:: 2024-10538

Plugin:: Post SMTP � WordPress SMTP Plugin with Email Logs and Mobile App for Failure Notifications � Gmail SMTP, Office 365, Brevo, Mailgun, Amazon SES and more
Plugin Slug:: post-smtp
Installations: 400,000+
Vulnerability:: SQL Injection
Patched in Version:: 2.9.10
Severity Score:: High
CVE:: 2024-52436

Plugin:: Hide My WP Ghost � Security & Firewall
Plugin Slug:: hide-my-wp
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.3.02
Severity Score:: High
CVE:: 2024-10825

Plugin:: WP Activity Log
Plugin Slug:: wp-security-audit-log
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.2.2
Severity Score:: High
CVE:: 2024-10793

Plugin:: Admin and Site Enhancements (ASE)
Plugin Slug:: admin-site-enhancements
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.5.2
Severity Score:: Medium
CVE:: 2024-10790

Plugin:: Simple Local Avatars
Plugin Slug:: simple-local-avatars
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.8.0
Severity Score:: Medium
CVE:: 2024-10786

Plugin:: Advanced Order Export For WooCommerce
Plugin Slug:: woo-order-export-lite
Installations: 100,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 3.5.6
Severity Score:: Critical
CVE:: 2024-10828

Plugin:: WP Chat App
Plugin Slug:: wp-whatsapp
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.6.9
Severity Score:: Medium
CVE:: 2024-10533

Plugin:: Customer Reviews for WooCommerce
Plugin Slug:: customer-reviews-woocommerce
Installations: 70,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.62.0
Severity Score:: Medium
CVE:: 2024-10614

Plugin:: Popup Box � Create Countdown, Coupon, Video, Contact Form Popups
Plugin Slug:: ays-popup-box
Installations: 40,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.9.8
Severity Score:: Medium
CVE:: 2024-10861

Plugin:: Post Grid Gutenberg Blocks and WordPress Blog Plugin � PostX
Plugin Slug:: ultimate-post
Installations: 40,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.1.17
Severity Score:: High
CVE:: 2024-10728

Plugin:: Futurio Extra
Plugin Slug:: futurio-extra
Installations: 20,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.0.14
Severity Score:: Medium
CVE:: 2024-10695

Plugin:: MP3 Audio Player � Music Player, Podcast Player & Radio by Sonaar
Plugin Slug:: mp3-music-player-by-sonaar
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.9
Severity Score:: Medium
CVE:: 2024-10268

Plugin:: Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit
Plugin Slug:: wp-marketing-automations
Installations: 20,000+
Vulnerability:: SQL Injection
Patched in Version:: 3.3.0
Severity Score:: Critical
CVE:: 2024-9186

Plugin:: Backup and Staging by WP Time Capsule
Plugin Slug:: wp-time-capsule
Installations: 20,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 1.22.22
Severity Score:: Critical
CVE:: 2024-8856

Plugin:: 404 Solution
Plugin Slug:: 404-solution
Installations: 10,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.35.18
Severity Score:: Medium
CVE:: 2024-11094

Plugin:: AFI � The Easiest Integration Plugin
Plugin Slug:: advanced-form-integration
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.92.1
Severity Score:: High
CVE:: 2024-10877

Plugin:: Classified Listing � Classified ads & Business Directory Plugin
Plugin Slug:: classified-listing
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.1.16
Severity Score:: High
CVE:: 2024-11194

Plugin:: GamiPress � The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress
Plugin Slug:: gamipress
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 7.1.6
Severity Score:: Medium
CVE:: 2024-11036

Plugin:: JetWidgets For Elementor
Plugin Slug:: jetwidgets-for-elementor
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.19
Severity Score:: Medium
CVE:: 2024-10323

Plugin:: Jobs for WordPress
Plugin Slug:: job-postings
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.7.8
Severity Score:: Medium
CVE:: 2024-10104

Plugin:: Music Player for Elementor � Audio Player & Podcast Player
Plugin Slug:: music-player-for-elementor
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.4.2
Severity Score:: Medium
CVE:: 2024-10582

