Nexcess.comServers.comLiquidWeb.com
Line illustration showing a black application window on a dark black to purple gradient background overlaid with a large exclamation point alert icon and three bugs.

WordPress Vulnerability Report � November 6, 2024

Sarah
Uncategorized

In this report, 285 vulnerabilities have been publicly disclosed. Security patches for 99 of these plugins are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version management tool may have already warned you and updated these plugins, depending on your settings.

Additionally, there are 186 plugin vulnerabilities with no patch available yet. If you’re a Solid Security Pro user, those vulnerabilities are already protected by the Solid Security firewall. Virtual patches from Patchstack will be applied when a vulnerability is considered high or medium risk. If no patch is forthcoming from the vendor or the vulnerable software has been marked “closed” and dropped from the official WordPress repositories, you should deactivate it soon and look for alternative solutions.

WordPress Core

WordPress 6.7 Beta 3 is available and ready for testing! This beta version of the WordPress software is under development. Please do not install, run, or test this version of WordPress on production or mission-critical websites. Instead, it is recommended you evaluate Beta 3 on a test server and site.

WordPress Plugins � 99 Patched / 186 Unpatched

WP Hotel Booking

Plugin:

WP Hotel Booking

Plugin Slug:
wp-hotel-booking

Installations
8,000+

Vulnerability:
Local File Inclusion

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51582


The vulnerability has not been patched. You should deactivate the plugin.

Administrator Z

Plugin:

Administrator Z

Plugin Slug:
administrator-z

Installations
400+

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-50524


The vulnerability has not been patched. You should deactivate the plugin.

Simple Page Specific Sidebars

Plugin:

Simple Page Specific Sidebars

Plugin Slug:
page-specific-sidebars

Installations
100+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51633


The vulnerability has not been patched. You should deactivate the plugin.

Training � Courses

Plugin:

Training � Courses

Plugin Slug:
training

Installations
20+

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-50529


The vulnerability has not been patched. You should deactivate the plugin.

All Post Contact Form

Plugin:

All Post Contact Form

Plugin Slug:
allpost-contactform

Installations
10+

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-50523


The vulnerability has not been patched. You should deactivate the plugin.

Easy SVG Upload

Plugin:

Easy SVG Upload

Plugin Slug:
easy-svg-upload

Installations
10+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-9708


The vulnerability has not been patched. You should deactivate the plugin.

3D Presentation

Plugin:

3D Presentation

Plugin Slug:
3d-presentation

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51578


The vulnerability has not been patched. You should deactivate the plugin.

5 Stars Rating Funnel

Plugin:

5 Stars Rating Funnel

Plugin Slug:
5-stars-rating-funnel

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51579


The vulnerability has not been patched. You should deactivate the plugin.

Aajoda Testimonials

Plugin:

Aajoda Testimonials

Plugin Slug:
aajoda-testimonials

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51614


The vulnerability has not been patched. You should deactivate the plugin.

Bing Search API Integration

Plugin:

Bing Search API Integration

Plugin Slug:
abbs-bing-search

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51692


The vulnerability has not been patched. You should deactivate the plugin.

Addressbook

Plugin:

Addressbook

Plugin Slug:
addressbook

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51644


The vulnerability has not been patched. You should deactivate the plugin.

Admin SMS Alert

Plugin:

Admin SMS Alert

Plugin Slug:
admin-sms-alert

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51637


The vulnerability has not been patched. You should deactivate the plugin.

Advanced Control Manager for WordPress by ItalyStrap

Plugin:

Advanced Control Manager for WordPress by ItalyStrap

Plugin Slug:
advanced-control-manager

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-50541


The vulnerability has not been patched. You should deactivate the plugin.

Advanced PDF Generator

Plugin:

Advanced PDF Generator

Plugin Slug:
advanced-pdf-generator

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51641


The vulnerability has not been patched. You should deactivate the plugin.

Ajax Content Filter

Plugin:

Ajax Content Filter

Plugin Slug:
ajax-content-filter

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51717


The vulnerability has not been patched. You should deactivate the plugin.

Alley Elementor Widget

Plugin:

Alley Elementor Widget

Plugin Slug:
alley-elementor-widget

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-50521


The vulnerability has not been patched. You should deactivate the plugin.

AmaDiscount

Plugin:

AmaDiscount

Plugin Slug:
amadiscount

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51608


The vulnerability has not been patched. You should deactivate the plugin.

amazing neo icon font for elementor

Plugin:

amazing neo icon font for elementor

Plugin Slug:
amazing-neo-icon-font-for-elementor

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-50543


The vulnerability has not been patched. You should deactivate the plugin.

Amazon Associate Filter

Plugin:

Amazon Associate Filter

Plugin Slug:
amazon-associate-filter

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51643


The vulnerability has not been patched. You should deactivate the plugin.

AMP Img Shortcode

Plugin:

AMP Img Shortcode

Plugin Slug:
amp-img-shortcode

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51576


The vulnerability has not been patched. You should deactivate the plugin.

Ancient World Linked Data

Plugin:

Ancient World Linked Data

Plugin Slug:
ancient-world-linked-data-for-wordpress

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-50520


The vulnerability has not been patched. You should deactivate the plugin.

APK Downloader

Plugin:

APK Downloader

Plugin Slug:
apk-downloader

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51654


The vulnerability has not been patched. You should deactivate the plugin.

AR For Woocommerce

Plugin:

AR For Woocommerce

Plugin Slug:
ar-for-woocommerce

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-50510


The vulnerability has not been patched. You should deactivate the plugin.

Custom Author URL

Plugin:

Custom Author URL

Plugin Slug:
author-slug

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51655


The vulnerability has not been patched. You should deactivate the plugin.

Awesome Progress Bar

Plugin:

Awesome Progress Bar

Plugin Slug:
awesome-progess-bar

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-50548


The vulnerability has not been patched. You should deactivate the plugin.

Awesome Shortcodes For Genesis

Plugin:

Awesome Shortcodes For Genesis

Plugin Slug:
awesome-shortcodes-for-genesis

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51638


The vulnerability has not been patched. You should deactivate the plugin.

AwesomePress

Plugin:

AwesomePress

Plugin Slug:
awesomepress

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51616


The vulnerability has not been patched. You should deactivate the plugin.

Bigmart Elements

Plugin:

Bigmart Elements

Plugin Slug:
bigmart-elements

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51589


The vulnerability has not been patched. You should deactivate the plugin.

Blrt WP Embed

Plugin:

Blrt WP Embed

Plugin Slug:
blrt-wp-embed

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51606


The vulnerability has not been patched. You should deactivate the plugin.

Bonway Static Block Editor

Plugin:

Bonway Static Block Editor

Plugin Slug:
bonway-static-block-editor

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-50549


The vulnerability has not been patched. You should deactivate the plugin.

bpmn.io

Plugin:

bpmn.io

Plugin Slug:
bpmnio

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51577


The vulnerability has not been patched. You should deactivate the plugin.

Bulk Change Role

Plugin:

Bulk Change Role

Plugin Slug:
bulk-role-change

Vulnerability:
Privilege Escalation

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-50504


The vulnerability has not been patched. You should deactivate the plugin.

Buooy Sticky Header

Plugin:

Buooy Sticky Header

Plugin Slug:
buooy-sticky-header

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51699


The vulnerability has not been patched. You should deactivate the plugin.

