Nexcess.com Servers.com LiquidWeb.com

Line illustration showing a black application window on a dark blue gradient background overlaid with a large exclamation point alert icon and three bugs.

WordPress Vulnerability Report � November 27, 2024

In this report, 277 vulnerabilities have been publicly disclosed. Security patches for 156 of these plugins and themes are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 121 plugin and theme vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

WordPress Core

WordPress 6.7, code-named �Rollins,� is out now, paying tribute to the legendary jazz saxophonist Sonny Rollins. WordPress 6.7 debuts the modern Twenty Twenty-Five theme, offering design flexibility for blogs.

WordPress Plugins � 153 Patched / 115 Unpatched

Plugin:: Dynamic “To Top” Plugin
Plugin Slug:: dynamic-to-top
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-52494

Plugin:: Meteor Slides
Plugin Slug:: meteor-slides
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-52493

Plugin:: Weather Atlas Widget
Plugin Slug:: weather-atlas
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-52472

Plugin:: Premium Packages � Sell Digital Products Securely
Plugin Slug:: wpdm-premium-packages
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-10164

Plugin:: Beds24 Online Booking
Plugin Slug:: beds24-online-booking
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-10177

Plugin:: Announcement & Notification Banner � Bulletin
Plugin Slug:: bulletin-announcements
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-10682

Plugin:: Yaad Sarig Payment Gateway For WC
Plugin Slug:: yaad-sarig-payment-gateway-for-wc
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-10665

Plugin:: Extensions for Elementor
Plugin Slug:: extensions-for-elementor
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-52471

Plugin:: Absolute Addons For Elementor
Plugin Slug:: absolute-addons
Installations: 700+
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-52496

Plugin:: Generic Elements
Plugin Slug:: generic-elements-for-elementor
Installations: 600+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-53709

Plugin:: Library Bookshelves
Plugin Slug:: library-bookshelves
Installations: 600+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-52453

Plugin:: SuevaFree Essential Kit
Plugin Slug:: suevafree-essential-kit
Installations: 300+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-11432

Plugin:: Team Rosters
Plugin Slug:: team-rosters
Installations: 300+
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-52439

Plugin:: Buying Buddy IDX CRM
Plugin Slug:: buying-buddy-idx-crm
Installations: 200+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-52446

Plugin:: Post By Email
Plugin Slug:: post-by-email
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-52463

Plugin:: Shopready � Elementor addons for WooCommerce Page Builder
Plugin Slug:: shopready-elementor-addon
Installations: 200+
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-52497

Plugin:: Subaccounts for WooCommerce
Plugin Slug:: subaccounts-for-woocommerce
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-11370

Plugin:: AI Responsive Gallery Album
Plugin Slug:: ai-responsive-gallery-album
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-52467

Plugin:: amr shortcodes
Plugin Slug:: amr-shortcodes
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-52464

Plugin:: Distance Based Shipping Calculator
Plugin Slug:: distance-based-shipping-calculator
Installations: 100+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-52495

Plugin:: Lazy load videos and sticky control
Plugin Slug:: lazy-load-videos-and-sticky-control
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-11428

Plugin:: LeadBoxer
Plugin Slug:: leadboxer
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-52468

Plugin:: LGPD Framework By Data443
Plugin Slug:: lgpd-framework
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-52465

Plugin:: SP Blog Designer
Plugin Slug:: sp-blog-designer
Installations: 100+
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-52498

Plugin:: Tailored Tools
Plugin Slug:: tailored-tools
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-52503

Plugin:: TM Islamic Helper
Plugin Slug:: tm-islamic-helper
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-52458

Plugin:: Elementor Portfolio Builder
Plugin Slug:: portfolio-builder-elementor
Installations: 80+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-52486

Plugin:: AI Quiz | Quiz Maker
Plugin Slug:: ai-quiz
Installations: 70+
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-53708

Plugin:: Open edX LMS and WordPress integrator (LITE)
Plugin Slug:: edunext-openedx-integrator
Installations: 60+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-52452

Plugin:: Geolocator
Plugin Slug:: geolocator
Installations: 50+
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-52443

Plugin:: Infinite Slider
Plugin Slug:: infinite-slider
Installations: 50+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-52461

Plugin:: WooCommerce Price Alert
Plugin Slug:: price-alert-woocommerce
Installations: 50+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-52469

Plugin:: QRMenu Restaurant QR Menu Lite
Plugin Slug:: qrmenu-lite
Installations: 50+
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-52445

Plugin:: WP e-Commerce Style Email
Plugin Slug:: wp-e-commerce-style-email
Installations: 50+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-52462

Plugin:: Office Locator
Plugin Slug:: office-locator
Installations: 40+
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-52501

Plugin:: Advanced Event Manager
Plugin Slug:: advanced-event-manager
Installations: 30+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-53721

Plugin:: de:branding
Plugin Slug:: debranding
Installations: 30+
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-52438

Plugin:: Fintelligence Calculator
Plugin Slug:: fintelligence-calculator
Installations: 30+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-53731

Plugin:: ITERAS
Plugin Slug:: iteras
Installations: 30+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-53710

Plugin:: Awesome Studio
Plugin Slug:: awesome-studio
Installations: 20+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-52456

Plugin:: HTML5 Lyrics Karaoke Player
Plugin Slug:: html5-lyrics-karaoke-player
Installations: 20+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-52473

Plugin:: nBlocks � Responsive Gutenberg News Blocks
Plugin Slug:: nblocks
Installations: 20+
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-52450

Plugin:: Post Ideas
Plugin Slug:: post-ideas
Installations: 20+
Vulnerability:: SQL Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-52451

Plugin:: Ultimate Classified Listings
Plugin Slug:: ultimate-classified-listings
Installations: 20+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-52487