Plugin:: Popularis Extra
Plugin Slug:: popularis-extra
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.2.8
Severity Score:: Medium
CVE:: 2024-10795

Plugin:: LearnPress Export Import � WordPress extension for LearnPress
Plugin Slug:: learnpress-import-export
Installations: 8,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.0.5
Severity Score:: High
CVE:: 2024-9609

Plugin:: WP Project Manager � Task, team, and project management plugin featuring kanban board and gantt charts
Plugin Slug:: wedevs-project-manager
Installations: 8,000+
Vulnerability:: Insecure Direct Object References (IDOR)
Patched in Version:: 2.6.14
Severity Score:: High
CVE:: 2024-10174

Plugin:: Contact Form 7 Redirect & Thank You Page
Plugin Slug:: cf7-redirect-thank-you-page
Installations: 7,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.7
Severity Score:: High
CVE:: 2024-10685

Plugin:: Real3D Flipbook Lite � 3D FlipBook, PDF Viewer, PDF Embedder
Plugin Slug:: real3d-flipbook-lite
Installations: 7,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 4.8.5
Severity Score:: Critical
CVE:: 2024-9849

Plugin:: WPB Popup for Contact Form 7 � Showing The Contact Form 7 Popup on Button Click � CF7 Popup
Plugin Slug:: wpb-popup-for-contact-form-7
Installations: 7,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.7.6
Severity Score:: Medium
CVE:: 2024-11038

Plugin:: Boostify Header Footer Builder for Elementor
Plugin Slug:: boostify-header-footer-builder
Installations: 6,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.3.7
Severity Score:: Medium
CVE:: 2024-10794

Plugin:: Hash Elements
Plugin Slug:: hash-elements
Installations: 6,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.4.8
Severity Score:: Medium
CVE:: 2024-10802

Plugin:: Simple File List
Plugin Slug:: simple-file-list
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.1.13
Severity Score:: High
CVE:: 2024-10146

Plugin:: WP Job Portal � A Complete Recruitment System for Company or Job Board website
Plugin Slug:: wp-job-portal
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.1
Severity Score:: Medium
CVE:: 2024-52389

Plugin:: WOLF � WordPress Posts Bulk Editor and Manager Professional
Plugin Slug:: bulk-editor
Installations: 5,000+
Vulnerability:: Path Traversal
Patched in Version:: 1.0.8.4
Severity Score:: Medium
CVE:: 2024-52396

Plugin:: Podlove Podcast Publisher
Plugin Slug:: podlove-podcasting-plugin-for-wordpress
Installations: 5,000+
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: 4.1.17
Severity Score:: Critical
CVE:: 2024-52393

Plugin:: Multiple Page Generator Plugin � MPG
Plugin Slug:: multiple-pages-generator-by-porthas
Installations: 3,000+
Vulnerability:: Path Traversal
Patched in Version:: 4.0.3
Severity Score:: Low
CVE:: 2024-10672

Plugin:: Parallax Image
Plugin Slug:: parallax-image
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.9.1
Severity Score:: Medium
CVE:: 2024-11224

Plugin:: RSS Feed Widget
Plugin Slug:: rss-feed-widget
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.0.1
Severity Score:: High
CVE:: 2024-9835

Plugin:: Yotpo: Product & Photo Reviews for WooCommerce
Plugin Slug:: yotpo-social-reviews-for-woocommerce
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.7.10
Severity Score:: High
CVE:: 2024-9356

Plugin:: Chartify � WordPress Chart Plugin
Plugin Slug:: chart-builder
Installations: 2,000+
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: 2.9.6
Severity Score:: Critical
CVE:: 2024-10571

Plugin:: Email Subscription Popup
Plugin Slug:: email-subscribe
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.23
Severity Score:: Medium
CVE:: 2024-11195

Plugin:: Mapster WP Maps
Plugin Slug:: mapster-wp-maps
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.7.0
Severity Score:: Medium
CVE:: 2024-10592

Plugin:: Slickstream: Engagement and Conversions
Plugin Slug:: slick-engagement
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.0
Severity Score:: Medium
CVE:: 2024-10179