Business

Plugin:

Business

Plugin Slug:
business

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51596


The vulnerability has not been patched. You should deactivate the plugin.

Clever Addons for Elementor

Plugin:

Clever Addons for Elementor

Plugin Slug:
cafe-lite

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51580


The vulnerability has not been patched. You should deactivate the plugin.

Classy Addons for Elementor

Plugin:

Classy Addons for Elementor

Plugin Slug:
classy-addons-for-elementor

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-50553


The vulnerability has not been patched. You should deactivate the plugin.

Clyp

Plugin:

Clyp

Plugin Slug:
clyp

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51617


The vulnerability has not been patched. You should deactivate the plugin.

Code Explorer

Plugin:

Code Explorer

Plugin Slug:
code-explorer

Vulnerability:
Directory Traversal

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2023-5816


The vulnerability has not been patched. You should deactivate the plugin.

Content Syndication Toolkit Reader

Plugin:

Content Syndication Toolkit Reader

Plugin Slug:
content-syndication-toolkit-reader

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51696


The vulnerability has not been patched. You should deactivate the plugin.

Conversion Helper

Plugin:

Conversion Helper

Plugin Slug:
conversion-helper

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-10676


The vulnerability has not been patched. You should deactivate the plugin.

Crypto

Plugin:

Crypto

Plugin Slug:
crypto

Vulnerability:
Broken Authentication

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-9989


The vulnerability has not been patched. You should deactivate the plugin.

Crypto

Plugin:

Crypto

Plugin Slug:
crypto

Vulnerability:
Broken Authentication

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-9988


The vulnerability has not been patched. You should deactivate the plugin.

Crypto

Plugin:

Crypto

Plugin Slug:
crypto

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-9990


The vulnerability has not been patched. You should deactivate the plugin.

Custom Admin Menu

Plugin:

Custom Admin Menu

Plugin Slug:
custom-admin-menu

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51618


The vulnerability has not been patched. You should deactivate the plugin.

Daily Image

Plugin:

Daily Image

Plugin Slug:
daily-image

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51776


The vulnerability has not been patched. You should deactivate the plugin.

Dashing Memberships

Plugin:

Dashing Memberships

Plugin Slug:
dashing-memberships

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51760


The vulnerability has not been patched. You should deactivate the plugin.

DataMentor

Plugin:

DataMentor

Plugin Slug:
datamentor

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-50545


The vulnerability has not been patched. You should deactivate the plugin.

Definitive Addons for Elementor

Plugin:

Definitive Addons for Elementor

Plugin Slug:
definitive-addons-for-elementor

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51587


The vulnerability has not been patched. You should deactivate the plugin.

Display Terms Shortcode

Plugin:

Display Terms Shortcode

Plugin Slug:
display-terms-shortcode

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51610


The vulnerability has not been patched. You should deactivate the plugin.

Domain Sharding

Plugin:

Domain Sharding

Plugin Slug:
domain-sharding

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-50533


The vulnerability has not been patched. You should deactivate the plugin.

Don’t Break The Code

Plugin:

Don’t Break The Code

Plugin Slug:
dont-break-the-code

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51779


The vulnerability has not been patched. You should deactivate the plugin.

Doofinder

Plugin:

Doofinder

Plugin Slug:
doofinder

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51697


The vulnerability has not been patched. You should deactivate the plugin.

(dp) AddThis

Plugin:

(dp) AddThis

Plugin Slug:
dp-addthis

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-50540


The vulnerability has not been patched. You should deactivate the plugin.

DS.DownloadList

Plugin:

DS.DownloadList

Plugin Slug:
dsdownloadlist

Vulnerability:
PHP Object Injection

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-50507


The vulnerability has not been patched. You should deactivate the plugin.

e-shops

Plugin:

e-shops

Plugin Slug:
e-shops-cart2

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51648


The vulnerability has not been patched. You should deactivate the plugin.

eewee admin custom

Plugin:

eewee admin custom

Plugin Slug:
eewee-admincustom

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51780


The vulnerability has not been patched. You should deactivate the plugin.

Elementary Addons

Plugin:

Elementary Addons

Plugin Slug:
elementary-addons

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51586


The vulnerability has not been patched. You should deactivate the plugin.

Emoji Shortcode

Plugin:

Emoji Shortcode

Plugin Slug:
emoji-shortcode

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51609


The vulnerability has not been patched. You should deactivate the plugin.

Enable Shortcodes inside Widgets,Comments and Experts

Plugin:

Enable Shortcodes inside Widgets,Comments and Experts

Plugin Slug:
enable-shortcodes-inside-widgetscomments-and-experts

Vulnerability:
Arbitrary Code Execution

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-9846


The vulnerability has not been patched. You should deactivate the plugin.

EndomondoWP

Plugin:

EndomondoWP

Plugin Slug:
endomondowp

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-50551


The vulnerability has not been patched. You should deactivate the plugin.

Events Manager Pro � extended

Plugin:

Events Manager Pro � extended

Plugin Slug:
events-manager-pro-extended

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-50532


The vulnerability has not been patched. You should deactivate the plugin.

Extender All In One For Elementor

Plugin:

Extender All In One For Elementor

Plugin Slug:
extender-all-in-one-for-elementor

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51575


The vulnerability has not been patched. You should deactivate the plugin.

EzyOnlineBookings Online Booking System Widget

Plugin:

EzyOnlineBookings Online Booking System Widget

Plugin Slug:
ezyonlinebookings-online-booking-system

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51628


The vulnerability has not been patched. You should deactivate the plugin.

Fabrica Synced Pattern Instances

Plugin:

Fabrica Synced Pattern Instances

Plugin Slug:
fabrica-reusable-block-instances

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51695


The vulnerability has not been patched. You should deactivate the plugin.

Featured Posts Scroll

Plugin:

Featured Posts Scroll

Plugin Slug:
featured-posts-scroll

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
Medium


The vulnerability has not been patched. You should deactivate the plugin.

Firework Shoppable Live Video

Plugin:

Firework Shoppable Live Video

Plugin Slug:
firework-videos

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51781


The vulnerability has not been patched. You should deactivate the plugin.

Flash Show And Hide Box

Plugin:

Flash Show And Hide Box

Plugin Slug:
flash-show-and-hide-box

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51656


The vulnerability has not been patched. You should deactivate the plugin.

Forms: 3rd-Party Post Again

Plugin:

Forms: 3rd-Party Post Again

Plugin Slug:
forms-3rdparty-post-again

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51783


The vulnerability has not been patched. You should deactivate the plugin.

FriendStore for WooCommerce

Plugin:

FriendStore for WooCommerce

Plugin Slug:
friendstore-for-woocommerce

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51784


The vulnerability has not been patched. You should deactivate the plugin.

GDReseller

Plugin:

GDReseller

Plugin Slug:
gdreseller

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-50536


The vulnerability has not been patched. You should deactivate the plugin.

Genoo

Plugin:

Genoo

Plugin Slug:
genoo

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51605


The vulnerability has not been patched. You should deactivate the plugin.

Geotagged Media

Plugin:

Geotagged Media

Plugin Slug:
geotagged-media

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51694


The vulnerability has not been patched. You should deactivate the plugin.