Plugin:: Ultimate Classified Listings
Plugin Slug:: ultimate-classified-listings
Installations: 20+
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-52448

Plugin:: AtaraPay WooCommerce Payment Gateway
Plugin Slug:: atarapay-woocommerce
Installations: 10+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-52460

Plugin:: Chameleoni Jobs
Plugin Slug:: chameleon-jobs
Installations: 10+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-52459

Plugin:: Explara Events
Plugin Slug:: explara-events
Installations: 10+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-52466

Plugin:: GoQMieruca
Plugin Slug:: goqmieruca
Installations: 10+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-52454

Plugin:: GoQSmile
Plugin Slug:: goqsmile
Installations: 10+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-52455

Plugin:: Pathomation
Plugin Slug:: pathomation
Installations: 10+
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-52490

Plugin:: Pricing table addon for elementor
Plugin Slug:: pricing-table-addon-for-elementor
Installations: 10+
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-52499

Plugin:: YaDisk Files
Plugin Slug:: wp-yadisk-files
Installations: 10+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-10710

Plugin:: YaDisk Files
Plugin Slug:: wp-yadisk-files
Installations: 10+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-10709

Plugin:: Xpresslane Fast Checkout
Plugin Slug:: xpresslane-integration-for-woocommerce
Installations: 10+
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-52440

Plugin:: Ahmeti Wp G�zel S�zler
Plugin Slug:: ahmeti-wp-guzel-sozler
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-53707

Plugin:: Alphabetical List
Plugin Slug:: alphabetical-list
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-8157

Plugin:: April’s Call Posts
Plugin Slug:: aprils-call-posts
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-53730

Plugin:: Banner System
Plugin Slug:: banner-system
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-52437

Plugin:: Contact Form 7 Email Add on
Plugin Slug:: cf7-email-add-on
Vulnerability:: Local File Inclusion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-10898

Plugin:: Contact Page With Google Map
Plugin Slug:: contact-page-with-google-map
Vulnerability:: Arbitrary File Deletion
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-52447

Plugin:: Continue Shopping From Cart
Plugin Slug:: continue-shopping-from-cart-page
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-53714

Plugin:: Control horas
Plugin Slug:: control-horas
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-11381

Plugin:: Custom Shortcode Sidebars
Plugin Slug:: custom-shortcode-sidebars
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-53736

Plugin:: Dynamic URL SEO
Plugin Slug:: dynamic-url-seo
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-52470

Plugin:: Easy Twitter Feed
Plugin Slug:: easy-twitter-feeds
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-10666

Plugin:: F4 Improvements
Plugin Slug:: f4-improvements
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-9442

Plugin:: Favicon My Blog
Plugin Slug:: favicon-my-blog
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-53722

Plugin:: Fence URL
Plugin Slug:: fence-url
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-53733

Plugin:: Footer Flyout Widget
Plugin Slug:: footer-flyout-widget
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-53732

Plugin:: Google Plus Share and +1 Button
Plugin Slug:: google-plus-share-and-plusone-button
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-53723

Plugin:: Grey Owl Lightbox
Plugin Slug:: grey-owl-lightbox
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-11440

Plugin:: Grid View Gallery
Plugin Slug:: grid-view-gallery
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-11409

Plugin:: WordPress Brute Force Protection � Stop Brute Force Attacks
Plugin Slug:: guardgiant
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-10869

Plugin:: Hotlink2Watermark
Plugin Slug:: hotlink2watermark
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-53711

Plugin:: IceStats
Plugin Slug:: icestats
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-53724

Plugin:: Idealien Category Enhancements
Plugin Slug:: idealien-category-enhancements
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-53734

Plugin:: Image horizontal reel scroll slideshow
Plugin Slug:: image-horizontal-reel-scroll-slideshow
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-52492

Plugin:: ImbaChat
Plugin Slug:: imbachat-widget
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-52502

Plugin:: iPhone Webclip Manager
Plugin Slug:: iphone-webclip-manager
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-53735

Plugin:: Kevin’s
Plugin Slug:: kevins-plugin
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-53712

Plugin:: LeanPress
Plugin Slug:: leanpress
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-52483

Plugin:: LinkLaunder SEO
Plugin Slug:: linklaunder-seo-plugin
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-53727

Plugin:: Lock User Account
Plugin Slug:: lock-user-account
Vulnerability:: Broken Authentication
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-11197

Plugin:: Multi Feed Reader
Plugin Slug:: multi-feed-reader
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-53718

Plugin:: Social Login
Plugin Slug:: oa-social-login
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-10961

Plugin:: Community by PeepSo
Plugin Slug:: peepso-core
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-11447

Plugin:: Product Designer
Plugin Slug:: product-designer
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-9111

Plugin:: Protect Your Content
Plugin Slug:: protect-your-content
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-53728

Plugin:: Pure CSS Circle Progress Bar
Plugin Slug:: pure-css-circle-progress-bar
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-11385

Plugin:: Quick Learn
Plugin Slug:: quick-learn
Vulnerability:: PHP Object Injection
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-52441

Plugin:: Quotes llama
Plugin Slug:: quotes-llama
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-10874

Plugin:: RealtyCandy IDX Broker Extended
Plugin Slug:: realtycandy-idx-broker-extended
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-53726

Plugin:: RecipePress Reloaded
Plugin Slug:: recipepress-reloaded
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-11414

Plugin:: salavat counter
Plugin Slug:: salavat-counter
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-11435

Plugin:: Crypto and DeFi Widgets
Plugin Slug:: security-force
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-11365

Plugin:: Shine PDF Embeder
Plugin Slug:: shine-pdf
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-11412

Plugin:: Simple Travel Map
Plugin Slug:: simple-travel-map
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-53715

Plugin:: Slick Sitemap
Plugin Slug:: slick-sitemap
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-11424