Plugin:: SVG Block
Plugin Slug:: svg-block
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.25
Severity Score:: Medium
CVE:: 2024-11098

Plugin:: Kognetiks Chatbot for WordPress
Plugin Slug:: chatbot-chatgpt
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.1.9
Severity Score:: Medium
CVE:: 2024-11143

Plugin:: Kognetiks Chatbot for WordPress
Plugin Slug:: chatbot-chatgpt
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.1.8
Severity Score:: Medium
CVE:: 2024-10530

Plugin:: Kognetiks Chatbot for WordPress
Plugin Slug:: chatbot-chatgpt
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.1.8
Severity Score:: Medium
CVE:: 2024-10529

Plugin:: Kognetiks Chatbot for WordPress
Plugin Slug:: chatbot-chatgpt
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.8
Severity Score:: High
CVE:: 2024-10684

Plugin:: Kognetiks Chatbot for WordPress
Plugin Slug:: chatbot-chatgpt
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.1.8
Severity Score:: Medium
CVE:: 2024-10531

Plugin:: Event Tickets with Ticket Scanner
Plugin Slug:: event-tickets-with-ticket-scanner
Installations: 1,000+
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: 2.3.12
Severity Score:: Critical
CVE:: 2024-52427

Plugin:: GD Rating System
Plugin Slug:: gd-rating-system
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.6.2
Severity Score:: Medium
CVE:: 2024-11198

Plugin:: Login using WordPress Users ( WP as SAML IDP )
Plugin Slug:: miniorange-wp-as-saml-idp
Installations: 1,000+
Vulnerability:: SQL Injection
Patched in Version:: 1.15.7
Severity Score:: High
CVE:: 2024-9887

Plugin:: MultiManager WP � Manage All Your WordPress Sites Easily
Plugin Slug:: multimanager-wp
Installations: 1,000+
Vulnerability:: Broken Authentication
Patched in Version:: 1.1.0
Severity Score:: Critical
CVE:: 2024-11028

Plugin:: Product Delivery Date for WooCommerce � Lite
Plugin Slug:: product-delivery-date-for-woocommerce-lite
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.8.1
Severity Score:: High
CVE:: 2024-10882

Plugin:: Razorpay Payment Button Elementor Plugin
Plugin Slug:: razorpay-payment-button-elementor
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.6
Severity Score:: High
CVE:: 2024-10850

Plugin:: W3SPEEDSTER
Plugin Slug:: w3speedster-wp
Installations: 1,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 7.27
Severity Score:: Medium
CVE:: 2024-52392

Plugin:: xili-tidy-tags
Plugin Slug:: xili-tidy-tags
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.12.05
Severity Score:: High
CVE:: 2024-9357

Plugin:: GPX Viewer
Plugin Slug:: gpx-viewer
Installations: 700+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 2.2.10
Severity Score:: Critical
CVE:: 2024-10629

Plugin:: Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One
Plugin Slug:: ai-auto-tool
Installations: 500+
Vulnerability:: Broken Access Control
Patched in Version:: 2.1.3
Severity Score:: High
CVE:: 2024-52383

Plugin:: CYAN Backup
Plugin Slug:: cyan-backup
Installations: 500+
Vulnerability:: Arbitrary File Download
Patched in Version:: 2.5.4
Severity Score:: Medium
CVE:: 2024-52390

Plugin:: CM Table Of Contents � WordPress TOC Plugin
Plugin Slug:: cm-table-of-content
Installations: 400+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.2.3
Severity Score:: Medium
CVE:: 2024-5030

Plugin:: CDI � Collect and Deliver Interface for Woocommerce
Plugin Slug:: collect-and-deliver-interface-for-woocommerce
Installations: 300+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 5.5.6
Severity Score:: Critical
CVE:: 2024-52398

Plugin:: Opal Woo Custom Product Variation
Plugin Slug:: opal-woo-custom-product-variation
Installations: 200+
Vulnerability:: Arbitrary File Deletion
Patched in Version:: 1.1.4
Severity Score:: High
CVE:: 2024-52444