Get Quote For Woocommerce

Plugin:

Get Quote For Woocommerce

Plugin Slug:
get-a-quote-for-woocommerce

Vulnerability:
Broken Access Control

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-9430


The vulnerability has not been patched. You should deactivate the plugin.

Gmap Point List

Plugin:

Gmap Point List

Plugin Slug:
gmap-point-list

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51594


The vulnerability has not been patched. You should deactivate the plugin.

GMO Social Connection

Plugin:

GMO Social Connection

Plugin Slug:
gmo-social-connection

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51636


The vulnerability has not been patched. You should deactivate the plugin.

Golf Tracker

Plugin:

Golf Tracker

Plugin Slug:
golf-tracker

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51607


The vulnerability has not been patched. You should deactivate the plugin.

Satisfaction Reports from Help Scout

Plugin:

Satisfaction Reports from Help Scout

Plugin Slug:
happiness-reports-for-help-scout

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51778


The vulnerability has not been patched. You should deactivate the plugin.

Header Footer Composer for Elementor

Plugin:

Header Footer Composer for Elementor

Plugin Slug:
header-footer-composer

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51629


The vulnerability has not been patched. You should deactivate the plugin.

Plug your WooCommerce into the largest catalog of customized print products from Helloprint

Plugin:

Plug your WooCommerce into the largest catalog of customized print products from Helloprint

Plugin Slug:
helloprint

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-50525


The vulnerability has not been patched. You should deactivate the plugin.

Hoo Addons for Elementor

Plugin:

Hoo Addons for Elementor

Plugin Slug:
hoo-addons-for-elementor

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51590


The vulnerability has not been patched. You should deactivate the plugin.

Hover Video Preview

Plugin:

Hover Video Preview

Plugin Slug:
hover-video-preview

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-50552


The vulnerability has not been patched. You should deactivate the plugin.

HQ60 Fidelity Card

Plugin:

HQ60 Fidelity Card

Plugin Slug:
hq60-fidelity-card

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51713


The vulnerability has not been patched. You should deactivate the plugin.

ID-SK Toolkit

Plugin:

ID-SK Toolkit

Plugin Slug:
idsk-toolkit

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-50517


The vulnerability has not been patched. You should deactivate the plugin.

Jigoshop � Store Exporter

Plugin:

Jigoshop � Store Exporter

Plugin Slug:
jigoshop-exporter

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-50519


The vulnerability has not been patched. You should deactivate the plugin.

Jigoshop � Store Toolkit

Plugin:

Jigoshop � Store Toolkit

Plugin Slug:
jigoshop-store-toolkit

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51712


The vulnerability has not been patched. You should deactivate the plugin.

Kento Ads Rotator

Plugin:

Kento Ads Rotator

Plugin Slug:
kento-ads-rotator

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51583


The vulnerability has not been patched. You should deactivate the plugin.

LH QR Codes

Plugin:

LH QR Codes

Plugin Slug:
lh-qr-codes

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51572


The vulnerability has not been patched. You should deactivate the plugin.

Lodgix.com Vacation Rental Website Builder

Plugin:

Lodgix.com Vacation Rental Website Builder

Plugin Slug:
lodgixcom-vacation-rental-listing-management-booking-plugin

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-50539


The vulnerability has not been patched. You should deactivate the plugin.

Loginplus

Plugin:

Loginplus

Plugin Slug:
loginplus

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51782


The vulnerability has not been patched. You should deactivate the plugin.

Market 360 Viewer

Plugin:

Market 360 Viewer

Plugin Slug:
market-360-viewer

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51619


The vulnerability has not been patched. You should deactivate the plugin.

Marketing Automation by AZEXO

Plugin:

Marketing Automation by AZEXO

Plugin Slug:
marketing-automation-by-azexo

Vulnerability:
Privilege Escalation

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-50506


The vulnerability has not been patched. You should deactivate the plugin.

Marquee Elementor with Posts

Plugin:

Marquee Elementor with Posts

Plugin Slug:
marquee-elementor

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51584


The vulnerability has not been patched. You should deactivate the plugin.

Master Bar

Plugin:

Master Bar

Plugin Slug:
master-bar

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51698


The vulnerability has not been patched. You should deactivate the plugin.

MasterBip para Elementor

Plugin:

MasterBip para Elementor

Plugin Slug:
masterbip-for-elementor

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51571


The vulnerability has not been patched. You should deactivate the plugin.

MDR Webmaster Tools

Plugin:

MDR Webmaster Tools

Plugin Slug:
mdr-webmaster-tools

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51640


The vulnerability has not been patched. You should deactivate the plugin.

Media Modal

Plugin:

Media Modal

Plugin Slug:
media-modal

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51604


The vulnerability has not been patched. You should deactivate the plugin.

Meta Store Elements

Plugin:

Meta Store Elements

Plugin Slug:
meta-store-elements

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51592


The vulnerability has not been patched. You should deactivate the plugin.

MG Post Contributors

Plugin:

MG Post Contributors

Plugin Slug:
mg-post-contributors

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51701


The vulnerability has not been patched. You should deactivate the plugin.

ML Responsive Audio player with playlist Shortcode

Plugin:

ML Responsive Audio player with playlist Shortcode

Plugin Slug:
mlr-audio

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51573


The vulnerability has not been patched. You should deactivate the plugin.

Mobilize

Plugin:

Mobilize

Plugin Slug:
mobilize

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51649


The vulnerability has not been patched. You should deactivate the plugin.

Multi Purpose Mail Form

Plugin:

Multi Purpose Mail Form

Plugin Slug:
multi-purpose-mail-form

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-50526


The vulnerability has not been patched. You should deactivate the plugin.

MyOrderDesk

Plugin:

MyOrderDesk

Plugin Slug:
myorderdesk

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-50546


The vulnerability has not been patched. You should deactivate the plugin.

Narnoo Commerce Manager

Plugin:

Narnoo Commerce Manager

Plugin Slug:
narnoo-commerce-manager

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51708


The vulnerability has not been patched. You should deactivate the plugin.

Naver Blog

Plugin:

Naver Blog

Plugin Slug:
naver-blog-api

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51639


The vulnerability has not been patched. You should deactivate the plugin.

NMR Strava activities

Plugin:

NMR Strava activities

Plugin Slug:
nmr-strava-activities

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51603


The vulnerability has not been patched. You should deactivate the plugin.

Porsline

Plugin:

Porsline

Plugin Slug:
porsline

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51620


The vulnerability has not been patched. You should deactivate the plugin.

Website price calculator

Plugin:

Website price calculator

Plugin Slug:
price-calculator-to-your-website

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51601


The vulnerability has not been patched. You should deactivate the plugin.

Pricer Ninja

Plugin:

Pricer Ninja

Plugin Slug:
pricer-ninja-pricing-tables

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-50518


The vulnerability has not been patched. You should deactivate the plugin.

PropertyShift

Plugin:

PropertyShift

Plugin Slug:
propertyshift

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51762


The vulnerability has not been patched. You should deactivate the plugin.

Quran Shortcode

Plugin:

Quran Shortcode

Plugin Slug:
quran-shortcode

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51625


The vulnerability has not been patched. You should deactivate the plugin.

Random Featured Post

Plugin:

Random Featured Post

Plugin Slug:
random-featured-post-plugin

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51650


The vulnerability has not been patched. You should deactivate the plugin.