Plugin:: Silverlight Video Player
Plugin Slug:: smooth-streaming-player
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-53713

Plugin:: Sticky Social Icons
Plugin Slug:: sticky-social-icons
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-52491

Plugin:: LSX Tour Operator
Plugin Slug:: tour-operator
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-9851

Plugin:: Tribute Testimonials
Plugin Slug:: tribute-testimonial-gridslider
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-10886

Plugin:: Ultimate YouTube Video & Shorts Player With Vimeo
Plugin Slug:: ultimate-youtube-video-player
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-11355

Plugin:: Ultimate YouTube Video & Shorts Player With Vimeo
Plugin Slug:: ultimate-youtube-video-player
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-11354

Plugin:: UltraAddons Elementor Lite
Plugin Slug:: ultraaddons-elementor-lite
Vulnerability:: Sensitive Data Exposure
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-10696

Plugin:: UserPlus
Plugin Slug:: userplus
Vulnerability:: Privilege Escalation
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-52442

Plugin:: WPBakery Visual Composer WHMCS Elements
Plugin Slug:: void-visual-whmcs-element
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-10172

Plugin:: Wc Recently viewed products
Plugin Slug:: wc-recently-viewed-products
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-52484

Plugin:: wp auto top
Plugin Slug:: wp-auto-top
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-53716

Plugin:: WP-ISPConfig 3
Plugin Slug:: wp-ispconfig3
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-53720

Plugin:: WPDash Notes
Plugin Slug:: wpdash-notes
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-9223

Plugin:: Youneeq Recommendations
Plugin Slug:: youneeq-panel
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-52457

Plugin:: yPHPlista
Plugin Slug:: yphplista
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-53717

Plugin:: Zajax � Ajax Navigation
Plugin Slug:: zajax-ajax-navigation
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-53719

Plugin:: WPForms � Easy Form Builder for WordPress � Contact Forms, Payment Forms, Surveys, & More
Plugin Slug:: wpforms-lite
Installations: 6,000,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.9.1.6
Severity Score:: Medium
CVE:: 2024-7056

Plugin:: Rank Math SEO � AI SEO Tools to Dominate SEO Rankings
Plugin Slug:: seo-by-rank-math
Installations: 3,000,000+
Vulnerability:: Remote Code Execution (RCE)
Patched in Version:: 1.0.232
Severity Score:: High
CVE:: 2024-11620

Plugin:: Google for WooCommerce
Plugin Slug:: google-listings-and-ads
Installations: 900,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.8.7
Severity Score:: Medium
CVE:: 2024-10486

Plugin:: MailPoet � Newsletters, Email Marketing, and Automation
Plugin Slug:: mailpoet
Installations: 600,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.3.2
Severity Score:: Medium
CVE:: 2024-10103

Plugin:: Photo Gallery, Sliders, Proofing and Themes � NextGEN Gallery
Plugin Slug:: nextgen-gallery
Installations: 500,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.59.5
Severity Score:: Medium
CVE:: 2024-6393

Plugin:: Formidable Forms � Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder
Plugin Slug:: formidable
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.16.2
Severity Score:: High
CVE:: 2024-11188

Plugin:: Formidable Forms � Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder
Plugin Slug:: formidable
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.14.1
Severity Score:: Medium
CVE:: 2024-9768

Plugin:: Gutenberg Blocks with AI by Kadence WP � Page Builder Features
Plugin Slug:: kadence-blocks
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.3.4
Severity Score:: Medium
CVE:: 2024-10785

Plugin:: Royal Elementor Addons and Templates
Plugin Slug:: royal-elementor-addons
Installations: 400,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.7.1002
Severity Score:: Medium
CVE:: 2024-9682

Plugin:: Activity Log � Monitor & Record User Changes
Plugin Slug:: aryo-activity-log
Installations: 300,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.11.2
Severity Score:: High
CVE:: 2024-10788

Plugin:: FluentSMTP � WP SMTP Plugin with Amazon SES, SendGrid, MailGun, Postmark, Google and Any SMTP Provider
Plugin Slug:: fluent-smtp
Installations: 300,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 2.2.83
Severity Score:: Critical
CVE:: 2024-9511

Plugin:: Spam protection, Anti-Spam, FireWall by CleanTalk
Plugin Slug:: cleantalk-spam-protect
Installations: 200,000+
Vulnerability:: Broken Authentication
Patched in Version:: 6.45
Severity Score:: High
CVE:: 2024-10781

Plugin:: Spam protection, Anti-Spam, FireWall by CleanTalk
Plugin Slug:: cleantalk-spam-protect
Installations: 200,000+
Vulnerability:: Broken Authentication
Patched in Version:: 6.44
Severity Score:: Critical
CVE:: 2024-10542

Plugin:: Jeg Elementor Kit
Plugin Slug:: jeg-elementor-kit
Installations: 200,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.6.10
Severity Score:: Medium
CVE:: 2024-10308

Plugin:: Jeg Elementor Kit
Plugin Slug:: jeg-elementor-kit
Installations: 200,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.6.10
Severity Score:: Medium
CVE:: 2024-8899

Plugin:: Ultimate Member � User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin
Plugin Slug:: ultimate-member
Installations: 200,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.9.0
Severity Score:: Medium
CVE:: 2024-10528

Plugin:: SEO Plugin by Squirrly SEO
Plugin Slug:: squirrly-seo
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 12.3.21
Severity Score:: Medium
CVE:: 2024-10515

Plugin:: The Plus Addons for Elementor � Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce
Plugin Slug:: the-plus-addons-for-elementor-page-builder
Installations: 100,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 6.0.4
Severity Score:: Medium
CVE:: 2024-10365