Plugin:: Hive Support � WordPress Help Desk, Live Chat & AI Chat Bot Plugin for WordPress
Plugin Slug:: hive-support
Installations: 70+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 1.1.2
Severity Score:: Critical
CVE:: 2024-52370

Plugin:: Print PDF Generator and Publisher
Plugin Slug:: nopeamedia
Installations: 50+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.0
Severity Score:: Medium
CVE:: 2024-52394

Plugin:: WordPress Bootscraper
Plugin Slug:: wp-bootscraper
Installations: 40+
Vulnerability:: Local File Inclusion
Patched in Version:: 4.0.0
Severity Score:: High
CVE:: 2024-52449

Plugin:: Hebrew Dates
Plugin Slug:: hebrewdates
Installations: 10+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.3.0
Severity Score:: High
CVE:: 2024-52388

Plugin:: Floating Buttons for WooCommerce
Plugin Slug:: shop-assistant-for-woocommerce-jarvis
Installations: 10+
Vulnerability:: Broken Access Control
Patched in Version:: 2.9.2
Severity Score:: Medium
CVE:: 2024-52395

Plugin:: kineticPay for WooCommerce
Plugin Slug:: kineticpay-for-woocommerce
Vulnerability:: Arbitrary File Upload
Patched in Version:: 3.0
Severity Score:: Critical
CVE:: 2024-52379

Plugin:: Luna Web Radio Player
Plugin Slug:: lu-radioplayer
Vulnerability:: Directory Traversal
Patched in Version:: 6.24.11.07
Severity Score:: High
CVE:: 2024-10816

Plugin:: Pie Register Premium
Plugin Slug:: pie-register-premium
Vulnerability:: Broken Access Control
Patched in Version:: 3.8.3.3
Severity Score:: Medium
CVE:: 2024-52391

Plugin:: Really Simple Security Pro
Plugin Slug:: really-simple-ssl-pro
Vulnerability:: Broken Authentication
Patched in Version:: 9.1.2
Severity Score:: Critical
CVE:: 2024-10924

Plugin:: Really Simple Security Pro multisite
Plugin Slug:: really-simple-ssl-pro-multisite
Vulnerability:: Broken Authentication
Patched in Version:: 9.1.2
Severity Score:: Critical
CVE:: 2024-10924

Plugin:: WooCommerce Upload Files
Plugin Slug:: woocommerce-upload-files
Vulnerability:: Arbitrary File Upload
Patched in Version:: 84.4
Severity Score:: Critical
CVE:: 2024-10820

Plugin:: WordPress GDPR & CCPA
Plugin Slug:: wordpress-gdpr
Vulnerability:: Broken Access Control
Patched in Version:: 2.0.3
Severity Score:: Medium
CVE:: 2024-11069

Plugin:: WordPress GDPR & CCPA
Plugin Slug:: wordpress-gdpr
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.3
Severity Score:: High
CVE:: 2024-10388

Plugin:: User Extra Fields
Plugin Slug:: wp-user-extra-fields
Vulnerability:: Arbitrary File Deletion
Patched in Version:: 16.7
Severity Score:: Critical
CVE:: 2024-11150

Plugin:: User Extra Fields
Plugin Slug:: wp-user-extra-fields
Vulnerability:: Privilege Escalation
Patched in Version:: 16.7
Severity Score:: High
CVE:: 2024-10800

WordPress Themes � 2 Patched / 4 Unpatched

Theme:: Airin Blog
Theme Slug:: airin-blog
Downloads: 7,650
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-52413

Theme:: Gameplan
Theme Slug:: gameplan
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-52418

Theme:: ReConstruction
Theme Slug:: reconstruction
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-52417

Theme:: Xin
Theme Slug:: xin
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-52412

Theme:: Ashe
Theme Slug:: ashe
Downloads: 2,031,980
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.244
Severity Score:: High
CVE:: 2024-9777

Theme:: Bard
Theme Slug:: bard
Downloads: 934,286
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.217
Severity Score:: High
CVE:: 2024-9830