Reftagger Shortcode

Plugin:

Reftagger Shortcode

Plugin Slug:
reftagger-shortcode

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51612


The vulnerability has not been patched. You should deactivate the plugin.

Responsive Data Table

Plugin:

Responsive Data Table

Plugin Slug:
responsive-data-table

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51710


The vulnerability has not been patched. You should deactivate the plugin.

Responsive Flickr Gallery

Plugin:

Responsive Flickr Gallery

Plugin Slug:
responsive-flickr-gallery

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51630


The vulnerability has not been patched. You should deactivate the plugin.

RSVP ME

Plugin:

RSVP ME

Plugin Slug:
rsvp-me

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-50544


The vulnerability has not been patched. You should deactivate the plugin.

Sales Page Addon � Elementor & Beaver Builder

Plugin:

Sales Page Addon � Elementor & Beaver Builder

Plugin Slug:
sales-page-addon

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51585


The vulnerability has not been patched. You should deactivate the plugin.

Saragna

Plugin:

Saragna

Plugin Slug:
saragna-social-stream

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51711


The vulnerability has not been patched. You should deactivate the plugin.

Search order by product SKU for WooCommerce

Plugin:

Search order by product SKU for WooCommerce

Plugin Slug:
search-order-by-product-sku-for-woocommerce

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51693


The vulnerability has not been patched. You should deactivate the plugin.

Selar.co Widget

Plugin:

Selar.co Widget

Plugin Slug:
selar-co-widget

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51598


The vulnerability has not been patched. You should deactivate the plugin.

Seo Free

Plugin:

Seo Free

Plugin Slug:
seo-free

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51642


The vulnerability has not been patched. You should deactivate the plugin.

SH Slideshow

Plugin:

SH Slideshow

Plugin Slug:
sh-slideshow

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51632


The vulnerability has not been patched. You should deactivate the plugin.

Show Visitor IP Address

Plugin:

Show Visitor IP Address

Plugin Slug:
show-visitor-ip-address

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-50538


The vulnerability has not been patched. You should deactivate the plugin.

Sided

Plugin:

Sided

Plugin Slug:
sided

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-50554


The vulnerability has not been patched. You should deactivate the plugin.

Simple Business Manager

Plugin:

Simple Business Manager

Plugin Slug:
simple-business-manager

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51599


The vulnerability has not been patched. You should deactivate the plugin.

Easy Gallery

Plugin:

Easy Gallery

Plugin Slug:
simple-gallery-odihost

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51570


The vulnerability has not been patched. You should deactivate the plugin.

Simple Goods

Plugin:

Simple Goods

Plugin Slug:
simple-goods

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51574


The vulnerability has not been patched. You should deactivate the plugin.

Simple Job Manager

Plugin:

Simple Job Manager

Plugin Slug:
simple-job-manager

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51602


The vulnerability has not been patched. You should deactivate the plugin.

Simple Modal

Plugin:

Simple Modal

Plugin Slug:
simplemodal

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51718


The vulnerability has not been patched. You should deactivate the plugin.

Simplistic SEO

Plugin:

Simplistic SEO

Plugin Slug:
simplistic-seo

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51719


The vulnerability has not been patched. You should deactivate the plugin.

SIP Reviews Shortcode for WooCommerce

Plugin:

SIP Reviews Shortcode for WooCommerce

Plugin Slug:
sip-reviews-shortcode-woocommerce

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-6480


The vulnerability has not been patched. You should deactivate the plugin.

SIP Reviews Shortcode for WooCommerce

Plugin:

SIP Reviews Shortcode for WooCommerce

Plugin Slug:
sip-reviews-shortcode-woocommerce

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-6479


The vulnerability has not been patched. You should deactivate the plugin.

Skip To

Plugin:

Skip To

Plugin Slug:
skip-to

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51652


The vulnerability has not been patched. You should deactivate the plugin.

SKSDEV Toolkit

Plugin:

SKSDEV Toolkit

Plugin Slug:
sksdev-toolkit

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51595


The vulnerability has not been patched. You should deactivate the plugin.

Slicko

Plugin:

Slicko

Plugin Slug:
slicko-for-elementor

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51591


The vulnerability has not been patched. You should deactivate the plugin.

Smart Mockups

Plugin:

Smart Mockups

Plugin Slug:
smart-mockups

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-50537


The vulnerability has not been patched. You should deactivate the plugin.

Stacks Mobile App Builder

Plugin:

Stacks Mobile App Builder

Plugin Slug:
stacks-mobile-app-builder

Vulnerability:
Sensitive Data Exposure

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-50528


The vulnerability has not been patched. You should deactivate the plugin.

Stacks Mobile App Builder

Plugin:

Stacks Mobile App Builder

Plugin Slug:
stacks-mobile-app-builder

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-50527


The vulnerability has not been patched. You should deactivate the plugin.

Stars SMTP Mailer

Plugin:

Stars SMTP Mailer

Plugin Slug:
stars-smtp-mailer

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-50530


The vulnerability has not been patched. You should deactivate the plugin.

Step by Step

Plugin:

Step by Step

Plugin Slug:
step-by-step

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-50535


The vulnerability has not been patched. You should deactivate the plugin.

Sticky Social Bar

Plugin:

Sticky Social Bar

Plugin Slug:
sticky-social-bar

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51631


The vulnerability has not been patched. You should deactivate the plugin.

Super Addons for Elementor

Plugin:

Super Addons for Elementor

Plugin Slug:
super-addons-for-elementor

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51588


The vulnerability has not been patched. You should deactivate the plugin.

SVT Simple

Plugin:

SVT Simple

Plugin Slug:
svt-simple

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51759


The vulnerability has not been patched. You should deactivate the plugin.

T(-) Countdown

Plugin:

T(-) Countdown

Plugin Slug:
t-countdown

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-9884


The vulnerability has not been patched. You should deactivate the plugin.

Team Showcase and Slider � Team Members Builder

Plugin:

Team Showcase and Slider � Team Members Builder

Plugin Slug:
team-showcase-ultimate

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51763


The vulnerability has not been patched. You should deactivate the plugin.

TeleAdmin

Plugin:

TeleAdmin

Plugin Slug:
teleadmin

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51709


The vulnerability has not been patched. You should deactivate the plugin.

Themedy Toolbox

Plugin:

Themedy Toolbox

Plugin Slug:
themedy-toolbox

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-50547


The vulnerability has not been patched. You should deactivate the plugin.

ThemeFuse Maintenance Mode

Plugin:

ThemeFuse Maintenance Mode

Plugin Slug:
themefuse-maintenance-mode

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51645


The vulnerability has not been patched. You should deactivate the plugin.

ThemeShark Templates & Widgets for Elementor

Plugin:

ThemeShark Templates & Widgets for Elementor

Plugin Slug:
themeshark-elementor

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51597


The vulnerability has not been patched. You should deactivate the plugin.

TradeMe widgets

Plugin:

TradeMe widgets

Plugin Slug:
trademe-widget

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51613


The vulnerability has not been patched. You should deactivate the plugin.

SrcSet Responsive Images for WordPress

Plugin:

SrcSet Responsive Images for WordPress

Plugin Slug:
truenorth-srcset

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51702


The vulnerability has not been patched. You should deactivate the plugin.