Plugin:: HUSKY � Products Filter Professional for WooCommerce
Plugin Slug:: woocommerce-products-filter
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.6.4
Severity Score:: High
CVE:: 2024-11400

Plugin:: Hustle � Email Marketing, Lead Generation, Optins, Popups
Plugin Slug:: wordpress-popup
Installations: 100,000+
Vulnerability:: Broken Access Control
Patched in Version:: 7.8.6
Severity Score:: Medium
CVE:: 2024-10579

Plugin:: Parsi Date
Plugin Slug:: wp-parsidate
Installations: 100,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.1.2
Severity Score:: High
CVE:: 2024-11032

Plugin:: Tutor LMS � eLearning and online course solution
Plugin Slug:: tutor
Installations: 90,000+
Vulnerability:: SQL Injection
Patched in Version:: 2.7.7
Severity Score:: Critical
CVE:: 2024-10400

Plugin:: Tutor LMS � eLearning and online course solution
Plugin Slug:: tutor
Installations: 90,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.7.7
Severity Score:: Medium
CVE:: 2024-10393

Plugin:: Customer Reviews for WooCommerce
Plugin Slug:: customer-reviews-woocommerce
Installations: 70,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.62.0
Severity Score:: Medium
CVE:: 2024-10614

Plugin:: Clone
Plugin Slug:: wp-clone-by-wp-academy
Installations: 70,000+
Vulnerability:: PHP Object Injection
Patched in Version:: 2.4.7
Severity Score:: High
CVE:: 2024-10913

Plugin:: Increase Maximum Upload File Size | Increase Execution Time
Plugin Slug:: wp-maximum-upload-file-size
Installations: 70,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.1.4
Severity Score:: Medium
CVE:: 2024-11265

Plugin:: Getwid � Gutenberg Blocks
Plugin Slug:: getwid
Installations: 60,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.13
Severity Score:: Medium
CVE:: 2024-10872

Plugin:: FOX � Currency Switcher Professional for WooCommerce
Plugin Slug:: woocommerce-currency-switcher
Installations: 60,000+
Vulnerability:: Arbitrary Code Execution
Patched in Version:: 1.4.2.3
Severity Score:: High
CVE:: 2024-10640

Plugin:: Booster for WooCommerce
Plugin Slug:: woocommerce-jetpack
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.2.4
Severity Score:: Medium
CVE:: 2024-9170

Plugin:: Booster for WooCommerce
Plugin Slug:: woocommerce-jetpack
Installations: 50,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 7.2.4
Severity Score:: High
CVE:: 2024-9239

Plugin:: Ditty � Responsive News Tickers, Sliders, and Lists
Plugin Slug:: ditty-news-ticker
Installations: 40,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1.47
Severity Score:: Medium
CVE:: 2024-9600

Plugin:: Simple Membership
Plugin Slug:: simple-membership
Installations: 40,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 4.5.6
Severity Score:: Medium
CVE:: 2024-11088

Plugin:: Post Grid Gutenberg Blocks and WordPress Blog Plugin � PostX
Plugin Slug:: ultimate-post
Installations: 40,000+
Vulnerability:: Broken Access Control
Patched in Version:: 4.1.17
Severity Score:: High
CVE:: 2024-10728

Plugin:: Security & Malware scan by CleanTalk
Plugin Slug:: security-malware-firewall
Installations: 30,000+
Vulnerability:: SQL Injection
Patched in Version:: 2.145.1
Severity Score:: Critical
CVE:: 2024-10570

Plugin:: Gallery Blocks with Lightbox. Image Gallery, (HTML5 video , YouTube, Vimeo) Video Gallery and Lightbox for native gallery
Plugin Slug:: simply-gallery-block
Installations: 30,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.4.3
Severity Score:: Medium
CVE:: 2024-10034

Plugin:: Stratum � Elementor Widgets
Plugin Slug:: stratum
Installations: 30,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.4.5
Severity Score:: Medium
CVE:: 2024-10316

Plugin:: Branda � Branda � White Label & Branding, Custom Login Page Customizer
Plugin Slug:: branda-white-labeling
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.4.22
Severity Score:: High
CVE:: 2024-9371

Plugin:: MailChimp Forms by MailMunch
Plugin Slug:: mailchimp-forms-by-mailmunch
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.4
Severity Score:: High
CVE:: 2024-8726

Plugin:: MP3 Audio Player � Music Player, Podcast Player & Radio by Sonaar
Plugin Slug:: mp3-music-player-by-sonaar
Installations: 20,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.9
Severity Score:: Medium
CVE:: 2024-10268

Plugin:: Backup and Staging by WP Time Capsule
Plugin Slug:: wp-time-capsule
Installations: 20,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 1.22.22
Severity Score:: Critical
CVE:: 2024-8856

Plugin:: 404 Solution
Plugin Slug:: 404-solution
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.35.20
Severity Score:: High
CVE:: 2024-11277

Plugin:: Classified Listing � Classified ads & Business Directory Plugin
Plugin Slug:: classified-listing
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.1.16
Severity Score:: High
CVE:: 2024-11194

Plugin:: CM Pop-Up Banners for WordPress
Plugin Slug:: cm-pop-up-banners
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.7.6
Severity Score:: High
CVE:: 2024-11202

Plugin:: RegistrationMagic � User Registration Plugin with Custom Registration Forms
Plugin Slug:: custom-registration-form-builder-with-submission-manager
Installations: 10,000+
Vulnerability:: Privilege Escalation
Patched in Version:: 6.0.2.7
Severity Score:: Critical
CVE:: 2024-10508

Plugin:: GamiPress � Gamification plugin to reward points, achievements, badges & ranks in WordPress
Plugin Slug:: gamipress
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 7.1.6
Severity Score:: Medium
CVE:: 2024-11036

Plugin:: LA-Studio Element Kit for Elementor
Plugin Slug:: lastudio-element-kit
Installations: 10,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 1.4.3
Severity Score:: High
CVE:: 2024-10873

Plugin:: Restaurant Menu � Food Ordering System � Table Reservation
Plugin Slug:: menu-ordering-reservations
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.3
Severity Score:: High
CVE:: 2024-9653

Plugin:: Paid Membership Subscriptions � Effortless Memberships, Recurring Payments & Content Restriction
Plugin Slug:: paid-member-subscriptions
Installations: 10,000+
Vulnerability:: Arbitrary Code Execution
Patched in Version:: 2.13.1
Severity Score:: High
CVE:: 2024-10261

Plugin:: PublishPress Revisions: Duplicate Posts, Submit, Approve and Schedule Content Changes
Plugin Slug:: revisionary
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 3.5.16
Severity Score:: Medium
CVE:: 2024-11154

Plugin:: Simple Side Tab
Plugin Slug:: simple-side-tab
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.0
Severity Score:: Medium
CVE:: 2024-10551

Plugin:: WooCommerce Product Table Lite
Plugin Slug:: wc-product-table-lite
Installations: 10,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.8.7
Severity Score:: High
CVE:: 2024-10899

Plugin:: WP Travel Engine � Tour Booking Plugin � Tour Operator Software
Plugin Slug:: wp-travel-engine
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 6.2.2
Severity Score:: Medium
CVE:: 2024-10606

Plugin:: WP User Manager � User Profile Builder & Membership
Plugin Slug:: wp-user-manager
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.9.12
Severity Score:: Medium
CVE:: 2024-10537

Plugin:: WP User Manager � User Profile Builder & Membership
Plugin Slug:: wp-user-manager
Installations: 10,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.9.12
Severity Score:: Medium
CVE:: 2024-10216

Plugin:: Category Ajax Filter
Plugin Slug:: category-ajax-filter
Installations: 8,000+
Vulnerability:: Local File Inclusion
Patched in Version:: 2.8.3
Severity Score:: High
CVE:: 2024-10871

Plugin:: CM Tooltip Glossary
Plugin Slug:: enhanced-tooltipglossary
Installations: 8,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.3.12
Severity Score:: High
CVE:: 2024-11202

Plugin:: GD bbPress Attachments
Plugin Slug:: gd-bbpress-attachments
Installations: 8,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.7.3
Severity Score:: High
CVE:: 2024-11278

Plugin:: If-So Dynamic Content Personalization
Plugin Slug:: if-so
Installations: 8,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.9.2.2
Severity Score:: Medium
CVE:: 2024-10796

Plugin:: MailMunch � Grow your Email List
Plugin Slug:: mailmunch
Installations: 8,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.0
Severity Score:: High
CVE:: 2024-8735

Plugin:: WP Project Manager � Task, team, and project management plugin featuring kanban board and gantt charts
Plugin Slug:: wedevs-project-manager
Installations: 8,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.6.15
Severity Score:: Medium
CVE:: 2024-10520

Plugin:: Easiest Funnel Builder For WordPress & WooCommerce by WPFunnels
Plugin Slug:: wpfunnels
Installations: 8,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.5.6
Severity Score:: High
CVE:: 2024-10792

Plugin:: ProfileGrid � User Profiles, Groups and Communities
Plugin Slug:: profilegrid-user-profiles-groups-and-communities
Installations: 7,000+
Vulnerability:: Broken Access Control
Patched in Version:: 5.9.3.7
Severity Score:: Medium
CVE:: 2024-10900

Plugin:: Product Table for WooCommerce by CodeAstrology (wooproducttable.com)
Plugin Slug:: woo-product-table
Installations: 7,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 3.5.2
Severity Score:: Medium
CVE:: 2024-10813

Plugin:: WPB Popup for Contact Form 7 � Showing The Contact Form 7 Popup on Button Click � CF7 Popup
Plugin Slug:: wpb-popup-for-contact-form-7
Installations: 7,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.7.6
Severity Score:: Medium
CVE:: 2024-11038

Plugin:: Product Input Fields for WooCommerce
Plugin Slug:: product-input-fields-for-woocommerce
Installations: 6,000+
Vulnerability:: Path Traversal
Patched in Version:: 2.0
Severity Score:: Medium
CVE:: 2024-10857

Plugin:: WPAdverts � Classifieds Plugin
Plugin Slug:: wpadverts
Installations: 6,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.8
Severity Score:: High
CVE:: 2024-10890

Plugin:: GEO my WP
Plugin Slug:: geo-my-wp
Installations: 5,000+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 4.5
Severity Score:: Critical
CVE:: 2024-9422

Plugin:: Request a Quote for WooCommerce and Elementor � Get a Quote Button � Product Enquiry Form Popup � Product Quotation
Plugin Slug:: get-a-quote-button-for-woocommerce
Installations: 5,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.5
Severity Score:: Medium
CVE:: 2024-11034

Plugin:: Booking calendar, Appointment Booking System
Plugin Slug:: booking-calendar
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.2.16
Severity Score:: High
CVE:: 2024-9504

Plugin:: Button Block � Get fully customizable & multi-functional buttons
Plugin Slug:: button-block
Installations: 4,000+
Vulnerability:: Broken Authentication
Patched in Version:: 1.1.5
Severity Score:: Medium
CVE:: 2024-10671

Plugin:: CM WordPress Search And Replace Plugin
Plugin Slug:: cm-on-demand-search-and-replace
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4.3
Severity Score:: High
CVE:: 2024-11202

Plugin:: MStore API � Create Native Android & iOS Apps On The Cloud
Plugin Slug:: mstore-api
Installations: 4,000+
Vulnerability:: SQL Injection
Patched in Version:: 4.15.8
Severity Score:: High
CVE:: 2024-11179