Twitter @Anywhere Plus

Plugin:

Twitter @Anywhere Plus

Plugin Slug:
twitter-anywhere-plus

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51659


The vulnerability has not been patched. You should deactivate the plugin.

Twitter real time search scrolling

Plugin:

Twitter real time search scrolling

Plugin Slug:
twitter-real-time-search-scrolling

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51716


The vulnerability has not been patched. You should deactivate the plugin.

???? ????? UAH

Plugin:

???? ????? UAH

Plugin Slug:
ukrainian-currency

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51593


The vulnerability has not been patched. You should deactivate the plugin.

TinyMCE

Plugin:

TinyMCE

Plugin Slug:
ultimate-tinymce

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-8627


The vulnerability has not been patched. You should deactivate the plugin.

UPDATE NOTIFICATIONS

Plugin:

UPDATE NOTIFICATIONS

Plugin Slug:
update-notifications

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51653


The vulnerability has not been patched. You should deactivate the plugin.

User Password Reset

Plugin:

User Password Reset

Plugin Slug:
user-password-reset

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51714


The vulnerability has not been patched. You should deactivate the plugin.

UW Freelancer

Plugin:

UW Freelancer

Plugin Slug:
uw-freelancer

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51706


The vulnerability has not been patched. You should deactivate the plugin.

Webriti Custom Login

Plugin:

Webriti Custom Login

Plugin Slug:
webriti-custom-login-page

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51634


The vulnerability has not been patched. You should deactivate the plugin.

WeChat Subscribers Lite

Plugin:

WeChat Subscribers Lite

Plugin Slug:
wechat-subscribers-lite

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-50522


The vulnerability has not been patched. You should deactivate the plugin.

While Loading

Plugin:

While Loading

Plugin Slug:
while-it-is-loading

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51635


The vulnerability has not been patched. You should deactivate the plugin.

Widget or Sidebar Shortcode

Plugin:

Widget or Sidebar Shortcode

Plugin Slug:
widget-or-sidebar-per-shortcode

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-9885


The vulnerability has not been patched. You should deactivate the plugin.

WM Zoom

Plugin:

WM Zoom

Plugin Slug:
wm-zoom

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-50556


The vulnerability has not been patched. You should deactivate the plugin.

Woo Manage Fraud Orders

Plugin:

Woo Manage Fraud Orders

Plugin Slug:
woo-manage-fraud-orders

Vulnerability:
Sensitive Data Exposure

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-10544


The vulnerability has not been patched. You should deactivate the plugin.

Woocommerce Product Design

Plugin:

Woocommerce Product Design

Plugin Slug:
woo-product-design

Vulnerability:
Arbitrary File Deletion

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-50509


The vulnerability has not been patched. You should deactivate the plugin.

Woocommerce Product Design

Plugin:

Woocommerce Product Design

Plugin Slug:
woo-product-design

Vulnerability:
Arbitrary File Download

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-50508


The vulnerability has not been patched. You should deactivate the plugin.

Woocommerce Quote Calculator

Plugin:

Woocommerce Quote Calculator

Plugin Slug:
woo-quote-calculator-order

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51626


The vulnerability has not been patched. You should deactivate the plugin.

World Prayer Time

Plugin:

World Prayer Time

Plugin Slug:
world-prayer-time

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-50534


The vulnerability has not been patched. You should deactivate the plugin.

WP Baidu Map

Plugin:

WP Baidu Map

Plugin Slug:
wp-baidu-map

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-9886


The vulnerability has not been patched. You should deactivate the plugin.

WP-Basics

Plugin:

WP-Basics

Plugin Slug:
wp-basics

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51703


The vulnerability has not been patched. You should deactivate the plugin.

WP Course Manager

Plugin:

WP Course Manager

Plugin Slug:
wp-course-manager

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51658


The vulnerability has not been patched. You should deactivate the plugin.

WP donimedia carousel

Plugin:

WP donimedia carousel

Plugin Slug:
wp-donimedia-carousel

Vulnerability:
Arbitrary File Upload

Patched in Version:
No Fix

Severity Score:
Critical

CVE:

2024-50511


The vulnerability has not been patched. You should deactivate the plugin.

Download-Mirror-Counter

Plugin:

Download-Mirror-Counter

Plugin Slug:
wp-download-mirror-counter

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51621


The vulnerability has not been patched. You should deactivate the plugin.

WP EASY RECIPE

Plugin:

WP EASY RECIPE

Plugin Slug:
wp-easy-recipe

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51622


The vulnerability has not been patched. You should deactivate the plugin.

WP EIS

Plugin:

WP EIS

Plugin Slug:
wp-eis

Vulnerability:
SQL Injection

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51623


The vulnerability has not been patched. You should deactivate the plugin.

WP Feature Box

Plugin:

WP Feature Box

Plugin Slug:
wp-feature-box

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-51611


The vulnerability has not been patched. You should deactivate the plugin.

imPress

Plugin:

imPress

Plugin Slug:
wp-js-impress

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51704


The vulnerability has not been patched. You should deactivate the plugin.

WP MMenu Lite

Plugin:

WP MMenu Lite

Plugin Slug:
wp-mmenu-lite

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51705


The vulnerability has not been patched. You should deactivate the plugin.

WP Simple Anchors Links

Plugin:

WP Simple Anchors Links

Plugin Slug:
wp-simple-anchors-links

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
Medium

CVE:

2024-9446


The vulnerability has not been patched. You should deactivate the plugin.

Wp Slide Categorywise

Plugin:

Wp Slide Categorywise

Plugin Slug:
wp-slide-categorywise

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51690


The vulnerability has not been patched. You should deactivate the plugin.

WP Visual Adverts

Plugin:

WP Visual Adverts

Plugin Slug:
wp-visual-adverts

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51707


The vulnerability has not been patched. You should deactivate the plugin.

WPGlobus Translate Options

Plugin:

WPGlobus Translate Options

Plugin Slug:
wpglobus-translate-options

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-9434


The vulnerability has not been patched. You should deactivate the plugin.

WPHelpful

Plugin:

WPHelpful

Plugin Slug:
wphelpful

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51761


The vulnerability has not been patched. You should deactivate the plugin.

Admin Amplify

Plugin:

Admin Amplify

Plugin Slug:
wpr-admin-amplify

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
No Fix

Severity Score:
High

CVE:

2024-51691


The vulnerability has not been patched. You should deactivate the plugin.

LiteSpeed Cache

Plugin:

LiteSpeed Cache

Plugin Slug:
litespeed-cache

Installations
6,000,000+

Vulnerability:
Privilege Escalation

Patched in Version:
6.5.2

Severity Score:
High

CVE:

2024-50550


The vulnerability has been patched, so you should update to version 6.5.2.

All-in-One WP Migration and Backup

Plugin:

All-in-One WP Migration and Backup

Plugin Slug:
all-in-one-wp-migration

Installations
5,000,000+

Vulnerability:
PHP Object Injection

Patched in Version:
7.87

Severity Score:
High

CVE:

2024-9162


The vulnerability has been patched, so you should update to version 7.87.

Loginizer

Plugin:

Loginizer

Plugin Slug:
loginizer

Installations
1,000,000+

Vulnerability:
Broken Authentication

Patched in Version:
1.9.3

Severity Score:
High

CVE:

2024-10097


The vulnerability has been patched, so you should update to version 1.9.3.