Plugin:: Sp*tify Play Button for WordPress
Plugin Slug:: spotify-play-button-for-wordpress
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.12
Severity Score:: Medium
CVE:: 2024-11192

Plugin:: Premium Packages � Sell Digital Products Securely
Plugin Slug:: wpdm-premium-packages
Installations: 4,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.9.4
Severity Score:: High
CVE:: 2024-11225

Plugin:: Add Chat App Button
Plugin Slug:: add-whatsapp-button
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.8
Severity Score:: Medium
CVE:: 2024-52489

Plugin:: Parallax Image
Plugin Slug:: parallax-image
Installations: 3,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.9.1
Severity Score:: Medium
CVE:: 2024-11224

Plugin:: Additional Order Filters for WooCommerce
Plugin Slug:: additional-order-filters-for-woocommerce
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.22
Severity Score:: High
CVE:: 2024-11418

Plugin:: affiliate-toolkit � WP Affiliate Plugin with Amazon
Plugin Slug:: affiliate-toolkit-starter
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.6.8
Severity Score:: High
CVE:: 2024-10675

Plugin:: Email Subscription Popup
Plugin Slug:: email-subscribe
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.23
Severity Score:: Medium
CVE:: 2024-11195

Plugin:: Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blog, Video Gallery)
Plugin Slug:: sky-elementor-addons
Installations: 2,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 2.6.2
Severity Score:: Medium
CVE:: 2024-9542

Plugin:: Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blog, Video Gallery)
Plugin Slug:: sky-elementor-addons
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.6.3
Severity Score:: High
CVE:: 2024-11104

Plugin:: Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blog, Video Gallery)
Plugin Slug:: sky-elementor-addons
Installations: 2,000+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 2.6.2
Severity Score:: Medium
CVE:: 2024-11601

Plugin:: SVG Block
Plugin Slug:: svg-block
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.25
Severity Score:: Medium
CVE:: 2024-11098

Plugin:: Theme Builder For Elementor
Plugin Slug:: theme-builder-for-elementor
Installations: 2,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.2.3
Severity Score:: Medium
CVE:: 2024-10782

Plugin:: Checkout with Cash App on WooCommerce
Plugin Slug:: wc-cashapp
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.0.3
Severity Score:: High
CVE:: 2024-9635

Plugin:: What Would Seth Godin Do
Plugin Slug:: what-would-seth-godin-do
Installations: 2,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.2
Severity Score:: Medium
CVE:: 2024-51900

Plugin:: Anonymous Restricted Content
Plugin Slug:: anonymous-restricted-content
Installations: 1,000+
Vulnerability:: Sensitive Data Exposure
Patched in Version:: 1.6.6
Severity Score:: Medium
CVE:: 2024-11089

Plugin:: AppPresser � Mobile App Framework
Plugin Slug:: apppresser
Installations: 1,000+
Vulnerability:: Privilege Escalation
Patched in Version:: 4.4.7
Severity Score:: Critical
CVE:: 2024-11024

Plugin:: Attesa Extra
Plugin Slug:: attesa-extra
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 1.4.3
Severity Score:: Medium
CVE:: 2024-10688

Plugin:: BNE Gallery Extended
Plugin Slug:: bne-gallery-extended
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.2
Severity Score:: Medium
CVE:: 2024-11119

Plugin:: Name: CM E-Mail Registration Blacklist
Plugin Slug:: cm-email-blacklist
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.4
Severity Score:: High
CVE:: 2024-11202

Plugin:: CM Header & Footer Script Loader � Insert Script Plugin
Plugin Slug:: cm-header-footer-script-loader
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.2
Severity Score:: High
CVE:: 2024-11202

Plugin:: Co-marquage service-public.fr
Plugin Slug:: co-marquage-service-public
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 0.5.77
Severity Score:: High
CVE:: 2024-10522

Plugin:: Enter Addons � Ultimate Template Builder for Elementor
Plugin Slug:: enteraddons
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 2.2.0
Severity Score:: Medium
CVE:: 2024-10868

Plugin:: Friendly Functions for Welcart
Plugin Slug:: friendly-functions-for-welcart
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.5
Severity Score:: High
CVE:: 2024-10726

Plugin:: GD Rating System
Plugin Slug:: gd-rating-system
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.6.2
Severity Score:: Medium
CVE:: 2024-11198

Plugin:: InPost Gallery
Plugin Slug:: inpost-gallery
Installations: 1,000+
Vulnerability:: Arbitrary Code Execution
Patched in Version:: 2.1.4.3
Severity Score:: Medium
CVE:: 2024-11002

Plugin:: JobBoardWP � Job Board Listings and Submissions
Plugin Slug:: jobboardwp
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.1
Severity Score:: High
CVE:: 2024-10880

Plugin:: NiceJob
Plugin Slug:: nicejob
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.7.2
Severity Score:: Medium
CVE:: 2024-10887

Plugin:: ????? ?? ???? � ???? ?? ????
Plugin Slug:: pgall-for-woocommerce
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 5.2.0
Severity Score:: Medium
CVE:: 2024-11228

Plugin:: Rescue Shortcodes
Plugin Slug:: rescue-shortcodes
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.0
Severity Score:: Medium
CVE:: 2024-11199

Plugin:: Save as PDF Plugin by Pdfcrowd
Plugin Slug:: save-as-pdf-by-pdfcrowd
Installations: 1,000+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 4.2.2
Severity Score:: Medium
CVE:: 2024-10891

Plugin:: Image Optimizer, Resizer and CDN � Sirv
Plugin Slug:: sirv
Installations: 1,000+
Vulnerability:: Broken Access Control
Patched in Version:: 7.3.1
Severity Score:: High
CVE:: 2024-10855

Plugin:: Bard Extra
Plugin Slug:: bard-extra
Installations: 900+
Vulnerability:: Broken Access Control
Patched in Version:: 1.2.8
Severity Score:: Medium
CVE:: 2024-10532

Plugin:: Include Mastodon Feed
Plugin Slug:: include-mastodon-feed
Installations: 800+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.9.6
Severity Score:: Medium
CVE:: 2024-11455

Plugin:: System Dashboard
Plugin Slug:: system-dashboard
Installations: 800+
Vulnerability:: Path Traversal
Patched in Version:: 2.8.15
Severity Score:: Medium
CVE:: 2024-10708

Plugin:: System Dashboard
Plugin Slug:: system-dashboard
Installations: 800+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.8.15
Severity Score:: High
CVE:: 2024-11107

Plugin:: Taskbuilder � WordPress Project & Task Management plugin
Plugin Slug:: taskbuilder
Installations: 800+
Vulnerability:: SQL Injection
Patched in Version:: 3.0.5
Severity Score:: High
CVE:: 2024-9828

Plugin:: Payments Plugin and Checkout Plugin for WooCommerce: Stripe, PayPal, Square, Authorize.net
Plugin Slug:: peachpay-for-woocommerce
Installations: 700+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.113.0
Severity Score:: High
CVE:: 2024-11362

Plugin:: StreamWeasels Online Status Bar
Plugin Slug:: stream-status-for-twitch
Installations: 700+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.1.10
Severity Score:: Medium
CVE:: 2024-11438

Plugin:: Theater for WordPress
Plugin Slug:: theatre
Installations: 700+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 0.18.7
Severity Score:: High
CVE:: 2024-11371

Plugin:: Block Editor Bootstrap Blocks
Plugin Slug:: block-editor-bootstrap-blocks
Installations: 600+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 6.6.2
Severity Score:: High
CVE:: 2024-11402

Plugin:: Media File Rename, Find Unused File, Add Alt text, Caption, Desc For Image SEO � Media Library Tools
Plugin Slug:: media-library-tools
Installations: 600+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.5.0
Severity Score:: Medium
CVE:: 2024-10482

Plugin:: Memberlite Shortcodes
Plugin Slug:: memberlite-shortcodes
Installations: 600+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4
Severity Score:: Medium
CVE:: 2024-11227

Plugin:: Wawp OTP Verification, Order Notifications, and Country Code Selector for WooCommerce
Plugin Slug:: automation-web-platform
Installations: 500+
Vulnerability:: Broken Authentication
Patched in Version:: 3.0.18
Severity Score:: Critical
CVE:: 2024-52475

Plugin:: ???? ???
Plugin Slug:: mshop-naver-talktalk
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.0
Severity Score:: Medium
CVE:: 2024-11229

Plugin:: WP Mailster
Plugin Slug:: wp-mailster
Installations: 500+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8.17.0
Severity Score:: Medium
CVE:: 2024-53737

Plugin:: CM Table Of Contents � WordPress TOC Plugin
Plugin Slug:: cm-table-of-content
Installations: 400+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.4
Severity Score:: High
CVE:: 2024-5029

Plugin:: CM Table Of Contents � WordPress TOC Plugin
Plugin Slug:: cm-table-of-content
Installations: 400+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.2.3
Severity Score:: Medium
CVE:: 2024-5030

Plugin:: ???? ?????
Plugin Slug:: mshop-npay
Installations: 400+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.4.0
Severity Score:: Medium
CVE:: 2024-11231

Plugin:: Custom CSS, JS & PHP
Plugin Slug:: custom-css
Installations: 300+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.4.0
Severity Score:: High
CVE:: 2024-11330

Plugin:: FireCask�s Twitter Follow Button
Plugin Slug:: twitter-follow
Installations: 300+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 0.3
Severity Score:: Medium
CVE:: 2024-10116

Plugin:: Dino Game � Embed Google Chrome Dinosaur Game in your website
Plugin Slug:: dino-game
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.0
Severity Score:: Medium
CVE:: 2024-11388

Plugin:: Easy Liveblogs
Plugin Slug:: easy-liveblogs
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.3.6
Severity Score:: Medium
CVE:: 2024-11387

Plugin:: Opal Woo Custom Product Variation
Plugin Slug:: opal-woo-custom-product-variation
Installations: 200+
Vulnerability:: Arbitrary File Deletion
Patched in Version:: 1.1.4
Severity Score:: High
CVE:: 2024-52444

Plugin:: Slotti Ajanvaraus
Plugin Slug:: slotti-ajanvaraus
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.1
Severity Score:: Medium
CVE:: 2024-11408

Plugin:: WIP Incoming Lite
Plugin Slug:: wip-incoming-lite
Installations: 200+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.2
Severity Score:: High
CVE:: 2024-11416

Plugin:: WP-Orphanage Extended
Plugin Slug:: wp-orphanage-extended
Installations: 200+
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.3
Severity Score:: Critical
CVE:: 2024-11415

Plugin:: Chessgame Shizzle
Plugin Slug:: chessgame-shizzle
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.1
Severity Score:: High
CVE:: 2024-11446

Plugin:: Run Contests, Raffles, and Giveaways with ContestsWP
Plugin Slug:: contest-code-checker
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.4
Severity Score:: High
CVE:: 2024-11456

Plugin:: HIPAA Compliant Forms with Drag�n�Drop HIPAA Form Builder. Sign HIPAA documents
Plugin Slug:: hipaatizer
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.3.5
Severity Score:: Medium
CVE:: 2024-11332

Plugin:: My Contador lesr
Plugin Slug:: my-contador-wp
Installations: 100+
Vulnerability:: Broken Access Control
Patched in Version:: 2.1
Severity Score:: Medium
CVE:: 2024-11334