Premium Addons for Elementor

Plugin:

Premium Addons for Elementor

Plugin Slug:
premium-addons-for-elementor

Installations
700,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.10.61

Severity Score:
Medium

CVE:

2024-10266


The vulnerability has been patched, so you should update to version 4.10.61.

Beaver Builder � WordPress Page Builder

Plugin:

Beaver Builder � WordPress Page Builder

Plugin Slug:
beaver-builder-lite-version

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.8.4.3

Severity Score:
Medium

CVE:

2024-9505


The vulnerability has been patched, so you should update to version 2.8.4.3.

Download Manager

Plugin:

Download Manager

Plugin Slug:
download-manager

Installations
100,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.3.00

Severity Score:
Medium

CVE:

2024-8444


The vulnerability has been patched, so you should update to version 3.3.00.

FileOrganizer � Manage WordPress and Website Files

Plugin:

FileOrganizer � Manage WordPress and Website Files

Plugin Slug:
fileorganizer

Installations
100,000+

Vulnerability:
Arbitrary File Upload

Patched in Version:
1.1.0

Severity Score:
High

CVE:

2024-7985


The vulnerability has been patched, so you should update to version 1.1.0.

Download Monitor

Plugin:

Download Monitor

Plugin Slug:
download-monitor

Installations
90,000+

Vulnerability:
Broken Access Control

Patched in Version:
5.0.14

Severity Score:
Medium

CVE:

2024-10399


The vulnerability has been patched, so you should update to version 5.0.14.

Media Library Assistant

Plugin:

Media Library Assistant

Plugin Slug:
media-library-assistant

Installations
70,000+

Vulnerability:
Remote Code Execution (RCE)

Patched in Version:
3.20

Severity Score:
Critical

CVE:

2024-51661


The vulnerability has been patched, so you should update to version 3.20.

Exclusive Addons for Elementor

Plugin:

Exclusive Addons for Elementor

Plugin Slug:
exclusive-addons-for-elementor

Installations
60,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
2.7.5

Severity Score:
Medium

CVE:

2024-10312


The vulnerability has been patched, so you should update to version 2.7.5.

Seriously Simple Podcasting

Plugin:

Seriously Simple Podcasting

Plugin Slug:
seriously-simple-podcasting

Installations
30,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.6.0

Severity Score:
High

CVE:

2024-9667


The vulnerability has been patched, so you should update to version 3.6.0.

Subscribe to Comments

Plugin:

Subscribe to Comments

Plugin Slug:
subscribe-to-comments

Installations
30,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.3.1

Severity Score:
High

CVE:

2024-8792


The vulnerability has been patched, so you should update to version 2.3.1.

Dynamic Widgets

Plugin:

Dynamic Widgets

Plugin Slug:
dynamic-widgets

Installations
20,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.6.5

Severity Score:
Medium

CVE:

2024-51669


The vulnerability has been patched, so you should update to version 1.6.5.

Wp Social Login and Register Social Counter

Plugin:

Wp Social Login and Register Social Counter

Plugin Slug:
wp-social

Installations
20,000+

Vulnerability:
Broken Authentication

Patched in Version:
3.0.8

Severity Score:
Critical

CVE:

2024-9501


The vulnerability has been patched, so you should update to version 3.0.8.

140+ Widgets | Xpro Addons For Elementor � FREE

Plugin:

140+ Widgets | Xpro Addons For Elementor � FREE

Plugin Slug:
xpro-elementor-addons

Installations
20,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
1.4.6.1

Severity Score:
Medium

CVE:

2024-10319


The vulnerability has been patched, so you should update to version 1.4.6.1.

Contact Form 7 + Telegram

Plugin:

Contact Form 7 + Telegram

Plugin Slug:
cf7-telegram

Installations
10,000+

Vulnerability:
Broken Access Control

Patched in Version:
0.8.6

Severity Score:
Medium

CVE:

2024-9629


The vulnerability has been patched, so you should update to version 0.8.6.

Pricing Tables WordPress Plugin � Easy Pricing Tables

Plugin:

Pricing Tables WordPress Plugin � Easy Pricing Tables

Plugin Slug:
easy-pricing-tables

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.2.6

Severity Score:
High

CVE:

2024-8871


The vulnerability has been patched, so you should update to version 3.2.6.

AI Power: Complete AI Pack

Plugin:

AI Power: Complete AI Pack

Plugin Slug:
gpt3-ai-content-generator

Installations
10,000+

Vulnerability:
Arbitrary File Upload

Patched in Version:
1.8.90

Severity Score:
Critical

CVE:

2024-10392


The vulnerability has been patched, so you should update to version 1.8.90.

ReCaptcha Integration for WordPress

Plugin:

ReCaptcha Integration for WordPress

Plugin Slug:
wp-recaptcha-integration

Installations
10,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.2.6

Severity Score:
High

CVE:

2024-8739


The vulnerability has been patched, so you should update to version 1.2.6.

Bricksable for Bricks Builder

Plugin:

Bricksable for Bricks Builder

Plugin Slug:
bricksable

Installations
7,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.6.60

Severity Score:
Medium

CVE:

2024-51663


The vulnerability has been patched, so you should update to version 1.6.60.

Ultimate Bootstrap Elements for Elementor

Plugin:

Ultimate Bootstrap Elements for Elementor

Plugin Slug:
ultimate-bootstrap-elements-for-elementor

Installations
7,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
1.4.7

Severity Score:
Medium

CVE:

2024-10329


The vulnerability has been patched, so you should update to version 1.4.7.

XT Floating Cart for WooCommerce

Plugin:

XT Floating Cart for WooCommerce

Plugin Slug:
woo-floating-cart-lite

Installations
6,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.8.3

Severity Score:
Medium

CVE:

2024-9178


The vulnerability has been patched, so you should update to version 2.8.3.

WPAdverts � Classifieds Plugin

Plugin:

WPAdverts � Classifieds Plugin

Plugin Slug:
wpadverts

Installations
6,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.1.7

Severity Score:
High

CVE:

2024-10108


The vulnerability has been patched, so you should update to version 2.1.7.

Arconix Shortcodes

Plugin:

Arconix Shortcodes

Plugin Slug:
arconix-shortcodes

Installations
5,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.1.14

Severity Score:
Medium

CVE:

2024-10226


The vulnerability has been patched, so you should update to version 2.1.14.

ElementsReady Addons for Elementor

Plugin:

ElementsReady Addons for Elementor

Plugin Slug:
element-ready-lite

Installations
5,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
6.4.4

Severity Score:
Medium

CVE:

2024-51787


The vulnerability has been patched, so you should update to version 6.4.4.

SMS Alert Order Notifications � WooCommerce

Plugin:

SMS Alert Order Notifications � WooCommerce

Plugin Slug:
sms-alert

Installations
5,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.7.6

Severity Score:
Medium

CVE:

2024-10233


The vulnerability has been patched, so you should update to version 3.7.6.

Easy Accordion Gutenberg Block

Plugin:

Easy Accordion Gutenberg Block

Plugin Slug:
easy-accordion-block

Installations
4,000+

Vulnerability:
Broken Access Control

Patched in Version:
1.2.5

Severity Score:
Medium

CVE:

2024-51660


The vulnerability has been patched, so you should update to version 1.2.5.

Move Addons for Elementor

Plugin:

Move Addons for Elementor

Plugin Slug:
move-addons

Installations
3,000+

Vulnerability:
Sensitive Data Exposure

Patched in Version:
1.3.6

Severity Score:
Medium

CVE:

2024-10360


The vulnerability has been patched, so you should update to version 1.3.6.

Multiple Page Generator Plugin � MPG

Plugin:

Multiple Page Generator Plugin � MPG

Plugin Slug:
multiple-pages-generator-by-porthas

Installations
3,000+

Vulnerability:
Broken Access Control

Patched in Version:
4.0.2

Severity Score:
Medium

CVE:

2024-7424


The vulnerability has been patched, so you should update to version 4.0.2.

Newsletters

Plugin:

Newsletters

Plugin Slug:
newsletters-lite

Installations
3,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
4.9.9.5

Severity Score:
Medium

CVE:

2024-10181


The vulnerability has been patched, so you should update to version 4.9.9.5.

Paytium: Mollie payment forms & donations

Plugin:

Paytium: Mollie payment forms & donations

Plugin Slug:
paytium

Installations
3,000+

Vulnerability:
Broken Access Control

Patched in Version:
4.4.11

Severity Score:
Medium

CVE:

2024-51667


The vulnerability has been patched, so you should update to version 4.4.11.

Tickera � WordPress Event Ticketing

Plugin:

Tickera � WordPress Event Ticketing

Plugin Slug:
tickera-event-ticketing-system

Installations
3,000+

Vulnerability:
Broken Access Control

Patched in Version:
3.5.4.6

Severity Score:
Medium

CVE:

2024-10263


The vulnerability has been patched, so you should update to version 3.5.4.6.

affiliate-toolkit

Plugin:

affiliate-toolkit

Plugin Slug:
affiliate-toolkit-starter

Installations
2,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.6.6

Severity Score:
Medium

CVE:

2024-10227


The vulnerability has been patched, so you should update to version 3.6.6.

Beds24 Online Booking

Plugin:

Beds24 Online Booking

Plugin Slug:
beds24-online-booking

Installations
2,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.0.26

Severity Score:
Medium

CVE:

2024-51664


The vulnerability has been patched, so you should update to version 2.0.26.

Responsive Filterable Portfolio

Plugin:

Responsive Filterable Portfolio

Plugin Slug:
responsive-filterable-portfolio

Installations
2,000+

Vulnerability:
Server Side Request Forgery (SSRF)

Patched in Version:
1.0.23

Severity Score:
Medium

CVE:

2024-51785


The vulnerability has been patched, so you should update to version 1.0.23.

Restaurant & Cafe Addon for Elementor

Plugin:

Restaurant & Cafe Addon for Elementor

Plugin Slug:
restaurant-cafe-addon-for-elementor

Installations
2,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.5.7

Severity Score:
Medium

CVE:

2024-51581


The vulnerability has been patched, so you should update to version 1.5.7.

Zotpress

Plugin:

Zotpress

Plugin Slug:
zotpress

Installations
2,000+

Vulnerability:
Broken Access Control

Patched in Version:
7.3.13

Severity Score:
Medium

CVE:

2024-7429


The vulnerability has been patched, so you should update to version 7.3.13.

aThemes Addons for Elementor

Plugin:

aThemes Addons for Elementor

Plugin Slug:
athemes-addons-for-elementor-lite

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.0.8

Severity Score:
Medium

CVE:

2024-51675


The vulnerability has been patched, so you should update to version 1.0.8.

Black Widgets For Elementor

Plugin:

Black Widgets For Elementor

Plugin Slug:
black-widgets

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.3.7

Severity Score:
Medium

CVE:

2024-51662


The vulnerability has been patched, so you should update to version 1.3.7.

Black Widgets For Elementor

Plugin:

Black Widgets For Elementor

Plugin Slug:
black-widgets

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.3.8

Severity Score:
Medium

CVE:

2024-9388


The vulnerability has been patched, so you should update to version 1.3.8.

WooCommerce Report

Plugin:

WooCommerce Report

Plugin Slug:
ithemelandco-woo-report

Installations
1,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.5.2

Severity Score:
High

CVE:

2024-10711


The vulnerability has been patched, so you should update to version 1.5.2.

Manage User Columns

Plugin:

Manage User Columns

Plugin Slug:
manage-user-columns

Installations
1,000+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.0.6

Severity Score:
Medium

CVE:

2024-51686


The vulnerability has been patched, so you should update to version 1.0.6.

MyCurator Content Curation

Plugin:

MyCurator Content Curation

Plugin Slug:
mycurator

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.79

Severity Score:
Medium

CVE:

2024-51668


The vulnerability has been patched, so you should update to version 3.79.

Post Status Notifier Lite

Plugin:

Post Status Notifier Lite

Plugin Slug:
post-status-notifier-lite

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.11.7

Severity Score:
High

CVE:

2024-10048


The vulnerability has been patched, so you should update to version 1.11.7.

Posti Shipping

Plugin:

Posti Shipping

Plugin Slug:
posti-shipping

Installations
1,000+

Vulnerability:
Full Path Disclosure (FPD)

Patched in Version:
3.10.3

Severity Score:
Medium

CVE:

2024-50512


The vulnerability has been patched, so you should update to version 3.10.3.

SEUR Oficial

Plugin:

SEUR Oficial

Plugin Slug:
seur

Installations
1,000+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.2.12

Severity Score:
High

CVE:

2024-9438


The vulnerability has been patched, so you should update to version 2.2.12.

W3SPEEDSTER

Plugin:

W3SPEEDSTER

Plugin Slug:
w3speedster-wp

Installations
1,000+

Vulnerability:
Remote Code Execution (RCE)

Patched in Version:
7.27

Severity Score:
Critical

CVE:

2024-8512


The vulnerability has been patched, so you should update to version 7.27.

WPC Smart Messages for WooCommerce

Plugin:

WPC Smart Messages for WooCommerce

Plugin Slug:
wpc-smart-messages

Installations
1,000+

Vulnerability:
Broken Access Control

Patched in Version:
4.2.2

Severity Score:
Medium

CVE:

2024-10437


The vulnerability has been patched, so you should update to version 4.2.2.

WPC Smart Messages for WooCommerce

Plugin:

WPC Smart Messages for WooCommerce

Plugin Slug:
wpc-smart-messages

Installations
1,000+

Vulnerability:
Local File Inclusion

Patched in Version:
4.2.2

Severity Score:
High

CVE:

2024-10436


The vulnerability has been patched, so you should update to version 4.2.2.

Group Chat & Video Chat by AtomChat

Plugin:

Group Chat & Video Chat by AtomChat

Plugin Slug:
atomchat

Installations
900+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.1.6

Severity Score:
Medium

CVE:

2024-10232


The vulnerability has been patched, so you should update to version 1.1.6.

StreamWeasels YouTube Integration

Plugin:

StreamWeasels YouTube Integration

Plugin Slug:
streamweasels-youtube-integration

Installations
900+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.3.3

Severity Score:
Medium

CVE:

2024-10185


The vulnerability has been patched, so you should update to version 1.3.3.

WP Team � WordPress Team Member Plugin

Plugin:

WP Team � WordPress Team Member Plugin

Plugin Slug:
ht-team-member

Installations
800+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.1.5

Severity Score:
Medium

CVE:

2024-10223


The vulnerability has been patched, so you should update to version 1.1.5.