Plugin:: Skt NURCaptcha
Plugin Slug:: skt-nurcaptcha
Installations: 100+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.6.0
Severity Score:: High
CVE:: 2024-11342

Plugin:: Ortto
Plugin Slug:: autopilot
Installations: 90+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.0.21
Severity Score:: High
CVE:: 2024-52482

Plugin:: AutoListicle: Automatically Update Numbered List Articles
Plugin Slug:: autolisticle-automatically-update-numbered-list-articles
Installations: 70+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.2.4
Severity Score:: Medium
CVE:: 2024-11426

Plugin:: CM Business Directory Plugin � Business Listing Directory
Plugin Slug:: cm-business-directory
Installations: 70+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4.2
Severity Score:: High
CVE:: 2024-11202

Plugin:: Video Lessons Manager � WordPress LMS Plugin
Plugin Slug:: cm-video-lesson-manager
Installations: 70+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.8.3
Severity Score:: High
CVE:: 2024-11202

Plugin:: PDF Invoices & Packing Slips Generator for WooCommerce
Plugin Slug:: pdf-invoicing-for-woocommerce
Installations: 70+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.2.2
Severity Score:: High
CVE:: 2024-11361

Plugin:: Page Parts
Plugin Slug:: page-parts
Installations: 60+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.4.4
Severity Score:: High
CVE:: 2024-11360

Plugin:: Fediverse Embeds
Plugin Slug:: fediverse-embeds
Installations: 40+
Vulnerability:: Arbitrary File Upload
Patched in Version:: 1.5.4
Severity Score:: Critical
CVE:: 2024-52476

Plugin:: WordPress Bootscraper
Plugin Slug:: wp-bootscraper
Installations: 40+
Vulnerability:: Local File Inclusion
Patched in Version:: 4.0.0
Severity Score:: High
CVE:: 2024-52449

Plugin:: Support SVG � Upload svg files in wordpress without hassle
Plugin Slug:: support-svg
Installations: 30+
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.1.1
Severity Score:: Medium
CVE:: 2024-11091

Plugin:: ???????? ??????? ????????? ??????
Plugin Slug:: express-pay
Installations: 20+
Vulnerability:: SQL Injection
Patched in Version:: 1.1.9
Severity Score:: Critical
CVE:: 2024-52474

Plugin:: Document & Data Automation
Plugin Slug:: document-data-automation
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: 1.6.2
Severity Score:: High
CVE:: 2024-52477

Plugin:: MP3 Sticky Player
Plugin Slug:: fwdmsp
Vulnerability:: Path Traversal
Patched in Version:: 8.1
Severity Score:: High
CVE:: 2024-10803

Plugin:: WPGYM
Plugin Slug:: gym-management
Vulnerability:: Broken Access Control
Patched in Version:: 67.2.0
Severity Score:: Critical
CVE:: 2024-9941

Plugin:: WPGYM
Plugin Slug:: gym-management
Vulnerability:: Arbitrary File Upload
Patched in Version:: 67.2.0
Severity Score:: Critical
CVE:: 2024-9942

Plugin:: Leopard – WordPress offload media
Plugin Slug:: leopard-wordpress-offload-media
Vulnerability:: Broken Access Control
Patched in Version:: 3.1.2
Severity Score:: High
CVE:: 2024-10589

Plugin:: School Management
Plugin Slug:: school-management
Vulnerability:: Arbitrary File Upload
Patched in Version:: 92.0.0
Severity Score:: Critical
CVE:: 2024-9659

Plugin:: Wishlist for WooCommerce Pro
Plugin Slug:: wish-list-for-woocommerce-pro
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 3.1.3
Severity Score:: High
CVE:: 2024-10519

Plugin:: Booking & Appointment Plugin for WooCommerce
Plugin Slug:: woocommerce-booking
Vulnerability:: Broken Access Control
Patched in Version:: 6.10.0
Severity Score:: High
CVE:: 2024-10729

Plugin:: WordPress GDPR & CCPA
Plugin Slug:: wordpress-gdpr
Vulnerability:: Broken Access Control
Patched in Version:: 2.0.3
Severity Score:: Medium
CVE:: 2024-11069

Plugin:: WordPress GDPR & CCPA
Plugin Slug:: wordpress-gdpr
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.0.3
Severity Score:: High
CVE:: 2024-10388

WordPress Themes � 3 Patched / 6 Unpatched

Theme:: Grip
Theme Slug:: grip
Downloads: 27,482
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-52488

Theme:: AccessPress Staple
Theme Slug:: accesspress-staple
Vulnerability:: Arbitrary File Upload
Patched in Version:: No Fix
Severity Score:: Critical
CVE:: 2024-52488

Theme:: Jobify – Job Board WordPress Theme
Theme Slug:: jobify
Vulnerability:: Arbitrary File Download
Patched in Version:: No Fix
Severity Score:: High
CVE:: 2024-52481

Theme:: Jobify – Job Board WordPress Theme
Theme Slug:: jobify
Vulnerability:: Broken Access Control
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-52480

Theme:: Jobify – Job Board WordPress Theme
Theme Slug:: jobify
Vulnerability:: Cross Site Request Forgery (CSRF)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-52479

Theme:: Jobify – Job Board WordPress Theme
Theme Slug:: jobify
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: No Fix
Severity Score:: Medium
CVE:: 2024-52478

Theme:: Ashe
Theme Slug:: ashe
Downloads: 2,043,009
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.244
Severity Score:: High
CVE:: 2024-9777

Theme:: Bard
Theme Slug:: bard
Downloads: 939,343
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 2.217
Severity Score:: High
CVE:: 2024-9830

Theme:: ForumEngine
Theme Slug:: forumengine
Vulnerability:: Cross Site Scripting (XSS)
Patched in Version:: 1.9
Severity Score:: High
CVE:: 2024-10623