Custom post type templates for Elementor

Plugin:

Custom post type templates for Elementor

Plugin Slug:
custom-post-type-templates-for-elementor

Installations
500+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.1.12

Severity Score:
Medium

CVE:

2024-51683


The vulnerability has been patched, so you should update to version 1.1.12.

Delisho � Recipe Widgets and Blocks

Plugin:

Delisho � Recipe Widgets and Blocks

Plugin Slug:
dr-widgets-blocks

Installations
300+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.0.7

Severity Score:
Medium

CVE:

2024-51676


The vulnerability has been patched, so you should update to version 1.0.7.

Shortcodes Blocks Creator Ultimate

Plugin:

Shortcodes Blocks Creator Ultimate

Plugin Slug:
ultimate-shortcodes-creator

Installations
300+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.2.0

Severity Score:
Medium

CVE:

2024-10340


The vulnerability has been patched, so you should update to version 2.2.0.

Appointmind

Plugin:

Appointmind

Plugin Slug:
appointmind

Installations
100+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
4.1.0

Severity Score:
High

CVE:

2024-51679


The vulnerability has been patched, so you should update to version 4.1.0.

Basticom Framework

Plugin:

Basticom Framework

Plugin Slug:
basticom-framework

Installations
100+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.5.1

Severity Score:
Medium

CVE:

2024-9443


The vulnerability has been patched, so you should update to version 1.5.1.

Knowledge Base

Plugin:

Knowledge Base

Plugin Slug:
knowledgebase

Installations
100+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
2.2.1

Severity Score:
Medium

CVE:

2024-51677


The vulnerability has been patched, so you should update to version 2.2.1.

RLM Elementor Widgets Pack

Plugin:

RLM Elementor Widgets Pack

Plugin Slug:
rlm-elementor-widgets-pack

Installations
100+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.4.0

Severity Score:
Medium

CVE:

2024-50542


The vulnerability has been patched, so you should update to version 1.4.0.

StreamWeasels Kick Integration

Plugin:

StreamWeasels Kick Integration

Plugin Slug:
streamweasels-kick-integration

Installations
100+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.1.2

Severity Score:
Medium

CVE:

2024-10184


The vulnerability has been patched, so you should update to version 1.1.2.

User Toolkit

Plugin:

User Toolkit

Plugin Slug:
user-toolkit

Installations
100+

Vulnerability:
Privilege Escalation

Patched in Version:
1.2.4

Severity Score:
Critical

CVE:

2024-50503


The vulnerability has been patched, so you should update to version 1.2.4.

WP Pocket URLs

Plugin:

WP Pocket URLs

Plugin Slug:
wp-pocket-urls

Installations
70+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.0.4

Severity Score:
Medium

CVE:

2024-51681


The vulnerability has been patched, so you should update to version 1.0.4.

Elo Rating Shortcode

Plugin:

Elo Rating Shortcode

Plugin Slug:
elo-rating-shortcode

Installations
60+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.0.4

Severity Score:
Medium

CVE:

2024-51678


The vulnerability has been patched, so you should update to version 1.0.4.

W3P SEO

Plugin:

W3P SEO

Plugin Slug:
wp-perfect-plugin

Installations
50+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.8.6

Severity Score:
High

CVE:

2024-51684


The vulnerability has been patched, so you should update to version 1.8.6.

SmartLink Dynamic URLs

Plugin:

SmartLink Dynamic URLs

Plugin Slug:
smartlink-dinamic-urls

Installations
40+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.1.1

Severity Score:
High

CVE:

2024-51657


The vulnerability has been patched, so you should update to version 1.1.1.

Platform.ly Official

Plugin:

Platform.ly Official

Plugin Slug:
platformly

Installations
30+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.14

Severity Score:
High

CVE:

2024-51687


The vulnerability has been patched, so you should update to version 1.14.

Realty by BestWebSoft

Plugin:

Realty by BestWebSoft

Plugin Slug:
realty

Installations
20+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.1.6

Severity Score:
Medium

CVE:

2024-51786


The vulnerability has been patched, so you should update to version 1.1.6.

Accordion title for Elementor

Plugin:

Accordion title for Elementor

Plugin Slug:
accordion-title-for-elementor

Installations
10+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.2.2

Severity Score:
Medium

CVE:

2024-51685


The vulnerability has been patched, so you should update to version 1.2.2.

Cresta Addons for Elementor

Plugin:

Cresta Addons for Elementor

Plugin Slug:
cresta-addons-for-elementor

Installations
10+

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.1.0

Severity Score:
Medium

CVE:

2024-51680


The vulnerability has been patched, so you should update to version 1.1.0.

FraudLabs Pro SMS Verification

Plugin:

FraudLabs Pro SMS Verification

Plugin Slug:
fraudlabs-pro-sms-verification

Installations
10+

Vulnerability:
Cross Site Request Forgery (CSRF)

Patched in Version:
1.10.2

Severity Score:
High

CVE:

2024-51688


The vulnerability has been patched, so you should update to version 1.10.2.

RSVPMaker for Toastmasters

Plugin:

RSVPMaker for Toastmasters

Plugin Slug:
rsvpmaker-for-toastmasters

Installations
10+

Vulnerability:
Arbitrary File Upload

Patched in Version:
6.2.5

Severity Score:
Critical

CVE:

2024-50531


The vulnerability has been patched, so you should update to version 6.2.5.

Audio Comparison Lite

Plugin:

Audio Comparison Lite

Plugin Slug:
audio-comparison-lite

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
3.5

Severity Score:
Medium

CVE:

2024-51627


The vulnerability has been patched, so you should update to version 3.5.

Loginizer Security

Plugin:

Loginizer Security

Plugin Slug:
loginizer-security

Vulnerability:
Broken Authentication

Patched in Version:
1.9.3

Severity Score:
High

CVE:

2024-10097


The vulnerability has been patched, so you should update to version 1.9.3.

Post Status Notifier Premium

Plugin:

Post Status Notifier Premium

Plugin Slug:
post-status-notifier

Vulnerability:
Cross Site Scripting (XSS)

Patched in Version:
1.11.7

Severity Score:
High

CVE:

2024-10048


The vulnerability has been patched, so you should update to version 1.11.7.

WooCommerce Social Login

Plugin:

WooCommerce Social Login

Plugin Slug:
woo-social-login

Vulnerability:
Broken Authentication

Patched in Version:
2.7.8

Severity Score:
High

CVE:

2024-10114


The vulnerability has been patched, so you should update to version 2.7.8.

WordPress Themes � 0 Patched / 0 Unpatched

Related articles

Uncategorized
WordPress Vulnerability Report – December 7, 2022 SolidWP Editorial Team
Uncategorized
The Real Cost of LMS: What You Should Know Angie Ricciardi
Uncategorized
What is a WordPress Pharma Hack? SolidWP Editorial Team
Uncategorized
WordPress Hosting for Nonprofits: What You Need To Know Camber Clemence
Uncategorized
WordPress Vulnerability Report � July 27, 2023 Dan Knauss
Uncategorized
12 Email Templates for Giving Tuesday to Boost Your Donations Taylor Waldon

Wait! Get exclusive hosting insights

Subscribe to our newsletter and stay ahead of the competition with expert advice from our hosting pros.

Loading form…